Integrate > SA-OO integration > Setting up the integration

Setting up the integration

This section describes how administrators can build OO flows and jobs that are integrated with SA.

Setting up OO flows

As an SA-OO integration administrator, you need to set user permissions, check that your system has the required environment, and import the required OO SDK Client Certificate.

Set user permissions

Users of OO flows must have the following OO permissions:

Required OO flow user permissions

Permission

Verify Permission Settings in the SA Client

AdministerFlowIntegrations

(ability to configure the OO integration settings)

Select Administration in the navigation panel. If the Flow Integrations option appears in the list of choices in the navigation tree, the permission has been granted.

RunFlowOption

(ability to run OO flows)

Select Devices in the navigation panel. Select Servers > All Managed Servers. Right-click a server name and choose Run. If the Flow... option is visible, the permission has been granted.

Check the environment

Your system must have the following:

  • SA version 10.0
  • HPE Operations Orchestration (OO) version 10.x.
  • OO installation server networked to an SA core server
  • Valid OO SDK Client Certificate to communicate with OO (see Importing the OO SDK Client Certificate)

Import the OO SDK client certificate

You must import the certificate before users can run OO flows from SA.

Note If your architecture includes a master core and one or more secondary cores, follow the steps in this section for the master core and for each of the secondary cores. Similarly, if your SA computer has a sliced-core installation with one or more slices, repeat the steps for each slice.

To import the certificate:

  1. Stop the Web Services Data Access Engine (Twist):
    /etc/init.d/opsware-sas stop twist
  2. Transfer the OO Central Certificate to SA:

    (When you are prompted for a password for the next steps, use: changeit)
    1. Export the OO Central Certificate:

      The procedure to export the certificate may differ, depending on the OS version you have on your OO server. For more details see the OO documentation.

      Note The certificate export command must be run on the OO server (the client certificate is not bundled with SA).

      Example command, exporting from an OO 10.x instance installed on a Windows server:

      <OO_INSTALL_DIR>\java\bin\keytool.exe -exportcert -alias tomcat -file C:\oocentral.crt -keystore <OO_INSTALL_DIR>\central\var\security\key.store

      Next, make sure you copy the C:\oocentral.crt file to the SA core, under /tmp/oocentral.crt.

    2. Import the OO Central Certificate to the SA Java Runtime Environment (JRE) Keystore:

      /opt/opsware/openjdk/jre/bin/keytool -importcert -alias oocert -file /tmp/oocentral.crt -keystore /opt/opsware/openjdk/jre/lib/security/cacerts

      Note The example above uses the alias: oocert. However, any alias can be used when importing the certificate, as long as it is not already used in that keystore.

  3. Check that the OO Central Certificate was imported successfully:

    /opt/opsware/openjdk/jre/bin/keytool –list –alias oocert –keystore /opt/opsware/openjdk/jre/lib/security/cacerts

    Example output:

    oocert, Feb 3, 2010, trustedCertEntry,
    Certificate fingerprint (MD5): DF:DD:22:1B:A2:1E:A9:9C:1C:AF:8F:E0:14:1F:B5:E0

  4. Restart the Web Services Data Access Engine (Twist):

    /etc/init.d/opsware-sas restart twist

Note If a jssecacerts file is present in the same location as cacerts (/opt/opsware/openjdk/jre/lib/security/), either remove the jssecacerts file or make sure to import the certificate in jssecacerts instead of cacerts.

Setting up OO jobs

As an SA-OO jobs administrator, you need to create the following permissions so users can work with jobs in SA:

User Permissions

Permission

Description

Check in the SA Client

AdministerFlowIntegrations

Configure the OO integration settings

Select Administration in the navigation panel. If the Flow Integrations option appears in the list of choices in the navigation tree, the permission has been granted.

RunFlowOption

(for users who want to run flows)

Run OO flows

Select Devices in the navigation panel. Select Servers > All Managed Servers. Right-click a server name and choose Run. If the Flow.. option is visible, the permission has been granted.