Integration with VMWare's vCenter

From OpenNMS
Jump to navigation Jump to search

References

See also the OpenNMS User Conference 2013 presentation by Ronny Trommer at http://www.opennms.eu/opennms-meets-vmware-infrastructure/

Tested

Tested with OpenNMS 1.11.90 development/test version.

About

This is a feature in the OpenNMS ver. 1.12 release. It allows VMware virtual machines to be discovered and VMware performance and machine health statistics to be collected by querying a vCenter server managing one or more VMware host servers.

Preparing VMware vCenter

To allow communication between OpenNMS and VMware vCenter, it is necessary to create a user and a role for authentication and permissions. The following screenshots show the configuration which is necessary in VMware vCenter. We can copy the Read-Only role, cause in the current status, we don't have any writing interaction with VMware vCenter.

To allow access to hardware sensors, it is important to give the role the additional permission CIM Interaction.

Create a new vCenter OS user

We have to create a VMware vCenter user. vCenter uses the operating system's local user list, so create a new local user on the vCenter server system. Note the user password for later use.

In the example below, the user is named OpenNMS and the password is changeme.

Create a new vCenter user security role

Log into vCenter server.

Go to Home > Administration > Roles. Right-click the built-in role "Read-only" and choose "Clone". Rename this cone to be called "OpenNMS-Access".

0-Cloning.png

Right-click the role "OpenNMS-Access" > Edit Role...

Edit the new role "OpenNMS-Access" and enable the specific permission "Host > CIM > CIM interaction".

1-editing.png

Assign the new security role to the OpenNMS vCenter user

Add this new role to the existing "OpenNMS" user created earlier using "Home > Inventory > Hosts and Clusters" > right-click the vCenter server > "Add Permission..."

2-permission.png

In "Users and Groups", click "Add..." and select the "OpenNMS" user from the pick list. In "Assigned Role", assign this user the role "OpenNMS-Access". Leave "Propagate to Child Objects" enabled (the default).

3-adding.png

4-ok.png

Test VMware access

Using a tool provided with OpenNMS, test VMware vCenter access using the account created above.

On the OpenNMS server, run:

/usr/share/opennms/bin/vmwarecimquery <hostname> <username> <password>

For example,

/usr/share/opennms/bin/vmwarecimquery vCenterServer.domain.local OpenNMS changeme

Note: The location of the binary files may be different on your system. The example above is for a Debian/Ubuntu system.

If permissions are set correctly, this command should display a considerable amount of output showing lists of temperature sensors, fans and so on.

If this output is not seen, inspect the configuration above and repeat the test until the vmwarecimquery command succeeds before proceeding.

If you have multiple AD domains, then use <username>@<domain> instead of <domain>\<username>

Generate and deploy customized OpenNMS configuration files

Generate customized OpenNMS configuration files

Using a tool provided with OpenNMS, generate customized OpenNMS configuration files for your VMware installation.

On the OpenNMS server, change to a directory such as /tmp and run:

cd /tmp
/usr/share/opennms/bin/vmwareconfigbuilder <hostname> <username> <password> -rrdRepository <arg>

For example,

cd /tmp
/usr/share/opennms/bin/vmwareconfigbuilder vCenterServer.domain.local OpenNMS changeme -rrdRepository /var/lib/opennms/rrd/snmp/

Note: The location of the binary files and RRD files may be different on your system. The example above is for a Debian/Ubuntu system.

The tool should correctly identify the vCenter Server version and generate three OpenNMS configuration files, with the correct major VMware version number.

Example output using VMware 4.0 update 2.

Generating configuration files for 'VMware vCenter Server 4.0.0 build-258672' using rrdRepository '/var/lib/opennms/rrd/snmp'...
Saving file 'vmware4-datacollection-config.xml'...
Saving file 'vmware4.xml'...
Saving file 'vmware4-graph-simple.properties'...

Deploy customized OpenNMS configuration files

The customized configuration files need to be copied to the OpenNMS configuration file directory.

The following example is tested on Debian/Ubuntu.

cd /tmp

# rename the original files to move them out of the way but keep them just in case
mv /etc/opennms/vmware-datacollection-config.xml /etc/opennms/vmware-datacollection-config.xml.orig
mv /etc/opennms/snmp-graph.properties.d/vmware4-graph-simple.properties /etc/opennms/snmp-graph.properties.d/vmware4-graph-simple.properties.orig
mv /etc/opennms/datacollection/vmware4.xml /etc/opennms/datacollection/vmware4.xml.orig

# move the new files into place
mv vmware4-datacollection-config.xml /etc/opennms/vmware-datacollection-config.xml
mv vmware4-graph-simple.properties /etc/opennms/snmp-graph.properties.d/
mv vmware4.xml /etc/opennms/datacollection/

Configure vmware-config.xml

Edit /etc/opennms/vmware-config.xml to specify which vCenter servers to query and what the access credentials should be (use the vCenter OpenNMS user created above).

Add in a line below the XML comments to indicate the vCenter server to query.

For example:

vi /etc/opennms/vmware-config.xml
...
-->
 <vmware-server hostname="vCenterServer.domain.local" username="OpenNMS" password="changeme"/>
</vmware-config>

OpenNMS provisioning configuration

Now configure OpenNMS to query the specified vCenter server on a regular schedule to detect the vCenter server and the VMware virtual machines being managed by it.

This prototype is a proof-of-concept and has the use case in mind to provide virtual machines from VMware vCenter into OpenNMS. It should help to allow an easy manageable workflow to provide virtual nodes automatically in the network management. VMware vCenter provides a set of web services to allow access to virtual machines and the hosts underneath. This integration prototype covers the following functions:

  • Provide all virtual machines as nodes from vCenter
  • Determine the IP address from the virtual machine. Hint: This is only possible if vmware-tools are installed!
  • Allow the vCenter administrator to filter on an customized attribute in the vCenter to provision this node in OpenNMS or not
  • Provide a read only user for vCenter with less permissions as possible to provide virtual machine informations in OpenNMS
  • Use the VMware SDK API to retrieve virtual machine information

OpenNMS provisiond configuration using provisiond-configuration.xml

To configure the new VMware handler, add a new requisition definition in the above file below the comments section. For example:

vi /etc/opennms/provisiond-configuration.xml
...
  -->

  <requisition-def import-name="vCenterServer.domain.local"
    import-url-resource="vmware://vCenterServer.domain.local">
    <cron-schedule>0 42 23 * * ? *</cron-schedule> <!-- run each day at 23:42 -->
  </requisition-def>

</provisiond-configuration>

This configuration will run every day at 11:42 pm and import all ESX/ESXi hosts and all virtual machines managed by the specified vCenter server into OpenNMS.

The OpenNMS provisioning requisition is also named "vCenterServer.domain.local" for convenience.

Only provisioning a subset of virtual machines

By default, all running hosts/virtual machines will be detected and provisioned. Powered off or suspended hosts/virtual machines will not be detected.

To change this default behavior, there are a variety parameters that can be specified in the requisition-def section. See comments in the file itself for more information.

As one example, you can add a customized attribute to your virtual machine in vCenter called:

 Key: "OpenNMS-Import" with an value "yes"

You can use this attribute to have control over the provisioning in OpenNMS as vCenter admin without any idea of OpenNMS :)

In OpenNMS, you would then use this attribute as follow:

  <requisition-def import-name="vmware-requisition"
    import-url-resource="vmware://<vcenter-host>/VCenterImport?key=OpenNMS-Import;value=yes">
    <cron-schedule>0 42 23 * * ? *</cron-schedule> <!-- run each day at 23:42 -->
  </requisition-def>

Another way to use this atribute in OpenNMS is (note the underscore character before the attribute name in the import-url-resource parameter):

  <requisition-def import-name="vmware-requisition"
    import-url-resource="vmware://<vcenter-host>/VCenterImport?_OpenNMS-Import=yes">
    <cron-schedule>0 42 23 * * ? *</cron-schedule> <!-- run each day at 23:42 -->
  </requisition-def>

The second implementation allows to specify several attributes to be matched, while the first one allows only one.

With this configuration only virtual machines with this customized attribute will be provisioned.

Restart

Restart OpenNMS to load changed configuration files.

Provisioning verification

Wait for the specified time in provisiond-configuration.xml to pass. After this happens, check the following to verify the provisioning.

Provisioning Requisition verification

Open the OpenNMS web administration console and go to "Home / Admin / Provisioning Requisitions". A provisioning requisition should exist with the same name as defined in the provisioning requisition configuration in provisiond-configuration.xml.

There should be a number of nodes listed as defined.

In the screen shot below, 4 nodes have been detected.

5-provisioning.png

Clicking the "Edit" link will show each of the detected systems, along with details on each.

6-group.png

Node list verification

Going to "Node List" should show each detected ESX/ESXi host and each virtual machine on these hosts:

7-nodes.png

Specific node verification

Select a specific virtual machine node. Details on the node should be displayed.

8-detail.png

Specific host verification

Select a specific virtual host node. Details on the host should be displayed.

After 5 minutes have passed, click on "Resource Graphs" for the ESX or ESXi host.

VMware-specific host statistics such as a "VMware Sensor Counter" group and a "VMware Sensor Temperature" group should be displayed and able to be graphed.

Caveats

Sorry, there is - this is the result of a one day Hackathon at the University of Fulda. So the current prototype has the following restrictions:

  • The DNS requisition does work anymore, we had to rework the URL Handler. There could be only *ONE* UrlHandler so we had to make a decision ;)
  • There is *NOT* only one JUnit test
  • The logs for polling and data collection are combined into vmware.log, not pollerd.log and collectd.log.

Improvements

  • It is currently quite hard to register new UrlHandler, I guess this could also be Layer-8 problem
  • It could be a good idea to have UrlHandler as dedicated maven modules to handle dependencies in a better way

Credits

A big big thank you to Christian Pape who worked out the Java stuff with VI-Java API and vCenter and helped us with the integration in OpenNMS.

--_indigo (talk) 12:10, 2 February 2013 (EST)