The vRealize Operations Tenant App for vCloud Director can be set up in two different ways, as a standalone App or as a plug-in for the vCloud Dirctor HTML5 UI. With this article I will show the basic steps and the components which need to be configured to get the plug-in for vCloud Director up and running.
This diagram provides an overview of the components of the vRealize Operations Manager Tenant App for vCloud Director as a plug-in:
Source: User Guide: vROps for Tenant App for a Service Provider
Update – 29.05.2018:
A newer Version of the Tenant App Appliance (Version 1.2.0.0) was releases. The new Version supports now VMware vCloud Director 9.1!
But at the moment no Release Notes, Upgrade Guide or a refreshed Deployment Guide have been released.
My Upgrade Path:
- Unpublish and delete Plugin
- Power off old appliance
- Deploy new appliance
- reconfigure with the same certificate, name and ip (Users are stored on vRealize Operations Manager)
- Install and Publish Plugin
New certificate replacement:
The Tenant App Appliance 1.2.0.0 only accepted a pem file with key and cert.
docker cp /certs/app.pem vvtv:/etc/ssl/app.pem
New Version:
You might also be interested in the article about version 2.0 of the Tenant App: vRealize Operations Tenant App 2.0 for vCloud Director
vCloud Director – AMQP Broker
The AMQP Broker for a vCloud Director instance is a message broker based on RabbitMQ. As the VMware docs in the section Installing and Configuring a RabbitMQ AMQP Broker only points to the original RabbitMQ installation instructions I will provide the basic installation steps within this chapter.
Note:
This instructions only applies to a test environment and not all of the security, scalability and availability requirement for production purpose are met.
For the final production setup of the AMQP Broker you should follow the RabbitMQ Production Checklist
RabbitMQ Guest OS
I have chosen CentOS 7 x64 as guest os for the RabbitMQ application, but there are many more Supported Distributions for RabbitMQ 3.6.3.
Update guest OS:
yum update
Install additional packages:
yum install open-vm-tools net-tools
RabbitMQ prerequiremeents
The only dependency of RabbitMQ 3.6.3 is the Erlang package as a supported version. There are a few options to install this package in the Install Guide listed. I chose the zero dependency Erlang RPM package for running RabbitMQ.
Install Erlang:
yum install https://github.com/rabbitmq/erlang-rpm/releases/download/v20.2.2/erlang-20.2.2-1.el7.centos.x86_64.rpm
RabbitMQ installation
Install RabbitMQ:
yum install https://dl.bintray.com/rabbitmq/all/rabbitmq-server/3.7.2/rabbitmq-server-3.7.2-1.el7.noarch.rpm
Enable and start RabbitMQ service:
systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service
RabbitMQ configuration
Enable Management Plugin:
rabbitmq-plugins enable rabbitmq_management systemctl stop rabbitmq-server.service systemctl start rabbitmq-server.service
rabbitmq.conf:
For this use case and setup it was not necessary to change anything from the default configuration parameters. But for further use cases I created the rabbitmq.conf example file with all the default configuration parameters as a template (file path: /etc/rabbitmq/rabbitmq.conf ).
More details about the configuration parameters can be found in the RabbitMQ Configuration Documentation.
Change guest user password:
rabbitmqctl change_password guest <A Secret>
Create new user (vcloud):
rabbitmqctl add_user vcloud <A Secret>
Set Administrator Tag für the new user:
rabbitmqctl set_user_tags vcloud administrator
Grant full access für the new user:
rabbitmqctl set_permissions -p / vcloud ".*" ".*" ".*"
After the next step you can also check (and manage) the permissions of the new user via the web based management interface.
Configure Firewall:
firewall-cmd --zone=public --permanent --add-port=5672/tcp firewall-cmd --zone=public --permanent --add-port=15672/tcp firewall-cmd --reload
Now you should be able to connect to management interface (http://<RabbitMQ IP>:15672) and authenticate with the newly created user vcloud.
vCloud Director AMQP Broker Settings
As the RabbitMQ server setup is done, we are now able to add the AMQP Broker to the vCloud Director instance.
Since this is a test environment, I do not use SSL encryption. For a production setup it is highly recommended to use SSL!
vRealize Operations Manager vCloud Director Adapter
The data source for vRealize Operations Tenant App for vCloud Director is the vRealize Operations Management Pack for vCloud Director. Therefore, a properly configured vCloud Adapter version 4.5 or newer is one of the prerequirements of the Tenant App.
vRealize Operations Tenant App for vCloud Director – deployment
As you can see in the diagram at the beginning of the article, the Tenant App ships as a separate instance. The Tenant App itself is a PhotonOS appliance with a preconfigured docker image. The OVA can be downloaded from the VMware Solutions Exchange as part of the vCloud Director management pack for vRealize Operations Manager. The design as a separate Appliance with a small footprint makes it possible to realize secure publishing of the Operations Manager data.
Deploy OVA
All the AMQP settings must match the vCloud Director setup, but they will not be verified at these point.
Note:
For production purpose it is necessary to use your external vCloud Director URL and a external URL for the tenant app. Both certificates should be valid. Why we need a external URL for the Tenant App will be explained in a later chapter.
After the first boot of the appliance the “Provider Site” should be available (https://<Tenant App IP>). The available login types are depending on the vRealize Operations Manager configuration.
With this interface the provider has a lightweight version of the vRealize Operations Manager specialized in vCloud Director Ops Metrics. A possible audience for this interface is the user help desk.
Troubleshooting tips
If the Provider Site is not available you can do some basic troubleshooting steps:
Is the Tenant App Docker container running?
If the uptime (STATE) of the container is resetting in a loop, there is maybe something wrong.
Any errors in the Docker log for the Docker container?
A possible issue is a failed connection to the AMQP Broker or a missing permission for the RabbitMQ user.
Is the connection to AMQP Broker established?
Is the extension registered in vCloud Director?
I have used the vcd-cli to verify the vrops-vcd extension (will be registered in the next step):
vcd system extension info vrops-vcd
Tenant App plug-in registration
If we would like to use the app only as standalone, we would be done at this point. But for the fully integrated experience with vCloud Director we still need to do the plug-in registration.
The appliance ships with the python script to get the plug-in registered into vCloud Director as a extension:
cd /opt/vmware/plugin/ python publish.py -H vcd.mycloudrevolution.com -u '[email protected]' -p 'admin password'
Tenant App user guides:
- User Guide: vROps for Tenant App for a Tenant Admin
- User Guide: vROps for Tenant App for a Service Provider
Access vRealize Operations Tenant App for vCloud Director
After the successful registration all tenants are able to see the Operations Manager plug-in in the vCloud Director HTML5 interface. To grant access to the Tenant App, the provider needs to create or import users for the individual tenants. Imported users are OpenLDAP or ActiveDirectory users that are available via the vRealize Operations Manager authentication source. These users do not need any permission in the vRealize Operations Manager itself.
Tenant App login:
Tenant App Org summary:
Tenant App vApp summary:
Tenant App all metrics:
Browser sources
If we check our browser sources list at the point where the plug-in is loaded in vCloud Director we can see how the plug-in work in vCloud Director- The Tenant App is a dedicated source. And that is the reason why we need an additional external URL and a valid SSL certificate for the Tenant App.
These diagram should visualize the access of the individual resources of the vRealize Operations Tenant App for vCloud Director in a production environment:
vRealize Operations Tenant App for vCloud Director API
As you were able to see in the extension details comes the plug-in with an additional API subset, but unfortunately I was not able to find any details about that API. If you have further details about the API and the future plans for please contact me via any channel.
These are my only findings regarding the API, a response which contains the vRealize Operations Tenant App URL:
Hi Marcus,
Did you have the chance to get API details? I’m trying to enable the plugin using API calls but don’t know how.
Thanks
Hi Alicia,
In Version 2 there are a lots of api enhancements (https://mycloudrevolution.com/en/2018/10/10/vrealize-operations-tenant-app-2-0-for-vcloud-director/) but as I remember correctly only for the VRops endpoint.
I do not have any further updates regarding this topic.
Hi Markus.
Your blog has been helpful for us in setting up a vCD and vRops environment.
We are having problems setting up an „External URL“ for the vRealize Operations Tenant App.
We have a vCD setup similar to the diagram: Access-Diagram.png ( https://mycloudrevolution.com/wp-content/uploads/2018/01/Access-Diagram.png ).
We would like to setup an „External URL“ value, but we do not know where we can do this. We would like to be able to modify the „tenantapp: xxx.xxx.xxx.xxx“ value with a dns value (if posible).
Is there a way to modify this value with an API call?
Is there an explicit way to set up an „External URL“ so as to set up an environment similar to the diagram: Access-Diagram.png ?
Hi Marcelo,
I do not fully understand your question.
Have you already configured the Tenant App and need to change the external FQDN of the Tenant App inside the vCD Plugin?
Which Tenant App version are you using?
Best regards
Markus