Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

Using mgmt_cli without automatic publish

Jump to solution

I noticed when using SmartConsole CLI, changes are not automatically published.  However, when using mgmt_cli, changes are automatically published.  Is there a flag that can be used when using mgmt_cli so you can still review the changes made allowing you to perform a manual publish?

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
Highlighted

All changes in the management-server's database follow this flow:

1) Login - Create a "session"

2) Perform changes

3) Publish - After this step:

  a) The next policy-install will include the changes in the session.

  b) All the changes in the session will become visible to all other admins.

  c) Objects that were changed in this session were locked for other admins. 'Publish' removes these locks.

4) Logout

Where steps #2 and #3 can occur multiple times in one session.

This flow is applicable to the REST APIs, SmartConsole CLI, mgmt_cli and Gaia's CLI as well.

When making a SmartConsole CLI, the login step already took place when you launched SmartConsole and passed the login dialog.

Changes that you perform using the CLI join the other changes that you perform using the GUI and they are all published together.

When you run a 'mgmt_cli' command and you don't provide any session information, the tool follows the steps above: it logs-in, makes the change, publish it and logs out.

For example, in:

mgmt_cli add host name myHost ip-address 192.168.0.1

There's nothing to associate this command with a previous login command (a session), without a session mgmt_cli cannot add the host to the database.

mgmt_cli creates a session for you by asking for credentials and logging-in. Then it adds the host, publish the changes and logs out.

When creating many commands this becomes inefficient.

A more effective way would be to login once, make many changes and publish all the changes just once.

when calling the "mgmt_cli login <optional params>" command, a typical output would look like this:

uid: "0d3cdfea-44a5-4ddc-979a-3c7aac97e5ef"

sid: "EUPuch5QkG7hPAeo1nFA8817MJ4xDpj9mm896jFzONU"

url: "https://127.0.0.1:443/web_api"

session-timeout: 600

last-login-was-at:

  posix: 1490026351887

  iso-8601: "2017-03-20T18:12+0200"

Note the session-id (sid) token in the response.

If I now run:

mgmt_cli add host name myHost2 ip-address 192.168.0.1 --session-id EUPuch5QkG7hPAeo1nFA8817MJ4xDpj9mm896jFzONU

The host will not be published automatically.

I can run other mgmt_cli commands, pass the session-id token to them and accumulate the changes in one session.

When I'm done, I need to call the 'publish' command. Like this:

mgmt_cli publish --session-id EUPuch5QkG7hPAeo1nFA8817MJ4xDpj9mm896jFzONU

mgmt_cli logout --session-id EUPuch5QkG7hPAeo1nFA8817MJ4xDpj9mm896jFzONU

Fortunaly, there's a way that can simplify this process and save you the trouble of having to parse the output of the login command.

The mgmt_cli tool can read the output of a login command and extract the "sid" field for you.

For example:

mgmt_cli login <optional parameters> > id.txt

mgmt_cli add host name myhost3 ip-address 192.168.0.3 -s id.txt

mgmt_cli add host name myhost4 ip-address 192.168.0.4 -s id.txt

mgmt_cli add host name myhost5 ip-address 192.168.0.5 -s id.txt

mgmt_cli add host name myhost6 ip-address 192.168.0.6 -s id.txt

mgmt_cli publish -s id.txt

mgmt_cli logout -s id.txt

In the above example, the output of the login command is redirected to a file (id.txt).

All other commands read this file and extracted the session-id token from it.

Note:

If you want to create thousands of objects, I recommend to perform a 'publish' command every 100 changes and not to accumulate too many changes and publish all of then at once.

View solution in original post

3 Replies
Highlighted

All changes in the management-server's database follow this flow:

1) Login - Create a "session"

2) Perform changes

3) Publish - After this step:

  a) The next policy-install will include the changes in the session.

  b) All the changes in the session will become visible to all other admins.

  c) Objects that were changed in this session were locked for other admins. 'Publish' removes these locks.

4) Logout

Where steps #2 and #3 can occur multiple times in one session.

This flow is applicable to the REST APIs, SmartConsole CLI, mgmt_cli and Gaia's CLI as well.

When making a SmartConsole CLI, the login step already took place when you launched SmartConsole and passed the login dialog.

Changes that you perform using the CLI join the other changes that you perform using the GUI and they are all published together.

When you run a 'mgmt_cli' command and you don't provide any session information, the tool follows the steps above: it logs-in, makes the change, publish it and logs out.

For example, in:

mgmt_cli add host name myHost ip-address 192.168.0.1

There's nothing to associate this command with a previous login command (a session), without a session mgmt_cli cannot add the host to the database.

mgmt_cli creates a session for you by asking for credentials and logging-in. Then it adds the host, publish the changes and logs out.

When creating many commands this becomes inefficient.

A more effective way would be to login once, make many changes and publish all the changes just once.

when calling the "mgmt_cli login <optional params>" command, a typical output would look like this:

uid: "0d3cdfea-44a5-4ddc-979a-3c7aac97e5ef"

sid: "EUPuch5QkG7hPAeo1nFA8817MJ4xDpj9mm896jFzONU"

url: "https://127.0.0.1:443/web_api"

session-timeout: 600

last-login-was-at:

  posix: 1490026351887

  iso-8601: "2017-03-20T18:12+0200"

Note the session-id (sid) token in the response.

If I now run:

mgmt_cli add host name myHost2 ip-address 192.168.0.1 --session-id EUPuch5QkG7hPAeo1nFA8817MJ4xDpj9mm896jFzONU

The host will not be published automatically.

I can run other mgmt_cli commands, pass the session-id token to them and accumulate the changes in one session.

When I'm done, I need to call the 'publish' command. Like this:

mgmt_cli publish --session-id EUPuch5QkG7hPAeo1nFA8817MJ4xDpj9mm896jFzONU

mgmt_cli logout --session-id EUPuch5QkG7hPAeo1nFA8817MJ4xDpj9mm896jFzONU

Fortunaly, there's a way that can simplify this process and save you the trouble of having to parse the output of the login command.

The mgmt_cli tool can read the output of a login command and extract the "sid" field for you.

For example:

mgmt_cli login <optional parameters> > id.txt

mgmt_cli add host name myhost3 ip-address 192.168.0.3 -s id.txt

mgmt_cli add host name myhost4 ip-address 192.168.0.4 -s id.txt

mgmt_cli add host name myhost5 ip-address 192.168.0.5 -s id.txt

mgmt_cli add host name myhost6 ip-address 192.168.0.6 -s id.txt

mgmt_cli publish -s id.txt

mgmt_cli logout -s id.txt

In the above example, the output of the login command is redirected to a file (id.txt).

All other commands read this file and extracted the session-id token from it.

Note:

If you want to create thousands of objects, I recommend to perform a 'publish' command every 100 changes and not to accumulate too many changes and publish all of then at once.

View solution in original post

Highlighted

This is probably a super-dumb question as I'm new to the R80 APIs but when I use the commands as listed to create a session (mgmt_cli login -u admin -p <ckp password> > sid.txt) this seems to be accepted but when i then try and run a command referencing this session eg "mgmt_cli add host name test123 ip-address 172.16.1.1 -s sid.txt" i get an error:  "failed to open login output file [sid.txt]".  Can someone tell me where I'm going wrong?  It looks like a permissions error but I'm using the admin account i created upon setting up the management server.  Have looked for the api.elg log file but can't find one.  Please help!

0 Kudos
Highlighted

Sorry I am just seeing this now but I found your problem when I was having the same problem. The problem isn't actually a checkpoint problem per se. I am assuming you had a PowerShell prompt up when you ran the command to create id.txt and then again to run the commands that rely on that id.txt file. What has happened is the encoding of file that was created by the command. The PowerShell prompt may have created it in a format that mgmt_cli.exe doesn't understand. Then when you try to reference that file, it gives the error that you received. If you were to open a command prompt and create your id.txt file in that window, you could then either stay in CMD or go back to PowerShell and reference the file created in CMD and your commands should work just fine.

 

There is a lengthy discussion that I am still digesting on this topic (UTF-8, UTF-16, BOM, etc.)

Charles

NOTE: I did a little further testing and found the following:

CMD - Creates an id.txt file that will work with mgmt_cli in CMD, Windows PowerShell 5.1 and PowerShell 6.x+

Windows PowerShell 5.1 - Creates a file in a format that doesn't work with mgmt_cli (by default)

PowerShell 6.x+ - Creates an id.txt file that will work with mgmt_cli in CMD, Windows PowerShell 5.1 and PowerShell 6.x+

It has to do with the creation of a file with and without a BOM more than the UTF version.

0 Kudos