Administer > Configuration > Operations Orchestration > Configure Operations Orchestration for Topology Designs

Configure OO for Topology Designs

The following tasks are to configure OO for topology designs. Configure only one instance of OO for topology designs.

Note If you followed the instructions in the Install or Upgrade to configure Operations Orchestration, you should have already completed the tasks in this section.

Complete the following tasks to configure OO to integrate with CSA:

Note In the following instructions,

CSA_HOME is the directory in which CSA is installed

and OO_HOME is where you installed Operations Orchestration.

Be sure all the latest patches for Operations Orchestration have been installed. See the Cloud Service Automation System and Software Support Matrix for more information.

Guides are available on the HPE Software Support web site at: https://softwaresupport.hpe.com (this site requires a Passport ID). Select Dashboards > Manuals.

Configure an Internal User

Internal users can be used to configure Operations Orchestration for CSA.

This user is used for provisioning topology designs.

  1. Log in to OO Central.

  2. Click the System Configuration button.
  3. Select Security > Internal Users.

  4. Click the + (Add) icon.

  5. Enter the following information:

    Field Recommended Value
    User Name admin
    Password cloud
    Roles ADMINISTRATOR, SYSTEM_ADMIN

    The admin user is used with HP Single Sign-On (HPSSO). When Operations Orchestration is launched from the Cloud Service Management Console, this user allows access to Operations Orchestration without having to log in. If you are using topology designs, the admin user can also be used for provisioning topology designs.

  6. Click Save.

Deploy Content Packs

  1. From OO Central, click Content Management.

  2. Click the Content Packs tab.
  3. Click the Deploy New Content icon.
  4. In the Deploy New Content dialog, in the upper left corner, click the + (Add files for deployment) icon.
  5. Click the + (Add files for deployment) icon.

  6. Open a command prompt and open the CSA_HOME/Tools/ComponentTool/contentpacks/component-upload-sequence.txt file.

  7. Deploy the Component Tool content packs. From Operations Orchestration Central, navigate to the CSA_HOME/Tools/ComponentTool/contentpacks/ directory. Add and deploy the content packs in the order listed in the component-upload-sequence.txt file (after each successful deployment, to add and deploy the next content pack without closing the dialog, click the Reset icon in the upper left corner to clear the dialog and enable the + (Add files for deployment) icon):

    The deployment may take a few minutes and the dialog will show a progress bar.

  8. When the deployment succeeds, click Close to close the dialog.

Configure OO Properties in the csa.properties File

If you integrated with OO using the installer during the installation or upgrade process during the installation or upgrade process, you do not need to configure these properties (they are already configured). These properties are used to integrate with Operations Orchestration. In the subscription event overview section of the (Undefined variable: CSAVariables.tabOperations) area in the Cloud Service Management Console, selecting the Process ID opens Operations Orchestration to the detailed page of the selected process when these properties are configured.

Edit the CSA_HOME/jboss-as/standalone/deployments/csa.war/WEB-INF/classes/csa.properties file and configure the following properties:

Property Description
OOS_URL

The URL used to access Operations Orchestration Central. This is the Operations Orchestration used for provisioning topology designs. For example, https://<hostname>:8445.

This property is automatically set during installation. If you are using the embedded Operations Orchestration that is included with CSA, this property is set using the values entered for the Fully qualified domain name on Windows or the Fully Qualified Hostname on Linux and HPE OO Port fields during installation. If you are using a standalone/external Operations Orchestration, this property is set using the values entered for the HPE OO Hostname and HPE OO Port fields during installation.
OOS_USERNAME

The username used to log in to Operations Orchestration Central.

This property is automatically set during installation using the value entered for the HPE OO User Name field during installation.
OOS_PASSWORD

The encrypted password used by the user defined in OOS_USERNAME to log in to Operations Orchestration Central.

This property is automatically set during installation using the value entered for the HPE OO Password field during installation.

embedded.oo.root.dir

Location of the embedded Operations Orchestration when it is installed with CSA. This property is generated when embedded Operations Orchestration is installed during the CSA installation.

This property is the only indicator of embedded Operations Orchestration, which is important mainly for uninstallation and upgrades. This property cannot be edited.

Configure a Secure Connection between CSA and OO

If you integrated with OO using the installer during the installation or upgrade process, you do not need to configure a secure connection (it has already been configured).

Export Operations Orchestration's certificate from Operations Orchestration's truststore. If Operations Orchestration and CSA are not installed on the same system, copy the certificate to the CSA system and import the certificate into CSA's truststore. TLS must be configured between CSA and Operations Orchestration.

Do the following:

  1. On the system running Operations Orchestration, open a command prompt and change to the directory where Operations Orchestration is installed.

  2. Run the following command:

    Windows:
    .\java\bin\keytool -export -alias tomcat -file C:\oo.cer
    -keystore .\Central\var\security\key.store -storepass changeit

    Linux:

    ./java/bin/keytool -export -alias tomcat -file /tmp/oo.cer
    -keystore ./Central/var/security/key.store -storepass changeit

    where C:\oo.cer on Windows and /tmp/oo.cer on Linux are examples is an example of a filename and location used to store the exported root certificate (you can choose a different filename and location).

  3. If Operations Orchestration is not running on the same system as CSA, copy oo.cer from the Operations Orchestration system to the system running CSA.
  4. On the system running CSA, open a command prompt.

  5. Run the following command:

    Windows:

    "CSA_JRE_HOME\bin\keytool" -importcert -alias tomcat -file C:\oo.cer -trustcacerts -keystore "CSA_JRE_HOME\lib\security\cacerts"

    Linux:

    CSA_JRE_HOME/bin/keytool -importcert -alias tomcat -file /tmp/oo.cer -trustcacerts -keystore CSA_JRE_HOME/lib/security/cacerts

    where CSA_JRE_HOME is the directory in which the JRE that is used by CSA is installed

  6. When prompted for the keystore password, enter changeit.

  7. Enter yes when prompted to trust the certificate.

Run the Cloud Content Capsule Installer

The Cloud Content Capsule Installer is used to install and update content for CSA and Operations Orchestration.

  1. Open a command prompt and navigate to the CSA_HOME/Tools/CSLContentInstaller directory.

  2. Run the following command:

    Windows:

    "CSA_JRE_HOME\bin\java"\bin\java -jar csl-content-installer.jar

    Linux:

    CSA_JRE_HOME/bin/java -jar csl-content-installer.jar

    where CSA_JRE_HOME is the directory in which the JRE that is used by CSA is installed.

  3. From the installer, enter the information to deploy content to Operations Orchestration and import service designs into CSA.

    For more information about the Cloud Content Capsule Installer, see the Cloud Service Automation Capsule Installer Guide.

Update and Redeploy the Service Manager Base Content Pack

Update and redeploy the oo10-sm-cp-1.0.3.jar base content pack. If you deployed an earlier version of the Service Manager base content pack, you must do the following (if this is a fresh installation of Operations Orchestration and you did not deploy an earlier version of the Service Manager base content pack, you do not have to complete these steps):

  1. Stop the Operations Orchestration services:

    Windows:

    1. On the server that hosts Operations Orchestration, navigate to Start > Administrative Tools > Services.

    2. Right-click on the HPE Operations Orchestration Central service and select Stop.

    3. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), navigate to Start > Administrative Tools > Services.

    4. Right-click on the Operations Orchestration RAS service and select Stop.

    Linux:

    1. On the server that hosts Operations Orchestration, run the following command: <HPEOOinstallation>/central/bin/central stop

      For example, /usr/local/hpe/csa/OO/central/bin/central stop

    2. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), run the following command: <HPEOOinstallation>/ras/bin/ras stop.

      For example, /usr/local/hpe/csa/OO/ras/bin/ras stop

  2. Clear the Operations Orchestration Central cache by deleting the following folder:

    <HPEOOinstallation>/central/var/cache

    For example,

    Windows: C:\Program Files\HPE\HPE Operations Orchestration\central\var\cache

    Linux: /usr/local/hpe/csa/oo/central/var/cache

  3. If RAS is installed, clear the RAS artifact cache by deleting the following folder (on all RAS systems, including localhost):

    <HPEOOinstallation>/ras/var/cache

    For example,

    Windows: C:\Program Files\HPE\HPE Operations Orchestration\ras\var\cache

    Linux: /usr/local/hpe/csa/oo/ras/var/cache

  4. Run the following SQL command against the Operations Orchestration database:

    DELETE from OO_ARTIFACTS where NAME = 'org/apache/ws/security/wss4j/1.5.7/wss4j-1.5.7.pom' or NAME = 'org/apache/ws/security/wss4j/1.5.7/wss4j-1.5.7.jar'

  5. Start the Operations Orchestration services:

    Windows:

    1. On the server that hosts Operations Orchestration, navigate to Start > Administrative Tools > Services.

    2. Right-click the HPE Operations Orchestration Central service and select Start.

    3. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), navigate to Start > Administrative Tools > Services.

    4. Right-click on the Operations Orchestration RAS service and select Start.

    Linux:

    1. On the server that hosts Operations Orchestration, run the following command: <HPEOOinstallation>/central/bin/central start

      For example, /usr/local/hpe/csa/OO/central/bin/central start

    2. If you installed the Remote Action Server (RAS), on all RAS systems (including localhost), run the following command: <HPEOOinstallation>/ras/bin/ras start.

      For example, /usr/local/hpe/csa/OO/ras/bin/ras start

  6. Redeploy the oo10-sm-cp-1.0.3.jar base content pack:

    1. Log in to Operations Orchestration Central and click Content Management.

    2. Click the Content Packs tab.
    3. Click the Deploy New Content icon.
    4. In the Deploy New Content dialog, in the upper left corner, click the + (Add files for deployment) icon.

    5. Navigate to the CSA_HOME/oo/ooContentPack directory and select oo10-sm-cp-1.0.3.jar.

    6. Click Deploy.

      The deployment may take a few minutes and the dialog will show a progress bar.

    7. Click Close.

Configure Single Sign-On between CSA and OO

If HP Single Sign-On (HP SSO) was enabled during installation of CSA, SSO can be configured between CSA and Operations Orchestration. Configuring HP SSO allows you to launch Operations Orchestration from the Cloud Service Management Console without having to log in to Operations Orchestration.

CSA provides a login user (admin) and password (cloud) and, earlier in this guide, you configured an internal user for Operations Orchestration with the same user name and password. When Single Sign-On is configured between CSA and Operations Orchestration, this user can be used for single sign-on. That is, if you are logged in to CSA as the admin user, you can launch Operations Orchestration from the Cloud Service Management Console and not have to log in to Operations Orchestration.

You can also configure LDAP users for single sign-on. To enable single sign-on for LDAP users, you must either configure CSA and the embedded Operations Orchestration to use the same LDAP source or, if CSA and the embedded Operations Orchestration use different LDAP sources, configure the same users in both sources. In either case, the CSA user must be assigned to the CSA Administrator or Service Operations Manager role and the embedded Operations Orchestration user must be assigned any role that allows flows to be viewed.

Note To use HP SSO between CSA and Operations Orchestration, the systems on which CSA and Operations Orchestration are installed must be in the same domain.

Configure and Enable HP Single Sign-On

To configure and enable HP SSO on Operations Orchestration, do the following:

  1. Log in to Operations Orchestration Central.

  2. Click the System Configuration button.

  3. Select Security > SSO.

  4. Select the Enable checkbox.

  5. Enter the InitString. The initString setting for CSA and Operations Orchestration must be configured to the same value. In CSA, initString is configured in the crypto element in the CSA_HOME/jboss-as/standalone/deployments/idm.war/WEB-INF/hpssoConfiguration.xml file. The initString value represents a secret key and should be treated as such in your environment (this string is used to encrypt and decrypt the LWSSO_COOKIE_KEY cookie that is used to authenticate the user for single sign-on).

  6. Enter the Domain. This is the domain name of the network of the servers on which CSA and Operations Orchestration are installed.

  7. Click Save.

Configure LDAP Users for Single Sign-On

To enable single sign-on for LDAP users, you must either configure CSA and Operations Orchestration to use the same LDAP source or, if CSA and Operations Orchestration use different LDAP sources, configure the same users in both sources. In either case, the CSA user must be assigned to the CSA Administrator or Service Operations Manager role and the Operations Orchestration user must be assigned any role that allows flows to be viewed.

To configure LDAP for Operations Orchestration, do the following:

  1. Log in to Operations Orchestration Central.

  2. Click the System Configuration button.

  3. Select Security > LDAP.

  4. Enter the information to configure LDAP.

  5. Click Save.

Obscure Passwords in OO Flows (Optional)

Some OO flows included with CSA may show passwords in clear text when viewed in OO Central. You can obscure these passwords by modifying the flow in OO Studio.

Note You must have OO Studio installed. OO Studio is supported on Windows platforms only and is not part of the embedded OO that is included with CSA. See the OO documentation, such as the OO System Requirements, for more information about OO Studio.

To obscure passwords in OO flows:

  1. Open OO Studio.
  2. Locate the flow to update.

  3. Right-click on the flow and select References > What uses this?.

    A list of flows that use the flow is displayed (that is, the flow to update is a subflow of the flows displayed in the list).

  4. Select a flow from the list of flows.
  5. Locate the subflow (the flow to update).
  6. Right-click on the subflow and select Properties.
  7. Located the property to obscure (such as a password), enable it, but do not assign a value to it.
  8. Save the flow.
  9. Repeat this procedure for every flow from the list of flows.

Send Help Center feedback