4 Replies Latest reply on Jun 28, 2011 8:55 AM by Bill Robinson

    Two servers and different blcli authentication

    Bill Bruncati

      Running BL 7.6 on Solaris 10.


      I have one AppserverA  where I can go root , then nsh, and execute blcli commands

      with no problems.


      roots@system1 $PWD: blcli Server listAllServers


      system B




      I have another AppserverB  in another location and completely separate from  AppserverA.


      When I want to do "blcli Server listAllServers"  on AppserverB , I need to do the following blcli authentication commands below first.


      How can I get the AppserverB to act like AppserverA ?







      blcred cred -acquire -profile New_Bladmin_blcli  -username BLAdmin -password xxxxxx


      blcli_setoption authType BLSSO


      blcli_setoption serviceProfileName New_Bladmin_blcli


      blcli_setoption roleName BLAdmins




      blcli_execute Server listAllServers

        • 1. Two servers and different blcli authentication

          On AppServerA under root's home directory you'll probably find a file called user_info.dat under something like /root/.bladelogic/.user/


          You need to generate one of those on AppServerB using the bl_gen_blcli_user_info script under the BladeLogic installation directory e.g. /usr/nsh/br.


          Beware the security implications of doing this though, you're affectively giving anyone with root access to the AppServer who knows what they're doing BLAdmins access (or whatever you configure in your user_info.dat) to all of your managed servers.

          • 2. Two servers and different blcli authentication
            Bill Robinson

            in older versions of bladelogic the blcli defaulted to SRP authentication.  SRP uses a user_info.dat in the users's home directory as lee mentioned.


            that's deprecated starting in 8.0 so you must use the BLSSO auth type, along w/ the blcred command.  you can still use the user_info.dat but in a different way.


            do this:

            on appserverB run the bl_gen_blcli_user_info script.  put the user_info.dat wherever you want.

            run blcred like:

            blcred cred -acquire -profile <profile> -i </path/to/user_info.dat>

            blcli -t BLSSO -v <profile> Server -r <role> Server listAllServers


            you could/should go back and start doing the same thing on appserverA, just to get used to the BLSSO mechanism.

            • 3. Two servers and different blcli authentication
              Bill Bruncati

              Thank you both for the answers.



              Before I do anything on AppserverB,  I'd like to get things working on AppserverA.


              My user_info.dat file on AppserverA is ( as Lee mentioned ) under /.bladelogic/.user/user_info.dat .


              How would I find out my  existing "profile" name ?  Once I know that, then on AppserverA, I'll do:


              blcred cred -acquire -profile <profile> -i  /.bladelogic/.user/user_info.dat


              blcli -t BLSSO -v <profile> Server -r  BLAdmins Server listAllServers




              • 4. Two servers and different blcli authentication
                Bill Robinson

                blcred authprofile -list


                will show you all available profiles.