Modern Data Protection with ChatOps – Using PoshBot and Rubrik APIs

One theme that I repeatedly drive home on the Datanauts Podcast is the need to collaborate across various silos to deliver a higher quality product and increase your own happiness. One method for doing this is ChatOps – the idea of performing operational tasks in a group setting in a chat environment such as Slack.

A few months back, Brandon Olin, now an SRE over at StackOverflow (congrats again!), pinged me about collaborating on a project for PoshBot, his incredibly popular chat bot constructed from PowerShell. The goal was to combine the PowerShell SDK that my colleagues and I have written for Rubrik into a new module that could plug into PoshBot. Brandon did all of the heavy lifting to kick things off, including the authentication work, because he’s a nice guy.

Today, I’m happy to share the results of this labor and discuss some of the inner workings of a PowerShell fueled chat bot.

Overview of ChatOps with PoshBot

Let us begin with a look at PoshBot. You can view the code here and the documentation here. In a nutshell, this extremely robust framework is capable of translating just about any written commands in Slack into PowerShell commands sent to any number of plugins. This includes the builtin plugin that handles various help and trout slapping functions.

So many commands, so little time.

The documentation for getting started with PoshBot is fairly in-depth. I even added some more clarity to the Quickstart guide based on my own newbie level experience at the beginning. Some things I really like about PoshBot:

  • It’s open source and created by the community.
  • You can leverage permissions and roles to support RBAC needs.
  • The plugin architecture is simple and intuitive, which reduces the amount of effort required to write new functions.
  • The documentation is well written and comprehensive, including steps needed to generate the Slack token and find Slack’s administrative user information.

PoshBot Configuration for Rubrik

Since PoshBot is just a PowerShell Module, it can be run anywhere that has network connectivity to the Slack APIs (public Internet) and whatever your modules need. For this post, I’m going to run the code on my laptop using a corporate VPN connection back into my lab’s co-location.

I’ve written a Quick Start Guide and placed it in project’s repository on GitHub here. There isn’t all that much to do in order to get the Rubrik module operational beyond these few steps:

  1. Grab the module folder and place it in your $env:PSModulePath of choice. I suggest OneDrive\Documents\PowerShell\Modules if you’re on a modern Windows environment. Or, wherever you wish on MacOS or Linux.
  2. Instruct PoshBot to install the module and load the commands as per the Quick Start Guide.
  3. Edit the PoshBotConfig.psd1 file and add your Rubrik cluster authentication information. I have also opened an Issue on the project to see about adding Token authentication.

That’s it. Once that’s done, you should be able to issue the !help command once more and start seeing new options appear. Example:

Some new Rubrik commands have appeared.

Custom ChatBot Command Prefix

Note that you can either use the long name for a command, such as rubrik_vm for virtual machine information, or the short name for a command, which would be just vm in this example.

By default, commands can be issued to PoshBot using an ! prefix. Thus, rubrik_vm would be sent to Slack’s chat as !rubrik_vm to get PoshBot to respond. You can also use halas a prefix if you’re feeling nostalgic for 2001: A Space Odyssey. 🙂

In my case, I prefer to use Roxie as the personality for my chat bot. To do this, edit the PoshBotConfig.psd1 file and find the AlternateCommandPrefixes variable. It is an array made up of strings. Each one is a prefix that your chat bot will monitor and respond to. Adding Roxie and roxie ensures that either spelling of the name will work.

AlternateCommandPrefixes = @('bender','hal','Roxie','roxie')

Now you can type roxie vm to ask Roxie to retrieve information on virtual machines in the environment. I’ll try that below and provide some more information by way of parameters with arguments to filter down to what I specifically want.

Not bad!

Constructing Live Mounts from Backup Snapshots

One of the more common use cases for people who run a Rubrik cluster is wanting to construct a Live Mount. This is a zero-space clone of a virtual machine (or other objects) based on a backup or “snapshot” of that machine. There are two ways you can accomplish this: step-by-step or as a single command.

ChatOps: Step-by-Step Workflow

Let us start with the individual commands. These are:

  1. Get the VM’s id value.
  2. Look up all of the snapshot id values for that VM.
  3. Generate a Live Mount based on that snapshot id.

Start by gathering the id of the VM:

roxie vm -name 'cwahl-win' -primaryclusterid 'local' -sla 'Bronze GCP DND' 

The resulting id value is the globally unique information for a workload. We then ask Roxie for all snapshots known for that object by sending this to the chat:

roxie snapshot -id 'VirtualMachine:::1226ff04-6100-454f-905b-5df817b6981a-vm-78' 

Because I did not specify a quantity of snapshots to return, Roxie chose the more recent 3 results. I will create a Live Mount using the most recent id value, which correlates to the most recent backup, with:

roxie mount -create -id '32dbf50e-cdb8-47d4-880b-b5f24c58f39d' -poweron 

And that’s it. The Live Mount only takes a few seconds to spin up. Note that you can choose any snapshot regardless of age. I’m just being lazy. 🙂

ChatOps: Single Command

While it is educational to see the steps in action, it’s not fun doing a Live Mount this way. Fortunately, there is another command that skips all the steps: fullmount.

Chat the command roxie help fullmount to get details on the command (or any command) with the required syntax. This command requires three items:

  1. The snapshot to use for the Live Mount in order from newest to oldest. Thus, 0 would be the most recent snapshot, 1 would be the second most recent, 2 would be the third most recent, and so on.
  2. The type of object, such as a vm.
  3. The object id, such as VirtualMachine:::1226ff04-6100-454f-905b-5df817b6981a-vm-78 from the earlier example. This prevents accidentally using a non-unique field, such as the name of a virtual machine (which can be identical across environments or even within the same vCenter).

Let us try this command out to see the difference:

roxie fullmount -id 'VirtualMachine:::1226ff04-6100-454f-905b-5df817b6981a-vm-78' -type 'vm' -snapshot 0 

Much easier.

Going Forward with ChatOps, PowerShell, and Rubrik

This project is 100% open source and part of the Rubrik Build program. If you like what’s here thus far, great! I’m open to any ideas, such as:

  1. Ways to improve the documentation.
  2. New use cases or commands you’d like to see generated.
  3. Code contributions.

Even if you don’t plan on using Rubrik, I think you should definitely take a look at PoshBot and see if there are any groovy plugins that you and your team can take advantage of in your environment. 🙂