ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b40abbcd473a7093d8261e212e3d6de97c1e516a
nexus/knowledgebase/csd-wiki/ICSD/Configuring-HCMx-and-OpsB-using-same-Vertica_688987648.md

17 KiB
Raw Blame History

Configuring-HCMx-and-OpsB-using-same-Vertica_688987648

Introduction

This page describes how to configure OpsB to use Vertica which is installed through HCMx. Here the main challenge is how to do cross communication between SMAX SaaS account and OpsB SaaS account.

Deployment Diagram

Install HCMx

Follow the regular SaaS steps to install HCMx

Refer official doc link: Install on AWS (EKS) - Service Management Automation X (microfocus.com)

Configuration for cross AWS account communication (uses AWS Privatelink)

Ports used from HCMx side:

  • From OpsB to HCMx: 5433

Ports used from OpsB side:

  • From HCMx to OpsB: 31051 or 6651 (based on property: global.di.externalDNS.enabled), by default its 6651
  • From HCMx to OpsB: 18443 (ODL administration API)
  • From HCMx to OpsB: 5050 (ODL receiver API)

For the above cross account communications, AWS Private Link configured. This includes Endpoint Service which connects to private NLB of required service on source and Endpoint on client side which connects to Endpoint Service created on Source.

Note: Make sure the exposed port through Endpoint Service opened using Security Group of Endpoint on client side.

Once all private links configured, need to edit Scheduler Config map to overwrite pulsar datasource value to Interface Endpoint on UDX plugin which connects with port 6651.

Edit ConfigMap "itom-di-udx-scheduler-scheduler" in OpsB namespace and replace the Interface Endpoint for property "pulsar.datasource.host"

Create Network Load Balancer for Vertica

Go to AWS console to create a Target Group for Vertica

Section

Item

Value

Basic configuration

Target type

IP addresses

Target group name

NLB-for-Vertica-TG

Protocol: Port

TCP: 5433

IP address type

IPv4

VPC

VPC of the Vertica DB server

Others

/

Leave default

Go to AWS console to create a Network load balancer for Vertica

Section

Item

Value

Basic configuration

Load balancer name

NLB-for-Vertica

Scheme

Internal

IP address type

IPv4

Network mapping

VPC

VPC of the Vertica DB server

Mappings

us-west-2a: private subnet1

us-west-2b: private subnet2

us-west-2c: private subnet3

Security groups

Security groups

The security group of the Vertica DB server

Listeners and routing

Protocol

TCP

Port

5433

Forward to

NLB-for-Vertica-TG

Create Endpoint Service for Vertica

Go to AWS console to create an Endpoint Service for Vertica

Section

Item

Value

Endpoint service settings

Name

Vertica-endpoint-service

Load balancer type

Network

Available load balancers

Select the load balancers

NLB-for-Vertica

Additional settings

Acceptance required

Checked

Supported IP address types

IPv4

Create Endpoints for Vertica connect to OpsB

Go to AWS console to create an Endpoint for Pulsar

Section

Item

Value

Endpoint settings

Name tag

Vertica-Pulsar-endpoint

Service category

Other endpoint services

Service settings

Service name

The pulsar service name shared from OpsB

VPC

VPC

The VPC of Vertica

Additional settings

Leave as default

Go to AWS console to create an Endpoint for DI Admin

Section

Item

Value

Endpoint settings

Name tag

Vertica-DI-Admin-endpoint

Service category

Other endpoint services

Service settings

Service name

The DI Admin service name shared from OpsB

VPC

VPC

The VPC of Vertica

Additional settings

Leave as default

Go to AWS console to create an Endpoint for DI receiver

Section

Item

Value

Endpoint settings

Name tag

Vertica-DI-Receiver-endpoint

Service category

Other endpoint services

Service settings

Service name

The DI receiver service name shared from OpsB

VPC

VPC

The VPC of Vertica

Additional settings

Leave as default

Create inbound rules in the security group of Vertica

  1. Go to AWS Console to find the security group of the Vertica
  2. Click “Actions” to edit inbound rules
  3. Add three rules as
Type Protocol Port range Source Description
Custom TCP TCP 6651 Custom: 0.0.0.0/0 itom-pulsar
Custom TCP TCP 18443 Custom: 0.0.0.0/0 itom-di-administration
Custom TCP TCP 5050 Custom: 0.0.0.0/0 itom-di-receiver

Vertica Customisation on HCMx Vertica Instance

Configure Vertica for ODL communication

Get the pulsarudx packge

https://orgartifactory.swinfra.net/artifactory/itom-opsbridge-helm-release/opsbridge-suite-chart/24.2/opsbridge-suite-chart-2.8.1+24.2.1-35.zip

Extract the package, get the opsbridge-suite-chart/tools/itom-di-pulsarudx-.x86_64.rpm

In Bastion host

from the unzipped opsb chart copy pulsarudx plugin to vertica (use the command below)

scp -r -i ~/id_tmp opsbridge-suite-chart/tools/itom-di-pulsarudx-.x86_64.rpm vertica@ < verticaIP>:/home/vertica

In vertica VM

  • vsql --version ( make sure it compatible vertica version for opsb)
  • sudo su
    rpm -iv itom-di-pulsarudx-.x86_64.rpm

Create tenant in vertica (Use HCMx tenant ID with "t" prefix for tenant name)

  • cd /usr/local/itom-di-pulsarudx/bin
    ./dbinit.sh genconfig
  • mv /usr/local/itom-di-pulsarudx/conf/dbinit_conf.yaml /usr/local/itom-di-pulsarudx/conf/dbinit_conf.yaml-bkp
  • sed -i s/t123456789/t<hcmx_tenant_id>/g /home/vertica/dbinit_conf.yaml
  • cp -f /home/vertica/dbinit_conf.yaml /usr/local/itom-di-pulsarudx/conf/dbinit_conf.yaml
    ./dbinit.sh -g
    Provide Admin_1234 as all prompts of password
  • ./dbinit.sh list
    Tenant |Deployment |Read Only User |Read Write User |
    txxxxxxx |default |txxxxxxx_rouser |txxxxxxx_rwuser
  • Please find the sample file attached

dbinit_conf_sample_saas.yaml

Install OpsB

(Use HCMx tenant ID with "t" prefix for tenant name)

Follow regular SaaS steps to install OpsB with following changes,

Refer official doc link: Install Operations Bridge - Operations Bridge - Containerized (microfocus.com)

  • Install ODL Message Bus (Pulsar) in different namespace (example: optic-shared). Create tenant in ODL message bus
  • In OpsB values yaml, provide HCMx Vertica details such as hostname, port, RO user, RW user and TLS enabled. (Using helm install command, Vertica certificate will be passed)

Config the OPTIC Data Lake Capability on ESM BO

Download OPTIC Data Lake certificates

Take https://<OpsbServerName>:443/ as an example.

Follow the below steps to get certificates:

  1. Visit https://<OpsbServerName>:443/, click Not secure and Certificate is not valid.
  2. Go to the Details tab and select the root certificate, then click Export.

Get Administration and Data receiver URLs:

  • Get the DNS Name of the data-ingestion-administration endpoint as the DI-Admin-FQDN
  • https://:18443/itom-data-ingestion-administration
  • Get the DNS Name of the data-ingestion-receiver endpoint as the DI-Receiver-FQDN
  • https://:5050/itom-data-ingestion-receiver

Follow the below steps to get certificates:

  1. Visit https://:18443/, click Not secure and Certificate is not valid.
  2. Go to the Details tab and select the root certificate, then click Export.
  3. Visit https://:5050/, click Not secure and Certificate is not valid.
  4. Go to the Details tab and select the root certificate, then click Export.

Import OPTIC Data Lake certificates

Copy the certificates to the following directory on the NFS server of SMAX: < global-volume>/certificate/source. For example, /var/vols/itom/itsma/global-volume/certificate/source

Or <config-volume>/certificate/source (Helm transformed). For example, /var/vols/itom/itsma/config-volume/certificate/source

Notice: In this step, please assure the owner of certificates is 1999:1999. For command, chown -R 1999:1999 <certificate.pem>

Restart pods

Restart SMAX pods by running commands on a control plane node or the bastion node:

  1. Run the following commands to restart the SMAX platform pods. kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform-offline
  2. Run the following command to restart the bo-ats pod. kubectl rollout restart deployment -n itsma-xxxx itom-bo-ats-deployment

Create a credential for OPTIC Data Lake

To create a credential for OPTIC Data Lake, follow these steps:

  1. Log in to Suite Administration as the suite admin: https:///bo.
  2. Click Configurations.
  3. On the Credential Store tab, click New.
  4. In the Credential dialog box, specify these fields: View Fullscreen
    Field Description
    Name The display name of the required credential you want to create for the OPTIC DL IdM.
    Tenant The tenant ID, which is required when you add capabilities after installing the suite. The tenant you select must be active.
    IdM endpoint The endpoint of the OPTIC DL IdM that you want to connect. For example, https://<OpsbServerName>:<Port>.
    Organization The organization of the OPTIC DL IdM.
    User name The name of the IdM user with the DI ADMIN role and/or DI INGESTION role. If you use one single IdM user for both the DI ADMIN role and the DI INGESTION role, you only need to create one credential. If you use two different users for the DI ADMIN role and the DI INGESTION role, make sure you create two credentials for each of them. You can only create or delete one credential at a time.
    Security type The security type. You can select either PASSWORD or VAULT.
    Password The password of the user. Enter the password if you selected PASSWORD as the security type.
    Vault The vault key. Enter the vault key if you selected VAULT as the security type.
  5. Click Test connection. If the action fails, check if the field values are correct.
  6. Click Save. It will generate a UUID for this credential. You can use this UUID to connect to the OPTIC DL IdM.
  7. Notice the Opsbridge team to grant the DI_ADMIN, DI_DATAACCESS, DI_INGESTION roles to the new created users.

Deploy the OPTIC Data Lake capability

Follow these steps to deploy the OPTIC Data Lake capability for the tenant:

  1. Log in to Suite Administration as the suite admin: https:///bo.
  2. Click Tenants.
  3. Click and open the tenant for which you just created the credential.
  4. On the Capability settings tab, click Deploy new capability.
  5. In the Pre-check step, in the Capability dropdown box, select OPTIC Data Lake. Only when a Premium license has been added to the selected tenant, the OPTIC Data Lake option will appear in the dropdown box.
  6. In Administration URL, enter https://<DI-Admin-FQDN>:18443/itom-data-ingestion-administration.
  7. In Credential for administration,select the credential you just created.
  8. Click Next.
  9. In the Config and deploy step, in Data receiver URL, enter https://<DI-Receiver-FQDN>:5050/itom-data-ingestion-receiver.
  10. In Credential for data receiver, select the credential you just created.
  11. Check the acknowledge box.
  12. Click Deploy.
  13. The deployment is now completed. Note that the OPTIC Data Lake capability can only be deployed once, however, you can change the configurations through the Capability settings tab later.

Configure the integration

Once the OPTIC Data Lake capability is deployed, the SMAX tenant admin or the Integration admin (People > Roles > On-Premise Bridge/Integration > Administrator) needs to configure the integration:

  1. Go to the agent interface.
  2. In Integration Management, select Integration configuration.
  3. Click and expand the OPTIC Data Lake node.
  4. You can enable OPTIC Data Lake either for specific record types or for all supported record types. You can enable OPTIC Data Lake for specific record types. To do this, click Add, select the desired record type, and then click Save. Click Save in the main window**,** then click Apply. Once the record type is added, it will appear in the left-side pane. Alternatively, you can enable OPTIC Data Lake for all supported record types. To do this, check the Apply for all record types box, click Save, then click Apply. However, by enabling it for all supported record types, the data throughput might surge and impact the system's performance.
  5. Now, the SMAX metadata will be synchronized and the database structure will be created in OPTIC Data Lake.
    Note: The COMPLEX_TYPE, IMAGE, LARGE_TEXT, and RICH_TEXT metadata is not supported and won't be synchronized.

Data synchronization

After the OPTIC Data Lake integration has been configured:

  • Any changes to the SMAX metadata will be synchronized to OPTIC Data Lake instantly.
  • Any changes to the SMAX record data will be synchronized to OPTIC Data Lake every 15 minutes. Note that the maximum number of database transactions per job is 1000.

Configure UIS

Enable Feature Toggle for UIS Data clean up on time series bar chart

  1. Enable Feature Toggle in bvd helm configure map, on the Kubernetes master machine:
kubectl -n <namespace> edit configmap bvd-config

Search featureToggles, and add "ENABLE_DATA_CLEAN_UP": true inside {}. The result should be like below, if previous value is empty:

featureToggles: {"ENABLE_DATA_CLEAN_UP": true}

Configure Optic Switcher with single sign on (Azure IDP solution)

Refer to: Configure Optic Switcher with single sign on (Azure IDP solution)

Validating Setup

  • Open UIS reports and check the data getting populated
  • Open DBLog on Vertica to look for any errors, there should not be any errors in that log. This shows if any error on UDx plugin to pulsar proxy communication.
  • Configure entity push in BO and see entities are getting into Vertica. This confirms ODL functionality correctly works or not.
Reference in New Issue View Git Blame Copy Permalink