Netcool Tips
how to install 7.3 probe onto 7.2 base omnibus
All probes released after OMNIBus 7.3 GA are in 7.3 format. Those probes can be installed onto 7.3 via $NCHOME/omnibus/install/nco_install_integration tool. if you want to use the same package to install the probe on 7.2 you need to do:
1. unzip the package. 2.find the full path that contains the patch 3. install the patch,using $NCHOME/omnibus/install/nco_patch eg: #tar -xvf CZ81IEN.tar #cd patches #ls -lart total 4 drwxrwxrwx 1 root root 216 2009-10-31 02:37 . drwxrwxrwx 1 root root 392 2009-10-31 02:37 omnibus-linux2x86-probe-nco-p-mttrapd-11_0 drwxrwxrwx 1 root root 4096 2010-09-14 11:51 .. #/opt/netcool/omnibus/install/nco_patch -install omnibus-linux2x86-probe-nco-p-mttrapd-11_0 Installing Patch "omnibus-linux2x86-probe-nco-p-mttrapd-11_0" ... Short Description : Multi-Thread Trapd Probe Revision : 0 Requires : common-libncrypt-1_0 Obsoletes : probe-nco-p-mttrapd probe-nco-p-mttrapd-2 probe-nco-p-mttrapd-3 probe-nco-p-mttrapd-4 probe-nco-p-mttrapd-5 probe-nco-p-mttrapd-6 probe-nco-p-mttrapd-7 probe-nco-p-mttrapd-8 probe-nco-p-mttrapd-9 probe-nco-p-mttrapd-10 probe-nco-p-mttrapd-ems-8 Installation Date : Fri Oct 9 20:09:57 EST 2009 Creation Info : Tue Oct 20 08:33:34 BST 2009 |
Which encryption algorithm should I use for objectserver
OMNIBus users are divided into two groups, external and internal authenticated. internal authenticated user have their user name and password stored in security.users table. passwords are encrypted for obvious reason.
those passwords can be encrypted using different algorithm. you have choice between DES and AES mode. DES is the default. Which encryption algorithm to use is totally up to security compliment requirement. for example I use plan taxt password in all my Netcool vmware images. However, in a production environment, one should always use AES(or AES_FIPS) instead of DES, this is because that WEBTOP (WEBGUI) doesn't support DES encryption algorithm. if you ever want to encrypt the password stored in Webtop datasource definition file, then you have to run objectserver with PasswordEncryption property set to "AES". Things might change with new releases, above is only true to current version. OMNIBus 7.3.0 and WEBGui 7.3 |
Automatic refreshing webtop chart?
webtop chart can present some nice high-level event summarization information in graphic form, however, it does not automatic refresh. neither chartview portlet or chart itself provides a refreshing mechanism.
I find a way of doing chart refreshing by using smart pages. following are general steps: 1. create a customized HTML, using smartpage to create a chart, then use java script to do auto refreshing. 2.copy this html file into $TIPHOME/systemApps/isclite.ear/Webtop.war/customhtml directory 3. create an iFrame and set the URL to the file, eg /ibm/console/webtop/customhtml/hello.html To make it easy, I've attached my example html here: Chart Test Page |
which port should I open for my ncp server?
ITNM has so many component and sometimes it is hard to know which ports do they listen on. following one liner will help you find out which port do they use, please be notified that this is only tested on Redhat Linux:
------------------------------------------------------ [netcool@bgpvtnm1 precision]$ ps -ef|grep netcool|grep -v grep|tr -s " "| cut -d" " -f 2|while read line ; do /usr/sbin/lsof -p ${line}; done|grep LIST ncp_virtu 1486 netcool 11u IPv4 23484198 TCP bgpvtnm1.bbl.int:50022 (LISTEN) java 9003 netcool 57u IPv6 22198475 TCP *:ibm-mqisdp (LISTEN) ncp_d_hel 9831 netcool 11u IPv4 22199184 TCP bgpvtnm1.bbl.int:52789 (LISTEN) ncp_confi 9834 netcool 11u IPv4 22199181 TCP bgpvtnm1.bbl.int:7969 (LISTEN) ncp_disco 15464 netcool 12u IPv4 22207696 TCP bgpvtnm1.bbl.int:60958 (LISTEN) ----------------------------------------------------- |
Started ITNM as root by accident?
started ncp as root by accident?
ITNM as a general application should run as non-root user. follow step by step guide to setup ITNM auto-start as non-root user ITNM writes a list of files after startup, if you've started you ITNM as root user by accident you will not be able to start it using normal user again as the owner of those files has been changed to root. you can not simply change owner of all the files in $ITNMHOME to normal user because some special binaries should be run as root, eg ncp_poller. following one line script will create a list of command you should run as root to restore the original owner: find $NCHOME -user root|grep -v bin| while read line ; do echo "chown netcool ${line}"; done please double check before you apply the change. |
ITNM 3.8 interface filter doesn't work with complex filter
I recently find a bug related to Network Polling Interface filter. if you are building a filter that uses more than one field in interface filter section, the polling policy won't work. you will find following message from your ncp_poller debug log:
---------------------------------------------------------------------------------- 05/14/2010 02:42:27 PM: Warning: [1879833504t] CPolicyMonitorMap.cc(327) A database 'execute' operation has failed : CNcpODBCSth.cc line 654 : (no error message)( statement: 'SELECT DISTINCT chassis.ENTITYID AS MAINNODEENTITYID,chassis.ACCESSIPADDRESS AS MAINNODEADDRESS,chassis_entity.ENTITYNAME AS MAINNODEENTITYNAME,chassis.CLASSNAME AS ENTITYCLASS,lingerTime.lingerTime AS lingerTime,msc.STATUS AS CHASSISMANAGED,interface.ENTITYID AS ENTITYID,interface_entity.ENTITYNAME AS ENTITYNAME,interface_entity.ENTITYTYPE AS ENTITYTYPE,interface.ACCESSIPADDRESS AS ACCESSIPADDRESS,interface.IFINDEX AS IFINDEX,interface.IFTYPESTRING AS IFTYPESTRING,interface.IFNAME AS IFNAME,interface.IFDESCR AS IFDESCR,interface.IFALIAS AS IFALIAS,interface.IFINDEX AS INSTANCESTR,msi.STATUS AS ENTITYMANAGED FROM chassis INNER JOIN entity chassis_entity ON chassis_entity.ENTITYID=chassis.ENTITYID AND chassis_entity.DOMAINMGRID=? INNER JOIN lingerTime ON lingerTime.ENTITYID= chassis_entity.ENTITYID INNER JOIN classMembers ON classMembers.ENTITYID= chassis_entity.ENTITYID INNER JOIN ncmonitor.policyClass pc ON pc.CLASSID=classMembers.CLASSID AND pc.POLICYID=? AND pc.INCLUDE<>0 LEFT JOIN managedStatus msc ON msc.ENTITYID= chassis_entity.ENTITYID INNER JOIN entity interface_entity ON interface_entity.MAINNODEENTITYID= chassis_entity.ENTITYID AND interface_entity.DOMAINMGRID=? INNER JOIN interface ON interface.ENTITYID=interface_entity.ENTITYID LEFT JOIN managedStatus msi ON msi.ENTITYID=interface_entity.ENTITYID INNER JOIN interfaces ifilt1 ON ifilt1.entityId = interface.entityId AND ( ifilt1.ifAdminStatus = 'up' AND ifilt1.ifName like 'Fa%' or ifName like 'Gi%' or ifName like 'Te%' ) WHERE ( chassis_entity.CHANGETIME >= ? ) AND chassis.accessIPAddress IS NOT NULL AND ( interface_entity.CHANGETIME >= ? ) ORDER BY lingerTime.lingerTime ASC' varbinds: 1,35,1,1970-01-01 10:00:00,1970-01-01 10:00:00 ) ------------------------------------------------------------------------------------ after trying this sql statement in my database's command line interface(replacing question mark with corresponding 'varbind'), I find that the interface filter bit have some error: INNER JOIN interfaces ifilt1 ON ifilt1.entityId = interface.entityId AND ( ifilt1.ifAdminStatus = 'up' AND ifilt1.ifName like 'Fa%' or ifName like 'Gi%' or ifName like 'Te%' ) I use ifName field in my filter few times, the first ifName is prefixed with 'iflit1', the later two are not. after changing the filter text from " ifName like 'Fa%' or ifName like 'Gi%' or ifName like 'Te%' " to " ifName like 'Fa%' or ifilt1.ifName like 'Gi%' or ifilter1.ifName like 'Te%' ", the policy works. I will update this blog with APAR number once I get it. |
installing Deployment Engine enabled product on 64bits linux
Don't forget to install 32bits libraries.
I recently encountered a very strange problem installing ITNM on 64bits linux. The installation script fails with following message: -------------------------------------------------------------- =============================================================================== Problem installing COI/DE Components ------------------------------------ The installation of the COI/DE components failed with the following message: Component: Message: For more information, please review /opt/IBM/tivoli/netcool/log/install/Configuration.log and the logs found in /opt/IBM/tivoli/tip/logs, and correct any problems described therein before continuing. ------------------------------------------------------------- the logfile mentioned does not contain much valuable information, one strange thing is that it contains lots of components I did not choose. I decide to go through the installation guide before raising PMR . the installation guide says that compat-libstdc++33 and compat-libstdc++-296 must be installed. I then run 'rpmquery -a|grep compat-libstdc++' and find the packages I've installed are 64 bits. From the lesson I learned from Configure Objectserver PAM authenticatoin on 64bits linux, I installed the 32bits version and the installation completed happily this time. |
step-by-step guide : configure ITNM core component autostart as non-root user on linuxsimple steps to setup ITNM 3.8 core
component autostart as non-root, I assume the username you want to
run ncp as is 'netcool' |
switching JRE for firefox 3.6 on Ubuntu
Firefox 3.6.3 is the default browser for the popular Ubuntu 10.04 , unfortunately Firefox 3.6 dropped the support for old java plugin,next generation plugin is now default.
next generation java plugin is a new feature after JRE 6 update 10, which means java 5 is no longer supported on Ubuntu 10.04 (Lucid). the mechanism for switching JRE for firefox is not changed, we just need to change the plugin path, following is what I do to achieve this: 1. check how many alternative JRE do you have by : ---------------------------------------- the next generation jre is called libnpjp2.so, you can use following command to find out how many you already have: --------------------------------------- yulei@yulei-laptop:~$ find /usr -name libnpjp2.so /usr/lib/j2re1.6-ibm/jre/lib/i386/libnpjp2.so /usr/lib/j2sdk1.6-ibm/jre/lib/i386/libnpjp2.so /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/i386/libnpjp2.so ------------------------------------------ if above command doesn't return anything, it means you don't have any valid JRE installed. please install sun jre using how to install sun jre on ubuntu lucid or install openjdk jre using 'sudo apt-get install openjdk-6-jre' 2. remove old java from mozilla0-javaplugin.so alternatives: --------------------------------------------- sudo update-alternatives --remove mozilla-javaplugin.so /usr/lib/j2re1.6-ibm/jre/plugin/i386/ns7/libjavaplugin_oji.so sudo update-alternatives --remove mozilla-javaplugin.so /usr/lib/j2sdk1.6-ibm/jre/plugin/i386/ns7/libjavaplugin_oji.so --------------------------------------------- 3. repeat following command to add each path you find in step 1. --------------------------------------------- sudo update-alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so mozilla-javaplugin.so /usr/lib/j2sdk1.6-ibm/jre/lib/i386/libnpjp2.so 100 --------------------------------------------- 4. check new settings: ---------------------------------------------- yulei@yulei-laptop:~$ sudo update-alternatives --list mozilla-javaplugin.so /usr/lib/j2sdk1.6-ibm/jre/lib/i386/libnpjp2.so /usr/lib/jvm/java-6-sun/jre/lib/i386/libnpjp2.so ---------------------------------------------- 5.now you can change JRE on the fly with update-alternatives. --------------------------------------------------------- yulei@yulei-laptop:~$ sudo update-alternatives --config mozilla-javaplugin.so There are 2 choices for the alternative mozilla-javaplugin.so (providing /usr/lib/mozilla/plugins/libjavaplugin.so). Selection Path Priority Status ------------------------------------------------------------ * 0 /usr/lib/j2sdk1.6-ibm/jre/lib/i386/libnpjp2.so 100 auto mode 1 /usr/lib/j2sdk1.6-ibm/jre/lib/i386/libnpjp2.so 100 manual mode 2 /usr/lib/jvm/java-6-sun/jre/lib/i386/libnpjp2.so 63 manual mode Press enter to keep the current choice[*], or type selection number: 2 update-alternatives: using /usr/lib/jvm/java-6-sun/jre/lib/i386/libnpjp2.so to provide /usr/lib/mozilla/plugins/libjavaplugin.so (mozilla-javaplugin.so) in manual mode. ------------------------------------------------------------- 6.restart your java and use following link to check if your java is working: ---------------------------------------------- test if my jre is working ---------------------------------------------- |
get ipaddress for a long list of hostname
It is common while preparing for your first disco, that you want to use file finder to give as much information as you can to the disco. this involves preparing the seed file.
The seed file should contain two columns, one for hostname the other for ipaddress. following one line script will prepare a well formated seed file for you if you have a list of hostname or ipaddress ready: ---------------------------------------------------------------------------------------------------- cat Hosts.TXT | while read line; do echo `host ${line}`; done|grep "has address"|sed 's/ has address /,/' >HostsWithIp.txt ---------------------------------------------------------------------------------------------------- find un-resolvable hosts: ---------------------------------------------------------------------------------------------------- cat Hosts.TXT | while read line; do echo `host ${line}`; done|grep "not found" ---------------------------------------------------------------------------------------------------- verify snmp readonly access: ---------------------------------------------------------------------------------------------------- cat Hosts.TXT | while read line; do echo `snmpget -v 2c -c public host ${line}`; done ----------------------------------------------------------------------------------------------------- |
Configuring OMNIBUS 7.3 ODBC gateway on windows- part 3 - license
After Part 1 and Part 2, I am finally ready to configure the gateway. after configuring the gateway as I do on Linux, I start the gateway and get error : The evaluation period for this DB2 ODBC driver has expired.
remember that in Part 2 , we find that path to those drivers are wrong, could this be related? I go back to Part 2 and check the path in original registry and find a license file, %OMNIHOME%\platform\win32\IVBM.LIC, after copying this file to %OMNIHOME%\ODBC32v53\Drivers directory, the errors are gone and ODBC gateway is working. |
Integrating OMNIBus with Active Directory via PAM on 64bits Linux?
nco_objserv is 32bits application and it doesn't work with samba winbind library on 64 bits Linux. bellow is how I troubleshoot and fix the issue:
I am trying to do PAM authentication for Objectserver on my 64bit Redhat. winbind was configured properly, I can ssh into the box with my AD account, however, after following the Installation Guide and Admin Guide , PAM still doesn't work for me. I guess it is time to give strace a try. first, run 'strace -f -o /tmp/pam.log <PID>' as root, with the PID of the objectserver. then try login into the objectserver using nco_sql, fail, then check /tmp/pam.log: grep pam /tmp/pam.log, luckily I find following entry: -------------------------------------------------------------- 14895 open("/lib/security/pam_winbind.so", O_RDONLY) = -1 ENOENT (No such file or directory) -------------------------------------------------------------- I thought it must be a missing link, so I just created a softlink from /lib64/security: -------------------------------------------------------------- ln -s /lib64/security/pam_winbind.so /lib/security/pam_winbind.so -------------------------------------------------------------- that was stupid as objectserver is a 32 bit application and it won't work with 64 bits libraries, I get following from /var/log/secure: --------------------------------------------------------------- May 4 16:48:59 dlvomn01 nco_objserv: PAM [error: /lib/security/pam_winbind.so: wrong ELF class: ELFCLASS64] --------------------------------------------------------------- alright, I am going to try fix this properly: ------------------------------------------------------------------ [root@dlvomn01 conf.d]# yum provides /lib/pam_seciruriity/pam_winbind.so samba-common-3.0.33-3.14.el5.s390 : Files used by both Samba servers and clients. Matched from: Filename : /lib/security/pam_winbind.so [root@dlvomn01 conf.d]#yum install samba-common-3.0.33-3.14.el5.s390 ------------------------------------------------------------------ After this AD account can login into objectserver using nco_sql. |
ncp_poller doens't work with NCIM on db2ncp_poller doesn't work with NCIM on db2, mib browser doesn't work neither. I get following message from poller log: ------------------------------------------------------------------------ [netcool@dlvtnm01 precision]$ tail -f ncp_poller.D_BABG.log 04/27/2010 02:49:11 PM: Warning: [1920088992t] CNcpDbFactory.cc(783) A required dynamic library file is missing. When attempting to open shared lib: /opt/IBM/tivoli/netcool/precision/platform/linux2s390/lib/libNcpDbDb2.so 04/27/2010 02:49:11 PM: Warning: [1920088992t] CRealTimeTblCallback.cc(422) An unexpected nil pointer reference has been found. 04/27/2010 02:49:11 PM: Warning: [1920613280t] CMonitorPolicyManager.cc(713) An unexpected nil pointer reference has been found. no monitor DB 04/27/2010 02:49:41 PM: Warning: [1920613280t] CMonitorPolicyManager.cc(713) An unexpected nil pointer reference has been found. no monitor DB ------------------------------------------------------------------------ ldd returns good result: ------------------------------------------------------------------------ [netcool@dlvtnm01 lib]$ ldd libNcpDbDb2.so libdb2.so.1 => /home/db2inst1/sqllib/lib32/libdb2.so.1 (0x771b3000) libdb2install.so.1 => /home/db2inst1/sqllib/lib32/libdb2install.so.1 (0x771ac000) libdb2g11n.so.1 => /home/db2inst1/sqllib/lib32/libdb2g11n.so.1 (0x76b58000) libdb2locale.so.1 => /home/db2inst1/sqllib/lib32/libdb2locale.so.1 (0x76b43000) libdb2osse.so.1 => /home/db2inst1/sqllib/lib32/libdb2osse.so.1 (0x76868000) libdb2genreg.so.1 => /home/db2inst1/sqllib/lib32/libdb2genreg.so.1 (0x76834000) libdb2trcapi.so.1 => /home/db2inst1/sqllib/lib32/libdb2trcapi.so.1 (0x7682a000) libdb2dascmn.so.1 => /home/db2inst1/sqllib/lib32/libdb2dascmn.so.1 (0x7680e000) libdl.so.2 => /lib/libdl.so.2 (0x767e9000) libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x766f0000) libm.so.6 => /lib/libm.so.6 (0x7664d000) libc.so.6 => /lib/libc.so.6 (0x76501000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x764f3000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x764c0000) libpthread.so.0 => /lib/libpthread.so.0 (0x764a8000) libdb2osse_db2.so.1 => /home/db2inst1/sqllib/lib32/libdb2osse_db2.so.1 (0x76459000) libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x7638d000) librt.so.1 => /lib/librt.so.1 (0x76383000) /lib/ld.so.1 (0x55555000) -------------------------------------------------------------------------- wait, I remember that ncp_poller has setuid set, even though ncp_ctrl is started by user 'netcool': -------------------------------------------------------------------------- [netcool@dlvtnm01 lib]$ ps -ef |grep ncp _p root 7344 31846 8 10:23 ? 00:02:02 ncp_poller -domain D_BABG -latency 30000 -debug 0 -messagelevel debug -logdir /opt/IBM/tivoli/netcool/log/precision netcool 23265 29924 0 10:47 pts/1 00:00:00 grep ncp_p [netcool@dlvtnm01 bin]$ pwd /opt/IBM/tivoli/netcool/precision/platform/linux2s390/bin [netcool@dlvtnm01 bin]$ ls -lart ncp_p* -r-sr-xr-x 1 root ncoadmin 717633 Mar 12 22:13 ncp_poller -r-xr-xr-x 1 netcool ncoadmin 1521646 Mar 12 23:34 ncp_pathtrace -r-xr-xr-x 1 netcool ncoadmin 7499 Mar 13 00:01 ncp_perl -------------------------------------------------------------------------- Due to security reasons, binaries with setuid bit can only use libraries in trusted library path, this is configured in /etc/ld.so.conf on linux, let's check this: --------------------------------------------------------------------------- include ld.so.conf.d/*.conf /opt/IBM/tivoli/netcool/precision/platform/linux2s390/lib /opt/IBM/tivoli/netcool/platform/linux2s390/lib /opt/IBM/tivoli/netcool/platform/linux2s390/oracleInstantClient10.2 /opt/IBM/tivoli/netcool/platform/linux2s390/oracleInstantClient11.1 /opt/IBM/tivoli/netcool/platform/linux2s390/informix_odbc_3.50/lib/esql /opt/IBM/tivoli/netcool/platform/linux2s390/informix_odbc_3.50/lib/cli ----------------------------------------------------------------------------- from the name we know that db2 libraries are not included, and that's why ncp_poller doens't work. after adding db2 library path(/home/db2inst1/sqllib/lib32) to this file, run lddconfig as root and restart ITNM, poller now works happily. ----------------------------------------------------------------------------- 04/29/2010 10:23:38 AM: Information: [1986971344t] Logging for ncp_poller initialised at level 'debug' 04/29/2010 10:23:38 AM: Debug: [1986971344t] Logging for ncp_poller to file: /opt/IBM/tivoli/netcool/log/precision/ncp_poller.D_BABG.log 04/29/2010 10:23:38 AM: Information: [1986971344t] Operating as the primary poller 04/29/2010 10:23:39 AM: Information: [1986971344t] ncp_poller[7344] Version 3.8 (Build 56) becoming Primary 04/29/2010 10:23:40 AM: Information: [1953196960t] SNMP access credentials logged in plain text: false 04/29/2010 10:23:43 AM: Information: [1953196960t] Configuring default poller 04/29/2010 10:23:43 AM: Information: [1883728800t] Number of rows of historical poll data: 0 04/29/2010 10:23:46 AM: Debug: [1881107360t] Updating policy status for policy: Default Chassis Ping id: 1 to: updating 04/29/2010 10:23:47 AM: Debug: [1881107360t] Created Job - jobid: 1 name: '1/Default Chassis Ping' 04/29/2010 10:23:47 AM: Debug: [1881107360t] Updating policy status for policy: Default Chassis Ping id: 1 to: running (211 monitors) 04/29/2010 10:23:47 AM: Debug: [1881107360t] Updating policy status for policy: Default Interface Ping id: 2 to: updating 04/29/2010 10:24:01 AM: Debug: [1881107360t] Created Job - jobid: 2 name: '2/Default Interface Ping' 04/29/2010 10:24:01 AM: Debug: [1881107360t] Updating policy status for policy: Default Interface Ping id: 2 to: running (773 monitors) 04/29/2010 10:24:01 AM: Debug: [1881107360t] Updating policy status for policy: SNMP Link State id: 4 to: updating 04/29/2010 10:24:02 AM: Debug: [1881107360t] Created PollObjectGroup - grpid: 1 name: '4/SNMP Link State' -------------------------------------------------------------------------- I believe this is a product bug which should be fixed in $ITNMHOME/scripts/setup_run_as_setuid_root.sh |