What does the users.local and exports file say on the agent?
If your users.local file doesn't have any values added to it and your users file has "no user" in it, then the box doesn't have any permission to push acls to it. The ACL preview is generated based on the roles you have added to the server object. It's not pushed until the job completes successfully, and to push the acls job, you need to make sure you have the initial acls setup correctly.
What's in the users.local file on the system?
Try running the 'agentinfo' command against the server.
# Copyright (c) 2001-2009 BladeLogic, Inc.
# -- All Rights Reserved --
# This file contains a list of user permission overrides. The permissions
# defined in this file will override any associated permissions defined in the
# "exports" or "users" file.
# Please read the BladeLogicAdministration.pdf for details on how to use this
w2k3-Prueba3 22.214.171.124 WindowsNT 5.2 BladeLogicRSCD@W2K3-PRUEBA3->Anonymous:PrivilegeMapped (Identity via trust) Protocol=5 Encryption=TLS1 7C970765 1 Licensed for NSH/CM - Expires Thu Mar 11 23:47:29 2010
Your users.local file needs to have an entry like "BLAdmins:BLAdmin rw,map="
Try Adding the following into users.local
Then push acls to the box.
I just created the next row in the users.local file and the Agent ACL Push run without problem. Later i deleted from users.local and all is running without problem.
I cann't understand the reason. Any idea?
Yes, because you didn't have anything mapped initially, therefore none of the BladeLogic roles could push anything to the server. Once you updated the users.local, you were able to push the acls out to the users file. Now the initial acl item is no longer needed, as you already have the Roles defined in the users file because of the push acls job.
So, the correct way to work with a new server is:
1. Install the Agent
2. Change the users.local
3. Push the Agent ACL
In this moment, it is no longer need to update users.local, all is managemnet with the Agent ACL Push, correct?
Yes, but you can do step 1 and 2 at the same time if you use the "Expert" option to install the agent. You can also create a silent installer that will do this for you. Check the BladeLogic Install Guide for detailed information on how you can achieve this.
When you install the agent it should ask you for a role:user and local user map to put into the users.local file. you need to do this in order to push acls.
you should leave this entry there in case you screw up the acl push at some point later in time. the users.local file is an override to users and is not touched during the acl push.
is 'RL_Administrator:Administrator' a bladelogic role and user?
all of this should be detailed in the bladelogicadministration.pdf file.
Yes 'RL_Administrator:Administrator' is a Role and a User maps with Administrator in the Window machines.
Were you logged into bladelogic as 'Administrator' in the RL_Administrator role when you were trying to perform the acl push?
I had created a new user "Administrador" with the new Role RL_Administrator. This Role is identical to BLAdmin. At the begining i just created a new VM and then installed the agent but didn't modify the users.local.
So with this user i probed to push Agent ACL and it didn't work.Then i modified the users.local login in the VM machine because from the bladelogic i hadn't enought rights.
In this moment i just pushed the Agent ACL withouth problem.
so i think that i need always to change the users.local, don't i?
Like someone mentioned before in this thread, when you install the agent you need to choose the 'expert' install and put in the role and user and local user when the installer prompts you, or after the install you need to manually modify the users.local file w/ a bladelogic user and role and user mapping that you want to give the initial permissions to. this will let you push acls.
The agent install by default is locked down so you must open it up to allow management.