Professional Documents
Culture Documents
Uempty
cover
IBM Training
E
T
T
All files and material for this course (TOS41, IBM Tivoli Netcool Configuration Manager 6.4 Advanced Features) are IBM
copyright property covered by the following copyright notice.
Copyright IBM Corp. 2013. All Rights Reserved.
US Government Users Restricted Rights: Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide.
Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the
web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml.
Trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.
IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the
Office of Government Commerce.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and
Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries,
or both.
ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the
U.S. Patent and Trademark Office.
E
T
T
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used
under license therefrom.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and
other countries.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the
completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or
implied. In addition, this information is based on IBMs current product plans and strategy, which are subject to change by IBM without
notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other
materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations
from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM
software.
References in this publication to IBM products, programs, or services do not imply that they will be available in all countries in which IBM
operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBMs sole discretion
based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by
you will result in any specific sales, revenue growth, savings or other results.
Contents
1 Network Service Manager exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Exercise 1. Reviewing VLAN command sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Exercise 2. Importing the data center switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Exercise 3. Giving group rights to use the NSM interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Exercise 4. Submitting GET calls to the interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Exercise 5. Reviewing a service template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Exercise 6. Installing the service template into NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Exercise 7. Running the service definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Exercise 8. Removing the service definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
E
T
T
49
49
51
54
56
66
69
70
73
78
Student Exercises
iii
Contents
149
162
162
170
E
T
T
iv
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
E
T
T
1. Start VMware workstation by double-clicking the VMware Workstation icon on the desktop of
the host operating system.
3. Find the file named Clone of ISJ07.vmx. Select the file and click Open.
E
T
T
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
1 Network Service Manager exercises
Uempty
5. After the server starts, log in with the user name netcool and password object00.
6. Open a terminal window. Right-click the desktop and click Open In Terminal.
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
E
T
T
Note: You might get an Unable to communicate with Database message from the GUI. If that
happens, wait about 10 seconds and try the itncm.sh command again.
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
1 Network Service Manager exercises
Uempty
8. Start the second virtual machine that hosts a lab of virtual routers. From VMware Workstation,
click File > Open.
9. Find the file named SLES11SP1-32.vmx. Select the file, and click Open.
E
T
T
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
10. Start the GNS3 image. Click Power on this virtual machine.
E
T
T
11. After the virtual machine starts, log in with the user name root and password object00.
12. On the desktop, double-click the NSMDataCenter-lab icon to start the GNS3 simulator.
This action opens the GNS3 user interface with a predefined lab that is used in these exercises.
13. Click the green start button in the GNS3 toolbar to start the simulation.
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
1 Network Service Manager exercises
Uempty
E
T
T
The images are now ready for you to begin the lab exercises.
14. Return to the TOS41 virtual machine.
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Introduction
In any cloud solution that is enabled in the data center, the services that are provided must have
access to the network. Deploying these solutions means that information must traverse the network
from client to server in a secure manner such that unauthorized users are prevented from
accessing resources. To secure these resources, the physical and virtual network devices must be
configured to enable this segmentation. The automation of these cloud services for quick
establishment and tear-down must include elements to configure these network devices as part of
the overall business process.
In the following lab exercises, you learn about the Network Service Manager (NSM.) NSM is feature
of the Tivoli Netcool Configuration Manager that extends the current Java application programming
interface (API) with a REST (representation state transfer) interface that uses HTTP as its
underlying architecture. This interface allows the use of GET, POST, and DELETE actions by using
HTTP URI (universal resource identifiers) and XML documents as inputs and outputs. NSM allows
a northbound application to use simple HTTP calls to retrieve device and realm information,
synchronize and retrieve configuration data from a device, and run services to change its state.
E
T
T
To introduce you to the NSM solution, you use a REST plug-in to Mozilla Firefox to submit GET,
POST, and DELETE requests to the interface. In a true integration, the northbound application
software handles these requests and data manipulation tasks.
In these lab exercises, you are like a northbound application that is part of a cloud provisioning
solution. This solution is automating the creation and removal of virtual machines from a series of
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
1 Network Service Manager exercises
Introduction
Uempty
ESX servers. Review the following the diagram and bullet points for information about the solution.
You use the NSM interface to automate the provisioning of the physical switch in the data center.
VM3
VM1
VM2
VM1
ESX Server 3
VM2
ESX Server 2
VM1
ESX Server 1
99
78
99
34
78
22
VLANS
E
T
T
Port-channel 1
Port-channel 2
Port-channel 3
PHYSICAL SWITCH
There are three ESX servers in the data center rack. Each ESX server has four physical network
interface cards (NIC) to support the many virtual servers that are hosted on each physical server. In
this rack is a physical switch. By using a logical grouping of four ports from each server into a
port-channel, you share the bandwidth across all four of those ports. There is a one-to-one
relationship between the port-channel number and ESX server number.
As new virtual machines are added and removed; for example, adding VM1 on ESX Server 3, the
physical switch is configured to add a VLAN to support the new customer. For example, VLAN 22 is
created and added to Port-Channel 3.
Important: You must be familiar with the Tivoli Netcool Configuration Management software.
You must understand command sets and how to run them.
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
E
T
T
2. Log in to the Tivoli Netcool Configuration Manager application by double-clicking the ITNCM
Base icon.
3. When the login window opens, enter the user name engineer and the password object00.
Click Login.
10
V7.0
1 Network Service Manager exercises
Exercise 1. Reviewing VLAN command sets
Uempty
4. In the Resource Browser, browse to the ITNCM > DataCenter > ServiceCommandSets realm
and select it. The realm has six command sets.
5. Right-click the VLANAddCustomer command set and select Edit. This action opens the
command set and displays the commands that are submitted to the device.
E
T
T
6. Review the text in the command set and note the items that are shown in the following example.
Close the editor after you complete your review.
11
The following strings are parameters that you must define at run time:
$CUSTOMER-VLAN-ID$ = a VLAN ID number 1 - 1001
$CUSTOMER-NAME$ = a description to add to the interface
$IP-ADDRESS$ = the gateway address for the devices in the VLAN
$SUBNET-MASK$ = the subnet mask for the devices in the VLAN
$CHANNEL-NUMBER$ = the port-channel to add to the VLAN to
The command set creates a VLAN interface with a customer-specific VLAN-ID, a description,
and network information. It also adds this new VLAN to the correct port-channel interface based
on which ESX Server the virtual server is defined on.
E
T
T
7. Right-click VLANDeleteCustomer and select Edit. This action opens the command set and
displays the commands that are submitted to the device.
8. Review the text in the command set and note the items that are shown in the following example.
Close the editor after you complete your review.
12
V7.0
1 Network Service Manager exercises
Exercise 2. Importing the data center switch
Uempty
The command set has similar parameters to the previous command set. This command set
removes the VLAN from the specified port-channel interface. It also deletes the specific VLAN
interface by deleting its subcommands and then the interface itself.
E
T
T
13
4. In the Enter Network Resource window, enter the host name DC-RACK01-SWITCH. Click
Next.
E
T
T
14
V7.0
1 Network Service Manager exercises
Exercise 2. Importing the data center switch
Uempty
5. Leave the default settings on the Password Override, Execution Priority, and Schedule
Work by clicking Next on each window. Enter a description in the Describe Work pane and
click Finish.
E
T
T
6. Select the Work Currently Executing queue and monitor the progress of the unit of work.
The execution creates two units of work: Run Autodiscovery and Import Configuration. Select
the Work That is Finished queue to see the completed units of work. Switching between these
15
views refreshes the display. Two completed units of work are in the Work That is Finished
queue. These units of work must be green before you start the next exercise.
E
T
T
16
V7.0
1 Network Service Manager exercises
Exercise 3. Giving group rights to use the NSM interface
Uempty
E
T
T
1. In the TOS41 VM, open the Firefox browser, type the following web location, and press Enter:
http://omnihost:7001
17
2. Enter the user name administrator and the password object00, and click Login.
E
T
T
18
V7.0
1 Network Service Manager exercises
Exercise 4. Submitting GET calls to the interface
Uempty
6. Move the Service Management and Service Template Management activities from the
Activities list to the Authorized To list.
E
T
T
7. Click Save to save the changes to the group. You might have to scroll down to see the Save
button.
19
Note: In the NSM interface, you can select realms, devices, and services. You use only a small
subset of these calls in these examples. To see the complete list of supported commands, go to
the Tivoli Documentation Central web page at the following address:
https://www.ibm.com/developerworks/wikis/display/tivolidoccentral/Home
Find Tivoli Netcool Configuration Manager, and select the latest version 6.4 documentation. Under
the subtopic Reference, you find the Network Services Manager REST API Reference. In the
Understanding the Network Service Manager URIs section, you find the details of all the calls
that you can make to the NSM interface.
Note: To find the REST plug-in that is used for these exercises, search the Internet for
RESTClient.
E
T
T
1. Switch to the GNS3 VM to access the newer version of Firefox that is required for this lab.
20
V7.0
1 Network Service Manager exercises
Exercise 4. Submitting GET calls to the interface
Uempty
3. To access the REST utility, click the small red icon in the upper right of the Firefox browser. A
new tab opens inside the browser.
E
T
T
Authentication credentials are associated with the HTTP calls that are made to the NSM interface.
These credentials are used to access the server.
4. Add authentication credentials by selecting Authentication > Basic Authentication.
21
E
T
T
7. Use the NSM to retrieve a listing of realms by performing the following steps:
a. Ensure that the method is set to GET. Type into the URL field the following text and click
SEND:
http://omnihost:7001/nsm/realm
At the bottom of the Firefox window, (you might need to scroll down) is a response from the
server. The Response Headers tab is displayed, and a Status Code of 200 OK means the
22
V7.0
1 Network Service Manager exercises
Exercise 4. Submitting GET calls to the interface
Uempty
E
T
T
b. Click the Response Body (RAW) tab and note the information that the NSM service
returns. The response is an XML document.
c. Click the Response Body (Highlight) tab and view a structured view of the XML data that
is returned from NSM. Review its contents. This data is a listing of all the realms that the
23
E
T
T
a. To retrieve the devices that the user engineer can access, type the following address in the
URL field and click SEND:
http://omnihost:7001/nsm/device
24
V7.0
1 Network Service Manager exercises
Exercise 4. Submitting GET calls to the interface
Uempty
b. On the Response Body (Highlight) tab in the browser, scroll down and find the host
DC-RACK01-SWITCH that you imported. Note the ID for the device and record it for later
use.
E
T
T
Important: The ID number that is associated to the device is created at import time. Note this ID
because you use it later to submit a service against this device.
c. Type the following address in the URL field, and click SEND:
http://omnihost:7001/nsm/device/<ID>
d. View the data in the Response Body (Highlight) tab. Scroll down and notice the following
pieces of information that are returned from the NSM server:
Vendor, Type, Model, and Operating System of the device
25
E
T
T
a. To retrieve the current native configuration of a device, type the following address in the
URL field and click SEND:
http://omnihost:7001/nsm/device/<ID>/currentnativeconfiguration
26
V7.0
1 Network Service Manager exercises
Exercise 4. Submitting GET calls to the interface
Uempty
b. View the data in the Response Body (Highlight) tab. Scroll down and view the device
configuration.
E
T
T
a. To retrieve all available services on the server, enter the following address in the URL field
and click SEND:
http://omnihost:7001/nsm/servicetemplate
b. Notice the two service templates that are returned when you view the results in the
Response Body (Highlight) tab.
Service templates can be vendor-specific and might be applicable only to certain types of devices.
27
c. Type the following address in the URL field to return the templates that can be applied to the
DC-RACK01-SWITCH:
http://omnihost:7001/nsm/servicetemplate/deviceid/<ID>
d. Notice in the Response Body (Highlight) tab that only one of the two service templates is
returned. Only one is returned because the other template is designed for a different vendor.
E
T
T
28
Rules that define the vendor, type, model, and operating system that it can be applied to
A series of one or more command sets or extractions that are applied to a device to
CREATE or DELETE a service
V7.0
1 Network Service Manager exercises
Exercise 5. Reviewing a service template
Uempty
Note: An extraction is a tool that searches the configuration of a device and retrieves data based
on the defined search criteria.
1. In the TOS41 virtual machine, open a terminal and enter the following command:
cd /home/netcool/nsm
E
T
T
29
In the gedit window, you see the XML file that defines a service template.
E
T
T
3. Review this document to understand its structure. Perform the following steps:
a. Note the name and description of the service template.
30
V7.0
1 Network Service Manager exercises
Exercise 5. Reviewing a service template
Uempty
b. Note the five parameters that are defined. These parameter names align with the two native
command sets that were reviewed earlier.
E
T
T
c. Scroll down and note the <implementations> portion of the XML tree. Ensure that there is
a single implementation and that it has a rule that filters on Cisco / Router / * / *.
Below the rules is the <serviceOperations> tree with a CREATE and a DELETE operation.
Each operation calls a different command set.
31
E
T
T
Note: After reviewing this XML file, you see how the service template links to command sets.
When this service is enabled in the next step, you use it to CREATE a service. By creating a
service, you run a command set to add VLAN commands to a device. Later, you DELETE that
service. This action runs a different command set to remove the specific VLAN information that
was added to create the service.
32
V7.0
1 Network Service Manager exercises
Exercise 6. Installing the service template into NSM
Uempty
E
T
T
2. Display a listing of the files in this directory with the following command:
ls -la
You use the command-line utility nsmadmin.sh to run several actions that manage service
templates. The following actions are included:
33
E
T
T
34
V7.0
1 Network Service Manager exercises
Exercise 7. Running the service definition
Uempty
5. Switch to the GNS3 virtual machine and use the RestClient to check the newly installed service
template. Enter the following URL and note the ID of the VLAN_MANAGEMENT service
template:
http://omnihost:7001/nsm/servicetemplate
6. View the Response Body (Highlight) tab. Note the VLAN_MANAGEMENT service template
and its associated ID number. Note the ID number. This value is used in Exercise 7, "Running
the service definition".
E
T
T
35
numbering scheme aligns the ESX server number to the correct port-channel number on the switch
in the data center.
VM1
VM2
VM1
99
78
99
34
78
22
Server/Port-channel number
VM3
ESX Server 3
VM2
ESX Server 2
VM1
ESX Server 1
VLANS
E
T
T
Port-channel 1
Port-channel 2
Port-channel 3
PHYSICAL SWITCH
In this exercise, you CREATE a new service for a new customer and then DELETE that service
when it is no longer needed. To activate a service with the Network Service Manager, you need the
following information, which you noted in Exercise 6, "Installing the service template into NSM",
Step 6:
The Device ID
The values for the parameter data that you submit to the template
To create the service, you must go to the Mozilla browser that is in the GNS3 virtual machine.
To complete this exercise, perform the following steps:
1. Switch to the GNS3 VM. Open the Firefox browser, and start the RESTClient interface if it is not
already available.
36
V7.0
1 Network Service Manager exercises
Exercise 7. Running the service definition
Uempty
Next, you retrieve a copy of the service template that aligns with the device that you want to apply it
to. Then, you can see which parameter values are required for creating your service.
2. Enter the following address into the URL field of the RESTClient and click SEND:
http://omnihost:7001/nsm/servicetemplate/<service-ID>/deviceid/<device-id>
In the Response Body (Highlight) tab, you see the template ID, device ID, and a list of all the
relevant parameters that are required to submit a service. This list is useful information when
you initially design your application to interact with NSM.
E
T
T
You use the previous template information to now POST (or create) a service. A POST statement
was saved in the RESTClient to prevent potential typing errors. To POST a service, you tell NSM
that you want to create a service and then define a body statement. The body statement is the
template that you retrieved with the defined parameter values. You must place parameter values in
the XML document where there are no defined values.
37
3. Click the Favorite Requests menu in the RESTClient, and select Add Customer VLAN.
You can now see that the following information was added to the interface:
38
A body reflects the previous template and includes values for the parameters.
E
T
T
V7.0
1 Network Service Manager exercises
Exercise 7. Running the service definition
Uempty
4. Modify the template ID and the deviceID values to reflect the IDs that you noted in Exercise 6,
"Installing the service template into NSM", Step 6.
E
T
T
7. Change the Method to GET, and add the service ID to the URL. Click Send.
39
8. Note the result in the Response Body (Highlight). The NSM interface reports the status of the
command set application. Occasionally, resend the same GET command until you receive a
success message.
E
T
T
9. Switch to the TOS41 virtual machine and look at the work in the Work That is Finished queue
for the engineer user. Note the two new units of work. You might have to refresh the window if
you are already in that view.
40
V7.0
1 Network Service Manager exercises
Exercise 7. Running the service definition
Uempty
10. Right-click the unit of work that is the Request Type Service and click Log.
11. Note the details in the log about the creation and execution of the service.
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
41
12. Browse to the DC-RACK01-SWITCH, select it, and look at the Configurations tab. Note the
new configuration that is associated with the device.
13. Press the Ctrl key and select both configurations. Right-click them and select Show
Differences.
E
T
T
42
V7.0
1 Network Service Manager exercises
Exercise 7. Running the service definition
Uempty
15. Note the changes to the configuration with the application of the new service.
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
43
E
T
T
44
V7.0
1 Network Service Manager exercises
Exercise 8. Removing the service definition
Uempty
On the Response Body (Highlight), you see that the status is Deleting.
4. Return to the TOS41 virtual machine. As the engineer user, look at the Work Currently
Executing queue to notice the Service unit of work and a new Native Command Set
execution. Refresh this queue until the units of work finish.
E
T
T
45
6. Compare the Imported Configuration with the Native command set Modified Configuration
(VLANDeleteCustomer) by selecting the two configurations, right-clicking them, and selecting
Show Differences.
E
T
T
The configuration is restored to its previous state (that is, there are no differences).
8. Close the differences window.
46
V7.0
1 Network Service Manager exercises
Exercise 8. Removing the service definition
Uempty
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
47
E
T
T
Build simple command sets that use the included JavaScript classes
JavaScript is used with native command sets inside IBM Tivoli Netcool Configuration Manager.
There are two different types of native command sets:
Configuration Change: This type of native command set uses the standard configuration
change workflow that is configured by the resource access document. By default, this workflow
includes checking the configuration with the database, applying the change, and then retrieving
the final configuration to store in the database as the new current configuration for the device.
Interrogative: This native command set type assumes that you seek only the retrieval of
information from the device and want to append that data to the Unit of Work log. It does not
check the configuration before it is applied, nor does it retrieve it after the change is applied.
The main focus of these exercises is to use the JavaScript classes that are developed for IBM Tivoli
Netcool Configuration Manager.
Important: You create several JavaScript command sets in the exercises for this chapter. The
content for each of these scripts is saved in text files in the
/home/netcool/ClassFiles/JavaExamples/ directory of the TOS41 image.
48
V7.0
2 Native command sets with JavaScript exercises
Exercise setup
Uempty
Exercise setup
These exercises use a different network simulation. Use the following steps to open the
TNCMTraining-lab1.net simulation.
E
T
T
b. Close the NSMDataCenter-lab window. If you are prompted to save the current topology,
click No.
49
A lab is displayed in the GNS3 interface that has three routers that are connected to a single
switch.
E
T
T
3. Start the virtual lab by clicking the green arrow at the top of the GNS3 window.
50
V7.0
2 Native command sets with JavaScript exercises
Exercise 1. Enabling Java packages
Uempty
The red nodes turn to green when the routers start. After the nodes turn green, they begin their
initialization process and are available for use in about one minute. The simulator is now ready
to use.
E
T
T
In this exercise, you configure IBM Tivoli Netcool Configuration Manager to allow the Java
packages and classes that the script example uses. These security features enable the use of Java
classes and packages for use in JavaScript. There are two separate properties where you define a
comma-delimited list of allowed packages and classes. When you run JavaScript and a Java class
or package is accessed, it checks to see whether the classes or packages are allowed. If they are
not, an error is generated and noted in the task log.
51
E
T
T
52
V7.0
2 Native command sets with JavaScript exercises
Exercise 1. Enabling Java packages
Uempty
b. Click Tools > System Properties at the top of the user interface window.
E
T
T
c. Scroll down to the Scripting - Packages allowed in a script property. Enter java.lang into
the Value field. Click Update.
53
E
T
T
A Configuration Synchronization wizard opens. In the Select Network Resources window, you
see that all thee devices are selected in the right pane.
2. Click Next.
3. Accept the default values in the Configure Failure window. Click Next.
4. Accept the default values in the Password Override window. Click Next.
5. Accept the default values in the Execution Priority window. Click Next.
54
V7.0
2 Native command sets with JavaScript exercises
Exercise 2. Synchronizing devices
Uempty
7. Leave the Schedule Work option set to the default value of Immediate. Click Next.
8. Type a description in the Describe Work field. Click Finish.
9. Close the confirmation window and browse to the Work Currently Executing queue in the
Queue Manager. Click the refresh icon every 10 - 20 seconds to refresh the view. After the unit
of work is no longer in the Work Currently Executing queue, select Work That is Finished
and verify that it completed successfully.
E
T
T
55
Important: The unit of work must complete successfully before you can proceed to the following
exercises. If it is not successful, try the following options:
If the unit of work returns with a partial success and one or two of the devices failed to
synchronize, requeue the unit of work and try it again before further troubleshooting.
Ensure that the GNS3 virtual machine has the GNS3 application running and the lab is started.
If the GNS3 application is running, go to the TOS41 virtual machine and manually telnet to one
of the routers. Open a terminal session and telnet to 10.191.101.71. If you get a Cisco login
prompt, then the IBM Tivoli Netcool Configuration Manager server can connect to the routers.
Investigate the unit of work log by right-clicking it and viewing the log.
If you cannot connect to the router from the TOS41 image, then either the host operating
system was not placed in promiscuous mode or the interfaces are incorrectly configured.
E
T
T
56
V7.0
2 Native command sets with JavaScript exercises
Exercise 3. Creating a simple JavaScript native command set
Uempty
This exercise uses the send method to apply a trivial change to a Cisco router and review its
results. Perform the following steps:
1. Create a native command set in the customer_AA realm. Select the customer_AA realm, and
then click File > New > Native Command Set.
2. Enter the following values in the Name, and the Vendor, Type, Model, and OS (VTMOS) fields.
E
T
T
3. After the native command set is created, right-click it and select Edit.
After the native command set opens, you must determine the type of native command set to create.
Because you apply a change to the device, you must select Configuration Change, which is the
57
default value. This type of native command set ensures that configurations are checked before the
change, and synchronized after it.
Begin defining the JavaScript. A key aspect of defining this type of native command set is using the
//#js tag in the first line of the native command set. This tag indicates to IBM Tivoli Netcool
Configuration Manager that the following text is JavaScript and not device syntax.
4. Type //#js.
E
T
T
5. Define the execute() function. You must pass into the execute function the scriptLogger,
deviceInterface, systemInterface classes. Type the following characters:
//#js
function execute(scriptLogger,deviceInterface,systemInterface){
return true;
}
Notice the location of the curly brackets and the parentheses. Another important aspect of this
function is that it returns true. The workflow requires that the execute function returns a true or
false response.
Note: The three classes scriptLogger, deviceInterface, and systemInterface must all be
passed in to the execute() function in the correct order as part of the Java implementation. This
implementation is the one that you are currently using for scripting. Each class is described in
upcoming exercises.
58
V7.0
2 Native command sets with JavaScript exercises
Exercise 3. Creating a simple JavaScript native command set
Uempty
In this next step, you define the commands that are submitted to the device. You use the
deviceInterface.send method to submit strings to the device that the native command set is
applied to.
6. Add the following commands to the native command set and save it. You can also cut and paste
commands into the native command set.
//#js
function execute(scriptLogger,deviceInterface,systemInterface){
deviceInterface.send("config t");
deviceInterface.send("int FastEthernet1/0");
deviceInterface.send("desc This is an Interface Description");
deviceInterface.send("\x1A");
return true;
}
When you are done, close the command set.
E
T
T
Important: Even though you use a Configuration Change native command set type, the
workflow does not place you into the configuration mode automatically. You must explicitly enter
and exit the configuration mode for the workflow to run correctly. Notice the config t step to place
you into the Cisco configuration mode and the \x1A step, which exits the configuration mode. The
\x1A is the ASCII characters for a CTRL-Z, which for a Cisco device, exits you completely from
configuration mode.
59
7. Run this command set against the AA-03-ROUTER-3640 router. Select both the command set
and the device while you press the Ctrl key. Select both items, right-click them, and select
Apply Native Command Set.
E
T
T
8. Because you selected both a device and the command set (conveniently because they are in
the same realm), you can click Next in each window of the wizard until you reach the Describe
Work window. Type a description in the window and click Finished.
9. Browse to the Work Currently Executing queue and monitor the unit of work progress by
clicking the refresh icon until the unit of work leaves the queue. When it is done, select the
Work That is Finished queue. Determine that the unit of work is successful.
10. Select the completed unit of work and right-click it. Click Log.
60
V7.0
2 Native command sets with JavaScript exercises
Exercise 3. Creating a simple JavaScript native command set
Uempty
11. Double-click the device to view the Work log. Scroll down past halfway and notice the log
messages. Each command and its results are highlighted in the following example. The last
command, which was the CTRL-Z character, is not recorded.
E
T
T
Note: If the script failed, a Mozilla error is captured in the unit of work log. If that is the case,
carefully check the syntax that you typed into the command set. Verify that you have curly
brackets and parentheses in the correct locations. Also, carefully check that the quotation marks in
the commands are of the correct type. Rerun the command set if there are problems.
61
12. As a final check, open the current configuration of the device that the unit of work was
processed on and look at the description on the FastEthernet 1/0 interface.
E
T
T
In the next step, you add parameter markup to the native command set.
13. Return to the native command set that was created, right-click it, and select Edit.
62
V7.0
2 Native command sets with JavaScript exercises
Exercise 3. Creating a simple JavaScript native command set
Uempty
14. When the command set editor opens, use the $ delimiters that are used in a typical native
command set to denote a parameter. The description parameter has a default argument that is
defined with the equal sign (=) character. Save your changes to this command set.
//#js
function execute(scriptLogger,deviceInterface,systemInterface){
deviceInterface.send("config t");
deviceInterface.send("int $int_type$ $int_number$");
deviceInterface.send("desc $int_description=This is a description$");
deviceInterface.send("\x1A");
return true;
}
E
T
T
15. Select the newly saved native command set and the device AA-03-ROUTER-3640 with the Ctrl
key. Select both items, right-click them, and select Apply Native Command Set. This time, you
are prompted to enter parameters. Click Next when you reach the first Enter Parameters
window.
63
16. Enter the following values. Ensure that the spelling of the parameter values is correct.
int_number = 0/0
int_type = FastEthernet
int_description = <enter any text>
E
T
T
17. Click Next through the remaining windows of the wizard and submit the Unit of Work. The
parameters are replaced by the user-supplied data before the JavaScript is processed. Browse
to the Work That is Finished or Work Currently Executing queue and refresh the view until
64
V7.0
2 Native command sets with JavaScript exercises
Exercise 3. Creating a simple JavaScript native command set
Uempty
the unit of work is finished. Review the log and verify that the commands are processed
successfully. Review the current configuration on AA-03-ROUTER-3640 to note the changes.
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
65
E
T
T
2. Right-click the copy of the command set and click Rename. Enter
JavaScript-add-description-with-logging as the name.
66
V7.0
2 Native command sets with JavaScript exercises
Exercise 4. Adding logging messages to JavaScript and capturing errors
Uempty
3. Edit this copied command set with the new commands noted in the following example. You
added a variable that called cmdResp because the deviceInterface.send method returns a
response from the device. You associate that response to the cmdResp variable and then
include it in the unit of work log. You can cut and paste the following commands into the native
command set. Save these changes.
//#js
function execute(scriptLogger,deviceInterface,systemInterface){
var cmdResp = "";
scriptLogger.info("------ Begin the JavaScript Execution ------")
cmdResp = deviceInterface.send("config t");
scriptLogger.info("+++++The response from the device is: " + cmdResp +
"+++++");
cmdResp = deviceInterface.send("int $int_type$ $int_number$");
scriptLogger.info("+++++The response from the device is:" + cmdResp +
"+++++");
cmdResp = deviceInterface.send("desc $int_description=This is a
description$");
scriptLogger.info("+++++The response from the device is:" + cmdResp +
"+++++");
cmdResp = deviceInterface.send("\x1A");
scriptLogger.info("+++++The response from the device is:" + cmdResp +
"+++++");
scriptLogger.info("------ End the JavaScript Execution ------")
return true;
}
E
T
T
67
4. Select the new native command set and the device AA-01-ROUTER-3640. Right-click them
and select Apply Native Command Set. When you are prompted for parameter values, enter
the following text:
int_number = 1/0
int_type = FastEthernet
int_description = This is a logging description
5. Complete the final steps to submit the unit of work. Follow its progress in the Queue Manager.
6. When the unit of work is complete, review the unit of work log and note the following changes
that are highlighted in this example. As you can see, the responses that the scriptLogger
captures (the strings between the +++++ marks) contain both what is sent to the device and
what is returned.
E
T
T
68
V7.0
2 Native command sets with JavaScript exercises
Exercise 4. Adding logging messages to JavaScript and capturing errors
Uempty Creating
7. Rerun the native command set to cause an intentional failure. Select the AA-01-ROUTER-3640
router and the command set. Right-click them and select Apply Native Command Set. When
you are prompted to fill out the parameters, use the following values:
int_number = 1/0
int_type = Serial
int_description = This is a description that will fail
8. Complete the final steps to submit the unit of work. Follow its progress in the Queue Manager.
The device does not have a serial interface and cannot configure a description on one.
9. After the unit of work is complete, review the unit of work log and notice the error that the invalid
command causes.
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
69
The key idea is that errors inside a JavaScript call do not pass into the unit of work and task log.
E
T
T
70
V7.0
2 Native command sets with JavaScript exercises
Exercise 4. Adding logging messages to JavaScript and capturing errors
Uempty
E
T
T
71
E
T
T
72
V7.0
2 Native command sets with JavaScript exercises
Exercise 4. Adding logging messages to JavaScript and capturing errors
Uempty Capturing
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
73
To improve error detection, you use the behavior that causes the deviceInterface.send method to
return an empty string upon encountering a device error. For example, in the previous unit of work,
nothing was returned when the int Serial 1/0 command was sent to the device.
E
T
T
14. Using the empty string response, you check each command application to see whether it was
successful. If not successful, immediately drop it into the catch block. Create a copy of the
JavaScript-add-description-with-try-catch native command set and rename it to
JavaScript-add-description-with-error-checks. Edit it by using the following script. Note the
following aspects of this script:
74
This script uses the other scriptLogger method called error. To use the error method, a Java
error type instead of JavaScript error type must be defined. That method is the reason for
V7.0
2 Native command sets with JavaScript exercises
Exercise 4. Adding logging messages to JavaScript and capturing errors
Uempty
importing the java.langException class and casting the JavaScript error into a Java error
inside the catch block.
//#js
function execute(scriptLogger,deviceInterface,systemInterface){
importClass(java.lang.Exception);
var cmdResp = "";
try {
scriptLogger.info("------ Begin the JavaScript Execution ------");
cmdResp = deviceInterface.send("config t");
scriptLogger.info("+++++The response from the device is: " + cmdResp +
"+++++");
if (cmdResp == "") {
throw (new Error("Device response was empty, possible config t
error"));
}
cmdResp = null;
cmdResp = deviceInterface.send("int $int_type$ $int_number$");
scriptLogger.info("+++++The response from the device is:" + cmdResp +
"+++++");
if (cmdResp == "") {
throw (new Error("Device response was empty, possible interface
error"));
}
cmdResp = null;
cmdResp = deviceInterface.send("desc $int_description=This is a
description$");
scriptLogger.info("+++++The response from the device is:" + cmdResp +
"+++++");
if (cmdResp == "") {
throw (new Error("Device response was empty, possible description
error"));
}
cmdResp = null;
cmdResp = deviceInterface.send("\x1A");
scriptLogger.info("+++++The response from the device is:" + cmdResp +
"+++++");
if (cmdResp == "") {
throw (new Error("Device response was empty, possible exit error"));
}
scriptLogger.info("------ End the JavaScript Execution ------");
return true;
} catch(e) {
E
T
T
75
E
T
T
15. Apply the JavaScript-add-description-with-error-checks native command set on the
AA-01-ROUTER-3640 router with values that cause the unit of work to fail. When prompted to
fill out the parameters, use the following values:
int_number = 1/0
int_type = Serial
int_description = This is a description that will fail
When the unit of work is complete, the unit of work failed.
76
V7.0
2 Native command sets with JavaScript exercises
Exercise 4. Adding logging messages to JavaScript and capturing errors
Uempty
16. Review the unit of work log and note the error that is caused by the invalid command and the
error message that it generated.
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
77
E
T
T
This exercise uses the executeSystemCommand method to process a ping statement for testing
the assignment of loopback addresses on individual routers. The concept is that a loopback
address is applied to a router. Before applying the change, the address is pinged to see whether it
is already assigned to another device. If the ping is successful, then the command set script is
failed. This example also uses the responseRegExp argument to search for a specific string in the
response.
Perform the following steps:
1. Create a simple script that pings an IP address four times. Name the script ping-script.sh and
save it in the /home/netcool/ClassFiles/Scripts/ directory. Change permissions on the file to
allow the script to be executable.
a. Change to the /home/netcool/ClassFiles/Scripts/ directory.
cd /home/netcool/ClassFiles/Scripts/
b. Use vi to create a text file named ping-script.sh.
vi ping-script.sh
c. Add the following lines in the file. Save and quit the file.
#!/bin/sh
/bin/ping -c 4 $1
d. Change permissions on the ping-script.sh file to allow the script to be executable.
chmod 777 ping-script.sh
78
V7.0
2 Native command sets with JavaScript exercises
Exercise 5. Using system commands in scripts
Uempty
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
79
script with the checksum value that you received from the tool. Some lines in the example are
wrapped to fit the page. Use the following script:
//#js
function execute(scriptAuditLogger,deviceInterface,systemInterface){
importClass(java.lang.Exception);
var cmdResp = "";
try {
scriptAuditLogger.info("------ Begin the JavaScript Execution ------");
cmdResp = systemInterface.executeSystemCommand("/bin/sh",
"-c",
"/home/netcool/ClassFiles/Scripts/ping-script.sh $ip-address=10.191.101.73$",
"0ac2c6ece0c0a16bfbfa0a9425aba2873e8e9a0281e88049067e28554e1ede86");
scriptAuditLogger.info("\n------ BEGIN OUTPUT OF SYSTEM COMMAND ------\n\n"
+ cmdResp +
"\n ------ END OUTPUT OF SYSTEM COMMAND ------\n");
scriptAuditLogger.info("------ End the JavaScript Execution ------");
return true;
} catch(e) {
var excep = new java.lang.Exception(e.message);
scriptAuditLogger.error("Error occurred sending script commands to
device", excep);
scriptAuditLogger.info("------ End the JavaScript Execution with Error
------");
return false;
}
}
E
T
T
80
V7.0
2 Native command sets with JavaScript exercises
Exercise 5. Using system commands in scripts
Uempty
E
T
T
Notice the arguments that are in the executeSystemCommand method. The first argument is
the shell to use for the system command, and the second argument is for the shell. The third
argument is the command to be processed on the worker server, and the fourth is the
checksum value. The command runs as the user who started the IBM Tivoli Netcool
Configuration Manager server processes (typically icosuser or netcool). Also, note the lines that
make the unit of work log more readable. Save the command set when you finish.
4. Apply the JavaScript-add-loopback native command set to the AA-03-ROUTER-3640 by
using the default loopback-IP address. When the unit of work is finished, note the unit of work
log and the ping results.
81
5. Determine how the command set responds to the ping results. In this example, if a ping is
successful, then the IP address is in use and makes it an unacceptable address for a loopback.
If you receive a successful ping, then the script must exit at that point and not move forward
with the creation of the loopback interface. The successful response from the device is as
follows:
PING 10.191.101.73 (10.191.101.73) 56(84) bytes
64 bytes from 10.191.101.73: icmp_seq=1 ttl=255
64 bytes from 10.191.101.73: icmp_seq=2 ttl=255
64 bytes from 10.191.101.73: icmp_seq=3 ttl=255
64 bytes from 10.191.101.73: icmp_seq=4 ttl=255
of data.
time=4.98
time=7.91
time=6.26
time=4.13
ms
ms
ms
ms
--- 10.191.101.73 ping statistics --4 packets transmitted, 4 received, 0% packet loss, time 3012ms
rtt min/avg/max/mdev = 4.133/5.823/7.911/1.424 ms
E
T
T
If you search through this text, you can see the number of packets received. If the number of
packets is 1 - 4 (because only four packets are sent), then a device responded to the ping.
However, this action assumes that IP address is pingable. Two other situations when the IP
address is not pingable are as follows:
PING 192.168.10.55 (192.168.10.55) 56(84) bytes of data.
--- 192.168.10.55 ping statistics --4 packets transmitted, 0 received, 100% packet loss, time 3000ms
and
bytes of data.
Host Unreachable
Host Unreachable
Host Unreachable
--- 192.168.12.17 ping statistics --4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2999ms
pipe 3
Both of these situations responded with 0 received.
In this situation, you design the search to look for 1 or more packets received. Using this idea, you
can generate the following regular expression to search through the returned text:
([1-4] received)
If this regular expression matches the data that is returned from the system command, then the unit
of work task must be failed immediately.
82
V7.0
2 Native command sets with JavaScript exercises
Exercise 5. Using system commands in scripts
Uempty
Important: Your responsibility is to determine all realistic failure scenarios and have the script
account for them.
6. Modify the JavaScript-add-loopback native command set to include the regular expression
argument for the executeSystemCommand method.
//#js
function execute(scriptLogger,deviceInterface,systemInterface){
importClass(java.lang.Exception);
var cmdResp = "";
try {
scriptLogger.info("------ Begin the JavaScript Execution ------");
cmdResp = systemInterface.executeSystemCommand("/bin/bash","-c",
"/bin/ping -c 4 $loopback-IP=192.168.10.17$","([1-4] received)");
scriptLogger.info("\n+++++ Begin system response ++++++\n"
+ cmdResp +
"\n+++++ End system response +++++");
scriptLogger.info("------ End the JavaScript Execution ------");
return true;
} catch(e) {
var excep = new java.lang.Exception(e.message);
scriptLogger.error("Error occurred sending script commands to device",
excep);
scriptLogger.info("------ End the JavaScript Execution with Error
------");
return false;
}
}
E
T
T
83
second address does not return a ping. After they are both complete, review the unit of work
logs.
E
T
T
As you can see with these two logs, if a match is made with the system output, the match is
captured in the log. However, if no match is made, a null is returned.
Using these two different results, you can use an IF block to apply the loopback interface when a
null is returned from the executeSystemCommand. If a non-null result is returned, then the unit of
work fails with a message that the IP address is in use. The script in Step 8 uses this IF block.
84
V7.0
2 Native command sets with JavaScript exercises
Exercise 5. Using system commands in scripts
Uempty
8. Modify the JavaScript-add-loopback native command set with the following script. Notice that
this script is like the examples in previous exercises. Copy and paste the following script into
the command set:
//#js
function execute(scriptAuditLogger,deviceInterface,systemInterface){
importClass(java.lang.Exception);
var cmdResp = "";
try {
scriptAuditLogger.info("------ Begin the JavaScript Execution ------");
cmdResp = systemInterface.executeSystemCommand("/bin/sh",
"-c",
"/home/netcool/ClassFiles/Scripts/ping-script.sh $ip-address=10.191.101.73$",
"([1-4] received)",
E
T
T
"0ac2c6ece0c0a16bfbfa0a9425aba2873e8e9a0281e88049067e28554e1ede86");
scriptAuditLogger.info("\n------ BEGIN OUTPUT OF SYSTEM COMMAND ------\n\n"
+ cmdResp +
"\n ------ END OUTPUT OF SYSTEM COMMAND ------\n");
if (cmdResp == null) {
cmdResp = deviceInterface.send("config t");
if (cmdResp == "") {
throw (new Error("Device response was empty, possible config t
error"));
}
cmdResp = null;
cmdResp = deviceInterface.send("int loopback 0");
if (cmdResp == "") {
throw (new Error("Device response was empty, possible interface
error"));
}
cmdResp = null;
cmdResp = deviceInterface.send("ip address
$ip-address=10.191.101.73$ $subnet-mask=255.255.255.255$");
if (cmdResp == "") {
throw (new Error("Device response was empty, possible ip address
error"));
}
cmdResp = null;
cmdResp = deviceInterface.send("\x1A");
if (cmdResp == "") {
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
85
E
T
T
Note: This script includes a copy run start command after exiting the configuration mode. This
step is required because the JavaScript process preempts typical configuration change application
steps that include the saving of the running configuration. The script includes two carriage returns
to indicate that the command is interactive. Submitting a copy run start command verifies
whether the startup configuration can be overwritten.
86
V7.0
2 Native command sets with JavaScript exercises
Exercise 5. Using system commands in scripts
Uempty
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
87
The second unit of work is successful because IP address 192.168.10.55 is not in use.
E
T
T
88
V7.0
2 Native command sets with JavaScript exercises
Exercise 5. Using system commands in scripts
Uempty
10. Review the device configuration of AA-03-ROUTER-3640 after the second unit of work is
finished. The loopback interface is configured with an IP address.
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
89
E
T
T
Definitions: A definition can use JavaScript to determine whether a device is compliant or not.
Like a traditional definition that interrogates a configuration either through regular expressions
or XPaths, the JavaScript definition returns a true or false based on its analysis of the device.
The analysis is not limited to the configuration of a device but can use external data sources to
ensure compliance.
In these lab exercises, you develop these JavaScript structures. You do not learn how to use
JavaScript; you use an external testing utility for easier JavaScript development.
90
V7.0
3 JavaScript compliance exercises
Exercise setup
Uempty
Exercise setup
These exercises use a different network simulation. Use the following steps to open the
RouterSim-lab1.net simulation.
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
91
b. Close the TNCMTraining-lab1.net window. If you are prompted to save the current topology,
click No.
E
T
T
92
V7.0
3 JavaScript compliance exercises
Exercise setup
Uempty
E
T
T
3. Start the virtual lab by clicking the green arrow at the top of the GNS3 window. The red nodes
turn to green when the routers start. After the nodes turn green, they begin their initialization
process and are available for use in about one minute. The simulator is now ready to use.
93
E
T
T
Local parameter: A local parameter is one that is local to a running process. A local parameter
can have only one value. When a policy has a local parameter defined, the value can be
different for every process that has that policy defined in it. For example, the syslog server
policy has different values between core and edge networks. If there is a core process and
edge process that is configured in Compliance Manager, each parameter can be addressed
differently.
Global parameter: A global parameter is a value that is defined for a policy realm. A global
parameter can have only one value. It is a system-level value and cannot be different between
two running processes. It is also associated to a policy realm. When policy realms are used to
distinguish between customers, you can employ security so that customers can view only their
own parameter values.
Group parameter: A group parameter shares many of the features of a global parameter; that
is, it is a system-level value that is associated to specific policy realms. However, it can have
one or more values that are associated to it. Because it is a list of one or more values, an
evaluation in a definition can be tried one or more times. In this case, the evaluation criteria
supports Match All, Match Any, Match None, Match One, or Match Specific Number. The group
parameter has a user-defined list of values that can change only by modification from an
authorized user.
Extraction: An extraction is somewhat like a group parameter in that it can have one or more
values. An extraction can have a set of matching criteria like the group parameter. However, an
extraction is a parameter that obtains a list of values by analyzing text data and extracting one
or more values from that text with search criteria. It gets its list of values at execution time, and
the list of values might change between each device that is analyzed. The extraction is limited
to evaluating either the configuration of the device (native or modeled) or show commands
from the device.
94
V7.0
3 JavaScript compliance exercises
Exercise 1. JavaScript parameter example
Uempty
Script parameter: A JavaScript parameter is like an extraction parameter in the following ways:
It can use the Match All, Match Any, Match None, Match One, or Match Specific Number
criteria when implemented in an evaluation.
The list of values it generates is defined at run time when a policy analyzes the device.
The JavaScript parameter is unique in that it has the flexibility to access both internal and
external resources that are associated with the device being analyzed. With JavaScript, you
can access both external databases and applications, and internal data like the device
configuration. A JavaScript parameter returns either a single item or a list of items.
A JavaScript parameter has these requirements:
The function must return either a single value or an ArrayList of values (not an array).
E
T
T
In this exercise, you compare the loopback address that is configured in the device configuration
with the address in a database of record. The database of record is a table that has management
data for each device, like the following example.
You use a JavaScript parameter to access this database and retrieve the defined loopback
address. You then use that value to compare it against the loopback addresses that are configured
on the device. If the database entry does not match the device configuration, then the device is
considered noncompliant. The script that you use in the parameter is created for you.
Perform the following steps:
1. View the contents of the script to understand how it works.
a. Change to the /home/netcool/ClassFiles/JavaExamples directory.
cd /home/netcool/ClassFiles/JavaExamples
95
E
T
T
96
V7.0
3 JavaScript compliance exercises
Exercise 1. JavaScript parameter example
Uempty
the loopback address from that row and saves it in the loopbackIP variable. This loopback
address is used in the compliance evaluation. Finally, the script closes output streams.
function calculate(helper){
//importClass(java.util.Properties);
importClass(java.sql.Connection);
importClass(java.sql.DriverManager);
importClass(java.sql.Statement);
//importClass(java.net.URLClassLoader);
//importClass(java.lang.ClassLoader);
//importClass(java.net.URL);
importClass(java.lang.Class);
//importClass(java.lang.Thread);
//importClass(java.util.ArrayList);
//importClass(java.util.AbstractCollection);
importClass(Packages.com.ibm.db2.jcc.DB2Driver);
E
T
T
var dbUrl="jdbc:db2://omnihost:50001/MGMT_IPS";
var user = "db2inst1";
var pw = "object00";
// Load the driver
Class.forName("com.ibm.db2.jcc.DB2Driver");
// Create the connection using the IBM Data Server Driver for JDBC and SQLJ
con = DriverManager.getConnection (dbUrl, user, pw);
// Commit changes manually
con.setAutoCommit(false);
// Create the Statement
stmt = con.createStatement();
var hostname = helper.getDeviceName();
resultSet = stmt.executeQuery("SELECT LOOPBACK FROM DEVICE_MGT_INFORMATION
WHERE HOSTNAME = " + "'" + hostname + "'");
while (resultSet.next()) {
loopbackIP = resultSet.getString("LOOPBACK");
}
{
return loopbackIP;
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
97
E
T
T
98
V7.0
3 JavaScript compliance exercises
Exercise 2. Enabling Java packages and classes
Uempty
2. Allow the following packages. The java.lang package might exist because of a preceding
exercise.
java.sql
java.io
java.lang
com.ibm.db2.jcc
java.util
com.ibm.db2.jcc.t4
com.ibm.db2.jcc.am
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
99
b. Click Tools > System Properties at the top of the user interface window.
E
T
T
c. Scroll down to the Scripting - Packages allowed in a script property. Enter the following
package names, separated by a comma, into the Value field. Click Update and leave the
System properties window open.
java.sql,java.io,java.lang,com.ibm.db2.jcc,java.util,com.ibm.db2.jcc.t4,com.ibm.db2.j
cc.am
100
V7.0
3 JavaScript compliance exercises
Exercise 3. Creating the script parameter
Uempty
b. Click Close.
E
T
T
101
2. When the login window opens, enter the user name shemp and the password object00. Click
Login.
E
T
T
102
V7.0
3 JavaScript compliance exercises
Exercise 3. Creating the script parameter
Uempty
b. Click the Script Parameters tab in the Parameter Administration window. Click New.
E
T
T
103
E
T
T
d. Click Validate Syntax to ensure that the script content is correctly formatted. Verify that you
see the following message. Click OK to close the message.
104
V7.0
3 JavaScript compliance exercises
Exercise 4. Using the script parameter in a policy
Uempty
E
T
T
4. Click the X in the upper right to close the Parameter Administration window. Leave the user
interface open.
105
match. You are not concerned which loopback interface has the address; only that one is
configured. You use a modeled definition in this exercise to ensure that the address is configured.
1. To create a modeled definition, click Create > Definition in the user interface.
2. After the Definition wizard opens, add the following data to the fields:
E
T
T
Description: This definition checks the configuration for a loopback IP that matches the
DEVICE_MGT_INFORMATION database address
106
V7.0
3 JavaScript compliance exercises
Exercise 4. Using the script parameter in a policy
Uempty
4. Select a Vendor, Type, Model, and OS (VTMOS) of cisco, router, 3640, *12.4* (scroll to the
bottom of the list). Click Retrieve Model. Notice that the command schema for this specific
device is presented.
E
T
T
In these steps, you build the command or commands that you are searching for in the configuration.
You use this schema to help build an XPath. XPath is the industry standard tool for searching XML
documents, which is the format of a modeled configuration.
5. Scroll down to the interface node in this tree and open the folder. Scroll down this list of
interfaces and open the Loopback* node. The interfaces are in alphabetical order.
107
E
T
T
A new window opens where you can add details to the Loopback interface arguments. There
are three arguments available:
You are interested only in entering a variable into the IP address field.
108
V7.0
3 JavaScript compliance exercises
Exercise 4. Using the script parameter in a policy
Uempty
E
T
T
9. Insert the script parameter into the Argument field. Select Script Parameter from the list and
click Insert Parameter.
109
10. Select the mgtLoopbackAddress parameter that you created earlier. Click OK.
E
T
T
Important:
110
V7.0
3 JavaScript compliance exercises
Exercise 4. Using the script parameter in a policy
Uempty
12. Modify the Test Conditions so that the Match Criteria is set to Match Any. Click Finish. You
return to the main Definition window and view your evaluation in the Evaluation List. After
noting the format, click Next.
E
T
T
13. Save the definition in the USISA policy realm, and click Finish.
111
E
T
T
Note: In the previous step, you created a modeled definition. You could have created a CLI
definition. However, a modeled definition is preferred here because of the ease of relating the
JavaScript parameter and its IP address to a loopback interface. Because the XPath that was
created had a loopback address type defined in it, you are assured that only loopback interfaces
are analyzed. You must encode extra steps in a CLI definition to ensure that you check only
loopback addresses. Also, you selected Match Any for the Test Conditions. This criteria is selected
because devices can have multiple loopback interfaces defined. For this analysis, having one of
the loopback interfaces with the correct address is sufficient.
After you create the definition, you create a rule. The rule is where you determine whether the
device is compliant or noncompliant based on the search results of the definition.
14. Create a rule by selecting Create > Rule.
112
V7.0
3 JavaScript compliance exercises
Exercise 4. Using the script parameter in a policy
Uempty
15. When the rule wizard starts, provide a name and a description for the rule.
Also, you can select filters that ensure that the rule is applied only to the correct vendor, type,
model, and operating system. In this case, select Cisco as the vendor. Click Next.
E
T
T
16. Build a logic diagram that determines the state of the device when the definition returns a true
or false from its search. Drag the Start icon onto the worksheet. Drag the Definition icon onto
113
the worksheet. You are prompted to select a definition. Select the check for correct loopback
IP definition, and click OK.
E
T
T
17. Drag the Compliant icon and place it to the right of the Definition icon, because a definition
that returns true means that the device is compliant. Drag the Non Compliant icon onto the
worksheet and place it under the Definition icon. In the Select Action window, select No
Action. Click OK.
18. Connect all these objects together to define the logic flow when the definition returns a true or
false answer. Click the white dot from the Start icon and connect it to the top dot on the
Definition icon. Click the T dot on the Definition icon and connect it to the dot on the
114
V7.0
3 JavaScript compliance exercises
Exercise 4. Using the script parameter in a policy
Uempty
Compliant icon. Connect the F dot on the Definition icon to the No Action dot. After you
complete the three connections, click Next.
E
T
T
19. To save the rule, select USISA and click Finish. You see the new rule.
115
20. To complete the policy structure, you must create a policy and associate the rule to it. Create a
policy by selecting Create > Policy.
E
T
T
116
V7.0
3 JavaScript compliance exercises
Exercise 4. Using the script parameter in a policy
Uempty
b. Find the recently created rule in the USISA realm and associate it to this policy.
c. Click Next.
E
T
T
You can configure compliance to send emails and notifications if devices are noncompliant.
22. For this exercise, keep the default of No Action and click Next.
117
23. Save the policy in the USISA policy realm and click Finish.
E
T
T
a. Click the Execution tab. Click the By Policy object. Click the USISA realm.
118
V7.0
3 JavaScript compliance exercises
Exercise 5. Running the new policy
Uempty
b. Click the enable correct loopback address policy. Click Execute. This action starts a
wizard.
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
119
d. Select By Realm. Click Routers to highlight it, and use the arrow icon to add the Routers
realm to the right window. Click Next.
E
T
T
120
V7.0
3 JavaScript compliance exercises
Exercise 5. Running the new policy
Uempty
f.
Click Finish.
E
T
T
2. Click the Refresh button until the Process Execution Summary state is Finished.
121
E
T
T
b. Double-click the results at the bottom of the window. This action takes you to detailed
results.
122
V7.0
3 JavaScript compliance exercises
Exercise 5. Running the new policy
Uempty
c. Look at the list of devices that passed or failed. Double-click one of the devices that passed.
E
T
T
d. Look at the detailed results for the device at the bottom of the window. Click the Evaluation
1 object. Notice that the script parameter returned the loopback address from the database.
The device is compliant because the same loopback address is in the device configuration.
123
e. Double-click one of the devices that failed. Click the Evaluation 1 object. Notice that the
script parameter returned the loopback address from the database. The device is not
compliant because that loopback address is not in the device configuration.
E
T
T
124
V7.0
3 JavaScript compliance exercises
Exercise 6. Optional exercise: external database
Uempty
E
T
T
b. Run the following command to switch to the db2inst1 user. When you are prompted for the
password, type object00.
su - db2inst1
Password:
c. Run the following command to start the DB2 Control Center user interface:
db2cc &
125
E
T
T
126
V7.0
3 JavaScript compliance exercises
Exercise 6. Optional exercise: external database
Uempty
E
T
T
127
E
T
T
In this exercise, you look at the device management drivers that are installed in your environment.
You verify what is installed before you upgrade these drivers. After you install new drivers in a later
exercise, you look at these drivers again to confirm that they are updated.
1. Verify that the following drivers do not exist:
a. Log in to the IBM Tivoli Netcool Configuration Manager user interface. Double-click the
ITNCM Base icon on the desktop.
128
V7.0
4 Driver management exercises
Exercise 1. Verifying current drivers
Uempty
E
T
T
d. Click the Model column to sort the drivers by the device model that they apply to. Scroll
down to the Cisco Nexus switch models. Notice that you have drivers for the 1000 and 4000
series switches, but you do not have drivers for the 7000 series switch.
e. Scroll down to the Cisco CRS series routers. Notice that you have drivers for Cisco CRSx
routers version 3.3.x, but you do not have drivers for version 4.x.
f.
Click the Vendor column to sort the drivers by the vendor that they apply to. Scroll down to
the Juniper devices. Notice that you do not have drivers for Juniper qfabric switches. The
129
qfabric model is listed between the NSxx and the Srx models if it is present.
2. Verify the version and support level for the following drivers:
Perform the following steps to verify the version and support level:
E
T
T
a. Middle-click the columns at the top of the user interface window. Click Support Level to add
that column to the list.
130
V7.0
4 Driver management exercises
Exercise 1. Verifying current drivers
Uempty
c. Click the Model column to sort the drivers by the device model that they apply to. Scroll
down to the Cisco 36xx model routers. Look at the driver version and support level for Cisco
36xx routers with operating system version C36xx-12.4. Notice the driver version
20120910.201211 and the SmartModel support level. This version changes after the driver
upgrade.
d. Look at the driver version and support level for Cisco 36xx routers with operating system
version C3600-IK903S-M-12.2. Notice the driver version 20120910.201211 and the
SmartModel support level. This version changes after the driver upgrade.
E
T
T
e. Scroll down to the Cisco 72xx model routers. Look at the driver version and support level for
Cisco 72xx routers with operating system version C7200-IK9S-M-12.3-12a. Notice the
driver version 20120910.201211 and the SmartModel support level. This version changes
after the driver upgrade.
131
3. Look at the driver checksum value on all IBM Tivoli Netcool Configuration Manager servers.
After you install new drivers in a later exercise, you look at this checksum value again to see
that it changed.
a. Click Systems Manager > Servers. This action shows a list of all IBM Tivoli Netcool
Configuration Manager servers.
E
T
T
b. Middle-click the columns at the top of the user interface window. Click Driver Checksum to
add that column to the list.
c. Drag the Driver Checksum column next to the Server Id column. Look at the value of the
driver checksum for the GUI server and the worker server. Notice the current value. Notice
that the values match on both servers. After you install new drivers in a later exercise, you
look at this checksum value again to see that it changed.
132
V7.0
4 Driver management exercises
Exercise 2. Installing and upgrading drivers
Uempty
4. Look at the devices in the USISA > Routers realm. Notice the icons that represent the devices.
a. Click Resource Browser > ITNCM > USISA > Routers.
E
T
T
b. Look at the icons that represent the devices. You look at these devices again after you
install new drivers.
133
E
T
T
b. Run the following command. Wait a few moments for the servers to stop.
itncm.sh stop
2. Install the new drivers with a package of multiple drivers. This package is for complex devices,
such as large routers and switches. This action installs new drivers for Cisco Nexus 7000 series
switches, Cisco CRS routers version 4.x, and Juniper qfabric switches.
a. Change to the /home/netcool/ClassFiles/Drivers17/ComplexPackage/ directory. Run the
following command:
cd /home/netcool/ClassFiles/Drivers17/ComplexPackage
b. Decompress the ITNCMSmartModelComplex.tar file.
tar -xvf ITNCMSmartModelComplex.tar
c. Run the following command to start the installation program:
sh ./Disk1/InstData/ITNCMDrivers.bin LAX_VM
/opt/IBM/tivoli/netcool/ncm/jre/bin/java -i console
134
V7.0
4 Driver management exercises
Exercise 2. Installing and upgrading drivers
Uempty
All Devices
Cisco Devices
Juniper Devices
Exit Installer
E
T
T
5- Customize...
ENTER THE NUMBER FOR THE INSTALL SET, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
: 1
h. Press Enter to continue after you review the Pre-Installation Summary. The installation
takes approximately 8 - 12 minutes.
PRESS <ENTER> TO CONTINUE:
i.
135
E
T
T
5. Install the individual driver for Cisco 3600 series routers that run operating system version 12.4.
This action upgrades the existing drivers to a more recent version.
a. Run the following command to start the installation program:
sh ./CiscoRouter36xxC36xx124.bin LAX_VM
/opt/IBM/tivoli/netcool/ncm/jre/bin/java -i console
b. Press Enter to continue.
Press Enter to continue viewing the license agreement, or enter "1" to accept
the agreement, "2" to decline it, "3" to print it, or "99" to go back to the
previous screen.: 1
d. Press Enter to accept the default path for installation.
6. Install the individual driver for Cisco 7200 series routers that run operating system version 12.3.
This action upgrades the existing drivers to a more recent version.
a. Run the following command to start the installation program:
sh ./CiscoRouter72xxC7200IK9SM12312a.bin LAX_VM
/opt/IBM/tivoli/netcool/ncm/jre/bin/java -i console
136
V7.0
4 Driver management exercises
Exercise 3. Verifying the new drivers
Uempty
E
T
T
7. Start the IBM Tivoli Netcool Configuration Manager presentation and worker servers. Run the
following command. Wait a few moments for the servers to start.
itncm.sh start
8. Upgrade the support level of the new drivers to SmartModel support. Run the following
commands:
cd /opt/IBM/tivoli/netcool/ncm/drivers/bin/
./SmartModelUpgrade.sh -all
In this exercise, you look at the new drivers that you installed and the drivers that you upgraded.
1. Verify that the following drivers are now present in your environment:
137
E
T
T
138
V7.0
4 Driver management exercises
Exercise 3. Verifying the new drivers
Uempty
d. Add the Support Level column if it is not already present. Middle-click the columns at the top
of the user interface window. Click Support Level to add that column to the list.
f.
E
T
T
Click the Model column to sort the drivers by the device model that they apply to. Scroll
down to the Cisco Nexus switch models. You now have drivers for Cisco Nexus 7000 series
switches. They are at the SmartModel support level.
g. Scroll down to the Cisco CRS series routers. You now have drivers for Cisco CRSx routers
version 4.x. They are at the SmartModel support level.
139
h. Click the Vendor column to sort the drivers by the vendor that they apply to. Scroll down to
the Juniper devices. You now have drivers for Juniper qfabric switches. They are at the
SmartModel support level.
2. Verify the version and support level for the following drivers:
E
T
T
a. Click the Model column to sort the drivers by the device model that they apply to. Scroll
down to the Cisco 36xx model routers. Look at the driver version and support level for Cisco
36xx routers with operating system version C36xx-12.4. Notice the new driver version
20130223.62211 and the SmartModel support level. The older version of the driver is also
present.
b. Look at the driver version and support level for Cisco 36xx routers with operating system
version C3600-IK903S-M-12.2. Notice the new driver version 20130223.62211 and the
SmartModel support level. The older version of the driver is also present.
c. Scroll down to the Cisco 72xx model routers. Look at the driver version and support level for
Cisco 72xx routers with operating system version C7200-IK9S-M-12.3-12a. Notice the new
140
V7.0
4 Driver management exercises
Exercise 3. Verifying the new drivers
Uempty
driver version 20130223.62211 and the SmartModel support level. The older version of the
driver is also present.
3. Look at the driver checksum value on all IBM Tivoli Netcool Configuration Manager servers.
After you installed new drivers, this checksum value changed.
a. Click Systems Manager > Servers.
E
T
T
b. Add the Driver Checksum column if it is not there. Middle-click the columns at the top of the
user interface window. Click Driver Checksum to add that column to the list.
141
c. Drag the Driver Checksum column next to the Server Id column. Look at the value of the
driver checksum for the GUI server and the worker server. The current value is different
from when you looked at in a previous exercise; the values match on both servers.
E
T
T
1. Look at the devices in the USISA > Routers realm. The icons that represent the devices
changed.
a. Click Resource Browser > ITNCM > USISA > Routers.
142
V7.0
4 Driver management exercises
Exercise 4. Using the updated drivers
Uempty
b. Look at the icons that represent the devices. These icons now have an orange arrow beside
them. The orange arrow means that there is a more recent driver version available for the
device.
E
T
T
a. Press and hold the Shift key to select all the devices. Right-click the devices and click
Driver Update. This actions starts a wizard.
143
E
T
T
144
V7.0
4 Driver management exercises
Exercise 4. Using the updated drivers
Uempty
E
T
T
f.
Wait a few moments for the driver update to finish. Click the Refresh button.
145
The orange arrows are removed from the device icons because they are now using the
most recent driver available.
E
T
T
146
V7.0
4 Driver management exercises
Exercise 4. Using the updated drivers
Uempty
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
147
E
T
T
When IBM Tivoli Netcool Configuration Manager has no connectivity to devices in an isolated
network segment
For testing compliance policies in a development environment, when the development instance
of IBM Tivoli Netcool Configuration Manager is isolated from the production network
For product demonstrations where no actual devices are available to test with
In this lab, you use the new offline configuration management feature of IBM Tivoli Netcool
Configuration Manager. You import a series of plain text file device configurations into IBM Tivoli
Netcool Configuration Manager and use the compliance manager to analyze the configurations for
violations of industry standard security policies. You also use offline management tools to export
actual devices into offline file sets and clone actual devices into offline devices.
148
V7.0
5 Offline device management exercises
Exercise 1. Importing offline devices
Uempty
Open the IBM Tivoli Netcool Configuration Manager client. This client is the user interface
for the IBM Tivoli Netcool Configuration Manager. You use this tool to work with network
device configurations.
Open the IBM Tivoli Netcool Configuration Manager compliance client. This client is used to
test network devices for policy compliance. You use this tool to inspect network devices and
calculate a compliance score that is based on the results.
E
T
T
a. Log in to the Tivoli Netcool Configuration Manager application by double-clicking the ITNCM
Base icon on the desktop.
b. When the login window opens, enter the user name shemp and the password object00.
Click Login.
c. Log in to the Tivoli Netcool Compliance Manager application by double-clicking the ITNCM
Compliance icon on the desktop.
149
d. When the login window opens, enter the user name shemp and the password object00.
Click Login.
2. Look at the actual devices that are managed by IBM Tivoli Netcool Configuration Manager.
Devices are saved in realms, which are folders that store IBM Tivoli Netcool Configuration
Manager objects.
a. In the IBM Tivoli Netcool Configuration Manager client, click Resource Browser > ITNCM >
USISA > Routers. Look at the devices in this realm. IBM Tivoli Netcool Configuration
Manager connected to these devices and directly imported their configurations.
E
T
T
150
V7.0
5 Offline device management exercises
Exercise 1. Importing offline devices
Uempty
b. Click Resource Browser > ITNCM > Offline-Devices. This realm is empty. You use this
realm when you discover and import the offline devices.
E
T
T
3. Look at the text files to see what is imported. You discover and import devices and their
configurations from plain text files. These text files were obtained from live devices.
a. Open a terminal window if there is not one already open. Right-click the desktop and click
Open in Terminal.
151
c. List the contents of this directory. Look at the name of the four subdirectories. Each of the
four subdirectories represents a device.
ls
access02.dfw.usisa.gov
access04.tpa.usisa.gov
cust304.dfw.usisa.gov
cust55.tpa.usisa.gov
d. Change to the /opt/IBM/tivoli/netcool/ncm/offline/access02.dfw.usisa.gov directory. List
the contents of this directory. The text inside of these two files contains the running
configuration of the access02.dfw.usisa.gov device and other details about the hardware of
the device.
cd access02.dfw.usisa.gov
ls
show_running-config.txt show_version.txt
E
T
T
152
V7.0
5 Offline device management exercises
Exercise 1. Importing offline devices
Uempty
e. Open the file named show_running-config.txt with vi. Look at the contents of this file and
notice the configuration of this device. Close the file after you finish.
vi show_running-config.txt
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname access02.dfw.usisa.gov
!
boot-start-marker
boot-end-marker
...
snmp-server enable traps cnpd
snmp-server enable traps stun
snmp-server enable traps dlsw
snmp-server enable traps bstun
snmp-server enable traps pppoe
snmp-server enable traps ipmobile
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps voice poor-qov
snmp-server enable traps dnis
snmp-server host 10.191.100.1 version 2c public
snmp-server host 10.191.101.50 public
snmp-server host 10.191.100.1 v2c
!
gatekeeper
shutdown
!
E
T
T
153
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
end
f.
Open the file named show_version.txt with vi. Look at the contents of this file and notice
that it contains the output of several commands, including the command show version.
E
T
T
154
V7.0
5 Offline device management exercises
Exercise 1. Importing offline devices
Uempty
E
T
T
155
down
POS1/0
10.10.1.9
POS2/0
10.10.1.6
...
access02.dfw.usisa.gov#show vlan
YES NVRAM up
YES NVRAM up
up
up
Size(b)
129016
-
Free(b)
123394
-
E
T
T
...
access02.dfw.usisa.gov#show snmp
Chassis: 4279256517
Contact: Tivoli
Location: Paris
722 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
...
4. Import the four offline devices with the demoDeviceImport.sh tool. You must run this tool four
times, one time for each device.
a. Change to the /opt/IBM/tivoli/netcool/ncm/ directory.
cd /opt/IBM/tivoli/netcool/ncm
b. Run the following four commands with the following parameters:
User name
Password
156
V7.0
5 Offline device management exercises
Exercise 1. Importing offline devices
Uempty
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
157
The output of the commands is included in the following example. Ignore any errors about
logging.
bin/utils/demoDeviceImport.sh -l shemp -p object00 -r ITNCM/Offline-Devices
-hostname access02.dfw.usisa.gov
INSTALL_DIR=/opt/IBM/tivoli/netcool/ncm
MODE: import
REALM ITNCM/Offline-Devices
Connecting to NCM Presentation server
log4j:WARN No appenders could be found for logger
(org.apache.axis.i18n.ProjectResourceBundle).
log4j:WARN Please initialize the log4j system properly.
Beginning import operation
Importing device access02.dfw.usisa.gov to realm ITNCM/Offline-Devices
Using the following properties for import operation:
- offlinedirectory
=offline
- showversionfilename =show_version.txt
- showrunningfilename =show_running-config.txt
Importing device with the following VTMOS:
- Vendor=Cisco
- Type=Router
- Model=7206VXR
- OS= 12.3(18)
Importing device access02.dfw.usisa.gov
Submitted Import UOW 34 for device: access02.dfw.usisa.gov
Import operation complete
E
T
T
V7.0
5 Offline device management exercises
Exercise 1. Importing offline devices
Uempty
- showversionfilename =show_version.txt
- showrunningfilename =show_running-config.txt
Importing device with the following VTMOS:
- Vendor=Cisco
- Type=Router
- Model=7206VXR
- OS= 12.3(18)
Importing device access04.tpa.usisa.gov
Submitted Import UOW 35 for device: access04.tpa.usisa.gov
Import operation complete
E
T
T
INSTALL_DIR=/opt/IBM/tivoli/netcool/ncm
MODE: import
REALM ITNCM/Offline-Devices
Connecting to NCM Presentation server
log4j:WARN No appenders could be found for logger
(org.apache.axis.i18n.ProjectResourceBundle).
log4j:WARN Please initialize the log4j system properly.
Beginning import operation
Importing device cust304.dfw.usisa.gov to realm ITNCM/Offline-Devices
Using the following properties for import operation:
- offlinedirectory
=offline
- showversionfilename =show_version.txt
- showrunningfilename =show_running-config.txt
Importing device with the following VTMOS:
- Vendor=Cisco
- Type=Router
- Model=3640
- OS= 12.2(32)
Importing device cust304.dfw.usisa.gov
Submitted Import UOW 36 for device: cust304.dfw.usisa.gov
Import operation complete
159
MODE: import
REALM ITNCM/Offline-Devices
Connecting to NCM Presentation server
log4j:WARN No appenders could be found for logger
(org.apache.axis.i18n.ProjectResourceBundle).
log4j:WARN Please initialize the log4j system properly.
Beginning import operation
Importing device cust55.tpa.usisa.gov to realm ITNCM/Offline-Devices
Using the following properties for import operation:
- offlinedirectory
=offline
- showversionfilename =show_version.txt
- showrunningfilename =show_running-config.txt
Importing device with the following VTMOS:
- Vendor=Cisco
- Type=Router
- Model=3640
- OS= 12.2(32)
Importing device cust55.tpa.usisa.gov
Submitted Import UOW 37 for device: cust55.tpa.usisa.gov
Import operation complete
E
T
T
5. Return to the IBM Tivoli Netcool Configuration Manager client and view the imported devices.
a. Click Resource Browser > ITNCM > Offline-Devices. Click the Refresh button. The four
devices were imported.
160
V7.0
5 Offline device management exercises
Exercise 1. Importing offline devices
Uempty
E
T
T
c. View the device configuration. Close the configuration window after you finish. Take time to
look at the other four devices and verify that they were imported correctly.
161
d. Click the access02.dfw.usisa.gov device. Click the Hardware tab. View the details of the
device that were imported from the show_version.txt file. Take time to look at the other
four devices and verify that they were imported correctly. After you finish, leave the IBM
Tivoli Netcool Configuration Manager client open.
E
T
T
162
V7.0
5 Offline device management exercises
Exercise 2. Testing offline devices for policy compliance
Uempty
In this exercise, you run four compliance policies to determine whether the offline devices that you
previously created are compliant. You also run a report to see an overall compliance score for these
new offline devices.
1. Start the Tivoli Integrated Portal server.
a. Return to the terminal window. Run the following command. Wait a few moments for the
Tivoli Integrated Portal server to start.
itnm_start tip
b. Verify that the server is running with the following command.
itnm_status tip
Tivoli Integrated Portal:
Server
RUNNING PID=2034
c. Open the Firefox browser. Double-click the Firefox icon on the desktop.
E
T
T
https://omnihost:16311/ibm/console/logon.jsp
e. Log in to the Tivoli Integrated Portal with the user name shemp and the password object00.
Leave the Tivoli Integrated Portal open.
163
2. Open the IBM Tivoli Netcool Configuration Manager compliance client. Look at the policies in
the Offline_Device_Compliance process.
a. Click the Policy Definitions tab. Click Processes.
E
T
T
b. Expand the USISA folder. Expand the Offline_Device_Compliance process. This process
contains the following four policies:
3.1.09 and 10 disable SNMP community public and private: This policy tests
whether the community strings public and private are configured on the device. These
strings are too simple, and if they are found, the device is not compliant.
3.1.38 disable ip http server: This policy tests whether the http server is enabled on a
device. This http server feature uses clear text passwords and is not secure. If this
feature is enabled on the device, it is not compliant.
3.1.59-2 disable logging console: This policy tests whether log messages are printed
to the device console terminal. This type of logging can make the console terminal of the
device difficult to use. If console logging is enabled on the device, it is not compliant.
3.1.73 and 74 disable directed broadcast: This policy tests whether the device has
interfaces that are configured to use directed broadcasts. Interfaces that allow directed
164
V7.0
5 Offline device management exercises
Exercise 2. Testing offline devices for policy compliance
Uempty
E
T
T
3. Run the Offline_Device_Compliance process to test for compliance on the four offline
devices.
a. Click the Execution tab. Click By Process. Click the USISA folder.
165
c. Click Yes.
E
T
T
e. After the process is finished, select it and notice the results for each of the policies. The
offline devices either failed or passed these policies.
166
V7.0
5 Offline device management exercises
Exercise 2. Testing offline devices for policy compliance
Uempty
f.
Select the policy that is named 3.1.38 disable ip http server. Click the Details button.
g. Notice which devices passed or failed the 3.1.38 disable ip http server policy. Next, you run
a report that shows overall compliance score for these devices.
E
T
T
4. Run a report that shows compliance scores and summaries for these offline devices.
a. Return to the Tivoli Integrated Portal. Click Reporting > Common Reporting.
167
E
T
T
168
V7.0
5 Offline device management exercises
Exercise 2. Testing offline devices for policy compliance
Uempty
d. Select only the ITNCM/Offline-Devices realm. Click Select all in the list of policies. Click
Finish to run the report.
E
T
T
e. Scroll down and view the report. These devices have low compliance scores because none
of them were compliant with the 3.1.09 and 10 disable SNMP community public and
169
private policy. This policy has a much higher weight in the score than the other policies.
After you finish, take some time to run other policy compliance reports.
E
T
T
170
V7.0
5 Offline device management exercises
Exercise 3. Working with offline devices
Uempty
E
T
T
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
171
The output of the commands is included in the following example. Ignore any errors about
logging.
bin/utils/demoDeviceExport.sh -l shemp -p object00 -r ITNCM/USISA/Routers
-hostname WAS-usisa.gov
INSTALL_DIR=/opt/IBM/tivoli/netcool/ncm
MODE: export
REALM ITNCM/USISA/Routers
Connecting to NCM Presentation server
log4j:WARN No appenders could be found for logger
(org.apache.axis.i18n.ProjectResourceBundle).
log4j:WARN Please initialize the log4j system properly.
Beginning export operation
Exporting device WAS-usisa.gov from realm ITNCM/USISA/Routers
Using the following properties for export operation:
- offlinedirectory
=offline
- showversionfilename =show_version.txt
- showrunningfilename =show_running-config.txt
Retrieving configuration info for device
Writing running config to
offline/export/WAS-usisa.gov/show_running-config.txt
Writing show version output to offline/export/WAS-usisa.gov/show_version.txt
Export operation complete
E
T
T
V7.0
5 Offline device management exercises
Exercise 3. Working with offline devices
Uempty
E
T
T
c. List the contents of the WAS-usisa.gov and BRU-CPE-bma.gov directories. Each directory
has two text files: one that contains the running configuration and one that contains the
output of several commands, including the command show version.
ls -R
.:
BRU-CPE-bma.gov WAS-usisa.gov
./BRU-CPE-bma.gov:
show_running-config.txt show_version.txt
./WAS-usisa.gov:
show_running-config.txt show_version.txt
3. Use the demoDeviceCreator.sh tool to clone two devices into offline devices. You must run this
tool two times, one time for each device. The devices that you clone are named LON-usisa.gov
and MOS-usisa.gov. These devices are in the ITNCM/USISA/Routers realm. Name the clones
of these devices LON-usisa.gov-clone and MOS-usisa.gov-clone. Create them in the
ITNCM/Offline-Devices realm.
a. Change to the /opt/IBM/tivoli/netcool/ncm/ directory.
cd /opt/IBM/tivoli/netcool/ncm
Copyright IBM Corp. 2013
Student Exercises
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
173
E
T
T
174
V7.0
5 Offline device management exercises
Exercise 3. Working with offline devices
Uempty
The output of the commands is included in the following example. Ignore any errors about
logging.
bin/utils/demoDeviceCreator.sh -l shemp -p object00 -r ITNCM/USISA/Routers
-hostname LON-usisa.gov -clonerealm ITNCM/Offline-Devices -clonehostname
LON-usisa.gov-clone
INSTALL_DIR=/opt/IBM/tivoli/netcool/ncm
MODE: clone
REALM ITNCM/USISA/Routers
CLONEREALM ITNCM/Offline-Devices
Connecting to NCM Presentation server
log4j:WARN No appenders could be found for logger
(org.apache.axis.i18n.ProjectResourceBundle).
log4j:WARN Please initialize the log4j system properly.
Beginning clone operation
Cloning device LON-usisa.gov in realm ITNCM/USISA/Routers
Clone will be created as LON-usisa.gov-clone in realm ITNCM/Offline-Devices
Importing device LON-usisa.gov-clone
Submitted Import UOW 38 for device: LON-usisa.gov-clone
Clone operation complete
E
T
T
175
c. Return to the IBM Tivoli Netcool Configuration Manager client. Click Resource Browser >
ITNCM > Offline-Devices. Click the Refresh button. Verify that the two new cloned devices
were created.
E
T
T
176
V7.0
More
about Tivoli
Back pa
Uempty
You can find the latest information about IBM Tivoli education offerings online at the following location:
www.ibm.com/software/tivoli/education/
Also, if you have any questions about education offerings, send an email to the appropriate alias for your
region:
Americas: tivamedu@us.ibm.com
Asia Pacific: tivtrainingap@au1.ibm.com
EMEA: tived@uk.ibm.com
Tivoli user groups
You can get even more out of Tivoli software by participating in one of the 91 independently run Tivoli User
Groups around the world. Learn about online and in-person Tivoli User Group opportunities near you at
www.tivoli-ug.org.
Certification
E
T
T
All IBM certifications are based on job roles. They focus on a job a person must do with a product, not just
the products features and functions. Online certification paths are available to guide you through the
process for achieving certification in many IBM Tivoli areas. See ibm.com/tivoli/education for more
information.
Special offer for having taken this course: Now through 31 December 2013: For having completed this
course, you are entitled to a 15% discount on your next examination at any Thomson Prometric testing
center worldwide. Use this special promotion code when registering online or by telephone to receive the
discount: 15CSWR. (This offer might be withdrawn. Check with the testing center.)
E
T
T
Authorized
ibm.com/training
Training