Administer > Configuration > Operations Orchestration Manual Configuration for Designs > Manually Configure Operations Orchestration for Topology Designs

Manually Configure Operations Orchestration for Topology Designs

The following tasks are to configure OO for topology designs. Configure only one instance of OO for topology designs without using the Cloud Content Capsule Installer.

Note If you followed the instructions in the Install or Upgrade to configure Operations Orchestration, you should have already completed the tasks in this section.

Complete the following tasks to configure OO to integrate with CSA:

  • Configure a secure connection between CSA and OO
  • Configure an internal user
  • Deploy content packs
  • Update the Service Manager base content pack
  • Configure properties in CSA
  • Configure Single Sign-On
  • Obscure passwords in OO flows (optional)

Note In the following instructions,

CSA_HOME is the directory in which CSA is installed

and OO_HOME is where you installed Operations Orchestration.

Be sure all the latest patches for Operations Orchestration have been installed. See the Cloud Service Automation System and Software Support Matrix for more information.

Guides are available on the HPE Software Support web site at: https://softwaresupport.hpe.com (this site requires a Passport ID). Select Dashboards > Manuals.

Configure a Secure Connection between CSA and OO

Export Operations Orchestration's certificate from Operations Orchestration's truststore. If Operations Orchestration and CSA are not installed on the same system, copy the certificate to the CSA system and import the certificate into CSA's truststore. TLS must be configured between CSA and Operations Orchestration.

Do the following:

  1. On the system running Operations Orchestration, open a command prompt and change to the directory where Operations Orchestration is installed.
  2. Run the following command:

    Windows:
    .\java\bin\keytool -export -alias tomcat -file C:\oo.cer
    -keystore .\Central\var\security\key.store -storepass changeit

    Linux:

    ./java/bin/keytool -export -alias tomcat -file /tmp/oo.cer
    -keystore ./Central/var/security/key.store -storepass changeit

    where C:\oo.cer on Windows and /tmp/oo.cer on Linux are examples is an example of a filename and location used to store the exported root certificate (you can choose a different filename and location).

  3. If Operations Orchestration is not running on the same system as CSA, copy oo.cer from the Operations Orchestration system to the system running CSA.
  4. On the system running CSA, open a command prompt.
  5. Run the following command:

    Windows:

    "CSA_JRE_HOME\bin\keytool" -importcert -alias tomcat -file C:\oo.cer -trustcacerts -keystore "CSA_JRE_HOME\lib\security\cacerts"

    Linux:

    CSA_JRE_HOME/bin/keytool -importcert -alias tomcat -file /tmp/oo.cer -trustcacerts -keystore CSA_JRE_HOME/lib/security/cacerts

    where CSA_JRE_HOME is the directory in which the JRE that is used by CSA is installed

  6. When prompted for the keystore password, enter changeit.

  7. Enter yes when prompted to trust the certificate.

Configure an Internal User

Internal users can be used to configure Operations Orchestration for CSA.

This user is used for provisioning topology designs.

  1. From the system on which CSA is installed (the system on which the content packs are installed), log in to OO Central.

  2. Click System Configuration.
  3. Select Security > Internal Users.
  4. Click the + (Add) icon.

  5. Enter the following information:

    Field Recommended Value
    User Name admin
    Password cloud
    Roles ADMINISTRATOR, SYSTEM_ADMIN

    The admin user is used with HP Single Sign-On (HPSSO). When Operations Orchestration is launched from the Cloud Service Management Console, this user allows access to Operations Orchestration without having to log in. If you are using topology designs, the admin user can also be used for provisioning topology designs.

  6. Click Save.

Deploy Content Packs

The following groups of content packs must be deployed in the order described below:

  • Base content packs
  • Component Tool content packs
  • CSA content packs
  • Codar content packs (optional)

Note Do not deploy the Component Tool and CSA content packs until after you have deployed the base content packs. These content packs must be deployed separately from the base content packs and after you have deployed the base content packs.

  1. From Operations Orchestration Central, click Content Management.

  2. Click the Content Packs tab.
  3. Click the Deploy New Content icon.
  4. In the Deploy New Content dialog, in the upper left corner, click the + (Add files for deployment) icon.
  5. Deploy the base content packs. Navigate to the CSA_HOME/oo/ooContentPack directory and add and deploy the content packs. For the list of content packs, see the Cloud Service Automation System and Software Support Matrix.

    The deployment may take a few minutes and the dialog will show a progress bar.

  6. After you have successfully deployed all the base content packs, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon.

  7. Click the + (Add files for deployment) icon.
  8. Open a command prompt and open the CSA_HOME/Tools/ComponentTool/contentpacks/component-upload-sequence.txt file.

  9. Deploy the Component Tool content packs. From Operations Orchestration Central, navigate to the CSA_HOME/Tools/ComponentTool/contentpacks/ directory. Add and deploy the content packs in the order listed in the component-upload-sequence.txt file (after each successful deployment, to add and deploy the next content pack without closing the dialog, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon):

    The deployment may take a few minutes and the dialog will show a progress bar.

  10. After you have successfully deployed all the Component Tool content packs, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon.

  11. Open a command prompt and extract all the .jar files from the CSA_HOME/Tools/CSLContentInstaller/csa-ootb-content-04.70.000.zip file.

  12. From OO Central, click the + (Add files for deployment) icon.
  13. Deploy the CSA content packs. Navigate to the directory in which you extracted all the .jar files. Add and deploy the following content packs shown below (after each successful deployment, to add and deploy the next content pack without closing the dialog, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon):

    Note You can select more than one content pack to add and deploy at the same time. You may add and deploy all of these CSA content packs at the same time.

    • com.hp.csl.amazon.ec2.topology.jar
    • com.hp.csl.openstack.topology.jar
    • com.hp.csl.sitescope.topology.jar
    • com.hp.csl.vcenter.topology.jar

    The deployment may take a few minutes and the dialog will show a progress bar.

  14. If you want to install the Codar content packs (these steps are optional), open a command prompt and extract all the .jar files from the CSA_HOME/Tools/CSLContentInstaller/codar-ootb-content-01.70.000.zip file.

  15. From OO Central, click the + (Add files for deployment) icon.
  16. Deploy the Codar content packs. Navigate to the directory in which you extracted all the Codar .jar files. Add and deploy the following content packs shown below (after each successful deployment, to add and deploy the next content pack without closing the dialog, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon):

    Note You can select more than one content pack to add and deploy at the same time. You may add and deploy all of these Codar content packs at the same time.

    • CODAR-cp-1.00.0000.jar
    • CSA-HPOO-cp-4.50.0000.jar
    • EXISTING-INFRASTRUCTURE-WINDOWS-cp-1.50.0000.jar

    The deployment may take a few minutes and the dialog will show a progress bar.

  17. When you have finished deploying all the content packs, click Close to close the dialog.

Update and Redeploy the Service Manager Base Content Pack

Update and redeploy the oo10-sm-cp-1.0.3.jar base content pack. If you deployed an earlier version of the Service Manager base content pack, you must do the following (if this is a fresh installation of Operations Orchestration and you did not deploy an earlier version of the Service Manager base content pack, you do not have to complete these steps):

  1. Stop the Operations Orchestration services:

    Windows:

    1. On the server that hosts Operations Orchestration, navigate to Start > Administrative Tools > Services.

    2. Right-click on the HPE Operations Orchestration Central service and select Stop.

    3. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), navigate to Start > Administrative Tools > Services.

    4. Right-click on the Operations Orchestration RAS service and select Stop.

    Linux:

    1. On the server that hosts Operations Orchestration, run the following command: <HPEOOinstallation>/central/bin/central stop

      For example, /usr/local/hpe/csa/OO/central/bin/central stop

    2. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), run the following command: <HPEOOinstallation>/ras/bin/ras stop.

      For example, /usr/local/hpe/csa/OO/ras/bin/ras stop

  2. Clear the Operations Orchestration Central cache by deleting the following folder:

    <HPEOOinstallation>/central/var/cache

    For example,

    Windows: C:\Program Files\HPE\HPE Operations Orchestration\central\var\cache

    Linux: /usr/local/hpe/csa/oo/central/var/cache

  3. If RAS is installed, clear the RAS artifact cache by deleting the following folder (on all RAS systems, including localhost):

    <HPEOOinstallation>/ras/var/cache

    For example,

    Windows: C:\Program Files\HPE\HPE Operations Orchestration\ras\var\cache

    Linux: /usr/local/hpe/csa/oo/ras/var/cache

  4. Run the following SQL command against the Operations Orchestration database:

    DELETE from OO_ARTIFACTS where NAME = 'org/apache/ws/security/wss4j/1.5.7/wss4j-1.5.7.pom' or NAME = 'org/apache/ws/security/wss4j/1.5.7/wss4j-1.5.7.jar'

  5. Start the Operations Orchestration services:

    Windows:

    1. On the server that hosts Operations Orchestration, navigate to Start > Administrative Tools > Services.

    2. Right-click the HPE Operations Orchestration Central service and select Start.

    3. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), navigate to Start > Administrative Tools > Services.

    4. Right-click on the Operations Orchestration RAS service and select Start.

    Linux:

    1. On the server that hosts Operations Orchestration, run the following command: <HPEOOinstallation>/central/bin/central start

      For example, /usr/local/hpe/csa/OO/central/bin/central start

    2. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), run the following command: <HPEOOinstallation>/ras/bin/ras start.

      For example, /usr/local/hpe/csa/OO/ras/bin/ras start

  6. Redeploy the oo10-sm-cp-1.0.3.jar base content pack:

    1. Log in to Operations Orchestration Central and click Content Management.

    2. Click the Content Packs tab.
    3. Click the Deploy New Content icon.
    4. In the Deploy New Content dialog, in the upper left corner, click the + (Add files for deployment) icon.
    5. Navigate to the CSA_HOME/oo/ooContentPack directory and select oo10-sm-cp-1.0.3.jar.

    6. Click Deploy.

      The deployment may take a few minutes and the dialog will show a progress bar.

    7. Click Close.

Configure OO Properties in the csa.properties File

If you integrated with OO using the installer (during the installation or upgrade process), you do not need to configure these properties (they are already configured). These properties are used to integrate with Operations Orchestration. In the subscription event overview section of the (Undefined variable: CSAVariables.tabOperations) area in the Cloud Service Management Console, selecting the Process ID opens Operations Orchestration to the detailed page of the selected process when these properties are configured.

To configure the OO properties:

  1. Edit the CSA_HOME/jboss-as/standalone/deployments/csa.war/WEB-INF/classes/csa.properties file and configure the following properties:

    Property Description
    OOS_URL

    The URL used to access Operations Orchestration Central. This is the Operations Orchestration used for provisioning topology designs. For example, https://<hostname>:8445.

    This property is automatically set during installation. If you are using the embedded Operations Orchestration that is included with CSA, this property is set using the values entered for the Fully qualified domain name on Windows or the Fully Qualified Hostname on Linux and HPE OO Port fields during installation. If you are using a standalone/external Operations Orchestration, this property is set using the values entered for the HPE OO Hostname and HPE OO Port fields during installation.

    OOS_USERNAME

    The username used to log in to Operations Orchestration Central.

    This property is automatically set during installation using the value entered for the HPE OO User Name field during installation.

    OOS_PASSWORD

    The encrypted password used by the user defined in OOS_USERNAME to log in to Operations Orchestration Central.

    This property is automatically set during installation using the value entered for the HPE OO Password field during installation.

    embedded.oo.root.dir

    Location of the embedded Operations Orchestration when it is installed with CSA. This property is generated when embedded Operations Orchestration is installed during the CSA installation.

    This property is the only indicator of embedded Operations Orchestration, which is important mainly for uninstallation and upgrades. This property cannot be edited.

  2. Restart CSA.

    See Restart CSA for instructions.

Configure Single Sign-On between CSA and OO

If HP Single Sign-On (HP SSO) was enabled during installation of CSA, SSO can be configured between CSA and Operations Orchestration. Configuring HP SSO allows you to launch Operations Orchestration from the Cloud Service Management Console without having to log in to Operations Orchestration.

CSA provides a login user (admin) and password (cloud) and, earlier in this guide, you configured an internal user for Operations Orchestration with the same user name and password. When Single Sign-On is configured between CSA and Operations Orchestration, this user can be used for single sign-on. That is, if you are logged in to CSA as the admin user, you can launch Operations Orchestration from the Cloud Service Management Console and not have to log in to Operations Orchestration.

You can also configure LDAP users for single sign-on. To enable single sign-on for LDAP users, you must either configure CSA and the embedded Operations Orchestration to use the same LDAP source or, if CSA and the embedded Operations Orchestration use different LDAP sources, configure the same users in both sources. In either case, the CSA user must be assigned to the CSA Administrator or Service Operations Manager role and the embedded Operations Orchestration user must be assigned any role that allows flows to be viewed.

Note To use HP SSO between CSA and Operations Orchestration, the systems on which CSA and Operations Orchestration are installed must be in the same domain.

Configure and Enable HP Single Sign-On

To configure and enable HP SSO on Operations Orchestration, do the following:

  1. Log in to Operations Orchestration Central.

  2. Click the System Configuration button.

  3. Select Security > SSO.

  4. Select the Enable checkbox.

  5. Enter the InitString. The initString setting for CSA and Operations Orchestration must be configured to the same value. In CSA, initString is configured in the crypto element in the CSA_HOME/jboss-as/standalone/deployments/idm.war/WEB-INF/hpssoConfiguration.xml file. The initString value represents a secret key and should be treated as such in your environment (this string is used to encrypt and decrypt the LWSSO_COOKIE_KEY cookie that is used to authenticate the user for single sign-on).

  6. Enter the Domain. This is the domain name of the network of the servers on which CSA and Operations Orchestration are installed.

  7. Click Save.

Configure LDAP Users for Single Sign-On

To enable single sign-on for LDAP users, you must either configure CSA and Operations Orchestration to use the same LDAP source or, if CSA and Operations Orchestration use different LDAP sources, configure the same users in both sources. In either case, the CSA user must be assigned to the CSA Administrator or Service Operations Manager role and the Operations Orchestration user must be assigned any role that allows flows to be viewed.

To configure LDAP for Operations Orchestration, do the following:

  1. Log in to Operations Orchestration Central.

  2. Click the System Configuration button.

  3. Select Security > LDAP.

  4. Enter the information to configure LDAP.
  5. Click Save.

Obscure Passwords in OO Flows (Optional)

Some Operations Orchestration flows included with CSA may show passwords in clear text when viewed in Operations Orchestration Central. You can obscure these passwords by modifying the flow in Operations Orchestration Studio.

Note You must have Operations Orchestration Studio installed. Operations Orchestration Studio is supported on Windows platforms only and is not part of the embedded Operations Orchestration that is included with CSA. See the Operations Orchestration documentation, such as the Operations Orchestration System Requirements, for more information about Operations Orchestration Studio.

To obscure passwords in Operations Orchestration flows:

  1. Open Operations Orchestration Studio.
  2. Locate the flow to update.
  3. Right-click on the flow and select References > What uses this?.

    A list of flows that use the flow is displayed (that is, the flow to update is a subflow of the flows displayed in the list).

  4. Select a flow from the list of flows.
  5. Locate the subflow (the flow to update).
  6. Right-click on the subflow and select Properties.
  7. Located the property to obscure (such as a password), enable it, but do not assign a value to it.
  8. Save the flow.
  9. Repeat this procedure for every flow from the list of flows.