diff --git a/README.md b/README.md index 023d049..5ad8657 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ In no event shall Zerto, its authors or anyone else involved in the creation, pr In 9.5U1, Zerto introduced a new Zerto Virtual Manager Appliance (ZVMA) which differs from the "classic" Zerto Virtual Manager installed on a Windows Server. First and foremost, the authentication has changed to use [Keycloak](https://www.keycloak.org), an "Open Source Identity and Access Management" solution which supports a wide range of authentication methods. With that, scripts built for the classic ZVM will not work without modification. Instead of embedding a username and password into a script, an administrator would create a secret within Keycloak, call a Keycloak API with that secret, then receive a token to make calls to the APIs on the ZVML appliance going forward. -These code samples provide sample code in PowerShell showing how one could connect to a ZVM Appliance and perform some common operations, such as list VPGs. +These code samples provide sample code showing how one could connect to a ZVM Appliance and perform some common operations, such as list VPGs. # Relevant Zerto Documentation @@ -15,4 +15,5 @@ These code samples provide sample code in PowerShell showing how one could conne # Code Samples in this Repo: -- [ZVML-simple-list-vpgs.ps1](ZVML-simple-list-vpgs.ps1) - Shows how to connect to ZVM Linux appliance using Keycloak token, then list VPGs of a Zerto site +- [zvma-simple-list-vpgs.ps1](zvma-simple-list-vpgs.ps1) - PowerShell example of how to connect to ZVM Linux appliance using Keycloak token, then list VPGs of a Zerto site +- [zvma-simple-list-vpgs.py](zvma-simple-list-vpgs.py) - Python 3.x example of how to connect to ZVM Linux appliance using Keycloak token, then list VPGs of a Zerto site diff --git a/zvma-simple-list-vpgs.ps1 b/zvma-simple-list-vpgs.ps1 new file mode 100644 index 0000000..4dac822 --- /dev/null +++ b/zvma-simple-list-vpgs.ps1 @@ -0,0 +1,83 @@ +<# +Legal Disclaimer +This script is an example script and is not supported under any Zerto support program or service. The author and Zerto further disclaim all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. + +In no event shall Zerto, its authors or anyone else involved in the creation, production or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or the inability to use the sample scripts or documentation, even if the author or Zerto has been advised of the possibility of such damages. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. +#> + +# Notes: +# - requires ZVM Linux Appliance 9.5U1 or higher, developed and tested on 9.5U3 + +# Variables to Configure + +$zvmAddress = "" # IP address or DNS name +$keycloakClientID = "" # defined in Keycloak - string name +$keycloakClientSecret = "" # defined in Keycloak - long string + +$skipCertificateCheck = $true # for self-signed certs, so this flag is passed to Invoke-RestMethod to allow it to proceed. + +# Nothing below this line needs to be changed + +# Setup API string conventions for later use + +$keyCloakApiBase = "https://" + $zvmAddress + "/auth/realms/zerto/protocol/openid-connect/token" +$zvmApiBase = "https://" + $zvmAddress + "/v1/" + +# Connect to Keycloak with secret and get token +# Note: using Splat concept to neatly layout the arguments for Headers, Body, Method, and URI before making the call +# Splat is defined like a variable ($ prefix) but referenced in special way (@ prefix) which maps parameter/value for the function as key value pairs + +$request = @{ + + Headers = @{ + ContentType = "application/x-www-form-urlencode" + } + + Body = @{ + client_id = $keycloakClientID + client_secret = $keycloakClientSecret + grant_type = "client_credentials" + } + + StatusCodeVariable = "statusCode" + + Method = "POST" + URI = $keyCloakApiBase + + SkipCertificateCheck = $skipCertificateCheck +} + +try { + $result = Invoke-RestMethod @request +} +catch { + Write-Error "Error connecting to Keycloak" -ErrorAction Stop +} + +$token = $result.access_token + +# Now that we have a token because of successful Keycloak authentication, we can proceed with Zerto REST API calls + +$request = @{ + + Headers = @{ + ContentType = "application/json" + Authorization = "Bearer ${token}" + } + + StatusCodeVariable = "statusCode" + + Method = "GET" + URI = $zvmApiBase + "vpgs/" + + SkipCertificateCheck = $skipCertificateCheck +} + +try { + $result = Invoke-RestMethod @request +} +catch { + Write-Error "Error making API call to ZVM" -ErrorAction Stop +} + +$result | select VPGName,VMsCount, SourceSite, TargetSite, ActualRPO | format-table \ No newline at end of file diff --git a/zvma-simple-list-vpgs.py b/zvma-simple-list-vpgs.py new file mode 100644 index 0000000..f9a2c0b --- /dev/null +++ b/zvma-simple-list-vpgs.py @@ -0,0 +1,80 @@ +# Legal Disclaimer +# This script is an example script and is not supported under any Zerto support program or service. The author and Zerto further disclaim all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. +# In no event shall Zerto, its authors or anyone else involved in the creation, production or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or the inability to use the sample scripts or documentation, even if the author or Zerto has been advised of the possibility of such damages. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. +# + +# Notes: +# - requires ZVM Linux Appliance 9.5U1 or higher, developed and tested on 9.7U1 + +# Libraries needed + +import requests +import json + +# Variables to Configure + +zvmAddress = "" # IP address or DNS name +keycloakClientID = "" # defined in Keycloak - string name +keycloakClientSecret = "" # defined in Keycloak - long string +verifyCertificate = False + +# Setup API string conventions for later use + +keyCloakApiBase = "https://" + zvmAddress + "/auth/realms/zerto/protocol/openid-connect/token" +zvmApiBase = "https://" + zvmAddress + "/v1/" + +# Connect to Keycloak with secret and get token + +uri = keyCloakApiBase + +headers = { + 'Content-Type': 'application/x-www-form-urlencoded' + } + +body = { + 'client_id': keycloakClientID, + 'client_secret': keycloakClientSecret, + 'grant_type': 'client_credentials' +} + +try: + response = requests.post(uri, headers=headers, data=body, verify=verifyCertificate) +except BaseException as e: + print("Exception:", e) + quit() + + +if response.ok: + token = response.json()['access_token'] +else: + print("HTTP %i - %s, Message %s" % (response.status_code, response.reason, response.text)) + quit() + +# Now that we have a token because of successful Keycloak authentication, we can proceed with Zerto REST API calls + +uri = zvmApiBase + 'vpgs/' + +headers = { + 'Content-Type': 'application/json', + 'Authorization': 'Bearer ' + token + } + +body = { +} + +try: + response = requests.get(uri, headers=headers, data=body, verify=verifyCertificate) +except BaseException as e: + print("Exception:", e) + quit() + +if response.ok: + vpgInfo = response.json() +else: + print("HTTP %i - %s, Message %s" % (response.status_code, response.reason, response.text)) + quit() + +# Print JSON out in a nice way + +print ("VPGs:") +print (json.dumps(vpgInfo, indent=1))