11 Replies Latest reply on Jun 10, 2011 10:03 AM by afurman NameToUpdate

    blcred problem authenticating to 2 profiles in NSHScriptJob

      Please  consider the following:

       

      NSH Script executed as a NSHScript Job (BL8.0 SP5), I'm connecting to 2 different profiles, first to profile 1 and then profile 2 (SRP only using same user and password which exists in both environments):

       

      blcred cred -acquire -profile <profile 1> -username <user> -password <password>

      blcli_setoption authType SRP

      blcli_setoption roleName <role>

      bllcli_setoption serviceProfileName <profile 1>

      blcli_connect

      <do something>

      blcli_disconnect

      blcred cred -acquire -profile <profile 2> -username <user> -password <password>

      .....

      this second call to blcred always fails with the error "Invalid argument blcred"

       

      Its only a problem when script is executed as NSHScriptJob

      same script runs fine in NSH shell.

       

      any ideas?  this is driving me insane....

      thanks

        • 1. blcred problem authenticating to 2 profiles in NSHScriptJob

          What type of NSH script is it, type 1/2/3 ?

          • 2. blcred problem authenticating to 2 profiles in NSHScriptJob

            Mike,

            its type 1 ("Execute separately against each host")

            its supposed to run on one host and connect to 2 different bl servers:

            1) connect to the 1st one

            2) do something

            3) connect to the 2nd one

            4) do someting

             

            1) always works

            It fails on blcred -acquire command in 3)

            If I switch servers the result is the same - fails on second connection.

            • 3. blcred problem authenticating to 2 profiles in NSHScriptJob
              Bill Robinson

              you can't use blcred inside a nsh job.  and you can't connect to 2 different appservers afaik.

               

              what are you trying to do?  why do you need to connect as different users ?

              • 4. blcred problem authenticating to 2 profiles in NSHScriptJob

                Bill,

                I'm trying to sync servers between 2 bladelogic environments (separate app servers, separate databases)

                the script connects to the "source" app server, gets a list of all servers,

                then connects to the target app server, gets a list of all servers there (that's when I need to disconnect from the first server and connect to the second one)

                the lists are compared and servers missing from the target system are added

                 

                this nsh script works when I open nsh prompt and run it manually  but does not work inside a nshjob (I want to schedule it)

                So I guess it does not work because as you said I can't use blcred inside nsh job, am i out of luck here then?

                • 5. Re: blcred problem authenticating to 2 profiles in NSHScriptJob
                  Bill Robinson

                  I don’t think you can override the creds passed on from the appserver.

                   

                  You could try spawning the 2nd bit as a separate script via a nexec – that might lose the credentials.

                   

                  Do do some echo’s and create a new script from inside the 1st.  then nexec that new script.  does that make sense?

                  • 6. blcred problem authenticating to 2 profiles in NSHScriptJob

                    it does. however  to be honest I was ok with running the script from NSH prompt manually, and it worked fine for me for some time but today it stopped working too at the point when it reconnects to the second server even when doing it via nsh prompt, which is bizarre...

                    • 7. blcred problem authenticating to 2 profiles in NSHScriptJob
                      Bill Robinson

                      from the script (and not the job) it should work.  did anythig change in the env recently?  can you post the script or is it too long?

                      • 8. Re: blcred problem authenticating to 2 profiles in NSHScriptJob

                        Bill,

                        somehow i cannot paste anything to this window

                        i'll have to email it to you directly

                        • 9. Re: blcred problem authenticating to 2 profiles in NSHScriptJob

                          Bill, here it is

                          I run it as ./blsync.nsh –s “Old Production ” –t “Production ” –m add

                          I noticed that it crashes only if I get a list of servers from the first app server and store it in a variable and then try to connect to the second app server in get_servers()( below)

                          If I do the same but don’t store the first server list it does not crash this used to work just fine no idea why it started acting like this.

                          get_servers() {

                           

                                          echo Getting a list of servers from $1 ...

                                          blconnect "$1"

                                          blcli_execute Server listAllServers

                                          blcli_storeenv $2

                           

                          the actual error I’m getting is:

                          Getting a list of servers from Production ...

                          Connecting to Production

                           

                          blconnect:3: message too long: blcred

                          blconnect:4: message too long: blcred

                          blconnect:5: message too long: blcred

                          Exception in thread "main" com.bladelogic.session.client.SessionLoginException: No cached Session Credential for named service profile - please login.

                                  at com.bladelogic.cli.CliLoginOperations.getSessionCredentialFromCache(CliLoginOperations.java:192)

                                  at com.bladelogic.cli.CliLoginOperations.obtainSessionCredential(CliLoginOperations.java:90)

                                  at com.bladelogic.session.client.SessionLoginManager.connect(SessionLoginManager.java:160)

                                  at com.bladelogic.session.client.SessionLoginManager.login(SessionLoginManager.java:89)

                                  at com.bladelogic.cli.CLIMain.loginToAppServer(CLIMain.java:669)

                          Exception in thread "main" com.bladelogic.session.client.SessionLoginException: No cached Session Credential for named service profile - please login.

                                  at com.bladelogic.cli.CliLoginOperations.getSessionCredentialFromCache(CliLoginOperations.java:192)

                                  at com.bladelogic.cli.CliLoginOperations.obtainSessionCredential(CliLoginOperations.java:90)

                                  at com.bladelogic.session.client.SessionLoginManager.connect(SessionLoginManager.java:160)

                                  at com.bladelogic.session.client.SessionLoginManager.login(SessionLoginManager.java:89)

                                  at com.bladelogic.cli.CLIMain.loginToAppServer(CLIMain.java:669)

                          • 11. blcred problem authenticating to 2 profiles in NSHScriptJob

                            ok, so I had to switch to HTML editor, script is below I run it as ./blsync.nsh –s “Old Production [SRP]” –t “Production [SRP]” –m add Complete script: ######################################################################## # Name: BLSYC.NSH # Usage: blsync.nsh -s -t -m # add will add servers that exist on to # delete will remove servers on that do not exist on # mirror will make same as (add and delete) ######################################################################### #!/bin/nsh EXISTING_SERVERS=0 ADDED_SERVERS=0 DELETED_SERVERS=0 TOTAL_SERVERS_SOURCE=0 TOTAL_SERVERS_TARGET=0 CONST_BL_SOURCE="Old Production [SRP]" CONST_BL_TARGET="Production [SRP]" CONST_MODE="add" BL_SOURCE=$CONST_BL_SOURCE BL_TARGET=$CONST_BL_TARGET MODE=$CONST_MODE SERVER_LIST_SOURCE="" SERVER_LIST_TARGET="" ARGUMENTS=0 ################################## # Connect to Bladelogic system # using specified Auth Profile ################################## blconnect() {                 echo Connecting to $1\\n                 blcred cred -acquire -profile "$1" -username XXXXXX -password XXXXXXXXX                 blcred cred -list                 blcli_setoption authType SRP                 blcli_setoption roleName XXXXX                 blcli_setoption serviceProfileName "$1"                 blcli_connect                     } ################################## # Get a list of servers in bladelogic ################################## get_servers() {                                 echo Getting a list of servers from $1 ...                 blconnect "$1"                 blcli_execute Server listAllServers                 blcli_storeenv $2                                 } ################################## # Output usage information ################################## print_usage() {                 echo "Usage: \\n"                 echo "blsync.nsh -s -t -m \\n" } debug_print_vars(){ echo '=====================' echo 'BLSYNC.NSH Arguments:' echo '=====================' echo ARGUMENTS=$ARGUMENTS echo SOURCE=$BL_SOURCE echo TARGET=$BL_TARGET echo MODE=$MODE } ################################## # Add servers ################################### add_servers() { for SERVER_SOURCE in $SERVER_LIST_SOURCE do                 ERROR=false                 SERVER_EXISTS=NA                 SERVER_ID=-1                                 blcli_execute Server serverExists $SERVER_SOURCE                 blcli_storeenv SERVER_EXISTS                 if [ "$SERVER_EXISTS" = "false" ]                 then                                 echo Adding server $SERVER_SOURCE                                 SERVER_ID="Operation failed"                                 blcli_execute Server addServer $SERVER_SOURCE                                 blcli_storeenv SERVER_ID                                 RESULT=`echo $SERVER_ID | grep failed`                                 if [ -n "$RESULT" ]                                 then                                                 echo Failure to add server: $RESULT                                                 ERROR=true                                 else                                                 ADDED_SERVERS=$((ADDED_SERVERS+1))                                                 echo Server $SERVER_SOURCE was added successfully.                                                 SERVER_ACL="Operation failed"                                                 echo "Modifying Permissions: Adding BLAdmins Server.* on Server $SERVER_SOURCE"                                                 blcli_execute Server addPermission $SERVER_SOURCE BLAdmins 'Server.*' system                                                 echo "Modifying Permissions: Adding WebOps_Admins Server.* on Server                                        $SERVER_SOURCE"                                                 blcli_execute Server addPermission $SERVER_SOURCE WebOps_Admins 'Server.*' system                                                 blcli_storeenv SERVER_ACL                                                 RESULT=`echo $SERVER_ACL | grep failed`                                                 if [ -n "$RESULT" ]                                                 then                                                                 echo Failure to modify ACLs: $RESULT                                                                 ERROR=true                                                 else                                                                 echo Permissions modified successfully.                                                 fi                                 fi                 else                                 blcli_execute Server getServerIdByName $SERVER_SOURCE                                 blcli_storeenv SERVER_ID                                 echo Server $SERVER_SOURCE already exists in RBAC. SERVER_ID=$SERVER_ID                                 EXISTING_SERVERS=$((EXISTING_SERVERS+1))                 fi                 done } ################################## # Delete servers ################################### delete_servers() { echo Deleting any extra servers not found in source... for SERVER_TARGET in $SERVER_LIST_TARGET do                 ERROR=false                 SERVER_ID=-1                 RESULT=""                                                                 RESULT=`echo $SERVER_LIST_SOURCE  | grep $SERVER_TARGET`                                 if [ -n "$RESULT" ]                                 then                                                 echo Keeping server $SERVER_TARGET                                 else                                                                                                                                 echo Decommissioning server $SERVER_TARGET                                                 blcli_execute Server decommissionServer $SERVER_TARGET false                                                 DELETED_SERVERS=$((DELETED_SERVERS+1))                                                                                                                 fi done } ################################## # Check arguments # if none - fall back to defaults ################################## ARGUMENTS=$# typeset -u MODE if [ $# -ne 0 ] then                 while getopts s:t:m: o                 do                                 case "$o" in                   s) BL_SOURCE=$OPTARG;;                   t) BL_TARGET=$OPTARG;;                   m) MODE=$OPTARG;;                                 esac                 done fi typeset -u SERVER_LIST_SOURCE typeset -u SERVER_LIST_TARGET debug_print_vars get_servers "$BL_SOURCE" SERVER_LIST_SOURCE blcli_disconnect get_servers "$BL_TARGET" SERVER_LIST_TARGET case $MODE in                 DELETE)                                 delete_servers ;;                 ADD)                                 add_servers ;;                 MIRROR)                                 add_servers                                 delete_servers ;; esac echo \\n\\n echo SKIPPED EXISTING_SERVERS = $EXISTING_SERVERS \\n echo ADDED_SERVERS = $ADDED_SERVERS \\n echo DELETED_SERVERS = $DELETED_SERVERS \\n exit 0