HI,
Is there an option to monitor the use of NAAF licenses? We are thinking about a REST call that allows us to see the existing licenses and those consumed in order to generate an alarm when the number of available licenses is low.
Regards
Cybersecurity
DevOps Cloud
IT Operations Cloud
HI,
Is there an option to monitor the use of NAAF licenses? We are thinking about a REST call that allows us to see the existing licenses and those consumed in order to generate an alarm when the number of available licenses is low.
Regards
Hi José Luis,
You can get a count of users per repository with SLAnalyzer…
https://portal.microfocus.com/s/article/KM000007063?language=en_US
After installation of SLAnalyzer
Tools->Advanced Authentication->REST Client
When clicking the Execute button, on first access to the AA server, SLAnalyzer needs an endpoint to communicate with the AA server.
If one of the public endpoints is enabled then you can select one of these endpoints. Otherwise, you can click on SLAnalyzer and it will prompt you to create the endpoint. After debugging you can delete this endpoint if you like.
A warning message is displayed about this function requiring administrative access.
Now to perform this function we need to login.
After login SLAnalyzer will prompt for the repository name.
After the lookup completes SLAnalyzer will ask if you want to save the list of users to a file.
If you save the list to file then you can view the list of users with SLAnalyzer from the file/open menu. Or you can also just look at the packet data window to see the list of users.
Note that the API call that generates this information is limited to 50K so you might need to click the parameters button and change the page to get the next set of users. Also you would need to do this same function on all repositories to get a full count.
To get a full list of users in one sweep you could look at the user table of the database.
Again with SLAnalyzer perform the following steps.
Click on Tools->Advanced Authentication->Find Postgres User
SLAnalyzer needs the SSH credentials to access the database configuration. Select or add the server.
Login to SSH session
SLAnalyzer will display the postgres user for access
Save this information.
Now we need to access the database.
Click on Tools->SQL Browser
Enter information for server and credentials then click the connect button.
Now in the Query box type:
Select * from public.user;
Then click the execute button to submit the SQL command to the database
The total number of users that AA knows about are in this table. So your license will be based on the number of user records in this table.
There is also an Idea in the Ideas Portal you could add a comment and up vote so it can be seen by Product Management, so this can be added to a report in a future release:
User license consumption detailed report available in AA GUI
Thanks.
Regards,
Luciano Testa
Hi,
We have been working SLAnalyzer to see if we get the information we require.
If we see how to easily obtain the number of existing users in the repositories, but not the number of licenses consumed.
We do see the required information in the AAF Support Bundle, in the file licenseinfo.json:
Do you know if there is any specific call to obtain just that information? Something we can automate to monitor license usage by only getting this json instead of the entire bundle?
Regards
José Luis
Hello José Luis,
I found that information is extracted using the Admin API, specifically /rest/admin/api/licenses.
I still need more information on how exactly access this API.
Thanks.
Regards,
Luciano Testa
Hello José Luis,
SLAnalyzer is querying the database with this:
Select * from public.license;
For this option to work you have to either SSH to the server directly and then use psql to query the DB….
docker exec aaf_audb_1 psql -U root -d aucore_prod -P pager=off -c "<SQL_COMMAND>;"
You can also get it through the admin api, as we have said before and I suspect this is the way you are more interested on:
/rest/admin/api/licenses
You have to issue a command to the server. The server returns a cookie, then the cookie must be used to subsequent calls to the server.
You can get the CSRF Token and Cookie with the following call:
Type:
POST
Path:
"/user/api/auth"
Headers:
Payload:
{
"event" : "AdminUI",
"logon_process_id" : null,
"custom_session" : "",
"user_name" : "admin",
"method_id" : "PASSWORD:1" , (NOTE: This is only if the admin is configured to use local password)
"data" : { "password" : "<Admin Password>"},
"tenant_name" : "<Tenant Name>"
}
Response Headers:
Cache-Control →no-cache
Cache-Control →no-store
Connection →keep-alive
Content-Length →1010
Content-Security-Policy →frame-ancestors 'self'
Content-Type →application/json
Date → <Timestamp>
Pragma →: no-cache
Server →openresty
*****Set-Cookie →session= <Cookie>*******
Path=/; secure; HttpOnly
Strict-Transport-Security →max-age=63072000; includeSubdomains; preload
******X-CSRF-Token →<CSRF Token>******
X-Frame-Options →SAMEORIGIN
Hope that helps.
Thanks.
Regards,
Saludos.
Luciano Testa
If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button
Thanks a lot Luciano!
I'm going to try these options.
Regards
Hi Luciano,
We are testing this steps and after successfully get the Cookie and CSRF Token, we are unable to perform a valid request to de admin API.
Can you share a request example or tell us what parameters do we need to specify on the request body?
Regards,
Rodrigo
Solved!
Seems like with a GET request without any body we receive all the licenses info.
Do you know if there is any parameters to get specific method licenses or similar? Would be a very valuable info.
Regards,
Rodrigo
Hi Luciano,
I'm back with this as our customer is asking us for a detailed list of users consuming license, and not only a number.
I was able to extract using SLAnalyzer and Admin API the list of enrolled users, but doesn't match with the total consumed licenses:
Do you know if there is any option to get a detailed user list of this 2509 consumed licenses?
Regards,
Rodrigo
Hello Rodrigo,
I don't think there is something else or extra we can do here.
Please also check the linked authenticators, if that is on then users can be deleted but these authenticators will still use licenses.
Thanks.
Regards,
Luciano Testa
Hello Luciano,
Thank you for your answer.
After checking the lists generated with SLAnalyzer ( Enrolled Users & Deleted Users) I found that some deleted users are still on the Enrolled Users list.
After filtering them the resulting users number matches with the users consuming license of the management portal.
Would be nice to confirm if this is how consumed licenses is calculated to be sure is not a coincidence
Thank you!
Rodrigo