TAM Scripts we have known

whooploafΛογισμικό & κατασκευή λογ/κού

13 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

997 εμφανίσεις

TAM Scripts we have known

TAMSNUG Phoenix/Hartford

9/22/2005


Mike Lee and Jeff Gross

mike.lee@phoenixwm.com

jeffrey.gross@snet.net

TAM Southern New England Users
Group 9/22/2005

2

Scope of this presentation


Show simple and advanced ways to
automate TAM administrative tasks


Advance knowledge of TAM data
structures


Demonstrate multiple scripting strategies


Keep it practical!

TAM Southern New England Users
Group 9/22/2005

3

pdadmin


Web Portal Manager GUI implements
only a fraction of administrative
commands


Most commonly used TAM utility:
pdadmin


Two modes:


Single command


Interactive


TAM Southern New England Users
Group 9/22/2005

4

pdadmin Login


User must log in to use pdadmin


ACLs will be checked for access rights


Single command mode


pdadmin

a sec_master

p mypw user list * 10


Interactive mode


pdadmin> login


Enter User ID: sec_master


Enter Password: mypw


user list * 10

TAM Southern New England Users
Group 9/22/2005

5

pdadmin User


EVERYTHING is in pdadmin*


pdadmin sec_master> user show mable


Login ID: maple


LDAP DN: cn=mable,ou=People,ou=LOB1,o=MYCO


LDAP CN: mable


LDAP SN: Mable


Description:


Is SecUser: Yes


Is GSO user: No


Account valid: Yes


Password valid: Yes


*EVEN customizations in .conf files!


TAM Southern New England Users
Group 9/22/2005

6

pdadmin Junction


pdadmin sec_master> server task webseald1 list


...


/app1


...


pdadmin sec_master> server task webseald1 show /app1



Junction point: /app1



Type: TCP



Junction hard limit: 0
-

using global value



Junction soft limit: 0
-

using global value



Active worker threads: 0



Basic authentication mode: filter



Forms based SSO: disabled



Authentication HTTP header: insert
-

iv_user_l iv_groups



Remote Address HTTP header: insert



Stateful junction: no



Boolean Rule Header: no



Scripting support: no



Preserve cookie names: no



Delegation support: no



Mutually authenticated: no



Insert WebSphere LTPA cookies: no



Insert WebSEAL session cookies: yes



Request Encoding: UTF
-
8, URI Encoded



Server 1:



ID: 6a541382
-
a77c
-
21d9
-
8da2
-
000d690b4134



Server State: running



Hostname: host1.myco.com



Port: 80



Virtual hostname: tapp1.myco.com



Server DN:



Query_contents URL: /cgi
-
bin/query_contents



Query
-
contents: unknown



Case insensitive URLs: yes



Allow Windows
-
style URLs: yes



Total requests : 32

TAM Southern New England Users
Group 9/22/2005

7

Add user scenario



pdadmin>



#user create <user
-
name> <dn> <cn> <sn>
<pwd>


user create mable cn=mable,ou=People,
ou=LOB1,o=MYCO mable mable newpassword


user modify mable account
-
valid yes


user modify mable password
-
valid yes


group modify grpAll add mable


Total of four pdadmin commands per
user

TAM Southern New England Users
Group 9/22/2005

8

Example 1: batch file


Create a text file with four command for each
user (user.txt)


Launch pdadmin as sec_master and reference
text file (or pipe to stdin):


pdadmin

a sec_master

p mypw user.txt


Pros:


Can create user.txt with any tool (perl, spreadsheet
formulas, SQL, text editor...)


QA the text file before running it!


user.txt represents a historically unique transaction

TAM Southern New England Users
Group 9/22/2005

9

Additional requirements


Ok, you have a list of new users (csv),
but you also have to


Generate a random password


Verify the add operations


Email the password to the new user


Email yourself if any problems


You need a real script!

TAM Southern New England Users
Group 9/22/2005

10

Example 2: pdadmin in loop


#!/usr/bin/pseudocode



my $pw = “mypw”;


while read $inData { #Read stdin or user.txt


($uid, $dn, $sn) = split ($inData, “~”);


$newpw=int(rand 100000);


$cmdtxt = ` pdmin

a sec_master

p $pw user create $uid $dn $cn $sn $newpw`;



if ($? != 0) { #Got good return code from pdadmin? If not, punt on this user



`echo $cmdtxt | mailx
-
s ‘Failed user add’ ivmgr`;



next; #skip further processing on failure


}




#Everything was successful so far, continue! (1)


pdmin

a sec_master

p $pw <<EOF


`user modify mable account
-
valid yes`;


`user modify mable password
-
valid yes`;


`group modify grpAll add mable`;


EOF


`echo $newpw | mailx
-
s ‘Your new password’
$uid@myco.com`
;


}



(1) Correction made post
-
presentation per TAMSNUG discussion

TAM Southern New England Users
Group 9/22/2005

11

More examples


Summerize http.log


by time period (10 minute, hour, day)


by http return code (200, 302, 404, 500)



Find http customizations (login.html, etc.)


validate contents of /opt/pdweb/tivoli.html (lppchk

c
PDWeb.Web


Iterate /opt/pdweb/tivoli.html/www
-
default, diff against
/tivoli.html version of file


Script changes to apply to configuration files


timeout value changes


log file configuration changes

TAM Southern New England Users
Group 9/22/2005

12

More examples


Script commands difficult to remember



pdadmin
-
a sec_master
-
p $PW server task webseal1 trace
set pdweb.debug 9 file path=/tmp/pdweb.out


Do ldap data maintenance


ldapsearch/ldapmodify


Perl package Net::Ldap


Dump ACL information


To csv file for auditing


acl list | acl show


acl list | acl find


group list * 999 | group show
-
members


TAM Southern New England Users
Group 9/22/2005

13

Reasons to script


Large, complex environments


5 environments (Unit, System, Pre
-
Production, Production, DR)


Internal vs. DMZ webseals


Load balancing


Large number of DNS hostnames


Reduced opportunity for manual errors


SOX / ISO 9001 repeatable process

TAM Southern New England Users
Group 9/22/2005

14

Environment


Pre
-
production


One of five environments


Stateful failover


4 ldap servers


IP
-
based virtual hosting


56 IP addresses

Public
IP

webseal

webseal

webseal

webseal

Health
Check

IP Load
Balance

App Serv

App Serv

TAM Southern New England Users
Group 9/22/2005

15

Advanced examples



Promotion between environments: Clone


Operational Utilities: XML database

TAM Southern New England Users
Group 9/22/2005

16

Promotion via cloning



Promotion between environments: Clone


Allows use of WPM GUI in Unit


Enables repeatable process


TAM Southern New England Users
Group 9/22/2005

17


Enter environment for input


Enter environment for cloning


Enter junction to clone or select all


pdadmin server task $webseal show junction
-

webseal from input environment


while loop on pdadmin output


extract junction name


if (m/^cmd/) {



($blah, $blah, $blah, $websealName, $blah, $junction) = split / /;


}


extract junction values and map values to pdadmin server task parameters to build command to create junction


if (m/^ *Insert WebSEAL session cookies:/) {


if (m/: no$) {


$session = “”;


} else {


$session = “
-
k”;


}


execute build command to create junction in cloned environment


print “server task $websealName create
-
t tcp
-
f $scripting
-
p 80
-
r
-
q /cgi
-
bin/query_contents $session $caseInsensitive
-
c $ht
tpHeader
-
v
$virtualHostname
-
h $hostname $junction
\
n”







Pseudo code to clone junctions

TAM Southern New England Users
Group 9/22/2005

18

Clone script: junction


pdadmin sec_master> server task webseald
-
unit show
/app1



Junction point: /app1



Type: TCP



Junction hard limit: 0
-

using global value



Junction soft limit: 0
-

using global value



Active worker threads: 0



Basic authentication mode: filter



Forms based SSO: disabled



Authentication HTTP header: insert
-

iv_user_l
iv_groups



Remote Address HTTP header: insert



Stateful junction: no



Boolean Rule Header: no



Scripting support: yes



Preserve cookie names: no



Delegation support: no



Mutually authenticated: no



Insert WebSphere LTPA cookies: no



Insert WebSEAL session cookies: yes



Request Encoding: UTF
-
8, URI Encoded



Server 1:



ID: 6a138382
-
a77c
-
11d9
-
8da2
-
000d600b4144



Server State: running



Hostname: host
-
unit.myco.com



Port: 80



Virtual hostname: tapp1
-
unit
-
ist.myco.com



Server DN:



Query_contents URL: /cgi
-
bin/query_contents



Query
-
contents: unknown



Case insensitive URLs: yes



Allow Windows
-
style URLs: yes



Total requests : 32


server task webseal
-
system create

-
c iv_user_l iv_groups


-
j


-
k


-
h host
-
system.myco.com


-
v tapp1
-
system
-
ist.myco.com


-
i


/app1

TAM Southern New England Users
Group 9/22/2005

19

P
-
code to clone object space


Enter environment for input


Enter environment for cloning


Enter junction to clone object space for or select all


pdadmin object show $webseal/$junction
-

webseal from input environment


while loop on pdadmin output


extract junction name


if (m/^cmd/) {



($blah, $blah, $blah, $object) = split / /;


}


extract object space values and map values to pdadmin object modify parameters to build command to create object space


if (m/^ *$/) {


$http = 0;


}


if ($http) {


s/^ *//;


print “object modify $object set attribute HTTP
-
Tag
-
Value $_
\
n”;


}


if (m/HTTP
-
Tag
-
Value/) {


$http = 1;


}


execute build command to create object space in cloned environment

TAM Southern New England Users
Group 9/22/2005

20

Operational Utilities


Scripting framework for


Deployment


Run
-
time monitoring and validation


Data
-
driven


XML file holds properties


Hierarchical


Inheritance


Internally parameterized


Implemented as Perl package







TAM Southern New England Users
Group 9/22/2005

21

XML properties file


<?xml version="1.0" encoding="UTF
-
8"?>


<!
--


Prototype of properties file for TAM administrative scripting


--
>


<CONFIG xmlns:xsi="http://www.w3.org/2001/XMLSchema
-
instance"



xsi:noNamespaceSchemaLocation="./TAMUTILS.xsd">






<APPTEMPLATE name="app1">



<prop propkey="Description" propval="Send documents
--

Bulk email utility "/>



<prop propkey="Deployed_on_Webseal_Servers" propval="{Ext_Webseal_A},{Ext_Webseal_B}"/>



<prop propkey="JunctionName" propval="/app1"/>



<prop propkey="JunctionFlags" propval="
-
c all
-
j
-
v {App_AppServ_BaseName}
-
h {App_AppServ_BaseName} {JunctionName}"/>



<prop propkey="App_AppServ_BaseName" propval="tsenddoc"/>



</APPTEMPLATE>






<ENVIRONMENT name=“PREPROD">



<prop propkey="Ext_Webseal_A" propval="webseald1"/>



<prop propkey="Ext_Webseal_B" propval="webseald2"/>



<prop propkey="Health_Check_URL" propval="http://{App_AppServ_BaseName}/Healthcheck.jsp"/>



<prop propkey="Health_Check_cksum" propval="XnQsmjO5O3xZWdjGusDAZg"/>






<!
--

List all DNS Names and IP addresses associated with pre prodution
--
>



<prop propkey="adv.myco.com" propval="192.168.1.121" propdesc= "DNS"/>,



<prop propkey="vh
-
pxpext.myco.com" propval="192.168.2.121" propdesc= "webseal F5"/>






<DNSDOMAIN name=“mycoinvestments.com">



<prop propkey="Webseal_cert_keyfile_label" propval=“MYCO"/>






<APPINSTANCE name="app1">



<prop propkey="Health_Check_URL" propval="http://appserv1.myco.com/Healthcheck.jsp}"/>



<prop propkey="Health_Check_cksum" propval="XnQRmjO5O3xZWdjGusDAZg"/>



</APPINSTANCE>






</DNSDOMAIN>



</ENVIRONMENT>


</CONFIG>


TAM Southern New England Users
Group 9/22/2005

22

Operational Utilities


Implemented as private perl package


Reads XML file in to memory


Exposes several functions:


Get list of application instances for an environment


Get a property (for given app, environment, or dnsdomain)


Execute an arbitrary command at OS level


Perform Health Check for an environment (17 apps)


Check DNS, connect to IP addresses for an environment


Log additional info to shared log file








TAM Southern New England Users
Group 9/22/2005

23

Languages


sh/ksh/bsh


perl


VBA/VBS


C
-
API/java
-
api


Others??

TAM Southern New England Users
Group 9/22/2005

24

Hints and tips


First do no harm


echo/print generated commands before
execution


Do the loop logic last


Refactor your code into reusable chunks


Use open
-
source components


cpan.org


sourceforge.net


openssl

TAM Southern New England Users
Group 9/22/2005

25

Conclusions


Scripting migration processes can ease
the administrators’ tasks of migrating
TAM components through environments.


New features in TAM 6 should have
methods of assisting administrators
during these migration processes.


Scripts are not static but can evolve
depending on your environmental
changes.