Monday, October 4, 2010

Using Tivoli Software Package Blocks in BigFix Enterprise Server v8 - Part 1

After doing some work with BigFix, I started investigating methods of implementing the use of SPBs into BigFix. After a little bit of trial, I have developed a fairly simplistic way to achieve this.

At a high level, the steps are
1. Create a standalone copy of the disconnected command line (DCLI from now on)
2. Create a task to deploy the DCLI
3. Create baseline to deploy DCLI to desired targets
4. Create tasks to deploy SPBs and executed with the DCLI


Create a standalone copy of the DCLI
The DCLI is a facility provided with TCM to allow package builders the ability to test SPBs locally on a test system. This is used to make sure that a package is behaving as desired without having to import into TCM and use the framework to install. By using the DCLI, a package builder is able to make changes to a package and “redeploy” in a relatively quick manner. Once a package installs with the desired effect via the DCLI, it is then imported into TCM for further testing. For products such as TPM, TPMfSW and the now defunct TPMDSD/TEM, this standalone method was what was being used.

In order to create a standalone version, you will first need to have the Software Package Editor as this contains the binaries required for the DCLI. You will also need the Tivoli Endpoint installed (this is a requirement for the SPE anyway) as this will have a couple DLLs that are also required. Once you have the SPE installed, follow the instructions below to create the image

1. Create a directory called C:\Program Files\Tivoli\disconn
2. Copy the directory C:\Program Files\Tivoli\swdis\speditor\w32-ix86 to the directory created in step 1. Note that the swdis directory may be installed in a different directory.
3. Edit the file C:\Program Files\Tivoli\disconn\w32-ix86\classes\swdis_env.bat and set it to the following:
set INTERP=w32-ix86 set speditor_dir=C:\Program Files\Tivoli\disconn\w32-ix86\classes set speditor_lib_path=C:\Program Files\Tivoli\disconn\w32-ix86\classes\..\lib set speditor_bin_path=C:\Program Files\Tivoli\disconn\w32-ix86\classes\..\bin set Path=%speditor_dir%;%speditor_lib_path%;%speditor_bin_path%;

4. Copy the following files from C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt to c:\Program Files\Tivoli\disconn\w32-ix86\lib. Note: this list was created based on some testing of simple packages. There maybe more of these DLLs required.
a. Libcpl60.dll
b. Libdes60.dll
c. Libguid60.dll
d. Libmem60.dll
e. Libmrt60.dll
5. Optional: cleanup extra binaries that are not required for the DCLI
a. In the C:\Program Files\Tivoli\disconn\w32-ix86\classes directory, remove all files except swdis_env.bat
b. Remove the C:\Program Files\Tivoli\disconn\w32-ix86\msg_cat directory

This will be the working copy of the DCLI that will be used to import into BigFix. I have found other methods that can be used to import, such as using Winzip, but for now let’s stay with the importing of files and folders built into BigFix.

Create a task to deploy the DCLI


In the previous section the files that are required for the DCLI were identified and made ready for importing into BigFix. Now these tools need to be imported into BigFix and made ready for deployment.

In this section we will take the image created of the DCLI and build a Task out of it. This task will be under the Systems Lifecycle domain and then create a baseline to apply the Task to all computers.

1. Copy the DCLI files to the BES Server. For this example, they have been copied to C:\CID\disconn
2. Navigate to Systems Lifecycle > Wizards > All Wizards > Windows Software Distribution Wizard
3. Set the application name to Tivoli Disconnected Command Line. Press Next
4. Choose the “Folder” option and browse to (or type) C:\CID\disconn. Check the “Include Subfolders”. Press Next
5. Choose the operating systems that are desired for support. This should work for any platform that TCM supports in Windows, but this was only tested on Windows XP and 2003.
6. Set the target relevance to use the File option and set to C:\Program Files\Tivoli\disconn\w32-ix86\classes\swdis_env.bat.
7. In the “Full command line”, leave it with the setup.exe for now, this will be modified later.
8. Review the summary and press “Finish”

The wizard is now complete and the task will be displayed. From here, we need to make some custom modifications to extract the files/dirs and put them in C:\Program Files\Tivoli

1. In the Create Task dialog, select the Actions tab
2. Make the following changes:
a. Remove the line: wait __Download\setup.exe
b. Add the line: dos mkdir "C:\Program Files\Tivoli\disconn"
c. Add the line: dos move /y __Download\w32-ix86 "C:\Program Files\Tivoli\disconn"
3. Press the Edit button beside the Include custom success criteria”
4. Select “…the following relevance clause evaluates to false” and enter the string not exist file "C:\Program Files\Tivoli\disconn\w32-ix86\classes\swdis_env.bat". Press OK
5. Set the “Create in site:” to Master Action Site, and set the “Create in domain” to Systems Lifecycle. Note: the site could be made to something else, but for this example, we will just use the default. Press the OK button and enter the key password

The task is now created for deploying the Tivoli Disconnected Command Line to targets. Now that this is created, the next step is to deploy this task to the desired computers.


Deploying DCLI to targets

The task has now been created, what next? Well, we need it to get out to the targets so that we can then deploy SPBs. For this example, I will not be using any real complex targeting, I just want to get it out. Targeting is another discussion all together (which we kind of hit on when we go to deploy the SPBs). For my lab, my target computers all start with the name “win2kcli”, so what this example will do is create a site to do just that. Then create a baseline to target all the computers that are subscribed to the site and apply the DCLI as a policy.

Create custom site
1. Navigate to Systems Lifecycle > All Systems Lifecycle > Sites > Custom. Right click in the List Panel and select Create Custom Site
2. In the Create Custom Site dialog, enter “All WIN2KCLI Computers”. Press OK
3. This will create the new site and display it in the List Panel. From here the subscription needs to be set. Select the “Computers which match the condition below”
a. Set the property to “Relevance Expression”
b. Set the operator to “is true”
c. Press the “Edit Relevance…” button and enter the text computer name as lowercase contains "win2kcli". Press OK
4. Press the “Save changes” button and enter password.

Now that the custom site is created, target computers will start appearing under the site’s “Subscribed Computers”

Create Custom Group
In order to target for the baseline, a computer group needs to be created. This group will be assigned the same relevance as the site.

1. Navigate to Systems Lifecycle > All Systems Lifecycle > Sites > Custom > All WIN2KCLI Computers > Computer Groups
2. Right click in the List Panel and select “Create Automatic Computer Group”
3. Set the Name: All WIN2KCLI Computers CG
4. Create in site: All WIN2KCLI Computers
5. Create in domain: Systems Lifecycle
6. Set the relevance field to “Relevance Expression”
7. Set the condition to “is true”
8. Press the “Edit Relevance…” button
a. Enter: computer name as lowercase contains "win2kcli"
9. Press the Create button and enter your password

Create Baseline
The site has been created and the subscriptions set, now the baseline policy needs to be set to deploy the DCLI.

1. Navigate to Systems Lifecycle > All Systems Lifecycle > Sites > Custom > All WIN2KCLI Computers
2. Right click in the List Panel and select “Create New Baseline…”
3. Set the Name to “Deploy DCLI”
4. Set the Description to “Deploy Tivoli Disconnected Command Line”
5. Click on the Components tab (image create_baseline_2.jpg)
a. Set the Group Name to DCLI and press Save Group Name
b. Click on the “add components to group” link and press the Tasks tab
c. Navigate to All Tasks > By Source > Software Distribution Wizard and select Software Distribution – Deploy: Tivoli Disconnected Command Line and press OK
6. Click on the Relevance tab and select “Computers which match all of the relevance clauses below”. Set the clause to: not exist file "C:\Program Files\Tivoli\disconn\w32-ix86\classes\swdis_env.bat".
7. Set the Create in site to All WIN2KCLI Computers
8. Press the OK key and enter password

Activate Baseline
With the new baseline created, it now needs to be activated. Since we need to be on all the computers we need to set this as a policy.

1. Navigate to Systems Lifecycle > All Systems Lifecycle > Sites > Custom > All WIN2KCLI Computers > Baselines
2. Select the “Deploy DCLI” baseline
3. Press the “Take Action” button
4. In the “Preset” field, set it to Policy
5. On the Target tab, select the option “All computers with the property values selected in the tree below
6. Expand to All Computers > By Group and select All WIN2KCLI Computers
7. Press the OK button and enter the password

This takes care of the DCLI. This is currently a proof of concept and I need to do some more testing to verify that I have set the various properties/groups/etc. If you have any comments/suggestions, please post a comment on this blog.

For the next blog entry, we will take a SPB and import it into BigFix. Stay tuned, it will be posted in a couple days.

Thursday, September 23, 2010

ITNM 3.8 NMAPScan Agent

Recent updates to IBM Tivoli Network Manager 3.8 introduced a new discovery agent that utilizes Nmap (Network Mapper) to provide some extra details about devices without SNMP access or certain types of end nodes. The extra information includes operating system type based on nmap’s OS fingerprinting capability along with port and service information.

This sounds great, but there are some serious drawbacks…

A. It’s slow. It’s a typical ITNM perl based agent that handles parallelism by spawning more instances of nmap to scan individual hosts rather than utilizing the large volume scanning capabilities inherent to nmap.

B. The required version of nmap is 4.85 and most enterprise *nix platforms are still shipping 4.0-4.11 so chances are you will need to acquire a recent version from the Nmap project page (http://nmap.org).

C. You can’t just turn the agent on. After you get an appropriate version of nmap installed you have to edit $NCHOME/ precision/disco/agents/perlAgents/ NMAPScan.pl to uncomment and set the path to nmap :

my $nmapBinary = '/usr/bin/nmap';

D. Running ITNM as setuid root does not work with the default nmap arguments. If you do not want your ITNM processes running as root you will need to adjust the scan settings in NMAPScan.pl or chown root ncp_disco_perl_agent then chmod u+s ncp_disco_perl_agent and then modify root’s environment so that the ITNM perl is used rather than the system perl. Or you could just run as root.

E. The OS type value is really just a guess. Sometimes it is a little off. For example CentOS 5 indentified as Gentoo.

F. Did I mention that it is slow?

Here are some screen shots of examples of the information collected.

So what would be a good use of the NMAPScan agent? For starters it would help classifying NoSNMPAccess devices.

Consider this AOC file that defines the class Linux_NoSNMPAccess:

//*************************************************************

//

// File : Linux_NoSNMPAccess.aoc

//

//*************************************************************

active object 'Linux_NoSNMPAccess'

{

super_class = 'NoSNMPAccess';

instantiate_rule = "ExtraInfo->m_OSType LIKE '.*Linux.*'";

visual_icon = 'NoSNMPAccess';

};

With this solution it is possible to create buckets to dump your devices into to provide the ability to at a minimum do ping polling via a class filter without pinging stuff you could care less about.

Saturday, September 18, 2010

Adding web pages to WebTop/TBSM/ITNM

You can add any web page you want to be protected by WebTop/TBSM by putting that file under the directory:


INSTALL_DIR/tip/profiles/TIPProfile/systemApps/isclite.ear/Webtop.war/

accessed via:

https://hostname:16316/ibm/console/webtop/filename

Now, where it gets pretty exciting is that WebTop 2.2 and above are hosted on WebSphere, a full-fledged app server, and it supports JSP pages (which basically let you write server-side Java code to do anything you want, PLUS output HTML). An example JSP file can be found here:

http://www.java2s.com/Code/Java/JSP/Printtherequestheadersandthesessionattributes.htm

Just put that file into the above directory and you'll see all of the session and request information available to your JSP.

Have fun.

Friday, September 3, 2010

Tivoli Common Reporting 1.3 - Framework Manager Installation

The latest and greatest TCR product, as previously noted, contains both BIRT and Cognos reporting engines and you are free to develop reports in either one of those formats.  To develop custom reports in BIRT, you need to use the Eclipse based report designer. How about Cognos?   For Cognos, you should be able to develop reports using the browser based Report Studio tool.  End users with right permissions should be able to modify the reports according to their needs.  However, there is one limitation.   The Report Studio tool can operate only on already published Cognos packages.  So, the question is, how do you publish new packages containing data model for your reports?   That is where the Framework Manager comes into picture.    Framework Manager lets you define your own data sources, Query Subjects, etc.  and package these definitions into a Cognos package, which will be published on the TCR server.
 

Prerequisites

 

Before installing Framework manager, you will need the following.

 

1.       A Windows box to install framework manager. IT is NOT supported on other operating systems.

2.       Necessary ODBC data sources or Database client software installed  on the Windows system.  You can't use JDBC type-4 drivers.  

 

Installation and Configuration

 

Installing Framework manager is pretty straight-forward. The installation media contains a separate folder named "CognosModeling". You basically run the issetup.exe from win32 subdirectory to install it.    However, you need to perform couple of easy post install configurations to get the product to work.   The steps are given below.

 

1.       Bring up the Cognos Configuration under Programs->IBM Cognos 8->IBM Cognos Configuration. Note: There is another "IBM Cognos Configuration" under Tivoli Common Reporting.  Do not make changes to it as it will break the TCR product.

2.       Select the Environment Group under Local Configuration.

3.       Change the Gateway URI property to https://<tcrserver>:16316/tarf/servlet/component

4.       Change the "Dispatcher URI for external applications" to http://<tcrserver>:16315/tarf/servlet/dispatch

5.       Again the above values for default TCR installation (assuming 16316 is HTTPS and 16315 is HTTP). You can double check by bringing up the "IBM Cognos Configuration" under Tivoli Common Reporting and comparing the property values for "Gateway URI" & "External dispatcher URI" with the above values. 

 

Once you configured these values, you should be able to bring up Framework Manager, create a new project and signin with your TIP id (e.g. tipadmin) to create your custom data model.

 

Hope this helps.

Friday, August 27, 2010

Getfile, Putfile, Executecommand - added in ITM 6.2.2 fp02

Enable this functionality (Check out Venkat’s earlier post)

GETFILE:
{-m|--system} SYSTEM
{-s|--source} REMOTE_FILE
{-d|--destination} LOCAL_FILE
[{-t|--type} Transfer MODE] - Either [text|bin]
[{-f|--force}] – Forces an overwrite of the file if it exists

Example:
tacmd getfile -m itmtest:LZ -s /tmp/itmtest.log -d /base_logs/itmtest_08272010.out -t text –f
--------------------------------------------------------------


PUTFILE:

{-m|--system} SYSTEM
{-s|--source} LOCAL_FILE
{-d|--destination} REMOTE_FILE
[{-t|--type} MODE] ] - Either [text|bin]
[{-f|--force}] – Forces an overwrite of the file if it exists

Example:

tacmd putfile -m itmtest:LZ -s /automationscripts/ testing.sh -d /tmp/testing.sh -t text –f

NOTE: When transferring the file, it sets the permissions of the file to “666”.

--------------------------------------------------------------


EXECUTECOMMAND:

tacmd executecommand
{-m|--system} SYSTEM
{-c|--commandstring} COMMAND_STRING
[{-w|--workingdir} REMOTE_WORKING_DIRECTORY}]
[{-o|--stdout}]
[{-e|--stderr}]
[{-r|--returncode}]
[{-l|--layout}]
[{-t|--timeout} TIMEOUT]
[{-d|--destination} LOCAL_STD_OUTPUT_ERROR_FILENAME]
[{-s|--remotedestination} REMOTE_STD_OUTPUT_ERROR_FILENAME]
[{-f|--force} FORCE_MODE}
[{-v|--view}]

Example:

tacmd executecommand -m itmtest:LZ -c "/tmp/testing.sh" -o -e -r -l –v


NOTE: You will need to parse the STDOUT from this command to get the local STDERR, STDOUT, Return Code etc…

Monday, August 23, 2010

Tivoli Common Reporting 1.3 Overview

The Tivoli Common Reporting product introduced about 3 years back now  fills in the reporting requirements for various Tivoli products. It is tightly integrated with various Tivoli products such as Tivoli monitoring, Maximo, Tivoli Provisioning manager and access manager. A new version of this product is available now called Tivoli Common Reporting for Asset and Performance Management 1.3.  
 
I personally think the version number increment is misleading. This product introduces a number of changes and features that should warrant a 2.x instead of 1.x.  Anyway, here are few notes about this TCR product.
 
Report Engine
 
The TCR 1.3 product uses two report engines for report generation. The BIRT engine (2.2.1) used by the older TCR product is continue to be available in the newer version as well.  The reports developed using TCR 1.1.x or 1.2 will work correctly.   However, this version of  TCR product also gives you additional choice to develop reports using Cognos.  There are some very cool features available in Cognos reporting such as on-the-fly report creation by end users,  browser based report studio to design reports, etc.  While the Cognos reporting is powerful, it also introduces own complexities such as separate data modeling phase and additional components for report  design and generation.
 
Distributed Installation
 
The new TCR product supports distributed installation meaning TCR components (especially Cognos related components) can be installed over multiple systems for better performance.  If you have an existing Cognos setup, TCR can be integrated with your Cognos BI setup to leverage the expertise you already have.
 
Cognos Components
 
In addition, the Cognos piece introduces quite a  few additional components such as Framework Manager for data modeling, Report and Query Studio for report and query design,  Cognos Admin page for administering Cognos report packages, etc.   Please stay tuned for an upcoming article on Cognos Reporting for more details on the Cognos BI Reporting terminology. 
 
Report Emailing and Scheduling
 
While Report Scheduling feature is available in TCR 1.2, the new version provides a report emailing feature as well. However, the feature is limited to ONLY Cognos reports. With Cognos, you can even schedule AND email the reports periodically, a very powerful and useful feature.  This feature is not available for BIRT reports but can be custom developed for BIRT reports using scripting. 
 
Please stay tuned for more articles related to TCR 1.3 and Cognos.

Wednesday, July 28, 2010

BIRT Tip: Dependent Parameters in your reports

In BIRT, using report parameters is the highly powerful (and easy!) way to customize the report according to the end user needs. Report parameters provides runtime values such as start and end dates for reports, specific item for which report needs to be run, etc based on the user input. While this is very useful, some of the reports may need multiple parameters that have dependent relationship among them. For example, if your report needs to list Customers in a specific state in a specific country, the "regular" report parameter will not meet your requirements because you will need to "dynamically" adjust the list of states available for selection based on the Country that the user chooses. How can you do this in BIRT? Read on.


In BIRT, you will need to use the "Cascading Parameters" to define the relationship between the parameters. Continuing the above example, let us take the CUSTOMERS table in BIRT CLASSICMODELS sample database.






  1. Create a new dataset called COUNTRIES to select all unique Country information. e.g. A sample SQL is "SELECT distinct COUNTRY from CUSTOMERS".

  2. Create a new dataset called StatesInCountry to select all unique State information for a given country. e.g. A Sample SQL is "SELECT distinct STATE from CUSTOMERS WHERE COUNTRY = ?". Leave the parameter binding for the first parameter (param_1) to NONE for now. We will change it later.

  3. Create a new Cascading Parameter Group called "paramStates". Choose "Multiple Dataset" option as we will have to select information from two datasets created above.

  4. Click on Add Button on the "New Cascading Parameter" dialog to add a new Cascading parameter. Enter the name for the cascading parameter as "paramCountries", choose COUNTIRES dataset created in Step1 as the dataset and select the "COUNTRY" fields for value and display text.

  5. Click on Add button again to add the state cascading parameter. Enter the name for the cascading parameter as "paramStatesInCountry", choose the StatesInCountry dataset created in Step 2 as the dataset and select the "STATE" field for value and display text.

  6. Click Ok to close "New Cascading Parameter" dialog. Please see the attached screenshot containing the Cascading Parameter Group information.


  7. Now edit the StatesInCountry dataset created in step 2, goto Parameters section, edit the param_1 parameter binding and set the LinkedToReport Parameter value to the "paramCountries" cascading parameter created in step 4. Click ok to save the changes.

Now your reports are ready to use the cascading paramters. If you run the report now, whenever you change the COUNTRY in the parameter selection, the available STATE selection also changes accordingly. The attached screenshots show the State information for USA and Australia.




PS: It is easier to do these things in BIRT than telling how to do them. I have tried my best to describe the steps involved. If you have questions or need clarifications on the above steps, please feel free to write to me.