Defining VMware vCenter Observer jobs

The VMware vCenter Observer is installed as part of the core installation procedure. Use the VMware vCenter Observer when you have VMware vCenter installed in your environment to define jobs that dynamically load VMware vCenter data for analysis by Netcool Agile Service Manager.

Before you begin

Important: The VMware vCenter Observer supports the on-premise VMware vCenter versions 6.5, 6.7 and 7.0.3.

Ensure you have the VMware vCenter service details to hand, such as username, password, SSL TrustStore and URL.

Remember: Swagger documentation for the observer is available at the following default location: https://<your host>/1.0/vmvcenter-observer/swagger

About this task

The VMware vCenter Observer job extracts VMware vCenter resource information via REST. The Observer loads and updates the resources and their relationships within the Netcool Agile Service Manager core topology service.

vmvcenter_observer_common.sh
The config file you use to customize VMware vCenter Observer settings.
The parameters defined here are then used by the vmvcenter_observer_query_start.sh script to trigger the VMware vCenter Observer jobs.
Tip: Alternatively, you can set the appropriate environment variables. If an environment variable is set, it takes precedence over the config file settings.
You define and start the following job. You must edit the parameters in the config file before running this job.
Full Topology Upload job
A transient (one-off) job that loads all requested topology data.
This job is started by the vmvcenter_observer_query_start.sh script.
The VMware vCenter Observer loads the following resources and their relationship into the Netcool Agile Service Manager core topology service:
  • ESXi / ESX Hosts
  • Virtual Machines
  • VNICs
  • Storage

Procedure

To edit the parameters in the config file

  1. Run the following command to check if a specific username has access to obtain the session-id token. 
    curl -kX POST -u 'username':'password' -H "Content-Type: application/json" 'https://<host>/rest/com/vmware/cis/session'
    If the output is a value, then the username can be used to obtain a session-id token.
  2. Open the vmvcenter_observer_common.sh config file and edit (at least) the following parameters:
    vcenter_api_url
    VMware vCenter REST API endpoint
    vcenter_username
    VMware vCenter user name for REST API
    vcenter_password
    VMware vCenter user password for REST API
    ssl_truststore_file
    VMware vCenter SSL trust store file for HTTPS authentication
    JKS is the supported format and the file is relative to $ASM_HOME/data/vmcenter-observer
    password_ssl_truststore_file
    Password to decrypt and encrypt VMware vCenter SSL trust store file
    Encryption requirement:
    The Load job requires passwords in encrypted form. To encrypt the vcenter_password and password_ssl_truststore_file, run the encrypt_password.sh script in the $ASM_HOME/bin directory: 
    ./bin/encrypt_password.sh
    Enter and then confirm the password. The encryption utility will return an encrypted version.
    certificate
    The certificate name (in the /opt/ibm/netcool/asm/security directory)
  3. Optional: Edit the following optional parameters:
    connect_read_timeout_ms
    Set the connection and read timeout value (in milliseconds).
    The default value is 5000.
    include
    The VMware vCenter host's name regex to discover.
    Specify an exact match or a regular expression match for a host's name in order to discover all its virtual machines.
    By default, it discovers all.
    connect_retry
    Set the connection retry times.
    The default value is 5.
    connect_retry_delay
    Set the time delay before trying to reconnect (in milliseconds).
    The default value is 1000.

To acquire VMware vCenter SSL certificate and build SSL truststore

  1. Use the following command to use OpenSSL to connect to VMware vCenter over port 443, and extract a SSL Certificate from VMware vCenter to a <certificate_file_name>.crt file. 
    echo -n | openssl s_client -connect {VMware vCenter IpAddress}:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./{certificate_file_name}.crt
  2. Use the following Java keytool command to import the VMware vCenter certificate file into a keystore and encrypt the keystore with a given password. 
    keytool -import -v -trustcacerts -alias {VMware vCenter Hostname} -file {certificate_file_name}.crt -keystore {keystore file name} -storepass {your password to encrypt keystore}
  3. Copy the keystore file ({keystore file name}) to the $ASM_HOME/security directory to complete the SSL setup.

To start the Load job

  1. To start the VMware vCenter Observer Full Topology Upload job, use the following command: 
    $ASM_HOME/bin/vmvcenter_observer_query_start.sh
    This job loads all requested topology data. Run this job whenever you need VMware vCenter topology data refreshed.

What to do next

You can also use the following scripts:
vmcenter_observer_query_stop.sh
Stops the Full Topology Upload job
vmcenter_observer_job_list.sh
Lists the status of current jobs
vmcenter_observer_log_level.sh
Sets the log level
Remember: As an alternative to being configured using the Observer Configuration UI, observer jobs have scripts to start and stop all available jobs, to list the status of a current job, and to set its logging levels. These scripts can be run with -h or --help to display help information, and with -v or --verbose to print out the details of the actions performed by the script, including the full cURL command. For the on-prem version of Agile Service Manager, observer scripts are configured for specific jobs by editing the script configuration files.