Skip navigation

Installing and configuring Endpoint Operations  vCenter Monitoring Solution

 

The new vCenter Monitoring Solution is based on the EPOPS Agent.

Documentation:

https://c368768.ssl.cf1.rackcdn.com/product_files/25806/original/vCenter_Solution_1.1_Guidefadf2b185bd8c71f01f43301f65f1d06.pdf

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2133716

Ingredients:


1. vRealize Operations Manager 6.1 -> You already have it installed, if not, download it

     ->https://my.vmware.com/group/vmware/details?downloadGroup=VROPS-610&productId=538&rPId=8818https:/my.vmware.com/group/vmware/info?slug=infrastructure_operations_management/vmware_vrealize_operations/6_1

2. vRealize Operations EndPoint Agent installable -> download the 64-bit version from

     -> https://my.vmware.com/group/vmware/details?downloadGroup=VROPS-610&productId=538&rPId=8818

3. vCenter Monitoring Solution Management Pack (PAK-File) -> not easy to find, but it is on

      -> https://solutionexchange.vmware.com/store/products/130354

4. vCenter Server access with administrator / root privileges -> in my case Linux vCSA

 

Instructions:

 

1. Install and configure EPOPS Agent on the vCenter

2. Install and configure vCenter Monitoring Management Pack

****************

1. Detailed instructions - The Agent

1.1 Download the agent (Linux 64-bit)  from here:

11-detailed-instructions---the-agent.png

1.2 Run RPM-installation

vcsa-01a:~ # rpm -Uvh epops-agent-x86-64-linux-6.1.0-3030162.rpm
Preparing...                ########################################### [100%]
Password for `epops' is already locked!
1:epops-agent            ########################################### [100%]insserv:
Service syslog is missed in the runlevels 2 to use service cgconfigepops-agent              0:off  1:off  2:off  3:on  4:off  5:on  6:off
End Point Operations Management Agent has successfully been installed to /epops-agent
, and the service is configured to start at boot using the "epops" user credentials.
Note that some plug-ins require special permissions to discover and monitor their ap  plications.
Verify that the "epops" user has the necessary permissions.
Before you start the service, perform one of the following processes:* 
Begin the interactive setup by starting the epops-agent service.* 
Edit the /epops-agent/conf/agent.properties file, by uncommenting and modifying the agent.setup values,
then start the epops-agent service.Run 'service epops-agent start' to start the epops-agent service...

1.3 Change agent user to root

Open the /etc/init.d/epops-agent file in a text editor.


1.3.1 Change the line:


RUN_AS_USER=epops

to

RUN_AS_USER=root 

 

1.3.2 Also find the line below:

AGENT_CTL="su $RUN_AS_USER -s $SHELL $AGENT_INSTALL_DIR/epops-agent/bin/ep-agent.sh"
and remove $SHELL, such that the line now reads:
AGENT_CTL="su $RUN_AS_USER -s $AGENT_INSTALL_DIR/epops-agent/bin/ep-agent.sh"
13-change-agent-user-to-root.png

1.4 Configure the agent by starting the service for the first time

vcsa-01a:~ # service epops-agent start

Starting End Point Operations Management Agent...... running (1919).

[ Running agent setup ] - The agent generated the following token    1453723755661-608569690955820004-2774624980274959717

Enter the server hostname or IP address: vrops-01a.corp.local

Enter the server SSL port [default=443]: - Testing secure connection ...

...

 

Do you trust this certificate (yes/no/more)? [default=no]: yes

- Connection successful.

Enter your server username: admin

Enter your server password:

- Registering the agent with server.

- The agent has received a client certificate from server.

- The agent has been successfully registered.

1.5 Check and write down postgres user and password

 

This password will be used later on to configure the postgres monitoring plugin in vR Ops:

vcsa-01a:~ # cat  /etc/vmware-vpx/vcdb.properties

driver = org.postgresql.Driver

dbtype = PostgreSQL

url = jdbc:postgresql://localhost:5432/VCDB

username = vc

password = DKTRP){3d$1sHvCZ

password.encrypted = false

2. Detailed Instructions: The Management Pack

2.1 Management Pack installation and configuration

Download vCenter Self-Monitoring Solution management pack from here:    https://solutionexchange.vmware.com/store/products/130354

2.2 Install the managent pack

Log in to vRealize Operations manager as "admin" and go to Solution, click on the + sign and install the management pack.

22-install-the-managent-pack.png

2.3 Configure solution credentials in vR Ops

Once the management pack installed and assuming the agent is already running a list of new resources will appear. Go to "Administration -> Inventory Explorer -> Adapter Types -> EP Ops Adapter" and select "vCenter App Server- your-vcsa-hostname" object. Press the pencil symbol ot edit it.

23-configure-solution-credentials-in-vr-ops.png

2.4 Add vCenter web credentials

Click on + to create new credentials

24-add-vcenter-web-credentials.png

2.5  Provide user name and password

25--provide-user-name-and-password.png

2.6 Configure postgress agent

Now select the object called "PostgreSQL - your vcsa hostname" and click on the pencil to edit it. Add the postgres credentials acquired in the step 1.5.

26-configure-postgress-agent.png

2.7 Check both configured objects have green collection status:

After a while (5 minutes) both configured objects should show gree collection status.

27-check-both-configured-objects-have-green-collection-status--.png

2.8 Check new data

Check new objects and data under Environment -> Operating Systems World -> Linux -> vcsa-host..

28-check-new-data.png

2.9. Check new vCenter App Server dashboard

29-check-new-vcenter-app-server-dashboard.png

2.9 Check new Alerts for vCenter Monitoring

Filter based on "Adapter Type = EP Ops Adapter"

210-check-new-alerts-for-vcenter-monitoring.png

In short: we will create a new Role to view dashboards, assign this role to the new db-group and create a db-user. The goal is to create a user who is able to log in and see only assigned dashboards (privilege) which would display only display the part of the environment this user is entitled to see (access permissions).

We will also need to remove and hide  three default dashboards from being assigned to each new user.

1. Creating a role, a group and a local user

In order to create a role, go to Administration -> Access Control -> Roles and hit the + icon:

creating-a-role--a-group-and-a-local-user.png

1.1 Create a new db-viewer role

create-a-new-db-viewer-role.png

1.2 Edit the role:

Once you saved the new role, select it and press the pencil "Permissions"

edit-the-role--.png

1.3 Assign permission to login to the db-viewer role:

Administration -> Login Interactively

assign-permission-to-login-to-the-db-viewer-role--.png

1.4 Assign permission to "View Dashboard Homepage" to the db-viewer role:

assign-permission-to--view-dashboard-homepage--to-the-db-viewer-role--.png

2. Create a new db-group (user group)

Go to Administration -> Access Control -> User groups create a group called db-group

Assing the role of db-viewer to this group and select applicable objects (in my case a vcenter vcInf-01) . You will be able to select objects only after you checked "Assign this role to the group" box.

create-a-new-db-viewer-role.png

2.1 Create db-user01

Go to Administration -> Access Control -> User Accounts

create-db-user01-.png

2.2 Add  db-user01 to db-group

add--db-user01-to-db-group.png

3. Unshare all dashboards shared to "Everyone"

We want to get rid of the dashboard which are shared to "Everyone" by default. Just log in as admin, go to Content -> Dashboards

unshare-all-dashboards-shared-to--everyone-.png

3.1 Select and un-share

Select all the shared dashboards (Click + Shift will allow to select multiple). In the example below I have 50 dashboards shared to "Everyone" and I will un-share all of them in order to share a specific dashboard later on. You may need to go through multiple pages (as sorting is not implemented in this dialog) and select the shared dashboards on the subsequent pages. Don't forget to press "Save" button!

select-and-un-share.png

3.3 Result of un-sharing

In the result the sharing view should display 0 for everyone.

result-of-un-sharing.png

3.4 Assign a test dashboard to db-group

Go to Content -> Dashboards and drag and drop the dashboard on the db-group. Save!

assign-a-test-dashboard-to-db-group.png

5. Log in as db-user01

And surprisingly you will not only see the assigned dashboard but also the three default dashboards (Recommendations, Diagnose and Self Health)

Beside of that annoyance, assigning the dashboard and limiting user rights and permissions works as expected. We will get rid of the default dashboards in the next steps.

log-in-as-db-user01.png

6. Remove default dashboards (Recommendations, Diagnose and Self Health) for the group

There is a KB Article explaining in detail how to get rid of the three default dashboards. Basically it involves two steps : prevent those dashboards to be copied to any new users (on first log in) and remove or hide the dashboards from existing users. Both steps have to be done on command line, so you have to log in to your vR Ops through console or SSH (ssh has to be enabled first).

http://kb.vmware.com/kb/2133879

6.1 Preventing dashboards to be copied for new users

vrops01-prod:~ # mv /usr/lib/vmware-vcops/tomcat-web-app/webapps/vcops-web-ent/dashboards/ootb/All.json /root/All.json.$(date +%F)

This will move All.json default dashboards to /root and prevent the copying of it for each new user log in.

6.2 Hiding dashboards from existing groups / users

1) Change to the opscli directory

 cd /usr/lib/vmware-vcops/tools/opscli/

2) Run a command:

vrops01-prod:/usr/lib/vmware-vcops/tools/opscli # ./ops-cli.sh dashboard hide group:db-group all
Starting vRealize Operations CLI 2015-12-11 12:28:36,128 Starting command Command: dashboard:hide 2015-12-11 12:28:36,147 Connecting to server 2015-12-11 12:28:40,008 Try to login with maintenanceAdmin SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details. 2015-12-11 12:28:40,074 Successfully logged in. 2015-12-11 12:28:40,075 Successfully connected to server 2015-12-11 12:28:40,132 Successfully hiden dashboard all for user [db-group]. The configuration transformation will be scheduled in background. 2015-12-11 12:28:40,132 Triggered Command: dashboard:hide

7. Finally: user db-user01  sees the assigned dashboard only!

Log out and log in again as db-user01 and enjoy! You should only see the dashboard assigned and nothing else...

finally--user-db-user01--sees-the-assigned-dashboard-only-.png