Professional Documents
Culture Documents
2 Administrators Guide
Table of content
Table of content ...................................................................................................................... 2 About iTop .............................................................................................................................. 4 Licensing ................................................................................................................................. 4 Related documentation ........................................................................................................... 5 Installing iTop ......................................................................................................................... 5 Software requirement .......................................................................................................... 5 Hardware requirement ........................................................................................................ 6 Download the iTop package................................................................................................. 6 Install iTop .......................................................................................................................... 6 PHP and MySQL settings .................................................................................................... 12 Changing configuration options ......................................................................................... 13 Ready-only mode .......................................................................................................... 13 Migrating from version 1.0, 1.0.1, 1.0.2 or 1.1 ........................................................................ 13 Migrating from previous version 0.9 ...................................................................................... 14 iTop common usage .............................................................................................................. 14 Starting iTop ...................................................................................................................... 14 Managing users..................................................................................................................... 15 Viewing Profiles................................................................................................................. 16 Viewing users.................................................................................................................... 17 Creating a user.................................................................................................................. 18 Changing a user password ................................................................................................ 20 Managing Organizations ........................................................................................................ 20 Viewing the data model ........................................................................................................ 22 Running Object queries ......................................................................................................... 24 Enter OQL expression in the text area, and click on Evaluate to get the result. .................. 24 Managing Notification ........................................................................................................... 24 Creating an action ............................................................................................................. 25 Creating a trigger .............................................................................................................. 26 iTop Audit ............................................................................................................................. 30 Audit Categories ................................................................................................................ 30 Audit Rules........................................................................................................................ 30 iTop localization .................................................................................................................... 31 Data backup .......................................................................................................................... 31 Background tasks: cron.php .................................................................................................. 32 Scheduling cron.php on Windows ...................................................................................... 32 Scheduling cron.php on Linux/Unix ................................................................................... 32 Parameter file ................................................................................................................... 32 Integrating with other application ......................................................................................... 33 Using iTop from the command line.................................................................................... 33 How to export data out of iTop.......................................................................................... 33 Arguments ........................................................................................................................ 33 Data import and data synchronization............................................................................... 34 Using direct MySQL commands to populate the synchro_data_xxx table ............................ 35 How to specify a list of related objects (link set) .............................................................. 36 Data Source Definition ....................................................................................................... 37 Synchronized Configuration Items ..................................................................................... 37 What is the difference between CSV Import and Data Synchronization? ............................. 38 How to import data in iTop ............................................................................................... 39 Example of script for importing CSV data....................................................................... 42
2
Soap web service for incident ticket creation .................................................................... 43 Example script for creating an Incident: ........................................................................ 43 Soap web service for user request ticket creation ............................................................. 44 Appendix A Configuration parameters ................................................................................. 45 References ............................................................................................................................ 48
About iTop
This document describes release 1.2 of iTop. iTop is a robust Open Source web 2.0 application that will help you to better support your IT. Development of iTop started in March 2006 in order to publish on the internet a completely open solution that would help enterprise to drive ITIL best practices implementation. The goal of the iTop community is to provide an alternative solution to expensive ITIL solutions sold by proprietary software vendors. At the early beginning of the project, the development team was focus on building the most complete CMDB (Configuration Management Data Base). One key objective was to make it as flexible as flexible in order to allow administrator to add and remove configuration items from the data model and manage as many relationships as they want. The development team also designed a powerful state machine that allows defining life cycle for whatever configuration items in the CMDB. Realizing that all concepts developed within the CMDB can be applied to all other ITIL best practices, the iTop community decided to extend them to Incident Management, Change Management and Service Management modules. Then iTop became an IT operational portal that helps all IT management team to support their environment by: Documenting IT infrastructures and their relationships (servers, application, network) Documenting IT incident and planned outages, as well as a known error database Documenting all IT services and contracts with external providers iTop can be used by different type of profiles: Help Desk st nd rd IT support engineers (1 level, 2 level, 3 level ) IT service managers IT managers iTop is relying on Apache/IIS, MySQL and PHP, so it can run on whatever operating system supporting those applications. It had been tested already on Windows, Linux Debian and Redhat (It also runs on Solaris and MacOS X). iTop is a web based application therefore you dont need to deploy client software on each users PC. A simple web browser is enough (IE 8+, FF 3.5+, Chrome or Safari 5+).
Licensing
iTop is licensed under the terms of the GNU General Public License Version 3 as published by the Free Software Foundation. This gives you legal permission to copy, distribute and/or modify iTop under certain conditions. Read the license.txt file in the iTop distribution. iTop is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.
Related documentation
How to Setup LDAP Authentication with iTop iTop Implementation Guide Localizing iTop Customizing iTop 1.0 OQL Reference iTop 1.0 user guide How to migrate from 0.9 to 1.0
Installing iTop
Software requirement
iTop is based on MySQL and PHP (MySQL / PHP), it requires PHP 5.2 and MySQL 5, plus off-course a web server: you can use Apache or IIS. Some old Linux configuration appeared to be very slow when running MySQL in innoDB mode. If its the case, check your MySQL server configuration (/etc/mysql/my.cnf), and try to add the following line: innodb_flush_method = O_DSYNC Optional requirements: For LDAP authentication iTop requires the PHP LDAP module. For strong encryption of passwords iTop requires PHP mcrypt module. Installing the required software on Debian: apt-get install apache2 apt-get install mysql-server apt-get install php5 Installing the required software on Redhat: yum install apache yum install mysql yum install php5
Hardware requirement
Operating System Linux Windows Resource Disk RAM Processor Disk RAM Processor 5 1 1 5 1 1
Minimum screen size should be 1024*768 pixels full screen, but the higher the better.
Install iTop
1. Make sure that you have a properly configured instance of Apache/PHP running 2. Unpack the files contained in the zipped package in a directory served by your web server. 3. Point your web browser to the URL corresponding to the directory were the files have been unpackaged and follow the indications on the screen. For instance http://myserver, or http://myserver/itop/ if you have created a dedicated alias for iTop application As a matter of fact, iTop package provides a step by step wizard to install the application. Step1 is checking all prerequisites for MySQL, PHP and all optional extension. If a prerequisite is missing a yellow bullet will inform you
Figure 1
Figure 2 Step3, you have to enter information to access the MySQL database (server, user and password). MySQL user needs to have root privileges. The data base can be installed either on the same server or can be a remote host if you prefer to have a two tier architecture, or reuse an already installed instance of MySQL.
Figure 3
Step4, once your SQL credentials are checked you can create the database for iTop. You can either choose an existing one, or create a new one. You can also decide to prefix all iTop tables with a given name. This is useful when you want to run several instances of iTop with the same data base.
Figure 4 Step5, you have to select the modules you want to install. The Configuration Management (CMDB) module is mandatory. If you want to use Incident Management, User Request, Problem Management and Change Management modules, you need to install as well the Service Management module and the ticket module.
Figure 5 Step 6 lets you define administrator account for accessing the application. Dont forget user login and password, as they are required to access the application and encrypted in the database. Moreover, you can define the default language for iTop.
Figure 6
Figure 7 Step7 let you configure the address (URL) used by iTop. You can adjust the default value if iTop will be accessed by the end-users from a different address than the one youve used for installing the application. For example you may install iTop by connecting to it locally (i.e. running the web browser directly from the server) by typing http://localhost/itop whereas the end-users will connect to iTop through a specific DNS name, e;g. http://itop.mycompany.com. If its the case, then adjust the address when prompted by the installation. Note: in case you have multiple virtual hosts pointing to iTop ; or you are using a test system running on DHCP and you want to connect anyway from another system, the address of the iTop server cannot be fixed at the installation. In this case you can use the placeholder $_SERVER_NAME_$ in the URL parameter. For example you can type: http://$_SERVER_NAME_/itop as the URL to access the application. At runtime this value will be substituted by the corresponding SERVER_NAME for the current connection. Step8 lets you decide if you want to create sample data for testing purposes. This is very useful first time you install iTop. If you select No, database will be basically empty ready for loading your production data.
Figure 8
10
Figure 9
Figure 10
11
iTop is capable of uploading and storing documents (i.e files) as attachments to various objects (Tickets, CIs). These documents are stored as binary blobs in the iTop database. In order to be able to safely upload and store documents, several settings must be adjusted consistently across PHP and MySQL. In PHP, several variables govern the upload of files: file_uploads upload_tmp_dir Set to 1 to allow file upload, to zero to prevent all file uploads. The temporary location (on the server) were the uploaded files will be stored. Make sure that this parameter points to a location that is accessible (and writable) by the process running the web server (or by the end users in case of IIS with the Windows built-in authentication) and that there is enough space left. The maximum size allowed. The value is expressed in bytes. You can use units like K for kilobytes (=1024 bytes), M for megabytes and G for gigabytes. Example: 4M stands for 4 megabytes. The maximum number of files that can be uploaded simultaneously in a single web page. iTop should normally upload only one file at a time. You can safely use the default value, which is 20. The maximum amount of data that can be sent to the server via a POST request. This value MUST BE bigger than upload_max_filesize, since the same request will contain some more information (the title of the document, an operation code). So its better to put a bigger value here. For example is upload_max_filesize is 4M, then pout 5M for post_max_size. After being uploaded on the server, the file will be read in memory before being stored in the database. Therefore make sure that memory_limit (if enabled) is far bigger than upload_max_filesize. This value defines the maximum time allowed for the server to read its input. This includes the time spent uploading the files. The default of 60 seconds may be exceeded for uploading big files over slow connections.
upload_max_filesize
max_file_uploads
post_max_size
memory_limit
max_input_time
The uploaded files are stored into the MySQL database, each file in one query. Therefore the maximum size allowed for a query MUST BE BIGGER than the maximum size of the uploaded file. This is configured via the variable max_allowed_packet in the my.cnf configuration file (on the MySQL server).
12
upload_max_filesize
php.ini
<
post_max_size
php.ini
<
max_allowed_packet
my.cnf
<
memory_limit
php.ini
Ready-only mode
It is sometimes desirable (while performing some maintenance tasks for example) to make the iTop application read-only. Since version 1.0.2, two parameters can be used to control: whether or not the application is read-only (and for who), which message is displayed when the application is read-only. These 2 parameters are: access_mode and access_message. The parameter access_mode can take one of the following values: Access_mode value Actual value Effect 0 The application is read-only for all users. The ACCESS_READONLY users can browse the application but nothing will be written to the MySQL database. 2 Only administrator users can write into the ACCESS_ADMIN_WRITE database. The application is in read-only mode for all other users. 3 All users can write into the database. This is ACCESS_FULL the default mode. Example:
'access_mode' => ACCESS_ADMIN_WRITE, 'access_message' => for maintenance until 2PM,
Refer to the chapter Appendix A Configuration parameters for the full list of configuration parameters.
Enter the name of the myql server and the iTop database as in the previous configuration. Dont forget the database prefix as well. In doubt, refer to the previous config-itop.php file. - Select the iTop modules to enable (by default all the previously enabled modules are reenabled) - Launch the upgrade. When done, you can archive the folder containing the previous version of iTop and point you main site to the newly upgraded copy.
Figure 9 Once authenticated, the user accesses the main iTop page. The first time you connect you can see the Welcome to iTop popup screen. This popup can be removed for the next time by unchecking Display this message at startup
14
Figure 11 This main page is divided in three parts: The menu on the left (also called explorer menu) contains links to access items from each module (CMDB, Incidents, Changes, Services and contracts) The main frame, on the right, displays list of items from selected module, or the details of a given item. The top frame contains the global search function and the logoff button
Refer to the document iTop user guide for details about how to use the application.
Managing users
ITop provides a user management module allowing you to assign users with one or several predefined profiles. Thus an administrator can restrict the access to iTop, and allow users to modify only the objects they are allowed to. As an administrator, you can also define the actions they are allowed to perform by selecting a combination of profiles for a given user.
15
In the current version of iTop, the profiles are predefined; there is no user interface to modify them or to create new profiles. However, this can be handled directly in the MySQL database.
Viewing Profiles
Use the Admin Tools / Profiles menu to access the profiles, and see their corresponding definitions as shown below:
Figure 12 When you click on a given profile you get the details.
Figure 13 The tab Users, lists all users having this profile. The tab Grant matrix displays all objects and actions allowed for this profile. Default profiles: Profile Administrator Change Approver Description
Has the rights on everything (bypassing any control) Person who could be impacted by some changes.
16
Change Implementor Change Supervisor Configuration Manager Document author Portal user
Person executing the changes. Person responsible for the overall change execution. Person in charge of the documentation of the managed CIs. Any person who could contribute to documentation. Has the rights to access to the user portal. People having this profile will not be allowed to access the standard application; they will be automatically redirected to the user portal. Person analyzing and solving the current problems. Person in charge of creating incident reports. Person responsible for the service delivered to the [internal] customer. Person analyzing and solving the current incidents.
Viewing users
The menu User Accounts under Admin Tools module, enables you to see all logins defined for you iTop instance.
Figure 14 When you click on a user you get the following details.
Figure 15
17
A user login is always linked to a contact stored in the CMDB (See Using CMDB module in iTop user guide). Prior to create a login you have to make sure that the user is documented as a contact in the CMDB. The tab Profiles list all profiles that are linked to this user. The tab Grants matrix display rights allowed for this user. It is the merge of all rights corresponding to associated profiles. The tab Allowed Organizations display list of organization this user is allowed to see.
Creating a user
To create a new user you just have to click on New in action drop down list, from either user list or a given user detail. Following wizard then appears:
Figure 16 You can define different type of users: iTop user that are internal to the application with their password stored (encrypted) in the database. This is useful for administrative users or for users/logins to be used to scripts or other applications. LDAP user for which the authentication is managed by an external LDAP or Active Directory server. External user for which authentication is managed directly by the web server, for example when using an Apache .htaccess file or when using an external single-sign-on solution, like for example JASIG-CAS. All the details about authentication in iTop are described in the document How to setup iTop Authentication [1]. If you decide to create an iTop user, you have to define the password, and type it exactly two times. An exclamation sign appears at the right of the password field while both passwords are not the same.
Figure 17 You can as well define the language for this user. (See iTop localization page 31 for the complete list of supported language) Whatever type of user you create, you have to link it to an existing contact in iTop CMDB
18
Then you define, in the tab profile, the profile for the corresponding user. You have to define at least one profile.
Figure 18 The Add Profiles ... button displays the search window for selecting the profiles you want to assign to the user.
Figure 19 The profiles assigned to the user can be changed later on using the Modify action for a user.
19
All the objects belonging to an organization which is forbidden to a given user are completely hidden from this user. For this user, the application behaves as if such object did not exist. For example if the contact corresponding to this user is in a forbidden organization, it looks like (for this users) the contact does not exist. And thus will prevent this user from accessing the iTop portal! The selected organizations can be changed later on using the Modify action for a user.
Figure 20
Managing Organizations
Organizations are used in iTop to group object into silos. Only administrators and configuration managers can add or remove organizations. To add or modify an organization you have to click on Organizations in the Data Administration module and click on New button.
Figure 21 The form to create an organization enables you to define: The name of the organization Its code Its status And a parent organization if you want to create hierarchy
20
Figure 22 You can later modify the attribute of a given organization by clicking on Modify action.
21
You can view the current data model used by iTop by clicking on the link Data Model in the Admin Tools menu. An explorer tree-view allows you to navigate through the hierarchy of classes (in alphabetical order).
Figure 23 Clicking on a class name gives you the details for this class.
Figure 24
22
Data model tabs definition: Tab Attributes Search criteria Referencing classes Related classes Lifecycle Notification
23
The menu Run Queries allows you to test OQL queries (See OQL reference guide). It includes as well some predefined queries to be used as examples (click on Query Examples at the top)
Figure 25 Enter OQL expression in the text area, and click on Evaluate to get the result.
Managing Notification
iTop integrates a notification system which is linked to the life cycle of the objects. This allows administrators to define e-mail notification rules when an object of a given class enters or leaves a specified state, or when a new object is created. The notification mechanism is divided in two parts: Triggers that define when notifications are to be executed and for which type of object Actions that defines the actions taken. In the current version of iTop, the only available actions consist in sending email. For a given trigger you can define several actions to be executed, and their sequence. The link Notification in the Admin tools module enables you to define triggers and actions:
24
Figure 26 The Triggers tab displays all created triggers. The Actions tab displays all Actions
Creating an action
Before creating a useful trigger, you need to define at least one action. It is a kind of template for formatting e-mail to be sent. To create a new action, go to action tab and click on New in action drop down list. The following wizard appears:
Figure 27 You have to define at least a from e-mail address, and to whom you want to send the e-mail. Be aware that the from e-mail address has to be a valid one otherwise your mail server may refuse to send the message.
25
The contacts to be notified in the To, Cc, and Bcc are defined by an OQL query. This allows to specifiy mutilple recipients for the notification, like all the contacts attached to a ticket or all the contacts on the impacted site. (Refer to the document OQL Reference guide [2] for more information about writing OQL queries) This OQL query must return a list of objects containing an e-mail attribute: Contact Person Team For instance To: SELECT Person WHERE name LIKE John. The query can contain placeholders (using the syntax :this->attribute) that refer to the current object for which the notification is being sent. For example: SELECT Person WHERE id= :this->caller_id If the list is empty no mail is sent. The subject field is also mandatory. The body is the text sent. It can use HTML tag for formatting. You can also use attributes of the object that will trigger the action. The syntax to be used is $this->attribute$. There is as well to specific attributes: $this->name()$ is the name of the current object $this->hyperlink()$ is a url to access the current object $this->hyperlink(portal)$ is a url to access the current object in the iTop portal By Default importance of the mail is normal.
To test a new action, you can use the status Being tested and Test recipient with a test address. In that case, the notification will be sent to this latter address. Once you notification have been tested and validated, change its status to In Production to have notifications flow to their actual recipients. If you want to de-activate an action, just set its status to Inactive.
Creating a trigger
Once you have actions defined, you can create triggers. You can define three types of triggers: When a new object is created When an object enters in a given state When an object leaves a given state When an object is updqted from the iTop portal To create a new trigger, click on New in action drop down list for the given category in Trigger tab. The following wizard open:
26
Figure 28 You have to select which type of trigger you want to create: Trigger (on entering a state) Trigger (on leaving a state) Trigger (on object creation) Trigger (when updated from the portal) Once you have selected the type of trigger you get the following form:
Figure 29 For each trigger you have to define the class of object for which this trigger is applicable and the state (this is not applicable for Trigger on object creation and Trigger (when updated from the portal)). The states available for a class of object are defined in the data model. You can see them in the Life Cycle tab in the section Transitions when you are looking at the data model user interface (Refer to the chapter Viewing the data model, page 22). The value to be chosen is the one between parentheses. Then you have to select the actions to be associated with this trigger in the Triggered Actions tab. Remember that an action can be linked to several triggers. We strongly encourage you to test triggers and actions before moving them to production. As a matter of fact, it is always difficult to understand why e-mails are not sent. You can use the menu Application log where all notifications are tracked to check if a mail was triggered. A detailed log of event describes what happened with a given notification, for an easier troubleshooting. You can as well see which notification had been sent for a given ticket (User Request, Incident, Change) using the tab Notifications in the details of the ticket.
27
Figure 30
If you are running iTop on a Linux server, make sure that the variable sendmail_path value in php.ini. For example: sendmail_path = "/usr/sbin/sendmail -t -i" Note: Depending on your actual environment, the configuration may be different. For example it si also possible to use SSMTP as a proxy to the actual mail server, as explained in the following link: http://tombuntu.com/index.php/2008/10/21/sending-email-from-your-system-with-ssmtp/ If you are running iTop on Windows server, you need to make sure that the php.ini file contains the following line: SMTP = <smtp server> smtp_port = 25 In order to test mail notifications you can use, the Test Page: http://<itop server location>/setup/email.test.php This page performs a number of tests and allows you to send a plain-text email to the recipient of your choice. This is useful to validate that the PHP configuration of the server is valid for sending e-mails.
28
Figure 31
29
iTop Audit
Audit is an iTop feature you to check the consistency of information stored in the iTop database. Using the audit, you can answer questions like: Do we have a hardware support contract linked to all devices in production? or Do we know the localization of all the servers for on-site support? An Audit Category defines group (categories) of audit rules. A rule category also defines a list of objects that are the subject of the associated rules. For instance all devices that are on production. An Audit Rule defines the rule that needs to be checked for a given category. For instance We dont want to have devices on production located on a Site in implementation. To add or modify an audit category or an audit rule, click on Audit Categories in the Admin tools module.
Audit Categories
An audit category is defined by a name, a description and a definition set. The definition set defines the scope of objects that will be subject to the related audit rules. It is an OQL query.
Figure 32 Once your new audit category is created, click on Modify in Action list, and select Audit Rules tab to create new audit rules.
Audit Rules
An audit rule is defined by a name, a description, the query to check and a Valid Object flag. The query defines the list of objects (under the scope defined by the category) that pass/fail the audit. Since it is sometimes easier to list the object that pass the audit, the flag Valid Objects ? is used to indicate whether the query returns the valid objects or the invalid ones. Note that a rule is always linked to only one category; and this category determines the scope of the rule.
30
Figure 33
iTop localization
Since release 1.0 iTop is designed to support multi-localization. This means that provided the right localization is available in iTop each user can see the iTop user interface in her/his own language. This language is part of the user record created for each user in iTop. The localization of iTop consists mainly in translating a set of predefined PHP files, called Dictionaries. The supported languages in the current release are: Chinese English French German Hungarian Italian Japanese Portuguese (Brazil) Russian Spanish Turkish The default language in iTop is defined during the setup. If you want to change it afterwards, modify the configuration parameter 'default_language' in config-itop.php
Data backup
In iTop all the data (including the uploaded documents) are stored in the MySql database. Therefore it is highly recommended to have a database backup in place on a regular basis. You can run a full backup of the database using the following mysqldump command:
/usr/bin/mysqldump --opt --add-drop-database user=<mysql user> --password=<mysql password> <itop DB> | gzip > <file>
31
Once the content of the database is dumped, just backup this dump and the config-itop.php file to keep a full image of your iTop instance.
Parameter file
The argument param_file can be used with most of the REST/CLI web services. By convention, the cron.php service searches for a parameter file name cron.params A parameter file contains key/value pairs. It can be commented: any character found after `#` will be ignored Example:
# This is a parameter file # # If a parameter is given both in the file and in the arguments,
32
# then the value given as argument is retained # # Authentication auth_user = qwertyuiop auth_pwd = ded!catedL0g1n # My web service size_min = 20 # Megabytes time_limit = 40 # Minutes
Arguments
Argument param_file auth_login auth_pwd login_mode expression format fields Description Parameters file User login - CLI mode only User password - CLI mode only basic, form, external or cas OQL query html (suitable for integration with MS-Excel), xml or csv coma separated list of attributes (e.g. "name,brand,model") ; ignored for XML output ; ignored for HTML for versions earlier than 1.2 (RC) Defaut value Defined in config-itop Mandatory! html All the attributes of the class specified by <expression>
You can use command line tools, like wget, to automate such an export from another system, or simply, run export.php from the command line: Example 1: from the command line (on the iTop server)
php /var/www/itop/webservices/export.php --auth_login=john --auth_pwd=trust,no1 -expression="SELECT Server" --format=csv --fields=name,management_ip
33
Examples: Get all the contacts, use the following OQL expression: SELECT Contact Which gives the following command line:
wget --http_user=user --http_password=password "http://<server>/webservices/export.php?login_mode=basic&format=csv&expression=SELECT Contact"
To get all the persons (note that a person is contact also, but it has more attributes to be exported: first_name and employee_number): SELECT Person Which gives the following command line:
wget --http_user=user --http_password=password "http://<server>/webservices/export.php?login_mode=basic&format=csv&expression=SELECT Person"
Remarks: Under Unix/Linux the URL to the page being queried must be enclosed within double quotes, because of the ampersand character (&) that the shell interprets as the end of the command (and spawns a background process with the command represented by the remaining of the line). The parameter login_mode=basic forces iTop to use the HTTP Basic Authentication scheme which is compatible with most command line utilities like wget, LWP, etc
34
The on-going process for synchronizing data with iTop is based on the following steps: 1. Extract data from the external source/application [not handled by iTop] 2. Transform the data to a content suitable for iTop [not handled by iTop] 3. Import the data into a temporary table in iTop [can be handled by iTop or an external application] 4. Search for matching objects in iTop [handled by iTop] 5. Create/Update or Delete the synchronized objects in iTop [handled by iTop] 6. Display and manage the synchronized object in iTop To implement a Data Synchronization in iTop follow the steps below: 1. From the iTop admin menu, define a "Data Source" object, for the type of objects you want to import/synchronize. This creates a specific "replica" table in the iTop database, named "synchro_data_xxx". (Once the data source is created, check the "Attributes" tab of the data source. The name of the temporary table is displayed at the top.) 2. Using either your favorite ETL or plain old scripts, populate the "synchro_data_xxxx" table corresponding to the "Data Source" with the data coming from the external source. You can use the special column "primary_key" for storing any identifier of the object in the external application. Each record in this table will correspond to one object in iTop. The column "id" is reserved for use by iTop and cannot be written. All other columns correspond to fields of the iTop object. 3. Trigger the execution of the data synchronization between the iTop objects and the "replicas" of the temporary table by executing the page "synchro/synchro_exec.php" either in command line mode, or by invocating the web page (using wget for example). Of course you can schedule the steps 2 and 3 on a regular basis (hourly, daily or weekly) at will.
Provided that the appropriate index exists on the table, you can then use the MySQL command INSERT ... ON DUPLICATE KEY UPDATE ... to import the data. Example 1: if you import servers from OCS inventory, you can use the field "id" from the Hardware table to uniquely identify a server. The value of this field can be stored in the 'primary_key' field of the data_synchro_xxx table and used as a unique index. First, make sure that the field "primary_key" is a unique index for the table:
ALTER TABLE synchro_data_xxx ADD UNIQUE INDEX(primary_key);
Then you can use the following query to insert records in the data_synchro_xxx table:
INSERT primary_key, name, org_id INTO data_synchro_server_1 VALUES (100, 'myserver.demo.com', 'Demo') ON DUPLICATE KEY UPDATE name=VALUES(name), org_id=VALUES(org_id);
Note that MySQL also allows a multiple insert statement like the following:
INSERT primary_key, name, org_id INTO data_synchro_server_1 VALUES (100, 'myserver.demo.com', 'Demo'), (101, 'myserver2.demo.com', 'Demo'), (102, 'myserver2.demo.com', 'Demo') ON DUPLICATE KEY UPDATE name=VALUES(name), org_id=VALUES(org_id);
Example 2: if your unique key for identifying the servers is the name of the server and the name of the organization, you can do the following: First create a unique index on these two fields in iTop:
ALTER TABLE synchro_data_xxx ADD UNIQUE INDEX(name, org_id);
then you can import the data in iTop using the following MySQL statement:
INSERT name, org_id, location_id INTO data_synchro_server_1 VALUES ('myserver.demo.com', 'Demo', 'Paris') ON DUPLICATE KEY UPDATE location_id=VALUES(location_id);
You can also specify several links (several profiles) by separating each link with the pipe (|) character.
36
The "Data Sources" are defined using the menu "Admin Tools/Synchronization Data Sources". Each data source defines:
The "target" class of the objects to be synchronized The list of attributes/fields of the objects to synchronize How to search/reconcile the objects with the objects already existing in iTop The rules of synchronizing/updating and possibly deleting objects in iTop How the synchronized objects behave for the iTop end-users (which fields are read-only, are users allowed to delete the objects...) An optional hyperlink and icon to refer iTop users to the corresponding object in the external application
37
importing initial data in iTop performing bulk transformations on the data (sometimes it's easier to export / modify in Excel / re-import than to edit the objects directly in iTop)
federating data between different systems in iTop importing data via some scheduled mechanism preventing users from modifying the imported data
38
Character set encoding of the optional, defaults to [UTF-8] CSV data: UTF-8, ISO-8859-1, WINDOWS-1251, WINDOWS1252, ISO-8859-15 column separator in CSV data optional, defaults to ; test qualifier in CSV data optional, default to [retcode] to return the count optional, default to of lines in error, [summary] to summary return a concise report, [details] to get a detailed report (each line listed) name of the columns used to optional identify existing objects and update them, or create a new one If set to 1, then the load will not be executed, but the expected report will be produced optional, default set to 0
reconciliationkeys
simulate
Example:
$> php q import.php --auth_user=admin --auth_pwd=admin --class=Server --csv_file=servers.txt
39
REST web service A web service allows you to write a script to enter new data, or refresh existing data. This can be helpful for the initial load or to schedule a daily synchronization of the data coming from an external data source - could be another application, an automated data collector, etc.
/webservices/import.php?class=Organization&csvdata=<multine-csv>[&separator=<char>] Note that this service emulates the functionality provided by the interactive bulk load: /pages/import.php csvdata must be posted, the first line will contain the codes of the attributes to load. It uses the default reconciliation keys defined in the data model for identifying objects to load. Parameters for import.php web service: Parameter Name class csvdata charset Description class of loaded objects Data to load yes yes Mandatory
Character set encoding of the optional, defaults to [UTF-8] CSV data: UTF-8, ISO-8859-1, WINDOWS-1251, WINDOWS1252, ISO-8859-15 column separator in CSV data optional, defaults to ; test qualifier in CSV data optional, default to [retcode] to return the count optional, default to of lines in error, [summary] to summary return a concise report, [details] to get a detailed report (each line listed) name of the columns used to optional identify existing objects and update them, or create a new one If set to 1, then the load will not be executed, but the expected report will be produced optional, default set to 0
reconciliationkeys
simulate
The answer is given in a simple html format, explaining what has been done for each row of data. Example: A script that creates a company called "Food and Drug Administration" (code FDA).
40
with: data.txt containing the following text auth_user=<username>&auth_pwd=<pwd>&loginop=login&csvdata=name;code Food and Drug Administration;FDA Combodo;CBD
41
The following script queries data about Servers from a local database (in this case an instance of OCSng) and imports the resulting information as Server objects into iTop.
#!/usr/bin/perl use DBI; use CGI; use Net::DNS; # OCSng database connection $OCS_DB_hostname="localhost"; $DB_login = "root"; $DB_pwd = "root";
$dsn = "DBI:mysql:database=$OCS_database;host=$OCS_DB_hostname"; $dbh = DBI->connect($dsn, $DB_login, $DB_pwd) or die "Echec connexion"; $dbh->{FetchHashKeyName} = 'NAME_lc';
$tmp_dir="/tmp"; $serverFile="$tmp_dir/serverData.txt"; # iTop user/credentials used for web service connection $itop_user="admin"; $itop_pwd="admin"; $itop_organization="Demo"; #This has to be replaced by a valid Organization in iTop $itop_device_status="implementation"; #This flag simulate the synchronization #You can view result of data to be imported in you $tmp_dir directory # in file pcData,serverData.txt, and ifData.txt # Set the flag below to 1 to simulate the import in iTop instead of running # the import for real $simulate_flag=0; ### Query the servers from OCSng $requete = " select name, osname,workgroup, osversion,oscomments,processort,memory,ipaddr,wincompany,winowner,userdomain,userid,sma nufacturer,smodel,ssn from hardware h,bios b where h.id=b.hardware_id "; $sth = $dbh->prepare($requete); open(WRITE,">$serverFile") || die ("Failed to open $serverFile") ; $sth->execute(); print WRITE "auth_user=$itop_user&auth_pwd=$itop_pwd&loginop=login&csvdata=name;status;owner_name;o s_family;os_version;management_ip;cpu;ram;brand;model;serial_number\n"; while(my $row = $sth->fetchrow_hashref){ print WRITE "$name;$itop_device_status;$itop_organization;$row->{osname};$row>{osversion}-$row->{oscomments};$row->{ipaddr};$row->{processort};$row->{memory};$row>{smanufacturer};$row->{smodel};$row->{ssn}\n"; } close(WRITE); # Disconnect from OCSng DB $sth -> finish; $dbh -> disconnect;
42
# Call the Rest web service (using wget) to import the CSV file into iTop
// iTop location and credentials $sItopServer = 'http://localhost'; $sItopUser = 'admin'; $sItopPwd = 'admin'; $itop_webserver_soap_catalog = $sItopServer.'/webservices/itop.wsdl.php'; $oSoapClient = new SoapClient( $itop_webserver_soap_catalog, array( 'trace' => 1, 'classmap' => SOAPMapping::GetMapping(), // defined in itopsoaptypes.class.inc.php ) ); $sTitle='The service '.$service.' is in state '.$serviceStatus; $sDescription='This is a test'; $caller='Picasso'; // to be replaced by valid value in iTop $customer='Demo'; // to be replaced by valid value in iTop $service='Computers and peripherals'; // to be replaced by valid value in iTop $sub_service='Repair'; // to be replaced by valid value in iTop $workgroup='Hardware support'; // to be replaced by valid value in iTop 43
From the command line you can then run the following command:
$> php -q create_ticket.php webserver.demo.com IIS KO HARD None Ticket: I-000010 created
The WSDL catalog is available from http://<itop path>/webservices/itop.wsdl.php This web service requires parameters mandatory for incident ticket creation:
44
Title Description Caller Customer Service Sub service category Workgroup Impacted Cis (optional) Impact Urgency
Feedbacks are sent in XML format in order to check what had been done on the iTop server, including the ticket number when the ticket is properly created.
access_mode
integer
Yes
Yes No Yes
Combination of flags (ACCESS_USER_WRITE | ACCESS_ADMIN_WRITE, or ACCESS_FULL) Automatically populated by the installation process Displays the + button on external keys to create target objects The list (and in which order) of authentication methods that the application allows. The value is a combination of form|cas|basic|external|url If set, the APC cache is allowed (the PHP extension must also be active) Time to live set in APC for the prepared queries (seconds - 0 means no timeout) Root URL used for navigating within the application, or from an email to the application (you can put $SERVER_NAME$ as a placeholder for the server's name) Automatically populated by the installation process Position of the forms buttons: bottom | top | both The CAS context Activate the CAS debug
1 form|basic|ext ernal
1 3600
both
45
cron_sleep csv_import_charsets
integer array
No Yes
The name of the CAS host The path where to find the phpCAS library The redirect service (URL) to use when logging-out with CAS A semicolon separated list of group names that the user must be member of (works only with SAML e.g. cas_version=> "S1") The port used by the CAS server The path where to find the certificate of the CA for validating the certificate of the CAS server The CAS protocol version to use: "1.0" (CAS v1), "2.0" (CAS v2) or "S1" (SAML V1) ) Duration (seconds) of the page cron.php, must be shorter than php setting max_execution_time and shorter than the web server response timeout Duration (seconds) before cron.php checks again if something must be done An array of character sets names to be added to the ones offered by the CSVImport menu item. Add your own charsets definitions here if the standard list does not fit your needs. Percentage of creations that trigger a confirmation in the CSV import Percentage of errors that trigger a confirmation in the CSV import Minimum number of objects to check for the confirmation percentages Percentage of modifications that trigger a confirmation in the CSV import Automatically populated by the installation process Character set to use for the MySQL database Collation (i.e sort mechanism) to use for the MySQL database Name of the host for the MySQL database server. (e.g. localhost, 192.168.10.234, mydbserver.demo.com, etc.) Name of the MySQL database Password to connect to the MySQL server Prefix of the tables in the MySQL database user name to connect to the MySQL server The format used for displaying "deadline" attributes: any string with the following placeholders: $date$, $difference$
443
2.0 600
50 50 3 50
utf8 utf8_unicode_ ci
$difference$
46
default_language
string
Yes
dictionary_list email_asynchronous
array bool
Yes Yes
log_issue
bool
Yes
log_notification
bool
Yes
The default language for the application, used for the login/logout pages. (Selected during the installation) Automatically populated by the installation process If set, the emails are sent off line, which requires cron.php to be activated. Exception: some features like the email test utility will force the serialized mode A "salt" key used for encrypting secured fields in the application. The duration (in seconds) between two reloads of a list, if the reload interval is "fast" Path to the Graphviz "dot" executable for graphing objects lifecycle Link set from string: attribute qualifier (encloses both the attcode and the value) Link set from string: attribute separator Link set from string: line separator Link set from string: value separator (between the attcode and the value itself If set to 1, then the log is active. Which event is logged and where will depend on the following log_.... settings If set to 1, then internal errors (or some usage errors) will be traced both into /error.log (destination file could not be changed) and the DB (OQL: SELECT EventIssue) If set to 1, then notifications sent my the mean of the Trigger/Actions will be recorded into the DB (OQL: SELECT EventNotification) Log the usage of the application (i.e. the date/time and the user name of each login) If set to 1, then usage of the SOAP service(s) will be recorded into the DB (OQL: SELECT EventWebService) The maximum number of elements in a drop-down list. If more then an autocomplete will be used The maximum number of items that a list can display at once, before changing to a paginated list The minimum number of characters to type in order to trigger the "autocomplete" behavior The number of items to display when a list is bigger than "max_display_limit" Automatically populated by the installation process
1 50 15 3 10
47
webservice_list
array
Yes
Whether or not the application is allowed to run on a non-secure (i.e. non HTTPS) connection The name of the cookie used to store the PHP session id Disable external key check when checking the value of attributes Disable data format and integrity checks to boost up data load (insert or update) Disable strong security - TEMPORY: this flag should be removed when we are more confident in the recent change in security The duration (in seconds) between two reloads of a list, if the reload interval is "standard" Synchronization details: none, display, save (includes 'display') Timezone (reference: http://php.net/manual/en/timezone s.php). If empty, it will be left unchanged and MUST be explicitely configured in PHP Automatically populated by the installation process
iTop
References
[1] How to setup iTop Authentication http://www.combodo.com/IMG/pdf/How_to_setup_authentication_with_iTop.pdf [2] OQL Reference guide http://www.combodo.com/IMG/pdf/OQL_Reference.pdf
48