Configuring Cisco ACI Observer jobs

You use the Cisco ACI Observer when you have a Cisco ACI environment with Cisco Application Policy Infrastructure Controller (APIC) in your environment. The Observer interfaces with Cisco APIC and makes active REST calls to Cisco APIC in the Cisco ACI environment. You configure observer jobs that dynamically load Cisco ACI data for analysis by Netcool Agile Service Manager from the Observer Configuration UI.

Before you begin

Important: The Cisco ACI Observer supports the on-premise Cisco ACI version 4.1.

Ensure you have the Cisco ACI service details to hand, such as the Cisco APIC username, Cisco APIC password, Cisco APIC SSL TrustStore and Cisco APIC URL.

The Cisco Application Centric Infrastructure (ACI) Observer is installed as part of the core installation procedure.

Optional: Install and configure a proxy: The Cisco ACI Observer can (optionally) connect to Cisco ACI via a proxy. See the Proxy Host and Proxy Port parameters listed in the table. A proxy can be used to create a tunnel to the target system.
Example: Squid proxy
  1. Install the squid proxy:
    $ sudo yum install squid
  2. Edit the /etc/squid/squid.conf file to add acl for the source and target system. Example of a line added:
    acl localnet src 1.2.3.0/19 # ASM Host
  3. Initialize the squid directories:
    $ sudo squid -z
  4. Configure the squid proxy for auto-start:
    $ sudo systemctl start squid
$ sudo systemctl enable squid
See the related links for more information about the squid proxy.

About this task

A Cisco ACI Observer job extracts Cisco ACI resources from Cisco APIC via REST. The Observer loads and updates the resources and their relationships within the Netcool Agile Service Manager core topology service.

You define and start the following jobs.
Restapi Load job
A transient (one-off) job that loads all requested topology data using Cisco APIC REST APIs to build a tenant logical construct topology or a fabric topology, and then exits.
A 'restapi' job loads initial topology data, and can resynchronize topology data from Cisco ACI into the Agile Service Manager topology.
You assign 'restapi' as the job type for /jobs/restapi observer endpoint.
By default, these jobs are one-off, transient jobs that carry out a full upload of all requested topology data when they are triggered.
You can also run these jobs (again) manually from the Observer UI, or schedule them to run at set times when you configure them.
Websocket Listen job
A long-running job that listens for notifications from Cisco APIC to build the topology and runs until it is explicitly stopped, or until the observer is stopped.
A 'websocket' job monitors changes from Cisco APIC object notification and updates the Agile Service Manager topology.
You always run a 'websocket' job after running a 'restapi' job type.
You assign 'websocket' as the job type for /jobs/websocket observer endpoint.

Procedure

To configure Cisco ACI Observer jobs

  1. On the Observer jobs page, perform one of the following actions:
    To edit an existing job
    Open the List of options overflow menu next to the job and click View & edit.
    To create a new job
    Click Add a new job + and select the Cisco ACI Observer tile.
    Choose either restapi or websocket from the job type drop-down.
  2. Edit the following parameters, then click Save to save your job and begin retrieving information.
    Table 1. Cisco ACI Observer restapi and websocket job parameters
    Parameter Action Details
    Unique ID Enter a unique name for the job. Required
    Tenant name Use this to identify the tenant. Required. Set to admin if there is no specific tenant. Set to '' to load Fabric Topology resources.
    Cisco APIC endpoint Specify the API URL of the Cisco APIC endpoint. Required. Usually in the following format: https://[hostname or IP address]/api
    Cisco APIC username Specify the username to connect as, or listen to. Required
    Cisco APIC password Enter the password for Cisco APIC authentication. Required. Use plain text.
    HTTPS trustStore file name Specify the trustStore file name.
    Tip: You can use the observer name (<observer>.jks) for example ciscoaci.jks.
    		 Required. For both on-prem and OCP, provide the JKS name, and the observer will then create the JKS file accordingly.
    HTTPS trustStore file password Specify the trustStore password to decrypt the HTTPS trustStore file. Required. Use plain text.
    Cisco APIC certificate Specify a certificate by name to load into the trustStore. Required. For more details, see Configuring observer job security.
    On-prem
    Create and store the certificate
    OCP
    Obtain the authentication certificate using OpenSSL and store it as a secret
    Read timeout Specify the read timeout in ms (default is 2000) Optional
    SSL Validation Choose whether SSL validation is on or off. Turning SSL validation off will use HTTPS without host verification. Optional
    Connection timeout Specify the connection timeout in ms (default is 5000) Optional
    Proxy Host Specify the proxy host through which to connect Optional
    Proxy Port Specify the proxy port, defaults to 8080 Optional
    Trust all certificates by bypassing certificate verification Set to true to allow connection to target environment without verification. Optional. The default is 'false'.
    Access scope

    Enter text to provide a scope for the resources.

    Access scope can help map alerts to resources when resources in different scopes share parameters, such as matchTokens.

    		 Optional.
    Tip: You can define access scope for locations, project names, namespaces, and so on.
    Generate debug support file
    Set the optional Generate debug support file parameter to True to capture the output of the next scheduled job run as a file. This file is stored with an observer's log files and can be used to debug observer issues, for example at the request of your designated Support team, or while using a test environment. For one-off jobs (that is, Load jobs), this parameter reverts to False after the next completed run. To examine the output produced, you can load the generated debug file using the File Observer. The file is saved to the following locations:
    On-premises
    $ASM_HOME/logs/<obs>-observer/
    On OpenShift Container Platform
    /var/log/itsm/<obs>-observer
    		 Optional
    Observer job description Enter additional information to describe the job. Optional
    Job schedule

    Specify when the job should run, and whether it should run at regular intervals.

    By default the job runs immediately, and only once.

    Optionally you can specify a future date and time for the job to run, and then set it to run at regular intervals after that.

    Optional. Transient (one-off) jobs only.

    If you set a job schedule, the run intervals must be at least 90 seconds apart. If you set them at less than 15 minutes, a warning is displayed, as the frequency can impact system performance.
    SSL requirements: To acquire SSL certificates and build SSL truststores, use the relevant instructions in the following section: Configuring observer job security