Run book configuration reference for Continuous Compliance for Database Automation

Platform

Name of the change platform as seen in the Change Management module configuration. For example, BMC_AR_System

Change_Template_Name

Name of the BMC Remedy ITSM change template used to create a change in the target ITSM instance. For example, BMC Database Automation OIC Task Template.

Default_Status

Status of the change when created. The default is Request for change.

Default_Change_Type

Type of change. The default is Change.

Default_Impact

Impact type of the change when created. The default is 4-Minor/Localized.

Default_Risk_Level

Risk level of the change when created. The default is Risk level 2.

Default_Timing

Timing value of the change when created. The default is No impact.

Default_Urgency

Urgency level of the change when created. The default is 3-Medium.

Default_Change_Summary

Default summary used to create the change ticket, if the summary is not provided by BMC Database Automation.

Platform

Name of the authentication platform. For example, BMC_AR_System.

Schema

BMC Remedy ITSM Schema used for user identification. For example, CTM: People.

Adapter

Name of the adapter configured in CDP for user authentication. For example, ARS Actor Adapter.

Authentication_Query_ Mappings

The mappings used in the authentication query. Do not modify this field. The field is populated by the information provided in the other fields of this configuration group.

Version

Version of ITSM used for user authentication.

Username

User name to authenticate. Use the same name you entered when you created the BMC Remedy ITSM user account on _Creating-and-configuring-BMC-Remedy-ITSM-user-accounts-for-continuous-compliance-use-cases. For example, orchestrationuser or ccsuser.

BDA_Connection_Details

An XML structure that holds the BMC Database Automation Adapter name.

Note: If the BMC Database Automation job takes more than 5 minutes to complete, the process times out. To increase the time-out period, modify the <timeout> parameter.

Date_Format

Date format used to convert BMC Database Automation specific date format to the BMC Remedy ITSM epoch date.

BDA_Locale_Country

Specifies a valid ISO Country Code. This parameter is required only if you specify the BDA_Locale_Language parameter. The code must be upper-case, two-letter code as defined by ISO-3166. For example, use ES for spain, US for United States, and so on.

BDA_Locale_Language

Specifies a valid ISO Language Code. The code must be lower-case, two-letter code as defined by ISO-639. For example, use en for English, es for Spanish, and so on. This parameter is required only if you specify the BDA_Locale_Country parameter.

Use_Ssl_Certificate

Specifies whether to use an SSL certificate to establish a secure connection.
Set the value of this element to true to automatically install the certificate. The default value is false.

Allow_Unsigned_Certificate

Specifies whether to allow unsigned certificates from trusted zones. The default value is false. Commonly, set the value of this element to true if you are using self-signed SSL certificates. Rarely, on e-commerce sites or military installations, if you need to use signed certificates such as Verisign or Thawte, set the value of this element to false.

Install_Certificate

Specifies whether to install certificates. Set the value of this element to true if you do not need to export the security certificate from the BMC Database Automation server and import it into the cacerts file. The certificate is installed automatically. The default value is false.

Passphrase

Specifies the password of the truststore file. The default value is changeit (the passphrase for cacerts, the local security certificate store).

Warning:
The value of the <passphrase> element is the passphrase for the cacerts certificate stored on the BMC Atrium Orchestrator local peer (CDP or AP) and not the BMC Database Automation target host. Changing the passphrase might destroy your server security environment.

Verify the cacerts passphrase using the following command in UNIX or Linux:
$ /opt/bmc/ao/cdp/jvm/binkeytool -list -keystore /opt/bmc/ao/cdp/jvm/lib/security/cacerts

Keystore_File

Specifies the path to the Java KeyStore (JKS) containing the client certificate. This element is required when signature_mode is set to keystore.

Keystore_Password

Specifies the password of the key contained in JKS. If no key-password is given, keystore-password is used as the key-password.

Alias

Specifies the alias name in the JKS that identifies the Public Key Certificate (PKC), the web server uses to authenticate the client. This element is required when signature_mode is set to keystore.

Private_Key_File

Specifies the file containing the private key used to sign the HTTP Request using the signing algorithm. This element is required when signature_mode is set to key-files. The following formats supported by the adapter:

• Base64-encoded unencrypted Privacy Enhanced Mail (PEM) format
• Definite Encoding Rules (DER) format

Certificate_File

Specifies the file containing the X.509 certificate (public key). This element is required when signature_mode is set to key-files. The following formats supported by the adapter:

• Base64-encoded unencrypted PEM format
• DER format

private_Key_Data

XML specifying the private key in unencrypted Base64-encoded PEM format. This element is required when signature_mode is set to key-data. For example:

Certificate_Data

XML specifying the X.509 certificate (public key) in unencrypted Base64-encoded PEM format. This element is required when signature_mode is set to key-data. For example:

Signature_Mode

An attribute of <signature-properties> element. Specifies the format in which the public (X.509 certificate) and private keys used for signing the HTTP Request are provided. The keys can be provided via JKS or PEM/DER files or unencrypted Base64-encoded PEM format. The valid values are: keystore, key-files, and key-data.

Platform

Update the Platform configuration item to match the name of the task platform as seen in the Task Management module configuration (for example, BMC_AR_System).

Operational_Categorization

Update the categorization tiers to match the tiers specified in the task filter.

• OIC_Tier1: Operator Initiated Change
• Tier2: BMC Database Automation

target

Specifies the target url with the host and port of the URL

Example: http://<bda_host>:port/api/test

Yes

use ssl certificate

Specifies whether to establish a secure connection

If you set this parameter to true, then you must pass all the rest of the input parameters for the workflow too.
Valid values: true, false (default)

No

allow unsigned certificate

Specifies whether to allow unsigned certificates from trusted zones

Set the value of this element to true, if you are using self-signed SSL certificates (a common practice).

On ecommerce sites or military installations, if you need to use signed certificates such as Verisign or Thawte, set the value of this element to false (a rare practice).

Valid values: true, false (default)

No

install certificate

Specifies whether to install certificates

Set the value of this element to true if you do not need to export the security certificate from the BMC Database Automation server and import it into the cacerts file.

The certificate is installed automatically.

Valid values: true, false (default)

No

signature mode

Specifies the format in which the public (X.509 certificate) and private keys used for signing the HTTP Request are provided.

The signature mode is an attribute of the <signature-properties> element

The keys can be provided via Java Keystore (JKS) or PEM/DER files or unencrypted Base64-encoded PEM format.

Valid values: keystore, key-files and key-data

No

certificate data

Provides the XML that specifies the X509 Certificate (Public Key) in unencrypted Base64-encoded PEM format

Example:

Conditional; required when the signature mode is 'key-data'

private key data

Provides the XML that specifies the Private Key in an unencrypted Base64-encoded PEM format

Example:

Conditional; required when the signature mode is 'key-data'

certificate file

Specifies the file containing X509 Certificate (Public Key)

The BDA adapter supports the following formats:

1. Base64-encoded unencrypted PEM (Privacy Enhanced Mail) format
2. DER (Definite Encoding Rules) format

Conditional; required when the signature mode is 'key-files'

private key file

Specifies the file containing Private Key used to sign the HTTP Request using the signing algorithm

The BDA adapter supports the following formats:

1. Base64-encoded unencrypted PEM (Privacy Enhanced Mail) format
2. DER (Definite Encoding Rules) format

Conditional; required when the signature mode is 'key-files'

keystore password

Specifies the password of the Java Keystore (JKS)

Conditional; required when the signature mode is 'keystore'

alias

Specifies the alias name in the Java Keystore (JKS) that identifies the Public Key Certificate (PKC) that the web server uses to authenticate the client

Conditional; required when the signature mode is 'keystore'

keystore file

Specifies the path to the Java Keystore (JKS) containing the client certificate

Conditional; required when the signature mode is 'keystore'

passphrase

Specifies the password of the truststore file

Default value: changeit (passphrase for cacerts, the local security certificate store)

Verify the cacerts passphrase using the following command in UNIX or Linux:

$ /opt/bmc/ao/cdp/jvm/binkeytool -list -keystore /opt/bmc/ao/cdp/jvm/lib/security/cacerts

No

status

Indicates the status of the workflow

Valid values: 0, 1

Here, 0 indicates that the workflow is executed successfully and 1 indicates a failure

reason

Contains a text message that provides the status of the workflow

Example: AO adapter connected with the BDA application successfully

target

Indicates the target url with the host and port of the URL

Example: https://lnx-atrium-vm01:8087/api/test