Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

R80 MDS IPS updates via API

Current environment:  R80 MDS with 4 CMAs.  IPS is managed globally for all 4 CMAs.

I have all the pieces for updating IPS in the global context, and installing policy for each of the CMAs, but I'm missing the piece for reassigning the global policy to each of the CMAs.  I can't find any of the API calls that would provide that function.  Does anyone have an idea on how to accomplish that?

Thanks!

Labels (2)
Tags (2)
0 Kudos
2 Replies
Highlighted
Highlighted

We had the same quest of automating IPS updates with R80.10.

So i wrote a small script to do the reassignment of the Global Domain to all Domains which can be run every night by cron. As a drawback the name of the Global Domain is hard coded in the script, which is fine for us.

Maybe you will find it useful:

#!/bin/sh
#######################################################################################
#
# Reassign the Global Domain to all Domains
#
#######################################################################################

# Name of the Global Domain
GPOL_NAME="Global"

# Temp file for the session-id
ID="/tmp/id-$$.txt"

#######################################################################################

# Login
mgmt_cli login -r true > ${ID}

# Get a list of all Domains
DOMAINS=`mgmt_cli show domains -s ${ID} --format json | jq -r '.objects[].name'`

# Iterate over all Domains
for DOM in ${DOMAINS}; do
    if [ -z "`mgmt_cli show domain name ${DOM} --format json -s ${ID} | jq -r '."global-domain-assignments"[]'`" ]; then
        echo "Domain \"${DOM}\" has no Global Domain assigned, skipping it."
    else
        # Reassign
        echo "Reassigning Global Domain \"${GPOL_NAME}\" to Domain \"${DOM}\"..."
        mgmt_cli assign-global-assignment global-domains ${GPOL_NAME} dependent-domains ${DOM} -s ${ID} --format json 2>/dev/null | jq -r '.tasks[].status'
    fi
done

# Logout and delete the session-id
mgmt_cli logout -s ${ID} >/dev/null
rm -f ${ID}