1 2 Previous Next 20 Replies Latest reply on Oct 5, 2015 9:37 AM by Jason Lamarre

    Continually prompted "Pick Role" after 8.5.1 to 8.6P1

    Cody Dean

      Good Morning,

      Yesterday we proceeded to upgrade to BSA 8.6 Patch 1 in production.  After the upgrade, when using NSH locally, we get prompted to pick role every time a command is issued.  Doing export BL_RBAC_ROLE=BLAdmin and export BL_AUTH_PROFILE_NAME=defaultProfile fixes it for the session. 

       

      We utilize NSH proxies and the Secure file on the Application server reads as follows:

      rscd:port=4750:protocol=5:tls_mode=encryption_only:encryption=tls

      default:port=4750:protocol=5:tls_mode=encryption_only:appserver_protocol=ssoproxy:auth_profile=defaultProfile:encryption=tls

       

      Thoughts/Suggestions greatly appreciated.

       

      Thank You

        • 1. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1
          Bill Robinson

          So what’s the question ?  it sounds like you solved the problem.

          1 of 1 people found this helpful
          • 2. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1
            Cody Dean

            Thank you for the reply Bill,

            The issue is, prior to 8.6P1 we didn't need to run the two commands after picking a role, every time we want to use NSH.  It isn't a one-time thing.  Is this normal behavior?  We have admins that utilize NSH heavily and having to do that every time they open their session is simply an inconvenience.

            • 3. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1
              Mike Jones

              Isn't this the normal behavior anyway even prior to 8.6 at least it is in my experience.

               

              So the first time I run an NSH/PuttyNSH shell which connects through an NSH proxy it prompts me to pick the role, as long as I have a session running I can start a new shell without being prompted.

               

              Are you saying that 8.6 now prompts every time even if you have a session open ?

              1 of 1 people found this helpful
              • 4. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1
                Cody Dean

                Prompting multiple times until BL_RBAC_ROLE=YourRole is ran doesn't seem like normal behavior, and wasn't that way prior to the upgrade. 


                Here is what I get if I dont first performace the BL_RABC_ROLE command, you can see where I was prompted to pick role after the command was executed.  It continues to do this for each command unless I run BL_RBAC_ROLE=MyRole


                NSH.png


                • 5. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1
                  Bill Robinson

                  this is normal behaviour.  if you specify the 'auth_profile' setting in the secure file you won't need to set the profile name but if you have multiple profiles then it's kind of pointless.  you would still need to set the role since that's going to be dependent on the user logging in.

                   

                  why are you using the appserver to interactively run nsh ?  you should not be using the appserver as a 'jump box'..

                   

                  you can set those two variables in the .nshrc in $HOME or %USERPROFILE% and you won't get prompted.

                  • 6. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1
                    Cody Dean

                    Perfect, that's an acceptable work around.  Thanks for the input everyone. 

                    • 7. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1

                      I have encountered this same behavior after a recent upgrade to 8.6p1

                      Users in the estate here run NSH from their own machines and have never had to declare these variables.  Is this "new" behavior in 8.6?

                      • 8. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1
                        Bill Robinson

                        afaik it's always been like this.  was your customer using the nsh proxy before ?

                        • 9. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1

                          Mike Jones describes the exact same behavior we are used to seeing. Now, after upgrading to 8.6.01.66 we are prompted sometimes multiple times for a single command. It's important for us to get prompted once at the beginning of a session as every user has many roles but we can't be getting prompted one or more times for each command.

                           

                          Also, I'm not quite sure I follow the recommended file changes (console os or nsh proxy server?) and I don't see anything set on our servers or console devices running older versions.

                           

                          Previous Behavior (8.2.01.336, 8.5.01.96)

                           

                          Pick Role:

                          1. BLAdmins

                          2. ETS-ORCHESTRATOR-NP_PACKAGER

                          3. ETS-ORCHESTRATOR_READ-ONLY

                          4. ETS-REMEDY_PACKAGER

                          1

                          VDDP03E-699693A% cd //vxpid-eblogc05

                          vxpid-eblogc05% ls

                          ADcert.p12              certStore.pem           opt

                          BladelogicNAS           cgroup                  patching

                          bin                     dev                     proc

                          bladelogic              etc                     root

                          bladelogic_agentlogs    home                    sbin

                          bldepot                 lib                     selinux

                          boot                    lib64                   srv

                          certStore-1.pem         lost+found              sys

                          certStore-2.pem         media                   tmp

                          certStore-3.pem         misc                    usr

                          certStore-4.pem         mnt                     util

                          certStore-ha.pem        net                     var

                          certStore-single.pem    nohup.out               vxpid-eblogc05.sysinfo

                          vxpid-eblogc05%

                           

                          And if I open another NSH I don't get prompted.

                           

                          New Behavior (8.6.01.66)

                           

                          Starting NSH-Only

                          Pick Role:

                          1. BLAdmins

                          2. ETS-ORCHESTRATOR-NP_PACKAGER

                          3. ETS-ORCHESTRATOR_READ-ONLY

                          4. ETS-REMEDY_PACKAGER

                          1

                          VDDP34E-BE120E6% cd //vxpid-eblogc05

                          Pick Role:

                          1. BLAdmins

                          2. ETS-ORCHESTRATOR-NP_PACKAGER

                          3. ETS-ORCHESTRATOR_READ-ONLY

                          4. ETS-REMEDY_PACKAGER

                          1

                          vxpid-eblogc05% ls

                          Pick Role:

                          1. BLAdmins

                          2. ETS-ORCHESTRATOR-NP_PACKAGER

                          3. ETS-ORCHESTRATOR_READ-ONLY

                          4. ETS-REMEDY_PACKAGER

                          1

                          Pick Role:

                          1. BLAdmins

                          2. ETS-ORCHESTRATOR-NP_PACKAGER

                          3. ETS-ORCHESTRATOR_READ-ONLY

                          4. ETS-REMEDY_PACKAGER

                          1

                          ADcert.p12              certStore.pem           opt

                          BladelogicNAS           cgroup                  patching

                          bin                     dev                     proc

                          bladelogic              etc                     root

                          bladelogic_agentlogs    home                    sbin

                          bldepot                 lib                     selinux

                          boot                    lib64                   srv

                          certStore-1.pem         lost+found              sys

                          certStore-2.pem         media                   tmp

                          certStore-3.pem         misc                    usr

                          certStore-4.pem         mnt                     util

                          certStore-ha.pem        net                     var

                          certStore-single.pem    nohup.out               vxpid-eblogc05.sysinfo

                          vxpid-eblogc05%

                           

                          If we can't get back to one prompt per session we'll have to forgo the upgrade.

                           

                          Thanks,

                           

                          Jason

                          • 10. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1
                            Cody Dean

                            To resolve it - I edited the .nshrc file for my profile.

                             

                            From CMD type "notepad .nshrc" from your home directory.

                             

                            Add the following (edit as needed for you):

                             

                            export BL_RBAC_ROLE=BLAdmins

                            setopt HIST_IGNORE_DUPS

                            HISTSIZE=1000

                            SAVEHIST=1000

                            HISTFILE=~/.nsh_history

                            BL_AUTH_PROFILE_NAME=defaultProfile

                             

                            nshrc.png

                            • 11. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1

                              Cody Dean thank you very much for the update - I couldn't find it because we don't make one but this helps me to understand the whole picture and I found the related file in zsh man pages with this help.

                               

                              We repackage and distribute the console internally so this approach isn't an option (the role would be different for each user and we don't want to default it as most have several).

                               

                              J

                              • 12. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1

                                Also, I am wondering if this will impact NSH scripts.

                                • 13. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1
                                  Cody Dean

                                  It still prompts you to select a role with the default specified.

                                   

                                  Sent from OWA on Android

                                  • 14. Re: Continually prompted "Pick Role" after 8.5.1 to 8.6P1

                                    Thanks Cody Dean for your continued help. We truly want your fix to work it just looking to be likely.

                                     

                                    I tried testing several scenarios with the .nshrc file. The problem with our packaging is the 1300 users have widely different roles and I would need a way to automate the update of that file to select a valid NSH capable role for the default for that user and keep it up to date as their roles shift. If you put FAKEROLE or a non-nsh role for the default the issue doesn't go away. Asking them to make their own .nshrc doesn't meet our standards for fully packaged.

                                     

                                    Thanks again for your help.

                                     

                                    The KA and QM for those who find this: https://kb.bmc.com/infocenter/index?page=content&id=KA426737

                                    We are going to push for a hotfix sooner.

                                    1 2 Previous Next