Manually Configure Operations Orchestration for Sequential Designs

The following tasks are to configure OO for sequential designs. If you are installing CSA for the first time, configure only one instance of OO. If you have upgraded from an earlier version of CSA that has multiple instances of OO configured for sequential designs, you can continue to use multiple instances of OO, including OO 9.07.

Complete the following tasks to configure OO to integrate with CSA:

• Add a JRE to the system path

  • Install the CSA content pack
• Configure internal users
• Deploy content packs
• Update the Service Manager base content pack
• Set up system accounts for the CSA content pack
• Set up system properties
• Import OO flows
• Configure a secure connection between CSA and OO
• Configure Single Sign-On
• Obscure passwords in OO flows (optional)

Add a JRE to the System Path

The CSA flows that are imported require that a JRE be included in the system path on the system running CSA.

To add a JRE to the system path on Windows, complete the following steps:

Install the CSA Content Pack

(missing or bad snippet)

Configure Internal Users

Internal users can be used to configure Operations Orchestration for CSA.

1. From the system on which CSA is installed (the system on which the content packs are installed), log in to Operations Orchestration Central.

2. Click System Configuration.
3. Select Security > Internal Users.
4. Click the + (Add) button.

5. Enter the following information:

   Field	Recommended Value
   User Name	csaoouser
   Password	cloud
   Roles	ADMINISTRATOR, SYSTEM_ADMIN

   The csaoouser user is used to import the Operations Orchestration flows. When importing flows, this user is configured in the Operations Orchestration input file.

6. Click Save.
7. Click the + (Add) button.

8. Enter the following information:

   Field	Recommended Value
   User Name	csaoouser
   Password	cloud
   Roles	ADMINISTRATOR, SYSTEM_ADMIN

   The admin user is used with HP Single Sign-On (HP SSO). When Operations Orchestration is launched from the Cloud Service Management Console, this user allows access to HPE Operations Orchestration without having to log in. If you are using topology designs, the admin user can also be used for provisioning topology designs.

9. Click Save.

10. Click the + (Add) icon.

11. Enter the following information:

    Field	Recommended Value
    User Name	admin
    Password	cloud
    Roles	ADMINISTRATOR, SYSTEM_ADMIN

    The admin user is used with HP Single Sign-On (HPSSO). When Operations Orchestration is launched from the Cloud Service Management Console, this user allows access to Operations Orchestration without having to log in. If you are using topology designs, the admin user can also be used for provisioning topology designs.

12. Click Save.

13. Log out of Operations Orchestration Central and log back in as the csaoouser.

Deploy Content Packs

The following groups of content packs must be deployed in the order described below:

• Base content packs
• CSA sequential design content packs
• CSA content packs

1. From Operations Orchestration Central, click Content Management.

2. Click the Content Packs tab.
3. Click the Deploy New Content icon.
4. In the Deploy New Content dialog, in the upper left corner, click the + (Add files for deployment) icon.

5. Deploy the base content packs. Navigate to the CSA_HOME/oo/ooContentPack directory and add and deploy the content packs. For the list of content packs, see the Cloud Service Automation System and Software Support Matrix.

   The deployment may take a few minutes and the dialog will show a progress bar.

6. After you have successfully deployed all the base content packs, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon.

7. Click the + (Add files for deployment) icon.

8. Deploy the CSA sequential design content packs. Navigate to the CSA_HOME/CSAKit-4.8/OO Flow Content/10X directory. Add and deploy the following content packs in the order shown below (after each successful deployment, to add and deploy the next content pack without closing the dialog, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon):

   • oo10.50-csa-integrations-cp-4.70.0000 (for Operations Orchestration versions 10.50 and later)

     or oo10-csa-integrations-cp-4.70.0000 (for Operations Orchestration versions prior to 10.50)

   • oo10-csa-cp-4.50.0000

   The deployment may take a few minutes and the dialog will show a progress bar.

9. After you have successfully deployed all the CSA sequential design content packs, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon.

10. Open a command prompt and extract all the .jar files from the CSA_HOME/Tools/CSLContentInstaller/csa-ootb-content-04.70.000.zip file.

11. Click the + (Add files for deployment) icon.

12. Deploy the CSA content packs. Navigate to the directory in which you extracted all the .jar files. Add and deploy the following content packs in the order shown below (after each successful deployment, to add and deploy the next content pack without closing the dialog, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon):

    Note You can select more than one content pack to add and deploy at the same time. However, the *.util.jar content packs should be deployed first. For example, you can deploy two groups of content packs: select all of the *.util.jar content packs and deploy them first. Then, select the rest of the content packs and deploy them.

    • com.hp.csl.base.util.jar
    • com.hp.csl.middleware.util.jar
    • com.hp.csl.openstack.util.jar
    • com.hp.csl.amazon.ec2.jar
    • com.hp.csl.dma.jar
    • com.hp.csl.goactive.jar
    • com.hp.csl.icsp.jar
    • com.hp.csl.matrix.jar
    • com.hp.csl.na.jar
    • com.hp.csl.oneview.jar
    • com.hp.csl.openstack.jar
    • com.hp.csl.sa.agentinstallation.jar
    • com.hp.csl.sa.softwarepolicies.jar
    • com.hp.csl.sitescope.jar
    • com.hp.csl.sm.jar
    • com.hp.csl.ucmdb.jar
    • com.hp.csl.vmware.vcenter.jar
    • com.hp.csl.vpv.jar

    The deployment may take a few minutes and the dialog will show a progress bar.

13. When you have finished deploying all the content packs, click Close to close the dialog.

Update and Redeploy the Service Manager Base Content Pack

Update and redeploy the oo10-sm-cp-1.0.3.jar base content pack. If you deployed an earlier version of the Service Manager base content pack, you must do the following (if this is a fresh installation of Operations Orchestration and you did not deploy an earlier version of the Service Manager base content pack, you do not have to complete these steps):

1. Stop the Operations Orchestration services:

   Windows:

   1. On the server that hosts Operations Orchestration, navigate to Start > Administrative Tools > Services.

   2. Right-click on the HPE Operations Orchestration Central service and select Stop.

   3. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), navigate to Start > Administrative Tools > Services.

   4. Right-click on the Operations Orchestration RAS service and select Stop.

   Linux:

   1. On the server that hosts Operations Orchestration, run the following command: <HPEOOinstallation>/central/bin/central stop

      For example, /usr/local/hpe/csa/OO/central/bin/central stop

   2. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), run the following command: <HPEOOinstallation>/ras/bin/ras stop.

      For example, /usr/local/hpe/csa/OO/ras/bin/ras stop

2. Clear the Operations Orchestration Central cache by deleting the following folder:
   
   <HPEOOinstallation>/central/var/cache
   
   For example,

   Windows: C:\Program Files\HPE\HPE Operations Orchestration\central\var\cache

   Linux: /usr/local/hpe/csa/oo/central/var/cache

3. If RAS is installed, clear the RAS artifact cache by deleting the following folder (on all RAS systems, including localhost):
   
   <HPEOOinstallation>/ras/var/cache
   
   For example,

   Windows: C:\Program Files\HPE\HPE Operations Orchestration\ras\var\cache

   Linux: /usr/local/hpe/csa/oo/ras/var/cache

4. Run the following SQL command against the Operations Orchestration database:

   DELETE from OO_ARTIFACTS where NAME = 'org/apache/ws/security/wss4j/1.5.7/wss4j-1.5.7.pom' or NAME = 'org/apache/ws/security/wss4j/1.5.7/wss4j-1.5.7.jar'

5. Start the Operations Orchestration services:

   Windows:

   1. On the server that hosts Operations Orchestration, navigate to Start > Administrative Tools > Services.

   2. Right-click the HPE Operations Orchestration Central service and select Start.

   3. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), navigate to Start > Administrative Tools > Services.

   4. Right-click on the Operations Orchestration RAS service and select Start.

   Linux:

   1. On the server that hosts Operations Orchestration, run the following command: <HPEOOinstallation>/central/bin/central start

      For example, /usr/local/hpe/csa/OO/central/bin/central start

   2. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), run the following command: <HPEOOinstallation>/ras/bin/ras start.

      For example, /usr/local/hpe/csa/OO/ras/bin/ras start

6. Redeploy the oo10-sm-cp-1.0.3.jar base content pack:

   1. Log in to Operations Orchestration Central and click Content Management.

   2. Click the Content Packs tab.
   3. Click the Deploy New Content icon.
   4. In the Deploy New Content dialog, in the upper left corner, click the + (Add files for deployment) icon.

   5. Navigate to the CSA_HOME/oo/ooContentPack directory and select oo10-sm-cp-1.0.3.jar.

   6. Click Deploy.

      The deployment may take a few minutes and the dialog will show a progress bar.

   7. Click Close.

Set Up System Accounts for the Content Packs

Set up system accounts for the content packs:

1. Log in to Operations Orchestration Central.
2. Click Content Management.
3. Select Configuration Items > System Accounts.
4. Click the Add icon.

5. Enter the following information if it is not already configured:

   Field	Recommended Value
   System Account Name	CSA_REST_CREDENTIALS
   User Name	ooInboundUser
   Password	cloud

   Note The User Name configured for the CSA_REST_CREDENTIALS System Account setting must match the Override Value configured for the CSA_OO_USER System Property setting.

6. Click Save.
7. Click the Add icon.

8. Enter the following information if it is not already configured:

   Field	Recommended Value
   System Account Name	CSA_SERVICEMANAGER_CREDENTIALS
   User Name	falcon
   Password	<leave_blank>

9. Click Save.

Set Up System Properties for the Content Packs

Set up the following system properties for the content packs:

1. Log in to Operations Orchestration Central.
2. Click Content Management.
3. Select Configuration Items > System Properties.
4. Click the Add icon.

5. Enter the following information if it is not already configured:

   Field	Recommended Value
   Name	CSA_REST_URI
   Override Value	https://<csa_hostname>:8444/csa/rest

6. Click Save.

Configure a Secure Connection between CSA and OO

Export Operations Orchestration's certificate from Operations Orchestration's truststore. If Operations Orchestration and CSA are not installed on the same system, copy the certificate to the CSA system and import the certificate into CSA's truststore. TLS must be configured between CSA and Operations Orchestration.

Do the following:

1. On the system running Operations Orchestration, open a command prompt and change to the directory where Operations Orchestration is installed.

2. Run the following command:

   Windows:
   .\java\bin\keytool -export -alias tomcat -file C:\oo.cer
-keystore .\Central\var\security\key.store -storepass changeit

   Linux:

   ./java/bin/keytool -export -alias tomcat -file /tmp/oo.cer
-keystore ./Central/var/security/key.store -storepass changeit

   where C:\oo.cer on Windows and /tmp/oo.cer on Linux are examples is an example of a filename and location used to store the exported root certificate (you can choose a different filename and location).

3. If Operations Orchestration is not running on the same system as CSA, copy oo.cer from the Operations Orchestration system to the system running CSA.
4. On the system running CSA, open a command prompt.

5. Run the following command:

   Windows:

   "CSA_JRE_HOME\bin\keytool" -importcert -alias tomcat -file C:\oo.cer -trustcacerts -keystore "CSA_JRE_HOME\lib\security\cacerts"

   Linux:

   CSA_JRE_HOME/bin/keytool -importcert -alias tomcat -file /tmp/oo.cer -trustcacerts -keystore CSA_JRE_HOME/lib/security/cacerts

   where CSA_JRE_HOME is the directory in which the JRE that is used by CSA is installed

6. When prompted for the keystore password, enter changeit.

7. Enter yes when prompted to trust the certificate.

Configure HP Single Sign-On between CSA and OO

If HP Single Sign-On (HP SSO) was enabled during installation of CSA, SSO can be configured between CSA and Operations Orchestration. Configuring HP SSO allows you to launch Operations Orchestration from the Cloud Service Management Console without having to log in to Operations Orchestration.

CSA provides a login user (admin) and password (cloud) and, earlier in this guide, you configured an internal user for Operations Orchestration with the same user name and password. When Single Sign-On is configured between CSA and Operations Orchestration, this user can be used for single sign-on. That is, if you are logged in to CSA as the admin user, you can launch Operations Orchestration from the Cloud Service Management Console and not have to log in to Operations Orchestration.

You can also configure LDAP users for single sign-on. To enable single sign-on for LDAP users, you must either configure CSA and the embedded Operations Orchestration to use the same LDAP source or, if CSA and the embedded Operations Orchestration use different LDAP sources, configure the same users in both sources. In either case, the CSA user must be assigned to the CSA Administrator or Service Operations Manager role and the embedded Operations Orchestration user must be assigned any role that allows flows to be viewed.

Configure and Enable HP Single Sign-On

To configure and enable HP SSO on Operations Orchestration, do the following:

1. Log in to Operations Orchestration Central.

2. Click the System Configuration button.

3. Select Security > SSO.

4. Select the Enable checkbox.

5. Enter the InitString. The initString setting for CSA and Operations Orchestration must be configured to the same value. In CSA, initString is configured in the crypto element in the CSA_HOME/jboss-as/standalone/deployments/idm.war/WEB-INF/hpssoConfiguration.xml file. The initString value represents a secret key and should be treated as such in your environment (this string is used to encrypt and decrypt the LWSSO_COOKIE_KEY cookie that is used to authenticate the user for single sign-on).

6. Enter the Domain. This is the domain name of the network of the servers on which CSA and Operations Orchestration are installed.

7. Click Save.

Configure LDAP Users for Single Sign-On

To enable single sign-on for LDAP users, you must either configure CSA and Operations Orchestration to use the same LDAP source or, if CSA and Operations Orchestration use different LDAP sources, configure the same users in both sources. In either case, the CSA user must be assigned to the CSA Administrator or Service Operations Manager role and the Operations Orchestration user must be assigned any role that allows flows to be viewed.

To configure LDAP for Operations Orchestration, do the following:

1. Log in to Operations Orchestration Central.

2. Click the System Configuration button.

3. Select Security > LDAP.

4. Enter the information to configure LDAP.

5. Click Save.

Obscure Passwords in OO Flows (Optional)

Some Operations Orchestration flows included with CSA may show passwords in clear text when viewed in Operations Orchestration Central. You can obscure these passwords by modifying the flow in Operations Orchestration Studio.

To obscure passwords in Operations Orchestration flows:

1. Open Operations Orchestration Studio.
2. Locate the flow to update.

3. Right-click on the flow and select References > What uses this?.

   A list of flows that use the flow is displayed (that is, the flow to update is a subflow of the flows displayed in the list).

4. Select a flow from the list of flows.
5. Locate the subflow (the flow to update).
6. Right-click on the subflow and select Properties.
7. Located the property to obscure (such as a password), enable it, but do not assign a value to it.
8. Save the flow.
9. Repeat this procedure for every flow from the list of flows.