Is it possible to connect an Operations Agent to two separate OBM as managers?

Hello,

 

I have been trying to connect a single OA to two separate OBMs, I did the SSL certificate trust part and there are no SSL problems, however when I test the agent from the second OBM, I get the following message:

 

Command:
ovdeploy -cmd "opcagt -status" -host oa.local -ovrg server
-----
Output:
ERROR: (depl-228) Could not get OS type.
(depl-400) Message returned from the target node:
Caller is not authorized to perform the requested operation.

Parents
  • Verified Answer

    Access to an Agent is defined with 2 things:

    1) MANAGER_ID in ovconf. Any OMI Server or to be more precise Agent that has this CoreID can access the agent.

    2) Flexible Management Policy. In this Policy its possible to define more coreIDs that have  access to an Agent.

    So in your case you need to create and deploy a flexible management policy from the first OBM server to allow access from the second one.

    https://docs.microfocus.com/itom/Operations_Bridge_Manager:2018.05/OMi/AdminGuide/Monitoring/PolicyTemplates/om_uc_pt_flexible_mgmt

    USe the exampel in the link to create your own policy:

    RESPMGRCONFIGS
    RESPMGRCONFIG DESCRIPTION "Enable manager1, manager2, and 192.168.1.3"
    SECONDARYMANAGERS
    SECONDARYMANAGER NODE IP 0.0.0.0 "manager1.example.com" 
                                      ID "e77b4992-5d78-753f-1387-c01230fe2648"
    SECONDARYMANAGER NODE IP 0.0.0.0 "manager2.example.com" 
                                      ID "68f01602-8bfa-7557-0403-8467ba97477a"
    ACTIONALLOWMANAGERS 
    ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager1.example.com" 
                                        ID "e77b4992-5d78-753f-1387-c01230fe2648"
    ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager2.example.com" 
                                        ID "68f01602-8bfa-7557-0403-8467ba97477a"
    ACTIONALLOWMANAGER NODE IP 192.168.1.3 
                                        ID "bc180332-d338-7557-0384-a10be68caa36"

    Be aware that you can allow several OBM server to deploy polices to an Agent. You need to take care about the "policy owner" id.  ovpolicy -list -level 4 will show you which server has deployed a policy.  only the policy owner is allowed to overwrite an existing policy.

    There is also an option to route messages of an agent to more than one OBM Server. Check out the Agent documentation and look for BACKUP_AMANAGERS variable-

Reply
  • Verified Answer

    Access to an Agent is defined with 2 things:

    1) MANAGER_ID in ovconf. Any OMI Server or to be more precise Agent that has this CoreID can access the agent.

    2) Flexible Management Policy. In this Policy its possible to define more coreIDs that have  access to an Agent.

    So in your case you need to create and deploy a flexible management policy from the first OBM server to allow access from the second one.

    https://docs.microfocus.com/itom/Operations_Bridge_Manager:2018.05/OMi/AdminGuide/Monitoring/PolicyTemplates/om_uc_pt_flexible_mgmt

    USe the exampel in the link to create your own policy:

    RESPMGRCONFIGS
    RESPMGRCONFIG DESCRIPTION "Enable manager1, manager2, and 192.168.1.3"
    SECONDARYMANAGERS
    SECONDARYMANAGER NODE IP 0.0.0.0 "manager1.example.com" 
                                      ID "e77b4992-5d78-753f-1387-c01230fe2648"
    SECONDARYMANAGER NODE IP 0.0.0.0 "manager2.example.com" 
                                      ID "68f01602-8bfa-7557-0403-8467ba97477a"
    ACTIONALLOWMANAGERS 
    ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager1.example.com" 
                                        ID "e77b4992-5d78-753f-1387-c01230fe2648"
    ACTIONALLOWMANAGER NODE IP 0.0.0.0 "manager2.example.com" 
                                        ID "68f01602-8bfa-7557-0403-8467ba97477a"
    ACTIONALLOWMANAGER NODE IP 192.168.1.3 
                                        ID "bc180332-d338-7557-0384-a10be68caa36"

    Be aware that you can allow several OBM server to deploy polices to an Agent. You need to take care about the "policy owner" id.  ovpolicy -list -level 4 will show you which server has deployed a policy.  only the policy owner is allowed to overwrite an existing policy.

    There is also an option to route messages of an agent to more than one OBM Server. Check out the Agent documentation and look for BACKUP_AMANAGERS variable-

Children