The Credential Store module is used to store credentials related to different servers and applications that are targeted for triage and remediation in a secure manner. A new configuration group for the Event Orchestration run book is added, which stores the credentials and maps the hosts with the credentials.
The following table describes the configuration items and values that you can specify for the Credentials Store module.
| | |
|---|
| | Stores the credentials for the datacentre and operating systems. - DatacenterCredentials: Stores database related secure credentials, in a secure manner.
- PatrolAgentCredentials: Stores Patrol agent related secure credentials, in a secure manner.
- WindowsCredentials: Stores credentials for hosts using Windows operating system, in a secure manner.
- UnixCredentials: Stores credentials for hosts using Unix operating system, in a secure manner.
- DatabaseCredentials: Stores credentials for hosts using Unix operating system, in a secure manner.
If new credentials are added, the version of the module shall be activated in the grid for changes to take effect. |
| | Contains the mappings for the hosts used for the Event Orchestration run book. You can update the Infrastructure Mappings based on your requirement. Infrastructure Mappings include information for the following elements: - <datacenters>: Specifies the name of the datacenter in the event. If no datacenter information is available in the event, default datacenter is used.
- <domains>: Specifies the domain name where the event occurs. If no domain information is available in the event, a default domain named "*" is used.
- <component>: Specifies the components in a type/name pairs format. For example, specify the component type as patrol and the name as the host on which the PATROL Angent is running. You can specify the following types of components:
- patrol: Specifies the PATROL Agent running on the target host
- database: Specifies a database instance on the target host
- windows: Specifies the operating system of the target host
- unix: Specifies the operating system on the target host
Child elements of a <component> element: For each component defined in the mapping, you must also specify the following credentials for accessing the component. You can also choose to specify adapter and command options for a component. - <username>: Specifies the username required to log on to the component.
- <password>: Specifies the password that matches the username.
- <invocation-mechanism>: Specifies the ways to invoke workflows. For example, if the component is a Windows computer, you can use windows-command as the invocation mechanism. The Command Line adapter is used. For Unix, the SSH adapter is used to invoke the workflows.
- <ping-mechanism>: Specifies the mechanism to perform typical ping operations. Typically, a ping command can be performed from the local peer by using a command line adapter.
- <adapter-options>: Contains a comma-separated list of options to be passed to the adapter. For example: use-ssl=true, use-unsigned-certiicates=true.
- <command-options>: Contains a comma-separated list of options to be passed to the command. For example: ignore-exit-code=true, prompt=$.
- <url>: Contains the URL whenusing database adapter where the connection mechanism is a JDBC URL.
The following figure shows the default Infrastructure Mappings for the run book.
Click here to view the default Infrastructure Mappings
<mappings>
<datacenters>
<datacenter name="default">
<domains>
<domain name="*">
<component type="patrol" name="*">
<username>patrol</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<adapter-options />
<command-options />
</component>
<component type="patrol" name="clm-aus-009801">
<username>patrol</username>
<password-configuration-name>WindowsCredentials</password-configuration-name>
<invocation-mechanism>windows-command</invocation-mechanism>
<adapter-options />
<command-options />
</component>
<component type="unix" name="*">
<username>root</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="unix" name="u1">
<username>root</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="windows" name="*">
<username>Administrator</username>
<password-configuration-name>WindowsCredentials</password-configuration-name>
<invocation-mechanism>windows-command</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="windows" name="clm-aus-009801">
<username>Administrator</username>
<password-configuration-name>WindowsCredentials</password-configuration-name>
<invocation-mechanism>windows-command</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="unix" name="clm-aus-st3c1b">
<username>root</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="unix" name="clm-aus-021691">
<username>root</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="database" name="oradb1">
<url />
<username>sys</username>
<password-configuration-name>DatabaseCredentials</password-configuration-name>
<invocation-mechanism>sql</invocation-mechanism>
</component>
</domain>
<domain name="bmc.com">
<component type="patrol" name="*">
<username>patrol</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<adapter-options />
<command-options />
</component>
<component type="patrol" name="clm-aus-009801.bmc.com">
<username>patrol</username>
<password-configuration-name>WindowsCredentials</password-configuration-name>
<invocation-mechanism>windows-command</invocation-mechanism>
<adapter-options />
<command-options />
</component>
<component type="unix" name="*">
<username>root</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="unix" name="u1.bmc.com">
<username>root</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="windows" name="*">
<username>Administrator</username>
<password-configuration-name>WindowsCredentials</password-configuration-name>
<invocation-mechanism>windows-command</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="windows" name="clm-aus-009801.bmc.com">
<username>Administrator</username>
<password-configuration-name>WindowsCredentials</password-configuration-name>
<invocation-mechanism>windows-command</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="unix" name="clm-aus-st3c1b.bmc.com">
<username>root</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="unix" name="clm-aus-021691.clm-mgmt.clm.bmc.com">
<username>root</username>
<password-configuration-name>UnixCredentials</password-configuration-name>
<invocation-mechanism>ssh</invocation-mechanism>
<ping-mechanism>command-line</ping-mechanism>
<adapter-options />
<command-options />
</component>
<component type="database" name="oradb1">
<url />
<username>sys</username>
<password-configuration-name>DatabaseCredentials</password-configuration-name>
<invocation-mechanism>sql</invocation-mechanism>
</component>
</domain>
</domains>
</datacenter>
</datacenters>
</mappings> |
| ComponentType
ToOSMappings | Contains the mapping for the operating systems from where events are generated. ComponentTypeToOSMappings <mappings>
<component-type name="NT_SERVICES">windows</component-type>
<component-type name="NUK_Process">unix</component-type>
</mappings> |
Where to go from here
After successfully configuring the Credentials Store Management module, you can now configure the Event Orchestration Configuration module. For more information, see Configuring-the-Event-Orchestration-Configuration-module.