How to send CABI reports to an SFTP Server

book

Article ID: 209215

calendar_today

Updated On:

Products

DX Infrastructure Management

Issue/Introduction

We would like to configure reports to be delivered automatically via SFTP to a Linux server.  How is this configured?

Environment

Release : 20.3

Component : UIM OPERATOR CONSOLE - CABI REPORTS AND INTEGRATION

Resolution

First, on the Linux server itself you will need to make some decisions:
- Which user to use for authentication on SFTP

- whether to use credential-based authentication or SSH-key authentication

- What location on the server to store the uploaded reports

Next, verify the user you have chosen has appropriate SFTP access (most users should have this by default unless your organization has changed it.)  You can test this as follows:

  • Log in to the Linux server as the user who will be configured to authenticate
  • type the command  “sftp (username)@localhost” where (username) is the same username you are logged in with
  • ensure that it will connect properly and lead to an sftp> prompt as in the following screenshot:

By default you will be logged into user’s home directory.  If you wish to store reports in some other folder, ensure that this user can access the folder:

  • Log into machine as this user
  • Use “cd” command to navigate to the folder in question
  • Type “touch testfile” to ensure a file can be created
  • If you receive a permission denied error make sure the user has write permissions to the folder

 

To use credentials-based authentication:

Choose some report which you want to schedule for SFTP delivery.  In this example we will choose At-A-Glance report.

In the “Schedule” tab choose the options you wish for the schedule-

.

In “Parameters” tab set the appropriate settings for the report you wish to run and then go to the “Output Options” tab:

Choose appropriate options for report type (PDF, XLSX, etc) and filename.  For recurring reports it is advisable to enable the ”Sequential file names by timestamp” option.

Scroll down and enter the appropriate options for SFTP server and click “Test Connection” to ensure the SFTP connection is established:

 

Now you can click Save and give the schedule a name and it should appear in the schedules list:

And after some time (depending on the schedule you chose) the report should appear in the given destination:

 

 

To use SSH-key based authentication:

If you wish to use SSH-key based authentication you will need to take the following steps:

 

  1. On the Linux server log in as the user you chose for credential purposes.  You will still need to designate a user for this purpose even though you won’t be using the user’s credentials directly.
  2. In the user’s home directory create a new folder called “.ssh” if this folder doesn’t already exist.
  3. Navigate (“cd”) into this directory and execute:

  >   ssh-keygen

  1. Immediately after running the ssh-keygen command, you'll be asked to enter a couple of values, including:
  • The file in which to save the private key (normally id_rsa). Just press Enter to accept the default value.

  • The passphrase - this is a phrase that functions just like a password to validate the key file. You'll need it later, so make sure it's a password you can easily recall.

When you complete this you will have a file called rsa_id and another called rsa_id.pub in the .ssh directory.

 

Now run the following commands:

> touch authorized_keys

> chmod 700 authorized_keys

> ssh-copy-id -i id_rsa.pub [email protected]

 

Where username is the username you are logged in as (the username which you will be using for credentials.)  You will be prompted for your password and then you should receive a message like:

Now Copy the rsa_id file (NOT the rsa_id.pub file!) to some location on your workstation which you use to access Operator Console/CABI.

 

Now log into CABI as superuser and go to View->Repository.  

 

Right-click on the “root/Public” folder and choose Add Resource->File->Secure File:

.

Click “Choose File”, browse to the rsa_id file and click “Submit” and you should then see the file uploaded in the Repository:

Now you will follow the same steps as above to schedule the report, but when you are setting up the SFTP settings you will not enter the username/password; instead, check the box for “SSH Key Authentication” and click “Browse…” to find the rsa_id file:

Enter the username but leave the password blank, and instead enter the passphrase you created earlier for your SSH key-

 

Now the report can be saved and it should be delivered as scheduled.

Additional Information

If there is any unexpected result, the log to consult for more information will be on the CABI robot - this is different depending on if you use bundled or external cabi but the log is jasperserver.log.

example location - C:\Program Files (x86)\Nimsoft\probes\service\wasp\webapps\cabijs\WEB-INF\logs\jasperserver.log

 

If the "Test Connection" button does not work - no error but it just hangs - you will need to make some adjustments to the file /etc/ssh/sshd_config on the destination Linux server.

The server admin will need to comment out or delete the following two lines if they are present:

GSSAPIAuthentication yes

GSSAPICleanupCredentials yes

Then restart sshd and the connection will succeed.

 

 

 

For more details about SSH/SFTP configuration see: https://www.jscape.com/blog/setting-up-sftp-public-key-authentication-command-line

Attachments