RobPol

Fix Probe Security

Discussion created by RobPol on Jan 16, 2013

Have you ever wiped the security config and had all the probes failing. Changing the IP of a solo hub can be enough. Manualy adding the settings is tedious so I made a pair of scripts. One fetches the probe security from a working domain. The other sets it again in your broken system. The fetcher outputs the data block that you paste into the setter. Of course you won't need the getter if you only have the probes in my list here.

 

~If you run it from nas set the nas perms to super. If you run it from nsa add a nimbus.login line.

 

Get probe security Settings:

-- probe security fetcher

local get_arg = pds.create()
pds.putString (get_arg, "_section", "probes")
local sec,rc = nimbus.request("hub", "hubsec_list", get_arg)

if rc == 0 then
   print "probes = {"
   for _,t in pairs (sec["/probes"]) do
      probe = split(t.__section, "/")
      print ("   ",probe[#probe],' = {"',t.permission,'", "',t.mask,'"},')
   end
   print "}"
else
   print ("error: ",rc)
end

 

Set Probe security

 

-- Set Probe Perms

 

-- The probes variable in purple here is literaly pasted

-- from the output of the above script

probes = {
     sla_engine = {"read", "*"},
     discovery_server = {"admin", "*"},
     qos_processor = {"admin", "*"},
     audit = {"admin", "*"},
     relationship_services = {"admin", "*"},
     discovery_agent = {"admin", "*"},
     dashboard_engine = {"read", "*"},
     HA = {"admin", "*"},
     alarm_enrichment = {"admin", "*"},
     fault_correlation_engine = {"admin", "*"},
     data_engine = {"read", "*"},
     assetmgmt = {"admin", "*"},
     distsrv = {"admin", "*"},
     dap = {"read", "*"},
     wasp = {"write", "*"},
     qos_engine = {"read", "*"},
     cdm = {"write", "*"},
     ump_failover = {"admin", "*"},
     ace = {"admin", "*"},
     httpd = {"admin", "*"},
     nas = {"admin", "*"},
     automated_deployment_engine = {"admin", "*"},
}

for probe, v in pairs (probes) do
   print  (probe," ",v[1]," ",v[2])
   local args = pds.create()
   pds.putString (args, "_section",   "probes")
   pds.putString (args, "_profile",   probe)
   pds.putString (args, "permission", v[1])
   pds.putString (args, "_mask",      v[2])

   -- do it and clean up
   out,rc = nimbus.request("hub", "hubsec_new", args)
   pds.delete (args)

   -- Check the result
  if rc == 0 then
      printf ("Creating acl: %s completed OK", probe)
   else
      printf ("Failure creating acl: %s return code: %d", probe, rc)
   end
end

Outcomes