9 Replies Latest reply on Feb 18, 2013 6:27 PM by Amit Gupta

    Bladelogic vs Generic Server Integration

      hi Guys,


      as far as i know, the only way to automate job management from Bladelogic from an external servers is to install on this server the NSH Console and execute from it BLCLI commands.



      the first command at this point that the external server should execute via NSH Console is to acquire session credentials via blcred, but as far as i know these session credentials expire after a while:


      So each script should automate each time this first statement:


      blcred cred -acquire -profile defaultProfile -username 'IntegrationUser' -password xxxxxxx


      and then all the stataments required to get profiling and connection to the AppServer:


      blcli_setoption roleName BLAdmins

      blcli_setoption serviceProfileName defaultProfile



      my question is: isn't there a way avoiding to put in clear the password on the blcred cred acquisition command and in the same time avoiding the Session Credential expiration?

        • 1. Re: Bladelogic vs Generic Server Integration
          Amit Gupta



          you can look into using user_info.dat with blcred instead. blcred cred -acquire -i <path to user_info.dat file>.


          You can create this file using the bl_gen_blcli_user_info command.


          Hope it helps,


          1 of 1 people found this helpful
          • 2. Re: Bladelogic vs Generic Server Integration

            Ok in this way i avoid to put in clear in my script the password: great !


            but another question come in my mind in order to enable this scenario:


            1. external machine-user login automatically on Bladelogic AppAserver (via trusted certificate ssh -i option)
            2. external machine-user is able to automatically swith his environment from ksh/sh to nsh
            3. external machine-user executes the .sh script, containing the BLCLI commands


            if NSH is not set (step2) the script executed on 3 will fail because the BLCLI will not be recognized.

            How can i set automatically (or inside the .sh script itself) the user to use the NSH prompt ?

            • 3. Re: Bladelogic vs Generic Server Integration
              Sean Berry



              This is basically a problem in two parts.


              Part one: how to authenticate in such a way as to be able to execute tasks within BSA/BladeLogic.  This can be done via user_info.dat (at least prior to a certain release, I haven't tested this recently), or via setting the credential timeout to a very long value (9999 is a common setting, I believe it's in hours).


              Part two: how to quickly and easily execute a given common task.  Given that the product is flexible with regard to roles, access control, which appservers you speak to, etc., it is common to "package up" the preferred set of configurations in a simple script, and then either use it to pass through CLI commands, or to execute a common task. 


              How I do this: I build whatever my common set of commands / environment variables are into a block of shell script that I either re-use via cut and paste, keep external as an environment script that I either call separately or source in my other scripts like ". /home/wherever/setup-blcli.nsh".


              How this ends up getting used: figure out the steps required -once-, then build it into scripts for specific tasks.  The "package.nsh" and "deploy.nsh" scripts just take arguments as to which application we want to package, where we want to store the packages, and to which servers we want to "deploy" them.  This means our end users don't need to understand blcli or authentication, all they know is that the magic is in the script.


              Let me know whether this addresses your question.

              1 of 1 people found this helpful
              • 4. Re: Bladelogic vs Generic Server Integration

                ciao Sean,


                clear about point 1.


                Very interesting also your approach for Integration scripts using BLCLI about point 2.


                Just one additional question to help me in this setup: which kind of commands should i use to setup the environment to run blcli commands in the "environment setup" part of script?

                • 5. Re: Bladelogic vs Generic Server Integration
                  Bill Robinson

                  domenico - what are you going to use to drive the jobs from the other system?  we already have some intergrations w/ BAO as well as Control-M (i think). 

                  • 6. Re: Bladelogic vs Generic Server Integration

                    Yes, we think to use BAO to orchestrate also the logic in case of multiple-scripts in a flow and variable management: this approach is perfect.


                    But for some Integration with external custom systems i think can have a more simpler approach avoiding use BAO Workflodw (due to effort implementations and chain-testing).


                    My only doubt/problem here is how to setup the environments to allow a generic ssh script to run BLCLI command:

                    which kind of setup/commands should i use ?

                    • 7. Re: Bladelogic vs Generic Server Integration
                      Amit Gupta



                      Could you explain: "if NSH is not set (step2) the script executed on 3 will fail because the BLCLI will not be recognized."?


                      BSA doesn't have a standalone blcli installation. So, any machine that runs blcli commands will either need to have Console installed or appserver installed, both of which come with nsh. It will be fair to infer that if nsh is not installed, you will not be able to run blcli commands.


                      However, you can also look at using the webservices with BSA to run CLI commands using the clitunnel service.

                      • 8. Re: Bladelogic vs Generic Server Integration

                        you are right Amit. NSH is installed, but in the .sh script you should in some way configure in order that script can execute BLCI.


                        in the manual approach you should first of all, login to the ssh session, then  execute "nsh" and finallyyou can execute all the commands like:


                        blcred cred -acquire -profile defaultProfile -username 'IntegrationUser' -password xxxxxxx

                        blcli_setoption roleName BLAdmins

                        blcli_setoption serviceProfileName defaultProfile


                        • 9. Re: Bladelogic vs Generic Server Integration
                          Amit Gupta

                          Hi Domenico,


                          If nsh is installed, you should just be able to call the nsh script as nsh <name of the script> in your ssh call.


                          So, you would do the following:

                          1. On your ssh launcher machine, create your nsh script as if you are creating it on the remote host to run it locally on that machine. Hence, it would have all the relevant commands to create an auth profile if does not already exist, set options for blcli_execute and then blcli_execute commands. In latest releases, your first line in the nsh script would be #!/bin/nsh

                          2. Now, you can create a shell script on your ssh launcher machine that has only two lines:

                          scp <path to your nsh script file created above> <name or IP of remote machine>:<path to copy this script>

                          ssh <name or IP of remote machine> nsh <path of the script on remote machine>


                          For example, I create the following nsh script on my machine from where I ssh into the remote machine(I already had auth profile and user_info.dat created). 



                          blcred cred -acquire -profile srp -i ~/.bladelogic/.user/user_info.dat
                          blcli_setoption roleName BLAdmins
                          blcli_setoption serviceProfileName srp
                          blcli_execute Server listAllServers


                          Then created an executable shell script with following lines:

                          scp test.nsh

                          ssh nsh /tmp/test.nsh


                          Now, when I execute the shell script on my local machine, it gives me the list of servers added in BSA. The blcli commands are actually run on the remote machine with IP

                          # ./test.sh

                          test.nsh                                                                                                                                                           100%  207     0.2KB/s   00:00

                          Authentication succeeded: acquired session credential



                          Hope it helps,