Migration tool options

You can run the AuthTool by using the following command:

For Windows:

runAuthTool.bat <options>

For Linux/UNIX:

runAuthTool.sh <options>

The following table describes the command line elements. 

CommandDescription
<java> 

Specifies the java command.

Use of the JRE embedded in the target AO server installation directory is recommended – ${AO_HOME}/jvm/bin/java or ${AO_HOME}/jvm/jre/bin/java depending on the BMC Atrium Orchestrator Platform version.

<java_options>

Specifies the options for the Java virtual machine such as those used to set the size of the heap or set Java system properties.

The file pathname of the diagnostic log file (default: ${user.dir}/AuthTool.log) may be changed by specifying -Dauthtool.logfile=<filepath>. A relative path is relative to the current directory (${user.dir}).

<options>

Specifies zero or more of the options.

If no option is specified, --dump is the default.

Migration tool options

The following table describes the options that you can use with the AuthTool command.

OptionDescription
--help-h-?Displays the help text
--verbose-v

Indicates that verbose output is produced; maybe repeated to produce more verbose output.

Warning

When you use --verbose, sensitive data may be written to the diagnostic log in the clear.

--dump

Default option.

Performs a roughly formatted dump of the authentication and authorization information available in the BMC Atrium Orchestrator (BAO) server.

This output is not suitable for import operations and is intended mainly as a diagnostic aid.

Note

This operation may display sensitive data in the clear.

--export <export_file>

Exports the authentication and authorization information available in the BAO server to an XML file suitable for use in an import operation. 

The <export_file> option identifies the file path into which the XML export is written. A relative path is relative to the current directory

--exportRaw <raw_export_file>

Export the authentication and authorization information available in the BAO server as a serialized object graph.  

This format is not suitable for import operations but may be used as input the the‑‑dump and ‑‑export operations via the ‑‑inRaw option.

The <raw_export_file> option identifies the file path into which the raw export is written. A relative path is relative to the current directory.

--import <export_file>

Imports the authentication and/or authorization information from <export_file> into the current BAO server environment.

The <export_file> identifies the file path into which an XML export was written (see ‑‑export). The import operation converts the authentication and authorization data as needed for the target AO server environment. A relative path is relative to the current directory.

--inRaw <raw_export_file>

Specifies the raw export file to be used as input to the --export or --dump operations.

When specified, the AO server environment must match the original source of the data. For example, if dumped from an AO 7.6.03 CDP, it must be processed in an AO 7.6.03 CDP. This enables processing the raw data using the correct Java class files. A relative path is relative to the current directory.

--dataPassword <password_designator>

Specifies the password used to encrypt sensitive data in the export data file.

The value of this option is a password designator. See Password Designator.

Sensitive data is encrypted for‑‑export and --exportRaw operations using a 128-bit AES cipher key generated, using a Password-Based Encryption (PBE) scheme, from the password supplied. The same password must be provided for an --import operation using the exported data or a‑‑dump operation using a raw export file as input.  

The password supplied is not validated; using a different password for an ‑‑import operation or ‑‑dump using a raw export file as input will not result in an error message but will cause sensitive data to be decrypted incorrectly.  

The default password is changeit.

--roleMap <role_map_properties_file>

Specifies the Java properties file providing the role names to substituting for built-in and user-defined roles found in the <export_file> during an import operation.

A <role_map_properties_file> must be provided if rules from Access Manager written for the built-in roles (ADMIN, USER, GRID_ADMIN, DESIGNER, REPOSITORY_ADMIN) are to be imported. A relative path is relative to the current directory.

pass:<password>

Password options accept the following values:

  • pass:<password>
  • file:<file_path>
  • prompt

Provides a password in the command line argument.

Use of this method is not recommended for environments where the command line may be recorded or otherwise observed.

file:<file_path>

Identifies a file containing, as the first/only line, the password to use.

It is recommended that the file be readable only to the user of the command. A relative path is relative to the current directory.

prompt

Indicates that a console prompt is issued for the password.

This option requires that a console device be connected.

--syncRsso

Syncs two instances of Remedy SSO:

  • The Remedy SSO instance from which roles, users, and role-user mapping will be synced (designated by src)
  • The Remedy SSO instance to which roles, users, and role-user mapping will be synced (designated by dst)

This option should be followed by the following options:

--srcRssoUrl http(s)://<src_host>:<src_port> 

--srcRssoUser <src_RSSO_admin> 

--srcRssoPassword pass:<src_RSSO_admin_password> 

--dstRssoUrl http(s)://<dst_host>:<dst_port>  

--dstRssoUser <dst_RSSO_admin>  

--dstRssoPassword pass:<dst_RSSO_admin_password>

--srcRssoUrl <src_rsso_url>

Specifies the URL for the admin connection to the Remedy SSO instance from which roles, users, and role-user mapping will be synced. For example:

https://sourcehost:8080/ 

--srcRssoUser <user_name>

Specifies the user name for the admin connection to the Remedy SSO instance from which roles, users, and role-user mapping will be synced.

--srcRssoPassword 
pass:<password_designator>

Specifies the password for the admin connection to the Remedy SSO instance from which roles, users, and role-user mapping will be synced.

The value for this option is a password designator, as described earlier in this table  If you do not provide a value for this option, users and roles are not imported into Remedy SSO.

--dstRssoUrl <dst_rsso url>

Specifies the URL for the admin connection to the Remedy SSO instance to which roles, users, and role-user mapping will be synced. For example:

https://destinationhost:8080/ 

--dstRssoUser <user_name>Specifies the user name for the admin connection to the Remedy SSO instance to which roles, users, and role-user mapping will be synced.
--dstRssoPassword 
pass:<password_designator>

Specifies the password for the admin connection to the Remedy SSO instance to which roles, users, and role-user mapping will be synced.

The value for this option is a password designator, as described earlier in this table  If you do not provide a value for this option, users and roles are not imported into Remedy SSO.