RT Trouble Ticket Plugin

From OpenNMS

Contents 1 What 2 RT's Web Interface via SSL with a self-signed certificate 3 Create an RT user for OpenNMS 4 Configure $OPENNMS_HOME/etc/rt.properties 5 Configure $OPENNMS_HOME/etc/opennms.properties 6 Restart OpenNMS 7 Version History/Availability

What

OpenNMS 1.6.2 introduces support for Best Practical's RT [1] (Request Tracker) in the trouble ticketing API. This document explains how to accomplish a basic configuration and circumvent a problem that is likely to crop up in a number of environments.

RT's Web Interface via SSL with a self-signed certificate

If your RT instance happens to be accessible only via secure HTTP and is using a self-signed certificate, you will run into these sorts of problems:

2009-01-16 09:57:01,351 ERROR [OpenNMS.TroubleTicketer] RtTicketerPlugin: IO 
exception attempting to logon to RT: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid 
certification path to requested target
2009-01-16 09:57:01,351 ERROR [OpenNMS.TroubleTicketer] RtTicketerPlugin: Failed 
to create or update RT
ticketorg.opennms.api.integration.ticketing.PluginException: Received no ticket 
number from RT
2009-01-16 09:57:01,351 ERROR [OpenNMS.TroubleTicketer] 
DefaultTicketerServiceLayer: Unable to create ticket for alarm: Failed to create 
or update RT ticket

A solution to this is to generate a new keystore that includes the certificate from your RT instance. I did this using code available at this blog[2]. Download the code and have a look at it to ensure you don't have security concerns. Then assuming you have the JDK,

Compile:

javac InstallCert.java

Execute:

java -cp . InstallCert your.rthost.com

Verify the details to ensure this is the certificate you want to trust. If so, send a carriage return at the [1] prompt:

Enter certificate to add to trusted keystore or 'q' to quit: [1]

If all goes well, you will end up with a new file called jssecacerts:

ls -al jssecacerts
-rw-r--r-- 1 root root 50571 2009-01-16 14:49 jssecacerts

This should be moved to $JAVA_HOME/jre/lib/security or your local equivalent.

OpenNMS should now accept the certificate.

Create an RT user for OpenNMS

There will need to be a valid user with the appropriate Rights to create and manipulate tickets in the queue you intend to use with OpenNMS. ('OpenNMS' isn't a bad username!). The OpenNMS user should have at least the following Rights for the queue configured (this list may be wrong):

CreateTicket
DeleteTicket (needed only if opennms must be able to set a ticket status to "deleted")
ModifyTicket
ShowTicket

Depending on how you configure the status options for the RtTicketerPlugin, you may need additional Rights.

Configure $OPENNMS_HOME/etc/rt.properties

Modify $OPENNMS_HOME/etc/rt.properties with the desired parameters. A brief explanation of the options that ship with 1.6.2:

rt.baseURL=

This is the URL of your RT instance's web interface (i.e., http://rt.yoursite.net, https://rt.yoursite.net).

rt.username=

This is a valid username in your RT instance. It seems sensible to create a new user to be used only by OpenNMS.

rt.password=

The password for the above username in your RT instance.

rt.queue=

The queue in RT that OpenNMS will use for ticket creation.

rt.requestor=

This assigns the Requestor E-mail address in RT. It seems sensible to use the E-mail address supplied for the user that OpenNMS will be using.

rt.validopenstatus=

When you view an Alarm in OpenNMS, a ticket will be displayed as 'OPEN' if it has a status listed here. Example: "new,open". The status must match a legitimate status in RT.

rt.validclosedstatus=

When you view an Alarm in OpenNMS, a ticket will be displayed as 'CLOSED' if it has a status listed here. Example "resolved". The status must match a legitimate status in RT.

rt.validcancelledstatus=

When you view an Alarm in OpenNMS, a ticket will be displayed as 'CANCELLED' if it has a status listed here. Example "rejected". The status must match a legitimate status in RT.

rt.openstatus=

The status that OpenNMS will use for tickets it creates. Example: "new". The status must match a legitimate status in RT.

rt.closedstatus=

The status that OpenNMS will set tickets it "closes" to. Example: "resolved". The status must match a legitimate status in RT.

rt.cancelledstatus=

The status that OpenNMS will set tickets it "cancels" to. Example: "rejected". The status must match a legitimate status in RT.

rt.timeout=

How long OpenNMS will wait for RT's web interface to respond.

rt.retry=

How many times OpenNMS should retry if it fails to reach the RT web interface.

Example configuration:

rt.baseURL=https://rt.yoursite.net
rt.username=OpenNMS
rt.password=0p3nnm5
rt.queue=NetworkMonitoring
rt.requestor=opennms@yoursite.net
rt.validopenstatus=new,open
rt.validclosedstatus=resolved
rt.validcancelledstatus=rejected,deleted
rt.openstatus=new
rt.closedstatus=resolved
rt.cancelledstatus=deleted
rt.timeout=6000
rt.retry=0

Configure $OPENNMS_HOME/etc/opennms.properties

Activate the appropriate ticketing plugin with the desired settings in $OPENNMS_HOME/etc/opennms.properties:

opennms.ticketer.plugin=org.opennms.netmgt.ticketer.rt.RtTicketerPlugin
# The above line should replace the NullTicketerPlugin.
opennms.alarmTroubleTicketEnabled = true
opennms.alarmTroubleTicketLinkTemplate = <a href="https://rt.yoursite.net/Ticket/Display.html?id=${id}">${id}</a>

Restart OpenNMS

After you restart OpenNMS, the ticketing plugin should be working.

Version History/Availability

• This feature was added in version 1.6.2