Managing Providers

Red Hat CloudForms 4.0

Managing your infrastructure, cloud, and containers providers and datastores

Red Hat CloudForms Documentation Team

cloudforms-docs@redhat.com

Abstract

This guide covers managing your infrastructure, cloud, and containers providers and datastores in CloudForms Management Engine.

If you have a suggestion for improving this guide or have found an error, please submit a Bugzilla report at http://bugzilla.redhat.com against Red Hat CloudForms Management Engine for the Documentation component. Please provide specific details, such as the section number, guide name, and CloudForms version so we can easily locate the content.

Chapter 1. Infrastructure Providers

A provider is a server with software to manage multiple virtual machines that reside on multiple hosts. Infrastructure → Providers displays the providers in your environment.

The web interface uses virtual thumbnails to represent providers. Each thumbnail contains four quadrants by default, which display basic information about each provider.

Number of hosts
Management system software
Currently unused
Authentication status

Icon	Description
	Validated: Valid authentication credentials have been added.
	Invalid: Authentication credentials are invalid.
	Unknown: Authentication status is unknown or no credentials have been entered.

1.1. Discovering Providers

Add providers to the CloudForms Management Engine environment by discovering them based on their IP addresses. This procedure demonstrates discovering Red Hat Enterprise Virtualization Manager providers. Providers must be running in order for the appliance to discover them.

Navigate to Infrastructure → Providers.
Click (Configuration), then click (Discover Infrastructure Providers).
Select the types of provider to discover.
- To authenticate to Red Hat Enterprise Virtualization hosts see Authenticating Red Hat Enterprise Virtualization Hosts.
- To authenticate to VMware vCenter hosts see Authenticating VMware vCenter Hosts.
Enter a Subnet Range of IP addresses starting with a From Address and ending with a To Address. The cursor automatically advances as you complete each octet.
Click Start.

1.2. Red Hat Enterprise Virtualization Manager Providers

To use a Red Hat Enterprise Virtualization Manager provider, add it to the appliance and authenticate its hosts.

1.2.1. Adding a Red Hat Enterprise Virtualization Manager Provider

After initial installation and creation of a CloudForms Management Engine environment, add a Red Hat Enterprise Virtualization Manager provider to the appliance.

Navigate to Infrastructure → Providers.
Click (Configuration), then click (Add a New Infrastructure Provider).
Enter the Name of the provider to add. The Name is how the device is labeled in the console.
Select Red Hat Enterprise Virtualization Manager from the Type list.
Enter the Host Name or IP address(IPv4 or IPv6) of the provider.
Important
The Host Name must use a unique fully qualified domain name.
Enter the API Port if your provider uses a non-standard port for access.
Select the appropriate Zone for the provider. By default, the zone is set to default.
In the Credentials area, under Default, provide the login credentials required for the Red Hat Enterprise Virtualization Manager administrative user:
- Enter the user name, admin@internal, in the Username field.
- Enter the password in the Password field.
- Confirm the password in the Confirm Password field.
- Click Validate to confirm CloudForms Management Engine can connect to the Red Hat Enterprise Virtualization Manager.
Under C & U Database tab, provide the login credentials for the CloudForms user of the Red Hat Enterprise Virtualization Data Warehouse database:
Note
For the metrics collection to work properly, configure the CloudForms Management Engine to allow for all three Capacity & Utilization server roles which are available under Configure → Configuration → Server → Server Control. For more information on capacity and utilization collection, see Assigning the Capacity and Utilization Server Roles in the Deployment Planning Guide.
To obtain historical Capacity and Utilization (C & U) data for Red Hat Enterprise Virtualization Manager, you must create a CloudForms Management Engine user in the already-configured Red Hat Enterprise Virtualization Data Warehouse database. To create the user, see Data Collection for Red Hat Enterprise Virtualization 3.3 and 3.4 in the Deployment Planning Guide.
For information on setting up the Data Warehouse service on the Manager, see the Red Hat Enterprise Virtualization Installation Guide.
- Enter the database user name in the Username field.
- Enter the user password in the Password field.
- Confirm the user password in the Confirm Password field.
- Click Validate to confirm CloudForms Management Engine can connect to the database.
Click Save.

1.2.2. Authenticating Red Hat Enterprise Virtualization Hosts

After adding a Red Hat Enterprise Virtualization infrastructure provider, you must authenticate its hosts to enable full functionality.

Navigate to Infrastructure → Providers.
Click on a provider to display its summary screen.
On the summary screen, click Hosts in the Relationships information box to display the hosts on that provider.
Select the hosts to authenticate. You can select all hosts using the Check All option.
Click (Configuration).
Click (Edit this item).
In the Credentials area, enter credentials for the following, as required:
1. Default: This field is mandatory. Users should have privileged access such as, root or administrator.
2. Remote Login: Credentials for this field are required if SSH login is disabled for the Default account.
3. Web Services: This tab is used for access to Web Services in Red Hat Enterprise Virtuaization Manager.
4. IPMI: This tab is used for access to IPMI.
Click Validate.
If editing multiple hosts:
1. Select a host from the Select Host to validate against list.
2. If required, enter credentials for Remote Login, Web Services, and IPMI in their respective tabs; click Validate.
3. Select another host to validate each of these credentials against.
Click Add.

1.3. OpenStack Infrastructure Providers

Enable an OpenStack Infrastructure provider by adding it to the appliance.

1.3.1. Adding an OpenStack Infrastructure Provider

After initial installation and creation of a CloudForms Management Engine environment, add an OpenStack Infrastructure provider to the appliance. CloudForms Management Engine supports operating with the OpenStack admin tenant. When creating an OpenStack Infrastructure provider in CloudForms Management Engine, select the OpenStack Infrastructure provider’s admin user because it is the default administrator of the OpenStack admin tenant. When using the admin credentials, a user in CloudForms Management Engine provisions into the admin tenant, and sees images, networks, and instances that are associated with the admin tenant.

Navigate to Infrastructure → Providers.
Click (Configuration), then click (Add a New Infrastructure Provider).
Enter the Name of the provider to add. The Name is how the device is labeled in the console.
Select OpenStack Platform Director from the Type list.
Enter the Host Name or IP address(IPv4 or IPv6) of the provider.
Important
The Host Name must use a unique fully qualified domain name.
Select the API Version of your Keystone service from the list. The default is Keystone v2.
Important
If the Keystone service is configured to use SSL, you must enter the SSL port for Keystone.
Select the appropriate Zone for the provider. By default, the zone is set to default.
In the Credentials area, under Default, provide the login credentials required for the OpenStack Infrastructure administrative user:
- Enter the user name in the Username field.
- Enter the password in the Password field.
- Confirm the user password in the Confirm Password field.
- Click Validate to confirm that the CloudForms Management Engine can connect to the OpenStack Infrastructure instance using the user name and password.
Under AMQP, provide the login credentials required for the Advanced Message Queuing Protocol messaging service:
- Enter the administrative user name in the Username field.
- Enter the user password in the Password field.
- Confirm the user password in the Confirm Password field.
- Click Validate to confirm CFME can connect to the messaging service.
Under RSA key pair, provide the user name and private key required to connect via SSH to all hosts in the provider:
- Enter the administrative user name in the Username field.
- Enter the private key from the machine on which OpenStack was deployed in the Private Key field.
Click Add.

Note

CloudForms Management Engine requires that the adminURL endpoint for all OpenStack services be on a non-private network. Accordingly, assign the adminURL endpoint an IP address of something other than 192.168.x.x. The adminURL endpoint must be accessible to the CFME Appliance that is responsible for collecting inventory and gathering metrics from the OpenStack environment.

1.3.1.1. Configuring Red Hat CloudForms to Receive Events

To allow Red Hat CloudForms to receive events from a Red Hat OpenStack Platform environment, you must configure the notification_driver option for the Compute service and Orchestration service in that environment.

Edit /etc/heat/heat.conf, and specify the following options:

notification_driver=glance.openstack.common.notifier.rpc_notifier
notification_topics=notifications

Edit /etc/nova/nova.conf, and specify the following options:

notification_driver=messaging
notification_topics=notifications

Restart the Compute service and Orchestration services:

# systemctl restart openstack-heat-api.service \
  openstack-heat-api-cfn.service \
  openstack-heat-engine.service \
  openstack-heat-api-cloudwatch.service
# systemctl restart openstack-nova-compute.service

1.3.1.2. Configuring the Telemetry Service to Store Events

By default, the Telemetry service does not store events emitted by other services in a Red Hat OpenStack Platform environment. The following procedure outlines how to enable the Telemetry service to store such events so that they are exposed to Red Hat CloudForms when a Red Hat OpenStack Platform environment is added as an infrastructure provider.

On the director node, edit undercloud.conf, and set store_events to true.
Create an environment file called ceilometer.yaml, and add the following contents:
```
parameter_defaults:
  CeilometerStoreEvents: true
```

Add the environment file to the overcloud deploy command:

# openstack overcloud deploy --templates -e ~/ceilometer.yaml

1.4. VMware vCenter Providers

To use a VMWare vCenter provider, add it to the appliance and authenticate its hosts.

1.4.1. Adding a VMware vCenter Provider

After initial installation and creation of a CloudForms Management Engine environment, add a VMware vCenter provider to the appliance.

Navigate to Infrastructure → Providers.
Click (Configuration), then click (Add a New Infrastructure Provider).
Enter the Name of the provider to add. The Name is how the device is labeled in the console.
Select VMware vCenter from the Type list.
Enter the Host Name or IP address(IPv4 or IPv6) of the provider.
Important
The Host Name must use a unique fully qualified domain name.
Select the appropriate Zone for the provider. By default, the zone is set to default.
In the Credentials area, under Default, provide the login credentials required for the VMware vCenter administrative user:
- Enter the user name in the Username field.
- Enter the password in the Password field.
- Confirm the password in the Confirm Password field.
- Click Validate to confirm CloudForms Management Engine can connect to the VMware vCenter.
Click Add.

1.4.2. Authenticating VMware vCenter Hosts

The procedure below describes how to authenticate the VMware vCenter hosts.

Navigate to Infrastructure → Providers.
Click on a provider to display its summary screen.
On the summary screen, click Hosts in the Relationships information box to display the hosts on that provider.
Select the hosts to authenticate. You can select all hosts using the Check All option.
Click (Configuration)
Click (Edit Selected items).
In the Credentials area, under Default, provide the VMware ESXi login credentials:
- Enter the user name in the Username field.
- Enter the password in the Password field.
- Confirm the password in the Confirm Password field.
- Click Validate to confirm CFME can connect to the VMware vCenter host.
If editing multiple hosts, select a host from the Select Host to validate against list; provide the VMware ESXi login credentials and click Validate.
Click Save.

1.4.2.1. Using a Non-Administrator Account for Host Credentials

After adding a VMware vCenter infrastructure provider, you must authenticate its hosts to enable full functionality. You can use administrator credentials, or create another user assigned to a role (See the VMware documentation for instructions on how to create a role) created for Red Hat CloudForms Management Engine. The following privileges should be enabled for the non-administrator user:

From the Global group, check:

Cancel task
Diagnostics
Log Event
Set custom attribute
Settings

The entire set of privileges for the following groups should be checked:

Alarms
Datastores
dvPort Group
Host
Network
Resource
Scheduled Task
Tasks
Virtual Machine
vSphere Distributed Switch

Additionally, you must assign the new role to the following objects:

Datacenter: At the Datacenter the CloudForms Management Engine (CFME) (formerly EVM) user/group must have at least the read-only role at the Datacenter level (Not Propagated) to be able to see the datacenter. Without this access, relationships cannot be made. Specifically, the datastores will not show up.
Cluster: Each Cluster that the CloudForms Management Engine needs access to must have the new role assigned and propagated.
Folders: Each Folder that CloudForms Management Engine needs access to must have the new role assigned and propagated.
Datastores: Each Datastore that CloudForms Management Engine needs access to must have the new role assigned and propagated.
Networking: Each vLAN or Port Group that CloudForms Management Engine needs access to must have the new role assigned and propagated.

1.5. Microsoft SCVMM Providers

To use a Microsoft System Center Virtual Machine Manager provider, add it to the appliance and set up the SCVMM server for authentication.

1.5.1. Authenticating to Microsoft SCVMM

Before you can add a Microsoft SCVMM provide to your Red Hat CloudForms environment, you must enable WinRM to listen for HTTP traffic on Microsoft SCVMM servers. You must also set the appropriate execution policy on the Microsoft SCVMM server to allow PowerShell scripts from the appliance to run remotely.

Log in to the Microsoft SCVMM server.
Enable WinRM for configuration.
```
winrm quickconfig
```

Set the following options:

winrm set winrm/config/client/auth @{Basic="true"}
winrm set winrm/config/service/auth @{Basic="true"}
winrm set winrm/config/service @{AllowUnencrypted="true"}

For Windows 2012 R2 with PowerShell 4.0, use the following syntax to set these options:

winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'

Enable remote script execution on the SCVMM server using the Set-ExecutionPolicy cmdlet.
```
Set-ExecutionPolicy RemoteSigned
```
For more information on SCVMM remote script execution policies, see Using the Set-ExecutionPolicy Cmdlet.

If PowerShell returns an error, search for log_dos_error_results in the evm.log and scvmm.log files for information.

1.5.2. Adding a Microsoft System Center Virtual Machine Manager Provider

After initial installation and creation of a CloudForms Management Engine environment, add a Microsoft System Center Virtual Machine Manager provider to the appliance.

Navigate to Infrastructure → Providers.
Click (Configuration), then click (Add a New Infrastructure Provider).
Enter the Name of the provider to add. The Name is how the device is labeled in the console.
Select Microsoft System Center VMM from the Type list.
Enter the Host Name or IP address(IPv4 or IPv6) of the provider.
Important
The Host Name must use a unique fully qualified domain name.
Select Kerberos or Basic (SSL) from the Security Protocol list.
1. For Kerberos:
  1. Enter the user name and realm in the Username field.
  2. Enter the password in the Password field.
  3. Enter the password again in the Confirm Password field.
2. For Basic (SSL):
  1. Enter the user name in the Username field.
  2. Enter the pasword in the Password field.
  3. Enter the password again in the Confirm Password field.
Click Validate to confirm that Red Hat CloudForms can connect to the Microsoft System Center Virtual Machine Manager.
Click Add.

1.6. Refreshing Providers

Refresh a provider to find other resources related to it. Use Refresh after initial discovery to get the latest data about the provider and the virtual machines it can access. Ensure the provider has credentials to do this. If the providers were added using Discovery, add credentials using Edit Selected Infrastructure Provider (Edit Selected Infrastructure Provider).

Navigate to Infrastructure → Providers.
Select the providers to refresh.
Click (Configuration), and then (Refresh Relationships and Power States).
Click OK.

1.7. Tagging Multiple Providers

Apply tags to all providers to categorize them together at the same time. Before assigning tags, create them using instructions in the General Configuration guide.

Navigate to Infrastructure → Providers.
Check the providers to tag.
Click (Policy), and then (Edit Tags).
In the Tag Assignment area, select a customer tag to assign from the first list, then select a value to assign from the second list.
Select more tags as required; click (Save).

1.8. Viewing a Provider

From a list of providers, you can review a specific provider by clicking on it. This displays various options to access provider information.

Figure 1.1. Provider Management Screen

Provider Taskbar: Choose between Configuration, Policy and Monitoring options for the selected provider.
Provider Summary: Displays provider summary such as Properties, Relationships, and Smart Management.
Provider Summary PDF: Generates provider summary in PDF format.
Provider Accordion: Displays details about Properties and Relationships for the selected provider.

1.9. Removing a Provider

If a provider has been decommissioned or requires some troubleshooting, it might require deletion from the VMDB.

Deleting a provider removes the account information from CloudForms Management Engine console. You will no longer be able to view any associated history including chargeback reports generated for the deleted provider. Additionally, if CloudForms Management Engine is the database of record, deleting providers would become a major problem for the other systems relying on it for accurate and consistent billing information. Review all the dependencies carefully before deleting a provider.

Navigate to Infrastructure → Providers.
Select the check box for the provider to delete.
Click (Configuration), then (Remove Infrastructure Providers from the VMDB).
Click (OK).

1.10. Viewing the Provider Timeline

View the timeline of events for the virtual machines registered to a provider.

Navigate to Infrastructure → Providers.
Click a provider.
Click (Monitoring), and then (Timelines)from the taskbar, or from the provider accordion, click Properties → Timeline.
From Options, customize the period of time to display and the types of events to see.
- Use Show to select regular Management Events or Policy Events.
- Use the Interval dropdown to select hourly or daily data points.
- Use Date to type the date for the timeline to display.
- If you select to view a daily timeline, use Show to set how many days back to go. The maximum history is 31 days.
- The three Event Groups lists allow you to select different groups of events to display. Each has its own color.
- From the Level list, select a Summary event, or a Detail list of events. For example, the detail level of a Power On event might include the power on request, the starting event, and the actual Power On event. If you select Summary, only the Power On event displays in the timeline.

1.11. Viewing Hosts and Clusters

Access a tree view of the hosts and clusters for a provider from the Provider Summary.

Navigate to Infrastructure → Providers.
Click the provider to view the hosts and clusters.
Click on the Relationships accordion, then click Hosts & Clusters.

1.12. Viewing Virtual Machines and Templates

Access a tree view of the virtual machines and templates for a provider from the Provider Summary.

Navigate to Infrastructure → Providers.
Click the provider to view the virtual machines and templates.
From accordion menu, click Relationships, then click VMs & Templates.

Chapter 2. Cloud Providers

A cloud provider is a service that manages cloud resources. The Providers page displays all discovered or added cloud providers.

2.1. Adding OpenStack Providers

CloudForms Management Engine supports operating with the OpenStack admin tenant. When creating an OpenStack provider in CloudForms Management Engine, select the OpenStack provider’s admin user because it is the default administrator of the OpenStack admin tenant. When using the admin credentials, a user in CloudForms Management Engine provisions into the admin tenant, and sees images, networks, and instances that are associated with the admin tenant.

Navigate to Clouds → Providers.
Click (Configuration), then click (Add a New Cloud Provider).
Enter a Name for the provider.
From the Type drop down menu select OpenStack.
Enter the Host Name (or IPv4 or IPv6 address) of the provider.
Important
The Host Name must use a unique fully qualified domain name.
Enter the API Port of your Keystone service. The default port is 5000.
Important
If the Keystone service is configured to use SSL, you must enter the SSL port for Keystone.
Select the appropriate API Version from the list. The default is Keystone v2.
Select the appropriate Zone for the provider. By default, the zone is set to default.
In the Credentials area, under Default, provide the login credentials required for the Keystone user:
Important
To enable discovery of OpenStack cloud providers, ensure that the iptables for the OpenStack host providing Keystone services allows port 5000 access to all hosts on the same network.
- Enter the user name in the Username field.
- Enter the user password in the Password field.
- Confirm the user password in the Confirm Password field.
- Click Validate to confirm CloudForms Management Engine can connect to the OpenStack Infrastructure instance.
If AMQP credentials were changed during the OpenStack provider install, use the AMQP tab of the Credentials area to provide the login credentials required for the Advanced Message Queuing Protocol messaging service on your OpenStack Nova component:
- Enter the administrative user name in the Username field.
- Enter the user password in the Password field.
- Confirm the user password in the Confirm Password field.
- Click Validate to confirm CloudForms Management Engine can connect to the messaging service.
Click Add.

Note

In order to collect inventory and metrics from an OpenStack environment, the CloudForms Management Engine Appliance requires that the adminURL endpoint for the OpenStack environment should be on a non-private network. Hence, the OpenStack adminURL endpoint should be assigned an IP address other than 192.168.x.x. Additionally, all the Keystone endpoints must be accessible, otherwise refresh will fail.

2.1.1. Configuring Red Hat CloudForms to Receive Events

Edit /etc/heat/heat.conf, and specify the following options:

notification_driver=glance.openstack.common.notifier.rpc_notifier
notification_topics=notifications

Edit /etc/nova/nova.conf, and specify the following options:

notification_driver=messaging
notification_topics=notifications

Restart the Compute service and Orchestration services:

# systemctl restart openstack-heat-api.service \
  openstack-heat-api-cfn.service \
  openstack-heat-engine.service \
  openstack-heat-api-cloudwatch.service
# systemctl restart openstack-nova-compute.service

2.1.2. Configuring the Telemetry Service to Store Events

On the director node, edit undercloud.conf, and set store_events to true.
Create an environment file called ceilometer.yaml, and add the following contents:
```
parameter_defaults:
  CeilometerStoreEvents: true
```

Add the environment file to the overcloud deploy command:

# openstack overcloud deploy --templates -e ~/ceilometer.yaml

2.2. Adding Azure Providers

CloudForms Management Engine now supports Microsoft Azure providers.

Important

Before Red Hat CloudForms can be authenticated to Microsoft Azure, a series of prerequisite steps must be followed on the Azure portal; see Create Active Directory application and service principal account using the Azure portal. The link describes how to configure the Azure Active Directory (AAD), create the application your organization is developing, and also how to obtain the Tenant ID, Client ID and Client Key to add the application that will allow you to connect the Azure instance as a provider to CloudForms. In the above link, it is important to note that during Assign Application to Role, in step 3, select the Contributor role and not the Reader role. Also, note that all of these steps currently can be performed using either the Azure Resource Manager or Service Manager (Classic) mode.

After a service principal account (instance of an application in a directory) has been created using the Azure portal, the following three pieces of information will be available within the Azure Active Directory (AAD) module:

Tenant ID
Client ID
Client Key

You can now use the following procedure to implement the above items in CloudForms for adding an Azure cloud provider.

To Add an Azure Cloud Provider:

Note

When adding an Azure cloud provider, select a region from a list of possible regions; one provider will be created for the selected region. You can discover a set of Azure providers across all regions.

Navigate to Clouds → Providers.
Click (Configuration), then click (Add a New Cloud Provider).
Enter a Name for the provider.
From the Type list, select Azure.
Select a region from the Region list.
Enter Tenant ID.
Enter Zone.
In the Credentials section, enter the Client ID and Client Key; click Validate.
Click Add.

2.3. Discovering Azure Providers

CloudForms Management Engine provides the ability to discover a set of Microsoft Azure providers across all regions.

Navigate to Clouds → Providers.
Click (Configuration), then click (Discover Cloud Providers).
Select Azure from the Discover Type list.
In the Credentials section, enter the Client ID, Client Key, and Azure Tenant ID.
Click Start.

2.4. Adding Amazon EC2 Providers

After initial installation and creation of a CloudForms Management Engine environment, add an Amazon EC2 cloud provider by following this procedure:

Navigate to Clouds → Providers.
Click (Configuration), then click (Add a New Cloud Provider).
Enter a Name for the provider.
From the Type list select Amazon EC2.
Select an Amazon Region.
Select the appropriate Zone if you have more than one available.
Generate an Access Key in the Security Credentials of your Amazon AWS account. The Access Key ID acts as your User ID, and your Secret Access Key acts as your Password.
Click Validate to validate the credentials.
Click Add.

2.5. Discovering Amazon EC2 Cloud Providers

CloudForms Management Engine provides the ability to discover cloud providers associated with a particular set of Amazon EC2 account details.

Navigate to Clouds → Providers.
Click (Configuration), then click (Discover Cloud Providers).
Select Amazon EC2 from the Discover Type list.
Enter your Amazon EC2 User ID and Password. Reenter your password in the Verify Password field.
Click Start.

2.6. Enabling AWS Config Notifications

Amazon’s AWS Config notifies subscribers of changes in a region through its Simple Notification Service (SNS). Red Hat CloudForms subscribes to the SNS service for AWS Config deltas and converts the deltas into Red Hat CloudForms events.

Enable the AWS Config service in the AWS Management Console. See the AWS Config Developer Guide for more information.
Create a new Amazon SNS topic named AWSConfig_topic. CloudForms automatically connects to this topic.
(Optional) Configure the frequency of delta creation in the AWS Management Console.

You can assign Red Hat CloudForms policies to the AWS events listed below. The appliance performs a provider refresh on all these events except for AWS_EC2_Instance_UPDATE. See the Defining Policies and Profiles guide, for more information on working with CloudForms policies.

Event	Policies	Refresh
AWS_EC2_Instance_CREATE	src_vm vm_create	ems
AWS_EC2_Instance_UPDATE	N/A	ems
AWS_EC2_Instance_running	src_vm vm_start	ems
AWS_EC2_Instance_stopped	src_vm vm_power_off	ems
AWS_EC2_Instance_shutting-down	src_vm vm_power_off	ems

2.7. Refreshing Cloud Providers

Refresh a cloud provider to find other resources related to it. Ensure the chosen cloud providers have the correct credentials before refreshing.

Navigate to Clouds → Providers.
Select the checkboxes for the cloud providers to refresh.
Click (Configuration), and then (Refresh Relationships and Power States).
Click OK.

2.8. Tagging Cloud Providers

Apply tags to all cloud providers to categorize them together at the same time. Before assigning tags, create them using instructions in the General Configuration guide.

Navigate to Clouds → Providers.
Select the checkboxes for the Cloud Providers to tag.
Click (Policy), and then (Edit Tags).
Select a customer tag to assign from the first list.
Select a value to assign from the second list.
Click Save.

2.9. Removing Cloud Providers

A cloud provider might require removal from the VMDB if it is no longer in use.

Navigate to Clouds → Providers.
Check the cloud providers to remove.
Click (Configuration), and then (Remove Cloud Providers from the VMDB).
Click OK.

2.10. Editing a Cloud Provider

Edit information about a provider such as the name, IP address, and login credentials.

Note

The Type value is unchangeable.

To use a different cloud provider, create a new one.

Navigate to Clouds → Providers.
Click the cloud provider to edit.
Click (Configuration), and then (Edit Selected Cloud Provider).
Edit the Basic Information. This varies depending on the Type of provider.
Fill out the Credentials by typing in a Username, Password, and a verification of this password (Confirm Password).
- If selecting Amazon EC2, generate an Access Key in the Security Credentials of your Amazon AWS account. The Access Key ID acts as your User ID, and your Secret Access Key acts as your Password.
- If selecting OpenStack, use the Keystone User ID and Password for your login credentials.
If editing an OpenStack provider, use the AMQP subtab to provide credentials required for the Advanced Message Queuing Protocol service on your OpenStack Nova component.
Click Validate and wait for notification of successful validation.
Click Save.

2.11. Viewing a Cloud Provider’s Timeline

View the timeline of events for instances registered to a cloud provider.

Navigate to Clouds → Providers.
Click the desired cloud provider for viewing the timeline.
Click (Monitoring), and then (Timelines).
From Options, customize the period of time to display and the types of events to see.
- Use Show to select regular Management Events or Policy Events.
- Use the Type list to select hourly or daily data points.
- Use Date to type the date for the timeline to display.
- If you select to view a daily timeline, use Show to set how many days back to go. The maximum history is 31 days.
- The three Event Groups list allow you to select different groups of events to display. Each has its own color.
- From the Level list, select a Summary event, or a Detail list of events.

Chapter 3. Containers Providers

A containers provider is a service that manages container resources.

The Containers area in the top menu bar has options to add and manage containers providers. The Containers area includes the Providers page, which displays all discovered or added containers providers.

The supported containers provider types that you can add in CloudForms Management Engine are:

OpenShift Enterprise. For information on adding this provider type, see Adding an OpenShift Enterprise Provider.
Atomic Enterprise Platform. For information on adding this provider type, see Adding an Atomic Enterprise Platform Provider.

To successfully add an OpenShift Enterprise or Atomic Enterprise Platform provider, you must first configure a service account in a provider’s cluster. For more information, see Configuring Service Accounts.

3.1. Configuring Service Accounts

To add an OpenShift Enterprise or Atomic Enterprise Platform provider, you must create, in a provider’s cluster, a specific management service account with the proper role, permissions, and authentication token.

For more information on these topics, see the relevant documentation for OpenShift Enterprise:

OpenShift Service Accounts

To add a management service account in an OpenShift cluster, follow these steps:

Open a terminal and run the following commands:

$ oadm new-project management-infra --description="Management Infrastructure"

$ oc create -n management-infra -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: management-admin
EOF

$ oc create -f - <<EOF
apiVersion: v1
kind: ClusterRole
metadata:
  name: management-infra-admin
rules:
- resources:
  - pods/proxy
  verbs:
  - '*'
EOF

$ oadm policy add-role-to-user -n management-infra admin -z management-admin

$ oadm policy add-role-to-user -n management-infra management-infra-admin -z management-admin

$ oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin

$ oadm policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin

Note

At the moment, the management-infra-admin role is needed to address OpenShift issue #5973.

To obtain the management service account token name, run:

$ oc get -n management-infra sa/management-admin --template='{{range .secrets}}{{printf "%s\n" .name}}{{end}}'
management-admin-token-32f97
management-admin-dockercfg-fvkso

Replace management-admin-token-32f97 with the name of your token.

To retrieve the token, run:

$ oc get -n management-infra secrets management-admin-token-32f97 --template='{{.data.token}}' | base64 -d
eyJhbGciOiJSUzI1NiIsInR5cC...

Replace management-admin-token-32f97 with the name of your token.

Now it is possible to use the token to add a containers provider in CloudForms Management Engine.

3.2. Configuring OpenShift Metrics

To collect the node, pod, and container metrics, it is required to run the OpenShift Metrics services inside your cluster. For more information, see Enabling Cluster Metrics in OpenShift Enterprise Installation and Configuration.

Note

Use the OpenShift master’s public host name as the HAWKULAR_METRICS_HOSTNAME, at the moment a limitation in CloudForms Management Engine is assuming that the provider Host Name is used also to collect the metrics.
For the metrics collection to work properly, you also need to configure the CloudForms Management Engine to allow for all three Capacity & Utilization server roles which are available under Configure → Configuration → Server → Server Control. For more information on capacity and utilization collection, see the Deployment Planning Guide.

Once Hawkular Metrics and Heapster have been successfully deployed by OpenShift Metrics, create a router for CloudForms Management Engine to access the metrics data. In order for the metrics to still be accessible within OpenShift, the router will need to be running and functional on the master, due to the way routing happens inside OpenShift.

# oadm router management-metrics \
-n default \
--credentials=/etc/origin/master/openshift-router.kubeconfig \
--service-account=router --ports='443:5000' \
--selector='kubernetes.io/hostname=<INSERT MASTER HOST NAME HERE>'
--stats-port=1937 \
--host-network=false

This router must, at the moment, run on the master nodes to expose the metrics on the port 5000 to CloudForms Management Engine, hence the need for a selector on the kubernetes.io/hostname of the master node.

The router or routers must also be accessible from the same public host name of the master in order to use different selectors and scale the number of replicas to achieve high availability.

Note

To successfully deploy the router to master, verify that the master is schedulable by checking its status in the output of the command: $ oc get nodes. To make a node/master schedulable, run the following command:

$ oadm manage-node <HOSTNAME_FOR_THE_NODE/MASTER> \
--schedulable=true

3.3. Adding an OpenShift Enterprise Provider

After initial installation and creation of a CloudForms Management Engine environment and configuration of an OpenShift cluster service account, add an OpenShift Enterprise provider by following the procedure below.

For information on how to configure an OpenShift cluster service account, see Configuring Service Accounts.

Navigate to Containers → Providers.
Click (Configuration), then click (Add a New Containers Provider).
Enter a Name for the provider.
From the Type drop-down menu select OpenShift Enterprise.
Enter the Hostname or IP address of the provider.
Important
The Hostname must use a unique fully qualified domain name.
Enter the Port of the provider. The default port is 8443.
Under Credentials, enter the token in the Token field.
- Click Validate to confirm that the CloudForms Management Engine can connect to the OpenShift Enterprise provider using the provided token.
Click Add.

3.4. Adding an Atomic Enterprise Platform Provider

After initial installation and creation of a CloudForms Management Engine environment and configuration of an Atomic Enterprise Platform cluster service account, add an Atomic Enterprise Platform provider by following the procedure below.

For information on how to configure an Atomic Enterprise Platform cluster service account, see Configuring Service Accounts.

Navigate to Containers → Providers.
Click (Configuration), then click (Add a New Containers Provider).
Enter a Name for the provider.
From the Type drop-down menu, select Atomic Enterprise.
Enter the Hostname or IP address of the provider.
Important
The Hostname must use a unique fully qualified domain name.
Enter the Port of the provider. The default port is 8443.
Under Credentials, enter the token in the Token field.
- Click Validate to confirm that the CloudForms Management Engine can connect to the Atomic Enterprise provider using the provided token.
Click Add.

3.5. Tagging Containers Providers

Apply tags to all containers providers to categorize them together at the same time. Before assigning tags, create them using instructions in the General Configuration guide.

Navigate to Containers → Providers.
Select the checkboxes for the containers providers to tag.
Click (Policy), and then (Edit Tags).
Select a tag to assign from the drop-down menu.
Select a value to assign.
Click Save.

3.6. Removing Containers Providers

You may require to remove a containers provider from the VMDB if the provider is no longer in use.

Navigate to Containers → Providers.
Select the checkboxes for the containers providers to remove.
Click (Configuration), and then (Remove Containers Providers from the VMDB).
Click OK.

3.7. Editing a Containers Provider

Edit information about a provider such as the name, hostname, IP address or port, and credentials.

Navigate to Containers → Providers.
Click the containers provider to edit.
Click (Configuration), and then (Edit Selected Containers Provider).
Edit the Basic Information. This varies depending on the Type of provider.
Note
The Type value is unchangeable.
To use a different containers provider, create a new one.
Edit the Credentials by typing in a new Token.
Click Validate and wait for notification of successful validation.
Click Save.

3.8. Viewing a Containers Provider’s Timeline

View the timeline of events for instances registered to a containers provider.

Navigate to Containers → Providers.
Click the desired containers provider for viewing the timeline.
Click (Monitoring), and then (Timelines).
From Options, customize the period of time to display and the types of events to see.
- Use Show to select regular Management Events or Policy Events.
- Use the Interval dropdown to select hourly or daily data points.
- Use Date to type the date for the timeline to display.
- If you select to view a daily timeline, use Show to set how many days back to go. The maximum history is 31 days.
- From the Level dropdown, select a Summary event, or a Detail list of events.
- The three Event Groups dropdowns allow you to select different groups of events to display. Each has its own color.

To see more detail on an item in the timeline, click on it. A balloon appears with a link to the resource.

Chapter 4. Managing Containers

Starting with Red Hat CloudForms 4.0, CloudForms Management Engine allows for container management. The orchestration system can be OpenShift Enterprise or Atomic Enterprise Platform. These systems can be added to the CloudForms Management Engine appliance as container providers. You can also connect your container providers with OpenStack, RHEV, or VMware vCenter environments.

The Containers area in the top menu bar has options to manage containers, containers providers, images, nodes, registries, pods, and other components.

4.1. Core Concepts

The following is a list of some of the core concepts and objects you will encounter when using CloudForms Management Engine with OpenShift Enterprise or Atomic Enterprise Platform. Many of these objects come from Kubernetes, which is extended by OpenShift Enterprise to provide a more feature-rich development life cycle platform.

Node is a machine that pods run on. For more information, see OpenShift Enterprise 3.1 Architecture Information
Pod is a group of containers. For more information, see OpenShift Enterprise 3.1 Architecture Information.
Replicator ensures that there is always available a certain number of replicas of a specific pod. For more information, see OpenShift Enterprise 3.1 Architecture Information.
Container service is a base load balancer that provides traffic to pods. For more information, see OpenShift Enterprise 3.1 Architecture Information.
Image is a binary on which a container is based on. An image includes all of the requirements for running a single container, as well as metadata describing its needs and capabilities. For more information, see OpenShift Enterprise 3.1 Architecture Information.
Image Registry is a service for storing and retrieving images. For more information, see OpenShift Enterprise 3.1 Architecture Information.
Project (namespace) is an ability to partition resources created by users into logical groups. For more information, see OpenShift Enterprise 3.1 Architecture Information.
Route announces your service to the world. For more information, see OpenShift Enterprise 3.1 Architecture Information.

4.2. Insight and Control

CloudForms Management Engine can connect to OpenShift Enterprise and Atomic Enterprise Platform containers providers and supports managing them similarly to how infrastructure and cloud providers are managed. This allows you to gain control over different aspects of your environment and answer questions such as:

How many containers exist in my environment?
Does a specific node have enough resources?
How many distinct images are used?
Which image registries are used?

When CloudForms Management Engine connects to a containers environment, it collects information on different areas of the environment:

Entities such as pods, nodes, or services.
Basic relationships between the entities, for example: Which services are serving which pods?
Advanced insight into relationships, for example: Which two different containers are using the same image?
Additional information, such as events, projects, routes (OpenShift Enterprise only), and metrics.

4.2.1. Cross-Providers Insight

Cross-providers insight is a feature that connects all layers of infrastructure, cloud, and containers known to CloudForms Management Engine and collects data for analysis.

It supports cross-linking all of the layers available in the following environments:

OpenStack
oVirt or RHEV
VMware vCenter

The collected information includes all the data available in other (infrastructure or cloud) providers.

4.2.2. Working with the Containers Overview Page

The information on all containers providers and entities known to CloudForms Management Engine is summarized on the Containers Overview page. The Overview page provides links to other summary pages which contain further information on the containers providers and entities.

Working with the Containers Overview Page

Navigate to Containers → Overview.
Click the desired containers entity, or provider, if applicable, for viewing the summary with further information.

4.2.3. Viewing a Containers Provider Summary

A Containers Provider summary page allows you to view information on different aspects of a containers provider, for example:

Status of the provider and its components.
Relationships between different entities of the containers provider. These relationships are summarized in the Relationships box on the right-hand side of the summary page.
Additional information on aggregated capacity of all CPU cores of all nodes, and aggregated capacity of all memory of all nodes.

Viewing a Containers Provider Summary

Navigate to Containers → Providers.
Click the desired containers provider for viewing the provider summary.

4.2.4. Viewing a Container Nodes Summary

A Container Node summary page allows you to view information on different aspects of a container node, for example:

How many entities are on a node?
What is the capacity and utilization?
What are the versions of the underlying operating system and software?

Viewing a Container Nodes Summary

Navigate to Containers → Providers.
Click the desired containers provider for viewing the provider summary.
In the Relationships box on the right-hand side of the summary page, click Nodes.
Click the desired container node for viewing.
Alternatively, you can access the desired container node from Containers → Container Nodes.

4.2.4.1. Viewing a Container Nodes Timeline

You can view the timeline of events for a node. To access the timeline from a container nodes summary page, click Monitoring (Monitoring), and then Timelines (Timelines).

For more information on working with timelines, see the following procedure:

4.2.5. Viewing a Containers Summary

A Containers summary page allows you to view information on different aspects of a container, for example:

What are the relationships of the container to a related node, pod, or image?
Which node is the container running on?
Which part of a pod is the container?
What is the container ID?
What is the name of the container image? What are other properties of the container image (for example, tag)?

Viewing a Containers Summary

Navigate to Containers → Providers.
Click the desired containers provider for viewing the provider summary.
In the Relationships box on the right-hand side of the summary page, click Containers.
Click the desired container for viewing.
Alternatively, you can access the desired container from Containers → Containers.

4.2.6. Viewing a Container Images Summary

A Container Images summary page allows you to view information on different aspects of a container image, for example:

Which containers are using the image?
Which image registry is the image coming from?

Viewing a Container Images Summary

Navigate to Containers → Providers.
Click the desired containers provider for viewing the provider summary.
In the Relationships box on the right-hand side of the summary page, click Images.
Click the desired image for viewing.
Alternatively, you can access the desired image from Containers → Container Images.

4.2.7. Viewing an Image Registries Summary

An Image Registries summary page allows you to view information on different aspects of an image registry, for example:

How many images are coming from the registry? What are the images?
Which containers are using images from the registry?
What is the host and port of the registry?

Viewing an Image Registries Summary

Navigate to Containers → Providers.
Click the desired containers provider for viewing the provider summary.
In the Relationships box on the right-hand side of the summary page, click Image Registries.
Click the desired image registry for viewing.
Alternatively, you can access the desired image registry from Containers → Image Registries.

4.2.8. Viewing a Pods Summary

A Pods summary page allows you to view information on different aspects of a pod, for example:

Which containers are part of the pod?
Which services reference the pod?
Which node does the pod run on?
Is the pod controlled by a replicator?
What is the IP address of the pod?

Viewing a Pods Summary

Navigate to Containers → Providers.
Click the desired containers provider for viewing the provider summary.
In the Relationships box on the right-hand side of the summary page, click Pods.
Click the desired pod for viewing.
Alternatively, you can access the desired pod from Containers → Pods.

4.2.9. Viewing a Replicators Summary

A Replicators summary page allows you to view information on different aspects of a replicator, for example:

What is the number of requested pods?
What is the number of current pods?
What are the labels and selector for the replicator?

Viewing a Replicators Summary

Navigate to Containers → Providers.
Click the desired containers provider for viewing the provider summary.
In the Relationships box on the right-hand side of the summary page, click Replicators.
Click the desired replicator for viewing.
Alternatively, you can access the desired replicator from Containers → Replicators.

4.2.10. Viewing a Container Services Summary

A Container Services summary page allows you to view information on different aspects of a container service, for example:

What are the pods that the container service provides traffic to?
What are the port configurations for the container service?
What are the labels and selector for the container service?

Viewing a Container Services Summary

Navigate to Containers → Providers.
Click the desired containers provider for viewing the provider summary.
In the Relationships box on the right-hand side of the summary page, click Services.
Click the desired service for viewing.
Alternatively, you can access the desired service from Containers → Container Services.

4.2.11. Using the Topology Widget

The Topology widget is an interactive topology graph, showing the status and relationships between the different entities of the containers providers that CloudForms Management Engine has access to.

The topology graph includes pods, containers, services, nodes, virtual machines, hosts, routes, and replicators within the overall containers provider environment.
Each entity in the graph displays a color indication of its status.
Hovering over any individual graph element will display a summary of details for the individual element.
Double-click the entities in the graph to navigate to their summary pages.
It is possible to drag elements to reposition the graph.
Click the legend at the top of the graph to show or hide entities.
Click Display Names on the right-hand side of the page to show or hide entity names.

Viewing the Topology Widget

Navigate to Containers → Providers.
Click the desired containers provider for viewing the provider summary.
On the provider summary page, click Topology in the Overview box on the right-hand side of the page.

4.2.12. Running a SmartState Analysis

Perform a SmartState Analysis of a container image to inspect the packages included in an image.

Running a SmartState Analysis

Navigate to Containers → Container Images.
Check the container image to analyze. You can check multiple images.
Click (Configuration), and then (Perform SmartState Analysis).
The container image is scanned. The process will copy over any required files for the image. After reloading the image page, all new or updated packages are listed.
To monitor the status of container image SmartState Analysis tasks, navigate to Configure → Tasks. The status of each task is displayed including time started, time ended, what part of the task is currently running, and any errors encountered.

Chapter 5. Datastores

A storage location is considered a device where digital information resides and is connected to a resource. CloudForms Management Engine detects, analyzes, and collects capacity and utilization data for both VMFS and NFS datastores. Datastores connected to a provider are automatically created on discovery. On creation of a repository, a datastore is automatically created.

After detecting datastores, you might want to examine them more closely to see virtual machines, hosts, and available space.

Top left quadrant: File system type
Bottom left quadrant: Number of hosts
Top right quadrant: Number of virtual machines
Bottom right quadrant: Available space

5.1. Performing SmartState Analysis on Datastores

Analyze a datastore to collect information on the types of files on a datastore, and to see the number of managed/registered, managed/unregistered, and unmanaged virtual machines. To perform a SmartState analysis, the datastore is accessible from a running host and valid security credentials are supplied for that host.

Note

Be aware that executing a SmartState Analysis on a datastore from the console takes a while to return data on the content. If Capacity and Utilization roles are enabled, CloudForms Management Engine performs the analysis automatically on a scheduled basis approximately every 24 hours.

Navigate to Infrastructure → Datastores.
Select the datastores to analyze.
Click (Configuration), and then (Perform SmartState Analysis).
Click OK.

5.2. Viewing a Datastore

You can click on a specific Datastore to view its details. The screen provides you with a Datastore Taskbar, Virtual Thumbnail, Accordion, and Summary.

Figure 5.1. Datastore Management Screen

Datastore Taskbar: Choose between Configuration, Policy and Monitoring options for the selected Datastore.
Datastore Summary: See summary such as datastore properties, storage, VM information.
Datastore PDF: Generates datastore summary in PDF format.
Datastore Accordion: See details about Properties, Relationships, Storage Relationships and Content for the chosen datastore.

Note

To view Content section details, run a SmartState Analysis on the datastore. For information on how to perform SmartState Analysis, see Performing SmartState Analysis on Datastores.

5.3. Tagging a Datastore

Use tags to categorize a datastore. Before assigning tags, create them using instructions in the General Configuration guide.

Navigate to Infrastructure → Datastores.
Click the datastore to tag.
Click (Policy), and then (Edit Tags).
Select a customer tag from the first list, and then a value for the tag from the second list.
Select more tags as required; click (Save).

5.4. Viewing Capacity and Utilization Charts for a Datastore

You can view capacity and utilization data for a datastore.

Note

CloudForms Management Engine requires network visibility to your provider assigned the server role of Capacity & Utilization Collector to enable this feature.

Navigate to Infrastructure → Datastores, then click the Datastore that you want to view Capacity and Utilization data for.
Click (Monitoring), and then (Utilization) or from the Datastore Accordion, click Properties → Capacity & Utilization.
From Interval, select to view hourly or daily data points and the dates to view data. Use VM Types to Include to include only managed/registered, managed/unregistered, or unmanaged virtual machines. The following definitions will be helpful.
- Managed/Registered VM - A virtual machine connected to a host and exists in the VMDB. Also, a template connected to a management system and exists in the VMDB.
  Note
  Templates cannot be connected to a Host.
- Managed/Unregistered VM - A virtual machine or template that resides on a repository or is no longer connected to a management system or host and exists in the VMDB. A virtual machine previously considered registered might become unregistered if the virtual machine is removed from management system inventory.
- Not Managed - Files discovered on a datastore that do not have a virtual machine associated with them in the VMDB. These files might be registered to a management system that CloudForms Management Engine does not have configuration information. Possible causes might be the management system has not been discovered or the management system has been discovered but no security credentials are provided.

Use Time Profiles to select a time range for the data.

Note

Daily charts only include full days of data. If a day does not include all the 24 data points for a day, the data does not show for that day.

5.5. Removing a Datastore

If a datastore no longer contains any files associated with the virtual environment, remove it from the VMDB. This button is enabled only if a datastore is completely empty.

Navigate to Infrastructure → Datastores.
Click on the Datastore to remove.
Click (Configuration), and then (Remove Datastore from the VMDB).
Click OK.