VMware Integrated OpenStack (VIO) enables SSL encryption by default and will be installed with a self-signed certificate. In order to provide your own certificate from a trusted CA, the VIO management VM includes command-line tools for the vSphere administrator.
The first step is to generate the CSR for the environment.
$ sudo viocli deployment cert-req-create
The workflow will ask for some details and then output the CSR, which you can provide to your trusted CA of choice.
After you receive your signed certificate, append all of the CRT files to a single file.
$ cat intermediate1.crt intermediate2.crt root.crt server.crt >> /path/certificate.crt
The final step is to push the new certificate out to the VIO Load Balancers running in the environment.
$ sudo viocli deployment cert-update -p -f /path/certificate.crt
The output will include the following:
Once completed, you can check to see that the new certificate(s) were installed properly by logging into the Load Balancer VMs.
$ ssh usa1-2-violb1 $ cd /etc/ssl $ sudo cat vio.pem
Being able to monitor OpenStack is key when running a production private cloud. Fortunately, VMware has provided several tools for monitoring OpenStack — specifically VMware Integrated OpenStack — when deployed in a production environment. If your environment is already leveraging vRealize Operations, there is a management pack for OpenStack and NSX that when used together will provide dashboards and pre-defined alerts for OpenStack.
vRealize Operations Management Pack for OpenStack
Available on the VMware Solution Exchange website, the vRealize Operations Management Pack for OpenStack provides integration between vRealize Operations and VMware Integrated OpenStack. The management pack includes several pre-installed dashboards, collecting data through the native OpenStack APIs.
The management pack requires the vRealize Operations Management Pack for NSX also be installed, to correctly gather data related to the OpenStack Neutron service.
The management pack includes the following dashboards which can be leveraged to gain a deeper understanding of the OneCloud OpenStack environment from an operations standpoint.
- OpenStack Services
- OpenStack Compute Infrastructure
- OpenStack Network Infrastructure
- OpenStack vCenter Storage Infrastructure
- OpenStack Tenants
The OpenStack Services dashboard displays the status the of the OpenStack services running on the VMware Integrated OpenStack management virtual machines.
vRealize Operations Endpoint Agent for OpenStack
The vRealize Operations monitoring capabilities can be enhanced when the Endpoint Agent for OpenStack is installed on the OpenStack management virtual machines. As stated in the vRealize Operations Management Pack for OpenStack documentation, the Endpoint Agent can monitor the following services and displaying their status in the vRealize Operations OpenStack Services dashboard.
The VMware Integrated OpenStack OMS virtual machine provides an automated installation workflow for the Endpoint Agent on each of the management nodes. The workflow can be leveraged post-deployment to facilitate the installation of the required Endpoint Agent package on the local operating system.
Further details on the exact process of installing the Endpoint Agent (epops) can be viewed here.
Having these pieces of software included in your environment will help ensure the monitoring of the services and the capacity within an OpenStack cloud is being taken care of correctly. Of course there are other tools that can be leveraged as well, however I have found these to be extremely useful within my vSphere environments. The blog post tomorrow will be an overview of the alert definitions the vRealize Operations Management Pack for OpenStack includes.
Two of my team members (@jfvanrooyen and @tgelter) have been heads-down and hard at work for the past 6+ months working on architecting and building our OpenStack private cloud environment for the Adobe Digital Marketing Cloud. The efforts of their hard work have been rewarded by becoming the official OpenStack reference architecture for VMware Integrated OpenStack!
Congratulations to them both! Reach out to any of us if you have questions around our efforts to implement OpenStack in a robust, large-scale enterprise environment.