This section explains the tasks to perform after the setup of coordination adapters.
Note
When adding a coordination adapter after offline backup has been performed, perform offline backup again after setup.
Note that if the backup is not performed then the added coordination adapter will not be restored.
For details on offline backup, refer to "Backup and Restore", and "Offline Backup" in the "Fujitsu Software Cloud Services Management Operation Guide".
When the server that performs setup of coordination adapters uses a proxy to access the cloud to be coordinated, it is necessary to configure the proxy and authentication information for the APP domain.
The proxy and authentication information can be configured using the administration command of the Java EE execution environment (asadmin command). To execute the command, the following information about Java EE execution environment of the domain to modify is necessary.
Admin port number
Specify as a command option.
User name of the administrator
Specify as a command option.
Password of the administrator
Specify according to the prompt shown when executing the command.
Use the value specified in "2.2 Setup of the Management Server and the Coordination Adapter Platform (APP)".
Configuring
Execute the following command if necessary:
The command for configuring a proxy host
Execute the following command with a value specified in <proxy host>.
"%FSCSM_HOME%\SWCTMG\glassfish3\bin\asadmin" -p <admin port number> -u <user name of administrator> create-jvm-options -Dhttps.proxyHost=<proxy host>
The command for configuring a proxy port
Execute the following command with a value specified in <PORT NO>.
"%FSCSM_HOME%\SWCTMG\glassfish3\bin\asadmin" -p <admin port number> -u <user name of administrator> create-jvm-options -Dhttps.proxyPort=<PORT NO>
The command for configuring a proxy authentication user
When the proxy performs authentication, execute the following command with a value specified in <authentication user name>.
"%FSCSM_HOME%\SWCTMG\glassfish3\bin\asadmin" -p <admin port number> -u <user name of administrator> create-jvm-options -Dhttps.proxyUser=<authentication user name>
The command for configuring a proxy authentication password
When the proxy performs authentication, execute the following command with a value specified in<authentication password>.
"%FSCSM_HOME%\SWCTMG\glassfish3\bin\asadmin" -p <admin port number> -u <user name of administrator> create-jvm-options -Dhttps.proxyPassword=<authentication password>
When the above proxy configurations have been performed, to enable communications which does not use a proxy, it is necessary to configure a directly connected host.
Be sure to configure the following:
localhost|127.0.0.1
If there is a cloud which does not use a proxy, configure as necessary.
Execute the following command with values specified in <host names or IP addresses to be connected directly>. When there are multiple host names or IP addresses to be connected directly, separate them using vertical bars ("|").
"%FSCSM_HOME%\SWCTMG\glassfish3\bin\asadmin" -p <admin port number> -u <user name of administrator> create-jvm-options -Dhttps.proxyHost="<host names or IP addresses to be connected directly>"
After performing the above procedure, restart the APP domain. In Cloud Services Management, the start and stop processes of the coordination adapter platform (APP) and the management server are linked.
See
For details on how to restart, refer to "Starting and Stopping" in the "FUJITSU Software Cloud Services Management Operation Guide".
Deleting configurations
To delete a configuration, execute the following.
Execute the following command to delete a target configuration:
"%FSCSM_HOME%\SWCTMG\glassfish3\bin\asadmin" -p <admin port number> -u <user name of administrator> delete-jvm-options <operand of jvm-options to delete>
Example of command execution: (With a proxy host)
Configure the already configured value of -Dhttps.proxyHost using the format "-Dhttps.proxyHost=value" in <operand of jvm-options to delete>.
"%FSCSM_HOME%\SWCTMG\glassfish3\bin\asadmin" -p 3948 -u Administrator delete-jvm-options -Dhttps.proxyHost=proxy.com Enter admin password for user "Administrator"> Deleted 1 option(s) Command delete-jvm-options executed successfully.
Modifying configurations
To modify a configuration, first delete the existing configurations using the procedure in "Deleting configurations", then configure again using the procedure in "Configuring".
This step is necessary for ROR coordination. This step is not required when not performing ROR coordination.
Add the ROR admin serve certificate required for the ROR coordination adapter to connect the ROR admin server to the APP domain.
Exporting the Certificate for the ROR Admin Server
This section explains how to export the certificate for the ROR admin server and save it as a file.
Point
After exporting the certificate file, copy it to the server that performs setup of the ROR coordination function for use. Delete the certificate file that is no longer necessary.
Export using a web browser
This section explains how to export a certificate using Internet Explorer as the web browser. When performing this procedure, start Internet Explorer as an administrator.
Start the ROR management console.
Using a web browser, access the login window of the ROR management console. Access the following URL:
https://<FQDN of the ROR admin server>:<Port number for ROR L-Platform API>/cfmgapi/endpoint
The default port number for the ROR L-Platform API is 8014.
View the certificate.
On the security status bar of the web browser, click [Certificate Error] and then select [View Certificates]. The [Certificate] window is displayed.
Export the certificate.
On the [Certificate] window, click the [Details] tab and click the [Copy to File] button.
Follow the instructions on the displayed window to export the certificate.
For the format of the exported file, accept the default format DER encoded binary X.509.
Export using a command
Export a certificate using the cmmkpfx command, which is a function provided by ROR.
Exporting with a command requires the password for the Interstage certificate environment and the nickname of the certificate that were specified when adding the certificate to the ROR admin server.
For details, refer to "Importing a Certificate to ServerView SSO Authentication Server" in the "ServerView Resource Orchestrator Cloud Edition Setup Guide".
Importing the Certificate for the ROR Admin Server
This section explains how to import the exported certificate for an ROR admin server into the truststore for the APP domain.
Import using the following procedure:
Import the certificate into the truststore for the APP domain.
Execute the following command. In "[Certificate file for the ROR admin server]", specify the certificate file for the ROR server to which the certificate was exported (It is not necessary to include line feeds in this command. When copying this command from the manual, delete line feeds before using it).
The message prompting for confirmation of trusting this certificate is displayed. If you trust this certificate, enter "y" and then press the Enter key.
%FSCSM_HOME%\SWCTMG\jdk7\bin\keytool -import -file [Certificate file for the ROR admin server] -trustcacerts -alias rorsv -keystore %FSCSM_HOME%\SWCTMG\glassfish3\glassfish\domains\app-domain\config\cacerts.jks -storepass changeitConfirm that the certificate file for the ROR admin server has been added in the truststore for the APP domain.
Execute the following command:
%FSCSM_HOME%\SWCTMG\jdk7\bin\keytool -list -keystore %FSCSM_HOME%\SWCTMG\glassfish3\glassfish\domains\app-domain\config\cacerts.jks -storepass changeit
This step is necessary for AWS coordination. This step is not required when not performing AWS coordination.
Configure an access key ID and a secret access key for AWS to the AWS service controller by using the following procedure.
Confirm the user key (1000) and password (BSS_USER_PWD) for access to management server domains (API and GUI domains).
For details on the password (BSS_USER_PWD), refer to "Table 2.2 List of Parameters Configured Automatically during Setup".
To open the [AWS Controller Configuration] window, access the following URL using a web browser.
In <server>, specify the host name or IP address of the management server for Cloud Services Management. In <port>, specify the HTTP listener port for the APP domain.
http://<server>:<port>/oscm-app-aws/
The port number of the HTTP listener of the APP domain is "AS_APP_BASE_PORT + 80/tcp".
In the [Login] window, specify the user key and password confirmed in step 1 to log in.
After logging in, the [AWS Controller Configuration] window is displayed.
Specify the access key ID and the secret access key.
Save the settings.
Note
To modify items displayed in [General controller settings] in the [AWS Controller Configuration] window, modify using the reconfiguration command, not this menu. For details on the reconfiguration command, refer to "C.4 Reconfiguring Coordination Adapters".
This step is necessary for Azure coordination. This step is not required when not performing Azure coordination.
Register the subscription file for connecting with Azure.
Perform the following procedure to configure Azure connection information.
Access the page for generating Azure subscription files at:
https://manage.windowsazure.com/publishsettings
After login, a management certificate is generated and registered on Azure. In addition, downloading of the subscription file starts. Save it in a safe folder.
Note
The above URL and the download procedure are subject to change.
For details on generation of management certificates and subscription files, contact the Azure service support desk.
Save the downloaded subscription file on the management server.
Create a folder named "Subscription _ID" in the following folder:
%FSCSM_HOME%\conf\adapter\azure\certificate
Place the subscription file in the created folder as is. It is not necessary to change the file name. The folder structure should be as follows:
%FSCSM_HOME%\conf\adapter\azure\certificate\<Subscription ID folder>\<Subscription file>
Point
When you want to modify Azure connection information, delete the subscription ID folder and the subscription file first, then register a new subscription file. If you want to use multiple subscriptions, create a subscription ID folder for each subscription and place each subscription file in its own folder.
This step is necessary for VMware coordination. This step is not required when not performing VMware coordination.
Add the VMware certificate required for the VMware coordination adapter to connect the VMware to the APP domain.
For details on how to obtain VMware certificates, refer to the following. (As of May 2016)
VMware vSphere 6.0 Documentation Center
http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.wssdk.dsg.doc/sdk_sg_server_certificate_Appendixes.6.4.html
Execute the following command to import the certificate into the truststore for the APP domain. In "[Certificate file for VMware]", specify the obtained VMware certificate file.
The message prompting for confirmation of trusting this certificate is displayed. If you trust this certificate, enter "y" and then press the Enter key.
%FSCSM_HOME%\SWCTMG\jdk7\bin\keytool -import -file [Certificate file for VMware] -trustcacerts -alias vmware -keystore %FSCSM_HOME%\SWCTMG\glassfish3\glassfish\domains\app-domain\config\cacerts.jks -storepass changeit