Increasing the crc VM disk size for CodeReady Containers

Background

Red Hat CodeReady Containers (CRC) is a single-machine install of Red Hat OpenShift Container Platform (OCP), which is Red Hat's implementation of Kubernetes (K8s), with lots of other things on top. CRC allows you to run a full OCP instance on a single machine. This is really nice, since a full OCP install requires at least 9 (!) machines/VMs, with a pretty painful setup. The way CRC accomplishes this is to create a single VM (named "crc") that runs every part of the cluster. This is great for developers because they can develop cloud-native apps right on their laptop with just a bit of effort.

The problem I ran into was that my use case (trying to install Watson AI Ops Event Manager on CRC) kept failing because the crc VM kept running out of disk space, and there is no way to tell CRC to provision a larger disk. You can set the number of CPUs and amount of memory for the crc VM to use, but not the amount of disk space. I thought that this would be easy, but I was wrong, and that's why I'm writing this blog post.

Versions and hardware specs

I downloaded CRC 1.23.1 for this. Red Hat releases a new version about every 30 days, so YMMV. The main VM I installed (to act as my local machine) was a CentOS 7 VM with 16 CPUs and 128GB RAM. I'm running this VM in VMWare Workstation 16 Pro on a CentOS 7 host with 24 cores and 256GB RAM.

Start

After downloading CRC from Red Hat (https://cloud.redhat.com/openshift/create/local), you will run:

./crc setup

This will create a ~/.crc directory for your user. In this directory, you'll find a few files and directories, but the one we're interested in and need to change to is:

cd ~/.crc/cache/crc_libvirt_4.7.0

In this directory are the two files you'll need to modify:

crc.qcow2 - the virtual machine image for the crc VM. The operating system of this VM is called Red Hat Core OS (RHCOS), and is based on Red Hat 8.

crc-bundle-info.json - text information about the VM that needs to be manually edited after we modify crc.qcow2.

I found the information at this link: https://github.com/code-ready/crc/issues/127 extremely useful, but not quite complete, probably due to a change in CRC at some point. 

First Issue

My main VM is CentOS 7, which means that I need a different VM (CentOS8 or RHEL8) to actually make the changes. (I actually tried running CRC in a CentOS8 VM, but that failed miserably.) So I created a separate CentOS8 VM where I can do the work needed. That VM needs to have the following packages installed:

libguestfs-tools 

libguestfs-xfs 

Increase the disk size of the crc.qcow2 image

You need to copy the crc.qcow2 file to the CentOS8 machine and run the following commands. I wanted to add 900GB to the disk.

CRC_MACHINE_IMAGE=${HOME}/crc.qcow2

sudo qemu-img resize ${CRC_MACHINE_IMAGE} +900G

sudo cp ${CRC_MACHINE_IMAGE} ${CRC_MACHINE_IMAGE}.ORIGINAL

# user qemu needs access to the file AND the directory containing the file.

sudo chown qemu.qemu crc*

sudo mv crc* /tmp

cd /tmp

sudo virt-resize --expand /dev/vda4 ${CRC_MACHINE_IMAGE}.ORIGINAL ${CRC_MACHINE_IMAGE}

# The above command took 30+ minutes on my machine.

 

This is what success looks like at the end of the command:

Resize operation completed with no errors. 
Before deleting the old disk, carefully check that the resized disk boots and works correctly.

You can delete the crc.qcow2.ORIGINAL file.

Copy the crc.qcow2 file back

Now that you've modified the file, you need to copy it back to the same directory where it came from on the CentOS7 machine. You also need to change the owner and group to qemu.

Get the sha256sum value and size of the file

Run the following command to get the sha256 checksum for the qcow2 file:

sha256sum crc.qcow2

01839ceda9cad333d7ae9f5033a54c528698ec70bdde2077a7669efd9cf923c9

To get the size in bytes, run 'ls -l'.

Edit the crc-bundle-info.json file

Find the "storage" stanza, which will look like this:

  "storage": {

    "diskImages": [

      {

        "name": "crc.qcow2",

        "format": "qcow2",

        "size": "10867572736",

        "sha256sum": "01839ceda9cad333d7ae9f5033a54c528698ec70bdde2077a7669efd9cf923c9"

      }

    ]

  },

Change the values for size and sha256sum to match the commands you ran above.

Why?

This is required to ensure that your modified crc.qcow2 file is the one used by CRC. If you don't make this change, then the next time you run 'crc stop; crc delete; crc cleanup; crc setup; crc start', the original crc.qcow2 file will be extracted and used.

Now run 'crc start'

If you haven't alread run 'crc setup', you need to do that first. But 'crc start' is the command that will actually create the ~/.crc/machines/crc directory that will contain the crc.qcow2 file and config.json, which we're about to edit. The command will fail because the size of the disk is different from the size specified in the config.json file. The error will look like this:

INFO Creating CodeReady Containers VM for OpenShift 4.7.0...

Error creating machine: Error creating the VM: Error creating machine: Error in driver during machine creation: current disk image capacity is bigger than the requested size (999653638144 > 33285996544)

Happily, that number "999653638144" in the error is the exact value you need to enter in the config.json file. Edit config.json and search for "DiskCapacity". The value there is the original value for the image. Change the value to be the number above - in my case it is 999653638144. Yours will be different unless you chose to increase the disk by 900GB. Save your change to the file, and run 'crc start' again. Now crc VM should start up. You can ssh to the crcVM with the command:

ssh -i ~/.crc/machines/crc/id_ecdsa core@api.crc.testing

Once in the machine, you can run 'df -h' to verify that the /sysroot filesystem is the new, larger size.

VMWare Workstation 16 Pro on Windows 10 Shared Folders Not Available In Linux Guest

 This is a small problem with an easy fix, but I wanted to document it for others.

Running VMWare Workstation 16 Pro on Windows 10 Pro, when you create a Linux guest VM with Shared Folders enabled, the shared folders don't always show up in the guest VM. In the guest VM, you should see any shared folders under /mnt/hgfs. The problem is that they aren't seen there, even if you reboot the guest VM. The silly fix is to disable shared folders for the VM from VM->Settings->Options and SAVE that. Then go back into VM->Settings->Options and enable shared folders and SAVE that. Your shared folders should now be available under /mnt/hgfs. 

We're still your go-to experts for all IBM ITSM products

 While we've been posting about other products, our primary focus remains the IBM suite of ITSM tools, such as:

IBM Tivoli Monitoring

ITCAM

Netcool Operations Insight (and the individual products that make it up)

Watson AIOps

Instana

Our consultants have decades of experience in ITSM and ESM, and we can ensure that your implementation is successful.

Deleting newlines or merging two lines in a file using Notepad++

It took me longer than it should have to find this link explaining how to delete a newline or merge two lines in Notepad++:

https://stackoverflow.com/questions/11084086/notepad-merge-2-lines-into-1-line

Here's the text from the answer in case the above link disappears at some point:

Use the extended replace functionality and replace "\r\nname" with " name"

Substitute appropriate line ending characters for \r\n depending on the file.

If it is from windows, use \r\n

If it is from unix, use \n

If it is from mac, use \r

Basically, you need to find and replace the appropriate characters, and it works just like one would expect. Finding the complete set of correct characters was the key for me. Specifically, I wasn't finding "\r\n" (CRLF, the Windows newline characters). Using the above, I was able to successfully delete some spurious newlines in my data.

A new book on ServiceNow Event Management is available!

I just published my first book, Migrating to ServiceNow Event Management. In it, I provide tips and recommendations for migrating from an existing event management system to ServiceNow ITOM Event Management. The book provides details on some of the differences that exist between ServiceNow and event management systems that are not integrated with a CMDB. A large part of the book is devoted to the organizational information you need to capture to ensure a successful migration. 

It's available on Amazon in paperback or on Kindle.

https://www.amazon.com/gp/product/B08X31Y1B8

Call PowerShell script from batch file using a pseudo here file

 If you made it through the title of this post, you're in the right place. Due to security restrictions on a Windows 10 machine I was using, I needed to run a group of PowerShell commands in a single command from a batch file, and I found the solution here:

https://dmitrysotnikov.wordpress.com/2008/06/27/powershell-script-in-a-bat-file/

Basically, you enclose the whole set of commands in curly braces, encode those to a Base64 string, then pass that encoded string to the PowerShell command with the -EncodedCommand parameter. This encoded string is the "pseudo here file" mentioned in the title.

I needed the same code run every time, so the manual step of copy-and-pasting the encoded string wasn't a problem for me. If you need to programattically modify the code that needs to run, you're on your own. 

ServiceNow Event Rules: No support for If..Then..Else in regex

The Transform and Compose Alert Output section of an Event Rule in ServiceNow allows you to use regular expressions and grouping to parse data in incoming events. Almost full regular expression support is provided, but I wanted to point out one feature that's definitely not supported as of the Paris release: if..then..else conditionals. Here's a great description of this feature from regularexpressions.info. Basically, the format of this conditional is:

(?(condition)(then)|(else))

It's somewhat esoteric, but it can be useful in cases where you have two different string formats that you want to parse in a single event rule. I just tested this thoroughly on my dev instance, and it absolutely is not supported. While you can save the event rule with this syntax, you'll eventually see an error stating:

Invalid Regular Expression Field

I believe this is due to the fact that the regular expression engine does not support "lookbehind" (limitation documented here). In any case, it's not supported. I just wanted to document my findings here to save others a little headache.

Update 1/3/2021

The official name for this is Conditional Lookahead. You can play around with it at http://regex101.com if you're interested. 

And to make sure I was doing it correctly, I also tried this syntax in the Event Rule transform:

(?(?=my_pattern)(\d+)|(\w+))

This works in regex101, but gives the Invalid Regular Expression Field in the ServiceNow interface.

ServiceNow ITOM Health - Using a complex algorithm to bind an Alert to a CI

 By default with ServiceNow ITOM Health Event Management, an Alert is bound to a CI following this flowchart:

In 95-99% of implementations, you should work to configure components appropriately to leverage the above flow. 

However, there are some number of unique cases where you need to do something extremely specific that falls outside of the above decision-making process. For those cases, you will want to modify one or more of the Advanced Scripts under Event Management->Settings in the navigator. Specifically, to change the bound CI, you would modify the EvtMgmtCustom_PostBind_Create script to suit your needs. In this script, you can do anything you want to the alert GlideRecord before it's actually written to the database. 

Read the warnings in the script definition to realize that you do NOT want to modify this script unless you know what you're doing and have some very efficient code to run. But for those few cases where you need to set the bound CI according to some esoteric algorithm, this script is where it can be done.

How to get live metrics for CPU, Memory,Disk etc by running db2 queries in the tdw server.

I just received this question today from an ITM user and thought it would be best to answer it here.

First, The "Getting Started with IBM Tivoli Monitoring on Distributed Environments" PDF contains great information on ITM 6.1, and it is applicable to all of the 6.x versions:

http://www.redbooks.ibm.com/redbooks/pdfs/sg247143.pdf

Chapter 4 specifically goes over the Tivoli Data Warehouse, including the DB2 table and column names. Specifically, look at section 4.2.4 for descriptions of the different table names.

The tricky part in DB2 is that the table and column names are all case sensitive, which means you need to enclose the table name inside double-quotes in your sql statement. For example, you would use this SQL statement to get percent processor time for all processes for all servers:

select "%_Processor_Time","Process_Name" from "NT_Process"

If you want to see data that hasn't yet made it to the TDW, then you need to use the krarloff command described here:

https://www.ibm.com/support/pages/itm-agent-insights-using-krarloff-utility-view-binary-short-term-historical-data-0

Exception handling in Maximo automation scripts with try except

For the longest time, I thought that try/except blocks didn't work in automation scripts. A colleague asked me about them yesterday, so I figured I would try it out again, and found that they work. It's really just like normal Python exception handling. Here's a script I used to test it, with an Object Launch Point on Save for the SR object:

from psdi.server import MXServer

import sys

try:

  mbo.getMboValue("FOOBAR")

except:

  print "an error was encountered"

  e = sys.exc_info()[0]

  print(e)

The expected behavior is that a message will be written to the log file, but that an SR will be created, and that's exactly the behavior I observed. Here's what was in the log file:

[6/12/20 9:25:50:961 EDT] 000021c4 SystemOut     O 12 Jun 2020 09:25:50:961 [DEBUG] [MAXIMO] [] an error was encountered

<type 'psdi.util.MXApplicationException'>

Happy scripting!

Windows users, set up your Print Screen key to launch the Snip and Sketch tool

After years of using different mechanisms to take screenshots or partial screenshots, I've finally recognized that the absolute best way is to configure your Print Screen key to launch the Snip and Sketch tool. It's easy to do and will make your life much easier:

https://winaero.com/blog/print-screen-screen-snipping-windows-10/

Now that it's configured, just press your Print Screen key and you can then outline a rectangular area of your screen to copy. Once selected, the image is copied to your clipboard, but the Snip application isn't launched. If you need to launch the application, you can click on the notification that was generated when you selected the area (I normally just need to paste the image into a document, so I'm very happy that the application isn't launched). That's it. It's a very small change that has made my personal workflow much more efficient.

designer/missingid error when importing application definition in ICD 7.6.1 using port forwarding

Background

I encountered a strange error with my IBM Control Desk development environment and wanted to share because I couldn't find any hits on Google.

Problem

The problem I've encountered is the following error when trying to import any application XML into ICD 7.6.1.1:

And the import fails. It does this on all Windows and Linux browsers that I tried (Chrome, IE, Firefox, Edge, new Edge, Chromium, etc.), so it doesn't appear to be a browser problem.

Workaround

I realized that my ICD VM is running on my VMWare host on a NAT network, and I've got port forwarding configured to allow me to access it from systems on my home network. So I figured I would try the same steps using a browser either running on the ICD VM itself or on another VM on the same NAT network. And that works! So the issue is something to do with my configuration of port forwarding or something else in my network AFAIK. More importantly, it's NOT a problem with ICD.

I've used my browser's Developer Tools to analyze what's going on, and I don't see any difference between a failing browser and a working one, so I think there's something going on in ICD. However, I know that this particular configuration isn't one that I'm likely to see at any customer site, especially since I'm using VMWare Workstation to run my VMs. So I'm just documenting this here so there's at least one Google hit on the problem, along with at least one workaround.

How to delete virbr0 and virbr0-nic in RHEL7

Background

I have an RHEL 7.6 VM that I clone to have new servers. This VM was installed with the Desktop profile defaults. This installed libvirt, which I normally want in my VMs, but it sometimes gets in the way. Specifically, I needed to configure two DB2 VMs with HADR and TSAM in a test environment, and I found that virbr0 and virbr0-nic don't allow the 'db2haicu' command to successfully complete. So I needed to quickly delete those interfaces.

List of steps

As root:

service libvirtd stop

systemctl disable libvirtd

ip link set virbr0 down

brctl delbr virbr0

ip link delete virbr0-nic

Caveats

I don't know if the above will correctly survive a reboot.

Where to find the IBM Integrated Service Management Content - March 2020 edition

https://www-01.ibm.com/marketing/iwm/mrs/packageList?source=tivopal&lang=en_US

That is where you'll find, for example, all of the ICD 7.6 Process Content Packs, along with tons of other useful information, tools and utilities.

One solution for VMMSyncData has no values

Background

During an IBM Control Desk (also applies to Maximo) implementation, we found a problem with the VMMSYNC cron task. Specifically, it didn't appear to pull any data from Active Directory. Or if it did, the data wasn't processed.

Symptoms

We had ChangePolling set to 1 in our cron task instance. We enabled DEBUG level logging for the VMMSYNC cron task and saw the following in SystemOut.log:

[3/25/20 19:28:06:374 EDT] 000001ba SystemOut     O 25 Mar 2020 19:28:06:374 [DEBUG] [MAXIMO0c1] [CID-CRON-1618] Synchronizing VMM Users: vmmSubject Subject:

        Principal: defaultWIMFileBasedRealm/myproduser

        Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@16bdee5d

        Private Credential: com.ibm.ws.security.token.SingleSignonTokenImpl@e022bcb

        Private Credential: com.ibm.ws.security.token.AuthenticationTokenImpl@17329f4d

        Private Credential: com.ibm.ws.security.token.AuthorizationTokenImpl@64c05421

[3/25/20 19:28:06:384 EDT] 000001ba SystemOut     O 25 Mar 2020 19:28:06:384 [DEBUG] [MAXIMO0c1] [CID-CRON-1618] Synchronizing VMM Users: VMM search results

<?xml version="1.0" encoding="UTF-8"?>

<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">

  <wim:Root>

    <wim:entities xsi:type="wim:PersonAccount">

      <wim:identifier externalName="CN=myproduser,OU=Admin,o=MYCORP.COM"

          repositoryId="MYAD" uniqueId="CN=myproduser,OU=ADMIN,O=MYCORP.COM"

          uniqueName="CN=myproduser,OU=Admin,o=MYCORP.COM"/>

    </wim:entities>

    <wim:controls xsi:type="wim:ChangeResponseControl">

      <wim:checkPoint>

        <wim:repositoryId>MYAD</wim:repositoryId>

        <wim:repositoryCheckPoint>10085177</wim:repositoryCheckPoint>

      </wim:checkPoint>

    </wim:controls>

  </wim:Root>

</sdo:datagraph>

 

[3/25/20 19:28:06:384 EDT] 000001ba SystemOut     O 25 Mar 2020 19:28:06:384 [DEBUG] [MAXIMO0c1] [CID-CRON-1618] syncUser, syncData = <VMMSyncData has no values>

Notice the greenish highlighted text is the entry that should have been seen in the "VMMSyncData", but it says it has no values.

I then looked at the log of a working environment and saw that it was similar, but it actually worked:

[3/25/20 18:57:12:940 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:940 [DEBUG] [MAXIMO0] [CID-CRON-102377] Synchronizing VMM Users: vmmSubject Subject:

        Principal: defaultWIMFileBasedRealm/myqauser

        Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@ec82289

        Private Credential: com.ibm.ws.security.token.SingleSignonTokenImpl@5b17dd0b

        Private Credential: com.ibm.ws.security.token.AuthenticationTokenImpl@9348468a

        Private Credential: com.ibm.ws.security.token.AuthorizationTokenImpl@447810d4

 

[3/25/20 18:57:12:944 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:944 [DEBUG] [MAXIMO0] [CID-CRON-102377] Synchronizing VMM Users: VMM search results

<?xml version="1.0" encoding="UTF-8"?>

<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">

  <wim:Root>

    <wim:entities xsi:type="wim:PersonAccount">

      <wim:identifier externalName="CN=myqauser,OU=Admin,o=MYCORP.COM" repositoryId="MYAD"

          uniqueId="CN=myqauser,OU=ADMIN,O=MYCORP.COM" uniqueName="CN=myqauser,OU=Admin,o=MYCORP.COM"/>

      <wim:changeType>modify</wim:changeType>

      <wim:uid>myqauser</wim:uid>

    </wim:entities>

    <wim:controls xsi:type="wim:ChangeResponseControl">

      <wim:checkPoint>

        <wim:repositoryId>MYAD</wim:repositoryId>

        <wim:repositoryCheckPoint>670244</wim:repositoryCheckPoint>

      </wim:checkPoint>

    </wim:controls>

  </wim:Root>

</sdo:datagraph>

[3/25/20 18:57:12:944 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:944 [DEBUG] [MAXIMO0] [CID-CRON-102377] syncUser, syncData = uid=myqauser

[3/25/20 18:57:12:956 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:956 [DEBUG] [MAXIMO0] [CID-CRON-102377] insertRecord, columnName = personid

[3/25/20 18:57:12:956 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:956 [DEBUG] [MAXIMO0] [CID-CRON-102377] value, value = myqauser

[3/25/20 18:57:12:956 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:956 [DEBUG] [MAXIMO0] [CID-CRON-102377] insertRecord, columnName = type

[3/25/20 18:57:12:957 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:957 [DEBUG] [MAXIMO0] [CID-CRON-102377] value, value = WORK

[3/25/20 18:57:12:957 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:957 [DEBUG] [MAXIMO0] [CID-CRON-102377] insertRecord, columnName = isprimary

[3/25/20 18:57:12:957 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:957 [DEBUG] [MAXIMO0] [CID-CRON-102377] value, value = 1

[3/25/20 18:57:12:957 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:957 [DEBUG] [MAXIMO0] [CID-CRON-102377] insertRecord, columnName = emailaddress

[3/25/20 18:57:12:958 EDT] 000001b3 SystemOut     O 25 Mar 2020 18:57:12:957 [DEBUG] [MAXIMO0] [CID-CRON-102377] value, value = null

Notice the greenish highlighted text again, where it shows that the bind user was modified, and then it pulls in all of the attributes and values for that entity.

I found this link online and tried what it suggested, but this is outdated (I'm on ICD 7.6.1.1):

https://www.ibm.com/support/pages/change-polling-maximo-vmmsync

That "changeType" attribute is absolutely NOT required any more - it's built into the VMMSYNC code.

The Solution

It turns out that the bind DN (user ID) that we were using apparently didn't have some permission or configuration in place. We actually tried with three different users before we found one that had the appropriate access to actually pull the data. 

What's really strange is that we could successfully use any of the three users with Apache Directory Studio to connect to Active Directory to see any and all data. But for some reason, only one of the users actually worked through VMMSYNC.

I will update if I find out from the AD team what the specific setting is, but I wanted to document this here for posterity.

Integrating IBM Control Desk or Maximo with QRadar for monitoring logins

Background

You may need to monitor ICD/Maximo logins with QRadar, and that's what this post will detail, as there are a few steps and a lack of documentation around it. In this case, I'm using ICD 7.6.1.1 and QRadar Community Edition 7.3.3 (downloaded on 3/13/2020).

All of the steps here apply to both ICD and Maximo, since there is nothing ICD-specific about them, so I'm going to refer to the product as just ICD in the remainder of this post.

Introduction

ICD doesn't log logins by default, and even once you configure it to track logins, it logs them to a database table rather than SystemOut.log. 

Tracking logins

To enable login tracking, you need to go into the Security->Security Groups application in ICD. From there, choose the Security Controls action. In the dialog shown, select "Enable Login Tracking?" and you're done. That's it. To test it, log out and back in again, then use your favorite database tool to look at the contents of the MAXIMO.LOGINTRACKING table. You should see your login.

Configuring QRadar for a JDBC Log Source

This part is a little tricky, but that's why I'm writing this article. You need to create a new Log Source with the following important characteristics:

Type: Universal DSM

Protocol: JDBC

Database name: MAXDB76

Table name: MAXIMO.LOGINTRACKING

Compare field: ATTEMPTDATE

Those are all of the hard properties. The others should be fairly straightforward, such as hostname, port, etc. After that, deploy your changes. Once that's done, log out and back into ICD, and you should get an event that looks similar to this:

Now you can set up the normal parsing, extracting, etc. to have QRadar properly categorize your events.

Finding unique element types in XML with PowerShell

I recently needed to deal with a large (165MB) XML file, so the first question I had is: How many unique element types are actually in the file? I found a bunch of truly painful-sounding answers online, mainly involving the distinct-values() XPATH 2.0 function. If you've ever dealt with XPATH, you know that just setting up the toolchain environment to use it is pretty labor intensive. However, I then started looking for PowerShell cmdlets that work with XML and I found Select-Xml:

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/select-xml?view=powershell-7

It looks nice enough, but it turns out that it has a few features that are really nice. Specifically, once you read in an XML document, your variable will have a Node member, and that member contains one member for each type of element in your document! So it automatically shows you the list of distinct elements. You can then maneuver through the members to find the number of each type of element ($myvar.Node.myelementType.count) or to view one of the instances ($myvar.Node.myelementType[0]), etc.

In my case, I found that my 165MB file (produced by the ITNM DLA) only contained about 17 unique element types, and that there were only about 2500 network devices, which I could then easily loop through to get the information I needed. Chained with ConvertTo-Csv, I was able to massage the data exactly as needed.

The moral of the story is: PowerShell is amazing right out of the box. I didn't have to add any new packages or anything, and it gave me precisely what I needed.

JRExecAction() function behavior in Netcool Impact

Just a short post today to set the record straight on the use of the JRExecAction() function in Netcool Impact policies.

The product documentation states that the JRExecAction() function returns nothing, but sets the variables ExecError and ExecOutput corresponding to stderr and stdout from the script/command that you run. However, the function itself returns the data written to stdout in addition to setting ExecOutput and/or ExecError. So if you try the following, you'll see that the same output is logged twice:


results = JRExecAction("/bin/ls", "/", false, 1000);
log(0,"Frank results = " + results);
log(0,"ExecOutput results = " + ExecOutput); 


Incidentally, the first use above is really the more common use in practice. You will find very few implementations where the ExecOutput variable is referenced.

How to reconfigure your ServiceNow MID server when your developer instance changes URLs

If your developer ServiceNow instance is hibernated, it may be assigned a new URL. This will break your MID server(s).

To fix this:

cd /servicenow/<midservername>/agent

vi config.xml

search for the old URL

update it

if the password has changed, put the new password in the file unencrypted. On startup, it will get encoded and encrypted.

./stop.sh

./start.sh

Go to your instance to check the status of your MID servers.

Customizing the ServiceNow Netcool Connector

UPDATE 5/1/2020

You can update this script through the ServiceNow GUI. The navigator item to select is "Script Files" under "MID Server". And the name of the script is NetcoolConnector. Edit in the GUI and it gets updated on all of your MID servers.

Background

The ServiceNow Netcool Connector (introduced at some point before the New York release) allows you to pull events from a Netcool ObjectServer into ServiceNow. The connector is a process that runs on a MID Server. Within the ServiceNow interface, there are only a few configuration options (userid/password, JDBC URL, how often to run, etc.). However, there are no filters to configure. That's because the connector is a straightforward Groovy script that you can edit as needed on the MID Server.

Details

The Netcool Connector script is found on the MID Server in the file .../agent/scripts/Groovy/NetcoolConnector.groovy. Some of the interesting parts of the script are the actual query that's run:

query = "select top 3000 Identifier,Node,NodeAlias,AlertKey, Manager,Agent,AlertGroup,Severity,Type,Summary,Acknowledged,LastOccurrence,StateChange,SuppressEscl from alerts.status where StateChange > " + lastTimeSignature + " and Manager not like '^.*Watch\$' order by StateChange asc";

That is exactly the query that's run, and you can edit it to include custom fields, for example. To complete the customization, you also need to update the createEvent() function to actually include those custom fields in the event that's created in ServiceNow. In there you can also do any hard-coded transforms that are required or anything else.

Short script to generate continuous random events to Netcool OMNIbus

So you need to generate some events to OMNIbus? It's really easy with the nco_postmsg shell script that's installed on your ObjectServer host:

while (true); do nco_postmsg -user root -password n3tc00l "Identifier='my_identifier_${RANDOM}'" "Node='mynode${RANDOM}'" "Severity=5" "Manager='nco_postmsg'" "Summary='An event occurred again'" "ImpactFlag=1" "AlertGroup='FRANK_${RANDOM}'"; sleep 10; echo sending another event; done

Update the user and password parameters, and you can add any fields you need. It simply generates an event every 10 seconds.

Why you should use MXOSINCIDENT instead of OSLCINCIDENT for creating and querying ICD incidents

In re-reading the documentation and looking through the system, I finally recognized why the MXOSINCIDENT is a much better choice for integration than OSLCINCIDENT. The OSLCINCIDENT OSLC Resource only includes 11 attributes (fields) for an incident. Those are:

modifiedBy
modified
classStructureId
title
internalPrioirity
created
creator
priority
status
shortId
identifier


and that's it. So when you GET an incident via the OSLCINCIDENT URL (.../maximo/oslc/oslcincident/...), those are, essentially, all of the fields that you'll see for that incident. For example, here is the data I retrieved for incident number 1003 in my system:

dcterms:creator
rdf:resource "http://was.gulfsoft.rocks:80/maximo/oslc/os/sccdoslcperson/_TUFYQURNSU4-"
oslc:shortId "1003"
dcterms:title "First incident"
dcterms:created "2019-11-27T10:43:18-05:00"
dcterms:modified "2020-02-11T11:10:06-05:00"
sccd:statusdate "2019-11-27T10:43:18-05:00"
rdf:about "http://was.gulfsoft.rocks:80/maximo/oslc/os/oslcincident/_SU5DSURFTlQvMTAwMw--"
dcterms:identifier "9"
prefixes
sccd "http://jazz.net/ns/ism/helpdesk/sccd#"
rdf "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
dcterms "http://purl.org/dc/terms/"
oslc "http://open-services.net/ns/core#"
_rowstamp "17235351"
oslc:modifiedBy
rdf:resource "http://was.gulfsoft.rocks:80/maximo/oslc/os/sccdoslcperson/_TUFYQURNSU4-"
sccd:status_description "New"
sccd:status
rdf:resource "http://was.gulfsoft.rocks:80/maximo/oslc/os/sccdoslcsyndomain/_SU5DSURFTlRTVEFUVVMvTkVXL35OVUxMfi9_TlVMTH4vfk5VTEx_L05FVw--"

However, here's the data retrieved for the SAME incident using the MXOSINCIDENT URL (.../maximo/oslc/os/mxosincident/...):

spi:ticketid "1003"
spi:status "NEW"
spi:pluspporeq false
spi:virtualenv false
spi:hasactivity false
spi:relatedtoglobal false
spi:changeby "MAXADMIN"
spi:accumulatedholdtime 0
spi:selfservsolaccess false
_rowstamp "17235351"
spi:class_description "Incident"
spi:inheritstatus false
relatedrecord_collectionref "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTAwMw--/incidentrelrec"
multiassetlocci_collectionref "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTAwMw--/incidentmultiassetloci"
spi:isknownerror false
spi:oncallautoassign false
spi:createdby "MAXADMIN"
spi:cinum "RBA_PAYROLL"
spi:statusdate "2019-11-27T10:43:18-05:00"
spi:affectedperson "MAXADMIN"
spi:class "INCIDENT"
spi:createwomulti "MULTI"
spi:description "First incident"
ticketspec_collectionref "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTAwMw--/ticketspecclass"
spi:creationdate "2019-11-27T10:43:18-05:00"
spi:actlabhrs 0
spi:historyflag false
spi:sitevisit false
rdf:about "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTAwMw--"
spi:createwomulti_description "Create Multi Records"
prefixes
rdf "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
spi "http://jazz.net/ns/ism/asset/smarter_physical_infrastructure#"
oslc "http://open-services.net/ns/core#"
spi:outageduration 0
spi:isglobal false
spi:multiassetlocci
0
localref "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTAwMw--/incidentmultiassetloci/0-5"
spi:recordclass "INCIDENT"
spi:progress false
rdf:about "http://childkey#SU5DSURFTlQvTVVMVElBU1NFVExPQ0NJLzU-"
spi:langcode "EN"
spi:multiid 5
spi:isprimary true
spi:performmoveto false
prefixes
rdf "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
spi "http://jazz.net/ns/ism/asset/smarter_physical_infrastructure#"
oslc "http://open-services.net/ns/core#"
_rowstamp "17235352"
spi:hasld false
spi:pmchgassesment false
spi:recordkey "1003"
spi:cinum "RBA_PAYROLL"
spi:externalsystem_description "EVENT MANAGEMENT"
spi:pmscinvalid false
spi:reportdate "2019-11-27T10:43:18-05:00"
spi:hassolution false
spi:actlabcost 0
spi:changedate "2020-02-11T11:10:06-05:00"
spi:status_description "New"
spi:externalsystem "EVENTMANAGEMENT"
spi:affecteddate "2019-11-27T10:43:18-05:00"
spi:template false
spi:ticketuid 9
spi:reportedby "MAXADMIN"

To me, MXOSINCIDENT provides much better data.

When you Reset Windows, Microsoft saves a list of all of the applications removed

The Windows 1909 (November 2019) Windows 10 update didn't like one of my laptops at all. After trying multiple times to upgrade to it, I finally gave up and decided to take the route of choosing "Reset Windows" and keeping all of my data. That worked on the first try, so I was already happy about that. Then I noticed an HTML file on my desktop named "Removed Apps". I opened it, and much to my surprise, it listed ALL of the apps that were deleted by the reset. Happily, I still had all of them in my Downloads folder, so I can easily re-install them. This was a happy surprise, since I was certain that the reinstall part (and figuring out everything that needed to be installed) would be the worst part of the process.

Automating processes in a small company using free utilities

Introduction

I want to share some of the automation that I've written for my company to help with some of the back office processing. The reason that I wrote this automation myself is that I looked at numerous offerings on the market, and none fit exactly what we needed. Once I made that realization, I came up with automation using tools we already own or that are free to use, specifically:

Google Sheets, including Google Script
Windows Batch scripting
Perl scripting
Bookmarklets in JavaScript
Quickbooks IIF files

It looks like a lot (and it may very well be a lot), but for my background, this path required no more work than learning an off-the-shelf product.

The Payroll Process

Not everything is automated. We do have automated time sheets, but there are several pieces of data that need to be manually combined and calculated. Where we started with the automation was the spreadsheet in which this data was being captured. The data was already in a straightforward format, so it just needed to be cleaned up a little. Specifically, some of the entries just needed to have some specific keywords, and we put the spreadsheet into Google Sheets. We made the decision to move from Excel so that we could always access the spreadsheet and also because I personally enjoy programming in JavaScript (Google Scripting) than in Visual Basic (MS Office Scripting).

The process starts with my CFO filling out the Google Sheet using data from the few different sources that we have. She then presses the "Create IIF" menu item (created with a Google Script implementation of the onOpen() function). That creates both an IIF file for QuickBooks (that actually needs a little more processing - more on that later) and the a file containing the JavaScript for a bookmarklet that is used later in the process. It also sends an email out to each

The IIF file has to then be downloaded into a specific directory which contains a windows .BAT file, a shell script and a Perl script. The .BAT file is simply used to call the shell script, which calls the Perl script to actually parse the file. That Perl script mainly just adds TAB characters in the correct places to match the correct IIF format. I wasn't able to make the TAB characters actually stay in the downloaded file via Google Script, so this is the workaround I came up with.

The contents of the JavaScript file are the implementation of the "SetACH" bookmarklet that has already been defined in her browser. That bookmarklet is used to fill in the appropriate fields on our bank's ACH web page. To do this, my CFO logs into our bank and navigates to the appropriate page, then clicks the SetACH bookmarklet, which fills in all of the appropriate values.

Better Than a Packaged Product?

In a word, Yes. Every COTS (commercial off-the shelf) product requires some amount of configuration, which, in my experience, would have taken more time than creating the custom solution I have. Additionally, all of the COTS products I investigated included tons of capabilities that we simply don't need or that don't specifically work for us. As you can see, we only needed a tiny bit of functionality, and I didn't want to pay for a bevy of additional features that we wouldn't use. Specifically, I used the same evaluation process that I help customers with every day. I identified the specific functions I needed to perform and reports that I needed to generate, and evaluated the choices based on those. I also evaluated the existing tools and my development expertise with each to determine that I was capable of producing a working solution. We've now had this automation in place for three years, and it has required minimal upkeep.

Using jQuery in Cognos 10.x and DASH

For most of what you need, IBM has a great article on how to incorporate jQuery into your Cognos reports here:

https://www.ibm.com/developerworks/library/ba-pp-reporting-advanced-report-design-page647/index.html

However, there are some painful issues which vary based on whether you access reports through DASH/JazzSM or go directly to Cognos Reporting. Specifically, it appears that DASH adds some additional capabilities to the environment, possibly through the use of Dojo. Or it's possible that these capabilities are stripped off when logging directly into Cognos. Whatever the case, here are the caveats:

DASH/JazzSM adds some additional container elements to the HTML report such that you cannot use the browser "Print" function to print a multi-page report. All you get is the first page of the report, and this happens on all browsers. To get around this, I opened a new window and set the contents to be only the container enclosing the report. Then THAT window can be printed via the browser.

Logging directly into Cognos "removes" several methods that should exist in IE 11. For example, it undefines the Object.keys() method. So if any JavaScript you're using references that method, you'll need to use a workaround like this one:

https://stackoverflow.com/questions/18912932/object-keys-not-working-in-internet-explorer

Additionally when logging directly into Cognos, the HTMLCanvasElement.getContext() method is not defined. Personally, I got around this by commenting out any references to that method and it worked in my case. Unfortunately, I couldn't find any "good" solution to this problem, so this is all I've got.

Happy coding!

Adding an Unauthenticated JSP to IBM Control Desk

Background

We have a customer that needed to allow unauthenticated users to open tickets within IBM Control Desk, and we only had access to IBM HTTP Server and our Maximo/ICD WebSphere server to make that happen.

Security Risks

Essentially, anyone with the link can get to the pages described in this article. They could even write a script to create a huge number of tickets, taking down your ICD installation. So in any pages you create using this article, you need to do *something* to guard against that behavior. Exactly what you do depends on your specific situation. 

Where to Create the Unprotected JSP

You just need to create the .jsp file under:

.../installedApps/<cell__name>/MAXIMO.ear/maximouiweb.war/webclient/login

For example, put the following in the file HelloWorld.jsp in the above directory:

<HTML>
 <HEAD>
  <TITLE>Hello World</TITLE>
 </HEAD>
 <BODY>
  <H1>Hello World</H1>
  Today is: <%= new java.util.Date().toString() %>
 </BODY>
</HTML>

Then access it with the url:

http://hostname/maximo/webclient/login/HelloWorld.jsp

And this is what you'll see, with no login required:

That's it. Now you just need to write the JSP code to do what you need.

Caveats

A JSP file added in this way would need to be re-deployed after each time you deploy the application. These instructions do NOT tell you how to add the JSP file to the EAR build process.

You need to manually copy the JSP file(s) to the appropriate location for each MAXIMO UI JVM.

Creating incident ticket in IBM Control Desk using the new REST API

Background

Maximo 7.6.0.2 introduced a new REST API that can be accessed via .../maximo/oslc . Here's a link to the documentation on it:

https://developer.ibm.com/static/site-id/155/maximodev/restguide/Maximo_Nextgen_REST_API.html

This is an all-JSON API that makes things a ton easier than it was with the older (and deprecated) XML-based REST API.

The Problem

However, that documentation is aimed at Maximo Enterprise Asset Management users and not IBM Control Desk users. That means there aren't any examples for creating incidents or service requests, for example.

Why You're Here

You want an example of creating an INCIDENT in ICD, and that's what I'll provide. I'm using ICD 7.6.1.1 on WebSphere, DB2 and IBM HTTP Server, along with the sample data. That's how I have a classification ID and hierarchy structure in the example below.

Basically, the best way I've found is to use the MXOSINCIDENT object structure because it already has a bunch of relationships (including one to TICKETSPEC, so you can add specifications when creating an incident). Here are the details:

POST: http://172.16.30.183:80/maximo/oslc/os/mxosincident?_lid=mxintadm&_lpwd=passw0rd&lean=1

Additional header:

properties: *

BODY:

{

    "reportedby": "MXINTADM",

    "description": "second MXINCIDENT OS API",

    "externalsystem": "EVENTMANAGEMENT",

    "classstructureid": "21010405",

    "ticketspec": [{"assetattrid": "computersystem_serialnumber","alnvalue": "99999"}]

}

RESPONSE:

{

    "affecteddate": "2019-11-29T15:02:00-05:00",

    "template": false,

    "creationdate": "2019-11-29T15:02:00-05:00",

    "hierarchypath": "21 \\ 2101 \\ 210104 \\ 21010405",

    "historyflag": false,

    "actlabcost": 0.0,

    "createwomulti_description": "Create Multi Records",

    "selfservsolaccess": false,

    "outageduration": 0.0,

    "ticketuid": 46,

    "inheritstatus": false,

    "reportdate": "2019-11-29T15:02:00-05:00",

    "class_description": "Incident",

    "description": "second MXINCIDENT OS API",

    "reportedby": "MXINTADM",

    "classificationid": "21010405",

    "sitevisit": false,

    "_rowstamp": "10009026",

    "accumulatedholdtime": 0.0,

    "createdby": "MXINTADM",

    "relatedrecord_collectionref": "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTA0MA--/incidentrelrec",

    "isknownerror": false,

    "href": "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTA0MA--",

    "affectedperson": "MXINTADM",

    "multiassetlocci_collectionref": "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTA0MA--/incidentmultiassetloci",

    "class": "INCIDENT",

    "ticketid": "1040",

    "ticketspec": [

        {

            "localref": "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTA0MA--/ticketspecclass/0-7",

            "classstructureid": "21010405",

            "changeby": "MXINTADM",

            "changedate": "2019-11-29T15:02:00-05:00",

            "alnvalue": "99999",

            "mandatory": false,

            "refobjectname": "INCIDENT",

            "ticketspecid": 7,

            "assetattrid": "COMPUTERSYSTEM_SERIALNUMBER",

            "_rowstamp": "10009029",

            "refobjectid": 46,

            "displaysequence": 1,

            "href": "http://childkey#SU5DSURFTlQvVElDS0VUU1BFQy9DT01QVVRFUlNZU1RFTV9TRVJJQUxOVU1CRVIvSU5DSURFTlQvfk5VTEx_LzEwNDA-"

        }

    ],

    "status_description": "New",

    "externalsystem_description": "EVENT MANAGEMENT",

    "classstructureid": "21010405",

    "ticketspec_collectionref": "http://was.gulfsoft.rocks:80/maximo/oslc/os/mxosincident/_SU5DSURFTlQvMTA0MA--/ticketspecclass",

    "changeby": "MXINTADM",

    "changedate": "2019-11-29T15:02:00-05:00",

    "externalsystem": "EVENTMANAGEMENT",

    "actlabhrs": 0.0,

    "relatedtoglobal": false,

    "hasactivity": false,

    "statusdate": "2019-11-29T15:02:00-05:00",

    "createwomulti": "MULTI",

    "hassolution": false,

    "virtualenv": false,

    "pluspporeq": false,

    "isglobal": false,

    "oncallautoassign": false,

    "pmscinvalid": false,

    "status": "NEW"

}

Prerequisites

To successfully do the above, you do need to Configure Object Structure security: https://www.ibm.com/support/pages/using-object-structure-security-limit-access-security-groups , and the user MUST have a Default Insert Site, which apparently my MXINTADM user does. MAXADMIN in my system DOES NOT, so it fails if I use that user.

I'm using Postman for testing, which I highly recommend: https://www.getpostman.com/downloads/

Of course you'll use some specific language (or curl) when you're doing this in production, but for testing, you want to use Postman.

A helpful link

In addition to the API documentation, this link was very helpful to me:

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Anything%20about%20Tivoli/page/Create%20a%20record%20with%20Maximo%20JSON

Special characters in passwords initially configuring IBM Control Desk 7.6.1.1

Several of the screens displayed by ConfigUI tell you that some passwords don't allow special characters. The rule of thumb I found the REALLY hard way is:

ONLY use underscore as a special character in any password initially.

We ran into problems mainly with dollar sign, but other ones will certainly bite you, too. We even ran into the problem with the root user's password. Any password can be changed after the initial deployment, so save yourself some headache and make them initially very simple. And the painful part is that some of the errors will just be silent, such as "Unable to access host with these credentials", but no other error. So just take the advice above and you'll be much happier.

Moving to the cloud. Pick any two: Cheap, Fast, or Easy

The Cloud offers literally all of your current IT services, plus tons more, some of which most of your IT department has never heard of before. You can quickly and easily move all your existing workloads there, but you'll pay dearly, as many companies are finding out. You can take the time to train your IT staff and meticulously plan for the most efficient way to the cloud, but that's not quick. 

Moving to the cloud correctly truly requires rethinking how you do everything in IT. In all cases, the best route is to only move a subset of workloads or capabilities to the cloud, and different clouds may be better for different workloads. Some things are easier and cheaper to run on-prem. For example, in many cases it can be cost effective to arm your IT and development staff with laptops with 64GB of RAM. Doing so allows each one to run their own private multi-cloud in which they can test away. A brand new laptop with warranty with 64GB of RAM and 6 cores (12 threads) can be found for under $1700 on eBay and has a useful life of 4 years. Such a VM in the cloud (AWS EC2 r5.2xkarge) costs $.20 per hour, which is $5,300 for a three-year term, and doesn’t allow the flexibility of a local system running VMWare Workstation. That's a very specific example, but it illustrates why each and every workload needs to be analyzed or audited before simply moving it to the cloud.

 Some workloads are more suited to specific public clouds. WebSphere applications are a big example. If you want to “lift and shift” these workloads to the cloud, the IBM Cloud should be your first choice. If you have apps that run under Sharepoint, you should absolutely run those applications on Microsoft’s Azure cloud. There are many other workloads that may run equally well on any cloud, and for those, the analysis needs to take other factors into account.

 The point I want to get across is that moving to the cloud requires analysis by a qualified team of experts. I think the best approach is to hire one or more experts and simultaneously train your own team to help them get up to speed. The combination of those two is extremely important, because you don’t want newly-trained people responsible for your entire cloud migration. You want an expert who can guide the team, allowing them to take over responsibilities over time.

If you're scripting on Windows, use PowerShell

My last post on PowerShell was in 2008, so I thought I would write an update. If you're writing scripts on Windows, you should probably be using PowerShell. It seems to have 99 to 100% of the tools (especially parsers) that I ever need. I just recently needed to scrape a web page for some data, so I thought I would spend some time messing with PowerShell to get it going. Well, it only took about 30 minutes to develop the entire script that I needed, with absolutely no external dependencies.

Here's the whole script:

# get the web page. Yes, PowerShell has a 'curl' command/alias
$resp = curl -UseDefaultCredentials http://myhostname/mypagename

# Get all of the rows of the table with an ID of "serverTable"
$rows = $resp.ParsedHtml.getElementById("serverTable").getElementsByTagName("TR")

# Loop through the rows, skipping the header row: 
for ($i=1; $i -lt $rows.Length(); $i++) {

# get the hostname of this row
  $thehost = $rows[$i].getElementsByTagName("TD")[2]

# get the date this host was last rebooted
  $rebootDateString=$rows[$i].getElementsByTagName("TD")[6]

# if the host was rebooted over 20 days ago, print that date

  if ([datetime]::Now.AddDays(-20) -gt [datetime]::parseexact($rebootDateString.innerText,"G", $null))   {

    $rebootDateString.innerText } }

That's it, with no external references and nothing extra to install. It's got date parsing, date arithmetic, HTML parsing and HTTP request capabilities all built in. I realize that this then isn't portable... or is it? There's actually a PowerShell port for Linux available, with instructions here from Microsoft:

https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-6

I know that Python is a hot language these days, but I don't like it as much as PowerShell. I tried to do the above with Python, and it took quite a bit longer, even though I've used Python more than PowerShell. You have to import some classes and then use XPath to find elements in the HTML. PowerShell was just straightforward and easy, at least for me, with my background and expectations. YMMV, but I like PowerShell.