ibm smartcloud entry: administrator guide 3.2
TRANSCRIPT
IBM SmartCloud Entry
Administrator Guide 3.2
���
IBM SmartCloud Entry
Administrator Guide 3.2
���
NoteBefore using this information and the product it supports, read the information in “Notices” onpage 243.
Fifth Edition (December 2013)
© Copyright IBM Corporation 2012, 2013.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.
Contents
Chapter 1. IBM SmartCloud Entry . . . . 1About this guide . . . . . . . . . . . . . 1
Chapter 2. What's new in IBMSmartCloud Entry . . . . . . . . . . 3
Chapter 3. Key concepts . . . . . . . 5
Chapter 4. Planning for IBM SmartCloudEntry . . . . . . . . . . . . . . . . 7Hardware requirements. . . . . . . . . . . 7Supported software versions . . . . . . . . . 7
IBM SmartCloud Entry server components . . . 8IBM SmartCloud Entry client components . . . 8Prerequisite software components . . . . . . 9
Scalability and performance considerations . . . . 13Server and concurrent user maximums . . . . 13Cloud management system metrics tuning(VMControl) . . . . . . . . . . . . . 14
Chapter 5. Installing and uninstallingIBM SmartCloud Entry . . . . . . . . 17IBM SmartCloud Entry virtual appliancedeployment . . . . . . . . . . . . . . 17IBM SmartCloud Entry installation . . . . . . 19Installing prerequisite software . . . . . . . . 20
Microsoft Hyper-V prerequisite installation . . . 20IBM Systems Director VMControl prerequisiteinstallation . . . . . . . . . . . . . 20VMware prerequisite installation . . . . . . 26Database prerequisites (optional) . . . . . . 26
Deploying IBM SmartCloud Entry virtual appliances 27Prerequisites for IBM SmartCloud Entry virtualappliances . . . . . . . . . . . . . . 27Deploying the Hyper-V virtual appliance . . . 33Deploying the KVM virtual appliance . . . . 37Deploying the PowerVM virtual appliance . . . 49Deploying the VMware virtual appliance . . . 56
Installing IBM SmartCloud Entry on Linux or AIX 59Console installation (default) . . . . . . . 59Graphical installation . . . . . . . . . . 60Silent installation . . . . . . . . . . . 62
Installing IBM SmartCloud Entry on Windows . . 63Graphical installation (default) . . . . . . . 63Console installation. . . . . . . . . . . 64Silent installation . . . . . . . . . . . 65
Installing and uninstalling IBM SmartCloud EntryAgents . . . . . . . . . . . . . . . . 66
Installing and uninstalling the IBM SmartCloudEntry Hyper-V Agent . . . . . . . . . . 66Installing and uninstalling the IBM SmartCloudEntry Linux Kernel-based Virtual Machine(KVM) Agent and CLI Client . . . . . . . 76
Applying fixes and updates for IBM SmartCloudEntry . . . . . . . . . . . . . . . . 90IBM SmartCloud Entry for Cloud SSL configuration(optional) . . . . . . . . . . . . . . . 92Connecting using SSH . . . . . . . . . . . 94Uninstalling IBM SmartCloud Entry . . . . . . 94
Uninstalling IBM SmartCloud Entry from Linuxor AIX . . . . . . . . . . . . . . . 94Uninstalling IBM SmartCloud Entry fromWindows . . . . . . . . . . . . . . 96Database cleanup . . . . . . . . . . . 96
Chapter 6. Migrating IBM SmartCloudEntry . . . . . . . . . . . . . . . 97Migrating to a new release . . . . . . . . . 97
Migrating your configuration . . . . . . . 97Migrating your data . . . . . . . . . . 98Migrating configuration manually . . . . . . 99
Migrating from one system to another . . . . . 99Migrating from version 3.1 to a version 3.2appliance . . . . . . . . . . . . . . . 99Migrating a Derby database to DB2 database . . . 101
Chapter 7. Starting and stopping IBMSmartCloud Entry . . . . . . . . . 103
Chapter 8. Configuring IBMSmartCloud Entry appliances . . . . 105IBM SmartCloud Entry and OpenStack deploymentconfigurations . . . . . . . . . . . . . 105Changing the deployment configuration . . . . 106Configuring IBM OpenStack virtualizationenvironments . . . . . . . . . . . . . 107
Supported IBM OpenStack and IaaS gatewayconfigurations . . . . . . . . . . . . 107Configuring the PowerVC virtualizationenvironment. . . . . . . . . . . . . 109Managing the OpenStack configuration . . . . 113Configuring the Hyper-V virtualizationenvironment . . . . . . . . . . . . . 119Configuring the KVM virtualizationenvironment. . . . . . . . . . . . . 122Managing the IaaS gateway . . . . . . . 123Generating authentication tokens . . . . . . 125Managing passwords . . . . . . . . . . 126Starting, stopping, and status of the IBMSmartCloud Entry application on IBMSmartCloud Entry virtual appliance . . . . . 126Managing network configuration . . . . . . 127Volume group management for the IBMSmartCloud Entry appliance . . . . . . . 128Performing support and maintenance tasks onthe IBM SmartCloud Entry appliance . . . . 131
© Copyright IBM Corp. 2012, 2013 iii
Chapter 9. Configuring IBMSmartCloud Entry properties. . . . . 133Configuring user registry authentication . . . . 134
LDAP authentication . . . . . . . . . . 134Configuring LDAP authentication manually . . 134Changing authentication mode . . . . . . 136Configuring local authentication . . . . . . 136Configuring REST API authentication . . . . 137
Configuring database. . . . . . . . . . . 138Configuring email notifications . . . . . . . 139Configuring common cloud properties . . . . . 140
Cloud refresh interval . . . . . . . . . 140Cloud online help configuration . . . . . . 140
Configuring global image deployment . . . . . 140Configuring a deployment target . . . . . . 142Configuring cloud synchronization mode . . . 142Configuring a staging project . . . . . . . 143Configuring global priority of an instance whenrelocating. . . . . . . . . . . . . . 143Configuring access to advanced deploymentform . . . . . . . . . . . . . . . 143Configuring the number and maximum size ofadditional storage . . . . . . . . . . . 144Configuring Storage Copy Services (SCS)capture repositories (VMControl only) . . . . 144Configuring retry for a failed deploy or deleteaction (VMControl only). . . . . . . . . 145Configuring images with VMware . . . . . 145Configuring images with OpenStack. . . . . 153Configuring instance resize timeout . . . . . 161Identifying expired instances . . . . . . . 161Virtual appliance label translations . . . . . 162
Configuring multiple instances for a singledeployment . . . . . . . . . . . . . . 163Configuring logging . . . . . . . . . . . 163Configuring a network . . . . . . . . . . 164Configuring billing . . . . . . . . . . . 165
Configuring billing . . . . . . . . . . 165Configuring billing details . . . . . . . . 166
Configuring metering . . . . . . . . . . 169Configuring capacity and overcommit rates . . . 170Configuring web user interface . . . . . . . 171
Configuring user interface widgets . . . . . 171Configuring session timeout . . . . . . . 172Configuring the Welcome page . . . . . . 172Configuring the default instance name . . . . 173
Chapter 10. Configuring IBMSmartCloud Entry by using the webinterface . . . . . . . . . . . . . 175Configuring the default administrator user account 175Configuring LDAP authentication using the webinterface . . . . . . . . . . . . . . . 175Images . . . . . . . . . . . . . . . 177
Building images . . . . . . . . . . . 178Importing images (OpenStack only) . . . . . 178Editing image properties (OpenStack only) . . 180Updating an image configuration strategy(OpenStack only) . . . . . . . . . . . 181Creating a VMware linked virtual machine . . 181
Configuring image deployment properties. . . 182Deploying an image . . . . . . . . . . 184Copying image definitions . . . . . . . . 186Viewing image properties . . . . . . . . 186Deleting images . . . . . . . . . . . 186
Projects . . . . . . . . . . . . . . . 187Project membership roles . . . . . . . . 187Creating a project . . . . . . . . . . . 187Editing project properties . . . . . . . . 188Managing projects . . . . . . . . . . . 189Deleting an existing project. . . . . . . . 189Project management with OpenStack . . . . 189
Approval policies . . . . . . . . . . . . 190Setting or modifying approval policies for acloud . . . . . . . . . . . . . . . 190Setting or modifying approval policies for aproject. . . . . . . . . . . . . . . 191
Requests . . . . . . . . . . . . . . . 192Processing instance requests . . . . . . . 192Clearing or archiving requests . . . . . . . 193
Expiration policies. . . . . . . . . . . . 193Updating the default expiration policy for acloud . . . . . . . . . . . . . . . 193Updating the default expiration policy for aproject. . . . . . . . . . . . . . . 194
Flavors (OpenStack only) . . . . . . . . . 194Updating the flavor for an OpenStack cloudconfiguration . . . . . . . . . . . . 194
Multiple cloud support . . . . . . . . . . 196Adding a cloud configuration . . . . . . . 197Configuring an OpenStack cloud . . . . . . 197OpenStack clouds . . . . . . . . . . . 198Removing a cloud . . . . . . . . . . . 198Updating a cloud . . . . . . . . . . . 199
Network configurations . . . . . . . . . . 199Managing network configurations . . . . . 199Adding a network configuration . . . . . . 200Editing network configurations . . . . . . 203Managing IP address pools . . . . . . . . 203
Instances . . . . . . . . . . . . . . . 205Capturing an instance . . . . . . . . . 205Pinning an instance . . . . . . . . . . 205Migrating an instance (OpenStack) . . . . . 206Processing requests from the Instances tab. . . 206Hiding or showing an instance . . . . . . 207Resizing an instance (VMControl) . . . . . 207Resizing an instance (VMware) . . . . . . 207Resizing an instance (OpenStack) . . . . . . 208
Users . . . . . . . . . . . . . . . . 209Creating a user . . . . . . . . . . . . 209Viewing or updating a user . . . . . . . 209Unlocking a user . . . . . . . . . . . 209Deleting a user . . . . . . . . . . . . 210User management with OpenStack . . . . . 210
Accounts . . . . . . . . . . . . . . . 210Creating an account . . . . . . . . . . 211Add members to an account . . . . . . . 211Viewing or managing an account . . . . . . 211Deleting an account . . . . . . . . . . 211
Clearing or archiving events . . . . . . . . 212Capacity . . . . . . . . . . . . . . . 212
iv IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 11. Security . . . . . . . . 215
Chapter 12. Best practices for usingIBM SmartCloud Entry . . . . . . . 217Back up and restore IBM SmartCloud Entry . . . 217Using the screen command . . . . . . . . 218Using the nohup command . . . . . . . . . 218Deploying 500 virtual servers to a VMControlcloud in a 24 hour period . . . . . . . . . 219Qpid set up in PowerVC for heavily usedenvironments . . . . . . . . . . . . . 219
Chapter 13. IBM SmartCloud Entry forSystem X . . . . . . . . . . . . . 221IBM Systems Director Standard Edition . . . . 221Tivoli Provisioning Manager for Images . . . . 221
Chapter 14. Troubleshooting . . . . . 223IBM SmartCloud Entry FAQ . . . . . . . . 223Logging tasks . . . . . . . . . . . . . 224
Change logging levels from the OSGi commandprompt . . . . . . . . . . . . . . 224Retrieve log and system files . . . . . . . 225
Troubleshooting using the OSGi console . . . . 226Known issues . . . . . . . . . . . . . 227
Two users within the same browser . . . . . 227Display issue with Internet Explorer. . . . . 227Virtual machine fails to power on . . . . . 229Live migration settings are gone after upgradingIBM SmartCloud Entry Hyper-V Agent. . . . 229No billing information for processor andmemory products . . . . . . . . . . . 230Duplicate FCPorts causes IBM Systems Directorto lose its zoning information for the VIOSservers . . . . . . . . . . . . . . 230IBM SmartCloud Entry shows instance in'Stopped' state even though the deployment wassuccessful . . . . . . . . . . . . . 231Delete and add instance failures under load . . 231Instance in Error state cannot be deleted . . . 231Delete of an instance while a storage flashcopyis running against the instance will cause thedelete to fail . . . . . . . . . . . . . 232Image cannot be deployed if VMware TargetStorage property value is datastores . . . . 232Image cannot be deployed after IBM SystemsDirector VMControl is upgraded . . . . . . 233IBM Systems Director unexpectedly stopslogging . . . . . . . . . . . . . . 233
Failures noticed during server relocation orediting of virtual server properties . . . . . 233PKI error when adding OpenStack cloud . . . 234Error opening sockets to server when using DB2 234
Limitations . . . . . . . . . . . . . . 235Starting IBM SmartCloud Entry on a high scalecloud . . . . . . . . . . . . . . . 235Limitations when using VMware within theIBM SmartCloud Entry . . . . . . . . . 235DNS and domain name restrictions forVMControl AIX deployments . . . . . . . 236Include only ASCII characters in configurationfiles . . . . . . . . . . . . . . . 236Maximum REST API connection limit inVMControl . . . . . . . . . . . . . 236Disk resize support . . . . . . . . . . 236Cannot display storage size for PowerVCvirtualization environment . . . . . . . . 237Hyper-V does not support memory overcommit 237Limitation for upgrading the Hyper-V Agent 237Target restrictions for VMControl IBM ideployment . . . . . . . . . . . . . 237Use of network configurations provided byNetwork Control is not supported . . . . . 238The install path cannot contain non-Englishcharacters . . . . . . . . . . . . . 238Limitation on specifying a large memory ornumber of processors. . . . . . . . . . 238Limitations when you deploy an image . . . 238Limitation for deleting an image . . . . . . 238Direct usage of OpenStack CLI or REST APIsprohibited . . . . . . . . . . . . . 239Validation errors when updating a configurationstrategy . . . . . . . . . . . . . . 239IBM SmartCloud Entry appliance limitationwith Nova command . . . . . . . . . . 239Running out of DB2 home space with anIBMSmartCloud Entry appliance . . . . . . . 239Virtual machines with multi-thread in VMwarevCenter . . . . . . . . . . . . . . 240Problem choosing correct datastore duringconcurrent deployments (VMware vCenter) . . 240
Accessibility . . . . . . . . . . . . 241
Notices . . . . . . . . . . . . . . 243Trademarks . . . . . . . . . . . . . . 244Privacy policy considerations . . . . . . . . 245
Contents v
||
vi IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 1. IBM SmartCloud Entry
IBM SmartCloud® Entry is a lightweight cloud offering that provides essential Infrastructure as a Service(IaaS) cloud capabilities on top of a multi-platform virtualized environment.
Easy to deploy and easy to use, IBM SmartCloud Entry features a self-service portal for performing thefollowing public and private cloud operations:v Provisioning and de-provisioning virtual servers on OpenStack (KVM, Hyper-V, PowerVC), VMware
vSphere using vCenter, and VMControl virtualization environmentsv Providing access to multiple clouds from a single portalv Drafting and cloning instancesv Capturing instancesv Starting and stopping servers as part of an instancev Resizing existing virtual machinesv Creating projects to give team-specific access to instancesv Providing network configurations, which set unique network properties to different instancesv Creating expiration polices to reduce abandoned virtual machinesv Providing request and approval workflow supportv Monitoring resource allocations and billing for services
IBM SmartCloud Entry is implemented as a lightweight web-based application that runs as an OpenServices Gateway initiative (OSGi) application.
IBM SmartCloud Entry cloud manager uses the following FIPS 140-2 approved cryptographic providers:v IBMJCEFIPS (certificate 376)v IBMJSSEFIPS (certificate 409)v IBM® Crypto for C (certificate 384)
The certificates are listed on the NIST website at http://csrc.nist.gov/cryptval/140-1/1401val2004.htm.
For more information about the IBM SmartCloud Entry capabilities that are available for the User role,see the IBM SmartCloud Entry User Guide.
About this guideIBM SmartCloud Entry provides cloud administrators with a wide variety of virtualization topologies.Each of these topologies has a unique set of features, functions, installation, and configuration options.
IBM SmartCloud Entry provides installation media that you can use to install the IBM SmartCloud Entryserver application on your existing hardware or virtual machine. As an alternative, IBM SmartCloudEntry provides a set of virtual appliances that you can deploy in your existing virtualizationenvironment. Each of these options provides you with a different set of capabilities.
For example, if you choose to install the IBM SmartCloud Entry server application, you can add cloudcapabilities to your existing VMware vCenter or IBM Systems Director VMControl™ environments.
If instead you choose to deploy a virtual appliance, you get the capabilities of the IBM SmartCloud Entryserver, and you can optionally create an OpenStack virtualization environment that uses LinuxKernel-based Virtual Machine (KVM), Hyper-V, and PowerVC compute nodes. You can use OpenStack as
© Copyright IBM Corp. 2012, 2013 1
|||
another cloud with IBM SmartCloud Entry (in addition to VMware and VMControl clouds) or as astand-alone cloud. To make building the OpenStack environment even easier, IBM SmartCloud Entryprovides installation programs to install Hyper-V and KVM OpenStack compute nodes.
The following topics provide detailed information about installing or deploying, configuring, andadministering these environments as well as a description of IBM SmartCloud Entry features andlimitations:v System requirements including hardware, supported software levels, and prerequisitesv Installation and deployment of IBM SmartCloud Entry, the IBM SmartCloud Entry appliances, and
installation of OpenStack compute nodesv Migration from previous releasesv Starting and stopping IBM SmartCloud Entry servicesv Configuration of the IBM SmartCloud Entry appliance including the various OpenStack topologies
such as PowerVC, KVM, and Hyper-Vv Advanced configuration of IBM SmartCloud Entry by using properties filesv Configuration of IBM SmartCloud Entry including approval, billing, and expiration policies, users and
projects, and authenticationv Location and use of passwordsv Best practices for using IBM SmartCloud Entryv Known issues and limitations
2 IBM SmartCloud Entry: Administrator Guide 3.2
|||
Chapter 2. What's new in IBM SmartCloud Entry
IBM SmartCloud Entry includes new features and support in this release.
The new features include the following:v Additional hypervisor support
– Added support for Linux Kernel-based Virtual Machine (KVM) virtualization through OpenStacktechnologies.
– Added support for PowerVM® virtualization through IBM PowerVC and OpenStack technologies.The IBM SmartCloud Entry KVM and PowerVM virtual appliances come pre-configured withOpenStack services.From a user perspective, IBM SmartCloud Entry supports the following features for these hypervisors:– Secure Shell (SSH) key management (see note)– Deploy (basic and advanced options) and resize disk– Suspend and resume (see note)– Back up and restore (see note)– Projects, approvals, expirations, billing, and metering
Note: For the new hypervisors, IBM SmartCloud Entry supports SSH key management, suspend andresume, or back up and restore only when using KVM virtualization through OpenStack technologies.There is continued support of all IBM SmartCloud Entry 3.1 capabilities as well.
v Support for OpenLDAP Lightweight Director Access Protocol (LDAP) user registry authentication.v Ability to access the IBM distribution of OpenStack APIs.v Continued support of all IBM SmartCloud Entry 3.1 capabilities.
The support updates include the following:v IBM Systems Director VMControl 2.4.4 supportv VMware vCenter Server 5.5
© Copyright IBM Corp. 2012, 2013 3
4 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 3. Key concepts
IBM SmartCloud Entry supports many different types of virtualization infrastructure environments. Theseenvironments use different terminology for the same concepts and are described in the following table.
Note: IBM SmartCloud Entry is aligning more closely with OpenStack terminology. For example,workload and appliance are now referred to as an instance and image. OpenStack is an open sourcecloud-computing platform for private and public clouds. For information about OpenStack, seehttp://www.openstack.org/
Table 1. A terminology comparison between the virtualization infrastructure type and the IBM SmartCloud Entryequivalent term
Virtualizationinfrastructure type Term Definition
IBM SmartCloud Entryequivalent
VMware Template A blueprint of a virtualmachine containing themetadata and one or moredisk images that can beused to create new virtualmachines.
Image
VMware Virtual machine A runnable instance of avirtual computer, similar toa physical computer thatruns an operating systemand applications.
Instance
VMControl Workload A virtual computer, similarto a physical computer thatruns an operating systemand applications.
Instance
VMControl Virtual appliance (resultingin a single virtual machine)
An image of a virtualmachine that can be usedto create new virtualmachines.
Image
OpenStack Flavor A flavor is a defined sizefor a provisioned virtualmachine. Each flavor has aunique combination ofresource configurations andsizes.
Flavor
In addition to terminology differences between environments, there are key concepts that you mustunderstand.
ProjectsIBM SmartCloud Entry projects provide a management realm to group images and instances thatonly the members of that project can see and manage.
RequestsRequests are any actions that require administrator approval before they can complete. IBMSmartCloud Entry sends an approval request when a user attempts an operation that an IBMSmartCloud Entry administrator has set up to require approvals.
AccountsEnabling the billing operation in IBM SmartCloud Entry activates the account feature. An account
© Copyright IBM Corp. 2012, 2013 5
includes a balance, an owner, an account balance threshold, account members, and invoices. Theaccount members are charged for the instances that they deploy.
Note: Only IBM SmartCloud Entry administrators can create accounts, but an IBM SmartCloudEntry user can be assigned as an account owner.
Basic and advanced deploymentsUsers deploy an image by using the basic deployment form. Project owners or administrators canuse the basic or the advanced deployment forms. They can also configure which deploymentsettings are shown on the basic deployment form.
6 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 4. Planning for IBM SmartCloud Entry
Review the following information for planning to install and using IBM SmartCloud Entry. Theinformation includes hardware and software requirements for the various IBM SmartCloud Entrycomponents.
Hardware requirementsThis section describes hardware requirements for various platforms that IBM SmartCloud Entry supports.
The information provided is a general guideline and actual requirements can vary from installation toinstallation. Specific sizings should be done to meet your installation requirements.
The IBM SmartCloud Entry server is supported on the following platforms:v Intel x86-64 (Windows or Linux)v POWER6® or POWER7® (AIX®)
This table describes both the minimum hardware requirements and recommended minimum productionhardware requirements for the IBM SmartCloud Entry server component.
The minimum requirements listed indicate the absolute minimum hardware levels needed when runningwith only 5-10 concurrent users.
The recommended minimum production requirements are recommendations to support a small cloud. Aswith any software solution, hardware needs to be properly sized for a specific customer scenario.
Table 2. Minimum hardware requirements
Component Minimum hardware requirementsRecommended minimum hardwareproduction requirements
IBM SmartCloud Entry server 10.5 CPUs
650 MB free disk space
1 GB physical memory
2 CPUs
25 GB free disk space
8 GB physical memory
IBM SmartCloud Entry appliance 2 CPU
60 GB free disk space
4 GB physical memory
(With OpenStack Support)
4 CPUs
60 GB free disk space
8 GB physical memory1Requirements are for the IBM SmartCloud Entry server only. If other servers, such as the Director server, areinstalled on the same system, the requirements would need to be higher to account for the additional needs of theother components installed and running there.
Supported software versionsThis section provides the software versions supported by IBM SmartCloud Entry.
The supported versions listed are current at the time of publication. See the IBM SmartCloud Entry wikifor any updates. Also see “Applying prerequisite fixes for IBM Systems Director 6.3.x and VMControl2.4.x” on page 21 for the instructions on getting the latest fixes required by IBM SmartCloud Entry.
© Copyright IBM Corp. 2012, 2013 7
IBM SmartCloud Entry server componentsThe following tables list the supported components that are required by the IBM SmartCloud Entryserver.
Table 3. Supported operating systems
Operating system Versions Notes
AIX 6.1 (64-bit) TL5 or 7.1 (64-bit) With latest fix pack
Red Hat Enterprise Linux Version 6.1, 6.2, 6.3, and 6.4 (64-bit) With latest fix pack
Windows Server 2008 R2 (64-bit) With latest fix pack
Windows Server 2012Datacenter
Table 4. Supported databases
Database Versions Notes
Integrated Derby
DB2® 9.7, 10.1, and 10.5 With latest fix packs
Table 5. Supported user registries
User registry Versions Notes
IBM SmartCloud Entry Local identity storage and authentication v The IBM SmartCloud Entrydatabase is used to storeidentity artifacts includingcredentials.
v Intended for small-scaleusage, such asproof-of-concept scenarios,demonstrations, orenvironments with up to 30users and projects
Lightweight DirectoryAccess Protocol (LDAP)Version 3
IBM Tivoli® Directory Server Version 6.1 v Intended for productionenvironments to provide thehighest level of security.
v Scales to hundreds orthousands of users andprojects.
v Supports TLS (transactionlevel security).
Microsoft Active Directory 6.1.7601.17514
OpenLDAP Version 2.4.x
IBM SmartCloud Entry client componentsThe following table lists the supported component versions for clients that access the IBM SmartCloudEntry servers.
Note: Clients or versions that are not listed here might also work.
8 IBM SmartCloud Entry: Administrator Guide 3.2
Table 6. Browser compatibility
Browser Versions Notes
Internet Explorer 9.0 or 10.0 With latest fix pack
Minimum resolution of 1024x768 (orgreater)
Internet Explorer 9 or 10compatibility view is not supported
Firefox ESR 18, 24 With latest fix pack
Minimum resolution of 1024x768 (orgreater)
Chrome 24, 30 With latest fix pack
Safari 6 With latest fix pack
Prerequisite software componentsIBM SmartCloud Entry has extra software prerequisites, which vary depending on the type of cloudprovider that you use.
IBM SmartCloud Entry depends on one of the following providers for platform management andvirtualization services:v Microsoft Hyper-Vv IBM Power® Virtualization Center Standardv IBM Systems Director VMControlv VMware vSphere with vCenter
Microsoft Hyper-V prerequisites
IBM SmartCloud Entry is compatible with the following versions of Microsoft Hyper-V products:
Table 7. Supported Microsoft Hyper-V products
Microsoft Hyper-V products Versions
Microsoft Hyper-V Server 20121
Windows Server 2012 with Hyper-V role enabled v Standard Edition
v Datacenter edition
1. Microsoft Hyper-V Server 2012 does not provide the APIs that are needed for IBM SmartCloud Entry to createthe ISO image file that provides customization data to virtual machines. To use Microsoft Hyper-V Server 2012with IBM SmartCloud Entry, you must install a compatible ISO generation utility such as genisoimage fromCygwin. For more information, see “Enabling Microsoft Hyper-V Server 2012 systems for ISO generation” onpage 119.
Note: All operating systems must have the latest fix pack applied.
IBM Power Virtualization Center prerequisites
IBM SmartCloud Entry is compatible with IBM Power Virtualization Center Standard version 1.2.0.1,which is a comprehensive virtualization management tool for the PowerVM platform.
IBM SmartCloud Entry 3.2 with PowerVC provides the following capabilities:
Chapter 4. Planning 9
v Support for IBM Power Systems™ hosts that are managed by Hardware Management Console.v Support for storage area networks.v Support for multiple Virtual I/O Server virtual machines on each host.v Support for a single storage connectivity group, which enables you to deploy images so that they have
access to storage that is dedicated to a particular purpose. For more information on PowerVC andstorage connectivity groups, refer to the IBM PowerVC documentation.
Limitations for PowerVC support from IBM SmartCloud Entry:v PowerVC Express® Edition is not supported.v Single Storage Connectivity group support: Logical partitions that are imported by PowerVC are not
supported. Only virtual machines that are deployed through PowerVC to a storage connectivity groupis supported from IBM SmartCloud Entry. If you added existing virtual machines to your IBM PowerVirtualization Center, IBM SmartCloud Entry does not discover them.
For information about IBM Power Virtualization Center Standard, see the IBM Power VirtualizationCenter information center at the following website.
http://pic.dhe.ibm.com/infocenter/powervc/1.2.0/index.jsp
IBM Systems Director VMControl prerequisitesIBM SmartCloud Entry is compatible with specific versions of IBM Systems Director and IBM SystemsDirector VMControl.
To use the full functionality of IBM SmartCloud Entry, the most current version of IBM Systems Directorand IBM Systems Director VMControl is required.
Note: If you are running IBM Systems Director and VMControl on a PureFlex™ system, install the latestFlex Systems FSM fix packs. For more information, see the IBM Flex Systems information center topicUpdating systems at http://publib.boulder.ibm.com/infocenter/flexsys/information/topic/com.ibm.director.updates.helps.doc/fqm0_t_um_updating_systems.html.
IBM SmartCloud Entry works with the following versions of IBM Systems Director and IBM SystemsDirector plug-ins:
Table 8. Version support for IBM Systems Director and IBM Systems Director VMControl
IBM Systems Director server Versions Notes
IBM Systems Director 6.3.4.x withIBM Systems Director VMControl
IBM Systems Director 6.3.4
IBM Systems Director VMControlEnterprise Edition 2.4.4
With latest fix pack
IBM Systems Director 6.3.3.x withIBM Systems Director VMControl
IBM Systems Director 6.3.3
IBM Systems Director VMControlEnterprise Edition 2.4.3
With latest fix pack
IBM Systems Director 6.3.2.x withIBM Systems Director VMControl
IBM Systems Director 6.3.2
IBM Systems Director VMControlEnterprise Edition 2.4.2
With latest fix pack
IBM Systems Director 6.3.x with IBMSystems Director VMControl
IBM Systems Director 6.3.1.1
IBM Systems Director VMControlEnterprise Edition 2.4.1.1
With latest fix pack
10 IBM SmartCloud Entry: Administrator Guide 3.2
Table 8. Version support for IBM Systems Director and IBM Systems Director VMControl (continued)
IBM Systems Director server Versions Notes
IBM Systems Director 6.2.x with IBMSystems Director VMControl
IBM Systems Director 6.2.1.2
IBM Systems Director VMControlEnterprise Edition 2.3.1.2
IBM Systems Director VMControlStandard Edition 2.3.1.2 (limitedsupport1)
With latest fix pack
IBM Systems Director StorageControl (optional) 2
4.2.4
4.2.3
4.2.2.1
4.2.1
With latest fix pack
IBM Tivoli Storage ProductivityCenter (optional) 2
4.2.1 interim fix 1 With latest fix pack3
IBM Systems Director Service andSupport Manager (optional)
6.3.3
6.3.2
6.3.1
6.2.1
With latest fix pack
SMI Agent (optional) 4 120.11.0 With latest fix pack
1. For more information about limited support, see “Installing prerequisite software” on page 20.
2. For N_Port ID Virtualization (NPIV) support, at least one of IBM Systems Director Storage Control or IBM TivoliStorage Productivity Center products must be installed.
3. For the latest information, see the IBM Tivoli Storage Productivity Center Latest Downloads technote athttps://www-304.ibm.com/support/docview.wss?uid=swg21320822.
4. If you are using IBM Systems Director Storage Control or IBM Tivoli Storage Productivity Center, then you mustuse the SMI Agent.
IBM SmartCloud Entry uses IBM Systems Director VMControl application programming interfaces (APIs)to deploy new servers through Storage Copy Services (SCS) using the Integrated Virtualization Manager(IVM) or Hardware Management Console (HMC) and Virtual I/O Server (VIOS). The following are thesupported versions for this SCS-based Power Systems virtualization environment.
Table 9. Supported versions for the Storage Copy Services Power Systems Virtualization environment
Managed servers Versions Notes
PowerVM PowerVM Enterprise Edition
Kernel Virtual Machine (KVM)
Virtual I/O Server (VIOS) VIOS 2.2.2.2 With latest fixes1
Dual VIOS is supported
Hardware Management Console(HMC)
HMC V7R7.6.0.0 With latest fixes
Integrated Virtualization Manager(IVM)
IVM 2.2.2 With latest fixes
Chapter 4. Planning 11
Table 9. Supported versions for the Storage Copy Services Power Systems Virtualization environment (continued)
Managed servers Versions Notes
1. The list of VIOS fixes can be viewed on the Fix Central website at http://www-933.ibm.com/support/fixcentral
Supported configurations for storage
IBM SmartCloud Entry uses IBM Systems Director VMControl. IBM Systems Director VMControlsupports provisioning based on Storage Copy Services (SCS) through IBM Systems Director StorageControl or an external IBM Tivoli Storage Productivity Center.
Supported storage and switches depend on the level of IBM Systems Director that you are using. Forinformation about supported storage and switches, see the Supported storage devices in the IBM SystemsDirector information center at http://pic.dhe.ibm.com/infocenter/director/pubs/topic/com.ibm.director.plan.helps.doc/fqm0_r_hardware_compatibility_storage_devices.html.
VMware prerequisitesIBM SmartCloud Entry is compatible with the following versions of VMware products:
Table 10. Supported VMware products
VMware products Versions Notes
VMware vCenter Server 4 Standard edition (version 4.1 update1)
Essentials (version 4.1 update 1)
For more information, see “VMwareprerequisite installation” on page 26.
VMware vCenter Server 5 Standard edition
Essentials edition
Editions that are listed support thefollowing versions:
v 5.1.0
v 5.1 update 1
v 5.5
VMware vSphere 4 Standard edition (version 4.1 update1)
Advanced edition (version 4.1 update1)
Enterprise edition (version 4.1 update1)
Essentials Plus (version 4.1 update 1)
12 IBM SmartCloud Entry: Administrator Guide 3.2
Table 10. Supported VMware products (continued)
VMware products Versions Notes
VMware vSphere 5 Standard edition
Essentials Plus edition
Enterprise edition
Enterprise Plus edition
Editions that are listed support thefollowing versions:
v 5.0.0
v 5.1
v 5.1 update 1
v 5.5
Scalability and performance considerationsIBM SmartCloud Entry offers considerations with regard to scalability and performance within the cloudenvironment.
Server and concurrent user maximumsDepending on your cloud manager, IBM SmartCloud Entry supports a different number of users andservers in the environment.
It is assumed that the environment includes enough physical hardware to perform at these levels.
Table 11. Server and concurrent user maximums
Microsoft Hyper-Vcloud manager
VMware cloudmanager1
VMControl cloudmanager2, 3 PowerVC KVM (OpenStack)
v 50 concurrent users ofthe IBM SmartCloudEntry user interface orAPIs
v 750 maximum virtualservers
v 50 concurrent users ofthe IBM SmartCloudEntry user interface orAPIs
v 3000 maximumvirtual servers
v 50 concurrent users ofthe IBM SmartCloudEntry user interface orAPIs
v 500 maximum virtualservers on IBM PowerSystems Group RackModels that are usingVIOS withoutimplementing sharedstorage pools
v 1000 maximumvirtual servers forKVM, IBM PureFlexPower Systems, andIBM Power SystemsGroup Rack Modelsthat are using sharedstorage pools 4, 5
v 200 virtual disks perhost
v 50 concurrent users ofthe IBM SmartCloudEntry user interface orAPIs
v 400 maximum virtualservers
v 40 virtual servers perhost
v 50 concurrent users ofthe IBM SmartCloudEntry user interface orAPIs
v 500 maximum virtualservers
Chapter 4. Planning 13
Table 11. Server and concurrent user maximums (continued)
Microsoft Hyper-Vcloud manager
VMware cloudmanager1
VMControl cloudmanager2, 3 PowerVC KVM (OpenStack)
1. For more information about VMware configuration maximums, see the following:
v VMware configuration maximums (v4) PDF at http://www.vmware.com/pdf/vsphere4/r40/vsp_40_config_max.pdf
v VMware configuration maximums (v5) PDF at http://www.vmware.com/pdf/vsphere5/r50/vsphere-50-configuration-maximums.pdf
v VMware configuration maximums (v5.5) PDF at http://www.vmware.com/pdf/vsphere5/r55/vsphere-55-configuration-maximums.pdf
2. For more information about performance tuning and scaling, see the Performance Tuning and Scaling Guide for IBM SystemsDirector 6.3 at http://www.ibm.com/support/docview.wss?uid=nas7139a0e4d2c6aa65c8625797b006e6aeb.
3. For more information about best practices, see Virtualization Best Practices wiki at http://www.ibm.com/developerworks/wikis/display/virtualization/Virtualization+Best+Practice.
4. Recommend no more than 30 virtual servers (for example, LPARS) per managed system as it can affect I/O through VIOS anddiscovery and inventory update times.
5. A single Hardware Management Console (HMC) should not manage more than 800 virtual servers for the IBM SystemsDirector VMControl cloud.
Cloud management system metrics tuning (VMControl)Monitoring large numbers of managed resources can negatively affect performance on the managementserver. Adjusting appropriate polling intervals helps to minimize the negative performance impacts. IBMSystems Director provides a configurable polling interval for virtualization monitors which determineshow often requests are made for metrics data for a managed resource.
For more details on configuring HMC metrics and IBM Systems Director polling intervals, see thefollowing resources:
HMC metrics:
Setting the HMC to collect resource utilization data for managed systems in the IBM Systems DirectorInformation Center. at http://publib.boulder.ibm.com/infocenter/director/v6r2x/index.jsp?topic=/com.ibm.director.virtualization.helps.doc/fqm0_t_vm_enabling_hmc_metrics.html
IBM Systems Director VMControl:
Polling intervals for virtualization monitors in the IBM Systems Director Information Center athttp://publib.boulder.ibm.com/infocenter/director/v6r2x/topic/com.ibm.director.status.helps.doc/fqm0_c_polling_intervals_vsm_main.html.
IBM SmartCloud Entry recommends running with a 5 minute sampling rate on HMC and a 5 minuteinterval on IBM Systems Director. The IBM Systems Director sampling rate is defined in the file/opt/ibm/director/data/vsmmetric.properties. These are the specific Director properties that can be set.# Represents the frequency at which the management server polls the platform# services.DirectorPollingInterval=300000
# Represents the frequency at which the platform services poll a managed# resource.PlatformPollingInterval=300000
# Represents the frequency at which the Power Systems platform services# poll a managed resource.PowerPlatformPollingInterval=300000
# Represents the frequency at which the Power Systems platform services# poll a managed resource for utilization data.PowerPlatformUtilizationPollingInterval=300000
14 IBM SmartCloud Entry: Administrator Guide 3.2
# Represents the frequency at which the Power Systems platform services# poll a managed resource for allocation data.PowerPlatformAllocationPollingInterval=300000
Chapter 4. Planning 15
16 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 5. Installing and uninstalling IBM SmartCloud Entry
There are two methods for obtaining IBM SmartCloud Entry. The first is deploying a virtual appliance.The second is installing the IBM SmartCloud Entry application using one of three installation types:console, graphical (swing), and silent. This section describes both of these methods.
IBM SmartCloud Entry virtual appliance deploymentOn System x® and IBM Power Systems, you can quickly deploy the IBM SmartCloud Entry virtualappliances and immediately use IBM SmartCloud Entry to manage your virtualization environment. Formore information, see “Deploying IBM SmartCloud Entry virtual appliances” on page 27.
The following graphic shows a conceptual view of the IBM SmartCloud Entry virtual applianceenvironment.
© Copyright IBM Corp. 2012, 2013 17
18 IBM SmartCloud Entry: Administrator Guide 3.2
IBM SmartCloud Entry installationAs an alternative to deploying IBM SmartCloud Entry virtual appliances, you can install IBM SmartCloudEntry to manage directly to a specific virtualization environment.
The following graphic depicts a conceptual view of the IBM SmartCloud Entry installation.
You can install IBM SmartCloud Entry on the following operating systems:v 64-bit AIX on Powerv 64-bit Linuxv Windows
For AIX and Linux, the default installation type is console. For Windows, the default installation type isgraphical. To install IBM SmartCloud Entry using a non-default installation type, start the installer fromthe command line and run -i <install type> where <install type> is console, silent, or swing.
Chapter 5. Installing and uninstalling 19
Installing prerequisite softwareThis section lists the prerequisite software that is required for the various virtualization cloud types torun IBM SmartCloud Entry.
Microsoft Hyper-V prerequisite installationIBM SmartCloud Entry, using OpenStack technologies, is compatible with existing installations ofMicrosoft Hyper-V hypervisor. Ensure that the Microsoft Hyper-V hypervisor is operational andmanaging environments.
For more information about supported Hyper-V distributions, see “IBM SmartCloud Entry Hyper-VAgent Installation Prerequisites” on page 66.
The management of Microsoft Hyper-V hypervisor is outside the scope of this document. Refer to theproduct documentation for troubleshooting instructions. For more information about setting up andconfiguring Microsoft Hyper-V as a managed hypervisor, see “Installing and uninstalling the IBMSmartCloud Entry Hyper-V Agent” on page 66.
IBM Systems Director VMControl prerequisite installationFor the VMControl cloud type, IBM SmartCloud Entry depends on IBM Systems Director VMControlEnterprise Edition, which includes system pool support, to perform deployments and other virtualizationoperations to more than one host. System pool support allows a group of servers to be used as a cloudand also facilitates upgrade to IBM higher-end service management cloud offerings. Therefore, before youinstall IBM SmartCloud Entry, ensure that your VMControl server environment is set up and ready tocreate workloads from virtual appliances.
IBM SmartCloud Entry has limited support for targeting a single host as a deployment target. A singlehost can be specified as the deployment target for either Global virtual appliance configuration or forIndividual virtual appliance configuration, but a single host cannot be set during deployment or duringapproval of a deployment. This use of a single host as the deployment target requires only IBM SystemsDirector VMControl Standard Edition support.
Setting up and configuring IBM Systems Director and IBM Systems Director VMControl is not covered inthis document, but a list of links useful for downloading, installing, configuring, and troubleshootingVMControl to manage a POWER® environment follows:
Downloading and installing IBM Systems Director and VMControlThis topic contains links to the IBM Systems Director information center and the IBM Redbooks® websiteto help you download, install, and troubleshoot IBM Systems Director and IBM Systems DirectorVMControl.
Downloading
Download the versions of IBM Systems Director and IBM Systems Director VMControl from the IBMSystems Director download page at http://www.ibm.com/systems/software/director/downloads/index.html. IBM Systems Director is available from the Management servers page and IBM SystemsDirector VMControl is available from the Plug-ins page.
Installing and configuring
Find information about installing, upgrading, and migrating IBM Systems Director and IBM SystemsDirector VMControl from the IBM Systems Director Resource page at http://www.ibm.com/systems/software/director/resources.html.
20 IBM SmartCloud Entry: Administrator Guide 3.2
Upgrading IBM Systems Director VMControl might change the deployment target ID stored with theimage in IBM SmartCloud Entry. This changed ID results in an error when you attempt to deploy theimage. For information about resolving this error, see “Image cannot be deployed after IBM SystemsDirector VMControl is upgraded” on page 233.
When you are configuring the managed IBM DB2 database for IBM Systems Director, ensure that there issignificant free space on the file system that contains the database so that it can create temporary objects.By default, the managed IBM DB2 database for IBM Systems Director is in /home/dirinst1. At least 3 GBof free space is required for IBM SmartCloud Entry to deploy images and complete other functions. IfIBM Systems Director is managing 1,000 workloads, then 5 GB of free space are required for the managedIBM DB2 database.
Troubleshootv IBM Systems Director troubleshooting forum at http://www.ibm.com/support/search.wss?rs=0
&q=eServerOnDemandKBRCH&r=100&sort=descv IBM Systems Director VMControl troubleshooting forum at http://www.ibm.com/support/
search.wss?rs=0&lang=en&loc=en_US&r=10&cs=utf-8&rankfile=0&cc=us&coll=0&spc=&stc=&apar=include&q1=vmcontrol&q2=&sort=rk&tc=&ibm-search.x=16&ibm-search.y=9&dc=&dtm
Note: The links provided here are subject to change without notice.
Applying prerequisite fixes for IBM Systems Director 6.3.x and VMControl 2.4.xThe latest updates are required for IBM Systems Director and VMControl before you install IBMSmartCloud Entry. These updates are available for download and installation from the Fix Centraldownload page.
About this task
Note: You should install the latest available fix pack for IBM Systems Director and VMControl beforeyou install prerequisite fixes.
Specific software levels or fixes (for example, HMC, VIOS) might also be required on the target hosts forIBM Systems Director and VMControl to properly manage the client virtual servers. These fixes areavailable for download from the IBM SmartCloud Entry Fix Central page.
The current list of prerequisite software fixes is as follows:v For IBM Systems Director fixes, use fix ID: vmc-update.2.4.1.0-iFix:SCEentitled
The most current information for IBM SmartCloud Entry, including the latest documentation, installationinstructions, and support and fixes, can be found on the IBM SmartCloud Entry wiki athttps://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/W21ed5ba0f4a9_46f4_9626_24cbbb86fbb9/page/Support%20and%20Fix%20Instructions.
The IBM SmartCloud Entry wiki provides details about specific fixes available and instructions fordownloading and installing them.
Download and install the prerequisite fixes as outlined in the following steps.
Procedure1. Open your browser to IBM Support Fix Central at http://www-933.ibm.com/support/fixcentral/.2. Select Select product.3. Select Other Software for the Product Group.4. Select IBM SmartCloud Entry for the Product.5. Select All for the Installed Version.
Chapter 5. Installing and uninstalling 21
6. Select All for the Platform.7. Select Continue.8. On the identify fixes page, enter the following text into the individual fix ids field:
vmc-update.2.4.1.0-iFix:SCEentitled. Click Continue.9. On the select fixes page, select the vmc-update.2.4.1.0-iFix file. Click Continue.
10. Authenticate as required.11. Select the method that you want to use to download the fix and click Continue.12. Click the vmc-update_2.4.1.0_20120522-iFix.zip file to download13. View the readme.html file that is listed along with the fix pack download file.
The readme file contains instructions for applying the prerequisite fixes. If you choose to downloadusing your browser or HTTP, you can also view the readme file online.
14. Repeat steps 7 through 12 for any additional fix IDs provided in the current list of prerequisitesoftware fixes.
What to do next
Before you install a fix pack or upgrade IBM SmartCloud Entry, back up your skc.ini file to a safelocation. After you install the fix pack or finish upgrading, replace the skc.ini file with your backupversion.
Applying prerequisite fixes for IBM Systems Director 6.2.x and VMControl 2.3.xThe latest updates are required for IBM Systems Director and VMControl before you install IBMSmartCloud Entry.
About this task
Specific software levels or fixes (for example, HMC, VIOS) might also be required on the target hosts forIBM Systems Director and VMControl to properly manage the client virtual servers.
The current list of prerequisite software fixes is as follows:v For IBM Systems Director fixes, use fix ID: 2.2.0.0-SKC-ISDBASE_LAFIX1:SKCentitled
v For IBM Systems Director VMControl fixes, use fix ID: .2.0.0-SKC-VMC_LAFIX2:SKCentitled
v For the embedded version of IBM Tivoli Storage Productivity Center fixes, use fix ID:2.2.0.0-SKC-SC_4_2_1_a_AIX:SKCentitled
v For HMC fixes, use fix ID: 2.2.0.0-SKC-HMC .iso:SKCentitled
The most current information for IBM SmartCloud Entry, including the latest documentation, installationinstructions, and support and fixes, can be found on the IBM SmartCloud Entry wiki athttps://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/W21ed5ba0f4a9_46f4_9626_24cbbb86fbb9/page/Support%20and%20Fix%20Instructions.
The IBM SmartCloud Entry wiki provides details about specific fixes available and instructions fordownloading and installing them.
Download and install the prerequisite fixes as outlined in the following steps.
Procedure1. Open your browser to IBM Support Fix Central at http://www-933.ibm.com/support/fixcentral/.2. Select Select product.3. Select Other Software for the Product Group.4. Select IBM Starter Kit for Cloud for the Product.5. Select All for the Installed Version.
22 IBM SmartCloud Entry: Administrator Guide 3.2
6. Select All for the Platform.7. Select Continue.8. On the identify fixes page, enter the following text into the individual fix ids field:
2.2.0.0-SKC-ISDP-IF20110831:12S8192K701C91734. Click Continue.9. On the select fixes page, select the 2.2.0.0-SKC-ISDP-IF20110831 file. Click Continue.
10. Select the method that you want to use to download the fix and click Continue.11. View the readme.html file that are listed along with the fix pack download file.
The readme file contains instructions for applying the prerequisite fixes. If you choose to downloadusing your browser or HTTP, you can also view the readme file online.
12. Repeat steps 7 through 12 for any additional fix IDs provided in the current list of prerequisitesoftware fixes.
What to do next
Before you install a fix pack or upgrade IBM SmartCloud Entry, back up your skc.ini file to a safelocation. After you install the fix pack or finish upgrading, replace the skc.ini file with your backupversion.
Storage management related fixes (VMControl 2.3.x only):
IBM Systems Director VMControl enables you to use IBM Tivoli Storage Productivity Center to manageyour enterprise storage systems. In this case, IBM Systems Director VMControl uses IBM SystemsDirector Storage Control which uses embedded management interfaces for TPC to manage storagedevices.
For more information about IBM Tivoli Storage Productivity Center and IBM Systems Director, see theUsing IBM Systems Director Storage Control 4.2.1 with IBM Tivoli Storage Productivity Center in the IBMSystems Director Information Center at http://publib.boulder.ibm.com/infocenter/director/v6r2x/topic/com.ibm.director.storagectrl.helps.doc/fqm0_t_sc_using_with_tpc.html.
Alternatively, you may have an IBM Tivoli Storage Productivity Center server installed and running inyour environment where IBM Systems Director discovers and uses the IBM Tivoli Storage ProductivityCenter server to manage your storage.
In each of these environments where IBM Tivoli Storage Productivity Center is used, there are IBM TivoliStorage Productivity Center fixes required to do provisioning through IBM Systems Director VMControland IBM SmartCloud Entry; therefore, IBM Tivoli Storage Productivity Center must be updated to thefollowing fix levels:
With the full, stand-alone version of IBM Tivoli Storage Productivity Center installed and employed, theIBM Tivoli Storage Productivity Center 4.2.1 FP6 or later is required.
With the embedded version of IBM Tivoli Storage Productivity Center, the IBM Tivoli StorageProductivity Center hot fix is available along with other IBM SmartCloud Entry fixes on the IBM SupportFix Central website. For more information about downloading and installing the fix, see the IBMSmartCloud Entry wiki at https://www.ibm.com/developerworks/mydeveloperworks/wikis/home/wiki/IBM Starter Kit for Cloud/page/Support and Fix Instructions
Configuration considerations for IBM Systems Director and VMControl
Using hosts or system pools for NPIV deploying:N_Port ID Virtualization (NPIV) is an industry-standard Fibre Channel (FC) technology that allows theVirtual I/O Server to directly share a NPIV-capable FC adapter between multiple client partitions. ForNPIV, the Virtual I/O Server acts as an FC pass-through instead of a SCSI emulator such as when usingvirtual SCSI. To enable IBM SmartCloud Entry to take advantage of this functionality provided by IBM
Chapter 5. Installing and uninstalling 23
Systems Director VMControl, follow the instructions in the IBM PowerVM Virtualization Introductionand Configuration Redbook at http://www.redbooks.ibm.com/abstracts/sg247940.html?Open. Look forrequirements and information about configuring the VMControl support NPIV through Storage CopyServices (SCS) in Chapter 2.8.
Using system pools for advanced placement:
For IBM SmartCloud Entry to take advantage of the advanced placement functionality that is providedby IBM Systems Director VMControl, you must complete some additional configuration steps. Thisadvanced placement functionality is provided by VMControl server systems pools.
After this configuration is completed, you can deploy instances (workloads) from the IBM SmartCloudEntry to a VMControl server system pool. VMControl server system pools are required for the actualdeployment of the workload, including intelligent workload placement to the host servers in the systempool.
When you are using IBM Systems Director VMControl with system pools, configure the systems in thepool with similar capabilities to allow for LPAR mobility across the pool, including the networks that aredefined on the systems and features such as Active memory Expansion (AME).
Before putting systems into a pool, make sure that you have your environment set up.v For more information about setting up your environment for IBM Systems Director VMControl 2.3.x,
see Preparing your Power Systems environment for server system pools topic in the IBM SystemsDirector VMControl information center at http://publib.boulder.ibm.com/infocenter/director/v6r2x/topic/com.ibm.director.vim.helps.doc/fsd0_vim_t_preparing_environment_for_pools.html.
v For more information about setting up your environment for IBM Systems Director VMControl 2.4.x,see Preparing your Power Systems environment for server system pools topic in the IBM SystemsDirector VMControl information center at http://publib.boulder.ibm.com/infocenter/director/pubs/topic/com.ibm.director.vim.helps.doc/fsd0_vim_t_preparing_environment_for_pools.html.
For more information about setting up and configuring IBM Systems Director VMControl system pool,see the following topics:v For IBM Systems Director VMControl 2.3.x, see Managing server system pools topic in the IBM
Systems Director VMControl information center at http://publib.boulder.ibm.com/infocenter/director/v6r2x/topic/com.ibm.director.vim.helps.doc/fsd0_vim_t_managing_pools.html.
v For IBM Systems Director VMControl 2.4.x, seeManaging server system pools topic in the IBM SystemsDirector VMControl information center at http://publib.boulder.ibm.com/infocenter/director/pubs/topic/com.ibm.director.vim.helps.doc/fsd0_vim_t_managing_pools.html.
Configuring remote restart capability:
For IBM SmartCloud Entry to use the remote restart capability that is provided by IBM Systems DirectorVMControl, you must complete some additional configuration steps if you are using Power Systemshosts.
About this task
When remote restart is enabled, if a host fails, virtual servers on the host can be automatically restartedon another host in the server system pool. You can create instances (workloads) in IBM SmartCloud Entrythat are enabled for remote restart. First, you must create one or more reserved storage devices that haveenough available space to contain the configuration data of the deployed virtual server. You create thesereserved storage devices by using the Hardware Management Console (HMC). For more information, seeCreating reserved storage devices for remote restart resilience in Power Systems environments in the IBMSystems Director information center at http://pic.dhe.ibm.com/infocenter/director/pubs/topic/com.ibm.director.vim.helps.doc/fsd0_vim_t_preparing_environment_for_pools_remote_restart.html.
24 IBM SmartCloud Entry: Administrator Guide 3.2
Mobility of servers within a system pool:
When using IBM Systems Director VMControl version 2.3.1.2, the mobility of a server must be disabledwithin a system pool. When using IBM Systems Director VMControl version 2.4.1, you can manuallyenable the mobility of the server.
About this task
To disable mobility when using VMControl version 2.3.1.2, uncheck the box under Resilience criteria inthe VMControl Create Server System Pool wizard as follows:
To set up manual mobility when using VMControl version 2.4.1, follow these steps:
Procedure
1. Ensure resiliency is enabled and automatic relocation disabled.2. Copy the vsi_service_config.properties file from the META-INF folder in the
com.ibm.ensemble.local.mgmt_<version>.jar to the /lwi/conf/overrides/ folder.3. Edit the vsi_service_config.properties properties file with the following line:
vsi.placementoptimizer.deploys.evacuation.no.relocation = 1
4. Save the file and continue with creating the system pool.
Enabling retry of HMC commands:
VMControl enables a retry feature that allows VMControl to retry an HMC command if it fails. This retryfeature must be configured in order for it to be enabled.
About this task
To enable this feature, follow these steps:
Procedure
1. Open the /opt/ibm/director/data/VSMPower.properties file.2. Add the following properties to the file.
CommandCallRetries=5CommandCallRetryDelay=30
Chapter 5. Installing and uninstalling 25
With these properties set, if an HSCL3205 error is detected, the failing command is retried using theconfigured number of retries and the configured delay in seconds between retries. Using theproperties as specified in the example, the failing command has 4 retries with 30 second wait inbetween retries.
3. Save and close the /opt/ibm/director/data/VSMPower.properties file.
VMware prerequisite installationThe IBM SmartCloud Entry is compatible with existing installations of VMware vSphere managed by theVMware vCenter. Ensure that the VMware vCenter Server product is installed, operational, andmanaging a VMware vSphere environment.
For more information about supported VMware distributions, see “VMware prerequisites” on page 12.
The configuration of the VMware products is outside the scope of this document. Refer to the productdocumentation for configuration and troubleshooting instructions.
Linksv VMware vCenter Server website at http://www.vmware.com/products/vcenter-server/overview.html.v VMware vSphere website at http://www.vmware.com/products/vsphere/overview.html.v VMware Documentation website at http://www.vmware.com/support/pubs/
IBM SmartCloud Entry supports only Windows and Linux guest operating systems, which are supportedby vCenter and ESXi and allow guest customizations. For more information, see the following resources:v VMware Compatibility Guide for Guest Operating Systemsv Guest Operating Customization Guide
Customization of certain Microsoft Windows operating systems requires Microsoft Sysprep Tools. See theinformation for your version of vCenter for detailed instructions about obtaining the Sysprep Tools andwhere to store the tools on the vCenter Servers file systems.
Configuration considerations for VMwarev Use DRS-enabled clusters for advanced placement
Allow vCenter to place the user workload on the best host machine by using a DRS-enabled clusterwithin vCenter and setting the appliance target to use the cluster or a resource pool that is defined inthe cluster. This allows vCenter to manage the available host resources. Otherwise, the appliance targetis an individual host machine or a resource pool on a host machine.
v Place vCenter server and IBM SmartCloud Entry server on the same network.For best performance, it is recommended the vCenter server and the IBM SmartCloud Entry server areon the same network.
Database prerequisites (optional)The first time IBM SmartCloud Entry is deployed to your server, it automatically installs the IBMSmartCloud Entry database. This database holds all the information known to IBM SmartCloud Entryincluding configuration, users, images, instances, events, and so on.
The default database used by IBM SmartCloud Entry is a Derby database for which there are noprerequisite installation steps required. The default Derby database is created inside the IBM SmartCloudEntry home directory.
Downloading and installing DB2IBM SmartCloud Entry also supports the use of IBM DB2 as the database application.
26 IBM SmartCloud Entry: Administrator Guide 3.2
For information about how to download, install, and configure DB2, refer to its product documentation.Additionally, see the DB2 for Linux, UNIX and Windows website at http://www.ibm.com/software/data/db2/linux-unix-windows/.
Note: IBM SmartCloud Entry does not support SSL connections to DB2.
After DB2 is successfully installed and configured, create a DB2 database for IBM SmartCloud Entry andconfigure IBM SmartCloud Entry to use it.
Creating a DB2 database for IBM SmartCloud EntryWhile the default database used by IBM SmartCloud Entry is a Derby database, you can create a DB2database to use.
About this task
The following steps are required to create a DB2 database for IBM SmartCloud Entry use.
Procedure1. Start the DB2 Control Center.2. Navigate to the location of the new database.3. Right-click and select Create Database.4. Complete the fields on the Create Database Wizard.
Note:
v Be sure to specify at least 8K for the default bufferpool and table space size.v Check to use the database path as a storage path.v Change to Unicode (UTF-8) for the Code set.
5. Select Finish.6. Create or edit the database.properties file in the IBM SmartCloud Entry home directory as described in
the “Configuring database” on page 138 section.7. Start the database by right-clicking it and selecting Start.
Deploying IBM SmartCloud Entry virtual appliancesThis section contains the procedure for deploying the IBM SmartCloud Entry virtual appliances. IBMSmartCloud Entry is an integrated cloud management platform that is quickly deployed and operational.It is installed as a preintegrated software stack and delivered as virtual appliances.
Notes:
v Deploying IBM SmartCloud Entry virtual appliances is an alternative to using the IBM SmartCloudEntry application installer. For more information about using the IBM SmartCloud Entry applicationinstaller, see Chapter 5, “Installing and uninstalling IBM SmartCloud Entry,” on page 17.
v IBM SmartCloud Entry supports management of VMware vCenter clusters, and KVM, Hyper-V, andPowerVM hypervisors.
v KVM appliances are supported by IBM SmartCloud Entry version 2.4 fix pack 2 or higher.v Hyper-V appliances are supported by IBM SmartCloud Entry version 3.1 or higher.v PowerVM appliances are supported by IBM SmartCloud Entry version 3.2 or higher.
Prerequisites for IBM SmartCloud Entry virtual appliancesEnsure that your virtualization environment meets the minimum requirements for deploying IBMSmartCloud Entry virtual appliances.
Chapter 5. Installing and uninstalling 27
Hyper-V appliances
IBM SmartCloud Entry requires an existing installation of Microsoft Hyper-V Server 2012 or WindowsServer 2012.
For information about IBM SmartCloud Entry specific Microsoft Hyper-V installation considerations, see“Microsoft Hyper-V prerequisites” on page 9.
KVM appliances
IBM SmartCloud Entry provides two mechanisms for deploying the KVM virtual appliance:v By using libvirtv By using IBM Systems Director VMControl
Certify that the KVM host device drivers work with Open vSwitch and update the host device drivers tothe latest level. IBM testing with Red Hat Enterprise Linux 6.4 on an IBM PureFlex system required thatthe following device drivers be updated:
kmod-be2iscsi-4.6.267.4-1.x86_64kmod-tg3-3.129d-1.x86_64kmod-elx-lpfc-8.3.7.29-1.x86_64kmod-be2net-4.6.267.4-1.x86_64kmod-brocade-bfa-3.2.1.1-0.x86_64kmod-qlgc-qla2xxx-8.04.00.12.06.0_k3-1.x86_64
Updated IBM device drivers are available on the following IBM Support website:
http://ibm.com/support
Prerequisites for deploying by using libvirt
Deploying a KVM virtual appliance by using libvirt requires a KVM host that satisfies the followingrequirements:v Red Hat Enterprise Linux 6.4v A libvirt version 0.9.11 or laterv Open vSwitch version 1.9 or laterv Python version 2.6.6 through 2.7.x.
Python version 3 is not supported.v Optionally, the genisoimage utility
If genisoimage is not installed, the tool creates an ISO image of a CD-ROM by creating, mounting, andformatting a loop device.
Prerequisites for deploying by using IBM Systems Director VMControl
Deploying a KVM virtual appliance by using IBM Systems Director VMControl requires an existinginstallation of IBM Systems Director Platform Agent and VMControl
For information about IBM SmartCloud Entry specific IBM Systems Director and IBM Systems DirectorVMControl installation considerations, see “IBM Systems Director VMControl prerequisites” on page 10.
PowerVM appliances
The IBM SmartCloud Entry PowerVM appliance requires an existing installation of IBM PowerVC.
28 IBM SmartCloud Entry: Administrator Guide 3.2
Before you can deploy the IBM SmartCloud Entry appliance on a PowerVC system, ensure that thefollowing requirements are satisfied for the system where you want to run the deployment scriptv The system has Python version 2.x that is installed.
Note: Either version 2.6 or 2.7 of Python.v The system can access the PowerVC system over an HTTP connection.
In addition, ensure that the PowerVC system is set up as follows:v The PowerVC system where you want to deploy the virtual appliance has at least one Hardware
Management Console (HMC) with at least one host.v One static network is available that can be used as the IBM SmartCloud Entry management network.v One more network is available for a customer network.v A volume type is required. PowerVC has a volume type that is created by default.v The flavor that you want to use for deploying the virtual appliance in is set up. For a IBM SmartCloud
Entry deployment configuration, the virtual appliance requires four processors and 8 GB of memory.v For the HMC to provide DLPAR support for the virtual appliance partition, the HMC must be able to
communicate with the virtual appliance using the appliance management network interface. Thevirtual appliance firewall blocks the Remote Management and Control (RMC) port on the customernetwork interface.
VMware appliances
IBM SmartCloud Entry requires an existing installation of VMware vSphere Enterprise edition that ismanaged by VMware vCenter Server Standard edition. Ensure that the vCenter Server product isinstalled, operational, and managing a vSphere environment before you continue with the installation ofIBM SmartCloud Entry.
For information about IBM SmartCloud Entry specific VMware installation considerations, see “VMwareprerequisite installation” on page 26
Networking considerations
The virtual appliance uses two or three network interfaces, depending on the specific appliance. Allappliances have two networks in common:v Management networkv Customer network
The Hyper-V and Linux Kernel-based Virtual Machine (KVM) appliances (deployed using libvirt) use athird network, called the data network. The following information provides an introduction to the threenetwork interfaces.
Management networkThe management network is the private network that is used for communication between theIBM SmartCloud Entry instance and the cloud -- IBM Systems Director VMControl and vSphere,or Hyper-V compute nodes, KVM compute nodes, and IBM PowerVC when you use OpenStack.The firewall does not block any ports on this interface.
Customer networkThe customer (public facing) network configuration is used to access the IBM SmartCloud Entryweb interface and the OpenStack APIs. The firewall allows access to the IBM SmartCloud Entryserver, Qpid messaging server (using a secure connection), and the IaaS gateway server (using asecure connection).
Data networkThe data network is used for the managed virtual machines. The data network acts as a trunk
Chapter 5. Installing and uninstalling 29
interface that allows the OpenStack Neutron agent inside the appliance to get an uplink. TheNeutron DHCP agent can provide DNS and DHCP services over this interface if Neutronnetworks and subnets are defined.
When you deploy the virtual appliance, it is critical that you properly configure these networks as theycannot be changed later other than by redeploying the appliance.
Global networking configuration such as default gateway, DNS servers, and NTP server can be changedusing the SmartCloud Entry Appliance Management tool (sceappmgr).
IBM SmartCloud Entry and OpenStack deployment configurationsThe IBM SmartCloud Entry 3.2 virtual appliance supports three configurations for using IBM SmartCloudEntry and OpenStack.
The same stack is installed for each configuration, but the two features are configured differently. Thereare different sets of services that are enabled, and different options that are provided for customizing theconfiguration of OpenStack services.
IBM SmartCloud Entry onlyThis configuration enables the IBM SmartCloud Entry server for managing VMControl andVMware clouds. The OpenStack related services are not enabled.
IBM SmartCloud Entry with OpenStackThis configuration enables the IBM SmartCloud Entry server and OpenStack related servers. Thevirtual appliance is configured to act as the OpenStack controller. The OpenStack services areconfigured for use by IBM SmartCloud Entry, while other OpenStack functions can be used ifthey do not interfere with proper operation of IBM SmartCloud Entry functions. Access toOpenStack APIs using the customer network is provided through the IaaS gateway server andthe Qpid messaging server, while compute nodes communicate with the virtual appliance overthe management network. IBM SmartCloud Entry can be used to manage an OpenStack cloudusing Hyper-V, KVM, and PowerVC. OpenStack is configured with a user, sceagent, that must beused when creating an OpenStack cloud in IBM SmartCloud Entry. Additionally, OpenStack isconfigured with a set of user roles and policies that are required for proper operation of IBMSmartCloud Entry.
Base OpenStackThis configuration enables only the OpenStack servers. OpenStack is configured as the controllingnode with a minimal set of service users, an admin role, and the service tenant. Access toOpenStack APIs using the customer network is provided through the IaaS Gateway server andthe Qpid messaging server, while compute nodes communicate with the virtual appliance overthe management network. The OpenStack cloud supports Hyper-V, KVM, and PowerVC. TheIBM SmartCloud Entry Appliance Manager tool provides an interface for managing theOpenStack configuration on the appliance. All other operations are done using OpenStack APIs orthe OpenStack CLI installed on another system via the IaaS Gateway Server. In the BaseOpenStack configuration, OpenStack is configured with service users for the OpenStack servicesand an 'admin' role. The default policy files that are shipped with OpenStack are used.
Minimum resources based on deployment configuration
The table shows the recommended minimum processor and memory for these configurations on Powerand x86_64-based appliances.
Table 12. Minimum resources
IBM SmartCloud Entry onlyIBM SmartCloud Entry withOpenStack Base OpenStack
2 processors, 4 GB memory 4 processors, 8 GB memory 4 processors, 8 GB memory
30 IBM SmartCloud Entry: Administrator Guide 3.2
Changing the deployment configuration after deploying the virtual appliance
The IBM SmartCloud Entry Appliance Manager tool (sceappmgr) can be used to change the deploymentconfiguration. The configuration can be changed from "IBM SmartCloud Entry Only" to "IBM SmartCloudEntry with OpenStack" to "Base OpenStack". As the virtual appliance moves up this chain, artifacts arecreated that cannot be used with the lower configurations; therefore changing the deploymentconfiguration in the other direction is not allowed.
Appliance port usageThe number of ports that IBM SmartCloud Entry uses depends upon the various components of theappliance and which network interfaces allow access to them.
The Neutron DHCP agent provides a DNS server for each Neutron subnet and a DHCP server. Access tothese services is only through the data network.
The IBM SmartCloud Entry ports can be changed by using the sceappmgr Manage NetworkingConfiguration function. For more information, see “Managing network configuration” on page 127.
Table 13. Appliance port usage
Port ServiceManagementnetwork
Customernetwork Data network Notes
22 sshd Yes No No SSH access thatuses the customernetwork can beenabled.
53 dnsmasq No No Yes DNS server
67 dnsmasq No No Yes DHCP server
123 ntpd Yes No No The ntpd serverlistens on thisport, but it is notconfigured to actas a time server.Access controldoes not allowNTP queries orcommands.
657 rmcd Yes No No Used only on thePowerVMappliance.RemoteManagement andControl (RMC)provides DLPARsupport for theappliancepartition.
3260 tgtd Yes No No Acts as iSCSItarget forcinder-volume.
5000 keystone-all Yes No No
35357 keystone-all Yes No No
5671 qpidd Yes Yes No Secure (TLS) port
5672 qpidd Yes No No
3333 nova-objectstor Yes No No
Chapter 5. Installing and uninstalling 31
Table 13. Appliance port usage (continued)
Port ServiceManagementnetwork
Customernetwork Data network Notes
8774 nova-api Yes No No
8775 nova-api Yes No No
8776 cinder-api Yes No No
9191 glance-registry Yes No No
9292 glance-api Yes No No
9696 neutron-server Yes No No
9973 iaas gateway Yes Yes No Secure (TLS) port
7777 sce No No No OSGi console,access fromlocalhost only
18080 sce Yes Yes No HTTP port
18443 sce Yes Yes No HTTPS port
50000 db2 Yes No No
Appliance user names and passwordsThe following default user names and passwords are shipped with the appliance.
Default user names and passwords
Table 14. IBM SmartCloud Entry default credentials
User name Password Description
sysadmin passw0rd Used to access the IBM SmartCloudEntry appliance.
Table 15. OpenStack credentials
User name Password Description
glance glance Used for internal communication toglance repository.
nova nova Used for internal communication tonova controller.
cinder cinder Used for internal communication tocinder volume management.
neutron neutron Used for internal communication toneutron networking.
quantum quantum Used for internal communication toquantum networking. This user existsif you migrate to an IBM SmartCloudEntry OpenStack configuration froma version 3.1 appliance.
powervc powervc Used for internal communication toOpenStack Keystone and thePowerVC driver DB2 database.
gwagent gwagent Used for internal communication tothe OpenStack Gateway
32 IBM SmartCloud Entry: Administrator Guide 3.2
Table 15. OpenStack credentials (continued)
User name Password Description
sceagent openstack1 Used for communication betweenIBM SmartCloud Entry andOpenStack
qpidclient openstack1 Used for communication with Qpidmessaging server
qpidadmin openstack1 Used for communication with Qpidmessaging server
db2inst1 passw0rd Used for communication betweenOpenStack and DB2
Deploying the Hyper-V virtual applianceThe IBM SmartCloud Entry Hyper-V appliance is included as a compressed file on the installation media,along with several other files that are required to deploy the appliance. Use these instructions to deploythe IBM SmartCloud Entry Hyper-V virtual appliance.
Before you begin
To prepare to deploy the Hyper-V appliance, create the following two folders:v An appliance folder, such as C:\sceappliance, that includes the following files from the installation
media.– IBM_SCE_3.2_x86_HyperV_App.zip - the compressed Hyper-V appliance that is extracted and
processed as part of the deployment task. The compressed file contains the following virtual diskfiles:- IBM_SCE_3.2_x86_HyperV_App-disk1.vhdx
- IBM_SCE_3.2_x86_HyperV_App-disk2.vhdx
- IBM_SCE_3.2_x86_HyperV_App-disk3.vhdx
- IBM_SCE_3.2_x86_HyperV_App-disk4.vhdx
– deploy-SCEAppliance.ps1 - a PowerShell script that is used to deploy the appliance.– ovf-env.properties - an editable text file that defines various properties of the new virtual machine.
For example, the file defines the virtual machine name, the IBM SmartCloud Entry administrator,and the network configuration.
– ovf-env.xml.template - a file that is used by the deployment script.v A virtual machine folder, such as C:\scevm, that contains the .vhd files that are attached to the virtual
machine when it is deployed. This folder is used as the location for saving snapshots of the virtualmachine. The virtual disk files are copied into this folder during the deployment. Files in this folderare required for the new virtual machine to run.
Next, you must customize the virtual machine properties file.1. Copy the file ovf-env.properties from the source folder to another folder, and then edit the copy.
This example copies the file to the virtual machine folder and opens the file for editing.C:\> mkdir \scevm
C:\> copy \sceappliance\ovf-env.properties \scevm\
C:\> notepad \scevm\ovf-env.properties
2. Edit the key-value pairs in the ovf-env.properties file to define the configuration of the Hyper-Vvirtual machine for your environment. A description of each property along with its initial valuefollows.
Chapter 5. Installing and uninstalling 33
The following properties define the Hyper-V virtual machine configuration values.
hyper-v.vmname=SCE_VMThe name that Hyper-V uses for the virtual machine.
hyper-v.vmpathThe directory where the virtual machine files are located. The virtual disk files are copiedhere, and a subdirectory is created by Hyper-V to store virtual machine snapshots. Thedirectory must be used only for this virtual machine. Do not delete files in this directory.
hyper-v.vmmemory=8GBThe memory to be assigned to the virtual machine. A minimum of 8 GB is recommended.
hyper-v.vmcpu=4The number of processors to be assigned to the virtual machine. A minimum of fourprocessors is recommended.
The following property defines the deployment configuration.
deployment_configuration=sce_openstackThe deployment configuration for IBM SmartCloud Entry and OpenStack. The followingvalues are allowed:v sce_openstack – Configure the appliance for IBM SmartCloud Entry with OpenStackv base_openstack – Configure the appliance for Base OpenStack
The following properties define IBM SmartCloud Entry configurations values.
com.ibm.skc.admin_id=adminThe user name of the initial IBM SmartCloud Entry administrator, used to log in to the IBMSmartCloud Entry user interface.
com.ibm.skc.admin_name=SmartCloud Entry AdministratorThe display name of the initial IBM SmartCloud Entry administrator, which is displayed inthe IBM SmartCloud Entry user interface.
The following properties define the global network configuration values.
netconfig.gatewayThe default gateway IP address.
netconfig.dns_server1The IP address of the primary DNS server.
netconfig.dns_server2The IP address of the secondary DNS server.
netconfig.domain_nameThe DNS domain name of the deployed virtual machine.
netconfig.search_listAn optional DNS search list, which is specified as a comma-separated list of DNS domainnames.
netconfig.ntp_serverThe IP address of the NTP server that is used to set the virtual machine system clock.
The following properties define the management network configuration. The management network isthe private network that is used for communication between the IBM SmartCloud Entry instance andthe Hyper-V compute nodes.
hyper-v.eth0.switchThe name of an existing Hyper-V virtual network to be used by the management networkinterface.
netconfig.eth0.host_nameThe system host name to be used for the management network interface.
34 IBM SmartCloud Entry: Administrator Guide 3.2
netconfig.eth0.ip_addrThe IP address to be used for the management network interface.
netconfig.eth0.netmaskThe subnet mask to be used for the management network interface.
The following properties describe the customer (public facing) network configuration that is used toaccess the IBM SmartCloud Entry web interface.
hyper-v.eth1.switchThe name of an existing Hyper-V virtual network to be used by the customer networkinterface. This switch is required. The virtual machine has this interface even if you choosenot to configure the operating system for the appliance to use the interface.
netconfig.eth1.second_network=TrueConfigures a second network adapter that can be connected to a customer network whenpresent. If it is not selected, a second network is not configured. This property can have oneof the following values:v True - The network is configured. If the network uses DHCP, the netconfig.eth1.use_dhcp
property is required. If DHCP is not used, the netconfig.eth1.host_name,netconfig.eth1.ip_addr, and netconfig.eth1.netmask properties are required.
v False - The network is not configured. The netconfig.eth1.use_dhcp,netconfig.eth1.host_name, netconfig.eth1.ip_addr, and netconfig.eth1.netmask propertiesare not used.
netconfig.eth1.use_dhcpSpecifies whether the customer network uses DHCP. This property can have one of thefollowing values:v True - DHCP is used. Configuring a second network adapter implies that the customer
network has a DHCP server with a host record to ensure a stable IP address within thecustomer network. If DHCP is used, the netconfig.eth1.host_name, netconfig.eth1.ip_addr,and netconfig.eth1.netmask properties are not used.
v False - DHCP is not used. If DHCP is not used, the netconfig.eth1.host_name,netconfig.eth1.ip_addr, and netconfig.eth1.netmask properties are also required.
netconfig.eth1.host_nameThe system host name to be used for the customer network interface.
netconfig.eth1.ip_addrThe IP address to be used for the customer network interface.
netconfig.eth1.netmaskThe subnet mask to be used for the customer network interface.
The following properties describe the data network configuration. It is used for the managed virtualmachines. The data network acts as a trunk interface that allows the neutron agent inside theappliance to get an uplink.
hyper-v.eth2.switchThe name of an existing Hyper-V virtual network. This virtual machine network adapter isconfigured to use trunk mode. Specify a value of none if you do not want to configure a datanetwork adapter.
hyper-v.eth2.nativeVlanIDThe VLAN ID to be used to tag packets that are sent by this virtual machine. If packets arenot to be tagged, specify 0. For tagged packets, the VLAN ID must be in the range of 1 to4094.
hyper-v.eth2.allowedVlanIDListThe list of VLAN IDs allowed over this trunk. This value can be a combination of individualvalues and ranges, for example: hyper-v.eth2.allowedVlanIDList=1, 3, 100-200
Chapter 5. Installing and uninstalling 35
3. Save the customized ovf-env.properties file.
About this task
After you define the appliance folder and the virtual machine folder and customize theovf-env.properties file, run the PowerShell script as described in the following steps to deploy theHyper-V appliance.
Notes:
v The PowerShell script must be run as an administrator. On Windows Server 2012, select the Run asadministrator action when you open a PowerShell window.
v To run scripts from PowerShell, the execution policy must be set to allow scripts to run. In PowerShell,run the following command for more information:get-help about_execution_policies
v In addition, the following commands might be helpful:– get-executionpolicy– set-executionpolicy
Procedure1. Run the deploy-SCEAppliance.ps1 script, qualifying the command with the appliance folder name and
specifying the location of the ovf-env.properties file on the input parameter. For example:PS C:\> C:\sceappliance\deploy-SCEAppliance.ps1 -inputfile \scevm\ovf-env.properties
In this example, sceappliance is the name of the appliance folder and scevm is the virtual machinefolder.
2. A temporary drive is used to create a virtual disk for the appliance. If the following message isdisplayed, click Cancel to continue:You need to format the disk in drive E: before you can use it. Do you want to format it?
When the script completes, the screen displays the following text:VM SCE_VM created successfully.Starting new VM SCE_VM...SCE_VM Running 0 8192 00:00:00 Operating normallyOutput logged to C:\scevm\deploy-SCEAppliance.log
Results
The virtual appliance is started automatically at the end of a successful deployment.
Note: The first time that the virtual appliance is started, the system is being configuring and it mighttake several minutes before the initial console logon screen is displayed. Subsequent starts take less time.
What to do next
When the initial console logon screen is displayed, complete the following tasks:1. Start Hyper-V Manager.2. Select the virtual machine. Then select the Connect action to display the system console.3. When the logon prompt is displayed, log in to the console by using the following credentials:
Login: sysadminPassword: passw0rd
4. Run ifconfig at the command prompt. Ensure eth0 and eth1 are configured as specified during thedeployment.
36 IBM SmartCloud Entry: Administrator Guide 3.2
5. Test communication with the managed server by running the following command:ping -c 4 <Managed Cloud host name>
Data that is similar to the following is displayed:
# ping -c 4 192.168.88.9PING 192.168.88.9 (192.168.88.9) 56(84) bytes of data.64 bytes from 192.168.88.9: icmp_seq=1 ttl=120 time=1.16 ms64 bytes from 192.168.88.9: icmp_seq=2 ttl=120 time=0.120 ms64 bytes from 192.168.88.9: icmp_seq=3 ttl=120 time=0.141 ms64 bytes from 192.168.88.9: icmp_seq=4 ttl=120 time=0.136 ms--- 192.168.168.88.9 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3001msrtt min/avg/max/mdev - 0.120/0.391/1.161/0.444 ms
If properly connected, all packets show as received with 0% packet loss:6. Obtain the latest fixes for the appliance
For information, see “Performing support and maintenance tasks on the IBM SmartCloud Entryappliance” on page 131.
7. Configure OpenStack and an OpenStack cloud in the IBM SmartCloud Entry web interface.For information, see Configuring IBM SmartCloud Entry from the web interface.
Deploying the KVM virtual applianceBeginning with IBM SmartCloud Entry 3.2, the KVM virtual appliance no longer requires IBM SystemsDirector VMControl. You can now deploy the KVM virtual appliance by using libvirt. This topic describesboth methods for deploying the IBM SmartCloud Entry KVM virtual appliance.
Deploying the KVM virtual appliance by using libvirtYou can deploy the KVM virtual appliance by using libvirt.
Before you begin
To prepare to deploy the KVM virtual appliance, follow these steps:1. Copy the following IBM SmartCloud Entry 3.2 appliance files to a directory on the KVM host:
v deployVirshAppliance.sh
v editProperties.pyc
v writedomain.pyc
v writeovfenv.pyc
v IBM_SCE_3.2_x86_KVM_App.tar
2. Run the following command to make the deployVirshAppliance.sh file an executable file:chmod +x deployVirshAppliance.sh
About this task
To deploy the KVM virtual appliance by using libvirt, follow these steps:
Procedure1. Run the deployVirshAppliance.sh tool.
The deployVirshAppliance.sh tool collects information such as virtual machine name and networkinterfaces about the KVM virtual machine to be created. It also collects the information that isrequired to configure operating system networking and IBM SmartCloud Entry, then extracts the diskimages, defines a virsh domain, and starts the virtual machine.
Chapter 5. Installing and uninstalling 37
Tip: The virsh tool supports options for using information that was previously collected and saved toa file as well as stopping after creating a virsh domain XML file so that the domain can be customizedbeyond what the deployVirshAppliance.sh tool supports before creating and starting the virtualmachine. For more information about the deployVirshAppliance.sh tool, see “deployVirshAppliance”on page 39.
2. The virtual machine (domain) that is created by the deployment tool is configured to automaticallystart if the system is rebooted. You must also configure any libvirt networks that the virtual machineuses to automatically start. To configure a network to automatically start, run the following command:virsh net-autostart network-name
3. If you chose to generate the domain XML file and complete the deployment manually, and configurethe virtual machine to automatically start. To configure the virtual machine to automatically start, runthe following command:virsh autostart domain-name
If the tool completes successfully, the tool displays something similar to the following output:Domain SCE_VM defined from /var/libvirt/images/SCE_VM/domain.xmlDomain SCE_VM startedDomain SCE_VM marked as autostartedSmartCloud Entry Appliance successfully deployed and started as domain SCE_VM.
Results
The virtual appliance is started automatically at the end of a successful deployment.
Note: The first time that the virtual appliance is started, the system is being configuring and it mighttake several minutes before the initial console logon screen is displayed. Subsequent starts take less time.
Example
The following examples demonstrate how to use the deployVirshAppliance.sh tool:v To run the tool interactively and deploy the appliance, run the tool as follows:
./deployVirshAppliance.sh
v To run the tool interactively and either save the input to file test.properties or later read data that issaved in test.properties, run tool as follows:./deployVirshAppliance.sh test.properties
v To run the tool to create a libvirt domain XML file, run the tool as follows:./deployVirshAppliance.sh -xmlonly
v To edit the domain XML and then deploy a virtual machine that is named “sceappliance”, run thefollowing commands:vi domain.xml
virsh define domain.xml
virsh start sceappliance
What to do next
When the initial console logon screen is displayed, perform the following tasks:1. After the virtual appliance is deployed and started, connect to the console using the libvirt virtmgr
tool, or using a virsh console. For example, to connect to the console for a virtual machine that isnamed “sceappliance”, run the following command:virsh console sceappliance
2. Log in to the console by using the following credentials:Login: sysadmin
38 IBM SmartCloud Entry: Administrator Guide 3.2
Password: passw0rd3. Run ifconfig at the command prompt. Ensure eth0 and eth1 are configured as specified during the
deployment.4. Test communication with the managed server by running the following command:
ping -c 4 <Managed Cloud host name>
Data that is similar to the following is displayed:
# ping -c 4 192.168.88.9PING 192.168.88.9 (192.168.88.9) 56(84) bytes of data.64 bytes from 192.168.88.9: icmp_seq=1 ttl=120 time=1.16 ms64 bytes from 192.168.88.9: icmp_seq=2 ttl=120 time=0.120 ms64 bytes from 192.168.88.9: icmp_seq=3 ttl=120 time=0.141 ms64 bytes from 192.168.88.9: icmp_seq=4 ttl=120 time=0.136 ms--- 192.168.168.88.9 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3001msrtt min/avg/max/mdev - 0.120/0.391/1.161/0.444 ms
If properly connected, all packets show as received with 0% packet loss:5. Obtain the latest fixes for the appliance
For information, see “Performing support and maintenance tasks on the IBM SmartCloud Entryappliance” on page 131.
6. Configure OpenStack and an OpenStack cloud in the IBM SmartCloud Entry web interface.For information, see Configuring IBM SmartCloud Entry from the web interface.
deployVirshAppliance:
The deployVirshAppliance.sh tool provides a simple editor that displays the configuration field by field,with options to edit, reset the field to its default value, return to a previous field, or stop editing. Whenyou stop editing, you can review the configuration by displaying all of the fields, resume editing, savethe configuration and exit, or exit the editor without saving changes.
When you edit fields that have defined choices, the list of allowed values is displayed and you can use“tab completion” to complete a value after entering the initial characters. Tab completion is also providedfor file system paths.
The format of the deployVirshAppliance.sh tool is as follows:deployVirshAppliance.sh [-batch] [-xmlonly] [[-inputfile] file-name]
-batch Run tool in non-interactive mode (no prompting).
-xmlonlyExtract disk images and create domain XML but do not create the virtual machine. This option isprovided to enable the networking and virtual disk configuration to be customized beyond theconfigurations that this tool can directly create. For more information, see “Network interfaceconfiguration” on page 42 and “Storage area network (SAN) configuration” on page 45. Inaddition, see the libvirt domain XML format documentation at http://libvirt.org/formatdomain.html for more information.
[-inputfile] file-nameSpecify the name of a file to save information to, or the file that contains previously savedinformation. If this is the last parameter, -inputfile is not required. The default file name isovf-env.properties, which is in the current directory.
The deployVirshAppliance.sh tool collects the following information:
Chapter 5. Installing and uninstalling 39
Deployment configuration (required)Defines how the virtual machine is used regarding SmartCloud Entry and OpenStack. Possiblevalues are as follows:
sce_openstack (default)Configure the system to run SmartCloud Entry and the OpenStack services.
base_openstackConfigure the system to run OpenStack only. SmartCloud Entry is not started.
Virtual machine name (required)The name that libvirt uses for the virtual machine.
Memory (GB) (required)The memory to assign to the virtual machine. A minimum of 8 GB is recommended whenrunning OpenStack. The default value is 8.
Number of CPUs (required)The number of processors to assign to the virtual machine. A minimum of 4 processors isrecommended. The default value is 4.
Directory to hold disk images (required)The directory where the virtual machine files are located. Use this directory only for this virtualmachine. Do not delete files in this directory. The directory contains the following files:v Four virtual disk images
– IBM_SCE_3.2_x86_KVM_App-disk1.raw
– IBM_SCE_3.2_x86_KVM_App-disk2.raw
– IBM_SCE_3.2_x86_KVM_App-disk3.raw
– IBM_SCE_3.2_x86_KVM_App-disk4.raw
v ovf-env.raw
A CD-ROM image containing deployment configuration information. This is used during theinitial deployment of the appliance.
v Domain.xml
The libvirt domain XML definition.
The following properties define IBM SmartCloud Entry configuration values:
Initial administrator user name (required)The user name of the initial IBM SmartCloud Entry administrator, used to log in to the IBMSmartCloud Entry user interface. Default: admin.
Initial administrator name (required)The display name of the initial IBM SmartCloud Entry administrator, which is displayed in theIBM SmartCloud Entry user interface. Default: SmartCloud Entry Administrator.
The following properties define the global network configuration values:
Gateway (required)The default gateway IP address.
Primary DNSThe IP address of the primary DNS server.
Secondary DNSThe IP address of the secondary DNS server.
DNS suffixes (in order)An optional DNS search list, which is specified as a comma-separated list of DNS domain names.
40 IBM SmartCloud Entry: Administrator Guide 3.2
NTP server IP addressThe IP address of the NTP server that is used to set the virtual machine system clock.
The following properties define the management network configuration. The management network is theprivate network that is used for communication between the IBM SmartCloud Entry instance and theOpenStack compute nodes. No ports are blocked on this interface.
Management network type (required)Specifies the type of libvirt interface to be used for the network. Possible values are as follows:
bridge A bridge to LAN. The network name is the name of the bridge.
networkA virtual network. The network name is the name of the network. Port group optionallyspecifies the name of a portgroup within the virtual network.
openvswitch-bridgeAn Open vSwitch bridge. The network name is the name of the Open vSwitch bidge. Theport group identifies the Open vSwitch port profile.
Management network name (required)The name of an existing bridge or network to be used.
Management network port groupThe name of the network port group or Open vSwitch port profile, if any.
Management network host name (required)The system host name to be used for the management network interface.
Management network IP address (required)The IP address to be used for the management network interface.
Management network subnet mask (required)The subnet mask to be used for the management network interface.
The following properties describe the customer (public facing) network configuration that is used toaccess the IBM SmartCloud Entry web interface. A firewall blocks access to all but the IBM SmartCloudEntry server, the QPID messaging server, and the OpenStack IaaS Gateway server.
Customer network type (required)Specifies the type of libvirt interface to be used for the network. Possible values are as follows:
bridge A bridge to LAN. The network name is the name of the bridge.
networkA virtual network. The network name is the name of the network.
openvswitch-bridgeAn Open vSwitch bridge. The network name is the name of the Open vSwitch bridge.The port group identifies the Open vSwitch port profile.
Customer network name (required)The name of an existing bridge or network to be used.
Customer network port groupThe name of the network port group or Open vSwitch port profile, if any.
Use customer network (required)Configures a second network adapter that can be connected to a customer network when present.If it is not selected, a second network is not configured. The value can be one of the following:
True The network is configured. If the network uses DHCP, the uses DHCP property is required.If DHCP is not used, the host name, IP address, and subnet mask properties are required.
Chapter 5. Installing and uninstalling 41
False The network is not configured. The uses DHCP, host name, IP address, and subnet maskproperties are not used.
Customer network uses DHCPSpecifies whether the customer network uses DHCP. The value can be one of the following:
True DHCP is used. Configuring a second network adapter implies that the customer networkhas a DHCP server with a host record to ensure a stable IP address within the customernetwork. If DHCP is used, the host name, IP address, and subnet mask properties are notused.
False DHCP is not used. If DHCP is not used, the host name, IP address, and subnet maskproperties are also required.
Customer network host nameThe system host name to be used for the customer network interface.
Customer network IP address.The IP address to be used for the customer network interface.
Customer network subnet maskThe subnet mask to be used for the customer network interface.
Data network type (required)Specifies the type of libvirt interface to be used for the network. Possible values are as follows:
bridge A bridge to LAN. The network name is the name of the bridge.
networkA virtual network. The network name is the name of the network.
openvswitch-bridgeAn Open vSwitch bridge. The network name identifies the name of the Open vSwitchbridge. The port group identifies the Open vSwitch port profile.
none Do not configure a data network interface.
Data network nameThe name of an existing bridge or network to be used. This field is required.
Data network port groupThe name of the network port group or Open vSwitch port profile, if any.
Network interface configuration:
The network type and port group parameters are combined to form network interface configurations. Youcan use the deployVirshAppliance.sh tool with the -xmlonly option to edit the domain XML and defineother network interface configurations. You must create these network interfaces before deploying thevirtual appliance.
The following XML fragments show what the deployment tool creates in the virtual machine domainXML for various network types:
network type=bridge (port group is not allowed):...<devices>
<interface type=’bridge’><source bridge=’bridge-name’/><model type=’virtio’/>
</interface>...
</devices>
network type=network, port group is not specified:
42 IBM SmartCloud Entry: Administrator Guide 3.2
...<devices>
<interface type=’network’><source network=’network-name’/><model type=’virtio’/>
</interface>...
</devices>
network type=network, port group is specified:...<devices>
<interface type=’network’><source network=’network-name’ portgroup=’port-group-name’/><model type=’virtio’/>
</interface>...
</devices>
network type=openvswitch-bridge, port profile (port group parameter) is not specified:...<devices>
<interface type=’bridge’><source bridge=’bridge-name’/><virtualport type=’openvswitch’/><model type=’virtio’/>
</interface>...
</devices>
network type=openvswitch-bridge, port profile (port group parameter) is specified:...<devices>
<interface type=’bridge’><source bridge=’bridge-name’/><virtualport type=’openvswitch’><parameters profileid=’port-group-name’/>
</virtualport><model type=’virtio’/></interface>...
</devices>
Example network definition using Open vSwitch
The following example shows how to define an Open vSwitch network configuration in libvirt. You mustdefine the network interface before deploying the virtual appliance. In this example, the libvirt networkXML defines a network that bridges to br-bond0 and has three VLANs: mgmt, vlan70, and trunk1. OpenvSwitch was previously configured as follows:ovs-vsctl add-br br-bond0ovs-vsctl add-bond br-bond0 bond0 "eth0,eth1"add-port br-bond0 mgmt vlan_mode=access
This example bonds br-bond0 to eth0 and eth1. Note that br-bond0 exists and is associated with someinterface. Create a network.xml file that contains the following configuration:<network>
<name>ovs-bond0</name><forward mode=’bridge’/><bridge name=’br-bond0’ /><virtualport type=’openvswitch’/><portgroup name=’vlan70’>
<vlan>
Chapter 5. Installing and uninstalling 43
<tag id=’70’/></vlan>
</portgroup><portgroup name=’mgmt’ default=’yes’>
<vlan trunk=’yes’><tag id=’0’/>
</vlan></portgroup><portgroup name=’trunk1’>
<vlan trunk=’yes’><tag id=’100’/><tag id=’101’/>
Add additional VLAN tags as desired
</vlan></portgroup>
</network>
Run the following command to define the network in libvirt:virsh net-define network.xml
Run the following commands to start the libvirt network and to configure libvirt to automatically startthe network when the system is rebooted:virsh net-start ovs-bond0virsh net-autostart ovs-bond0
The libvirt tool creates the following configuration in Open vSwitch, as shown by the ovs-vsctrl showcommand:# ovs-vsctl show8c1e7449-2890-4893-958b-759f5f93a362. . .
Bridge "br-bond0"Port "vnet0"
tag: 70Interface "vnet0"
Port mgmtInterface mgmt
type: internalPort "vnet1"
trunks: [100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117,118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139,140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161,162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183,184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205,206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227,228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250]
Interface "vnet1"Port "br-bond0"
Interface "br-bond0"type: internal
Port "bond0"Interface "eth1"Interface "eth0"
Port "phy-br-bond0"Interface "phy-br-bond0"
You can now deploy the virtual appliance. The network properties that are related to the libvirt networksare as follows:Management network type: networkManagement network name: ovs-bond0Management network port group: mgmt
44 IBM SmartCloud Entry: Administrator Guide 3.2
Customer network type: networkCustomer network name: ovs-bond0Customer network port group: vlan70
Data network type: networkData network name: ovs-bond0Data network port group: trunk1
Storage area network (SAN) configuration:
You can deploy the KVM appliance with disks mapped to SAN LUNs. You can use thedeployVirshAppliance.sh tool with the -xmlonly option to edit the domain XML and define the SANconfiguration.
About this task
To deploy an appliance with disk mapped to SAN LUNs, follow these steps:
Procedure
1. Edit the customization properties as if you were going to deploy the KVM appliance by using diskimages that are copied to the local file system. The directory must be on a file system with enoughspace to hold all of the disk images (30 GB) and an activation-engine disk image (100 MB).
2. Deploy the KVM appliance by using the -xmlonly option as follows:./deployVirshAppliance.sh -xmlonly ovf-env.properties
3. Define 4 LUNs large enough for each of the IBM_SCE_3.2_x86_KVM_App-disk*.raw images and mapthem to the KVM host.
4. Get the UUIDs of the LUNs and the corresponding “disk by-id”device paths. These look like thefollowing:/dev/disk/by-id/wwn-0x5000039398187a90
5. Run the dd command as follows to copy the four raw disk images to the devices identified:dd if=SCE_3.2_x86_KVM_App-disk1.raw of=/dev/disk/by-id/wwn-0x5000039398187a90 bs=1024k
6. Edit the domain.xml file that is created by the deployVirshAppliance.sh tool. Find the disk devicestanzas for the 4 raw disks, and replace them with LUN device stanzas that refer to the correspondingLUNs as shown in the following example:<disk type=’file’ device=’disk’>
<driver name=’qemu’ type=’raw’/><source file=’/var/libvirt/images/test-vm/IBM_SCE_3.2_x86_KVM_App-disk1.raw’/><target dev=’vda’ bus=’virtio’/>
</disk>
would be replaced with the following:<disk type=’block’ device=’lun’>
<driver name=’qemu’ type=’raw’/><source dev=’/dev/disk/by-id/wwn-0x5000039398187a90’/><target dev=’vda’ bus=’virtio’/>
</disk>
7. Define the virtual machine (domain) in virsh as follows:virsh define path-to-domain.xml
8. Start the virtual machine as follows:virsh start vm-name
Adding disks to the virtual machine:
After the appliance is deployed, you can add disks to the appliance virtual machine by using local hoststorage, SAN LUNs, or other means.
Chapter 5. Installing and uninstalling 45
About this task
Tip: You can also add disks by using the virt-manager graphical user interface.
To add disks to the virtual machine, follow these steps:
Procedure
1. Allocate a disk. For example, you can allocate a LUN or a raw disk file.2. Create a file such as disk.xml with an XML fragment similar to the following:
<disk type=’block’ device=’lun’><driver name=’qemu’ type=’raw’/><source dev=’/dev/disk/by-id/wwn-0x5000039398187a90’/><target dev=’vda’ bus=’virtio’/>
</disk>
3. Add the disk using the virsh attach-disk command as follows:virsh attach-disk vm-name disk.xml
Deploying the KVM virtual appliance by using IBM Systems Director VMControlYou can deploy the KVM virtual appliance by using IBM Systems Director VMControl.
Before you begin
When deploying the KVM virtual appliance using IBM Systems Director VMControl, the deploymentconfiguration for IBM SmartCloud Entry and OpenStack is set to IBM SmartCloud Entry only. Thissetting cannot be changed during the deployment process, but after the virtual appliance is deployed,you can use sceappmgr to change the deployment configuration to IBM SmartCloud Entry withOpenStack or Base OpenStack.
The IBM SmartCloud Entry 3.2 appliance OVA file, IBM_SCE_3.2_x86_KVM_App.tar, is shipped as acompressed (TAR) file on the installation media. Extract the IBM SmartCloud Entry 3.2 appliance OVAfile, IBM_SCE_3.2_x86_KVM_App.tar, before deployment as follows:v On Linux, run the following command:
tar –xf IBM_SCE_3.2_x86_KVM_App.tar
v On Windows, use any compression utility that supports the TAR format.
About this task
To deploy the KVM virtual appliance, follow these steps:
Procedure1. In IBM Systems Director, select Systems Configuration > VMControl.2. Select the Virtual appliance tab and click Import.3. In the Source window, enter the location of OVA (local file system or URL) where the IBM
SmartCloud Entry appliance OVA is located and click Next.
Note: This step might take several minutes.4. If No digital signature was detected for your package, select to Import without digital signature
and click Next.5. In the Name window, enter a name for the virtual appliance and optionally, enter a description.6. In the Version Control window, select to Create a new version tree with the new virtual appliance
as the root and click Next.7. Verify the import summary and click Finish.
46 IBM SmartCloud Entry: Administrator Guide 3.2
8. Select to Run Now and click OK. After the Import process completes successfully, the IBMSmartCloud Entry appliance will be available in the Virtual Appliances list.
9. Select the new Virtual Appliance and click Deploy Virtual Appliance.10. In the Target window, select to Deploy and create a new virtual server on a host or server system
pool and select the target system. Click Next.11. In the Workload Name window, specify a name for the workload and click Next.12. In the Name window, specify a name for the virtual server and click Next.13. In the Storage Mapping window, select the appliance disks and click Assign Storage Pool.14. Select Management Storage Pool and select OK.15. Verify that the Management Storage Pool is selected and click Next.16. In the Network Mapping window, you must map the networks to the actual VLANs or bridges. The
OVF contains three source networks that must be mapped:v Management Network: The private network that is used for communication between the IBM
SmartCloud Entry virtual server and the IBM Systems Director server or the FSM.v Customer Network: The network that connects the managed (provisioned) virtual servers with the
general user network. The customer network is intended to be used to make the IBM SmartCloudEntry web user interface accessible for intranet users of the customer.
Note: Most ports are blocked on this network, except the IBM SmartCloud Entry user interfaceport.
v Data Network: The data network is used mainly when you are planning to use OpenStack fromwithin the KVM appliance. The data network acts as a trunk interface that allows the Neutronagent inside the appliance to get an uplink. If you are not planning to use OpenStack within theKVM appliance, you can set this network to any bridge or network. The data network is not usedin this case.
Click Next.17. On the IBM SmartCloud Entry Configuration panel, enter or change the following values to
customize your IBM SmartCloud Entry installation:v Initial administrator user name: User name of the initial IBM SmartCloud Entry administrator,
used to log in to the IBM SmartCloud Entry user interface.
Note: The default password is passw0rdand can be changed in the IBM SmartCloud Entry userinterface.
v Initial administrator name: Display name of the initial IBM SmartCloud Entry administrator,which is displayed in the IBM SmartCloud Entry user interface. For more information aboutadministrator user name, name, and password, see “Configuring local authentication” on page136.
18. On the Management Network window, specify the following values to connect the virtual machineto the management network.v System host namev IP addressv Subnet mask
19. Optional: On the Customer Network window, enable the network and supply the values.v Use Second Network: Enables a second network adapter that can be connected to a customer
network when present. If it is not selected, a second network is not configured.v Use DHCP: Configures the second network adapter to use a DHCP server. Configuring a second
network adapter implies that the customer network has a DHCP server with a host record toensure a stable IP address within the customer network. If Use DHCP is not set and the UseSecond Network parameter is selected, then the rest of the fields are required.
v System host name
Chapter 5. Installing and uninstalling 47
v IP addressv Subnet mask
Click Next.20. On the Global Network Settings window, supply the requested values.
v Gatewayv Primary DNSv Secondary DNSv Domain Namev DNS suffixes (in order)v NTP serverClick Next.
21. Review the summary and click Finish.
Results
The IBM SmartCloud Entry virtual server starts after deployment finishes.
Note: The first time that the virtual appliance is started, the system is being configuring and it mighttake several minutes before the initial console logon screen is displayed. Subsequent starts take less time.
What to do next
You can right-click on the virtual server and open a Console window to log in to the IBM SmartCloudEntry instance. When the initial console logon screen is displayed, perform the following tasks:1. Log in to the console by using the following credentials:
Login: sysadminPassword: passw0rd
2. Run ifconfig at the command prompt. Ensure eth0 and eth1 are configured as specified during thedeployment.
3. Test communication with the managed server by running the following command:ping -c 4 <Managed Cloud host name>
Data that is similar to the following is displayed:
# ping -c 4 192.168.88.9PING 192.168.88.9 (192.168.88.9) 56(84) bytes of data.64 bytes from 192.168.88.9: icmp_seq=1 ttl=120 time=1.16 ms64 bytes from 192.168.88.9: icmp_seq=2 ttl=120 time=0.120 ms64 bytes from 192.168.88.9: icmp_seq=3 ttl=120 time=0.141 ms64 bytes from 192.168.88.9: icmp_seq=4 ttl=120 time=0.136 ms--- 192.168.168.88.9 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3001msrtt min/avg/max/mdev - 0.120/0.391/1.161/0.444 ms
If properly connected, all packets show as received with 0% packet loss:4. Obtain the latest fixes for the appliance
For information, see “Performing support and maintenance tasks on the IBM SmartCloud Entryappliance” on page 131.
5. Configure a VMControl cloud in the IBM SmartCloud Entry web interface.For information, see Chapter 10, “Configuring IBM SmartCloud Entry by using the web interface,” onpage 175.
48 IBM SmartCloud Entry: Administrator Guide 3.2
Deploying the PowerVM virtual applianceIBM SmartCloud Entry version 3.2 supports IBM Power Virtualization Center, which is a comprehensivevirtualization management tool for the PowerVM platform. Follow these instructions to deploy the IBMSmartCloud Entry PowerVM virtual appliance.
Before you begin
The IBM SmartCloud Entry PowerVM appliance is included with the IBM_SCE_3.2_PPC64_App.ova.gz fileon the installation media. This compressed archive contains the OVF template file for applying theconfiguration strategy and four virtual appliance disk images.
Before you can deploy the IBM SmartCloud Entry PowerVM appliance, you must import the appliancedisk images. Importing the appliance disk images includes the following tasks:v Creating four disks for the appliance on the storage area network (SAN) storagev Mapping these disks to a Virtual I/O Server (VIOS)v Transferring the appliance disk images to the VIOSv Copying the disk images onto the SAN volumesv Managing the disks in PowerVC
You must have access to the SAN and the VIOS and a basic understanding of how to use the SAN userinterface and the VIOS.
To import the appliance disk images to the SAN, follow these steps:1. Ensure that the VIOS that you want to use as 120 GB of free disk space.2. Run oem_setup_env to get to the non-restricted root shell.3. Transfer the IBM_SCE_3.2_PPC64_App.ova.gz file to a directory on the VIOS. For example, transfer the
file to the /home/padmin/SCEntry/ directory.4. Run the following commands to decompress and extract the IBM_SCE_3.2_PPC64_App.ova.gz file:
padmin@smartcloudpvc:�$ gunzip IBM_SCE_3.2_PPC64_App.ova.gzpadmin@smartcloudpvc:�$ tar -xvf IBM_SCE_3.2_PPC64_App.ova
This compressed archive file contains the following files:IBM_SCE_3.2_PPC64_App-disk1.rawIBM_SCE_3.2_PPC64_App-disk2.rawIBM_SCE_3.2_PPC64_App-disk3.rawIBM_SCE_3.2_PPC64_App-disk4.raw
5. Run the lspv command on the VIOS to display a list of disks that are mapped from the SAN.6. Log in to the SVC/SAN and create four disks of the following sizes to hold the appliance disks in
one repository such as the infrastructure repository:SCEntry32-disk1 : 10 GBSCEntry32-disk2 : 5 GBSCEntry32-disk3 : 30 GBSCEntry32-disk4 : 10 GB
7. Map disk 1 to the VIOS that you want to use.8. Run the cfgmgr command to scan for the new disk.9. Run the lspv command on the VIOS to display a list of disks that are mapped from the SAN.
10. Compare the new list to the list displayed in step 5 to identify the new disk device.11. Run the following command to copy the raw disk image to the volume:
dd if=/home/padmin/SCEntry/IBM_SCE_3.2_PPC64_App-disk1.raw of=/dev/hdiskX bs=1M
12. When the disk image is copied, run the following command to remove the disk device from theVIOS:
Chapter 5. Installing and uninstalling 49
rmdev -R -d -l hdiskX
Where hdiskX is the name of the disk device.13. Use the SAN user interface to unmap the disk from the VIOS.14. Repeat steps 7 on page 49 to 13 to copy disk2, disk3, and disk4.15. Log in to the PowerVC system, and on the Storage Providers page under the Storage tab,
double-click the storage provider.16. In the Volumes section, click Manage Existing.17. Select specific volumes to manage and then select the four disks that you created.18. Now you are ready to deploy the PowerVM virtual appliance.
About this task
To deploy the PowerVM appliance, follow these steps:
Procedure1. Place the powervc_deploy.pyc and powervc_client.pyc files in the same location, and then use Python
to run the powervc_deploy.pyc deployment script as follows:osadmin@smartcloudpvc:~$ python powervc_deploy.pyc
Specify the following options:
-p <password>Password for authenticating with keystone on the PowerVC system.
If you do not specify the password, the deployment script prompts for it when authenticating.
-c <config file>Configuration file.
All properties that are collected by the deployment script are read from and saved to this file.If you do not specify this file name, the powervc_deploy.conf file is created in the samedirectory and you must provide all authentication and deployment properties during thedeployment.
-l <log file>File for logging messages.
If you do not specify this file name, a default log file is created in the same directory. The logfile that is used is displayed when you run the deployment script. If the specified log fileexists, the content is overwritten during the deployment.
-o <OVF file>OVF template file to use for the image configuration strategy.
By default the deployment script looks for the IBM_SCE_3.2_PPC64_App.ovf file in the samedirectory. If the default file does not exist and no other OVF file is specified, an error occursduring the deployment when the image configuration strategy is set.
-a Perform an automated deployNo input is collected and no validation is completed.
An automated deployment works only if the configuration file is specified and contains all ofthe required information. If you do not specify this option, validation is completed on allspecified configuration properties. If any required configuration value is not valid, you areprompted to specify a new value.
The following menu is displayed:
50 IBM SmartCloud Entry: Administrator Guide 3.2
Main Menu1. Show PowerVC authentication properties2. Show deployment properties3. Edit PowerVC authentication properties4. Edit deployment properties5. Deploy SmartCloud Entry appliance6. Exit
Options 1 and 2 display the current configuration values that are set for the PowerVC authenticationproperties and IBM SmartCloud Entry appliance deployment properties.With options 3 and 4, you can modify the configuration properties. You can view configurationproperties and enter a value or select from options that are displayed.Option 5 initiates the IBM SmartCloud Entry appliance deployment by using the current configurationvalues. All configuration values are displayed and you can continue with the deployment or return tothe menu. If you choose to continue with the deployment, all configuration values are validated. If arequired configuration value is missing or invalid, you are prompted to provide a new value.Option 6 exits the program. You can also enter Ctrl-C to exit the program.
Tip: At any prompt, you can enter menu to return to the main menu.2. Optional: Enter 3 to edit the authentication properties.
The PowerVC authentication properties are used to connect to the PowerVC system where the IBMSmartCloud Entry appliance is deployed. The authentication URL points to the URL used forauthenticating with keystone. The user name, password, domain, and project are the values that areused to authenticate with keystone and obtain a token. All requests to PowerVC made by thedeployment script use this token.>PowerVC authentication URL: https://9.5.128.213/powervc/openstack/identity/v3>PowerVC username: sceuser>PowerVC password:>PowerVC domain: Default>PowerVC project: ibm-default
Note: If a domain and project are not specified in the configuration file, the default “Default” and“ibm-default” values are displayed.
3. Optional: Enter 4 to edit the deployment properties.a. Select the appliance disk volumes.
A list of available volumes similar to the following is displayed.
Available volumes:+----+--------------------------------------+-------------------+| # | ID | Name |+----+--------------------------------------+-------------------+| 1 | de1b7d6f-ec13-45d9-a4af-4c47c5e1d5be | sce_disk1_01 || 2 | 136d9f7c-5ef9-4e9c-9223-c61f8b9e28d4 | sce-disk4_01 || 3 | 3ce847e9-15a0-4876-bb4a-19958772651c | sce-disk3_01 || 4 | 002e8e19-b00e-41c1-a26b-565266381e13 | sce-disk2_01 || 5 | 6931b627-ac7e-4565-aa4c-0b0c4ac73dfd | debug2-vol-4 || 6 | 75156fbe-047a-4ab3-9cc3-16920ea410fb | debug2-vol-3 || 7 | 4831bae3-1ceb-4a72-9cfb-46eb15af9f13 | debug2-vol-2 || 8 | 76f9c5d7-e99b-478f-b7b6-a49665edd01e | debug2-vol-1 || 9 | b0c69eda-3a8e-481a-9ae4-f1fe09a6317d | debug-vol-4 || 10 | fea74388-17c4-4734-9ba7-871355d5f051 | debug-vol-3 || 11 | b1d52172-2593-4217-84a0-c725114eb85d | debug-vol-2 || 12 | b31ba717-8492-4f26-80b0-11ef964e1aa3 | debug-vol-1 || 13 | 7ef916f0-5097-4e7e-ab8c-ee823a117144 | jrp-vol-2 || 14 | 0444464a-f67c-40aa-b55b-203c5a443532 | jrp-vol-1 || 15 | 3d35abb2-8ac8-4e72-ae19-f3b5b8c6dd95 | jrp-vol-3 || 16 | e284124b-3206-42de-9381-e42735154dce | jrp-vol-4 |+----+--------------------------------------+-------------------+>Choose the four appliance volumes in order by index (comma separated): 1,4,3,2
Chapter 5. Installing and uninstalling 51
Enter the volumes as a list of comma-separated index values as shown in the example.
Note: In the example, the appliance volumes are out of order, but the comma-separated valuesspecify the correct order. The first volume corresponds to the boot volume and a glance image thatis created based on it. The remaining three volumes are attached to the server at deployment timein the order specified. If there are not four available volumes on the PowerVC system, a messageis displayed and you must select a different option.
b. After you select the appliance disk volumes, select a volume type to use for the newly createdvolumes as shown in the following example:
Available volume types:+---+--------------------------------------+------------------------+| # | ID | Name |+---+--------------------------------------+------------------------+| 1 | 71a29a0e-a8e6-4642-9840-5fa06834715b | shared_v7000_1 default |+---+--------------------------------------+------------------------+>Choose a volume type by index: 1
c. Select the name of the host system.d. Select a management network from the displayed list of available static networks as shown in the
following example:
1. Management network (requires a static IP address)2. Customer network (can be static or DHCP)
Choose a management network.
Available static networks:+---+--------------------------------------+-------+| # | ID | Name |+---+--------------------------------------+-------+| 1 | 0dba427b-5ea3-4c53-82d1-0339c41c7b49 | VLAN1 || 2 | a982850e-a251-4d85-801f-246172cd86e2 | VLAN2 |+---+--------------------------------------+-------+>Choose a static management network by index: 1
e. After you choose the management network, you must provide a fixed IP address. The IP allocationpools for the selected network are displayed as shown in the following example:
IP allocation pools:+------------+------------+| Start | End |+------------+------------+| 10.4.1.1 | 10.4.1.245 || 10.4.1.247 | 10.4.1.254 |+------------+------------+>Enter a fixed IP address that is within the available allocation pools: 10.4.1.5
The IP address that is provided must be a well-formatted IPv4 address and fall within theavailable IP allocation pools.
Note: If the specified IP address is in use, an error is likely to occur during deployment.f. Specify the domain name to use with the management network. The following is an example of a
domain name:>Domain name: mydomain.com
g. Specify the host name to use with the management network. The host name must be no more than255 characters and must not end with a period (.). Each segment must be no more than 63characters. The following is an example of a host name:>Host name: myserver.com
52 IBM SmartCloud Entry: Administrator Guide 3.2
h. Select a customer network from the displayed list of available networks as shown in the followingexample:
Choose a customer network.
Available networks:+---+--------+--------------------------------------+-------+| # | Type | ID | Name |+---+--------+--------------------------------------+-------+| 1 | Static | a982850e-a251-4d85-801f-246172cd86e2 | VLAN2 || 2 | DHCP | bd71bbf2-efa1-41d2-b14d-efd378042f2b | VLAN3 || 3 | DHCP | ff36ae5e-2e74-42b2-a2cc-06b2986db42d | VLAN4 |+---+--------+--------------------------------------+-------+>Choose a customer network by index: 1
i. If the selected customer network is static, you must also provide the fixed IP address.j. Specify the host name to use with the customer network.k. Optional: Provide DNS suffixes in order as a list of comma-separated values as shown in the
following example:>DNS suffixes (comma separated): myserver.com,myserver2.com
l. Optional: Specify the NTP server address as a well-formatted IPv4 address as shown in thefollowing example:>NTP server address: 9.10.100.205
m. Select a flavor that meets the minimum requirements for the virtual machine (at least 4 GB RAMand 2 vCPUs) from the displayed list. See the following example:
Available flavors:+---+----+-----------+-------+------+-------+| # | ID | Name | RAM | Disk | VCPUs |+---+----+-----------+-------+------+-------+| 1 | 3 | m1.medium | 4096 | 40 | 2 || 2 | 4 | m1.large | 8192 | 80 | 4 || 3 | 5 | m1.xlarge | 16384 | 160 | 8 |+---+----+-----------+-------+------+-------+>Choose a flavor by index: 1
n. Specify the initial values for the IBM SmartCloud Entry administrator user name and name.
Note: If these values are not specified, the default admin and SCE Administrator values aredisplayed as follows:
>Initial SmartCloud Entry administrator user name: admin>Initial SmartCloud Entry administrator name: SCE Administrator
o. Specify the name of the server. This name is used as the name of the server in PowerVC and asthe prefix for the name of any volumes and the image that is created during deployment.
p. Select the configuration for the IBM SmartCloud Entry appliance. The deployment configurationoptions are as follows:
SmartCloud Entry appliance deployment configurations:1. SmartCloud Entry for OpenStack2. OpenStack only
>Choose a deployment configuration: 2
q. Specify whether to remove the original volumes after the appliance is deployed.The deployment script creates copies of the three additional volumes and attaches the volumes tothe server during deployment. Specify y (yes) to remove the original volumes or n (no) to leavethese volumes on the server after deployment is complete.When all steps are complete, the following message is displayed:
Chapter 5. Installing and uninstalling 53
Done
Results
The virtual appliance is started automatically at the end of a successful deployment.
Note: The first time that the virtual appliance is started, the system is being configuring and it mighttake several minutes before the initial console logon screen is displayed. Subsequent starts take less time.
What to do next
When the initial console logon screen is displayed, complete the following tasks:1. Log in to the console by using the following credentials:
Login: sysadminPassword: passw0rd
2. Run ifconfig at the command prompt. Ensure eth0 and eth1 are configured as specified during thedeployment.
3. Test communication with the managed server by running the following command:ping -c 4 <Managed Cloud host name>
Data that is similar to the following is displayed:
# ping -c 4 192.168.88.9PING 192.168.88.9 (192.168.88.9) 56(84) bytes of data.64 bytes from 192.168.88.9: icmp_seq=1 ttl=120 time=1.16 ms64 bytes from 192.168.88.9: icmp_seq=2 ttl=120 time=0.120 ms64 bytes from 192.168.88.9: icmp_seq=3 ttl=120 time=0.141 ms64 bytes from 192.168.88.9: icmp_seq=4 ttl=120 time=0.136 ms--- 192.168.168.88.9 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3001msrtt min/avg/max/mdev - 0.120/0.391/1.161/0.444 ms
If properly connected, all packets show as received with 0% packet loss:4. Obtain the latest fixes for the appliance
For information, see “Performing support and maintenance tasks on the IBM SmartCloud Entryappliance” on page 131.
5. Configure the OpenStack PowerVC driver and then configure an OpenStack cloud in the IBMSmartCloud Entry web interface.For information about configuring the OpenStack PowerVC driver, see “Managing the PowerVCdriver” on page 109. For information about configuring an OpenStack cloud in the IBM SmartCloudEntry web interface, see Chapter 10, “Configuring IBM SmartCloud Entry by using the web interface,”on page 175.
Configuration fileA configuration file is used to save the configuration values that are entered interactively. The values thatare used for the deployment are read from the configuration file. When configuration values are providedinteractively, the default values come from the values in the configuration file. As these values arechanged, the configuration file is overwritten with the new values.
The configuration file contains the following properties:
powervc_auth_urlURL for authenticating with keystone on the PowerVC system. Only keystone v3 auth issupported. A typical authentication URL looks like the following URL: https://9.100.20.185/powervc/openstack/identity/v3
54 IBM SmartCloud Entry: Administrator Guide 3.2
powervc_usernameUser name for authenticating with keystone on the PowerVC system.
powervc_domainKeystone domain to use for authenticating with keystone on the PowerVC system. This valuemust refer to an existing domain. The default domain name that is used by PowerVC is“Default.”
powervc_projectKeystone project to use for authenticating with keystone on the PowerVC system. This valuemust refer to an existing project. The default project name that is used by PowerVC is“ibm-default.”
volumesComma-separated list of existing volume IDs to use as the appliance disks. The first volume inthe list is used as the boot volume and an image is created in glance that is based on this volume.The remaining volumes are attached to the server at deployment time in the order specified.
volume_typeID of the volume type to use when the volumes are created for the IBM SmartCloud Entryappliance disks.
host The hypervisor host name to use when the server is created in PowerVC.
network_id_1ID of the network in PowerVC to use as the IBM SmartCloud Entry management network. Themanagement network must be static.
fixed_ip_1Fixed IP address to use for the IBM SmartCloud Entry management network.
hostname_1The host name to use for the IBM SmartCloud Entry management network.
network_id_2ID of the network in PowerVC to use as the IBM SmartCloud Entry customer network. Thecustomer network can be static or use DHCP.
fixed_ip_2Fixed IP address to use for the IBM SmartCloud Entry customer network. This value only appliesif the customer network is static, otherwise it is not required.
hostname_2The host name to use for the IBM SmartCloud Entry customer network.
search_listComma-separated list of DNS suffixes to use for the IBM SmartCloud Entry virtual machine. Thisproperty is not required.
ntp_serverNTP server to use with the IBM SmartCloud Entry virtual machine. This property is not required.
flavor_idID of the flavor to use when the IBM SmartCloud Entry virtual machine is deployed.
sce_admin_idInitial IBM SmartCloud Entry administrator user ID.
sce_admin_nameInitial IBM SmartCloud Entry administrator user name.
server_nameName to use for the deployed IBM SmartCloud Entry virtual machine. This name is also used asthe prefix for the names of any volumes that are created and for the glance image.
Chapter 5. Installing and uninstalling 55
deployment_configurationThe configuration to use when the IBM SmartCloud Entry virtual machine is deployed. Thisvalue can be one of the following values:v sce_openstack
v base_openstack
These values correspond to IBM SmartCloud Entry for OpenStack and OpenStack only.
cleanup_volumesWhether to remove the original volumes in PowerVC after the IBM SmartCloud Entry virtualmachine is deployed. This value can be either y for yes or n for no. If you do not specify theproperty, the original volumes are not removed.
Deploying the VMware virtual applianceIBM SmartCloud Entry is shipped as a VMware virtual appliance that can be deployed to an existingVMware installation.
About this task
Note:
The IBM SmartCloud Entry virtual appliance is configured for access to these networks: a managementnetwork, a customer network, and a data network. The management network has access to the VMwarevCenter appliance and offers a private DNS server that owns the DNS zones for the private networks.Often that DNS server is configured to forward DNS queries to customer intranet DNS servers.Optionally, for higher availability, an additional (subordinate) DNS server or servers can be configured inthe management network.
At the time of deployment, ensure that the DNS servers that are specified are operational in themanagement network, serving the zone of the private management network. Do not specify a regularintranet DNS server as primary or secondary DNS server IP because that server is not able to resolve theprivate IP addresses of the management network.
Virtual machines require a properly configured OS time source to mitigate intrinsic time drift issues. Toensure that the time source is properly configured, all of the pieces of the cloud management stack -virtual machines, hypervisors, switches, and other devices, must be configured to use the same NTP timesource. It is common to configure an NTP server on the management server that has access to a timesource in the customer intranet or the internet to keep the time. The NTP server can also be the NTPreference in the non-routeable management network
To deploy the virtual appliance, follow these steps:
Procedure1. Using the VMware vSphere client connect to the VMware vCenter server, select the host on which to
deploy the IBM SmartCloud Entry virtual appliance.2. Click File > Deploy OVF Template.
3. In the Open window, select IBM_SCE_3.2_x86_VMware_App.ovf. Click Open.4. On the Source section of the Deploy OVF Template window, click Next.5. The details of the OVF file are displayed. Click Next.6. Optional: Change the default name. Select the Inventory Location for the IBM SmartCloud Entry
virtual appliance. Click Next.
56 IBM SmartCloud Entry: Administrator Guide 3.2
7. Select the deployment configuration. The default configuration is IBM SmartCloud Entry. IBMSmartCloud Entry for OpenStack and Base OpenStack are also available. The number of processorsand amount of memory are automatically set to the recommended values for the selectedconfiguration.
8. Select the data store or datastore cluster in which to place the IBM SmartCloud Entry virtualappliance. Click Next.
9. On the Disk Format window, ensure that Thick provisioned format is selected. Click Next.10. Choose the Destination Network for each of the Source Networks. The OVF contains three source
networks that must be mapped:v Management Network: The private network that is used for communication between the IBM
SmartCloud Entry instance and the VMware vCenter server.v Customer Network: The network that connects the managed (provisioned) virtual servers with the
general user network. The customer network is intended to be used to make the IBM SmartCloudEntry web user interface accessible for intranet users of the customer.
Note: Most ports are blocked on this network, except the IBM SmartCloud Entry user interfaceport.
v Data Network: The data network is used mainly when you are planning to use OpenStack fromwithin the VMware appliance. The data network acts as a trunk interface that allows the Neutronagent inside the appliance to get an uplink. The data network should usually be set to a portgroupwith VLAN 4095. If you are not planning to use OpenStack within the VMware appliance, set thisnetwork to any network. The data network is not used in this case.
Click Next.11. On the IBM SmartCloud Entry Configuration panel, enter or change the following values to
customize your IBM SmartCloud Entry installation:v Initial administrator user name: User name of the initial IBM SmartCloud Entry administrator,
used to log in to the IBM SmartCloud Entry user interface.
Note: The default password is 'passw0rd' and can be changed in the IBM SmartCloud Entry userinterface.
v Initial administrator name: Display name of the initial IBM SmartCloud Entry administrator,which is displayed in the IBM SmartCloud Entry user interface. For more information aboutadministrator user name, name, and password, see “Configuring local authentication” on page136.
12. On the Management Network window, specify the following values to connect the virtual machineto the management network.v System host namev IP addressv Subnet mask
13. Optional: On the Customer Network window, enable the network and supply the requested values.v Use Second Network: Enables a second network adapter that can be connected to a customer
network when present. If it is not selected, a second network is not configured. In this case,remove the second network adapter from the IBM SmartCloud Entry vApp property by using theVMware vSphere client
v Use DHCP: Configures the second network adapter by using a DHCP server. Configuring asecond network adapter implies that the customer network has a DHCP server with a host recordto ensure a stable IP address within the customer network. If Use DHCP is not set and the UseSecond Network parameter is selected, then the rest of the fields are required.
v System host namev IP addressv Subnet mask
Chapter 5. Installing and uninstalling 57
Note: Consider making the public intranet IP address of the IBM SmartCloud Entry vApp resolvein the customers DNS server to ease the access to IBM SmartCloud Entry.
Click Next.14. On the Global Network Settings window, supply the requested values.
v Gatewayv Primary DNSv Secondary DNSv Domain Namev DNS suffixes (in order)v NTP serverFor more information about these values, see Note.Click Next.
15. Verify the values on the Ready to Complete window and click Finish. A progress window displaysas the IBM SmartCloud Entry application is deployed.
Results
The virtual appliance is started automatically at the end of a successful deployment.
Note: The first time that the virtual appliance is started, the system is being configuring and it mighttake several minutes before the initial console logon screen is displayed. Subsequent starts take less time.
What to do next
When the deployment is complete, perform the following tasks:1. Select the created virtual machine. Click Power On.2. From the VMware vSphere Client, navigate to the Console tab.
Clicking the console gives it focus and causes the mouse pointer to disappear. When you are finishedwith the console, you can press Ctrl + Alt to release the mouse pointer from the console.
3. Log in to the console by using the following credentials:Login: sysadminPassword: passw0rd
4. Run ifconfig at the command prompt. Ensure eth0 and eth1 are configured as specified during theOVF deployment.
5. Test communication with the managed server by running the following command:ping -c 4 <Managed Cloud host name>
Data that is similar to the following is displayed:
# ping -c 4 192.168.88.9PING 192.168.88.9 (192.168.88.9) 56(84) bytes of data.64 bytes from 192.168.88.9: icmp_seq=1 ttl=120 time=1.16 ms64 bytes from 192.168.88.9: icmp_seq=2 ttl=120 time=0.120 ms64 bytes from 192.168.88.9: icmp_seq=3 ttl=120 time=0.141 ms64 bytes from 192.168.88.9: icmp_seq=4 ttl=120 time=0.136 ms--- 192.168.168.88.9 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3001msrtt min/avg/max/mdev - 0.120/0.391/1.161/0.444 ms
If properly connected, all packets show as received with 0% packet loss:6. Obtain the latest fixes for the appliance
58 IBM SmartCloud Entry: Administrator Guide 3.2
For information, see “Performing support and maintenance tasks on the IBM SmartCloud Entryappliance” on page 131.
7. Configure a VMware cloud in the IBM SmartCloud Entry web interface.For information, see Chapter 10, “Configuring IBM SmartCloud Entry by using the web interface,” onpage 175.
Installing IBM SmartCloud Entry on Linux or AIXTo install IBM SmartCloud Entry on 64-bit Linux or 64-bit AIX on Power, follow the steps that areoutlined in these topics.
Console installation (default)You can complete the installation by using a console.
Procedure1. Go to the location of the Linux or AIX installer and run the installer with the following command that
is appropriate for your environment:
Important: You need root authority to run the installer.v On AIX on Power, run: ./sce 320_aix_installer.bin
v On Linux, run: ./sce320_linux_installer.bin2. On the Choose Locale screen, choose the language for the installer by typing the number
corresponding to your chosen language and pressing Enter. If your preferred language is the default,press Enter.
Note:
v If you see an error message similar to Executing java permission denied, verify that you are usingthe correct installer for your operating system.
v If you see Windows error 183, you are using am unsupported 32-bit operating system.3. On the Introduction screen, read the information about the installer and press Enter.4. On the License Agreement screen, read the contract and accept the license by entering 1.
Note: Option 3 to print the license files is not supported on Linux or AIX. However, when theinstallation is complete, the license files are in the license folder that is under the installationfolder. You can view and print the license files from there.
5. On the Choose Link Location screen, choose your location for the links to IBM SmartCloud Entry.Complete one of the following steps to choose your location:v To choose any combination of locations, separate each number with a comma.v To choose the default location, press Enter.v To choose your home directory, type 2 and press Enter.v To choose another location, type 3, press Enter, and then type in the full path of your selected
location.v To not install any links, type 4 and press Enter.
Note: To run IBM SmartCloud Entry without links, run the sce command in the applicationinstallation folder.
6. On the Choose Install Folder screen, press Enter to accept the default location. To choose a differentlocation for the application files, type in the full path to that folder and press Enter.Install locations by release:v IBM SmartCloud Entry 2.2: SKC
Chapter 5. Installing and uninstalling 59
v IBM SmartCloud Entry 2.3: SCE23v IBM SmartCloud Entry 2.4: SCE24v IBM SmartCloud Entry 3.1: SCE31v IBM SmartCloud Entry 3.2: SCE32
Note:
v The installation path cannot contain non-English characters.v You do not have to uninstall previous releases of IBM SmartCloud Entry. Instead, you can install
the new version into the same directory for a side by side installation.7. On the Choose Property File Install Folder screen, press Enter to accept the default location. To choose
a different location for the property files, type in the full path to that folder and press Enter.
Note: The installation path cannot contain non-English characters.8. Review your selected options on the Pre-Installation Summary screen. If you are satisfied with your
selections, press Enter.9. When the installation is finished, the Install Finished window opens.
You have three options:v You can migrate the property files and database from a previous release.v You can follow the installer to configure important properties.v You can manually perform a migration or manually upgrade the property files.Click Next after you make your selection and complete one of the following steps if you chose tomigrate or configure the property file information:
Note: The property files must be configured in your environment before you can use IBMSmartCloud Entry.v If you selected to configure the property files, the Add Configuration Values window opens. Enter
the host name and the configured user name and password that is used to communicate with thehost, and then click Next.
v If you selected to migrate the configuration and database, complete the following steps:a. Stop the IBM SmartCloud Entry if it is running.b. Locate the installation folder of the installation you would like to migrate and run it.
The installer starts the newly installed IBM SmartCloud Entry and migrate the configuration anddatabase from the previous installation.
Note: The migration of a DB2 database is not supported in the installer. For more informationabout migrating a DB2 database, see “Migrating your data” on page 98.When the migration is complete, see “Migrating your configuration” on page 97 for moreinformation about the files and values that must be manually migrated.
v To manually configure your properties files, see “Configuring local authentication” on page 136 and“Configuring common cloud properties” on page 140.To manually migrate your configuration and database, see “Migrating your configuration” on page97.
Graphical installationYou can complete the installation by using a graphical user interface.
Procedure1. Go to the location of the Linux or AIX installer and run the installer with the following command that
is appropriate for your environment:
60 IBM SmartCloud Entry: Administrator Guide 3.2
v On AIX on Power, run: ./sce320_aix_installer.bin -i swing
v On Linux, run: ./sce320_linux_installer.bin -i swing
2. On the first screen, select the language that you want to use for the installer from the drop-downmenu and click OK.
Note:
v If you see an error message similar to Executing java permission denied, verify that you are usingthe correct installer for your operating system.
v If you see Windows error 183, you are using am unsupported 32-bit operating system.3. On the Introduction screen, read the introduction for information about the installer and click Next.4. On the License Agreement window, read the contract and accept the license. Click Next.5. On the Choose Shortcut Location window, select the check boxes next to the locations where you
want a IBM SmartCloud Entry link and then click Next.6. To choose the location for your installation, click Choose on the Choose Install Folder window, specify
your chosen location, and click Next.Install locations by release:v IBM SmartCloud Entry 2.2: SKCv IBM SmartCloud Entry 2.3: SCE23v IBM SmartCloud Entry 2.4: SCE24v IBM SmartCloud Entry 3.1: SCE31v IBM SmartCloud Entry 3.2: SCE32
Note:
v The installation path cannot contain non-English characters.v You do not have to uninstall previous releases of IBM SmartCloud Entry. Instead, you can install
the new version into the same directory for a side by side installation.7. To select the location of your property files, on the Choose Property File Install Folder window, click
Choose and click Next.
Note: The installation path cannot contain non-English characters.8. Review your selected options on the Pre-Installation Summary window. If you are satisfied with your
selections, click Next.9. When the installation is complete, the Install Finished window opens.
You have three options:v You can migrate the property files and database from a previous release.v You can follow the installer to configure important properties.v You can manually perform a migration or manually upgrade the property files.Click Next after you make your selection and complete one of the following steps if you chose tomigrate or configure the property file information:
Note: The property files must be configured in your environment before you can use IBMSmartCloud Entry.v If you selected to configure the property files, the Add Configuration Values window opens. Enter
the host name and the configured user name and password that is used to communicate with thehost, and then click Next.
v If you selected to migrate the configuration and database, complete the following steps:a. Stop the IBM SmartCloud Entry if it is running.b. Locate the installation folder of the installation you would like to migrate.
Chapter 5. Installing and uninstalling 61
The installer starts the newly installed IBM SmartCloud Entry and migrates the configuration anddatabase from the previous installation.
Note: The migration of a DB2 database is not supported in the installer. For more informationabout migrating a DB2 database, see “Migrating your data” on page 98.When the migration is complete, see “Migrating your configuration” on page 97 for moreinformation about the files and values that must be manually migrated.
v To manually configure your properties files, see “Configuring local authentication” on page 136 and“Configuring common cloud properties” on page 140.To manually migrate your configuration and database, see “Migrating your configuration” on page97.
Silent installationCreate a IBM SmartCloud Entry silent installation response file and use it to install AIX or Linux.
About this task
To create a silent installation response file, follow either “Console installation (default)” on page 59 or“Graphical installation” on page 60 on Linux or AIX. On the final screen, you can create a silentinstallation response file. Creating a silent installation response file creates a property file that is calledinstaller.properties in the installation location.
To install AIX or Linux using a silent installation response file, follow these steps:
Procedure1. Open the response file and check all of the properties. Make any updates and then save the file.
Notes:
a. The ;LICENSE_ACCEPTED property in the response file specifies your agreement to the license for theapplication. Its default value is set to FALSE. You must specify TRUE to run the silent installationsuccessfully.
b. Passwords are not included in the installer.properties file. The value of the administratorpassword in the file is <Intentionally Left Blank>. If you do not change the value of theUSER_INPUT_ADMIN_PASS, you must enter <Intentionally Left Blank> for the password when youlog into IBM SmartCloud Entry.
2. Go to the location of the Linux or AIX installer and run the installer with the following command thatis appropriate for your environment:v On AIX on Power, run: ./sce320_aix_installer.bin -i silent -f <response file location>,
where <response file location> is the path to the response file, which defines the installation.v On Linux, run: ./sce320_linux_installer.bin -i silent -f <response file location>, where
<response file location> is the path to the response file, which defines the installation.
Note:
v If you see an error message similar to Executing java permission denied, verify that you are usingthe correct installer for your operating system.
v If you see Windows error 183, you are using am unsupported 32-bit operating system.The IBM SmartCloud Entry installation is complete.
62 IBM SmartCloud Entry: Administrator Guide 3.2
Installing IBM SmartCloud Entry on WindowsTo install IBM SmartCloud Entry on Microsoft Windows, follow the steps that are outlined in thesetopics.
Note: Any Microsoft Windows user with administrator authority can install IBM SmartCloud Entry.
Graphical installation (default)You can complete the installation through a graphical user interface.
Procedure1. Go to the location of the Windows installer and double-click the installer icon.2. On the first screen, select the language that you want the installer that is displayed in from the
drop-down menu and click OK.
Note:
v If you see an error message similar to Executing java permission denied, verify that you are usingthe correct installer for your operating system.
v If you see Windows error 183, you are using am unsupported 32-bit operating system.3. On the Introduction screen, read the introduction for information about the installer and click Next.4. On the License Agreement window, read the contract and accept the license. Click Next.5. On the Choose Shortcut Location window, select the check boxes next to the locations where you
want a IBM SmartCloud Entry link and then click Next.6. To choose the location for your installation, click Choose on the Choose Install Folder window, specify
your chosen location, and click Next.
Note:
v The installation path cannot contain non-English characters.v In IBM SmartCloud Entry 2.2, this folder was called Starter Kit for Cloud. Because later releases
of IBM SmartCloud Entry installation into the SmartCloud Entry folder, you do not have touninstall your IBM SmartCloud Entry 2.2 version. Instead, you can install the new version into thesame directory for a side by side installation.
7. To select the location of your property files, on the Choose Property File Install Folder window, clickChoose and click Next.
Note: The installation path cannot contain non-English characters.8. Review your selected options on the Pre-Installation Summary window. If you are satisfied with your
selections, click Next.9. After the installation is finished, the Install Finished window opens.
You have three options:v You can follow the installer to configure important properties.v You can use the installer to migrate the property files and database from a previous release.v You can manually migrate the configuration property files and data from a previous release at a
later time.Click Next after making your selection and complete one of the following steps if you chose tomigrate or configure the property file information:
Note: The property files must be configured in your environment before you can use IBMSmartCloud Entry.
Chapter 5. Installing and uninstalling 63
v If you selected to configure the property files with the installer, the Add Configuration Valueswindow opens. If you selected to configure the property files, the Add Configuration Valueswindow opens. Enter the host name and the configured user name and password that is used tocommunicate with the host, and then click Next.
v If you selected to use the installer to migrate the configuration and database, complete thefollowing steps:a. Stop the IBM SmartCloud Entry if it is running.b. Locate the installation folder of the installation you want to migrate.
The installer starts the newly installed IBM SmartCloud Entry instance and migrate theconfiguration and database from the previous installation.
Note: You cannot migrate a DB2 database using the installer. To migrate your DB2 database, see“Migrating your data” on page 98.For more information about the files and values that must be manually migrated, and after themigration is complete, see“Migrating your configuration” on page 97.
v To manually configure your properties files, see “Configuring local authentication” on page 136 and“Configuring common cloud properties” on page 140.
v To manually migrate your configuration and database, see “Migrating your configuration” on page97.
Console installationYou can complete the installation by using a console.
Procedure1. Click Start and then select Run.2. In the run window, type cmd and click OK.3. In the console window, navigate to the windows installer and run the following command:
sce320_windows_installer.exe -i console
4. On the Choose Locale screen, choose the language for the installer by typing the numbercorresponding to your chosen language and pressing Enter. If your preferred language is the default,press Enter.
Note:
v If you see an error message similar to Executing java permission denied, verify that you areusing the correct installer for your operating system.
v If you see Windows error 183, you are using an unsupported 32-bit operating system.5. On the Introduction screen, read the information about the installer and press Enter.6. On the License Agreement screen, read the contract and accept the license by entering 1.7. Choose your location for the links to IBM SmartCloud Entry. To choose any combination of locations,
separate each number with a comma.8. On the Choose Install Folder screen, press Enter to accept the default location. To choose a different
location for the application files, type in the full path to that folder and press Enter.
Note:
v The installation path cannot contain non-English characters.v In IBM SmartCloud Entry 2.2, this folder was called Starter Kit for Cloud. Because later releases
of IBM SmartCloud Entry install into the SmartCloud Entry folder, you do not have to uninstallyour IBM SmartCloud Entry 2.2 version. Instead, you can install the new version into the samedirectory for a side by side installation.
64 IBM SmartCloud Entry: Administrator Guide 3.2
9. On the Choose Property File Install Folder screen, press Enter to accept the default location. Tochoose a different location for the property files, type in the full path to that folder and press Enter.
Note: The installation path cannot contain non-English characters.10. Review your selected options on the Pre-Installation Summary screen. If you are satisfied with your
selections, press Enter.11. When the installation is complete, the Install Finished window opens.
You have three options:v You can follow the installer to configure important properties.v You can use the installer to migrate the property files and database from a previous release.v You can manually migrate the configuration property files and data from a previous release later.Press Enter after making your selection and complete one of the following steps if you chose tomigrate or configure the property file information:
Note: The property files must be configured in your environment before you can use IBMSmartCloud Entry.v If you selected to configure the property files, the Add Configuration Values window opens. Enter
the host name and the configured user name and password that is used to communicate with thehost, and then click Next.
v If you selected to migrate the configuration and database, complete the following steps:a. Stop the IBM SmartCloud Entry if it is running.b. Locate the installation folder of the installation you would like to migrate.
The installer starts the newly installed IBM SmartCloud Entry and migrates the configuration anddatabase from the previous installation.
Note: The migration of a DB2 database is not supported in the installer. For more informationabout migrating a DB2 database, see “Migrating your data” on page 98.When the migration is complete, see “Migrating your configuration” on page 97 for moreinformation about the files and values that must be manually migrated.
v To manually configure your properties files, see “Configuring local authentication” on page 136and “Configuring common cloud properties” on page 140.To manually migrate your configuration and database, see “Migrating your configuration” on page97.
Silent installationCreate a IBM SmartCloud Entry silent installation response file and use it to install Windows.
About this task
To create a silent installation response file, follow either“Console installation” on page 64 or“Graphicalinstallation (default)” on page 63 on Windows. On the final screen, you can create a silent installationresponse file. Creating a silent installation response file creates a property file that is calledinstaller.properties in the installation location.
To install Windows by using a silent installation response file, follow these steps:
Procedure1. Open the response file and double check all of the properties. Make any updates and then save the
file.
Notes:
Chapter 5. Installing and uninstalling 65
a. Notice that all paths have "\\" instead of a single "\".b. The ;LICENSE_ACCEPTED property in the response file specifies your agreement to the license for the
application. Its default value is set to FALSE. You must specify TRUE to run the silent installationsuccessfully.
c. Passwords are not included in the installer.properties file. The value of the administratorpassword in the file is <Intentionally Left Blank>. If you do not change the value of theUSER_INPUT_ADMIN_PASS, you must enter <Intentionally Left Blank> for the password when youlog into IBM SmartCloud Entry.
2. Press Start and then Run.3. In the run prompt, type cmd and press Enter.4. A console window opens. In the console window, navigate to the Windows installer.5. Run the installer with the command sce320_windows_installer.exe -i silent -f <response file
location>, where <response file location> is the path to the response file, which defines theinstallation.
Note:
v If you see an error message similar to Executing java permission denied, verify that you are usingthe correct installer for your operating system.
v If you see Windows error 183, you are using am unsupported 32-bit operating system.v If you have spaces in a directory name, then you must put double quotation marks around it as
shown in the following example:sce320_windows_installer.exe -i silent -f "c:\My Directory\installer.properties"
Installing and uninstalling IBM SmartCloud Entry AgentsIBM SmartCloud Entry can manage hypervisors by using OpenStack technology. To manage certainhypervisors, you must install a IBM SmartCloud Entry agent on the endpoint server. This section containsthe procedures for installing and uninstalling these IBM SmartCloud Entry agents.
Installing and uninstalling the IBM SmartCloud Entry Hyper-V AgentBeginning with version 3.1, IBM SmartCloud Entry can manage Microsoft Hyper-V hypervisors fromOpenStack technology. To manage these hypervisors, an IBM SmartCloud Entry Hyper-V Agent must beinstalled on the Hyper-V endpoint server. This IBM SmartCloud Entry Hyper-V Agent contains packagingof the OpenStack technology that is required to provision to the Hyper-V server. The IBM SmartCloudEntry Hyper-V Agent can be installed on a Microsoft Hyper-V Server 2012 or Microsoft Windows Server2012 with the Hyper-V role enabled. The IBM SmartCloud Entry Hyper-V Agent must be installed on allmanaged compute nodes. The IBM SmartCloud Entry Hyper-V Agent installation is packaged as aMicrosoft Windows Installer that can be run as an installation wizard, or in silent mode. This installationinstalls the required OpenStack components on to the Hyper-V server and configures them to run asMicrosoft Windows services.
IBM SmartCloud Entry Hyper-V Agent Installation PrerequisitesUse the following steps to prepare your environment for installation.
Preparing Your Hyper-V Server for Installation
On each Hyper-V server that is managed from IBM SmartCloud Entry, a Network Time Service (NTP)must be synchronized with the Hyper-V appliance system that is running the IBM SmartCloud Entryserver. See the following document in the OpenStack Compute Administration Guide for more details:Hyper-V Virtualization Platform.
Note: Before you can install the IBM SmartCloud Entry Hyper-V Agent on Microsoft Windows Server2012, ensure that the Hyper-V role is enabled on the server.
66 IBM SmartCloud Entry: Administrator Guide 3.2
Preparing the Host
The host must be a domain joined computer to support live migration. If the host is not a domain joinedcomputer, you might see the following error display during installation:
Failed to modify service settings. Live migrations can be enabled only on a domain joinedcomputer.
Preparing the User
Add the user who installs the Hyper-V Agent for IBM SmartCloud Entry to the Hyper-V Administratorsgroup.
Note: If you are creating the user profile for the first time, the Hyper-V server must be restarted beforeyou install the IBM SmartCloud Entry Hyper-V Agent.
If the user plans to uninstall the Hyper-V Agent in the future, ensure that the user has permission to eachof the installation directories on the system.
Installing on Microsoft Windows Server 2012 or Microsoft Hyper-V Server 2012Follow these steps to install the IBM SmartCloud Entry Hyper-V Agent on Microsoft Windows Server2012 or Microsoft Hyper-V Server 2012.
Overview of the installation
The installation completes the following steps:v Create a product installation directoryv Create a Hyper-V external virtual switch (optional)v Configure Hyper-V Live Migration settings for this host (optional)v Install an independent Python environment to avoid conflicts with existing applications
Note: This embedded Python environment is only intended for use by the IBM SmartCloud EntryHyper-V Agent. Do not attempt to access this environment from any other application. Thisindependent environment is designed to coexist with any preexisting Python environments that mightalready be installed on the system. Do not install new Python modules into the embedded Pythonenvironment.
v Install the required Python modules/packages required by the applicationv Install and configure the OpenStack Nova Compute servicev Install and configure the OpenStack Hyper-V Neutron agent for networkingv Register two Windows services, which are set to auto-start by default:
– IBM SmartCloud Entry Network Service
– IBM SmartCloud Hyper-V Compute Agent Service
Important: The 3.1 Hyper-V agent installer does not prevent users from installing a previous versionover the more recent Hyper-V agent.
Creating installation or uninstallation logs:
Follow these steps to create installation or uninstallation logs for use during the installation oruninstallation of IBM SmartCloud Entry Hyper-V Agent on Microsoft Windows Server 2012.
Chapter 5. Installing and uninstalling 67
About this task
Because the IBM SmartCloud Entry Hyper-V Agent installer is MSI-based, you can create an installationor uninstallation log by starting the installer with the msiexec command with the correct parameters.Detailed information about creating logs can be found here: How to enable Windows Installer logging.
Graphical Installation:
Follow these steps to install the IBM SmartCloud Entry Hyper-V Agent by using the graphical installationwizard.
Procedure
1. Download the latest fix for the IBM SmartCloud Entry Hyper-V Agent from Fix Central. For moreinformation, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Note: The IBM SmartCloud Entry Hyper-V Agent and the IBM SmartCloud Entry Hyper-V appliancemust be at the same level, either the GA level, or the fix level.
2. Locate the installation image, and double-click IBM SmartCloud Entry Hyper-V Agent.msi to start theinstallation wizard.
3. Follow the instructions that are provided by the installation wizard. Agree to the license terms,provide an installation destination directory, and select the type of setup you want to use.
Note: The IBM SmartCloud Entry Hyper-V Agent must be installed to the local C: disk of the server.However, the instance directory (Instances Path) that is used to store virtual machine instance datacan be on any local disk.
4. Use the Nova Compute Configuration window to configure the compute agent parameters. You canleave the default values provided and manually configure the nova.conf file, which is in the etc\novafolder, later. The following table shows the mappings between areas from this dialog and properties inthe nova.conf file.
Table 16. Nova Compute Configuration fields and related properties in nova.conf. Mapping of field names in theinstallation wizard, related properties in the nova.conf file, and installation wizard default values
Area in dialog Property in nova.conf Installation wizard default values
Glance API Server glance_host appliance_mgmt_ipNote: Where appliance_mgmt_ip isthe IP address of the networkinterface on the appliance.
Port (after Glance API Server) glance_port 9292
Qpid Server qpid_hostname appliance_mgmt_ipNote: Where appliance_mgmt_ip isthe IP address of the networkinterface on the appliance.
Port (after Qpid Server) qpid_port 5671
Qpid User Name qpid_username qpidclient
Qpid Password qpid_password openstack1
Instances Path instances_path C:\Program Files(x86)\IBM\SmartCloud Entry\Hyper-VAgent\instances\
Note: The property qpid_hostname is also written to the file hyperv_neutron_agent.ini. For moredetailed descriptions about properties in the nova.conf file, see the List of configuration options topicin the OpenStack Compute Administration Manual.
68 IBM SmartCloud Entry: Administrator Guide 3.2
5. Use the Nova Compute Advanced Configuration window to configure the advanced compute agentparameters. Select Use Cow Images to enable the copy on write feature and speed up deploymenttimes. You can also manually configure the nova.conf file, which is in the etc\nova folder, later. Thefollowing table shows the mappings between areas from this dialog and properties in the nova.conffile.
Table 17. Nova Compute Advanced Configuration fields and related properties in nova.conf. Mapping of field namesin installation wizard and related properties in the nova.conf file
Area in dialog Property in nova.conf
Use Cow Images use_cow_images
Verbose Logging verbose
Log file logdir
6. Use the Neutron Network Configuration window to configure network agent parameters. Theinstallation wizard applies changes that are made to this window to properties in both the nova.confand neutron.conf files. You can leave the default values provided and manually configure thenova.conf and neutron.conf files later. These properties files are in the etc\nova and etc\neutronfolders. The following table shows the mappings between areas from this dialog and properties in thenova.conf and neutron.conf files.
Table 18. Neutron Network Configuration fields and related properties in nova.conf and neutron.conf. Mapping offield names in the installation wizard, related properties in the nova.conf file and neutron.conf file, and installationwizard default values
Area in dialogProperty in nova.conf andneutron.conf Installation wizard default values
Neutron URL neutron_url http://appliance_mgmt_ip:9696Note: Where appliance_mgmt_ip isthe IP address of the networkinterface on the appliance.
Username neutron_admin_username neutron
Password neutron_admin_password neutron
Tenant Name neutron_admin_tenant_name service
Region name neutron_region_name regionOne
Authentication Url neutron_admin_auth_url http://appliance_mgmt_ip:35357/v2.0Note: Where appliance_mgmt_ip isthe IP address of the networkinterface on the appliance.
Note: The file, hyperv_neutron_agent.ini, is also updated in the background by the installer. Thefollowing properties are updated:v rpc_backend=neutron.openstack.common.rpc.impl.qpid
v verbose=true
v debug=true
v control_exchange=neutron
v physical_network_vswitch_mappings = *:external
7. Use the Hyper-V Live Migration Settings window to configure the Live Migration settings for thehost.
Note: IBM SmartCloud Entry with Hyper-V supports a Shared nothing live migration. To use livemigration, the Hyper-V server must belong a common domain. You can also skip this step and
Chapter 5. Installing and uninstalling 69
configure the Hyper-V Live Migration setting manually later. See the following document in theOpenStack Compute Administration Guide for more details: Hyper-V Virtualization Platform
Note: When you provide a user name in the Nova compute service user field, ensure that the useryou select is a domain user.
8. Use the Virtual Switch Configuration window to configure Virtual Switch settings. For moreinformation about Hyper-V Switches, see the following topic:Hyper-V Virtual Switch Overview. If noexisting virtual switches are detected, create a new virtual switch. To add a new virtual switch, theremust be at least one physical network adapter that is not bound to any existing virtual switch. Tomanually determine whether a physical network adapter is available, you can use the PowerShellcommand get-networkadapter -physical' to see all physical network adapters. Next, you can use thePowerShell command get-vmswitch to see all network adapters that are already in use. A new virtualswitch must be exclusively associated with a physical network adapter. No two virtual switches canbe associated with the same physical network adapter on the host. See the following document in theOpenStack Compute Administration Guide for more details on using the PowerShell command:Hyper-V Virtualization Platform
Note: The Shared for management property determines whether the Hyper-V Agent can use thisphysical network adapter to manage network traffic.
9. After you complete the information in the installation wizard, the installation begins.
Silent installation:
Because the IBM SmartCloud Entry Hyper-V Agent is installed by using the Microsoft Installer (MSI,),you can start MSI directly without using the graphical installation wizard. This process is called silent(unattended) installation, and is useful for installing this program over a network on a remote systemfrom a shared drive on a LAN server. Follow these steps to silently install IBM SmartCloud EntryHyper-V Agent on Microsoft Windows Server 2012.
Before you begin
If you choose to install silently, you must create an IBM SmartCloud Entry Hyper-V Agent silentinstallation response file and use it to drive the installation. The file is addressed in the followingsections, and a sample response file is provided for reference
About this task
To install silently, you either provide installation parameters through the command line, or use an INI file(response file) to specify all the parameters in a single file. For both cases, use the msiexec command tostart the installation. For more information about this command, see Msiexec (command-line options)
Installing silently with the command line:
Follow these steps to silently install IBM SmartCloud Entry Hyper-V Agent by using the command line.
Before you begin
If you choose to install silently, you must create an IBM SmartCloud Entry Hyper-V Agent silentinstallation response file and use it to drive the installation. The file is addressed in the followingsections, and a sample response file is provided for reference.
Procedure
1. Download the latest fix for the IBM SmartCloud Entry Hyper-V Agent from Fix Central. For moreinformation, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
70 IBM SmartCloud Entry: Administrator Guide 3.2
Note: The IBM SmartCloud Entry Hyper-V Agent and the IBM SmartCloud Entry Hyper-V appliancemust be at the same level, either the GA level, or the fix level.
2. To start the installation through the command line directly, open a command prompt and input thefollowing parameters, substituting the IP address and port with your own: msiexec /i"Hyper-V-OpenStack installer.msi" /qn GLANCE_SERVER="127.0.0.1" GLANCE_SVR_PORT = "9292"
Tip: The /i parameter means to install, and the /qn parameter means that the installation is donewith no GUI.
Tip: You can provide as many parameters as you like in the format key=value, separated by a spacecharacter at the end of the command.
Note: The IBM SmartCloud Entry Hyper-V Agent must be installed to the local C: disk of the server.However, the instance directory (Instances Path) that is used to store virtual machine instance datacan be on any local disk.
Example
The following table shows the mappings between parameters in the response file and properties in thenova.conf file.
Table 19. Response file parameters and related properties in nova.conf. This table shows the mappings betweenparameters in the response file and properties in the nova.conf file.
Parameters in the response file Property in nova.conf
GLANCE_SERVER glance_host
GLANCE_SVR_PORT glance_port
QPID_SERVER qpid_hostname
QPID_SVR_PORT qpid_port
QPID_UNAME qpid_username
QPID_PWD qpid_password
INSTANCES1 instances_path
COW use_cow_images
VERBOSE verbose
NOVA_LOG_PATH Logdir
The following table shows the mappings between parameters in the response file and properties in boththe nova.conf and neutron.conf files
Table 20. Response file parameters and related properties in nova.conf and neutron.conf files. This table shows themappings between parameters in the response file and properties in the nova.conf and neutron.conf files.
Parameters in the response file Property in nova.conf and neutron.conf
NEUTRON_URL neutron_url
ADMIN_USERNAME neutron_admin_username
ADMIN_PASSWORD neutron_admin_password
ADMIN_TENANT_NAME neutron_admin_tenant_name
REGION_NAME neutron_region_name
NEUTRON_AUTH_URL neutron_admin_auth_url
ALLOW_RESIZE_TO_SAME_HOST allow_resize_to_same_host
NEUTRON_AUTH_STRATEGY neutron_auth_strategy
Chapter 5. Installing and uninstalling 71
Note: The property ;AgreeToLicense in the response file specifies your agreement to the license for theapplication. Its default value is set to no. You must specify yes to run the silent installation successfully.
Installing silently with a response file:
Follow these steps to run a silent installation by using a response file.
Before you begin
If you choose to install silently, you need to create an IBM SmartCloud Entry Hyper-V Agent silentinstallation response file and use it to drive the installation. The file is addressed in the followingsections, and a sample response file is provided for reference.
Procedure
1. Download the latest fix for the IBM SmartCloud Entry Hyper-V Agent from Fix Central. For moreinformation, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Note: The IBM SmartCloud Entry Hyper-V Agent and the IBM SmartCloud Entry Hyper-V appliancemust be at the same level, either the GA level, or the fix level.
2. To run the installation through the response file, you must first enter the correct parameters in yourlocally saved copy of the response file. See the sample response file that is provided for more details.
Note: The IBM SmartCloud Entry Hyper-V Agent must be installed to the local C: disk of the server.However, the instance directory (Instances Path) that is used to store virtual machine instance datacan be on any local disk.
3. Next, open a command prompt and input the following statement:msiexec /i "Hyper-V-OpenStack installer.msi" /qn USEINI="absolute path to responsefile"
Example
The sample response file provides an example INI file that can be used to drive a silent installation. Thisexample shows all properties that are available during a graphical installation of the IBM SmartCloudEntry Hyper-V Agent.[Response]#indicate whether you agree with the liscense and its default value is “no”AgreeToLicense=yesGLANCE_SERVER = mySCEApplianceHostOrIPGLANCE_SVR_PORT = 9292QPID_SERVER = mySCEApplianceHostOrIPQPID_SVR_PORT = 5671QPID_UNAME = qpidclientQPID_PWD = openstack1NEUTRON_URL = http://9.123.106.93:9696ADMIN_USERNAME = neutronADMIN_PASSWORD = neutronADMIN_TENANT_NAME = serviceREGION_NAME = regionOneNEUTRON_AUTH_URL = http://9.123.106.93:35357/v2.0NEUTRON_URL_TIMEOUT = 30ALLOW_RESIZE_TO_SAME_HOST = TrueNEUTRON_AUTH_STRATEGY = keystoneINSTANCES1=C:\Program Files (x86)\IBM\SmartCloud Entry\Hyper-V Agent\instancesCOW = trueENABLELOG = 1VERBOSE = trueNOVA_LOG_PATH = = C:\Program Files (x86)\IBM\SmartCloud Entry\Hyper-V Agent\log\nova\
72 IBM SmartCloud Entry: Administrator Guide 3.2
#The path that IBM SCE Hyper-V Agent will be installed.INSTALLDIR = C:\Program Files (x86)\IBM\SmartCloud Entry\Hyper-V Agent\#The string coming after a period is the UUID of the DIM used by the installer internally.#You can actually ignore it during the installation.#(IntOpt)Live Migration authentication type you choose. It has two optional values, “0” and “1”.#“0” stands for “Kerberos”, and “1” stands for “CredSSP”.LIVEMIGRAUTHTYPE.EDDDE39A_8D99_430B_BFF6_7644F125D2A1 = 0NOVACOMPUTESERVICEUSER.EDDDE39A_8D99_430B_BFF6_7644F125D2A1 =#(IntOpt)The max active virtual machine migrations.MAXACTIVEVSMIGR.EDDDE39A_8D99_430B_BFF6_7644F125D2A1 =(IntOpt)The max active storage migrations.MAXACTIVESTORAGEMIGR.EDDDE39A_8D99_430B_BFF6_7644F125D2A1 =#(IntOpt)The networks you migrate from. It has two optional values, “0” and “1”.#Set “1” means you can migrate from any network, and the following property MIGRNETWORKS will be disabled.#Set “0” means you have to specify the network you migrate from by stating the following property.MIGRNETWORKSANY_INTERNAL.EDDDE39A_8D99_430B_BFF6_7644F125D2A1 = 1;#(IntOpt)Specific network you migrate from.#This property only make sense when the MIGRNETWORKSANY_INTERNAL is set to “0”.MIGRNETWORKS.EDDDE39A_8D99_430B_BFF6_7644F125D2A1 = 10.10.10.1/32
#(IntOpt) It has two optional values, “0” and “1”.#Set to “1” means you will skip the virtual switch configuration, and the following four properties#SKIPNOVACONF, ADDVSWITCH, VSWITCHNAME, VSWITCHNETADAPTER,NEWVSWITCHNAME, VSWITCHSHARED will be disabled.#Set “0” means you configure the virtual switch during installation.SKIPNOVACONF.D5E17CCE_FABA_4230_9715_2DF2AA168F6C = 1#(IntOpt)Whether to add a virtual switch. It has two optional values, “0” and “1”.#Set “1” means a newvirtual switch will be add, and the following property VSWITCHNAME will be disabled.#Set “0” means you will use an existing virtual switch,#and the following property VSWITCHNETADAPTER and NEWVSWITCHNAME will be disabled.ADDVSWITCH.D5E17CCE_FABA_4230_9715_2DF2AA168F6C = 0#(StrOpt)The name of an existing virtual switch you choose.VSWITCHNAME.D5E17CCE_FABA_4230_9715_2DF2AA168F6C =#(StrOpt)The adapter you use to create a new virtual switch.VSWITCHNETADAPTER.D5E17CCE_FABA_4230_9715_2DF2AA168F6C =#(StrOpt)The name you use to create a new virtual switch.NEWVSWITCHNAME.D5E17CCE_FABA_4230_9715_2DF2AA168F6C =#(IntOpt) It has two optional values, “0” and “1”.#Set to “1” to allow management operating system toshare this network adapter. Set to “0” to disable itVSWITCHSHARED.D5E17CCE_FABA_4230_9715_2DF2AA168F6C =
# End of the file
Note: The property ;AgreeToLicense in the response file specifies your agreement to the license for theapplication. Its default value is set to no. You must specify yes to run the silent installation successfully.
Note: A response file must start with [Response], followed by any parameters in format key=value.
Upgrading the IBM SmartCloud Entry Hyper-V AgentYou can upgrade the IBM SmartCloud Entry Hyper-V Agent by using the graphical installation wizard orsilently.
Note: You must upgrade the Hyper-V Agent one version at a time. For example, if you have Hyper-VAgent version 3.1 FP2 installed, you must upgrade to version 3.2 and then upgrade to version 3.2 FP1.
Graphical Upgrade:
To upgrade the IBM SmartCloud Entry Hyper-V Agent by using the graphical installation wizard, followthese steps:
Procedure
1. Download the latest fix for the IBM SmartCloud Entry Hyper-V Agent from Fix Central. For moreinformation, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Chapter 5. Installing and uninstalling 73
Note: The IBM SmartCloud Entry Hyper-V Agent and the IBM SmartCloud Entry Hyper-V appliancemust be at the same level, either the GA level, or the fix level.
2. Locate the installation image, and double-click IBM SmartCloud Entry Hyper-V Agent.msi to start theinstallation wizard.
3. Follow the instructions that are provided by the installation wizard. For example, you must agree tothe license terms and specify configuration information, such as target directory and basic nova andvirtual switch configuration information.
4. After you complete the information in the installation wizard, the upgrade begins.
Silent upgrade:
To upgrade IBM SmartCloud Entry Hyper-V Agent silently, follow these steps:
Before you begin
Procedure
1. Download the latest fix for the IBM SmartCloud Entry Hyper-V Agent from Fix Central. For moreinformation, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Note: The IBM SmartCloud Entry Hyper-V Agent and the IBM SmartCloud Entry Hyper-V appliancemust be at the same level, either the GA level, or the fix level.
2. To run the installation through the response file, you must first enter the correct parameters in yourlocally saved copy of the response file. For detailed information, see the sample response file.The sample response file provides an example INI file that can be used to drive a silent installation.This example shows all properties that are available during a graphical installation of the IBMSmartCloud Entry Hyper-V Agent.[Response]#indicate whether you agree with the license and its default value is “no”AgreeToLicense=yes
Note: The property ;AgreeToLicense in the response file specifies your agreement to the license forthe application. Its default value is set to no. You must specify yes to run the silent installationsuccessfully.
3. Next, open a command prompt and input the following statement:msiexec /i "Hyper-V-OpenStack installer.msi" /qn USEINI="absolute path to responsefile"
The following properties in the nova.conf file are copied:glance_host;glance_port;qpid_hostname;qpid_port;qpid_username;qpid_password;instances_path;neutron_url;neutron_admin_username;neutron_admin_password;neutron_admin_tenant_name;neutron_region_name;neutron_admin_auth_url;auth_strategy with default value "keystone";flat_injected with default value "true";rpc_thread_pool_size with default value "128";rpc_conn_pool_size with default value "60";rpc_response_timeout with default value "600";use_cow_images=" ";
74 IBM SmartCloud Entry: Administrator Guide 3.2
vswitch_name=" ";use_ipv6 with default value "true";verbose with default value "false";log_dir=" ";
These following properties in neutron.conf file are copied:qpid_hostname;qpid_port;qpid_username;qpid_password;allow_overlapping_ips;rpc_thread_pool_size with default value "128";rpc_conn_pool_size with default value "60";rpc_response_timeout with default value "600";
The following properties in hyperv_neutron_agent.ini file are copied:qpid_hostname;qpid_username;qpid_password;physical_network_vswitch_mappings;rpc_backend;verbose;debug;control_exchange;tenant_network_type;network_vlan_ranges;
Note: If you manually modified properties that are not shown, you must manually modify thoseproperties after the upgrade is complete.
Uninstalling the IBM SmartCloud Entry Hyper-V AgentThe IBM SmartCloud Entry Hyper-V Agent uninstaller supports uninstallation by using the MicrosoftWindows Control Panel and command line.
About this task
Use the following steps to uninstall the IBM SmartCloud Entry Hyper-V Agent on Microsoft Windows :
Procedure1. Shut down the IBM SmartCloud Entry Hyper-V Agent by using the Microsoft Windows Services
panel or the appropriate command line.2. Navigate to Start > Control Panel > Programs > Uninstall a program3. Select IBM OpenStack Hyper-V Agent and click Uninstall.4. Follow the instructions on the uninstallation wizard to complete the operation.
Results
After the IBM SmartCloud Entry Hyper-V Agent is uninstalled, the uninstaller will back up the followingfiles to the %USERPROFILE%/AppData folder:v nova.conf
v neutron.conf
v hyperv_neutron_agent.ini
Note: The uninstaller does not delete any existing instances that you started. These instances are savedin the instances folder.
Chapter 5. Installing and uninstalling 75
Uninstalling the IBM SmartCloud Entry Hyper-V Agent on Microsoft Hyper-V Server2012The IBM SmartCloud Entry Hyper-V Agent uninstaller supports uninstallation from the MicrosoftHyper-V Server 2012 command line.
About this task
Use the following steps to uninstall The IBM SmartCloud Entry Hyper-V Agent on Microsoft Hyper-VServer 2012 :
Procedure1. Shut down the IBM SmartCloud Entry Hyper-V Agent by using the Microsoft Windows Services
panel or the appropriate command line.2. 1. Open a command-line window and enter the following command: WMIC.3. Enter the following command to display a list of installed products: product get name.4. Enter the command product name call uninstall, where product name is the name of the IBM
SmartCloud Entry Hyper-V Agent installed product.5. Enter Y to uninstall.
Results
After the IBM SmartCloud Entry Hyper-V Agent is uninstalled, the uninstaller will back up the followingfiles to the %USERPROFILE%/AppData folder:v nova.conf
v neutron.conf
v hyperv_neutron_agent.ini
Note: The uninstaller does not delete any existing instances that you started. These instances are savedin the instances folder.
Installing and uninstalling the IBM SmartCloud Entry LinuxKernel-based Virtual Machine (KVM) Agent and CLI ClientBeginning with version 3.2, IBM SmartCloud Entry can manage Linux Kernel-based Virtual Machine(KVM) hypervisors from OpenStack technology and access the OpenStack controller remotely across theCLI client. To manage these hypervisors, IBM SmartCloud Entry KVM Agent and CLI Client must beinstalled on the KVM endpoint server.
This IBM SmartCloud Entry KVM Agent and CLI Client contains packaging of the OpenStack technologythat is required to provision to the KVM server. The IBM SmartCloud Entry KVM Agent and CLI Clientcan be installed on a RedHat Enterprise Linux Server 6.4. The IBM SmartCloud Entry KVM Agent andCLI Client must be installed on all managed compute nodes. If you are using only the CLI Client, installthe client on any common virtual machines or compute nodes. The IBM SmartCloud Entry KVM Agentand CLI Client installation is packaged as a Linux Installer that can be run as an installation wizard, or insilent mode. This installation installs the required OpenStack components on to the KVM server andconfigures them to run as Linux services.
Note: If you want to re-install the IBM SmartCloud Entry KVM Agent and CLI Client, you must firstuninstall the existing IBM SmartCloud Entry KVM Agent and CLI Client or the installation will fail.
IBM SmartCloud Entry Linux Kernel-based Virtual Machine (KVM) AgentInstallation PrerequisitesBefore you install the IBM SmartCloud EntryLinux Kernel-based Virtual Machine (KVM) Agent, prepareyour environment for installation.
76 IBM SmartCloud Entry: Administrator Guide 3.2
Preparing Your KVM Server for Installation (KVM Agent only)
On each KVM server that is managed from IBM SmartCloud Entry, a Network Time Service (NTP) mustbe synchronized with the KVM appliance system that is running the IBM SmartCloud Entry server. Seethe following document in the OpenStack Compute Administration Guide for more details: KVM.
Preparing the Host (KVM Agent only)
The host must satisfy the following requirements:v At least two physical network adapters are availablev The RedHat yum repository is availablev SELinux is disabled
Preparing the User
Use root user authority to install the IBM SmartCloud Entry KVM Agent and CLI Client.
Installing on Red Hat Enterprise Linux Server 6.4Follow these steps to install the IBM SmartCloud Entry KVM Agent and CLI Client on Red HatEnterprise Linux Server 6.4.
Overview of the installation
The installation completes the following steps:
For KVM Agent
v Create a product installation directoryv Create the Open vSwitch virtual switchesv Install the OpenStack Nova Compute and Neturon Open vSwitch agentv Configure the OpenStack Nova Compute servicev (Optional) Configure KVM live migration settings for this hostv Configure the OpenStack Neutron Open vSwitch agent for networkingv Register the following Linux services, which, by default, are set to automatically start:
– IBM SmartCloud Entry Nova Compute Agent Service– IBM SmartCloud Entry Neutron Open vSwitch Agent Service
For CLI Client
v Create a product installation directoryv Install the following clients:
– Nova– Neturon– Cinder– Keystone– Glance
v Configure the file openrc environment variable for accessing these Clientsv Get certification from the Iaasgateway server
Installing with console installation:
Follow these steps to install the IBM SmartCloud Entry KVM Agent and CLI Client by using the consoleinstallation wizard.
Chapter 5. Installing and uninstalling 77
Procedure
1. Download the latest fix for the IBM SmartCloud Entry KVM Agent and CLI Client from Fix Central.For more information, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Note: The IBM SmartCloud Entry KVM Agent and CLI Client and the IBM SmartCloud Entryappliance must be at the same level, either the GA level, or the fix level.
2. Locate the installation image, and run the following command to start the installation wizard:IBM_SmartCloud_Entry_KVM_Agent.bin
3. Follow the instructions that are provided by the installation wizard. Choose locale language, agree tothe license terms, specify an installation destination folder, and select the shortcut folder that youwant to use.
4. On the Choose Install Feature screen, choose which feature to install.5. (KVM Agent only) On the Controller Node IP Address configuration screen, specify the IP address of
the IBM SmartCloud Entry appliance management server.6. (KVM Agent only) If there are existing virtual switches on the host, specify whether to reuse these
switches. If choose to reuse these switches, select the virtual switches from a virtual switch list forthe Open vSwitch integration network and then the data network. If you choose not to reuse theseswitches, you must create new virtual switches for networking, then select the physical networkadapter from an adapter list for Open vSwitch data network.
Note: A management network and a data network are created on the compute host. Themanagement network is used for the communication between the controller and the compute nodes.The data network is used for the communication between virtual servers. It is recommended thatthere are at least two adapters on the host. This enables you to bind these two networks on differentphysical network adapters, so that each can work with its own channel.
7. On the Qpid Server configuration screen, configure the IP address, port number, and specify whetherto enable an SSL connection to the Qpid server.
Note: If you enable Qpid SSL, the Qpid server port number changes to the default value of 5671.8. (KVM Agent only) On the Keystone server configuration screen, configure the IP address and the
port number for the Keystone server.9. (KVM Agent only) On the Glance configuration screen, configure the IP address and the port
number for the Glance server.10. (KVM Agent only) On the Nova Compute configuration screen, configure the compute agent
parameters. You can use the default values and manually configure the nova.conf file, which is inthe /etc/nova folder, at any time. The following table shows the mappings between this screen andproperties in the nova.conf file.
Table 21. Nova Compute Configuration fields and related properties in nova.conf file.. Mapping of field names in theinstallation wizard, related properties in the nova.conf file, and installation wizard default values
Installation wizard Property in nova.conf file Installation wizard default value
KEYSTONE_IP neutron_admin_auth_url appliance_mgmt_ipNote: Where appliance_mgmt_ip isthe IP address of the networkinterface on the appliance.
KEYSTONE_PORT neutron_admin_auth_url 5000
GLANCE_IP glance_api_servers appliance_mgmt_ipNote: Where appliance_mgmt_ip isthe IP address of the networkinterface on the appliance.
GLANCE_PORT glance_api_servers 9292
78 IBM SmartCloud Entry: Administrator Guide 3.2
Table 21. Nova Compute Configuration fields and related properties in nova.conf file. (continued). Mapping of fieldnames in the installation wizard, related properties in the nova.conf file, and installation wizard default values
Installation wizard Property in nova.conf file Installation wizard default value
QPID_HOSTNAME qpid_hostname appliance_mgmt_ipNote: Where appliance_mgmt_ip isthe IP address of the networkinterface on the appliance.
QPID_PORT qpid_port 5672 or 5671 for SSL
NOVA_QPID_USERNAME qpid_username qpidclient
NOVA_QPID_PWD qpid_password
IS_QPID_SSL qpid_protocol ssl
NOVA_LOG_DIR logdir /var/log/nova
Note: For more detailed descriptions about properties in the nova.conf file, see the List ofconfiguration options topic in the OpenStack Compute Administration Guide.
11. (KVM Agent only) On the Nova Compute Advanced configuration screen, specify the advancedcompute agent parameters. Select to enable Live Migration, and specify the Instances Path, VolumesPath, Lock Path and State Path. You can also manually configure the nova.conf file, which is in the/etc/nova folder, at any time. The following table shows the mappings between this screen andproperties in the nova.conf file.
Table 22. Nova Compute Advanced configuration fields and related properties in nova.conf file.. Mapping of fieldnames in the installation wizard, and related properties in the nova.conf file
Installation wizard Property in nova.conf file Installation wizard default value
INSTANCES_PATH instances_path /opt/stack/data/nova/instances
VOLUMES_DIR volumes_dir /opt/stack/data/nova/volumes
STATE_PATH state_path /opt/stack/data/nova/
LOCK_PATH lock_path /opt/stack/data/nova/
Note: If you enable Live Migration, you need to manually configure the NFS shared directory, whichis the instances path.
12. (KVM Agent only) On the Neutron configuration screen, specify the network agent parameters. Theinstallation wizard applies changes to properties in both the nova.conf and neutron.conf files. Youcan use the default values and manually configure the nova.conf and neutron.conf files at any time.These properties files are in the etc\nova and etc\neutron folders. The following table shows themappings between this screen and properties in the nova.conf and neutron.conf files.
Table 23. Neutron configuration fields and related properties in nova.conf and neutron.conf files. Mapping of fieldnames in the installation wizard, related properties in the nova.conf file and neutron.conf file, and installation wizarddefault values
Installation wizard Property Configuration file
Installationwizard default
value
NEUTRON_ADMIN_USER neutron_admin_username nova.conf neutron
NEUTRON_ADMIN_PWD neutron_admin_password nova.conf
NEUTRON_ADMIN_TENANT_NAME neutron_admin_tenant_name nova.conf service
NEUTRON_QPID_USERNAME qpid_username neutron.conf qpidclient
NEUTRON_QPID_PWD qpid_password neutron.conf
NEUTRON_LOG_DIR logdir neutron.conf /var/log/neutron
Chapter 5. Installing and uninstalling 79
Note: The following properties in the ovs_neutron_plugin.ini file are also updated by the installer:v tenant_network_type = vlan
v network_vlan_ranges = default:1:4094
v integration_bridge = br-int
v bridge_mappings = default:br-ethx
13. (CLI Client Only) On the CLI Configuration screen, configure the OpenStack Client environmentvariable. The installation wizard applies changes to properties in openrc file which is found in theinstall_path folder. You can use the default values and manually change them at any time.Contact your system administrator to obtain the Iaasgateway authorization URL and the CAcertification file.
Notes:
a. The Iaasgateway authorization URL (AUTH_URL) enables the Administrator (User) to access theIaasgateway through an https protocol. The URL interface is "admin." You can obtain this URLfrom the following web page:https://iaasgateway_host:9973/providers
b. If you cannot get the CA certification file, run the following command:nove --insecure list
Table 24. CLI configuration fields and related properties in openrc file. Mapping of field names in the CLIConfiguration screen to related properties in the openrc file, and the installation wizard default values
Installation wizard PropertyInstallation wizard
default value
OS_USERNAME OS_USERNAME sceagent
OS_TENANT_NAME OS_TENANT_NAME Public
CLI_PASSWORD CLI_PASSWORD
OS_REGION_NAME OS_REGION_NAME regionOne
OS_AUTH_URL OS_AUTH_URL Iaasgateway authurl
OS_CACERT OS_CACERT point to CAcertification file
14. On the Silent Installation Response File screen, specify whether to generate the response file in theinstallation folder. You can use the generated response file as a sample file for a silent installation.Before you use it in a silent installation, review the contents of the file and modify it for yourrequirements. The response file does not include passwords, so at a minimum, you must providepasswords in the response file.
15. For information about the installation, view the logs in the following directory:$USER_INSTALL_DIR/_$PRODUCT_NAME_installation/Logs/
16. To verify whether the services installed correctly, follow these steps:a. Run the following commands to check whether these two processes are running:
v ps -ef|grep nova-compute
v ps -ef|grep neutron-openvswitch-agent
b. Log onto the IBM SmartCloud Entry Appliance and run the following command to checkwhether the IBM SmartCloud Entry KVM agent is displayed in the resulting list:nova-manage service list
80 IBM SmartCloud Entry: Administrator Guide 3.2
What to do next
The IBM SmartCloud Entry KVM Agent and CLI Client creates the “nova” user and this user requires apassword when you connect to a remote node using secure shell (SSH) protocol. For this reason, IBMSmartCloud Entry cannot perform the resize or migration functions for KVM compute nodes that areusing NFS unless SSH is properly configured on each compute node. To enable the resize and migrationfunctions, manually configure SSH on each KVM compute node as shown in the following steps so thatSSH can perform automatic transfers:1. Log on to Node1 as the “nova” user.2. Run the following command to change to the ssh directory:
cd to ~/.ssh
3. Run the following command:ssh-keygen
This generates two files. By default the file names are id_rsa and id_rsa.pub. However, you canchange these file names during the configuration.
4. Run the following command:ssh-copy-id -i id_rsa.pub nova@node2_ip_address
5. Run the following command:ssh nova@node2_ip_address
If this command succeeds, the configuration is successful, and you can automatically connect toNode2 using the SSH protocol. If the command is not successful, verify the configuration or contactyour administrator for help.
6. Repeat these steps from Node2 to enable automatic connection using the SSH protocol from Node2 toNode1.
Troubleshooting:
If there are environment issues, the installation is stopped and rolled back. Usually these issues arecaused by unavailable yum repository definitions.
About this task
To diagnose these issues, follow these steps:
Procedure
1. Check whether the contents of the Red Hat Enterprise Linux yum repository definition file whichunder the folder /etc/yum.repos.d/ are correct. For example, ensure that the base URL is accessibleand enabled.
2. Remove or disable the yum repository which contains other edition OpenStack definitions, as thatmay cause a conflict with the KVM Agent installation.
Installing with silent installation:
You can install the IBM SmartCloud Entry Linux Kernel-based Virtual Machine (KVM) Agent and CLIClient without using the console installation wizard. This process is called silent (unattended) installation,and is useful for installing this program over a network on a remote system from a shared drive on aLAN server.
About this task
To install silently, you either provide installation parameters through the command line, or use aproperties file (response file) to specify all the parameters in a single file.
Chapter 5. Installing and uninstalling 81
Installing silently with the command line:
Follow these steps to silently install IBM SmartCloud Entry Linux Kernel-based Virtual Machine (KVM)Agent and CLI Client by using the command line.
Procedure
1. Download the latest fix for the IBM SmartCloud Entry KVM Agent and CLI Client from Fix Central.For more information, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Note: The IBM SmartCloud Entry KVM Agent and CLI Client and the IBM SmartCloud Entry KVMappliance must be at the same level, either the GA level, or the fix level.
2. To start the installation through the command line, open a command prompt and run the followingcommand:/IBM_SmartCloud_Entry_KVM_Agent.bin -i silent -DGLANCE_IP=ip_address -DGLANCE_SVR_PORT=port
where ip_address and port are the values for your system.
Tips:
a. The -i silent parameter indicates silent (unattended) installation.b. The Dkey = value parameter contains a key and value pair to pass to the installation. You can
specify as many of these key and value pair parameters as you want in the format Dkey=value,separated by a space character.
Example
(KVM Agent Only) The following table shows the mappings between parameters in the response file andproperties in the nova.conf file.
Table 25. Response file parameters and related properties in nova.conf. This table shows the mappings betweenparameters in the response file parameters and properties in the nova.conf file.
Response file parameter Property in nova.conf file
KEYSTONE_IP neutron_admin_auth_url
KEYSTONE_PORT neutron_admin_auth_url
GLANCE_IP glance_api_servers
GLANCE_PORT glance_api_servers
QPID_HOSTNAME qpid_hostname
QPID_PORT qpid_port
NOVA_QPID_USERNAME qpid_username
NOVA_QPID_PWD qpid_password
IS_QPID_SSL qpid_protocol
NOVA_LOG_DIR logdir
(KVM Agent Only) The following table shows the mappings between parameters in the response file andproperties in both the nova.conf and neutron.conf files
Table 26. Response file parameters and related properties in nova.conf and neutron.conf files. This table shows themappings between parameters in the response file and properties in the nova.conf and neutron.conf files.
Response file parameters PropertyIn nova.conf orneutron.conf file
NEUTRON_ADMIN_USER neutron_admin_username nova.conf
82 IBM SmartCloud Entry: Administrator Guide 3.2
Table 26. Response file parameters and related properties in nova.conf and neutron.conf files (continued). Thistable shows the mappings between parameters in the response file and properties in the nova.conf andneutron.conf files.
Response file parameters PropertyIn nova.conf orneutron.conf file
NEUTRON_ADMIN_PWD neutron_admin_password nova.conf
NEUTRON_ADMIN_TENANT_NAME neutron_admin_tenant_name nova.conf
NEUTRON_QPID_USERNAME qpid_username neutron.conf
NEUTRON_QPID_PWD qpid_password neutron.conf
NEUTRON_LOG_DIR logdir neutron.conf
Note: The property ;LICENSE_ACCEPTED in the response file specifies your agreement to the license for theapplication. You must specify TRUE to run the silent installation successfully.
What to do next
The IBM SmartCloud Entry KVM Agent and CLI Client creates the “nova” user and this user requires apassword when you connect to a remote node using secure shell (SSH) protocol. For this reason, IBMSmartCloud Entry cannot perform the resize or migration functions for KVM compute nodes that areusing NFS unless SSH is properly configured on each compute node. To enable the resize and migrationfunctions, manually configure SSH on each KVM compute node as shown in the following steps so thatSSH can perform automatic transfers:1. Log on to Node1 as the “nova” user.2. Run the following command to change to the ssh directory:
cd to ~/.ssh
3. Run the following command:ssh-keygen
This generates two files. By default the file names are id_rsa and id_rsa.pub. However, you canchange these file names during the configuration.
4. Run the following command:ssh-copy-id -i id_rsa.pub nova@node2_ip_address
5. Run the following command:ssh nova@node2_ip_address
If this command succeeds, the configuration is successful, and you can automatically connect toNode2 using the SSH protocol. If the command is not successful, verify the configuration or contactyour administrator for help.
6. Repeat these steps from Node2 to enable automatic connection using the SSH protocol from Node2 toNode1.
Installing silently with a response file:
Follow these steps to run a silent installation by using a response file.
Before you begin
If you choose to install silently, you must create an IBM SmartCloud Entry Linux Kernel-based VirtualMachine (KVM) Agent and CLI Client silent installation response file and use it to drive the installation.
Chapter 5. Installing and uninstalling 83
|
|
|
||
Procedure
1. Download the latest fix for the IBM SmartCloud Entry KVM Agent and CLI Client from Fix Central.For more information, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Note: The IBM SmartCloud Entry KVM Agent and CLI Client and the IBM SmartCloud Entry KVMappliance must be at the same level, either the GA level, or the fix level.
2. To run the installation through the response file, you must first enter the correct parameters in yourlocally saved copy of the response file. See the sample response file that is provided for moreinformation.If you choose to install silently, you must create an IBM SmartCloud Entry KVM Agent and CLIClient silent installation response file and use it to drive the installation.
3. Next, open a command prompt and run the following command:/IBM_SmartCloud_Entry_KVM_Agent.bin -i silent -f <path to response file>
where <path to response file> is the full path to the response file.
Example
The sample response file provides an example properties file that can be used to drive a silentinstallation.
The following example shows all properties that are available during a console installation of the IBMSmartCloud Entry KVM Agent and CLI Client for the KVM Agent.#Indicate whether the license agreement been accepted#----------------------------------------------------LICENSE_ACCEPTED=TRUE
#Choose Install Folder#---------------------USER_INSTALL_DIR=/opt/other/other_product
#Choose Link Location#--------------------USER_SHORTCUTS=/root/other_product
#product alias used as install folder name#--------------------PRODUCT_ALIAS=other_product
#Controller node ip#------------------CONTROLLER_IP="192.168.50.184"
#Please choose whether or not to user the ovs switches existed on system#-----------------------------------IS_USING_EXISTING_BR=NO#Please select an ethernet for openvswitch network#-------------------------------------------------OVS_NIC="eth1"
#Qpid server ip#--------------QPID_HOSTNAME="192.168.50.184"
#Qpid SSLIS_QPID_SSL=YES
#Qpid server port#----------------QPID_PORT="5671"
84 IBM SmartCloud Entry: Administrator Guide 3.2
|
||
||
|||
||
|
|
|
|
||
||
||||||||||||||||||||||||||||||||||||||
#Keystone ip#---------KEYSTONE_IP="192.168.50.184""
#Keystone port#-----------KEYSTONE_PORT="5000"
#Glance ip#---------GLANCE_IP="192.168.50.184""
#Glance port#-----------GLANCE_PORT="9292"
#Qpid username for nova#----------------------NOVA_QPID_USERNAME="qpidclient"
#Qpid password for nova#----------------------NOVA_QPID_PWD=openstack1
#Log directory#-------------NOVA_LOG_DIR="/var/log/nova"
#Do you continue the advanced configuration#------------------------------------------IS_NOVS_ADV=YESIS_LIVE_MIGRATION=YES
#Keystone username for neutron#-----------------------------NEUTRON_ADMIN_USER="neutron"
#Keystone password for neutron#-----------------------------NEUTRON_ADMIN_PWD=neutron
#Tenant name for neutron#-----------------------NEUTRON_ADMIN_TENANT_NAME="service"
#Qpid username for neutron#-------------------------NEUTRON_QPID_USERNAME="qpidclient"
#Qpid password for neutron#-------------------------NEUTRON_QPID_PWD=openstack1INDEX_OF_MATCHING_NEUTRON_QPID_PWD=0
#Log directory#-------------NEUTRON_LOG_DIR="/var/log/neutron"
#Do you want to create a silent install response file#-----------IS_RESP=YES
The following example shows all properties that are available during a console installation of the IBMSmartCloud Entry KVM Agent and CLI Client for the CLI Client.
Chapter 5. Installing and uninstalling 85
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
||
(CLI Client Only)#Openstack user name#--------------OS_USERNAME="sceagent"
#Openstack tenant name#--------------OS_TENANT_NAME="Public"
#Openstack client password#--------------CLI_PASSWORD=openstack1
#Openstack region name#--------------OS_REGION_NAME="regionOne"
#Openstack auth url#--------------OS_AUTH_URL=""
#Openstack cacert path#--------------OS_CACERT=""
Notes:
1. The property ;LICENSE_ACCEPTED in the response file specifies your agreement to the license for theapplication. You must specify TRUE to run the silent installation successfully.
2. If you want to reuse the virtual switches that already exist on the host, specify the properties asfollows:
IS_USING_EXISTING_BR=YESINT_SWITCH="br-int"OVS_SWITCH="br-eth1"
Typically, INT_SWITCH, which is the switch for the integration network, is named “br-int”, and theOVS_SWITCH, which is the switch for the data network, depends on the actual settings on the host.In the example, this value is “br-eth1.”
3. If you use the response file that is generated by the installer as the input file for silent installation,you can set the NOVA_QPID_PWD, NEUTRON_ADMIN_PWD, and NEUTRON_QPID_PWDpasswords before running the silent installation. These passwords are not directly stored in theresponse file due to the security concerns.
What to do next
The IBM SmartCloud Entry KVM Agent and CLI Client creates the “nova” user and this user requires apassword when you connect to a remote node using secure shell (SSH) protocol. For this reason, IBMSmartCloud Entry cannot perform the resize or migration functions for KVM compute nodes that areusing NFS unless SSH is properly configured on each compute node. To enable the resize and migrationfunctions, manually configure SSH on each KVM compute node as shown in the following steps so thatSSH can perform automatic transfers:1. Log on to Node1 as the “nova” user.2. Run the following command to change to the ssh directory:
cd to ~/.ssh
3. Run the following command:ssh-keygen
This generates two files. By default the file names are id_rsa and id_rsa.pub. However, you canchange these file names during the configuration.
86 IBM SmartCloud Entry: Administrator Guide 3.2
||||||||||||||||||||||||
|
||
||
|
|
|
|||
||||
|
||||||
|
|
|
|
|
||
4. Run the following command:ssh-copy-id -i id_rsa.pub nova@node2_ip_address
5. Run the following command:ssh nova@node2_ip_address
If this command succeeds, the configuration is successful, and you can automatically connect toNode2 using the SSH protocol. If the command is not successful, verify the configuration or contactyour administrator for help.
6. Repeat these steps from Node2 to enable automatic connection using the SSH protocol from Node2 toNode1.
Upgrading the IBM SmartCloud Entry KVM Agent and CLI ClientFollow these steps to upgrade the IBM SmartCloud Entry KVM Agent and CLI Client.
Overview of the upgrade
The upgrade completes the following steps:
For KVM Agent
v Stop OpenStack Nova Compute and Neutron Open vSwitch agentv Upgrade the OpenStack Nova Compute and Neutron Open vSwitch agentv Restart OpenStack Nova Compute and Neutron Open vSwitch agent
For CLI Client
v Upgrade the following clients:– Nova– Neutron– Cinder– Keystone– Glance
v Configure the openrc file environment variable for accessing these Clientsv Get certification from the IaaS gateway server
Upgrading by using console mode:
Follow these steps to upgrade the IBM SmartCloud Entry KVM Agent and CLI Client by using theconsole upgrade installation wizard.
Procedure
1. Download the latest fix for the IBM SmartCloud Entry KVM Agent and CLI Client from Fix Central.For more information, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Note: The IBM SmartCloud Entry KVM Agent and CLI Client and the IBM SmartCloud Entryappliance must be at the same level, either the GA level, or the fix level.
2. Locate the installation image, and run the following command to start the installation wizard:IBM_SmartCloud_Entry_KVM_Agent.bin
3. Follow the instructions that are provided by the installation wizard. Choose locale language and agreeto the license terms.
4. On the Choose Upgrade step, the installation wizard indicates that IBM SmartCloud Entry is installed,and prompts you to choose whether to upgrade IBM SmartCloud Entry.
Chapter 5. Installing and uninstalling 87
|
|
|
|
|||
||
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
||
||
|
|
||
||
5. On the Install Folder Confirmation step, the installation wizard displays the default path to theinstalled product folder. Press Enter to use this default path, or specify the path to the installedproduct folder. The installation wizard performs the upgrade.
6. For information about the upgrade, view the logs in the following directory:$USER_INSTALL_DIR/_$PRODUCT_NAME_installation/Logs/$PRODUCT_NAME_yum_upgrade.log
7. To verify whether the services installed correctly, follow these steps:a. Run the following commands to check whether these two processes are running:
v ps -ef|grep nova-compute
v ps -ef|grep neutron-openvswitch-agent
b. Log onto the IBM SmartCloud Entry Appliance and run the following command to check whetherthe IBM SmartCloud Entry KVM agent is displayed in the resulting list:nova-manage service list
Note: The upgrade does not change the Nova and Neutron configurations or status.
Upgrading by using silent mode:
You can upgrade the IBM SmartCloud Entry Linux Kernel-based Virtual Machine (KVM) Agent and CLIClient by using silent mode.
About this task
To upgrade silently, you either provide upgrade parameters through the command line, or use aproperties file (response file) to specify all the parameters in a single file.
Upgrading silently by using the command line:
To silently install the IBM SmartCloud Entry Linux Kernel-based Virtual Machine (KVM) Agent and CLIClient by using the command line, follow these steps:
Procedure
1. Download the latest fix for the IBM SmartCloud Entry KVM Agent and CLI Client from Fix Central.For more information, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Note: The IBM SmartCloud Entry KVM Agent and CLI Client and the IBM SmartCloud Entry KVMappliance must be at the same level, either the GA level, or the fix level.
2. Open a command prompt and run the following command:/IBM_SmartCloud_Entry_KVM_Agent.bin -i silent -DLICENSE_ACCEPTED=TRUE
-DUSER_INSTALL_DIR=/opt/other/other_product-DPRODUCT_ALIAS=other_product -DIS_UPGRADE=YES
Tips:
a. The -i silent parameter indicates silent (unattended) upgrade.b. The Dkey = value parameter contains a key and value pair to pass to the upgrade. You can specify
as many of these key and value pair parameters as you want in the format Dkey=value, separatedby a space character.
Upgrading silently by using a response file:
Follow these steps to run a silent upgrade by using a response file.
88 IBM SmartCloud Entry: Administrator Guide 3.2
|||
|
|
|
|
|
|
||
|
|
|
||
|
||
|
||
|
||
||
|
|||
|
|
|||
|
|
Before you begin
If you choose to upgrade silently, you must create an IBM SmartCloud Entry Linux Kernel-based VirtualMachine (KVM) Agent and CLI Client silent installation response file and use the file for the upgrade.
Procedure
1. Download the latest fix for the IBM SmartCloud Entry KVM Agent and CLI Client from Fix Central.For more information, see “Applying fixes and updates for IBM SmartCloud Entry” on page 90.
Note: The IBM SmartCloud Entry KVM Agent and CLI Client and the IBM SmartCloud Entry KVMappliance must be at the same level, either the GA level, or the fix level.
2. To run the upgrade by using a response file, you must specify the correct parameters in a locallysaved copy of the response file. The response file properties are used to in the silent upgrade.The following example shows all the properties that are available during a console upgrade of theIBM SmartCloud Entry KVM Agent and CLI Client for the KVM Agent. You can modify theseproperties for a silent upgrade.#Indicate whether the license agreement been accepted#----------------------------------------------------LICENSE_ACCEPTED=TRUE#Choose Install Folder#---------------------USER_INSTALL_DIR=/opt/other/other_product#product alias used as install folder name#--------------------PRODUCT_ALIAS=other_product#Choose to upgrade or not#------------------IS_UPGRADE=YES
Notes:
a. The property ;LICENSE_ACCEPTED in the response file specifies your agreement to the license for theapplication. You must specify TRUE to successfully run the silent upgrade.
b. If you did not install the product into the default installation path, you must use theUSER_INSTALL_DIR property to specify the installation path for the product.
3. When the response file is ready, open a command prompt and run the following command:/IBM_SmartCloud_Entry_KVM_Agent.bin -i silent -f <path to response file>
where <path to response file> is the full path to the response file.
Uninstalling the IBM SmartCloud Entry Linux Kernel-based Virtual Machine (KVM)Agent and CLI ClientThe IBM SmartCloud Entry Linux Kernel-based Virtual Machine (KVM) Agent and CLI Client uninstallersupports uninstallation by using the command line.
About this task
Use the following steps to uninstall the IBM SmartCloud Entry KVM Agent and CLI Client on Red HatEnterprise Linux:
Note: When you uninstall the IBM SmartCloud Entry KVM Agent, you can choose not to uninstall OpenvSwitch and Libvirt to preserve the virtual server and virtual switches on the host. Then if you install theIBM SmartCloud Entry KVM Agent again, you can reuse these virtual resources.
Procedure1. (KVM Agent only) Run the following commands to shut down the IBM SmartCloud Entry
Management Services:
Chapter 5. Installing and uninstalling 89
|
||
|
||
||
||
|||
||||||||||||
|
||
||
|
|
|
|
service openstack-nova-compute stop
service neutron-openvswitch-agent stop
2. Navigate to the $USER_SHORTCUTS$/bin folder, which contains the uninstallation program.3. Run the following command:
./Uninstall_IBM_SmartCloud_Entry_KVM_Agent
4. Follow the instructions in the uninstallation wizard to complete the operation.5. (KVM Agent only) Choose whether to uninstall Open vSwitch. If you choose to uninstall Open
vSwitch,the virtual switches that were created by Open vSwitch are removed.
Note: While the installation mode is silent, the uninstallation is in silent mode automatically, andOpen vSwitch virtual switches are not removed. To remove Open vSwitch virtual switches, appendthe following option to the uninstallation command:-DIS_OVS_UNINSTALL=YES
6. (KVM Agent only) Choose whether to uninstall Libvirt.
Note: While the installation mode is silent, the uninstallation is in silent mode automatically, andLibvirt is not removed. To remove Libvirt , append the following option to the uninstallationcommand:-DIS_OVS_UNINSTALL=YES
7. Complete the uninstallation.
Results
After the IBM SmartCloud Entry KVM Agent and CLI Client is uninstalled, the uninstaller backs up thefollowing files by renaming them to *.rpmsave:v nova.conf
v neutron.conf
v ovs_neutron_plugin.ini
Applying fixes and updates for IBM SmartCloud EntryUpdates for IBM SmartCloud Entry provide fixes to the product. IBM SmartCloud Entry has a CommandLine Interface (CLI) that is used to update the application. The CLI is available from the OSGi consolethat opens when the application starts.
About this task
Note: If you installed IBM SmartCloud Entry by deploying an IBM SmartCloud Entry virtual appliance,see “Performing support and maintenance tasks on the IBM SmartCloud Entry appliance” on page 131for instructions to apply fixes and updates to your appliance.
Depending on where you chose to download the update package, you either access a URL-basedrepository for remotely installing packages or local file system directory repository on the system runningIBM SmartCloud Entry. Updates using remote (URL-based) or local file system (directory) repositories arethe same except for the format of the repository that is specified on the CLI. URL-based repositories areof the form http://UPDATE_REPOSITORY, while local file system (directory) repositories have the form file:PATH_TO_DIRECTORY. When using a local file system repository, you must use forward slashes in the fullpath to the local directory.
Note: Before you install a fix pack or upgrade IBM SmartCloud Entry, back up your skc.ini file to a safelocation. After you install the fix pack or finish upgrading, replace the skc.ini file with your backupversion.
90 IBM SmartCloud Entry: Administrator Guide 3.2
The following update commands are available from the CLI:
versionReturns the current product version.
showreposReturns a list of the update repositories that are associated with the product.
addrepo [url]Adds a repository to the product from the file or remote URL.
delrepo [url]Removes a repository (* for all repositories) from the product.
checkupdatesReturns a list of the current updates available.
installupdatesInstalls the available updates to the product.
updatetimestampsReturns a list of the product update timestamps.
rollbackupdates [timestamp]Rolls back to the timestamp. If no timestamp is given the rollback is to the previous timestamp.
To download and install fixes for IBM SmartCloud Entry, follow these steps:
Procedure1. Open your browser to IBM Support Fix Central at http://www-933.ibm.com/support/fixcentral/2. Select Select product.3. Select Other Software for the Product Group.4. For the Product, select IBM SmartCloud Entry.5. Select All for the Installed Version.6. Select All for the Platform and select Continue.7. Identify fixes by selecting Browse for fixes and select Continue.8. Select the specific fix that you want and select Continue.9. Authenticate to the Fix Central server to demonstrate entitlement.
10. Select the method that you want to use to download the fix and select Continue.11. Store the update in a repository that is available remotely or locally on the system that is running
IBM SmartCloud Entry.12. Extract the compressed file to the disk drive of the system in a temporary directory.13. In the IBM SmartCloud Entry OSGi command console, use the showrepos command to list the
repositories that are associated with the IBM SmartCloud Entry. For example:osgi> showreposMetadata repositories:Artifacts repositories:
file:/C:/Users/IBM_ADMIN/.eclipse/207580638/p2/org.eclipse.equinox.p2.core/cache/
14. If the repository that is storing the extracted files is not available, use the addrepo command to addthat repository.osgi> addrepo file:C:/temp/myFixPackIBM SmartCloud Entry update repository added
15. Install the updates by using the installupdates command.
Chapter 5. Installing and uninstalling 91
osgi> installupdatesIBM SmartCloud Entry updates to install:com.ibm.cfs.product 3.1.0.0-20130513==> com.ibm.cfs.product 3.1.0.2-20130814IBM SmartCloud Entry update done
16. When the update is complete, activate the changes by using the close command to end the OSGisession, then restarting IBM SmartCloud Entry.osgi> close
17. If you want to remove the updates and return to a previous configuration of IBM SmartCloud Entry,follow these steps:a. If you have not yet restarted IBM SmartCloud Entry after applying an update, you must close
your OSGi session and restart IBM SmartCloud Entry before you can roll back the changes.b. Determine the timestamp of the update by running the updatetimestamp command:
osgi> updatetimestampsUpdate Tim-stamps:1374633752042: Wed Jul 24 10:42:32 CST 2013: 3.1.0.0-2013051312521374657093794: Wed Jul 24 17:11:33 CST 2013: 3.1.0.2-2013072402151374657144808: Wed Jul 24 17:12:24 CST 2013: 3.1.0.0-2013051312521374657179390: Wed Jul 24 17:12:59 CST 2013: 3.1.0.2-2013072402151378173169597: Tue Sep 03 09:52:49 CST 2013: 3.1.0.0-2013051312521378175017499: Tue Sep 03 10:23:37 CST 2013: 3.1.0.2-201307240215
c. Use the rollbackupdates command to remove the updates.rollbackupdates 1378175017499
If you do not provide a timestamp to the rollbackupdates command, the last timestamp is used.d. When the rollback is complete, activate the changes by using the close command to end the
OSGi session, then restarting IBM SmartCloud Entry.
IBM SmartCloud Entry for Cloud SSL configuration (optional)The IBM SmartCloud Entry ships a self-signed certificate for SSL communication between a clientmachine, such as a web browser, and the IBM SmartCloud Entry server. This certificate is stored in the<home directory>/.keystore file.
This self-signed certificate is shipped for testing purposes only. It is not associated with a qualified hostand domain name. Additionally, it is self-signed so a security warning is displayed when you access thehost using https. To use SSL configuration in production, create a different self-signed or CA issuedcertificate that is designated specifically for the qualified host. Additionally, the keystore password mustbe changed or another keystore must be used to contain this certificate with a secure password. The newpasswords would then be used in the following server.properties file configuration example.
To export a certificate to be used by clients, run the following command from the .SCE32 directory:"<jre path>/keytool" -export-v -alias SKC -file SKC.cer -keystore .keystore -storepass password
where password is the password you specify.
Notes:
v In order for this command to run properly, the Java/bin directory must be added to the system %PATH%variable.
v keytool is a key and certificate management utility that is included with Java™ SE 6.0.
After this certificate is imported into a client, the client can communicate with IBM SmartCloud Entry byusing the trusted certificate with no additional user intervention required. If the import is not done, theclient, such as a browser, might prompt the user to verify it and confirm that the certificate is trusted.After you confirm that you accept the risk of the certificate, you will be able to use SSL.
92 IBM SmartCloud Entry: Administrator Guide 3.2
Note: When you use Internet Explorer to install a self-signed certificate, ensure that the certificate issuername exactly matches the domain name of the URL that you are using it for. For example, if the URL ishttps://ip_address/cloud/web/login.html, where ip_address is your IP address, the CN setting must beCN=ip_address and the command is as follows:keytool -genkey -dname "CN=ip_address, OU=Cloud, O=IBM, L=RTP, S=NC, C=US" -alias SKC
-keystore .keystore -keyalg RSA -keysize 1024
If you still cannot install the certificate using Internet Explorer, it might be necessary to modify thesystem date time to synchronize with the IBM SmartCloud Entry server time. Also, ensure that you shutdown and restart all instances of Internet Explorer after you install the certificate.
SSL is enabled on the server by configuring the server.properties file in the IBM SmartCloud Entryhome directory as follows:# HTTP server portorg.osgi.service.http.port=18080
# Flag to enable/disable HTTP. If it is necessary for the protocol to be only SSL, set this flag to false.org.eclipse.equinox.http.jetty.http.enabled=true
# Flag to enable/disable HTTPSorg.eclipse.equinox.http.jetty.https.enabled=true
# HTTPS portorg.eclipse.equinox.http.jetty.https.port=18443
# SSL passwordorg.eclipse.equinox.http.jetty.ssl.password=password
# Keystore passwordorg.eclipse.equinox.http.jetty.ssl.keypassword=password
# The full path location of the keystoreorg.eclipse.equinox.http.jetty.ssl.keystore=home directory/.keystore
# The SSL protocolorg.eclipse.equinox.http.jetty.ssl.protocol=SSL_TLS
Note: The org.eclipse.equinox.http.jetty.ssl.protocol property is SSL_TLS if running on an IBMJRE. The property is TLS if running on a Sun or Oracle JRE.
Restart the server after you change the server.properties file. With the server running, point your clientto https://system:18443/cloud/api/users to test it. Depending on whether you imported the certificatefrom above, you might be prompted to accept the certificate.
Creating a new certificate for your host
You can use the keytool tool to create a self-signed certificate for the host you are deploying IBMSmartCloud Entry on or to create a certificate signing request (CSR) to send to a certificate authority (CA)to get a CA-issued certificate that is trusted by clients automatically.
For example, to generate a new keystore with specific customer information, use the following command:keytool -genkey -dname "CN=cloud.ibm.com, OU=Cloud Services, O=IBM, L=RTP, S=NC, C=US"-alias SKC -keystore .keystore -keyalg RSA -keysize 1024
CN Specifies the customers domain.
OU Specifies the organization within the customer’s company.
O Specifies the company.
Chapter 5. Installing and uninstalling 93
L Specifies the city of the company location.
S Specifies the state where that city resides.
CB Specifies the country.
To generate a certificate signing request from the keystore, run the following command:keytool -certreq -alias SKC -keystore .keystore -file NewCertSignRequest.csr
To import the trusted certificate (.cer) file, run this command:keytool -import -trustcacerts -alias SKC -file ./TrustedCertificate.cer -keystore .keystore
See the keytool documentation for your JRE for instructions. For the IBM JRE, the instructions areavailable at http://www.ibm.com/developerworks/java/jdk/security/60/secguides/keytoolDocs/keytool.html.
Note: When the CA is not trusted by clients automatically and you are attempting to access IBMSmartCloud Entry using https protocol, an exception is encountered that says the connection is untrusted.You must confirm that the risks are understood and must add an exception to continue. Even with atrusted certificate, when using Internet Explorer, you are likely to run into a similar exception.
Connecting using SSHIf you use a secure shell (SSH) protocol to communicate with your IBM SmartCloud Entry server, SSHencrypts authentication traffic going to and from the server.
To further minimize security risks when connecting using OpenSSH, change the OpenSSH daemonconfiguration file so that the line containing Protocol is changed to 2. Anything less than 2 is moresusceptible to attack. The OpenSSH daemon implemented under the IBM SmartCloud Entry server usesport 22 as a default for communication.
Uninstalling IBM SmartCloud EntryThe IBM SmartCloud Entry uninstaller, similar to the installer, supports three installation types: console,silent, and swing/graphical installers. Additionally, the uninstaller supports three operating systems: AIX,Linux, and Windows.
For AIX and Linux, the default display type is console. For Windows, the default display type isgraphical.
To uninstall IBM SmartCloud Entry using a non-default installation type, start the uninstaller from thecommand line and enter -i <uninstall type> where <uninstall type> is console, silent, or swing.
Uninstalling IBM SmartCloud Entry from Linux or AIXThe IBM SmartCloud Entry uninstaller, similar to the installer, supports three installation types: console,silent, and swing/graphical installers.
For AIX and Linux, the default display type is console.
To uninstall IBM SmartCloud Entry using a non-default installation type, start the uninstaller from thecommand line and enter -i <uninstall type> where <uninstall type> is silent or swing.
94 IBM SmartCloud Entry: Administrator Guide 3.2
Uninstalling a console installation of IBM SmartCloud Entry on Linux or AIXAbout this task
To uninstall IBM SmartCloud Entry that was installed by using a console on Linux or AIX, follow thesesteps:
Procedure1. Stop any IBM SmartCloud Entry processes that are running.2. Navigate to the uninstaller in the installation folder or in the links folder. For example, cd
/opt/ibm/SCE32/_SmartCloud_Entry_installation.3. Run the uninstaller with root authority by running ./UninstallSCE
4. Read the uninstaller instructions. Then, press Enter.5. In some cases, not all the files cannot be removed by the uninstaller. For example, the links often
cannot be removed. To remove the links after the uninstaller completes, follow these steps:a. Navigate to the links folder. For example, cd ~.b. Remove any leftover links with the following command:
rm *SCE*
c. Repeat this file removal for all remaining files.
Results
The uninstallation is complete.
Uninstalling a graphical installation of IBM SmartCloud Entry on Linux or AIXAbout this task
To uninstall IBM SmartCloud Entry that was installed by using a graphical installation on Linux or AIX,follow these steps:
Procedure1. Stop any IBM SmartCloud Entry processes that are running.2. Navigate to the uninstaller in the installation folder or in the links folder. For example, cd
/opt/ibm/SCE32/_SmartCloud_Entry_installation.3. Run the uninstaller with root authority by running the following command: .
./UninstallSCE -i swing
4. Read the instructions on the Introduction screen. Press Next.5. On the Choose Uninstall Features window, select Uninstall Specific Features to choose what to
uninstall. If you want to completely uninstall IBM SmartCloud Entry, press Next. Both Applicationand Properties product features are cleared.
6. In some cases, not all the files cannot be removed by the uninstaller. For example, the links oftencannot be removed. To remove the links after the uninstaller completes, follow these steps:a. Navigate to the links folder. For example, cd ~.b. Remove any leftover links by running the following command: rm *SCE*
c. Repeat this file removal for all remaining files.
Results
The IBM SmartCloud Entry uninstallation is complete.
Chapter 5. Installing and uninstalling 95
Uninstalling IBM SmartCloud Entry from WindowsThe IBM SmartCloud Entry uninstaller, similar to the installer, supports three installation types: console,silent, and swing/graphical installers.
For Windows, the default display type is graphical.
To uninstall IBM SmartCloud Entry using a non-default installation type, start the uninstaller from thecommand line and enter -i <uninstall type> where <uninstall type> is console or silent.
Uninstalling a graphical installation of IBM SmartCloud Entry on Windows
About this task
Use the following steps to uninstall a graphical installation of IBM SmartCloud Entry on Windows:
Procedure1. Shut down IBM SmartCloud Entry.2. Access IBM SmartCloud Entry in the Control Panel, Control Panel > Programs > Uninstall a
program. Select IBM SmartCloud Entry in the list and then click Uninstall.3. Read the instructions on the Introduction screen. Then, click Next.4. On the Choose Uninstall Features window, select Uninstall Specific Features to choose what to
uninstall. If you want to completely uninstall IBM SmartCloud Entry, press Next. Both Applicationand Properties product features are cleared.
5. Check the features that you want to uninstall and then press Uninstall.
Results
The IBM SmartCloud Entry uninstallation is complete.
Uninstalling a console installation of IBM SmartCloud Entry on WindowsAbout this task
To uninstall IBM SmartCloud Entry that was installed using a console on Windows, follow these steps:
Procedure1. Shut down the IBM SmartCloud Entry executable file.2. Open a Windows command prompt.3. In the command prompt window, navigate to the Windows uninstaller. For example, cd C:\Program
Files\IBM\SmartCloud Entry\_smartcloud_entry_installation
4. Run the uninstaller by entering UninstallSCE.exe -i console
5. Read the uninstaller instructions on the Introduction window and press Enter.
Results
IBM SmartCloud Entry is now uninstalled.
Database cleanup
After IBM SmartCloud Entry is uninstalled, the administrator can optionally drop the database that isassociated with IBM SmartCloud Entry. Any database drop and delete commands should be done usingthe database software.
96 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 6. Migrating IBM SmartCloud Entry
This section describes different methods for migrating IBM SmartCloud Entry to a new release.
There are several options for migrating IBM SmartCloud Entry to a new release:v Manually migrating to a new releasev Migrating from one system to anotherv Migrating to a version 3.2 IBM SmartCloud Entry virtual appliancev Migrating a Derby database to a DB2 database
Migrating to a new releaseYou can migrate your IBM SmartCloud Entry configuration when you are installing a new release.
To migrate data and configuration files that are not migrated by the installer or to manually migrate yourdata and configurations, follow the instructions in these topics. When you migrate data in IBMSmartCloud Entry you must migrate sequentially; you cannot skip a version. For example, if you want tomigrate IBM SmartCloud Entry version 2.3 to version 3.1, you need to migrate from version 2.3 toversion 2.4 first. Before you migrate to the latest version, ensure that all available fix packs are applied.Then, migrate from IBM SmartCloud Entry version 2.4 (with fix packs) to version 3.1.
To migrate IBM SmartCloud Entry to a new release, take the following general steps:v Migrate your configurationv Migrate your datav (Optional) Manually migrate any remaining configuration files
Migrating your configurationWhen you migrate to a new version of IBM SmartCloud Entry, you can choose to migrate all of yourpreferences from one set of configuration files to the new set.
To migrate your preferences from one set of configuration files to the new set, use the following OSGicommand:migrateConfig [source directory]
where source directory is the location of the previous IBM SmartCloud Entry release configuration files.
Running this command migrates the following configuration files:v cfs.keystone
v ldap.xml
v deployment.properties
v authentication.properties: admin.username, admin.password, and admin.name should not be updated.v email.properties
v messaging.properties
v metering.properties
v billing.properties
v web.properties
v *.jks
v products/*.xml
© Copyright IBM Corp. 2012, 2013 97
v server_rules.json
v openstack.properties
v server.properties
Example
To migrate configuration files from a previous version, run the following command:migrateConfig C:\oldSKC\.skc
Migrating your dataWhen you are migrating to a new version of IBM SmartCloud Entry, you can choose to migrate datafrom your previous database.
Before you begin
To prepare for the data migration, follow these steps:1. Ensure that the target database exists.2. In your browser, log out and close all open IBM SmartCloud Entry windows.
Procedure
To migrate your data, use the following OSGi command:upgradeDatabase 'DB2_Path' 'DB2_User_Name' 'DB2_password'
where DB2_Path is the path of the DB2 database, DB2_User_Name is the name of the DB2 administrator,and DB2_password is the password for the DB2 administrator.
Note: DB2_User_Name and DB2_password are only needed when migrating data from a DB2 database.
Notes:
v The upgradeDatabase command supports only major versions of databases.v The source database must be Derby or DB2.v Only approved requests can be migrated, while others such as pending requests, rejected requests, and
withdrawn requests cannot be migrated. If the approved requests related instances have been deleted,they cannot be migrated either.
v If any errors occur during migration, renew the target database and run the upgradeDatabase commandagain.
Results
You can see migration details in the console.
Examplev To migrate your data from a Derby database, run the following command:
upgradeDatabase 'C:\oldSKC\.skc\'
v To migrate your data from a DB2 database, run the following command:upgradeDatabase '//localhost:50001/skc''db2admin' 'db2passwd'
What to do next
You must restart IBM SmartCloud Entry after migration.
98 IBM SmartCloud Entry: Administrator Guide 3.2
Migrating configuration manuallySome configuration information must be migrated manually.
This configuration information includes:v Network configurationv Logging.properties file
Note: When migrating configuration information for a Microsoft Windows 2008 installation, you mustmanually configure the cloud connection.
Migrating from one system to anotherYou can migrate your IBM SmartCloud Entry configuration from one system to another system.
About this task
Note: Migrating a configuration from one system to another replaces the configuration on the targetsystem.
To migrate IBM SmartCloud Entry from one system to another, follow these steps:
Procedure1. Shut down IBM SmartCloud Entry on the target system.2. Copy the .SCE31 directory from the source system to the target system, overwriting the .SCE31
directory on the target system.3. Update the directory path in the logging.properties file to the following:
java.util.logging.FileHandler.pattern=/home/sysadmin/.SCE31/logs/skc-%g.log
4. Update the directory path in the server.properties file to the following:org.eclipse.equinox.http.jetty.ssl.keystore=/home/sysadmin/.SCE31/.keystore
5. Use the appropriate option on the sceappmgr menu to generate a new SimpleToken on the targetsystem.
6. Start IBM SmartCloud Entry on the target system.The configuration from the source system is now available on the target system.
Migrating from version 3.1 to a version 3.2 applianceYou can migrate IBM SmartCloud Entry version 3.1 to a version 3.2 appliance.
About this task
To migrate to a version 3.2 appliance, you need to create the new 3.2 appliance and migrate the settingsfrom the previous version appliance. When the migration is complete, the 3.1 appliance is no longer used,and the 3.2 appliance assumes the network identity of the 3.1 appliance.
The 3.2 appliance must be deployed on the same hypervisor as the 3.1 appliance. This is required totransfer the image repository from the 3.1 appliance to the 3.2 appliance.
The 3.1 appliance must apply the latest generally available fix pack before migration.
You must have sufficient resources to create a new 3.2 appliance that is visible to the network where the3.1 appliance is located. You do not need to allow space for a duplicate image repository, but the storagewhere the image repository currently is located must be accessible to the new appliance.
Chapter 6. Migrating 99
The migration process can take some time to run, depending on the configuration of the 3.1 appliance.During the migration, you should not use either appliance.
When the migration is complete, the 3.1 appliance is shut down and the 3.2 appliance is restarted tocomplete the migration. During this process, both appliances are unavailable.
Note: Migration is not supported for an appliance with one or more snapshots. You must delete allsnapshots of the 3.1 appliance and 3.2 appliance, with the appropriate hypervisor tool, and then restartbefore you start migration.
To migrate to a version 3.2 appliance, follow these steps:
Procedure1. Install a version 3.2 appliance. For instructions, see the “Deploying IBM SmartCloud Entry virtual
appliances” on page 27 topic collection. Deploy a version 3.2 appliance that has the same combinationof IBM SmartCloud Entry and OpenStack. For example, if the 3.1 appliance has OpenStack enabled,deploy the 3.2 appliance using the IBM SmartCloud Entry for OpenStack configuration. If the 3.1appliance does not have OpenStack enabled, deploy the 3.2 appliance using the IBM SmartCloudEntry only configuration.
2. Run sceappmgr to start the migration.a. From the 3.2 appliance, run sceappmgr.b. Select Support and Maintenance > Migrate SmartCloud Entry Appliance > Migrate From
SmartCloud Entry 3.1 Appliance.c. Enter the host name or IP address of the 3.1 appliance, then enter the passwords in response to
the prompts.d. When you are ready to begin the process, select the option to continue with the migration. The
initial phase of the migration validates the configuration being used. If any checks fail, an errormessage is issued. After correcting the error, the process can be restarted.
3. Manually move the image repository when prompted. Follow the instructions that are displayed inthe sceappmgr console to move the 3.1 appliance image repository disk to the 3.2 appliance using theappropriate hypervisor tool. After the move is successful, press Enter to continue with migration.
4. Finish the migration.
Results
After the image repository is moved, the remainder of the migration process runs. When it completes,you are prompted to shutdown the 3.1 appliance, and then restart the 3.2 appliance. After the 3.2appliance restarts, the migration is complete.
As part of the migration process, the OpenStack Quantum user is migrated to the 3.2 appliance and theOpenStack Neutron user is assigned the password of the OpenStack Quantum user.
If errors occur in the migration process, correct the source of the error, and restart the migration processas needed. Migration steps that are already completed successfully are not rerun.
What to do next
After the migration is complete, you might need to complete the following actions that are based on yourspecific IBM SmartCloud Entry 3.1 configuration.
If an OpenStack cloud configuration existed in IBM SmartCloud Entry 3.1 before the migration, log in tothe migrated IBM SmartCloud Entry user interface. Then, edit the OpenStack cloud configuration to setthe Secure the cloud connection using SSL configuration option.
100 IBM SmartCloud Entry: Administrator Guide 3.2
Migrating a Derby database to DB2 databaseUse the migratedatabase command to move the IBM SmartCloud Entry database from an embeddedDerby database to an external DB2 database. Migrating to an external DB2 database can improve scaling,performance, and production level data store.
To prepare for the migration process, follow these steps:1. Ensure that the DB2 database exists and is empty. For instructions about how to create the database,
see “Creating a DB2 database for IBM SmartCloud Entry” on page 27.2. Configure IBM SmartCloud Entry to use DB2. For more information, see “Configuring database” on
page 138.3. In your browser, log out and close all opened IBM SmartCloud Entry windows.
To migrate the current database to the DB2 database, use the following OSGi command:migrateDatabase source_directory
where source_directory is the property file location. You can see migration details in the console. It is notnecessary to restart IBM SmartCloud Entry after migration.
Example: Migrating from a Derby database to a DB2 database
Migrate the Derby database to a DB2 database by running the following command:
migrateDatabase 'C:\oldSCE24\.SCE24\'
Notes:
v Only approved requests can be migrated, while others such as pending requests, rejected requests, andwithdrawn requests cannot be migrated. Approved requests related instances that have been deletedcannot be migrated.
v If any errors occur during migration, renew DB2 first and try running the migrateDatabase commandagain.
v To free up the space that is occupied on IBM SmartCloud Entry server, the migrateDatabase commandclears the Derby database following the migration. Create a backup of the Derby database beforemigration.
v During migration, invoice IDs might change.
Chapter 6. Migrating 101
102 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 7. Starting and stopping IBM SmartCloud Entry
The following steps are required for starting IBM SmartCloud Entry on Windows, AIX, and Linux.
Note: When starting or restarting IBM SmartCloud Entry on a high scale cloud, the synchronizationbetween IBM SmartCloud Entry and the cloud might take longer than expected. This resynchronizationmight cause operations such as deploying, deleting, or resizing an instance to be delayed or even fail.Wait for the synchronization to complete before you attempt these actions.
Starting and stopping IBM SmartCloud Entry on Windows
To start IBM SmartCloud Entry, navigate to All Programs > IBM SmartCloud Entry 3.2 > SmartCloudEntry. Alternatively, you can double-click the SmartCloud Entry 3.2 icon that might be installed on yourdesktop. In 10 to 20 seconds, the server is available and you can access IBM SmartCloud Entry byopening http://localhost:18080/cloud/web/index.html in a supported browser.
Note: The host name localhost and port 18080 are the default host and port names. Substitute theappropriate values for your environment if necessary.
To stop IBM SmartCloud Entry, shut down the IBM SmartCloud Entry instance by closing the window orby using Ctrl-C to end it.
If the IBM SmartCloud Entry instance was started with an OSGi console running in the background, youmight have to telnet to it with the correct port to access the console. Refer to OSGi console for moredetails. From the OSGi console, type shutdown to stop IBM SmartCloud Entry and then exit to exitimmediately. Exit IBM SmartCloud Entry before restarting.
Starting and stopping IBM SmartCloud Entry on Linux or AIX
The IBM SmartCloud Entry installation on Linux or AIX can be started by the root user or by users whoare members of the sce group. By default no users are part of the sce group. Only the root user can addmore users to the sce group on Linux or AIX. The sce group is created as part of the IBM SmartCloudEntry installation.
To start IBM SmartCloud Entry on Linux or AIX, navigate to the link location specified duringinstallation. By default this location is the /usr/bin directory. From the link directory, run the file that iscalled SCE_32 or runSCE_32. When the start is complete, the server is available and you can access IBMSmartCloud Entry by opening http://localhost:18080/cloud/web/index.html in a supported browser.
Note: The host name localhost and port 18080 are the default host and port names. Substitute theappropriate values for your environment if necessary.
To stop IBM SmartCloud Entry, shut down the IBM SmartCloud Entry executable file by stopping thecommand by using Ctrl-C.
If the IBM SmartCloud Entry executable file was started with an OSGi console running in thebackground, you must telnet to it with the correct port to access the console. Refer to OSGi console formore details. From the OSGi console, type shutdown to stop IBM SmartCloud Entry and then exit to exitimmediately. Exit IBM SmartCloud Entry before you restart.
© Copyright IBM Corp. 2012, 2013 103
104 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 8. Configuring IBM SmartCloud Entry appliances
This section describes how you can configure and manage IBM SmartCloud Entry appliances by usingthe SmartCloud Entry Appliance Manager tool (sceappmgr).
About this task
For information about configuring OpenStack components, see the information on the OpenStack website:
http://docs.openstack.org/havana/
To start sceappmgr, complete the following steps:
Procedure1. Log in to the IBM SmartCloud Entry appliance virtual machine as sysadmin.2. Run the following command:
sceappmgr
The following menu displays:
IBM-SCE> sceappmgr====================
Manage SmartCloud Entry Appliance
1. Change Appliance Usage (Smart Cloud Entry with OpenStack)2. Manage Authentication Tokens3. Manage Passwords4. Manage SmartCloud Entry Services5. Manage Volume Groups6. Support and Maintenance7. Manage OpenStack Configuration8. Manage Networking Configuration
Enter selection (Enter to cancel):
Notes:
v Pressing Enter without making a menu selection exits sceappmgr.v The displayed sceappmgr menu reflects the currently available options. For example, menu option
1 might alternatively be Enable OpenStack Services.
IBM SmartCloud Entry and OpenStack deployment configurationsThe IBM SmartCloud Entry 3.2 virtual appliance supports three configurations for using IBM SmartCloudEntry and OpenStack.
The same stack is installed for each configuration, but the two features are configured differently. Thereare different sets of services that are enabled, and different options that are provided for customizing theconfiguration of OpenStack services.
IBM SmartCloud Entry onlyThis configuration enables the IBM SmartCloud Entry server for managing VMControl andVMware clouds. The OpenStack related services are not enabled.
IBM SmartCloud Entry with OpenStackThis configuration enables the IBM SmartCloud Entry server and OpenStack related servers. The
© Copyright IBM Corp. 2012, 2013 105
virtual appliance is configured to act as the OpenStack controller. The OpenStack services areconfigured for use by IBM SmartCloud Entry, while other OpenStack functions can be used ifthey do not interfere with proper operation of IBM SmartCloud Entry functions. Access toOpenStack APIs using the customer network is provided through the IaaS gateway server andthe Qpid messaging server, while compute nodes communicate with the virtual appliance overthe management network. IBM SmartCloud Entry can be used to manage an OpenStack cloudusing Hyper-V, KVM, and PowerVC. OpenStack is configured with a user, sceagent, that must beused when creating an OpenStack cloud in IBM SmartCloud Entry. Additionally, OpenStack isconfigured with a set of user roles and policies that are required for proper operation of IBMSmartCloud Entry.
Base OpenStackThis configuration enables only the OpenStack servers. OpenStack is configured as the controllingnode with a minimal set of service users, an admin role, and the service tenant. Access toOpenStack APIs using the customer network is provided through the IaaS Gateway server andthe Qpid messaging server, while compute nodes communicate with the virtual appliance overthe management network. The OpenStack cloud supports Hyper-V, KVM, and PowerVC. TheIBM SmartCloud Entry Appliance Manager tool provides an interface for managing theOpenStack configuration on the appliance. All other operations are done using OpenStack APIs orthe OpenStack CLI installed on another system via the IaaS Gateway Server. In the BaseOpenStack configuration, OpenStack is configured with service users for the OpenStack servicesand an 'admin' role. The default policy files that are shipped with OpenStack are used.
Minimum resources based on deployment configuration
The table shows the recommended minimum processor and memory for these configurations on Powerand x86_64-based appliances.
Table 27. Minimum resources
IBM SmartCloud Entry onlyIBM SmartCloud Entry withOpenStack Base OpenStack
2 processors, 4 GB memory 4 processors, 8 GB memory 4 processors, 8 GB memory
Changing the deployment configuration after deploying the virtual appliance
The IBM SmartCloud Entry Appliance Manager tool (sceappmgr) can be used to change the deploymentconfiguration. The configuration can be changed from "IBM SmartCloud Entry Only" to "IBM SmartCloudEntry with OpenStack" to "Base OpenStack". As the virtual appliance moves up this chain, artifacts arecreated that cannot be used with the lower configurations; therefore changing the deploymentconfiguration in the other direction is not allowed.
Changing the deployment configurationThe IBM SmartCloud Entry appliance includes OpenStack services for all of the supported virtualizationenvironments.
About this task
By default the OpenStack services are disabled on the KVM VMControl appliance and the VMwareappliance because OpenStack is not used to manage VMControl or VMware. If you plan to use thevirtual appliance to manage Hyper-V, KVM or PowerVC environments, you must enable OpenStackServices. Additionally, if you plan to use the virtual appliance purely for OpenStack, you must disableIBM SmartCloud Entry.
106 IBM SmartCloud Entry: Administrator Guide 3.2
The virtual appliance supports these OpenStack capabilities through changing the deploymentconfiguration.
Note: If you enable OpenStack, you must also increase the appliance virtual machine resources to fourprocessors and at least 8 GB of memory. You can change the IBM SmartCloud Entry and OpenStackdeployment configuration by using the IBM SmartCloud Entry Appliance Manager tool (sceappmgr). Itconfigures the appropriate services to start when the system is turned on and then starts (or stops) theIBM SmartCloud Entry and OpenStack services.
Only the following changes are allowed:
Table 28. Configuration options
Current® configuration Alternative configurations
IBM SmartCloud Entry only IBM SmartCloud Entry for OpenStack, Base OpenStack
IBM SmartCloud Entry for OpenStack Base OpenStack
Base OpenStack Deployment configuration cannot be changed
The appliance is deployed with different sets of policies, users, and roles for IBM SmartCloud Entry thanare configured for Base OpenStack. When IBM SmartCloud Entry is enabled, an 'sceagent' user is created,and three additional roles are created: owner, user, and viewer. The active policies for each OpenStackcomponent are defined in a set of policy.json files, one for each of Cinder, Glance, Keystone, Neutron, andNova. The IBM SmartCloud Entry and OpenStack versions of these policies are also installed for anadministrator to view. These policies are stored in the same directories, but with the names policy.json.sceand policy.json.openstack.
Complete the following steps to change the deployment configuration of the virtual appliance.
Procedure1. Start the IBM SmartCloud Entry Appliance Manager tool (sceappmgr).2. Select the option to change appliance usage. The current deployment configuration is shown next to
the option in the menu.3. If you select Base OpenStack, you have the option of preserving the IBM SmartCloud Entry related
users, rules, and policies. Respond with y or n.
Results
If the operation is successful, you see the following messages.Changing configuration and restarting services...Configuration has been updated successfully.Press Enter to continue:
Configuring IBM OpenStack virtualization environmentsThe section describes how you can configure and manage the IBM SmartCloud Entry virtual appliancesby using OpenStack technologies.
Supported IBM OpenStack and IaaS gateway configurationsThe following section describes the OpenStack configurations that are supported through the IBMSmartCloud Entry sceappmgr appliance tool. This support is applicable if you are using the BaseOpenStack deployment configuration.
Chapter 8. Configuring IBM SmartCloud Entry appliances 107
IBM SmartCloud Entry for Base OpenStack and IaaS gateway support matrix
If you selected the IBM SmartCloud Entry with OpenStack deployment configuration, IBM OpenStack ispre-configured and cannot be configured by the user.
IBM OpenStack supports a broader set of configurations for IBM SmartCloud Entry. For more informationabout configuring OpenStack components, see the OpenStack web site:http://docs.openstack.org/havana/
The following table outlines the specific configurations that are provided when you use the sceapprmgrappliance tool.
Table 29. IBM SmartCloud Entry for Base OpenStack and IaaS gateway support matrixController node Compute (Nova) Scheduler Filter-scheduler
Nova -network Not supported, use Neutron
quota_drive nova.quota.DbQuotaDriver
nova.quota.NoopQuotaDriver (default)
Network (Neutron) IP edition IPv4
IPv4/IPv6 dual(not supported by the PowerVC driver)
Net model Flat
VLAN
Virtual switch Open vSwitch 1.9
Plug-in OVSNeutronPluginV2
Storage (Cinder) Driver cinder.volume.drivers.StorwizeSVCDriverto SAN Volume Controller 6.4.1/6.4.2 for iSCSI
cinder.volume.drivers.LVMVolumeDriveron Red Hat Enterprise Linux version 6.4for iSCSI
powervc.volume.driver.powervc.PowerVCDriver
Authentication(Keystone)
Identity backend keystone.identity.backends.sql.Identity
keystone.identity.backends.ldap.Identity
Token format UUID
PKI
Image (Glance) Image activation config drive+cloud init(guest operating system: Linux or Windows)
config drive+VSAE(guest operating system: Linux or Windows)
config drive+sysprep(guest operating system: Windows)
ovf+VSAE(for PowerVC)
Others Operating System Red Hat Enterprise Linux version 6.4
Database DB2 version 10.5 SP2
Queue Qpid 0.22 Transient in memory
108 IBM SmartCloud Entry: Administrator Guide 3.2
Table 29. IBM SmartCloud Entry for Base OpenStack and IaaS gateway support matrix (continued)Compute node Hypervisor Type KVM in Red Hat Enterprise Linux version 6.4
Hyper-V in Microsoft Hyper-V Server 2012 or 2012 R2, or MicrosoftWindows Server 2012 Standard, 2012 data center, 2012 R2 Standard,2012 R2 data center
Driver KVM:Nova.virt.libvirt.LibvirtDriver
Hyper-V:Nova.virt.hyperv.HyperVDriver
PowerVC:powervc.nova.driver.virt.powervc.driver.PowerVCDriver
Network (Neutron) Agent KVM:OVSNeutronAgent
Hyper-V:HyperVNeutronAgent
PowerVC:PowerVCNeutronAgent (Running on controller node)
Configuring the PowerVC virtualization environmentThis section contains information that is specific to the PowerVC virtualization environment.
Managing the PowerVC driverThe PowerVC driver acts as an interface between OpenStack and a PowerVC cloud.
It synchronizes information between the local OpenStack instance and a single PowerVC server. You canuse the IBM SmartCloud Entry virtual appliance to change the configuration files that are used by thePowerVC driver and to enable or disable the PowerVC driver services. By default, the PowerVC servicesare disabled.
Opening TCP/IP ports:
In order for the IBM SmartCloud Entry virtual appliance and PowerVC driver to communicate with thePowerVC virtualization environment, specific TCP/IP ports must be open in the firewall that is runningon the PowerVC system.
About this task
The following TCP/IP ports must be open:TCP 5671 (Secure QPID connection)TCP 8775 (Nova API)
The Nova API port might already be open from when the PowerVC virtualization environment wasinitially configured. If iptables are being used for the firewall on the PowerVC virtualizationenvironment, you can use the following command to open the Secure QPID port:iptables -I INPUT 1 -p tcp --dport 5671 -j ACCEPTiptables-save >/etc/sysconfig/iptables
If some other firewall hardware or software product is used, perform the necessary steps to allowinbound TCP traffic to ports 5671 and 8775.
Enabling the PowerVC driver:
About this task
To enable the PowerVC driver, follow these steps:
Chapter 8. Configuring IBM SmartCloud Entry appliances 109
Procedure
1. Start sceappmgr.2. Select the Manage OpenStack Configuration option3. Select the Manage Configuration option The Manage PowerVC Configuration menu is displayed.
Manage PowerVC Configuration
PowerVC configuration files:1. Edit /etc/powervc/powervc-neutron.conf2. Edit /etc/powervc/powervc.confPowerVC services are disabled.3. Enable PowerVC Driver services
Enter selection (Enter to cancel):
4. Select to edit the powervc.conf file.5. Look for the [powervc] section and edit the following properties:
[powervc]auth_url = https://host/powervc/openstack/identity/v3admin_user = rootadmin_password = passw0rdadmin_tenant_name = ibm-defaultconnection_cacert =http_insecure = Truestaging_project_name = Publicstaging_user = adminqpid_hostname = hostqpid_port = 5671qpid_username = anonymousqpid_password =qpid_protocol = sslstorage_connectivity_group =image_limit = 500
6. Change auth_url and qpid_hostname to use the host name of the PowerVC system.7. Optional: Change user names and passwords for the PowerVC system.8. Set the storage_connectivity_group property to the name of the storage connectivity group. This
property also supports the value Any host, all VIOS.9. By default, the staging project and staging user are set up to work in the IBM SmartCloud Entry with
OpenStack configuration. For the Base OpenStack configuration, you must provide a valid project(tenant) and a valid user (with administrator privileges) who is also a member of the project.
Note: In an IBM SmartCloud Entry with OpenStack configuration, do not use users that are listed inthe com.ibm.cfs.cloud.openstack.service.users property of the openstack.properties file or projects thatare listed in the com.ibm.cfs.cloud.openstack.service.tenants property of the openstack.properties file asa staging user or project.
10. For PowerVC SSL connections, specify the path and file name of the CA certification file. Copy theCA certification file its install location on the PowerVC system, such as /etc/pki/tls/certs/powervc.crt, to the local hosting OpenStack system.
11. If you are using a secure connection and providing a CA certification file, change the value ofhttp_insecure to False.
12. Specify the value for the qpid_password. You provide the qpid connection password from thePowerVC system by using the cat command on the pw.file in the directory where PowerVC isinstalled as shown in the following example:cat /opt/ibm/powervc/data/pw.file)qpid_password =
13. If the PowerVC or hosting OpenStack cloud has more than 500 images, increase the value of theimage_limit property to include all images.
14. Save the file and exit the editor.
110 IBM SmartCloud Entry: Administrator Guide 3.2
15. Select the option to enable PowerVC driver services. This option configures the service to start andthen restart the OpenStack services.
16. To check the status of the PowerVC services, select the Manage SmartCloud Entry Services optionin sceappmgr and then select the Show Status of OpenStack Services option.
Changing the PowerVC configuration:
About this task
Use the following instructions to change the PowerVC configuration.
Procedure
1. Start sceappmgr.2. Select the Manage OpenStack Configuration menu option.3. Select the Manage PowerVC Configuration option. The Manage PowerVC Configuration menu is
displayed.Manage PowerVC Configuration
PowerVC configuration files:1. Edit /etc/powervc/powervc-neutron.conf2. Edit /etc/powervc/powervc.confPowerVC services are disabled.3. Enable PowerVC Driver services
Enter selection (Enter to cancel):
4. After you edit the files, sceappmgr will prompt to restart OpenStack services for the changes to takeeffect.
What to do next
When you edit the powervc.conf file, sceappmgr prompts to obfuscate passwords in the file. This changeencodes the admin_password and qpid_password properties in both the [openstack] and [powervc] sections.If you change these passwords by using the Manage Passwords function in sceappmgr, these files areupdated with obfuscated passwords. Only the [powervc] section of the powervc.conf file requireschanges. The values in the [openstack] section are maintained by other sceappmgr functions and do notneed to be changed.
Resource synchronization considerationsThe PowerVC driver synchronizes resources between the OpenStack controller environment and a singlePowerVC environment. This is done when the driver starts up and periodically while the driver isrunning.
Only the PowerVC resources that belong to the Storage Connectivity Group that is specified in thePowerVC driver configuration are eligible for synchronization. Resources might be created, updated, ordeleted as part of the synchronization process. When a new resource is created in the OpenStackcontroller environment and is required to have an owner or project, the driver will set the owner andproject based on the staging user and project that is specified in the PowerVC driver configuration.
Note: Only applicable properties of a resource and resources that are supported in the OpenStackcontroller environment are synchronized.
The following types of OpenStack resources might be synchronized by the PowerVC driver:v glance imagesv neutron networksv neutron subnetsv neutron ports
Chapter 8. Configuring IBM SmartCloud Entry appliances 111
v cinder volumesv cinder volume typesv nova serversv nova flavorsv nova hypervisors
Note: The PowerVC driver might create a default image named "PowerVC Default Image" in order tosynchronize nova servers. This image has an Undeployable state in IBM SmartCloud Entry and shouldnot be deleted.
When a resource is synchronized, it might cause events to be generated for the resource in the OpenStackcontroller environment. These events can be viewed from IBM SmartCloud Entry by selecting Reports >Events.
Volume synchronization considerationsWhen you create a new volume in PowerVC, consider the following information about automaticsynchronization.
About this task
When a volume is created on PowerVC within the Storage Connectivity Group (as defined in thePowerVC driver configuration), that volume is automatically synchronized to the cinder service runningon the OpenStack server of that PowerVC driver. The PowerVC driver uses a single user ID and projectto communicate with PowerVC, so the user and project that the volume was created with is not used onthe cinder server running the PowerVC driver. Instead, these synchronized volumes are created in thestaging project using the admin user ID that is defined by the PowerVC driver configuration. You canmove the synchronized volumes to a different project using the standard cinder transfer commands.
To move synchronized volumes to a different project, use the following steps:1. Find the volume id of the volume you want to transfer:
cinder list
2. Create a transfer request:cinder transfer-create <volume id>
+--------+------------------------------------------+| Property | Value |+------------+--------------------------------------+| auth_key | 3ea02de65531cc67 | <---- authorization key| created_at | 2013-10-10T19:46:44.140482 || id | 290aac41-28d3-46be-ae47-6a902764906d | <---- transfer id| name | None || volume_id | 2801181c-7c42-4d79-9479-de0798937d33 |+------------+--------------------------------------+
3. Accept the transfer into the new project using the transfer id and the authorization key that isdisplayed when the transfer was created.cinder --os-tenant-name <name of the project to transfer the volume to> transfer-accept <transfer id> <auth_key>
For example,cinder --os-tenant-name myProject transfer-accept 290aac41-28d3-46be-ae47-6a902764906d 3ea02de65531cc67
The volume is now transferred to the new project.
Note:
v Transferring a volume to a different project does not move the actual underlying volume. It just assignsthe volume to the new project.
v The person who transfers the volume must be an administrator of the project to which the volume istransferred.
112 IBM SmartCloud Entry: Administrator Guide 3.2
Managing the OpenStack configurationThis section describes how you can change the OpenStack configuration by using the IBM SmartCloudEntry sceappmgr tool. This includes editing configuration files and enabling or disabling optionalservices, such as the Cinder volume service or the PowerVC driver services.
The options that are presented by sceappmgr are determined by the deployment configuration.
In the IBM SmartCloud Entry with OpenStack configuration, sceappmgr can be used to complete thefollowing tasks.v Change the Cinder volume service configuration. Cinder provides block storage (virtual disks) for
deployed virtual machines.v Change the PowerVC driver configuration. For example, to enable the PowerVC drivers, configure the
drivers with information about the PowerVC environment, or to change settings that affect thebehavior of the PowerVC drivers.
v Change the IaaS Gateway configuration. This might be necessary when OpenStack service entry pointsuse URL replacement patterns that the IaaS Gateway needs to support.
In the Base OpenStack deployment configuration, you can use sceappmgr to edit the entire set ofOpenStack configuration files. In addition, sceappmgr can be used to complete the following tasks.v Edit the Glance image repository configuration.v Edit the Keystone service configuration. Keystone provides user managements and service catalog
functions.v Edit the Neutron network service configuration.v Edit the Nova compute service configuration.v Edit policy files for all of the OpenStack services.
When editing configuration files from sceappmgr, the file that you are editing is copied to a temporaryfile. The vi editor is run under the sysadmin account, and then the file is copied back to the correctlocation and file permissions are set properly.
You do not need to edit passwords in these files. The sceappmgr Manage Passwords function updates thefiles that are associated with each password and stores obfuscated values in the files.
Modifying the configuration of the OpenStack services requires knowledge of OpenStack that is beyondthe scope of this documentation. The IBM SmartCloud Entry 3.2 virtual appliance includes the Havanarelease of OpenStack. For more information, see the OpenStack documentation for the Havana release.See the OpenStack Configuration Reference and Cloud Administrator Guide.Related information:
http://docs.openstack.org/havana/
Managing the Cinder configurationThe OpenStack block storage service (Cinder) provides persistent block storage resources that can be usedby virtual machines.
Use the Manage Cinder Configuration option in the IBM SmartCloud Entry Appliance Manager tool toedit configuration files that are related to the OpenStack Cinder service. You can also enable or disableoptional services.
The cinder.conf file that is installed in the virtual appliance contains two such Cinder volume backendsections, though neither is enabled.
To edit configuration files or enable or disable services, follow these steps:
Chapter 8. Configuring IBM SmartCloud Entry appliances 113
1. Start sceappmgr.2. Select the Manage OpenStack Configuration menu option.3. Select the Manage Cinder Configuration menu option.
The Manage Cinder Configuration menu is displayed.Manage Cinder Configuration
Cinder configuration files:1. Edit /etc/cinder/api-paste.ini2. Edit /etc/cinder/cinder.conf3. Edit /etc/cinder/logging_sample.conf4. Edit /etc/cinder/policy.json5. Edit /etc/cinder/policy.json.openstack6. Edit /etc/cinder/policy.json.sce7. Edit /etc/iscsi/iscsid.conf8. Edit /etc/lvm/lvm.conf9. Edit /etc/tgt/targets.conf10. Create New FileCinder SSH Key Files in /var/lib/cinder/.ssh:11. Generate New Cinder SSH Key Pair12. Import Cinder SSH Key FileEnable or disable related services:13. Enable ’openstack-cinder-volume’ Service14. Enable ’tgtd’ Service
Enter selection (Enter to cancel):
4. After you make changes, you must restart OpenStack services for the changes to take effect.
The Cinder volume service supports several backend storage mechanisms by using Cinder volumedrivers. The IBM SmartCloud Entry virtual appliance supports three Cinder volume drivers:v Linux Volume Manager (LVM) iSCSI driver (cinder.volume.drivers.lvm.LVMISCSIDriver). This driver
provides iSCSI access to volumes stored in an LVM volume group on the system that is running thisdriver. It is recommended that you limit the use of this driver on the appliance to a few volumes toavoid impacting performance of other services that are running on the virtual appliance.
v IBM Storwize® Family and SAN Volume Controller Volume Driver(cinder.volume.drivers.storwize_svc.StorwizeSVCDriver). This driver provides iSCSI and Fibre Channelaccess to IBM Storwize and SAN Volume Controller SAN storage.
v IBM PowerVC Volume Driver (powervc.volume.driver.powervc.PowerVCDriver). This driver providesaccess to storage managed by a PowerVC system. This driver requires that the OpenStack PowerVCdriver services be enabled and it is configured automatically when those services are enabled. For moreinformation, see Managing the PowerVC Driver.
The PowerVC virtual appliance expects the Cinder volume service to be configured using themulti-backend support. In general, the process for using the cinder-volume service on the virtualappliance is as follows.1. If you are using the LVM iSCSI driver, create an LVM volume group, by using the Create New Cinder
Volume Group function in sceappmgr. For more information, see “Volume group management for theIBM SmartCloud Entry appliance” on page 128. sceappmgr requires that the LVM volume groupname start with cinder-, for example, cinder-volumes. LVM on the virtual appliance is configured toignore volumes on volumes groups whose names start with cinder- and thus prevent the virtualappliance from using virtual disks that are created for other virtual machines. The/etc/lvm/lvm.conf.conf file has a device filter to reject LVM physical volumes with names like/dev/cinder-*".
2. Edit /etc/cinder/cinder.conf and add a section to the file that contains the configuration options forthat backend. You can define multiple backends, with different backends that use the same, ordifferent drivers. For example, you can define two LVM drivers and a PowerVC driver. Each backendis contained in its own section of the cinder.conf file.
114 IBM SmartCloud Entry: Administrator Guide 3.2
3. In the [DEFAULT] section of the cinder.conf file, define the enabled_backends property. Its value is alist of the names of the sections that define the backends to be used.
4. Enable the cinder-volume service and any services that are required by the volume drivers. When youuse the LVM driver, the tgtd service must also be enabled. It provides iSCSI access to the storage.
The cinder.conf file that is installed in the virtual appliance contains two such cinder volume backendsections, though neither is enabled.[lvmdriver]# Sample cinder.conf stanza for a LVM volume driver# To enable, add the stanza name (lvmdriver) to the DEFAULT enabled_backends propertyvolume_group=cinder-volumesvolume_driver=cinder.volume.drivers.lvm.LVMISCSIDrivervolume_backend_name=LVM_iSCSI
[powervcdriver]# Stanza for a PowerVC volume driver. Do not edit this section.# To enable, add the stanza name (powervcdriver) to the DEFAULT enabled_backends propertyvolume_driver=powervc.volume.driver.powervc.PowerVCDrivervolume_backend_name=powervc
To enable both of these backends, the [DEFAULT] section of cinder.conf, at the top of the file wouldcontain this (in addition to other properties):[DEFAULT]enabled_backends = lvmdriver,powervcdriver
The [powervcdriver] section is defined as required by the PowerVC driver and must not be removed ormodified. Enabling or disabling the PowerVC Driver services automatically updates theenabled_backends property in cinder.conf.
To use the IBM Storwize Family and SAN Volume Controller Volume Driver, edit the cinder.conf fileand add a section to the end of the file.[svcdriver]volume_driver=cinder.volume.drivers.storwize_svc.StorwizeSVCDrivervolume_backend_name=svcadd other properties required for this driver (see references below)
Also, add the driver to the enabled_backend property.
This driver can use an SSH key pair to authenticate to the IBM Storwize or SAN Volume Controllerserver. The Manage Cinder Configuration task supports creating an SSH key pair, exporting the SSHpublic id file, and importing an SSH id file. These files are kept in the Cinder user's home directory, in/var/lib/cinder/.ssh.
For more information about configuration options for the cinder-volume service, see the followingreferences.v OpenStack Configuration Reference, the chapter on OpenStack Block Storagev OpenStack Cloud Administrator Guide, the chapter on Block Storage, and in particular, the section
about configuring multiple-storage backends.
Managing the Glance configurationThe OpenStack image service (Glance) manages virtual appliance images.
The IBM SmartCloud Entry virtual appliance configures Glance to use the file store. The Glance imagerepository (virtual appliance disk images) is in /mount/glance-repository, which is the mount point for alogical volume in the glance-repository LVM volume group.
Chapter 8. Configuring IBM SmartCloud Entry appliances 115
The "Manage Glance Configuration" option enables you to edit the Glance configuration files that arelocated in /etc/glance. After you edit these files, you must restart the OpenStack services for the changesto take effect.
Use the Manage Volume Groups tasks to add storage to the glance-repository.
To use the Manage Glance Configuration task, follow these steps:1. Start sceappmgr.2. Select the Manage OpenStack Configuration menu option.3. Select the Mange Glance Configuration menu option.
The Manage Glance Configuration menu is displayed.Manage Glance Configuration
1. Edit /etc/glance/glance-api-paste.ini2. Edit /etc/glance/glance-api.conf3. Edit /etc/glance/glance-cache.conf4. Edit /etc/glance/glance-registry-paste.ini5. Edit /etc/glance/glance-registry.conf6. Edit /etc/glance/glance-scrubber.conf7. Edit /etc/glance/logging.cnf.sample8. Edit /etc/glance/policy.json9. Edit /etc/glance/policy.json.openstack10. Edit /etc/glance/policy.json.sce11. Edit /etc/glance/schema-image.json12. Create New File
Enter selection (Enter to cancel):
4. After you edit files, you must restart OpenStack services for the changes to take effect.
Most management of images is done by using the IBM SmartCloud Entry web interface or by usingGlance APIs with tools like the OpenStack CLI "glance" commands.
For further details on the Glance configuration files and related topics, refer to the OpenStackConfiguration Reference and OpenStack Administration Guide and see the chapters on OpenStack ImageService.
Managing the Keystone configurationThe OpenStack identity service (Keystone) provides user and service management.
Keystone user management includes users, tenants, and roles. Keystone service management includesdrivers for identity, tokens, a service catalog, and policies. The IBM SmartCloud Entry virtual appliancesupports use of the database (sql) driver and the LDAP driver for user management. Keystone is initiallyconfigured to use the database driver. The virtual appliance supports use of the PKI and UUID driversfor tokens. Keystone is configured to use the PKI driver. Keystone also provides policy services that areconfigured through a set of policy.json files – one such file for each service and located with thatservice's configuration files. Use the sceappmgr tool to edit these files and to see default OpenStackpolicies and IBM SmartCloud Entry supplied policies as part of the associated OpenStack service.
Use the Manage Keystone Configuration functions to edit Keystone configuration files and manage LDAPSSL certificates that are used by the Keystone LDAP identity driver. To use these functions:1. Start sceappmgr.2. Select the Manage OpenStack Configuration menu option3. Select the Manage Keystone Configuration option. The Manage Keystone Configuration menu is
displayed.Manage Keystone Configuration
Keystone configuration files:
116 IBM SmartCloud Entry: Administrator Guide 3.2
1. Edit /etc/keystone/default_catalog.templates2. Edit /etc/keystone/keystone-paste.ini3. Edit /etc/keystone/keystone.conf4. Edit /etc/keystone/logging.conf5. Edit /etc/keystone/policy.json6. Edit /etc/keystone/policy.json.openstack7. Edit /etc/keystone/policy.json.sce8. Create New FileLDAP Server Certificate Files:9. Import LDAP CA Certificate File10. Delete /etc/keystone/ldap_ssl_certs/ldapserver.pem
Enter selection (Enter to cancel):
4. After you edit the files, sceappmgr prompts you to restart OpenStack services for the changes to takeeffect.
The available options reflect the deployment configuration.
When the IBM SmartCloud Entry virtual appliance is using the IBM SmartCloud Entry with OpenStackconfiguration, all user management must be done by using IBM SmartCloud Entry. OpenStack isconfigured with a set of users, roles, and policies that are created to support IBM SmartCloud Entry.
When the IBM SmartCloud Entry virtual appliance is using the Base OpenStack configuration, you canedit any of the Keystone configuration files.
Most management of Keystone identity services is done by using the IBM SmartCloud Entry webapplication (for users and projects) or by using Keystone APIs through tools like the OpenStack CLI"keystone" commands.
For further details on the Keystone configuration files, refer to the OpenStack Configuration Referenceand OpenStack Administration Guide and see the chapters on Identity Management.
Managing the Neutron configurationThe OpenStack networking service (Neutron) provides an API for defining network connectivity andaddressing in the cloud.
The IBM SmartCloud Entry virtual appliance is configured to use the Open vSwitch plug-in. Theneutron-dhcp-agent is configured to provide DHCP services to tenant networks over the data network.
Use the IBM SmartCloud Entry Appliance Manager tool to edit Neutron configuration files. To managethe Neutron configuration, complete the following steps.1. Start sceappmgr.2. Select the Manage OpenStack Configuration menu option.3. Select the Manage Neutron Configuration option.4. After you edit the files, sceappmgr prompts to restart OpenStack services for the changes to take
effect.Manage Neutron Configuration
1. Edit /etc/neutron/api-paste.ini2. Edit /etc/neutron/dhcp_agent.ini3. Edit /etc/neutron/l3_agent.ini4. Edit /etc/neutron/lbaas_agent.ini5. Edit /etc/neutron/metadata_agent.ini6. Edit /etc/neutron/metering_agent.ini7. Edit /etc/neutron/neutron.conf8. Edit /etc/neutron/plugin.ini9. Edit /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini10. Edit /etc/neutron/policy.json11. Edit /etc/neutron/policy.json.openstack
Chapter 8. Configuring IBM SmartCloud Entry appliances 117
12. Edit /etc/neutron/policy.json.sce13. Edit /etc/neutron/vpn_agent.ini14. Create New File
Enter selection (Enter to cancel):
Most management of Neutron networking is done by using the IBM SmartCloud Entry web applicationor by using Neutron APIs through tools like the OpenStack Neutron commands.
For further details on the Neutron configuration files and related topics, refer to the OpenStackConfiguration Reference and OpenStack Administration Guide and see the chapters on OpenStacknetworking.
Managing the Nova configurationThe OpenStack compute service (Nova) is responsible for managing the virtual machine instances that arerunning in an OpenStack cloud. It is used to deploy virtual machines, allocate resources to the virtualmachines, and works with other OpenStack services such as Neutron and Cinder to provide networkingand extra storage for virtual machine instances.
About this task
Most management of Nova is done by using the IBM SmartCloud Entry web application, or by usingNova APIs through tools like the OpenStack Nova commands.
For more details on the Nova configuration files and related topics, see the OpenStack ConfigurationReference and OpenStack Administration Guide. Also, reference the chapters on OpenStack Compute.
Use the IBM SmartCloud Entry Appliance Manager tool to edit Nova configuration files. To manage theNova configuration, follow these steps:
Procedure1. Start sceappmgr.2. Select the Manage OpenStack Configuration option.3. Select the Manage Nova Configuration option.
The Manage Nova Configuration menu is displayed.Manage Nova Configuration
1. Edit /etc/nova/api-paste.ini2. Edit /etc/nova/logging_sample.conf3. Edit /etc/nova/nova.conf4. Edit /etc/nova/policy.json5. Edit /etc/nova/policy.json.openstack6. Edit /etc/nova/policy.json.sce7. Create New File
Enter selection (Enter to cancel):
4. You can edit the Nova configuration. After you edit the configuration, sceappmgr prompts to restartOpenStack services for the changes to take effect.
Enabling Nova project quotas:
The OpenStack Nova compute service in the IBM SmartCloud Entry appliance is configured so that thecompute service does not use project quotas. When the appliance is configured for “Base OpenStack”,you can change this default configuration.
118 IBM SmartCloud Entry: Administrator Guide 3.2
About this task
OpenStack CLI commands and REST APIs that set or return project quotas are not supported. However,you can change this default configuration by using the sceappmgr tool.
To enable Nova quota support, follow these steps:
Procedure
1. Log in to the IBM SmartCloud Entry appliance.2. Run the following command:
sceappmgr
The Manage SmartCloud Entry Appliance menu is displayed.3. Select the Manage Nova Configuration option. The Manage Nova Configuration menu is displayed.4. Select the menu option to edit the nova.conf file.5. Change the quota_driver option to the following value:
quota_driver=nova.quota.DbQuotaDriver
6. Restart the OpenStack services so that the change can take effect.
Results
After you enable Nova quota support, the default values for the quotas are used. For more informationabout these default values and how to change them, see Quotas in the OpenStack Operations Guide atthe following website: http://docs.openstack.org/trunk/openstack-ops/content/quotas.html
Configuring the Hyper-V virtualization environmentThis section contains information about configuring the Hyper-V virtualization environment.
Changing encrypted passwords after installationFollow these steps to change or decrypt an existing password that is provided during the installation ofIBM SmartCloud Entry Hyper-V Agent on Microsoft Windows Server 2012.
About this task
The installation encrypts password-related values such as qpid_password and neutron_admin_password inboth nova.conf and neutron.conf. You can change or decrypt passwords after installation by using thefollowing information. Ensure that you install the latest fix pack before you complete this task.
Procedurev To change an encrypted password after installation, use the following command to encrypt a new
password string, and then modify the password values in both nova.conf and neutron.conf.openstack-obfuscate.cmd password
where password is the new password that you want to encrypt.v To decrypt an existing encrypted password, use the following command:
openstack-obfuscate.cmd -u encrypted password
where encrypted password is the password that you want to decrypt.
Enabling Microsoft Hyper-V Server 2012 systems for ISO generationIf you are using Microsoft Hyper-V Server 2012 with IBM SmartCloud Entry, you must install acompatible ISO generation utility such as genisoimage from Cygwin. After you install a compatible ISO
Chapter 8. Configuring IBM SmartCloud Entry appliances 119
generation utility such as genisoimage from Cygwin to use on Microsoft Hyper-V Server 2012 systems,you must update the nova.conf file on each system where you installed the IBM SmartCloud EntryHyper-V Agent.
Procedure1. Use a text editor to edit the nova.conf file that is located at C:\Program Files (x86)\IBM\SmartCloud
Entry\Hyper-V Agent\etc\nova.2. Find the line mkisofs_cmd=C:\Program Files (x86)\IBM\SmartCloud Entry\Hyper-V
Agent\bin\ibmgenisoimage.exe and change the path and file name of the mkisofs_cmd property to theISO generation utility that you installed. For example: mkisofs_cmd=C:\cygwin\bin\genisoimage.exe
3. Restart the IBM SmartCloud Entry Hyper-V Compute Agent Service by running the followingcommands:v net stop "IBM SmartCloud Hyper-V Compute Agent Service"v net start "IBM SmartCloud Hyper-V Compute Agent Service"
Starting and stopping servicesYou can start or stop IBM SmartCloud Entry services on the Hyper-V host system from the MicrosoftWindows Control Panel.
Procedure1. On your Hyper-V host system, navigate to Control Panel > System and Security > Administrative
Tools > Services.2. Locate the following services:
v IBM SmartCloud Entry Network Service
v IBM SmartCloud Hyper-V Compute Agent Service
3. Right-click on each service and select the appropriate action, either Start or Stop.
Supporting an additional vSwitch on the Hyper-V compute nodeFor IBM SmartCloud Entry to support an additional vSwitch, a few manual configuration steps arerequired.
About this task
The IBM SmartCloud Entry Hyper-V Agent installer assumes that a single Hyper-V external vSwitch isused for all instance data traffic from the compute node. In some cases, a single vSwitch might not besufficient. Each external vSwitch maps to a single network adapter on the Hyper-V hypervisor. Morenetwork adapters and networks might exist that you want to support deployments of instances. Toconfigure an extra vSwitch on the Hyper-V compute node, complete the following steps.
Procedure1. If you do not already have the vSwitch created, create the additional vSwitch by using the Virtual
Switch Manager. The connection type of the new vSwitch must be external.2. Edit the physical_network_vswitch_mappings property in the hyperv_neutron_agent.ini file. By
default, the file is in the following path: C:\Program Files (x86)\IBM\SmartCloud Entry\Hyper-VAgent\etc\neutron\hyperv_neutron_agent.ini. By default, the property is configured as follows:physical_network_vswitch_mappings=*:vswitch #1
Update the property as the following example indicates:physical_network_vswitch_mappings=default:vswitch #1,network2:vswitch #2
When a second vSwitch is added to the Hyper-V compute node, the asterisk (*) in the property mustbe changed to default so that it matches the value that is defined on the IBM SmartCloud EntryHyper-V appliance. If no OpenStack network configuration exists previously, the physical network
120 IBM SmartCloud Entry: Administrator Guide 3.2
name, default, can be changed to something else. The physical network names that are listed on thisproperty must be configured on the IBM SmartCloud Entry Hyper-V appliance and specified in theIBM SmartCloud Entry web interface when the network configuration is created. Keep the physicalnetwork names brief and simple. For example: physnet1, physnet2, public, private, intranet, internet
3. Restart the IBM SmartCloud Entry services on the Hyper-V host system.a. On your Hyper-V host system, navigate to Control Panel > System and Security >
Administrative Tools > Services.b. Locate the following services:
v IBM SmartCloud Entry Network Service
v IBM SmartCloud Hyper-V Compute Agent Service
c. Right-click on each service and select Restart.4. Repeat the previous steps for each Hyper-V compute node. The physical network names, default and
network2, must be the same on each Hyper-V compute node. The vSwitch names can be different oneach compute node.
5. On the IBM SmartCloud Entry appliance system, open the console and edit the /etc/neutron/plugin.ini file:a. Start the sceappmgr tool.b. Select Manage OpenStack Configuration > Manage Neutron Configuration.c. Select to edit the /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini file.d. Locate the network_vlan_ranges property. By default, the property is configured as follows:
network_vlan_ranges=default:1:4094
Update the property as the following example indicates:network_vlan_ranges=default:1:4094,network2:1:4094
1:4094 specifies the range of VLANs that are assigned for this network if the VLAN ID is notspecified in the IBM SmartCloud Entry web interface when an OpenStack network configuration iscreated. If you want a specific range of VLAN IDs to be used for the network, update the twovalues as necessary.
Important: The physical network names that are listed on this property, default and network2, mustmatch the physical network names that you specified in the hyperv_neutron_agent.ini file earlierin this procedure. Verify that the physical network names are an exact match.
e. Save the file and exit the editor.f. SmartCloud Entry Appliance Manager will prompt to restart services. Respond y to restart the
OpenStack services.6. After OpenStack is restarted, use theIBM SmartCloud Entry web interface to create a new OpenStack
network configuration. At the bottom of the network configuration page, specify network2 for thephysical network name. The network type must be either Flat or VLAN.
7. Deploy an image by using the new network configuration. The network adapter of the deployedinstance is assigned to the vSwitch that you specified in the hyperv_neutron_agent.ini file earlier inthis procedure.
Enabling nova migration CLI from Hyper-VIBM SmartCloud Entry 3.2 supports the ability to initiate a live migration of a virtual machine directlyfrom the Hyper-V system by running the OpenStack nova command from the command prompt.
About this task
To enable live migration on Hyper-V, all hosts must run the nova compute service as a MicrosoftWindows domain user. The Microsoft Windows domain user must have enough permission to run livemigrations. To configure your IBM SmartCloud Entry Hyper-V Agent installation for this support,
Chapter 8. Configuring IBM SmartCloud Entry appliances 121
complete the following instructions on all Hyper-V servers:
Procedure1. On your Hyper-V host system, navigate to Control Panel > System and Security > Administrative
Tools > Services.2. Locate and right-click the IBM SmartCloud Entry Compute Service, and select Properties.3. On the Log On tab, complete the following steps:
a. Select the option for This account.b. Specify the domain user and password to ensure the compute service has appropriate access to the
domain resources for a migration.c. Click OK to save the properties.
Results
To access the nova command, double-click the AgentConsole.cmd command from the bin directory ofyour IBM SmartCloud Entry for Hyper-V installation (in the root directory of the installation). A newcommand prompt opens. Run the nova live-migration command, following the OpenStackdocumentation for usage guidance. For more information, see Configuring Shared Nothing LiveMigration and Configure and Use Live Migration on Non-clustered Virtual Machines
Note: The AgentConsole that IBM SmartCloud Entry provides on the Hyper-V host can be used only torun the nova live-migration command. Running other nova or OpenStack commands on the Hyper-Vhost is not supported.
Configuring the KVM virtualization environmentThis section contains information about configuring the KVM virtualization environment.
Starting and stopping servicesYou can start, stop, and restart IBM SmartCloud Entry services on the Linux Kernel-based VirtualMachine (KVM) host system from the command line. You can also check the status of these services.
Procedure
To start, stop, restart, or check status of IBM SmartCloud Entry services on the KVM host system, run thefollowing commands:
service openstack-nova-compute <action>
service neutron-openvswitch-agent <action>
where <action> is start, stop, restart, or status
Changing the MTU for virtual Ethernet interfacesYou can adjust the Neutron Open vSwitch plug-in virtual Ethernet (veth) maximum transmission unit(MTU) to avoid dropped packets on transmission.
About this task
VLAN tagging within Open vSwitch veth interfaces can cause packets to be dropped. VLAN tags addedby Open vSwitch can cause the resulting packet to exceed the default MTU size of 1500. The problem canbe solved by changing the Neutron Open vSwitch plug-in veth_mtu limit to 1504.
Procedure1. Log in in to IBM SmartCloud Entry virtual appliance and start sceappmgr.2. Select Manage OpenStack Configuration > Manage Neutron Configuration.
122 IBM SmartCloud Entry: Administrator Guide 3.2
3. Select the option to edit file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini.4. Search for veth_mtu and insert this line (or edit the commented line):
veth_mtu = 1504
5. Save the file.6. Restart the OpenStack services.
Results
After the file is saved, sceappmgr prompts to restart one or more services. Responding 'y' causessceappmgr to stop and then start the OpenStack services.
Disabling generic segmentation offloading in guest virtual machinesYou can disable generic segmentation offloading (GSO) to increase throughput when large files are copiedbetween guest virtual machines.
About this task
Generic segmentation offloading (GSO) with the virtio driver in a guest virtual machine can cause poornetwork throughput. Copying large files between guest virtual machines by using secure copy (scp) is anexample of an application that can cause this problem. One solution for this problem is to disable GSO inthe guest virtual machines. For Red Hat Enterprise Linux 5 and 6, complete the following steps:
Procedure1. Log in to the guest virtual machine as root.2. Run the following command:
ethtool -k eth0
Where eth0 is the interface on the guest virtual machine.3. Test file transfer performance. If this action solves the problem, continue with the next step to make
the change permanent.4. To disable GSO permanently, complete the following step:
v For Red Hat Enterprise Linux 5.x, edit the file /etc/modprobe.conf to add the following line:options virtio_net gso=0
v For Red Hat Enterprise Linux 6.x, create a new file /etc/modprobe.d/virtio_net.conf and add thefollowing line:options virtio_net gso=0
Managing the IaaS gatewayThe IaaS gateway server provides a single interface to OpenStack services distributed throughout anOpenStack cloud.
The IaaS gateway is configured to use a secure connection (https:// style URL) and to use the localKeystone server for identity services and the service catalog.
The configuration of the IaaS gateway is largely handled automatically. However, you can use the IBMSmartCloud Entry Appliance Manager tool (sceappmgr) to edit the IaaS Gateway configuration files.
To manage the IaaS gateway configuration, follow these steps:1. Start sceappmgr.2. Select the Manage OpenStack Configuration menu option.3. Select the Manage IaaS Gateway Configuration option.
Chapter 8. Configuring IBM SmartCloud Entry appliances 123
4. After you edit the files, sceappmgr prompts to restart OpenStack services for the changes to takeeffect.
Manage IaaS Gateway Configuration
1. Edit /etc/iaasgateway/adapters.json2. Edit /etc/iaasgateway/adapters.json.openstack3. Edit /etc/iaasgateway/adapters.json.sce4. Edit /etc/iaasgateway/iaasgateway.conf5. Edit /etc/iaasgateway/logging.conf6. Edit /etc/iaasgateway/url-replacement.json7. Create New File
Enter selection (Enter to cancel):
The most likely file to require modification is the url-replacement.json file. This file defines replacementtokens that the IaaS gateway replaces in the service endpoint URLs registered with the OpenStackKeystone service. The file consists of pairs of token strings and replacement values:{
"compute_port":"8774","example_token":"real-value"
}
A service endpoint URL might be defined in Keystone as http://host:port/xxx/$(example_token)/.
Using the url-replacement file that is shown above, the IaaS gateway would replace "$(example_token)"with "real-value" to produce http://host:port/xxx/real-value/.
Clients that use the IaaS gateway use that URL.
Determining the auth_url to use with the IaaS gateway
When you configure compute nodes or an application like the OpenStack CLIs, you need to provide anauth_url that points to the IaaS gateway. The IaaS gateway can support a federated cloud. So the URLsused with the IaaS gateway include a cloud provider id as an extra level. For example, the auth_url usedgoing directly to Keystone might look like http://host:5000/v2.0.
The corresponding auth_url used going through the IaaS gateway looks like https://host:9973/provider-id/v2.0.
Keystone is configured with the Keystone v2.0 API endpoint URLs. Some applications, for example theOpenStack CLI, support only the Keystone v2.0 API. Keystone v3 APIs can be used with the IaaSgateway, but the identity provider URL must be changed to replace v2.0 with v3. For example:https://host:9973/provider-id/v3.
To get the auth_url value to be used with the IaaS gateway, use the following procedure.1. Start the IaaS gateway GET /providers API by using a tool like curl or the Mozilla Firefox Poster
plug-in. Your web browser might also support starting the API through the URL.2. Request type: GET
URL: https://host:9973/providers
Reply:{"serviceCatalog": [{"endpoints": [{"interface": "internal","url": "https://host:9973/56f638b1ebc040638bdb23222dd46b6c/v2.0", "region": "regionOne","id": "56f638b1ebc040638bdb23222dd46b6c"}, {"interface": "admin","url": "https://host:9973/d4bc3d81ac964caaaa1f83aacb516f79/v2.0", "region": "regionOne","id": "d4bc3d81ac964caaaa1f83aacb516f79"}, {"interface": "public","url": "https://host:9973/b35db7072d604f27970ea040b2e5b1fe/v2.0", "region": "regionOne","id": "b35db7072d604f27970ea040b2e5b1fe"}], "type": "identity", "name": "keystone"}]}
124 IBM SmartCloud Entry: Administrator Guide 3.2
Use the url value for the appropriate interface. For example, administrative access to Keystone requiresthe admin URL. For example, https://host:9973/d4bc3d81ac964caaaa1f83aacb516f79/v2.0.
Example that uses curl program:> curl --insecure https://host:9973/providers{"serviceCatalog": [{"endpoints": [{"interface": "internal","url": "https://host:9973/56f638b1ebc040638bdb23222dd46b6c/v2.0", "region": "regionOne","id": "56f638b1ebc040638bdb23222dd46b6c"}, {"interface": "admin","url": "https://host:9973/d4bc3d81ac964caaaa1f83aacb516f79/v2.0", "region": "regionOne","id": "d4bc3d81ac964caaaa1f83aacb516f79"}, {"interface": "public","url": "https://host:9973/b35db7072d604f27970ea040b2e5b1fe/v2.0", "region": "regionOne","id": "b35db7072d604f27970ea040b2e5b1fe"}], "type": "identity", "name": "keystone"}]}>
Example that uses a browser (Mozilla Firefox)--<serviceCatalog>--<service type="identity" name="keystone">
<endpoint interface="internal" url="https://host:9973/9973/56f638b1ebc040638bdb23222dd46b6c/v2.0"region="regionOne" ...
<endpoint interface="admin" url="https://host:9973/9973/d4bc3d81ac964caaaa1f83aacb516f79/v2.0"region="regionOne" ...
<endpoint interface="public" url="https://host:9973/9973/b35db7072d604f27970ea040b2e5b1fe/v2.0"region="regionOne" ...
</service></serviceCatalog>
Generating authentication tokensYou can use the SmartCloud Entry Appliance Manager tool to manage various credentials that are usedwithin the OpenStack services.
The following credentials can be managed by using the sceappmgr tool.
Keystone SimpleTokenThe Keystone SimpleToken is a key that is used for communication between the IBM SmartCloudEntry server and the OpenStack services. After you generate a new SimpleToken, the OpenStackKeystone and IBM SmartCloud Entry servers must be restarted to use the new token.
Admin TokenThe Admin Token is a password-like string that can be used with OpenStack commands toauthenticate to the Keystone service. It can be used in place of an administrator user ID andpassword. The OpenStack Keystone server must be restarted before the new Admin Token can beused.
Public Key InfrastructurePublic Key Infrastructure (PKI) keys are used to encrypt the tokens that are passed between thedifferent OpenStack services.
1. Start the sceappmgr tool.2. Select the Manage Authentication Tokens option.3. Select the option for the token that you want to change.
All of the options require that various portions of the IBM SmartCloud Entry or OpenStack services bestopped briefly.
The Admin Token can contain only the following US-ASCII characters:v a-z, A-Z and 0-9v The following special characters: ~`!@#$%^&*()_-+={}[]:;"'<>,.?/
Leading and trailing spaces are removed.
Chapter 8. Configuring IBM SmartCloud Entry appliances 125
When you generate new PKI keys, it is important that the system clock is set correctly before you start.The keys have a valid start date and end date. If the system clock is changed to a time before or after thisrange, even by a few seconds, the keys will not work until the system time is again within the validrange.
The PKI certificate is used for Keystone token signing and as the server certificate for the Qpid and IaaSgateway servers. Because these servers can be accessed over both the management and customerinterfaces and the implementation of certificate validation within the Keystone client, the certificate usesthe following subject common name and subject alternative names (SAN):v Common name: the IP address of the management networkv Subject alternative names:
– IP: IP address on the management network– DNS: IP address on the management network– DNS: Host name on the management network
If the customer network uses a static address, these SANs are also used:– IP: IP address on the customer network– DNS: IP address on the customer network– DNS: Host name on the customer network
IBM testing shows that some clients do not handle subject alternative names properly. In such cases, itmight be necessary to disable certificate validation for that client, for example, by using the --insecureoption of the OpenStack CLI commands.
The sceappmgr Export PKI Keys function can be used to export the public server and certificate authoritycertificates in PEM format. These files can be used with other applications that require these certificates toconnect to the Qpid or IaaS gateway servers. The certificates might require conversion to other formats tobe used with other tools. Similarly, the IBM SmartCloud Entry Import PKI Keys function requires PEMformat files.
Managing passwordsYou can use sceappmgr to manage passwords for IBM SmartCloud Entry, OpenStack, and DB2 on theIBM SmartCloud Entry appliance.
Procedure1. Start the sceappmgr tool.2. Select the Manage Passwords option.3. Select the user ID whose password you want to update.4. You are prompted for the current password, the new password, and a verification of the new
password.5. It might be necessary to restart OpenStack services after you change the password.
Starting, stopping, and status of the IBM SmartCloud Entry applicationon IBM SmartCloud Entry virtual applianceYou can use the sceappmgr tool to manage the IBM SmartCloud Entry and OpenStack services on theIBM SmartCloud Entry virtual appliance.
With the sceappmgr tool, you can complete the following tasks:v Start, restart, and stop the IBM SmartCloud Entry application (the IBM SmartCloud Entry service)v View the status of the IBM SmartCloud Entry applicationv Start, restart, and stop the OpenStack services
126 IBM SmartCloud Entry: Administrator Guide 3.2
v View the status of the OpenStack services
To manage services, complete the following steps:1. Start the sceappmgr tool.2. Select the Manage SmartCloud Entry Services option.3. Select the operation that you want to complete.
The sceappmgr tool performs the requested operation and displays the output.
Accessing IBM SmartCloud Entry
You can access IBM SmartCloud Entry by opening http://<IBM SmartCloud Entry hostname>:18080/cloud/web/index.html in a supported browser. To log in for the first time, use the InitialAdministrator User Name that you created when you deployed the IBM SmartCloud Entry virtualappliance and the default password, passw0rd. It is recommended that you update the password throughthe IBM SmartCloud Entry web interface.
Note: The port 18080 is the default port. Substitute the correct values for your environment if necessary.
For more information about access, see “Configuring local authentication” on page 136.
Managing network configurationUse the SmartCloud Entry Appliance Manager tool (sceappmgr) to change the IBM SmartCloud Entryport numbers and global networking settings, such as the default gateway or time server.
About this task
The following network settings can be changed:v IBM SmartCloud Entry HTTP port and HTTPS port.v Default gatewayv DNS serversv DNS domainv DNS search listv NTP serversv Enable SSH on the customer network
Changing a network setting updates the system configuration, updates related services, and restartsservices as required.
Procedure1. Start the sceappmgr tool.2. Select Manage Networking Configuration.3. Select the option for the network setting that you want to change.
SmartCloud Entry Ports:1. Change HTTP Port [18080]2. Change HTTPS Port [18443]
Global Network Settings:3. Change Default Gateway [x.x.x.x]4. Change Domain name [x.x.ibm.com]5. Change DNS Server List [x.x.x.x, x.x.x.x]6. Change DNS suffixes [x.x.ibm.com]7. Change NTP Server List [x.x.x.x]8. Change SSH Access to Customer Network [Disabled]
Chapter 8. Configuring IBM SmartCloud Entry appliances 127
Enter selection (Enter to cancel): 8SSH is disabled on the customer interface. Select 1 to enable SSH or press Enter to cancel:
Note: x represents the number or suffix that is applicable to your specific network.
Results
Changing the IBM SmartCloud Entry server ports updates IBM SmartCloud Entry property files, the IaaSgateway configuration, firewall rules, and restarts the affected services. Changing the HTTPS port doesnot configure the IBM SmartCloud Entry server to allow SSL connections. For more information, see IBMSmartCloud Entry for Cloud SSL configuration.
Changing the default gateway requires restarting networking. This change might cause your connectionto the virtual appliance console to be dropped. Restarting network is a fast operation and you canreconnect to the appliance console within several seconds.
Note: The DNS domain setting defines a single domain name that is used when host names are resolved.The search list is used to define a list of domains to use when host names are resolved. Only one of theseproperties are used by the system. Generally the domain can be left blank and just the search list used.
Volume group management for the IBM SmartCloud Entry applianceThe IBM SmartCloud Entry appliance provides expandable storage for the OpenStack Glance repositoryand user data. The SmartCloud Entry Appliance Manager (sceappmgr) provides tools to manage howyou allocate storage for these functions.
The OpenStack Glance project provides services for discovering, registering, and retrieving virtualmachine images. The IBM SmartCloud Entry appliance is configured to use the file backend, which storesimages in the local file system.
Several user data volumes exist that have the potential to grow:v /var/log
v /home/db2inst1
v /home/sysadmin
v Swap space
The IBM SmartCloud Entry appliance places each of these user data areas on a separate volume.Separating the user data by volume ensures that excessive storage use by one area does not use all of thestorage. It also allows more storage to be allocated to each area as needed.
The OpenStack Glance repository and the user data volumes each have a defined Linux Volume Manager(LVM) volume group. The Image repository volume group (glance-repository) is used for the OpenStackGlance file backend. The User data volume group (user_data_vg) is used for the four user data volumes.Using sceappmgr, you can allocate disks or partitions to these volume groups. For the user data volumegroup, you can allocate more space to each of the user data volumes. You cannot remove disks, or movestorage from one volume group, or volume, to another.
The IBM SmartCloud Entry appliance initially has a 10 GB virtual disk that is allocated to the imagerepository. The initial size of the image repository is sufficient only for one or two images. It isrecommended that you attach a much larger disk to the virtual disk. Further, for future migration, it isrecommended that all data on the initial disk be moved to the larger disk and the smaller disk deleted.You can use sceappmgr to manage the disks.
The user data volume group uses a 30 GB virtual disk, which is divided between the four volumes asfollows:
128 IBM SmartCloud Entry: Administrator Guide 3.2
v /home/db2inst1 - OpenStack DB2 database: 10 GBv /home/sysadmin - IBM SmartCloud Entry database, logs, and other files: 10 GBv Swap space - 5 GBv /var/log - system log files: 5 GB
The IBM SmartCloud Entry appliance supports SCSI and Virtio (on KVM) virtual disks. You can use anystorage mechanism that is supported by the hypervisor, such as the following storage devices:v File-backed virtual disks (for example, vhd and vmdk files)v Physical disks or partitions that are attached to the hypervisorv SAN storagev iSCSI devices
The storage devices must be displayed as block devices to the appliance (with names like /dev/sda or/dev/vda).
Use the Manage Volume Groups option in the sceappmgr to manage the Image repository and User datavolume groups. You can also use this option to create new volume groups for the OpenStack Cindervolume driver.
Adding a disk to the image repository volume group (Hyper-V and KVM imagesonly)To add a disk to the image repository volume group for Hyper-V and KVM images, first use theappropriate hypervisor tools to add a new hard disk to the IBM SmartCloud Entry appliance virtualmachine. Then, log in to the appliance virtual machine and run the IBM SmartCloud Entry ApplianceManager (sceappmgr) tool.
Before you begin
If the new hard disk that you add was used on another system, ensure that the following requirementsare met:v The disk was not used in a Linux Volume Manager (LVM) volume group by the same name as the
volume groups used by the IBM SmartCloud Entry appliance. Ensure that the disk was not in an LVMvolume group with any of the following names:– cinder-volumes– glance-repository– user_data_vg.
Adding such disks might corrupt the existing LVM volume groups.v The disk is not recognized by LVM as a physical volume. Such disks are not displayed as available
disks when you use the IBM SmartCloud Entry appliance volume management functions. The LVMpvscan and pvremove commands can be used to detect and correct this situation. Formatting the diskalso removes LVM physical volume information.
Note: Importing and exporting LVM volume groups from the appliance to share data is not supported.
Procedure1. Start the sceappmgr tool.2. Select the Manage Volume Groups option.3. Select the Image repository volume group. The devices that are available to be added to the volume
display on the resulting page. The available disk devices include devices that are not mounted as filesystems and devices that are not used by the Linux Volume Manager. Disks having only freepartitions are also shown.
4. Select a device to add to the volume group. Use the size and disk device information to identify thecorrect device. The disk device corresponds to the disk controller and location that is available
Chapter 8. Configuring IBM SmartCloud Entry appliances 129
through the hypervisor information for the virtual machine. The device can be an existing partition oran entire disk. If an entire disk is selected, the disk is partitioned to contain a single partition thatuses the entire disk. In either case, any existing data on the disk or partition is lost.
5. Enter a selection for whether to add the disk to the volume group, or move the data from the originaldisk to the new disk. If the appliance is still using the original 10 GB virtual disk, it is recommendedthat you move the image repository to the new disk.
Note: The option to move data from the original disk to the new disk is shown only if the originaldisk is part of the image repository volume group. After the data is moved to the new disk, theoriginal disk is removed from the volume group and this option is no longer shown.
Results
When the appliance virtual machine is restarted, the system formats the disk and adds it to the volumegroup. The entire volume group is used to host a single logical volume and file system(/mount/glance-repository). Until the system restart is complete, sceappmgr shows the original size forthe volume group and indicates that a move or resize is pending. Moving data from the old disk to thenew disk can take several minutes, so the system restart is slower than usual.
When the system is restarted, you can use the appropriate hypervisor tools to detach the old disk fromthe virtual machine. The disk device information that is displayed by sceappmgr can be used to identifythe old disk. This information corresponds to the disk controller and location information available fromthe hypervisor.
Adding disk space to a user data volumeAdding a disk to the user data volume group on the IBM SmartCloud Entry appliance virtual machine issimilar to adding a disk to the image repository volume group.
About this task
No file systems are resized when you add a disk to the user data volume group, so you do not need torestart the appliance virtual machine. After you add a disk to the volume group, you can add free spacefrom the volume group to individual volumes.
If you are adding a disk that was used on another system ensure that the following requirements are met:v The disk was not used in a Linux Volume Manager (LVM) volume group by the same name as the
volume groups used by the IBM SmartCloud Entry appliance. Ensure that the disk was not in an LVMvolume group with the any of the following names:– cinder-volumes– glance-repository– user_data_vg
Adding such disks might corrupt the existing LVM volume groups.v The disk is not recognized by LVM as a physical volume. Such disks are not shown as available disks
when you are using the IBM SmartCloud Entry appliance volume management functions. The LVMpvscan and pvremove commands can be used to detect and correct this situation. Formatting the diskalso removes LVM physical volume information.
Note: Importing and exporting LVM volume groups from the appliance to share data is not supported.
Procedure1. Start the SmartCloud Entry Appliance Manager (sceappmgr) tool.2. Select the Manage Volume Groups option.3. Select the User data volume group. A list of the volumes that are part of this volume group are
displayed on the resulting page. There is also an option to add a disk to the volume group.
130 IBM SmartCloud Entry: Administrator Guide 3.2
4. Specify the option, Add disk to 'User data' volume group, and press Enter. A list of the devices thatare available to be added to the volume display on the resulting page. The list of devices includesdevices that are not mounted as file systems or used by the Linux Volume Manager. Disks that haveonly free partitions are also shown.
5. Specify a device to add to the volume group, and press Enter. The size and disk device informationcan be used to identify the correct device. The disk device corresponds to the disk controller andlocation that is available through the hypervisor information for the virtual machine. The device canbe an existing partition or an entire disk. If an entire disk is selected, the disk is partitioned to containa single partition that uses the entire disk. In either case, any existing data on the disk or partition islost.
6. The system formats the disk and adds it to the user data volume group. The new size and free spaceare shown.
7. On the Manage 'User data' Volume Group screen, specify the volume to which you want to addspace. Confirm the amount to be added. The system marks the file system to be resized when thesystem is restarted.
8. After the system is restarted, the file system will reflect the new size.
Creating a Cinder volume groupTo create an LVM volume group for the Cinder volume driver, use the appropriate hypervisor tools toadd a new hard disk to the IBM SmartCloud Entry appliance virtual machine.
About this task
Then, log in to the appliance virtual machine and run the IBM SmartCloud Entry Appliance Manager(sceappmgr) tool.
Procedure1. Start the sceappmgr tool.2. Select the Manage Volume Groups option.3. Select the Create New Cinder Volume Group option.4. Enter the name for the new volume group. The name must start with "cinder-".5. Select the disk to be used as the first disk in the volume group.6. The system creates the new volume group.
Performing support and maintenance tasks on the IBM SmartCloudEntry applianceWith the sceappmgr tool you can set the logging level for OpenStack services, collect IBM SmartCloudEntry logs for Support, and migrate from previous versions of IBM SmartCloud Entry. You can also applyfixes and restart or shutdown the IBM SmartCloud Entry appliance.
Procedure1. Start the sceappmgr tool.2. Select the Support and Maintenance option.3. Select the operation to be performed.
Results
The sceappmgr tool performs the requested task. A change to the logging level is not implemented untilthe OpenStack services are restarted. When the system collects logs, a subdirectory with a name likelogs-date is created in the sysadmin home directory, for example, logs-2013-04-116_11-37-28. Thisdirectory contains the compressed log or logs.
Chapter 8. Configuring IBM SmartCloud Entry appliances 131
Applying fixes and updates for the IBM SmartCloud Entry applianceYou can use the Support and Maintenance option to apply fixes and updates for the IBM SmartCloudEntry appliance.
About this task
Updates and fixes for the component parts that make up the software stack included in the IBMSmartCloud Entry appliance are published in a single fix pack file. After you download the fix pack fileto your deployed appliance, selection of a single sceappmgr menu option performs the necessaryupdates.
To download and install updates and fixes for the software stack that is provided by the IBM SmartCloudEntry appliance, follow these steps:
Procedure1. Open your browser to IBM Support Fix Central at http://www-933.ibm.com/support/fixcentral/2. Click Select product.3. Select Other Software for the Product Group.4. For the Product, select IBM SmartCloud Entry version 3.2.5. Select All for the Installed Version.6. Select All for the Platform and select Continue.7. Identify fixes by selecting Browse for fixes and select Continue.8. Select the specific fix that you want and select Continue.9. Authenticate to the Fix Central server to demonstrate entitlement.
10. Select the method that you want to use to download the fix and select Continue.11. Store the appliance fix pack file to a known location on the IBM SmartCloud Entry appliance, such
as /tmp.12. Start the sceappmgr tool (sceappmgr).13. Select the Support and Maintenance option.14. Select the Install Fix Pack option.15. At the prompt, type the full path and file name of the fix pack file that you downloaded.16. At the prompt, enter a 1 to start the fix installation process.
OpenStack or operating system services might be stopped and restarted during the installationprocess.When the process is complete, the IBM SmartCloud Entry appliance is updated with the fix packcontents. Progress is reported on the screen and the following completion message displays whenthe updates are completed:All updates completed successfully.
The sceappmgr tool automatically stops at the end of the fix pack installation to finish applying fixesto the tool.
132 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 9. Configuring IBM SmartCloud Entry properties
You can configure many IBM SmartCloud Entry features through a web user interface, but you canconfigure all IBM SmartCloud Entry features by modifying configuration property files that are located inthe IBM SmartCloud Entry home directory. This section contains information about these configurationproperty files and the values that you can modify.
After successfully installing IBM SmartCloud Entry, there is a directory that is called /.SCE32. Thisdirectory is the IBM SmartCloud Entry home directory and contains all of the IBM SmartCloud Entryconfiguration property files and log files.
By default, the IBM SmartCloud Entry home directory is created at the following locations:v On Microsoft Windows, the default location is the user home directory.v On Linux or AIX, the default location is the /var/opt/ibm directory.
The authentication.properties file settings are required for IBM SmartCloud Entry to interface withyour cloud manager. The other features provide flexibility and convenience.
To configure basic properties and features of IBM SmartCloud Entry, you must modify properties that aredefined within the configuration files in the home directory. These configuration files include thefollowing:
authentication.propertiesSpecifies the user authentication type to use for IBM SmartCloud Entry.
database.propertiesSpecifies the database type and path.
email.propertiesSpecifies email notification capabilities.
cloud.propertiesSpecifies the common configuration of IBM SmartCloud Entry and the URL for the User Guidedocumentation.
deployment.propertiesSpecifies properties for configurations of virtual appliances to simplify deployments for cloudusers.
logging.propertiesSpecifies IBM SmartCloud Entry log file properties.
networkConfiguration.propertiesSpecifies network configurations for deployments.
billing.propertiesEnables charging for cloud resources upon deployment.
metering.propertiesEnables metering for cloud resources upon deployment.
web.propertiesSpecifies properties for the user interface configuration.
server.propertiesSpecifies properties for enabling the optional Secure Sockets Layer (SSL) configuration.
Notes:
© Copyright IBM Corp. 2012, 2013 133
v If you do not know your user home directory in a Windows OS, enter %HOMEPATH% in the address bar ofa Windows Explorer window.
v If you modify these properties while the IBM SmartCloud Entry server is active, you must stop andrestart IBM SmartCloud Entry for the new property values to take effect.
Configuring user registry authenticationIBM SmartCloud Entry supports both Local and Lightweight Directory Access Protocol (LDAP) userregistry authentication mechanisms. Authentication is performed by using the IBM SmartCloud Entrylocal user registry.
Local user registries are intended for small-scale usage, such as proof-of-concept scenarios,demonstrations, or environments with up to 30 users and projects.
LDAP user registries provide the highest level of security and scalability for production environmentsand enable IBM SmartCloud Entry to share a central user registry for existing users with otherapplications that support LDAP.
For more information about user registry authentication, see “IBM SmartCloud Entry server components”on page 8.
LDAP authenticationThe IBM SmartCloud Entry includes an LDAP authenticator that is designed to authenticate users in awide range of environments, whether the authentication process is a simple bind or a multistage process.
LDAP authentication is performed by defining a series of steps for the authentication process, definingthe inputs and outputs of each step, and then running them in sequence. If all the steps run successfully,the user is authenticated.
Configuring LDAP authentication manuallyBeginning in IBM SmartCloud Entry 3.1 the web interface is the primary means of configuring LDAP. Ifyou have a migrated LDAP configuration from a previous release, or if you want to enable user namecase sensitivity, you can edit the ldap.xml configuration file.
For more information about configuring LDAP by using the web interface, see “Configuring LDAPauthentication using the web interface” on page 175.
Properties of an LDAP authentication step
Host A string host name for the LDAP host. This property is required.
Search ContextIf an LDAP lookup is to be performed, a search context must be provided. This property isrequired only if a search filter is provided.
Search FilterIf an LDAP lookup is to be performed, a search filter format string must be provided. This stringtells the authenticator how to create a search filter that ensures that only one result is returned, asLDAP does not guarantee ordering of results if there are more than one. Additionally, the stringFILTER is a special value in the search filter. This string is replaced with the user ID enteredduring login. If you do not use the string FILTER in your configuration file, there is noreplacement during authentication. If the strings that are defined in your configuration file arestatic, and a search context is provided, the search filter property is required.
Authentication DN
134 IBM SmartCloud Entry: Administrator Guide 3.2
This property specifies the distinguished name (DN) used for authenticating to the LDAP server. Ifyou are using this property to perform a search, you can specify the property as:</authDN password="password">dnname</authDN>
If the property is specifying the DN to use for authentication, define the DN in one of the followingways:v The DN can be constructed from the user ID. For example, the DN for a user logging in as joe can
be constructed by using the following:<authDN>uid={FILTER},ou=people,dc=site</authDN>
This example creates the DN uid=joe,cn=users,ou=people,dc=site
v The DN of the LDAP user entry that is returned by a previous search step is represented usingthe special value {PERSON_DN}, as shown in this example:<authDN>{PERSON_DN}</authDN>
In both cases, the password that the user entered to log in is also used to authenticate to theLDAP server.
To perform an anonymous search, do not specify the authentication DN property.
Admin UsersThis attribute specifies a list of LDAP user accounts to be given administrator privileges:<adminUsers>[email protected],[email protected]</adminUsers>
User name case sensitiveThis attribute specifies whether the LDAP server defines the user name as case sensitive or not.<userNameCaseSensitive>true</userNameCaseSensitive>
Secure connection enablementThis attribute specifies whether to enable a secure connection for LDAP authentication. SomeLDAP servers enable the StartTLS operation by default, and other LDAP server do not. As anadministrator, you can turn off the secure connection, if the LDAP server does not supportStartTLS operation. The possible values for this attribute are true or false. To enable a secureconnection, specify this property in the config element:<enableSecureConn>true</enableSecureConn>
OutputsThis value indicates what information is needed during the current step for the next step andhow to pass that information along. The Outputs value is essentially a list of instructions thatgets an attribute value, for example foo, and passes it along as bar. This value is optional.v User account name: An output can be flagged as the name for a user account by adding
attribute="fullname" to the output tag. This value is retrieved and used as the user name byIBM SmartCloud Entry. If you do not specify this value, the user ID is used for the userdisplay name.
v User e-mail address: An output can be flagged as the email for a user account by addingattribute="email" to the output tag. This value is retrieved and used as the user emailaddress by IBM SmartCloud Entry.
Example of an ldap.xml file
In this example of an ldap.xml file, an authenticated secure search is performed to find the directoryentry where the mail attribute matches the value that is passed into the username field.<?xml version="1.0"?><config><host>ldap://ldap.company.com</host><adminUsers>[email protected],[email protected]</adminUsers><enableSecureConn>false</enableSecureConn><userNameCaseSensitive>true</userNameCaseSensitive>
Chapter 9. Configuring 135
<step><authDN password="password">cn=ldapAdmin,ou=directory,o=company.com</authDN><searchFilter>(|(mail={FILTER}))</searchFilter><searchContext>ou=directory,o=company.com</searchContext><outputs>
<output attribute="fullname"><get>cn</get>
</output></outputs>
</step><step>
<authDN>{PERSON_DN}</authDN></step>
</config>
Changing authentication modeYou can change the IBM SmartCloud Entry to LDAP authentication mode by editing theauthentication.properties file.
About this task
Note: Beginning in IBM SmartCloud Entry 3.1, the web interface is the primary means of configuringLDAP. If you use the web interface to configure LDAP, the steps in this task are not required. For moreinformation about configuring LDAP by using the web interface, see “Configuring LDAP authenticationusing the web interface” on page 175.
To change IBM SmartCloud Entry to LDAP authentication mode, complete the following steps:
Procedure1. Open the authentication.properties file in the home directory.2. Set the authentication.type property to LDAP as shown in the following example:
authentication.type=LDAP
3. Open the ldap.xml file in the home directory.4. Configure the LDAP steps as described in the “Configuring LDAP authentication manually” on page
134.5. Restart the IBM SmartCloud Entry server.
You can change the authentication mode back to local by setting the authentication.type propertyback to LOCAL.
Configuring local authenticationBy default IBM SmartCloud Entry is set up to use local authentication mode. Local authentication isintended for small-scale usage, such as proof-of-concept scenarios, demonstrations, or environments withup to 30 users and projects. For large-scale production environments, configure LDAP to ensure thehighest level of security.
About this task
Validate the configuration by following these steps:
Procedure1. Open the authentication.properties file in the home directory.2. Configure the authentication.type property to use local authentication, such as:
authentication.type=Local
3. Configure the default administrator user name, name, and password, similar to the followingexample:
136 IBM SmartCloud Entry: Administrator Guide 3.2
admin.username=adminadmin.name=SCE Administratoradmin.password=<password>
Notes:
a. These fields might already be populated or configured during installation.b. The values of the admin.username, admin.name, and admin.password that are shown are examples.
You should update these values according to your business or security guidelines.c. To prevent too many invalid login attempts, a user can attempt to login to IBM SmartCloud Entry
three times within a 24-hour period. After three failed login attempts, both the user andadministrator roles are locked out. However, the administrator can unlock the user record.To configure this limitation, enable the com.ibm.cfs.failedlogincheck.enabled property asfollows:com.ibm.cfs.failedlogincheck.enabled=false
This property is disabled by default.d. The account 'Locked' field associated with the user record in IBM SmartCloud Entry, is valid only
when the account is locked in IBM SmartCloud Entry using LOCAL authentication, rather thanLDAP authentication. If you are using the LDAP authentication and have the 'account locking'feature enabled on your LDAP server, do not enable it on the IBM SmartCloud Entry server. Inthis case, set the com.ibm.cfs.failedlogincheck.enabled property to false in theauthentication.properties file on the IBM SmartCloud Entry server.
Configuring REST API authenticationYou can configure IBM SmartCloud Entry to require authentication when it calls to the IBM SmartCloudEntry REST APIs.
About this task
IBM SmartCloud Entry supports the following authentication methods:v Basic HTTP authentication for a user login and REST API-based validationv Encrypted token-based authentication for REST API calls
The basic strategy for using encrypted tokens is as follows:v HTTP/REST agents (browser or REST client) initially use the login authentication REST API to
authenticate their user ID and password credentials.v The user ID and password are validated against the LOCAL or LDAP repository (depending if LOCAL
or LDAP is configured).v Upon successful login authentication, an encrypted token and its expiration are returned in the login
response.v The agent can use (as an HTTP header cookie) the encrypted token for subsequent REST API calls to
identity themselves until the token expires.v After the authentication token expires, the agent must use the login REST API again to validate their
user ID and password. When complete, the agent obtains a new authentication token.
Note: The system that is running the IBM SmartCloud Entry web interface or REST client must have thedate, time, and time zone that is correctly configured for its physical location.
To require authentication when IBM SmartCloud Entry calls to the Rest APIs, complete the followingconfiguration steps:
Chapter 9. Configuring 137
Procedure1. Open the authentication.properties file in the home directory.2. Set the authentication.secure property to true as shown in the following example:
authentication.secure=true
When the property is set to true, the caller is prompted for credentials before it processes the APIrequest. The credentials are validated against the user registry that is configured, such as Local orLDAP.
3. If IBM SmartCloud Entry is configured to use Single Sign On with other SmartCloud products, youmust set the shared secret key. Use the same shared secret key in all applications by using Single SignOn. If IBM SmartCloud Entry is not using Single Sign On, leave the property unset and theapplication generates and save a new secret key when it first starts.com.ibm.cfs.token.key=The Secret Encryption Key
4. Optional: Set the name of the HTTP header cookie. The cookie is used to transport the encryptedauthentication token. This property specifies the name of the HTTP header cookie, which is used inHTTP REST API requests to transport the encrypted authentication token. The default value issimpletoken.com.ibm.cfs.token.header.field.name=simpletoken
5. Optional: Set the time duration for authentication tokens (in seconds). This time duration determineshow long an authentication token is valid. After a token expires, the agent must obtain a new tokenby using the login authentication REST API.com.ibm.cfs.token.duration=14400
6. Optional: Disable automatic renewal for the authentication token. When enabled, authenticationtokens renew (by using the specified duration period) each time they are successfully used on an APIcall. If this option is disabled, the only way to renew an authentication token is to obtain a new tokenby using the login authentication REST API.com.ibm.cfs.token.autorenew.enabled=false
7. Restart your IBM SmartCloud Entry server for the changes to take effect.
Configuring databaseBy default, IBM SmartCloud Entry uses an internal Derby database which is created inside the homedirectory. For larger environments, you might want to use an external database. IBM SmartCloud Entrysupports using an external DB2 database.
About this task
For more information about installing DB2, see “Database prerequisites (optional)” on page 26.
IBM SmartCloud Entry also supports initial use of a Derby database and migration to a DB2 database ata future point. For details on the migration process, see “Migrating a Derby database to DB2 database”on page 101.
To change the IBM SmartCloud Entry database configuration to use DB2, complete the following steps:
Procedure1. Open the database.properties file in the home directory.2. Set the database.type property to DB2, as shown in the following example:
database.type=db2
3. Set the database.username property to the user ID defined for the database, as shown in the followingexample:database.username=<db2user>
138 IBM SmartCloud Entry: Administrator Guide 3.2
4. Set the database.password property to the password ID defined for the database, as shown in thefollowing example:database.password=<db2passwd>
Note: The clear text password is replaced with an encrypted password after IBM SmartCloud Entrylaunches the first time.
5. Set the database.db2.path property to the location of the DB2 database, as shown in the followingexample:database.db2.path=//localhost:50000/cfs:
Note:
v One or more connection directives can be appended to the database path, and they must beseparated by a semicolon. For example:database.db2.path=//localhost:50000/cfs:retrieveMessagesFromServerOnGetMessage=true;
v Replace localhost with a full IP address (it can be a remote host) and verify the port number. Hereare a few links to help you find the port number:UNIX: http://publib.boulder.ibm.com/infocenter/cmgmt/v8r3m0/index.jsp?topic=%2Fcom.ibm.sysadmin.hlp%2Fcsa10010.htm or as a potential shortcut, use the grep i db2/etc/services command.Windows: http://publib.boulder.ibm.com/infocenter/cmgmt/v8r3m0/index.jsp?topic=%2Fcom.ibm.sysadmin.hlp%2Fcsa10010.htm or as a potential shortcut, look for the DB2 entries inthe services file at C:\WINDOWS\system32\drivers\etc\services.
Configuring email notificationsIBM SmartCloud Entry sends email notifications for several relevant user and administrator events suchas an instance completion, instance failure, new user account requests, and new user accounts created. Inorder to take advantage of these notification capabilities, you must configure the notification properties inthe home directory.
About this task
To set up notification for IBM SmartCloud Entry follow these steps:
Procedure1. Open the email.properties file in the home directory.2. Set the com.ibm.cfs.email.relay.host property to the host name of the relay host that IBM
SmartCloud Entry uses for outgoing SMTP emails.3. Optionally, you can set the email subject prefix for all IBM SmartCloud Entry emails and the "from"
name, by setting the following properties:com.ibm.cfs.email.subject.prefixcom.ibm.cfs.email.from.namecom.ibm.cfs.email.from.address
4. Save the email.properties file and restart the IBM SmartCloud Entry server.You can globally disable email notifications in IBM SmartCloud Entry by setting thecom.ibm.cfs.email.default.notifications property in the email.properties file to false.Individual users can disable notifications through the IBM SmartCloud Entry web user interface.
Note: Ensure that the IBM SmartCloud Entry administrator has an email address that is configured toreceive notifications.
Chapter 9. Configuring 139
Configuring common cloud propertiesCommon cloud properties are configured by providing information such as the refresh interval andonline help configuration in the cloud.properties file.
About this task
To configure your cloud manager, do the following:
Procedure1. Open the cloud.properties file in the home directory.2. Edit the properties by providing values for each configuration property.3. Save the cloud.properties file and restart the IBM SmartCloud Entry server.
Cloud refresh intervalIBM SmartCloud Entry checks for new images and instances in the cloud and synchronizes the propertiesfor these images and instances.
By default, IBM SmartCloud Entry receives messages from the cloud to synchronize with the cloudmanager. The frequency of this synchronization is determined by thecom.ibm.cfs.cloud.refresh.interval property in the cloud.properties file. If the property is not set, adefault of 30 seconds is used.
IBM SmartCloud Entry scans the cloud for updates on instances as often as the refresh interval propertyspecifies. However, you can change the synchronization mode so that IBM SmartCloud Entry periodicallychecks with the cloud without waiting for messages.
For more information about setting the synchronization mode, see “Configuring cloud synchronizationmode” on page 142.
Cloud online help configurationThe IBM SmartCloud Entry has a configurable documentation property that enables IBM SmartCloudEntry to open the User Guide when the Help link is selected by the user.
About this task
To configure the URL for the Help documentation, follow these steps:
Procedure1. Open the cloud.properties file in the home directory.2. Configure the property com.ibm.cfs.cloud.documentation to be set to the URL for the User Guide
location. By default, this property is set to the IBM SmartCloud Entry User Guide. Using the defaultproperty setting, the user can access the User Guide on the IBM SmartCloud Entry wiki in any of thesupported languages by selecting the link for the language of choice. If something other than thisdefault behavior is wanted, the property can be changed to any URL where the User Guide documentis located.
Configuring global image deploymentImage deployment customization properties that apply equally to all images in the IBM SmartCloudEntry image library can be configured through the deployment.properties configuration file in the homedirectory.
140 IBM SmartCloud Entry: Administrator Guide 3.2
To simplify the image deployment process for IBM SmartCloud Entry users, configure all of the imagesbefore you make IBM SmartCloud Entry available to users. Image property customization often requiresknowing the low-level details of the environment or having advanced knowledge of the data center.
You can configure image deployment customization properties through the IBM SmartCloud Entry webuser interface for individual image settings or through the deployment.properties file in the homedirectory for global image settings. For more information about configuring individual image settings, see“Configuring image deployment properties” on page 182.
The contents of the deployment.properties configuration file depend on what is expected by the cloudmanager software, either VMware, VMControl, or OpenStack and what hardware is available.
Note: Global configurations are refreshed only when manually reset or when the deployment targetchanges.
VMControl
For VMControl, these properties correspond to Open Virtualization Format (OVF) properties that arefound in the images that are used by the manager software. Any customization property that is expectedby the cloud manager can be specified here as a default global property for all subsequent deployments.
For VMControl image customization information, see the customization APIs found in the IBM SystemsDirector VMControl SDK, such as the virtualAppliances/{virtualApplianceOID}/customization API.
VMware
When you use VMware as the cloud manager, the following properties are supported for Linux andWindows images:vmware.linux.dns1=9.8.8.8vmware.linux.dns2=9.8.8.7vmware.linux.hostname=myhostvmware.linux.domainname=cloud.company.com
vmware.windows.computername=WINDOWSvmware.windows.workgroup=WORKGROUPvmware.windows.timezone=20vmware.windows.username=John Doevmware.windows.organization=Cloud Companyvmware.windows.productkey=xxxx-xxxx-xxxx-xxxx-xxxxvmware.windows.password=Default_password_for_windows_deployments
vmware.dnssuffixlist=cloud.company.com,company.com
vmware.networkdevice.Network adapter 1.network=VM Networkvmware.networkdevice.Network adapter 1.usedhcp=falsevmware.networkdevice.Network adapter 1.ipaddress=vmware.networkdevice.Network adapter 1.netmask=255.255.255.0vmware.networkdevice.Network adapter 1.gateway1=9.9.9.9vmware.networkdevice.Network adapter 1.gateway2=vmware.networkdevice.Network adapter 1.dns1=9.8.8.8vmware.networkdevice.Network adapter 1.dns2=9.8.8.7vmware.networkdevice.Network adapter 1.primaryWINS=9.8.8.10vmware.networkdevice.Network adapter 1.secondaryWINS=9.8.8.11
For VMware, you can also find these properties in the deployment.properties file.
OpenStack
When you use OpenStack as the cloud manager, the following properties are supported for AIX, Linux,and Windows images in the deployment.properties file:
Chapter 9. Configuring 141
openstack.openstack.flavorsopenstack.openstack.keypairsopenstack.openstack.server.personality.source.[1-5]openstack.openstack.server.personality.target.[1-5]openstack.openstack.server.customizationsopenstack.networkdevice.Network adapters.networksopenstack.config.drive
More deployment properties are available for images that have a configuration strategy. For moreinformation about configuration strategies, see “Configuring images with OpenStack” on page 153.
Configuring a deployment targetBy default, IBM SmartCloud Entry deploys images to any known pool or host in the cloud, where "pool"refers to a system pool when you are using VMControl or a resource pool when you are using VMware.OpenStack only supports the cloud as the deployment target. For VMControl and VMware, you can set adifferent default global deployment target.
About this task
To change this default target selection strategy, follow these steps:
Procedure1. Open the deployment.properties file in the home directory.2. Set the value of the com.ibm.cfs.deployments.target.strategy property to any of the following target
selection strategies:
byNameUse the target with the given name. The name might refer to a host, system pool, resourcepool, or cluster depending on the type of cloud adapter that is being used. Set the propertyvalue to byName:{targetName}, where {targetName} is the actual name of the desired system.
byID Use the system with the specified ID. For VMControl, this ID is the OID of the target systempool or host. Set the property value to byID:{targetOID}, where {targetOID} is the actual OIDof the desired system.
anyPoolUse any system that is a pool.
anyHostUse any system that is a physical host.
anyPoolOrHostUse any pool or physical host.
anyClusterUse any cluster (applicable to VMware only).
anyTargetUse any pool or host for VMControl and use any pool or host or cluster for VMware.
3. Save the deployment.properties file and restart the IBM SmartCloud Entry server.
Configuring cloud synchronization modeIBM SmartCloud Entry scans the cloud for updates on instances as often as the refresh interval propertyspecifies. However, you can change the synchronization mode so that IBM SmartCloud Entry periodicallychecks with the cloud without waiting for messages.
To change the sync mode, open the deployment.properties file and modify the following settings:com.ibm.cfs.cloud.sync=push
142 IBM SmartCloud Entry: Administrator Guide 3.2
To enable IBM SmartCloud Entry to synchronize with the cloud by using periodic checking, set thisproperty to poll. Enable the configuration by ensuring that you uncomment the com.ibm.cfs.cloud.syncline (remove any preceding # symbol).
For more information about setting the refresh interval, see “Cloud refresh interval” on page 140.
Configuring a staging projectBy default, IBM SmartCloud Entry scans the cloud for new images periodically. When IBM SmartCloudEntry finds a new image or instance, it places it in the Public project where all users have access to it.However, you can configure a staging project to store newly discovered images or instances, allowingadministrators to configure images before making them available to other users.
For more information about newly discovered images, see Cloud refresh interval.
To configure this staging project, add or uncomment this line in the deployment.properties file:com.ibm.cfs.staging.project=Staging
Save the deployment.properties file and restart the IBM SmartCloud Entry server. The property takeseffect after the server is restarted.
Note: When using the VMware adapter, virtual servers that are defined as templates on the vCenterserver are automatically discovered and displayed on the IBM SmartCloud Entry Images area. The IBMSmartCloud Entry administrator defines which images belong to which user profiles and thereforedefines which VMware virtual server templates a user can access. IBM SmartCloud Entry discovers allvirtual server templates regardless of which datacenter they reside in. There is currently no option tolimit IBM SmartCloud Entry to specific datacenters.
Configuring global priority of an instance when relocatingIBM SmartCloud Entry enables you to choose whether you want your users to update the global priorityof an instance when relocating the instance from host to host. Instance priority is the priority for relocatinginstances from one host to another host, when the instance is deployed in a pool. Depending on your siteadministration policies, you might not want users to change the priority of instances.
About this task
To configure the ability of updating instance priority, follow these steps:
Procedure1. Open the deployment.properties file in the home directory.2. To disable the ability to update instance priority, set the com.ibm.cfs.deployments.update.priority
property to false. The default value of this property is false. If this property does not exist in thedeployment.properties file, add it to the file.
3. Save the deployment.properties file and restart the IBM SmartCloud Entry server.
Configuring access to advanced deployment formIBM SmartCloud Entry allows you to choose whether you want your users to see the advanceddeployment form or just the basic deployment form.
About this task
The advanced deployment form allows a user or administrator to access all of the image properties thatcan be configured when an image is deployed. The basic deployment form contains only a subset of theimage properties. Depending on your site administration policies, you may or may not want to show thisadvanced panel to the user.
Chapter 9. Configuring 143
To configure the visibility of the advanced deployment form, follow these steps:
Procedure1. Open the deployment.properties file in the home directory.2. Set the deployment.advanced.form.enabled property to true. This value enables the advanced
deployment form so that it is displayed to all users. The default value of this property is false; users,by default, do not see the advanced deployment form.
3. Save the deployment.properties file and restart the IBM SmartCloud Entry server.
Results
Note: Administrators can also configure which advanced properties are shown on the basic deploymentform. Use the web interface to configure those values for an image. When thedeployment.advanced.form.enabled property is set to true, project owners can also configure whichadvanced properties are shown on the basic deployment form
Configuring the number and maximum size of additional storageIBM SmartCloud Entry interface allows a user to add additional secondary disks to a virtual image usingthe Add Storage property. Adding additional secondary disks is also supported for VMware when youare deploying an image. IBM SmartCloud Entry provides a configurable property to set the maximumnumber of disks that can be attached to a virtual machine. This property applies during and afterdeployment of the virtual machine.
About this task
Note: This feature is not supported if the following statements are true:v The virtual machine is deployed in the Shared Storage Pool.v The instance that is being deployed is an IBM i instance.
To configure the secondary disk properties, follow these steps:
Procedure1. Open the deployment.properties file in the home directory.
v To set the maximum number of disks to use, edit the com.ibm.cfs.vs.max.disks property. Thedefault value of this property is 3.
v To set the maximum size in megabytes, edit the com.ibm.cfs.vs.max.disksize property. The defaultvalue of this property is 2048000.
2. Save the deployment.properties file and restart the IBM SmartCloud Entry server.
Configuring Storage Copy Services (SCS) capture repositories(VMControl only)IBM SmartCloud Entry allows you to specify that you want all captured workloads to be saved in theStorage Copy Services (SCS) repository
Before you begin
In order to configure this option, you must know the object ID (OID) of the VMControl image repository.To find this OID, run the IBM Systems Director CLI command smcli lsrepos -o as shown in thefollowing example, where the SCS repository is 6838. The results also show a second repository with anOID of 3795, but note that is not the SCS repository and so it can be ignored for the purposes of thisconfiguration example.
144 IBM SmartCloud Entry: Administrator Guide 3.2
smcli lsrepos -oDEV2_V7K_Image_Repository, 6838icb-mgr, 3795
About this task
This configuration is optional and only needed if you have multiple image repositories in yourenvironment, and you want to select one repository over another. By default when a user captures aworkload, the first SCS repository found is used. To configure a different SCS capture repository to beused, follow these steps.
Procedure1. Open the deployment.properties file in the home directory.2. Set the com.ibm.cfs.vmc.capture.repository.scs property to the VMControl OID of the repository.3. Save the deployment.properties file and restart the IBM SmartCloud Entry server.
Configuring retry for a failed deploy or delete action (VMControl only)IBM SmartCloud Entry can retry failed VMControl deployments and deletions one time.
About this task
To enable the automatic retry, follow these steps:
Procedure1. Open the deployment.properties file in the home directory.2. Set the com.ibm.cfs.vmc.deployment.retry.reasons to .*
# A command-separated list of error codes from VMControl or Director for which# a deployment should be re-attempted, because it may succeed the second time.# This is an advanced setting and should not be modified unless really necessary.# Use .* to retry for any reasoncom.ibm.cfs.vmc.deployment.retry.reasons=.*
3. Set the com.ibm.cfs.vmc.deployment.deletion.retry.reasons to .*
# A command-separated list of error codes from VMControl or Director for which# a deployment deletion should be re-attempted, because it may succeed the second time.
# This is an advanced setting and should not be modified unless really necessary.# Use .* to retry for any reasoncom.ibm.cfs.vmc.deployment.deletion.retry.reasons=.*
4. Set the com.ibm.cfs.vmc.deployment.deletion.retry.timeout to 5
# The timeout in minutes for the thread that waits for the VMControl workload to stop# before we attempt to delete it again . This is a VMControl workaround. Default is 5# minutes.com.ibm.cfs.vmc.deployment.deletion.retry.timeout=5
5. Save the deployment.properties file and restart the IBM SmartCloud Entry server.
Restriction: This function is available only with IBM SmartCloud Entry 2.2 FP 2 or later installed.
Configuring images with VMwareThis section describes some additional setup and configuration considerations when using the VMwarecloud manager.
VMware considerations when deploying an imagev IBM SmartCloud Entry requires the vCenter virtual switches and distributed virtual switch port groups
to be defined before deploying instances. IBM SmartCloud Entry users and administrators are allowedto choose which virtual network the instance uses. IBM SmartCloud Entry supports either standard
Chapter 9. Configuring 145
VMware vSwitches or distributed virtual switch port groups. IBM SmartCloud Entry supports the IBMDVS 5000V and the IBM SDN VE distributed virtual switches. If you are using a distributed virtualswitch other than those, check the type in vCenter to ensure that it is supported.To check the type in vCenter, follow these steps:1. Browse to https://<your vCenter>/mob.2. Log in with an administrator account.3. Select the content link.4. Select the root folder.5. Select the data center that contains the third party distributed virtual switch.6. Select the network folder.7. Select the distributed switch that you want (the id starts with dvs-).
The top of the page shows the managed object type of the switch. If the switch type isVmwareDistributedVirtualSwitch or DistributedVirtualSwitch then it is supported. If the distributed switchtype is something other than the types listed, it is not supported; you receive an error when youdeploy to a port group that uses that distributed switch.
v IBM SmartCloud Entry connects to the vCenter server by using a single user ID and password. It isrecommended that this user has the vCenter administrator role. If you choose to use a different userID, that user must have sufficient permissions to perform the operations on the virtual machines. Theuser ID must also have access to various virtual machine resources, such as networks and datastores.
v Do not change a virtual machines UUID in the vSphere Infrastructure Client. In some cases, such asmanually moving a virtual machine, the vSphere Infrastructure Client asks if you want the UUIDchanged. When an instance is deployed, IBM SmartCloud Entry keeps the UUID of the virtual machinein its database and uses that UUID to find the virtual machine in vCenter, therefore you should notchange the UUID.
v At some point, you might decide to migrate from IBM SmartCloud Entry to the IBM Tivoli ServiceAutomation Manager (TSAM) product or other IBM cloud product. To ease the transition, it is highlyrecommended that you set up your Windows and Linux guest images as required by TSAM. Even ifyou have no plans to migrate, see Creating operating system image templates for VMware in the IBMTivoli Service Automation Manager information center at http://pic.dhe.ibm.com/infocenter/tivihelp/v10r1/topic/com.ibm.tsam_7.2.4.1.doc/rdp/c_supported_os_vmware.html for more information aboutconfiguring your guest images.
v It is recommended that you install VMware tools on your guest operating systems before you make thevirtual machine a template.
Note: The VMware tools must be current with your version of VMware.v If you are using the VMware Converter tool to import your virtual machines into vCenter, you should
fully start the virtual server by using the VMware vSphere Client before you make it a template. Thisaction allows vCenter to discover whether VMware tools are installed into the guest.
v All virtual machines in vCenter are shown as instances in IBM SmartCloud Entry. If you convert avirtual machine to a template, the status of that instance in IBM SmartCloud Entry changes toUnknown since the virtual machine is now a template. Do not delete this instance from IBMSmartCloud Entry since that deletes the underlying template on vCenter. If you want to make thisinstance not available for non-administrative users, use the Hide option instead.
v IBM SmartCloud Entry does not allow you to import vApps. If you want to enable users to deploy asingle virtual server vApp, follow these steps:– Import the vApp by using vCenter– Modify the vApp properties as required by the application.– Convert the vApp to a template
v vApps with more than one virtual server are not supported.
146 IBM SmartCloud Entry: Administrator Guide 3.2
v During the deployment of an image, IBM SmartCloud Entry uses the VMware API to applycustomizations to the new virtual machine image. Therefore the VMware template image must becustomizable by VMware. While VMware vCenter enables you to deploy a template withoutcustomizations, this option is not available in IBM SmartCloud Entry.
v When you deploy an image, IBM SmartCloud Entry instructs VMware to power on the newlydeployed virtual machine. In some cases, depending on server loads, VMware might not power on thevirtual machine. In this case, IBM SmartCloud Entry displays, by default, the instance in STOPPEDstate. Since the instance has been successfully cloned and configured, IBM SmartCloud Entry does notdisplay an error and the instance can be started by the user. You can change this default behavior byusing a deployment property that is described in section “VMware wait for deployed virtual machine”.
v By default, IBM SmartCloud Entry reports a newly deployed instance in OK state as soon as VMwarepowers on the virtual machine. Depending on the guest operating system and image definition, itmight be a few minutes before the virtual machine is completely up and running and can be used. Insome cases, VMware might restart the virtual machine more than once during the customizationprocess. You can change this default behavior by using a deployment property that is described insection “VMware wait for deployed virtual machine”.
v IBM SmartCloud Entry allows the target of a deployment to be either a specific host, a host resourcepool that is associated with a host, a cluster, or a resource pool that is associated with a cluster. If thecluster is a DRS enabled cluster, VMware chooses the appropriate host and therefore you cannotchoose an individual host in that cluster. By default, IBM SmartCloud Entry is configured to randomlychoose a host that is not associated with a cluster. If no hosts are available, you get an error when youdeploy. You can change the default behavior by modifying the deployment.properties file as describedin section “Configuring a deployment target” on page 142. However, it is recommended that anadministrator configure each images target. For more information, see “Configuring global imagedeployment” on page 140.
v IPv6 is not supported when deploying to a VMware cloud. In order for deployments to not obtain anIPv6 address, the administrator needs to disable IPv6 in the VM template that is used for deploys.
Saving, restoring, and deleting virtual serversThe IBM SmartCloud Entry allows users to save back up copies of their virtual server disks andconfiguration files. These copies can be restored later.
In addition, IBM SmartCloud Entry provides functions to allow users to view and delete their savedimages. IBM SmartCloud Entry allows users to keep an administrator configured number of savedimages. When the limit is reached, the system automatically deletes the oldest saved image. Forinformation about how users perform save, restore, view, and delete operations, see the IBM SmartCloudEntry User Guide.
Deleting a virtual server
When a virtual server is deleted, all the saved images are deleted at the same time. There is no option tokeep images beyond the life of the virtual server.
Approvals
The save and restore functions can be configured for approval control. This requires an IBM SmartCloudEntry administrator to first approve any save or restore request.
Note: If the virtual server is powered on, the save function powers down the virtual server beforestarting the save operation. If the approval process is enabled, the virtual server remains powered onuntil the administrator approves the save or restore request. There is no approval process for deleting asaved virtual server image. To enable the approval process, see “Approval policies” on page 190.
Chapter 9. Configuring 147
Authorization
Only the creator of an instance, an IBM SmartCloud Entry administrator, or the project owner is allowedto save, restore, or delete a virtual server image. Users within the same project are not allowed toperform save, restore, or delete operations on other user images within a project.
Notifications
The save, restore, and delete images functions log events to the IBM SmartCloud Entry event log. Inaddition, save image and restore image operations send email notifications, if the user configuration isenabled to receive email notifications.
For more information about email notifications, see “Configuring email notifications” on page 139.
Setting saved image limitBy default, IBM SmartCloud Entry allows you to keep up to three saved virtual server images.
About this task
To change this limit, follow these steps:
Procedure1. Open the deployment.properties file.2. Update the com.ibm.cfs.vs.max.backups property.
For example, to keep 10 saved virtual server images, change the property to the following setting:com.ibm.cfs.vs.max.backups=10
3. Save the deployment.properties file.4. Restart the IBM SmartCloud Entry server.
VMware datastore assignment during deploymentThere is a new deployment property that you can set to select the target storage to be used when youdeploy a virtual image. You can set the Target Storage property value to datastores or datastore clustersthat are attached to the selected deployment target. If the selected deployment target is changed, thetarget storage value is updated to match what is available on the newly selected deployment target. IBMSmartCloud Entry always sets the default target storage value to use the default storage selectionalgorithm.
The default storage selection algorithm retrieves the list of datastores and datastore clusters that areassociated with the deployment target. It then selects one of the datastores or datastore clusters that isbacked by a block device that has enough free space to contain the virtual machine disk sizes. If a blockstorage cannot be selected, then the appropriate NFS file storage, with the largest free space is chosen. Ifthere is no available storage, the deployment fails.
You can specify a set of datastores and datastore clusters for the selection algorithm to exclude or includeor both. Set the com.ibm.cfs.cloud.vmware.enable.clone.template.properties property in thevmware.properties file to true. To exclude datastores and datastore clusters from being selected, edit thecom.ibm.cfs.cloud.vmware.datastore.exclude.list property and add a comma-separated list ofdatastore and datastore cluster names. To set the datastores and datastore clusters that can be selected,edit the com.ibm.cfs.cloud.vmware.datastore.include.list property and add a comma-separated list ofdatastore and datastore cluster names.
Note: By default, the selection algorithm includes all of the datastores and datastore clusters that areassociated with the deployment target.
For example,
148 IBM SmartCloud Entry: Administrator Guide 3.2
com.ibm.cfs.cloud.vmware.enable.clone.template.properties=truecom.ibm.cfs.cloud.vmware.datastore.exclude.list=dscluster3,localdisk4com.ibm.cfs.cloud.vmware.datastore.include.list=localdisk1,dscluster2
To disable the algorithm, specify the datastore that you want to use in thecom.ibm.cfs.cloud.vmware.target.datastore.names property.
For example:com.ibm.cfs.cloud.vmware.enable.clone.template.properties=truecom.ibm.cfs.cloud.vmware.target.datastore.names=san,san,san
Each datastore that is listed is for a different virtual disk. The first entry is the datastore where the virtualserver configuration files are located. The subsequent datastores in the list are for the virtual system harddisk devices. For example, if your virtual server has three disks you must specify four datastores in thislist. These datastores can all be the same datastore or a combination of different datastores. If the firstentry is for a datastore cluster, then the remaining entries are ignored. The datastore cluster is used forboth the configuration files and disks. Datastore clusters are ignored when specified for subsequententries in the list.
These vmware.properties file changes apply globally to IBM SmartCloud Entry and therefore to alldeployment targets. Make sure that you specify datastores and datastore clusters that are available to allhosts that are the potential targets for every image. You cannot use the include list and datastore namesproperties, if the following is true:v You have multiple cluster targets, each with its own set of storage, that is managed by the same
vCenter.v You want IBM SmartCloud Entry to target all the clusters.
In the datastore names property, you can specify different datastores for different disks if your virtualserver templates have more than one disk.
Note:
v Datastore clusters are only available when you are using vSphere 5 Enterprise Plus edition. For moreinformation about configuring and using datastore clusters, see the vSphere documentation.
v When you create the vmware.properties file, you must restart IBM SmartCloud Entry server. However,changes made to the property file after you restart the server are automatically updated.
Setting VMware user data during deploymentWhen you deploy an image, you can set user data for the deployed virtual machine by using instancecustomization. The user data customization enables you to pass your own configuration information tothe deployed virtual machine. If this customization fails during deployment, IBM SmartCloud Entrydisplays the instance in FAILED state.
About this task
IBM SmartCloud Entry does not require a specific content or format for the user data. Other than base64decoding, IBM SmartCloud Entry passes the data unchanged to the guest. It is therefore the responsibilityof the guest provider to process the user data. This usually requires writing and configuring a startupscript to read this data from the CD device. IBM SmartCloud Entry does not provide nor recommend anyparticular script.
IBM SmartCloud Entry supports base64 encoded and plain text user data. The default value is set tobase64 encoded. If decoding the user data fails, the user data is treated as plain text. IBM SmartCloudEntry passes the decoded user data to the deployed virtual machine through a CD backed by an ISO file.This gives the virtual machine access to the user data through the user-data file on one of its CDdevices.
Chapter 9. Configuring 149
IBM SmartCloud Entry must be configured properly to create an ISO file that contains the user data. IfIBM SmartCloud Entry is installed on Linux or AIX, then the mkisofs or genisoimage binary must exist inthe /usr/bin directory. If IBM SmartCloud Entry is installed on Windows then Cygwin must also beinstalled and the mkisofs.exe or genisoimage.exe executable file must exist in the Cygwin binary paththat is specified by the com.ibm.cfs.cloud.vmware.user.data.iso.cygwin.binary.path property in thevmware.properties file.
In addition, you can also set the following properties in the vmware.properties file to control the userdata:
com.ibm.cfs.cloud.vmware.user.data.file.nameThe name of the file on the ISO that contains the actual user data. The default value is user-data.
com.ibm.cfs.cloud.vmware.user.data.iso.temp.pathThe name of the path that is used to temporarily store ISO files on the IBM SmartCloud Entryserver. The default value is the IBM SmartCloud Entry home directory. This path must end with apath separator, such as '/' on Linux and '\' on Windows.
com.ibm.cfs.cloud.vmware.user.data.iso.cygwin.binary.pathThe name of the path to the Windows Cygwin binaries. If IBM SmartCloud Entry is installed onWindows then the mkisofs.exe or genisoimage.exe files must exist in this path. If IBMSmartCloud Entry is installed on Linux or AIX, then this property is not used. The default valueis the IBM SmartCloud Entry home directory. This path must end with a path separator, such as'/' on Linux and '\' on Windows.
Note:
v The ISO files that are created are managed by IBM SmartCloud Entry and not VMware. As a result,when you delete a virtual machine outside of IBM SmartCloud Entry, such as through the vSphereclient interface, the ISO file that is created for the virtual machine is not removed.
v The ISO file of the virtual machine that contains the user data is not preserved with any saved virtualserver images or capture instances that are created from the virtual machine.
v For more information about Cygwin, see cygwin.com.
Set secure access during deploymentWhen you deploy a Linux image, you can set secure access to the deployed virtual machine by usinginstance customizations.
Using these optional customizations, you can set the password or SSH public key or both for a user onthe guest operating system. If these customizations fail during deployment, IBM SmartCloud Entrydisplays the instance in FAILED state. You can set secure access for a root or a non-root user.
IBM SmartCloud Entry must be provided with the current root user name and password for the guestoperating system to set secure access during deployment. In addition, IBM SmartCloud Entry usesVMware guest operations to complete the customizations and there are special requirements forperforming VMware guest operations. For more information, see “Requirements for VMware guestoperation” on page 152.
When you set a password for a user, access the IBM SmartCloud Entry server by using a secureconnection. This ensures that the password is encrypted when sent to the IBM SmartCloud Entry server.For more information, see “IBM SmartCloud Entry for Cloud SSL configuration (optional)” on page 92.
When you set an SSH public key for a user, the guest operating system must have OpenSSH installedand configured to take advantage of this customization. In addition, the SSH public key must be specifiedaccording to the OpenSSH authorized_keys file format. For more information about OpenSSH, seehttp://www.openssh.org/.
150 IBM SmartCloud Entry: Administrator Guide 3.2
Resetting secure access during capture
When you capture a Linux instance, the SSH public keys for a user are removed from the guest operatingsystem if they were set by IBM SmartCloud Entry when the instance was deployed.
Note: For more information, see “Set secure access during deployment” on page 150.
Removing the SSH public keys prevents the keys from being available to instances deployed from thecaptured image. If the SSH public keys are unable to be removed during capture, IBM SmartCloud Entrydisplays warning messages in the image logs. In such cases, you must manually remove the SSH publickeys for the user.
IBM SmartCloud Entry needs the current root user name and password for the guest operating system toreset secure access during capture. IBM SmartCloud Entry obtains this information from the virtual servercredentials, which are initially set based on the instance customizations. The virtual server credentials canbe reset later if changed in the guest operating system after deployment. For more information, see theGET and PUT /instances/{id}/virtualServers/{id}/credentials REST APIs in the IBM SmartCloud Entry SoftwareDevelopment Kit (SDK) Reference guide.
IBM SmartCloud Entry uses VMware guest operations to reset secure access during capture and there arespecial requirements for performing VMware guest operations.
Note: For more information, see “Requirements for VMware guest operation” on page 152.
Waiting for a deployed virtual machine (VMware)IBM SmartCloud Entry provides a deployment property that enables users to specify whether to wait fora deployed virtual machine to be started and ready for use before it reports the newly deployed instancein OK state.
About this task
This deployment property option is labeled “Wait for the deployed virtual machine to be started andready for use.” When this option is enabled, IBM SmartCloud Entry displays the instance in a FAILEDstate, if the deployed virtual machine is not started and ready for use in the allotted time. A failure canbe caused by problems during the customization process (for example, specifying an incorrect Windowsproduct key) or if the virtual machine cannot be powered on.
If VMware Tools is installed on the guest operating system, the virtual machine is considered started andready for use when the virtual machine is powered on and the necessary network customizations arecompleted for it. If VMware Tools is not installed, then only the powered on state is checked.
You can configure the amount of time to wait for a deployed virtual machine to be started and ready foruse by setting the com.ibm.cfs.cloud.vmware.deployed.vm.start.wait.time in the vmware.properties file. Thetime is in seconds and defaults to 2,700 (or 45 minutes). For example,com.ibm.cfs.cloud.vmware.deployed.vm.start.wait.time=1800
You can also configure the default value for this deployment property by settingcom.ibm.cfs.cloud.vmware.default.deployed.vm.start.wait in the vmware.properties file. The default value isfalse, which disables the option so that IBM SmartCloud Entry reports a newly deployed instance in OKstate as soon as VMware powers on the virtual machine. You can override thecom.ibm.cfs.cloud.vmware.default.deployed.vm.start.wait setting when you configure or deploy an image. Forexample, com.ibm.cfs.cloud.vmware.default.deployed.vm.start.wait=true.
Note:
v The wait time starts after IBM SmartCloud Entry attempts to power on the deployed virtual machine.
Chapter 9. Configuring 151
v This deployment property applies globally to IBM SmartCloud Entry and therefore to all VMwaredeployments.
v When you create the vmware.properties file, you must restart IBM SmartCloud Entry server; howeverchanges made to the property file after that are picked up automatically.
v During deployment, some optional instance customizations require the deployed virtual machine to bestarted and ready for use before the customizations can be completed. In such cases,IBM SmartCloudEntry waits for the deployed virtual machine regardless of the value that is specified for thisdeployment property.
Note: For example, see “Set secure access during deployment” on page 150.
Requirements for VMware guest operationVMware guest operations are used to perform certain optional customizations of instances.
When you request such customizations, your request must meet the following requirements tosuccessfully perform the VMware guest operations:1. vCenter version 5.0 or later is required.2. The vSphere host machine that is used for the instance must be at version 5.0 or later and IBM
SmartCloud Entry must have network connectivity to it.3. VMware tools must be installed and current on the guest operating system for the virtual machine.4. VMware guest operations must be enabled for both the virtual machine and the host machine. They
are enabled by default, but can be disabled.
Note: If it is necessary to connect to the host machine to complete the VMware guest operations, IBMSmartCloud Entry automatically accepts the security certificate for the host machine. The securitycertificate is stored in the <host machine>.jks file in your IBM SmartCloud Entry home directory.
Configuring shutdown of VMware instancesIn previous versions of IBM SmartCloud Entry stopping an active instance of VMware instantly poweredoff the running instance. The virtual machine was given no delay to allow it to perform its ownshutdown process. IBM SmartCloud Entry now provides a 90-second delay for the system to completethe shutdown process. If by the end of 90 seconds the system is not shut down, IBM SmartCloud Entryforces the VMware instance to power down immediately.
You can configure the behavior of how VMware instances are shut down by modifying the followingstatements in vmware.properties:
com.ibm.vmware.client.shutdown.delay.in.milliseconds=90000This property allows the VMware instance time to shut down before a power off is called. Thedefault is 90000 milliseconds if the property is not specified. Setting this property to 0 (zero)prevents a shutdown from being called.
com.ibm.vmware.client.disable.save.image.shutdown=falseThis property disables shutdown when save image is called. The default value is set to false,which allows shutdown to be called before save image. Specifying a value of true prevents ashutdown from being called on save image operations.
VMware limitationsThe following limitations apply to VMware and IBM SmartCloud Entry.v The saved images are managed by IBM SmartCloud Entry and not VMware. Deleting an image outside
of IBM SmartCloud Entry, such as through the vSphere client interface, does not remove the savedimages.
v Properties that are defined in the deployment.properties file and the vmware.properties file are globalto all users, instances, and images. There is no option to configure these options on a more granularlevel.
152 IBM SmartCloud Entry: Administrator Guide 3.2
v If you have an image that is defined in IBM SmartCloud Entry and you rename the associated virtualmachine template by using the vSphere Client, the name of the image in IBM SmartCloud Entry doesnot change. The IBM SmartCloud Entry image is still associated with the renamed template and cancontinue to be used. The image details page displays the renamed template name in the Original namefield. You can manually change the name of the image by clicking the name of the image on theImages details page and pressing Save.
v If you have an image that is defined in IBM SmartCloud Entry and you convert it to a virtual machineby using the vSphere Client, the image in IBM SmartCloud Entry shows a state of unknown. This state isdisplayed because it is no longer a template on the VMware server; the conversion made it a virtualmachine, which shows up as an IBM SmartCloud Entry instance. If the unknown IBM SmartCloudEntry image is no longer needed, it can be deleted. A deletion of the IBM SmartCloud Entry imagedoes not affect the IBM SmartCloud Entry instance or virtual machine on the VMware server.
v In some cases, when you use special characters in names of VMware objects such as port group namesand cluster names, the VMware API encodes these specials characters in a URL encoding scheme. Forexample a / character is encoded as a %2f. When the names are displayed in IBM SmartCloud Entry,the characters are not decoded. IBM SmartCloud Entry displays the encoded name. For example, if youhave a cluster named DRS/Cluster it is displayed as DRS%2f%Cluster.
v IBM SmartCloud Entry creates and manages custom fields for internal use when using VMware virtualmachines. The custom fields have a "SKC_" prefix and you should not modify or remove them usingthe vSphere client.
Configuring images with OpenStackThe following topics cover information to configure images in an OpenStack environment.
Customizing an OpenStack instanceWhen an image is deployed, you might have to customize the resulting instance on startup to applynetwork configurations, login information, application settings, and so on, before the instance is ready foruse.
About this task
IBM SmartCloud Entry provides a deployment property to enable OpenStack config drive support whendeploying an image. This support is used to pass customizations (for example: server metadata, userdata, personality files, and SSH keys) to an instance. The config drive can be accessed by any guestoperating system capable of mounting an ISO9960 file system. Images that are built with a recent versionof the cloud-init software package, or similar software package such as IBM SmartCloud init, canautomatically access and apply the supported customizations that are passed to the instance by the configdrive.
Note:
v For more information about the cloud-init software package and the customizations that it supports,see CloudInit.
v For more information about the IBM SmartCloud init software package and the customizations that itsupports, see Bootstrap a cloud instance with IBM SmartCloud init.
IBM SmartCloud Entry also supports the Pluggable Configuration Strategy feature added by IBM toOpenStack. This feature is similar to the config drive support in that it provides an instance with thenecessary customizations. Like config drive, the image must be built with the correct software packagefor the configuration strategy to automatically access and apply the customizations. In particular, thisfeature provides support for Open Virtualization Format (OVF) or Microsoft Windows SystemPreparation (Sysprep) configuration. For more information, see the following resources:v For information about OVF configuration, see Open Virtualization Format (OVF).v For information about Sysprep configuration, see Sysprep Technical Reference.
Chapter 9. Configuring 153
Cloud-init software packageIBM SmartCloud Entry supports the cloud-init software package.
When you deploy an image with config drive enabled, IBM SmartCloud Entry makes the instancecustomizations available to cloud-init using the OpenStack config drive support. The cloud-init softwarepackage can then access the config drive and apply the customizations to the instance. The following aresome of the customizations made available through the config drive:1. User data2. Personality files3. SSH key pair4. Network adapter information (for static networks)
Using IBM SmartCloud Entry, you can enter the contents of the user data and personality files by usingthe deployment properties. You can enter the contents when you configure or deploy an image. Thecontents can be either base64 encoded or plain text. There are also deployment properties for the SSH keypair and network adapters that are based on the SSH key pairs and networks available. You can set thenetwork adapters when you configure or deploy an image. However, the SSH key pair should not be setwhen you configure an image because OpenStack SSH key pairs are scoped to a user. Instead, the userwho deploys the image should select an appropriate SSH key pair.
Note:
v Config drive is ignored when deploying PowerVC images. As a result, the instance customizations thatare passed by the config drive are also ignored.
v For more information about the cloud-init software package and the customizations that it supports,see CloudInit.
v For more information about the OpenStack config drive support, see Config drive.
Configuration strategiesIBM SmartCloud Entry supports the OVF and Sysprep types of pluggable configuration strategies.
When an image is deployed that has one of these configuration strategies, the OpenStack PluggableConfiguration Strategy feature determines the customizations made available to the instance and howthey are made available. The appropriate software package (for the configuration strategy type) on theimage is expected to access and apply the customizations. The customizations that are provided byOpenStack come from the following sources:1. Server metadata that is provided by OpenStack itself.2. Server metadata that is provided by the user deploying the image.
The following server metadata is provided by OpenStack:server.admin_password Random administrator password generated by OpenStack.server.hostname The hostname for the instance.server.domainname Domain name from the dhcp_domain configuration option.server.dns-client.pri_dns Primary DNS server IP address.server.dns-client.sec_dns Secondary DNS server IP address.server.dns-client.dns_list Space separated list of DNS server IPs.server.network.[n].mac Mac address for network interface number n.server.network.[n].mac_alt Mac address formatted with '-' rather than ':'.server.network.[n].slotnumber Slot number for network interface number n.
Defined as the decimal value of the last two digitsof the mac address.
server.network.[n].[v4|v6].address IPv4 or IPv6 address for network interface number n.server.network.[n].[v4|v6].netmask IPv4 or IPv6 netmask for network interface number n.server.network.[n].[v4|v6].cidr IPv4 or IPv6 address and netmask in CIDR notation
for network interface number n.server.network.[n].[v4|v6].gateway IPv4 or IPv6 gateway for network interface number n.server.network.[n].v4.use_dhcp 'true' if the network uses DHCP.
154 IBM SmartCloud Entry: Administrator Guide 3.2
Server metadata that is provided by the user during deployment are prefixed with ’server.metadata’.
Creating a configuration strategy:
A complete and accurate OVF or Sysprep configuration strategy is important to ensure that an image canbe deployed and customized properly. A poor configuration strategy can cause the deployment to fail orprevent the instance from being customized.
About this task
A configuration strategy consists of the following parts:v Typev Templatev Mappingv User metadata
For information about how to add, update or delete the configuration strategy of an image, see“Updating an image configuration strategy (OpenStack only)” on page 181.
Type The type is required and can either be ovf or sysprep.
TemplateThe template is required. When you are using an ovf configuration strategy type, this containsthe OVF descriptor for the image. When you are using a sysprep configuration strategy type, thiscontains the template unattend.xml file for the image.
MappingThe mapping is required. It defines how to map the server metadata that is provided by bothOpenStack and the user deploying the image to the appropriate elements/parts of the template.The mapping is a JavaScript Object Notation (JSON) array of objects, where each object has asource representing the server metadata to map to the target element/part in the template. Forexample:[
{"source": "server.network.1.v4.address","target": "com.ibm.vsae.2_1.network-interface.ipaddr"
},
{"source": "server.network.1.v4.netmask","target": "com.ibm.vsae.2_1.network-interface.netmask"
},
{"source": "server.network.1.v4.gateway","target": "com.ibm.vsae.2_1.network-interface.gateway"
},
{"source": "server.hostname","target": "com.ibm.vsae.2_1.system-host.hostname"
},
{"source": "server.domainname","target": "com.ibm.vsae.2_1.system-host.domainname"
},
{"source": "server.dns-client.pri_dns","target": "com.ibm.vsae.2_1.dns-client.pri_dns"
Chapter 9. Configuring 155
},
{"source": "server.metadata.username","target": "com.ibm.vsae.2_1.system-user.username"
},
{"source": "server.metadata.system.password","target": "com.ibm.vsae.2_1.system-user.password"
}]
IBM SmartCloud Entry uses the mapping to create additional deployment properties for theimage. Every object in the mapping with a source prefix of ‘server.metadata.’ is added to theconfigurable deployment properties for the image. Doing so allows such properties to becustomized by the user when the image is deployed. For more information about defining themapping, see “OVF configuration strategy” on page 157 and “Sysprep Configuration Strategy” onpage 159 topics.
Note:
v The same source can be mapped to multiple targets. To do this, you must define a separatesource/target object in the JSON array for each mapping.
v An empty mapping (for example, []) must be used only for testing purposes since all deployswill use the same template and thus have the same customizations applied.
v When you define a source mapping name with the ‘server.metadata.’ prefix, avoid using '.'in the suffix portion of the name.
User MetadataThe user metadata is optional. It determines how IBM SmartCloud Entry defines, displays, andprocesses the configurable deployment properties created based on the mapping. If no usermetadata is provided for a mapping, a basic string deployment property is used. Definingdetailed user metadata helps users properly configure and deploy the image. The user metadatais a JSON array of objects where each object might contain the following:1. name2. type3. subtype4. description5. required6. min7. max8. allowed_values9. default_value
For example:[{"name": "system.username","type": "STRING","description": "System user name","required": "true"},{"name": "system.password","type": "STRING","subtype": "PASSWORD",
156 IBM SmartCloud Entry: Administrator Guide 3.2
"description": "System user password hash","required": "true"}]
The name string is required. The name corresponds to the mapping source without the‘server.metadata.’ prefix.
The type string is optional. It is the native type of the deployment property (INT, LONG, FLOAT,BOOLEAN, or STRING). The default is STRING.
The subtype string is optional. It is a more descriptive type to allow for early validation of thedeployment property. A STRING type can have the following subtypes: IPV4_ADDRESS,DOMAIN_NAME, DOMAIN_NAMES, IPV4_SUBNET_MASK, HOST_NAME and PASSWORD. ABOOLEAN type can have the following subtypes: DHCP_FLAG and DNS_FLAG. The default isno specific subtype.
The description string is an optional description of the deployment property. If no description isprovided, the name is used for the description.
The required flag is optional. It is a flag indicating whether the deployment property is requiredwhen deploying the image. The default is false.
The min and max strings are optional. They provide minimum and maximum boundaries forINT, LONG, FLOAT and STRING type deployment properties. The default is no boundaries.
The allowed_values string is optional. It is a comma-separated list of allowed values for thedeployment property. When you specify a list of allowed values, also provide the default_valueand ensure that the allowed values are valid for the type. The default is any allowed valuescorresponding to the type.
The default_value string is optional. It is the default value for the deployment property. Thedefault value should be valid for the type. If no default value is provided, a value must beexplicitly set by the user in order for the deployment property to be used when deploying theimage.
OVF configuration strategy:
The OVF configuration strategy is an example of an OpenStack Pluggable Configuration Strategy. It isdesigned for use with OVF configuration, which is a way to package and provide configuration optionsfor an image.
About this task
The OVF configuration strategy supports OVF version 1.1. For more information about OVF standards,see Open Virtualization Format (OVF).
The OVF configuration strategy passes the configuration options in an ovf-env.xml file in a disk that ispresented to the guest system. It is expected that an activation engine, such as IBM VSAE, embedded inthe image mounts the drive, read the ovf-env.xml, and apply the customizations when an instancedeployed from the image starts.
The ovf-env.xml file is created based on the default values in the OVF descriptor (that is, the template inthe configuration strategy) and the configuration options that are mapped using the mapping that isspecified in the configuration strategy.
To know what mappings to specify in the configuration strategy, you must know the properties that theimage expects in the ovf-env.xml file. The properties that the image expects in the ovf-env.xml arespecified in the OVF descriptor's ProductSection elements, as documented in the OVF 1.1 specification,section 9.5. Here is an example ProductSection from an OVF descriptor:
Chapter 9. Configuring 157
<ovf:ProductSection ovf:class="com.ibm.vsae.2_1.network-interface"><ovf:Info>System network interface configuration</ovf:Info><ovf:Property ovf:key="ipaddr" ovf:type="string" ovf:userConfigurable="true"ovf:value="192.168.71.129"><ovf:Description/><ovf:Label>IP address</ovf:Label></ovf:Property>
</ovf:ProductSection>
Using the previous example, the image can have a property com.ibm.vsae.2_1.network-interface.ipaddr thatdefaults to 192.168.71.129. You might want to have the IP address set to the value that OpenStack assignsto it, which is given in the server.network.1.v4.address server metadata. To do this, you would create thefollowing mapping:{"source": "server.network.1.v4.address","target": "com.ibm.vsae.2_1.network-interface.ipaddr"
}
Here is another example ProductSection:<ovf:ProductSection ovf:class="com.ibm.vsae.2_1.ntp-client"><ovf:Info>activates the openntp client</ovf:Info><ovf:Property ovf:key="ntp-server" ovf:type="string" ovf:userConfigurable="true"ovf:value="0.pool.ntp.org"><ovf:Description>Ntp server</ovf:Description><ovf:Label>Ntp server</ovf:Label></ovf:Property>
</ovf:ProductSection>
Using the previous example, there is no OpenStack provided server metadata that contains the NTPserver's IP address. Therefore, if you want users to be able to override the value when they deploy theimage, you would create the following ‘server.metadata.’ mapping:{"source": "server.metadata.ntp-server","target": "com.ibm.vsae.2_1.ntp-client.ntp-server"
}
The OVF configuration strategy also supports using the wildcard character * to map multiple servermetadata items that are provided by OpenStack using a single source/target mapping. When thewildcard character is used, the system matches existing configuration properties against the source togenerate targets for the wildcard matches. This support is useful when you need to dynamically addnetwork adapters at the time you deploy an image. Here is an example mapping that uses the wildcardcharacter:{
"source": "server.network.*.v4.address","target": "com.ibm.vsae.2_1.network-interface.ipaddr.*"
}
If the following server metadata items were provided by OpenStack when deploying an image:server.network.1.v4.address = 192.168.1.101server.network.2.v4.address = 192.168.1.102server.network.3.v4.address = 192.168.1.103
Then the following mapping would be generated when deploying the image:[
{"source": "server.network.1.v4.address,"target": "com.ibm.vsae.2_1.network-interface.ipaddr.1"
},{
"source": "server.network.2.v4.address,"target": "com.ibm.vsae.2_1.network-interface.ipaddr.2"
},
158 IBM SmartCloud Entry: Administrator Guide 3.2
{"source": "server.network.3.v4.address,"target": "com.ibm.vsae.2_1.network-interface.ipaddr.3"
}]
The wildcard character support has the following restrictions:1. The wildcard character replaces a string of decimal digits only that translates internally to regular
expression 'd+'.2. The mapping source must have only one wildcard character.3. The mapping target must have at least one wildcard character. If more than one wildcard character is
used, they are all replaced.
Note: The OVF configuration strategy has the following limitations:v The OVF configuration strategy support is only for image activation (that is, ProductSection elements)
and does not support actions such as adding disks to the image.v After activation is complete, OpenStack does not automatically detach the disk drive that contains the
ovf-env.xml file.v Extensions to IBM VSAE might be required to support network configurations with both IPv4 and IPv6
addresses.
Sysprep Configuration Strategy:
The Sysprep configuration strategy is an example of an OpenStack Pluggable Configuration Strategy. It isdesigned for use with Microsoft Windows System Preparation (Sysprep) configuration, which allowscustomizing many aspects of a Windows system as it starts. For more information about Sysprep, seeSysprep Technical Reference.
The Sysprep configuration strategy passes the image configuration options in an unattend.xml file in aCD-ROM device that is presented to the guest system. Before adding the Sysprep configuration strategyto an image, it is expected that the image is ready for Sysprep, and that it runs Sysprep to read theunattend.xml file, and apply the customizations when starting an instance deployed from the image.
The unattend.xml file is created based on the default values in the template unattend.xml file (that is, thetemplate in the configuration strategy) and the configuration options that are mapped using the mappingthat is specified in the configuration strategy. To know what mappings to specify in the configurationstrategy, you must know the properties that the image expects in the unattend.xml file.
The format of the target values in the configuration strategy mapping is as follows:v To identify an element, the format is an XPATH. In this case, the contents of the element are replaced
with the value of the source configuration property.v To identify an attribute, the format is like XPATH@attribute-name. In this case, the attribute in the
element is set to the value of the source configuration property.
For documentation on the XPATH format, see the python documentation. If the path identifies more thanone element, only one of the elements are the target element. If the path does not identify an element inthe template the boot of the instance fails with an error.
Example template unattend.xml file:<?xml version="1.0" encoding="utf-8"?><unattend xmlns="urn:schemas-microsoft-com:unattend"><settings pass="oobeSystem"><component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64"xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<Display><ColorDepth>16</ColorDepth>
Chapter 9. Configuring 159
<HorizontalResolution>1024</HorizontalResolution><RefreshRate>60</RefreshRate><VerticalResolution>768</VerticalResolution></Display><RegisteredOrganization>OpenStack</RegisteredOrganization><OOBE><HideEULAPage>true</HideEULAPage><NetworkLocation>Cluster</NetworkLocation><ProtectYourPC>1</ProtectYourPC><SkipMachineOOBE>true</SkipMachineOOBE><SkipUserOOBE>true</SkipUserOOBE></OOBE></component></settings>
</unattend>
Using the above example, the following mapping target would identify the ColorDepth element:.//{urn:schemas-microsoft-com:unattend}Display/{urn:schemas-microsoft-com:unattend}ColorDepth
Using the above example, the following mapping target would identify the processorArchitectureattribute in the component element: .//{urn:schemas-microsoft-com:unattend}component[@name='Microsoft-Windows-Shell Setup']@processorArchitecture
Considerations for capturing an OpenStack instanceConsider the following information before capturing an OpenStack instance.
When you capture an instance that was deployed by using a pluggable configuration strategy (OVF orSysprep), the configuration strategy is copied from the source image for the instance to the new image. Ifthe source image for the instance was deleted, the configuration strategy cannot be copied to the newimage. As a result, you need to manually add the configuration strategy to the new image.
After an instance is deployed using a configuration strategy, the activation software (for example, Sysprepor IBM VSAE) has run and applied the configuration. Therefore, you might have to perform more actionswhen you capture the instance. If you want the activation software to run again when you deploy theimage that was created, the activation software must be reset. If you do not have to run the activationsoftware again, you can delete the configuration strategy from the image that was created.
For more information about the reset requirements and other capture prerequisites, see thedocumentation for the applicable activation software. For more information about pluggableconfiguration strategies, see “Configuration strategies” on page 154.
Configuring PowerVC imagesUse the following information to configure PowerVC images with IBM SmartCloud Entry.
About this task
Placement policyIBM SmartCloud Entry provides a deployment property to control the placement of a deployedPowerVC virtual machine. The placement of the virtual machine can either be handled by theOpenStack scheduler or the PowerVC scheduler. This deployment property option is labeled Usethe PowerVC scheduler to place the deployment. Select the appropriate option for yourenvironment.v When this option is enabled, the PowerVC scheduler is used.v When this option is disabled, the OpenStack scheduler is used.
Note: This option is enabled by default.
Network adapter configurationOpenStack images to be deployed only to PowerVC support VLAN type networks with a
160 IBM SmartCloud Entry: Administrator Guide 3.2
physical network name equal to "default". Such networks must also exist in the PowerVCenvironment. In addition, if the network supports both IPv4 and IPv6 addresses, only the IPv4addresses are used by PowerVC.
Flavor storage sizePowerVC does not support resizing during image deployment. However, you can resize thevirtual machine after it is successfully deployed. As a result, regardless of the OpenStack flavorthat is selected, PowerVC uses the size of the image as the storage size of the deployed PowerVCvirtual machine. For more information about PowerVC flavors, see the PowerVC InformationCenter.
Config drive and virtual machine customizationsPowerVC does not support config drive and the related virtual machine customizations duringimage deployment. If specified, these configurations are ignored. For more information about thecloud-init software package and the customizations that it supports, see “Cloud-init softwarepackage” on page 154.
Boot Volume Storage TemplateBy default, when you deploy an image, the boot volume is created using the default storagetemplate, as configured on the PowerVC server. If you would like the boot volume to use adifferent storage template, you need to add the boot volume type property to the extraspecifications of the flavor that is used to deploy the image. Edit the flavor and add the followingextra specifications.v Set the property key powervm:boot_volume_type
v Set the value of the property to the ID of the volume type you want to use.
You can find the volume type id by running the following OpenStack command: cindertype-list
Note: The volume type ID that is specified must be a PowerVC volume type. When you run acommand in the IBM SmartCloud Entry appliance, PowerVC volume type names are prefixedwith a pvc:. For more information about flavors, see Flavors.
Related information:
IBM Power Virtualization Center API extensions: Nova policy placement API
PowerVC Information Center
Configuring instance resize timeoutIBM SmartCloud Entry allows the administrator to configure a timeout for an instance resize action. Thisis optional, but can be configured in the event that the cloud manager does not respond in a reasonabletimeframe.
About this task
To configure the instance resize timeout, follow these steps:
Procedure1. Open the deployment.properties file in the home directory.2. Set the com.ibm.cfs.deployments.resize.timeout property to the time in minutes to wait for an
instance resize action to complete in the cloud. The default value is 10 minutes.3. Save the deployment.properties file and restart the IBM SmartCloud Entry server.
Identifying expired instancesIBM SmartCloud Entry has a configurable task that allows administrators to identify expired instancesand how long to keep them after they have expired.
Chapter 9. Configuring 161
About this task
To set how often expired instances are identified and how long they are kept, follow these steps:
Procedure1. Open the deployment.properties from your home directory.2. Configure each property in the file.
a. com.ibm.cfs.expired.deployments.finder.interval=10
When the expiration date is reached, the deployment property is put into an EXPIRED state and thevirtual machine is stopped in the deployment. Thecom.ibm.cfs.expired.deployments.finder.interval defines how often IBM SmartCloud Entryidentifies expired deployments. This interval is set in seconds.
b. com.ibm.cfs.deployments.expired.delete.interval=1
This property defines the interval for deleting instances that have been identified as expired. Theunit is hour. If not set or valid, the default value is 24 hours.This property is also defined by the length of the grace period set when you create an expirationpolicy for a cloud or a project. For more information, see “Expiration policies” on page 193.
Virtual appliance label translationsThe OVF standard inherently supports nationalization of appliance labels for customization properties.VMControl does not support this part of the OVF standard. However, IBM SmartCloud Entry allowsusers to localize their appliances, in what is called the OVA Translations feature.
In order to use the OVA Translations feature, you need to create a .properties file and copy it to asubdirectory in the home directory called /ova-translations This .properties file contains translations forcustomization property labels within an appliance. IBM SmartCloud Entry translates the customizationproperties labels into the labels provided in the file, based on the locale of the user that is invoking theappliance.
The file is named based on two things:v Appliance IDv Translation locale code
The appliance ID can be obtained from VMControl, and it similar to this: 194e28df-12d9-4c43-a146-5cc34046edb. The locale code is then added to the end of the appliance name, similar to this:194e28df-12d9-4c43-a146-5cc34046edb_en_US. This string becomes the name of the .properties file, forexample 194e28df-12d9-4c43-a146-5cc34046edb_en_US.properties.
To find the appliance ID, run the following command:GET https://<director>:8244/ibm/director/rest/VMControl/virtualAppliances/<appliance-id>
where appliance-id is the path to the appliances.
The actual contents of the properties file are a set of key value pairs, where the key is the name of thecustomization property, and the value is the label translated in the locale specified in the file name. Thefollowing code shows some examples:product.AIX1.com.ibm.ovf.vim.2.system.hostname=(Chinese)product.AIX1.com.ibm.ovf.vim.2.system.hostname.category=TCP/IP (Chinese)
IBM SmartCloud Entry assumes that the default locale of the IBM SmartCloud Entry instance is thedefault locale of the OVF properties and therefore does not translate those. For example, if the IBMSmartCloud Entry instance is running in English and an appliance is requested for a user whose locale is
162 IBM SmartCloud Entry: Administrator Guide 3.2
English, then IBM SmartCloud Entry does not translate the appliance properties using this method. If theOVF is not in English, the appliance does not appear translated.
You can configure global values of this form for each locale in the ova-general-translations folder. Forexample:\.skc\ova-general-translations\customization_es.properties
You can add appliance-specific properties that overwrite any global values that are set:.skc\ova-translations\194e28df-12d9-4c43-a12d9-4c43-a146-5cc34046edb_en_US.properties
Configuring multiple instances for a single deploymentYou can deploy multiple instances through a single deployment.
About this task
If you enable the multiple instance deployment function, a user can deploy multiple instances through asingle deployment. The deployed instances use the deployment name as the prefix of each singleinstance. The new names also use -x as the suffix, where x is the index of that instance.
Procedure1. To enable or disable this feature, set the following property value within the deployment.properties
file that is located in the .SCE32 directory:v com.ibm.cfs.deployments.multi.enabled=true to enable the function.v com.ibm.cfs.deployments.multi.enabled=false to disable the function.
Note: By default, this feature is enabled.2. To control the maximum number of instances that a user is allowed to deploy at one time, set the
following property value within the deployment.properties file:com.ibm.cfs.deployments.multi.max.value=5
Note:
v The default value is 5.v If this value is set too high, it might overload the connected cloud.
Configuring loggingLog files are automatically saved by IBM SmartCloud Entry. You can configure the default number of logfiles saved and the types of messages that are logged.
About this task
By default, IBM SmartCloud Entry saves 9 log files of 50 MB each. These defaults can be modified in thelogging.properties file located in the home directory.
To change the default logging options:
Procedure
Open the logging.properties file in the home directory.v To change the number of log files saved, set the java.util.logging.FileHandler.count property to the
number of log files that you to save. The default is 9.
Chapter 9. Configuring 163
v To change the types of messages saved, set the java.util.logging.FileHandler.level property to thelevel of messages that you want to receive. The default is INFO.The types of messages that are logged in the log file are informational, warning, and error messages.Use the debugging messages only for troubleshooting and debugging purposes, because performancecan be impacted by excessive logging.
What to do next
Modifying the logging.properties file requires restarting the IBM SmartCloud Entry server to pick upthe changes.
For more information about logging, see Chapter 14, “Troubleshooting,” on page 223.
Configuring a networkIBM SmartCloud Entry provides a convenient way to manage and apply network settings by usingnetwork configurations. Network configurations are a group of network settings for a particularenvironment, typically a virtual network. These settings can be managed as a single entity and applied toimage configurations or instance deployment settings.
For example, suppose that a cloud environment contains two virtual networks applicable to instancedeployment: a public and a private virtual network. In this case, an administrator might create twonetwork configurations, one for the public and one for the private. In the public configuration, theadministrator would specify all the public network settings such as primary DNS, secondary DNS, andprimary gateway. The same would be done for the private network configuration. After theconfigurations are created, the administrator can configure the images to use the appropriate networkconfiguration. This action saves time by not requiring the administrator to specify each network setting ineach image. It also allows an easier way to manage the network settings on a virtual network.
While the actual settings specified in a configuration are tailored to a specific environment, the networkconfigurations themselves are a superset of all network settings regardless of image, operating system, orcloud management system. Therefore, all settings that are specified in a configuration are applicable. Forexample, the primary and secondary WINS settings of a network configuration are only applicable toWindows based images. So when you create a configuration for an image that is not using Windows,these values are not needed and can be left blank.
Note: With the IBM SmartCloud Entry web interface, you can specify the network configuration for acloud. The web interface displays only the fields that are applicable for that cloud. Before you can createan OpenStack network configuration, you must select an existing OpenStack cloud.
When network configuration settings are applied to either an image configuration or during an advancedinstance deployment, their individual settings can be overridden or manually specified, if wanted.
Note: You cannot override or manually specify OpenStack network configuration settings.
You can modify your network connections through the web interface or though the property files in thehome directory. For more information about modifying your network connections through the webinterface, see “Network configurations” on page 199.
Note: You cannot use property files to specify OpenStack network configuration settings. You must usethe IBM SmartCloud Entry web interface.
To modify your network connections from the home directory, create a .properties file and save it toyour home directory. The name of these files should be prefixed with networkConfiguration followed byan arbitrary suffix and the .properties file extension, similar to networkConfiguration.properties,networkConfiguration-vlan1.properties, or networkConfiguration3.properties.
164 IBM SmartCloud Entry: Administrator Guide 3.2
Each property file contains a group of network setting. For example, assume that there is a file namednetworkConfiguration.properties in the home directory, which containing the following settings:name=VLAN1dns1=9.10.244.100dns2=9.10.244.200gateway1=9.5.40.1gateway2=9.5.40.2domain=mydomain.company.comsubnet=255.255.252.0networkId=[Network 1]=hostVnet:ETHERNET0/1useDHCP=falsehostnamePrefix=scecomputerNamePrefix=sceworkgroup=workgroupdescription=default network configuration9.5.42.2509.5.42.2519.5.43.23
Note: When you use a brocade switch, you must configure a host name prefix in thenetworkConfiguration.properties file: hostnamePrefix=sce.
When IBM SmartCloud Entry starts, the network configuration named "VLAN1" is added to the networkconfiguration list.
(VMware only) In the VWware environment, the value of the Network ID field is the name of a VMwarestandard switch network, port group name, or distributed port group. A typical VMware network ID isVM Network. This value is used to assign the virtual network adapter to the VMware network during adeployment. The rest of the values in the network configuration should be appropriate for that network.The network configuration displays all available port groups and distributed port groups. Not all portgroups or distributed port groups might be available on all target hosts. Validation of this field occursonly at deployment time when the actual deployment target is known. If the selected port group ordistributed switch is not available on the selected target host, then an error occurs and the instancedeployment fails.
Configuring billingIBM SmartCloud Entry has a configurable billing and accounting interface that allows IBM SmartCloudEntry to monitor resource use and create subsequent billing to IBM SmartCloud Entry user accounts forthe usage.
For more information about accounts, see “Accounts” on page 210.
Configuring billingTo enable billing, edit the billing.properties file and define what action to take when an accountbecomes delinquent. Also, set the time intervals to determine accounts that are delinquent or at theiraccount balance threshold.
About this task
Important: For billing to work, you must also enable metering. Account bills are generated based onmetering results.
To configure billing, follow these steps:
Chapter 9. Configuring 165
Procedure1. Open the billing.properties file in the home directory.2. Configure each property in the file.
com.ibm.cfs.billing.enabled=trueDefines whether to enable the billing and accounting functionality in IBM SmartCloud Entry.True enables and false disables billing and accounting.
com.ibm.cfs.billing.delinquency.policy= com.ibm.cfs.services.billing.policies.shutdownDetermines the action IBM SmartCloud Entry takes against existing instances when anaccount becomes delinquent. Possible values are as follows:com.ibm.cfs.services.billing.policies.destroycom.ibm.cfs.services.billing.policies.shutdowncom.ibm.cfs.services.billing.policies.do.nothing
com.ibm.cfs.billing.delinquency.finder.interval=120This property represents the number of seconds to wait before running a job that examineseach account to determine whether the account is delinquent.
com.ibm.cfs.billing.account.balance.threshold.interval= 24This property represents the number of hours to wait before running a job to find accountsthat are at their account balance threshold. The default value of this property is 24 hours or 1day.
Note:
v The billing.properties file is not configurable through the web user interface.v For PowerVC support, the PowerVC driver file, /etc/powervc/powervc.conf, has staging user
(staging_user) and project (staging_project_name) properties. These properties control whichOpenStack user and project owns instances that are synchronized from PowerVC. The defaultconfiguration uses the IBM SmartCloud Entry administrator and the public project. An instancemust be owned by a user in OpenStack, so when you enable billing, the default owner is also billedfor those instances in the PowerVC cloud.
What to do next
After you enable billing, ensure that you also enable metering. For more information, see “Configuringmetering” on page 169.
Configuring billing detailsIBM SmartCloud Entry can produce charges that are billed back to users when using a specific cloudresource, such as an instance.
About this task
IBM SmartCloud Entry currently has the following configurable products:v Processorv Memoryv Disks
Each product supports the following cloud types:v VMControlv VMwarev OpenStack
166 IBM SmartCloud Entry: Administrator Guide 3.2
A cloud product might be something similar to processor by the hour, 1 GB of RAM per day, a fixed ratecharge for a running VM, 20 GB of active disks per day, and so on. IBM SmartCloud Entry loads thosecloud products into a product catalog. System events, such as deploying an instance, can cause thecreation of a bill with one or more charges from one or more cloud products. IBM SmartCloud Entryautomatically deducts money from the account to which the instance owner belongs.
The settings for product price per interval time are configurable. To configure product pricinginformation, follow these steps:
Procedure1. Open the products directory in the home directory. There are three product configurations for each
cloud type:v cpu.xml
v ram.xml
v disk.xml.
The cloud type is added to the file name as a prefix as shown in the following examples:For OpenStack:v Openstack.CPU.xml
v Openstack.RAM.xml
v Openstack.Disk.xml.For VMControl:v VMControl.CPU.xml
Figure 1. Sample billing account summary
Chapter 9. Configuring 167
v VMControl.RAM.xml
v VMControl.Disk.xml.For VMware:v VMware.CPU.xml
v VMware.RAM.xml
v VMware.Disk.xml.
The file that you configure depends on the cloud and product type.2. Configure processor price in the cloud_type.cpu.xml.
<pricing currency="USD" interval="3600" price="1.000"/>
This property specifies that the default IBM SmartCloud Entry collector collects charges on virtualservers using the number of processors that are assigned to them at a rate of $1.00 per hour.Collecting at an interval less than the actual described rate (for example, hours instead of days)enables users to get a more accurate approximation of their actual charges. Having an accurate look atthe charges might be important for accounting purposes or in situations where account credit islimited.
3. Configure Memory price in cloud_type.ram.xml.<pricing currency="USD" interval="3600" price="0.000976563"/>
This property specifies that the default IBM SmartCloud Entry collector collects charges on virtualmachines using the number of bytes of RAM assigned to them at a rate of $0.000976563 per MB perhour, which is about $1.00 per hour per GB.
4. Configure disks in cloud_type.disk.xml.<cloudProduct id="com.ibm.cfs.cloud.vmc.products.storage"><name>Active Disk</name><description>The amount of total disk storage in MB used in a workloadper minute.</description><!-- $1.627604167E-5 per megabyte per minute --><pricing currency="USD" interval="60" price="1.627604167E-5"/></cloudProduct>
These properties specify that the default IBM SmartCloud Entry collector collects charges on virtualmachines using the disks that are assigned to them at a rate of $0.000976563 per MB per hour, whichis about $1.00 per hour per GB.The <name> and <description> can also be overridden from the IBM SmartCloud Entry defaults byspecifying different values.
Note: The currency for all configurable products must be consistent; for example, set US dollar (USD)for both or Chinese Yuan (CNY) for both. Using inconsistent currencies causes incorrect productcharges.
Results
After you configure account billing, you can view account billing information in the IBM SmartCloudEntry interface.
168 IBM SmartCloud Entry: Administrator Guide 3.2
Configuring meteringIBM SmartCloud Entry has a configurable metering framework that enables IBM SmartCloud Entry torecord and present metering data.
About this task
You can download metering data files through the metering data API. To enable metering with IBMSmartCloud Entry, configure the following properties:
Procedure1. Open the metering.properties file in the home directory.2. Configure the property com.ibm.cfs.metering.enabled=true to enable the metering function within
IBM SmartCloud Entry. The default value for this property is false.
Figure 2. Sample billing account settings
Chapter 9. Configuring 169
3. Configure the property com.ibm.cfs.metering.interval=<time in minutes> where <time in minutes>is the time in minutes between each metering record synchronization. The default value is 1441, orevery day. If you desire a more frequent synchronization, you can decrease this value.
4. Configure the property com.ibm.cfs.metering.data.path = cfshome/metricsdata/. This propertyallows the administrator to configure the storage system where the metrics data is located. The defaultlocation is the IBM SmartCloud Entry home directory/metricsdata/ if not specified.
5. Configure the property com.ibm.cfs.metering.data.export.interval = <interval time, hour asunit>. This property is used for how often to export the metering data to file. The default value is 1hour.
6. Configure the property com.ibm.cfs.metering.data.expired.days = <day as unit>. This property isused to set the number of days that the metering data is expired. The default value is 370 days.
7. Configure the property com.ibm.cfs.statistics.interval = <interval time, seconds as unit> Thisproperty is used to set the frequency of the synchronization of the statistics resource usage from thecloud. By default, IBM SmartCloud Entry retrieves resource usage from the cloud. These statisticsinclude processors in core, memory, and storage in megabytes. If the property is not set, a default of60 seconds is used.
Results
After you have configured usage metering, you can monitor the cloud resource usage from the IBMSmartCloud Entry interface by selecting Reports > Usage Metering. View details about a specific virtualserver by selecting the virtual server from the Usage metering grid.
For more information about using Usage Metering, see the IBM SmartCloud Entry User Guide.
Configuring capacity and overcommit ratesThe capacity in IBM SmartCloud Entry indicates the total and used (or allocated) resources, includingprocessors, memory, and storage.
The capacity view is enabled for all the supported virtualization environments. All x86 clouds supportresource overcommit by the hypervisors. Therefore, the total amount of virtual resources that can beallocated are larger than the total physical resources available. Therefore, IBM SmartCloud Entry supportsthe ability to set an overcommit rate to limit the resource use.
Note: Overcommit rate is not supported for PowerVC virtualization environments.
The overcommit rate is represented in the following fields:v totalCpu - Represents the physical processor cores that are multiplied by the processor overcommit ratiov totalMem - Represents the physical memory size that is multiplied by the memory overcommit ratio
Note: Overcommitted storage is not allowed.
The capacity API tells administrators the amount of physical resources, the amount of resources (afterovercommitted), and the resources that are allocated. The user interface shows the physical resource andthe overcommit rate only. It excludes the amount of resources after they are overcommitted.
To configure the overcommit rate, open the cloud.properties file and set the following properties:# The cpu overcommit rate in OpenStack cloudcom.ibm.cfs.openstack.overcommit.cpu=16# The memory overcommit rate in OpenStack cloudcom.ibm.cfs.openstack.overcommit.memory=1.5
# The cpu overcommit rate in VMC cloudcom.ibm.cfs.vmc.overcommit.cpu=5
170 IBM SmartCloud Entry: Administrator Guide 3.2
# The cpu overcommit rate in VMC cloudcom.ibm.cfs.vmc.overcommit.memory=1.5
# The cpu overcommit rate in VMware cloudcom.ibm.cfs.vmware.overcommit.cpu=10# The memory overcommit rate in VMware cloudcom.ibm.cfs.vmware.overcommit.memory=1.5
com.ibm.cfs.vmc.overcommit.cpu and com.ibm.cfs.vmc.overcommit.memory are invalid for VMC+KVMcom.ibm.cfs.openstack.overcommit.memory is invalid for hyper-v hypervisor.
IBM SmartCloud Entry checks if there are sufficient available resources when deploying. If the availableresource is less than the requested resource, IBM SmartCloud Entry stops the deployment process. Thisfeature can be enabled or disabled using the following property in the deployment.properties file:#Enable/Disable the capacitiy check against the selected target while deploying a workload.com.ibm.cfs.resource.check.enable=true
Configuring web user interface
Configuring user interface widgetsThe widgets in the web user interface of IBM SmartCloud Entry and the properties of the widgets areconfigurable. Using configuration settings, you can control which widgets appear and in what order theyappear.
About this task
To configure user interface widgets for IBM SmartCloud Entry, perform the following steps:
Procedure1. Open the web.properties file in the home directory.2. Set the com.ibm.cfs.web.pods.order property to the names of widgets that are to be shown in the
IBM SmartCloud Entry user interface, in the order you want them displayed. The names are notcase-sensitive and must be separated by a comma. Possible names include the following names:v CloudStatus
v WorkloadsStatus
v ResourceUsageStatus
v RecentEvents
3. Set the properties of each widget. The following example shows a widget property configurationexample using the CloudStatus widget.a. com.ibm.cfs.web.pods.cloudstatus.enabled=true
If the value is true, the CloudStatus widget is displayed in the IBM SmartCloud Entry web userinterface. If the value is false, the property is not specified in the file, or you specify an incorrectvalue (truue) then the CloudStatus widget is not displayed.
b. com.ibm.cfs.web.pods.cloudstatus.closed
If the value is true, the CloudStatus widget is initially displayed in a collapsed form. Otherwise,the CloudStatus widget is initially expanded in the IBM SmartCloud Entry web user interface.
c. com.ibm.cfs.web.pods.cloudstatus.refresh.interval=30
The value of this property indicates how often the CloudStatus widget is refreshed. The value isspecified in seconds and must be an integer of 1 or higher.Repeat these substeps for each additional named widget to be configured, includingWorkloadsStatus, ResourceUsageStatus, and RecentEvents. The following properties can be set:
WorkloadsStatus:
Chapter 9. Configuring 171
v com.ibm.cfs.web.pods.workloadsstatus.enabled
v com.ibm.cfs.web.pods.workloadsstatus.closed
v com.ibm.cfs.web.pods.workloadsstatus.refresh.interval
ResourceUsageStatus
v com.ibm.cfs.web.pods.resourceusagestatus.enabled
v com.ibm.cfs.web.pods.resourceusagestatus.closed
v com.ibm.cfs.web.pods.resourceusagestatus.refresh.interval
RecentEvents
v com.ibm.cfs.web.pods.recentevents.enabled
v com.ibm.cfs.web.pods.recentevents.closed
v com.ibm.cfs.web.pods.recentevents.refresh.interval
4. Save the web.properties file and restart the IBM SmartCloud Entry server. The properties of eachwidget take effect after the server is restarted.
Note:
v If a widget is not listed in com.ibm.cfs.web.pods.order and its propertycom.ibm.cfs.web.pods.name.enabled is set to true, it is displayed in the IBM SmartCloud Entry userinterface after all the widgets specified in the com.ibm.cfs.web.pods.order property.
v If the web.properties file does not exist, all user interface widgets show by default.
Configuring session timeoutYou can configure how long a web interface session for an IBM SmartCloud Entry user can remaininactive before the session times out.
About this task
To configure the timeout value, follow these steps:
Procedure1. Open the web.properties file in the home directory.2. Set the com.ibm.cfs.client.idle.timeout property to the number of minutes for which the session is
allowed to be inactive. The number must be a positive number and greater than one. After thespecified amount of time passes, the user session with IBM SmartCloud Entry expires.If the property is set to -1, the user session with IBM SmartCloud Entry never expires.
3. Save the web.properties file and restart the IBM SmartCloud Entry server. The property takes effectafter the server is restarted.
Note: If com.ibm.cfs.client.idle.timeout property is not present or is set to an invalid value, adefault value of 30 minutes is used.
Configuring the Welcome pageYou can configure IBM SmartCloud Entry to display the welcome page for all users.
Procedure1. Open the web.properties file in the home directory.2. To display the welcome page for all users, set the com.ibm.cfs.web.welcomepage.enabled property to
true.3. Save the web.properties file and restart the IBM SmartCloud Entry server. The property takes effect
after the server is restarted.
172 IBM SmartCloud Entry: Administrator Guide 3.2
Note: If com.ibm.cfs.web.welcomepage.enabled property is not present or is set to an invalid value,the welcome page is displayed.
Configuring the default instance nameYou can configure IBM SmartCloud Entry to use a default instance name when deploying an image. Ifyou set this property to true, a default instance name based on the image name that is being deployed isgenerated; otherwise no default is used.
Procedure1. Open the web.properties file in the home directory.2. To set the default instance name to the image name being deployed, set the
com.ibm.cfs.web.workloadname.default.enabled property to true.3. Save the web.properties file and restart the IBM SmartCloud Entry server. The property takes effect
after the server is restarted.
Note: If com.ibm.cfs.web.workloadname.default.enabled property is not present or is set to aninvalid value, the default name is set.
Chapter 9. Configuring 173
174 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 10. Configuring IBM SmartCloud Entry by using theweb interface
This section describes how to use IBM SmartCloud Entry from an administrative viewpoint.
For more information about using IBM SmartCloud Entry as a non-administrative user, see the IBMSmartCloud Entry User Guide.
Configuring the default administrator user accountThe default administrator account is created the first time IBM SmartCloud Entry is started. Asadministrator, configure the default administrator user account to receive email and notification fromusers.
About this task
To modify the default administrator user account, follow these steps:
Procedure1. In the IBM SmartCloud Entry interface, log in as the cloud administrator.2. Select Cloud Administrator in the upper right title bar of the screen, and click Show user
preferences.3. On the User Profile dialog, enter the administrator email address.4. Check Send notifications about instances and other events.5. Verify the Timezone and Language for the administrator.6. To change the Cloud Administrator password, click Change Password.7. Click Update.
Configuring LDAP authentication using the web interfaceUse the web interface to configure IBM SmartCloud Entry as an LDAP client.
Procedure1. Log in to IBM SmartCloud Entry as an administrator.2. Click the Configuration tab and select LDAP in the navigation pane.3. Click Edit and enter the configuration settings to specify how to connect to the LDAP host.
LDAP provider hostnameThe fully qualified server host name or IP address of the LDAP host.
Port The port number of the LDAP service on the host for either transaction level security (TLS) orfor no security protocol. The default port number is 389.
Security ProtocolIBM SmartCloud Entry allows transaction level security (TLS) to be used.
CertificateIf transaction level security is used, you must provide the certificate (public key) used by theLDAP server for securing the connection. For information about obtaining a certificate, seeyour LDAP server documentation.
© Copyright IBM Corp. 2012, 2013 175
LDAP search DNThis is the distinguished name that should be used to connect to the LDAP host to perform adirectory search, for example cn=Administrator,cn=users,dc=cfs1,dc=us
Note: This field might be required based on the configuration of the LDAP server. Forexample, if the LDAP server does not support anonymous bind, or if you specify transactionlevel security (TLS) for the Security Protocol, this field is required. If the LDAP search DN isrequired, the ID must have read authority on the LDAP server.
PasswordThis is the password that is associated with the LDAP search DN.
Note: This field is required if the LDAP search DN is required.
Search filterThis is the filter that is used to authenticate users when they log in. Include the special value{FILTER} in the filter to specify where the user ID that is provided during the login should besubstituted. For example, (|(userPrincipalName={FILTER}))
Search contextThe search context for providing the LDAP lookup.
User ID attributeThe name of the LDAP field to use as the user ID in IBM SmartCloud Entry.
User name attributeThe name of the LDAP field to use as the user name in IBM SmartCloud Entry.
Email address attributeThe name of the LDAP field to use as the email address in IBM SmartCloud Entry.
4. Click Save.5. Restart the IBM SmartCloud Entry server for the settings to take effect.
Example
The following examples show settings for different connections:v Example 1: Non secure connection (transaction level security is disabled)
LDAP provider hostnameyour.host.com.
Port 389
Security ProtocolNone
LDAP search DNcn=Manager,dc=sce,dc=com
Passwordpassword
Search filter(|(cn={FILTER}))
Search contextou=People,dc=sce-svt,dc=com
User ID attributeuid
Username attributecn
176 IBM SmartCloud Entry: Administrator Guide 3.2
Email addressattributemail
v Example 2: Transaction level security is enabled
LDAP provider hostnameyour.host.com.
Port 389
Security ProtocolTransaction level security (TLS)
Certificatecertificate_file.cer
LDAP search DNcn=Manager,dc=sce,dc=com
Passwordpassword
Search filter(|(cn={FILTER}))
Search contextou=People,dc=sce-svt,dc=com
User ID attributeuid
Username attributecn
Email addressattributemail
What to do next
Notes:
v IBM SmartCloud Entry cannot be returned to use local authentication (non-LDAP authentication)through the web interface. If it is necessary to restore local authentication, see Configuring localauthentication for more information. Local authentication is intended only for non-productionenvironments such as for a proof of concept or for performing a demo.
v If you want to enable user name case sensitivity, you must update the ldap.xml file after setting theinitial LDAP configuration in the web interface. For more information, see “Configuring LDAPauthentication manually” on page 134 for more information.
ImagesIn the Images tab, you can manage and configure the images that are available for deployment. You canview image properties and deploy images.
In IBM SmartCloud Entry, each image has a status associated with it. If the status is OK, then the imageis ready to be deployed. Click the refresh arrow to update the status.
To view the properties of an image, click the name of the image.
If the list of images does not contain the image you want, ensure that the current cloud, project, andarchitecture filters are set correctly.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 177
Building imagesBuilding images manually is a complex and error-prone process. By pre-building images from specificsoftware bundles for reuse by others, administrators can streamline this process. There are severaldifferent ways of building images.
Building images using IBM Image Construction and Composition ToolUse the Image Construction and Composition Tool to build images for deployment into cloudenvironments. You can reuse and manage images and software in a cloud environment. The IBMImage Construction and Composition Tool builds Open Virtualization Appliance (OVA) files thatcan be deployed into clouds. For more information about the IBM Image Construction andComposition Tool, see Working with IBM Image Construction and Composition Tool athttp://pic.dhe.ibm.com/infocenter/tivihelp/v48r1/topic/com.ibm.scp.doc_2.1.0/ICON/topics/iwd_cicn_overview.html and the IBM Redbooks Create Smart Virtual Appliances with IBM ImageConstruction and Composition Tool at http://www.redbooks.ibm.com/abstracts/sg248042.html.
Building images with VMware StudioVMware Studio and the OVF Toolkit simplify the process of image creation. The images that arecreated in VMware Studio can be imported and deployed by using vSphere Client. For moreinformation about using VMware Studio, see VMware Studio Documentation athttp://www.vmware.com/support/developer/studio/.
Building images manuallyYou can choose to build images manually using open source tools. This method requiressignificant virtualization and image configuration (for example, OVF, Sysprep or cloud-init)experience.
Importing images (OpenStack only)Using IBM SmartCloud Entry, you can import images to an OpenStack cloud.
About this task
You can create images ready for importing by using tools such as IBM Image Construction andComposition Tool. You can also use existing OpenStack compatible images.
IBM SmartCloud Entry supports OpenStack images with the following disk formats supported bydifferent hypervisor types.
Table 30. Supported disk formats by hypervisor
Disk Format Hyper-V KVMPowerVM (throughPowerVC) Details
VHD Y N N Microsoft virtual harddisk format
RAW N Y Y Raw virtual machinedisk format
QCOW2 N Y N QEMU disk format
VMDK N Y N VMware virtualmachine disk format
AMI/AKI/ARI N Y N Amazonmachine/kernel/ramdisk disk format
ISO N N N Disk format with anoptical disk filesystem
178 IBM SmartCloud Entry: Administrator Guide 3.2
Table 30. Supported disk formats by hypervisor (continued)
Disk Format Hyper-V KVMPowerVM (throughPowerVC) Details
VDI N N N Virtual desktopinfrastructure diskformat
IBM SmartCloud Entry supports OpenStack images for one of the following guest operating systems:
Table 31. Supported guest operating systems by hypervisor
Guest operating system Hyper-V KVMPowerVM (throughPowerVC)
Windows
v Windows 8
v Windows 7
v Windows Server 2012
v Windows Server 2008 R2
Y Y N
Linux
v Red Hat Enterprise Linux6.4
v SUSE Linux EnterpriseServer 11.2
Y Y N
Linux on Power
v Red Hat Enterprise Linux5.9
v Red Hat Enterprise Linux6.4
v SUSE Linux EnterpriseServer 11 SP3
N N Y
AIX
v AIX 6.1, TL 9
v AIX 7.1, TL 3
N N Y
IBM i N N N
Notes:
v The imported image file is stored in the OpenStack cloud and not in the IBM SmartCloud Entrydatabase.
v An image with the VMDK disk format must have its disk that is contained in a single VMDK file.v IBM SmartCloud Entry does not support directly deploying images with the AKI and ARI disk
formats. Such images are deployed with an AMI disk formatted image. As a result, images with theAKI and ARI disk formats have an Undeployable state in IBM SmartCloud Entry.
v IBM SmartCloud Entry does not support importing images for deployment to PowerVC. Only thePowerVC images that were synchronized into the OpenStack cloud and made available to IBMSmartCloud Entry can be deployed to PowerVC. For information about working with PowerVCimages, see the IBM Power Virtualization Center Standard information center:http://pic.dhe.ibm.com/infocenter/powervc/1.2.0/topic/com.ibm.powervc.standard.help.doc/powervc_images_hmc.html.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 179
Procedure1. In the IBM SmartCloud Entry interface, click the Images tab.2. Click More and choose Import image... from the menu to open the Import Image window.3. Update the cloud, project, image name, disk format, and container format for the image being
imported.
Note: When the AMI disk format is selected, you can select the associated AKI (kernel image) andARI (ramdisk image) disk formatted images. If these images have not been imported, then you canedit these image properties later.
4. Update the hypervisor type for the image being imported. The hypervisor type might have a defaultvalue set based on the disk format selected. If the image does not have a specific hypervisor typerequirement, then select the “Not Specified” option. If a specific hypervisor type is selected and thereis no hypervisor in the OpenStack cloud that has a matching type, the image is not deployable.
5. Optional: If the image has a minimum memory or storage size requirement, update the minimummemory (MB) and minimum storage (GB) fields.
Note: By default, OpenStack uses the size of the image as the minimum storage size requirementwhen deploying the image. This default is often sufficient. However, if the image uses a compresseddisk format, such as QCOW2, then the minimum storage size requirement should be set to thedecompressed image size.
6. Optional: If the image has specific OpenStack architecture requirements, update the architecture fields.7. Click Import.
Note: When you upload an image file using some older browser versions, space for the image file isrequired in the server temp directory. This temporary file is deleted when the upload completes. If theupload does not complete successfully, it is possible that the temporary file is not deletedautomatically. If you must use an older browser, place the image file in a location where it can beimported using a URL.
Results
After the image is successfully imported, you can edit a subset of the image properties. For moreinformation on editing OpenStack image properties, see Editing image properties (OpenStack only).
If an image is not deployable after it is imported, check the log entries for the image for moreinformation. You might must modify the image properties to make the image deployable.Related reference:Building imagesThis topic contains more information about building images.Related information:Getting virtual machine imagesThis site contains example images that are compatible with OpenStack.
Editing image properties (OpenStack only)IBM SmartCloud Entry supports viewing and editing a subset of the properties that are stored with animage in the OpenStack cloud.
Procedure1. In the IBM SmartCloud Entry web interface, click an image to view or edit the properties of that
image.2. The following basic OpenStack image properties can be edited: name, disk format, container format,
minimum memory (MB), and minimum storage (GB).
180 IBM SmartCloud Entry: Administrator Guide 3.2
3. Optional: You can also view, create, update, and delete additional OpenStack image properties. Theadditional properties might include architecture, hypervisor_type, kernel_id, ramdisk_id, os_versionor os_distro. For more information about OpenStack image properties, see the OpenStack ComputeAdministration Guide at http://docs.openstack.org/trunk/openstack-compute/admin/content/ch_image_mgmt.html.Some of the additional OpenStack image properties are specific to certain OpenStack hypervisor types.For example, the KVM hypervisor supports the hw_vif_model, hw_disk_bus and hw_cdrom_busproperties. For more information about these properties, see Libvirt Custom Hardware Configurationat https://wiki.openstack.org/wiki/LibvirtCustomHardware.
Notes:
v An image configuration strategy is part of the additional OpenStack image properties. However, theconfiguration strategy cannot be viewed or edited with this task.
v To deploy an image to an OpenStack KVM hypervisor, the qemu value is used for thehypervisor_type property of the image.
Updating an image configuration strategy (OpenStack only)IBM SmartCloud Entry supports adding, updating, and deleting the configuration strategy for an imagein an OpenStack cloud.
About this task
The configuration strategy is stored with the image in the OpenStack cloud.
Procedure1. Select the image that you want to update.2. Click More and choose Configuration Strategy... from the menu.3. Click Edit.
Note: If a configuration strategy exists, a Delete button is provided to delete the existingconfiguration strategy. The Edit button can be used to add or update the configuration strategy.
4. Update the configuration strategy type, template, user metadata, and mapping for the image.5. Click Save.
Note: After you update the configuration strategy, reset the image configuration in order for theupdated configuration strategy to be applied when you configure or deploy the image.
Related tasks:“Configuring images with OpenStack” on page 153The following topics cover information to configure images in an OpenStack environment.
Creating a VMware linked virtual machineLinked virtual machines can be created from a snapshot or from the current running point. A linkedclone is a virtual machine whose disks are linked with the template that it was cloned from. Duplicateddata is shared between the linked virtual machine and the template. Linked clones deploy much fasterbecause most of the disk data does not have to be copied.
About this task
You can use any image (or template) to create a linked virtual clone. To create a linked virtual clone,follow these steps:
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 181
Procedure1. Open IBM SmartCloud Entry and select Images.2. Select the image that you want to clone and select Deploy > Advanced.3. On the Advanced Deployment window, select the option to Link virtual machine to image.
What to do next
Note:
v The creation of a linked clone requires the image to contain a virtual machine snapshot. If the imageused to create a linked clone does not have a virtual machine snapshot, IBM SmartCloud Entry createsa virtual machine snapshot for the image before the linked clone is created.
v If an image already has a virtual machine snapshot, IBM SmartCloud Entry does not create a newsnapshot, but instead uses the current snapshot. Changes that are made to the template might not bereflected, since the clone operation is based on the snapshot and any future changes you make areoutside of the snapshot If you must change the template, create a new snapshot that includes yourchanges.
v Storage DRS supports linked clones starting in VMware vSphere version 5.1. However, Storage DRS isnot always able to make a recommendation to place linked clones on a datastore. As a result, anattempt to deploy a linked clone to a storage DRS cluster results in the creation of a full clone, and awarning message in the log that a linked clone was not created.
v The disks of a linked clone cannot be resized. Any attempt to resize a linked disk at deployment timeresults in an error.
v The datastores of the image must be accessible by the deployment target or the virtual machine cannotbe linked to the image. In this case, IBM SmartCloud Entry deploys a full clone.
v You cannot unlink a linked clone from the image.
Configuring image deployment propertiesImage deployment customization properties that you want to apply to individual images must beconfigured through the IBM SmartCloud Entry web user interface. The deployment customizationproperties are the same properties that are available through a VMControl web interface or CLIdeployment. IBM SmartCloud Entry enables you to save these properties in advance so that your usersdo not have to know all the internal and advanced deployment details.
About this task
To set global image deployment properties, see “Configuring global image deployment” on page 140.
The values that are set in the global image deployment properties are used when deploying an imageunless individual deployment properties are set for an image. The values that are set for an individualimage are used unless they are explicitly overridden when deploying an image. Administrators can setwhich values are displayed in the basic deployment or even allow users to set advanced deploymentproperties. For more information about allowing users to view advanced form, see “Configuring access toadvanced deployment form” on page 143.
Note: Global configurations are refreshed only when manually reset or when the deployment targetchanges.
To configure image default deployment customization properties to be used when deploying it from IBMSmartCloud Entry, complete the following steps:
Procedure1. In the IBM SmartCloud Entry interface, click the Images tab.2. Click the name of the image that you want to configure.
182 IBM SmartCloud Entry: Administrator Guide 3.2
Note: If the image that you want is not available, make sure that the correct cloud, architecture, andproject are specified.
3. Click Configure.4. Complete the default customization for the image properties. These properties are divided into several
groups, including: Hardware, Software, Network, Storage, Image Target and Other Settings,depending on the type of image that you select.
Note: Changes that were made in the cloud since the image was added, such as networks that werecreated or removed, might not display on the Configure Image panel. To ensure that the current cloudsettings are available to configure the image, click Reset to Defaults.v Hardware
Notes:
– For OpenStack you can control the size of the virtual machine that is deployed from an image bythe flavor that you select. Only flavors that meet the disk and memory size requirements for theimage are listed as options.
– For Power Systems that are running in shared mode, the minimum, desired, and maximumnumber of both shared virtual processors and shared processing units are paired. For each pairedvalue, take care to ensure that values are set correctly. The number of processing units must beless than or equal to the number of virtual processors. However, the processing units, multipliedby 10, must be greater than or equal to the number of virtual processors.For example, if the minimum number of virtual processors is 1, then the minimum number ofprocessing units must be less than or equal to 1 (between 0.1 and 1), and must also be greaterthan or equal to 1 when it is multiplied by 10.
v Softwarev Network
Notes:
– You can click Show settings for each network configuration setting to display configurableoptions. For Power Systems, VLAN configuration is available in the Adapter networkconfiguration section. (For OpenStack images, Show settings is not shown or valid.)
– The NONE value indicates that no network configuration is applied to the settings, in which casethe values should be entered manually. (For OpenStack images, NONE is not shown or valid.)
– When a network configuration (including NONE) is selected for use, all settings in the subsectionare cleared, indicating they draw from the configuration specified.
– When a network configuration is applied, individual settings can be specified manually byproviding a value for the setting and therefore overriding the setting that is specified in the
Figure 3. Processor settings
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 183
network configuration. Any settings that are blank are taken from the configuration settings. (ForOpenStack networks, individual network settings cannot be specified.)
v Storage
Notes:
a. The Virtual disk options for an add disk request option is for adding a disk during theimage deployment and is specific to a VMware cloud. This option is an ordered andcolon-separated list of virtual disk options. The default value for an optional virtual disk optionis an empty string. The options are parsed in the following order:
Disk size in MB (Required)This option is parsed as a long.
Thin provisioned (Optional)This option is parsed as a boolean. The default value is false which specifies thickprovisioned status.
Eagerly scrub (Optional)This option is parsed as a boolean. The default value is false which specifies that theunderlying file system determines the scrub status.
Datastore (Optional)This option is parsed as a string. The default value is null which specifies that you wantto use the same datastore as the datastore that is used by the main disk of the virtualmachine. Input value sample:
The following is an example of this option:1:true:false:datastore_01
b. To configure the maximum number of disks that are allowed or the maximum size of the disks,see “Configuring the number and maximum size of additional storage” on page 144.
v Image targetv Other Settings
5. Depending on the image, you might be able to enter the root password for the server that isprovisioned by this image, such that users that deploy the image receive the root password in anemail notification.
6. Optionally, you can select specific image customization properties to display to a user on the basicdeployment form.a. Select the Show basic deploy panel settings check box at the top of the configuration panel.b. For individual customization properties, select the associated Show in basic deploy settings check
box. This option causes the property to be displayed when a user brings up the basic deploymentform for this image. Check only those properties that you want a user to customize, for example,passwords or port numbers for a specific software product included in the image.
7. Select Save.
Note: You can reset an image customization to its original configuration by clicking Reset toDefaults.
Deploying an imageYou can deploy an image with either basic configuration options or advanced configuration options.Advanced configuration options are only available if the administrator enables them for yourenvironment.
Procedure1. Click the name of the image you want to deploy.2. In the Image Details properties page, click Deploy.
184 IBM SmartCloud Entry: Administrator Guide 3.2
Note: The IBM SmartCloud Entry cloud administrator can configure IBM SmartCloud Entry to allowusers to use the advanced deployment form when deploying an image. Click More > Advanceddeploy to display the advanced deployment form.
Basic deployment
With a basic deployment, minimal configuration options, including name, description, project,flavors (if you are using OpenStack), processor information, memory, and key pairs (if you areusing OpenStack and at least one key pair is configured for the user) are displayed.
Advanced deployment
Advanced deployment makes a number of different settings available when an image isdeployed. For example, with advanced deployment a user can configure setting likenetworking, storage, and software configuration values. To enable access to these functions,you can do one of the following:v Make the advanced deployment form available to all users.v Choose specific values for an image by selecting the corresponding check box and exposing
that on the basic deployment.
For more information about enabling advanced deployment options for users, see“Configuring image deployment properties” on page 182.
With advanced deployment, administrators can configure the options, so users can suspendand resume instances. This option is only visible in a IBM Systems Director VMControl PowerSystems virtualization environment. The VMControl Linux Kernel-based Virtual Machine(KVM), VMware and OpenStack Linux Kernel-based Virtual Machine (KVM) and Hyper-Venvironments support the suspend action by default.
Additionally, in a VMControl Power Systems environment, when the target is a server systempool and at least two remote restart capable hosts are added into it, a check box to create aremote restart capable workload is displayed. On KVM, the remote restart capability isenabled by default so the check box does not show up.
If you enable the multiple instances on a single deployment operation, users can deploymultiple instances through a single deployment. The deployed instances use the deploymentname as the prefix of each single instance. The new names also use -x as the suffix, where x isthe index of that instance.
If the deployment approval process is enabled, you receive a single approval request. You canchange the number of deployment instances while you review the request. The metering andbilling functions remain for each of the single deployment instances. When deployingmultiple instances on a single deployment, the instances of this deployment are not displayedimmediately after you click Deploy or Approve.
You can also set fields, such as Virtual Machine Customization, Virtual Machine PersonalityFiles, and more.
Note:
v Only the members of the selected project can see the instance that is created as a result of the imagedeployment.
v If approvals are enabled, deployment does not begin until the request is approved by theadministrator.
v If billing is enabled, you must be a member of an account that is not delinquent for the deploymentto proceed.
v The expiration period and approvals policy settings for deployment depends on the policies thatare set for the cloud. If more detailed expiration and approvals are set for the project where theimage is being deployed, the policies for the project are applied.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 185
v If you are deploying multiple instances, IBM SmartCloud Entry deploys the instances one by one. Ifyou restart IBM SmartCloud Entry before all the deployments are complete, the deployments thatare not started will not be deployed. For example, if there are five instances to be deployed andthree of them are complete and one is in progress when IBM SmartCloud Entry is restarted, thefourth instance will be deployed, but the fifth instance will not be deployed.
Copying image definitionsRather than copy an entire image, you can create image copies by using just the metadata of the image.
About this task
By copying the metadata, you can make the same image available to multiple projects or providemultiple alternative configurations of the same base image. You can use the Configure Image window tomodify various configuration settings for the copies. The copy image function is enabled foradministrators and for project owners for images within their project.
When you copy an image definition, only the image metadata that is stored in the IBM SmartCloud Entrydatabase is copied. As a result, any metadata that is stored with the image in the cloud is common acrossthe base and copied images. For example, the configuration strategy for an OpenStack image is metadatathat is stored with the image in the cloud. Therefore, the same configuration strategy is used for the baseand copied images. For more information about OpenStack configuration strategies, see Configurationstrategies.
Note: If you delete the base image, then all copied image configurations are also deleted.
To copy an image definition, perform the following steps:
Procedure1. On the IBM SmartCloud Entry page, click the Images tab.2. On the Images page, click the base image name that you want to copy.3. Click Copy to enter the image name and description that you want to assign to the copied image.
What to do next
Now you can configure the copied image and move it to different project if desired.
Viewing image propertiesYou can view image properties such as the image name, description, last modification date, specificationversion, revision comments, and logs. As an administrator, or if you have project owner authority, youcan also make copies of the image, view related images (images that share the same base image), andmodify the image name, description, and project.
About this task
Click the image to view or edit the details of that image. Remember that modifications that you make toan image in IBM SmartCloud Entry might not be reflected in the underlying virtualization infrastructure.
Deleting imagesUsing IBM SmartCloud Entry you can delete images from an OpenStack cloud and certain images fromVMControl and VMware clouds.
186 IBM SmartCloud Entry: Administrator Guide 3.2
About this task
When you delete an image, it is deleted from IBM SmartCloud Entry. The image is deleted from theOpenStack cloud if it is a OpenStack base image.
The ability to delete an image varies by cloud type:v IBM Systems Director VMControl and VMware base images can be deleted only if they are in an Failed
or Unknown state.v IBM Systems Director VMControl and VMware copied images can be deleted at any time.v OpenStack images can be deleted at any time. Deleting an OpenStack base image results in all of its
related images, or copied images, being deleted as well.
Procedure1. In the IBM SmartCloud Entry interface, click Images.2. Select the image that you want to delete.3. Click the delete icon.
ProjectsYou can create, manage, and request access to projects on the Projects page, which is available on theAccess tab.
Projects are used to define the users that have access to a set of images and instances. Only members of aproject can view images and instance within a project. In many cases, projects correspond to adepartment or other human organization.
To manage projects, go to the Access tab and click Projects to view the list of available projects.
IBM SmartCloud Entry comes with a default project called the Public project, to which all users belong.All virtual images and instances created outside of the IBM SmartCloud Entry are, by default, assigned tothe Public project. You can also configure a staging project to store newly discovered images or instances.The staging project allows administrators to configure images before making them available to otherusers. For more information, see “Configuring a staging project” on page 143.
Project membership rolesWhen you are added as a member of a project, one of three membership roles are assigned to you.
OwnerA project owner has administrator authority to the project and its contents. The project ownerprimarily manages the contents of the project and who has authority to the project and itscontents.
User A project user has the authority to use the project and the objects within the project. For example,a project user can deploy a virtual image to the project. A user can also view and potentiallyrestore backup images of virtual machines created by other users, depending on the way theadministrator has set up the project and the roles. The project user primarily handles their owndeployments.
ViewerA project viewer has authority only to view the project and the virtual images and instancescontained in the project.
Creating a projectIf you are given authority by your administrator, you can create projects.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 187
Before you begin
Discuss your authority level with your administrator. The com.ibm.cfs.project.creation.by.user property inthe deployment.properties file must be set to True for you to create projects.
Procedure1. Click New Project.2. Type a project name and description in the corresponding fields.3. Click Create.
Editing project propertiesIf you have project owner authority, you can edit the properties of an existing project, including projectroles, project name, or project membership.
Procedure1. From the list of projects, select the project you want to edit.2. To update the project name or description, click the text field and type the new values.3. To update project membership:
a. Click Project Members to open the panel.b. In the Add Project Members window, select the new members and their project roles to add them
to the project.c. Click OK.d. To modify an existing member's project role, select the users you want to modify and click Set
Role to to select the new project role.e. To remove members from the project, select the users you want to remove and then click Remove
to remove the users from the project.4. To update the expiration policies:
a. Click Expiration Policies to open the panel.b. Choose one of the following to set the expiration policy:
Use cloud defaultThe expiration of the deployment will depend on the expiration configuration of the cloudto which the image belongs.
Customize settingsThe expiration policy you set on this panel (by setting the Maximum expiration value andMaximum extension period values) overrides the expiration policy of the cloud to whichthe image belongs.
5. To update the approval policies:a. Click Approval Policies to open the panel.b. Choose one of the following to set the approval policy:
Use cloud defaultThe project uses the approval policy of cloud groups.
Customize settingsThe project uses the approval policy you set on this panel (by selecting checkboxes fromthe Require approval for the following events list) overrides the approval policy of thecloud groups.
6. Click Save.
188 IBM SmartCloud Entry: Administrator Guide 3.2
Managing projectsFor projects that you own, you can set expiration policies and approval policies that affect the instancesdeployed in that project.
Procedure1. Click the Access tab and then the Projects tab.2. Click the name of the project in the table to display the project properties.3. Click Edit.4. Expand the title of the item you want to work with: Expiration Policies or Approval Policies.5. Set your policies for your projects, or select Use cloud default to use the policies set by your
administrator.
What to do next
For more information about expiration policies and approval policies, see the IBM SmartCloud EntryAdministrators Guide.
Deleting an existing projectAs a project owner, you can delete a project at any time.
About this task
When a project is deleted from IBM SmartCloud Entry, all of the virtual images and instances containedin the project are transferred to the public project.
Procedure1. In the projects list, select the project you want to delete.
Restriction: You cannot delete the default Public project.2. Click the Delete selected projects icon.
Project management with OpenStackUnlike other cloud types, OpenStack clouds provide native support for project management through theOpenStack keystone component. Because the projects are managed in OpenStack, the projects cannot beupdated unless the OpenStack cloud is available.
Keystone is an OpenStack component that provides identity, token, catalog, and policy services to projectsin the OpenStack family. Upon first connecting to an OpenStack cloud, IBM SmartCloud Entry imports allthe projects that currently exist inOpenStack. The current project membership is accepted and reflected inIBM SmartCloud Entry.
After the initial OpenStack projects import, when connected to an OpenStack cloud, IBM SmartCloudEntry enters transactional mode for project management. When in transactional mode, all projectmanagement operations that are performed in IBM SmartCloud Entry are also performed in OpenStack(that is in keystone). If a project management operation (or any of the operations described in thissection) fails to complete successfully in IBM SmartCloud Entry it does not occur in OpenStack. Likewise,if it fails in OpenStack, it reverts in IBM SmartCloud Entry.
IBM SmartCloud Entry enters transactional mode for project operations, while connected to OpenStack, inorder to have the registries in both products synchronized. For this reason, when connected to anOpenStack cloud, IBM SmartCloud Entry cannot perform project-related operations while the OpenStackcloud is down or unavailable.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 189
To connect to OpenStack, IBM SmartCloud Entry uses a service user account and a default service tenant.Some OpenStack installations have user accounts specific to OpenStack components (for example, nova,keystone, neutron). These and other service user accounts or service tenants in an OpenStack server thatdo not represent an actual user account or tenant, can be added to the list of service users and servicetenants so that they are ignored by IBM SmartCloud Entry. To make this change, add the service usersand tenants to the comma-separated list of users in the com.ibm.cfs.cloud.openstack.service.users property, orthe comma-separated list of tenants in the com.ibm.cfs.cloud.openstack.service.tenants property, in theopenstack.properties file.
Approval policiesIBM SmartCloud Entry administrators can enable approval policy support by specifying the operationsthat require approval. If approval policies are enabled, the requested operation is held until the approvalrequest is processed by the administrator.
This approval requirement ensures that IBM SmartCloud Entry administrators control the IBMSmartCloud Entry instance process and provides an audit trail of the requester and approver roles.
From a user standpoint, the approval lifecycle behaves similar to the following:v Users can only see requests that they initiate.v Users are unable to view any requests against an instance in the public project that they did not
originate. Because of this limitation, instances will indicate that they are a Pending state, but users willnot be able to see the outstanding requests initiated by other users against that instance.
Setting or modifying approval policies for a cloudFollow these steps to set or modify an approval policy for a cloud. These policies are used unless theyare overridden by an approval policy for a project.
Procedure1. In the IBM SmartCloud Entry interface, select Configuration > Clouds.2. Click the cloud name for which you want to modify approval policies.3. Select Approval Policies.4. Set the events that require administrator approval.
Deploying an imageApproval policy that is invoked when deploying an image to create an instance in the cloud.This approval policy suspends the deployment operation until the generated request isapproved or rejected.
Extending the instance expiration time frameApproval policy that is invoked when extending the expiration date of an existing instance.This approval policy suspends the expiration operation until the generated request isapproved or rejected.
Resizing an instanceApproval policy that is invoked when resizing an existing instance. This approval policysuspends the resize operation until the generated request is approved or rejected.
Capturing an instanceApproval policy that is invoked when capturing an existing instance. This approval policysuspends the capturing operation until the generated request is approved or rejected.
Requesting to attach storage to a virtual machineApproval policy that is invoked when attaching storage to a virtual machine. This approvalpolicy suspends the attach storage operation until the generated request is approved orrejected.
190 IBM SmartCloud Entry: Administrator Guide 3.2
Requesting to detach storage from a virtual machineApproval policy that is invoked when detaching storage from a virtual machine. Thisapproval policy suspends the detach storage operation until the generated request is approvedor rejected.
Saving a virtual machine imageApproval policy that is invoked when saving a virtual machine image. This approval policysuspends the save image operation until the generated request is approved or rejected.
Requesting to create virtual machine snapshotApproval policy that is invoked when creating a virtual machine snapshot. This approvalpolicy suspends the virtual machine snapshot operation until the generated request isapproved or rejected.
Restoring a virtual machineApproval policy that is invoked when restoring a saved virtual machine image. This approvalpolicy suspends the restore operation until the generated request is approved or rejected.
Requesting to revert virtual machine to snapshotApproval policy that is invoked when reverting a virtual machine to snapshot version. Thisapproval policy suspends the revert to snapshot operation until the generated request isapproved or rejected.
Setting or modifying approval policies for a projectFollow these steps to set or modify an approval policy for a project. These policies override the approvalpolicies that are set for a cloud.
Procedure1. In the IBM SmartCloud Entry interface, select Access > Projects.2. Select the project for which you want to modify approval policies.3. Select Customize settings.4. Select Approval Policies.5. Set the events that require administrator approval. To use setting defined for a cloud, select Use cloud
default.
Deploying an imageApproval policy that is invoked when deploying an image to create an instance in the cloud.This approval policy suspends the deployment operation until the generated request isapproved or rejected.
Extending the instance expiration time frameApproval policy that is invoked when extending the expiration date of an existing instance.This approval policy suspends the expiration operation until the generated request isapproved or rejected.
Resizing an instanceApproval policy that is invoked when resizing an existing instance. This approval policysuspends the resize operation until the generated request is approved or rejected.
Capturing an instanceApproval policy that is invoked when capturing an existing instance. This approval policysuspends the capturing operation until the generated request is approved or rejected.
Requesting to attach storage to a virtual machineApproval policy that is invoked when attaching storage to a virtual machine. This approvalpolicy suspends the attach storage operation until the generated request is approved orrejected.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 191
Requesting to detach storage from a virtual machineApproval policy that is invoked when detaching storage from a virtual machine. Thisapproval policy suspends the detach storage operation until the generated request is approvedor rejected.
Saving a virtual machine imageApproval policy that is invoked when saving a virtual machine image. This approval policysuspends the save image operation until the generated request is approved or rejected.
Requesting to create virtual machine snapshotApproval policy that is invoked when creating a virtual machine snapshot. This approvalpolicy suspends the virtual machine snapshot operation until the generated request isapproved or rejected.
Restoring a virtual machineApproval policy that is invoked when restoring a saved virtual machine image. This approvalpolicy suspends the restore operation until the generated request is approved or rejected.
Requesting to revert virtual machine to snapshotApproval policy that is invoked when reverting a virtual machine to snapshot version. Thisapproval policy suspends the revert to snapshot operation until the generated request isapproved or rejected.
RequestsWhen deploying an image or when initiating an action that requires approval from an administrator, arequest is created and submitted to an administrator for approval. The status is set to Pending until theadministrator handles the approval request.
You can set which actions require administrator approval using the Approval policies function. For moreinformation, See “Approval policies” on page 190.
Processing instance requestsWhen an image is deployed, initiating an instance, the deployment request may require approval by anadministrator. The instance status is set to pending until the administrator handles the approval request.
About this task
You can process an instance request from the Instances tab or from the Requests tab. For moreinformation about processing an instance request from the Instances tab, see “Processing requests fromthe Instances tab” on page 206
To process a pending request, follow these steps:
Procedure1. In the IBM SmartCloud Entry interface, select Access > Requests.2. Expand the Request Details section to review or update the request before approving.3. Expand the Comments section to review comments or use the Add Comment link to provide
additional comments.v Click Approve to approve the request and allow the deployment processing to start.v Click Reject to reject the request.v Click Withdraw to withdraw a request.
192 IBM SmartCloud Entry: Administrator Guide 3.2
Clearing or archiving requestsYou can clear or archive requests. Clearing requests deletes the requests while archiving requests savesthem to an archive folder. By clearing requests, you can free space on your system and improveperformance in the IBM SmartCloud Entry interface. Archive any requests that you may want toreference in the future.
About this task
To clear or archive a request, follow these steps:
Procedure1. In the IBM SmartCloud Entry interface, select Access > Requests.
v To clear requests, click Clear.v To archive requests, click Archive.
2. Use the Request filter to select a subset of requests to clear or archive. Filter by status or start and enddate. If you filter by date, you must provide an end date.v To clear the selected requests, click Clear.v To archive the selected requests, click Archive. The filtered requests are saved in a file called
requests_<current time in milliseconds>.csv. This file can be found in the archives folder,located in the IBM SmartCloud Entry configuration directory.
Expiration policiesExpiration policies require users to set an expiration period specifying the maximum length of theinstance lease and determine the life cycle of expired instances.
You can set a default expiration policy for a cloud or for a project. Expiration policies set for a projectoverride the expiration policies set for a cloud. After an expiration policy has been set, you must set anexpiration date whenever deploying an image from that cloud or project. However, the administrativeuser can set a date with no limitations.
If you are deploying an image from a cloud or project that does not have an expiration policy set, youcan choose whether or not to set an expiration date.
The user who deployed the instance will receive an email notification when the instance is about toexpire. The user can extend the lease if extensions are enabled.
After the instance expires, it will be stopped. The instance can be automatically deleted after a limitedtime, specified by the grace period. If no grace period is specified, the instance is deleted immediately.This setting applies whether or not the instance expiration maximum is set.
Updating the default expiration policy for a cloudYou can update the default expiration policy for IBM SmartCloud Entry.
About this task
To update the default expiration policy, complete the following steps:
Procedure1. In the IBM SmartCloud Entry interface, select Configuration > Clouds.2. Click the name of the cloud for which you want to update the expiration policy.3. Click Expiration Policies to open the form.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 193
4. Enter information for the default expiration policy and click Save.
Note: To delete expired instances immediately, set the Grace period to 0.
Updating the default expiration policy for a projectYou can update the default expiration policy for IBM SmartCloud Entry project.
Procedure1. In the IBM SmartCloud Entry interface, select Access > Projects.2. Select a project to open the project update page.
Note: To delete expired instances immediately, set the Grace period to 0.3. Enter information for the default expiration policy.
v If you select Use cloud default, the expiration of the deployment depends on the expirationconfiguration of the cloud to which the image belongs.
v If you select Customize settings, the expiration policy overrides the expiration policy of the cloudto which images belong.
4. Click OK.
Flavors (OpenStack only)A flavor is the prescribed size of a provisioned virtual machine. Each flavor has a unique combination ofresource configurations and sizes.
Updating the flavor for an OpenStack cloud configurationYou can update the flavor that is configured for the cloud.
Procedure1. In the IBM SmartCloud Entry interface, select Configuration > Clouds.2. Select the cloud for which you want to modify flavors.3. Click Edit.4. Expand the Flavors section. You can create a flavor based on an existing flavor or you can create a
completely new flavor.5. Click the flavor name that you want to copy or click the Create a new flavor icon to create a new
flavor.6. Set the following required values:
v Name
v Virtual CPUs
v Memory (MB)
v Storage (GB)
v Swap(MB) This option is only supported for KVM deployments.
Notes:
v When updating the flavor, only integers are valid for the processor, memory, storage, and swapsizes. Any fractional data is omitted.
v After a flavor is created or updated, it can be used to deploy OpenStack images. However, the newor updated flavor might not be immediately available when configuring an image. If this occurs,you can reset the image configuration to the default values in order to pick up the flavor changesmade in the cloud. For more information, see Configuring image deployment properties.
194 IBM SmartCloud Entry: Administrator Guide 3.2
v Flavors with a storage size of 0 have special meaning in OpenStack and are not supported bynumerous hypervisors such as Hyper-V. Hypervisors that do support such flavors use the size ofthe image as the storage size when provisioning a virtual machine from the image.
7. Optional: Specify extra specifications. For information, see “Extra specifications.”
Extra specificationsA flavor might include properties that are in addition to the base flavor properties. These extraspecifications are key value pairs that can be used to provide advanced configuration that is in additionto the configuration provided by the base flavor properties. This configuration is specific to thehypervisor.
Advanced configuration provided with flavor extra specifications might include the following:v CPU sharesv CPU periodv disk read and write rates per second
In addition to enabling advanced hypervisor configuration, extra specifications are used in OpenStack asa mechanism to enable advanced placement by the scheduler with specific scheduler filters such as theComputeCapabilitiesFilter and the AggregateInstanceExtraSpecsFilter. For specific information aboutusing these filters, see the OpenStack documentation.
KVM extra specifications
Flavor extra specifications are supported as part of the KVM support with OpenStack that is providedwith IBM SmartCloud Entry version 3.2.
The following extra specifications enable tuning the CPU for a virtual machine:v quota:cpu_shares
v quota:cpu_period
v quota:cpu_quota
The following extra specifications enable tuning the device I/O for a virtual machine:v quota:disk_read_bytes_sec
v quota:disk_read_iops_sec
v quota:disk_write_bytes_sec
v quota:disk_write_iops_sec
v quota:disk_total_bytes_sec
v quota:disk_total_iops_sec
The following extra specifications enable tuning the network device interfaces for a virtual machine.However, they are not supported in IBM SmartCloud Entry version 3.2 since they are not used withOpenVSwitch.v quota:vif_inbound_average
v quota:vif_inbound_peak
v quota:vif_inbound_burst
v quota:vif_outbound_average
v quota:vif_outbound_peak
v quota:vif_outbound_burst
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 195
PowerVC extra specifications
Flavor extra specifications are supported as part of the PowerVC support with OpenStack that isprovided with IBM SmartCloud Entry version 3.2.
The following extra specifications enable tuning the CPU for a virtual machine:v powervm:proc_units
v powervm:min_proc_units
v powervm:max_proc_units
v powervm:min_vcpu
v powervm:max_vcpu
v powervm:dedicated_proc
v powervm:share_idle
v powervm:uncapped
v powervm:shared_weight
v powervm:availability_priority
v powervm:processor_compatibility
The following extra specifications enable tuning the memory for a virtual machine:v powervm:min_mem
v powervm:max_mem
The following extra specifications enable tuning the boot volumes:v powervm:boot_volume_type
For more information, see the PowerVC Information Center.
Extra specification labels
Because it can be difficult to determine the purpose of extra specifications from their names, you canlabel extra specifications.
In the openstack.properties file any property that contains the com.ibm.cfs.openstack.flavor.extraspec.label. prefixis considered a localizable label for an OpenStack flavor extra spec. The suffix of the property must bethe extra spec name, and the value of the property must be the list of localized extra spec labels.
For example, you can provide a label for the quota:cpu_shares extra specification that is similar to thefollowing:
com.ibm.cfs.openstack.flavor.extraspecs.label.quota:cpu_shares=CPU Shares, en_us=CPU Shares,es=Porción de Procesador
The first value is the label for the default locale, which is followed by a list of locale=label pairs. Eachtime the extra specification is displayed in the IBM SmartCloud Entry user interface, the correspondinglabel is displayed, based on the locale of the end user.
Multiple cloud supportIBM SmartCloud Entry allows you to manage multiple clouds from a single instance. For example, youcan have a test cloud set up to implement your latest policies before moving those policies to yourproduction cloud.
196 IBM SmartCloud Entry: Administrator Guide 3.2
This support also allows you to manage multiple types of clouds For example, you can have multipleIBM Systems Director VMControl and VMware cloud instances available from a single IBM SmartCloudEntry user interface.
You can customize each cloud to have its own approval and expiration policies as well as configure anetwork for a specific cloud.
In the Cloud status window, you can see the status of all of the clouds that IBM SmartCloud Entry isconnected to. To view details about a specific cloud, select Cloud settings.
In the Clouds section of the Configuration tab, you can add, edit, and delete cloud configurations. Whenediting cloud configurations, you can also set or update expiration policies and approval policies.
Adding a cloud configurationYou can configure a cloud in the Clouds section of the Configuration tab.
Procedure1. Open IBM SmartCloud Entry and select Configuration > Clouds.2. Click Add Cloud.3. Enter information in each of the fields that is denoted with a red asterisk (*).
Note: When you create a VMControl cloud, if the number of virtual machines that you plan tomanage with IBM SmartCloud Entry is above 500, it is recommended that the time out field be set to30 minutes to prevent unexpected disconnections between IBM SmartCloud Entry and IBM SystemsDirector VMControl. The default time out value is 10 minutes. You might use the default and updateit from the Cloud update page, as the number of managed instances grows.
4. Click Add.
What to do next
After you click Add, you are prompted to trust the cloud server SSL certificate. If you do not accept thiscertificate, the cloud configuration is not added.
Note: If you do not want to accept the default Approval or expiration policies, you can edit the cloudconfiguration after adding it.
Configuring an OpenStack cloudAfter you deploy the IBM SmartCloud Entry appliance, use the web interface to configure an OpenStackcloud.
Procedure1. Log in to IBM SmartCloud Entry web interface as an administrator.2. Click the Configuration tab and select Clouds in the navigation pane.3. Click Create a new cloud configuration.4. Enter the cloud configuration settings for the OpenStack cloud.
Name Assign a name to the OpenStack cloud that you want to create.
DescriptionOptionally, add a description for the OpenStack cloud.
Type Select OpenStack for the cloud type.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 197
Host nameSelect the host name of the appliance or the IP address of the management network (eth0).Selecting localhost does not work because the service is listening on the managementnetwork.
Port Accept the default value of 9973.
Administrator IDEnter sceagent, the user ID that is used to communicate between IBM SmartCloud Entry andOpenStack.
PasswordType the password for the sceagent user ID. By default it is set to openstack1.
Tenant nameType Public.
Secure the cloud connection using SSLSelect if the OpenStack cloud is configured to expose an SSL connection. By default it isselected.
QPID Settings
User IDEnter qpidclient, the user ID that communicates with the QPID messaging server.
PasswordType the password for the qpidclient user ID. By default it is set to openstack1.
5. Click Test Connection to check the current settings.6. Click Add to finish.
Results
If you receive a PKI token error when you are attempting to configure the OpenStack cloud, see “PKIerror when adding OpenStack cloud” on page 234 for more information.
OpenStack cloudsWhen you add an OpenStack cloud, IBM SmartCloud Entry enters a transactional mode for user andproject operations. Also, OpenStack relies on Coordinated Universal Time (UTC) time.
When in transactional mode, all user and project operations fail if the OpenStack cloud is unavailable.These operations fail even if the user or project in question is not currently used in connection toOpenStack.
Additionally, IBM SmartCloud Entry uses OpenStack efficient polling with the changes-since parametersupport to maintain internal caches of certain OpenStack resources. The OpenStack changes-sincesupport relies on Coordinated Universal Time (UTC) time to determine if a resource has changed. As aresult, the IBM SmartCloud Entry and OpenStack systems must maintain accurate and consistent UTCtime to avoid caching and other problems that can occur due to incorrect system time.
Removing a cloudYou can remove an association with a cloud from IBM SmartCloud Entry from the Clouds section of theConfiguration tab.
Procedure1. Open IBM SmartCloud Entry and select Configuration > Clouds.2. Select the cloud that you want to delete.3. Click Remove Cloud and then click Yes to confirm.
198 IBM SmartCloud Entry: Administrator Guide 3.2
Results
Note: When removing a cloud configuration, all of the cloud resources created by IBM SmartCloud Entryare lost. Recreating the connection to the cloud at a later time will not recover these resources
Updating a cloudYou can update a cloud in the Clouds section of the Configuration tab.
Procedure1. Open IBM SmartCloud Entry and select Configuration > Clouds.2. Click the name of the cloud that you want to update.3. Update the desired fields and click Save.
Tip: From this configuration panel, you can also review or change the Expiration Policies, ApprovalPolicies, and Flavors (OpenStack cloud) of the cloud. For more information, see the following topics:v “Expiration policies” on page 193v “Approval policies” on page 190v “Flavors (OpenStack only)” on page 194
Network configurationsIBM SmartCloud Entry provides a convenient way to manage and apply network settings by usingnetwork configurations. Network configurations are a group of network settings for a particularenvironment, typically a virtual network. These settings can be managed as a single entity and applied toimage configurations or instance deployment settings.
For example, suppose that a cloud environment contains two virtual networks applicable to instancedeployment: a public and a private virtual network. In this case, an administrator might create twonetwork configurations, one for the public and one for the private. In the public configuration, theadministrator would specify all the public network settings such as primary DNS, secondary DNS, andprimary gateway. The same would be done for the private network configuration. After theconfigurations are created, the administrator can configure the images to use the appropriate networkconfiguration. This action saves time by not requiring the administrator to specify each network setting ineach image. It also allows an easier way to manage the network settings on a virtual network.
While the actual settings specified in a configuration are tailored to a specific environment, the networkconfigurations themselves are a superset of all network settings regardless of image, operating system, orcloud management system. Therefore, all settings that are specified in a configuration are applicable. Forexample, the primary and secondary WINS settings of a network configuration are only applicable toWindows based images. So when you create a configuration for an image that is not using Windows,these values are not needed and can be left blank.
Note: With the IBM SmartCloud Entry web interface, you can specify the network configuration for acloud. The web interface displays only the fields that are applicable for that cloud. Before you can createan OpenStack network configuration, you must select an existing OpenStack cloud.
When network configuration settings are applied to either an image configuration or during an advancedinstance deployment, their individual settings can be overridden or manually specified, if wanted.
Note: You cannot override or manually specify OpenStack network configuration settings.
Managing network configurationsYou can create, edit, and delete, network configurations from the IBM SmartCloud Entry web interface.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 199
About this task
To create, edit, or delete a network configuration, follow these steps:
Procedure1. Open IBM SmartCloud Entry and select Configuration.2. Select Network.
The network configurations that are defined in the property files are displayed. The Network tabprovides a listing of all existing network configurations, and enables you to edit, create, or deletethese network configurations.v The Network Configuration column shows the name of the existing network configuration.v The Cloud column shows the name of the cloud scope that is associated with the network
configuration.v The Type column shows the IP address version that the network configuration supports. VMware
and VMControl network configurations support only IPv4 addresses, but OpenStack networkconfigurations can support IPv4 or both IPv4 and IPv6 addresses. OpenStack networks do notsupport IPv6-only addresses.
v The Available Addresses column shows the number of IP addresses available in the network.v The Allocated Addresses column shows the number of IP addresses that are allocated.You can edit, create, or delete these network configurations.v To view or edit specific network configuration properties, click the network configuration name.v To manage the IP addresses for an existing configuration, click Manage IP Addresses for the
existing configuration.
v To create a new network configuration, click the New icon.v To create a new network configuration that is based on an existing configuration, select a
configuration and click the Copy icon.
v To delete an existing configuration, select a configuration and click the Delete icon.
Adding a network configurationYou can add a network configuration from the IBM SmartCloud Entry web interface.
About this task
To add a network configuration, follow these steps:
Procedure1. Open IBM SmartCloud Entry and select Configuration.2. Select Network.3. To create a network configuration, click New.4. Specify a cloud scope.
When you specify a cloud scope, the network configuration that you are adding is only availablewhen you deploy an image to that cloud. If you specify Either VMControl or VMware for the cloudscope, the configuration is available to all VMControl or VMware images. When you specify a cloudscope, this page displays only the fields that are applicable to the selected cloud scope.
5. Enter a name for the configuration.6. Follow the steps for the cloud scope that you selected.
200 IBM SmartCloud Entry: Administrator Guide 3.2
v VMware
a. Optionally, enter a description.b. Select a unique Network ID.c. Select one of the following IP Settings:
– Use DHCP
– Use IP address pool
If you select Use IP address pool, follow these steps:1) Specify a Subnet mask and Gateway address. You can also provide an alternative gateway
address.2) Specify a number of IP addresses and the starting address for allocation. The ending
address is calculated based on the number of addresses and starting address.
Note: If you specify a number of IP addresses, the number must be at least 2. To create asingle IP address, you must first create then network configuration, and then add thesingle IP address.
3) Specify DNS Settings.d. Specify System-wide settings, including Linux and AIX Network Settings and Windows
Network Settings.e. Choose to be a member of a domain or a workgroup:
– Domain
If you select Domain, specify the domain name, user, and password.– Workgroup
If you select Workgroup, specify the workgroup name.f. If you selected Use IP address pool, you can also select Obtain host name and domain name
from DNS server. If you select this option, the DNS used by the system must correlate with theDNS used by this application. If it does not, the names that are obtained might be different fromthe name that is resolved by the system DNS. The DNS server must be configured correctly forthe operating system of the IBM SmartCloud Entry server. If the names cannot be resolved, thehost name prefix and domain name that are provided in this configuration are used.
Note: Only the host name and domain name are configured when you select Obtain host nameand domain name from DNS server. For other setup, such as the DNS IP address, you mustconfigure those settings manually when an image is deployed.
g. Click Save.v VMControl
a. Optionally, enter a description.b. Select a unique Network ID.c. Specify a subnet mask and gateway address.d. Specify a number of IP addresses and the starting address for allocation. The ending address is
calculated from the number of addresses and starting address.
Note: If you specify a number of IP addresses, the number must be at least 2. To create a singleIP address, you must first create then network configuration, and then add the single IPaddress.
e. Specify DNS settings.f. Specify System-wide Linux and AIX Network Settings.g. Specify whether to Obtain host name and domain name from DNS server. If you select this
option, the DNS used by the system must correlate with the DNS used by this application. If itdoes not, the names that are obtained might be different from the name that is resolved by thesystem DNS. The DNS server must be configured correctly for the operating system of the IBM
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 201
SmartCloud Entry server. If the names cannot be resolved, the host name prefix and domainname that are provided in this configuration are used.
Note: Only the host name and domain name are configured when you select Obtain host nameand domain name from DNS server. For other setup, such as the DNS IP address, you mustconfigure those settings manually when an image is deployed.
h. Click Save.v OpenStack
a. Select one of the following IP address versions:– IPv4 only– IPv4 and IPv6
If you select IPv4 and IPv6, you can enter separate IP address settings for IPv4 and IPv6addresses. However, the number of IPv6 addresses to allocate must be the same as thenumber of IPv4 addresses.
b. Specify a subnet mask (for IPv4) or prefix length (for IPv6) and gateway address.c. Specify a number of IP addresses and the starting address for allocation. The ending address is
calculated from the number of addresses and the starting address.
Notes:
1) There must be at least two IP addresses.2) If you attempt to create an OpenStack network with an IP subnet that duplicates or
overlaps with an existing OpenStack network, an error message similar to the following isreturned:NeutronError: Invalid input for operation: Requested subnet with cidr:192.168.0.0/24 for network: 48baeadd-762e-4e47-8007-810a0ae7bee9 overlaps withanother subnet.
The OpenStack network configuration can overlap or duplicate a VMware and VMControlnetwork configuration, but two or more OpenStack network configurations cannot use thesame IP address subnet range or overlap. To change this restriction, follow these steps:a) Edit /etc/neutron/neutron.conf file on the IBM SmartCloud Entry appliance and change
the allow_overlapping_ips property to True
b) Use the sceappmgr tool to restart the OpenStack services.d. Specify DNS settings.e. Specify provider network settings as follows:
– Specify one of the following network types:- None selected
A network is created based on the tenant_network_type property in the/etc/neutron/plugin.ini file. This value is set to vlan in the SCE image. If this option isused, the physical network name and vlan ID are automatically selected based on the"network_vlan_ranges" property in /etc/neutron/plugin.ini file. This property is set todefault:1:4094 in the SCE image.
- Flat
A virtual network that is realized as packets on a specific physical network that containsno IEEE 802.1Q header. Each physical network can realize at most one flat network.
- Local
A virtual network that allows communication within a host, but not across the network.Local networks are intended mainly for single-node test scenarios.
- VLAN
A virtual network that is realized as packets on a specific physical network that containsIEEE 802.1Q headers with a specific VLAN id. VLAN networks that share a physical
202 IBM SmartCloud Entry: Administrator Guide 3.2
network are isolated from each other. Each distinct physical network that supports VLANnetworks is treated as a separate VLAN trunk, with a distinct space of VLAN id values.
– If you select Flat or VLAN for the network type, enter the physical network name.This physical network name must match the name that is specified in thenetwork_vlan_ranges property of the /etc/neutron/plugin.ini file.
Note: You can create only one Flat network on each physical network.– If you select VLAN, enter the VLAN ID.
Valid VLAN ID values are 1 through 4094.f. Click Save.
Editing network configurationsYou can edit a network configuration from the IBM SmartCloud Entry web interface.
About this task
To edit a network configuration, follow these steps:
Procedure1. Open IBM SmartCloud Entry and select Configuration.2. Click Network. The network configurations that are defined in the property files are displayed.3. Select a network configuration that you want to edit from the list of available configurations. The
current properties are displayed for the selected configuration. The properties that are displayeddepend on the cloud management system for which the network configuration was created.
4. Click Edit. You can edit only certain network configuration properties.5. Change the properties of the configuration. If you want to edit the IP addresses for this configuration,
click Manage IP Addresses. For more information about setting up an IP address pool, see“Managing IP address pools.”
6. Click Save to save your changes, or Cancel to exit the screen without saving your changes.
Managing IP address poolsIBM SmartCloud Entry can automatically select the IP address (or IP addresses) to be used whenprovisioning a virtual machine from a list of predetermined IP addresses known as an IP address pool. IPaddresses are managed and assigned automatically to an instance so that the user requesting thedeployment does not need to specify them.
About this task
An IP address is marked as "In Use" when IBM SmartCloud Entry selects that IP addresses from thenetwork configuration and uses it for the deployment of an instance. When the instance is deleted byIBM SmartCloud Entry, the IP address "In Use" indication is cleared so that the IP address can be reusedby another instance deployment. If IBM SmartCloud Entry detects that the instance has failed and nolonger exists in the cloud, the IP address is unlocked immediately and the "In Use" flag cleared.
The administrator can also mark an IP address or a range of IP addresses as "Locked". "Locked" IPaddresses are not selected by IBM SmartCloud Entry for instance deployment. The purpose of "Locked"IP addresses is to allow the administrator to mark certain IP addresses in the network as reserved or "InUse" by other applications. If the administrator later wants to enable the IP address so that it can be usedby IBM SmartCloud Entry for instance deployment, the "Unlock" option can be used to remove the"Locked" indicator.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 203
The main difference between "In Use" and "Locked" is conceptual; addresses that are "In Use" are beingused by the IBM SmartCloud Entry application, while addresses that are "Locked" are being used by anexternal application or are not available as specified by an administrator.
Each network configuration contains its own IP address pool, which allows IP addresses to be managedon a per network configuration basis. If a configuration is applied to the deployment settings of aninstance (and the configuration is not set to use DHCP), the IBM SmartCloud Entry automatically usesthe pool that is associated with the configuration.
Notes:
1. Network configurations typically represent a VLAN or a virtual network. While a networkconfiguration cannot contain the same IP address more than once, different network configurationscan contain the same IP addresses. This behavior was added to allow multiple VLANs to use thesame IP address ranges. If the same IP address ranges are specified in multiple networkconfigurations, care must be taken to ensure that these network configurations are used on differentnetworks or VLANs.
2. OpenStack network configurations cannot contain the same IP addresses. Each of the IP subnets thatare defined in the OpenStack network configurations must be unique and must not overlap.
3. The IP addresses for an OpenStack network configuration are specified when the OpenStack networkconfiguration is first created. IP addresses cannot be added to or removed from an OpenStacknetwork configuration. Lock and unlock of IP addresses is supported.
The following steps describe how an administrator can manage the IP address pools that are used by theIBM SmartCloud Entry application.
Procedure1. Open IBM SmartCloud Entry and select Configuration > Network.2. From the Network page, select Edit under IP Addresses.3. The IP Addresses view is displayed. Use this view to add, remove, lock, or unlock IP addresses.4. To add IP addresses, select Add.
a. Add an individual or range of IP addresses to the pool.b. Select OK to add the IP address or range, or select Cancel to cancel the operation.
204 IBM SmartCloud Entry: Administrator Guide 3.2
5. To remove, lock, or unlock specific IP addresses, select the IP addresses to which to apply theoperation, then select Remove, Lock or Unlock from the Manage IP addresses page to apply theoperation.
Note: The IP addresses page allows for smart selection of IP addresses to which to apply the Remove,Lock, and Unlock operations. When Remove, Lock, or Unlock is selected, smart selection determineswhether any addresses are selected on the page. If addresses are selected, the operation is applied tothe selected addresses without an extra dialog. If no addresses are selected, a dialog is displayedwhich allows either individual or range based operations for remove, lock, or unlock.
InstancesUse the Instances tab in the IBM SmartCloud Entry interface to manage instances after they have beencreated.
IBM Systems Director VMControl: An instance in IBM SmartCloud Entry includes metadata about thecustomization properties used to create the instance and the provisioned virtual server information,unlike a workload in IBM Systems Director VMControl. This metadata is useful for record keepingpurposes and provides additional features, such as duplicating instances and instance drafts.
VMware: An instance in IBM SmartCloud Entry is equivalent to a VMware virtual machine. All of theVMware virtual machines are displayed on the IBM SmartCloud Entry Instances tab.
You can filter the list of instances by Cloud, Projects, or Architectures.
As an administrator, you can act on pending instance requests and hide specific instances from appearingto other users.
Note: When starting or restarting IBM SmartCloud Entry on a high scale cloud, the synchronizationbetween IBM SmartCloud Entry and the cloud may take longer than expected. This resynchronizationmay cause operations such as deploying, deleting, or resizing an instance to be delayed or even fail. Waitfor the synchronization to complete before attempting these actions.
Capturing an instanceYou can capture an instance or workload to create an image.
For instructions about capturing a workload using IBM Systems Director VMControl, see Capturing avirtual server or workload to create a virtual appliance in the IBM Systems Director information center atthe following web page: http://pic.dhe.ibm.com/infocenter/director/pubs/topic/com.ibm.director.vim.helps.doc/fsd0_vim_t_capturing_workloads.html
When you capture an OpenStack PowerVC instance, a message is displayed to indicate that capturingthis instance requires some manual preparation. For information about preparing an OpenStackPowerVCinstance for capture, see Capture requirements in the IBM Systems Director information center at thefollowing web page: http://pic.dhe.ibm.com/infocenter/powervc/1.2.0/index.jsp
Note: For VMControl KVM and OpenStack PowerVM, you can only capture instances that are stopped.
For information about capturing an OpenStack instance, see “Considerations for capturing an OpenStackinstance” on page 160
Pinning an instanceIn a deployed instance, you can pin a virtual machine to a specific physical host to prevent the serverfrom being relocated. However, an instance or workload that is set to be highly available cannot havepinned virtual machines.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 205
Procedure1. In the IBM SmartCloud Entry interface, select Instances.2. Select an instance to open the properties.
v To pin an instance, select Pin.v To unpin an instance, select Unpin.
3. Click Close.
Migrating an instance (OpenStack)In a deployed instance, you can migrate a virtual machine to a specific physical host. You can alsomigrate multiple instances to a specific physical host.
Before you begin
Make sure that the instances that you want to migrate have a status of OK. If you are migrating multipleinstances, all the instances must be running on a common OpenStack cloud.
Note: If you are using a PowerVC virtualization environment, overcommitting a disk and migratingnon-shared storage are not supported for PowerVM instances. For more information about PowerVC livemigration settings and capabilities, see the PowerVC Information Center.
Procedure1. In the IBM SmartCloud Entry interface, select Instances.2. Select the instances that you want to migrate.3. Click More > Migrate to new host to open the live migration page.4. Select a destination host as follows:
v To specify that the system select a destination host, select Allow system.If the associated instance is a PowerVM instance and its Use PowerVC placement policy virtualmachine property is true, then the Allow system property indicates that the PowerVC schedulerselects a host.
v To manually select a destination host, select Manually select and then select a destination host.5. Click Migrate. The instance status changes to Migrating.6. Click the refresh arrow to update the status. When the status changes from Migrating to OK, the
migration is complete and the instance is available
Processing requests from the Instances tabWhen an image is deployed, initiating an instance, the deployment request may require approval by anadministrator. In this case, the instance status is set to pending until the administrator handles theapproval request.
About this task
You can process an instance request from the Instances tab or from the Requests tab. For moreinformation about processing an instance request from the Requests tab, see “Processing instancerequests” on page 192
To process a pending request, follow these steps:
Procedure1. In the IBM SmartCloud Entry interface, select Instances.2. Select an instance name to view the instance details. Find the request list in the instance details and
select a request to display. The Request properties page appears.
206 IBM SmartCloud Entry: Administrator Guide 3.2
3. Expand the Request Details section to review or update the request before approving.4. Expand the Comments section to review comments or use the Add Comment link to provide
additional comments.v Click Approve to approve the request and allow the deployment processing to start.v Click Reject to reject the request.v Click Withdraw to withdraw a request.
Hiding or showing an instanceFollow these steps to show or hide an instance.
Procedure1. In the IBM SmartCloud Entry interface, select Instances.2. Select an instance and click Hide/Show to hide or show the instance in the instance list for all
non-administrative users.3. After an instance is hidden, a non-administrative user does not see the instance in the instance list,
but administrative users can choose to display the hidden instance. To display hidden instances in theinstance list, select Include hidden instances.
Resizing an instance (VMControl)You can modify the amount of resources that are used by the virtual machines.
Before you begin
If your instance is running on a KVM, make sure that the instance is stopped before you continue theprocedure.
Procedure1. Click the name of the instance that you want to resize.2. Click More > Resize... to open the Resizing instance page.3. Update the number of processors, processing units, and memory resources to be allocated to the
virtual machine in your instance.4. Click Resize.
Tip: If you see zeros in the fields you updated, it can take up to two hours for the updated values tobe reflected.
Note: If approvals are enabled, then the approval must be completed before the instance is resized.
Resizing an instance (VMware)You can modify the amount of resources used by the virtual machines provisioned by your instancerunning on VMware. Depending on how your VMware virtual machines are configured, you can addmemory and virtual processors while your virtual machine is running.
About this task
Increasing the size of the virtual machine disks makes more space available on the disk, but does notchange the size of the partitions and the file systems. There are commands that must be run on the guestoperating system to increase the size of the file system. For more information about how to change thesize of the file system after storage is added, see your operating system documentation.
For more information about how a running virtual machine handles changes in memory and processor,see the VMware documentation and your operating system documentation.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 207
Procedure1. Click the name of the instance that you want to resize.2. Click More > Resize.3. Update the number of processors and memory resources to be allocated to the virtual machine in
your instance.The settings that can be resized when a virtual machine is in the started state depend on how thevirtual machine is configured on VMware:
Notes:
a. If the instance is started and the virtual machine is not configured to allow memory or processorchanges, those fields are not displayed. To change those values, you must first stop the instance.
b. For memory, the virtual machine must have the Memory Hot Add option enabled. Memory isonly allowed to be increased, and the maximum amount that is allowed, and the valid values, aredetermined by VMware.
c. For processors, the virtual machine must have the processor Hot Plug option enabled. To removeprocessors, the virtual machine must have the processor Hot Add and Remove option enabled.The maximum number of processors that are allowed is determined by the number of logicalprocessors on the vSphere machine that is running the virtual machine.
d. If you are changing the storage size, you can update only to a larger disk size.4. Increase the disk size.5. Click Resize.
Note:
v If approvals are enabled, then the approval must be completed before the instance is resized.v Linked clone disks or disks that are using an IDE controller cannot be resized.
Resizing an instance (OpenStack)You can modify the amount of resources that are used by the virtual machines.
About this task
Stop the instance before you continue the procedure.
Procedure1. Click the name of the instance that you want to resize.2. Click More > Resize... to open the Resizing instance page.3. Under the Hardware section, update the OpenStack Flavor to be allocated to the virtual machine in
your instance.
Notes:
v The flavor details change depending on the size flavor that you select.v When you update the flavor, the processor, memory, and storage size fields accept integers only.
Any fractional data is omitted.v (PowerVM and Hyper-V) If you are changing the storage size, you can update to a larger disk size
only.v (KVM only) If you choose a flavor with a smaller storage size, KVM skips to storage resize if it
cannot be completed. The other resources are resized accordingly.v (KVM only) Resizing an instance only supports local storage.
4. Click Resize.
208 IBM SmartCloud Entry: Administrator Guide 3.2
|
Notes:
v If approvals are enabled, then the approval must be completed before the instance is resized. Toverify that the instance was resized, check the virtual machine flavor ID property of the instance.
v If the instance is running, OpenStack stops, resizes, and restarts the instance after the resize iscompleted.
If you are resizing an instance on the Hyper-V hypervisor, the IBMComputeNodeService service that isdeployed with the Hyper-V agent installer must run with domain credentials and configure Kerberosconstrained delegation. You can set the service credentials by using the following command:C:\sc config "IBM SmartCloud Entry Compute Service" obj="DOMAIN\username" password="password"
.To configure the Kerberos constrained delegation setting, see step 1 in the following guide: Configureconstrained delegation.
UsersThe Users tab in the IBM SmartCloud Entry is enabled for administrative users and is used for creating,viewing, and managing users.
Creating a userComplete the following steps to create a user.
Procedure1. In the IBM SmartCloud Entry interface, select Access.2. Select Users.3. Click New User.4. Enter information for the new user.5. Click Create.
Note: You can only create valid user accounts when using local authentication. When using LDAPauthentication, user accounts are created and managed directly through the LDAP server.
Viewing or updating a userAbout this task
To view or update information about a user, follow these steps:
Procedure1. In the IBM SmartCloud Entry interface, select Access.2. Select Users.3. To view or update information about a user, select the user you want to view.
Unlocking a userIf a user has three invalid login attempts in a 24 hour period, the user account becomes locked andrequires an administrator to unlock it.
About this task
To unlock a user, follow these steps:
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 209
Procedure1. Open IBM SmartCloud Entry and select Access.2. Select Users.3. Select the user to unlock and click Unlock Users.
Deleting a userComplete the following steps to delete a user.
Procedure1. In the IBM SmartCloud Entry interface, select Access.2. Select Users.3. Select the user you want to delete from the list of users and click Delete.4. To confirm the user deletion, select Yes. To cancel the user deletion, select No.
User management with OpenStackUnlike other cloud types, OpenStack clouds provide native support for user management through theOpenStack keystone component.
When you first connect to an OpenStack cloud, IBM SmartCloud Entry imports all the user accounts thatcurrently exist in OpenStack. All user roles and project membership are accepted and reflected in IBMSmartCloud Entry.
After IBM SmartCloud Entry imports the initial OpenStack users and connects to an OpenStack cloud,IBM SmartCloud Entry enters transactional mode for user management. When in transactional mode, alloperations that are performed in IBM SmartCloud Entry are also performed in OpenStack (for example,keystone). If a user management operation (such as any of the operations that are described in thissection) fails to complete successfully in IBM SmartCloud Entry, it does not occur in OpenStack. Likewise,if it fails in OpenStack it reverts in IBM SmartCloud Entry.
IBM SmartCloud Entry enters transactional mode for user operations while connected to OpenStack sothat the user registries in both products are always synchronized. For this reason, when connected to anOpenStack cloud, it is not possible to perform user-related operations while the OpenStack cloud is downor unavailable.
To connect to OpenStack, IBM SmartCloud Entry uses a service user account and a default service tenant.Some installations of OpenStack have user accounts specific to OpenStack components (for example,nova, keystone, neutron). These and other service user accounts or service tenants in an OpenStack serverthat do not represent an actual user account or tenant, can be added to the list of service users andservice tenants so that they are ignored by IBM SmartCloud Entry. To make this change, add the serviceusers and tenants to the comma-separated list of users in the com.ibm.cfs.cloud.openstack.service.usersproperty, or the comma-separated list of tenants in the com.ibm.cfs.cloud.openstack.service.tenants property,in the openstack.properties file.
AccountsYou can view information for those accounts of which you are either an owner or a member.
Accounts are required when IBM SmartCloud Entry billing is enabled. Guidelines for IBM SmartCloudEntry billing are:v Only IBM SmartCloud Entry administrators can create accounts, but you can be made an account
owner.v You can deploy instances only if you are an account member and the account has a positive balance
with which to pay for server use.
210 IBM SmartCloud Entry: Administrator Guide 3.2
v Only account owners and IBM SmartCloud Entry administrators can manage accounts.v Accounts have a balance, an owner, an account balance threshold, account members, and invoices.
– The balance is a monetary balance of the account. The cost of each request and running deploymentis subtracted from the balance over time.
– The account owner is the IBM SmartCloud Entry user profile that is accountable for crediting andpaying the account.
– The account balance threshold is a value that represents the amount at which the account balancebecomes a low balance. If the balance drops to zero, the account is delinquent.
– The account members are IBM SmartCloud Entry users that belong to the account. When accountmembers deploy instances in IBM SmartCloud Entry, the instances are billed to their account.
– Each instance has an invoice. An account can have many invoices which are viewable from theAccount properties window.
Creating an accountYou can create an account at any time.
Procedure1. Click New Account.2. Enter information for the new account. Both the Account name field and the Account owner field are
required.3. Click Create.
Add members to an accountYou can add members to your account at any time, however, users can only be members of one accountat a time.
Procedure1. In the account table, select the account to which you want to add members.2. To open the account member management window, click Edit list.3. To add a member, select the member to be added from the Available users list and click Add.
Viewing or managing an accountYou can view the properties of any account, or manage the accounts that you own.
About this task
To view account properties or manage accounts that you own, select the Access tab and click Accounts.Then, you can select the account that you want to work with in the account table.
Deleting an accountYou can delete an account only if you are the owner of the account, and only when the account is notassociated with any active instances.
Procedure1. In the account table, select the account you want to delete.2. Click the Delete icon and confirm the deletion.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 211
Clearing or archiving eventsFrom the Events tab, you can see events such as instance completion, instance failure, new accountrequests, and new accounts created. You can also clear or archive events. Clearing an event deletes itwhile archiving an event saves it to an archive folder. By clearing events, you can free space on yoursystem and improve performance in the IBM SmartCloud Entry interface. Archive any events that youmay want to reference in the future.
About this task
To clear or archive an event, follow these steps:
Procedure1. In the IBM SmartCloud Entry interface, select Reports > Events.
v To clear an event, click Clear.v To archive an event, click Archive.
2. Use the Events filter to select a subset of events to clear or archive. Filter by severity or start and enddate. If you filter by date, you must provide an end date.v To clear the selected events, click Clear.v To archive the selected events, click Archive. The archived events are saved to a file called
events_<current time in milliseconds>.csv. This file is can be found in the archives folder,located in the IBM SmartCloud Entry configuration directory.
CapacityUsing the Capacity view, you can identify the current capacity of the resources in your virtualizationenvironment. Understanding the capacity of resources within the cloud helps you gauge the health of theentire cloud. It also helps you determine suitable targets to which you might deploy instances.
The Capacity tab shows the total, allocated available resources of a host or resource pool, including thenumber of virtual processors, memory, and storage size. The usage rate shows the real-time metrics ofhosts and virtual machines, like processor, memory, storage usage, available storage size, disk I/Orequests, network I/O packets, and more.
To access the Capacity view, click the Reports tab and then select Capacity from the left navigation.
Used This field shows a summary of all allocated resources, regardless of the state of the guestoperating system.
PhysicalThis field shows the physical capacity.
The color of the capacity indicator can be green or yellow. Green indicates that the used resources are lessthan the physical resources. Yellow indicates that the used resource is overcommitted on the availablephysical resources, but you can still deploy.
You can also access the individual instance to see the target deployment grid displaying live metrics forthe resources you want to deploy or migrate.
Notes:
1. The allocated processors and memory that is displayed for a IBM PowerVC host might not match theactual allocation in the PowerVC environment. This is because the IBM SmartCloud Entry applianceenvironment with OpenStack does not support fractional processor units and only manages resourcesthat are owned by the Storage Connectivity Group that is defined in the PowerVC driverconfiguration.
212 IBM SmartCloud Entry: Administrator Guide 3.2
2. The physical capacity for processors and memory that is displayed for a PowerVC host does notinclude resources that are reserved in the PowerVC environment.
3. The Capacity view does not display storage data for PowerVC clouds.
Chapter 10. Configuring IBM SmartCloud Entry by using the web interface 213
214 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 11. Security
IBM SmartCloud Entry offers security options such as secure sockets layer (SSL), Lightweight DirectoryAccess Protocol (LDAP), and user administration. This section provides information on managingpasswords that are associated with the security options.
Passwords
IBM SmartCloud Entry uses keys to encrypt and decrypt passwords and other sensitive information. Aprotected file named cfs.keystore stores the randomly-generated Data Encryption Standard (DES) keythat IBM SmartCloud Entry uses.
The following list provides links to various sections in this document that describe default passwords andplaces where passwords are entered and stored in IBM SmartCloud Entry.v Chapter 5, “Installing and uninstalling IBM SmartCloud Entry,” on page 17v “IBM SmartCloud Entry for Cloud SSL configuration (optional)” on page 92v “Deploying the Hyper-V virtual appliance” on page 33v “Deploying the KVM virtual appliance” on page 37v “Deploying the VMware virtual appliance” on page 56v “Managing passwords” on page 126v “Starting, stopping, and status of the IBM SmartCloud Entry application on IBM SmartCloud Entry
virtual appliance” on page 126v “Installing and uninstalling the IBM SmartCloud Entry Hyper-V Agent” on page 66v “Configuring REST API authentication” on page 137v “Configuring database” on page 138v “Configuring global image deployment” on page 140v Set secure access during deployment (Linux on VMware)v “Creating a configuration strategy” on page 155v “Configuring the default administrator user account” on page 175v “Configuring LDAP authentication using the web interface” on page 175v “Adding a network configuration” on page 200
© Copyright IBM Corp. 2012, 2013 215
216 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 12. Best practices for using IBM SmartCloud Entry
This section contains some tips and techniques for using IBM SmartCloud Entry.
Back up and restore IBM SmartCloud EntryTo protect your IBM SmartCloud Entry data, you must back up critical files in case the server enters anundesired state. Before you back up your data, determine the circumstances in which you intend torestore your data.
Backing up server data for recovery
There are two kinds of data to back up. The first set of data is for server configuration and the second setof data is used by the database. When you consider what data to back up, review both sets of data.
Note: This procedure backs up IBM SmartCloud Entry only. It does not back up the underlyingvirtualization managers, such as VMware vCenter or storage devices.1. Stop the IBM SmartCloud Entry server to ensure that the backup data is complete.2. Back up the following configuration files.
v The .SCE32 folder.v In the installation folder: skc.ini
Note: If any values are changed in this file, you must back up the updated file after you changedefault values.
A copy of all these files is required to ensure a complete backup.
Backing up database data for recovery
All of the database data that is related to IBM SmartCloud Entry users, such as projects, networks,instances, images, are stored in the database. The backup procedure is different depending on thedatabase that is being used.1. Stop the IBM SmartCloud Entry server to ensure that the backup data is complete.2. Follow the instructions that pertain to your specific database.
Derby databaseIf you are using the Derby database, backup the .SCE32/database folder that stores all thedatabase data.
DB2 databaseIf DB2 is configured, backup the database in the DB2 server. For more information about howto back up the DB2 server, see the DB2 Information Center.
Note: Ensure that the information referenced matches the version of DB2 that you are using.If not, reference the appropriate support documentation for similar information.
Restoring the server
To restore a backup of the server and the Derby database, copy all the saved files back to the originalserver. After the copy is complete, start the IBM SmartCloud Entry server.
If you are using the DB2 database, there are some extra steps.
© Copyright IBM Corp. 2012, 2013 217
1. Ensure the path that is specified in the database.properties configuration file, by the propertydatabase.db2.path, is correct.# If db2 then the path to the DB2 dtatbase needs to be provided. This will be ignored for derby.#database.db2.path=//localhost:50000/cfs:.
Essentially, creating a backup of the entire home folder and skc.ini file ensures a complete backup of theIBM SmartCloud Entry server. Copying the files back to their original location restores the data.
Considerations for backing up a IBM SmartCloud Entry appliance
To back up a IBM SmartCloud Entry appliance, use the existing snapshot or capture capabilities that areprovided by the underlying virtualization manager. First, ensure that all services are turned off beforeyou attempt to take a snapshot of either Hyper-V or VMware. If you are using KVM, the processdepends on your existing infrastructure. For example, if SAN storage is being used, use the FlashCopy®
function to take a snapshot of the appliance disks.
Important: There is a limitation to be aware of when you use this best practice. Any incremental datathat occurs after backing up the IBM SmartCloud Entry server is lost after you restore the server.Therefore, some functions might not work as expected. For example, consider the circumstance whereyou create an instance after you complete a capture, and then you restore the server. The IP address thatwas assigned to the instance (after the backing up) is still available in the IP address pool. It might beassigned to another instance.
Using the screen commandThe screen command can be used to start or shut down the IBM SmartCloud Entry server or to accessthe OSGI console when the server is up and running when running Linux.
For example, enter screen and then run the command to start the server. After the server is started, typectrl+a, then d to disconnect and leave the IBM SmartCloud Entry server running,
To get back to the IBM SmartCloud Entry OSGI prompt to perform other actions, such as enablingadditional logging, enter screen -r.
Using the nohup commandOn AIX or Linux, if you start a process from the command line and then log off, the processes youstarted are generally terminated, even if you spawn them as background processes, because each processis sent a hang up signal (SIGHUP). The nohup command allows you to start a process with the hang upsignal disabled so that the process is not ended when you log off.
The nohup command is used frequently for starting services, such as ssh daemon or DB2 instances.
For example, to start IBM SmartCloud Entry as a background service, run the following command:
nohup /opt/ibm/SCE24/skc -nosplash < /dev/null > /dev/null &
The options in this command include the following:
-nosplashPrevents the process from displaying a splash screen.
< /dev/nullDisconnects the process from terminal input. This option can prevent the process from entering astopped state as can sometimes happen when started from the command line on AIX. This optionis not needed when starting the command from a shell script.
218 IBM SmartCloud Entry: Administrator Guide 3.2
> /dev/nullRedirects the OSGI console output. For example, you might want to redirect the output to a logfile.
& Runs the command as a background process.
Deploying 500 virtual servers to a VMControl cloud in a 24 hour periodIf you plan to deploy more than 500 virtual servers to an IBM Systems Director VMControl cloud in IBMSmartCloud Entry within a 24 hour period, you must update the deployment.properties file in the homedirectory.
Complete the following steps to update the deployment.properties file so that only one lscustomizationcall is completed during the deployment request.1. Locate the deployment.properties file for IBM SmartCloud Entry. By default, the
deployment.properties file is in the /root/.SCE32/deployment.properties path.2. Edit the deployment.properties file so that the
com.ibm.cfs.deployment.static.appliance.customization setting is true. See the following example:#True to use the set of static customization properties that are configured for an appliance. The only#way to get updated properties from the cloud when this is true is for the administrator to configure#the appliance. Note that the static properties are stored in the locale of the initial requester#which may not match the current user. When this is false, the default, the customization properties#are retrieved from the cloud on each deployment.
com.ibm.cfs.deployment.static.appliance.customization=true
3. After you make the update to the com.ibm.cfs.deployment.static.appliance.customization setting,restart IBM SmartCloud Entry to enable the setting.
Qpid set up in PowerVC for heavily used environmentsConsider the following configurations if you are using PowerVC in a high workload environment.
Update the following three files on the PowerVC server. When you are finished, restart the PowerVCserver.
Update the qpidd.conf fileAdd the following values to /etc/qpidd.conf.max-connections=2000connection-backlog=1000worker-threads=100max-negotiate-time=60000
Update the nova.conf fileUpdate the following values in the /etc/nova/nova.conf file.rpc_response_timeout = 960rpc_conn_pool_size = 60rpc_thread_pool_size = 2048
Update the neutron.conf fileUpdate the following values in the /etc/neutron/neutron.conf file.rpc_thread_pool_size = 128rpc_conn_pool_size = 60rpc_response_timeout = 600agent_down_time = 20report_interval = 15
Chapter 12. Best practices 219
220 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 13. IBM SmartCloud Entry for System X
IBM SmartCloud Entry for System X is installed as a pre-integrated software stack, and delivered asvirtual images that automate IT service deployment in a virtual environment.
IBM SmartCloud Entry version 3.1 provides images for Linux Kernel-based Virtual Machine (KVM) /IBMSystems Director VMControl, VMware vCenter, and Hyper-V.
IBM SmartCloud Entry simplifies the process of common public or private cloud operations, such as:v Provisioning and de-provisioning virtual machinesv Capturing an instance to create a new virtual imagev Starting up and shutting down virtual machinesv Resizing existing virtual machinesv Creating projects to give team-specific access to instancesv Providing network configurations, which set unique network properties to different instancesv Billing, accounting, and metering supportv Providing request and approval instance support
If you are using Tivoli Provisioning Manager for Images, see your product documentation for moreinformation about management capabilities.
IBM Systems Director Standard EditionYou can install IBM Systems Director to provide system management and health reporting.
For more information about IBM Systems Director, see the Installing IBM Systems Director StandardEdition for IBM x86 topic.
Tivoli Provisioning Manager for ImagesWith Tivoli Provisioning Manager for Images, you can capture an existing instance to deploy a newimage.
The primary use of Tivoli Provisioning Manager for Images within IBM SmartCloud Entry is to create adeployable image from an existing instance. The following steps are required to complete this task:1. Create the boot media.2. Capture the virtual image.3. Deploy the virtual image.4. Convert the VMware virtual image to a IBM SmartCloud Entry image.
For more information about Tivoli Provisioning Manager for Images, see the IBM Tivoli ProvisioningManager for Images Information Center.
For information about automating and simplifying physical to virtual machine conversions, see theVMware vCenter Converter Documentation.
© Copyright IBM Corp. 2012, 2013 221
222 IBM SmartCloud Entry: Administrator Guide 3.2
Chapter 14. Troubleshooting
This section describes various suggestions and references to information that may be helpful whentroubleshooting problems and issues with IBM SmartCloud Entry.
IBM SmartCloud Entry FAQThe frequently asked questions (FAQ) topic is a list of questions and answers about IBM SmartCloudEntry.
Q: How do I find my home directory?A: 1. In Windows, enter % HOMEPATH% in the address bar of a Windows Explorer window
2. In AIX or Linux, type echo $HOME in a command window.
Q: I created a trusted certificate. Why am I still getting an exception that says the connection is untrusted?A: When the CA is not trusted by clients automatically and you are attempting to access IBM SmartCloud Entry
with the https protocol, an exception is encountered that says the connection is untrusted. You must confirmthat the risks are understood and must add an exception to continue. Even with a trusted certificate, whenyou are using Internet Explorer, a similar exception is likely to occur.
Q: I want to have spaces in my directory name, but it keeps failing when I try to create it. How can I havespaces?
A: If you have spaces in a directory name, then you must have double quotation marks around it as shown inthe following example: sce240_windows_installer.exe -i silent -f "c:\My Directory\installer.properties"
Q: My user ID is locked! How do I unlock it?A: If you have three invalid attempts to log in to IBM SmartCloud Entry in a 24 hour period, your user ID is
locked and must be unlocked by an administrator. If your administrator ID becomes locked, you can eitherwait 24 hours without logging in or restart IBM SmartCloud Entry and then try logging in again.
Q: How does IBM SmartCloud Entry store the passwords for local users or clouds?A: The passwords are encrypted and stored in either property files or a database.
Q: IBM SmartCloud Entry GUI looks distorted. How can I fix that?A: See the information in “Display issue with Internet Explorer” on page 227.
Q: I upgraded/installed IBM SmartCloud Entry, but I’m still seeing the previous version in my browser.How can I fix that?
A: Clear the cache in your browser and try again. You might have to close your browser after you clear thecache and then reopen your browser and try connecting to IBM SmartCloud Entry again.
Q: My image is not visible in the window. Where is it?A: Make sure that your image is deployed and that the correct project is specified. If it still is not visible,
contact the administrator to ensure that you have access.
Q: The product charges that I set are incorrect or are not updating. What do I do?
© Copyright IBM Corp. 2012, 2013 223
A: First of all, verify that the currencies for all configurable products are the same. You cannot mix currencies.To change your currency for a product, see the “Configuring billing” on page 165. Make sure that you arerestarting IBM SmartCloud Entry after saving.
Q: The instances for a user were moved to a different project. Now when the user logs on, he cannot see hisinstances. How can the user access his instances?
A: The project where the instances were moved might need to be edited to grant the user access to the project.When you have ensured that the user has access to the new project, have the user check again to seewhether the instances display.
Q: IBM SmartCloud Entry will not start for me. I am running Windows. Why am I having problems?A: You must be the Windows Administrator to run IBM SmartCloud Entry. However, if you are in the
administrator group, you can right-click the IBM SmartCloud Entry icon and select Run as Administrator.
Q: When updating IBM SmartCloud Entry to a new release, can I migrate data and configurations from tworeleases previous to the current release? For example, can I migrate data in IBM SmartCloud Entry fromversion 2.2 to version 2.4?
A: No, you must migrate sequentially. For example, migrate from IBM SmartCloud Entry version 2.2 to version2.3. Then you can migrate from IBM SmartCloud Entry version 2.3 to version 2.4.
Q: Does the IBM SmartCloud Entry infocollect command support collecting a database log such as DB2?A: No, you must check with the administrator of the database and collect the log manually.
Q: Why does my login fail with the session timing out?A: If your user login fails because the session times out, there might be a problem with the timezone setting.
Verify that the IBM SmartCloud Entry server and client time and timezone match. For example, on theserver, if the timezone is Coordinated Universal Time +08:00, the time is 11:27. For the client, the timezone isCoordinated Universal Time +07:00, and the time should be 10:27.
Q: Why can't I access the IBM SmartCloud Entry GUI page after I start it?A: Verify that a firewall is not blocking the http or https port that you accessed. To check whether it worked in
the IBM SmartCloud Entry host, access for example, http://localhost:18080/cloud/web/login.html or usethe UNIX command wget http://localhost:18080/cloud/web/login.html.
Logging tasksThe IBM SmartCloud Entry log files are a source of information for additional details about IBMSmartCloud Entry errors.
By default, IBM SmartCloud Entry creates a log file in the <home directory>/logs directory and saves 9log files of 50 MB each. The latest log file is called skc-0.log.
Change logging levels from the OSGi command promptThe logging levels can be changed dynamically while the server is running by using the log commandfrom the IBM SmartCloud Entry (OSGi) command prompt.
About this task
The logging levels can be changed dynamically while the server is running by using the log commandfrom the IBM SmartCloud Entry (OSGi) command prompt. Changes made using the log command arenot saved and are only in effect while the server is running. If the server is restarted, the logging levels
224 IBM SmartCloud Entry: Administrator Guide 3.2
are reset to their initial values as specified in the logging.properties file. For more information aboutchanging these values in the logging.properties file, see “Configuring logging” on page 163.
To run the log command, follow these steps:
Procedure1. Access the IBM SmartCloud Entry OSGi console.2. At the OSGi command prompt enter log <action> <action parameters>, where the following actions
are supported:
help Displays the online help.
list Lists the available loggers and their current levels.
setlevel <logger name>=<logger level>Sets the specified logger to the specified logging levels. To set more than one logger, separatethe logger name=logger level pair with a space.
Results
See the following examples for typical log commands:log helplog listlog setlevel com.ibm.cfs.cloud=finestlog setlevel com.ibm.cfs.cloud=info default=finest
The most common log message level that an IBM SmartCloud Entry administrator might want to changeis com.ibm.cfs.rest.client.internal=FINE. Changing the message level causes the output of HTTPrequests and responses to be sent to and from the VMControl REST API.
In a production environment, keep a backup of the log files for at least two weeks to help resolveproblems that are not reported immediately or that go undetected.
Note: The property file values are not case-sensitive so a property such ascom.ibm.cfs.rest.client.internal=FINE is the same as com.ibm.cfs.rest.client.internal=fine.
Retrieve log and system filesIBM SmartCloud Entry provides a command-line utility that enables you to gather logs and systeminformation. If you are using the packaged IBM SmartCloud Entry appliance and the OpenStack cloud,then standard OpenStack logs can also be collected. When you use standard OpenStack logs you do nothave to use log_config to customize the configuration. This tool runs independently of IBM SmartCloudEntry and is available even when IBM SmartCloud Entry is not running.
To use the command-line utility, run one of the following commands:v infocollect.bat: on a Windows system.v infocollect.sh: on Linux or AIX systems
Note: These scripts can be found in the SCE_INSTALLATION_DIR/bin directory.
The command accepts the following options:
-c Specifies the configuration directory, for example: SCE_HOME, where all the IBM SmartCloud Entryconfiguration and log files are saved. If this argument is used, provide an existing directory path.If this argument is not provided, the command uses USER_HOME/.SCE32 as default. The commandexits with an error if the default USER_HOME/.SCE32 or the specified directory cannot be found.
-d Specifies the destination directory for the result files. If this argument is used, provide an existing
Chapter 14. Troubleshooting 225
directory path. This command exists with an error if the specified. If this argument is notprovided, the HOME directory of the caller is used. If the HOME directory is not found, for example,the corresponding environment variable is not set correctly, the system TEMP directory is used asthe default output directory. For example, in Linux /tmp is the system TEMP directory and inWindows 7, the %USER_HOME%\AppData\Local\Temp is the TEMP directory.
-h Prints usage information.
When this utility is started, the following files are created:
openStackLog.zip(Optional)Contains all of the OpenStack log files:
*.log files*.gz files
sceHome.zip
Contains all of the IBM SmartCloud Entry configurations:*.properties files*.log files*.udr filesBilling configurations: .xml files under products/
All .xml and .txt files under SCE_HOME
basicSysInfo.txt
Contains basic OS information:CPUMemoryOS name
Note: This information is retrieved by calling OS shell commands (for example, DOS commandsfor Windows), so the results vary depending on the concrete OS.
Example 1
Collect the configurations, logs, and system information, and save the result to the F:\documents\sce\diagnostic directory. The SCE_HOME is C:\Users\Admin\.skc. If the C:\Users\Admin is the home directoryof current user, the -c argument can be ignored.infocollect.bat -c C:\Users\Admin\.SCE24 -d F:\documents\sce\diagnostic
Example 2
Collect the configurations in Linux or AIX, logs, and system information, and save the result to thedirectory of /home/sceAdmin/documents/sce/diagnostic. The SCE_HOME is /home/sceAdmin/.skc. If the/home/sceAdmin is the home directory of current user, the -c argument can be ignored.infocollect.bat -c /home/sceAdmin/.SCE24 -d /home/sceAdmin/documents/sce/diagnostic
Troubleshooting using the OSGi consoleUse the Open Services Gateway initiative (OSGi) console to review information about IBM SmartCloudEntry.
By default, IBM SmartCloud Entry starts an OSGi command-line console when the IBM SmartCloudEntry executable is run. You can access the console directly in the command window started by theexecutable.
226 IBM SmartCloud Entry: Administrator Guide 3.2
You can also run the console in the background and assign a specific port for telnet connections. Toassign a port, modify the skc.ini file and add an unused port number on a new line after the -consoleoption.-console<port number>
For example, to assign port 7777 for telnet connections, change the option to the following:-console7777
To connect to the OSGi console, type the following:
telnet localhost 7777
Known issues
Two users within the same browserLogging in as two different users within the same browser shows only the most recent user.
Details
Different tabs or windows of the same browser instance share the same session and browser cookies sothe user does not really have two independent sessions. If a user logs in with two different user IDs atthe same time, the browser will use information based on that most recent login, and there is no clearindication that one just superseded the other. For example, if a user logs in as UserA in one browserwindow and UserB in another browser window, both windows are UserB, and all content and settingsdisplayed belong to UserB.
Solution
To log in as a different user with a browser, log out and close all browser instances before logging in asthe alternate user. To log in as two different users at the same time, two different browsers are needed,for example, Internet Explorer and Mozilla Firefox.
Display issue with Internet ExplorerIBM SmartCloud Entry layout and format sometimes appear to be out of place and hard to navigate inInternet Explorer 9 and Internet Explorer 10.
Details
When you are using IBM SmartCloud Entry in Internet Explorer 9 and Internet Explorer 10, you mightexperience that the layout and format of the screen is difficult to navigate.
Solution
The display issue occurs because Internet Explorer 9 and Internet Explorer 10, by default, display IBMSmartCloud Entry in Internet Explorer Compatibility View mode. To resolve this issue, you must switchfrom Internet Explorer Compatibility View mode to the standard mode.1. To switch from Internet Explorer Compatibility View mode to the standard Internet Explorer mode,
click Compatibility View.The Compatibility View icon is found to the right of the address bar.
Chapter 14. Troubleshooting 227
2. If the Compatibility View icon is not visible, press F12.3. Depending on which version of Internet Explorer you are using, continue with one of the following
steps:v If you are using Internet Explorer 9, click Browser Mode: IE9 > Internet Explorer 9 to select the
standard mode.
Note: The only check mark in the menu is in front of Internet Explorer 9.
v If you are using Internet Explorer 10, click Browser Mode: IE10 > Internet Explorer 10 to select thestandard mode.
228 IBM SmartCloud Entry: Administrator Guide 3.2
Note: The only check mark in the menu is in front of Internet Explorer 10.
Tip: If IBM SmartCloud Entry switches from standard mode to compatibility view mode automatically,clear the option in Tools > Internet options > Advanced > Automatically recover from page layouterrors with Compatibility View.
Virtual machine fails to power onThe virtual machine fails to power on.
If there is not enough datastore space, the virtual machine fails to power on and displays the followingerror:Failed to extend swap file (fileHandle xxx) from 0 KB to xxxx KB
VMware vCenter creates a swap file that is the same size as the RAM assigned to the virtual machine.The default swap file location is stored in the same directory as the virtual machine. If there is notenough space, the virtual machine fails to power on. To solve this issue, manually power on the virtualmachine.
Live migration settings are gone after upgrading IBM SmartCloudEntry Hyper-V AgentAfter upgrading the Hyper-V agent, the live migration settings are gone.
Details
When you upgrade the Hyper-V agent, only the nova.conf, neutron.conf, and hyperv_neutron_agent.inifiles and some of the values in those files are saved. The live migration settings that are set with theHyper-V Setting in the Hyper-V manager on the Hyper-V node are not saved.
Solution
To use live migration again, you must manually set up live migration after the upgrade is complete. Fordetails, see the Hyper-V Virtualization Platform information in the OpenStack Compute AdministrationGuide.
Chapter 14. Troubleshooting 229
|
|
||
|
||||
No billing information for processor and memory productsWith billing enabled in IBM SmartCloud Entry using a VMControl Cloud, the product entries forprocessor and memory are not appearing on the bill; only the disk information shows up.
Details
When enabling the billing capabilities in the IBM SmartCloud Entry with a VMControl Cloud, currentlythe products marked as CPU and RAM defined in the /product directory in the home directory, are notrecognized.
Solution
In order to get them recognized by the framework, you must change the product ID in those XML filesfrom the original to a new ID. For example, the CPU XML product file is similar to the following:<cloudProduct id="com.ibm.cfs.services.billing.products.cpu"><name>CPU</name><description>The amount of CPUs used in a Deployment per hour.</description><!-- $0.0167 per minute = ~$1.00 an hour. Per processor. --><pricing currency="USD" interval="10" price="0.167"/><collector property="Processor.Reservation"/>
</cloudProduct>
The line <cloudProduct id="com.ibm.cfs.services.billing.products.cpu">, needs to have the IDchanged to a different ID, similar to the following:<cloudProduct id="com.ibm.cfs.services.billing.products.cpu2"><name>CPU</name><description>The amount of CPUs used in a Deployment per hour.</description><!-- $0.0167 per minute = ~$1.00 an hour. Per processor. --><pricing currency="USD" interval="10" price="0.167"/><collector property="Processor.Reservation"/>
</cloudProduct>
Duplicate FCPorts causes IBM Systems Director to lose its zoninginformation for the VIOS serversWhen using the collect inventory function of IBM Systems Director on an Integrated Virtual Machine(IVM) or VIOS, there could be duplicate FCPorts seen in View inventory.
Details
Duplicate FCPorts appear because the PermanentAddress attribute is being supplied in multiple cases(uppercase, mixed case, and lowercase). This prevents the creation of the proper database relationshipswhich are needed to determine if the server has access to a storage subsystem with storage pools.Without this, you cannot perform VMControl functions, such as a workload deployment, on this IVM.
Solution
Director delivered a fix to prevent this from occurring in a new system set up, and for existingenvironments where this problem is occurring, they have documented a workaround. See the IBMSystems Director Technote at http://www.ibm.com/support/docview.wss?rs=0&uid=nas73e4b0a34834fa4508625790d0043f892 for the workaround details.
230 IBM SmartCloud Entry: Administrator Guide 3.2
IBM SmartCloud Entry shows instance in 'Stopped' state even thoughthe deployment was successfulA deployment completed successfully and the virtual server is up and running in HMC for a long periodof time. However, IBM SmartCloud Entry still shows the instance state as 'Stopped'. When viewed usingthe IBM Systems Director VMControl user interface, the workload also shows up in a 'Stopped' state.
Details
The 'Stopped' state shown in VMControl and IBM SmartCloud Entry user interfaces is due to the fact thatthe IBM Systems Director server has lost access to the HMC endpoint. Until access is regained, the IBMSystems Director server will not receive any events for status changes of the physical and virtual serversmanaged by the HMC, which results in invalid status of these server endpoints in Director.
Solution
The administrator must revoke access to the HMC endpoint and re-request access to it. See the IBMSystems Director Technote at http://www.ibm.com/support/docview.wss?rs=0&uid=nas7c76870211ef986e18625790e00073df7 for the workaround details.
Delete and add instance failures under loadWhen running under high load an occasional delete or add of an instance may fail and need to be retriedby the user.
Details
If there are a large number of existing instances, and there are concurrent or near concurrent requests fordeploys and/or deletes, those requests can fail with an error. You must reattempt your operation.
Solution
Retry the failed request. Ensure the management server (the server that VMware vCenter or IBM SystemsDirector VMControl is running on) has adequate system resources for things such as memory and CPU.(System utilities such as topas, nmon and perfmon can be used to monitor resource utilization.)
Note: (VMC only) To enable a retry of a deploy or delete failure, see “Configuring retry for a faileddeploy or delete action (VMControl only)” on page 145.
Instance in Error state cannot be deletedInstance in Error state cannot be deleted except by deleting the virtual server in IBM Systems Director.
Details
In rare circumstances an instance might fail to delete and the instance might go to the Error state in IBMSmartCloud Entry and the In Error state in IBM Systems Director VMControl. In this case the instancecannot be deleted in IBM SmartCloud Entry; the related workload must be deleted in IBM SystemsDirector VMControl.
Solution
Follow these steps to delete the instance and virtual server:1. Log into IBM Systems Director.2. Expand System Configuration and select VMControl.3. Click Workloads and sort the workloads by State.
Chapter 14. Troubleshooting 231
4. Right click on the workload with the state, In Error, and select Related Resources > Server >Workload Employs.The Navigate Resources with the virtual server associated with that workload window appears.
5. Right click on the virtual server and select Permanently Delete Virtual Server.A new tab opens with an option to Also permanently delete all attached virtual disks.
6. Select to Also permanently delete all attached virtual disks and click OK.
These steps delete the virtual server and workload in IBM Systems Director. When IBM SmartCloudEntry updates with IBM Systems Director, the instance in IBM SmartCloud Entry is marked “lost incloud”. Then the instance can be deleted in IBM SmartCloud Entry.
Delete of an instance while a storage flashcopy is running against theinstance will cause the delete to failAn IBM SmartCloud Entry instance cannot be deleted immediately after the same instance has beendeployed or captured.
Details
A recently deployed or captured IBM SmartCloud Entry instance has a status of "OK" and the cloudmanager instance status also shows "OK", but the storage flashcopy may still be in progress, and anattempt to delete the instance while the flashcopy is running will cause the delete to fail.
Solution
To prevent an error from happening on a delete soon after a deploy or capture, you must either monitorthe flashcopy until it ends, or wait for some conservative period of time, for example, 20 minutes, beforeattempting the delete.
The best way to tell if the flashcopy has finished is by accessing the storage subsystem user interface (UI).Here is how to use the Storwize storage subsystem UI to determine when the flashcopy is finished:1. Access Storwize UI.2. From IBM SmartCloud Entry, perform the deploy or capture.3. From the Storwize UI left navigation pane, select: Copy Services, then Flashcopy Mappings.
A flash copy should be in progress. If a flash copy is not in progress, wait for it to be displayed; inour testing the flashcopy usually appeared about 30-60 seconds after the IBM SmartCloud Entrydeploy or capture was started.
4. Wait until the flash copy completes. Once the flash copy has completed, the IBM SmartCloud Entryinstance can be deleted.
Image cannot be deployed if VMware Target Storage property value isdatastoresVMware image fails to deploy.
Details
If you set the Target Storage property to datastores for a VMware image, the image deployment mightfail because event-triggered-VMware datastore update is not supported in IBM SmartCloud Entry.
Solution
To solve this problem, follow these steps:1. In the IBM SmartCloud Entry web interface, click Images.
232 IBM SmartCloud Entry: Administrator Guide 3.2
2. Click the image to edit the properties of that image.3. Click Configure.4. Click Reset To Defaults.5. Click Save.
You can now deploy this image.
Image cannot be deployed after IBM Systems Director VMControl isupgradedImage cannot be deployed after IBM Systems Director VMControl is upgraded.
Details
Upgrading IBM Systems Director VMControl might change the deployment target ID stored with theimage in IBM SmartCloud Entry. This changed ID results in an error when you attempt to deploy theimage.
Solution
To solve this problem, follow these steps:1. In the IBM SmartCloud Entry web interface, click the image to edit the properties of that image.2. Click Configure.3. Click Reset To Defaults.4. Click Save.
Now you can deploy this image again.
IBM Systems Director unexpectedly stops loggingAn incorrect value in the logging configuration can disable all logging in IBM Systems Director.
Details
When using the lwilog command to add a logger to the logging configuration, you must ensure that thelevel specified is in capitals (in other words, FINE, FINEST, ALL) and the value is a correct Java loggingLevel. Not specifying a correct value can result in all logging being disabled in IBM Systems Director.
Solution
See the IBM Systems Director Technote at http://www-01.ibm.com/support/docview.wss?rs=0&q1=eServerOnDemandKBRCH&q2=614294316&uid=nas7dcec2052b8c00bde8625793d0060e916&loc=en_US&cs=utf-8&lang= for the workaround details.
Failures noticed during server relocation or editing of virtual serverpropertiesAIX virtual servers deployed from virtual appliances using IBM Systems Director VMControl 2.3.1Storage Copy Services do not have unique UUIDs and RSCT node IDs.
Details
AIX virtual servers deployed from virtual appliances using VMControl 2.3.1 SCS do not have uniqueUUIDs and RSCT node IDs. When these IDs are not unique, the dynamic logical partitioning (DLPAR)function ceases to function properly, which causes VMControl functions that depend on DLPAR such asserver relocation and edit virtual server to fail.
Chapter 14. Troubleshooting 233
Solution
See the following IBM Systems Director VMControl Technote at http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas79bec4cb3a713007c8625794b004350e5 for the workaround details.
PKI error when adding OpenStack cloudYou encounter an error message when attempting to add an OpenStack cloud to IBM SmartCloud Entry.
Details
You receive the following message when you are attempting to add an OpenStack cloud to IBMSmartCloud Entry. Error: Unreachable Cloud :CYX6154E: An error occurred while making theOpenStack identity service token request for user 'sceagent'. The identity service respondedwith the following status: 500 - Error occurred when dealing with PKI token. The internal reasonis '__init__() got an unexpected keyword argument 'output'' Verify that the identity service isrunning, and that the user name, password and tenant name are correct. Contact your systemadministrator for assistance.
Solution
Due to time change on the appliance, or not using a Network Time Protocol (NTP) server, the self-signedcertificates used for PKI tokens can become invalid. In order to fix the issue, ensure that the applianceoperating system has the correct date and time, and then regenerate the tokens using the sceappmgrutility:1. From the command line, run the following command: sceappmgr.2. Select the Generate Authentication Tokens option.3. Select Generate New PKI Keys.
Error opening sockets to server when using DB2When you are running IBM SmartCloud Entry with DB2 as the database, you intermittently encounter anunexpected condition that the server cannot fulfill the request.
Details
The following specific error is displayed:The server encountered an unexpected condition which prevented it from fulfilling the request
If you check the IBM SmartCloud Entry log you might see an exception similar to the following:[05/16/13 04:38:17:009] 33904 SEVERE: CYX1846E: Internal database error.<openjpa-2.1.0-r422266:1071316 fatal general error> org.apache.openjpa.persistence.PersistenceException: [jcc][t4][2043][11550][4.8.87] Exception java.net.NoRouteToHostException:Error opening socket to server localhost/127.0.0.1 on port 50,000 with message: Cannot assignrequested address. ERRORCODE=-4499, SQLSTATE=08001. Stack Trace: <openjpa-2.1.0-r422266:1071316fatal general error> org.apache.openjpa.persistence.PersistenceException:[jcc][t4][2043][11550][4.8.87] Exception java.net.NoRouteToHostException: Error opening socket toserver localhost/127.0.0.1 on port 50,000 with message: Cannot assign requested address.ERRORCODE=-4499, SQLSTATE=08001
DB2 socket connections in TIMED_WAIT state are exhausting the available ports for DB2 connections.Normally, the system releases sockets in TIMED_WAIT state after 2 minutes. However, in some cases, thiswait is too long and there are no more available sockets to use. You can reduce the amount of wait timeby adjusting the TIMED_WAIT reuse and recycle values on the IBM SmartCloud Entry server.
234 IBM SmartCloud Entry: Administrator Guide 3.2
Solution
To adjust the TIMED_WAIT reuse and recycle values on the IBM SmartCloud Entry server or appliancesystem, add the following to the /etc/sysctl.conf file:net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_tw_recycle = 1
Make the TIMED_WAIT reuse and recycle values effective by using the following command:/sbin/sysctl -p
Limitations
Starting IBM SmartCloud Entry on a high scale cloudWhen starting or restarting IBM SmartCloud Entry on a high scale cloud, the synchronization betweenIBM SmartCloud Entry and the cloud may take longer than expected. This resynchronization may causeoperations such as deploying, deleting, or resizing an instance to be delayed or even fail. Wait for thesynchronization to complete before attempting these actions.
Limitations when using VMware within the IBM SmartCloud Entryv The vCenter linked mode is not supported due to limited testing. You are responsible for any errors
while you are using linked vCenters mode.v The size of a virtual disk can be increased either at deployment time or through the IBM SmartCloud
Entry resize function. This increases the size of the disk, however, the guest file system is not changedand does not automatically use the increased size. To increase the guest file system to use the largerdisk size, see the VMware documentation and guest operating system documentation.
v If your virtual system disks contain a Logical Volume Manager, then you must install VMware Toolsinside the guest so that vCenter can customize the image during the deploy operation. For moreinformation about LVM support, see the VMware documentation.
v All snapshots must be integrated before you create a template.v Preferably, use shared storage for the hosts that are part of a cluster deployment target. If this is not
possible, then remove hosts from the cluster while they are in maintenance mode. This prevents thedefault storage selection algorithm from selecting a data store that is only available from the host inmaintenance mode. Selecting such a data store would cause a deployment to fail. For more informationabout the default storage selection algorithm, see “VMware datastore assignment during deployment”on page 148.
VMware capture instanceThe capture instance function is implemented using the VMware clone to template feature. The IBMSmartCloud Entry allows you to configure the optional properties in vmware.properties for controllingwhere the new template is created when a capture request is initiated:
com.ibm.cfs.cloud.vmware.capture.image.datastore.namesDatastore(s) used when capturing the image of an instance, for example when creating atemplate. This list is a series of datastore names separated by commas.
com.ibm.cfs.cloud.vmware.capture.image.destination.nameThe destination host or cluster for where the new template will be placed.
com.ibm.cfs.cloud.vmware.capture.image.destination.typeThe type of the destination for the new template, either HOST or CLUSTER.
com.ibm.cfs.cloud.vmware.capture.image.folderThe folder path for where to place the new template, for example, . /DatacenterName/vm/FolderName.
Chapter 14. Troubleshooting 235
If these properties are not specified, the default behavior is to create the new template in the samelocation as the existing virtual machine.
VMware deploy errorWhen you deploy IBM SmartCloud Entry to a Red Hat Enterprise Linux 6.4 system that already hasVMware tools, an error occurs.
The following error is displayed:Customization of the guest operating system ’rhel6_64Guest’ is not supportedin this configuration. Microsoft Vista (TM) and Linux guests with Logical VolumeManager are supported only for recent ESX host and VMware Tools versions.Refer to vCenter documentation for supported configurations.
To resolve this error, follow these steps:1. Convert the template (image) back to a virtual machine (instance).2. Power on the instance.3. Ensure that the VMware Tools status in vCenter is displayed as running.4. Power down the instance.5. Convert the instance to an image and deploy the image.
VMware storagev When attaching a new storage volume in a cloud using VMware vCenter Server cloud, the space in
assigned storage name will be ignored in the attached storage volume.v VMControl can attach new storage only when the previous storage attachment job is complete. If you
attempt to attach storage while another storage attachment job is still active, the new storageattachment fails.
DNS and domain name restrictions for VMControl AIX deploymentsWith VMControl AIX deployments, the network configuration requires that a DNS is always providedwhen a domain name is included. Likewise, if no DNS is provided, then a domain name must not beused. If this restriction is not followed, the virtual servers may end up with incorrect network settings.
Include only ASCII characters in configuration filesWhen editing IBM SmartCloud Entry configuration files, only use ASCII characters. If non-ASCIIcharacters are used, the original characters are not preserved and display as garbled text in the IBMSmartCloud Entry user interface. The configuration files include all the .properties files in the homedirectory.
Maximum REST API connection limit in VMControlVMControl 2.3.x has a maximum REST API connection limit. When you reach the limit, all requests failwith an HTTP response code of 503.
For information about how to increase the connection limit, see Performance tuning athttp://publib.boulder.ibm.com/infocenter/director/sdk/index.jsp?topic=/com.ibm.usmi.dir62x.doc/dir6_2_ts_performance_tuning.html in the IBM Systems Director Information Center.
Disk resize supportIn a Shared Storage Pool environment, changing the disk size when deploying is not supported. Inaddition, when deploying an IBM i workload, disk resize is not available. In these cases, the disk sizeproperty is not displayed in the output of POST /cloud/api/workload and the disk resize field is notdisplayed on the Advanced deployment window.
236 IBM SmartCloud Entry: Administrator Guide 3.2
Cannot display storage size for PowerVC virtualization environmentIf you are using the PowerVM hypervisor that is managed by the PowerVC virtualization manager, thestorage that is used and total size information is not available. The REST API returns -1 for the storagethat is used and total size.
Hyper-V does not support memory overcommitIBM SmartCloud Entry installations using Hyper-V do not support memory overcommit. When a virtualmachine is started on a Hyper-V compute node, the memory requirement specified by the flavor of thevirtual machine is allocated on the compute node. If the total memory allocations of virtual machines ona compute node exceed the memory available in the compute node, an error is written to the computenode log.
The error is similar to the following:
nova.virt.hyperv.vmops Not enough memory in the system to start the virtual machineinstance-00000001. - 'instance-00000001' could not initialize.
If you see an error such as this, you must free enough memory on the compute node to allow anothervirtual machine to start.
Limitation for upgrading the Hyper-V AgentWhen you upgrade the Hyper-V Agent, the old version is uninstalled and all the folders are deleted,including the log folder that contains the compute.log file. The upgrade then installs the new versionwith the log, bin, and etc folders in the specified installation directory. If, when you install the Hyper-VAgent, you specified a location for the log folder other than installation_dir\log\nova, and then youupgrade the Hyper-V Agent, the compute.log file is lost.
To avoid losing the compute.log file when you upgrade the Hyper-V Agent, specify the following locationfor the log folder when you install the IBM SmartCloud EntryHyper-V Agent:
installation_dir\log\nova.
Target restrictions for VMControl IBM i deployment
Resilient system pool
When an image is deployed to create a virtual server that is running IBM i, thevirtual server must berunning on a POWER7 host that has firmware release 730.51 or later and the HMC must be at version7.7.6.0 or later.
Relocation of the resulting instance is only supported for virtual servers that are running IBM i v7.1, TR4PTF group SF99707 level 4, or later.
Non-resilient system pool
For deployment in a system pool that is not resilient, an IBM i image does not have any speciallimitations. However, the deployed workload is not relocatable in VMControl.
For more information, see Deploy support and requirements in the IBM Systems Director InformationCenter at http://pic.dhe.ibm.com/infocenter/director/pubs/topic/com.ibm.director.vim.helps.doc/fsd0_vim_r_sb_aix_on_power_deploy_reqs_new_vs.html.
Chapter 14. Troubleshooting 237
Use of network configurations provided by Network Control is notsupported
Network Control has the ability to automatically deploy and move network configurations associatedwith virtual servers, eliminating the need for manual network configuration steps. The use of NetworkControl function by IBM SmartCloud Entry through VMControl is not supported in the current release.
The install path cannot contain non-English charactersWhen installing IBM SmartCloud Entry, the path to the installer cannot contain non-English characters.
Limitation on specifying a large memory or number of processorsWhen deploying an instance into a system pool, the size of memory and number of processors cannot beout of the range of the minimum or maximum value set by IBM Systems Director VMControl for thatvirtual server image. In addition, you cannot modify the minimum or maximum value when you deploy.
To ensure the success of deployment when you specify a large memory or number of processors, followone of these two methods:v Modify the image manually and import it at setup time.v Use the IBM Systems Director VMControl REST API to update the OVF maximum of an existing
image. For example:PUT https://myserver:port/{webContext}/VMControl/virtualAppliances/{virtualApplianceOID}
For more information about using the IBM Systems Director VMControl REST API, see IBM SystemsDirector VMControl SDK at http://pic.dhe.ibm.com/infocenter/director/devsdk/topic/com.ibm.vmcontrol.ws.24.doc/html/toc.html.
Limitations when you deploy an imageThere are limitations when you deploy an image that is captured from a server that is configured withmultiple network interfaces on the same VLAN.
Issue
A virtual machine can have one or more virtual networks. In the case where multiple network interfacesare configured on the same VLAN, VMControl captures those images under the same virtual network.For these images, VMControl deploys the network adapters that are grouped in one virtual network intoone network. IBM SmartCloud Entry does not allow the user specify a different network for eachnetwork adapter. As a result, some of the network adapters do not have the network list table in IBMSmartCloud Entry. In this situation, you cannot change the VLAN mapping.
Workaround
Ensure that the virtual machine to be captured does not have multiple NICs configured on the sameVLAN.
Limitation for deleting an imageWhen you deploy an instance with one image, then capture the instance to create a new image, the oldimage cannot be deleted if you deploy a new instance using the new image. Since the backup functionworks by capturing an instance, if you back up and then restore an image, you cannot delete the backupimage. This is a limitation only on OpenStack clouds.
238 IBM SmartCloud Entry: Administrator Guide 3.2
Direct usage of OpenStack CLI or REST APIs prohibited
When you use IBM SmartCloud Entry to connect to an OpenStack cloud, the direct use of any OpenStackCLI commands or REST APIs is not supported. You must use IBM SmartCloud Entry to manageOpenStack and all of the services that comprise OpenStack. Performing any management of OpenStackby using its CLI commands or REST APIs outside of IBM SmartCloud Entry might cause IBMSmartCloud Entry to malfunction and contain inconsistent data.
Validation errors when updating a configuration strategyWhen you update the configuration strategy for an image, all fields on the page are validated after youselect a local file for the template, user metadata, or mapping. If any of the fields are not valid, an errormessage displays. Error messages display even if you have not yet provided a value for a required field,such as the mapping field. Proceed by specifying the required fields.
IBM SmartCloud Entry appliance limitation with Nova commandThere is a limitation with the IBM SmartCloud Entry appliance when you use the Nova command.
The IBM SmartCloud Entry appliance in release 3.2, does not support the following Nova command: novaquota-show
If you try to use this command, you might receive an error similar to the following message:ERROR: The server could not comply with the request since it is either malformed or otherwise incorrect.(HTTP 400) (Request-ID: req-2a365162-3779-468b-ba57-3e29d22e296e)
Running out of DB2 home space with anIBM SmartCloud EntryapplianceIf you use the IBM SmartCloud Entry appliance, in default configuration, you might encounter a problemwhere the DB2 home space runs out of space after a couple of months. The disk usage increases with thegrowth of the Keystone table space container, which stores many expired tokens. You need to removethose expired tokens periodically to prevent it from taking up too much space.
To avoid this problem, try the following steps:1. Set a valid token time in the /etc/keystone/keystone.conf file. A time of 86400 means that the tokens
expire after one day.# Amount of time a token should remain valid (in seconds)expiration = 86400
2. Manually run "keystone-manage token_flush" to clean up the tokens, which pass the expiration that isset.If the Keystone database already had thousands of token records, this command runs into an sqlexception as shown.IBM-SCE> keystone-manage token_flush2013-11-18 02:11:09.491 3806 CRITICAL keystone [-] (InternalError) ibm_db_dbi::InternalError:Statement Execute Failed: [IBM][CLI Driver][DB2/LINUXX8664] SQL0964CThe transaction log for the database is full.SQLSTATE=57011 SQLCODE=-964 ’DELETE FROM token WHERE token.expires < ?’(datetime.datetime(2013, 11, 18, 8, 10, 37, 519596),)
The workaround extends the transaction log for the Keystone database.Modify user "db2inst1" bash login in /etc/passwd (db2inst1:x:502:102::/home/db2inst1:/bin/bash)su db2inst1 db2 db2 => update db cfg for keystone using LOGFILSIZ 4096 DB20000IThe UPDATE DATABASE CONFIGURATION command completed successfully.db2 => update db cfg for keystone using LOGPRIMARY 60 DB20000IThe UPDATE DATABASE CONFIGURATION command completed successfully.
Chapter 14. Troubleshooting 239
3. The token records can be removed from the token table in the Keystone database now. However,users might complain that the disk space is not free.The flush_token command deletes the records but does not free the space since it uses that space fornew records (tokens in this case). For more information, see http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.perf.doc%2Fdoc%2Fc0005406.htmlYou can also run the REORG table command to reclaim space: http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.cmd.doc%2Fdoc%2Fr0001966.htmlThe best practice is to generate a cron job to do the REORG table.
Virtual machines with multi-thread in VMware vCenterThis limitation applies to IBM SmartCloud Entry administrators, if you are using VMware vCenter andrunning large scale virtual machines with multi-threading.
You might encounter errors in IBM SmartCloud Entry when the datastore nodes run low on space andthe left space of the datastore node is less than the image size. VMware vCenter does not refresh thedatastore usage before cloning is completed. To resolve, extend the datastore space to ensure that there isenough space to deploy the virtual machines.
Problem choosing correct datastore during concurrent deployments(VMware vCenter)IBM SmartCloud Entry is unable to choose the correct target datastore if VMware vCenter does notprovide real-time datastore usage information.
VMware vCenter does not refresh the data of datastore usage before cloning is completed. When you runconcurrent deployments, if VMware vCenter cannot provide real-time datastore usage, IBM SmartCloudEntry cannot decide the correct target datastore under concurrent deployment scenario. As a result, thedatastore is not enough when the concurrent deployments need a total datastore resource that is biggerthan the datastore nodes left. With insufficient resources, deployments fail as the resources do not meetthe minimum amounts. IBM SmartCloud Entry tries to suggest other datastore nodes. It attempts threetimes, by default. If you want to configure a value greater than three, open the vmware.properties fileand add the following line: "com.ibm.vmware.client.clone.retry.attempts=5", for example.
The failed virtual machine sends a log to the IBM SmartCloud Entry interface, as follows:The following instance logs were found in the Cloud. CYX0886E: Unable to determine if the deployedvirtual machine ’*’ is started and ready for use in the allotted time of 2,700 seconds.The deployed virtual machine may still be starting or may have had customization problems.Check the log and the virtual machine for more information.If the virtual machine was started and is ready for use,increase the wait time in the vmware.properties file."
240 IBM SmartCloud Entry: Administrator Guide 3.2
Accessibility
IBM SmartCloud Entry does not interfere with the accessibility features for supported browsers. For acomprehensive list of accessibility features please visit the accessibility support page for the supportedbrowser that you are using. For a list of supported browsers, see the IBM SmartCloud EntryAdministrator Guide.
The publications for this product are in Adobe Portable Document Format (PDF) and should becompliant with accessibility standards. If you experience difficulties using the PDF files and want torequest a web-based format for a publication, email a request to the following address:
Or, you can mail a request to the following address:
International Business Machines CorporationInformation Development3605 Hwy 52 NorthRochester, MN, U.S.A 55901
In the request, be sure to include the publication title.
When you send information to IBM, you grant IBM a nonexclusive right to use or distribute theinformation in any way it believes appropriate without incurring any obligation to you.
© Copyright IBM Corp. 2012, 2013 241
242 IBM SmartCloud Entry: Administrator Guide 3.2
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries.Consult your local IBM representative for information on the products and services currently available inyour area. Any reference to an IBM product, program, or service is not intended to state or imply thatonly that IBM product, program, or service may be used. Any functionally equivalent product, program,or service that does not infringe any IBM intellectual property right may be used instead. However, it isthe user's responsibility to evaluate and verify the operation of any non-IBM product, program, orservice.
IBM may have patents or pending patent applications covering subject matter described in thisdocument. The furnishing of this document does not grant you any license to these patents. You can sendlicense inquiries, in writing, to:
IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ORIMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OFNON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Somestates do not allow disclaimer of express or implied warranties in certain transactions, therefore, thisstatement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodicallymade to the information herein; these changes will be incorporated in new editions of the publication.IBM may make improvements and/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.
Licensees of this program who wish to have information about it for the purpose of enabling: (i) theexchange of information between independently created programs and other programs (including thisone) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM CorporationDept. LRAS/Bldg. 90311501 Burnet RoadAustin, TX 78758-3400U.S.A.
Such information may be available, subject to appropriate terms and conditions, including in some cases,payment of a fee.
The licensed program described in this document and all licensed material available for it are providedby IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement orany equivalent agreement between us.
© Copyright IBM Corp. 2012, 2013 243
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual PropertyDepartment in your country or send inquiries, in writing, to:
Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan, Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan
IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, theirpublished announcements or other publicly available sources. IBM has not tested those products andcannot confirm the accuracy of performance, compatibility or any other claims related to non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the suppliers ofthose products.
Any references in this information to non-IBM Web sites are provided for convenience only and do not inany manner serve as an endorsement of those Web sites. The materials at those Web sites are not part ofthe materials for this IBM product and use of those Web sites is at your own risk.
This information contains examples of data and reports used in daily business operations. To illustratethem as completely as possible, the examples include the names of individuals, companies, brands, andproducts. All of these names are fictitious and any similarity to the names and addresses used by anactual business enterprise is entirely coincidental.
TrademarksIBM, the IBM logo, and ibm.com® are trademarks or registered trademarks of International BusinessMachines Corporation in the United States, other countries, or both. If these and other IBM trademarkedterms are marked on their first occurrence in this information with a trademark symbol (® and ™), thesesymbols indicate U.S. registered or common law trademarks owned by IBM at the time this informationwas published. Such trademarks may also be registered or common law trademarks in other countries. Acurrent list of IBM trademarks is available on the Web at Copyright and trademark information atwww.ibm.com/legal/copytrade.shtml
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarksof Adobe Systems Incorporated in the United States, and/or other countries.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon,Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or itssubsidiaries in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracleand/or its affiliates.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in theUnited States, other countries, or both.
244 IBM SmartCloud Entry: Administrator Guide 3.2
UNIX is a registered trademark of The Open Group in the United States and other countries.
Other company, product, or service names may be trademarks or service marks of others.
Privacy policy considerationsIBM Software products, including software as a service solutions, (“Software Offerings”) may use cookiesor other technologies to collect product usage information, to help improve the end user experience, totailor interactions with the end user or for other purposes. In many cases no personally identifiableinformation is collected by the Software Offerings. Some of our Software Offerings can help enable you tocollect personally identifiable information. If this Software Offering uses cookies to collect personallyidentifiable information, specific information about this offering’s use of cookies is set forth below.
Depending upon the configurations deployed, this Software Offering may use session and persistentcookies that collect each user’s user name and password for purposes of session management,authentication, and enhanced user usability. These cookies cannot be disabled.
If the configurations deployed for this Software Offering provide you as customer the ability to collectpersonally identifiable information from end users via cookies and other technologies, you should seekyour own legal advice about any laws applicable to such data collection, including any requirements fornotice and consent.
For more information about the use of various technologies, including cookies, for these purposes, SeeIBM’s Privacy Policy at http://www.ibm.com/privacy and IBM’s Online Privacy Statement athttp://www.ibm.com/privacy/details the section entitled “Cookies, Web Beacons and OtherTechnologies” and the “IBM Software Products and Software-as-a-Service Privacy Statement” athttp://www.ibm.com/software/info/product-privacy.
Notices 245
246 IBM SmartCloud Entry: Administrator Guide 3.2
����
Printed in USA