Clone roles between two virtual center servers

So i wanted to make a copy of a role that is in vc1. I wanted to have it in vc2.
Basically you can just open two vSphere clients, one to vc1 and other to vc2, and just select each privilege that is in this role and select it on second window. (click,click,click…) Yeah, if you have 1 role to copy, with very small amount of privileges then it is not such issue. But what if you have more?
Ok, let’s start from the beginning.

Sitauation:
VC1 ---|
.      |
.    RoleA

VC2 ---|
.      |
.    RoleA

We want to copy roleA from VC1 to VC2.
First check if your powercli runs in multi VC mode.

PowerCLI C:\Get-PowerCLIConfiguration

Proxy Policy    Default Server
                Mode
------------    ---------------
UseSystemProxy  Multiple

If not, set the default server mode to multi.

Set-PowerCLIConfiguration -DefaultVIServerMode multiple -Confirm:$false

Once this is set you can now connect to multiple VC servers. Since -server handles array we can do:

Connect-viserver -server "VC1","VC2" -credential (get-credential)

Role that will be cloned has name RoleA within VC1, let’s view it:

Get-VIrole -Name "RoleA" -Server VC1 | fl *

We can see it’s description,Name,ID and what will be most important for us PrivilegeList
Let’s store the privilege list for this roleA from VC1. We will store those privileges ids as a string in string array.

[string[]]$privsforRoleAfromVC1=Get-VIPrivilege -Role (Get-VIRole -Name "RoleA" -server VC1) |%{$_.id}

Once we have the privileges ids, we can now create blank role in VC2.

New-VIRole -name "RoleA" -Server VC2

We will now populate privileges in our empty RoleA within VC2:

Set-VIRole -role (get-virole -Name "RoleA" -Server VC2) -AddPrivilege (get-viprivilege -id $privsforRoleAfromVC1 -server VC2)

If everything went fine we should have now 1:1 copy of our RoleA. Let’s check it:

(Get-VIRole -Name RoleA -Server VC1).PrivilegeList.Count
(Get-VIRole -Name RoleA -Server VC2).PrivilegeList.Count

If you don’t want to use this additional variable that holds privileges you can put it directly in one line

Set-VIRole -role (get-virole -Name "RoleA" -Server VC2) -AddPrivilege (get-viprivilege -id (Get-VIPrivilege -Role (Get-VIRole -Name "RoleA" -server VC1) |%{$_.id}) -server VC2)

That’s it 😉

Advertisements