Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Run book configuration reference for Continuous Compliance for Database Automation

The following sections describe the various configuration groups associated with each run book module included in the Continuous Compliance for Database Automation solution.

BMC Database Automation ITSM Integration module

Before you can use the solution to track changes initiated by a BMC Database Automation operator (see Documenting operator-initiated changes for databases), you must ensure that the BMC Database Automation ITSM Integration module is properly integrated to work with the BMC Database Automation system and BMC Remedy ITSM systems.
This integration requires that you modify the configuration of the module by setting the configuration items in each configuration group so that they match the information entered when you configured change and task templates in your BMC Remedy ITSM.

Change Management configuration group for BMC Database Automation ITSM Integration

The following table lists Change Management configuration items.

Configuration Item

Description

Platform

Name of the change platform as seen in the Change Management module configuration. For example, BMC_AR_System

Change_Template_Name

Name of the BMC Remedy ITSM change template used to create a change in the target ITSM instance. For example, BMC Database Automation OIC Task Template.

Default_Status

Status of the change when created. The default is Request for change.

Default_Change_Type

Type of change. The default is Change.

Default_Impact

Impact type of the change when created. The default is 4-Minor/Localized.

Default_Risk_Level

Risk level of the change when created. The default is Risk level 2.

Default_Timing

Timing value of the change when created. The default is No impact.

Default_Urgency

Urgency level of the change when created. The default is 3-Medium.

Default_Change_Summary

Default summary used to create the change ticket, if the summary is not provided by BMC Database Automation.

Default User configuration group for BMC Database Automation ITSM Integration

The following table lists Default User configuration items.

Configuration Item

Description

Platform

Name of the authentication platform. For example, BMC_AR_System.

Schema

BMC Remedy ITSM Schema used for user identification. For example, CTM: People.

Adapter

Name of the adapter configured in CDP for user authentication. For example, ARS Actor Adapter.

Authentication_Query_ Mappings

The mappings used in the authentication query. Do not modify this field. The field is populated by the information provided in the other fields of this configuration group.

<mappings> <person-id type="int">Person ID</person-id>
<first-name type="string">First Name</first-name>
<last-name type="string">Last Name</last-name>
<company type="int">Company</company>
<login-id type="string">Remedy Login ID</login-id>
</mappings>

Version

Version of ITSM used for user authentication.

Username

User name to authenticate. Use the same name you entered when you created the BMC Remedy ITSM user account on _Creating and configuring BMC Remedy ITSM user accounts for continuous compliance use cases. For example, orchestrationuser or ccsuser.

Runbook Defaults configuration group for BMC Database Automation ITSM Integration

The values in the Runbook Default configuration items must match the values of the component template in your BMC Database Automation system. The following table lists these configuration items.

Configuration Item

Description

BDA_Connection_Details

An XML structure that holds the BMC Database Automation Adapter name.

<connection-details>
<adapter-name>BDA</adapter-name>
<timeout>TIMEOUT_IN_SECONDS</timeout>\
</connection-details>

Note: If the BMC Database Automation job takes more than 5 minutes to complete, the process times out. To increase the time-out period, modify the <timeout> parameter.

Date_Format

Date format used to convert BMC Database Automation specific date format to the BMC Remedy ITSM epoch date.

BDA_Locale_Country

Specifies a valid ISO Country Code. This parameter is required only if you specify the BDA_Locale_Language parameter. The code must be upper-case, two-letter code as defined by ISO-3166. For example, use ES for spain, US for United States, and so on.

BDA_Locale_Language

Specifies a valid ISO Language Code. The code must be lower-case, two-letter code as defined by ISO-639. For example, use en for English, es for Spanish, and so on. This parameter is required only if you specify the BDA_Locale_Country parameter.

The Runbook Default items also contains a subfolder for SSL configuration. The following table lists the SSL configuration items.

Configuration Item

Description

Use_Ssl_Certificate

Specifies whether to use an SSL certificate to establish a secure connection.
Set the value of this element to true to automatically install the certificate. The default value is false.

Allow_Unsigned_Certificate

Specifies whether to allow unsigned certificates from trusted zones. The default value is false. Commonly, set the value of this element to true if you are using self-signed SSL certificates. Rarely, on e-commerce sites or military installations, if you need to use signed certificates such as Verisign or Thawte, set the value of this element to false.

Install_Certificate

Specifies whether to install certificates. Set the value of this element to true if you do not need to export the security certificate from the BMC Database Automation server and import it into the cacerts file. The certificate is installed automatically. The default value is false.

Passphrase

Specifies the password of the truststore file. The default value is changeit (the passphrase for cacerts, the local security certificate store).

Warning:
The value of the <passphrase> element is the passphrase for the cacerts certificate stored on the BMC Atrium Orchestrator local peer (CDP or AP) and not the BMC Database Automation target host. Changing the passphrase might destroy your server security environment.

Verify the cacerts passphrase using the following command in UNIX or Linux:
$ /opt/bmc/ao/cdp/jvm/binkeytool -list -keystore /opt/bmc/ao/cdp/jvm/lib/security/cacerts

Keystore_File

Specifies the path to the Java KeyStore (JKS) containing the client certificate. This element is required when signature_mode is set to keystore.

Keystore_Password

Specifies the password of the key contained in JKS. If no key-password is given, keystore-password is used as the key-password.

Alias

Specifies the alias name in the JKS that identifies the Public Key Certificate (PKC), the web server uses to authenticate the client. This element is required when signature_mode is set to keystore.

Private_Key_File

Specifies the file containing the private key used to sign the HTTP Request using the signing algorithm. This element is required when signature_mode is set to key-files. The following formats supported by the adapter:

  • Base64-encoded unencrypted Privacy Enhanced Mail (PEM) format
  • Definite Encoding Rules (DER) format

Certificate_File

Specifies the file containing the X.509 certificate (public key). This element is required when signature_mode is set to key-files. The following formats supported by the adapter:

  • Base64-encoded unencrypted PEM format
  • DER format

private_Key_Data

XML specifying the private key in unencrypted Base64-encoded PEM format. This element is required when signature_mode is set to key-data. For example:

<private-key-data>--BEGIN PRIVATE KEY----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAKomKro6VbW4PeQtUhNzZpSH26vb
BTBtH1r4EjnIv4vnhSyyA62ewpROVNn0SpvjoBFwE88HcX3tXym/zbVgtdPke9K+SYHP6CWdiLqn
........
----END PRIVATE KEY----</private-key-data>

Certificate_Data

XML specifying the X.509 certificate (public key) in unencrypted Base64-encoded PEM format. This element is required when signature_mode is set to key-data. For example:

<certificate-data>--BEGIN CERTIFICATE----
MIICdzCCAeCgAwIBAgIFXseN1xYwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMC
VVMxEzARBgNVBAoTCkFtYXpvbi5jb20xDDAKBgNVBAsTA0FXUzEhMB8GA1UEAxMY
........
----END CERTIFICATE----</certificate-data>

Signature_Mode

An attribute of <signature-properties> element. Specifies the format in which the public (X.509 certificate) and private keys used for signing the HTTP Request are provided. The keys can be provided via JKS or PEM/DER files or unencrypted Base64-encoded PEM format. The valid values are: keystore, key-files, and key-data.

Task Management configuration group for BMC Database ITSM Integration

The following table lists Task Management configuration items.

Configuration Item

Description

Platform

Update the Platform configuration item to match the name of the task platform as seen in the Task Management module configuration (for example, BMC_AR_System).

Operational_Categorization

Update the categorization tiers to match the tiers specified in the task filter.

  • OIC_Tier1: Operator Initiated Change
  • Tier2: BMC Database Automation

Validate BDA Connectivity workflow

The Validate BDA Connectivity workflow in the BMC_Database_Automation_SA-ITSM_Integration module validates the connectivity through the BDA adapter back to the BMC Database Automation application.

The following table describes the input elements required for the workflow:

Validate BDA Connectivity workflow inputs

Input

Description

Required

target

Specifies the target url with the host and port of the URL

Example: http://<bda_host>:port/api/test

Yes

use ssl certificate

Specifies whether to establish a secure connection

If you set this parameter to true, then you must pass all the rest of the input parameters for the workflow too.
Valid values: true, false (default)

No

allow unsigned certificate

Specifies whether to allow unsigned certificates from trusted zones

Set the value of this element to true, if you are using self-signed SSL certificates (a common practice).

On ecommerce sites or military installations, if you need to use signed certificates such as Verisign or Thawte, set the value of this element to false (a rare practice).

Valid values: true, false (default)

No

install certificate

Specifies whether to install certificates

Set the value of this element to true if you do not need to export the security certificate from the BMC Database Automation server and import it into the cacerts file.

The certificate is installed automatically.

Valid values: true, false (default)

No

signature mode

Specifies the format in which the public (X.509 certificate) and private keys used for signing the HTTP Request are provided.

The signature mode is an attribute of the <signature-properties> element

The keys can be provided via Java Keystore (JKS) or PEM/DER files or unencrypted Base64-encoded PEM format.

Valid values: keystore, key-files and key-data

No

certificate data

Provides the XML that specifies the X509 Certificate (Public Key) in unencrypted Base64-encoded PEM format

Example:

<certificate-data>--BEGIN CERTIFICATE---- 
MIICdzCCAeCgAwIBAgIFXseN1xYwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMC 
VVMxEzARBgNVBAoTCkFtYXpvbi5jb20xDDAKBgNVBAsTA0FXUzEhMB8GA1UEAxMY 
........ 
----END CERTIFICATE----</certificate-data>

Conditional; required when the signature mode is 'key-data'

private key data

Provides the XML that specifies the Private Key in an unencrypted Base64-encoded PEM format

Example:

<private-key-data>--BEGIN PRIVATE KEY---- 
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAKomKro6VbW4PeQtUhNzZpSH26vb 
BTBtH1r4EjnIv4vnhSyyA62ewpROVNn0SpvjoBFwE88HcX3tXym/zbVgtdPke9K+SYHP6CWdiLqn 
........ 
----END PRIVATE KEY----</private-key-data>

Conditional; required when the signature mode is 'key-data'

certificate file

Specifies the file containing X509 Certificate (Public Key)

The BDA adapter supports the following formats:

  1. Base64-encoded unencrypted PEM (Privacy Enhanced Mail) format
  2. DER (Definite Encoding Rules) format

Conditional; required when the signature mode is 'key-files'

private key file

Specifies the file containing Private Key used to sign the HTTP Request using the signing algorithm

The BDA adapter supports the following formats:

  1. Base64-encoded unencrypted PEM (Privacy Enhanced Mail) format
  2. DER (Definite Encoding Rules) format

Conditional; required when the signature mode is 'key-files'

keystore password

Specifies the password of the Java Keystore (JKS)

Conditional; required when the signature mode is 'keystore'

alias

Specifies the alias name in the Java Keystore (JKS) that identifies the Public Key Certificate (PKC) that the web server uses to authenticate the client

Conditional; required when the signature mode is 'keystore'

keystore file

Specifies the path to the Java Keystore (JKS) containing the client certificate

Conditional; required when the signature mode is 'keystore'

passphrase

Specifies the password of the truststore file

Default value: changeit (passphrase for cacerts, the local security certificate store)

Warning

  • The value of the <passphrase> element is the passphrase for the cacerts certificate stored on the BMC Atrium Orchestrator local peer (CDP or AP) and not the BMC Database Automation target host.
  • Changing the passphrase can be tricky and might destroy the cacerts security file integrity.

Verify the cacerts passphrase using the following command in UNIX or Linux:

$ /opt/bmc/ao/cdp/jvm/binkeytool -list -keystore /opt/bmc/ao/cdp/jvm/lib/security/cacerts

No


The following table describes the output elements for the workflow:

Validate BDA Connectivity workflow outputs

Input

Description

status

Indicates the status of the workflow

Valid values: 0, 1

Here, 0 indicates that the workflow is executed successfully and 1 indicates a failure

reason

Contains a text message that provides the status of the workflow

Example: AO adapter connected with the BDA application successfully

target

Indicates the target url with the host and port of the URL

Example: https://lnx-atrium-vm01:8087/api/test

Was this page helpful? Yes No Submitting... Thank you

Comments