itop 1-2 admin guide

iTop 1.2 Administrator’s Guide

© 2010-2011 Combdo. All rights reserved

iTop 1.2 Administrator's Guide

2

Table of content Table of content ...................................................................................................................... 2 About iTop .............................................................................................................................. 4 Licensing ................................................................................................................................. 4 Related documentation ........................................................................................................... 5 Installing iTop ......................................................................................................................... 5

Software requirement .......................................................................................................... 5 Hardware requirement ........................................................................................................ 6 Download the iTop package ................................................................................................. 6 Install iTop .......................................................................................................................... 6 PHP and MySQL settings .................................................................................................... 12 Changing configuration options ......................................................................................... 13

Ready-only mode .......................................................................................................... 13 Migrating from version 1.0, 1.0.1, 1.0.2 or 1.1 ........................................................................ 13 Migrating from previous version 0.9 ...................................................................................... 14 iTop common usage .............................................................................................................. 14

Starting iTop ...................................................................................................................... 14 Managing users ..................................................................................................................... 15

Viewing Profiles ................................................................................................................. 16 Viewing users .................................................................................................................... 17 Creating a user .................................................................................................................. 18 Changing a user password ................................................................................................ 20

Managing Organizations ........................................................................................................ 20 Viewing the data model ........................................................................................................ 22 Running Object queries ......................................................................................................... 24 Enter OQL expression in the text area, and click on “Evaluate” to get the result. .................. 24 Managing Notification ........................................................................................................... 24

Creating an action ............................................................................................................. 25 Creating a trigger .............................................................................................................. 26

iTop Audit ............................................................................................................................. 30 Audit Categories ................................................................................................................ 30 Audit Rules........................................................................................................................ 30

iTop localization .................................................................................................................... 31 Data backup .......................................................................................................................... 31 Background tasks: cron.php .................................................................................................. 32

Scheduling cron.php on Windows ...................................................................................... 32 Scheduling cron.php on Linux/Unix ................................................................................... 32 Parameter file ................................................................................................................... 32

Integrating with other application ......................................................................................... 33 Using iTop from the command line.................................................................................... 33 How to export data out of iTop .......................................................................................... 33 Arguments ........................................................................................................................ 33 Data import and data synchronization............................................................................... 34 Using direct MySQL commands to populate the synchro_data_xxx table ............................ 35 How to specify a list of related objects (link set) .............................................................. 36 Data Source Definition ....................................................................................................... 37 Synchronized Configuration Items ..................................................................................... 37 What is the difference between CSV Import and Data Synchronization? ............................. 38 How to import data in iTop ............................................................................................... 39

Example of script for importing CSV data ....................................................................... 42


3

Soap web service for incident ticket creation .................................................................... 43 Example script for creating an Incident: ........................................................................ 43

Soap web service for user request ticket creation ............................................................. 44 Appendix A – Configuration parameters ................................................................................. 45 References ............................................................................................................................ 48


4

About iTop This document describes release 1.2 of iTop. iTop is a robust Open Source web 2.0 application that will help you to better support your IT. Development of iTop started in March 2006 in order to publish on the internet a completely open solution that would help enterprise to drive ITIL best practices implementation. The goal of the iTop community is to provide an alternative solution to expensive ITIL solutions sold by proprietary software vendors. At the early beginning of the project, the development team was focus on building the most complete CMDB (Configuration Management Data Base). One key objective was to make it as flexible as flexible in order to allow administrator to add and remove configuration items from the data model and manage as many relationships as they want. The development team also designed a powerful state machine that allows defining life cycle for whatever configuration items in the CMDB. Realizing that all concepts developed within the CMDB can be applied to all other ITIL best practices, the iTop community decided to extend them to Incident Management, Change Management and Service Management modules. Then iTop became an IT operational portal that helps all IT management team to support their environment by:

Documenting IT infrastructures and their relationships (servers, application, network…) Documenting IT incident and planned outages, as well as a known error database Documenting all IT services and contracts with external providers

iTop can be used by different type of profiles: Help Desk IT support engineers (1st level, 2nd level, 3rd level …) IT service managers IT managers

iTop is relying on Apache/IIS, MySQL and PHP, so it can run on whatever operating system supporting those applications. It had been tested already on Windows, Linux Debian and Redhat (It also runs on Solaris and MacOS X). iTop is a web based application therefore you don’t need to deploy client software on each user’s PC. A simple web browser is enough (IE 8+, FF 3.5+, Chrome or Safari 5+).

Licensing iTop is licensed under the terms of the GNU General Public License Version 3 as published by the Free Software Foundation. This gives you legal permission to copy, distribute and/or modify iTop under certain conditions. Read the ’license.txt’ file in the iTop distribution. iTop is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.


5

Related documentation All related documents are available on http://www.combodo.com/itopdocumentation

• “How to Setup LDAP Authentication with iTop” • “iTop Implementation Guide “ • “Localizing iTop” • “Customizing iTop 1.0” • “OQL Reference” • “iTop 1.0 user guide” • “How to migrate from 0.9 to 1.0”

Installing iTop

Software requirement iTop is based on MySQL and PHP (MySQL / PHP), it requires PHP 5.2 and MySQL 5, plus off-course a web server: you can use Apache or IIS. Some old Linux configuration appeared to be very slow when running MySQL in innoDB mode. If it’s the case, check your MySQL server configuration (/etc/mysql/my.cnf), and try to add the following line: innodb_flush_method = O_DSYNC Optional requirements: For LDAP authentication iTop requires the PHP LDAP module. For strong encryption of passwords iTop requires PHP mcrypt module. Installing the required software on Debian:

apt-get install apache2 apt-get install mysql-server apt-get install php5

Installing the required software on Redhat:

yum install apache yum install mysql yum install php5


6

Hardware requirement

Operating System Resource Minimum Recommended Linux Disk 5 Gb 20 Gb

RAM 1 Gb 2 Gb Processor 1 GHz (single Pentium) 2 GHz + (dual-core)

Windows Disk 5 Gb 20 Gb RAM 1 Gb 2 Gb Processor 1 GHz (single Pentium) 2 GHz + (dual-core)

Minimum screen size should be 1024*768 pixels full screen, but the higher the better.

Download the iTop package The latest version of iTop is currently 1.2, you can download it from SourceForge:

https://sourceforge.net/projects/itop/files/itop

Install iTop 1. Make sure that you have a properly configured instance of Apache/PHP running 2. Unpack the files contained in the zipped package in a directory served by your web

server. 3. Point your web browser to the URL corresponding to the directory were the files have

been unpackaged and follow the indications on the screen. For instance http://myserver, or http://myserver/itop/ if you have created a dedicated alias for iTop application

As a matter of fact, iTop package provides a step by step wizard to install the application. Step1 is checking all prerequisites for MySQL, PHP and all optional extension. If a prerequisite is missing a yellow bullet will inform you

https://sourceforge.net/projects/itop/files/itop�

http://myserver/�

http://myserver/itop/�


7

Figure 1 Step2, you have to accept the terms of the license agreement.

Figure 2

Step3, you have to enter information to access the MySQL database (server, user and password). MySQL user needs to have root privileges. The data base can be installed either on the same server or can be a remote host if you prefer to have a two tier architecture, or reuse an already installed instance of MySQL.

Figure 3


8

Step4, once your SQL credentials are checked you can create the database for iTop. You can either choose an existing one, or create a new one. You can also decide to prefix all iTop tables with a given name. This is useful when you want to run several instances of iTop with the same data base.

Figure 4

Step5, you have to select the modules you want to install. The “Configuration Management (CMDB) » module is mandatory. If you want to use Incident Management, User Request, Problem Management and Change Management modules, you need to install as well the Service Management module and the ticket module.


9

Figure 5

Step 6 lets you define administrator account for accessing the application. Don’t forget user login and password, as they are required to access the application and encrypted in the database. Moreover, you can define the default language for iTop.

Figure 6


10

Figure 7

Step7 let you configure the address (URL) used by iTop. You can adjust the default value if iTop will be accessed by the end-users from a different address than the one you’ve used for installing the application. For example you may install iTop by connecting to it locally (i.e. running the web browser directly from the server) by typing http://localhost/itop whereas the end-users will connect to iTop through a specific DNS name, e;g. http://itop.mycompany.com. If it’s the case, then adjust the address when prompted by the installation. Note: in case you have multiple virtual hosts pointing to iTop ; or you are using a test system running on DHCP and you want to connect anyway from another system, the “address” of the iTop server cannot be fixed at the installation. In this case you can use the placeholder $_SERVER_NAME_$ in the URL parameter. For example you can type: http://$_SERVER_NAME_£/itop as the URL to access the application. At runtime this value will be substituted by the corresponding SERVER_NAME for the current connection. Step8 lets you decide if you want to create sample data for testing purposes. This is very useful first time you install iTop. If you select “No”, database will be basically empty ready for loading your production data.

Figure 8

http://localhost/itop�

http://itop.mycompany.com/�

http://$_SERVER_NAME_£/itop�


11

Congratulation, you’ve successfully installed iTop!

Figure 9

Figure 10


12

PHP and MySQL settings iTop is capable of uploading and storing documents (i.e files) as attachments to various objects (Tickets, CIs…). These documents are stored as binary blobs in the iTop database. In order to be able to safely upload and store documents, several settings must be adjusted consistently across PHP and MySQL. In PHP, several variables govern the upload of files: file_uploads Set to 1 to allow file upload, to zero to prevent

all file uploads. upload_tmp_dir The temporary location (on the server) were

the uploaded files will be stored. Make sure that this parameter points to a location that is accessible (and writable) by the process running the web server (or by the end users in case of IIS with the Windows built-in authentication) and that there is enough space left.

upload_max_filesize The maximum size allowed. The value is expressed in bytes. You can use units like K for kilobytes (=1024 bytes), M for megabytes and G for gigabytes. Example: 4M stands for 4 megabytes.

max_file_uploads The maximum number of files that can be uploaded simultaneously in a single web page. iTop should normally upload only one file at a time. You can safely use the default value, which is 20.

post_max_size The maximum amount of data that can be sent to the server via a POST request. This value MUST BE bigger than upload_max_filesize, since the same request will contain some more information (the title of the document, an operation code…). So it’s better to put a bigger value here. For example is upload_max_filesize is 4M, then pout 5M for post_max_size.

memory_limit After being uploaded on the server, the file will be read in memory before being stored in the database. Therefore make sure that memory_limit (if enabled) is far bigger than upload_max_filesize.

max_input_time This value defines the maximum time allowed for the server to read its input. This includes the time spent uploading the files. The default of 60 seconds may be exceeded for uploading big files over slow connections.

The uploaded files are stored into the MySQL database, each file in one query. Therefore the maximum size allowed for a query MUST BE BIGGER than the maximum size of the uploaded file. This is configured via the variable max_allowed_packet in the my.cnf configuration file (on the MySQL server).


13

upload_max_filesize < post_max_size < max_allowed_packet < memory_limit

php.ini php.ini my.cnf php.ini

Changing configuration options The configuration parameters are stored in the file config-itop.php at the root of the iTop installation. Changing these parameters has an immediate effect on iTop, there is no need to restart the web server, just refresh the iTop web pages in your browser to take into account the new parameters. For the complete list of parameters refer to “Appendix A – Configuration parameters”, page 45.

Ready-only mode It is sometimes desirable (while performing some maintenance tasks for example) to make the iTop application read-only. Since version 1.0.2, two parameters can be used to control: whether or not the application is read-only (and for who), which message is displayed when the application is read-only. These 2 parameters are: access_mode and access_message. The parameter access_mode can take one of the following values: Access_mode value Actual value Effect ACCESS_READONLY 0 The application is read-only for all users. The

users can browse the application but nothing will be written to the MySQL database.

ACCESS_ADMIN_WRITE 2 Only administrator users can write into the database. The application is in read-only mode for all other users.

ACCESS_FULL 3 All users can write into the database. This is the default mode.

Example: 'access_mode' => ACCESS_ADMIN_WRITE, 'access_message' => ‘for maintenance until 2PM’,

This results in the following display in iTop:

Refer to the chapter “Appendix A – Configuration parameters” for the full list of configuration parameters.

Migrating from version 1.0, 1.0.1, 1.0.2 or 1.1 In order to migrate q previous version of iTop to the latest version:

- Backup the MySQL database and the iTop configuration file (config-itop.php) - Expand the new version of iTop in a new folder (don’t overwrite the files of the previous

version with the new ones) - Launch the iTop setup and select “Upgrade an existing iTop instance” in the fisr screen of

the setup.


14

- Enter the name of the myql server and the iTop database as in the previous configuration. Don’t forget the database prefix as well. In doubt, refer to the previous config-itop.php file.

- Select the iTop modules to enable (by default all the previously enabled modules are re-enabled)

- Launch the upgrade. When done, you can archive the folder containing the previous version of iTop and point you main site to the newly upgraded copy.

Migrating from previous version 0.9 The release 1.0 data model is not compatible with former one. Please read the document “How to migrate from 0.9 to 1.0” in order to upgrade from this old version.

iTop common usage

Starting iTop To use iTop, you just need a simple web browser and enter the following URL:

http://yourserver or http://yourserver/<itop_alias> if you have created a particular web alias for the application.

When prompted, to enter your login and password.

Figure 9

Once authenticated, the user accesses the main iTop page. The first time you connect you can see the Welcome to iTop popup screen. This popup can be removed for the next time by un-checking “Display this message at startup”


15

Figure 10

The main screen of iTop is the following:

Figure 11

This main page is divided in three parts:

• The menu on the left (also called explorer menu) contains links to access items from

each module (CMDB, Incidents, Changes, Services and contracts) • The main frame, on the right, displays list of items from selected module, or the

details of a given item. • The top frame contains the global search function and the logoff button

Refer to the document “iTop user guide” for details about how to use the application.

Managing users ITop provides a user management module allowing you to assign users with one or several predefined profiles. Thus an administrator can restrict the access to iTop, and allow users to modify only the objects they are allowed to. As an administrator, you can also define the actions they are allowed to perform by selecting a combination of profiles for a given user.


16

In the current version of iTop, the profiles are predefined; there is no user interface to modify them or to create new profiles. However, this can be handled directly in the MySQL database.

Viewing Profiles Use the “Admin Tools / Profiles” menu to access the profiles, and see their corresponding definitions as shown below:

Figure 12

When you click on a given profile you get the details.

Figure 13

The tab “Users”, lists all users having this profile. The tab “Grant matrix” displays all objects and actions allowed for this profile. Default profiles:

Profile Description Administrator Has the rights on everything (bypassing any

control) Change Approver Person who could be impacted by some changes.


17

Change Implementor Person executing the changes. Change Supervisor Person responsible for the overall change

execution. Configuration Manager Person in charge of the documentation of the

managed CIs. Document author Any person who could contribute to

documentation. Portal user Has the rights to access to the user portal.

People having this profile will not be allowed to access the standard application; they will be automatically redirected to the user portal.

Problem Manager Person analyzing and solving the current problems.

Service Desk Agent Person in charge of creating incident reports. Service Manager Person responsible for the service delivered to

the [internal] customer. Support Agent Person analyzing and solving the current

incidents.

Viewing users The menu “User Accounts” under “Admin Tools” module, enables you to see all logins defined for you iTop instance.

Figure 14

When you click on a user you get the following details.

Figure 15


18

A user login is always linked to a contact stored in the CMDB (See Using CMDB module in iTop user guide). Prior to create a login you have to make sure that the user is documented as a contact in the CMDB. The tab “Profiles” list all profiles that are linked to this user. The tab “Grants matrix” display rights allowed for this user. It is the merge of all rights corresponding to associated profiles. The tab “Allowed Organizations” display list of organization this user is allowed to see.

Creating a user To create a new user you just have to click on “New” in action drop down list, from either user list or a given user detail. Following wizard then appears:

Figure 16

You can define different type of users:

• iTop user that are internal to the application with their password stored (encrypted) in the database. This is useful for administrative users or for users/logins to be used to scripts or other applications.

• LDAP user for which the authentication is managed by an external LDAP or Active Directory server.

• External user for which authentication is managed directly by the web server, for example when using an Apache .htaccess file or when using an external single-sign-on solution, like for example JASIG-CAS.

All the details about authentication in iTop are described in the document “How to setup iTop Authentication” [1]. If you decide to create an iTop user, you have to define the password, and type it exactly two times. An exclamation sign appears at the right of the password field while both passwords are not the same.

Figure 17

You can as well define the language for this user. (See “iTop localization” page 31 for the complete list of supported language) Whatever type of user you create, you have to link it to an existing contact in iTop CMDB


19

Then you define, in the tab “profile”, the profile for the corresponding user. You have to define at least one profile.

Figure 18

The “Add Profiles ...” button displays the search window for selecting the profiles you want to assign to the user.

Figure 19

The profiles assigned to the user can be changed later on using the “Modify” action for a user. Restricting access to a set of Organizations You can restrict the user access to a specific list of organizations using the “Allowed Organizations” tab. If no organization is selected, the user is allowed to see all of them. In case of a hierarchy of organizations (when some organizations have a parent organization), the rights are inherited from the parent to the child organizations. In other words, if a user has the rights to access the parent organization, then this user has also the rights to access all the child organizations of this organization.


20

All the objects belonging to an organization which is forbidden to a given user are completely hidden from this user. For this user, the application behaves as if such object did not exist. For example if the contact corresponding to this user is in a forbidden organization, it looks like (for this users) the contact does not exist. And thus will prevent this user from accessing the iTop portal! The selected organizations can be changed later on using the “Modify” action for a user.

Figure 20

Changing a user password The administrator can change a user password if required by simply using the “Modify” action for a user. This can be useful to reset the password of a user. Note: The passwords are stored encrypted (one way) in the iTop database, and therefore cannot be reconstructed from the content of the database.

Managing Organizations Organizations are used in iTop to group object into silos. Only administrators and configuration managers can add or remove organizations. To add or modify an organization you have to click on “Organizations” in the “Data Administration” module and click on “New…” button.

Figure 21

The form to create an organization enables you to define:

• The name of the organization • Its code • Its status • And a parent organization if you want to create hierarchy


21

Figure 22

You can later modify the attribute of a given organization by clicking on “Modify” action.


22

Viewing the data model You can view the current data model used by iTop by clicking on the link “Data Model” in the “Admin Tools” menu. An explorer tree-view allows you to navigate through the hierarchy of classes (in alphabetical order).

Figure 23

Clicking on a class name gives you the details for this class.

Figure 24


23

Data model tabs definition:

Tab Description

Attributes Displays all the attributes for this class.

Search criteria Displays all the attributes you can use in search forms or in OQL

Referencing classes Displays all classes having a reference to the current one

Related classes Displays classes related to this one via an external key

Lifecycle Displays the lifecycle graph for the class and some related information

Notification Display the notifications configured for the selected class.


24

Running Object queries The menu “Run Queries” allows you to test OQL queries (See OQL reference guide). It includes as well some predefined queries to be used as examples (click on “Query Examples” at the top)

Figure 25

Enter OQL expression in the text area, and click on “Evaluate” to get the result.

Managing Notification iTop integrates a notification system which is linked to the life cycle of the objects. This allows administrators to define e-mail notification rules when an object of a given class enters or leaves a specified state, or when a new object is created. The notification mechanism is divided in two parts:

• Triggers that define when notifications are to be executed and for which type of object • Actions that defines the actions taken. In the current version of iTop, the only available

actions consist in sending email. For a given trigger you can define several actions to be executed, and their sequence. The link “Notification” in the “Admin tools” module enables you to define triggers and actions:


25

Figure 26

The “Triggers” tab displays all created triggers. The “Actions” tab displays all Actions

Creating an action Before creating a useful trigger, you need to define at least one action. It is a kind of template for formatting e-mail to be sent. To create a new action, go to action tab and click on “New” in action drop down list. The following wizard appears:

Figure 27

You have to define at least a “from” e-mail address, and to whom you want to send the e-mail. Be aware that the “from” e-mail address has to be a valid one otherwise your mail server may refuse to send the message.


26

The contacts to be notified in the “To”, “Cc”, and “Bcc” are defined by an OQL query. This allows to specifiy mutilple recipients for the notification, like “all the contacts attached to a ticket” or “all the contacts on the impacted site”…. (Refer to the document “OQL Reference guide” [2] for more information about writing OQL queries) This OQL query must return a list of objects containing an e-mail attribute:

• Contact • Person • Team

For instance To: SELECT Person WHERE name LIKE ‘John’. The query can contain placeholders (using the syntax :this->attribute) that refer to the current object for which the notification is being sent. For example: SELECT Person WHERE id= :this->caller_id If the list is empty no mail is sent. The subject field is also mandatory. The body is the text sent. It can use HTML tag for formatting. You can also use attributes of the object that will trigger the action. The syntax to be used is $this->attribute$. There is as well to specific attributes:

$this->name()$ is the name of the current object $this->hyperlink()$ is a url to access the current object $this->hyperlink(portal)$ is a url to access the current object in the iTop portal

By Default importance of the mail is “normal”. To test a new action, you can use the status “Being tested” and “Test recipient” with a test address. In that case, the notification will be sent to this latter address. Once you notification have been tested and validated, change its status to “In Production” to have notifications flow to their actual recipients. If you want to de-activate an action, just set its status to “Inactive”.

Creating a trigger Once you have actions defined, you can create triggers. You can define three types of triggers:

• When a new object is created • When an object enters in a given state • When an object leaves a given state • When an object is updqted from the iTop portal

To create a new trigger, click on “New” in action drop down list for the given category in “Trigger” tab. The following wizard open:


27

Figure 28

You have to select which type of trigger you want to create:

• Trigger (on entering a state) • Trigger (on leaving a state) • Trigger (on object creation) • Trigger (when updated from the portal)

Once you have selected the type of trigger you get the following form:

Figure 29

For each trigger you have to define the class of object for which this trigger is applicable and the state (this is not applicable for “Trigger on object creation” and “Trigger (when updated from the portal)”). The states available for a class of object are defined in the data model. You can see them in the “Life Cycle” tab in the section Transitions when you are looking at the data model user interface (Refer to the chapter “Viewing the data model”, page 22). The value to be chosen is the one between parentheses. Then you have to select the actions to be associated with this trigger in the “Triggered Actions” tab. Remember that an action can be linked to several triggers.

We strongly encourage you to test triggers and actions before moving them to production. As a matter of fact, it is always difficult to understand why e-mails are not sent. You can use the menu “Application log” where all notifications are tracked to check if a mail was triggered. A detailed log of event describes what happened with a given notification, for an easier troubleshooting. You can as well see which notification had been sent for a given ticket (User Request, Incident, Change) using the tab “Notifications” in the details of the ticket.


28

Figure 30

If you are running iTop on a Linux server, make sure that the variable “sendmail_path” value in php.ini. For example:

sendmail_path = "/usr/sbin/sendmail -t -i" Note: Depending on your actual environment, the configuration may be different. For example it si also possible to use SSMTP as a proxy to the actual mail server, as explained in the following link: http://tombuntu.com/index.php/2008/10/21/sending-email-from-your-system-with-ssmtp/

If you are running iTop on Windows server, you need to make sure that the php.ini file contains the following line:

SMTP = <smtp server> smtp_port = 25

In order to test mail notifications you can use, the “Test Page”:

http://<itop server location>/setup/email.test.php This page performs a number of tests and allows you to send a plain-text email to the recipient of your choice. This is useful to validate that the PHP configuration of the server is valid for sending e-mails.

http://tombuntu.com/index.php/2008/10/21/sending-email-from-your-system-with-ssmtp/�


29

Figure 31


30

iTop Audit Audit is an iTop feature you to check the consistency of information stored in the iTop database. Using the audit, you can answer questions like: “Do we have a hardware support contract linked to all devices in production?” or “Do we know the localization of all the servers for on-site support?” An Audit Category defines group (categories) of audit rules. A rule category also defines a list of objects that are the subject of the associated rules. For instance all devices that are on production. An Audit Rule defines the rule that needs to be checked for a given category. For instance “We don’t want to have devices on production located on a Site in implementation”. To add or modify an audit category or an audit rule, click on “Audit Categories” in the “Admin tools” module.

Audit Categories An audit category is defined by a name, a description and a definition set. The definition set defines the scope of objects that will be subject to the related audit rules. It is an OQL query.

Figure 32

Once your new audit category is created, click on “Modify” in Action list, and select “Audit Rules” tab to create new audit rules.

Audit Rules An audit rule is defined by a name, a description, the query to check and a Valid Object flag. The query defines the list of objects (under the scope defined by the category) that pass/fail the audit. Since it is sometimes easier to list the object that pass the audit, the flag “Valid Objects ?” is used to indicate whether the query returns the “valid” objects or the “invalid” ones. Note that a rule is always linked to only one category; and this category determines the scope of the rule.


31

Figure 33

iTop localization Since release 1.0 iTop is designed to support multi-localization. This means that – provided the right localization is available in iTop – each user can see the iTop user interface in her/his own language. This language is part of the user record created for each user in iTop. The localization of iTop consists mainly in translating a set of predefined PHP files, called “Dictionaries”. The supported languages in the current release are:

• Chinese • English • French • German • Hungarian • Italian • Japanese • Portuguese (Brazil) • Russian • Spanish • Turkish

The default language in iTop is defined during the setup. If you want to change it afterwards, modify the configuration parameter 'default_language' in config-itop.php

Data backup In iTop all the data (including the uploaded documents) are stored in the MySql database. Therefore it is highly recommended to have a database backup in place on a regular basis. You can run a full backup of the database using the following mysqldump command: /usr/bin/mysqldump --opt --add-drop-database –user=<mysql user> --password=<mysql password> <itop DB> | gzip > <file>


32

Once the content of the database is dumped, just backup this dump and the config-itop.php file to keep a full image of your iTop instance.

Background tasks: cron.php In order to operate properly, iTop maintenance operations and asynchronous tasks must be executed on a regular basis. In order to ease the installation, all the background tasks have been grouped to be launched from a single file: webservices/cron.php The following features rely on the activation of cron.php

- Asynchronous emails. By default, this option is disabled. To enable it, set 'email_asynchronous' to 1 in the configuration file

- Check ticket SLA. Tickets reaching the limits will be passed into Escalation TTO/TTR states

Scheduling cron.php on Windows

1. Edit the file <itop root>/webservices/cron.params to set the credentials used for cronified tasks (requires administrator privileges)

2. Edit the file <itop root>/webservices/cron.cmd, and set the relevant path for your installation of PHP. If you care about security, it is recommended to change also the path to the parameters file <itop root>/webservices/cron.params and move this file to a place where its content is not served by the web server.

3. Schedule the execution of cron.cmd:

schtasks.exe /create /tn "iTop CRON" /sc minute /mo 1 /tr "\"<itop root>/webservices/cron.cmd\""

Scheduling cron.php on Linux/Unix

1. Edit the file <itop root>/webservices/cron.params to set the credentials used for cronified tasks (requires administrator privileges)

2. If you care about security: move the file <itop root>/webservices/cron.params into a directory not in the scope of the web server (Apache), and make it be readable only by the account that will execute the cron

3. Edit the crontab and add the following line:

* * * * * /usr/bin/php <itop root>/webservices/cron.php --param_file=<itop root>/webservices/cron.params

Parameter file

The argument param_file can be used with most of the REST/CLI web services. By convention, the cron.php service searches for a parameter file name « cron.params »

A parameter file contains key/value pairs. It can be commented: any character found after `#` will be ignored

Example:

# This is a parameter file # # If a parameter is given both in the file and in the arguments,


33

# then the value given as argument is retained # # Authentication auth_user = qwertyuiop auth_pwd = ded!catedL0g1n # My web service size_min = 20 # Megabytes time_limit = 40 # Minutes

Integrating with other application

Using iTop from the command line Before using any of the iTop pages that can be run from the command line (like ‘import.php’ for instance), make sure that the user that will be used to run the command line has enough rights to read the iTop configuration file (config-itop.php). If you get an error like: “PHP Warning: file_get_contents(/opt/test2/html//config-itop.php): failed to open stream: Permission denied in /opt/test2/html/core/config.class.inc.php on line xx”, then verify that the process running from the command line has enough rights to read the iTop configuration file.

How to export data out of iTop Set of iTop objects can be exported by the mean of a REST web service that can be easily scripted. This webservice is based on an OQL query, which defines the list of objects to export, and a format specifier that determines the desired export format.

Arguments Argument Description Defaut value

param_file Parameters file - auth_login User login - CLI mode only - auth_pwd User password - CLI mode only - login_mode basic, form, external or cas Defined in config-itop expression OQL query Mandatory! format html (suitable for integration with MS-Excel), xml or csv html fields coma separated list of attributes (e.g.

"name,brand,model") ; ignored for XML output ; ignored for HTML for versions earlier than 1.2 (RC)

All the attributes of the class specified by <expression>

You can use command line tools, like wget, to automate such an export from another system, or simply, run export.php from the command line: Example 1: from the command line (on the iTop server) php /var/www/itop/webservices/export.php --auth_login=john --auth_pwd=trust,no1 --expression="SELECT Server" --format=csv --fields=name,management_ip

http://sourceforge.net/apps/mediawiki/itop/index.php?title=OQL&action=edit&redlink=1�


34

Example 2: using wget to get the data from another system wget --http_user=user --http_password=password "http://<server>/webservices/export.php?login_mode=basic&format=csv&expression=..."

Examples: Get all the contacts, use the following OQL “expression”: “SELECT Contact” Which gives the following command line: wget --http_user=user --http_password=password "http://<server>/webservices/export.php?login_mode=basic&format=csv&expression=SELECT Contact"

To get all the persons (note that a person is contact also, but it has more attributes to be exported: first_name and employee_number): “SELECT Person” Which gives the following command line: wget --http_user=user --http_password=password "http://<server>/webservices/export.php?login_mode=basic&format=csv&expression=SELECT Person"

Remarks: Under Unix/Linux the URL to the page being queried must be enclosed within double quotes, because of the ampersand character (&) that the shell interprets as the end of the command (and spawns a background process with the command represented by the remaining of the line). The parameter “login_mode=basic” forces iTop to use the HTTP Basic Authentication scheme which is compatible with most command line utilities like wget, LWP, etc…

Data import and data synchronization

Starting with version 1.1, iTop integrates a powerful data synchronization engine. This engines allows iTop consultants to federate several sources of information (like third party applications) into iTop.

This federation is defined in iTop using "Data Sources" objects. Each data source defines how iTop handles the synchronization of a given type of object from a given source.

For example it is possible to specify that iTop federates servers information coming from a network discovery tool and servers information coming from an asset management tool, with specific rules determining how the information is to be reconciled, which field is synchronized from which source, and with what effect for the end-users in iTop.

The picture below summarizes the information flow from an external data source into iTop.


35

The on-going process for synchronizing data with iTop is based on the following steps:

1. Extract data from the external source/application [not handled by iTop] 2. Transform the data to a content suitable for iTop [not handled by iTop] 3. Import the data into a temporary table in iTop [can be handled by iTop or an external

application] 4. Search for matching objects in iTop [handled by iTop] 5. Create/Update or Delete the synchronized objects in iTop [handled by iTop] 6. Display and manage the synchronized object in iTop

To implement a Data Synchronization in iTop follow the steps below:

1. From the iTop admin menu, define a "Data Source" object, for the type of objects you want to import/synchronize. This creates a specific "replica" table in the iTop database, named "synchro_data_xxx". (Once the data source is created, check the "Attributes" tab of the data source. The name of the temporary table is displayed at the top.)

2. Using either your favorite ETL or plain old scripts, populate the "synchro_data_xxxx" table corresponding to the "Data Source" with the data coming from the external source. You can use the special column "primary_key" for storing any identifier of the object in the external application. Each record in this table will correspond to one object in iTop. The column "id" is reserved for use by iTop and cannot be written. All other columns correspond to fields of the iTop object.

3. Trigger the execution of the data synchronization between the iTop objects and the "replicas" of the temporary table by executing the page "synchro/synchro_exec.php" either in command line mode, or by invocating the web page (using wget for example).

Of course you can schedule the steps 2 and 3 on a regular basis (hourly, daily or weekly) at will.

Using direct MySQL commands to populate the synchro_data_xxx table

If you populate the table synchro_data_xxx using SQL commands, you must take care of duplicates. Remember that each record in the synchro_data_xxx table corresponds to one object in iTop.

You can either construct a value the uniquely identifies the "source" object and store this value in the "primary_key" field of the table, or use any combination of the record's field and MySQL's INDEX feature to ensure this uniqueness.

http://sourceforge.net/apps/mediawiki/itop/index.php?title=Synchro_exec.php�

http://sourceforge.net/apps/mediawiki/itop/index.php?title=File:DataSynchroOVerview.png�


36

Provided that the appropriate index exists on the table, you can then use the MySQL command INSERT ... ON DUPLICATE KEY UPDATE ... to import the data.

Example 1: if you import servers from OCS inventory, you can use the field "id" from the Hardware table to uniquely identify a server. The value of this field can be stored in the 'primary_key' field of the data_synchro_xxx table and used as a unique index.

First, make sure that the field "primary_key" is a unique index for the table:

ALTER TABLE synchro_data_xxx ADD UNIQUE INDEX(primary_key);

Then you can use the following query to insert records in the data_synchro_xxx table:

INSERT primary_key, name, org_id INTO data_synchro_server_1 VALUES (100, 'myserver.demo.com', 'Demo') ON DUPLICATE KEY UPDATE name=VALUES(name), org_id=VALUES(org_id);

Note that MySQL also allows a multiple insert statement like the following:

INSERT primary_key, name, org_id INTO data_synchro_server_1 VALUES (100, 'myserver.demo.com', 'Demo'), (101, 'myserver2.demo.com', 'Demo'), (102, 'myserver2.demo.com', 'Demo') ON DUPLICATE KEY UPDATE name=VALUES(name), org_id=VALUES(org_id);

Example 2: if your unique key for identifying the servers is the name of the server and the name of the organization, you can do the following:

First create a unique index on these two fields in iTop:

ALTER TABLE synchro_data_xxx ADD UNIQUE INDEX(name, org_id);

then you can import the data in iTop using the following MySQL statement:

INSERT name, org_id, location_id INTO data_synchro_server_1 VALUES ('myserver.demo.com', 'Demo', 'Paris') ON DUPLICATE KEY UPDATE location_id=VALUES(location_id);

How to specify a list of related objects (link set)

Some classes have attributes called Link Set. Example: UserLocal.profile_list

You can synchronize those lists by writing all the information in the corresponding column:

Here is an example specifying that the login will have one profile: 'Portal User'

INSERT login, profile_list INTO data_synchro_userlocal_1 VALUES ('johndoe', 'profileid->name:Portal User;reason:Customer')...;

You can also specify several links (several profiles) by separating each link with the pipe (“|”) character.


37

Data Source Definition

The "Data Sources" are defined using the menu "Admin Tools/Synchronization Data Sources".

Each data source defines:

• The "target" class of the objects to be synchronized • The list of attributes/fields of the objects to synchronize • How to search/reconcile the objects with the objects already existing in iTop • The rules of synchronizing/updating and possibly deleting objects in iTop • How the synchronized objects behave for the iTop end-users (which fields are read-only,

are users allowed to delete the objects...) • An optional hyperlink and icon to refer iTop users to the corresponding object in the

external application

Synchronized Configuration Items

When a configuration item is synchronized with a data source, its display is a bit different in iTop. The actions on this CI may also be limited depending, on the configuration of the data source. For example: the fields of the object that are synchronized may appear as read-only for the end users and iTop can prevent the users from deleting a synchronized object. The exact behaviour of the synchronized CI is determined by the properties of the data source.

The screenshot below depicts what a synchronized "Server" will look like in iTop. (Notice the "lock" icon in the object's title and the tooltip attached to it).

http://sourceforge.net/apps/mediawiki/itop/index.php?title=File:DataSource.png�


38

What is the difference between CSV Import and Data Synchronization?

Data synchronization is meant to import data into iTop, from another system, in a recurring manner. It can be run from the command line or from a web service, but not interactively. Data Synchronization is optimized for large volume of data that do not change very often. For example you may synchronize 10,000 contacts from an LDAP server, in iTop, once per day. Everyday probably only a small percentage of the users' records will be modified. This is efficiently handled by iTop.

When synchronizing data, iTop keeps track of the relationship between the iTop object and the source of the data. Therefore it is possible to prevent the users from modifying the synchronized objects (partially or totally) in iTop and to tell them where the data comes from. This is useful for "federating" several sources of data in iTop.

The CSV import (which can run interactively or from the command line) is more targeted towards "one shot" import. It can be used from a script (using the command line interface or the webservice) or interactively. When performing a CSV import, iTop does not record information about the source of the data. Once the data have been loaded into iTop, the objects can be modified by the authorized users, without any reference to the original source.

To summarize:

CSV import is good for:

• importing initial data in iTop • performing bulk transformations on the data (sometimes it's easier to export / modify in

Excel / re-import than to edit the objects directly in iTop)

Synchronization is good for:

• federating data between different systems in iTop • importing data via some scheduled mechanism • preventing users from modifying the imported data

http://sourceforge.net/apps/mediawiki/itop/index.php?title=File:SynchronizedObject.png�


39

How to import data in iTop The CSV import feature of iTop is available as an interactive page (“Data Administration / CSV Import”), as a (REST) web service or as a command line tool. The command to execute is the following (On Unix / Linux) php import.php <parameters> (On Windows) php.exe import.php <parameters>

Parameter Name Description Mandatory

auth_user The iTop user with enough rights to create/update the destination objects

yes

auth_pwd The password corresponding to the auth_user

yes

class class of the objects to be loaded

yes

csvfile Local file containing the CSV data to be loaded

yes

charset Character set encoding of the CSV data: UTF-8, ISO-8859-1, WINDOWS-1251, WINDOWS-1252, ISO-8859-15

optional, defaults to [UTF-8]

separator column separator in CSV data optional, defaults to « ; »

qualifier test qualifier in CSV data optional, default to « «

output [retcode] to return the count of lines in error, [summary] to return a concise report, [details] to get a detailed report (each line listed)

optional, default to « summary »

reconciliationkeys name of the columns used to identify existing objects and update them, or create a new one

optional

simulate If set to 1, then the load will not be executed, but the expected report will be produced

optional, default set to 0

Example: $> php –q import.php --auth_user=admin --auth_pwd=admin --class=Server --csv_file=servers.txt


40

REST web service A web service allows you to write a script to enter new data, or refresh existing data. This can be helpful for the initial load or to schedule a daily synchronization of the data coming from an external data source - could be another application, an automated data collector, etc. /webservices/import.php?class=Organization&csvdata=<multine-csv>[&separator=<char>] Note that this service emulates the functionality provided by the interactive bulk load: /pages/import.php csvdata must be posted, the first line will contain the codes of the attributes to load. It uses the default reconciliation keys defined in the data model for identifying objects to load. Parameters for import.php web service:

Parameter Name Description Mandatory

class class of loaded objects yes

csvdata Data to load yes

charset Character set encoding of the CSV data: UTF-8, ISO-8859-1, WINDOWS-1251, WINDOWS-1252, ISO-8859-15

optional, defaults to [UTF-8]

separator column separator in CSV data optional, defaults to « ; »

qualifier test qualifier in CSV data optional, default to « «

output [retcode] to return the count of lines in error, [summary] to return a concise report, [details] to get a detailed report (each line listed)

optional, default to « summary »

reconciliationkeys name of the columns used to identify existing objects and update them, or create a new one

optional

simulate If set to 1, then the load will not be executed, but the expected report will be produced

optional, default set to 0

The answer is given in a simple html format, explaining what has been done for each row of data. Example: A script that creates a company called "Food and Drug Administration" (code FDA).


41

$> wget --header="Content-Type:application/x-www-form-urlencoded" --post-file=data.txt http://<yourserver:port>/webservices/import.php?class=Organization

with: data.txt containing the following text auth_user=<username>&auth_pwd=<pwd>&loginop=login&csvdata=name;code Food and Drug Administration;FDA Combodo;CBD


42

Example of script for importing CSV data The following script queries data about Servers from a local database (in this case an instance of OCSng) and imports the resulting information as Server objects into iTop. #!/usr/bin/perl use DBI; use CGI; use Net::DNS; # OCSng database connection $OCS_DB_hostname="localhost"; $DB_login = "root"; $DB_pwd = "root"; $dsn = "DBI:mysql:database=$OCS_database;host=$OCS_DB_hostname"; $dbh = DBI->connect($dsn, $DB_login, $DB_pwd) or die "Echec connexion"; $dbh->{FetchHashKeyName} = 'NAME_lc'; $tmp_dir="/tmp"; $serverFile="$tmp_dir/serverData.txt"; # iTop user/credentials used for web service connection $itop_user="admin"; $itop_pwd="admin"; $itop_organization="Demo"; #This has to be replaced by a valid Organization in iTop $itop_device_status="implementation"; #This flag simulate the synchronization #You can view result of data to be imported in you $tmp_dir directory # in file pcData,serverData.txt, and ifData.txt # Set the flag below to 1 to “simulate” the import in iTop instead of running # the import for real $simulate_flag=0; ### Query the servers from OCSng $requete = " select name, osname,workgroup, osversion,oscomments,processort,memory,ipaddr,wincompany,winowner,userdomain,userid,smanufacturer,smodel,ssn from hardware h,bios b where h.id=b.hardware_id "; $sth = $dbh->prepare($requete); open(WRITE,">$serverFile") || die ("Failed to open $serverFile") ; $sth->execute(); print WRITE "auth_user=$itop_user&auth_pwd=$itop_pwd&loginop=login&csvdata=name;status;owner_name;os_family;os_version;management_ip;cpu;ram;brand;model;serial_number\n"; while(my $row = $sth->fetchrow_hashref){ print WRITE "$name;$itop_device_status;$itop_organization;$row->{osname};$row->{osversion}-$row->{oscomments};$row->{ipaddr};$row->{processort};$row->{memory};$row->{smanufacturer};$row->{smodel};$row->{ssn}\n"; } close(WRITE); # Disconnect from OCSng DB $sth -> finish; $dbh -> disconnect;


43

# Call the Rest web service (using wget) to import the CSV file into iTop $cmd=`wget --http-user==$itop_user --http-password==$itop_pwd --post_file=\"$tmp_dir/serverData.txt\" \"http://localhost/itop/webservices/import.php?class=Server&output=details&simulate=$simulate_flag\"`;

Soap web service for incident ticket creation iTop provides a SOAP web service to create an incident ticket. This is very useful if you want to integrate iTop with monitoring systems like Nagios, Zabbix, … The WSDL catalog is available from http://<itop path>/webservices/itop.wsdl.php This web service requires parameters mandatory for incident ticket creation:

• Title • Description • Caller • Customer • Service • Sub service category • Workgroup • Impacted Cis (optional) • Impact • Urgency

Feedbacks are sent in XML format in order to check what had been done on the iTop server, including the ticket number when the ticket is properly created.

Example script for creating an Incident: <?php require_once('./itopsoaptypes.class.inc.php'); // From iTop / webservices $host=$argv[1]; # $HOSTNAME$ $service=$argv[2]; # $SERVICEDESC$ $serviceStatus=$argv[3]; # $SERVICESTATE$ $serviceStateType=$argv[4]; # $SERVICESTATETYPE$ $serviceMessage=$argv[5]; # $LONGSERVICEOUTPUT$ // iTop location and credentials $sItopServer = 'http://localhost'; $sItopUser = 'admin'; $sItopPwd = 'admin'; $itop_webserver_soap_catalog = $sItopServer.'/webservices/itop.wsdl.php'; $oSoapClient = new SoapClient( $itop_webserver_soap_catalog, array( 'trace' => 1, 'classmap' => SOAPMapping::GetMapping(), // defined in itopsoaptypes.class.inc.php ) ); $sTitle='The service '.$service.' is in state '.$serviceStatus; $sDescription='This is a test'; $caller='Picasso'; // to be replaced by valid value in iTop $customer='Demo'; // to be replaced by valid value in iTop $service='Computers and peripherals'; // to be replaced by valid value in iTop $sub_service='Repair'; // to be replaced by valid value in iTop $workgroup='Hardware support'; // to be replaced by valid value in iTop


44

if ( $serviceStatus != 'OK') { switch($serviceStateType) { case 'HARD': $oRes = $oSoapClient->CreateIncidentTicket( $sItopUser, /* login */ $sItopPwd, /* password */ $sTitle, /* Title */ $sDescription, /* Description */ new SOAPExternalKeySearch(array(new SOAPSearchCondition('name',$caller))), /* caller */ new SOAPExternalKeySearch(array(new SOAPSearchCondition('name',$customer))), /* customer */ new SOAPExternalKeySearch(array(new SOAPSearchCondition('name',$service))), /* Service */ new SOAPExternalKeySearch(array( new SOAPSearchCondition('name', $sub_service), new SOAPSearchCondition('service_name', $service) )), /* Sub category */ '', /* product */ new SOAPExternalKeySearch(array(new SOAPSearchCondition('name', $workgroup))), /* workgroup */ array( new SOAPLinkCreationSpec('Device', array(new SOAPSearchCondition('name', $host)), array() ), ), /* impacted cis */ '1', /* impact*/ '1' /* urgency */ ); if ($oRes->status == 1) { echo "Ticket: ".$oRes->result[0]->values[1]->value.' '. $oRes->result[0]->label."\n"; } else { print "Request: \n".$oSoapClient->__getLastRequest()."\n"; print "Response: \n".$oSoapClient->__getLastResponse()."\n"; } } } ?>

From the command line you can then run the following command: $> php -q create_ticket.php webserver.demo.com IIS KO HARD None Ticket: I-000010 created And the result is iTop is the following Incident ticket:

Soap web service for user request ticket creation Similarly to the creation of incident tickets, iTop provides a SOAP web service to create user request tickets. The web service is identical (same parameters, same return values) to the web service for creating incidents, except that the method is called CreateUserRequestTicket instead of CreateIncidentTicket. The WSDL catalog is available from http://<itop path>/webservices/itop.wsdl.php This web service requires parameters mandatory for incident ticket creation:


45

• Title • Description • Caller • Customer • Service • Sub service category • Workgroup • Impacted Cis (optional) • Impact • Urgency

Feedbacks are sent in XML format in order to check what had been done on the iTop server, including the ticket number when the ticket is properly created.

Appendix A – Configuration parameters The latest list of configuration parameters can be found on the wiki located at: http://sourceforge.net/apps/mediawiki/itop/index.php?title=ITop_configuration_file

Name Type Visible ?

Description Default Value

access_message string Yes Message displayed to the users when there is any access restriction

iTop is temporarily frozen, please wait... (the admin team)

access_mode integer Yes Combination of flags (ACCESS_USER_WRITE | ACCESS_ADMIN_WRITE, or ACCESS_FULL)

3

addon_list array Yes Automatically populated by the installation process

allow_target_creation bool No Displays the + button on external keys to create target objects

1

allowed_login_types string Yes The list (and in which order) of authentication methods that the application allows. The value is a combination of form|cas|basic|external|url

form|basic|external

apc_cache.enabled bool Yes If set, the APC cache is allowed (the PHP extension must also be active)

1

apc_cache.query_ttl integer Yes Time to live set in APC for the prepared queries (seconds - 0 means no timeout)

3600

app_root_url string Yes Root URL used for navigating within the application, or from an email to the application (you can put $SERVER_NAME$ as a placeholder for the server's name)

application_list array Yes Automatically populated by the installation process

buttons_position string Yes Position of the forms buttons: bottom | top | both

both

cas_context string Yes The CAS context cas_debug bool Yes Activate the CAS debug

http://sourceforge.net/apps/mediawiki/itop/index.php?title=ITop_configuration_file�


46

cas_host string Yes The name of the CAS host cas_include_path string Yes The path where to find the phpCAS

library /usr/share/php

cas_logout_redirect_service string Yes The redirect service (URL) to use when logging-out with CAS

cas_memberof string Yes A semicolon separated list of group names that the user must be member of (works only with SAML - e.g. cas_version=> "S1")

cas_port integer Yes The port used by the CAS server 443 cas_server_ca_cert_path string Yes The path where to find the

certificate of the CA for validating the certificate of the CAS server

cas_version string Yes The CAS protocol version to use: "1.0" (CAS v1), "2.0" (CAS v2) or "S1" (SAML V1) )

2.0

cron_max_execution_time integer Yes Duration (seconds) of the page cron.php, must be shorter than php setting max_execution_time and shorter than the web server response timeout

600

cron_sleep integer No Duration (seconds) before cron.php checks again if something must be done

2

csv_import_charsets array Yes An array of character sets names to be added to the ones offered by the CSVImport menu item. Add your own charsets definitions here if the standard list does not fit your needs.

csv_import_creations_percentage integer No Percentage of creations that trigger a confirmation in the CSV import

50

csv_import_errors_percentage integer No Percentage of errors that trigger a confirmation in the CSV import

50

csv_import_min_object_confirmation integer No Minimum number of objects to check for the confirmation percentages

3

csv_import_modifications_percentage integer No Percentage of modifications that trigger a confirmation in the CSV import

50

datamodel_list array Yes Automatically populated by the installation process

db_character_set string Yes Character set to use for the MySQL database

utf8

db_collation string Yes Collation (i.e sort mechanism) to use for the MySQL database

utf8_unicode_ci

db_host string Yes Name of the host for the MySQL database server. (e.g. localhost, 192.168.10.234, mydbserver.demo.com, etc.)

db_name string Yes Name of the MySQL database db_pwd string Yes Password to connect to the MySQL

server

db_subname string Yes Prefix of the tables in the MySQL database

db_user string Yes user name to connect to the MySQL server

deadline_format string Yes The format used for displaying "deadline" attributes: any string with the following placeholders: $date$, $difference$

$difference$


47

default_language string Yes The default language for the application, used for the login/logout pages. (Selected during the installation)

EN US

dictionary_list array Yes Automatically populated by the installation process

email_asynchronous bool Yes If set, the emails are sent off line, which requires cron.php to be activated. Exception: some features like the email test utility will force the serialized mode

encryption_key string Yes A "salt" key used for encrypting secured fields in the application.

@iT0pEncr1pti0n!

fast_reload_interval integer Yes The duration (in seconds) between two reloads of a list, if the reload interval is "fast"

60

graphviz_path string No Path to the Graphviz "dot" executable for graphing objects lifecycle

/usr/bin/dot

link_set_attribute_qualifier string Yes Link set from string: attribute qualifier (encloses both the attcode and the value)

'

link_set_attribute_separator string Yes Link set from string: attribute separator

;

link_set_item_separator string Yes Link set from string: line separator | link_set_value_separator string Yes Link set from string: value

separator (between the attcode and the value itself

:

log_global bool Yes If set to 1, then the log is active. Which event is logged and where will depend on the following log_.... settings

1

log_issue bool Yes If set to 1, then internal errors (or some usage errors) will be traced both into /error.log (destination file could not be changed) and the DB (OQL: SELECT EventIssue)

1

log_notification bool Yes If set to 1, then notifications sent my the mean of the Trigger/Actions will be recorded into the DB (OQL: SELECT EventNotification)

1

log_usage bool No Log the usage of the application (i.e. the date/time and the user name of each login)

log_web_service bool Yes If set to 1, then usage of the SOAP service(s) will be recorded into the DB (OQL: SELECT EventWebService)

1

max_combo_length integer No The maximum number of elements in a drop-down list. If more then an autocomplete will be used

50

max_display_limit integer Yes The maximum number of items that a list can display at once, before changing to a paginated list

15

min_autocomplete_chars integer No The minimum number of characters to type in order to trigger the "autocomplete" behavior

3

min_display_limit integer Yes The number of items to display when a list is bigger than "max_display_limit"

10

module_settings array Yes Automatically populated by the installation process


48

online_help string Yes Hyperlink to the online-help web page

http://www.combodo.com/itop-help

secure_connection_required bool Yes Whether or not the application is allowed to run on a non-secure (i.e. non HTTPS) connection

session_name string Yes The name of the cookie used to store the PHP session id

iTop

skip_check_ext_keys bool No Disable external key check when checking the value of attributes

skip_check_to_write bool No Disable data format and integrity checks to boost up data load (insert or update)

skip_strong_security bool No Disable strong security - TEMPORY: this flag should be removed when we are more confident in the recent change in security

1

standard_reload_interval integer Yes The duration (in seconds) between two reloads of a list, if the reload interval is "standard"

300

synchro_trace string Yes Synchronization details: none, display, save (includes 'display')

none

timezone string Yes Timezone (reference: http://php.net/manual/en/timezones.php). If empty, it will be left unchanged and MUST be explicitely configured in PHP

Europe/Paris

webservice_list array Yes Automatically populated by the installation process

References [1] “How to setup iTop Authentication” http://www.combodo.com/IMG/pdf/How_to_setup_authentication_with_iTop.pdf [2] “OQL Reference guide” http://www.combodo.com/IMG/pdf/OQL_Reference.pdf

http://www.combodo.com/IMG/pdf/How_to_setup_authentication_with_iTop.pdf�

http://www.combodo.com/IMG/pdf/OQL_Reference.pdf�

itop 1-2 admin guide

Documents

loginoploginamp

rest web service

soap web service

maximum size

importing

incident ticket

csv data optional

web server