Installing and configuring Operations Orchestration

Install and configure Operations Orchestration as described in the Codar Installation and Configuration Guide with the following exceptions. The Codar Installation and Configuration Guide can be downloaded from the HPE Software Support website (this site requires that you register with HPE Passport).

  1. HPE recommends that you install Operations Orchestration in its own cluster configured for HA.
  2. Configure SSL between Operations Orchestration and all Codar nodes.
Note: When you install Codar, Operations Orchestration is not available out-of-the-box in a cluster setup. Perform the steps in this chapter to configure Operations Orchestration in a cluster.

Configuring Codar in HA mode using an embedded instance of Operations Orchestration

When installing Codar, if you have selected to install an embedded version of Operations Orchestration, perform the following steps to configure Codar in HA mode using the embedded instance of Operations Orchestration:

Point all Operations Orchestration instances to a single database

Every Codar installation has an instance of Operations Orchestration installed and all these Operations Orchestration instances point to different databases. To enable HA we have to make all of the Operations Orchestration instances point to a single database manually by performing the following steps:

  1. Copy the following files from one of the Operations Orchestration instances to all the other instances:

    Microsoft Windows Linux
    • <installation_directory>\HPE Operations Orchestration\central\conf\database.properties
    • <installation_directory>\HPE Operations Orchestration\central\var\security\encryption.properties
    • <installation_directory>\HPE Operations Orchestration\central\var\security\encryption_repository
    • <installation_directory>\HPE Operations Orchestration\central\var\security\key.store
    • <installation_directory>/HPE Operations Orchestration/central/conf/database.properties
    • <installation_directory>/HPE Operations Orchestration/central/var/security/encryption.properties
    • <installation_directory>/HPE Operations Orchestration/central/var/security/encryption_repository
    • <installation_directory>/HPE Operations Orchestration/central/var/security/key.store

  2. Delete the credentials.store file from the <installation dir>\HPE Operations Orchestration\central\var\security directory (in Microsoft Windows) or the <installation dir>/HPE Operations Orchestration/central/var/security directory (in Linux)for all Operations Orchestration instances except the instance from which the files were copied in step 1.

  3. Go to Operations Orchestration > Content Management > Configuration Items > System Properties > CODAR_REST_URI.

  4. Click edit icon.
  5. In the System Property Details dialog, enter the following in the Override Value field: 'https://{Load Balancer Host name}:{Load Balancer Port Number}/csa/api'.

  6. Restart the Operations Orchestration service for all the instances.

    7. Each of the Operations Orchestration instances now display all the hosts with active status as shown in the following figure. In this figure, two nodes have active status.

Configure Operations Orchestration in the HA environment

After ensuring that all Operations Orchestration instances point to a single database, configure them in the HA environment by performing the following steps:

Note: Skip steps 1 to 5 if you are using the same load balancer for both Codar and Operations Orchestration.

The steps below outline the configuration for the Apache load balancer, You can use any load balancer that you want.

  1. Install the Apache server and generate an SSL certificate using the following command :

    openssl req -x509 -days 365 -newkey rsa:2048 -nodes -keyout <apache_home>\Apache<version>\conf\apache_csa.key -out <apache_home>\Apache<version>\conf\apache_csa.crt -config <apache_home>\Apache<version>\conf\openssl.cnf -subj /O=HP/OU=HP/CN=<apache_load_balancer_host_name>

  2. Copy apache_csa.crt from <apache_home>\Apache<version>\conf to the <codar_home>\jboss-as\standalone\configuration directory.

  3. Apply the SSL certificate on all the Codar nodes using the following command:

    keytool -importcert -file "<codar_home>\jboss-as\standalone\configuration\apache_csa.crt" -alias apache_csa -keystore "<codar_home>/openjre/lib/security/cacert

  4. Update the httpd.conf file with the following modifications:

    1. Verify that the following modules exist:

      • <apache_home>\Apache<version>\modules\mod_authz_host.so

      • <apache_home>\Apache<version>\modules\mod_headers.so

      • <apache_home>\Apache<version>\modules\mod_log_config.so

      • <apache_home>\Apache<version>\modules\mod_proxy.so

      • <apache_home>\Apache<version>\modules\mod_proxy_balancer.so

      • <apache_home>\Apache<version>\modules\mod_proxy_connect.so

      • <apache_home>\Apache<version>\modules\mod_proxy_http.so

      • <apache_home>\Apache<version>\modules\mod_rewrite.so

      • <apache_home>\Apache<version>\modules\mod_ssl.so

    2. Add or update the list of modules to include the following modules:

      • LoadModule authz_host_module modules/mod_authz_host.so

      • LoadModule headers_module modules/mod_headers.so

      • LoadModule log_config_module modules/mod_log_config.so

      • LoadModule proxy_module modules/mod_proxy.so

      • LoadModule proxy_balancer_module modules/mod_proxy_balancer.so

      • LoadModule proxy_connect_module modules/mod_proxy_connect.so

      • LoadModule proxy_http_module modules/mod_proxy_http.so

      • LoadModule rewrite_module modules/mod_rewrite.so

      • LoadModule ssl_module modules/mod_ssl.so

    3. Add the Include conf/extra/OO.conf and Timeout 90000 lines.

  5. Update the <Engine defaultHost="localhost" name="Catalina" > line to include the JVM route addition: <Engine defaultHost="localhost" name="Catalina" jvmRoute="node1">

    The jvmRoute node number must match the node number used when configuring the Apache load balancer.

  6. Create a virtual host file for the Operations Orchestration nodes by creating a file named OO.conf in the <apache_home>\Apache<version>\conf\extra directory. The file must contain the following content: 

    Listen 8585
<VirtualHost *:8585>
ProxyRequests off
ServerName [APACHE_LOAD_BALANCER_HOSTNAME]
ServerAlias [APACHE_LOAD_BALANCER_HOSTNAME]
<Proxy balancer://mycluster>
BalancerMember http:// [OO_NODE1_HOSTNAME]:8082 route=node1
BalancerMember http:// [OO_NODE2_HOSTNAME]:8082 route=node2
Order Deny,Allow
Deny from none
Allow from all
ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Order deny,allow
Allow from all
</Location>
ProxyPass /balancer-manager!
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid scolonpathdelim=On
ProxyPassReverse / balancer://mycluster
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile <apache_home\Apache<version>\conf\apache_csa.crt
SSLCertificateKeyFile <apache_home\Apache<version>\conf\apache_csa.key
</VirtualHost>

  7. Update the OOS_URL property of the <codar_home>\jboss-as\standalone\deployments\codar.war\WEB-INF\classes\codar.properties file with the URL of the load balancer for all of the Codar nodes. For example, OOS_URL=https://<apache_load_balancer_host_name>:8585

  8. Specify the URL of the Operations Orchestration load balancer on the Configuration tab in one of the Operations Orchestration instances and save it. This URL gets reflected in the other instances.

  9. Restart the Operations Orchestration central service, Codar service, and the Apache service.

Send Help Center feedback