How to Export and Import RBAC Users and Roles
Currently there is no built-in way for exporting RBAC Users and Roles from a BSA environment. If you have a separate BSA environment, and do not want to have to recreate an entire RBAC setup that you have created, you can follow the process described here.
Exporting Users and Roles
Use the following NSH script to export all roles and users from BS. (Note: This was tested on 8.0 SP5.) Once we perform the export, we will use another script to perform the import.
Feel free to modify this script as needed.
Input
The first parameter $1 is the Authentication Profile that you use to connect to the BladeLogic Application Server.
Script
blcli_setoption authType BLSSO
blcli_setoption roleName RBACAdmins
blcli_setoption serviceProfileName "$1"
blcli_connect
ROLESDIR="/e/blexports/auth/roles"
USERSDIR="/e/blexports/auth/users"
if [ -d "$ROLESDIR" ]
then
echo Directory "$ROLESDIR" exists
else
echo $ROLESDIR does not exist.
echo Creating directory ${ROLESDIR}
mkdir -p ${ROLESDIR}
fi
if [ -f "$ROLESDIR/ROLES" ]
then
echo "$ROLESDIR/ROLES" exists
rm "$ROLESDIR/ROLES"
else
echo "$ROLESDIR/ROLES" does not exist.
fi
echo
echo Exporting Roles
echo
blcli_execute RBACRole listAllRoleNames
blcli_storeenv ROLES
for ROLE in $ROLES
do
echo "${ROLE}" >> "${ROLESDIR}/ROLES"
done
echo
echo Finished exporting Roles
echo
if [ -d "$USERSDIR" ]
then
echo Directory "$USERSDIR" exists
else
echo Creating directory $USERSDIR
mkdir -p ${USERSDIR}
fi
echo
echo Exporting Users
echo
for r in `cat "${ROLESDIR}"/"ROLES"`
do
echo Exporting members of "${r}"
blcli_execute RBACUser getAllUserNamesByRole "${r}"
blcli_storeenv AUTHS
echo $AUTHS
echo "${AUTHS}" > "${USERSDIR}/${r}"
done
echo
echo Finished exporting Users
echo
echo done.
Importing Users and Roles
After you perform the export, we'll need to then copy the output to the new environment. Within that new environment, we will use the following NSH script, which imports roles and users into BSA (again, this was tested on 8.0 SP5).
Feel free to modify as needed.
Script
blcli_setoption authType BLSSO
blcli_setoption roleName RBACAdmins
blcli_setoption serviceProfileName "$1"
blcli_connect
ROLESDIR="/e/blexports/auth/roles"
USERSDIR="/e/blexports/auth/users"
if [ -d "$ROLESDIR" ]
then
echo Directory "$ROLESDIR" exists
else
echo $ROLESDIR does not exist.
exit 1
fi
if [ -f "$ROLESDIR/ROLES" ]
then
echo "${ROLESDIR}/ROLES" exists
else
echo "${ROLESDIR}/ROLES" does not exist.
exit 1
fi
if [ -d "$USERSDIR" ]
then
echo "$USERSDIR" exists
else
echo "$USERSDIR" does not exist.
exit 1
fi
echo
echo Importing Roles and Users....
echo
for AUTH in `cat "${ROLESDIR}"/"ROLES"`
do
blcli_execute RBACRole isRoleExists "${AUTH}"
blcli_storeenv roleExists
if [ "$roleExists" = "false" ]
then
echo Adding "${AUTH}"
blcli_execute RBACRole createRole "${AUTH}" "${AUTH}"
else
echo "${AUTH}" already exist
fi
echo Importing users for "${AUTH}"
if [ -f "${USERSDIR}"/"${AUTH}" ]
then
echo "${USERSDIR}/${AUTH}" exists
for user in `cat "${USERSDIR}/${AUTH}"`
do
blcli_execute RBACUser isUserExists "${user}"
blcli_storeenv userExists
if [ "$userExists" = "false" ]
then
echo Adding "${user}"
blcli_execute RBACUser createUser "${user}" "bladelogic" "${user}" "true"
blcli_execute RBACUser addRole "${user}" "${AUTH}"
blcli_execute RBACUser setAdkAuthenticationEnabled "${user}" true
blcli_execute RBACUser setSrpAuthenticationEnabled "${user}" false
else
echo "${user}" already exist
fi
done
else
echo "$USERSDIR/${AUTH}" does not exist.
exit 1
fi
done
echo
echo Finished Importing Users and Roles
echo
echo done.