7 Replies Latest reply on Dec 7, 2012 6:34 AM by Nick Maslov

    Import Compliance Templates, EO, CO, everything

      Hi,

       

      I have two BSA environments.

       

      In first one, I created Component Templates (CT) for compliance. I added there Global Extended Objects (EO), Configuration Objects (CO) like configuration files etc.

       

      When I exported CT as .zip file, I tried to export it on the second BSA environment, but received an error:

       

      Import validation log:

      Error     Access denied ConfigFile.Read on /etc/ftpd/ftpusers

       

      Ok, I manually exported the /etc/ftpd/ftpusers CO from first environment, and imported it on the second one. Same story.

       

      I am doing that with a role, that has ConfigFile.*, so how come?

       

      Thanks,

      NM

        • 1. Re: Import Compliance Templates, EO, CO, everything

          So, I deleted /etc/ftpd/ftpusers from Parts in initial CO - but it keeps complaining against other parts, like /etc/ssh/sshd_config...

          1 of 1 people found this helpful
          • 2. Re: Import Compliance Templates, EO, CO, everything

            Sorry for my habit of speaking to myself

             

            So, on my test server I was able to pass the validation with no issues, seems like it goes down to some tricky RBAC settings I have there.

             

            Anyway, I tried to do that on my virtualized environment of BBSA82sp3 - (only difference is that its running on rhel/oracle flavour instead of win/sql I have in prod). Validation passsed just perfectly, maybe since I did that as BLAdmin.

             

            But when I tried to actually import stuff in - it failed. In logs I found this error:

             

             

            Caused by: com.bladelogic.om.infra.mfw.util.BlException: A newer version 82,030,000 of class 'Unix Groups' already exists in Configuration Object Dictionary. The older version of class 'Unix Groups' will not be imported.

                      at com.bladelogic.om.infra.shared.blassetclass.BlAssetClassZipFile.parseModelXmlFile(BlAssetClassZipFile.java:2190)

                      at com.bladelogic.om.infra.shared.blassetclass.BlAssetClassZipFile.copyModelFilesToFileServerAndGetModelObjects_server(BlAssetClassZipFile.java:829)

                      at com.bladelogic.om.infra.shared.blassetclass.BlAssetClassZip

             

             

            I started creating this content on 82sp1, then upgraded all environments to 82sp3.

             

            Seems like CT created on previous versions of BBSA, even upgraded afterwards, might have some kind of old mappings to CO.

             

            Which is making my life a bit harder...

             

            Anyone saw such weird behaviour before? Or am I missing anything obviuos?

             

            Cheers

            • 3. Re: Import Compliance Templates, EO, CO, everything
              Bill Robinson

              after you upgrade the appserver, you need to run a 'update model object' job against your blpackages, templates, etc - anything that would contain COs, then you should be able to export and import to the new env.

               

              what role are you running the import as?  does it have Read on the /etc/ftpd/ftpusers cfo ?

              1 of 1 people found this helpful
              • 4. Re: Import Compliance Templates, EO, CO, everything

                Hi Bill,

                 

                That role has ConfigFile.*, and I explicitly put ConfigFile.Read in it.

                 

                Thanks for the tip on update model object job, will give it a try.

                • 5. Re: Import Compliance Templates, EO, CO, everything
                  Bill Robinson

                  Just to confirm, the Role has ConfigFile.* in its lists of authorizations and it has atleast ConfigFile.Read on the actual config file object itself ?

                  • 6. Re: Import Compliance Templates, EO, CO, everything
                    Bill Robinson

                    Just to confirm, the Role has ConfigFile.* in its lists of authorizations and it has atleast ConfigFile.Read on the actual config file object itself ?

                    • 7. Re: Import Compliance Templates, EO, CO, everything

                      Hi Bill, that role has AuthProfile, that has ConfigFile.* authorization.

                       

                      However, I blame RBAC that we installed - it has a lot of ACL`s and other restrictions which may contradict with one another.

                       

                      Thanks,

                      NM