HP CloudSystem 8.0 Administrator Guide Abstract This information is for use by administrators using HP CloudSystem Foundation and Enterprise Software 8.0, who are assigned to configure and provision compute resources for deployment and use in virtual data centers. This guide provides instructions on using the CloudSystem Foundation Console and Portal user interfaces, as well as introducing the CloudSystem command line interface.
© Copyright 2014 Hewlett-Packard Development Company, L.P. Microsoft® and Windows® are U.S. registered trademarks of the Microsoft group of companies. Red Hat® is a registered trademark of Red Hat, Inc. in the United States and other countries. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S.
Contents I Understanding HP CloudSystem...................................................................11 1 Welcome to HP CloudSystem Administrator Guide....................................12 Features............................................................................................................................13 2 Concepts and architecture.....................................................................15 How it works......................................................................
How to contact HP.............................................................................................................41 Registering for software technical support and update service..................................................41 HP authorized resellers.......................................................................................................41 Documentation feedback....................................................................................................
Downloading and importing a self-signed certificate...............................................................67 Verifying a certificate.........................................................................................................68 III Resource configuration in CloudSystem Foundation.......................................69 11 Overview: Configuring compute resources..............................................70 Configuring cloud resources...................................................
About volume types............................................................................................................91 How are volume types used?..........................................................................................91 Managing volume types.................................................................................................91 Understanding volume types data...............................................................................
Interpreting the Dashboard data........................................................................................114 Compute....................................................................................................................114 Network....................................................................................................................114 Storage......................................................................................................................
Reboot appliance after serious error..............................................................................143 Cannot restart or shut down appliance...........................................................................143 Generated host name of the base appliance is sometimes visible......................................143 Audit log...................................................................................................................144 Cannot create a support dump file ............
Create image action is unsuccessful...............................................................................164 Edit image action is unsuccessful...................................................................................165 Image server storage configuration is unsuccessful...........................................................165 Base folder of the ESX cluster shared datastore may contain files related to unused images....
Host or proxy connection errors.....................................................................................184 csadmin --version does not display the correct version number...........................................184 Some options returned by csadmin –help are not supported..............................................184 30 Troubleshoot Enterprise......................................................................185 Troubleshooting the Enterprise appliance.....................................
Part I Understanding HP CloudSystem
1 Welcome to HP CloudSystem Administrator Guide HP CloudSystem works in converged infrastructure environments and provides a software-defined approach to managing the cloud. CloudSystem consists of two offerings: • HP CloudSystem Foundation is based on the HP Cloud OS distribution of OpenStack Cloud Software. It integrates hardware and software to deliver core Infrastructure as a Service (IaaS) provisioning and lifecycle management of compute, network and storage resources.
storage, and networking. Enterprise also includes an enhanced set of Operations Orchestration workflows. See CloudSystem Enterprise components (page 20) for more information.
• Define and configure virtual machines. The number of CPUs and amount of memory to assign to a virtual machine is designated by selecting the flavor (instance type) to associate with a virtual machine. See Virtual machine configuration for compute services (page 108). • Deploy virtual machine instances with VLAN networks and HP 3PAR virtual machine block storage using the CloudSystem Portal. See Provision a cloud in Foundation (page 117).
2 Concepts and architecture CloudSystem provides you with the flexibility of virtualized compute resources, networks, and storage. With CloudSystem, you configure, manage, and deploy infrastructure services into a cloud environment for access by your end users. How it works Figure 3 illustrates the relationship between CloudSystem Foundation, the Foundation virtual appliances, CloudSystem Enterprise, and the underlying network infrastructure.
Figure 3 CloudSystem appliances and network infrastructure See the HP CloudSystem Installation and Configuration Guide at the Enterprise Information Library for an expanded discussion of network architecture and initial network configuration. Associated appliances The following appliances are automatically created after the Cloud Networking settings are saved. For more information, see Networks in CloudSystem Foundation (page 19).
The following appliance is automatically created after an ESX cluster is imported. (No proxy appliances are started in a KVM-only environment.) Proxy appliance Acts as a communication mechanism between OpenStack technology and VMware vCenter Server, and runs the OpenStack agents for up to twelve clusters for each vCenter Server. Additional appliances are automatically created when the number of new clusters added to the cloud are reached.
access the CloudSystem Console or Portal, the login information entered is checked against the user attributes stored in the database. Alternatively, you can use an external authentication directory service (also called an enterprise directory) to provide a single sign-on for groups of users instead of maintaining individual local login accounts. Examples of an authentication directory service include Microsoft Windows Active Directory or OpenLDAP (LDAP - Lightweight Directory Access Protocol).
back to the cloud. From the console, you can activate compute nodes, configure networks and storage, and perform maintenance tasks on the Foundation and Enterprise appliances. CloudSystem Portal Web-based interface for creating, launching, and managing virtual machine instances. The portal can be accessed by appending /portal to the Foundation appliance URL (for example, https://192.0.2.2/portal).
Network tasks and user roles The following table lists CloudSystem network tasks according to user roles and the interfaces used to perform them.
Topology Designer and Sequential Designer The HP CSA graphical service design and content portability tools simplify developing, leveraging, and sharing an array of service offerings that can be tailored to your end users’ needs. You can use two different designers to design new cloud services with reusable service design templates. • Use Topology Designer to create infrastructure service designs. • Use Sequential Designer to create more complex application service designs.
3 Security in CloudSystem CloudSystem security depends in part on the security level that you chose when you installed CloudSystem Foundation and on your work practices. This chapter describes security concepts to consider when working with browsers, certificates, and networks for secure communication and transfer of data among the appliances, networks, and computes nodes in a CloudSystem virtualized data center.
The following table comprises a partial list of security best practices that HP recommends in both physical and virtual environments. Differing security policies and implementation practices make it difficult to provide a complete and definitive list. Topic Best Practice Accounts • Limit the number of local accounts. Integrate the appliance with an enterprise directory solution such as Microsoft Active Directory or OpenLDAP.
Topic Best Practice Updates • Ensure that a process is in place to determine if software and firmware updates are available, and to install updates for all components in your environment on a regular basis. Virtual Environment • Most security policies and practices used in a traditional environment apply in a virtualized environment. However, in a virtualized environment, these policies might require modifications and additions.
• Always log out before closing the browser. In the browser, a memory-based cookie stores the authenticated user’s session ID. Memory-based cookies are deleted when you close the browser. When you log out, the session on the appliance is invalidated. • Avoid clicking links outside the appliance UI. While logged in to the appliance, avoid clicking links in email or instant messages. The links might be malicious and take advantage of your login session.
and expiration are dictated by the site security policy. If you integrate an external authentication directory service (also known as an enterprise directory) with the appliance, the directory service enforces password strength and expiration.
4 Installation A successful install and configuration of CloudSystem software depends on the preparation done beforehand. See the HP CloudSystem Installation and Configuration Guide on the Enterprise Information Library for the following information.
5 Navigating the CloudSystem Console GUI This chapter provides you with an overview of the GUI functions in the CloudSystem Console. More information about using these features is located in the CloudSystem Console Help. About the graphical user interface The image shown below illustrates important areas in the CloudSystem Console graphical user interface.
6 7 8 Actions menu: Access the available actions that you can perform on a resource. Actions menus contain only tasks that can be performed on a specific resource. Details pane: View the details for the resource area you have open. Master pane: Manage the display of information in the Details pane for each specific resource. You can use filters and sorting to control the display of information.
1 The default Activity view shows all active notifications. Use the filters and date range selectors on the Filters menu bar to filter all stored notifications. You can also click the icon to expand (or collapse) the filter banner, which contains the same selection choices in a vertical presentation. 2 3 4 Click the icon to expand the view of a notification, or click the icon to collapse the view. Click the link to view details about the resource associated with this notification.
Each alert includes the following information about the event it reports: severity, state, description, and urgency. You can clear alerts, assign owners to alerts, and add notes to alerts. While alerts have an active or locked state, they contribute to a resource’s overall displayed status. After you change their state to Cleared, they no longer affect the displayed status. IMPORTANT: The appliance keeps a running count of incoming alerts.
Activity State Description Cleared activities do not affect the resource’s health status and they are not counted in the displayed summaries. Task Completed The task started and ran to completion. Running The task has started and is running, but has not yet completed. Pending The task has not yet run. Interrupted The task ran, but was interrupted. For example, it could be waiting for a resource Error A task failed or generated a Critical alert. Investigate Error states immediately.
Large icon Small icon Resource Activity Notification Explanation OK Informational Component is active. No action needed. Unknown Informational Component is not known to the cloud and is not in an active state within the cloud. Determine if intervention is needed. An In progress rotating icon indicates that a change is being applied or a task is running.
Informational icons Icon Name Description Activity control Provides information about recent task activities for operations, user actions, and resources Session control Displays your login name and the duration of your current session. Also provides a link you can use to log out of the appliance. Help control • When this icon is at the top of a dialog box, you can click it to open context-sensitive help for that topic in another window or tab.
Language This version is available in US English, Japanese, and Simplified Chinese. Set your browser language preference to one of these languages. To ensure that server-generated messages are displayed in the same language as the browser displays, set the Locale in the Time and Language section of the Settings: Appliance screen to match the browser language.
When you find what you are looking for in the search results, which are organized by type, select the item to navigate to it. Table 2 Advanced searching and filtering with properties Example of advanced filtering syntax Search results By model name: All hardware that match the model number and name. model: "BladeSystem c7000 Enclosure G2" model: "ProLiant BL460c Gen8" model: "HP VC 8Gb 20-Port FC Module" By name or address: 36 name: enclosure10 An enclosure with the name enclosure10. name: "192.0.
6 Support and other resources IMPORTANT: This product contains a technical feature that will allow an on-site authorized support representative to access your system, through the system console, to assess problems that you have reported. This access will be controlled by a password generated by HP that will only be provided to the authorized support representative. You can disable access at any time while the system is running. HP technical support personnel are not granted remote access to the appliance.
Token Description Result The result of the action, which can be one of the following values: • SUCCESS • FAILURE • SOME_FAILURES • CANCELED • KILLED Action Severity A description of the action, which can be one of the following values: • ADD • LIST • UNSETUP • CANCELED • MODIFY • ENABLE • DEPLOY • LOGIN • DELETE • DISABLE • START • LOGOUT • ACCESS • SAVE • DONE • DOWNLOAD_START • RUN • SETUP • KILLED A description of the severity of the event, which can be one of the following value
2. The appliance generates a compressed file of the audit logs and downloads it to your local computer. The compressed file is named following this format: audit-logs-yyyy_mm_dd-hh_mm_ss yyyy_mm_dd indicates the date, and hh_mm_ss indicates the time the file was created. The name of the audit log file is displayed on the screen. The audit log file is downloaded to the default download folder. If no default download folder is configured in your browser, you are prompted to specify a destination file.
2. Choose whether or not to encrypt the support dump file: a. To encrypt the support dump file, confirm that the Enable support dump encryption check box is selected. b. To turn off encryption, clear the Enable support dump encryption check box. 3. Click Yes, create. You can continue doing other tasks while the support dump file is created. 4. 5. The support dump file is downloaded when this task is completed.
How to contact HP Use the following methods to contact HP: • To obtain HP contact information for any country, see the Contact HP worldwide website: http://www.hp.com/go/assistance • Use the Get help from HP link on the HP Support Center: http://www.hp.com/go/hpsc • To contact HP by telephone in the United States, use the Contact HP – Phone Assist website to determine the telephone number that precisely fits your needs. For continuous quality improvement, conversations might be recorded or monitored.
HP CloudSystem documents The latest versions of HP CloudSystem manuals and white papers can be downloaded from the Enterprise Information Library at http://www.hp.com/go/CloudSystem/docs, including the following documents: • HP CloudSystem 8.0 Release Notes • HP CloudSystem 8.0 Installation and Configuration Guide • HP CloudSystem 8.
HP Insight Management documents The latest versions of HP Matrix Operating Environment manuals, white papers, and the HP Insight Management Support Matrix can be downloaded from the HP Enterprise Information Library at http://www.hp.
4. 5. Select a specific product from the resulting list. On the specific product support page, locate the search fields at the top right of the web page. The top search field will contain the product name that you selected earlier in your search. 6. In the second search field below the first, type “manuals” and press Enter. If the list of documents is long, it might take a few seconds to load the page with the search results. 7.
Part II CloudSystem Foundation appliances management
7 Manage the Foundation appliances This part of the Administrator Guide will help you with tasks necessary to configuring aspects of the appliances themselves. Specifically, you can learn how to set up and manage enterprise directory users and groups, secure appliance data transfer, and manage licenses. See also Troubleshoot the CloudSystem appliances (page 141).
3. 4. Edit any of the appliance network characteristics. For information, click Help on this page in the CloudSystem Console. Click OK to reconfigure the appliance network. Change the DNS server Prerequisites • Minimum required privileges: Infrastructure administrator • You have the IP address of the new DNS server. Procedure 5 Changing the DNS server 1. From the main menu, navigate to the Settings screen. 2. 3. Click the Edit icon in the Appliance panel.
2. 3. Select Yes, restart in the dialog box. Log in when the login screen reappears. Reboot Foundation appliances If you encounter a serious error, you can reboot the Foundation base appliance by following instructions for rebooting virtual machines running on an ESX cluster (See VMware vSphere documentation) or by entering a command on the KVM management hypervisor. The Foundation base appliance cannot be rebooted from the CloudSystem Console.
IMPORTANT: When the update begins, non-critical services on all appliances (not just those being updated) are stopped, including HP Operations Orchestration. (Operations Orchestration work flows are not accessible during the update.) Critical services, such as the database and update services, are not stopped. If the update installation fails, the appliances revert back to their previous states and are restarted.
3. Once you are ready to install an uploaded image file: a. Return to the Update Foundation Appliances screen. (Settings→Actions→Update Foundation appliances). b. Examine the “File” name line. If the image you previously uploaded is not listed, then browse to select it. c. Proceed with step 2 in Uploading and installing an update file immediately. Procedure 11 Updating the Foundation appliances: Uploading and installing an update file immediately 1.
IMPORTANT: The tasks you complete to disassemble a CloudSystem installation depend upon your business requirements for reusing the CloudSystem components. It is important that you select the correct procedure and complete the steps that are appropriate for your requirements. • Disassembling a CloudSystem installation to reuse the underlying physical infrastructure (page 51). • Disassembling a CloudSystem installation without removing the management cluster or hypervisor (page 51).
8 Manage users and groups Use the information in this chapter to learn how to configure user authentication, either locally or using an enterprise directory, and to define user privileges based on job responsibilities, or role, in using this software. See also Troubleshooting users and groups (page 146). About user roles User roles enable you to assign permissions and privileges to users based on their job responsibilities.
Table 4 CloudSystem Portal roles Role Type of user Associated permissions or privileges Notes Admin Cloud View the Admin tab in the CloudSystem administrator Portal. A Cloud administrator created in the CloudSystem Portal can view and manage all resources in the CloudSystem Portal. Administrative users can view usage and manage instances, volumes, flavors, images, The Cloud administrator can log into the projects, users, services, and quotas.
After the directory service is configured, any user in the group can log in to the appliance. On the login window, the user: • Enters their user name (typically, the Common-Name attribute, CN). • Enters their password. • Selects the authentication directory service. This box appears only if you have added an authentication directory service to the appliance.
After you add an authentication directory service and server You can: • Allow local logins only, which is the default. • Allow both local logins and logins for user accounts authenticated by the directory service. • Disable local logins so that only users whose accounts are authenticated by the directory service can log in. Local accounts are prevented from logging in. HP does not recommend disabling local logins.
4. 5. Enter the data requested on the screen. See Editing Active Directory search context (page 56) or Editing OpenLDAP search context (page 57) for more information. Click Add to add the authentication directory service or click Add+ to add more directory services. Determining search context when editing a directory To specify the search context on the Edit Security screen, it it helpful to know some details about the internal structure of the LDAP server.
What should I specify for the Base DN (third text box) in the search context? Specify the domain label and domain in which the user is authenticated. For example, for smith.lab.users.example.com, specify DC=example, DC=com.
Limitations: Directory tree • Active Directory: Groups must be located under the user search base. Following are two examples: CN=Users OU=US,OU=Users,OU=Accounts • OpenLDAP: Groups must be located under OU=Groups from the Base DN. Limitations: Directory schema An LDAP schema is a set of definitions and constraints about the structure of the directory information tree.
4. 5. Click Add a directory server. Enter the data requested on the screen. Click “Help on this page” in the CloudSystem Console for more information. a. Specify the host name (not the IP address) of the directory server, and the server port number. The port is used to communicate with the LDAP server using the LDAPS protocol. The default port for LDAP over SSL is 636. b. Obtain the directory server certificate.
e. Select the role. The role assignment specifies the permission level for all users in the group. See About user roles (page 52) for more information. NOTE: If you are using an external authentication directory service, in the CloudSystem Console, the role assignment is made to the group rather than to individual users. Therefore, all users in a group who log in to the CloudSystem Console have the same role assignment (for example, Full or Read only).
Allow local logins The appliance is configured to allow local logins by default. If you disabled local logins so that you could use an authentication directory service exclusively, use this procedure to allow local logins. Prerequisites • Minimum required privileges: Infrastructure administrator Procedure 19 Allowing local logins 1. 2. 3. 4. From the main menu, select Settings. Click the Edit icon in the Security area. Select the Allow local login check box on the Edit Security screen. Click OK.
Procedure 21 Resetting the administrator password 1. From the console appliance login screen, switch to the pwreset login screen by pressing Ctrl+Alt+F1. To return to the console’s login screen, press Ctrl+Alt+F2. NOTE: For VMware vSphere users, Ctrl+Alt is used for another function. To send the command to the console, you must press Ctrl+Alt+Spacebar then press Ctrl+Alt+F1. For KVM users, to send the command to the console, you must select Send Key→Ctrl+Alt+F1 menu item from the Virtual Machine Manager.
9 Manage licenses You can manage licenses from the CloudSystem Console. Use the information in this chapter to manage and track your license compliance. About licenses CloudSystem software licensing is based on one of the following options, as recorded in the license terms in your purchase agreement.
CloudSystem Enterprise Software NOTE: Use the Cloud Service Management Console in the Enterprise appliance to view, add, and remove HP CSA license keys. In the free trial period (the first 90 days), if you have not yet added a license key, HP CSA limits the number of new instances you can create. To add HP CSA license keys, first install CloudSystem Enterprise from the CloudSystem Console Enterprise screen. Then click the link for HP CSA to launch the management console.
console, the Enterprise license key to the Cloud Service Management Console in the Enterprise appliance, and the Matrix OE license to the CMS. • CloudSystem Foundation licenses include one key. This key enables the use of the CloudSystem Foundation appliance. • CloudSystem Enterprise licenses include four or more keys.
The encrypted key string is expected to be a series of character/number blocks separated by spaces. The annotation includes space separated fields representing an HP sales order number, a product number, a product description, and an EON (entitlement order number).
10 Manage security Primarily, securing CloudSystem appliances require attention to properly managing certificates. This chapter and Security in CloudSystem (page 22) provide guidance on using certificates in CloudSystem. See also Troubleshooting security settings (page 149). Note that this software provides the ability to enable or disable service access.
3. 4. 5. 6. Click the Details tab. Verify the certificate. Select Copy to File... Use the Certificate Export Wizard to save the certificate as Base-64 encoded X.509 file. Procedure 26 Importing a self-signed certificate with Microsoft Internet Explorer 9 1. 2. 3. 4. 5. Select Tools→Internet Options. Click the Content tab. Click Certificates. Click Import. Use the Certificate Import Wizard. a. When it prompts you for the certificate store, select Place…. b.
Part III Resource configuration in CloudSystem Foundation
11 Overview: Configuring compute resources Use this part of the Administrator Guide to learn when and how to use the CloudSystem Foundation Console to configure, monitor and manage virtual compute resources. This chapter outlines a suggested order in which you can proceed and provides a table of maximum supported configuration values that you can use to plan your cloud size. The remaining chapters are organized primarily by compute resource category.
Configuring cloud resources in CloudSystem Console CloudSystem Foundation Task 1. Add a Provider Network A Provider Network is part of the Cloud Data Trunk, which is the physical network hosting the VLANs that OpenStack networking makes available to users. The Cloud Data Trunk provides communication for compute nodes and virtual machine instances. 2. Add one or more images An image is a template for a virtual machine file system.
Configured resource Maximum number supported CloudSystem Portal users simultaneously configuring OpenStack non-storage operations (Nova, Neutron, Glance, and Keystone) 25 Projects 256 Virtual machine instances per project 500 Images 512 Flavors 32 External networks 1 Provider networks 32 Private IP addresses 5,000 Floating IP addresses 1,000 Private (tenant) networks 256 Disk arrays 2 Block storage volumes created 3,000 Block storage volumes attached 250 Block storage volumes
12 Network configuration This chapter provides instructions for configuring the networks necessary to support the interoperability of the CloudSystem appliances and the virtualized resources in the cloud. You will need to use both the CloudSystem Console and the CloudSystem Portal to configure the networks. See also How it works (page 15).
Procedure 27 Editing a cloud network 1. 2. 3. 4. From the main menu, select Settings. Select Edit Cloud Networking, or click the Edit icon on the Cloud Networking pane. Enter data. Click "Help on this page" in the CloudSystem Console for more information. To save your edits, click OK. To exit the action with no change made to the network, click Cancel. 5. Verify that the updated setting information is displayed in the Settings→Cloud Networking pane.
2. 3. 4. 5. 6. • On the Add Subnet screen, enter an IPv4 address in CIDR format to specify the IP address range available to this network. If the IP addresses listed for Allocation Pools or Gateway IP are not correct, change the default values. If the network already has a DHCP server, clear the Enable DHCP check box. Click OK. Verify that the new subnet is displayed on the Add Provider Network screen. To sort by CIDR, select the CIDR column heading. To add a subnet to an existing network: 1.
4. 5. On the Delete Provider Network screen, click Yes, delete. Verify the network deletion by reviewing the fields on the Provider Networks screen. About Private Networks Private Networks are created from a pool of VLANs, which you configure using the CloudSystem Console. The OpenStack Networking service assigns VLANs from this pool to Private Networks when they are created by end users using the CloudSystem Portal.
Delete Private Network VLAN Use this procedure to delete unassigned Private Network VLANs. After you delete a VLAN, it cannot be assigned to a Private Network. Prerequisites • Minimum required privileges: Infrastructure Administrator • The VLAN status must be unassigned. Procedure 31 Deleting a Private Network VLAN 1. 2. 3. 4. 5. From the main menu, select Private Networks. Select one or more unassigned VLANs to be deleted. Select Actions→Delete. On the Delete VLANs screen, click Yes, delete.
IMPORTANT: • Cloud users should never select the External Network when creating virtual machine instances. • Do not edit the name, ID, or administrative state of the External Network that is automatically set during CloudSystem Foundation installation. • Do not delete the External Network that is automatically created during CloudSystem Foundation installation. (See External Network information is not listed on the CloudSystem Portal (page 157).
Creating an External Network router Cloud users can create routers to connect Private networks for their projects to the External Network subnet. Use this procedure to verify that a router can be connected. Prerequisites • Minimum required privileges: Cloud user • An External Network subnet is created. See Creating the External Network subnet (page 78). • The Private Network that you want to connect to the External Network subnet is configured and available for use.
a. From the Project menu, in the “Manage Network” section, select Access & Security. The Security Groups screen opens and displays configured security groups. b. c. Select the Floating IPs tab. Click Allocate IP To Project. The Allocate Floating IP screen opens and displays floating IP information for the project. d. From the Pool list, select External Network, and then click Allocate IP. The Allocate Floating IPs screen reopens and displays the newly allocated floating IP addresses. 3.
13 Integrated tool connectivity and configuration CloudSystem Foundation enables the configuration of tools that expand its management capabilities. In this release, you can configure connectivity with a VMware vServer and a vServer proxy appliance, and with the HP Operations Orchestration Central software included with CloudSystem. Managing integrated tools CloudSystem Foundation Integrated Tools (page 81) lists each integrated tool, along with information about how to register and launch them.
An executable file is also included in the tar file to support an installation of OO Studio. Installing OO Studio allows you to customize flows for general use cases. Customized flows can be saved as content packs and exported to a local directory. You can then pull those customized flows into OO Central.
Procedure 36 Registering vCenter Server 1. 2. 3. From the main menu, select Integrated Tools, then click Register in the VMware vCenter pane. Enter data. Click "Help on this page" in the CloudSystem Console for more information. Click Register. To exit the action without registering vCenter Server, click Cancel. 4. 5. Verify that the updated number of registered vCenter Servers is displayed on the Integrated Tools screen.
14 Image management Use the information in this chapter to learn how to bring existing images into CloudSystem Foundation for use in provisioning virtual machines. From CloudSystem Console, you can create new images from virtual machines running in the cloud. This chapter does not cover creating an image from scratch. To learn how, see documentation available on the Enterprise Information Library or at OpenStack Software. About Images An image contains the operating system for a virtual machine.
Image naming and single datastore support in VMware vCenter Server • Each set of CloudSystem images must be in the same datastore in the vCenter Server. • Folders cannot be used to separate an additional set of CloudSystem images that are uploaded to the vCenter Server.
glance --insecure image-update --name --property vmware_ostype=windows8Server64Guest --property vmware_adaptertype=lsiLogicsas While uploading a Windows image using the Glance CLI When you use the OpenStack Glance CLI to upload the image, you can set the attributes and upload the image at the same time. On a Windows or Linux system where you installed the OpenStack CLI package for CloudSystem and which contains the image to upload, enter the following command, where Windows-image.
Prerequisites • Minimum required privileges: Infrastructure administrator • The image to upload is contained in a single file. You cannot upload a multipart disk image (for example, a kernel image and a RAM disk image). • If you use the Select local file option, the size of image file to upload is not more than: ◦ 4 GB if your browser is Microsoft Internet Explorer or Mozilla Firefox ◦ 20 GB if your browser is Google Chrome Procedure 38 Adding Images 1. 2. 3. 4.
Prerequisites • Minimum required privileges: Infrastructure administrator Procedure 40 Editing Images 1. 2. 3. 4. From the main menu, select Images. Select the row of the image to be edited. Click Actions→Edit. Update the image information. Select “Help on this page” in the CloudSystem Console for more information. A search field is provided for locating a previously defined description for use in the Description field. Begin typing to start the search.
15 Storage configuration CloudSystem Console provides the capability to manage and track the use of block storage drivers, volumes and volume types. Managing Storage Block storage drivers deliver the technology or vendor-specific implementations for the OpenStack Block Storage (Cinder) functionality. CloudSystem Foundation supports direct attached storage for 3PAR Fibre Channel and iSCSI drivers. These drivers are connected to the management console of supported HP 3PAR storage systems.
Prerequisites • Minimum required privileges: Infrastructure administrator • You must have connectivity from the targeted compute node to the 3PAR storage system iSCSI port when adding an iSCSI driver. If you do not configure the connection, block storage volumes will not attach to virtual machine instances. Procedure 42 Adding a block storage driver 1. From the main menu, select Block Storage Drivers. The Block Storage Drivers overview screen is displayed. 2. Click + Add Block Storage Driver.
Delete Block Storage Drivers Use this procedure to delete block storage drivers. Prerequisites • Minimum required privileges: Infrastructure administrator • The block storage driver is not assigned to a volume type. See Delete Volume Types (page 93). Procedure 44 Deleting Block Storage Drivers 1. 2. From the main menu, select Block Storage Drivers. Select the block storage driver you want to delete. NOTE: If the block storage driver is assigned to a volume type it cannot be deleted.
The maximum input/output per second is the number of 4K or 8K blocks of data per second that can be sent to a disk when accessing databases or other online access. The maximum blocks in megabytes (MB) per second is the throughput determined for each volume type. For example, 300 MB/s can sustain large I/O blocks (64K or greater) of data at that rate when performing sequential access during backups or video streaming.
Edit Volume Types Use this procedure to edit volume types. After the volume type is edited, you can manage it from the overview screen. Prerequisites • Minimum required privileges: Infrastructure administrator Procedure 46 Editing volume types 1. 2. 3. 4. From the main menu, click Volume Types. Click Actions→ Edit. Edit the data. Select “Help on this page” in the CloudSystem Console for more information. To save the changes, click Save. To exit the action without making changes, click Cancel. 5.
Before you can create a volume in the CloudSystem Portal, you must use the CloudSystem Console to create a block storage driver and associate it with a volume type. From the CloudSystem Console, you can monitor the status of the volumes and delete volumes not attached to a VM instance. See Delete Volumes (page 95) for more information. Understanding Volumes data Volumes data is displayed on the Volumes overview screen.
Prerequisites • Minimum required privileges: Cloud user • You must have created at least one volume with an associated volume type. See Create volumes in the CloudSystem Portal (page 94). • You must be logged on to the CloudSystem Portal. NOTE: The portal is accessed by appending /portal to the Foundation appliance URL (for example, https://192.0.2.2/portal). Procedure 49 Attaching volumes in the CloudSystem Portal 1. From the Project tab, select Manage Compute→Volumes.
16 Compute node creation Compute nodes manage the resources required to run instances in the cloud. In CloudSystem, two types of compute nodes are supported: ESX and KVM. • You create and manage ESX compute hosts in vCenter Server. All compute hosts are configured as clusters and must be imported into CloudSystem. After import, you can activate clusters and create instances that consume the resources. • You create KVM compute nodes on KVM hosts.
Table 8 ESX compute host checklist (continued) Requirement Additional Resources The host name must be specified as a FQDN and not an IP address. You have a standard or distributed vSwitch on the Cloud Data Trunk for each cluster. See Configuring networks (page 97) VMware vSphere Documentation A large datastore supports all hosts in the cluster. The datastore VMware vSphere Documentation must be in the same Datacenter where the vSwitch is configured.
Configuring security groups for instances in an ESX cluster Security group functionality is provided by VMware vCNS, and not by the security group rules configurable from the CloudSystem Portal. To enable the security groups feature in an ESX environment, the following must be true. • VMware vShield Manager virtual appliance must be installed and configured for each managed vCenter Server, as a single vShield Manager can serve only a single vCenter Server environment.
Static discovery With static discovery, iSCSI target information is added manually. To use this type of discovery, you must associate your storage adapter with an iSCSI initiator and set that initiator to use static discovery. Next steps: • Register VMware vCenter Server (page 82) • Import a cluster (page 105) • Activate a compute node (page 105) Creating KVM compute nodes KVM compute nodes are created on hypervisor hosts.
If you are missing dependencies, download them and then place them in your local YUM repository. Table 10 Required RHEL dependencies avahi MySQL-python python-paramiko bridge-utils netcf >= 0.1.
7. Verify that the libguestfs and libguestfs-tools packages were installed: yum list | grep libguestfs* Configuring CloudSystem compute node network settings Prerequisites • RHEL 6.4 is installed on the compute node. • Dependency packages are installed on the compute node. See Creating a local YUM repository and validating dependencies (page 99) • Checklist of requirements is completed for the compute node. Procedure 53 Configuring CloudSystem compute settings 1. 2. Log in to the compute node.
BOOTPROTO=”none” ... Save the change and close the file. 7. Bring up the Cloud Data Trunk: ifdown ethP ifup ethP ifdown ethQ ifup ethQ 8. Configure the DHCP_HOSTNAME to allow the management hypervisor to register itself with the DNS server: vi /etc/sysconfig/network DHCP_HOSTNAME=management_hypervisor_name 9. Add the DNS server IP address: vi /etc/sysconfig/network-scripts/ifcfg-eth0 DNS1=192.0.2.2 10.
17 Compute node management Once you have compute nodes or clusters created, you can bring them into CloudSystem for use in the cloud you are creating for your end users. Use the information in this chapter to manage the KVM compute nodes and ESX clusters in your virtual data center. About Compute Nodes A compute node provides the ephemeral storage, networking, memory, and processing resources that can be consumed by virtual machine instances.
the ESX cluster itself, because it is managed in vCenter Server. See Deactivate a compute node (page 106), and Delete a compute node (page 107). When the delete action is used on KVM compute nodes, the DHCP lease is expired and the compute node is no longer manageable from CloudSystem. Understanding compute node data You can click the icon next to an ESX cluster or KVM compute node on the overview screen to show all available data. Two groups of horizontal graphs display when the compute data is expanded.
Calculating the number of instances that can be provisioned to a compute node The maximum number of virtual machines that can be provisioned to a compute resource is based on the following: • Amount of installed memory, available disk capacity, and number of CPU cores on the compute resource • Flavor settings of the virtual machines to be provisioned • Resource oversubscription, which is individually applied to the memory, disk, and CPU calculation Table 11 (page 105) shows resource oversubscription r
ESX clusters and KVM compute nodes into the cloud. If the cluster or compute node does not appear on the overview screen, see Adding compute nodes to the cloud (page 104). Prerequisites • Minimum required privileges: Infrastructure administrator • For ESX clusters: • ◦ ESX hypervisor hosts are created and configured in a cluster in vCenter Server. For more information, see VMware vSphere Documentation at VMware. ◦ vCenter Server is registered on the Integrated Tools screen.
Prerequisites • Minimum required privileges: Infrastructure administrator • The compute node is activated. • No virtual machine instances are deployed on the ESX cluster or KVM compute node. If instances are deployed, then you must remove the instances and redeploy them on a different compute node before you can deactivate the ESX cluster or KVM compute node. See Delete instance (page 109). Procedure 56 Deactivating an ESX cluster or KVM compute node 1. 2. 3. From the main menu, select Compute Nodes.
18 Virtual machine configuration for compute services Within CloudSystem Console, you can define "flavors" for the virtual machines deployed to the cloud. Flavors define the compute resources that can be assigned to each virtual machine. Also within the Console, you can do a few actions with virtual machine instances, such as restart and reboot an instance. However, you provision and deploy VMs through the CloudSystem Portal.
Procedure 58 Starting an instance 1. 2. 3. 4. From the Instances overview screen, select the instance by clicking its row. Select Actions→Start. A dialog appears with the name of the selected instance. Choose Yes, Start or Cancel. Verify that the state of the instance becomes Active on the Instances overview screen. Reboot instance Use this procedure to reboot an instance.
Flavors in the cloud The Infrastructure Administrator creates flavors from the Flavors screen of the CloudSystem Console. A cloud user can select a flavor when creating a new instance in the CloudSystem Portal. The available flavors populate the Flavor drop down list in the Launch Instance window. Manage flavors You can add and delete flavors in the CloudSystem Console. After a flavor is created, it cannot be changed.
4. 5. 6. Select Resize Instance, and select a new flavor to associate with the instance. From the Flavors screen in the CloudSystem Console, delete the flavor that is no longer associated with any instances. Verify that the flavor was deleted from the Flavors overview screen. Delete Flavor Use this procedure to delete a flavor from the CloudSystem Console. You can delete a flavor only when it is not associated with an instance.
19 Monitor resource use and allocation in CloudSystem Console When you first enter CloudSystem Console, you see the Console Dashboard where you can quickly obtain an overall understanding of the state of cloud resources. Use the information in this chapter to learn how to interpret the Dashboard data display. About the Console Dashboard The Dashboard provides a visual representation of the health and status of your compute, network and storage resources.
3 Changing the focus to hover over the numeric values reveals blue labels for each value, which have the following general meanings: • Used: The total amount of physical resource in use by all managed virtual machines. • Physical total: The combined amount of physical resource available for use in the virtual environment. • Allocated: The amount of physical resource that is allocated for use to each virtual machine.
Interpreting the Dashboard data Data refresh Dashboard information for both the top and bottom graphs is refreshed every 15 seconds. The graphs along the bottom of the Dashboard represent dynamically refreshed data presented in two ways: • Just-in-time data: Every 15 seconds, the data point on the right side of the graph (labeled now) is updated, representing the resources that have been successfully created or deleted since the top of the current hour.
The Network graph at the bottom of the screen tracks the number of provider and private networks created or deleted over a 24–hour period. You can use this information to track activity and use the results to plan for additional resource needs. Storage The Storage section of the Dashboard shows the overall capacity and usage of the storage systems registered for block storage use. Block storage is the storage used for the data disks attached to instances.
Part IV Cloud service provisioning, deployment, and service management in CloudSystem Portal
20 Provision a cloud in Foundation CloudSystem interfaces with the ESX cluster or KVM compute node to launch virtual machine instances and connect the networks. After the necessary cloud resources are configured in the CloudSystem Console, you can log in to the CloudSystem Portal and deploy virtual machine instances to the cloud. To access the CloudSystem Portal, open a new browser tab and copy the CloudSystem Foundation address, then modify it by appending /portal. For example: https://192.0.2.2/portal.
There are two ways to deploy, or launch, instances in the CloudSystem Portal. • You can launch an instance from the Instances screen Select Launch instance and add instance details in the Launch Instance window. • You can launch an instance from the Images screen. Create an image, then select the Launch button next to that image and add the instance details in the Launch Instance window. You can connect to the instance console from the More button to the right of the instance.
Create a key pair Prerequisites • Minimum required privileges: Cloud User Procedure 67 Creating a key pair 1. 2. 3. 4. 5. 6. Click the Project tab. Click Access & Security from the left menu. Click the tab for Keypairs. Click Create Keypair. Enter a key pair name. Click Create Keypair. Your browser will give you the opportunity to open and save the key pair. Create a Private network Prerequisites • Minimum required privileges: Cloud User Procedure 68 Creating Private networks for instances 1.
Procedure 69 Launching an instance using CloudSystem Portal 1. Log in to the CloudSystem Portal with Cloud User credentials. The portal opens to the Project tab. 2. 3. A default project is shown. Choose a different project from the drop down selector if needed. Click Images & Snapshots from the left menu. The Images screen displays. 4. Find the image you want to use and click the Launch button. The Launch screen displays. 5. 6. 7. 8. 9. For Availability Zone, leave the default nova selected.
7. 8. 9. 10. 11. 12. 13. 14. 15. Select a volume type. These are populated from the volume types entered in the CloudSystem Console. Enter a size. Select a volume source. You can select image here if you plan to use this as a boot volume. Click Create volume. Verify that the volume is listed on the Volumes screen. Select the volume and click Edit attachments. Select the instance to attach. Enter a name for the device.
21 Monitor and manage infrastructure services in CloudSystem Portal An Infrastructure administrator created in the CloudSystem Console can view and manage all resources in the Console. Using the same user name and password, an Infrastructure administrator can log into the CloudSystem Portal and view and manage all resources in the Portal using the Admin tab. NOTE: The Infrastructure administrator must log into the CloudSystem Console at least once before logging into the Portal.
Part V Understanding CloudSystem Enterprise
22 About CloudSystem Enterprise HP CloudSystem Enterprise expands on CloudSystem Foundation to automate the integration of servers, storage, networking, security, and monitoring capabilities throughout the infrastructure service delivery lifecycle of a virtualized data center. Through the addition of HP CSA, Enterprise offers additional design tools and provider integration, and with the Marketplace Portal, users have secure access to these services.
Multitenancy in Enterprise Configure Enterprise and Foundation to enable multitenancy before using HP CSA to deploy offerings. Refer to Supported console operations on the CloudSystem appliances (page 199) and the Multitenancy in HP CloudSystem Foundation and Enterprise white paper in the Enterprise Information Library for configuration details.
23 Install Enterprise Before installing Enterprise When you install Enterprise, a new virtual appliance is created. Before you begin the installation, make sure you have the following prerequisites in place. • Minimum required privileges: Infrastructure administrator • CloudSystem Foundation is fully installed and first time setup is complete. • You do not plan to make any changes to the CloudSystem Foundation network configuration.
Procedure 71 Installing CloudSystem Enterprise 1. 2. 3. From the main menu, select Enterprise. Click Actions→Install CloudSystem Enterprise. Review the installation instructions, then click Next. To exit any action without installing Enterprise, click Cancel. 4. 5. 6. Enter the Enterprise appliance host name and static IP address, then click Next. Enter Operations Orchestration credentials. Click Install. To exit the action without installing Enterprise, click Cancel. 7.
24 Enterprise appliance management Managing the Enterprise appliance You can install and access Enterprise from the main menu in the CloudSystem Console. When you visit the screen before Enterprise is installed, a list of prerequisites is provided to help you prepare for the installation.
Log in to Enterprise using the default credentials in the following table. Cloud Service Management Console Marketplace Portal User name: admin User name: consumer Password: cloud Password: cloud Use the following procedures to change the password of the default user names used to log in to the Cloud Service Management Console and the Marketplace Portal. Prerequisites • Minimum required privileges: Infrastructure administrator • Enterprise is installed.
5. 6. Edit the file /ci/usr/local/hp/csa/jboss-as-7.1.1.Final/standalone/deployments/idm-service.war/WEB-INF/ classes/csa-consumer-users.properties. Search for a line similar to: consumer=ENC(UUtPxLUMMJHjofhYVm47Sl3jsbUBs8/8LP6lW6bHT80+PFP6sV1u0Q==) 7. 8. 9. Replace the password to the right of the equal sign with the from step 4. Save the csa-consumer-users.properties file.
Procedure 75 Updating the Enterprise appliance: Uploading an update file and installing it at a later time You must have at least 2 GB of space available on the appliance before proceeding. 1. To move the image file to the appliance, do one of the following: • Drag the image file from a folder on your local computer and drop it in the box on the Update CloudSystem Enterprise screen. NOTE: • 2. Some versions of Microsoft Internet Explorer do not support this method.
6. Click OK. CloudSystem services are stopped, the console is locked, and progress of the upgrade is displayed on a status screen. When the update process completes, the Enterprise appliance restarts. Depending on the components in the update, the appliance might automatically reboot when the update is complete. 7. When the update completes and the console displays the login screen, log in and verify the new CloudSystem version information on the Enterprise screen.
• Current date and time • Version and date of the Enterprise appliance software Enterprise appliance settings 133
25 Cloud service provisioning and deployment in Enterprise Service provisioning and deployment in CloudSystem Enterprise is done through the Cloud Service Management Console. This chapter gives you an introductory set of processes to get started using this console. Consult HP CSA documentation at Enterprise Information Library for details.
• An image is created in CloudSystem Foundation. To find help on creating images, log in to CloudSystem Foundation, select Images from the main menu, then click the icon in the top right corner of the screen and select “Help on this page”. • A key pair is created in the CloudSystem Portal. See Create a key pair (page 119). Set up a template Procedure 78 Setting up a template 1. 2. 3. Log in to the CloudSystem Console. Navigate to Enterprise on the main menu.
4. 5. 6. 7. 8. Select an image used to create the server group. Select a flavor, which describes the machine configuration size (amount of memory, number of CPUs, and ephemeral disk space available) used to create new VMs. Enter a pre-create callout, if needed. Specify the UUID of an Operations Orchestration flow that is to be called before the object is created. A flow can read and write provider property values during service provisioning. Enter a post-create callout, if needed.
Deploy an offering Procedure 82 Deploying an offering 1. 2. From the CloudSystem Console main menu, select Enterprise. In the Tools pane, click the Marketplace Portal link. Log in to Marketplace Portal. See Logging in and changing the default HP CSA and Marketplace Portal password (page 128). 3. 4. 5. 6. 7. 8. Select Browse Catalog and click the new offering that you created. Select a keypair from the drop down list. This will give you permission to log into the instance in Foundation.
Part VI Troubleshooting reference
26 Use activities and alerts to troubleshoot errors Basic troubleshooting techniques HP CloudSystem has a variety of troubleshooting tools you can use to resolve issues. By following a combined approach of examining screens and logs, you can obtain a history of activity and the errors encountered. • The Activity screen displays a log of all changes made on the appliance, whether user-initiated or appliance-initiated.
Recommendation Details 5. From the management console, ensure that the appliance network settings are accurate. For information, see Change the appliance host name, IP address, subnet mask, or gateway address (page 46). 6. Examine the hypervisor performance data. If the appliance is running at 100% utilization, restart the hypervisor. Enable console access About console access: • Use the following csadmin console-users CLI commands to enable console access and set the password.
27 Troubleshoot the CloudSystem appliances Troubleshooting the Foundation base appliance • You cannot log in (page 141) • First-time setup (page 141) • Appliance cannot access the network (page 142) • Time differences among CloudSystem appliances and management hosts cause unpredictable behavior (page 142) • Reboot appliance after serious error (page 143) • Cannot restart or shut down appliance (page 143) • Generated host name of the base appliance is sometimes visible (page 143) • Audit log
Symptoms Possible causes and recommendations 5. Verify that your local router is working. 6. Verify that the network is up and running. Appliance is configured correctly but cannot access network External difficulties 1. Verify that your local router is working. 2. Verify that the network is up and running.
Reboot appliance after serious error Symptom Possible cause and recommendation You see The appliance Rebooting the appliance may solve the problem has encountered a 1. Log in to the management KVM host on which the Foundation appliance is running and serious error enter the command: virsh reboot hypervisor-name 2. Open the CloudSystem Console in your browser and wait for a login screen, then log in. 3.
Audit log Symptom Possible cause and recommendation Could not download audit log Improper authorization Downloaded audit log is missing Audit log was deleted Entries are not logged Audit log was edited Minimum required privileges: Infrastructure administrator 1. Only the Infrastructure administrator can download the audit log. Log in and then download the audit log. Minimum required privileges: Infrastructure administrator 1. Restart the appliance to create a new audit log and resume logging.
Symptom Possible cause and recommendation License key has expired 1. Acquire a valid, current license key. 2. Try again with the new license key. Could not view license details No license is assigned to the appliance 1. Assign the license. 2. Retry the operation. Filter entry is blank or incorrect 1. Correct the filter criteria. 2. Retry the operation.
Troubleshooting users and groups NOTE: For information about configuring users and groups, see Manage users and groups (page 52) and Configuring CloudSystem to use Active Directory or OpenLDAP directory authentication (page 55).
Symptom Possible cause and recommendation You changed a group’s role from Full to Read only or Specialized in the CloudSystem Console 1. Log in to the CloudSystem Portal as an administrator user and assign the users in the group as members of an existing project, or 2. Change the role assignment of the group in the CloudSystem Console to Full.
Cannot add, delete, or modify users in the CloudSystem Portal Symptom Possible cause and recommendation You see Error: Unauthorized: Unable to create user or Error: An error occurred. Please try again later when you try to add, edit, or delete a user in the CloudSystem Portal OpenLDAP or Active Directory is configured to authenticate users Directory group users cannot be edited or deleted in the CloudSystem Portal when directory service authentication is enabled.
Troubleshooting security settings • Directory service not available (page 149) • Cannot add directory service (page 149) • Cannot add server for a directory service (page 150) • Cannot add directory group (page 150) • No error message is displayed after adding an invalid public key (page 151) • Unable to create a security group in CloudSystem Portal (page 151) • Unauthorized CloudSystem Portal users can see project resources (page 151) Directory service not available Symptom Possible cause an
Cannot add server for a directory service Symptom Possible cause and recommendation Connectivity Lost connection with directory service host 1. 2. Verify that the correct port is used for the directory service. 3. Verify that the port you are using for communication is not blocked by any firewalls. 4. Locally run the ping command on the directory service host’s IP address or host name to determine if it is on-line. 5. Verify that the appliance network is operating correctly. 6.
No error message is displayed after adding an invalid public key Symptom Possible cause and recommendation The invalid public key you entered is not saved and and an error message is not displayed You entered an invalid public key when you previously entered a valid key • Enter the valid public key and make sure to copy the key exactly, without adding newlines or whitespace. The key is viewable from the hp.com link on the Settings→Edit Security screen.
Troubleshooting the CloudSystem Portal appliance • You cannot log in to the CloudSystem Portal (page 152) • You are logged out of the CloudSystem Console while using the CloudSystem Portal (page 152) • Resource information in the CloudSystem Portal does not always match the CloudSystem Console (page 153) • Virtual machine console cannot be accessed (page 153) • Volumes search filter always returns the last created volume (page 154) • Volumes with duplicate names can be created (page 154) You can
Resource information in the CloudSystem Portal does not always match the CloudSystem Console Symptom Possible cause and recommendation • In the CloudSystem Portal, you see the number of active instances for a specific time period (by default, the current month). In the CloudSystem Console, you see the number of active instances at the current point in time.
Volumes search filter always returns the last created volume Symptom Possible cause and recommendation The last volume created is always returned when you search for a volume in the CloudSystem Portal The CloudSystem Portal does not update the search index correctly • After adding, deleting, or updating a volume, refresh the Volumes screen, then use the search filter.
28 Troubleshoot resource configuration Troubleshooting networks • Cloud Management Network configuration fails due to a timeout occurring while creating associated virtual machines (page 155) • Software Defined Networking (SDN) issues (page 155) • Cannot create a private network (page 156) • Cannot delete a private network in the CloudSystem Portal (page 156) • Cannot add a router with a port using the CloudSystem Portal or the OpenStack Neutron CLI (page 157) • External Network information is no
Symptom Possible cause and recommendation the SDN agents on the compute node and network node while the network is down, SDN agents cannot recover when the network is online again. 1. When the Cloud Management Network is back online, restart the SDN agents again, or reboot the compute node and network node. After a power The OpenStack Neutron database on the SDN appliance may be corrupted interruption on the management cluster or 1. Restore the SDN database. See the HP CloudSystem 8.
Cannot add a router with a port using the CloudSystem Portal or the OpenStack Neutron CLI Symptom Possible cause and recommendation You see an The network port settings are incorrect Incompatible type error when you 1. Use one of the following methods to create a network with the correct port settings. • Using the CloudSystem Portal: specify an IP address for a private or a. Create a network. provider network b. Create a subnet under the network. router interface c.
OpenStack Nova command errors Symptom Possible cause and recommendation After you execute the nova interface-attach command, you see a Failed to attach interface error message You are not specifying anid value If you run the nova interface-attach command and do not specify the net-id option, the error Failed to attach interface is displayed even though the instance is attached to all networks in the project.
Symptom Possible cause and recommendation 3. Check the security settings for the Cloud Data Trunk and, if necessary, change them to the following: • Promiscuous mode: ACCEPT • MAS address changes: ACCEPT • Forged Transmits: ACCEPT 4. Retry accessing the instance. Changing the initial gateway IP address for the External Network requires recreating a new subnet In the CloudSystem Portal, you can specify a Gateway IP address for the External Network subnet.
Symptom Possible cause and recommendation c. On the Network Overview screen, on the right side of the “Subnets” section, click + Delete Subnets. d. On the Confirm Delete Subnets screen, click Delete Subnets. e. Verify that the External Network subnet is no longer listed on the Networks screen. 3. Create a new External Network subnet, specifying new IP addresses for allocation pools. See Creating the External Network subnet (page 77).
Troubleshooting integrated tools • VMware vCenter Server must be configured with English as the default language (page 161) • VMware vCenter Server registration does not succeed (page 161) • You cannot log in to HP Operations Orchestration (page 161) • HP Operations Orchestration Studio help link displays a blank screen (page 162) VMware vCenter Server must be configured with English as the default language Symptom Possible cause and recommendation When you run csstart in a browser, you Data retur
Symptom Possible cause and recommendation administrator password password is set to match the Foundation administrator password. If the OO administrator password is changed after installation, then the OO administrator and Foundation administrator passwords are not synchronized. 1. Log in to OO using the most recent OO administrator password. (You may need to obtain the password from the person who changed the OO administrator account.) 2.
Symptom Possible cause and recommendation • After you upload a Windows image using the Add Image screen in the CloudSystem Console, use the Glance CLI to set the attributes on the file. On a Windows or Linux system where the OpenStack CLI package for CloudSystem is installed, enter the following command, where Windows-image.vmdk is the name of your Windows image to update: glance --insecure image-update --name
Symptom Possible cause and recommendation The status of a recently uploaded image is “Killed” You navigated away from the Add Image screen in your browser while the image was uploading 1. Manually delete the image using the Delete action, which deletes the image entry from the database. 2. Retry the Add Image action. The disk became full while the image was uploading 1. Manually delete the image using the Delete action, which deletes the image entry from the database. 2.
Edit image action is unsuccessful Apply the recommendations that pertain to your situation. Symptom Possible cause and recommendation You see Error getting image when editing an image The image is set to “Read Only” 1. Ensure that the image Protected setting shows “Read-Write.” 2. Retry the Edit Image action. Other image settings or the image itself are incorrect 1. Ensure that the image metadata is correct and that the image is valid. If the image is not valid, you will need to recreate it. 2.
Troubleshooting storage • Increase 3PAR storage systems connection limit (page 166) • Cinder block storage volume does not attach to virtual machine instance (page 167) • Cinder block storage volume does not establish an SSH connection with the 3PAR storage system (page 168) • Specifying a device already in use causes an error when attaching a volume (page 168) • Volume not associated with a volume type cannot be modified or deleted when the storage driver is removed (page 169) • Volume is in Err
Cinder block storage volume does not attach to virtual machine instance Symptom Possible cause and recommendation 3PAR iSCSI volume does not attach to Incorrect compute node connectivity configuration virtual machine instance, and the volume 1. Confirm the connectivity configuration from the targeted compute node state reverts to Available to the 3PAR storage system. See HP 3PAR StoreServ Storage documents (page 43) for additional information. 2. Retry the connection.
Symptom Possible cause and recommendation (/var/log/nova/compute.log) and the appliance (/var/log/cinder/volume.log). 2. Also check the /var/log/ciDebugLogxxx.log and /var/cinder/scheduler.log files for possible clues. 3. Search foran error in the log files to determine the issue. 4. If you still are unable to determine the problem, forward the log files to HP.
Volume not associated with a volume type cannot be modified or deleted when the storage driver is removed Symptom Possible cause and recommendation The volume state of “deleting” does not When the volume was originally created no volume type was change on the Volumes screens in the explicitly associated with the block storage driver. CloudSystem Portal and the CloudSystem Console.
Unable to delete block storage driver Symptom Possible cause and recommendation When trying to delete a block storage The driver that you are trying to delete is associated with one driver, you see the message: A or more volume types block storage driver that has dependent volume types cannot 1. Delete the associated volume type(s), and retry the delete driver action. See Delete Volume Types (page 93). be deleted. You must delete 2.
Volume status is mismatched between CloudSystem Console and CloudSystem Portal Symptom Possible cause and recommendation The current volume status that is displayed in the CloudSystem Portal is different than the status displayed in the CloudSystem Console The volume status displayed in the CloudSystem Console refreshes only once per hour with data from the CloudSystem Portal 1. No action is required. Always refer to the status displayed in the CloudSystem Portal for the most current volume status.
Attaching an iSCSI volume to an ESX instance slows if degraded LUNs exist in vCenter Server Symptom Possible cause and recommendation Attaching an iSCSI volume to an ESX instance takes several minutes LUNs in a degraded state cause extra rescans in the vCenter Server • Clean up the vCenter Server by removing LUNs in a degraded state, then retry the attach operation.
Troubleshooting compute nodes • Compute nodes do not appear on overview screen (page 173) • Import cluster action does not complete (page 174) • Activate compute node action is unsuccessful (page 174) • Deactivate compute node action is unsuccessful (page 176) • Delete compute node action is unsuccessful (page 176) • Red Hat netcf bug fix update corrects libvirt issues (page 176) Compute nodes do not appear on overview screen Symptom Possible cause and recommendation No KVM compute nodes are v
Import cluster action does not complete TIP: For additional troubleshooting information, enable console access on your Foundation base appliance using the CLI and then find the following logs. To enable access, see Enable console access and set the password (page 199). • /etc/pavmms/deployer.conf • ci/logs/ciDebug.01.log • ci/logs/jetty-PulsarAVMManager/server.
Symptom Possible cause and recommendation VM host was recently moved into or out of Maintenance mode 1. In the CloudSystem Console, select Integrated Tools from the main menu, then open the Edit VMware vCenter Server screen and click Save. 2. Retry the activate action. The cluster or compute node might be rebooting 1. Check the status on the Compute Nodes screen. 2. Wait for a reboot to complete. The status icon will be green. 3. Retry the activate action.
Deactivate compute node action is unsuccessful Symptom Possible cause and recommendation You see an error on the Activity screen when you try to deactivate a compute node The managed compute node is not been activated 1. Ensure that the compute node is activated. An active compute node displays a green icon. One or more virtual machines are running on the compute node 1. Make sure there are no virtual machine instances running on the compute node.
Troubleshooting virtual machine instances • Deployed instance does not boot (page 178) • Launch of first instance provisioned from ESX does not complete (page 179) • Booted instances cannot get IP address in ESX environment with vCNS (page 179) • Moving a virtual machine with an additional attached volume using vMotion in vCenter Server does not succeed (page 180) • Delete instance action only partially completes when compute node is unresponsive (page 180) • Deleting an instance and removing it
Deployed instance does not boot Symptom Possible cause and recommendation After you add an ESX host to an activated cluster, the status of a newly created ESX instance is “Error” Shared storage among all of the hosts in the cluster does not exist • Ensure that all hosts in the cluster, including the new host, shares data store(s). Instance cannot access the network • Ensure that a VMware vSphere Distributed Switch (VDS) is defined for the new host added to the cluster. See the HP CloudSystem 8.
Launch of first instance provisioned from ESX does not complete Symptom Possible cause and recommendation The first attempt to launch an instance provisioned from ESX does not complete Virtual machine is created on the hypervisor but provisioning fails due to vSwitch configuration issue 1. 2. 3. 4. Log in to vCenter Server. Select the compute hypervisor and click the Configuration tab. Click Networking in the left menu. Make sure the standard or distributed vSwitch has a unique name in vCenter Server.
Moving a virtual machine with an additional attached volume using vMotion in vCenter Server does not succeed Symptom Possible cause and recommendation You attempt to live move a virtual LUN presentation is not consistent for every host in the cluster machine with an additional attached • Follow the instructions in the VMware Knowledge Base 1016210 at volume and you see Virtual Disk VMware.
Deleting an instance and removing it from the database may cause the instance to remain in the Building state Symptom Possible cause and recommendation When you delete an instance and manually remove it from the database, it remains in the “Building" state The OpenStack Compute Service (Nova) driver continues to try to create the deleted instance • Occasionally, a task may become orphaned. Orphaned tasks cannot be deleted by any user.
Resizing an instance does not succeed when a volume is attached to the instance Symptom Possible cause and recommendation When you select “Resize Instance” In the Implementation error CloudSystem Portal, you see an error if 1. Detach the volume from the instance. a volume is attached to the instance 2. Re-size the number of CPUs or amount of memory of the instance. 3. Reattach the volume.
29 Troubleshoot CLI errors Troubleshoot csadmin See Working with the csadmin CLI (page 192) for detailed information about csadmin commands.
Host or proxy connection errors Symptom Possible cause and recommendation Your command terminates with one of the following messages: Incorrect variable for the CloudSystem host 1. Determine the IP address of the CloudSystem base appliance. • ERROR: 2. Retry the command, making sure you append the --os-auth-url argument HTTPSConnectionPool(host=' by entering the correct IP address for the variable. For ', port-443): Max retries example: exceeded with url: --os-auth-url http://10.x.x.
30 Troubleshoot Enterprise Troubleshooting the Enterprise appliance For information about troubleshooting the Marketplace Portal and Cloud Service Management Console, see the HP CSA Documentation List at Enterprise Information Library.
Cannot create a design in HP CSA Symptom Possible cause and recommendation When you attempt to create a design in HP CSA, images and flavor resources are not displayed The Foundation and Enterprise management hypervisor hosts have different time settings 1. 2. 3. 4. Uninstall the Enterprise appliance. Log on to the management hypervisor hosting the Enterprise appliance. Set the time to sync with an NTP server. Reinstall the Enterprise appliance.
HP CSA does not clean up resources when a subscription does not succeed Symptom Possible cause and recommendation The resources created during the The subscription cannot attach a volume and does not complete subscription process are not • Manually delete the volume and server resources in the CloudSystem Console.
Part VII Appendices
A Enabling strong certificate validation in the CloudSystem Portal This appendix describes how to configure the CloudSystem Portal to enable strong SSL/TLS validation. Strong validation means that the LDAP server requires a valid client CA certificate chain when an OpenLDAP or Microsoft Active Directory service is used for authentication.
NOTE: If you are using a load-balanced (round robin) solution for your directory server, obtain the FQDN of one node in the server by entering the following commands. nslookup A list of IP addresses is returned. Select one IP address and enter: nslookup Enter the FQDN returned for this IP address as the in the openssl command above. 3. Edit ldapserver.
NOTE: If you are using a load-balanced (round robin) solution for your directory server, obtain the FQDN of one node in the server by entering the following commands. nslookup A list of IP addresses is returned. Select one IP address and enter: nslookup Enter the FQDN returned for this IP address as the in the openssl command above. 6. Edit ad.
B Working with the csadmin CLI The csadmin CLI provides command line access for storage system administrative tasks, private network VLAN management tasks, appliance management tasks, and console user management tasks. This appendix provides information on how to configure a CLI shell to ease secure access when using the csadmin command line and how to view available help from the command line. It defines required and optional csadmin command syntax, and provides usage examples.
• --log-file LOG_FILE: Specifies a log file for storing output. By default, this is disabled. • -q, --quiet: Restricts display output to warnings and error messages. • -h, --help: Shows the help message and exits the csadmin CLI. • --debug: Shows trace back information to help debug errors. Required common arguments • --os-auth-url : Specifies the OpenStack Identity Service endpoint to use for authentication. Defaults to -OS_AUTH_URL.
csadmin appliance support-dump --va esx_iscapp01 --file esx_iscapp01.dump --os-username adminuser --os-password adminpassword --os-auth-url 10.x.x.x –insecure Arguments Definition --va The unique name of the appliance from which to take the support dump. Run csadmin appliance support-dump --list to get the appliance names. --file
Example csadmin block-storage-driver update --attributes "hp3par_username:3paradm hp3par_password:3pardata hp3par_api_url:https://16.124.134.19:8080/api/v1 virtualDomain:- hp3par_cpg:FC_r1" --os-username adminuser --os-password adminpassword --os-auth-url 10.x.x.x --insecure FCDriver Arguments Definition --newname Name to replace existing storage driver name. --description Description for the storage driver.
csadmin block-storage-driver-type update --description "vmware driver updated" --volume-driver cinder.volume.drivers.vmware.vmdk.VMwareVcVmdkDriver --attributes "vmware_host_ip vmware_host_username vmware_host_password" --insecure --os-username adminuser --os-password adminpassword --os-auth-url 10.x.x.x VMwareVcVmdkDriver Arguments Definition --newname Name to replace existing block storage driver type name. --description Description for the block storage driver type.
csadmin volume-type update --attributes "cpg:myCPG host-mode:VMware allocation-type:thin" --os-username adminuser --os-password adminpassword --os-auth-url 10.x.x.x --insecure volume-type-FC Arguments Definition --driver-name configuration. Run block storage-driver list to get the list. --attributes Volume type-specific attributes in the format of "key 1:value1 key2:value2.....
• tenant-vlan delete: Deletes the specified VLAN IDs from the range of VLANs available to private networks. csadmin tenant—vlan delete Example csadmin tenant-vlan delete --range start=21,end=23 12 1 Argument Definition --range start=, A VLAN range in the form start=N,end=N+M. end= • tenant-vlan list: Lists private network VLAN IDs.
C Supported console operations on the CloudSystem appliances CloudSystem provides a command line interface accessible from the management hypervisor console underlying the Foundation base appliance, Enterprise appliance, and vCenter Server proxy appliance. You can use the hypervisor console to access the appliance console to perform the supported tasks listed in CloudSystem appliance console tasks (page 200).
2. 3. Access the appliance console login screen that you enabled in Enabling console access by pressing Alt-Ctl-F1. Log in to the appliance console with the following credentials: User name: cloudadmin Password: that you set for the appliance in Setting the password for console access.
Table 14 CloudSystem CLI console tasks (continued) Task Procedure sudo sh -c 'service csa restart' sudo sh -c 'service mpp restart' 5. Switch to the HP CSA console. 6. Enable the SSL option. 7. Change the port number to the LDAP server SSL port number you specified in step 2.
Table 14 CloudSystem CLI console tasks (continued) Task Procedure 4. Change the username and the password values. 5. Save the file. Change the image file locations in the 1. Access the CloudSystem Foundation appliance console from the management /etc/pavmms/deployer.conf file hypervisor console and log in as cloudadmin. 2. Open the deployer.conf file. Use sudo su if you need elevated privileges access. 3. Locate the Images section of the file. 4. Change the values for the image locations.
Table 14 CloudSystem CLI console tasks (continued) Task Procedure sudo cp -p /ci/etc/cloudadmin/messages.properties /ci/usr/local/hp/csa/jboss-as7.1.1.Final/standalone/deployments/csa.war/custom Perform post-restore resynchronization 1. Access the CloudSystem Foundation appliance console from the management tasks on the CloudSystem Foundation hypervisor console and log in as cloudadmin. appliance 2. Enter this command to start the synchronization process.
D Limitations on support for OpenStack CLI commands The following tables list CLI commands for OpenStack modules that are not supported in HP CloudSystem. • Keystone (page 204) • Nova (page 204) • Glance (page 206) • Cinder (page 206) • Neutron (page 207) For a list of all OpenStack Havana CLI commands, see OpenStack Documention for Havava releases. Table 15 Unsupported Keystone commands Command Task discover Discover Keystone servers, supported API versions, and extensions.
Table 16 Unsupported Nova commands (continued) Command Task dns-create-private-domain Create a private DNS domain. dns-create-public-domain Create a public DNS domain. dns-delete Delete a DNS entry. dns-delete-domain Delete a DNS domain. dns-domains List available DNS domains. dns-list List current DNS entries for a domain and an IP address, or for a domain and a server name. evacuate Evacuate a server from a failed host to a specified host. get-password Get a password for a server.
Table 16 Unsupported Nova commands (continued) Command Task secgroup-delete-group-rule Delete a source group rule from a security group. (You can use this command in Neutron.) secgroup-delete-rule Delete a rule from a security group. (You can use this command in Neutron.) secgroup-list-rules List rules for a security group. unpause Unpause a server. (You cannot use this command for EXS-provisioned instances.) unrescue Place a server that is in rescue mode back into active mode.
Table 18 Unsupported Cinder commands (continued) Command Task transfer-delete Undo a volume transfer. transfer-list List all transfers. transfer-show Show details about a transfer. upload-to-image Upload a volume to the OpenStack Image Service as an image. Table 19 Unsupported Neutron commands Command Task agent-delete Delete an agent. agent-update Update an agent. cisco-credential-create Create a credential. cisco-credential-delete Delete a credential.
Table 19 Unsupported Neutron commands (continued) Command Task firewall-rule-list List firewall rules for a tenant (private network). firewall-rule-show Show information about a firewall rule. firewall-rule-update Update a firewall rule. firewall-show Show information about a firewall. firewall-update Update a firewall. ipsec-site-connection-create Create an IPsecSiteConnection. ipsec-site-connection-delete Delete an IPsecSiteConnection.
Table 19 Unsupported Neutron commands (continued) Command Task net-gateway-connect Add an internal network interface to a router. net-gateway-create Create a network gateway. net-gateway-delete Delete a network gateway. net-gateway-disconnect Remove a network from a network gateway. net-gateway-list List network gateways for a tenant (private network). net-gateway-show Show information about a network gateway. net-gateway-update Update the name of a network gateway.
E Limitations on support for OpenStack functionality in the CloudSystem Portal The following table lists OpenStack functions that are not supported or are supported with limitations in the CloudSystem Portal. Table 20 Limitations on support for OpenStack functionality in the CloudSystem Portal Function Task Limitation Admin→System Panel→Flavors→More→View Extra Specs View additional specifications for Not supported a flavor.
Table 20 Limitations on support for OpenStack functionality in the CloudSystem Portal (continued) Function Task Limitation Project→Manage Compute→Instances→Launch Specify the administrator Instance→Access & Security→Admin Pass password used for accessing an instance after it is launched. Not supported Project→Manage Compute→Instances→More→View Log→Log View a console log for an instance.
