Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Duane_Toler
Advisor

"where-used" does "publish" ?

Jump to solution

 

mgmt_cli -f json -r true -d DOMAIN where-used name "object"

At the end, mgmt_cli does a session publish... !??!

Yes I know can do a full session login and choose "read-only: true",  but for a quick "where-used", I didn't think that'd be necessary.

 

API v1.6.1  (R80.40 + recent JHF)

 

That behavior seems a bit odd, and frankly scares the life out of me! (I'm a paranoid curmudgeon...)

 

0 Kudos
2 Solutions

Accepted Solutions
Omer_Kleinstern
Employee
Employee

Hi,

 

The publish was removed from where-used in R81.

You can open a TAC case to port the fix.

 

Thanks,

Omer

View solution in original post

0 Kudos
Tomer_Noy
Employee
Employee

It sounds like you are writing a script to iterate through all domains and run "where-used" on some global object to see which domains are using it and how. Indeed, publishing on every domain will slow things down, so it should be avoided. However, that is not the only way to speed things up...

Starting from API version 1.7, there is a new parameter to the "where-used" command called "domains-to-process". If you log into the System Domain and run the where-used from there, then you can pass domains-to-process = ALL_DOMAINS_ON_THIS_SERVER. That will run an efficient where-used calculation on all domains on this server.

The internal query leverages indexes that span domains and is much more efficient than iterating over domains and doing a separate where-used on each one. 

This functionality is also available in SmartConsole starting from R81 in the System domain. It comes with another feature called cross-domain search that lets you find object definitions across domains (not just where-used).

** If you have multiple MDS servers with different active domains, you should run it once per server.

** You mentioned that you are using API version 1.6, so this might not be accessible to you, but it's worth sharing for the general population and of course will be useful for you once you upgrade

View solution in original post

8 Replies
PhoneBoy
Admin
Admin

mgmt_cli -r true will do a publish after logging in and executing the specified command.
That’s expected behavior. 

Duane_Toler
Advisor

🤣 🤣 🤣 🤣 🤣 🤣 🤣 🤣 🤣 

Wow, it's been A LONG time apparently since I last used "-r true"!! *now* I remember... whew.  That's what I get for spending most of my time in "session land"!  

Thanks for kick. 😁

 

0 Kudos
the_rock
Champion
Champion

I know, I always forget that too LOL

0 Kudos
MR_K
Participant

Hey @PhoneBoy,

Thanks for that answer, but the publish also occurs when not using -r true.

That's what I see in the CLI:

mgmt_cli where-used name ext-node-52.52.64.247 -d Global show-membership true
Username: *{username}*
Password:
used-directly:
total: 1
objects:
- uid: "5f5058e7-47fc-4409-8149-e8c61a1785d1"
name: "ext-tie.gti.mcaffee.com"
type: "group"
domain:
uid: "1e294ce0-367a-11e3-aa6e-0800200c9a66"
name: "Global"
domain-type: "global domain"
threat-prevention-rules: []
nat-rules: []
access-control-rules: []
https-rules: []

 

---------------------------------------------
Time: [12:31:13] 4/4/2022
---------------------------------------------
"Publish operation" in progress (10%)


---------------------------------------------
Time: [12:31:23] 4/4/2022
---------------------------------------------
"Publish operation" succeeded (100%)

 

Do you have an idea why the publish comes here too?
I am trying to write a script that will do a where-used for each CMA, and having a Publish after every one makes the command take ages!

Also running on API v1.6.1

0 Kudos
PhoneBoy
Admin
Admin

Hm... good question.
@Omer_Kleinstern ?
Might also be worth a TAC case.

0 Kudos
Omer_Kleinstern
Employee
Employee

Hi,

 

The publish was removed from where-used in R81.

You can open a TAC case to port the fix.

 

Thanks,

Omer

0 Kudos
Tomer_Noy
Employee
Employee

It sounds like you are writing a script to iterate through all domains and run "where-used" on some global object to see which domains are using it and how. Indeed, publishing on every domain will slow things down, so it should be avoided. However, that is not the only way to speed things up...

Starting from API version 1.7, there is a new parameter to the "where-used" command called "domains-to-process". If you log into the System Domain and run the where-used from there, then you can pass domains-to-process = ALL_DOMAINS_ON_THIS_SERVER. That will run an efficient where-used calculation on all domains on this server.

The internal query leverages indexes that span domains and is much more efficient than iterating over domains and doing a separate where-used on each one. 

This functionality is also available in SmartConsole starting from R81 in the System domain. It comes with another feature called cross-domain search that lets you find object definitions across domains (not just where-used).

** If you have multiple MDS servers with different active domains, you should run it once per server.

** You mentioned that you are using API version 1.6, so this might not be accessible to you, but it's worth sharing for the general population and of course will be useful for you once you upgrade

S_E_
Advisor

@Tomer_Noy wrote:

 

...The internal query leverages indexes that span domains and is much more efficient than iterating over domains and doing a separate where-used on each one. 

This functionality is also available in SmartConsole starting from R81 in the System domain. It comes with another feature called cross-domain search that lets you find object definitions across domains (not just where-used).

** If you have multiple MDS servers with different active domains, you should run it once per server.

 


Hi,

we run into the same challenge (MDSM R80.40) 

Using Global Policy with Global objects and pushing to domain policies works good. But the feature 'where used' does not work in this case. Running 'where used' in global policy might report 'not used' but in reality heavily used inside domains and provides confusion for admins/HelpDesk.

So upgrading might tackle cross-domain search. But you need to run manually on every MDS in the HA construct. correct?

Do you have any proposal/idea for such szenarios?

Regards

 

 

0 Kudos