Import exclusions

[Leigh Hunter]

Greetings,

I am evaluating the use of dpBuddy for deployment and backup
purposes. I see the export, backup, and checkpoint functions will be
useful.

my question is wrt import. currently, I export the objects with
referenced objects and files and then import. During import I exclude
the crypto objects (keys, certificates, identification, validation)
this is due to the way DataPower handles certs:/// and that I use
different certificates for DEV, TEST, etc.

is there any ability to exclude these during import (or export)? any
other best-practice or technique you could suggest?

thank you

leigh

[Alexander 'Sasha' Ananiev]

Leigh,
You should be able to filter out crypto objects using deployment policy. dpbuddy import command supports deployment policy as one of the parameters.
-Alexander

[Leigh Hunter]

Thanks for your responses,

I have checked out the possibility of deployment policy to delete an object.  unfortunately the policy is not applied on export; only import.  this is a problem for me.  although the crypto key and certs files are  unique for DEV, TEST, etc the names of the crypto identification, validation, and profiles are the same (as are the names of all the objects). 

As has been suggested, it may be necessary use an XSLT to remove the crypto objects from the export prior to import.  alternatively, a deployment into a "staging" domain with a deployment policy to remove the crypto certs and keys which is then exported and imported into the "target" domain. 

Actually, now that I've typed it, this might be a good approach as it does not require "external" XSLT which could potentially break as versions of firmware change.  I could still use dpbuddy to perform the export, import to staging w deployment policy (remove cyrpto), export from staging, and import to target w target deployment policy.

thoughts?

thanks for your input and suggestions.

Leigh

[Leigh Hunter]

A little more detail ... I've triied a Deployment policy with the
following:

*/*/crypto/cert?Name=.* Delete Configuration
*/*/crypto/key?Name=.* Delete Configuration

which did NOTHING. Subsequently I triied

*/*/crypto/cert?Name=.*&Property=Filename&Value=.* Delete
Configuration
*/*/crypto/key?Name=.*&Property=Filename&Value=.* Delete Configuration

which deleted the filename from the crypto cert and crypto key
objects. From this, I am inferring that I had misunderstood the
function of the delete configuration. It appears to only delete a
property of an object and not the delete the (entire) object itself.

I wanted to delete the crypto cert and key form the import so that it
will NOT be imported into the target domain. If the crypto cert and
crypto key already exist in the target domain then they would remain
unaffected.

Have I missed/misunderstood something? Will I have to resort to XSLT
of the export XML file to remove all <CryptoCertificate> ... </
CryptoCertificate> instances?

Thank you

Leigh

[Leigh Hunter]

spent more time with this thing called google :-) and the
developerworks site. I had not looked at the "Filtered Configuration"
option on the "Main" tab. Up until now, I have not used this feature.

by adding the following:

*/*/crypto/cert?Name=.*
*/*/crypto/key?Name=.*

seems to be working although more testing is required.

Thank you to everyone for the support/patience.

Leigh