The API key was deleted from Maximo Manage after an installation or after a new user is created in Manage to test the post implementation. It is no longer possible to create a new user and change the password in Maximo core due to API Key error.
The following errors are generated in the Manage UserSynchAgent log:
Exception: [customer_system_hostname maxadmin] synched: status_code: 400 r.text Error 400: BMXAA9549E - The API key token is invalid. Either the token may have expired or the token has been revoked by the administrator.
2022-09-12 05:17:04,321 usersync-agent-manage INFO Attempt: 1 of 5
2022-09-12 05:17:34,332 usersync-agent-manage INFO Sync user maxadmin, status PENDING
2022-09-12 05:17:34,333 usersync-agent-manage INFO [customer_system_hostname maxadmin] Sync user url: https://hostname.mas-systemname-manage.svc/meaweb/es/MASSYNC/MASPERUSER?clientcert=1, method: POST, headers: {'content-type': 'application/json'}
2022-09-12 05:17:34,334 usersync-agent-manage INFO [customer_system_hostname maxadmin] Sync user data: {'_id': 'maxadmin', 'added': {'appId': 'manage', 'timestamp': '2022-09-11T18:38:39.979923'}, 'addresses': [], 'applications': {'assist': {'sync': {'reason': '', 'state': 'SUCCESS', 'timestamp': '2022-09-12T05:15:52.671155'}}, 'health': {'sync': {'reason': '', 'state': 'SUCCESS', 'timestamp': '2022-09-12T05:15:52.671155'}}, 'hputilities': {'sync': {'reason': '', 'state': 'SUCCESS', 'timestamp': '2022-09-12T05:15:52.671155'}}, 'iot': {'sync': {'reason': '', 'state': 'SUCCESS', 'timestamp': '2022-09-12T05:15:52.671155'}}, 'manage': {'sync': {'reason': '', 'state': 'PENDING', 'timestamp': '2022-09-12T05:15:52.671155'}}, 'monitor': {'sync': {'reason': '', 'state': 'SUCCESS', 'timestamp': '2022-09-12T05:15:52.671155'}}, 'optimizer': {'sync': {'reason': '', 'state': 'SUCCESS', 'timestamp': '2022-09-12T05:15:52.671155'}}, 'predict': {'sync': {'reason': '', 'state': 'SUCCESS', 'timestamp': '2022-09-12T05:15:52.671155'}}, 'safety': {'sync': {'reason': '', 'state': 'SUCCESS', 'timestamp': '2022-09-12T05:15:52.671155'}}, 'visualinspection': {'sync': {'reason': '', 'state': 'SUCCESS', 'timestamp': '2022-09-12T05:15:52.671155'}}}, 'displayName': 'MAXADMIN', 'emails': [{'primary': True, 'type': 'Work', 'value': 'user.name@domainname.com'}], 'entitlement': {'admin': 'NONE', 'alwaysReserveLicense': False, 'application': 'PREMIUM'}, 'familyName': '', 'givenName': '', 'issuer': 'local', 'owner': 'local', 'permissions': {'systemAdmin': False, 'userAdmin': False}, 'phoneNumbers': [], 'preferences': {'locale': {'country': None, 'language': None}, 'timezone': None}, 'sync': {'status': 'PENDING', 'timestamp': '2022-09-12T05:15:52.457726'}, 'title': '', 'token': '1000:d8a82d04c7981f0c1fd3c52d45ec14c0a64d6620a1be861f:a9bc1a2048612c00036b613716d1057452a72cb4a256cfce', 'updated': {'id': 'vPtB9WZdfm5USXuc9i57KpWL0jKUy3jO', 'timestamp': '2022-09-12T05:15:52.457726'}, 'username': 'maxadmin', 'workspaces': {'customer_system_hostname': {'applications': {'manage': {'role': 'MANAGEUSER'}}, 'permissions': {'workspaceAdmin': False}}}}
2022-09-12 05:17:34,417 usersync-agent-manage INFO [customer_system_hostname maxadmin] Sync user response: r.status: 400, r.text: Error 400: BMXAA9549E - The API key token is invalid. Either the token may have expired or the token has been revoked by the administrator.
2022-09-12 05:17:34,418 usersync-agent-manage INFO [customer_system_hostname maxadmin] synched: status_code: 400 r.text Error 400: BMXAA9549E - The API key token is invalid. Either the token may have expired or the token has been revoked by the administrator.
2022-09-12 05:17:34,418 usersync-agent-manage ERROR [maxadmin] Got exception: [customer_system_hostname maxadmin] synched: status_code: 400 r.text Error 400: BMXAA9549E - The API key token is invalid. Either the token may have expired or the token has been revoked by the administrator.
2022-09-12 05:17:34,418 usersync-agent-manage ERROR Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/mas/utils/usersync/usersync.py", line 242, in doSync
agent.syncUser(user)
File "/opt/ibm/usersync/agent.py", line 75, in syncUser
raise Exception(errMsg)
Symptom
The MAS "usersync" pod should show all the affected users.
Cause
The APIKEY in MAS Manage is invalid and needs to be regenerated.
Environment
MAS Manage
Diagnosing The Problem
Running the following SQL query confirms that the table is empty.
select * from apikeytoken;Also checked to ensure that 2 default users like MAXADMIN and MXINTADM are already synchronised with Manage.
Resolving The Problem
1. Before actioning step #2, get a copy of the apikeytoken records (with other fields besides apikey) ofclientcert=1
Run SQL command:
select * from apikeytoken where clientcert=1
2. R- run the insertapikey commands as list below to re-insert the records, then make a copy of the apikeytoken records for those clientcert=1
Execute the remediation step for the APIKEY by running the following commands from the maxinst POD:
cd /opt/IBM/SMP/maximo/tools/maximo
./insertapikey.sh -v'${MANAGE_APIKEY}' -m'prop:mxe.int.dfltuser'
./insertapikey.sh -v'${MANAGE_APIKEY}, O=cert-manager' -m'prop:mxe.int.dfltuser'
./insertapikey.sh -v'${HEALTH_APIKEY}' -m'prop:mxe.MASUserSyncAgentUser'
./insertapikey.sh -v'${HEALTH_APIKEY}, O=cert-manager' -m'prop:mxe.MASUserSyncAgentUser'
./insertapikey.sh -v'${PMI_APIKEY}' -m'prop:mxe.PMIUser'
./insertapikey.sh -v'${PMI_APIKEY}, O=cert-manager' -m'prop:mxe.PMIUser'
./insertapikey.sh -v'${PMI_APIKEY_NEW}, O=cert-manager' -m'prop:mxe.PMIUser'
./insertapikey.sh -v'${PMI_APIKEY_NEW}' -m'prop:mxe.PMIUser'
./insertapikey.sh -v'${EU_APIKEY}' -m'prop:hputilities.health.user'
./insertapikey.sh -v'${EU_APIKEY}, O=cert-manager' -m'prop:hputilities.health.user'
./insertapikey.sh -v'${EU_APIKEY_NEW}, O=cert-manager' -m'prop:hputilities.health.user'
./insertapikey.sh -v'${EU_APIKEY_NEW}' -m'prop:hputilities.health.user'
Verify that the environment is operational following the APIKEY regeneration.
Reference Link: https://www.ibm.com/support/pages/node/6825891
No comments:
Post a Comment