Wednesday, January 18, 2023

Full backup to NSX-T with Ansible tower

Hereunder is a playbook to backup all your NSX-T components through simple API calls and then it will make another GET API call ?filter=Type- to backup everything in the NSX-T.

The Ansible playbook will save the output to a remote SFTP server

What you will need to update in the below playbook?

1. The SFTP server.

2. The components paths.


The Playbook on Github



- hosts: remotesftpserver
  vars:
    date: "{{ lookup('pipe', 'date +%Y%m%d') }}"
    whichnsx: "dev_nsx"
    host: "https://nsxturl/policy/api/v1/infra"
    nsxpassword: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          6632653863dfsdfsdufghjkfdsjfhsdifhsdjndsjkchusihcsdciyugsdlchjo
  tasks:
  - name: NSX-T Components Backup
    uri:
      url: "{{ host }}{{ item }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: admin
      password: "{{ nsxpassword }}"
      method: GET
      status_code: "200"
      body_format: json
    with_items:
      - /segments
      - /domains/default/groups
      - /domains/security-policies
      - /tier-0s/Test-T0
      - /tier-0s/Test-T0/locale-services/default/bgp
      - /tier-0s/Test-T0/locale-services/default/bgp/neighbors
      - /tier-0s/Test-T0/locale-services/default/interfaces
      - /tier-1s/T1
    register: components
  - debug: var=components

  - local_action:
      module: copy
      content: "{{ components }}"
      dest: "/tmp/components.json"


  - name: NSX-T All components Backup
    uri:
      url: "{{ host }}{{ item }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: admin
      password: "{{ nsxpassword }}"
      method: GET
      status_code: "200"
      body_format: json
    with_items:
      - ?filter=Type-
    register: all
  - debug: var=all

  - local_action:
      module: copy
      content: "{{ all }}"
      dest: "/tmp/all.json"


  - name: Create the backup directory
    file:
     path: /backup/nsx_backup/api/{{ whichnsx }}_{{ date }}
     state: directory
     owner: root
     group: root
     mode: 0750


  - name: Copy the first file to a remote FTP remotesftpserver
    copy:
      src='/tmp/components.json'
      dest='/backup/nsx_backup/api/{{ whichnsx }}_{{ date }}/components.json'


  - name: Copy the second file to a remote FTP remotesftpserver
    copy:
      src='/tmp/all.json'
      dest='/backup/nsx_backup/api/{{ whichnsx }}_{{ date }}/all.json'













































































































at No comments:
Labels: , , , ,

Thursday, January 5, 2023

Ansible Playbook to backup all NSX-T components

Herebelow you will find an ansible playbook to backup all your NSX-T components. You can add more tasks for your different NSX-Ts. In my playbook I use 2 tasks for my DEV NSX-T. but I have another URL variable and I can use it in another 2 tasks.

The first task will get the output of the listed items (Segmets, Groups, FW Policies,...etc). and the second task will get everything. but it will not be easy to work on teh second task during crisies. because it contains a lot of data and you will get lost 😂.

Note: you can use the second task response to restore your NSX-T environment. 

- hosts: localhost
  connection: local
  gather_facts: no
  vars:
    host:
      dev:
        - https://URL1/policy/api/v1/infra
      prod:
        - https://URL2/policy/api/v1/infra/
    nsxpassword: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          6632653863373166623766653666666666666666661393965633934386536363463386463
          
  tasks:
  - name: DEV NSX-T Backup
    uri:
      url: "{{ host.dev[0] }}{{ item }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: admin
      password: "{{ nsxpassword }}"
      method: GET
      status_code: "200"
      body_format: json
    with_items:
      - /segments
      - /domains/default/groups
      - /domains/security-policies
      - /tier-0s/Test-T0
      - /tier-0s/Test-T0/locale-services/default/bgp
      - /tier-0s/Test-T0/locale-services/default/bgp/neighbors
      - /tier-0s/Test-T0/locale-services/default/interfaces
      - /tier-1s/T1
    register: response
  - debug: var=response

  - name: DEV NSX-T All components Backup
    uri:
      url: "{{ host.dev[0] }}{{ item }}"
      force_basic_auth: yes
      validate_certs: no
      headers:
        Accept: "application/json"
        Content-Type: "application/json"
      user: admin
      password: "{{ nsxpassword }}"
      method: GET
      status_code: "200"
      body_format: json
    with_items:
      - ?filter=Type-
    register: response
  - debug: var=response
















































































































































at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)

NSX-T (local log in) with VIDM integration

We will explain how to log in with a local account to your NSX-T which integrated with VIDM. We integrated our NSX-T into the VIDM. We had a...