Migration tool options
You can run the AuthTool by using the following command:
For Windows:
For Linux/UNIX:
The following table describes the command line elements.
Command | Description |
|---|---|
<java> | Specifies the java command. Use of the JRE embedded in the target AO server installation directory is recommended – ${AO_HOME}/jvm/bin/java or ${AO_HOME}/jvm/jre/bin/java depending on the BMC Atrium Orchestrator platform version. |
<java_options> | Specifies the options for the Java virtual machine such as those used to set the size of the heap or set Java system properties. The file pathname of the diagnostic log file (default: ${user.dir}/AuthTool.log) may be changed by specifying -Dauthtool.logfile=<filepath>. A relative path is relative to the current directory (${user.dir}). |
<options> | Specifies zero or more of the options. If no option is specified, --dump is the default. For example, if you want to specify the BMC Atrium Single Sign-On password along with the command, you can use the following sample. "<AO_HOME>\AMREPO\jvm\bin\java" -jar AuthTool.jar --roleMap C:\migration_tool_data\RMNEW.properties --atssoPassword pass:admin123 --import C:\migration_tool_data\AuthorizationExport.xml |
Migration tool options
The following table describes the options that you can use with the AuthTool command.
Option | Description |
|---|---|
--help, -h, -? | Displays the help text |
--verbose, -v | Indicates that verbose output is produced; maybe repeated to produce more verbose output. |
--dump | Default option. Performs a roughly formatted dump of the authentication and authorization information available in the BMC Atrium Orchestrator server. This output is not suitable for import operations and is intended mainly as a diagnostic aid. |
--export <export_file> | Exports the authentication and authorization information available in the AO server to an XML file suitable for use in an import operation. The <export_file> option identifies the file path into which the XML export is written. A relative path is relative to the current directory |
--exportRaw <raw_export_file> | Export the authentication and authorization information available in the AO server as a serialized object graph. This format is not suitable for import operations but may be used as input the the‑‑dump and ‑‑export operations via the ‑‑inRaw option. The <raw_export_file> option identifies the file path into which the raw export is written. A relative path is relative to the current directory. |
--import <export_file> | Imports the authentication and/or authorization information from <export_file> into the current AO server environment. The <export_file> identifies the file path into which an XML export was written (see ‑‑export). The import operation converts the authentication and authorization data as needed for the target AO server environment. A relative path is relative to the current directory. If a value is provided for the --atssoPassword option, users and groups are imported into BMC Atrium Single Sign-On. |
--inRaw <raw_export_file> | Specifies the raw export file to be used as input to the --export or --dump operations. When specified, the AO server environment must match the original source of the data. For example, if dumped from an AO 7.6.03 CDP, it must be processed in an AO 7.6.03 CDP. This enables processing the raw data using the correct Java class files. A relative path is relative to the current directory. |
--dataPassword <password_designator> | Specifies the password used to encrypt sensitive data in the export data file. The value of this option is a password designator. See Password Designator. Sensitive data is encrypted for‑‑export and --exportRaw operations using a 128-bit AES cipher key generated, using a Password-Based Encryption (PBE) scheme, from the password supplied. The same password must be provided for an --import operation using the exported data or a‑‑dump operation using a raw export file as input. The password supplied is not validated; using a different password for an ‑‑import operation or ‑‑dump using a raw export file as input will not result in an error message but will cause sensitive data to be decrypted incorrectly. The default password is changeit. |
--atssoPassword <password_designator> | Specifies the password used for the administrative connection to BMC Atrium single Sign-On used to add users and groups or update group membership. The value of this option is a password designator. If a value for this option is omitted, users and groups are not imported into BMC Atrium single Sign-On. |
--roleMap <role_map_properties_file> | Specifies the Java properties file providing the role names to substituting for built-in and user-defined roles found in the <export_file> during an import operation. A <role_map_properties_file> must be provided if rules from Access Manager written for the built-in roles (ADMIN, USER, GRID_ADMIN, DESIGNER, REPOSITORY_ADMIN) are to be imported. A relative path is relative to the current directory. |
--replaceRules | Enables replacement of existing authorization data (a rule set) in the target CDP or Repository environment. This option must be used with extreme caution -- it will overwrite any existing rules in the environment. This option may be used in circumstances where the target server requires configuration or content transfer that results in loss of imported rules. In cases like this, performing import with --replaceRules after configuration or content transfer will replace the existing (temporary) rules with the rules from the exported environment. |
pass:<password> | Password options accept the following values:
Provides a password in the command line argument. Use of this method is not recommended for environments where the command line may be recorded or otherwise observed. |
file:<file_path> | Identifies a file containing, as the first/only line, the password to use. It is recommended that the file be readable only to the user of the command. A relative path is relative to the current directory. |
prompt | Indicates that a console prompt is issued for the password. This option requires that a console device be connected. |