Table of Contents

1. Infrastructure Providers

In ManageIQ, an infrastructure provider is a virtual infrastructure environment that you can add to a ManageIQ appliance to manage and interact with the resources in that environment. This chapter describes the different types of infrastructure providers that you can add to ManageIQ, and how to manage them.

The web interface uses virtual thumbnails to represent providers. Each thumbnail contains four quadrants by default, which display basic information about each provider.

2189

  1. Number of hosts

  2. Management system software

  3. Currently unused

  4. Authentication status

Icon Description

2190

Validated: Valid authentication credentials have been added.

2191

Invalid: Authentication credentials are invalid.

2192

Unknown: Authentication status is unknown or no credentials have been entered.

1.1. Discovering Infrastructure Providers

In addition to individually adding providers, you can also discover all infrastructure providers in a given subnet range.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click Configuration (Configuration), then click Discover Infrastructure Providers (Discover Infrastructure Providers).

  3. Select the types of provider to discover.

  4. Enter a Subnet Range of IP addresses starting with a From Address and ending with a To Address. The cursor automatically advances as you complete each octet.

  5. Click Start.

The appliance searches for all infrastructure providers in the specified subnet range, and adds them to the user interface. However, before you can manage the providers added via discovery, you must edit each provider and specify authentication details.

1.2. Red Hat Virtualization Manager Providers

To use a Red Hat Virtualization Manager provider, add it to the appliance and authenticate its hosts. You can also configure capacity and utilization data collection to help track usage and find common issues.

1.2.1. Enabling Red Hat Virtualization Capacity and Utilization Data Collection

Configure the following to collect capacity and utilization data from a Red Hat Virtualization Manager provider:

  • In ManageIQ, enable the capacity and utilization server roles from the settings menu, in Configuration ▸ Server ▸ Server Control. For more information on capacity and utilization collection, see Assigning the Capacity and Utilization Server Roles in the Deployment Planning Guide.

1.2.2. Adding a Red Hat Virtualization Manager Provider

After initial installation and creation of a ManageIQ environment, add a Red Hat Virtualization Manager provider to the appliance.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click Configuration (Configuration), then click Add a New Infrastructure Provider (Add a New Infrastructure Provider).

  3. Enter a Name for the provider.

  4. Select Red Hat Virtualization Manager from the Type list.

  5. Select the appropriate Zone for the provider. If you do not specify a zone, it is set to default.

  6. Under Endpoints in the Default tab, configure the following:

    • Enter the Hostname or IPv4 or IPv6 address of the provider.

      The Hostname must be a unique fully qualified domain name.

    • Enter the API Port if your provider uses a non-standard port for access.

    • Select Yes or No to Verify TLS Certificates.

    • To use authenticate the provider using a CA certificate, paste the certificate’s text in Trusted CA Certificates in PEM format.

    • Provide the login credentials required for the Red Hat Virtualization Manager administrative user:

      • Enter the user name (formatted as admin@internal) in the Username field.

      • Enter the password in the Password field.

      • Confirm the password in the Confirm Password field.

      • Click Validate to confirm ManageIQ can connect to the Red Hat Virtualization Manager.

  7. Under Endpoints in the C & U Database tab, you can configure capacity and utilization metrics collection by providing login credentials for the ManageIQ user of the Red Hat Virtualization Data Warehouse database. You can also configure this later by editing the provider. Configure the following in the C & U Database tab:

    To collect capacity and utilization data from a Red Hat Virtualization provider, the capacity and utilization server roles must be enabled in ManageIQ. The Red Hat Virtualization environment must also contain the Data Warehouse and Reports components and a ManageIQ user. See Enabling Red Hat Virtualization Capacity and Utilization Data Collection for configuration details.

    • Enter the database hostname or IPv4 or IPv6 address in Hostname.

    • Enter the API Port if your provider uses a non-standard port for access.

    • Enter the Database Name.

    • Enter the database user name in the Username field.

    • Enter the user password in the Password field.

    • Confirm the user password in the Confirm Password field.

    • Click Validate to confirm ManageIQ can connect to the database.

  8. Click Add to finish adding the Red Hat Virtualization Manager provider.

1.2.3. Authenticating Red Hat Virtualization Hosts

After adding a Red Hat Virtualization infrastructure provider, you must authenticate its hosts to enable full functionality.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click on a provider to display its summary screen.

  3. On the summary screen, click Hosts in the Relationships information box to display the hosts on that provider.

  4. Select the hosts to authenticate. You can select all hosts using the Check All option.

  5. Click Configuration (Configuration).

  6. Click Edit this item (Edit this item).

  7. In the Credentials area, enter credentials for the following, as required:

    1. Default: This field is mandatory. Users should have privileged access such as, root or administrator.

    2. Remote Login: Credentials for this field are required if SSH login is disabled for the Default account.

    3. Web Services: This tab is used for access to Web Services in Red Hat Virtualization Manager.

    4. IPMI: This tab is used for access to IPMI.

  8. Click Validate.

  9. If editing multiple hosts:

    1. Select a host from the Select Host to validate against list.

    2. If required, enter credentials for Remote Login, Web Services, and IPMI in their respective tabs; click Validate.

    3. Select another host to validate each of these credentials against.

  10. Click Add.

1.3. OpenStack Infrastructure Providers

Enable an OpenStack Infrastructure provider by adding it to the appliance.

1.3.1. Adding an OpenStack Infrastructure Provider

After initial installation and creation of a ManageIQ environment, add an OpenStack infrastructure provider to the appliance. ManageIQ supports operating with the OpenStack admin tenant. When creating an OpenStack infrastructure provider in ManageIQ, select the OpenStack infrastructure provider’s admin user because it is the default administrator of the OpenStack admin tenant. When using the admin credentials, a user in ManageIQ provisions into the admin tenant, and sees images, networks, and instances that are associated with the admin tenant.

You can set whether ManageIQ should use the Telemetry service or Advanced Message Queueing Protocol (AMQP) for event monitoring. If you choose Telemetry, you should first configure the ceilometer service on the undercloud to store events. See Configuring the Undercloud to Store Events for instructions.

For more information, see OpenStack Telemetry (ceilometer) in the Red Hat OpenStack Platform Architecture Guide.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click Configuration (Configuration), then click Add a New Infrastructure Provider (Add a New Infrastructure Provider).

  3. Enter the Name of the provider to add. The Name is how the device is labeled in the console.

  4. Select OpenStack Platform Director from the Type list.

  5. Select the API Version of your OpenStack provider’s Keystone service from the list. The default is Keystone v2.

    With Keystone API v3, domains are used to determine administrative boundaries of service entities in OpenStack. Domains allow you to group users together for various purposes, such as setting domain-specific configuration or security options. For more information, see OpenStack Identity (keystone) in the Red Hat OpenStack Platform Architecture Guide.

  6. Select the appropriate Zone for the provider. By default, the zone is set to default.

    For more information, see the definition of host aggregates and availability zones in OpenStack Compute (nova) in the Red Hat OpenStack Platform Architecture Guide.
  7. In the Default tab, under Endpoints, configure the host and authentication details of your OpenStack provider:

    1. Enter the Host Name or IP address(IPv4 or IPv6) of the provider. If your provider is an undercloud, use its hostname (see Setting the Hostname for the System in Red Hat OpenStack Platform Director Installation and Usage for more details)

    2. In API Port, set the public port used by the OpenStack Keystone service. By default, OpenStack uses port 5000 for this.

    3. Select the appropriate Security Protocol used for authenticating with your OpenStack provider.

    4. In the Username field, enter the name of an OpenStack user with privileged access (for example, admin). Then, provide its corresponding password in the Password and Confirm Password fields.

    5. Click Validate to confirm ManageIQ can connect to the OpenStack provider.

  8. Next, configure how ManageIQ should receive events from the OpenStack provider. Click the Events tab in the Endpoints section to start.

    • To use the Telemetry service of the OpenStack provider, select Ceilometer. Before you do so, the provider must first be configured accordingly. See Configuring the Undercloud to Store Events for details.

    • If you prefer to use the AMQP Messaging bus instead, select AMQP. When you do: In Hostname (or IPv4 or IPv6 address) (of the Events tab, under Endpoints), enter the public IP or fully qualified domain name of the AMQP host.

      • In the API Port, set the public port used by AMQP. By default, OpenStack uses port 5672 for this.

      • In the Username field, enter the name of an OpenStack user with privileged access (for example, admin). Then, provide its corresponding password in the Password and Confirm Password fields.

      • Click Validate to confirm the credentials.

  9. You can also configure SSH access to all hosts managed by the OpenStack infrastructure provider. To do so, click on the RSA key pair tab in the Endpoints section.

    1. From there, enter the Username of an account with privileged access.

    2. If you selected SSL in Endpoints > Default > Security Protocol earlier, use the Browse button to find and set a private key.

  10. Click Add after configuring the infrastructure provider.

ManageIQ requires that the adminURL endpoint for all OpenStack services be on a non-private network. Accordingly, assign the adminURL endpoint an IP address of something other than 192.168.x.x. The adminURL endpoint must be accessible to the ManageIQ appliance that is responsible for collecting inventory and gathering metrics from the OpenStack environment. Additionally, all the Keystone endpoints must be accessible, otherwise refresh will fail.

Configuring the Undercloud to Store Events

To allow ManageIQ to receive events from a Red Hat OpenStack Platform environment, you must configure the notification_driver option for the Compute service and Orchestration service in that environment. To do so, edit undercloud.conf, and set store_events to true before installing the undercloud. See Installing the Undercloud and Configuring the Director in Red Hat OpenStack Platform Director Installation and Usage for related details.

1.4. VMware vCenter Providers

To use a VMware vCenter provider, add it to the appliance and authenticate its hosts.

1.4.1. Adding a VMware vCenter Provider

After initial installation and creation of a ManageIQ environment, add a VMware vCenter provider to the appliance.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click Configuration (Configuration), then click Add a New Infrastructure Provider (Add a New Infrastructure Provider).

  3. Enter the Name of the provider to add. The Name is how the device is labeled in the console.

  4. Select VMware vCenter from the Type list.

  5. Enter the Host Name or IP address(IPv4 or IPv6) of the provider.

    The Host Name must use a unique fully qualified domain name.

  6. Select the appropriate Zone for the provider. By default, the zone is set to default.

  7. In the Credentials area, under Default, provide the login credentials required for the VMware vCenter administrative user:

    • Enter the user name in the Username field.

    • Enter the password in the Password field.

    • Confirm the password in the Confirm Password field.

    • Click Validate to confirm ManageIQ can connect to the VMware vCenter.

  8. Click Add.

1.4.2. Authenticating VMware vCenter Hosts

The procedure below describes how to authenticate the VMware vCenter hosts.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click on a provider to display its summary screen.

  3. On the summary screen, click Hosts in the Relationships information box to display the hosts on that provider.

  4. Select the hosts to authenticate. You can select all hosts using the Check All option.

  5. Click Configuration (Configuration)

  6. Click Edit Selected items (Edit Selected items).

  7. In the Credentials area, under Default, provide the VMware ESXi login credentials:

    • Enter the user name in the Username field.

    • Enter the password in the Password field.

    • Confirm the password in the Confirm Password field.

    • Click Validate to confirm ManageIQ can connect to the VMware vCenter host.

  8. If editing multiple hosts, select a host from the Select Host to validate against list; provide the VMware ESXi login credentials and click Validate.

  9. Click Save.

Using a Non-Administrator Account for Host Credentials

After adding a VMware vCenter infrastructure provider, you must authenticate its hosts to enable full functionality. You can use administrator credentials, or create another user assigned to a role (See the VMware documentation for instructions on how to create a role) created for ManageIQ. The following privileges should be enabled for the non-administrator user:

From the Global group, check:

  • Cancel task

  • Diagnostics

  • Log Event

  • Set custom attribute

  • Settings

The entire set of privileges for the following groups should be checked:

  • Alarms

  • Datastores

  • dvPort Group

  • Host

  • Network

  • Resource

  • Scheduled Task

  • Tasks

  • Virtual Machine

  • vSphere Distributed Switch

Additionally, you must assign the new role to the following objects:

  • Datacenter: At the Datacenter the ManageIQ user/group must have at least the read-only role at the Datacenter level (Not Propagated) to be able to see the datacenter. Without this access, relationships cannot be made. Specifically, the datastores will not show up.

  • Cluster: Each Cluster that the ManageIQ needs access to must have the new role assigned and propagated.

  • Folders: Each Folder that ManageIQ needs access to must have the new role assigned and propagated.

  • Datastores: Each Datastore that ManageIQ needs access to must have the new role assigned and propagated.

  • Networking: Each vLAN or Port Group that ManageIQ needs access to must have the new role assigned and propagated.

1.5. Microsoft SCVMM Providers

To use a Microsoft System Center Virtual Machine Manager provider, add it to the appliance and set up the SCVMM server for authentication.

To use a SCVMM provider, you must have at least one network adapter available for communication between the host and the SCVMM management server. Make sure that Used by Management is checked for this network adapter in the SCVMM host properties.

1.5.1. Authenticating to Microsoft SCVMM

Before you can add a Microsoft SCVMM provider to your ManageIQ environment, you must enable WinRM to listen for HTTP traffic on Microsoft SCVMM servers. You must also set the appropriate execution policy on the Microsoft SCVMM server to allow PowerShell scripts from the appliance to run remotely.

  1. Log in to the Microsoft SCVMM server.

  2. Enable WinRM for configuration.

    winrm quickconfig
  3. Set the following options:

    winrm set winrm/config/client/auth @{Basic="true"}
    winrm set winrm/config/service/auth @{Basic="true"}
    winrm set winrm/config/service @{AllowUnencrypted="true"}
  4. For Windows 2012 R2 with PowerShell 4.0, use the following syntax to set these options:

    winrm set winrm/config/client/auth '@{Basic="true"}'
    winrm set winrm/config/service/auth '@{Basic="true"}'
    winrm set winrm/config/service '@{AllowUnencrypted="true"}'
  5. Enable remote script execution on the SCVMM server using the Set-ExecutionPolicy cmdlet.

    Set-ExecutionPolicy RemoteSigned

    For more information on SCVMM remote script execution policies, see Using the Set-ExecutionPolicy Cmdlet.

If PowerShell returns an error, search for log_dos_error_results in the evm.log and scvmm.log files for information.

1.5.2. Adding a Microsoft System Center Virtual Machine Manager Provider

After initial installation and creation of a ManageIQ environment, add a Microsoft System Center Virtual Machine Manager provider to the appliance.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click 1847 (Configuration), then click 1862 (Add a New Infrastructure Provider).

  3. Enter the Name of the provider to add. The Name is how the device is labeled in the console.

  4. Select Microsoft System Center VMM from the Type list.

  5. Enter the Host Name or IP address(IPv4 or IPv6) of the provider.

    The Host Name must use a unique fully qualified domain name.

  6. Select Kerberos or Basic (SSL) from the Security Protocol list.

    1. For Kerberos:

      1. Enter the user name and realm in the Username field.

      2. Enter the password in the Password field.

      3. Enter the password again in the Confirm Password field.

    2. For Basic (SSL):

      1. Enter the user name in the Username field.

      2. Enter the password in the Password field.

      3. Enter the password again in the Confirm Password field.

  7. Click Validate to confirm that ManageIQ can connect to the Microsoft System Center Virtual Machine Manager.

  8. Click Add.

1.6. Refreshing Providers

Refresh a provider to find other resources related to it. Use Refresh after initial discovery to get the latest data about the provider and the virtual machines it can access. Ensure the provider has credentials to do this. If the providers were added using Discovery, add credentials using Edit Selected Infrastructure Provider (Edit Selected Infrastructure Provider).

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Select the providers to refresh.

  3. Click Configuration (Configuration), and then Refresh Relationships and Power States (Refresh Relationships and Power States).

  4. Click OK.

1.7. Tagging Multiple Providers

Apply tags to all providers to categorize them together at the same time.

  1. Navigate to Infrastructure ▸ Providers.

  2. Check the providers to tag.

  3. Click Policy (Policy), and then Edit Tags (Edit Tags).

  4. In the Tag Assignment area, select a customer tag to assign from the first list, then select a value to assign from the second list.

    2194

  5. Select more tags as required; click (Save).

1.8. Viewing a Provider

From a list of providers, you can review a specific provider by clicking on it. This displays various options to access provider information.

There are two methods of viewing an infrastructure provider’s details: the summary screen (default) and the dashboard screen. Use the summary Summary and dashboard Dashboard buttons to toggle between views.

Both the summary and dashboard screens contain a taskbar with Reload, Configuration, Policy, Monitoring, and Authentication buttons to manage the selected provider.

Provider Summary Screen

providers summary screen

The provider summary screen displays information about the provider in table format.

  • Provider accordion: Displays details about the provider’s Properties and Relationships on the sidebar. Click to expand these lists.

  • Provider summary: Displays a provider’s Properties, Status, Relationships, and Smart Management. Click on an item in the Relationships table to see more information about that entity.

Provider Dashboard Screen

providers summary dashboard

From the dashboard, you can view:

  • Number of clusters, hosts, virtual machines, templates, datastores, resource pools, and other entities on the provider. Click on an entity to see more information about that item.

  • Aggregate utilization for CPU, memory, and storage

  • Network I/O statistics

  • Trends for hosts and virtual machines discovered

To view the dashboard:

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click the infrastructure provider to view.

  3. To access the dashboard view, click Dashboard (Dashboard view).

To return to the summary view, click Summary (Summary view).

1.9. Removing a Provider

If a provider has been decommissioned or requires some troubleshooting, it might require deletion from the VMDB.

Deleting a provider removes the account information from ManageIQ console. You will no longer be able to view any associated history including chargeback reports generated for the deleted provider. Additionally, if ManageIQ is the database of record, deleting providers would become a major problem for the other systems relying on it for accurate and consistent billing information. Review all the dependencies carefully before deleting a provider.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Select the check box for the provider to delete.

  3. Click Configuration (Configuration), then Remove Infrastructure Providers from the VMDB (Remove Infrastructure Providers from the VMDB).

  4. Click (OK).

1.10. Viewing the Provider Timeline

View the timeline of events for the virtual machines registered to a provider.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click a provider.

  3. Click Monitoring (Monitoring), and then Timelines (Timelines)from the taskbar, or from the provider accordion, click Properties ▸ Timeline.

  4. From Options, customize the period of time to display and the types of events to see.

    provider timeline

    • Use Show to select regular Management Events or Policy Events.

    • Use the Interval dropdown to select hourly or daily data points.

    • Use Date to type the date for the timeline to display.

    • If you select to view a daily timeline, use Show to set how many days back to go. The maximum history is 31 days.

    • The three Event Groups lists allow you to select different groups of events to display. Each has its own color.

    • From the Level list, select a Summary event, or a Detail list of events. For example, the detail level of a Power On event might include the power on request, the starting event, and the actual Power On event. If you select Summary, only the Power On event displays in the timeline.

1.11. Viewing Hosts and Clusters

Access a tree view of the hosts and clusters for a provider from the Provider Summary.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click the provider to view the hosts and clusters.

  3. Click on the Relationships accordion, then click Hosts & Clusters.

hostsandclusters

1.12. Viewing Virtual Machines and Templates

Access a tree view of the virtual machines and templates for a provider from the Provider Summary.

  1. Navigate to Compute ▸ Infrastructure ▸ Providers.

  2. Click the provider to view the virtual machines and templates.

  3. From accordion menu, click Relationships, then click VMs & Templates.

2. Configuration Management Providers

Currently, ManageIQ has two configuration management providers integrated in it to review and monitor the configuration items and changes to them to eliminate the confusion and error brought about by the existence of different providers. These configuration systems are used for recording and reporting status and change activity for these configuration items.

2.1. Red Hat Satellite 6

Satellite 6 is a subscription and system management tool that provides a way to provision hosts (both virtual and bare metal) and configure them using a set of Puppet modules. ManageIQ provides functionality to integrate with a Red Hat Satellite 6 server and take advantage of its features. This includes:

  • Monitoring the inventory of your Red Hat Satellite 6 server, including independent hosts and hosts provisioned using hostgroups.

  • Reprovisioning existing bare metal system hosts to new host groups.

  • Applying ManageIQ policy tags to hosts.

ManageIQ only reprovisions existing systems in a Red Hat Satellite 6 environment. Provisioning systems from Red Hat Satellite 6’s bare metal discovery service is planned for a future release.

2.1.1. Defining the Workflow

This section uses the following workflow:

  1. Add Red Hat Satellite 6 server details to ManageIQ.

  2. Refresh the state of your Red Hat Satellite 6 provider in ManageIQ.

  3. Select an existing bare metal host from Red Hat Satellite 6 for reprovisioning.

  4. Apply policy tags to Red Hat Satellite 6 hosts.

2.1.2. Defining the Hostgroup Hierarchy

ManageIQ displays the Red Hat Satellite 6 infrastructure in a host group and host relationship. A host group defines a set of default values that hosts inherit when placed in that group. Hosts can belong to only one host group, but host groups can be nested in hierarchies. You can create a "base" or "parent" host group that represents all hosts in your organization, and then create nested or "child" host groups under that parent to provide specific settings.

2.1.3. Adding a Satellite 6 Provider

To start provisioning bare metal machines, you need at least one Red Hat Satelllite 6 provider added to ManageIQ.

  1. Navigate to Configuration ▸ Management.

  2. Select Configuration ▸ Add a new Provider.

  3. Enter a Name for the provider.

  4. Enter a URL for the provider. This is the root URL for the Satellite 6 server and can be either an IP address or a hostname. For example, http://satellite6.example.com.

  5. Select Verify Peer Certificate to use encrypted communication with the provider. This requires the SSL certificates from your Red Hat Satellite 6 provider.

  6. Enter a Username for a user on the provider. Ideally, this would be a user in Satellite 6 with administrative access.

  7. Enter a Password, and then enter it again in Confirm Password.

  8. Click Validate to test your connection with the Red Hat Satellite 6 server.

  9. Click Add to confirm your settings and save the provider.

ManageIQ saves the Satellite 6 provider in its database and triggers a refresh of resources detected in the provider.

2.1.4. Triggering a Refresh of a Satellite 6 Provider

Your Satellite 6 provider can still create new hosts independently of ManageIQ. Your ManageIQ appliance detects these changes after an automatic refresh period. However, you can trigger a manual refresh to avoid waiting for the automatic refresh.

  1. Navigate to Configuration ▸ Management.

  2. Select your Red Hat Satellite 6 provider using the checkbox, and click Configuration ▸ Refresh Relationships and Power States. This triggers the refresh.

  3. When the refresh is complete, select the Red Hat Satellite 6 provider to check the updated list of hosts groups in the provider.

2.1.5. Displaying Red Hat Satellite 6 Contents

ManageIQ provides two methods for viewing the contents of a Red Hat Satellite 6 provider:

  • Providers - This presents the Red Hat Satellite 6 contents as a hierarchy of host groups belonging to a provider, and then individual hosts belonging to each provider.

  • Configured Systems - This presents a list of all hosts on your Red Hat Satellite 6 server. This also provides a method to apply predefined filters to organized specific machines.

Change between these two views using the accordion menu on the left of the user interface.

2.1.6. Reprovisioning a Bare Metal Host

This procedure provides an example of reprovisioning an existing bare metal system into a new hostgroup. For this example, your Red Hat Satellite 6 environment requires the following:

  • An existing bare metal system stored as a host object in your Red Hat Satellite 6 server. This system can be one of the following:

    • A standalone system previously provisioned without a host group.

    • A system previously provisioned using a host group.

  • A target host group. This host group contains the system configuration to apply to the host when reprovisioning it. This includes:

    • A new operating system installation, including a new partition table.

    • A new networking configuration that the Red Hat Satellite 6 server defines and manages.

    • Registration to any Red Hat subscriptions and repositories assigned to the host group.

    • Application of any Puppet modules assigned to the host group.

  1. Navigate to Configuration ▸ Management.

  2. Select Configured Systems from the accordion menu on the left. This displays the system list.

  3. Select one or more hosts to reprovision.

  4. Select Lifecycle ▸ Provision Configured Systems.

  5. Under the Request tab, enter the following details:

    1. E-Mail address

    2. First Name

    3. Last Name

    4. This form also contains optional fields for users to enter a plain text Note to inform ManageIQ administrators of any special details, and a field to provide a manager’s name in case administrators require approval from a user’s manager.

  6. Select the Purpose tab and select any ManageIQ policy tags that apply to the system.

  7. Select the Catalog tab. This screen displays the list of chosen machines to reprovision and their current details. Select a target host group from the Configuration Profile list. ManageIQ communicates with Red Hat Satellite to apply the configuration from this host group to the selected host and reprovision the system.

  8. Select the Customize tab. This screen displays some customizable fields for the selected system. You can change the Root Password or change the Hostname and IP Address. Note that these fields are optional, because the host group in Red Hat Satellite 6 contains this information. The fields here will override the settings from the host group.

    Provisioning bare metal systems still requires access to the network that Red Hat Satellite 6 manages. This is because Red Hat Satellite controls PXE booting, kickstarts, and Puppet configuration for bare metal systems. Ensure the IP address you enter in ManageIQ can access a DHCP service that Red Hat Satellite 6 provides either through the main server or through a Red Hat Satellite 6 Capsule server.

  9. Select the Customize tab. This screen allows you to either launch the provisioning process immediately on approval or using a schedule. Click Schedule to show the date and time fields used to schedule the provisioning.

  10. Click Submit.

Depending on the request settings on your ManageIQ appliance, this provisioning request might require approval from an administrator. If not, the provisioning request launches depending on your choice for the schedule.

Previously provisioned hosts might require manual selection of PXE boot from the boot menu, otherwise they might boot to hard disk and not reprovision.

2.1.7. Tagging a Bare Metal Host

ManageIQ can also control policy settings of bare metal systems from Red Hat Satellite 6 through tagging. Tagging attaches levels of metadata to help define the policy rules required for a set of systems.

  1. Navigate to Configuration ▸ Management.

  2. Select Configured Systems from the accordion menu on the left. This displays the system list.

  3. Select one or more hosts to tag.

  4. Select Policy ▸ Edit Tags.

  5. Under Tag Assignment, select a tag from Select a customer tag to assign and then choose a value from Select a value to assign. For example, you can tag this system as located in Chicago by selecting Location as the tag and Chicago as the value. Once selected, the user interface automatically adds this tag and value to the table below.

  6. Click Save.

The bare metal system is now configured with a set of policy tags.

3. Cloud Providers

In ManageIQ, a cloud provider is a cloud computing environment that you can add to a ManageIQ appliance to manage and interact with the resources in that environment. This chapter describes the different types of cloud providers that you can add to ManageIQ, and how to manage them.

3.1. OpenStack Providers

3.1.1. Adding OpenStack Providers

ManageIQ supports operating with the OpenStack admin tenant. When creating an OpenStack provider in ManageIQ, select the OpenStack provider’s admin user because it is the default administrator of the OpenStack admin tenant. When using the admin credentials, a user in ManageIQ provisions into the admin tenant, and sees images, networks, and instances that are associated with the admin tenant.

When adding an OpenStack cloud or infrastructure provider, you can enable tenant mapping in ManageIQ to map any existing tenants from that provider. This means ManageIQ will create new cloud tenants to match each of existing OpenStack tenants; each new cloud tenant and its corresponding OpenStack tenant will have identical user memberships, quotas, access/security rules, and resources assignments.

During a provider refresh, ManageIQ will also check for any changes to the tenant list in OpenStack. ManageIQ will create new cloud tenants to match any new tenants, and delete any cloud tenants whose corresponding OpenStack tenants no longer exist. ManageIQ will also replicate any changes to OpenStack tenants to their corresponding cloud tenants.

You can set whether ManageIQ should use the Telemetry service or Advanced Message Queueing Protocol (AMQP) for event monitoring. If you choose Telemetry, you should first configure the ceilometer service on the overcloud to store events. See Configuring the Overcloud to Store Events for instructions.

For more information, see OpenStack Telemetry (ceilometer) in the Red Hat OpenStack Platform Architecture Guide.

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Click 1847 (Configuration), then click 1848 (Add a New Cloud Provider).

  3. Enter a Name for the provider.

  4. From the Type drop down menu select OpenStack.

  5. Select the appropriate API Version from the list. The default is Keystone v2.

    If you select Keystone v3, enter the Keystone V3 Domain ID that ManageIQ should use. This is the domain of the user account you will be specifying later in the Default tab. If domains are not configured in the provider, enter default.

    With Keystone API v3, domains are used to determine administrative boundaries of service entities in OpenStack. Domains allow you to group users together for various purposes, such as setting domain-specific configuration or security options. For more information, see OpenStack Identity (keystone) in the Red Hat OpenStack Platform Architecture Guide.

  6. By default, tenant mapping is disabled. To enable it, set Tenant Mapping Enabled to Yes.

  7. Select the appropriate Zone for the provider. By default, the zone is set to default.

    For more information, see the definition of host aggregates and availability zones in OpenStack Compute (nova) in the Red Hat OpenStack Platform Architecture Guide.
  8. In the Default tab, under Endpoints, configure the host and authentication details of your OpenStack provider:

    1. In Hostname (or IPv4 or IPv6 address), enter the public IP or fully qualified domain name of the OpenStack Keystone service.

      The hostname required here is also the OS_AUTH_URL value in the ~/overcloudrc file generated by the director (see Accessing the Overcloud in Red Hat OpenStack Platform Director Installation and Usage), or the ~/keystonerc_admin file generated by Packstack (see Evaluating OpenStack: Single-Node Deployment).
    2. In API Port, set the public port used by the OpenStack Keystone service. By default, OpenStack uses port 5000 for this.

    3. Select the appropriate Security Protocol used for authenticating with your OpenStack provider.

    4. In the Username field, enter the name of a user in the OpenStack environment.

      In environments that use Keystone v3 authentication, the user must have the admin role for the relevant domain.

    5. In the Password and Confirm Password fields, enter the password for the user.

    6. Click Validate to confirm ManageIQ can connect to the OpenStack provider.

  9. Next, configure how ManageIQ should receive events from the OpenStack provider. Click the Events tab in the Endpoints section to start.

    • To use the Telemetry service of the OpenStack provider, select Ceilometer. Before you do so, the provider must first be configured accordingly. See Configuring the Overcloud to Store Events for details.

    • If you prefer to use the AMQP Messaging bus instead, select AMQP. When you do: In Hostname (or IPv4 or IPv6 address) (of the Events tab, under Endpoints), enter the public IP or fully qualified domain name of the AMQP host.

      • In the API Port, set the public port used by AMQP. By default, OpenStack uses port 5672 for this.

      • In the Username field, enter the name of an OpenStack user with privileged access (for example, admin). Then, provide its corresponding password in the Password and Confirm Password fields.

      • Click Validate to confirm the credentials.

  10. Click Add after configuring the cloud provider.

To collect inventory and metrics from an OpenStack environment, the ManageIQ appliance requires that the adminURL endpoint for the OpenStack environment be on a non-private network. Hence, the OpenStack adminURL endpoint should be assigned an IP address other than 192.168.x.x. Additionally, all the Keystone endpoints must be accessible, otherwise refresh will fail.

Configuring the Overcloud to Store Events

By default, the Telemetry service does not store events emitted by other services in a Red Hat OpenStack Platform environment. The following procedure outlines how to enable the Telemetry service on your OpenStack cloud provider to store such events. This ensures that events are exposed to ManageIQ when a Red Hat OpenStack Platform environment is added as a cloud provider.

  1. Log in to the undercloud host.

  2. Create an environment file called ceilometer.yaml, and add the following contents:

    parameter_defaults:
      CeilometerStoreEvents: true
  3. Add the environment file to the overcloud deploy command:

    # openstack overcloud deploy --templates -e ~/ceilometer.yaml

If your OpenStack cloud provider was not deployed through the undercloud, you can also set this manually. To do so:

  1. Log in to your Controller node.

  2. Edit /etc/ceilometer/ceilometer.conf, and specify the following option:

    store_events = True
  3. Edit /etc/heat/heat.conf, and specify the following options:

    notification_driver=glance.openstack.common.notifier.rpc_notifier
    notification_topics=notifications
  4. Edit /etc/nova/nova.conf, and specify the following options:

    notification_driver=messaging
    notification_topics=notifications
  5. Restart the Compute service and Orchestration services:

    # systemctl restart openstack-heat-api.service \
      openstack-heat-api-cfn.service \
      openstack-heat-engine.service \
      openstack-heat-api-cloudwatch.service
    # systemctl restart openstack-nova-compute.service

3.2. Azure Providers

3.2.1. Adding Azure Providers

ManageIQ now supports Microsoft Azure providers.

Before ManageIQ can be authenticated to Microsoft Azure, a series of prerequisite steps must be followed on the Azure portal; see Create Active Directory application and service principal account using the Azure portal. The link describes how to configure the Azure Active Directory (AAD), create the application your organization is developing, and also how to obtain the Tenant ID, Client ID and Client Key to add the application that will allow you to connect the Azure instance as a provider to ManageIQ. In the above link, it is important to note that during Assign Application to Role, in step 3, select the Contributor role and not the Reader role. Also, note that all of these steps currently can be performed using either the Azure Resource Manager or Service Manager (Classic) mode.

After a service principal account (instance of an application in a directory) has been created using the Azure portal, the following three pieces of information will be available within the Azure Active Directory (AAD) module:

  • Tenant ID

  • Client ID

  • Client Key

You can now use the following procedure to implement the above items in ManageIQ for adding an Azure cloud provider.

To Add an Azure Cloud Provider:

When adding an Azure cloud provider, select a region from a list of possible regions; one provider will be created for the selected region.

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Click 1847 (Configuration), then click 1862 (Add a New Cloud Provider).

  3. Enter a Name for the provider.

  4. From the Type list, select Azure.

  5. Select a region from the Region list.

  6. Enter Tenant ID.

  7. Enter Zone.

  8. In the Credentials section, enter the Client ID and Client Key; click Validate.

  9. Click Add.

3.2.2. Discovering Azure Providers

ManageIQ provides the ability to discover a set of Microsoft Azure providers across all regions.

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Click Configuration (Configuration), then click Discover Cloud Providers (Discover Cloud Providers).

  3. Select Azure from the Discover Type list.

  4. In the Credentials section, enter your Azure Client ID, Client Key, Azure Tenant ID, and the Subscription ID for that tenant.

  5. Click Start.

3.3. Amazon EC2 Providers

3.3.1. Permissions for Amazon EC2 Providers

Red Hat recommends using Amazon EC2’s Power User Identity and Access Management (IAM) policy when adding Amazon EC2 as a cloud provider in ManageIQ. This policy allows those in the Power User group full access to AWS services except for user administration, meaning a ManageIQ API user can access all of the API functionality, but cannot access or change user permissions.

Further limiting API access limitations can limit Automate capabilities, as Automate scripts directly access the AWS SDK to create brand new application functionality.

The AWS services primarily accessed by the ManageIQ API include:

  • Elastic Compute Cloud (EC2)

  • CloudFormation

  • CloudWatch

  • Elastic Load Balancing

  • Simple Notification Service (SNS)

  • Simple Queue Service (SQS)

3.3.2. Adding Amazon EC2 Providers

After initial installation and creation of a ManageIQ environment, add an Amazon EC2 cloud provider by following this procedure:

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Click 1847 (Configuration), then click 1862 (Add a New Cloud Provider).

  3. Enter a Name for the provider.

  4. From the Type list, select Amazon EC2.

  5. Select an Amazon Region.

  6. Select the appropriate Zone if you have more than one available.

  7. Generate an Access Key in the Security Credentials of your Amazon AWS account. The Access Key ID acts as your User ID, and your Secret Access Key acts as your Password.

  8. Click Validate to validate the credentials.

  9. Click Add.

3.3.3. Discovering Amazon EC2 Cloud Providers

ManageIQ provides the ability to discover cloud providers associated with a particular set of Amazon EC2 account details.

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Click Configuration (Configuration), then click Discover Cloud Providers (Discover Cloud Providers).

  3. Select Amazon EC2 from the Discover Type list.

  4. Enter your Amazon EC2 User ID and Password. Reenter your password in the Verify Password field.

  5. Click Start.

3.3.4. Enabling Public AMIs from Amazon EC2

By default, public AMIs from an Amazon EC2 provider are not viewable in ManageIQ. To make these images viewable, you must edit the main configuration file for the appliance.

Syncing all public images may require additional memory resources. Also, bear in mind that syncing happens in each configured Amazon EC2 provider, which will require a similar amount of total memory resources.

  1. Navigate to the settings menu, then Configuration ▸ Zone ▸ Advanced.

  2. Select the configuration file to edit from the File list. If not already automatically selected, select EVM Server Main Configuration.

  3. Set the get_public_images parameter:

    1. Set the parameter to get_public_images: true to make public images viewable.

    2. Set the parameter to get_public_images: false to make public images not viewable.

  4. Optionally, configure an array of filters in public_images_filters to restrict which images are synced. See http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Client.html#describe_images-instance_method for more details.

3.3.5. Enabling AWS Config Notifications

Amazon’s AWS Config notifies subscribers of changes in a region through its Simple Notification Service (SNS). ManageIQ subscribes to the SNS service for AWS Config deltas and converts the deltas into ManageIQ events.

  1. Enable the AWS Config service in the AWS Management Console. See the AWS Config Developer Guide for more information.

  2. Create a new Amazon SNS topic named AWSConfig_topic. ManageIQ automatically connects to this topic.

  3. (Optional) Configure the frequency of delta creation in the AWS Management Console.

You can assign ManageIQ policies to the AWS events listed below. The appliance performs a provider refresh on all these events except for AWS_EC2_Instance_UPDATE.

Event Policies Refresh

AWS_EC2_Instance_CREATE

src_vm

vm_create

ems

AWS_EC2_Instance_UPDATE

N/A

ems

AWS_EC2_Instance_running

src_vm

vm_start

ems

AWS_EC2_Instance_stopped

src_vm

vm_power_off

ems

AWS_EC2_Instance_shutting-down

src_vm

vm_power_off

ems

3.4. Google Compute Engine Providers

3.4.1. Adding Google Compute Engine Providers

After initial installation and creation of a ManageIQ environment, add a Google Compute Engine provider by following this procedure.

Prerequisites

To add a Google Compute Engine provider to ManageIQ, you need:

  • A Google Cloud Platform account

  • A Google Compute Engine project with the Google Compute Engine API enabled

  • A service account JSON key for your project

    You can generate a private JSON key for your project in IAM & Admin ▸ Service Accounts in Google Cloud Platform. This key is used to authenticate against your provider.

    For additional information, see the Google Cloud Platform documentation at https://cloud.google.com/storage/docs/authentication.

To add a Google Compute Engine provider:
  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Click 1847 (Configuration), then click 1862 (Add a New Cloud Provider).

  3. Enter a Name for the provider.

  4. From the Type list, select Google Compute Engine.

  5. Select your Preferred Region from the list.

  6. Enter your Google Compute Engine Project ID for Project.

  7. Select the appropriate Zone if you have more than one available. Red Hat recommends creating a new zone for your Google Compute Engine provider.

  8. Copy your project’s Service Account JSON key contents to the Service Account JSON field.

  9. Click Validate to validate the credentials.

  10. Click Add.

Make sure that NTP synchronization is enabled and working. When clocks are not synchronized, the following error will be raised:

Credential validation was not successful: Authorization failed. Server message: { "error" : "invalid_grant", "error_description" : "Invalid JWT: Token must be a short-lived token and in a reasonable timeframe" }

3.4.2. Enabling Google Compute Engine Events

After adding Google Compute Engine as a provider in ManageIQ, enable events for the provider so that you can monitor the system from ManageIQ.

Events are set up on a per-project basis by using Google Stackdriver logging combined with Google Pub/Sub. Stackdriver logging is a service that aggregates and exposes log events from Google services and applications. Stackdriver exports the log events to Google Pub/Sub, a messaging service. This section describes how to export activity log entries for a Google Compute Engine project so that events are captured in ManageIQ.

Prerequisites for Exporting Google Compute Engine Events
  • You must have owner permission on the project you are exporting.

  • The Google Cloud Pub/Sub API must be enabled for your project. To enable the API:

  1. In Google Cloud Platform, select your project from the top menu bar.

  2. Click GCE products services to show the Products and Services menu. Click API Manager to go to https://console.cloud.google.com/apis/library/.

  3. In the API Manager Overview tab, search for Pub/Sub in the Google APIs search bar and select Google Cloud Pub/Sub API from the results. Click the Enable button.

  4. If Google Cloud Pub/Sub API is already enabled, the Enable button will not show, and instead Google Cloud Pub/Sub API will be listed under Enabled APIs.

  • The Stackdriver logging service must have permission to publish to your project’s Pub/Sub service. To add the required permissions:

  1. In Google Cloud Platform, select your project and navigate to GCE products services Products and Services ▸ IAM & Admin ▸ IAM to go to https://console.cloud.google.com/iam-admin/iam/.

  2. Assign Logs Configuration Writer permissions to your project:

    1. If the cloud-logs@system.gserviceaccount.com account is already listed under Members, ensure Logs Configuration Writer is selected under Role(s).

    2. If the cloud-logs@system.gserviceaccount.com account is not listed under Members:

      1. Click Add to add the permissions.

      2. In the dialog box, enter cloud-logs@system.gserviceaccount.com in Members to add the Google APIs service account to the permissions list.

      3. In the Select a Role dropdown, select Logging ▸ Logs Configuration Writer and click Add.

Configuring Google Compute Engine to Export Events

After you have completed the steps from Prerequisites for Exporting Google Compute Engine Events, set up your Google Compute Engine project to export events to ManageIQ with the following steps:

  1. In Google Cloud Platform, click GCE products services to show the Products and Services menu, and click Logging to go to https://console.cloud.google.com/logs/.

  2. Select your project from the top menu bar.

  3. Click Exports from the Logging menu.

  4. In the Select service list, select Compute Engine.

  5. Under Export these sources, click Add item, and select compute.googleapis.com/activity_log from the list.

  6. Under Select export destinations, click the Publish to Cloud Pub/Sub topic dropdown and click Add new topic…​

  7. In the Create Cloud Pub/Sub Topic dialog, enter manageiq-activity-log as the Name. Click Create.

    GCE exports

  8. Click Save.

When changes occur to Google Compute Engine instances, ManageIQ is now notified and reports these changes as events.

For additional information about Google Compute Engine, see the Google Cloud Platform documentation:

Viewing Google Compute Engine Events in ManageIQ

In ManageIQ, view events for your Google Compute Engine project by following these steps:

  1. Navigate to Compute ▸ Clouds ▸ Providers and select your Google Compute Engine project.

  2. Click Monitoring ▸ Timelines on the provider summary page to see an events timeline for the project.

3.5. Refreshing Cloud Providers

Refresh a cloud provider to find other resources related to it. Ensure the chosen cloud providers have the correct credentials before refreshing.

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Select the checkboxes for the cloud providers to refresh.

  3. Click Configuration (Configuration), and then Refresh Relationships and Power States (Refresh Relationships and Power States).

  4. Click OK.

3.6. Tagging Cloud Providers

Apply tags to all cloud providers to categorize them together at the same time.

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Select the checkboxes for the Cloud Providers to tag.

  3. Click Policy (Policy), and then Edit Tags (Edit Tags).

  4. Select a customer tag to assign from the first list.

    2219

  5. Select a value to assign from the second list.

  6. Click Save.

3.7. Removing Cloud Providers

A cloud provider might require removal from the VMDB if it is no longer in use.

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Check the cloud providers to remove.

  3. Click Configuration (Configuration), and then Remove Cloud Providers from the VMDB (Remove Cloud Providers from the VMDB).

  4. Click OK.

3.8. Editing a Cloud Provider

Edit information about a provider such as the name, IP address, and login credentials.

The Type value is unchangeable.

To use a different cloud provider, create a new one.

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Click the cloud provider to edit.

  3. Click Configuration (Configuration), and then Edit Selected Cloud Provider (Edit Selected Cloud Provider).

  4. Edit the Basic Information. This varies depending on the Type of provider.

  5. Fill out the Credentials by typing in a Username, Password, and a verification of this password (Confirm Password).

    • If selecting Amazon EC2, generate an Access Key in the Security Credentials of your Amazon AWS account. The Access Key ID acts as your User ID, and your Secret Access Key acts as your Password.

    • If selecting OpenStack, use the Keystone User ID and Password for your login credentials.

  6. If editing an OpenStack provider, use the AMQP subtab to provide credentials required for the Advanced Message Queuing Protocol service on your OpenStack Nova component.

  7. Click Validate and wait for notification of successful validation.

  8. Click Save.

3.9. Viewing a Cloud Provider’s Timeline

View the timeline of events for instances registered to a cloud provider.

  1. Navigate to Compute ▸ Clouds ▸ Providers.

  2. Click the desired cloud provider for viewing the timeline.

  3. Click Monitoring (Monitoring), and then Timelines (Timelines).

  4. From Options, customize the period of time to display and the types of events to see.

    • Use Show to select regular Management Events or Policy Events.

    • Use the Type list to select hourly or daily data points.

    • Use Date to type the date for the timeline to display.

    • If you select to view a daily timeline, use Show to set how many days back to go. The maximum history is 31 days.

    • The three Event Groups list allow you to select different groups of events to display. Each has its own color.

    • From the Level list, select a Summary event, or a Detail list of events.

4. Network Providers

ManageIQ has introduced a new provider type called Network Managers. This new provider type exposes software-defined networking (SDN) providers starting with OpenStack Network (Neutron), Azure Network, and Amazon EC2 Network. The software-defined networking inventory collection is enabled for OpenStack, Amazon and Azure providers. The OpenStack Network provider collects inventory of floating IPs from OpenStack so that IPs can be allocated without querying OpenStack database every time. Also, it refreshes all Neutron data from both OpenStack and OpenStack Infrastructure, and extracts the Neutron logic to a shared place. Note that management via the network providers configuration is currently disabled.

4.1. Adding or Viewing Network Providers

All supported network providers — OpenStack Network, Azure Network, and Amazon EC2 Network, are added or removed automatically upon adding or removing the respective cloud provider.

Viewing network providers:

  1. Navigate to Networks ▸ Providers to see a list of all network providers, along with information such as Name, Type, EVM Zone, Number of Instances, Subnets, and Region.

  2. Click on a provider from the list to view its summary screen.

Network providers summary:

The summary screen includes tables containing information on Properties, Status, Relationships, Overview, and Smart Management. Click on rows in the Relationship and Overview tables to see detailed information for individual entities.

Accordion tabs in the sidebar provide access to Properties and Relationships details.

Click on Reload, Configuration, Policy, and Monitoring actions in the taskbar to manage the selected provider.

Alternatively, click on a cloud provider to see the cloud provider details and its relationships such as Network Manager, Tenants, Instances among others. In Relationships, click Network Manager to see information about the network provider, and its relationship with the cloud provider, on the summary page.

4.2. Refreshing Network Providers

Refresh a network provider to find other resources related to it. Ensure the selected network providers have the correct credentials before refreshing.

  1. Navigate to Networks ▸ Providers.

  2. Select the network providers to refresh.

  3. Click Configuration (Configuration), and then Refresh Relationships and Power States (Refresh Relationships and Power States).

  4. Click OK.

4.3. Tagging Network Providers

Apply tags to network providers to categorize them together at the same time.

  1. Navigate to Networks ▸ Providers.

  2. Select the network providers to tag.

  3. Click Policy (Policy), and then Edit Tags (Edit Tags).

  4. Select a customer tag to assign from the first list.

  5. Select a value to assign from the second list.

  6. Click Save.

4.4. Removing Network Providers

Although network providers are added or removed automatically upon adding or removing the respective cloud provider, you can manually remove a network provider if it is no longer in use. This will remove the network provider from the VMDB and any relationship with the cloud provider.

  1. Navigate to Networks ▸ Providers.

  2. Click the network provider to remove.

  3. Click Configuration (Configuration), and then Remove this Network Provider from the VMDB (Remove this Network Provider from the VMDB).

  4. Click OK.

4.5. Viewing a Network Provider’s Timeline

View the timeline of events for instances registered to a network provider.

  1. Navigate to Networks ▸ Providers.

  2. Click the network provider you want to monitor the timeline for.

  3. Click Monitoring (Monitoring), and then Timelines (Timelines).

  4. From Options, select the event type and interval, and customize the period of time to display and the types of events to see.

    • Select Management Events or Policy Events from the Show list.

    • Select an Interval between Hourly and Daily.

    • Select Date.

    • If you selected Daily for Interval, set the number of days in the past to see the event timeline for. The maximum is 31 days back.

    • Select Summary or Detail for Level.

    • Select the required Event Groups from the lists you want to monitor the timeline for.

You can also assign policy profiles to network providers, or remove them. The method for doing so is similar to that of any normal policy profile.

4.6. Using the Topology Widget for Network Providers

The Topology widget is an interactive topology graph, showing the status and relationships between the different entities of the network providers that ManageIQ has access to.

The topology graph includes cloud subnets, virtual machines, security groups, floating IP addresses, cloud networks, network routers, cloud tenants, and tags within the overall network provider environment.

Each entity in the graph displays a color indication of its status: green indicates an active entity, while red indicates inactivity or an issue.

Network Topology

Using the Topology Widget
  1. Navigate to Networks ▸ Topology.

  2. Click the desired network provider for viewing the provider summary.

Alternatively, you can open the topology widget from the provider summary page by clicking Topology under Overview.

  • Hovering over any individual graph element will display a summary of details for the individual element.

  • Double-click an entity in the graph to navigate to its summary page.

  • Drag elements to reposition the graph.

  • Click the symbols in the legend at the top of the graph to show or hide entities.

  • Click the Display Names checkbox to show or hide entity names.

  • Click Refresh to refresh the display of the network provider entities.

  • Enter a search term in the Search box to locate an entity by full or partial name.

5. Containers Providers

A containers provider is a service that manages container resources, and can be added to the ManageIQ appliance.

ManageIQ can connect to OpenShift Container Platform containers providers and manage them similarly to infrastructure and cloud providers. This allows you to gain control over different aspects of your environment and answer questions, such as:

  • How many containers exist in my environment?

  • Does a specific node have enough resources?

  • How many distinct images are used?

  • Which image registries are used?

When ManageIQ connects to a container’s environment, it collects information on different areas of the environment:

  • Entities such as pods, nodes, or services.

  • Basic relationships between the entities, for example: Which services are serving which pods?

  • Advanced insight into relationships, for example: Which two different containers are using the same image?

  • Additional information, such as events, projects, routes, and metrics.

You can manage policies for containers entities by adding tags. All containers entities except volumes can be tagged.

5.1. Obtaining an OpenShift Container Platform Management Token

When deploying OpenShift Enterprise using openshift-ansible-3.0.20 (or later versions), the OpenShift Container Platform service account and roles required by ManageIQ are installed by default.

See the OpenShift Container Platform documentation for a list of the default roles.

To obtain the token to use for the provider definition, follow the instructions below for your OpenShift Container Platform version.

5.1.1. Obtaining a Management Token in OpenShift Container Platform 3.3 and Later

Run the following to obtain the token needed to add an OpenShift Container Platform 3.3 (or later) provider:

# oc sa get-token -n management-infra management-admin
eyJhbGciOiJSUzI1NiI...

5.1.2. Obtaining a Management Token in OpenShift Enterprise 3.2

Run the following to obtain the token needed to add an OpenShift Enterprise 3.2 provider:

# oc sa get-token -n management-infra management-admin
eyJhbGciOiJSUzI1NiI...

5.1.3. Obtaining a Management Token in OpenShift Enterprise 3.1

Run the following to obtain the token needed to add an OpenShift Enterprise 3.1 provider:

  1. To obtain the management service account token name, run the following command::

    # oc describe sa -n management-infra management-admin
    ...
    Tokens:  management-admin-token-0f3fh
             management-admin-token-q7a87
  2. Select one of the tokens and run the following command to retrieve the full token output:

    # oc describe secret -n management-infra management-admin-token-0f3fh
    ...
    Data
    ====
    token:  eyJhbGciOiJSUzI1NiI...

    Replace management-admin-token-0f3fh with the name of your token.

5.2. Enabling OpenShift Cluster Metrics

Use the OpenShift Cluster Metrics plug-in to collect node, pod, and container metrics into one location. This helps track usage and find common issues.

5.3. Adding an OpenShift Container Platform Provider

After initial installation and creation of a ManageIQ environment, add an OpenShift Container Platform provider using the token obtained in Obtaining an OpenShift Container Platform Management Token and following the procedure below.

  1. Navigate to Compute ▸ Containers ▸ Providers.

  2. Click Configuration (Configuration), then click Add a New Containers Provider (Add Existing Containers Provider).

  3. Enter a Name for the provider.

  4. From the Type list, select OpenShift Container Platform.

  5. Enter the appropriate Zone for the provider. If you do not specify a zone, it is set to default.

  6. Select the Security Protocol.

  7. Enter the Hostname or IPv4 or IPv6 address of the provider.

    The Hostname must use a unique fully qualified domain name.

  8. Enter the API Port of the provider. The default port is 8443.

  9. Enter the OpenShift management token in the Token field. This is the token obtained earlier in Obtaining an OpenShift Container Platform Management Token.

  10. Enter the same token in the Confirm Token field.

  11. Click Validate to confirm that the ManageIQ can connect to the OpenShift Container Platform provider using the provided token.

  12. In the Hawkular tab, configure capacity and utilization metrics collection by providing [. You can also configure this later by editing the provider. ]

    1. Select the Security Protocol.

    2. Enter the Hostname or IPv4 or IPv6 address of the provider.

    3. Enter the API Port of the [provider].

  13. Click Add.

The "Added!" pop-up displays when the provider has been added.

5.4. Tagging Containers Providers

Apply tags to all containers providers to categorize them together at the same time.

  1. Navigate to Compute ▸ Containers ▸ Providers.

  2. Select the checkboxes for the containers providers to tag.

  3. Click Policy (Policy), and then Edit Tags(Edit Tags).

  4. Select a tag to assign from the drop-down menu.

    2219

  5. Select a value to assign.

  6. Click Save.

5.5. Removing Containers Providers

You may want to remove a containers provider from the VMDB if the provider is no longer in use.

  1. Navigate to Compute ▸ Containers ▸ Providers.

  2. Select the checkboxes for the containers providers to remove.

  3. Click Configuration (Configuration), and then Remove Containers Providers from the VMDB (Remove Containers Providers from the VMDB).

  4. Click OK.

5.6. Editing a Containers Provider

Edit information about a provider such as the name, hostname, IP address or port, and credentials.

  1. Navigate to Compute ▸ Containers ▸ Providers.

  2. Click the containers provider to edit.

  3. Click Configuration (Configuration), and then Edit Selected Containers Provider (Edit Selected Containers Provider).

  4. Edit the Basic Information. This varies depending on the Type of provider.

    The Type value is unchangeable.

    To use a different containers provider, create a new one.

  5. Edit the Credentials by typing in a new Token.

  6. Click Validate and wait for notification of successful validation.

  7. Click Save.

5.7. Viewing a Containers Provider’s Timeline

View the timeline of events for instances registered to a containers provider.

  1. Navigate to Compute ▸ Containers ▸ Providers.

  2. Click the desired containers provider for viewing the timeline.

  3. Click Monitoring (Monitoring), and then Timelines (Timelines).

  4. From Options, customize the period of time to display and the types of events to see.

    • Use Show to select regular Management Events or Policy Events.

    • Use the Interval dropdown to select hourly or daily data points.

    • Use Date to type the date for the timeline to display.

    • If you select to view a daily timeline, use Show to set how many days back to go. The maximum history is 31 days.

    • From the Level dropdown, select a Summary event, or a Detail list of events.

    • The three Event Groups dropdowns allow you to select different groups of events to display. Each has its own color.

Click on an item for more detailed information.

5.8. The Container Overview Page

Navigate to Compute ▸ Containers ▸ Object to view information on many different container objects.

5.8.1. Cross-Providers Insight

Cross-providers insight is a feature that connects all layers of infrastructure, cloud, and containers known to ManageIQ and collects data for analysis.

It supports cross-linking all of the layers available in the following environments:

  • OpenStack

  • Red Hat Virtualization

  • VMware vCenter

  • Amazon EC2

  • Google Cloud Engine

The collected information includes all the data available in other (infrastructure or cloud) providers.

For Amazon EC2 (AWS) and Google Cloud Engine (GCE) support, OpenShift must be installed using the relevant cloud provider. For more information, see the OpenShift Enterprise Installation and Configuration Guide, ensuring to use the desired version of OpenShift.

5.8.2. Working with the Containers Overview Page

The information on all containers providers and entities known to ManageIQ is summarized on the Containers Overview page. The Overview page provides links to other summary pages which contain further information on the containers providers and entities. The Overview page also provides metrics for Aggregated Node Utilization, Network Utilization Trend, New Image Usage Trend, Node Utilization, and Pod Creation and Deletion Trends.

Containers Overview

Working with the Containers Overview Page
  1. Navigate to Compute ▸ Containers ▸ Overview.

  2. Click the desired containers entity, or provider, if applicable, for viewing the summary with further information.

Viewing an Object Summary

Object summaries are found at Compute ▸ Containers ▸ <Object, and you can view information about a number of objects and their components.

Viewing a Containers Provider Summary

Navigate to Compute ▸ Containers ▸ Providers to view information on different aspects of a containers provider. The summary includes:

  • The status of the provider and its components.

  • The relationships between different entities of the containers provider. These relationships are summarized in the Relationships box on the right-hand side of the summary page.

    Entity Relationships

  • Additional information on aggregated capacity of all CPU cores of all nodes, and aggregated capacity of all memory of all nodes.

Viewing a Container Nodes Summary

Navigate to Compute ▸ Containers ▸ Container Nodes to view information on different aspects of a container node. The summary includes:

  • The number of entities on a node.

  • A node’s capacity and utilization.

  • The version of the underlying operating system and software.

To view the timeline of events for a node from a container nodes summary page, click Monitoring (Monitoring), and then Timelines (Timelines).

Viewing a Containers Summary

Navigate to Compute ▸ Containers ▸ Containers to view information on different aspects of a container. The summary includes:

  • The relationships of the container to a related node, pod, or image.

  • The node the container runs on.

  • The container ID.

  • Properties of the container image, such as name, tag, etc.

Viewing a Container Images Summary

Navigate to Compute ▸ Containers ▸ Container Images to view information on different aspects of a container image. The summary includes:

  • The containers currently using the images.

  • The image registry the image is from.

Viewing an Image Registries Summary

Navigate to Compute ▸ Containers ▸ Image Registries to view information on different aspects of an image registry. The summary includes:

  • Which images are from the registry.

  • The number of images that come from that registry.

  • Which containers use images from that registry.

  • The host and port of the registry.

Viewing a Pods Summary

Navigate to Compute ▸ Containers ▸ Pods to view information on different aspects of a pod. The summary includes:

  • The containers that are part of the pod.

  • The services that reference the pod.

  • The node the pod runs on.

  • If the pod controlled by a replicator.

  • The IP address of the pod.

Viewing a Replicators Summary

Navigate to Compute ▸ Containers ▸ Replicators to view information on different aspects of a replicator. The summary includes:

  • The number of requested pods.

  • The number of current pods.

  • The labels and selector for the replicator.

Viewing a Container Services Summary

Navigate to Compute ▸ Containers ▸ Container Services to view information on different aspects of a container service. The summary includes:

  • The pods that the container service provide traffic to.

  • The port configurations for the container service.

  • The labels and selector for the container service.

Viewing a Volumes Summary

Navigate to Compute ▸ Containers ▸ Volumes to view information on the persistent volumes of a container provider. The summary includes:

  • The pods the volume is connected to.

  • The volume’s connection parameters.

  • The volume’s storage capacity.

  • The volume’s iSCSI target details (if applicable).

Viewing a Container Builds Summary

Navigate to Compute ▸ Containers ▸ Container Builds to view different aspects of a container build. The summary includes:

  • The build configuration the container build is based on.

  • Which build instances have been created.

  • Which phase in the build process the instance has completed.

  • Which pod a build instance reside in.

Viewing a Container Templates Summary

Navigate to Compute ▸ Containers ▸ Container Templates to view different aspects of a container template. The summary includes:

  • The project the template is associated with.

  • The objects the template contains.

  • The parameters that can be used with the template’s objects.

  • The template’s version number.

5.8.3. Using the Topology Widget

The Topology widget is an interactive topology graph, showing the status and relationships between the different entities of the containers providers that ManageIQ has access to.

  • The topology graph includes pods, containers, services, nodes, virtual machines, hosts, routes, and replicators within the overall containers provider environment.

  • Each entity in the graph displays a color indication of its status.

  • Hovering over any individual graph element will display a summary of details for the individual element.

  • Double-click the entities in the graph to navigate to their summary pages.

  • It is possible to drag elements to reposition the graph.

  • Click the legend at the top of the graph to show or hide entities.

  • Click Display Names on the right-hand side of the page to show or hide entity names.

Using the Topology Widget
  1. Navigate to Compute ▸ Containers ▸ Providers.

  2. Click the desired containers provider for viewing the provider summary.

  3. On the provider summary page, click Topology in the Overview box on the right-hand side of the page.

5.8.4. Running a SmartState Analysis

Perform a SmartState Analysis of a container image to inspect the packages included in an image.

Running a SmartState Analysis
  1. Navigate to Compute ▸ Containers ▸ Container Images.

  2. Check the container image to analyze. You can check multiple images.

  3. Click Configuration (Configuration), and then Perform SmartState Analysis (Perform SmartState Analysis).

The container image is scanned. The process will copy over any required files for the image. After reloading the image page, all new or updated packages are listed.

To monitor the status of container image SmartState Analysis tasks, navigate to the settings menu, then Tasks. The status of each task is displayed including time started, time ended, what part of the task is currently running, and any errors encountered.

6. Storage Managers

In ManageIQ, a storage manager is a service providing storage resources that you can manage from a ManageIQ appliance. This chapter describes the different types of storage managers used by ManageIQ, and how to manage them.

Two types of storage managers are currently available to ManageIQ: OpenStack Block Storage (openstack-cinder) and OpenStack Object Storage (openstack-swift). OpenStack Block Storage provisions and manages block storage, whereas OpenStack Object Storage manages object storage within the cloud. These storage managers are discovered automatically by ManageIQ after adding an OpenStack cloud provider.

6.1. OpenStack Block Storage Managers

The OpenStack Block Storage service (openstack-cinder) provides and manages persistent block storage resources that OpenStack infrastructure instances can consume.

To use OpenStack Block Storage as a storage manager, you must first add an OpenStack cloud provider to your ManageIQ appliance and enable events. The Block Storage service will be automatically discovered by CloudForms and added to the Storage Managers list in ManageIQ. See Adding OpenStack Providers for instructions on adding a cloud provider and enabling events.

6.1.1. Creating Volumes on an OpenStack Block Storage Manager

You can create and attach volumes to your OpenStack Block Storage manager.

To create a volume:

  1. Navigate to Storage ▸ Volumes.

  2. Click Configuration (Configuration), then click 1862 (Add a new Cloud Volume).

  3. Enter a Volume Name.

  4. Enter the volume size in gigabytes (GB).

  5. Under Placement, select the cloud tenant to attach it to.

  6. Click Add.

After creating a volume, only the volume name can be edited.

6.1.2. Creating a Backup of a Volume

You can create a backup of a volume to protect against data loss, and restore it in the future.

The openstack-cinder-backup service must be enabled on the OpenStack Block Storage manager to create a volume backup.

To create a backup of a volume:

  1. Navigate to Storage ▸ Volumes.

  2. Click the volume you want to back up to open the volume’s summary page.

  3. Click Configuration (Configuration), then click Create a Backup of this Cloud Volume (Create a Backup of this Cloud Volume).

  4. Enter a name for the backup in Backup Name.

  5. (Optional) Select Incremental? to take an incremental backup of the volume instead of a full backup.

    You can take an incremental backup of a volume if you have at least one existing full backup of the volume. An incremental volume saves resources by capturing only changes made to the volume since its last backup. See Create an Incremental Volume Backup in the Red Hat OpenStack Platform Storage Guide for more information.

  6. Click Save.

View a volume’s backups by clicking Cloud Volume Backups on the volume’s summary page.

See Back Up and Restore a Volume in the Red Hat OpenStack Platform Storage Guide for more information about backups.

6.1.3. Restoring a Volume from a Backup

In case of data loss, you can restore a volume from a backup with the following steps:

  1. Navigate to Storage ▸ Volumes.

  2. Click the volume whose backup you want to restore. This will open the volume’s summary page.

  3. Click Configuration (Configuration), then click Restore from a Backup of this Cloud Volume (Restore from a Backup of this Cloud Volume).

  4. Select the volume to restore from in the Cloud Volume Backup list.

  5. Click Save.

6.1.4. Creating a Snapshot of a Volume

You can create a snapshot of a volume to preserve a volume’s state at a specific point in time. The snapshot can be used to create a duplicate of the volume.

To create a snapshot of a volume:

  1. Navigate to Storage ▸ Volumes.

  2. Click the volume to snapshot to open the volume’s summary page.

  3. Click Configuration (Configuration), then click Create a Snapshot of this Cloud Volume (Create a Snapshot of this Cloud Volume).

  4. Enter a name for the snapshot in Snapshot Name.

  5. Click Save.

View a volume’s snapshots by clicking Cloud Volume Snapshots on the volume’s summary page.

See Create, Use, or Delete Volume Snapshots in the Red Hat OpenStack Platform Storage Guide for more information about snapshots.

6.1.5. Attaching a Volume to an Instance

To attach a volume to an OpenStack instance:

  1. Navigate to Storage ▸ Volumes.

  2. Select the volume to attach.

  3. Click Configuration (Configuration), then click Attach selected Cloud Volume to an Instance (Attach selected Cloud Volume to an Instance) to open the Attach Cloud Volume screen.

  4. Select an instance from the list.

  5. (Optional) Enter the Device Mountpoint.

  6. Click Attach.

6.1.6. Detaching a Volume from an Instance

To detach a volume from an OpenStack instance:

  1. Navigate to Storage ▸ Volumes.

  2. Select the volume to detach.

  3. Click Configuration (Configuration), then click Detach selected Cloud Volume from an Instance (Detach selected Cloud Volume from an Instance) to open the Detach Cloud Volume screen.

  4. Select an instance from the list.

  5. Click Detach.

6.1.7. Editing a Volume

Only the volume name can be edited on an existing volume.

To edit a volume’s name:

  1. Navigate to Storage ▸ Volumes.

  2. Select the volume to edit to open its summary page.

  3. Click Configuration (Configuration), then click Edit this Cloud Volume (Edit this Cloud Volume).

  4. Enter the new Volume Name.

  5. Click Save.

6.1.8. Deleting a Volume

To delete a volume from the OpenStack Block Storage manager:

  1. Navigate to Storage ▸ Volumes.

  2. Select the volume to delete.

  3. Click Configuration (Configuration), then click 1861 (Delete selected Cloud Volumes).

6.2. OpenStack Object Storage Managers

The OpenStack Object Storage (openstack-swift) service provides cloud object storage.

To use the OpenStack Object Storage service as a storage manager, you must first add an OpenStack cloud provider to your ManageIQ appliance and enable events. The Object Storage service will be automatically discovered by CloudForms and added to the Storage Managers list in ManageIQ. See Adding OpenStack Providers for instructions on adding a cloud provider and enabling events.

6.2.1. Viewing Object Stores

The object store summary page shows details including the object store’s size, parent cloud, storage manager, cloud tenant, and the number of cloud objects on the object store.

In ManageIQ, view object stores on a object storage manager by following these steps:

  1. Navigate to Storage ▸ Object Stores to display a list of object store containers.

  2. Click a container to open a summary page for that object store container.

  3. Click Cloud Objects to view a list of object stores in the object store container.

  4. Click an object store from the list to view the object store’s summary page.