Every time I have to install TNPM the first thing I do is to ask myself: Do I have all I need? This looks a simple question, but if you consider that you need to download at least 10 different installation packs (yes 13GB), and match the compatible versions, this can take some time.
Another important question for me, especially when a new version is released: Are the installation instructions correct? Are they guiding me to the correct way of installing TNPM?
Unfortunately, this question proves to be more pertinent than I would like it to be. For instance, I already raised a very important issue when installing TNPM 1.3.2 about using the root user to install the TIP portal. TNPM 1.3.2 did that without fear and even finished with a chmod -R 777 <portal_home> in the end...very smart. IBM recognized the issue included some instructions on how to install the portal as non-root.
Well, how surprised I was, while reading the instructions for TNPM 1.4.1, to see that we have to install the portal (now called JAZZ) as the root user and do a chmod -R 777 <portal_home> as the post installation step. This is not necessary or even mandatory and absolutely not recommended for a public portal.
So, I hope the following posts will help you to do the it in a better way.
One important remark!!
Despite I will use only official IBM tools to install the different packages and no tricks, it always comes back to you to decide on the consequences of not following the official instructions (even if they are not good). It is your call, not mine, to make sure everything works on your environment. IBM support can eventually deny their support if they see your public portal is not running as root and all application files do not have the 777 permission.
Thursday, November 5, 2015
Monday, October 12, 2015
Launch TNPM pages in context from external applications
If you ever needed to integrate TNPM (v1.3.2+) with an external application, you may have asked yourself how to launch the TNPM portal in context with authentication and authorization in place.
It turns out there is a portal tool that allows exactly that. Is it called xlaunch and it is available for TIP and JAZZ portals. The tool will create a user-based token that can be used authenticate and launch the TNPM page you wanted using HTTP GET.
1) Create the xlaunch credentials (all in one line):
$ java -cp /<JazzSM_HOME>/profile/installedApps/JazzSMNode01Cell/isc.ear/xlaunchapi.jar com.ibm.isc.api.xlaunch.LaunchPropertiesHelper\$Encode com.ibm.isc.xlaunch.username <username> com.ibm.isc.xlaunch.password <password>
Replace <username> and <password> with the TNPM user you want to SSO.
This will return a string like:
L2NvbS5pYm0uaXNjLnhsYXVuY2gujXNlcm5hbWUvdG5wbS1jb20uaWJtLmlzYy5KbGF1bmNoLnBhc3N3b3JkL3RucG0*
2) Launch in context (autologin using xlaunch credentials)
Example:
https://1.2.3.4:16311/ibm/action/launch/tnpm.console.topology.performance.network.resourceGroups/L2NvbS5pYm0uaXNjLnhsYXVuY2gujXNlcm5hbWUvdG5wbS1jb20uaWJtLmlzYy5KbGF1bmNoLnBhc3N3b3JkL3RucG0*
To get the pageid, open the page in JAZZ, click on the "single page" icon on the top right corner and click "About". Under "General" you will find the pageid
3) That's it
It turns out there is a portal tool that allows exactly that. Is it called xlaunch and it is available for TIP and JAZZ portals. The tool will create a user-based token that can be used authenticate and launch the TNPM page you wanted using HTTP GET.
Steps:
1) Create the xlaunch credentials (all in one line):
$ java -cp /<JazzSM_HOME>/profile/installedApps/JazzSMNode01Cell/isc.ear/xlaunchapi.jar com.ibm.isc.api.xlaunch.LaunchPropertiesHelper\$Encode com.ibm.isc.xlaunch.username <username> com.ibm.isc.xlaunch.password <password>
Replace <username> and <password> with the TNPM user you want to SSO.
This will return a string like:
L2NvbS5pYm0uaXNjLnhsYXVuY2gujXNlcm5hbWUvdG5wbS1jb20uaWJtLmlzYy5KbGF1bmNoLnBhc3N3b3JkL3RucG0*
2) Launch in context (autologin using xlaunch credentials)
URL: https://<serverip>:16311/ibm/action/launch/<pageid>/<xlaunch_credential>
Example:
https://1.2.3.4:16311/ibm/action/launch/tnpm.console.topology.performance.network.resourceGroups/L2NvbS5pYm0uaXNjLnhsYXVuY2gujXNlcm5hbWUvdG5wbS1jb20uaWJtLmlzYy5KbGF1bmNoLnBhc3N3b3JkL3RucG0*
To get the pageid, open the page in JAZZ, click on the "single page" icon on the top right corner and click "About". Under "General" you will find the pageid
3) That's it
Wednesday, July 29, 2015
SevOne and TNPM. A technical comparison.
Some people have asked me about SevOne and how does it compare to TNPM. Some even ask if they should migrate from TNPM to SevOne. My answer is...it depends.
So, to help you take your decision, I prepared the table below. Please keep in mind that it is not my intention to say which one is better (I have my personal opinion though), but only to show what are the differences (and common) points between them and let you take your own decision.
So, to help you take your decision, I prepared the table below. Please keep in mind that it is not my intention to say which one is better (I have my personal opinion though), but only to show what are the differences (and common) points between them and let you take your own decision.
| Item | IBM TNPM | SevOne |
|---|---|---|
| Architecture | 5 specialized core components:
|
1 core component:
|
| Installation | Very complex. Can take a long time (days to weeks) | Very simple. Appliance or VM based. It is a matter of hours to install and start using |
| Upgrade | Very complex. Can take a long time (days to weeks) | Simple. Press the update button and it is done (complex architectures may demand some special care) |
| Scalability | Via hardware upgrade on each core component | Via cluster. Add another appliance side by side in cluster mode |
| SNMP collection | Using collection formulas. Can be easily customized | Using certified collection formulas. Usually needs SevOne intervention |
| BULK collection | Using PVLINE (proprietary) format | Using xStats component |
| Component Discovery | Using discovery formulas. Can be easily customized and allow custom properties | Not flexible. SevOne always discovers everything it can using SNMP walk. Allow custom properties |
| Component enrichment | Using inventory hooks | Using API |
| Licensing | Based on “class of devices” being monitored. Very complex | Per discovered and enabled object |
| Technical Portal | WebSphere based. Allow some flexibility and customization | Cannot be customized or changed |
| Services Portal | Supported | Not supported. Another solution needs to be used |
| Multi-tenancy | Supported | Supported |
| Reports | Cannot be created by the user | Can be created and shared by the user |
| Backup | Database backup | Not existent. To avoid data loss, another appliance needs to be paired in high availability |
| Cross collection | Supported, but complex | Supported |
| Grouping components (service like measurements) | Supported, but complex. Can use rules to group components | Supported but each component needs to be maintained manually or via the API |
| Historical data | Limited by the database storage size. Purge scripts can be used. | Usually limited to 1 year. This can be changed, but it is highly dependent on the local storage available on each appliance |
| Authentication | LDAP or local | LDAP, RADIUS, TACACS |
| Authorization | Based on roles | Based on roles |
| Data volume | Report generation and data processing are subject to speed degradation as the data volume increases | Report generation and data processing are NOT subject to speed degradation as the data volume increases |
| Data aggregation | Pre-calculated and aggregated before stored in the database. Stored raw data and aggregated data side by side | Only raw data is stored. Aggregated data is calculated during report rendering |
| Data export | Can be done using DataAccess component | Not trivial. API allows export of reports in CSV format, but not built for huge data export |
Thursday, April 2, 2015
Error truncating partition
If for any reason you had an issue with your TNPM datachannel LDR that took more than 3 days to solve, you may find the following error on a LDR walkback file once it starts processing the backlog:
END OF WALKBACK20165: Error truncating partition
ORA-06512: at "PV_ADMIN.PVM_ERROR", line 137
ORA-06512: at "PV_ADMIN.PVM_DATALOAD", line 3558
ORA-06512: at line 1
This is caused due to the fact that the LDR is trying to do changes on a db partition that is already at the READONLY state. You can confirm it by searching the following on the oracle trace log:
$ORACLE_BASE/diag/rdbms/pv/
END OF WALKBACK20165: Error truncating partition
ORA-06512: at "PV_ADMIN.PVM_ERROR", line 137
ORA-06512: at "PV_ADMIN.PVM_DATALOAD", line 3558
ORA-06512: at line 1
This is caused due to the fact that the LDR is trying to do changes on a db partition that is already at the READONLY state. You can confirm it by searching the following on the oracle trace log:
$ORACLE_BASE/diag/rdbms/pv/
The Lowest Level Error Code is:
ORA-00372: file 487 cannot be modified at this time
ORA-01110: data file 487: '/(...)/PV_C01_1DGA_000_2014082500_
ORA-00372: file 487 cannot be modified at this time
ORA-01110: data file 487: '/(...)/PV_C01_1DGA_000_2014082500_
Unfortunately, the LDR will not proceed until the issue is solved and will keep generating walkbacks.
To solve the problem:
1) Connect to the oracle database as PV_ADMIN
2) Execute the query (replace the correct tablespace_name value as showed on the oracle trace log) :
select tablespace_name, status from dba_tablespaces where tablespace_name like
'%C01_1DGA_000_2014082500%';
3) You should get two columns, one with the tablespace name and the other with "READ ONLY"
4) Change the tablespace to READ/WRITE executing the following (use the tablespace name returned by the previous sql query):
alter tablespace tablespace_name read write;
like:
alter tablespace C01_1DGA_000_2014082500 read write;
5) Bounce the LDR and it should work fine
Subscribe to:
Posts (Atom)