Configuring the probe and gateway services

The Agile Service Manager probe and gateway containers are installed together with the other core components. Once you have configured these, Agile Service Manager can displays resource information generated from Netcool/OMNIbus events.

Before you begin

Ensure you have all the required Netcool/OMNIbus ObjectServer information available before you configure the Agile Service Manager probe and gateway containers.

Remember: You configure the deployed probe and gateway after installing the core Agile Service Manager containers (including the probe and gateway containers), but before starting the Agile Service Manager services.

Upgrade note: If you are running an existing Agile Service Manager deployment and have already configured earlier versions of the XML Gateway for Event Observer, the Netcool/OMNIbus probe for Message Bus, and the Event Observer itself, and you intend to use the new probe and gateway mechanism, you should perform the following prerequisite steps:

Prerequisite steps before upgrading the probe:

De-register the probe event sink (while the topology service is running):

$ASM_HOME/bin/topology_service_probe_deregister.sh --all

Stop the currently configured HTTP probe.

Prerequisite steps before upgrading the gateway:

Stop the currently configured HTTP gateway.

Hybrid scenario: The following additional steps are required if Agile Service Manager is deployed on OCP, while NOI is on-prem.

Define two additional ObjectServer alerts.status fields:
AsmStatusId

Define the AsmStatusId field to hold the ASM topology service status _id relating to an event. This can be used to identify whether ASM knows about an event, and to launch from it in context.
```
alter table alerts.status add column AsmStatusId varchar(64); 
go
```
LastOccurrenceUSec

Define the LastOccurrenceUSec field, holding the sub-second portion of the LastOccurrence timestamp, in microseconds, to allow a modified generic_clear automation to perform same-second clearing.
```
alter table alerts.status add column LastOccurrenceUSec int; 
go
```

Extract the two triggers from the configuration map from the files of the same name as for on-prem:

# Assuming a helm release called 'asm'
oc get configmap asm-noi-gateway-config -o jsonpath="{.data.asm-trigger\.sql}"
oc get configmap asm-noi-gateway-config -o jsonpath="{.data.updated-generic-clear\.sql}"

About this task

The Message Bus probe receives status from Agile Service Manager, and generate corresponding events in the Netcool/OMNIbus Event Viewer. These events are then fed back to Agile Service Manager via the Message Bus gateway, which updates the Agile Service Manager status via the Event Observer with the eventId.

The following diagram depicts how the Message Bus probe and gateway work together with the Agile Service Manager Event Observer to keep the event status between Agile Service Manager and Netcool/OMNIbus synchronized.

Specifically, this diagram shows how the data flow from Agile Service Manager status generates Netcool/OMNIbus events. When Netcool/OMNIbus is the source of events, however, the data flow from the Event Observer to the topology service not only updates the status eventId with ServerName/ServerSerial, but generates the status itself.

Three SQL files are located in the $ASM_HOME/integrations/omnibus directory:

asm-alert-fields.sql

Defines two new fields:

LastOccurrenceUSec: Allows sub-second clearing
AsmStatusId: Stores the topology service status ID

asm-trigger.sql

Clears up events generated by Agile Service Manager when resources are deleted

updated-generic-clear.sql

Updates generic_clear automation to allow sub-second clearing

The following nco tools are deployed with the gateway container, and are exposed as container scripts in the $ASM_HOME/bin directory. These tools accept the -h or -help options.

nco_aes_crypt.sh: You use this tool to encrypt the ObjectServer username and password.; Encryption requires a key file, as named by NOI_KEY_FILE in the $ASM_HOME/integrations/omnibus/secure.env file.
nco_keygen.sh: You use this tool to generate a key file for encrypted usernames and passwords.; The key file is named by NOI_KEY_FILE in the $ASM_HOME/integrations/omnibus/secure.env file and is generated in the $ASM_HOME/security directory.
nco_ping.sh: You use this tool to check access to an ObjectServer; that is, to check connection status and verify TLS configuration. (However, the tool does not perform username or password validation.); To do so, you require the $ASM_HOME/integrations/omnibus/omni.dat file.; If TLS is configured, you require additional configuration in the $ASM_HOME/integrations/omnibus/secure.env file.

The following configuration files define the connection with Netcool/OMNIbus:

omni.dat: Netcool/OMNIbus connections data file (contains configuration examples); $ASM_HOME/integrations/omnibus/omni.dat
G_ASM.props: Gateway properties file; $ASM_HOME/integrations/omnibus/kafka/gateway/G_ASM.props
probe.props: Probe properties file; $ASM_HOME/integrations/omnibus/kafka/probe/probe.props
secure.env: Additional secure configuration file (optional); $ASM_HOME/integrations/omnibus/secure.env

Procedure

Configure target ObjectServer

Note: Completing this section of the procedure (step one) is sufficient to create a connection to a single, unsecured ObjectServer.

In the omni.dat file, define the ObjectServer location. For example:
```
[AGG_P]
{
   Primary:   noi-omnibus   4100
}
```
Note: AGG_P matches the Gate.Reader.Server property in the gateway properties file (G_ASM.props), and the Server property in the probe property file (probe.props).

Encrypt username and password

Note: Completing this section of the procedure (steps two to five) is required only if you require ObjectServer authentication.

Use the nco_keygen.sh tool to generate a key file. For example:

./bin/nco_keygen.sh 
Generating key file $ASM_HOME/security/noi_keyfile

Encrypt the username and password using the generated key. In this example, the username and password are both asm:
```
./bin/nco_aes_crypt.sh asm
```
Example encrypted output:
```
@44:9nx51SfAdcPhyQlmqcqL0OqHanR/wQUnZy943YI+TrQ=@
```

Add the encrypted username and password to the gateway property file:
$ASM_HOME/integrations/omnibus/kafka/gateway/G_ASM.props

Gate.Reader.Server              : ‘AGG_P'
ConfigCryptoAlg                 : 'AES_FIPS'
ConfigKeyFile                   : '$NCHOME/omnibus/asm/$NOI_KEY_FILE'
Gate.Reader.Username            : '@44:9nx51SfAdcPhyQlmqcqL0OqHanR/wQUnZy943YI+TrQ=@'
Gate.Reader.Password            : '@44:9nx51SfAdcPhyQlmqcqL0OqHanR/wQUnZy943YI+TrQ=@'

Add the encrypted username and password to the probe property file:
$ASM_HOME/integrations/omnibus/kafka/probe/probe.props

Server                          : ‘AGG_P'
ConfigCryptoAlg                 : 'AES_FIPS'
ConfigKeyFile                   : '$NCHOME/omnibus/asm/$NOI_KEY_FILE'
AuthUserName                    : '@44:9nx51SfAdcPhyQlmqcqL0OqHanR/wQUnZy943YI+TrQ=@'
AuthPassword                    : '@44:9nx51SfAdcPhyQlmqcqL0OqHanR/wQUnZy943YI+TrQ=@'

Define ObjectServer TLS

Note: Completing this section of the procedure (steps six to seven) is required only if you require secure TLS communication with the ObjectServer.

Define the Object Server CA certificate by ensuring the following:
1. The CA certificate file must exist (or copied to) in the $ASM_HOME/security directory. Example:
```
cp <previous_location>/aCaCert.crt $ASM_HOME/security/aCaCert.crt
```
2. The file is named by NOI_CA_CERTIFICATE in the $ASM_HOME/integrations/omnibus/secure.env file.
```
NOI_CA_CERTIFICATE=aCaCert.crt
```

Add TLS to the configuration files.

omni.dat

Required

[AGG_P]
{
    Primary:    noi-omnibus  ssl  4100
}

G_ASM.props

Some configurations may require the gateway Gate.Reader.CommonNames property,

Gate.Reader.Server              : ‘AGG_P'
#Gate.Reader.CommonNames        : May be required

probe.props

Some configurations may require the probe SSLServerCommonName property.

Server                          : ‘AGG_P'
#SSLServerCommonName            : May be required

Results

The gateway is ready to supply Netcool/OMNIbus event data to the Agile Service Manager topology service, and the probe is ready to receive status from Agile Service Manager, and then pass it on to the Netcool/OMNIbus Event Viewer.

Example

The omni.dat file contains configuration examples:

# Example omni.dat file. Copy your own omni.dat file in here, and configure the 
# probe and gateway to connect to the appropriate object servers in their props files:
#
# - $ASM_HOME/integrations/omnibus/kafka/probe/probe.props 
# - $ASM_HOME/integrations/omnibus/kafka/gateway/G_ASM.props 
#
[AGG_P]
{
    Primary:    noi-omnibus    4100
}

#
# Example failover pair config. The gateway and probe properties would require:
#
# - Probe
# Server: 'AGG_V'
#
# - Gateway
# Gate.Reader.Server: 'AGG_V'
#
[AGG_V]
{
    Primary:    primary-host.example.com    4100
    Backup:     backup-host.example.com     4100
}


#
# Example of connecting the probe and gateway to different layers of a multi-tiered architecture. 
# The gateway and probe properties would require:
#
# - Probe
# Server: 'COL_P'
#
# - Gateway
# Gate.Reader.Server: 'AGG_P'
#
[AGG_P]
{
    Primary:    aggregation-layer-host.example.com    4100
}

[COL_P]
{
    Primary:    collection-layer-host.example.com    4100
}

#
# Example TLS config. The gateway and probe properties could use:
#
# - Probe
# Server: 'TLS_AGG_P'
#
# - Gateway
# Gate.Reader.Server: 'TLS_AGG_P'
#
# or can make use of the gateway Gate.Reader.CommonNames and probe SSLServerCommonName 
# properties
#
# The Object Server CA certificate or key database file + password must be configured 
# in $ASM_HOME/integrations/omnibus/secure.env
#
[TLS_AGG_P]
{
    Primary:    tls-host.example.com  ssl  4100
}

What to do next

Next, you start Agile Service Manager.

Advanced Configuration: A Netcool/OMNIbus administrator can further configure the probe and gateway by applying custom rules and mapping. Probe and gateway configuration is accessible here:

To improve performance and prevent unnecessary events from being displayed in the topology viewer, you can filter out events. You can also pass additional alerts.status fields to Agile Service Manager.

Use the following gateway configuration files to apply advanced configuration:

${ASM_HOME}/integrations/omnibus/kafka/gateway/row_filter.def

${ASM_HOME}/integrations/omnibus/kafka/gateway/field_filter.map

Probe rules transform the input into events suitable for the Netcool/OMNIbus alerts.status table. The name of the file must be given as a probe property or command line option (which in this example is 'probe.rules').
Use (or copy and edit) the supplied sample probe rules file.
Use the following probe configuration file to apply advanced configuration:
```
${ASM_HOME}/integrations/omnibus/kafka/probe/probe.rules
```

You can review the probe and gateway log files (asm_probe.log and gateway.log). See the related links for more information.