Solved: Access Databases LMS 4.2 with jython script ( Integration with HP uCMDB )

MSCHURR_2 · ‎12-17-2012

Questions / Integration Adapter Cisco Prime.

There is an integration adapter for HP uCMDB to get CI information from Cisco Works (Prime whatever ….).

We set up a user for CW according to “Open Database Schema Support in Cisco Prime LAN Management Solution 4.2” , page 1ff.

According to this document we created a user lmsdatafeed. If we run this integration from HP uCMDB / DDM we can connect to rmeng database using jmx to port 43455, but we have not sufficient privileges to get all the needed information.

We tried to connect with a user that has full rights (Admin User), but we cannot connect at all with this user.

We use Cisco Prime LMS 4.2 and we want to have our network devices as Configuration Items (CI's) in our HP uCMDB

Our question:

Would it be save to give more privileges to the user lmsdatafeed ?

And if yes: How can this be done ?

Is it possible to give an admin user the rights to connect by jmx/jdbc ?

Below I post the communication protocol of the adapter, connection is OK and the first select statement to, but them this user doesn't have enough privileges. The error messages are in german for some reason ... (means: "User has not sufficient privileges to selet from DM_Dev_State")

Any help is appreciated !

==== snip =====

execution jobId="DS_CiscoPrime_CiscoWorks NetDevices" destinationid="e6ac2661c751b23929fb1cf4f97a536f">

</destination>

<attribute name="protocol_username" type="String">lmsdatafeed</attribute>

<attribute name="protocol_netaddress" type="String">DEFAULT</attribute>

<attribute name="protocol_type" type="String">sqlprotocol</attribute>

<attribute name="sqlprotocol_dbtype" type="String">Sybase</attribute>

</object>

</protocol>

</params>

</ClientProperties>

</CONNECT>

<log start="9:43:6" severity="debug">[CiscoWorks_NetDevices.py:DiscoveryMain] Connected to CiscoWorks LMS Resource Manager Essentials database at port <43455>...</log>

<log start="9:43:6" severity="debug">[CiscoWorks logger] [CiscoWorks_NetDevices.py:getNetworkDevices] Got <214> Network Devices...</log>

<log start="9:43:6" severity="debug">[CiscoWorks logger] [CiscoWorks_NetDevices.py:getNetworkDevices] Got <1> chunks...</log>

<CMD>[CDATA: SELECT TOP 250 START AT 1 netdevices.Device_Id, deviceState.NetworkElementID, netdevices.Device_Display_Name, netdevices.Host_Name, netdevices.Device_Category, netdevices.Device_Model, netdevices.Management_IPAddress, deviceState.Global_State FROM lmsdatagrp.NETWORK_DEVICES netdevices JOIN dba.DM_Dev_State deviceState ON netdevices.Device_Id=deviceState.DCR_ID]</CMD>

<message>[CDATA: SQL Anywhere-Fehler -121: Berechtigung verweigert: Sie haben nicht die Berechtigung, aus "DM_Dev_State" auszuwählen]</message>

</stacktrace>

</ERROR>

</EXEC>

<log start="9:43:6" severity="error">Failed executing query: <SELECT TOP 250 START AT 1 netdevices.Device_Id, deviceState.NetworkElementID, netdevices.Device_Display_Name, netdevices.Host_Name, netdevices.Device_Category, netdevices.Device_Model, netdevices.Management_IPAddress, deviceState.Global_State FROM lmsdatagrp.NETWORK_DEVICES netdevices JOIN dba.DM_Dev_State deviceState ON netdevices.Device_Id=deviceState.DCR_ID> on <172.28.193.55> Exception: Traceback (most recent call last): File "ciscoworks_utils", line 60, in doQuery com.sybase.jdbc2.jdbc.SybSQLException: com.sybase.jdbc2.jdbc.SybSQLException: SQL Anywhere-Fehler -121: Berechtigung verweigert: Sie haben nicht die Berechtigung, aus "DM_Dev_State" auszuwählen</log>

<log start="9:43:6" severity="warn">[CiscoWorks_NetDevices.py:getNetworkDevices] No Network Devices found in chunk <0></log>

<log start="9:43:6" severity="debug">Closing JDBC connections...</log>

<results_for_add_or_update>

</results_for_add_or_update>

<results_for_delete>

</results_for_delete>

</results>

</execution>

===== snip ======

Michel Hegeraat · ‎01-09-2013

No, only cli on the server

You can set a password for each database, or one password for all using the \CSCOpx\bin\dbpasswd.pl

A random generated password is used during installation unless you provided one.

These users are either part of the installed databases or created during installation. Not sure.

I have never tried to alter these users since they are used by the LMS applications, nor to add new users to the database.

.

Since these users are SA/DBA you should be able to do and break anything you like on the databases :-)

Cheers,

Michel

View solution in original post

Michel Hegeraat · ‎12-19-2012

Reading a database can DOS your LMS, but no permanent damage done.

This doc will tell you about the databases available

https://supportforums.cisco.com/docs/DOC-8796

You can set a password for each database, or one password for all using

\CSCOpx\bin\dbpasswd.pl

Each databse has it's own SA user

if ($dsn eq 'ani' ){$uid = 'cwsiSA' ; }

if ($dsn eq 'cmf' ){$uid = 'cmfDBA' ; }

if ($dsn eq 'rmeng' ){$uid = 'DBA' ; }

if ($dsn eq 'dfmEpm'){$uid = 'itemEpmUser'; }

if ($dsn eq 'dfmInv'){$uid = 'itemInvUser'; }

if ($dsn eq 'dfmFh' ){$uid = 'itemFhUser' ; }

if ($dsn eq 'opsxml'){$uid = 'DBA' ; }

if ($dsn eq 'upm' ){$uid = 'dba' ; }

This should allow you to get the data

Do keep in mind that all tables (except the views defined for lmsdatafeed) are subject to change.

Cheers,

Michel

Joe Clarke · ‎12-19-2012

You are trying to select data from a table for which you do not have access. The DM_Dev_State table is not part of the exported lmsdatafeed views. The only available views are listed at

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/database_schema/dbviews_42.html . There is no way to allocate more privileges to the lmsdatafeed user.

MSCHURR_2 · ‎01-08-2013

Thanks gents ! Should it be possible to run such a script with an admin user ?

Michel Hegeraat · ‎01-08-2013

No,

You will need to use the database DBA / SA 'System Administrator' login.

This is not related to a login in the LMS application

Cheers,

Michel

MSCHURR_2 · ‎01-09-2013

thanks a lot. Can I simply configure this user using the GUI ? Or is this a special user that is created during installation ?

And how can I get information about this user ?

Michel Hegeraat · ‎01-09-2013

No, only cli on the server

You can set a password for each database, or one password for all using the \CSCOpx\bin\dbpasswd.pl

A random generated password is used during installation unless you provided one.

These users are either part of the installed databases or created during installation. Not sure.

I have never tried to alter these users since they are used by the LMS applications, nor to add new users to the database.

.

Since these users are SA/DBA you should be able to do and break anything you like on the databases :-)

Cheers,

Michel

MSCHURR_2 · ‎01-21-2013

Hi Michel,

using the internal DBA Users solved our problems. Thank you very much for your help