Agent Restart workflow does not enable parallel monitoring of PATROL Agents with different passwords

Unix or Linux PATROL Agents that have different passwords cannot be parallely monitored with the Agent Restart workflow.

To resolve this issue, you must configure Transport Layer Security (TLS) communication between TrueSight Operations Management and Atrium Orchestrator.

To configure TLS communication

Do the following:

1. Run the following command on the computer where you have installed TrueSight Infrastructure Management to create the TSIM_Server_Certificate.p12 certificate:

   openssl pkcs12 -export -out TSIM_Server_Certificate.p12 -inkey TSIM_Server_Key.key -in TSIM_Server.crt -certfile CAcert.crt

2. On the computer where you have installed Atrium Orchestrator, copy the jssecacerts files from <AO_HOME>/CDP/jvm/lib/security.

3. On the computer where you have installed TrueSight Infrastructure Management, paste the jssecacerts files to the tmp directory, for example, C:/tmp.

4. Run the following command on the computer where you have installedTrueSight Infrastructure Management:

   keytool -importkeystore -deststorepass changeit -destkeypass changeit -deststoretype JKS -destkeystore "C:\Program Files\BMC Software\BAO\CDP\jvm\lib\security\jssecacerts"  -srckeystore TSIM_Server_Certificate.p12 -srcstoretype PKCS12 -srcstorepass password

   On the computer where you have installed TrueSight Infrastructure Management, compress the jssecacerts file and copy it.

5. On the computer where you have installed Atrium Orchestrator, paste the compressed file in <AO_HOME>/CDP/jvm/lib/security.
6. Navigate to the <AO_HOME>/CDP/bin directory, and open the server.sh file.
7. In the JAVA_OPTS variable, add the following option parameters:
   • -DServerKeyStore=<AO_HOME>/CDP/jvm/lib/security/jssecacerts
   • -DServerKeyStorePassword=changeit
   • -DServerTrustStore=<AO_HOME>/CDP/jvm/lib/security/jssecacerts
   • -DServerTrustStorePassword=changeit

   • -Denabledsuites=TLS_RSA_WITH_AES_128_CBC_SHA256



      Click here to view an example of the JAVA_OPTS variable...

     JAVA_OPTS="-server -Xms1024m -Xmx1280m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:MaxPermSize=192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath='$CATALINA_HOME/logs' -XX:+UseConcMarkSweepGC -XX:+DisableExplicitGC -DServerKeyStore=/opt/bmc/BAO/CDP/jvm/lib/security/jssecacerts -DServerKeyStorePassword=changeit -DServerTrustStore=/opt/bmc/BAO/CDP/jvm/lib/security/jssecacerts -DServerTrustStorePassword=changeit -Denabledsuites=TLS_RSA_WITH_AES_128_CBC_SHA256"

8. Restart the AO service.

9. On the computer where you have installed TrueSight Infrastructure Management, add the following entries in the Mcell.dir file:
   
   

   gateway.imcomm            BEMGW               *TLS      <AO_HOSTNAME>:1859
             cell         pncell_<TSIM_HOSTNAME> *TLS      <TSIM_HOSTNAME>:1828

10. On the computer where you have installed the Atrium Orchestrator, add the following entries in the Mcell.dir file:
    
    

    cell         pncell_<TSIM_HOSTNAME> *TLS       <TSIM_HOSTNAME>:1828
             gateway.imcomm            BEMGW               *TLS       <AO_HOST>:1859

11. From the Administrator Console, set the event propagation policy to BEMGW.
12. Verify the connection between TrueSight Infrastructure Management and Atrium Orchestrator by triggering an event manually from the TrueSight console and checking the event details in the Atrium Orchestrator grid.log file. The grid.log file is located at <AO_HOME>\CDP\tomcat\logs.
13.  Apply the Atrium Orchestrator hotfixes. Click here for instructions.

    1. Verify the contents of the hotfix files. The hotfix contains two files with the following contents:

       • T&R.rar file
         This file contains three .roar files, the hotifix T&R.rar file, and the following screenshots:
         • Configured adapters
         • Adapters added to the grid
         • Activated modules on the Module page
         • Entries in the mcell.dir file on Atrium Orchestrator and TrueSight Infrastructure Management
         • The event propagation policy to be set in the Administrator Console

       • AOraor.zip file
         This file contains all .roar files

    2. Login to BMC Atrium Orchestrator Grid Manager.

    3. Navigate to Application > Repository Manager.
    4. Click Upload and import all the attached .roar files.
    5. Navigate to Application > Grid Manager > Manage > Modules.
    6. Select the updated version of Triage-SA-and-Remediation and click Activate.
    7. Navigate to Application > Grid Manager > Manage > Adapters.

    8. Select the updated version of the TrueSight actor adapter and select one of the following options:

       • Select Upgrade Adapters on Grid if the adapter is already configured.

       • Select Add to Grid to configure the adapter.

    9. Navigate to Application > Grid Manager > Manage > Adapters.
    10. Edit the adapter configuration and change the encryption key value to TLS.
14.  Create an mrl file to trigger the Atrium Orchestrator action on the TrueSight Presentation Server. Click here for instructions.

    1. Copy the attached triage.mrl file asnd save it at $MCELL_HOME/etc/kb/rules directory.
    2. In the $MCELL_HOME/etc/kb/rules/.load file, add the triage file name without the extension.
    3. Compile the cell name by using the following command:
       - mccomp -n CellNam
    4. Reload the KB by using the following command:
       - mcontrol -n CellName reload kb