Skip navigation
Share This:

Hello,

 

we are in the process of adding "ton's of fun" .... helping you to get started with Atrium Orchestrator. Besides PPT and product documentation, review the video content proceeded by "real" people.

Just to be clear, I will focus more on end to end integration and how you get there, not so much on function and features of Atrium Orchestrator and Developer Studio.

 

This is my first YouTube channel dedicated to orchestration:

BAO Fundamentals - YouTube

 

For example, but not limited too:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Let us know how we are doing and if it helps you. If there's any topic in particular that you would like to see, let us know too .....

 

Regards, V.

Share This:

las-vegas-750286_960_720.jpg

I want you to join us for BMC Engage 2016 in Las Vegas. Tell me about your Atrium Orchestrator story! Selected speakers receive a complimentary full conference pass.


The Call for Papers is now open - but not for much longer...you have until March 7, 2016 to get your submission in and have it considered for the conference. Be one of the selected speakers and receive a complimentary full conference pass.


Feel free to contact me with any questions!


Share This:

Three new BMC Atrium Orchestrator Platform videos are available.


Adding Adapters and Modules to the Repository

Let us know if you find the video helpful by rating the blog post or commenting on the https://docs.bmc.com/docs/display/public/baop78/Uploading+content+to+the+repository topic.

 

Importing and Unbundling Modules in Development Studio

Let us know if you find the video helpful by rating the blog post or commenting on one of the following topics:

https://docs.bmc.com/docs/display/public/baop78/Importing+modules+from+the+repository

https://docs.bmc.com/docs/display/public/baop78/Importing+modules+from+disk

 

Adding, Configuring, and Enabling Adapters

Let us know if you find the video helpful by rating the blog post or commenting on one of the following topics:

https://docs.bmc.com/docs/display/public/baop78/Adding+adapters+to+a+grid

https://docs.bmc.com/docs/display/public/baop78/Configuring+adapters

https://docs.bmc.com/docs/display/public/baop78/Enabling+and+disabling+adapters


Share This:

Hello,

 

I'm in the process of writing a BAO Infrastructure monitoring solution. It's going to be based on TrueSight, aka PATROL agent, technology. The details are posted here: Monitor BAO Grid

Some background information about monitoring the BAO components are published here: BAO E-Learning: Monitor Grid: Part 0 - Manual

 

This time, however, I don't want to just look at the grid.log or process.log. Currently I'm building the integration using JMX. If you are interested in testing the Knowledge Module, please let me know. You would need a PATROL agent, console and the KM.

 

Regards, V.

Share This:

Check out the three new videos for BMC Atrium Orchestrator Platform.

Exporting a module from Development Studio to a repository

Let us know if you find the video helpful by rating the blog post or commenting on the https://docs.bmc.com/docs/display/public/baop78/Exporting+modules topic.

Activating a module on a grid

Let us know if you find the video helpful by rating the blog post or commenting on the https://docs.bmc.com/docs/display/public/baop78/Activating+modules topic.

Scheduling processes and running processes on demand in Grid Manager

Let us know if you find the video helpful by rating the blog post or commenting on the https://docs.bmc.com/docs/display/public/baop78/Adding+a+process+schedule or https://docs.bmc.com/docs/display/public/baop78/Executing+a+process+on+demand topics.

Share This:

The support issue came in as "Schedules Running On Wrong Days".  After some back and forth, the problem was that workflows were converting dates to determine if they should run or not, and were running on the wrong days.

 

The customer had a collection of jobs that needed to run on specific days of the month and/or year.  The pattern was both beyond the reoccurance capabilities of BAO's internal scheduler, and frequent enough that it would have taken defining 20+ schedules in the module and that wasn't going to scale.

 

They solved this by creating one daily schedule for each job and having the job check to see if it should continue running that day.  They created a module configuration item with XML of the form:

 

<dates>
  <day>0101</day>
  <day>0401</day>
  <day>0701</day>
  <day>1001</day>
</dates>


 

(Theirs was way bigger, but you get the idea.)

 

The process called by the scheduler started with a utility process that converted "now" from the Utility Activity into a string of the form "mmdd".  The main process then did an Xpath transform to compare the "now" string to the values in the XML in the config item, and if a match was found, it would return "true".  When "true", a subsequent Switch activity would allow the process to actually run, otherwise it would just stop immediately.  They didn't need to even return the <day> element of the XML, because just the fact a match was found was enough.

 

The date comparison was done via an Xpath transform in the form of:

 

contains(., '$[now]')




 

This worked perfectly in BAO Development Studio, but once activated on the grid it sometimes ran on days it wasn't supposed to.  The job had run when it should have on January 1st, but had run incorrectly again on January 4th.  They opened a support ticket with BMC Customer Support and we dived in to figure out what the problem was.

 

The root cause of this issue was the use of the contains() Xpath function.

 

Xpath functions generally operate on an "input document" that may be all or part of a XML document.  The "." is used to signify "here".  Where "here" is, depends on the context.  When used, like in this instance, the "." turns into the whole XML that was fed in.  But the contains function operates against values only, so all the XML elements were stripped out, leaving just the string "0101040107011001" to compare against.  Doing the replacement on the contains function above, it actually looked like this to BAO:

 

contains('0101040107011001', '$[now]')




 

This is going to return true on the days expected, but also on "0104", "0107", "0110" and "1010".

 

The solution is to change the Xpath to look at lines first, and search within them second.  This can be done by doing a search for the day elements, and then picking only the one that has the date in it that matches $[now].  We still use the contains function, but we use it in the ordinal to only choose the line with the right day in it.  That transform looks like:

 

//day[contains(., '$[now]')]/text()





When $[now] is "0101", this will return:

 

<value>0101</value>




 

When $[now] is "0104", it will return

 

<value />




 

You can sexy the transform up some, to come up with a true/false result:

 

string-length(//day[contains(., '$[now]')]) > 0



 

There are other transforms that can be used, but I'll leave them to the Teeming Millions.

Share This:

Check out the video for what’s new in BMC Atrium Orchestrator Content 20.15.02.

Some of the features include a new BMC Service Desk Automation run book, certification with BMC Remedy AR System 9.0, and other updates to the application and base adapters.

 

For a detailed list of enhancements in this version, see BMC online technical documentation at https://docs.bmc.com/docs/display/public/baoc201502/Home.

 

Let us know if you find this video helpful by rating the blog post or leaving a comment.

Share This:

Are you getting started with Development Studio?

 

For an introduction to creating and running a workflow in Development Studio, see the new video on the Creating the Hello World workflow topic in the BMC Atrium Orchestrator Platform 7.8 wiki. The video demonstrates how to create a simple workflow that writes a greeting to a file.

 

For more information about creating workflows, see Developing workflows using BMC Atrium Orchestrator Development Studio


Let us know if you find the video helpful by rating the blog post or commenting on the Creating the Hello World workflow topic.

Share This:

I’m getting old. I passed the 40 mark a year or so back so have been around for a while. My IT career started as a Level one help desk engineer for a small software development company. I was a phone monkey. I had to take phone calls from customers, take down their details and have them hang on the line whilst I filled in endless information and forms to create a service desk ticket. Once I had all the required information I’d give the customer the ticket number and helpfully tell them I’d have someone call them back shortly. That’s all I had to do, take details, fill in forms and then forward the ticket to a Level 2 guy to have them start looking into the issue. It was a boring, thankless job, but apparently deemed necessary as there were 3 of us employed to do this!

 

Even back then I could see that this wasn’t a very efficient model. After a few months I could spot common trends amongst the calls. Issues being raised that were easily answered by the Level 2 guys (when they got round to it). Other issues required logs and diagnostics to be gathered and then a call would be had with the customer and sets of instructions provided to address the product issues. I started to pick things up from the Level 2 guys and felt I could start doing more than just taking calls and logging information. That wasn’t my job though. Surely there was a better way to do things?

 

Fast forward 20 years and things have been gradually improving around service desk capabilities & procedures. We started to benefit from more structured processes around incident and change management (courtesy of ITIL). Knowledge management was introduced to capture resolutions to common issues. We got web based service desk clients that end users could access to create & update their own tickets as opposed to having to call issues in. Then we started exposing knowledge management to those end users so they could troubleshoot their own issues too. Things were getting more efficient for the service desk and the end users were benefiting from self-help and easier ways to interact with the support desk teams.

 

In the past few years we’ve seen some further big strides forward. Service catalogs were introduced which showcased standard service offerings, helping end users get to grips with what was easily available to them verses what they had to ask for as a special case. Service catalog offerings were much easier to handle for the service desk as less information was required from the end user, and there were clearly defined procedures and SLA’s for the service desk engineers to follow to fulfill the request, lowering costs for the service desk and setting clear expectations around service delivery for end users.

 

In the latest set of service desk enhancements there are further improvements in ways to interact with IT. We are starting to see mobile service desk applications that are context & location aware - they know who you are and where you are and can route you to more tailored services and information. They enable crowd-sourced collaboration and have moved away from the concept of form filling, ensuring that making requests is a much easier and simpler experience than before.

The service desk has never been more accessible and efficient.

 

So what next? There is always room to improve right? What should the service desk focus on next to keep the momentum going? I believe the answer is “service desk automation”! Let’s look at the ongoing challenges - even after all the great work that’s gone on.

First is cost. Very few organizations have IT departments that go around saying “We’ve got a big raise in our budget this year, lets hire some new people!”. Cost is an ongoing issue and efficiencies must continue to be found. With a kind of perverse sense of injustice, especially given all the improvements that have gone on recently, one of the side effects of service desk modernization efforts has actually been that more interactions are occurring meaning higher costs. Think about it, if organizations expose more services to their end users and make those services more accessible then guess what? More people are going to use them! Yes we are reducing service desk tickets through better knowledge management and self-service initiatives but overall, more tickets are being produced as more capabilities are offered & exposed.

 

I recently read an article from MetricNet stating the average cost for a level 1 service desk engineer to manually handle a service desk ticket was $22. They then said that cost triples if that ticket is escalated to a level 2 engineer and then triples again for level 3. That’s a fairly staggering cost when you think about the ever growing workload on the service desk. Well a great way to keep a lid on these costs is to have automation in place to automate the handling or fulfillment of common service desk requests. If you have a well-defined service and a known way to handle requests for that service, why have valuable service desk engineers involved at all? Put automation in place and take the manual handling costs out of the loop. Sounds like a pie in the sky idea? We have one customer that put one piece of automation in place to handle password reset/unlock requests. This use case accounted for 22% of their total service desk ticket volume or put another way, 46,000 requests per year. Even using the Level 1 engineer cost of $22 per ticket that’s a million bucks of cost avoidance right there.

 

Customer satisfaction and end user productivity are other area’s where the service desk needs to stay focused. “Are we seen as a value adding area of the business or are we an obstacle to productivity?” The introduction of service catalogs have greatly helped service desk clearly communicate what they can offer but I would argue it’s one thing enabling your end users to easily ask for things and a whole other thing making sure you deliver what was asked for quickly and accurately. Look at the type of digital experiences millennials are used to these days. What would they think if they logged onto i-Tunes to purchase the latest Pitbull song, only to find out that the download won’t happen till the next day! “What century are we living in?”

It’s the same thing with IT based requests. Why does it have to take 24 hours to turn around a request for some software to be deployed on my laptop? No one wanders around manually installing software from CD’s anymore, they use automated configuration management tools that can push software on demand. So why the day long wait? Well it’s because the request gets put on some Level 2 engineers queue and they get to it when they can. “Can’t we just link the service desk with the configuration management tool and take out the middle man?”


As another anecdote we recently had a contractor come into the office to help us with a project. “I forgot to tell you, I’ll need access to the network to work. I know it takes a day to organize this in my company, I hope you can sort something out for me!” Not a problem says I. Check this out. I fire up the BMC MyIT app, locate the GuestWifi service offering (which is location aware and knows who I am). I fill in 2 pieces of information – how many guests and how long do they need wifi access for? I click submit and within 2 minutes I am automatically emailed the guest wifi access codes. The contractor was speechless and clearly impressed with our service desk.

I have to agree, having automated fulfillment of common service desk requests is AWESOME.

 

Trust me – service desk automation is the way forward !

Share This:

Hello,

 

the BMC Engage this year was very successful! Personally, this was the first time I attended the event. Besides having had the privilege  to assist Anthony in the "BMC Atrium Orchestrator Product Overview and Key Use Cases: Connect and Streamline Cross-IT Processes" session, I was able to conduct the lab "Automation and Orchestration Hackathon". We've spend additional time with the attendees and it was fantastic to see the folks getting involved.

 

121.jpg

 

As there were quite some sessions on the orchestration subject hosted by our customer, I'd like to highlight just a few, in no particular order:

 

The Hackathon

The lab documents are posted here: https://bmc.g2planet.com/bmcengage2015/myevent_session_view.php?agenda_session_id=107

If you are interested in the "BMCS-University" module to use the workflows in your own lab, let me know. I'd like to schedule a WebEx to explain in detail how this module is configured and how you can leverage the workflows further.

 

The overall scenario is presented in this image:

Slide11.JPG

 

In addition, I've document the lab setup here:

 

 

Regards, V.,aka Orchestrator

Share This:

BMC Atrium Orchestrator 7.8 adds new functionality that is not backward compatible.  BAO now has a 'While' activity in Development Studio that can be used in processes.  BAO users that have multiple installed environments, such as production, staqing, dev, and test, maybe not be able to upgrade all environments in a timely manner.  It may happen that development environments and developers are on BAO 7.8, while production environments are still previous versions, and development and deployment of new modules to production can't be halted in the interim.

 

We've been asked more than once how to handle this.

 

BMC will not be providing support for, or backporting, the new While activity available to BAO 7.8 to versions of BAO prior to that.  Modules created and/or edited in BAO 7.8 dev studio or later, may still be usable on grids running BAO 7.6.03 or 7.7.xx.

 

BMC Atrium Orchestrator QA has tested modules created in BAO 7.8 Development Studio on a BAO 7.6.03 grid.

 

  • If a BAO 7.8 module contains no processes with the new While activity, jobs will execute as expected.
  • If a BAO 7.8 module containing processes with While activities is activated on a 7.6.03 grid, the module will activate, but any job that executes a process containing a While activity will fail without compensation.
  • Modules created in BAO 7.8 containing While activities cannot be imported into previous versions of Dev Studio.  It will throw errors until the offending module is removed.
Share This:

Hello,

 

How to make the Robot more Human? Well, let's start by giving him / her a voice. But that's not enough. If your teenage kids don't listen, at least the home automation and my server automation / IT Service Management solution should ....


I'm very excited to get the integration with BAO and Amazon's Echo build. Gone are the days when I have to use a keyboard to deploy my VM's or open an incident. Thanks to my "Orchestration" skill, IT is finally listening to me. Getting the IT admin to, is another story.  Hello ITSM, Hello Echo ....


See me in Las Vegas at the BMC Engage - Automation and Orchestration Hackathon to learn more ....


Regards, V. aka "Orchestrator"



Share This:

Essentially what conducting is about is getting the players to play their best and to be able to use their energy and to access their point of view about the music. How does this apply to 'Atrium Orchestrator'?

 

In an orchestrated network several parties collaborate to create value. The leader is the orchestrator putting together participants with different, complementary capabilities.

 

For registered communities users:

Find the iBook Community Edition at New to Orchestration? and find out how you can apply this in the BMC Atrium Orchestrator world.

 

Regards, V.

Share This:

I recently decided to automate some daily checks for a client that a Remedy Team would normally perform against the ARS Servers such as checking memory for the Mid Tier processes (Java Memory Allocation).  One of the factors driving this is a memory leak in Tomcat that was affecting the systems where Tomcat needed to be restarted periodically before it became unresponsive.

Due to the type of client, additional security measures are utilised to gain access to the servers in the form of secondary level access.

 

A 2 step login process is used:

 

  • First Level - Password for the "Remedy" user that changes daily (obtained via a script using SSH)
  • Second Level - Unix second level access consisting of a Username / Password combination for authorised users where commands can be executed in the Unix shell

 

Here is where I encountered some "fun" results and unexpected/inconsistent behaviour. 

 

For obtaining the First Level Password, the Unix script that ran required that you entered your Second Level Access credentials and then simulated keystrokes to pass the various screens until you could obtain the Daily Password.

What the user saw on screen vs what was actually happening in the background with the script were 2 different things.

The Unix script running this process effectively displayed everything "nicely" to the user, but the raw SSH that was returned via the SSH Adapter showed additional information that was not displayed to the user.

This ended up being a little trickier than first thought, but through trial and error managed to obtain the information required to produce the commands and prompts required.

 

Playing around with the "Prompts" was the fun bit here as this was a script that did not actually return to a system prompt and any additional keystrokes would terminate the SSH session before you obtained the output.

 

The request looked something like this:

 

<request-data>

  <ssh-request>

    <prompts>

      <prompt name="cmd">: </prompt>

      <prompt name="Username">Username: </prompt>

      <prompt name="Password">Password: </prompt>

      <prompt name="Query">press 'M' for a manual date query</prompt>

      <prompt name="Output">===========================================================================

</prompt>

      <prompt name="Newline">\n</prompt>

    </prompts>

    <targets>

      <target name="">

        <host>{hostname.com}</host>

        <port>22</port>

        <userName>qpass</userName>

        <password>ask4help</password>

        <timeout-secs>60</timeout-secs>

        <allow-unknown-hosts>true</allow-unknown-hosts>

        <use-shell-mode />

        <prompt>: </prompt>

        <establish-connection-timeout-secs>60</establish-connection-timeout-secs>

      </target>

    </targets>

    <commands>

      <command ignore-exit-code="true" prompt="Password"><![CDATA[{username}]]></command>

      <command ignore-exit-code="true" prompt="Query">

        <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">

          <CipherData>

            <CipherValue>{encrypted password}</CipherValue>

          </CipherData>

        </EncryptedData>

      </command>

      <command ignore-exit-code="true" prompt="Password"><![CDATA[\n]]></command>

      <command ignore-exit-code="true" prompt="Newline"><![CDATA[\n]]></command>

    </commands>

  </ssh-request>

</request-data>

 

The above used the OOB "SSH" process under the "AutoPilot-AD-Utilities Module".  Values for the Secondary Access are taken from the Module Configuration, thus the "<CipherData>" tags and encrypted password in the request (I have removed other sensitive information).

 

The issues started when I attempted to then log into the ARS servers (Solaris) to perform the Java Memory Check using the same logic (and prompts/commands) above, after all the prompts for the Username and Password looked the same in a SSH session so they should work exactly the same for the next session?  Wrong, this is where the assumption "that it all works the same" was my downfall.

 

Although everything appeared normal, same prompts presented for Username / Password in the Putty Sessions, it however did not work the same in the background and through the SSH Adapter.  No matter what combination I tried I could not get past the "Password: " prompt and kept receiving a error that did not make sense (as I had not encountered this before nor could I reproduce) from the system and the session was terminated.  The logs did not shed much light on what was happening other than showing the error I was seeing being thrown.

It took about half a day of investigation to reproduce the steps that were causing the behaviour and the error, which was only present when entering an invalid Username / Password combination e.g. password / password.  Entering a valid Username and wrong Password did not cause the error it just prompted for the password again.

It took a bit more digging to understand that if I sent a "enter/enter" combination I received the same error and the session was terminated.  ** A clue to what was going on **

 

Now I had the culprit, the system was sending an "Return/Enter" type command and the session was being terminated before the actual defined commands were executed.

This led down the path of "what will cause an Return/Enter command to be sent before the actual command I had listed in the request after the prompt"?

There is one setting that causes this behaviour ..... <verify-os>

 

As explained in the following discussion, the "<verify-os>" tag when excluded from the request call can introduce different behaviour across devices when using SSH:

 

How to Use Orchestrator (AO) to execute commands on networking devices (e.g. Cisco)

 

So, now I had the culprit and the potential solution, what is next?

To verify I quickly whipped up a static adapter request (XML Context Item containing the full adapter request to execute) to test some different scenarios by using the call adapter process directly.

This allowed me to narrow down the combination that worked with these Solaris servers and the login script.

 

To make this reusable once identified, I copied the OOB SSH process (and renamed) where I adjusted the XSLT to include the required element:

 

"<verify-os>false</verify-os>"

 

in the "<targets>" node.

 

I did this for all XSLT Transforms in the process.  I can then use this particular SSH process where required.

 

The XSLT looks like the following:

 

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">

  <xsl:output indent="no" cdata-section-elements="command " />

  <xsl:template match="/">

    <request-data>

      <ssh-request>

        ${prompts}

        <xsl:if test="string-length('${target}')!=0">

          <!-- Dynamic target choice -->

          <targets>

            <target name="${target}" />

          </targets>

        </xsl:if>

        <xsl:if test="string-length('${host name}')!=0">

          <!-- Dynamic target specification -->

          <targets>

            <target name="">

              <verify-os>

                <xsl:text disable-output-escaping="no">false</xsl:text>

              </verify-os>

              <host>

                <xsl:text disable-output-escaping="no">${host name}</xsl:text>

              </host>

              <xsl:if test="string-length('${port}')=0">

                <port>

                  <xsl:text>22</xsl:text>

                </port>

              </xsl:if>

              <xsl:if test="string-length('${port}')!=0">

                <port>

                  <xsl:text>${port}</xsl:text>

                </port>

              </xsl:if>

              <userName>${user name}</userName>

              <xsl:if test="string-length('${private key file}')!=0">

                <private-key-file>

                  <xsl:text disable-output-escaping="no">${private key file}</xsl:text>

                </private-key-file>

              </xsl:if>

              <xsl:if test="string-length('${private key data}')!=0">

                <private-key-data>

                  <xsl:text disable-output-escaping="no">${private key data}</xsl:text>

                </private-key-data>

              </xsl:if>

              <xsl:if test="string-length('${pass phrase}')!=0">

                <pass-phrase>

                  <xsl:choose>

                    <xsl:when test="'${pass phrase encryption type}'='base64'">

                      <xsl:attribute name="encryption-type">

                        <xsl:text disable-output-escaping="no">${pass phrase encryption type}</xsl:text>

                      </xsl:attribute>

                      <xsl:text disable-output-escaping="no">$[pass phrase]</xsl:text>

                    </xsl:when>

                    <xsl:when test="'${pass phrase encryption type}'='plain'">

                      <xsl:attribute name="encryption-type">

                        <xsl:text disable-output-escaping="no">${pass phrase encryption type}</xsl:text>

                      </xsl:attribute>

                      <xsl:text disable-output-escaping="no">$[pass phrase]</xsl:text>

                    </xsl:when>

                    <xsl:otherwise>${pass phrase}</xsl:otherwise>

                  </xsl:choose>

                </pass-phrase>

              </xsl:if>

              <password>

                <xsl:choose>

                  <xsl:when test="'${password encryption type}'='base64'">

                    <xsl:attribute name="encryption-type">

                      <xsl:text disable-output-escaping="no">${password encryption type}</xsl:text>

                    </xsl:attribute>

                    <xsl:text disable-output-escaping="no">$[password]</xsl:text>

                  </xsl:when>

                  <xsl:when test="'${password encryption type}'='plain'">

                    <xsl:attribute name="encryption-type">

                      <xsl:text disable-output-escaping="no">${password encryption type}</xsl:text>

                    </xsl:attribute>

                    <xsl:text disable-output-escaping="no">$[password]</xsl:text>

                  </xsl:when>

                  <xsl:otherwise>${password}</xsl:otherwise>

                </xsl:choose>

              </password>

              <xsl:if test="string-length('${command timeout}')!=0">

                <timeout-secs>

                  <xsl:text disable-output-escaping="no">${command timeout}</xsl:text>

                </timeout-secs>

              </xsl:if>

              <xsl:if test="string-length('${connection name}')!=0">

                <connection>

                  <name>

                    <xsl:text disable-output-escaping="no">${connection name}</xsl:text>

                  </name>

                  <xsl:if test="string-length('${terminate connection}')!=0">

                    <terminate-on-exit>

                      <xsl:text disable-output-escaping="no">${terminate connection}</xsl:text>

                    </terminate-on-exit>

                  </xsl:if>

                </connection>

              </xsl:if>

              <xsl:if test="string-length('${known hosts config}')!=0">

                <known-hosts-config>

                  <xsl:text disable-output-escaping="no">${known hosts config}</xsl:text>

                </known-hosts-config>

              </xsl:if>

              <xsl:if test="string-length('${allow unknown hosts}')!=0">

                <xsl:choose>

                  <xsl:when test="'${allow unknown hosts}'='true'">

                    <allow-unknown-hosts>

                      <xsl:text>${allow unknown hosts}</xsl:text>

                    </allow-unknown-hosts>

                  </xsl:when>

                  <xsl:when test="'${allow unknown hosts}'='false'">

                    <allow-unknown-hosts>

                      <xsl:text>${allow unknown hosts}</xsl:text>

                    </allow-unknown-hosts>

                  </xsl:when>

                  <xsl:otherwise>

                    <allow-unknown-hosts>

                      <xsl:text>false</xsl:text>

                    </allow-unknown-hosts>

                  </xsl:otherwise>

                </xsl:choose>

              </xsl:if>

              <use-shell-mode>

                <xsl:text disable-output-escaping="no">$[use shell mode]</xsl:text>

              </use-shell-mode>

              <xsl:if test="string-length('${preferred pk algorithm}')!=0">

                <xsl:choose>

                  <xsl:when test="'${preferred pk algorithm}'='ssh-dss'">

                    <preferred-pk-algorithm>

                      <xsl:text>${preferred pk algorithm}</xsl:text>

                    </preferred-pk-algorithm>

                  </xsl:when>

                  <xsl:when test="'${preferred pk algorithm}'='ssh-rsa'">

                    <preferred-pk-algorithm>

                      <xsl:text>${preferred pk algorithm}</xsl:text>

                    </preferred-pk-algorithm>

                  </xsl:when>

                  <xsl:otherwise>

                    <preferred-pk-algorithm>

                      <xsl:text>ssh-rsa</xsl:text>

                    </preferred-pk-algorithm>

                  </xsl:otherwise>

                </xsl:choose>

              </xsl:if>

              <prompt>${prompt}</prompt>

              <xsl:if test="string-length('$[charSet]')&gt;0">

                <character-set>

                  <xsl:text disable-output-escaping="no">${charSet}</xsl:text>

                </character-set>

              </xsl:if>

              <xsl:if test="string-length('${establish connection timeout}')!=0">

                <establish-connection-timeout-secs>

                  <xsl:text disable-output-escaping="no">${establish connection timeout}</xsl:text>

                </establish-connection-timeout-secs>

              </xsl:if>

            </target>

          </targets>

        </xsl:if>

        <xsl:if test="string-length(.)&gt;0">

          <commands>

            <command>

              <xsl:choose>

                <xsl:when test="'${command encryption type}'='base64'">

                  <xsl:attribute name="encryption-type">

                    <xsl:text disable-output-escaping="no">${command encryption type}</xsl:text>

                  </xsl:attribute>

                  <xsl:attribute name="timeout-secs">

                    <xsl:if test="string-length('${command timeout}')=0">

                      <xsl:text disable-output-escaping="no">60</xsl:text>

                    </xsl:if>

                    <xsl:text disable-output-escaping="no">${command timeout}</xsl:text>

                  </xsl:attribute>

                </xsl:when>

                <xsl:when test="'${command encryption type}'='plain'">

                  <xsl:attribute name="encryption-type">

                    <xsl:text disable-output-escaping="no">${command encryption type}</xsl:text>

                  </xsl:attribute>

                  <xsl:attribute name="timeout-secs">

                    <xsl:if test="string-length('${command timeout}')=0">

                      <xsl:text disable-output-escaping="no">60</xsl:text>

                    </xsl:if>

                    <xsl:text disable-output-escaping="no">${command timeout}</xsl:text>

                  </xsl:attribute>

                </xsl:when>

                <xsl:otherwise>

                  <xsl:attribute name="encryption-type">

                    <xsl:text disable-output-escaping="no">plain</xsl:text>

                  </xsl:attribute>

                  <xsl:attribute name="timeout-secs">

                    <xsl:if test="string-length('${command timeout}')=0">

                      <xsl:text disable-output-escaping="no">60</xsl:text>

                    </xsl:if>

                    <xsl:text disable-output-escaping="no">${command timeout}</xsl:text>

                  </xsl:attribute>

                </xsl:otherwise>

              </xsl:choose>

              <xsl:value-of select="." disable-output-escaping="no" />

            </command>

          </commands>

        </xsl:if>

        <xsl:if test="string-length(&quot;//commands/command&quot;) &gt; 0 ">${commands}</xsl:if>

      </ssh-request>

    </request-data>

  </xsl:template>

</xsl:stylesheet>

 

This allows the generated request to include the required element in the "<targets>" section, which eliminated the behaviour I was seeing allowing the commands to execute as required.  I could then parse the output and nicely format an email to send to the Remedy Team showing the memory consumption, which I would schedule to happen daily.

 

Working request:

 

<request-data>

  <ssh-request>

    <prompts>

      <prompt name="cmd">: </prompt>

      <prompt name="Username">Username: </prompt>

      <prompt name="Password">Password: </prompt>

      <prompt name="Bash">$</prompt>

      <prompt name="bash-3.2">bash-3.2$</prompt>

    </prompts>

    <targets>

      <target name="">

        <verify-os>false</verify-os>

        <host>xxxx.arsserver.host.com</host>

        <port>22</port>

        <userName>remedy</userName>

        <password>{dailypassword}</password>

        <timeout-secs>60</timeout-secs>

        <allow-unknown-hosts>true</allow-unknown-hosts>

        <use-shell-mode />

        <prompt>Username:</prompt>

        <establish-connection-timeout-secs>60</establish-connection-timeout-secs>

      </target>

    </targets>

    <commands>

      <command verify-os="false" prompt="Password" ignore-exit-code="true"><![CDATA[{username}]]></command>

      <command verify-os="false" prompt="Bash" ignore-exit-code="true">

        <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">

          <CipherData>

            <CipherValue>{encrypted password}</CipherValue>

          </CipherData>

        </EncryptedData>

      </command>

      <command verify-os="false" prompt="Bash"><![CDATA[PID=$(/usr/ucb/ps -auxww | egrep tomcat6 | egrep -v egrep | awk '{print $2}') ; ps -p $PID -o pid,vsz | grep $PID | awk '{print $2/1024}' ; unset PID]]></command>

    </commands>

  </ssh-request>

</request-data>

 

Although this took a couple of days to diagnose, in-between all the other things I was doing, it meant I would not forget this in the future when seeing similar behaviour.

 

Some points of interest to anyone wanting to use the SSH Adapter and understand how to configure to work how they expect it to.  [This is a consolidation of various discussions available on the SSH Adapter].

 

  1. The "<prompt>" element in the "<targets>" section is required to run multiple commands in the one session without terminating after each command.  If not included the SSH Adapter will open each command in its own session e.g. 3 commands, 3 separate sessions.  If the "<prompts>" section is not used in the adapter request, then the prompt defined in the targets sections is used for all commands.
  2. The "<verify-os>" element in the "<targets>" section is required on certain types of devices to stop additional commands being issued due to the adapter attempting to verify the OS.  You will see the associated command attempting to execute with the adapter log level set to "Debug".  To eliminate, add the element into the correct adapter request section.
  3. Where you specify the "prompt" (or interchangeable with "expect" attribute) in the command to be executed, this is the prompt that you are expecting to receive once the command has executed and completed (not the prompt you are expecting before the command is run).
  4. If you have the "<prompts>" section defined, you can reference the name of the prompt defined directly in the <command>.  This adds value as you can name your prompts with something recognisable and descriptive.

 

Hopefully if you encounter similar behaviour you can use this to narrow down what the issue is and correct.

 

Enjoy and good luck process building using the SSH Adapter.

 

Carl

Share This:

We've got a new version of BAO Content available today - v20.14.02 which can be downloaded from the normal BMC Electronic Product Download (EPD) site. http://www.bmc.com/support/downloads-patches/BMC-Support-Product-Downloads-and-Patches.html

 

 

Highlights of the release:


New Adapters

 

  • DNS adapter: The DNS adapter allows you to create an A record, or a PTR record for a DNS server
  • Microsoft Hyper-V Server 2012 adapter: Invokes requests to the Hyper-V Server 2012 R2 by executing PowerShell commands.

 

Adapter Updates

 

  • Infoblox adapter: Ability to specify the working directory for Infoblox NIOS adapter
  • VMware Adapter: Support for retrieving all or limited virtual machine properties in a cluster
  • Powershell Adapter: Support for Windows PowerShell 3.0 and 4.0
  • FTP Adapter: Support for SITE command in FTP adapter
  • Windows Command and PowerShell Adapters: xCmd utility now supports command timeout
  • HTTP Adapter: HTTP adapter request now supports timeout
  • New Tokenize Large String process to handle large input

 

New Modules

 

  • DNS Module: A new DNS Integration module contains workflows that enable you to perform basic operations while handling DNS servers
  • IPAM Module: BMC Cloud Lifecycle Management IP Address Management module for VitalQIP now included with BMC Atrium Orchestrator Content 20.14.02

 

Runbook Updates

 

Continuous Compliance for Servers

 

Part of BMC’s Intelligent Compliance use case, the BMC Continuous Compliance for Servers run book automates the integration of BladeLogic Server Automation monitoring, auditing, compliance, and remediation processes with IT management systems such as BMC Remedy ITSM. The 20.14.02 release simplifies the configuration and customization of the solution by replacing the previous module (Closed_Loop_Server-SA-Compliance) with two new modules

•              Closed_Loop_Compliance-SA-Servers

•              Closed_Loop_Compliance_ITSM_Integration

 

This change effectively breaks out the BladeLogic Server Automation workflows from the ITSM workflows enabling them to be installed and tested independently of each other. This change should make it simpler to configure the solution and customize if required.

 

Adapter Version Support updates

 

  • Remedy ARS v8.1.02
  • Remedy CMDB v8.1.02
  • BMC Remedyforce Summer '14
  • Bladelogic Server Automation v8.6
  • Bladelogic Network Automation v8.6
  • Bladelogic Database Automation v8.6
  • VMware vSphere 5.5
  • VMware vCloud Director v5.5
  • BMC ProactiveNet Performance Manager 9.5

 

For full details on all the changes, please visit the Docs pages here: https://docs.bmc.com/docs/display/public/baoc201402/20.14.02+enhancements

 

Enjoy!

Filter Blog

By date:
By tag: