Hitachi

JP1 Version 12 JP1/Automatic Operation Service Template Reference


2.5.34 Add operational user(SYSTEM)

Function

This service template adds OS users and JP1 users, and performs peripheral settings.

It is used to facilitate tasks that are performed when administrative users are added, such as when job execution servers are added in a job execution environment.

It is enabled in the following systems:

• Systems in which jobs are executed by an agent server in a job execution environment that uses JP1/AJS3.

• Systems in which automated actions are performed and commands are executed on an agent server in a monitoring environment that uses JP1/IM.

This service template assumes that the following servers are being used.

• JP1 authentication server

Servers running a JP1/Base authentication server. These manage JP1 user information.

• Agent server

Servers on which JP1/Base is installed, and that execute jobs and perform automated actions.

To add administrative users (OS users and JP1 users) to the above systems, the following tasks are performed.

(1) OS users are added (agent server)

(2) JP1 users and operating permissions are set (JP1 authentication server)

(3) User mapping is set (agent server)

Prerequisites

For the latest support information about [Required product in the System]/[Prerequisite products in the system executing the service template]/[Prerequisite product OS running in the system executing the service template], see the release notes.

[Required product in the System]

JP1/Automatic Operation 12-00 or later

[Prerequisite products in the system executing the service template]

(1) The following version of JP1/Base is running on the JP1 authentication server and the agent server:

Job Management Partner 1/Base 09-00 or later, or

JP1/Base 11-00 or later

[Prerequisite product OS running in the system executing the service template]

(1) Windows Server 2008 R2 Standard/Enterprise/Datacenter

(2) Windows Server 2012 Standard/Datacenter, Windows Server 2012 R2 Standard/Datacenter

(3) Windows Server 2016 Standard/Datacenter

(4) Windows Server 2019 Standard/Datacenter

(5) Red Hat Enterprise Linux Server 6 (32-bit x86), Red Hat Enterprise Linux Server 6 (64-bit x86_64)

(6) Red Hat Enterprise Linux Server 7 (64-bit x86_64)

(7) Red Hat Enterprise Linux Server 8 (64-bit x86_64)

(8) AIX V6

(9) AIX V7

[Usage conditions of prerequisite products in the system]

(1) The following files to be transferred to the JP1 authentication server are stored in a folder on the JP1/AO server. In the property ao.confPath, specify the path of the folder where you want to store these files. Make the linefeed code of the files to be stored consistent with the OS specifications of the JP1 authentication server.

• User permission level file (JP1_UserLevel)

[Usage conditions of prerequisite products in the system executing the service template]

(1) The authentication server of the connection destination is set in JP1/Base on the agent server.

(2) The user permission level file is transferred to the folders specified in properties Windows.targetTmpPath and Linux.targetTmpPath. If no folder is found at the specified path, a folder is created and the files are transferred. The specified folder is not deleted.

(3) If JP1/Base on the agent server has a cluster configuration, the service can only be executed on the active server environment. If a JP1 authentication server has a cluster configuration, settings made in the active system are reflected in the standby system.

Cautions

(1) To work with OS users of the domain environment, set property OS.userType to domain.

(2) If you are executing this service in a UNIX environment, do not use multibyte characters in properties.

(3) If you specify multibyte characters and the agent server OS is Windows, specify the following parameters to be the lengths indicated.

Path of the JP1/AO server's definition file storage folder: 242 bytes

Agent server temporary folder (Windows): 242 bytes

OS user name: 20 bytes

OS user password: 64 bytes

OS user password re-entry: 64 bytes

OS user full name: 256 bytes

OS user comment: 256 bytes

OS user group name: 256 bytes

(4) If no folder is found in the path specified in remote, a folder is created. The created folder is left undeleted. If it is not used periodically, delete it.

(5) In order to execute this service, the JP1/AO server (loopback address resolved by localhost) and the server that is the connection destination must be set as agentless connection destinations.

(6) If this service is executed for a Windows environment and the specified OS user already exists, the existing OS user is used. Note that the group settings of the OS user are made, but the password of the OS user is not changed.

(7) If this service is executed for a UNIX environment and the specified OS user already exists, the existing OS user is used. The password of the OS user is changed, but the OS user group settings and home directory remain unchanged.

Version

03.00.00

Tags

Configure JP1,Base

Property list

The following shows the list of the property groups set in the property:

Property group

Description

Initial display

System environment information

Specify agent server environment information, and definition files needed to add a JP1 user.

Y

OS user information

Specify the OS user information to be added.

Y

JP1 authentication server information

Specify the JP1 authentication server information for the JP1 user to be added.

Y

JP1 user information

Specify the information for the JP1 user to be added.

Y

The following shows the list of the properties to be displayed in the "Service Definition" window:

(Legend)

R: The property must be specified.

O: The property can be omitted. However, the property might be mandatory depending on what is specified for other properties. See the Description of each property.

Property key

Property name

Description

I/O type

Shared

Required

Property group

jp1base.certHost

Host name of the JP1 authentication server

Specify the host name of the JP1 authentication server. Specify the physical host name of primary server or the logical host name of JP1/Base (when using JP1/Base in a cluster configuration).

Input

Disabled

R

JP1 authentication server information

jp1base.certHostLHostName

Logical host name of JP1 authentication server

Specify the logical host name of the JP1 authentication server (when the JP1 authentication server is in a cluster configuration).

Input

Disabled

O

JP1 authentication server information

ao.confPath

Folder containing JP1/AO server definition files

Specify the folder on the JP1/AO server containing the definition (configuration) files to be transferred to the JP1 authentication server, by the folder's full path.

Input

Disabled

R

System environment information

windows.targetTmpPath

Temporary folder on agent server (Windows)

Specify the location of the temporary folder used as the destination for definition files transferred to the agent server, by the folder's full path. This property is mandatory when the agent server is running Windows.

Input

Disabled

O

System environment information

Linux.targetTmpPath

Temporary directory on agent server (UNIX)

Specify the location of the temporary directory used as the destination for definition files to be transferred to the agent server, by the directory's full path. This property is mandatory when the agent server is running UNIX.

Input

Disabled

O

System environment information

The following shows the list of the properties to be displayed on the "Service Definition" window and the "Submit Service" window:

Property key

Property name

Description

I/O type

Shared

Required

Property group

common.targetHost

Agent server host name

Specify the host name or IP address of the agent server. You cannot specify an IPv6 address. Specify the physical host name of primary server or the logical host name of business server (when using business server in a cluster configuration).

Input

Disabled

R

System environment information

jp1base.jp1BaseLHostName

Logical host name of JP1/Base

Specify the logical host name of JP1/Base on the agent server (if JP1/Base is used in a cluster configuration).

Input

Disabled

O

System environment information

OS.osUserName

OS user name

Specify the name of the OS user to create on the agent server.

Input

Disabled

R

OS user information

OS.osUserPassword

OS user password

Specify the password of the OS user.

Input

Disabled

R

OS user information

OS.osUserPasswordReEnter

Enter the OS user password again

Enter the OS user password again.

Input

Disabled

R

OS user information

OS.userFullName

Full name of OS user

Specify the full name of the OS user. This property only takes effect when the agent server is running Windows.

Input

Disabled

O

OS user information

OS.homeDirectory

Home directory of OS user

Specifies the full path of the OS user's home directory. This property is valid only if the OS of the agent server is UNIX.

Input

Disabled

O

OS user information

OS.userComment

Comment

Specify any relevant comments about the OS user.

Input

Disabled

O

OS user information

OS.osGroupName

OS user group name

Specify the name of the existing group to which the OS user belongs.

Input

Disabled

R

OS user information

OS.userType

OS user type

Specify "local" or "domain" as the OS user type. This property only takes effect when the agent server is running Windows.

Input

Disabled

O

OS user information

jp1base.jp1UserName

JP1 user name

Specify the name of the JP1 user you want to create on the JP1 authentication server.

Input

Disabled

R

JP1 user information

jp1base.jp1UserPassword

JP1 user password

Specify the password of the JP1 user.

Input

Disabled

R

JP1 user information

jp1base.jp1UserPasswordReEnter

Enter the JP1 user password again

Enter the JP1 user password again.

Input

Disabled

R

JP1 user information

jp1base.serverHostName

Mapping definition host name

Specify the host name or * for defining the user mapping of the agent server. Do not specify an IP addr. Note that the operation will succeed even if you specify an IP. In the case of a cluster, specify the physical or logical host of the active server.

Input

Disabled

R

JP1 user information

The following shows the restrictions on inputs to the properties displayed in the "Service Definition" window:

Property key

Characters that can be input

jp1base.certHost

A maximum of 255 characters can be entered. Characters that can be used include alphanumeric characters, as well as . and -.

jp1base.certHostLHostName

A maximum of 255 characters can be entered. Characters that can be used include alphanumeric characters, as well as . and -.

ao.confPath

A character string of between 2 and 242 characters can be entered. It cannot include <, >, |, ;, &, *, ?, ", %, or a trailing trailing \ or /. In case of executing this service to UNIX, it cannot include multibyte character.

windows.targetTmpPath

A character string of between 2 and 242 characters can be entered. It cannot include <, >, |, ;, &, *, ?, ", %, /, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

Linux.targetTmpPath

A character string of no more than 32 characters can be entered. It cannot include <, >, |, ;, &, *, ?, ", %, `, or a trailing \ or /. In case of executing this service to UNIX, it cannot include multibyte character.

The following shows the restrictions on inputs to the property displayed on the "Service Definition" window and the "Submit Service" window:

Property key

Characters that can be input

common.targetHost

A maximum of 255 characters can be entered. Characters that can be used include alphanumeric characters, as well as . and -.

jp1base.jp1BaseLHostName

A maximum of 255 characters can be entered. Characters that can be used include alphanumeric characters, as well as . and -.

OS.osUserName

A character string of no more than 20 characters can be entered. It cannot include <, >, |, ;, &, `, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

OS.osUserPassword

A character string of no more than 64 characters can be entered. It cannot include <, >, |, ;, `, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

OS.osUserPasswordReEnter

A character string of no more than 64 characters can be entered. It cannot include <, >, |, ;, &, *, ?, ", %, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

OS.userFullName

A character string of no more than 256 characters can be entered. It cannot include <, >, |, ;, &, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

OS.homeDirectory

A character string of between 7 and 255 characters can be entered. It cannot include <, >, |, ;, &, *, ?, ", %, `, or a trailing \ or /. In case of executing this service to UNIX, it cannot include multibyte character.

OS.userComment

A character string of no more than 256 characters can be entered. It cannot include <, >, |, ;, &, `, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

OS.osGroupName

A character string of no more than 256 characters can be entered. It cannot include <, >, |, ;, &, `, or a trailing \. In case of executing this service to UNIX, it cannot include multibyte character.

OS.userType

Select one of the following values:

local,domain

jp1base.jp1UserName

A maximum of 31 characters can be entered. Characters that can be used include alphanumeric characters, as well as !, #, $, %, ', -, @, _, ~.

jp1base.jp1UserPassword

A character string of between 6 and 32 characters can be entered. Characters that can be used include alphanumeric characters, as well as !, #, $, %, ', -, /, =, ?, @, [, ], ^, _, {, } and ~.

jp1base.jp1UserPasswordReEnter

A character string of between 6 and 32 characters can be entered. Characters that can be used include alphanumeric characters, as well as !, #, $, %, ', -, /, =, ?, @, [, ], ^, _, {, }, and ~.

jp1base.serverHostName

A maximum of 255 characters can be entered. Characters that can be used include alphanumeric characters, as well as . and -.

Flow specification details

The following table shows the detailed specification of the flow:

Hierarchy

Display name

Plug-in

Plug-in name

Description

Error recovery method

1

checkOS

Flow Plug-in

Determines the OS type of the JP1 authentication server or agent server.

--

1-1

Output OS type

Ascertains the OS of the JP1 authentication server.

Eliminate the cause of the error, and then re-execute the service.

1-2

Output OS type

Ascertains the agent server OS.

Eliminate the cause of the error, and then re-execute the service.

1-3

Output OS type

Outputs the OS of the JP1/AO server.

Eliminate the cause of the error, and then re-execute the service.

2

osAddUser

Flow Plug-in

Adds an OS user and sets the group.

--

2-3

Compatible Plug-in

Determines whether or not the OS is Windows.

Eliminate the cause of the error, and then re-execute the service.

2-4

Flow Plug-in

Adds users to an agent server (or agent server domain).

--

2-4-1

Add OS user (Windows)

Adds users to an agent server (or agent server domain). Added users are shown in the Computer Management - System Tools - Local Users and Groups - Users. Also, the full names of OS users are shown on the screen under Full name and the OS user comments under Description.

Eliminate the cause of the error, and then re-execute the service.

2-4-2

Set group of OS user (Windows)

Adds users created in the groups of an agent server (or agent server domain). Added groups can be displayed in the Member Of tab in the user property by double-clicking an added user name in Computer Management - System Tools - Local Users and Groups - Users.

Eliminate the cause of the error, delete the created OS users, and then re-execute the service.

2-5

Compatible Plug-in

Determines whether or not the OS is UNIX.

Eliminate the cause of the error, delete the created OS users, and then re-execute the service.

2-6

Flow Plug-in

Adds users to a specified server (or server domain).

--

2-6-1

Add OS user (Linux)

Adds users to a specified server (or server domain). The added users add lines to the /etc/passwd file. Also, it is possible to access the OS user's home directory in the 6th column of the line of the added user in this file, the OS user's comments in the 5th column of the same line in this file, and the group ID of the OS user's group specified in the 4th column of the same line in this file. The group name of the corresponding group ID can be accessed in the /etc/group file.

Eliminate the cause of the error, and then re-execute the service.

2-6-2

Change password for OS user

Sets up the password of an added user.

Eliminate the cause of the error, delete the created OS users, and then re-execute the service.

3

jp1baseAddJp1user

Flow Plug-in

Adds a JP1 user name and sets its mapping information.

--

3-3

Compatible Plug-in

Determines whether or not the OS is Windows.

Eliminate the cause of the error, delete the created OS users, and then re-execute the service.

3-4

Flow Plug-in

Adds JP1 user names.

--

3-4-1

Add JP1 user

Adds a JP1 user to an authentication server. Added users are listed in the JP1 user area in the User Mapping page of the JP1/Base Environment Settings dialog box.

Eliminate the cause of the error, delete the created OS users, and then re-execute the service.

3-4-2

Compatible Plug-in

Determines whether or not the OS of the JP1/AO server is Windows.

Eliminate the cause of the error, and then re-execute the service.

3-4-3

File-forwarding plug-in

Transfers a user permission level file to an authentication server. Transfers the JP1_UserLevel file at the path of the JP1/AO server's definition file storage folder to a temporary folder of an agent server.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-4-4

Compatible Plug-in

Determines whether or not the OS of the JP1/AO server is UNIX.

Eliminate the cause of the error, and then re-execute the service.

3-4-5

File-forwarding plug-in

Transfers a user permission level file to an authentication server. Transfers the JP1_UserLevel file at the path of the JP1/AO server's definition file storage folder to a temporary folder of an agent server.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-4-6

Set JP1/Base permissions

Configures JP1/Base operating permissions on a JP1 authentication server. The configured permission is shown on the list of Authority level for JP1 resource group area when a user name in the JP1 user area in the User Mapping page of the JP1/Base Environment Settings dialog box is clicked.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-4-7

Delete file

Deletes a transferred file. Deletes a JP1_UserLevel file in a temporary folder of an agent server.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-5

Compatible Plug-in

Determines whether or not the OS is Windows.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-6

Flow Plug-in

Configures JP1 user mapping information.

--

3-6-1

Change password management information in JP1/Base

Registers the passwords of OS users in JP1/Base. Users registered in password management are listed when the Set button is clicked in the Password management area in the User Mapping page of the JP1/Base Environment Settings dialog box.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-6-2

Add JP1/Base user mapping

Configures mapping of newly added JP1 users and newly added OS users. Configured JP1 user names and mapping definition host names are shown in the JP1 user area in the User Mapping page of the JP1/Base Environment Settings dialog box; when clicked, it displays the OS user names configured in List of OS users to be mapped area.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-7

Compatible Plug-in

Determines whether or not the OS is UNIX.

Eliminate the cause of the error, delete the created OS users, and then re-execute the service.

3-8

Flow Plug-in

Adds JP1 user names.

--

3-8-1

Add JP1 user

Adds a JP1 user to a JP1 authentication server. The added JP1 user can be checked with the jbslistuser command.

Eliminate the cause of the error, delete the created OS users, and then re-execute the service.

3-8-2

File-forwarding plug-in

Transfers a user permission level file to a JP1 authentication server. Transfers the JP1_UserLevel file at the path of the JP1/AO server's definition file storage folder to a temporary folder of an agent server.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-8-3

Set JP1/Base permissions

Configures JP1/Base operating permissions on a JP1 authentication server. The configured permission can be checked with the jbslistacl command.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-8-4

Delete file

Deletes a transferred file. Deletes a JP1_UserLevel file in a temporary folder of an agent server.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-9

Compatible Plug-in

Determines whether or not the OS is UNIX.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.

3-10

Flow Plug-in

Configures JP1 user mapping information.

--

3-10-1

Add JP1/Base user mapping

Configures mapping of newly added JP1 users and newly added OS users. Configured JP1 user names, mapping definition host names, and configured OS user names are shown respectively in the 1st, 2nd, and 3rd columns of the jbsgetumap command results.

Eliminate the cause of the error, delete the created OS users and JP1 users, and then re-execute the service.