Setup vRealize Operations Tenant App for vCloud Director

The vRealize Operations Tenant App for vCloud Director can be set up in two different ways, as a standalone App or as a plug-in for the vCloud Dirctor HTML5 UI. With this article I will show the basic steps and the components which need to be configured to get the plug-in for vCloud Director up and running.

This diagram provides an overview of the components of the vRealize Operations Manager Tenant App for vCloud Director as a plug-in:

vRealize Operations Tenant App for vCloud Director - port diagram

Source: User Guide: vROps for Tenant App for a Service Provider

 

Update – 29.05.2018:

 

A newer Version of the Tenant App Appliance (Version 1.2.0.0) was releases. The new Version supports now VMware vCloud Director 9.1!

But at the moment no Release Notes, Upgrade Guide or a refreshed Deployment Guide have been released.

 

My Upgrade Path:

  1. Unpublish and delete Plugin
  2. Power off old appliance
  3. Deploy new appliance
  4. reconfigure with the same certificate, name and ip (Users are stored on vRealize Operations Manager)
  5. Install and Publish Plugin

New certificate replacement:

The Tenant App Appliance 1.2.0.0 only accepted a pem file with key and cert.

docker cp /certs/app.pem  vvtv:/etc/ssl/app.pem

 

New Version:

You might also be interested in the article about version 2.0 of the Tenant App: vRealize Operations Tenant App 2.0 for vCloud Director

vCloud Director – AMQP Broker

The AMQP Broker for a vCloud Director instance is a message broker based on RabbitMQ. As the VMware docs in the section Installing and Configuring a RabbitMQ AMQP Broker only points to the original RabbitMQ installation instructions I will provide the basic installation steps within this chapter.

Note:

This instructions only applies to a test environment and not all of the security, scalability and availability requirement for production purpose are met.

For the final production setup of the AMQP Broker you should follow the RabbitMQ Production Checklist

RabbitMQ Guest OS

I have chosen CentOS 7 x64 as guest os for the RabbitMQ application, but there are many more Supported Distributions for RabbitMQ 3.6.3.

Update guest OS:

yum update

Install additional packages:

yum install open-vm-tools net-tools

RabbitMQ prerequiremeents

The only dependency of RabbitMQ 3.6.3 is the Erlang package as a supported version. There are a few options to install this package in the Install Guide listed. I chose the zero dependency Erlang RPM package for running RabbitMQ.

Install Erlang:

yum install  https://github.com/rabbitmq/erlang-rpm/releases/download/v20.2.2/erlang-20.2.2-1.el7.centos.x86_64.rpm

RabbitMQ installation

Install RabbitMQ:

yum install https://dl.bintray.com/rabbitmq/all/rabbitmq-server/3.7.2/rabbitmq-server-3.7.2-1.el7.noarch.rpm

Enable and start RabbitMQ service:

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

RabbitMQ configuration

Enable Management Plugin:

rabbitmq-plugins enable rabbitmq_management

systemctl stop rabbitmq-server.service
systemctl start rabbitmq-server.service

rabbitmq.conf:

For this use case and setup it was not necessary to change anything from the default configuration parameters. But for further use cases I created the rabbitmq.conf example file with all the default configuration parameters as a template (file path: /etc/rabbitmq/rabbitmq.conf ).

More details about the configuration parameters can be found in the RabbitMQ Configuration Documentation.

Change guest user password:

rabbitmqctl change_password guest <A Secret>

Create new user (vcloud):

rabbitmqctl add_user vcloud <A Secret>

Set Administrator Tag für the new user:

rabbitmqctl set_user_tags vcloud administrator

Grant full access für the new user:

rabbitmqctl set_permissions -p / vcloud ".*" ".*" ".*"

vRealize Operations Tenant App for vCloud Director - AMQP user permissions

After the next step you can also check (and manage) the permissions of the new user via the web based management interface.

vRealize Operations Tenant App for vCloud Director - AMQP user permissions in UI

Configure Firewall:

firewall-cmd --zone=public --permanent --add-port=5672/tcp
firewall-cmd --zone=public --permanent --add-port=15672/tcp
firewall-cmd --reload

Now you should be able to connect to management interface (http://<RabbitMQ IP>:15672) and authenticate with the newly created user vcloud.

vRealize Operations Tenant App for vCloud Director - management interface

vCloud Director AMQP Broker Settings

As the RabbitMQ server setup is done, we are now able to add the AMQP Broker to the vCloud Director instance.

Since this is a test environment, I do not use SSL encryption. For a production setup it is highly recommended to use SSL!

vRealize Operations Manager vCloud Director Adapter

The data source for vRealize Operations Tenant App for vCloud Director is the vRealize Operations Management Pack for vCloud Director. Therefore, a properly configured vCloud Adapter version 4.5 or newer is one of the prerequirements of the Tenant App.

vRealize Operations Tenant App for vCloud Director – deployment

As you can see in the diagram at the beginning of the article, the Tenant App ships as a separate instance. The Tenant App itself is a PhotonOS appliance with a preconfigured docker image. The OVA can be downloaded from the VMware Solutions Exchange as part of the vCloud Director management pack for vRealize Operations Manager. The design as a separate Appliance with a small footprint makes it possible to realize secure publishing of the Operations Manager data.

Deploy OVA

All the AMQP settings must match the vCloud Director setup, but they will not be verified at these point.

Note:

For production purpose it is necessary to use your external vCloud Director URL and a external URL for the tenant app. Both certificates should be valid. Why we need a external URL for the Tenant App will be explained in a later chapter.

After the first boot of the appliance the “Provider Site” should be available (https://<Tenant App IP>). The available login types are depending on the vRealize Operations Manager configuration.

vRealize Operations Tenant App for vCloud Director - Provider Login

With this interface the provider has a lightweight version of the vRealize Operations Manager specialized in vCloud Director Ops Metrics. A possible audience for this interface is the user help desk.

Troubleshooting tips

If the Provider Site is not available you can do some basic troubleshooting steps:

Is the Tenant App Docker container running?

vRealize Operations Tenant App for vCloud Director - Docker PS

If the uptime (STATE) of the container is resetting in a loop, there is maybe something wrong.

Any errors in the Docker log for the Docker container?

vRealize Operations Tenant App for vCloud Director - Docker Logs

A possible issue is a failed connection to the AMQP Broker or a missing permission for the RabbitMQ user.

Is the connection to AMQP Broker established?

vRealize Operations Tenant App for vCloud Director - AMQP Connections

Is the extension registered in vCloud Director?

I have used the vcd-cli to verify the vrops-vcd extension (will be registered in the next step):

vcd system extension info vrops-vcd

vRealize Operations Tenant App for vCloud Director - Extension Info

Tenant App plug-in registration

If we would like to use the app only as standalone, we would be done at this point. But for the fully integrated experience with vCloud Director we still need to do the plug-in registration.

The appliance ships with the python script to get the plug-in registered into vCloud Director as a extension:

cd /opt/vmware/plugin/ 
python publish.py -H vcd.mycloudrevolution.com -u 'administrator@system' -p 'admin password'

Tenant App user guides:

Access vRealize Operations Tenant App for vCloud Director

After the successful registration all tenants are able to see the Operations Manager plug-in in the vCloud Director HTML5 interface. To grant access to the Tenant App, the provider needs to create or import users for the individual tenants. Imported users are OpenLDAP or ActiveDirectory users that are available via the vRealize Operations Manager authentication source. These users do not need any permission in the vRealize Operations Manager itself.

Tenant App login:

vRealize Operations Tenant App for vCloud Director - Tenant Login

Tenant App Org summary:

vRealize Operations Tenant App for vCloud Director - Org Details

Tenant App vApp summary:

vRealize Operations Tenant App for vCloud Director - vApp Details

Tenant App all metrics:

vRealize Operations Tenant App for vCloud Director - All Metrics

Browser sources

If we check our browser sources list at the point where the plug-in is loaded in vCloud Director we can see how the plug-in work in vCloud Director- The Tenant App is a dedicated source. And that is the reason why we need an additional external URL and a valid SSL certificate for the Tenant App.

vRealize Operations Tenant App for vCloud Director - browser sources

These diagram should visualize the access of the individual resources of the vRealize Operations Tenant App for vCloud Director in a production environment:

vRealize Operations Tenant App for vCloud Director - Data Access Diagram

vRealize Operations Tenant App for vCloud Director API

As you were able to see in the extension details comes the plug-in with an additional API subset, but unfortunately I was not able to find any details about that API. If you have further details about the API and the future plans for please contact me via any channel.

These are my only findings regarding the API, a response which contains the vRealize Operations Tenant App URL:

vRealize Operations Tenant App for vCloud Director - API

4 Comments

  1. Alicia 11. October 2019
  2. Marcelo 14. October 2019
    • Markus Kraus 14. October 2019

Leave a Reply