NAME
mxnodesecurity - Systems Insight Manager mxnodescurity XML file format
SYNOPSIS
mxnodesecurity -a -f xmlfilename
Add or modify credentials as specified in external XML file.
mxnodesecurity -r -f xmlfilename
Remove credentials as specified in external XML file.
XML BASIC FORMAT DESCRIPTION
The mxnodesecurity command supports adding, modifying or removing node
credentials by providing input from an eXentisible Markup Language
(XML) file. The basic format for the XML file is shown in the example
shown below. More detailed examples are provided further below in
this manual. Note that the XML file may contain one or more <node>
element blocks.
<?xml version="1.0" encoding="UTF-8" ?>
<nodelist>
<node name="nodeName1" >
<credential protocol="wbem" username="userName" password="userPassword" tryothers="on" encoded="" />
</node>
<node name="nodeName2" >
<credential protocol="snmp" username="readstring" password="writestring" tryothers="on" encoded="" />
</node>
</nodelist>
The name attribute specifies a node/system name or IP address that the
credential should be associated with. If the "@defaultN" type format
is used for the name attribute value, then mxnodesecurity will assume
that a default/global type credential is being specified, whereby the
N value indicates a specific default/global credential as may be
viewed/referenced in a credentials listing -l output (see example
credential listing below). A Default (or Global) type credential is
associated with all Nodes/Systems, but is still protocol dependent.
EXAMPLE LISTING OUTPUT
The example output below shows the format for the -l command that will
list all Default/Global and Node/System credentials. Note that the
Default/Global and Node/System credentials are divided into two
separate listings. Also note the "@defaultN" node naming convention
and the specific numeric N value used in the Default/Global
credentials list. When wanting to Modify an existing Default
credential, you *must* use this listing ouput as a reference for the
specific credential that you wish to modify as you will be required to
provide a "@defaultN" value string as a node name in either (1) a
commandline nodename -n value or (2) as a name attribute value in an
XML file.
Listing all global credentials...
NODENAME PROTOCOL USERNAME PASSWORD
@default1 snmp public private
@default1 ssh user1 ********
@default1 sign-in user1 ********
@default2 sign-in user2 ********
@default2 ws-man user1 ********
@default2 snmp public2 private2
@default3 abc user1 ********
@default3 sign-in user3 ********
Listing all system credentials...
NODENAME PROTOCOL USERNAME PASSWORD TRYOTHERS
11.11.111.111 snmp public private Yes
mycomputer.ak.hp.com snmp public private Yes
nodeName1 sign-in user1 ******** Yes
nodeName2 ssh user1 ******** Yes
nodeName3 ws-man user2 ******** No
testNode4 abc user4 ******** Yes
mycomputer2.ak.hp.com wbem user1 ******** No
The protocol attribute specifies the type of credential. Standard
System Insight Manager values for protocol are "wbem", "snmp", "ws-
man", "ssh" or "sign-in". Note that mxnodesecurity will interpret
"wsman" or "ws-man" on the command line as the same protocol. Note
that mxnodesecurity will interpret "signin" or "sign-in" on the
command line as the same protocol. A "sign-in" credential is a
special HP Systems Insight Manager protocol independent credential
used to sign into the managed system. Note that mxnodesecurity will
also accept any name for a protocol name.
The username attribute specifies the user name for a username/password
credential which is associated with "wbem" and other various type
protocols. This attribute may also specify the readstring for a
"snmp" protocol type credential.
The password attribute specifies a user password for a
Username/Password credential which is associated with "wbem" and other
various type protocols. This attribute may also specify the
writestring for a "snmp" protocol type credential.
The tryothers attribute specifies whether or not HP Systems Insight
Manager will try other credentials for the system if this credential
fails. Valid values for this attribute are either "on" or "off". If
this attribute is omitted, the default setting is "on".
The encoded attribute specifies whether or not the password is encoded
or not. Valid values for this attribute are either "0" (not encoded)
or "1" (is encoded). Using an encoded attribute value of "" is same
as using "0".
XML DETAILED FORMAT DESCRIPTIONS - ADD/MODIFY
The XML format for adding or modifying either Node or Default
credentials is shown below. Note that both add or modify operations
are performed by the same "-a -f filename" command option. If a
specified credential is determined to already exist, then a modify
operation will be performed, else an add operation will be performed
by the CLI. The existence of a specified credential is based of the
specified "name" and "protocol" attribute values matching some
existing credential that is stored in the Systems Insight Manager
credentials database. Note the embedded comments above each node
element in the examples below for additional format descriptions.
<?xml version="1.0" encoding="UTF-8" ?>
<nodelist>
<!-- if this wbem Node credential exists (name and protocol), then modify it, else add it -->
<node name="nodeName1" >
<credential protocol="wbem" username="userName" password="userPassword" tryothers="on" encoded="" />
</node>
<!-- if this wbem Node credential exists (name, protocol and port#), then modify it, else add it -->
<node name="nodeName1:5990" >
<credential protocol="wbem" username="userName" password="userPassword" tryothers="on" encoded="" />
</node>
<!-- if this Default credential exists (name and protocol), then modify it, else add it -->
<node name="@default2" >
<credential protocol="ssh" username="userName" password="userPassword" encoded="" />
</node>
<!-- the 999 N value ensures this Default credential will be added -->
<node name="@default999" >
<credential protocol="ssh" username="userName" password="userPassword" encoded="" />
</node>
</nodelist>
XML DETAILED FORMAT DESCRIPTIONS - REMOVE
The XML format for removing either Node or Default credentials is
shown below. The remove operations are performed by the "-r -f
filename" command option. Note that when removing credentials, the
username attribute, the password attribute, the tryothers attribute
and the encoded attribute may be omitted. If any are included, they
will be ignored by the XML parser. Note the embedded comments above
each node element in the examples below for additional format
descriptions.
<?xml version="1.0" encoding="UTF-8" ?>
<nodelist>
<!-- remove this wbem Node credential -->
<node name="nodeName1" >
<credential protocol="wbem" username="userName" password="userPassword" tryothers="on" encoded="" />
</node>
<!-- remove this wbem Node credential of specified port# -->
<node name="nodeName1:5990" >
<credential protocol="wbem" username="userName" password="userPassword" tryothers="on" encoded="" />
</node>
<!-- remove this ssh Node credential (note other credential attributes are omitted) -->
<node name="nodeName1" >
<credential protocol="ssh" />
</node>
<!-- remove this ssh Default2 credential (note other credential attributes are omitted) -->
<node name="@default2" >
<credential protocol="ssh" />
</node>
</nodelist>
COMMAND LINE EXAMPLES
You may specify an XML file (with format examples as shown above) as
the input to mxnodesecurity CLI for the Add(and/or Modify) and Remove
command options shown below. To verify node credentials have been
added or removed, you may use the -l option to list the current
Default and Node credentials.
To Add or Modify Default and Node credentials.
mxnodesecurity -a -f xmlfilename
To Remove Default and Node credentials.
mxnodesecurity -r -f xmlfilename
AUTHOR
mxnodesecurity was developed by the Hewlett-Packard Company.
SEE ALSO for HP-UX
mxnodesecurity(1M)
SEE ALSO for Linux
mxnodesecurity(8)