7 Replies Latest reply on Sep 18, 2010 3:55 PM by John Van Ommen

    Provisioning a server with jython

    John Van Ommen

      At the moment I'm working on a project where I'm provisioning servers via a web portal. I thought it would be valuable to post how it's done, in case others could use it. (And who knows, maybe I could use this a year from now!)


      A server can be provisioned with a single blcli command, "Provision provisionDevice". Here's the documentation for this command:


      Provision : provisionDevice

      This command provisions a device that is currently in the imported state. The input file URL should be a valid java.net.URL pointing to a text file conforming to the java.util.Properties format. Property entries in this file should be as follows:

      • Server.Property.prop_name=value, where prop_name is the name of a server property.

      • SystemPackage.LocalProperty.prop_name=value, where prop_name is the name of a property of the given system package.

      • Network.network_setting=value, where network_setting is a PXE or JumpStart network setting.

      NIM devices do not require any network keywords. Use parameterization via local properties as necessary.

      The following network settings are common between PXE and JumpStart devices:

      • Network.DHCPEnabled=[true or false]

      • Network.IPAddress=[valid v4 ipv4 address]

      • Network.SubNetMask=[valid subnet mask ipv4 format]

      • Network.DefaultGateway=[valid ipv4 address]

      If Network.DHCPEnabled is set to true, settings for Network.IPAddress, Network.SubNetMask and Network.DefaultGateway are ignored.

      The (additional) valid Network settings for a PXE device are:

      • Network.AutoDNSEnabled=[true or false]

      • Network.DNSAddress.Primary=[valid ipv4 address]

      • Network.DNSAddress.Secondary

      If Network.AutoDNSEnabled is set to true, settings for Network.DNSAddress.Primary and Network.DNSAddress.Secondary are ignored.

      The (additional) valid Network settings for a JumpStart device are:

      • Network.EnablePrimaryInterface=[true or false]

      • Network.UseIPv6=[true or false]

      • Network.NameService.Type=[NIS | NIS+ | DNS | LDAP | NONE]

      • Network.NameService.DomainName=domain_name

      If Network.NameService.Type equals "NIS" or "NIS+", you must specify the following settings:

      • Network.NameService.NameServerHostName=name_server_host_name

      • Network.NameService.NameServerIPAddress=[valid ipv4 address]

      If Network.NameService.Type equals "DNS", use the following required and optional settings:

      • Network.NameService.PrimaryDNSServer=[valid ipv4 address] (required)

      • Network.NameService.SecondaryDNSServer=[valid ipv4 address] (optional)

      • Network.NameService.TertiaryDNSServer=[valid ipv4 address] (optional)

      • Network.NameService.AdditionalDomains=domains, where domains is a comma-separated list of domains (optional)

      If Network.NameService.Type equals "LDAP", you can use the following optional settings:

      • Network.NameService.ProfileName=profile_name (optional)

      • Network.NameService.ProfileServerIP=[valid ipv4 address] (optional)

      • Network.NameService.ProxyDN=proxy_dn (optional)

      • Network.NameService.ProxyPassword=proxy_password (optional)

      If Network.NameService.Type equals "NONE", all network settings in the file are ignored.

      Return Type: com.bladelogic.model.base.keys.DBKey

      Command Input

      Argument Name Argument Type Description

      systemPackageId int Integer ID of the system package.

      macAddress java.lang.String MAC address of the device to be provisioned.

      aclTemplateId int ACL template to apply to the server that will be added to Configuration Manager, once it is provisioned. If you want to use default ACLs, set this variable to 0.

      propsFileURL java.lang.String URL to the input file containing device properties.



      The following example shows how to provision a device that has the MAC address 11-aa-22-bb-33-cc using a system package with ID 2000000. This example uses an ACL template with ID 1. The file propfile.txt, residing on the root directory of the local machine, is the input file for the device properties.

      Provision provisionDevice 2000000 11-aa-22-bb-33-cc 1 file:///c:/propfile.txt

        • 1. Re: Provisioning a server with jython
          John Van Ommen

          While a server can be provisioned with a single command, often you'll need to set some properties first.


          For example, the IP address in our system package references the following property:



          Here's how we unravel this string. We start from the left, and find the property "DEVICE" which is a local property. When we look at the local property of the system package we find that "DEVICE" is of the type "PXE Device."


          So what does that mean?


          "PXE Device" is a subclass of the built-in-property named "Device" (see pic.)

          • 2. Re: Provisioning a server with jython
            Bill Robinson

            make a doc out of this and i'll post it into the kb :)

            • 3. Re: Provisioning a server with jython
              John Van Ommen

              As mentioned in the previous post, we're using the built in property class named "PXE Device" which is a sub-class of "Device."


              The reason we're using this class is that we really don't have many classes to choose from. In BladeLogic Configuration Manager we could set a property on the built in property class named "server." But in Provisioning Manager we don't have that luxury; the server doesn't EXIST yet!


              So this is why we're leveraging the class named "PXE Device." The two most common places to store your properties in the provisioning process are in the local properties of the system package, and the properties of the device to be provisioned.


              Does that make sense?


              If this isn't clear, please post any questions.

              • 4. Re: Provisioning a server with jython
                John Van Ommen

                A great thing about using a web portal along with BladeLogic is that we can enforce security with it.

                For instance, we don't want normal users poking around in the web portal code, but we'd like them to have the opportunity to define their own properties.

                For example, there are dozens of end users who might be interested in adding to the functionality of the web portal by adding system packages. The way that we accomplish this is by kicking off a BLCLI routine via the web portal which queries the names of our system packages. By going this route we take advantage of the dynamic nature of the system packages, and enforce security via the BladeLogic RBAC model.

                Here's a snippet of code which accomplishes this:

                FOLDER_ID = runBlcliCmd('SystemPackageGroup', 'groupNameToId', )

                FOLDER_ID = runBlcliCmd('SystemPackageGroup', 'groupNameToId', )

                if not (FOLDER_ID.success()):

                     printError("Failed to execute SystemPackageGroup groupNameToId " + str(FOLDER_ID.getError()))




                1. List all System Packages<BR>

                CONTENTS = runBlcliCmd
                ('SystemPackage', 'listSystemPackageFolderContents', )

                if not (CONTENTS.success()):

                printError("Failed to execute SystemPackage listSystemPackageFolderContents " + str(CONTENTS.getError()))




                for lines in CONTENTS.returnValue.split('\n'):

                if lines != '':

                spValues = lines.split(',')

                spName = spValues[1].strip()

                spKey = spValues[2].strip()

                if (platform == 'solaris'):

                m = re.search("SOE",spName)

                if (m == None):


                if (myList != ""):

                myList="%s;%s:%s" % (myList,spKey,spName)


                myList="%s:%s" % (spKey,spName)

                keyValList["sysPkg" + spName]=spKey

                return myList

                • 5. Re: Provisioning a server with jython
                  John Van Ommen

                  That first line in the code from the previous post shouldn't be there twice. I tried to edit it twice, and it wouldn't go away. Must be something up with the forum software or something.

                  • 6. Re: Provisioning a server with jython
                    John Van Ommen

                    By querying BladeLogic, we can dynamically update the provisioning portal based on the contents of the property dictionary. When a user updates the instance, the portal reflects the change. Of course we have to DO something with these values. After querying the values via BLCLI, we write them to a file which is used during provisioning.


                    Here's an example of these configuration files, edited for security reasons. This file is automatically generated by the web portal, then saved to the file system, where it is then read by the Provision provisionDevice command. For additional documentation on how this process works, please review my posts from 2007.











                    SystemPackage.LocalProperty.DATA_STORE=Class://SystemObject/DataStore/Jumpstart DataStore/LAB - Paris (parisds01)



                    • 7. Re: Provisioning a server with jython
                      John Van Ommen

                      One cool thing about provisioning via a web interface is that you can provision faster than you can via Provisioning Manager.  And this ignores the other benefits of web provisioning, such as universal access for all users, and higher security.  (Since you can lock users down to a very limited selection of devices.)  Just imagine trying to support a few hundred installations of BladeLogic, and you can imagine how quickly the support tickets pile up.


                      Jquery comes in handy here; it allows you to asynchronously load elements of the web page, while running CLI commands in the background.  For instance, if you're logging into Provisioning Manager via the GUI, you can't do anything for a couple of minutes while you're logging in.  But if you're logging in via the CLI, you can use Jquery to load elements of your web page while the CLI is busy doing the authentication in the background.  See:

                      $(window).load(function () {
                        // run code