Configure Operations Orchestration for topology designs

The following tasks are to configure Operations Orchestration for topology designs. Configure only one instance of Operations Orchestration for topology designs.

Note If you followed the instructions in the Codar Installation and Configuration Guide or Codar Upgrade Guide to configure Operations Orchestration, you should have already completed the tasks in this section to configure Operations Orchestration.

Complete the following tasks to configure Operations Orchestration to integrate with Codar:

Note In the following instructions, CSA_HOME is the directory in which Codar is installed and ICONCLUDE_HOME is where you installed Operations Orchestration.

Be sure all the latest patches for Operations Orchestration have been installed. See the Codar System and Software Support Matrix.

Configure internal user

Internal users can be used to configure Operations Orchestration for Codar. The user in these instructions is used for provisioning topology designs.

To configure an internal user, complete the following steps:

  1. Log in to Operations Orchestration Central.

  2. Click the System Configuration button.
  3. Select Security > Internal Users.
  4. Click the Add button.

  5. Enter the following information:

    Field Recommended value
    User Name admin
    Password cloud
    Roles ADMINISTRATOR, SYSTEM, ADMIN

    The admin user is used with Single Sign-On. When Operations Orchestration is launched from the Codar Console, this user allows access to Operations Orchestration without having to log in. If you are using topology designs, the admin user can also be used for provisioning topology designs.

  6. Click Save.

Deploy content packs

  1. From Operations Orchestration Central, click the Content Management button.
  2. Click the Content Packs tab.
  3. Click the Deploy New Content icon.
  4. In the Deploy New Content dialog, click the Add files for deployment icon.
  5. Click the Deploy New Content icon.
  6. Click the Add files for deployment icon.
  7. Navigate to the CSA_HOME\Tools\ComponentTool\contentpacks\ directory, select all the content packs, and click Open.

  8. Click Deploy.

    The deployment may take a few minutes and the dialog will show a progress bar.

  9. When the deployment succeeds, click Close to close the dialog.

Configure Single Sign-On between Codar and Operations Orchestration

If Single Sign-On was enabled during installation of Codar, Single Sign-On can be configured between Codar and Operations Orchestration. Configuring Single Sign-On allows you to launch Operations Orchestration from the Codar Console without having to log in to Operations Orchestration.

Codar provides an out-of-the-box user (admin) and password (cloud) and, earlier in this guide, you configured an internal user for Operations Orchestration with the same username and password. When Single Sign-On is configured between Codar and Operations Orchestration, this user can be used for single sign-on. That is, if you are logged in to Codar as the admin user, you can launch Operations Orchestration from the Codar Console and not have to log in to Operations Orchestration.

You can also configure LDAP users for single sign-on. In order to enable single sign-on for LDAP users, you must either configure Codar and the embedded Operations Orchestration to use the same LDAP source or, if Codar and the embedded Operations Orchestration use different LDAP sources, configure the same users in both sources. In either case, the Codar user must be assigned to the Codar Administrator or Service Operations Manager role and the embedded Operations Orchestration user must be assigned any role that allows flows to be viewed.

Note In order to use Single Sign-On between Codar and Operations Orchestration, the systems on which Codar and Operations Orchestration are installed must be in the same domain.

Configure and enable Single Sign-On

To configure and enable Single Sign-On on Operations Orchestration, complete the following steps:

  1. Log in to Operations Orchestration Central.
  2. Click the System Configuration button.
  3. Select Security > SSO.
  4. Select the Enable check box.

  5. Enter the InitString. This is the value to which the crypto InitString attribute is set in the CSA_HOME\jboss-as\standalone\deployments\csa.war\WEBINF\hpssoConfiguration.xml file.

    For example, if the entry in the file is crypto InitString="lOJisF9Slbf79hmLsd", copy lOJisF9Slbf79hmLsd to this field. This string is used to encrypt and decrypt the LWSSO_COOKIE_KEY cookie that is used to authenticate the user for single sign-on.

  6. Enter the Domain. This is the domain name of the network of the servers on which Codar and Operations Orchestration are installed.
  7. Click Save.

Configure LDAP users for single sign-on

In order to enable single sign-on for LDAP users, you must either configure Codar and Operations Orchestration to use the same LDAP source or, if Codar and Operations Orchestration use different LDAP sources, configure the same users in both sources. In either case, the Codar user and the Operations Orchestration user must be assigned any role that allows flows to be viewed.

For more information on configuring LDAP in Operations Orchestration, see the Operations Orchestration Central Help.

Note One of the LDAP servers must be set to default in Operations Orchestration so that Codar can launch the Operations Orchestration page. Otherwise, an "access denied" error occurs.

To configure LDAP for Operations Orchestration, complete the following steps:

  1. Log in to Operations Orchestration Central.
  2. Click the System Configuration button.
  3. Select Security > LDAP.
  4. Enter the information to configure LDAP.
  5. Click Save.

Configure Operations Orchestration properties in csa.properties file

If you integrated with Operations Orchestration using the installer (during the installation or upgrade process), you do not need to configure these properties (they are already configured). These properties are used to integrate with Operations Orchestration.

In the subscription event overview section of the Operations area in the Codar Console, selecting the Process ID opens Operations Orchestration to the detailed page of the selected process when these properties are configured.

Edit the CSA_HOME\jboss-as\standalone\deployments\csa.war\WEB-INF\classes\csa.properties file and configure the following properties:

Property Description
OOS_URL

The URL used to access Operations Orchestration Central. This is the Operations Orchestration used for provisioning topology designs (Operations Orchestration version 10.21).

Set this URL to the system on which Operations Orchestration version 10.21 is installed. For example, https://<hostname>:8443.
OOS_USERNAME

The username used to log in to Operations Orchestration Central.

Set this username to admin.
OOS_PASSWORD

The encrypted password used by the user defined in OOS_USERNAME to log in to Operations Orchestration Central.

Set this property to the encrypted value of the user defined in OOS_USERNAME (see Encrypt password). An encrypted password is preceded by ENC without any separating spaces and is enclosed in parentheses.

embedded.oo.root.dir

Location of the embedded Operations Orchestration when it is installed with Codar. This property is generated when embedded Operations Orchestration is installed during the Codar installation.

This property is the only indicator of embedded Operations Orchestration, which is important mainly for uninstallation and upgrades. This property cannot be edited.

Configure secure connection between Codar and Operations Orchestration

If you integrated with Operations Orchestration using the installer (during the installation or upgrade process), you do not need to configure a secure connection (it has already been configured).

Run component tool

The component tool imports the Operations Orchestration flows from the content packs installed with Codar (used only with Operations Orchestration version 10.21).

To run the component tool, complete the following steps:

  1. Open a command prompt and change the directory to CSA_HOME\Tools\ComponentTool.

  2. Generate the sample database properties files. Run the following command:

    Windows:

    "CSA_JRE_HOME\bin\java" -jar component-tool.jar -g

    Linux:

    CSA_JRE_HOME/bin/java -jar component-tool.jar -g

  3. Make a copy of the appropriate sample database properties file, rename it to config.properties, and update the content, as needed.

    Property Name Description
    jdbc.
    driver
    ClassName

    The JDBC driver class.

    Example

    Oracle: jdbc.driverClassName=oracle.jdbc.driver.OracleDriver
    MS SQL: jdbc.driverClassName=net.sourceforge.jtds.jdbc.Driver
    PostgreSQL: jdbc.driverClassName=org.postgresql.Driver

    jdbc.dialect

    The classname that allows JDBC to generate optimized SQL for a particular database.

    Example

    Oracle: jdbc.dialect=org.hibernate.dialect.OracleDialect
    MS SQL: jdbc.dialect=org.hibernate.dialect.SQLServerDialect
    PostgreSQL: jdbc.dialect=org.hibernate.dialect.PostgreSQLDialect

    jdbc.
    databaseUrl

    The JDBC URL. When specifying an IPv6 address, it must be enclosed in square brackets (see example below).

    Example

    Oracle, TLS not enabled
    jdbc.databaseUrl=jdbc:oracle:thin:@127.0.0.1:1521:XE

    Oracle, TLS not enabled, using an IPv6 address
    jdbc.databaseUrl=jdbc:oracle:thin:@[f000:253c::9c10:b4b4]:1521:XE

    Oracle, TLS enabled, Codar does not check the database DN
    jdbc.databaseUrl=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST= (ADDRESS=(PROTOCOL = TCPS)(HOST = <host>)(PORT = 1521))) (CONNECT_DATA =(SERVICE_NAME = ORCL)))
    where <host> is the name of the system on which the Oracle database server is installed.

    Oracle, TLS enabled, Codar checks the database DN
    jdbc.databaseUrl=jdbc:oracle:thin:@(DESCRIPTION =(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCPS)(HOST = <host>)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = ORCL))(SECURITY=(SSL_SERVER_CERT_DN="CN=abc,OU=dbserver,O=xyz,L=Sunnyvale,ST=CA,C=US")))
    where <host> is the name of the system on which the Oracle database server is installed and the values for SSL_SERVER_CERT_DN are for the DN of the Oracle database server.

    MS SQL,     TLS not enabled
    jdbc.databaseUrl=jdbc:jtds:sqlserver://127.0.0.1:1433/
     example;ssl=request

    MS SQL, TLS not enabled, using an IPv6 address
    jdbc.databaseUrl=jdbc:jtds:sqlserver://[::1]:1433/example;ssl=request

    MS SQL, TLS enabled
    jdbc.databaseUrl=jdbc:jtds:sqlserver://127.0.0.1:1433/example;ssl=authenticate

     MS SQL, FIPS 140-2 compliant
    jdbc.databaseUrl=jdbc:jtds:sqlserver://127.0.0.1:1433/example;ssl=authenticate
    PostgreSQL
    jdbc.databaseUrl=jdbc:postgresql://127.0.0.1:5432/codardb

    jdbc.
    username    		 The user name of the database user you configured for Codar after installing the database.
    jdbc.
    password

    The password for the database user. The password should be encrypted (see the Encrypt password for instructions on encrypting passwords).

    If you have configured Codar to be FIPS 140-2 compliant, encrypt this password after you have configured Codar to be FIPS 140-2 compliant (that is, you should use the updated encryption tools to encrypt the password).

    Example

    jdbc.password=ENC(fc5e38d38a5703285441e7fe7010b0)

    Example config.properties content

    Oracle, TLS not enabled
    jdbc.driverClassName=oracle.jdbc.driver.OracleDriver
    jdbc.dialect=org.hibernate.dialect.OracleDialect
    jdbc.databaseUrl=jdbc:oracle:thin:@127.0.0.1:1521:XE
    jdbc.username=codar
    jdbc.password=ENC(fc5e38d38a5703285441e7fe7010b0)

    MS SQL, TLS not enabled
    jdbc.driverClassName=net.sourceforge.jtds.jdbc.Driver
    jdbc.dialect=org.hibernate.dialect.SQLServerDialect
    jdbc.databaseUrl=jdbc:jtds:sqlserver://127.0.0.1:1433/example;ssl=request
    jdbc.username=codar
    jdbc.password=ENC(fc5e38d38a5703285441e7fe7010b0)

    MS SQL, TLS enabled
    jdbc.driverClassName=net.sourceforge.jtds.jdbc.Driver
    jdbc.dialect=org.hibernate.dialect.SQLServerDialect
    jdbc.databaseUrl=jdbc:jtds:sqlserver://127.0.0.1:1433/example;ssl=authenticate
    jdbc.username=codar
    jdbc.password=ENC(fc5e38d38a5703285441e7fe7010b0)


    MS SQL (FIPS 140-2 compliant)
    jdbc.driverClassName=net.sourceforge.jtds.jdbc.Driver
    jdbc.dialect=org.hibernate.dialect.SQLServerDialect
    jdbc.databaseUrl=jdbc:jtds:sqlserver://127.0.0.1:1433/
     example;ssl=authenticate
    jdbc.username=codar
    jdbc.password=ENC(fc5e38d38a5703285441e7fe7010b0)

    PostgreSQL
    jdbc.driverClassName=org.postgresql.Driver
    jdbc.dialect=org.hibernate.dialect.PostgreSQLDialect
    jdbc.databaseUrl=jdbc:postgresql://127.0.0.1:5432/codardb
    jdbc.username=codardbuser
    jdbc.password=ENC(fc5e38d38a5703285441e7fe7010b0)

  4. Run the component tool:

    • Oracle

      Windows:
      "CSA_JRE_HOME\bin\java" -jar component-tool.jar -c config.properties ‑cp contentpacks -m mappingFiles -me metainfo.txt -j <jdbc_driver_directory>\ojdbc.jar

      Linux:
      CSA_JRE_HOME/bin/java -jar component-tool.jar -c config.properties ‑cp contentpacks -m mappingFiles -me metainfo.txt -j <jdbc_driver_directory>/ojdbc.jar

    • MS SQL and PostgreSQL

      Windows:
      "CSA_JRE_HOME\bin\java" -jar component-tool.jar -c config.properties ‑cp contentpacks -m mappingFiles -me metainfo.txt

      Linux:
      CSA_JRE_HOME/bin/java -jar component-tool.jar -c config.properties ‑cp contentpacks -m mappingFiles -me metainfo.txt

    Note Do not edit the metainfo.txt file or the contentpacks and mappingFiles directories.

Send Help Center feedback