search

vmware-archive / powernsx

PowerShell module that abstracts the VMware NSX-v API to a set of easily used PowerShell functions
173 stars 90 forks source link

Publish Saved Configuration #653

Open ypeguero1 opened 3 years ago

ypeguero1 commented 3 years ago

Is there anyways for PowerNSX to "publish" a saved configuration? I've found several cmdlets like "Get-NsxFirewallSavedConfiguration" which are able to retried the list of 100 saved configuration, but I am looking to retried/publish a configuration.

Main goal is to be able to automate configuration publishing which can only take place at certain points in the day.

Thanks!

dcoghlan commented 3 years ago

Here is a snippet of code that I use to take the output of GET /api/4.0/firewall/globalroot-0/config, make the required changes, and then upload it as a saved configuration.


    write-log -level verbose -msg ("-" * 80)
    write-log -level host -ForegroundColor green -msg "$($MyInvocation.MyCommand)($($MyInvocation.ScriptLineNumber)) : Preparing DFW Saved Config in a DFW Draft format ready for upload"
    # Now we need to create a firewalldraft and upload it
    # Taken from New-NsxFirewallSavedCOnfiguration in PowerNSX

    # Create the XMLRoot
    [System.XML.XMLDocument]$xmlDoc = New-Object System.XML.XMLDocument
    [System.XML.XMLElement]$xmlRoot = $XMLDoc.CreateElement("firewallDraft")

    # Set the name attribute
    $xmlDoc.appendChild($xmlRoot) | Out-Null
    $xmlAttrName = $xmlDoc.createAttribute("name")
    $xmlAttrName.value = "Imported Firewall Configuration"
    $xmlRoot.Attributes.Append($xmlAttrName) | Out-Null

    Add-XmlElement -xmlRoot $xmlRoot -xmlElementName "preserve" -xmlElementText "True"
    Add-XmlElement -xmlRoot $xmlRoot -xmlElementName "mode" -xmlElementText "userdefined"
    Add-XmlElement -xmlRoot $xmlRoot -xmlElementName "description" -xmlElementText "Configuration from Firewall Importer"

    [System.XML.XMLElement]$xmlConfigNode = $xmlRoot.OwnerDocument.CreateElement("config")
    $xmlRoot.AppendChild($xmlConfigNode) | Out-Null

    foreach ($node in $dfwSavedConfig.firewallConfiguration.ChildNodes) {
        $xmlConfigBackup = $xmlroot.OwnerDocument.ImportNode($node, $true)
        $xmlConfigNode.AppendChild($xmlConfigBackup) | Out-Null
    }

    write-log -level host -ForegroundColor green -msg "$($MyInvocation.MyCommand)($($MyInvocation.ScriptLineNumber)) : Uploading DFW Saved Config as a DFW Draft"

    $body = $xmlroot.OuterXml
    $body | Format-XML | Out-File "dfwSavedConfig_upload.xml"
    Write-Progress -Activity "Creating firewall saved configuration."
    $uri = "/api/4.0/firewall/globalroot-0/drafts/action/import"
    try {
        Invoke-NsxWebRequest -method POST -URI $uri -body $body
    }
    catch {
        Write-Log -Level Error "An error occured uploading the DFW Saved Configuration. `n $_"
        write-log -level Host "An error occured uploading the DFW Saved Configuration. Please check the log file."
    }
ypeguero1 commented 3 years ago

@dcoghlan thanks for this, so you use this to create the DFW Saved Configuration, then how do you got about publishing your Saved Configuration, through the web interface? or do you then call PUT /api/4.0/firewall/globalroot-0/config