Configuring GoogleCloud Observer jobs

Using the GoogleCloud Observer, you can define a full load job that will read services data from the Google Cloud Platform's Compute Services through Google's Compute Services SDK, and then generate a topology.

Before you begin

Important: The Google Cloud Observer supports the cloud/SaaS Google Cloud version.

The GoogleCloud Observer is installed as part of the core installation procedure.

The GoogleCloud Observer supports GoogleCloud's compute services. Ensure you have the GoogleCloud details in hand, such as the Project ID, Service Account Key File and Zone, before running the observer job.

About this task

The GoogleCloud Observer supports a transient (one-off) Load job that loads all requested topology data via Google's Compute Services SDK to build the topology, and then exit.

You define and start the following job. You must edit the parameters in the configuration file before running this job.
Full Topology Upload job
By default, these jobs are one-off, transient jobs that perform a full upload of all requested topology data as soon as they are triggered.
You can also run these jobs (again) manually from the Observer UI, or schedule them to run at set times when configuring them.
Note: You must create a service account key file or use an existing one to allow the GoogleCloud Observer to discover resources from GoogleCloud.

Procedure

To create a service account key file

  1. From the Google Cloud Platform dashboard, under your 'Project ID', go to APIs and Services and then choose Credentials.
    The Credentials page is displayed listing a number of authentication methods.
  2. Select the Service account authentication service
  3. From Create Credentials, choose Service account.
  4. Complete the service account details, then click Create to create a new service account.
  5. Select the Compute Engine > Compute Admin role, then click Continue and Done.
  6. To download the .json file from the Credentials page, click Service account > Manage Service Accounts.
  7. Select the new service account, then choose Create key from the overflow menu (the three dots under the Actions column).
  8. Choose a key type of JSON, then click Create. A .json file will be downloaded.
    • For on-prem, store the .json file under /opt/ibm/netcool/asm/security
    • For OCP, follow these steps to store the service account key file as a secret.
    The filename will be used in the observer parameter (service_account_key_file) for the full load job.

To configure the GoogleCloud job

  1. On the Observer jobs page, perform one of the following actions:
    To edit an existing job
    Open the List of options overflow menu next to the job and click View & edit.
    To create a new job
    Click Add a new job + and select the GoogleCloud Observer tile.
  2. Configure the following parameters, then click Save to save and run the job.
    Table 1. GoogleCloud Observer parameters
    Parameter Action Details
    Unique ID Enter a unique name for the job. Required
    Project ID Enter the Google Cloud Platform Project ID. Required
    Service Account Key File

    Supply the Google Cloud Platform Service Account Key File.

    Copy the json file to the $ASM_HOME/security directory for on-prem.

    		 Required
    Zone Specify the Google Cloud Platform Zones. Required.
    Connection timeout Specify the connection timeout in ms (default is 5000) Optional
    Read timeout Specify the read timeout in ms (default is 2000) Optional
    Proxy Host Specify the proxy host via which to connect. Optional
    Proxy Port Specify the proxy port. Set as per HTTP/HTTPS Proxy Host. Optional. Defaults to 8080.
    Proxy Username Specify the proxy username. Set for basic auth proxy. Optional
    Trust all certificates by bypassing certificate verification Set to true to allow connection to target environment without verification. Optional. The default is 'false'.
    Proxy Password Specify the proxy password. Set if Proxy Username has been specified Optional. Use plain text.
    Proxy Secure Specify whether the proxy server is secure. Set to 'true' for HTTPS proxy. Optional. Default is 'false'.
    Access scope

    Enter text to provide a scope for the resources.

    Access scope can help map alerts to resources when resources in different scopes share the same parameters, such as matchTokens.

    		 Optional.
    Tip: You can define access scope for locations, project names, namespaces, etc.
    Generate debug support file
    Set the optional Generate debug support file parameter to 'True' in order to capture the output of the next scheduled job run as a file. This file will be stored with an observer's log files and can be used to debug observer issues, for example at the request of your designated Support team, or while using a test environment. For one-off jobs (that is, Load jobs), this parameter reverts to 'False' after the next completed run. To examine the output produced, you can load the generated debug file using the File Observer. The file is saved to the following locations:
    On-prem
    $ASM_HOME/logs/<obs>-observer/
    On OCP
    /var/log/itsm/<obs>-observer
    		 Optional
    Observer job description Enter additional information to describe the job. Optional
    Job schedule

    Specify when the job should run, and whether it should run at regular intervals.

    By default the job runs immediately, and only once.

    Optionally you can specify a future date and time for the job to run, and then set it to run at regular intervals after that.

    Optional. Transient (one-off) jobs only.

    If you set a job schedule, the run intervals must be at least 90 seconds apart, and if you set them at less than 15 minutes, a warning is displayed, as the frequency can impact system performance.

Results

The job gathers information and updates the topology.
Troubleshooting: While the job is running, the status of discovered resources may appear as 'indeterminate' in the topology until the full upload is complete.