Configure global search

Global search allows you to find a certain service offering, service instance, or subscription by a meaningful keyword from the Marketplace Portal. For service offerings, global search finds the keyword in the name, description, option sets, options, and properties. For service instances and subscriptions, global search finds the keyword in the name, description, and instance properties (name and value).

Global search is enabled by default. Global search must be enabled to be available on the Marketplace Portal. See the Cloud Service Automation Configuration Guide for more information about enabling and disabling global search.

Caution Be sure to disable global search in a FIPS 140-2 compliant environment.

To configure global search, do the following:

  1. Edit the CSA_HOME/elasticsearch-1.6.1/config/elasticsearch.yml file:

    1. Uncomment the cluster.name property and set it to a unique name that is shared by all the nodes in the cluster. That is, if you have more than one clustered environment on the same network, each clustered environment should have a unique cluster name. All the nodes in the single clustered environment will share the same cluster name.

      For example, cluster.name: "csa_cluster"

    2. Set the node.name property to a unique name. Each node in the cluster must have a unique node name.

      For example, node.name: "node1"

    3. Uncomment the node.master property and set it to true to make this node a master node. All nodes in the cluster should be a master node.

      For example, node.master: true

    4. Optionally, uncomment and set the node.data property. Refer to the comments in the file for information of how to combine this and the node.master property settings to suit the requirements of the node.

    5. Comment out the node.local: true property. When disabled, global search can find and communicate with other nodes on the network. If this property is left enabled, global search will not discover other nodes and will isolate itself from the network.

    6. Verify that the following properties are set to these values (and if they are not set to these values, set them to these values):

      transport.tcp.port: 9300
      http.port: 9201
      http.enabled: true
      discovery.zen.ping.timeout: 5s

    7. Set the discovery.zen.ping.unicast.hosts property to the IP addresses of the master nodes that perform discovery when new master or data nodes are started. Since all nodes in the cluster are master nodes, set this property to all IP addresses of the nodes in the cluster.

      For example, discovery.zen.ping.unicast.hosts: ["111.222.333.444","111.222.333.445","111.222.333.446"]

    8. Locate the Transport layer SSL section and do the following:

      1. Verify that the following properties are set to these values (and if they are not set to these values, set them to these values):

        searchguard.ssl.transport.node.keystore_type: JKS
        searchguard.ssl.transport.node.keystore_password: changeit
        searchguard.ssl.transport.node.truststore_type: JKS
        searchguard.ssl.transport.node.truststore_password: changeit

      2. Set the searchguard.ssl.transport.node.keystore_filepath property to the location of the CSA keystore. For example,

        Windows:

        searchguard.ssl.transport.node.keystore_filepath: C:\Program Files\HPE\CSA\jboss-as/standalone/configuration.keystore

        Linux:

        searchguard.ssl.transport.node.keystore_filepath: /usr/local/hpe/csa/jboss-as/standalone/configuration.keystore

      3. Set the searchguard.ssl.transport.node.truststore_filepath property to the location of the CSA truststore. For example,

        Windows:

        searchguard.ssl.transport.node.truststore_filepath: C:\Program Files\HPE\CSA/openjre/lib/security/cacerts

        Linux:

        searchguard.ssl.transport.node.truststore_filepath: /usr/local/hpe/csa/openjre/lib/security/cacerts

    9. Locate the REST layer SSL section and do the following:

      1. Verify that the following properties are set to these values (and if they are not set to these values, set them to these values):

        searchguard.ssl.transport.http.keystore_type: JKS
        searchguard.ssl.transport.http.keystore_password: changeit
        searchguard.ssl.transport.http.truststore_type: JKS
        searchguard.ssl.transport.http.truststore_password: changeit

      2. Set the searchguard.ssl.transport.http.keystore_filepath: property to the location of CSA's keystore. For example,

        Windows:

        searchguard.ssl.transport.http.keystore_filepath: C:\Program Files\HPE\CSA/jboss-as/standalone/configuration/.keystore

        Linux:

        searchguard.ssl.transport.http.keystore_filepath: /usr/local/hpe/csa/jboss-as/standalone/configuration/.keystore

      3. Set the searchguard.ssl.transport.http.truststore_filepath property to the location of the CSA truststore. For example,

        Windows:

        searchguard.ssl.transport.http.truststore_filepath: C:\Program Files\HPE\CSA/openjre/lib/security/cacerts

        Linux:

        searchguard.ssl.transport.http.truststore_filepath: /usr/local/hpe/csa/openjre/lib/security/cacerts

    10. Save and exit the file.
  2. In the csa.properties file, set the value of the csa.provider.msvc.hostname property with the local node FQDN.
  3. In the CSA_HOME/csa-search-service/app.json file, set the values of the following properties:

    ccue-basic-server.host with the local node FQDN

    msvc-basic-search.searchidmURL should point to the load balancer FQDN and load balancer port 8443.

  4. If the cluster setup is using default CSA (self-signed) certificates, complete the following step. (This step is not required if the cluster runs valid certificates signed by a common CA).

    In the csa-search-service\app.json file, find the following keys and change the values to false:

    msvc-basic-search.strictSSL

    rejectUnauthorized

  5. Verify that the following High Availability configurations in the CSA_HOME/csa-search-service/app.json file, are maintained after the installation of CSA:

    1. msvc-basic-search.idmURL:[APACHE_LOAD_BALANCER_HOSTNAME]:[APACHE_LOAD_BALANCER_CSA_HTTPS_PORT]/idm-service should point to the Apache load balancer or the load balancer.

      For example:

      For Load balancer:

      idmURL: https://http-loadbalancer.csapcoe.hp.com:8443/idm-service

      For Apache load balancer:

      idmURL: https://http-apache.csapcoe.hp.com:8443/idm-service

      where port 8443 is the Apache load balancer or the load balancer port which was configured manually during installation.

    2. cert.ca should point to the Apache load balancer or the load balancer certificate:

      For example:

      For Load balancer:

      "ca": "C:/Program Files/HPE/CSA/jboss-as/standalone/configuration/loadbalancer_csa.crt".

      For Apache load balancer:

      "ca": "C:/Program Files/HPE/CSA/jboss-as/standalone/configuration/apache_csa.crt".

      The name of the crt file cannot remain as jboss.crt which is set as the default.

  6. Create the security key on one node and copy it to the other nodes in the cluster. The security key is used to authenticate the communication between the nodes in the cluster when sharing the shards and replicas of the inventory index. The security key must be the same on all nodes in the cluster.

    1. On a CSA_Node (for example, csa_node1), complete the following steps:

      Windows:

      Stop then start the Elasticsearch 1.6.1 service:

      1. Navigate to the Services screen (Control Panel > Administrative Tools > Services).
      2. Right-click on the Elasticsearch 1.6.1 service and select Restart.

      Linux:

      Stop, then start CSA. Open a command prompt and type:

      service csa restart

    2. After the service has restarted on csa_node1, copy the CSA_HOME/elasticsearch-1.6.1/searchguard_node_key.key file from csa_node1 to all other nodes in the cluster. Copy the file to the same directory (CSA_HOME/elasticsearch-1.6.1/) and use the same file name on the other nodes.

    3. On all nodes in the cluster except csa_node1, complete the following steps:

      Windows:

      Restart the the Elasticsearch 1.6.1 service:

      1. On all nodes in the cluster except csa_node1, navigate to the Services screen (Control Panel > Administrative Tools > Services).
      2. Right-click on the Elasticsearch 1.6.1 service and select Restart.

      Linux:

      Restart CSA on all nodes in the cluster except csa_node1. Open a command prompt and type:

      service csa restart

  7. Complete the following steps:

    Windows:

    Stop the HPE Search Service and CSA services and then start them:

    1. Navigate to the Services screen (Control Panel > Administrative Tools > Services).
    2. Right-click on the HPE Search Service service and select Stop.
    3. Right-click on the HPE Cloud Service Automation service and select Stop.
    4. Right-click on the HPE Search Service service and select Start.
    5. Right-click on the HPE Cloud Service Automation service and select Start.

    Linux:

    Restart CSA. Open a command prompt and type:

    service csa restart

  8. If you changed the cluster.name, you must create new indexes. Do the following:

    Note On Windows, the Elasticsearch 1.6.1 service or on Linux, CSA must be running.

    1. Open a command prompt and navigate to CSA_HOME/csa-search-service/bin/.

    2. Run the following command:

      Windows:

      "CSA_HOME\node.js\node.exe" create-index.js

      Linux:

      CSA_HOME/node.js/bin/node create-index.js

      If displayed, ignore the following errors:

      ERROR: Error connecting to Elasticsearch server. Cannot create index catalog. Error: DEPTH_ZERO_SELF_SIGNED_CERT
      ERROR: Error connecting to Elasticsearch server. Cannot create index inventory. Error: DEPTH_ZERO_SELF_SIGNED_CERT

      It may take a few minutes for the first CSA artifact to be indexed.