This article describes the process for adding a Service tile to the Helix Portal Landing page to Cross-Launch a Custom URL, such as the Helix ITSM MidTier. The configuration is performed using the tctl command-line tool and requires access to a Linux system with GUI support for login authentication.
For OnPrem Users:
Follow the steps below to configure a custom panel using the tctl command-line tool:
Prerequisites:
- Access to a Linux system with GUI (for browser-based login)
tctl utility downloaded and installedkubectl access to the appropriate namespace- Required configuration files:
activate-service.jsoncustom-service.jsongenerate_tctl_config.sh script
Download the tctl utility - if intended to run the utility on a Linux system, a GUI interface is needed for the login stage, as it launches a browser to input credentials. Later steps can be done with a simple terminal.
Steps below assume running on Linux.
Save these files to the Linux working directory where tctl is installed:
activate-service.json - replace CUSTOM_URL with the address of your service
{
"license": "string",
"metadata": {},
"service_url": "CUSTOM_URL"
}
custom-service.json - update the MidTier-related fields, such as name and description with your own service values
{
"name": "MIDTIER",
"type": "EXTERNAL",
"status": "ACTIVE",
"version": "21.30.00",
"metadata": {
"oob_content": {
"application": {
"internal_object": false,
"name": "MIDTIER",
"system_object": true,
"description": "MidTier Service",
"application_id": "MIDTIER",
"version": "21.30.00"
}
}
},
"config": {
"ui_configurations": {
"components": [
{
"icon_source_uri": "d-icon-user_star",
"use_service_url": true,
"image_source_uri": "/itsm/icon-helix-ITSM.svg",
"name": "BMC Helix MidTier",
"link_route_path": "/",
"description": "MidTier access to BMC Helix ITSM",
"product_services": true
}
]
}
}
}
Save this text as generate_tctl_config.sh
---
#!/bin/bash
# Shell script to create a config file suitable for the tctl command line tool
# Should be run on a system with kubectl access to namespace being used
# Usage: ./generate_tctl_config.sh <ADE_NAMESPACE>
# Outputs config file contents to stdout suitable for copy/past or redirection
if [ $# -ne 1 ]; then
echo "Usage: ./generate_tctl_config.sh <ADE_NAMESPACE>"
exit 1
fi
# Expect $1 to be the namespace where the Helix Platform services are running
NAMESPACE="$1"
if [ -t 1 ]; then
echo "Checking for Helix Platform TMS pods in ${NAMESPACE} namespace..."
fi
TMSPODCOUNT=$(kubectl -n ${NAMESPACE} get pod -l app=tms | wc -l)
if [ $TMSPODCOUNT -eq 0 ]; then
>&2 echo "ERROR - Helix Platform TMS pods not found in ${NAMESPACE} namespace."
exit 1
fi
>&2 echo "Getting data from TMS..."
# Get the RSSO credentials
USER=$(kubectl get job -n ${NAMESPACE} tms-superuser-job -o=jsonpath='{.spec.template.spec.containers[*].env[?(@.name=="LOCAL_USER_NAME")].value}')
PASSWD=$(kubectl get job -n ${NAMESPACE} tms-superuser-job -o=jsonpath='{.spec.template.spec.containers[*].env[?(@.name=="LOCAL_USER_PASSWORD")].value}')
# Get the config file values
TMS_URL=$(kubectl -n ${NAMESPACE} get deployment tms -o=jsonpath='{.spec.template.spec.containers[?(@.name=="tms")].env[?(@.name=="ADE_PLATFORM_BASE_URL")].value}')
APPURL=${TMS_URL%/*}
CLIENTID=$(kubectl -n ${NAMESPACE} get secret tms-auth-proxy-secret -o jsonpath='{.data.clientid}' | base64 -d -w 0)
CLIENTSECRET=$(kubectl -n ${NAMESPACE} get secret tms-auth-proxy-secret -o jsonpath='{.data.clientsecret}' | base64 -d -w 0)
RSSOURL=$(kubectl -n ${NAMESPACE} get cm rsso-admin-tas -o jsonpath='{.data.rssourl}{"/rsso\n"}')
>&2 echo -e "tctl config file generated....\nRSSO credentials are ${USER}/${PASSWD}"
echo "
appurl: ${APPURL}
clientid: ${CLIENTID}
clientsecret: ${CLIENTSECRET}
enableauth: true
rssourl: ${RSSOURL}
"
# --- end of file ---
Run the generate_tctl_config.sh script to create the config file for tctl and note the credentials it reports.
$ bash generate_tctl_config.sh helix-platform-namespace > config
Getting data from TMS...
tctl config file generated....
RSSO credentials are admin/bmcAdm1n1#
Use the tctl tool to log in to your Helix Platform system - a browser launches, and enter the credentials reported in the previous step.
$ ./tctl login
Edit the browser URL to refer to http rather than https, and you should get the "You were successfully authenticated" message
Get and note the tenant ID
$ ./tctl get tenant
Create the service
$ ./tctl create-service -f custom-service.json
Check that the service was registered and note the service ID
$ ./tctl get service
Activate the service for your tenant
$ ./tctl activate service <TENANT_ID> -i <SERVICE_ID> -f activate-service.json
Verify service is active
$ ./tctl get tenant-service <TENANT_ID>
Log in to the portal, and a user will see a new panel - it should cross-launch and log you straight in if RSSO is supported.
NOTEs:
1. Currently, there is no way for an external service to have an icon change if this use_service_url is true
2. The following can help to mark the services as deactivated
Log in to tctl and then get tenant details [tctl login and then tctl get tenant]
Then follow the steps below:
1. Get the tenant service details
./tctl get tenant-service <ID1>
2. Create a json file called Inactive.json with the following contents:
{
"status": "INACTIVE"
}
3. Using the ID of the service you want to deactivate <ID2>, update the tenant service
./tctl update tenant-service <ID1> -i <ID2> -f Inactive.json
4. Confirm relevant services are showing as INACTIVE
./tctl get tenant-service <ID1>
NOTE: This functionality is not supported for SaaS customers at this time. Registering a service as a tile on the Helix Portal landing page must currently be done through backend pipelines.
An idea has been submitted to address this limitation. More details can be found here:
https://community.bmc.com/s/idea/087cx000004spL3AAI/detail