Discovery: How to automate root node key exports? INCLUDES VIDEO

Knowledge Article

Article Number

000370130

Old Article Number

Article Type

FAQ/Procedural

Title

Discovery: How to automate root node key exports? INCLUDES VIDEO

Summary

How to automate root node key exports?

Product

BMC Discovery

Component

BMC Discovery 21.05.00

Applies to

BMC Discovery

Question

Exporting root node keys is helpful when a tw_model_wipe needs to be performed. See:
https://docs.bmc.com/docs/discovery/2105/converting-bmc-discovery-standalone-machines-to-a-cluster-1002900339.html

"CMDB sync relies on the keys of the root nodes remaining the same; if they are not the same, then CMDB sync may create duplicate CIs."

It's quick and safe to export root node keys from time to time. Doing so will allow these keys to be imported in case of an unrecoverable system problem.

How to automate root node key exports?

Answer

Note:
- The solution below requires the user to type a Discovery admin/system password in clear text in the file system of the appliance.
- This is normally not a problem as only administrators should have access to the file system and non-admin accounts are not supported.
- Users added to the internal group [backup] have enough privileges to export the root node keys but cannot login into the UI. The login/password of such users can be used as an alternative in the procedure below.

Here is an example of how to export the root node keys each day:
- open an SSH session on the appliance (as tideway user)

- execute this command:
nano /usr/tideway/etc/cron/tw_RootNodeKeyExport.cron

- paste the following two lines into tw_RootNodeKeyExport.cron:

# export the root node keys every day at 3:00am into a file with a name like /usr/tideway/RootNodeKeyExport-yyyy-mm-dd.xml
0 3 * * * /usr/tideway/bin/tw_root_node_key_export -u myLogin -p myPassword /usr/tideway/RootNodeKeyExport-`date --rfc-3339=date`.xml

- replace myLogin, myPassword with appropriate values

- (optional) change the path or filename /usr/tideway/RootNodeKeyExport-`date --rfc-3339=date`.xml

- Do CTRL+X, then 'Y', and hit enter to save the file

- execute this command:
tw_cron_update

If the appliance is down when the command is executed, the xml file won't be created. The error will not appear in /usr/tideway/log/tw_root_node_key_export.log.

Alternative entry to generate the file at 23:45 every day and override the existing file:
0 0 * * * /usr/tideway/bin/tw_root_node_key_export -u system -p system /usr/tideway/RootNodeKeyExport.xml

More details:

To use cron in a Discovery appliance, see:
https://docs.bmc.com/docs/discovery/2105/tw_cron_update-1002900421.html
"A cron entry is created by adding a new file ending with .cron"
"Cron entry files in $TIDEWAY/etc/cron are applied to the live cron configuration by running $TIDEWAY/bin/tw_cron_update"

See this documentation about tw_root_node_key_export :
https://docs.bmc.com/docs/discovery/2105/converting-bmc-discovery-standalone-machines-to-a-cluster-1002900339.html

Attachment(s):