Defining VMware NSX Observer jobs

The VMware NSX Observer is installed as part of the core installation procedure. Use the VMware NSX Observer when you have VMware NSX installed in your environment to define jobs that dynamically load VMware NSX data for analysis by Netcool Agile Service Manager.

Before you begin

You can use the VMware NSX Observer when you have a VMware NSX appliance in your environment.
Important: The VMware NSX Observer supports the on-premise VMware NSX version 6.3.

Ensure you have the VMware NSX service details to hand, such as username, password, SSL TrustStore and URL.

Remember: Swagger documentation for the observer is available at the following default location: https://<your host>/1.0/vmwarensx-observer/swagger

About this task

The VMware NSX Observer job extracts VMware NSX resource information via REST. The Observer loads and updates the resources and their relationships within the Netcool Agile Service Manager core topology service.

vmwarensx_observer_common.sh
The config file you use to customize VMware NSX Observer settings.
The parameters defined here are then used by the vmwarensx_observer_query_start.sh script to trigger the VMware NSX Observer jobs.
Tip: Alternatively, you can set the appropriate environment variables. If an environment variable is set, it takes precedence over the config file settings.
You define and start the following job. You must edit the parameters in the config file before running this job.
Full Topology Upload job
A transient (one-off) job that loads all requested topology data.
This job is started by the vmwarensx_observer_query_start.sh script.
The VMware NSX Observer loads the following resources and their relationship into the Netcool Agile Service Manager core topology service:
  • NSX Appliance
  • vCenter Appliance
  • NSX Controller
  • Edge Router - Logical (Distributed) Router, Edge Service Gateway
  • Virtual Machines
  • Host
  • VNIC

Procedure

To edit the parameters in the config file

  1. Open the vmwarensx_observer_common.sh config file and edit (at least) the following parameters:
    api_url
    VMware NSX REST API endpoint
    username
    VMware NSX user name for REST API
    password
    VMware NSX user password for REST API
    Supply the VMware NSX user password in encrypted text.
    tenant_name
    VMware NSX tenant
    Set to 'default' if there is no specific tenant.
    ssl_truststore_file
    VMware NSX SSL trust store file for HTTPS authentication
    JKS is the supported format and the file is relative to the $ASM_HOME/security directory.
    password_ssl_truststore_file
    Password to decrypt an encrypted VMware NSX SSL trust store file
    Supply the VMware NSX SSL trust store password in encrypted format.
    Encryption requirement:
    The Load job requires passwords in encrypted form. To encrypt the nsx_password and password_ssl_truststore_file, run the encrypt_password.sh script in the $ASM_HOME/bin directory: 
    ./bin/encrypt_password.sh
    Enter and then confirm the password. The encryption utility will return an encrypted password.

To acquire VMware NSX SSL certificate and build SSL truststore

  1. Use the following command to use OpenSSL to connect to VMware NSX over port 443, and extract a SSL Certificate from VMware NSX to a <certificate_file_name>.crt file. 
    echo -n | openssl s_client -connect {VMware NSX IpAddress}:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./{certificate_file_name}.crt
  2. Use the following Java keytool command to import the VMware NSX certificate file into a keystore and encrypt the keystore with a given password. 
    keytool -import -v -trustcacerts -alias {VMware NSX Hostname} -file {certificate_file_name}.crt -keystore {keystore file name} -storepass {your password to encrypt keystore}
    Tip: You will need the following encryption information when editing vmwarensx_observer_common.sh
    Table 1. Encryption parameters required for vmwarensx_observer_common.sh
    keystore parameter vmwarensx_observer_common.sh parameter
    keystore password password_ssl_truststore_file
    keystore file name ssl_truststore_file
  3. Copy the keystore file ({keystore file name}) to the $ASM_HOME/security directory to complete the SSL setup.

To start the Load job

  1. To start the VMware NSX Observer Full Topology Upload job, use the following command: 
    $ASM_HOME/bin/vmwarensx_observer_query_start.sh
    This job loads all requested topology data. Run this job whenever you need VMware NSX topology data refreshed.

What to do next

You can also use the following scripts:
vmwarensx_observer_query_stop.sh
Stops the Full Topology Upload job
vmwarensx_observer_job_list.sh
Lists the status of current jobs
vmwarensx_observer_log_level.sh
Sets the log level
Remember: In addition to being configurable from the Observer Configuration UI, all on-prem observer jobs also have scripts to start and stop all available jobs, to list the status of a current job, and to set its logging levels. Scripts can be run with -h or --help to display help information, and with -v or --verbose to print out the details of the actions performed by the script, including the full cURL command. For the on-prem version of Agile Service Manager, observer scripts are configured for specific jobs by editing the script configuration files.