Configure the Cloud Optimizer Side-Bar Menu

Cloud Optimizer is a web-based analysis and visualization tool that analyzes performance trends of elements in virtualized environments. When Cloud Optimizer is integrated with CSA, Cloud Optimizer provides the ability to:

  • Monitor the performance
  • Analyze the capacity, usage, and forecast trends of the virtualized infrastructure
  • Show health status information for the CSA service subscription

The Cloud Service Management Console provides the Cloud Optimizer menu item that launches the product web page for Cloud Optimizer. To use Cloud Optimizer you need to configure the menu item to launch the Cloud Optimizer dashboard. To see the health status information in CSA, you must have a provider configured and enabled for Cloud Optimizer.

Cloud Optimizer supports the vcentre and Helion Open Stack providers.

The following roles can access the Cloud Optimizer menu in the Management Console: Administrator, Service Designer, Service Business Manager, Resource Supply Manager, and Service Operations Manager.

Prerequisites

  • You must have Cloud Optimizer installed and properly configured in your CSA environment.
  • You must configure the Cloud Optimizer Health Status.
  • To ensure seamless navigation between the products, make sure that the HP SSO for Cloud Optimizer is configured to enable logging on to CSA.
  • For HP SSO between CSA and Cloud Optimizer to work successfully, both products have to be installed on machines that are in the same Domain. The value of Domain and Protected Domain parameters specified for HP SSO configuration must be the same.

  • When configuring HP SSO for Cloud Optimizer, the initString setting for CSA and Cloud Optimizer must be configured to the same value. In CSA, initString is configured in the crypto element in the CSA_HOME/jboss-as/standalone/deployments/csa.war/WEB-INF/hpssoConfiguration.xml file. The initString value represents a secret key and should be treated as such in your environment.
  • You must configure users for both CSA and Cloud Optimizer for single sign-on (each user must have the same name and password). You can also configure LDAP users for single sign-on. To enable single sign-on for LDAP users, you must either configure CSA and Cloud Optimizer to use the same LDAP source or, if CSA and Cloud Optimizer use different LDAP sources, configure the same users in both sources. In either case, the CSA user must be assigned to the appropriate role to access the menu items that launch Cloud Optimizer and the Cloud Optimizer user must be assigned a role that allows it to perform the expected functions in Cloud Optimizer.

  • Review the Cloud Optimizer online help for more information.

 

Configure the Cloud Optimizer Menu in the Cloud Service Management Console

To configure the Cloud Optimizer menu in the Cloud Service Management Console, complete the following steps:

  1. Make a backup of the CSA_HOME/jboss‑as/standalone/deployments/csa.war/dashboard/config.json file (where

    CSA_HOME is the directory in which CSA is installed

    ).
  2. Edit the CSA_HOME/jboss‑as/standalone/deployments/csa.war/dashboard/config.json file.
  3. Search for a menu item called cloud_optimizer. You can search for the occurrence of the following text: "id": "cloud_optimizer".
  4. In the data section, change the URL from the Cloud Optimizer product web page to the Cloud Optimizer dashboard URL. For example, change "http://www8.mydomain.com/us/en/software-solutions/vpv-server-virtualization-management/" to "<VPV_FQDN>:8444/PV/?CTX=CSA where <VPV_FQDN> is the fully-qualified domain name of the Cloud Optimizer installation.
  5. Save and exit the file.
  6. If you are logged in to the Cloud Service Management Console, clear the browser cache (see Clear the web browser cache for information about how to clear the web browser cache) and refresh the browser to view the changes. Clearing the browser cache is optional (a troubleshooting step).

    Note The changes do not require you to restart CSA.

 

Configure the Cloud Optimizer Health Status for CSA

CSA and Cloud Optimizer integration provides health status information for the CSA service subscription provisioned on vCenter and Helion Open Stack providers.

The following two modes of communication are used between CSA and Cloud Optimizer to update the health status on CSA:

  • The first mode is through the REST API where CSA calls the REST APIs provided by Cloud Optimizer to retrieve the health of the service subscription. You can refresh the health status of a service subscription by navigating through the Operations side-bar menu in the Cloud Service Management Console.
  • The second mode is through the Cloud Optimizer notification, which notifies the health status change of a VM to CSA. CSA internally determines the service subscription to which the VM belongs to update the health status on the subscription.

Cloud Optimizer supports the following predefined health statuses: CRITICAL, MAJOR, MINOR, WARNING, NORMAL, and UNKNOWN. Cloud Optimizer also supports the power statuses: SUSPENDED and POWERED_OFF. Cloud Optimizer monitors each VM and determines the actual health status. Cloud Optimizer then reports the health status to CSA through either of the two modes mentioned above.

CSA is responsible for computing the overall health status of a service subscription based on each VM’s health status, which is provisioned as part of the subscription. The highest severity health status of any of the VMs belonging to a subscription, is the health status shown for that subscription.

Complete the following tasks to configure the Cloud Optimizer health status for CSA:

Note The commands used to configure the Cloud Optimizer are run on the Cloud Optimizer machine, which only supports Linux.

 

Configure SSL

CSA and Cloud Optimizer communication is through the SSL protocol. You must complete the following prerequisite tasks for the integration to work.

 

Configure REST API-based Communication to Integrate CSA and Cloud Optimizer

Following are the required configuration steps to integrate CSA and Cloud Optimizer. See the Cloud Optimizer Configuration Guide and Cloud Optimizer online help on the Cloud Optimizer server, for more information.

To configure REST API-based communication to integrate CSA and Cloud Optimizer, complete the following steps on the Cloud Optimizer server:

  1. Configure the data source.

    You need to add the data source such as vSphere, and configure the vCenter provider details, which are required to be monitored by Cloud Optimizer.

  2. Configure LDAP.

    Configure the LDAP details and verify that you can log in with the configured admin user account.

  3. Configure the CSA URL as follows:

    1. Configure the CSA URL address , for example: https://10.1.2.1:8444, and add the user name and password. Save the details.
    2. By default the "CSA Component Property" name hostName is mapped to the Name property of the Cloud Optimizer Server Property.
    3. Click Edit and add new properties in the Instance Mapping Rule.

      1. Add a new "CSA Component Property" as ipAddress and select IP Address from the Cloud Optimizer Server Property property list.
      2. Add a new "CSA Component Property" as instanceId and select System ID from the Cloud Optimizer Server Property property list. (This is not required for the vCenter Data source.)
  4. Apply the Cloud Optimizer license. Contact the vendor for the license.

    A valid license determines the total number of VMs a Cloud Optimizer can monitor.

Configure the SSL Certificate

Configure the SSL certificate by exporting the Cloud Optimizer certificate and importing it into CSA's truststore.

 

Export the Cloud Optimizer Certificate

To export the Cloud Optimizer certificate, complete the following steps:

Note Use the /opt/OV/nonOV/jre/b/bin/ path used during installation to import or export the Cloud Optimizer certificate.

  1. Use the SSH protocol to go into the Cloud Optimizer system and run the following command:

    /opt/OV/nonOV/jre/b/bin/keytool -export -alias ovtomcatb -file <local_path>/co-certificate.cer -keystore /var/opt/OV/certificates/tomcat/b/tomcat.keystore

  2. When prompted for the keystore password, enter changeit.

 

Import the Cloud Optimizer Certificate into CSA

To import the Cloud Optimizer certificate into CSA, complete the following steps:

Note Import the certificate in the JRE's truststore path used during the CSA installation. For example, on Linux, the path is /usr/hpe/csa/jre/lb/security/cacerts, and on Windows the path is C:\Program Files\HPE\CSA\openjre\lib\security\cacerts.

  1. Go to the /opt/OV/nonOV/jre/b/bin/ folder.
  2. Copy the exported certificate file, co-certificate.cer, and place it in any folder in which CSA is installed. For example, in /tmp/co-certificate.cer.

  3. Run the following command to import the certificate:

    keytool.exe -importcert -alias ovtomcatb -file /tmp/co-certificate.cer -keystore <JRE PATH used by CSA>/lib/security/cacerts

  4. While importing the certificate into the CSA truststore, you may need to specify a different alias name than the one used in the certificate.

    For example:

    keytool.exe -importcert -alias <new_alias_name> -file /tmp/co-certificate.cer -keystore <JRE PATH used by CSA>/lib/security/cacerts

    You would change the certificate alias for these reasons:

    • If you used your own certificate. In this case, you also need to use your certificate password.
    • If you have configured multiple Cloud Optimizers in CSA, and all or many of the Cloud Optimizer certificates have the same alias. You cannot import multiple Cloud Optimizer certificates with the same alias. Each Cloud Optimizer alias must be unique.

      Run the following commands to configure multiple Cloud Optimizers in CSAso that all have unique aliases:

      /opt/OV/nonOV/jre/b/bin/keytool -changealias -alias ovtomcatb -destalias ovtomcatbtwo -keystore /var/opt/OV/certificates/tomcat/b/tomcat.keystore

      /opt/OV/nonOV/jre/b/bin/keytool -export -alias ovtomcatbtwo -file "/home/co-certificate.cer" -keystore "/var/opt/OV/certificates/tomcat/b/tomcat.keystore"

  5. When prompted for the keystore password, enter the default changeit (unless you applied your own certificate).

  6. Restart the CSA service. See Restart CSA for instructions.

Configure Cloud Optimizer Notification-based Communication

Cloud Optimizer uses Kafka as a message broker service to notify the registered Kafka consumer client. In this case, the consumer is CSA.

Kafka notification service can be run either in secure or non-secure mode. The non-secure mode of communication is the default mode, which works without additional configuration for CSA. However, you do need to do a basic Kafka configuration on the Cloud Optimizer server.

Complete the following tasks to configure Cloud Optimizer notification-based communication:

Basic Cloud Optimizer Kafka Configuration

You need to configure Kafka to expose the ports and enable Cloud Optimizer to produce and consume messages through the CSA (the remote client).

To configure Kafka on Cloud Optimizer, complete the following steps:

  1. Expose port 9092 as follows:

    Note 9092 is the default port. However, you must use the port that the Kafka broker is configured to run.

    1. Run the following command:

      iptables -I INPUT -s 0/0 -p tcp --dport 9092 -j ACCEPT

    2. Or stop the firewall service using the following commands:

      Service iptables stop

      Service ip6tables stop

  2. Change the Kafka server /opt/OV/nonOV/kafka/config/server.properties file as follows:

    1. For non-secure communication, set the listener property as PLAINTEXT

      listeners=PLAINTEXT://<host name of CO machine>:9092

      For example:

      listeners=PLAINTEXT://10.2.11.195:9092

    2. For secure communication, set the listener property to SSL.

      listeners=SSL://<host name of CO machine>:9092

      For example:

      listeners=SSL://10.2.11.195:9092

  3. Configure the SSL parameters in the /opt/OV/nonOV/kafka/config/server.properties file as specified in the Cloud Optimizer’s SSL Configuration Guide.

  4. Restart Kafka services.

    1. Before restarting, set the environment:

      export PATH=$PATH:/opt/OV/nonOV/kafka/bin

      export PATH=$PATH:/opt/OV/nonOV/jre/b/bin

    2. Restart Kafka services as follows:

      1. Go to the /opt/OV/nonOV/kafka/bin folder.

      2. Run the following command:

        ./kafka-server-start.sh ../config/server.properties &

        where the (&) symbol executes the service in the background.

  5. Or Alternatively you can use the following commands to enable/disable Kafka Service

    To enable Kafka :

    # /opt/OV/bin/msgbus.sh -enable
    Example output:
    ====================== Current Messagebus Configuration ========================
    HPEKafka and HPEZookeeper are disabled.
    =============================================================================
    Enabling Msgbus
    Registering HPEKafka and HPEZookeeper
    Starting HPEZookeeper and HPEKafka
    =============================================================================

    To Disable Kafka:

    # /opt/OV/bin/msgbus.sh -disable
    Example output:
    Disabling Msgbus
    Stopping HPEZookeeper and HPEKafka
    Unregistering HPEKafka and HPEZookeeper
    ====================== New Messagebus Configuration ========================
    HPEKafka and HPEZookeeper are disabled.
    =============================================================================

    To check the status:

    # /opt/OV/bin/msgbus.sh -status
    Example output:
    hpekafka    HPE Kafka Service                   CORE,SERVER  (1364)   Running
    hpezookeeper HPE Zookeeper Service               CORE,SERVER  (989)    Running
  6. Export the Cloud Optimizer certificate and import it into CSA’s truststore. See the Configure the SSL Certificate for instructions.

SSL Configuration Changes on Cloud Optimizer

For a secure mode communication, you need to configure the Cloud Optimizer Kafka services to be secure using the Java keystore certificate. These certificates need to be exported from the Cloud Optimizer and imported into CSA.

For SSL configuration on the Cloud Optimizer Kafka service, see the Kafka documentation at http://docs.confluent.io/2.0.0/kafka/ssl.html (since this link is a third-party link and could change, this link may or may not remain active).

SSL Configuration Changes on CSA

Make the following SSL configuration changes on CSA:

  • Enable SSL configuration on CSA

  • Enable SSL-Based Authentication

Enable SSL configuration on CSA

To enable SSL configuration on CSA, complete the following steps:

  1. Export the certificate from the keystore used by the Kafka broker server:

    /opt/OV/nonOV/jre/b/bin/keytool -export -alias <alias_name> -file /home/kafka-broker.cer -keystore <Path of the broker's server key store file>

  2. Import the Kafka broker's certificate into CSA as follows:

    1. Copy the above exported certificate file, kafka-broker.cer, and place it in any folder in which CSA is installed. For example, in /tmp/kafka-broker.cer.

    2. Import the copied certificate file using the following command:

      keytool.exe -importcert -alias <alias_name> -file /tmp/kafka-broker.cer -keystore <JRE_PATH_used_by_CSA>/lib/security/cacerts

  1. Restart the CSA service. See Restart CSA for instructions.

Enable SSL-Based Authentication

If SSL-based authentication is enabled on Cloud Optimizer’s Kafka broker, complete the following steps:

  1. Export the CSA certificate.

    For example:. On the default CSA installation, run the following command:

    Windows:

    keytool -export -alias csa -keystore c:\Program Files\HPE\CSA\jboss-as\standalone\configuration\.keystore -file c:\temp\csa.cer

    Linux:

    keytool -export -alias csa -keystore /usr/hpe/csa/jboss-as/standalone/configuration/.keystore -file /tmp/csa.cer

  2. Import the CSA certificate on to the Cloud Optimizer Kafka server as follows:

    1. Copy the above exported CSA certificate file, csa.cer, into any folder on Cloud Optimizer
    2. Run the following command (only Linux is supported on the Cloud Optimizer Kafka server):

      keytool.exe -importcert -alias <csa> -file /var/temp/csa.cer -keystore <Path to Kafka broker’s server trust store file>

  3. Restart the Kafka service.

    1. Before restarting, set the environment:

      export PATH=$PATH:/opt/OV/nonOV/kafka/bin
      export PATH=$PATH:/opt/OV/nonOV/jre/b/bin
    2. Restart Kafka services as follows:

      1. Go to the /opt/OV/nonOV/kafka/bin folder.

      2. Run the following command:

        ./kafka-server-start.sh ../config/server.properties &

        where the (&) symbol executes the service in the background.

Configuration changes for the CSA properties

If you want to enable the SSL-based communication between CSA and Cloud Optimizer for Kafka notifications, make the following changes:

  1. Search for the text Cloud Optimizer integration properties in the csa.properties file in CSA.
  2. Below the Cloud Optimizer integration properties text, there are notes that explain how to enable SSL between CSA and Cloud Optimizer, such as the following:

    # Configuration to enable SSL communication between Kafka consumer client on CSA and 
    # Kafka server on Cloud Optimizer 
    # Property format - <Cloud Optimizer hostname/IP Address>_ssl.enabled 
    # where the hostname/IP Address should match the value configured as access point 
    # of the CO provider
    # The default value is disabled and when SSL is enabled, the Kafka consumer on CSA
    # uses the truststore file 'csaTruststore' and it requires the kafka server certificate 
    # to be imported into 'csaTruststore' file.

    For example; 10.2.13.17_ssl=enable

Provider Configuration Changes in CSA

The following sections describe how to configure Cloud Optimizerproviders in CSA.

Create a Cloud Optimizer Provider

To create a Cloud Optimizer provider, complete the following steps:

  1. In the Providers menu, select By Type in the left pane.
  2. Select HPE Cloud Optimizer.
  3. In the right pane, select the Providers tab.
  4. Click the gear icon and select Create Resource Provider.
  5. Add the required fields:

    Item Description
    Display Name The name of the Cloud Optimizerprovider.
    Service Access Point

    Specify the Cloud Optimizer access URL for connecting to the provider. Use /PV as the suffix, which is mandatory.

    For example: https://10.2.13.177:8444/PV

    User ID The user ID for the Cloud Optimizer Service Access Point.
    Password The password for the Cloud Optimizer Service Access Point. Re-type the password in the Confirm Password field.
    Enabled

    This value determines whether the provider will be selected when provisioning a new service. The setting is either Enabled (when checked) or Disabled (when not checked). When Disabled, the provider will not be selected when provisioning new services. Disabling a provider will have no effect on existing services that are using that provider.

See the Cloud Service Management Console Help for more information about configuring providers.

Configure the Cloud Optimizer Provider Properties

  • CONSUMER_GROUP_ID:

    If CSA is configured in a high availability cluster mode, then create a property with the name CONSUMER_GROUP_ID and configure it in the Cloud Optimizer provider. Set a value that can be any string.

    For example: CSA_HA_CONFIG

  • BOOTSTRAP_SERVERS:

    If the Cloud Optimizer’s Kafka bootstrap server port is configured with a non-default port such as 9092, then you must create a property with the name BOOTSTRAP_SERVERS and configure it in the Cloud Optimizer provider. Set the value to <server:port>, where the server is the host address and port is the new port on which the Kafka broker server is running.

    If there is a cluster of configured Kafka bootstrap servers, then you can optionally specify a comma-separated list of host addresses <server:port>.

  • Change the properties on the providers:

    On the vCenter provider, create a new property with the name COURL and set the value of the access point of the Cloud Optimizer that is configured to monitor it.

    For example: https://10.2.13.177:8444/PV