Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Configure CSA
- Getting Started
- Operations Orchestration
- Cloud Service Management Console
- Marketplace Portal
- User Administration
- Configure PasswordUtil tool
- Configure DB Purge tool
- Configure LDAP tool
- Single Sign-On
- Database Administration
- Cloud Service Management Console Properties
- Marketplace Portal Attributes
- Identity Management Configuration
- Hubot Notifications Integration with CSA
Appendix: Cloud Service Management Console Properties
This section lists and describes the properties that can be configured for the Cloud Service Management Console, which are located in the following file:
PERSISTENT_VOLUME_PATH/jboss-as/standalone/deployments/csa.war/offerings/config.json
where
CSA_HOME
is the directory in which CSA is installed.
See Add or edit CSA properties for instructions on configuring properties.
The following areas contain properties that can be configured (for many properties, default values are provided):
- Authentication
- Action Selection Wizard
- Security banner
- Email notifications
- Marketplace Portal URL
- Dashboard
- Security
- CSA keystore
- Service request processor scheduler
- Auditing
- Process execution manager
- Lifecycle engine
- Approval engine scheduler
- LDAP cache scheduler
- Clustering
- Dynamic property
- Group Approval
- Marketplace Portal
- Common Access Card
- Single Sign-On
- Process executor delegate
- Miscellaneous
- Operations Orchestration
- CSA 3.x API authentication
- Topology designer
- Elasticsearch
- Microservices
- Secure connections
- LDAP access point
- Service design, service offering, and catalog content archive verification
- HPE ITOC Integration
- Session timeout
- REST
For information about Codar properties, see the Codar documentation.
After modifying the hcm-csa.yaml
file,
restart theCSApod.
See Restart or redeploy individual deployments for instructions.
These properties are used for authentication.
These properties are configured in hcm-csa.yaml
. See Add or edit CSA properties for details.
Property | Description |
---|---|
csa.provider.hostname |
Required. The fully-qualified domain name
of the system on which
CSA is running.
If you change this hostname, you must update the value of the
|
csa.provider.port |
Required. The port used to connect to the system on which
CSA is running.
If you change this port, you must update the value of the
|
csa.provider.rest.protocol |
Required. The protocol used by the REST API to connect to the system on which CSA is running. This attribute must be set to https. If you change this protocol, you must update the value of the
|
csa.orgName.identifier |
Required. The provider organization identifier assigned to the organization who is providing this instance of the Cloud Service Management Console. This attribute must be set to CSA-Provider. |
These properties are used for the Action Selection Wizard.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.cache.default.timeout.seconds |
The Default: 300 seconds |
csa.oo.content.root.lifecycle.action |
Comma-separated root folder names from Operations Orchestration for the Action Selection Wizard when used in the Lifecycle Action and User Operations areas. Default: |
csa.oo.content.root.external.approval |
Comma-separated root folder names from Operations Orchestration for the Action Selection Wizard when used in the Approvals area. Default: |
csa.oo.content.root.resource.pool.sync |
Comma-separated root folder names from Operations Orchestration for the Action Selection Wizard when used in the Resource Pool area. Default: |
Security banner attributes
The attributes in the following table are used by the Cloud Service Management Console to enable or disable the display of a disclaimer upon logging in to the Cloud Service Management Console and a color-coded banner that appears at the top and bottom of the Cloud Service Management Console.
These properties are configured in csa.properties
.
Attribute | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
csa.provider.agency |
By default, this attribute is commented out. When this attribute is commented out or does not contain a valid value, the login disclaimer and color-coded banners are not displayed for the Cloud Service Management Console. If you want to enable the login disclaimer and color-coded banners, uncomment this attribute and set the value to GOVERNMENT. If set to any other value, the login disclaimer and color-coded banners are not displayed. To edit the disclaimer page, edit the
To edit the disclaimer content, edit the
|
||||||||
csa.provider.contentType |
By default, this attribute is commented out. This attribute defines the color and content that displays in the security banner. The security banners appear at the top and bottom of the Cloud Service Management Console. The following values are shipped with CSA:
To edit the banner content, edit the
|
These properties are used to define email notifications.
This property is configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.notification.type |
Defines the type of email notification: html/text.
Default: |
csa.notification.cacheTemplates |
The notification templates will be cached so that I/O performance is improved while sending notifications. If any notification template used by CSA is changed, then the changes will not be seen in later notifications unless the CSA service is restarted. The value of Default: true |
This property is used to define the URL of the Marketplace Portal for an organization and is displayed in the Cloud Service Management Console.
This property is configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.subscriber.portal.url |
The URL used to access the Marketplace Portal of an organization and is displayed in the Organization URL field in the General Information section of an organization's page in the Cloud Service Management Console. You can use specific values or one or more of the following variables:
The port configured for the Marketplace Portal
in this property should match the If a variable's value is incorrect, you can enter a specific value in place of the variable. For example, Default: |
This property is used to control whether the Dashboard Mashup Widgets can be edited.
This property is configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.ui.organizations.dashboardwidgets.enableEditingMashup |
This property is disabled by default in a fresh install, which prevents the administrator from modifying organization widgets. This property controls whether the administrator only sees the widgets, or has the ability to edit the widgets.
Default: |
These properties are used to configure security settings for the Cloud Service Management Console.
Most of these properties are configured in hcm-csa.yaml
, and also in offerings/config.json
for enableSecurityWarning
.
Property | Description |
---|---|
securityAdminPassword |
Required. The encrypted password used by the CSA built-in The password should be encrypted
(see Encrypt a password
for instructions).
An encrypted password is preceded by If you change this password, you must also update the password of any REST API calls that use this password. For more information about the REST APIs, refer to the Cloud Service Automation API Quick Start Guide and Cloud Service Automation API Guide. |
securityCsaReporting UserPassword |
Required. The encrypted password used by the CSA built-in The password should be encrypted
(see Encrypt a password
for instructions).
An encrypted password is preceded by If you change this password, you must also update the password of any REST API calls that use this password. For more information about the REST APIs, see the Cloud Service Automation API Guide. |
securityTransport UserName |
Required. The CSA built-in user used to authenticate REST API calls between the Marketplace Portal and Cloud Service Management Console (it should not be used to log in to the Cloud Service Management Console). If you change this username, you must update the value of the
For more information about the integration user account, see Change CSA Built-In User Accounts. For more information about the REST APIs, see the Cloud Service Automation API Guide. |
securityTransportPassword |
Required. The encrypted password used by the CSA built-in The password should be encrypted
(see Encrypt a password
for instructions).
An encrypted password is preceded by If you change this password, you must update the value of the
For more information about the integration user account, see Change CSA Built-In User Accounts. For more information about the REST APIs, see the Cloud Service Automation API Guide. |
securityOoInbound UserPassword |
Required. The encrypted password used by the CSA built-in The password should be encrypted
(see Encrypt a password
for instructions).
An encrypted password is preceded by If you change this password, you must also update and use the same password for the |
securityCdaInbound UserPassword |
Required. The encrypted password used by the CSA built-in The password should be encrypted
(see Encrypt a password
for instructions).
An encrypted password is preceded by If you change this password, you must also update and use the same password in Continuous Delivery Automation. For more information about this user account, see Change CSA Built-In User Accounts. |
securityIdmTransport UserPassword |
Required. The encrypted password used by the CSA built-in The password should be encrypted
(see Encrypt a password
for instructions).
An encrypted password is preceded by If you change this password, you must also update the following passwords (you must use the same password):
For more information about this user account, see Change CSA Built-In User Accounts. |
securityCatalog AggregationTransport UserPassword |
Required. The encrypted password used by the CSA built-in The password should be encrypted If you change this password, you must also update the password using the catalog aggregation registration REST APIs. For more information about this user account, see Change CSA Built-In User Accounts. |
securityEncrypted SigningKey |
CSA's encrypted signing key used to encrypt and decrypt authentication data passed between CSA and the Identity Management component. If you change this key, you must also update the
The key should be encrypted
. The encrypted key is preceded by |
com.hp.csa.service.ssl. certificate.validation |
Required. Determines if certificate validation, hostname verification, and certificate authentication are performed by CSA when making a secure connection (only using HTTPS) with an application or a component of CSA. Examples of an application include Operations Orchestration or a resource provider. Examples of a component of CSA include the Marketplace Portal and the Identity Management component. Other non-HTTP connections that have been configured to be secure are not affected by this property. For example, secure connections to the database, LDAP server, or SMTP server are not affected. Note If CSA is running in a FIPS-compliant environment, this property is not used. In a FIPS-compliant environment, certificate validation, hostname verification, and certificate authentication will always be performed when making a secure connection with CSA. By default, this property is set to false. That is, when CSA establishes a secure connection with another application or component, the connection will only be encrypted. No validation, verification, or authentication is performed. This mode should only be used during post-installation configuration or when troubleshooting problems with certificates. This mode should NOT be used in a production environment. When set to true, when CSA establishes a secure connection with another application or component, the following occurs:
Default: false |
com.hp.ccue.consumption disallowedExtensions |
A comma-delimited list of the file extensions that designate the types of documents or files that cannot be uploaded to the Cloud Service Management Console. Default: exe,bat,com,cmd |
csa.additionalSupported ExtensionsForImport |
A comma-delimited list of the file extensions that designate the types of documents or files that can be uploaded to the Cloud Service Management Console. The file extensions listed can be the sole extension of the file or the start of the file extension followed by one or more characters. For example, listing Files can be uploaded using the Cloud Service Management Console, the content archive tool, or the import API. Refer to the Cloud Service Management Console Help, Cloud Service Automation API Guide, or Cloud Service Automation Content Archive Tool for more information about using these features. The following extensions are automatically supported (and do not need to be defined by this property): jpg, jpeg, jpe, jfif, svg, tif, tiff, ras, cmx, ico, pnm, pbm, pgm, ppm, rgb, xbm, xpm, xwd, png, gif, bmp, cod, ief, json, xml, jsp, jspf. Default: (no default defined) Example: txt,log |
csa.maxFileUploadSize |
The maximum size of a file, in megabytes (MB), that can be uploaded to the CSA system using the Cloud Service Management Console. If this property is not listed or is not set in the Default: 50 (MB) |
csa.war.images.directory.byteLimit |
A total size limit for all images or icons that are uploaded into Unit: bytes. Default: 500000000 bytes (500 MB) |
csa.war.images.directory.smallFileByteOverhead |
Used when computing space occupied by existing Unit: bytes. Default: 4096 bytes |
enableSecurityWarning |
Enables/disables the security warning messages for files that are uploaded or downloaded in the Cloud Service Management Console. Value is true or false. enableSecurityWarning is in the Default: true |
These properties are used to configure information about Cloud Service Automation's keystore.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
csaTruststore |
Required. The CSA keystore that stores trusted Certificate Authority certificates. Default: No default specified Example Linux: |
csaTruststorePassword |
Required. The encrypted password of the
CSA keystore
(see Encrypt a password
for instructions on encrypting passwords).
An encrypted password is preceded by Default: ENC(<encrypted_value>) |
Service request processor scheduler
These properties are used to configure the service request processor scheduler. The service request processor scheduler validates a consumer's requests, initiates the approval process, if configured, and maintains a request's status.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
serviceRequestProcessorScheduler.maxInstancesToProcess |
Optional. The maximum number of service requests the service request processor can process when it checks the start and end dates of submitted subscriptions. Default: 100 |
serviceRequestProcessorScheduler.period |
Optional. How often, in milliseconds, the service request processor checks the start and end dates of submitted subscriptions. Default: 5000 (5 seconds) |
These properties are used to configure auditing.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
csaAuditEnabled |
Optional. Enable or disable auditing, which tracks user activities and
system-generated events. Messages are logged to
the Default: true (enabled) |
jboss.shutdown. log.location |
Required. This property is set during installation and must not be changed. The location of the JBoss log file that records when the CSA service was stopped. Used for auditing purposes. Default: |
csa.origin.ip.header |
Optional. Defines a custom HTTP header used to capture the originating IP address of a REST API call. If this property is disabled (commented out) or not set to a value, the standard HTTP header X-Forwarded-For is used to capture the originating IP address. If the originating IP address is not captured by either this custom or the standard header, CSA fetches the originating IP address from the incoming request. The originating IP address is used for auditing. CSA sets the following precedence when capturing the originating IP address of a REST API call:
If this property is set to a custom HTTP header, CSA checks if this custom HTTP header is defined (set to the originating IP address) in the REST API call. If this property is not set or if the custom header is not defined, CSA checks if the X-Forwarded-For header is defined in the REST API call. If the X-Forwarded-For header is not defined, CSA fetches the originating IP address from the incoming request. CSA does not validate the captured value (if the value is an IP address and if it is a valid IP address). The following is a list of CSA REST API types and which ones do and do not capture the originating IP address:
The originating IP address is stored in the ORIGIN_IP field of the RPT_AUDIT_EVENT_V view and the ORIGIN_IP column of the CSA_AUDIT_EVENT table. If the originating IP address is not captured, the field or column is empty. Default: (disabled) |
These properties are used to configure the process execution manager. The process execution manager starts internal actions and Operations Orchestration flow actions, checks the status of process instances, and performs callback once the actions are completed.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
com.hp.csa.ProcessExecutor.THREAD_WAKEUP_TIME |
Optional. How often, in milliseconds, the process execution manager starts new process instances (which start Operations Orchestration flows) and checks the status of process instances. Default: 5000 (5 seconds) |
com.hp.csa.ProcessExecutor.THREAD_POOL_CORE_SIZE |
Optional. The maximum number of threads used to run process instances. Default: 2 |
com.hp.csa.PEM.PARAM_PROCESS_INSTANCE_ID |
Optional. The token that stores the process instance ID and is used when CSA starts an Operations Orchestration flow. Default: |
com.hp.csa.PEM.PARAM_CONTEXT_ID |
Optional. The token that stores the artifact ID of the artifact that owns the action that executes the Operations Orchestration flow. Default: |
These properties are used to configure the lifecycle engine. The lifecycle engine processes service instances and executes lifecycle actions.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
com.hp.csa.LifecycleExecutor.THREAD_WAKEUP_TIME |
Optional. How often, in milliseconds, the lifecycle engine checks for service components that it needs to transition. Default: 5000 (5 seconds) |
com.hp.csa.LifecycleExecutor.THREAD_POOL_SIZE |
Optional. The maximum number of threads used to transition service components. Default: 2 |
These properties are used to configure the approval engine scheduler. The approval engine scheduler checks each approver's response to a pending approval process to see if the process can be marked as completed and updates the decision and status of an approval process, as needed.
This property is configured in hcm-csa.yaml
.
Property | Description |
---|---|
com.hp.csa.ApprovalDecisionMaker.THREAD_POOL_SIZE |
Optional. The maximum number of threads used to process approvals. Default: 4 |
com.hp.csa.ApprovalDecisionMaker.THREAD_WAKEUP_TIME |
Optional. How often, in milliseconds, the approval engine scheduler checks for completion of an approval process to determine if an approval process should be approved or denied. Default: 5000 (5 seconds) |
These properties are used to configure the LDAP cache scheduler. The LDAP cache scheduler checks the age of the user group cache and deletes it if it has expired.
For users who can log in to the Cloud Service Management Console or Marketplace Portal, certain actions require authorization (verification if the user belongs to a group). When authorization is requested for a user, CSA checks for group membership by using the cache. If the cache does not exist, LDAP is queried for the user's user groups which are temporarily cached to the database. After a configured expiration time, the cache is deleted. During a single session, the cache may be deleted and refreshed as needed.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
com.hp.csa.UserGroupExecutor.THREAD_WAKEUP_TIME |
Optional. How often, in minutes, the LDAP cache scheduler checks
for user group caches that have expired. This number should be less than the
value configured for Default: 20 |
com.hp.csa.UserGroupExecutor.CACHE_EXPIRATION_TIME |
Optional. How long, in minutes, LDAP user groups for a user are temporarily cached in the
database before they are deleted. This time should be greater than
the value configured for Default: 30 |
com.hp.csa.UserGroupExecutor. UserGroupDeletionBatchSize |
Optional. The maximum number of user IDs that are deleted in a single batch from the cache. This number cannot be larger than 1,000. Default: 250 |
This property is used to configure clustering.
This property is configured in hcm-csa.yaml
.
Property | Description |
---|---|
deploymentMode |
Required. The mode in which CSA is running
(single or clustered).
When set to Default: single |
com.hp.csa.LockMonitorService.LOCK_TIMEOUT |
Default timeout in milliseconds for the background thread that checks if processes have stale locks. Individual entities may have their own timeout. |
com.hp.csa.LockMonitorService.NODE_TIMEOUT |
Default timeout in milliseconds for entities that have been locked by a cluster node that is no longer responsive (such as. the locking node has shut down or cannot connect to the cluster). |
These configuration properties are used to limit the amount of time to retrieve data and the amount of data retrieved when using a dynamic property. A dynamic property is a Dynamic Query value entry method for a subscriber option property that defines what information is retrieved. A dynamic property allows the Service Designer to list a dynamic set of values that change based on the user context (for example, the organization to which the user belongs).
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
DynamicPropertyFetch.READ_TIMEOUT |
Optional. How long, in milliseconds, CSA attempts to fetch or retrieve data for dynamic properties. Default: 30000 (30 seconds) |
DynamicPropertyFetch.RESPONSE_SIZE |
Optional. The maximum amount of data, in bytes, that can be retrieved for dynamic properties. Default: 50000 |
This configuration property is used when configuring a group approval template.
This property is configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.group.numberOfApprovers |
Optional. The maximum number of members in an LDAP group used for approvals. For reasonable performance, do not specify more than ten (10) members. Default: 10 |
These properties are the default values displayed in the Cloud Service Management Console that are used to configure the Marketplace Portal for an organization. The values configured in the Cloud Service Management Console take precedence over the values set in this properties file. See Marketplace Portal Attributes for descriptions of the attributes that can be configured for the Marketplace Portal.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.consumer. featuredCategory |
Optional. The default value of the Featured Category field displayed in the Cloud Service Management Console of a selected organization. This value may be overwritten in the Cloud Service Management Console. The value configured in the Cloud Service Management Console takes precedence over this value. This is the category that is used when displaying service offerings in the Marketplace Portal. The value entered for this attribute is the name of a category configured in the Cloud Service Management Console but is in all capitalized letters and replaces any spaces with an underscore (_). For example, if you configure a category named e-mail Servers and want to feature this category, you would set this attribute to E-MAIL_SERVERS.
For more information about the featured services, refer to the Marketplace Portal Help. Default: APPLICATION_SERVERS |
csa.consumer. endDatePeriod |
Optional. The default value of the Subscription End Date field displayed in the Cloud Service Management Console of a selected organization. This value may be overwritten in the Cloud Service Management Console by a lower value. The value configured in the Cloud Service Management Console takes precedence over this value. This is the maximum length of a subscription, in months, if a requested end date is specified. When a subscriber selects a requested start date and requests an end date, the length of the subscription cannot be longer than the value of this property. The maximum allowed value is 12 months. For example, if the subscriber selects a requested start date of June 15, 2015, based on the default value of this property, the requested end date cannot be later than June 14, 2016. If no end date is selected, this value is ignored. Default: 12 (months) |
csa.consumer. legalNoticeUrl |
Optional. The default value of the Privacy Statement Link field displayed in the Cloud Service Management Console of a selected organization. This value may be overwritten in the Cloud Service Management Console. The value configured in the Cloud Service Management Console takes precedence over this value. This is a link to an organization's privacy statement and, when enabled in the Cloud Service Management Console, appears on the login page below the copyright statement. Default: The online privacy statement. |
csa.consumer. termsOfUseUrl |
Optional. The default value of the Terms and Conditions Link field displayed in the Cloud Service Management Console of a selected organization. This value may be overwritten in the Cloud Service Management Console. The value configured in the Cloud Service Management Console takes precedence over this value. This is a link to an organization's terms and conditions statement and, when enabled in the Cloud Service Management Console, appears when a subscriber is ordering a service. Default: The terms of use statement. |
These properties are used to enable integration between Common Access Card (CAC) and
CSA and to extract a user name from the subjectDN X.509
attribute.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
enableCAC |
Optional. Enable integration between CAC and
CSA,
where the CAC is used as an approval mechanism. To enable, this property must
be uncommented and set to Default: |
csa.cac.regex |
The regular expression used to extract a user name from the Note To retrieve the data between the parentheses from the |
idm.cac.regex |
The regular expression used to extract a user name from the Note To retrieve the data between the parentheses from the |
These properties are used to configure the process executor delegate. The process executor delegate handles processing of the process instances. It discovers the ready instances, submits them to different thread pools for processing based on process definition and model type (sequenced or topology).
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
com.hp.csa.service.process. ProcessExecutorDelegate. INTERNAL_POOL_SIZE |
Optional. The maximum number of threads used for processing internal executors (for example, clone patterns). Default: 2 |
com.hp.csa.service.process. ProcessExecutorDelegate. EXTERNAL_POOL_SIZE |
Optional. The maximum number of threads used for processing external executors (for example, Operations Orchestration). Default: 2 |
com.hp.csa.service.process. ProcessExecutorDelegate. CALLBACK_POOL_SIZE |
Optional. The maximum number of threads used by the callback pool. Default: 2 |
com.hp.csa.service.process. ProcessExecutorDelegate. MONITOR_POOL_SIZE |
Optional. The maximum number of threads used by the monitor pool. Default: 2 |
The following are miscellaneous properties that do not fall under any specific category.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
com.hp.csa.aosMonitor. THREAD_WAKEUP_TIME |
Optional. How often, in milliseconds, the background thread monitors plug-in processes. Default: 20000 |
com.hp.csa.TimeoutChecker. THREAD_WAKEUP_TIME |
Optional. How often, in milliseconds, the background thread monitors for processes that have timed out. Default: 300000 |
com.hp.csa.ExportSvcOffering.THREAD_WAKEUP_TIME |
Defines the background service wakeup time to export non-posted offerings, subscriptions and instances into elasticsearch. When the CSA service starts, the background service wakes up. If there are no records to be exported to elasticsearch then the background services dies immediately. Otherwise the background service exports records into elasticsearch in the batches of the property defined in com.hp.csa.ExportSvcOffering.FETCH_SIZE. The background service continues to run until it processes all the non-posted records available in the CSA database. If the background service is not running, it wakes-up again according to the time defined in this property. The value of this property should be in milliseconds. |
com.hp.csa.ExportSvcOffering.FETCH_SIZE |
Defines the number of records to be processed at a time. The SQL used to fetch the records from the CSA database, uses this property value to limit the number of records that can be fetched from the database and then exported to elasticsearch. |
com.hp.csa.plugin.cloudos.util.TokenCache.TIMEOUT |
Identity Management component token cache timeout, in milliseconds. Every REST call to CSA (such as for provisioning) is authenticated by Identity Management. CSA uses trustId to get the authentication token from Identity Management. Because these REST calls can be more frequent, this property allows you to define the cache timeout to prevent enormous sizes during the REST call’s authentication lifecycle. Default value: 300000 (5 minutes) Value 0 disables cache |
com.hp.csa.import.BUILD_ARTIFACT_RELATIONSHIP |
Disables the artifact relationship section of the import/preview results. |
loggerEnabled |
Enables the logging filter for the legacy REST APIs, so that the requesting user and artifact information is logged. |
csa.productPerspective |
Determines which version of CSA has been installed: Enterprise or Codar. |
jdbc.dialect |
Holds explicitly set Hibernate dialect for a given database. Recommended values for the databases are:
|
These properties are used to integrate with Operations Orchestration.
These properties are configured in hcm-csa.yaml
.
The following properties configure the interaction between the Cloud Service Management Console and Operations Orchestration. In the subscription event overview section of the (Undefined variable: CSAVariables.tabOperations) area in the Cloud Service Management Console, selecting the Process ID opens Operations Orchestration to the detailed page of the selected process when these properties are configured.
Property | Description |
---|---|
OOS_URL |
The URL used to access Operations Orchestration Central. This is the Operations Orchestration used for provisioning topology designs. For example, This property is automatically set during installation. If you are using the embedded Operations Orchestration that is included with CSA, this property is set using the values entered for the Fully qualified domain name on Windows or the Fully Qualified Hostname on Linux and HPE OO Port fields during installation. If you are using a standalone/external Operations Orchestration, this property is set using the values entered for the HPE OO Hostname and HPE OO Port fields during installation. |
OOS_USERNAME |
The username used to log in to Operations Orchestration Central. This property is automatically set during installation using the value entered for the HPE OO User Name field during installation. |
OOS_PASSWORD |
The encrypted password used by the user defined in This property is automatically set during installation using the value entered for the HPE OO Password field during installation. |
embedded.oo.root.dir |
Location of the embedded Operations Orchestration when it is installed with CSA. This property is generated when embedded Operations Orchestration is installed during the CSA installation. This property is the only indicator of embedded Operations Orchestration, which is important mainly for uninstallation and upgrades. This property cannot be edited. |
The following properties configure background services to monitor Operations Orchestration.
Property | Description |
---|---|
com.hp.csa.oo.OOClient.SOCKET_TIMEOUT |
Optional. How long, in milliseconds, CSA keeps a socket open for SOAP-based communication with Operations Orchestration. Default: 60000 |
com.hp.csa.OosMonitor.THREAD_WAKEUP_TIME |
Optional. How often, in milliseconds, the background thread monitors Operations Orchestration processes. Default: 60000 |
com.hp.csa.service.process.OosMonitorDelegate.MONITOR_POOL_SIZE |
Optional. The maximum number of threads used by the monitor pool. Default: 2 |
OOS_MASTER_OOFLOW_CONTENT_LOCATION |
The location in Operations Orchestration where CSA generates topology design-based master Operations Orchestration flows and related subflows. The folder structure must use forward slashes. Default: Library/CSA/Topology_Generated_Flows |
These properties are used to configure authentication for the CSA 3.x API.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
xAuthToken |
Optional. An optional token in the Authorization header used for HTTP basic authentication by the CSA 3.x API. If the token is sent, it is used to authenticate the userIdentifier parameter in the REST API. For more information about the CSA API,see the Cloud Service Automation API Quick Start Guide. Default: X-Auth-Token |
integrationAccountUserList |
Required. A comma-delimited list of users who are authorized to exercise the CSA 3.x API. The username in the Authorization header used for HTTP basic authentication must match one of the users in this list. By default, the following CSA built-in users are configured: admin, csaCatalogAggregationTransportUser, csaReportingUser, csaTransportUser, ooInboundUser, and cdaInboundUser. You can also add LDAP users (identified by the User ID) to this list. For example, if you use email addresses for the User ID, you could add For more information about the CSA API, see the Cloud Service Automation API Quick Start Guide. Default: admin,csaReportingUser,ooInboundUser, |
These properties are used to configure the features of topology designs.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
TopologyDesignProvisioning. TIMEOUT |
Optional. The amount of time, in seconds, CSA attempts to provision or de-provision a topology design that is not based on an Helion OpenStack® provider (topology design provisioning and de-provisioning is orchestrated by interacting with resource providers corresponding to the components used in the design). If the time is exceeded, in the Operations area of the Cloud Service Management Console, the subscription (to a service offering that is created from a topology design that is not based on an Helion OpenStack® provider) will show a Subscription Status of It is recommended that this value be set to the same value as the Operations Orchestration flow timeout value. Default: 7200 (2 hours) |
OrchestratedTopologyDesignProvisioning. ProviderSelection.Enabled |
Optional. Enable or disable resource environment and provider selection by the subscriber in the Marketplace Portal for service offerings based on topology designs that are not based on an Helion OpenStack® provider. For more information, refer to the Cloud Service Management Console Help. Default: true (enabled) |
These properties are used to integrate global search with CSA.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.provider.es.exists |
Required. Enable or disable the global search feature on this CSA node. If enabled, additional microservice properties may be configured. To enable the global search feature, set this property to yes. Default: yes (enabled) |
csa.provider.es.authUser |
Required if If the CSA built-in Default: consumer |
csa.provider.es.authPassword |
Required if The password should be encrypted
(see Encrypt a password
for instructions).
An encrypted password is preceded by Default: <encrypted password of the consumer user> |
csa.provider.es.authOrganization |
Required if The organization is used only for authentication purposes. The Elasticsearch service will index the service offerings, service instances, or subscriptions for all organizations. However, global search results for a Marketplace Portal user will be limited to the service offerings, service instances, or subscriptions of the organization to which the user belongs and to which the user has access. If the CSA built-in Default: |
csa.provider.es.idmURL |
Required if Default: |
These properties are used to configure the HPE Search Service, which creates the indices for Elasticsearch. The Elasticsearch property, csa.provider.es.exists
, must be enabled for these properties to take effect.
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.provider.msvc.hostname |
Required if Default: localhost |
csa.provider.msvc.port |
Required if Default: 9000 |
csa.provider.msvc.rest.protocol |
Required if Default: https |
This property is used to enable or disable access to the LDAP access point configuration in the Cloud Service Management Console.
This property is configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.ldapReadOnly |
Required. Enable or disable access to the LDAP access point configuration in the Cloud Service Management Console. By default, the property is set to false and the CSA administrator can configure the LDAP access point of any organization from the Cloud Service Management Console (the LDAP access point is typically configured when an organization is created in the Cloud Service Management Console). LDAP configuration includes fields for the LDAP Server Information, LDAP Attributes, and User Login Information in the Cloud Service Management Console. The LDAP access point is used by CSA for authentication and authorization. For security reasons, you may not want to allow the CSA administrator to configure the LDAP access point from the Cloud Service Management Console. You can disable access to the LDAP access point fields for all organizations from the Cloud Service Management Console by setting this property to true (disabling access makes the LDAP configuration fields read-only in the Cloud Service Management Console). By disabling this access, only the system administrator or other privileged users on the CSA system can update the LDAP access point using the LDAP Configuration Tool. Refer to the LDAP Configuration Tool guide for more information about the LDAP Configuration Tool. To enable access to the LDAP access point configuration in the Cloud Service Management Console, set this property to false. To disable access to the LDAP access point configuration in the Cloud Service Management Console, set this property to true. Default: false |
Service Design, Service Offering, and Catalog Content archive verification
This property is used to enable or disable service design, service offering, and catalog content archive verification.
This property is configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.security.enable |
Required. Enable or disable service design, service offering, and catalog content archive verification. By default, the property is set to false (verification is disabled), allowing the Cloud Service Management Console or Content Archive Tool to import a service design, service offering, or catalog content archive directly without verification. When the property is set to true (verification is enabled), CSA verifies the digital signature of the content archive, validates the date of the certificate used to sign the content archive, and verifies that the content in the content archive has not been modified after it was signed. If the content archive fails one of these validation or verification checks, the content archive will not be imported into CSA. When enabled, all imported service design, service offering, or catalog content archives must be signed. Refer to Signing the Content Archive for the steps required to sign a content archive. Note Verifying service designs and catalogs before they are imported is done using the Cloud Service Management Console or the Content Archive Tool. Verifying service offerings before they are imported is done using the Content Archive Tool. Caution Verification cannot be enabled for importing a service design, service offering, or catalog content archive using the REST APIs. A service design, service offering, or catalog content archive imported using the REST APIs will always be imported directly. Verification can only be enabled for the Cloud Service Management Console or the Content Archive Tool. Default: false |
These properties are used to enable integration between CSA and IT Operations Compliance (ITOC).
These properties are configured in hcm-csa.yaml
.
Property | Description |
---|---|
csa.ITOC.Integration.enabled |
Optional. Enable or disable integration between CSA and ITOC. To enable, this property must be uncommented and set to true. To disable, either comment out the property or set it to false. Default: (disabled) |
csa.ITOC.Notification.BaseUri |
Required if integration between CSA and ITOC is enabled. To enable, this property must be uncommented and set to the endpoint of the ITOC instance. The endpoint is the URL for connecting to the ITOC instance where <protocol> is the protocol used to communicate with the ITOC instance (for example, http or https), <itoc_host> is the hostname of the ITOC instance, and <port> is the port used to connect to the system on which ITOC is running. Default: (disabled) |
csa.ITOC.Notification.username |
Required if integration between CSA and ITOC is enabled. To enable, this property must be uncommented and set to the username used to log in to the ITOC instance. Default: (disabled) |
csa.ITOC.Notification.password |
Required if integration between CSA and ITOC is enabled. To enable, this property must be uncommented and set to the encrypted password used by the user defined in ENC without any separating spaces and is enclosed in parentheses.
Default: (disabled) |
csa.ITOC.Notification.tenant |
Required if integration between CSA and ITOC is enabled. To
enable, this property must be uncommented and set to the tenant group to which the user defined in Default: (disabled) |
Property | Description |
---|---|
csa.ITOC.IntegrationV2.enabled |
Optional. Enable or disable integration v2 between CSA and ITOC. To enable, this property must be uncommented and set to true. To disable, either comment out the property or set it to false. Default: (disabled) |
csa.ITOC.IntegrationV2.ITOCBaseUri |
Required if integration v2 between CSA and ITOC is enabled. To enable, this property must be uncommented and set to the endpoint of the ITOC instance. The endpoint is the URL for connecting to the ITOC instance where <protocol> is the protocol used to communicate with the ITOC instance (for example, http or https), <itoc_host> is the hostname of the ITOC instance, and <port> is the port used to connect to the system on which ITOC is running. Default: (disabled) |
csa.ITOC.IntegrationV2.public.<user>=<password> |
Required if integration v2 between CSA and ITOC is enabled. To enable, this property must be uncommented and set to the ITOC integration credentials. It is used to access ITOC public tenant to get the list of policies and maintenance windows. Username is part of the configuration key and encrypted password is value of the configuration key.
(see Encrypt a password
for instructions).
An encrypted password is preceded by Default: (disabled) |
csa.ITOC.IntegrationV2.<tenant>.<user>=<password> |
Required if integration v2 between CSA and ITOC is enabled. To enable, this property must be uncommented and and set to integration credentials for each consumer tenant of ITOC. Tenant is part of the configuration key, username is part of the configuration key and encrypted password is value of the configuration key. (see Encrypt a password for instructions). An encrypted password is preceded byENC without any separating spaces and is enclosed in parentheses.
Default: (disabled) |
csa.ITOC.IntegrationV2.timeout=10000 |
Required if integration v2 between CSA and ITOC is enabled. To enable, this property must be uncommented and set to connection timeout in milliseconds. Default: (disabled) |
This property is used to configure the Cloud Service Management Console session.
This property is configured in web.xml
.
Property | Description |
---|---|
session-timeout |
Optional. The amount of inactivity, in minutes, that causes the Cloud Service Management Console session to time out. Default: 60 |
These properties are used to configure the REST response.
These properties are configured in hcm-csa.yaml.
Property | Description |
---|---|
rest.restrict.fields |
A comma separated list of the fields that are not included in the REST response. By default the rest.restrict.fields property includes these fields: createdBy, updatedBy, createdOn, updatedOn, description, iconUrl, and categoryType. For details see "Values for the restrict parameter" in the Cloud Service Automation API Guide. |
rest.restrict |
Enable or disable the fields specified in the rest.restrict.fields property to be excluded/included in the output of the REST response. If set to true, the fields are excluded in the output of the REST response. If set to false, the fields are included in the output of the REST response. Default: For details see "Values for the restrict parameter" in the Cloud Service Automation API Guide. |
rest.excludedoc |
Enable or disable the document field to be excluded/included in the output of the REST response. If set to true, the document field is excluded in the output of the REST response. If set to false, the document field is included in the output of the REST response. Default: For details see "Values for the excludedoc parameter" in the Cloud Service Automation API Guide. |
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to clouddocs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: