- 1. Infrastructure Providers
- 1.1. Discovering Infrastructure Providers
- 1.2. Red Hat Enterprise Virtualization Manager Providers
- 1.3. OpenStack Infrastructure Providers
- 1.4. VMware vCenter Providers
- 1.5. Microsoft SCVMM Providers
- 1.6. Refreshing Providers
- 1.7. Tagging Multiple Providers
- 1.8. Viewing a Provider
- 1.9. Removing a Provider
- 1.10. Viewing the Provider Timeline
- 1.11. Viewing Hosts and Clusters
- 1.12. Viewing Virtual Machines and Templates
- 2. Configuration Management Providers
- 2.1. Red Hat Satellite 6
- 2.2. Ansible Tower
- 2.2.1. Adding an Ansible Tower Provider
- 2.2.2. Refreshing an Ansible Tower Provider
- 2.2.3. Viewing Ansible Tower Providers and Inventory
- 2.2.4. Viewing Ansible Tower Configured Systems
- 2.2.5. Executing an Ansible Tower Job Template from a Service Catalog
- 2.2.6. Executing an Ansible Tower Job Using a Custom Automate Button
- 3. Cloud Providers
- 4. Network Managers
- 5. Containers Providers
- 5.1. Obtaining an OpenShift Enterprise Management Token
- 5.2. Enabling OpenShift Cluster Metrics
- 5.3. Adding an OpenShift Enterprise Provider
- 5.4. Tagging Containers Providers
- 5.5. Removing Containers Providers
- 5.6. Editing a Containers Provider
- 5.7. Viewing a Containers Provider’s Timeline
- 5.8. The Container Overview Page
- 6. Storage Managers
- 6.1. OpenStack Block Storage Managers
- 6.1.1. Creating Volumes on an OpenStack Block Storage Manager
- 6.1.2. Creating a Backup of a Volume
- 6.1.3. Restoring a Volume from a Backup
- 6.1.4. Creating a Snapshot of a Volume
- 6.1.5. Attaching a Volume to an Instance
- 6.1.6. Detaching a Volume from an Instance
- 6.1.7. Editing a Volume
- 6.1.8. Deleting a Volume
- 6.2. OpenStack Object Storage Managers
- 6.1. OpenStack Block Storage Managers
ManageIQ can manage a variety of external environments, known as providers and managers. A provider or manager is any system that ManageIQ integrates with for the purpose of collecting data and performing operations.
In ManageIQ, a provider is an external virtualization, cloud, or containers environment that manages multiple virtual machines or instances residing on multiple hosts. One example is Red Hat Virtualization, a platform that manages multiple hosts and virtual machines.
In ManageIQ, a manager is an external management environment that manages more than one type of resource. One example of a manager is OpenStack, which manages infrastucture, cloud, network, and storage resources.
This guide covers working with providers and managers in ManageIQ, which include:
-
Infrastructure providers
-
Configuration management providers
-
Automation management providers
-
Cloud providers
-
Networking management providers
-
Middleware management providers
-
Container providers
-
Storage managers
For information on working with the resources contained by a provider or manager, see Managing Infrastructure and Inventory.
1. Infrastructure Providers
In ManageIQ, an infrastructure provider is a virtual infrastructure environment that you can add to a ManageIQ appliance to manage and interact with the resources in that environment. This chapter describes the different types of infrastructure providers that you can add to ManageIQ, and how to manage them. Infrastructure providers can be either discovered automatically by ManageIQ, or added individually.
The web interface uses virtual thumbnails to represent infrastructure providers. Each thumbnail contains four quadrants by default, which display basic information about each provider:
-
Number of hosts
-
Management system software
-
Currently unused
-
Authentication status
Icon | Description |
---|---|
Validated: Valid authentication credentials have been added. |
|
Invalid: Authentication credentials are invalid. |
|
Unknown: Authentication status is unknown or no credentials have been entered. |
1.1. Discovering Infrastructure Providers
In addition to individually adding providers, you can also discover all infrastructure providers in a given subnet range.
-
Navigate to
. -
Click (Configuration), then click (Discover Infrastructure Providers).
-
Select the types of provider to discover.
-
Enter a Subnet Range of IP addresses starting with a From Address and ending with a To Address. The cursor automatically advances as you complete each octet.
-
Click Start.
The appliance searches for all infrastructure providers in the specified subnet range, and adds them to the user interface. However, before you can manage the providers added via discovery, you must edit each provider and specify authentication details.
1.2. Red Hat Enterprise Virtualization Manager Providers
To use a Red Hat Enterprise Virtualization Manager provider, add it to the appliance and authenticate its hosts.
1.2.1. Adding a Red Hat Enterprise Virtualization Provider
After initial installation and creation of a ManageIQ environment, add a Red Hat Enterprise Virtualization provider to the appliance.
-
Navigate to
. -
Click (Configuration), then click (Add a New Infrastructure Provider).
-
Enter the Name of the provider to add. The Name is how the device is labeled in the console.
-
Select Red Hat Enterprise Virtualization Manager from the Type list.
-
Enter the Host Name or IP address(IPv4 or IPv6) of the provider.
The Host Name must use a unique fully qualified domain name.
-
Enter the API Port if your provider uses a non-standard port for access.
-
Select the appropriate Zone for the provider. By default, the zone is set to default.
-
In the Credentials area, under Default, provide the login credentials required for the Red Hat Enterprise Virtualization administrative user:
-
Enter the user name,
admin@internal
, in the Username field. -
Enter the password in the Password field.
-
Confirm the password in the Confirm Password field.
-
Click Validate to confirm ManageIQ can connect to the Red Hat Enterprise Virtualization Manager.
-
-
Under C & U Database tab, provide the login credentials for the ManageIQ user of the Red Hat Enterprise Virtualization Data Warehouse database:
To collect capacity and utilization data, you must enable the capacity and utilization server roles available from the settings menu,
. For more information on capacity and utilization collection, see "Assigning the Capacity and Utilization Server Roles" in the Deployment Planning Guide.To collect capacity and utilization data for a Red Hat Enterprise Virtualization environment, the Data Warehouse and Reports components must be installed in that environment, and you must create a ManageIQ user in the Data Warehouse database.
To install the Data Warehouse and Reports components in a Red Hat Enterprise Virtualization environment, see the Red Hat Virtualization Installation Guide.
To create a ManageIQ user in the Data Warehouse database, see "Data Collection for Red Hat Enterprise Virtualization 3.3 and 3.4" in the Deployment Planning Guide. `
-
Enter the database user name in the Username field.
-
Enter the user password in the Password field.
-
Confirm the user password in the Confirm Password field.
-
Click Validate to confirm ManageIQ can connect to the database.
-
-
Click Save.
1.2.2. Authenticating Red Hat Enterprise Virtualization Hosts
After adding a Red Hat Enterprise Virtualization infrastructure provider, you must authenticate its hosts to enable full functionality.
-
Navigate to
. -
Click on a provider to display its summary screen.
-
On the summary screen, click Hosts in the Relationships information box to display the hosts on that provider.
-
Select the hosts to authenticate. You can select all hosts using the Check All option.
-
Click (Configuration).
-
Click (Edit this item).
-
In the Credentials area, enter credentials for the following, as required:
-
Default: This field is mandatory. Users should have privileged access such as, root or administrator.
-
Remote Login: Credentials for this field are required if SSH login is disabled for the Default account.
-
Web Services: This tab is used for access to Web Services in Red Hat Enterprise Virtualization.
-
IPMI: This tab is used for access to IPMI.
-
-
Click Validate.
-
If editing multiple hosts:
-
Select a host from the Select Host to validate against list.
-
If required, enter credentials for Remote Login, Web Services, and IPMI in their respective tabs; click Validate.
-
Select another host to validate each of these credentials against.
-
-
Click Add.
1.3. OpenStack Infrastructure Providers
Enable an OpenStack Infrastructure provider by adding it to the appliance.
1.3.1. Adding an OpenStack Infrastructure Provider
After initial installation and creation of a ManageIQ environment, add an OpenStack infrastructure provider to the appliance. ManageIQ supports operating with the OpenStack admin
tenant.
When creating an OpenStack infrastructure provider in ManageIQ, select the OpenStack infrastructure provider’s admin
user because it is the default administrator of the OpenStack admin
tenant.
When using the admin
credentials, a user in ManageIQ provisions into the admin
tenant, and sees images, networks, and instances that are associated with the admin
tenant.
You can set whether ManageIQ should use the Telemetry service or Advanced Message Queueing Protocol (AMQP) for event monitoring. If you choose Telemetry, you should first configure the ceilometer service on the undercloud to store events. See Configuring the Undercloud to Store Events for instructions. For more information, see OpenStack Telemetry (ceilometer) in the Red Hat OpenStack Platform Architecture Guide. |
-
Navigate to
. -
Click (Configuration), then click (Add a New Infrastructure Provider).
-
Enter the Name of the provider to add. The Name is how the device is labeled in the console.
-
Select OpenStack Platform Director from the Type list.
-
Select the API Version of your OpenStack provider’s Keystone service from the list. The default is
Keystone v2
.-
With Keystone API v3, domains are used to determine administrative boundaries of service entities in OpenStack. Domains allow you to group users together for various purposes, such as setting domain-specific configuration or security options. For more information, see OpenStack Identity (keystone) in the Red Hat OpenStack Platform Architecture Guide.
-
The provider you are creating will be able to see projects for the given domain only. To see projects for other domains, add it as another cloud provider. For more information on domain management in OpenStack, see Domain Management in the Red Hat OpenStack Platform Users and Identity Management Guide.
-
-
Select the appropriate Zone for the provider. By default, the zone is set to default.
For more information, see the definition of host aggregates and availability zones in OpenStack Compute (nova) in the Red Hat OpenStack Platform Architecture Guide. -
In the Default tab, under Endpoints, configure the host and authentication details of your OpenStack provider:
-
Enter the Host Name or IP address(IPv4 or IPv6) of the provider. If your provider is an undercloud, use its hostname (see Setting the Hostname for the System in Red Hat OpenStack Platform Director Installation and Usage for more details)
-
In API Port, set the public port used by the OpenStack Keystone service. By default, OpenStack uses port 5000 for this.
-
Select the appropriate Security Protocol used for authenticating with your OpenStack provider.
-
In the Username field, enter the name of an OpenStack user with privileged access (for example, admin). Then, provide its corresponding password in the Password and Confirm Password fields.
-
Click Validate to confirm ManageIQ can connect to the OpenStack provider.
-
-
Next, configure how ManageIQ should receive events from the OpenStack provider. Click the Events tab in the Endpoints section to start.
-
To use the Telemetry service of the OpenStack provider, select Ceilometer. Before you do so, the provider must first be configured accordingly. See Configuring the Undercloud to Store Events for details.
-
If you prefer to use the AMQP Messaging bus instead, select AMQP. When you do: In Hostname (or IPv4 or IPv6 address) (of the Events tab, under Endpoints), enter the public IP or fully qualified domain name of the AMQP host.
-
In the API Port, set the public port used by AMQP. By default, OpenStack uses port 5672 for this.
-
In the Username field, enter the name of an OpenStack user with privileged access (for example, admin). Then, provide its corresponding password in the Password and Confirm Password fields.
-
Click Validate to confirm the credentials.
-
-
-
You can also configure SSH access to all hosts managed by the OpenStack infrastructure provider. To do so, click on the RSA key pair tab in the Endpoints section.
-
From there, enter the Username of an account with privileged access.
-
If you selected SSL in Endpoints > Default > Security Protocol earlier, use the Browse button to find and set a private key.
-
-
Click Add after configuring the infrastructure provider.
ManageIQ requires that the |
Configuring the Undercloud to Store Events
To allow ManageIQ to receive events from a Red Hat OpenStack Platform environment, you must configure the notification_driver option for the Compute service and Orchestration service in that environment. To do so, edit undercloud.conf, and set store_events to true before installing the undercloud. See Installing the Undercloud and Configuring the Director in Red Hat OpenStack Platform Director Installation and Usage for related details.
1.4. VMware vCenter Providers
To use a VMware vCenter provider, add it to the appliance and authenticate its hosts.
1.4.1. Adding a VMware vCenter Provider
After initial installation and creation of a ManageIQ environment, add a VMware vCenter provider to the appliance.
-
Navigate to
. -
Click (Configuration), then click (Add a New Infrastructure Provider).
-
Enter the Name of the provider to add. The Name is how the device is labeled in the console.
-
Select VMware vCenter from the Type list.
-
Enter the Host Name or IP address(IPv4 or IPv6) of the provider.
The Host Name must use a unique fully qualified domain name.
-
Select the appropriate Zone for the provider. By default, the zone is set to default.
-
In the Credentials area, under Default, provide the login credentials required for the VMware vCenter administrative user:
-
Enter the user name in the Username field.
-
Enter the password in the Password field.
-
Confirm the password in the Confirm Password field.
-
Click Validate to confirm ManageIQ can connect to the VMware vCenter.
-
-
Click Add.
1.4.2. Authenticating VMware vCenter Hosts
The procedure below describes how to authenticate the VMware vCenter hosts.
-
Navigate to
. -
Click on a provider to display its summary screen.
-
On the summary screen, click Hosts in the Relationships information box to display the hosts on that provider.
-
Select the hosts to authenticate. You can select all hosts using the Check All option.
-
Click (Configuration)
-
Click (Edit Selected items).
-
In the Credentials area, under Default, provide the VMware ESXi login credentials:
-
Enter the user name in the Username field.
-
Enter the password in the Password field.
-
Confirm the password in the Confirm Password field.
-
Click Validate to confirm ManageIQ can connect to the VMware vCenter host.
-
-
If editing multiple hosts, select a host from the Select Host to validate against list; provide the VMware ESXi login credentials and click Validate.
-
Click Save.
Using a Non-Administrator Account for Host Credentials
After adding a VMware vCenter infrastructure provider, you must authenticate its hosts to enable full functionality. You can use administrator credentials, or create another user assigned to a role (See the VMware documentation for instructions on how to create a role) created for ManageIQ. The following privileges should be enabled for the non-administrator user:
From the Global group, check:
-
Cancel task
-
Diagnostics
-
Log Event
-
Set custom attribute
-
Settings
The entire set of privileges for the following groups should be checked:
-
Alarms
-
Datastores
-
dvPort Group
-
Host
-
Network
-
Resource
-
Scheduled Task
-
Tasks
-
Virtual Machine
-
vSphere Distributed Switch
Additionally, you must assign the new role to the following objects:
-
Datacenter: At the Datacenter the ManageIQ user/group must have at least the read-only role at the Datacenter level (Not Propagated) to be able to see the datacenter. Without this access, relationships cannot be made. Specifically, the datastores will not show up.
-
Cluster: Each Cluster that the ManageIQ needs access to must have the new role assigned and propagated.
-
Folders: Each Folder that ManageIQ needs access to must have the new role assigned and propagated.
-
Datastores: Each Datastore that ManageIQ needs access to must have the new role assigned and propagated.
-
Networking: Each vLAN or Port Group that ManageIQ needs access to must have the new role assigned and propagated.
1.5. Microsoft SCVMM Providers
To use a Microsoft System Center Virtual Machine Manager (SCVMM) provider, add it to the appliance and set up the SCVMM server for authentication.
To use a SCVMM provider, you must have at least one network adapter available for communication between the host and the SCVMM management server. Make sure that Used by Management is checked for this network adapter in the SCVMM host properties. |
1.5.1. Authenticating to Microsoft SCVMM
Before you can add a Microsoft SCVMM provider to your ManageIQ environment, you must enable WinRM to listen for HTTP traffic on Microsoft SCVMM servers. You must also set the appropriate execution policy on the Microsoft SCVMM server to allow PowerShell scripts from the appliance to run remotely.
-
Log in to the Microsoft SCVMM server.
-
Enable WinRM for configuration.
winrm quickconfig
-
Set the following options:
winrm set winrm/config/client/auth @{Basic="true"} winrm set winrm/config/service/auth @{Basic="true"} winrm set winrm/config/service @{AllowUnencrypted="true"}
-
For Windows 2012 R2 with PowerShell 4.0, use the following syntax to set these options:
winrm set winrm/config/client/auth '@{Basic="true"}' winrm set winrm/config/service/auth '@{Basic="true"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}'
-
Enable remote script execution on the SCVMM server using the Set-ExecutionPolicy cmdlet.
Set-ExecutionPolicy RemoteSigned
For more information on SCVMM remote script execution policies, see Using the Set-ExecutionPolicy Cmdlet.
If PowerShell returns an error, search for log_dos_error_results
in the evm.log
and scvmm.log
files for information.
1.5.2. Adding a Microsoft SCVMM Provider
After initial installation and creation of a ManageIQ environment, add a Microsoft System Center Virtual Machine Manager (SCVMM) provider to the appliance.
-
Navigate to
. -
Click (Configuration), then click (Add a New Infrastructure Provider).
-
Enter the Name of the provider to add. The Name is how the device is labeled in the console.
-
Select Microsoft System Center VMM from the Type list.
-
Enter the Host Name or IP address(IPv4 or IPv6) of the provider.
The Host Name must use a unique fully qualified domain name.
-
Select Kerberos or Basic (SSL) from the Security Protocol list.
-
For Kerberos:
-
Enter the user name and realm in the Username field.
-
Enter the password in the Password field.
-
Enter the password again in the Confirm Password field.
-
-
For Basic (SSL):
-
Enter the user name in the Username field.
-
Enter the password in the Password field.
-
Enter the password again in the Confirm Password field.
-
-
-
Click Validate to confirm that ManageIQ can connect to the Microsoft System Center Virtual Machine Manager.
-
Click Add.
1.6. Refreshing Providers
Refresh a provider to find other resources related to it. Use Refresh after initial discovery to get the latest data about the provider and the virtual machines it can access. Ensure the provider has credentials to do this. If the providers were added using Discovery, add credentials using (Edit Selected Infrastructure Provider).
-
Navigate to
. -
Select the providers to refresh.
-
Click (Configuration), and then (Refresh Relationships and Power States).
-
Click OK.
1.7. Tagging Multiple Providers
Apply tags to all providers to categorize them together at the same time.
-
Navigate to
. -
Check the providers to tag.
-
Click (Policy), and then (Edit Tags).
-
In the Tag Assignment area, select a customer tag to assign from the first list, then select a value to assign from the second list.
-
Select more tags as required; click (Save).
1.8. Viewing a Provider
From a list of providers, you can review a specific provider by clicking on it. This displays various options to access provider information.
There are two methods of viewing an infrastructure provider’s details: the summary screen (default) and the dashboard screen. Use the summary and dashboard buttons to toggle between views.
Both the summary and dashboard screens contain a taskbar with Reload, Configuration, Policy, Monitoring, and Authentication buttons to manage the selected provider.
The provider summary screen displays information about the provider in table format.
-
Provider accordion: Displays details about the provider’s Properties and Relationships on the sidebar. Click to expand these lists.
-
Provider summary: Displays a provider’s Properties, Status, Relationships, and Smart Management. Click on an item in the Relationships table to see more information about that entity.
From the dashboard, you can view:
-
Number of clusters, hosts, virtual machines, templates, datastores, resource pools, and other entities on the provider. Click on an entity to see more information about that item.
-
Aggregate utilization for CPU, memory, and storage
-
Network I/O statistics
-
Trends for hosts and virtual machines discovered
To view the dashboard:
-
Navigate to
. -
Click the infrastructure provider to view.
-
To access the dashboard view, click (Dashboard view).
To return to the summary view, click (Summary view).
1.9. Removing a Provider
If a provider has been decommissioned or requires some troubleshooting, it might require deletion from the VMDB.
Deleting a provider removes the account information from ManageIQ console. You will no longer be able to view any associated history including chargeback reports generated for the deleted provider. Additionally, if ManageIQ is the database of record, deleting providers would become a major problem for the other systems relying on it for accurate and consistent billing information. Review all the dependencies carefully before deleting a provider.
-
Navigate to
. -
Select the check box for the provider to delete.
-
Click (Configuration), then (Remove Infrastructure Providers from the VMDB).
-
Click (OK).
1.10. Viewing the Provider Timeline
View the timeline of events for the virtual machines registered to a provider.
-
Navigate to
. -
Click a provider.
-
Click (Monitoring), and then (Timelines)from the taskbar, or from the provider accordion, click
. -
From Options, customize the period of time to display and the types of events to see.
-
Use Show to select regular Management Events or Policy Events.
-
Use the Interval dropdown to select hourly or daily data points.
-
Use Date to type the date for the timeline to display.
-
If you select to view a daily timeline, use Show to set how many days back to go. The maximum history is 31 days.
-
The three Event Groups lists allow you to select different groups of events to display. Each has its own color.
-
From the Level list, select a Summary event, or a Detail list of events. For example, the detail level of a Power On event might include the power on request, the starting event, and the actual Power On event. If you select Summary, only the Power On event displays in the timeline.
-
2. Configuration Management Providers
In ManageIQ, a configuration management provider is a systems management product that you can add to a ManageIQ appliance to manage the lifecycle of your resources. Configuration management providers are useful for uniformly applying changes and updates across providers, and for recording and reporting status and change activity. They can also help eliminate the confusion and error brought about by the existence of different providers.
This chapter describes the different types of configuration management providers available to ManageIQ, and how to manage them. Configuration management providers must be added individually to ManageIQ.
2.1. Red Hat Satellite 6
Satellite 6 is a subscription and system management tool that provides a way to provision hosts (both virtual and bare metal) and configure them using a set of Puppet modules. ManageIQ provides functionality to integrate with a Red Hat Satellite 6 server and take advantage of its features. This includes:
-
Monitoring the inventory of your Red Hat Satellite 6 server, including independent hosts and hosts provisioned using hostgroups.
-
Reprovisioning existing bare metal system hosts to new host groups.
-
Applying ManageIQ policy tags to hosts.
ManageIQ only reprovisions existing systems in a Red Hat Satellite 6 environment. Provisioning systems from Red Hat Satellite 6’s bare metal discovery service is planned for a future release. |
2.1.1. Defining the Workflow
This section uses the following workflow:
-
Add Red Hat Satellite 6 server details to ManageIQ.
-
Refresh the state of your Red Hat Satellite 6 provider in ManageIQ.
-
Select an existing bare metal host from Red Hat Satellite 6 for reprovisioning.
-
Apply policy tags to Red Hat Satellite 6 hosts.
2.1.2. Defining the Hostgroup Hierarchy
ManageIQ displays the Red Hat Satellite 6 infrastructure in a host group and host relationship. A host group defines a set of default values that hosts inherit when placed in that group. Hosts can belong to only one host group, but host groups can be nested in hierarchies. You can create a "base" or "parent" host group that represents all hosts in your organization, and then create nested or "child" host groups under that parent to provide specific settings.
2.1.3. Adding a Satellite 6 Provider
To start provisioning bare metal machines, you need at least one Red Hat Satelllite 6 provider added to ManageIQ.
-
Navigate to
. -
Select
. -
Enter a Name for the provider.
-
Enter a URL for the provider. This is the root URL for the Satellite 6 server and can be either an IP address or a hostname. For example, http://satellite6.example.com.
-
Select Verify Peer Certificate to use encrypted communication with the provider. This requires the SSL certificates from your Red Hat Satellite 6 provider.
-
Enter a Username for a user on the provider. Ideally, this would be a user in Satellite 6 with administrative access.
-
Enter a Password, and then enter it again in Confirm Password.
-
Click Validate to test your connection with the Red Hat Satellite 6 server.
-
Click Add to confirm your settings and save the provider.
ManageIQ saves the Satellite 6 provider in its database and triggers a refresh of resources detected in the provider.
2.1.4. Triggering a Refresh of a Satellite 6 Provider
Your Satellite 6 provider can still create new hosts independently of ManageIQ. Your ManageIQ appliance detects these changes after an automatic refresh period. However, you can trigger a manual refresh to avoid waiting for the automatic refresh.
-
Navigate to
. -
Select your Red Hat Satellite 6 provider using the checkbox, and click
. This triggers the refresh. -
When the refresh is complete, select the Red Hat Satellite 6 provider to check the updated list of hosts groups in the provider.
2.1.5. Displaying Red Hat Satellite 6 Contents
ManageIQ provides two methods for viewing the contents of a Red Hat Satellite 6 provider:
-
Providers - This presents the Red Hat Satellite 6 contents as a hierarchy of host groups belonging to a provider, and then individual hosts belonging to each provider.
-
Configured Systems - This presents a list of all hosts on your Red Hat Satellite 6 server. This also provides a method to apply predefined filters to organized specific machines.
Change between these two views using the accordion menu on the left of the user interface.
2.1.6. Reprovisioning a Bare Metal Host
This procedure provides an example of reprovisioning an existing bare metal system into a new hostgroup. For this example, your Red Hat Satellite 6 environment requires the following:
-
An existing bare metal system stored as a host object in your Red Hat Satellite 6 server. This system can be one of the following:
-
A standalone system previously provisioned without a host group.
-
A system previously provisioned using a host group.
-
-
A target host group. This host group contains the system configuration to apply to the host when reprovisioning it. This includes:
-
A new operating system installation, including a new partition table.
-
A new networking configuration that the Red Hat Satellite 6 server defines and manages.
-
Registration to any Red Hat subscriptions and repositories assigned to the host group.
-
Application of any Puppet modules assigned to the host group.
-
-
Navigate to
. -
Select Configured Systems from the accordion menu on the left. This displays the system list.
-
Select one or more hosts to reprovision.
-
Select
. -
Under the Request tab, enter the following details:
-
E-Mail address
-
First Name
-
Last Name
-
This form also contains optional fields for users to enter a plain text Note to inform ManageIQ administrators of any special details, and a field to provide a manager’s name in case administrators require approval from a user’s manager.
-
-
Select the Purpose tab and select any ManageIQ policy tags that apply to the system.
-
Select the Catalog tab. This screen displays the list of chosen machines to reprovision and their current details. Select a target host group from the Configuration Profile list. ManageIQ communicates with Red Hat Satellite to apply the configuration from this host group to the selected host and reprovision the system.
-
Select the Customize tab. This screen displays some customizable fields for the selected system. You can change the Root Password or change the Hostname and IP Address. Note that these fields are optional, because the host group in Red Hat Satellite 6 contains this information. The fields here will override the settings from the host group.
Provisioning bare metal systems still requires access to the network that Red Hat Satellite 6 manages. This is because Red Hat Satellite controls PXE booting, kickstarts, and Puppet configuration for bare metal systems. Ensure the IP address you enter in ManageIQ can access a DHCP service that Red Hat Satellite 6 provides either through the main server or through a Red Hat Satellite 6 Capsule server.
-
Select the Customize tab. This screen allows you to either launch the provisioning process immediately on approval or using a schedule. Click Schedule to show the date and time fields used to schedule the provisioning.
-
Click Submit.
Depending on the request settings on your ManageIQ appliance, this provisioning request might require approval from an administrator. If not, the provisioning request launches depending on your choice for the schedule.
Previously provisioned hosts might require manual selection of PXE boot from the boot menu, otherwise they might boot to hard disk and not reprovision. |
2.1.7. Tagging a Bare Metal Host
ManageIQ can also control policy settings of bare metal systems from Red Hat Satellite 6 through tagging. Tagging attaches levels of metadata to help define the policy rules required for a set of systems.
-
Navigate to
. -
Select Configured Systems from the accordion menu on the left. This displays the system list.
-
Select one or more hosts to tag.
-
Select
. -
Under Tag Assignment, select a tag from Select a customer tag to assign and then choose a value from Select a value to assign. For example, you can tag this system as located in Chicago by selecting
Location
as the tag andChicago
as the value. Once selected, the user interface automatically adds this tag and value to the table below. -
Click Save.
The bare metal system is now configured with a set of policy tags.
2.2. Ansible Tower
Ansible Tower is a management tool integrated with ManageIQ, designed to help automate infrastructure operations. ManageIQ allows you to execute Ansible Tower jobs using service catalogs and Automate. No custom configuration or Ruby scripting is needed in ManageIQ, as configuration is done in Ansible Tower using playbooks.
You can use the large library of existing Ansible playbooks as ManageIQ state machines to automate tasks such as backups, package updates, and maintenance in your ManageIQ environment. This also includes deploying Red Hat Satellite agents on bare metal machines as required. This can be particularly useful for quickly applying changes across large environments with many virtual machines or instances. Using Ansible Tower, you can schedule Ansible playbook runs and monitor current and historical results, allowing for troubleshooting or identification of issues before they occur.
The basic workflow when using ManageIQ with an Ansible Tower provider is as follows:
-
Create an Ansible playbook which performs a specific task.
-
A new Ansible Tower job template is created from the playbook, which is then retrieved by ManageIQ.
-
From the Ansible Tower job template, create a new catalog item in ManageIQ, optionally with a service dialog that allows the user to enter parameters if needed.
-
The user orders the service from the ManageIQ user interface, and fills out any additional arguments (for example, limiting the task to run on a specific set of virtual machines).
-
The job executes.
For more information on Ansible playbooks, see the Ansible playbook documentation. |
2.2.1. Adding an Ansible Tower Provider
To access your Ansible Tower inventory from ManageIQ, you must add Ansible Tower as a provider.
-
Navigate to
. -
Under Configuration, click Add a new Provider.
-
In the Add a new Configuration Management Provider area:
-
Enter a Name for the new provider.
-
In the Type field, select Ansible Tower from the list.
-
Enter the URL location or IP address to the Ansible Tower server.
-
-
Select the Verify Peer Certificate checkbox if desired.
-
In the Credentials area, provide the Username and Password, and Confirm Password.
-
Click Add.
After adding the Ansible Tower provider, refresh its relationships and power states in order to view the current inventory.
2.2.2. Refreshing an Ansible Tower Provider
Refresh relationships of all items related to an existing Ansible Tower configuration management provider including inventory, hosts, virtual machines, and clusters.
You can refresh inventory from ManageIQ, or by enabling the Update on Launch option for inventory groups in Ansible Tower. The Update on Launch option allows Ansible Tower to automatically update inventory using a dynamic inventory script before launching an Ansible Tower job from a playbook. See the Ansible Tower documentation for more information.
It can take a long time to retrieve information from providers containing many virtual machines or instances. The Ansible Tower dynamic inventory script can be modified to limit updates to specific items and reduce refresh time. |
To refresh an Ansible Tower provider’s inventory in ManageIQ:
-
Navigate to
. -
Select the checkboxes for the Ansible Tower providers to refresh under All Ansible Tower Providers.
-
Click (Configuration), and then (Refresh Relationships and Power States).
-
Click OK.
ManageIQ then queries the Ansible Tower API and obtains an inventory of all available hosts and job templates.
2.2.3. Viewing Ansible Tower Providers and Inventory
ManageIQ automatically updates its inventory from Ansible Tower. This includes system groups (known as Inventories in Ansible Tower), basic information about individual systems, and available Ansible Tower job templates to be executed from the service catalog or Automate.
To view and access Ansible Tower inventories and job templates in ManageIQ, you must first create them in Ansible Tower. |
To view a list of Ansible Tower providers and inventory:
-
Navigate to
. -
Under All Configuration Manager Providers, select the Ansible Tower Providers accordion menu to display a list of providers.
-
Select your Ansible Tower provider to expand and list the inventory groups on that Ansible Tower system. The inventory groups can be expanded to view the systems contained within each group, as well as configuration details for these systems.
Similarly, all discovered job templates are accessed under the provider by expanding the
accordion menu.2.2.4. Viewing Ansible Tower Configured Systems
To view the systems in your Ansible Tower inventory:
-
Navigate to
. -
Under All Configured Systems, select Ansible Tower Configured Systems to display a list.
2.2.5. Executing an Ansible Tower Job Template from a Service Catalog
You can execute an Ansible Tower playbook from ManageIQ by creating a service catalog item from an Ansible Tower job template.
You must first create the job template in Ansible Tower. The job templates are automatically discovered by ManageIQ when refreshing your Ansible Tower provider’s inventory. |
First, create a catalog:
-
Navigate to
. -
Click (Configuration), then (Add a New Catalog)
-
Enter a Name and Description for the catalog.
-
Click Add.
Then, create an Ansible Tower service catalog item:
-
Navigate to
. -
Click Ansible Tower Job Templates and select an Ansible Tower job template.
-
Click (Configuration), then (Create Service Dialog from this Job Template).
-
Enter a Service Dialog Name (for example, ansible_tower_job)and click Save.
-
Navigate to
. Click Catalog Items. -
Click (Configuration), then (Add a New Catalog Item) to create a new catalog item with the following details, at minimum:
-
For Catalog Item type, select Ansible Tower.
-
Enter a Name for the service catalog item.
-
Select Display in Catalog.
-
In Catalog, select the catalog you created previously.
-
In Dialog, select the service dialog you created previously (in this example, ansible_tower_job). No Dialog can be selected if the playbook does not require extra variables from the user. To ask the user to enter extra information when running the task, Service Dialog must be selected.
-
In Provider, select your Ansible Tower provider. This brings up the Ansible Tower Job Template option and configures the Provisioning Entry Point State Machine automatically.
-
Select your desired Ansible Tower Job Template from the list. Generally, this is the Ansible Tower job template previously used to create the service dialog.
-
-
Click Add. The catalog item you created will appear in the All Service Catalog Items list.
To execute the Ansible Tower job:
-
Navigate to
. -
Click Order for the catalog item.
-
Enter any variables requested and click Submit.
ManageIQ takes you to the Requests queue page and show the status of the job.
The service item’s details can be viewed in
in ManageIQ.
Instead of running a single job at a time, multiple service catalog items can also be grouped together as a catalog bundle to create one deployment with multiple job templates. See Catalogs and Services in Provisioning Virtual Machines and Hosts for more information. |
2.2.6. Executing an Ansible Tower Job Using a Custom Automate Button
ManageIQ can execute Ansible Tower jobs on virtual machines or instances using custom buttons in Automate.
Ansible Tower jobs can either be non-customizable, which do not require any extra configuration from the user, or alternatively, they can allow the user to specify a parameter (for example, a package name to install). In Ansible Tower jobs containing a dialog, ManageIQ accepts additional information from the user and adds it to the appropriate API call in Automate, and then sends it into Ansible Tower.
Before creating an Automate button to execute an Ansible Tower job, the following must be configured:
-
An Ansible playbook in Ansible Tower. See the Ansible Tower documentation for instructions.
-
Ansible Tower must be able reach virtual machines or instances deployed by ManageIQ at the IP level.
-
The virtual machine template must have the Ansible Tower environment’s public SSH key injected. For cloud instances,
cloud-init
can be used and the public SSH key can be passed without rebuilding the image. -
Any dynamic inventory scripts used must be configured to return the virtual machine names exactly as they are stored in ManageIQ, without the UUID appended.
To configure a custom button to execute an Ansible Tower job on a virtual machine or instance, first create the button:
-
Navigate to
. -
Click the Buttons accordion menu.
-
Click
. This configures the button to run on virtual machines or instances. -
Click (Configuration), then click (Add a new Button).
-
In the Adding a new Button screen, configure the Action parameters as desired. Dialog can be left blank if the playbook does not require extra variables. To ask the user to enter extra information when running the task, Service Dialog must be selected.
-
Configure Object Details fields with the following request details:
-
For System/Process, select Request.
-
For Message, enter create.
-
For Request, enter Ansible_Tower_Job.
-
-
Configure Attribute/Value Pairs with the following parameters:
-
job_template_name is the Ansible Tower job template name to associate with the button. The job_template_name field is mandatory; other parameters are provided by the Tower job dialog.
-
-
Configure Visibility to all users, or limit visibility by role as desired.
-
Click Add.
-
If you do not have an existing button group to assign the new button to, create a new button group:
-
From
, navigate to , and configure the following:-
Configure Basic Info as desired. For example, name the button group
VM Actions
. -
In Assign Buttons, select the button you just created from the Unassigned list and click to assign it to Selected.
-
Click Add.
-
To assign the button to an existing button group:
-
Navigate to
. -
In Assign Buttons, select the button you just created from the Unassigned list and click to assign it to Selected.
-
Click Add.
To use the button to run an Ansible Tower job on a virtual machine:
-
Navigate to
. -
Select the virtual machine to run the Ansible Tower job template on.
-
Click the VM Actions button to show the button you created, and click the button from the list to run the Ansible Tower job template.
-
Click Submit to execute the job.
ManageIQ then confirms the job has been executed.
If you selected a service dialog to run when creating the button, ManageIQ will then prompt you to enter variables to complete the task. After entering your desired parameters, ManageIQ takes you to the Requests page.
The service item’s details can be viewed in
in ManageIQ.3. Cloud Providers
In ManageIQ, a cloud provider is a cloud computing environment that you can add to a ManageIQ appliance to manage and interact with the resources in that environment. This chapter describes the different types of cloud providers that you can add to ManageIQ, and how to manage them. Most cloud providers are added individually to ManageIQ. Additionally, Amazon EC2 and Azure cloud providers can be discovered automatically by ManageIQ.
The web interface uses virtual thumbnails to represent cloud providers. Each thumbnail contains four quadrants by default, which display basic information about each provider:
-
Number of instances
-
Management system software
-
Number of images
-
Authentication status
Icon | Description |
---|---|
Validated: Valid authentication credentials have been added. |
|
Invalid: Authentication credentials are invalid. |
|
Unknown: Authentication status is unknown or no credentials have been entered. |
3.1. OpenStack Providers
3.1.1. Adding OpenStack Providers
ManageIQ supports operating with the OpenStack admin
tenant.
When creating an OpenStack provider in ManageIQ, select the OpenStack provider’s admin
user because it is the default administrator of the OpenStack admin
tenant.
When using the admin
credentials, a user in ManageIQ provisions into the admin
tenant, and sees images, networks, and instances that are associated with the admin
tenant.
In OpenStack, you must add |
When adding an OpenStack cloud or infrastructure provider, you can enable tenant mapping in ManageIQ to map any existing tenants from that provider. This means ManageIQ will create new cloud tenants to match each of existing OpenStack tenants; each new cloud tenant and its corresponding OpenStack tenant will have identical user memberships, quotas, access/security rules, and resources assignments.
During a provider refresh, ManageIQ will also check for any changes to the tenant list in OpenStack. ManageIQ will create new cloud tenants to match any new tenants, and delete any cloud tenants whose corresponding OpenStack tenants no longer exist. ManageIQ will also replicate any changes to OpenStack tenants to their corresponding cloud tenants.
You can set whether ManageIQ should use the Telemetry service or Advanced Message Queueing Protocol (AMQP) for event monitoring. If you choose Telemetry, you should first configure the ceilometer service on the overcloud to store events. See Configuring the Overcloud to Store Events for instructions. For more information, see OpenStack Telemetry (ceilometer) in the Red Hat OpenStack Platform Architecture Guide. |
-
Navigate to
. -
Click (Configuration), then click (Add a New Cloud Provider).
-
Enter a Name for the provider.
-
From the Type drop down menu select OpenStack.
-
Select the appropriate API Version from the list. The default is
Keystone v2
.If you select
Keystone v3
, enter theKeystone V3 Domain ID
that ManageIQ should use. This is the domain of the user account you will be specifying later in the Default tab. If domains are not configured in the provider, enter default.-
With Keystone API v3, domains are used to determine administrative boundaries of service entities in OpenStack. Domains allow you to group users together for various purposes, such as setting domain-specific configuration or security options. For more information, see OpenStack Identity (keystone) in the Red Hat OpenStack Platform Architecture Guide.
-
The provider you are creating will be able to see projects for the given domain only. To see projects for other domains, add it as another cloud provider. For more information on domain management in OpenStack, see Domain Management in the Red Hat OpenStack Platform Users and Identity Management Guide.
-
-
By default, tenant mapping is disabled. To enable it, set Tenant Mapping Enabled to Yes.
-
Select the appropriate Zone for the provider. By default, the zone is set to default.
For more information, see the definition of host aggregates and availability zones in OpenStack Compute (nova) in the Red Hat OpenStack Platform Architecture Guide. -
In the Default tab, under Endpoints, configure the host and authentication details of your OpenStack provider:
-
In Hostname (or IPv4 or IPv6 address), enter the public IP or fully qualified domain name of the OpenStack Keystone service.
The hostname required here is also the OS_AUTH_URL value in the ~/overcloudrc file generated by the director (see Accessing the Overcloud in Red Hat OpenStack Platform Director Installation and Usage), or the ~/keystonerc_admin file generated by Packstack (see Evaluating OpenStack: Single-Node Deployment). -
In API Port, set the public port used by the OpenStack Keystone service. By default, OpenStack uses port 5000 for this.
-
Select the appropriate Security Protocol used for authenticating with your OpenStack provider.
-
In the Username field, enter the name of a user in the OpenStack environment.
In environments that use Keystone v3 authentication, the user must have the admin role for the relevant domain.
-
In the Password and Confirm Password fields, enter the password for the user.
-
Click Validate to confirm ManageIQ can connect to the OpenStack provider.
-
-
Next, configure how ManageIQ should receive events from the OpenStack provider. Click the Events tab in the Endpoints section to start.
-
To use the Telemetry service of the OpenStack provider, select Ceilometer. Before you do so, the provider must first be configured accordingly. See Configuring the Overcloud to Store Events for details.
-
If you prefer to use the AMQP Messaging bus instead, select AMQP. When you do: In Hostname (or IPv4 or IPv6 address) (of the Events tab, under Endpoints), enter the public IP or fully qualified domain name of the AMQP host.
-
In the API Port, set the public port used by AMQP. By default, OpenStack uses port 5672 for this.
-
In the Username field, enter the name of an OpenStack user with privileged access (for example, admin). Then, provide its corresponding password in the Password and Confirm Password fields.
-
Click Validate to confirm the credentials.
-
-
-
Click Add after configuring the cloud provider.
To collect inventory and metrics from an OpenStack environment, the ManageIQ appliance requires that the adminURL endpoint for the OpenStack environment be on a non-private network.
Hence, the OpenStack adminURL endpoint should be assigned an IP address other than |
Configuring the Overcloud to Store Events
By default, the Telemetry service does not store events emitted by other services in a Red Hat OpenStack Platform environment. The following procedure outlines how to enable the Telemetry service on your OpenStack cloud provider to store such events. This ensures that events are exposed to ManageIQ when a Red Hat OpenStack Platform environment is added as a cloud provider.
-
Log in to the undercloud host.
-
Create an environment file called ceilometer.yaml, and add the following contents:
parameter_defaults: CeilometerStoreEvents: true
-
Please see the below NOTE.
If your OpenStack cloud provider was not deployed through the undercloud, you can also set this manually. To do so:
-
Log in to your Controller node.
-
Edit /etc/ceilometer/ceilometer.conf, and specify the following option:
store_events = True
Passing the newly created environment file to the overcloud deployment is environment specific and requires executing commands in particular order depending on use of variables. For further information please see Director Installation and Usage in the Red Hat OpenStack Platform documentation. |
3.2. Azure Providers
3.2.1. Adding Azure Providers
ManageIQ supports Microsoft Azure providers. Before ManageIQ can be authenticated to Microsoft Azure, you must complete a series of prerequisite steps using the Azure portal; see Create Active Directory application and service principal account using the Azure portal. Follow the steps to set up an Azure Active Directory (Azure AD) and assign the required permissions to it, then create an Azure Active Directory application, and obtain the Application ID (Client ID), Directory ID (Tenant ID), Subscription ID, and Key Value (Client Key) that are required to add and connect to the Azure instance as a provider in ManageIQ. Currently, all of these steps can be performed using either the Azure Resource Manager or Service Manager (Classic) mode.
In the steps described in Create Active Directory application and service principal account using the Azure portal:
|
So, after a service principal account (instance of an application in a directory) has been created using the Azure portal, the following four pieces of information will be available within the Azure AD module.
-
Directory ID (Tenant ID)
-
Subscription ID
-
Application ID (Client ID)
-
Client Key
You can now use these values in the procedure below to add an Azure cloud instance as a provider to ManageIQ.
To Add an Azure Cloud Provider:
-
Navigate to
. -
Click (Configuration), then click (Add a New Cloud Provider).
-
Enter a Name for the provider.
-
From the Type list, select Azure.
-
Select a region from the Region list. One provider will be created for the selected region.
-
Enter Tenant ID.
-
Enter Subscription ID.
-
Enter Zone.
-
In the Credentials section, enter the Client ID and Client Key; click Validate.
-
Click Add.
3.2.2. Discovering Azure Providers
ManageIQ provides the ability to discover a set of Microsoft Azure providers across all regions.
-
Navigate to
. -
Click (Configuration), then click (Discover Cloud Providers).
-
Select Azure from the Discover Type list.
-
In the Credentials section, enter your Azure Client ID, Client Key, Azure Tenant ID, and the Subscription ID for that tenant.
-
Click Start.
3.3. Amazon EC2 Providers
3.3.1. Permissions for Amazon EC2 Providers
Red Hat recommends using Amazon EC2’s Power User Identity and Access Management (IAM) policy when adding Amazon EC2 as a cloud provider in ManageIQ. This policy allows those in the Power User group full access to AWS services except for user administration, meaning a ManageIQ API user can access all of the API functionality, but cannot access or change user permissions.
Further limiting API access limitations can limit Automate capabilities, as Automate scripts directly access the AWS SDK to create brand new application functionality.
The AWS services primarily accessed by the ManageIQ API include:
-
Elastic Compute Cloud (EC2)
-
CloudFormation
-
CloudWatch
-
Elastic Load Balancing
-
Simple Notification Service (SNS)
-
Simple Queue Service (SQS)