VFoglight: Difference between revisions
m (minor updates) |
(Added "Active Directory Integration") |
||
Line 65: | Line 65: | ||
{|cellpadding="4" cellspacing="0" border="1" | {|cellpadding="4" cellspacing="0" border="1" | ||
|- style="background-color:#ee4444;" | |- style="background-color:#ee4444;" | ||
! Be aware that there is a bug in the vFoglight interface, every time you edit the form you must re-enter the password information | ! Be aware that there is a bug in the vFoglight interface, every time you edit the ''Configure Directory Services'' form you must re-enter the password information | ||
|- | |- | ||
|} | |} | ||
# Create service account on GMI domain | |||
#* EG for DTCP-VIRFOGV01 create <code> -sVFOGDTCP-VIRFOGV01 </code> using something like | |||
#* <code> dsadd user "cn=-sVFOGDTCP-VIRFOGV01, cn=Users, dc=gmi, dc=dtc, dc=reuint, dc=com" - pwd "password-here" -pwdneverexpires yes -disabled no </code> | |||
# Log into vFoglight (as foglight/foglight), and navigate to '''Dashboards | Users & Security | Configure Directory Services''' | |||
# Configure AD integration using the table below, leave all other fields as is | |||
# Kick start AD integration | |||
#* Log out of the vFoglight interface, then log in as a GMI domain user (ie yourself). The login should partially succeed, and you should receive a error message like | |||
#* ''You logged in as user 123456 and do not have access to the application.'' | |||
#* If not, check the latest ManagementServer log at <code> .\Program Files\vizioncore\vFoglight\logs\ </code> and attempt to resolve. | |||
# Log into vFoglight (as foglight/foglight), and navigate to '''Dashboards | Users & Security | Manage Groups''' | |||
# You should see both local (Built-In and Internal) groups, and External (from the AD domain). | |||
# Give VI Admins login access to vFoglight | |||
#* Highlight the '''VI Administrators''' group, and click on '''Edit Roles''' button. | |||
#* Add all roles to the group and save. | |||
#* Test by logging out of vFoglight and logging back in as a domain user | |||
{|cellpadding="4" cellspacing="0" border="1" | |||
|- style="background-color:#bbddff;" | |||
! Field !! Description !! Example | |||
|- | |||
| Nearest LDAP server || Primary Domain Controller || <code> ldap://dtcp-gmiadsc01.gmi.dtc.reuint.com:389/ </code> | |||
|- | |||
| Secondary LDAP server URL || Secondary Domain Controller || <code> ldap://dtcp-gmiadsc02.gmi.dtc.reuint.com:389/ </code> | |||
|- | |||
| Distinguished name of the service account || vFoglight server's Service Account || <code> CN=-sVFOGDTCP-VIRFOGV01,CN=Users,DC=gmi,DC=dtc,DC=reuint,DC=com </code> | |||
|- | |||
| Password || vFoglight Service Account password || ''Password for -sVFOGDTCP-VIRFOGV01'' | |||
|- | |||
| LDAP query prefix || Query prefix for user a/c finding || <code> CN= </code> | |||
|- | |||
| LDAP query suffix || Query suffix for user a/c finding, note the leading ''',''' || <code> ,DC=gmi,DC=dtc,DC=reuint,DC=com </code> | |||
|- | |||
| The scope(s) to search for groups || Where to look for domain user groups || <code> DC=gmi,DC=dtc,DC=reuint,DC=com </code> | |||
|- | |||
| The LDAP context for user searching || Where to look for domain users || <code> DC=gmi,DC=dtc,DC=reuint,DC=com </code> | |||
|- | |||
|} | |||
= Troubleshooting = | = Troubleshooting = |
Revision as of 10:35, 3 August 2009
- General support documentation can found on Vizioncore's website: http://www.vizioncore.com/vzone/index.php.
- Note that the local vFoglight server is known as an FMS or local child server, the global server is a Federation Master.
Maintenance and Procedures
Software Upgrade
Be aware that during the upgrade, stopping/starting vFoglight service, and database changes/upgrades may take some time. Cancelling the upgrade during any of these steps could corrupt the database.
- Copy installer to server
- Restart the server
- Start the installer, and select the Custom method
- Change the drive letter for the install path (probably S: - leave rest of path intact)
- Select Upgrade
- If the Agent installer pops up, cancel it.
- Once the upgrade completes...
- Verify you can login to vFoglight (it can take 5 mins+ for the services to start fully after the upgrade, be patient)
- If a master/global Federation server, confirm this is still the case. Browse to Dashboards | Administration | Administration, and check the Federation mode is "Master". If not, correct the config in
.\Program Files\Vizone\config\foglight.config
so thatfoglight.federation = true
, then restart the server and re-verify.
Cartridge Install / Upgrade
If upgrading a cartridge, you must uninstall the current version 1st...
- Browse to Dashboards | Administration | Administration, and in the Navigation pane click on Cartridges | Inventory
- Select the relevant cartridge, and use the Uninstall Selected button.
Install the cartridge...
- Download the cartridge .car file to your local machine
- Browse to Dashboards | Administration | Administration, and in the Navigation pane click on Cartridges | Inventory
- Use the Browse button to locate the .car, then click on Install Cartridge
- Verify that the expected version of cartridge has been installed
Dashboard Creation
This procedure assumes the VM's you want to view via a dashboard are contained within a resource group, in this instance called DTCP-S-NGTXRSP.
- Locate the resource pool...
- From the left hand menu, navigate to Dashboards | Virtual | VMware | vmExplorer, then find the resource pool in the Virtual Infrastructure topology.
- Create Dashboard...
- From the right hand menu, on the General tab, select Create new dashboard
- Give the dashboard a sensible name, eg "RSP VM dashboard for NGTx team"
- Set the Relevant Role(s) to be the intended audience groups
- Set the Allowed Role(s) to include all groups that should be allowed to see the dashboard (always include Administrators)
- Enter a description into the Help text box, if required
- Customise Dashboard...
- On the General tab select 1 column
- On Data tab, navigate to Data | Virtual | VMware | Resource Pools
- Drag and drop the DTCP-S-NGTXRSP (VMWResourcePool) object into the central pane
- Select the Utilizations: Resource Pool view
- Add further object views as per complete table below (ie you've already done the 1st)
Object | View |
---|---|
DTCP-S-NGTXRSP (VMWResourcePool) | Utilizations: Resource Pool |
DTCP-S-NGTXRSP (VMWResourcePool) | Reportlet: Advanced Alarm History |
DTCP-S-NGTXRSP (VMWResourcePool) | Alarm List with Filter (TopologyObject) |
Data (VMWResourcePool: DTCP-S-NGTXRSP (VMWResourcePool)/virtualMachines | vmExplorer: VMCPUdetails (used/ready) |
Active Directory Integration
Procedure to enable vFoglight to authenticate user logins on AD domain, and to be able to use AD groups. The vFoglight server needs a service account in order to be able to interact with AD domain.
Be aware that there is a bug in the vFoglight interface, every time you edit the Configure Directory Services form you must re-enter the password information |
---|
- Create service account on GMI domain
- EG for DTCP-VIRFOGV01 create
-sVFOGDTCP-VIRFOGV01
using something like dsadd user "cn=-sVFOGDTCP-VIRFOGV01, cn=Users, dc=gmi, dc=dtc, dc=reuint, dc=com" - pwd "password-here" -pwdneverexpires yes -disabled no
- EG for DTCP-VIRFOGV01 create
- Log into vFoglight (as foglight/foglight), and navigate to Dashboards | Users & Security | Configure Directory Services
- Configure AD integration using the table below, leave all other fields as is
- Kick start AD integration
- Log out of the vFoglight interface, then log in as a GMI domain user (ie yourself). The login should partially succeed, and you should receive a error message like
- You logged in as user 123456 and do not have access to the application.
- If not, check the latest ManagementServer log at
.\Program Files\vizioncore\vFoglight\logs\
and attempt to resolve.
- Log into vFoglight (as foglight/foglight), and navigate to Dashboards | Users & Security | Manage Groups
- You should see both local (Built-In and Internal) groups, and External (from the AD domain).
- Give VI Admins login access to vFoglight
- Highlight the VI Administrators group, and click on Edit Roles button.
- Add all roles to the group and save.
- Test by logging out of vFoglight and logging back in as a domain user
Field | Description | Example |
---|---|---|
Nearest LDAP server | Primary Domain Controller | ldap://dtcp-gmiadsc01.gmi.dtc.reuint.com:389/
|
Secondary LDAP server URL | Secondary Domain Controller | ldap://dtcp-gmiadsc02.gmi.dtc.reuint.com:389/
|
Distinguished name of the service account | vFoglight server's Service Account | CN=-sVFOGDTCP-VIRFOGV01,CN=Users,DC=gmi,DC=dtc,DC=reuint,DC=com
|
Password | vFoglight Service Account password | Password for -sVFOGDTCP-VIRFOGV01 |
LDAP query prefix | Query prefix for user a/c finding | CN=
|
LDAP query suffix | Query suffix for user a/c finding, note the leading , | ,DC=gmi,DC=dtc,DC=reuint,DC=com
|
The scope(s) to search for groups | Where to look for domain user groups | DC=gmi,DC=dtc,DC=reuint,DC=com
|
The LDAP context for user searching | Where to look for domain users | DC=gmi,DC=dtc,DC=reuint,DC=com
|
Troubleshooting
vFoglight not updating
Pages are accessible, but not updating (normally animated dials etc are grey/black). Caused by lack of data flow from VC server to the vFoglight server. To resolve, check vFoglight services on the vCenter and potentially reinstall the vFoglight agent on the VC server...
- On VC, browse to vFoglight server
- Go to Administration, then Cartridges | Component Download
- Install the Virtual VMware Agent (accept all default options, Next, Next, Next)
- Ensure vFoglight services are running on VC
On the Federation vFoglight server, the problem is caused by a lack of data to the source FMS/local vFoglight server, or a problem between that server and the master Federation server.