In a consolidated infrastructure monitoring setup, it is a common practice to integrate the network topology from NNMi to the central monitoring tool. For this purpose, NNMi topology can be integrated with Operation Bridge Manager (if it is part of the solution) using HTTP or HTTPS.
There is a need to integrate NNMi deployed with classic install and OBM (OMi is renamed to OBM) deployed with CDF. This document focuses on the integration between NNMi classic & OBM CDF using HTTPS. Please note there is no OBM available with HTTP with CDF install.
Below is a step by step procedure which can be followed to make this integration work seamlessly but before we proceed, please note:
- This document only provides the method for HTTPS communication between NNMi classic & OBM CDF. For additional integration aspects and other details, please refer to the integration guide available with the product.
- While the steps/procedure should be the same across the versions, we tested these steps with NNMi 10.50 & OBM CDF 2018.05
- The steps below are for Self-signed certificates, and a similar procedure should work with the certificate issued by a Certification Authority.
- For simplicity, we are using default password in all the commands below, replace the same with a password for your environment.
- Using OBM UI, create a new User which can be used for Integration. Make sure it has admin privileges.
- Copy the OBM self-signed certificate to NNMi system.
This can be achieved by either of the following:
A. Use openssl on NNMi system to retrieve remote OBM certificate and store that in a file:
openssl s_client -connect OBM_MASTER_NODE:PORT </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/OBM.pem
B. If OpenSSL is not working, as an alternate, retrieve certificate from OBM system:
a. Login to OBM master system and get into OBM pod:
kubectl exec -it omi-0 -n opsbridge1 -c omi bash
Please replace the namespace as the case might be.
b. List the certificates:
c. Export the certificate:
/opt/OV/bin/ovcert -exporttrusted -alias <trusted certificate name> -file <location of file>
/opt/OV/bin/ovcert -exporttrusted -alias CA_c37xxxxxxxxxxxxxxxxxxxxxxx_2048 -file /tmp/OBM.pem
d. Exit from the omi-0 pod
e. Copy the export OMi certificate from pod onto filesystem:
kubectl cp opsbridge1/omi-0:/tmp/OBM.pem /tmp -c omi
f. Copy /tmp/OBM.pem to NNMi system at /tmp/OBM.pem
With either of the approach, we shall have OBM certificate at /tmp/OBM.pem on NNMi system.
- Copy CA certificate from /opt/kubernetes/ssl/ca.cer to NNMi system
Note: this is likely to change in later versions
- Import OBM certificate and CA certificate in NNMi trust store
A. Import OBM certificate
nnmkeytool.ovpl -import –alias <ANY_NAME> -keystore /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storepass ovpass -storetype PKCS12 -file /tmp/OBM.pem
B. Import CA certificate
nnmkeytool.ovpl -import –alias <ANY_NAME> -keystore /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storepass ovpass -storetype PKCS12 -file /tmp/ca.cer
5. Export NNMi self-signed certificate to a file
A. List the NNMi certificate:
nnmkeytool.ovpl -list -keystore /var/opt/OV/shared/nnm/certificates/nnm-key.p12 -storetype pkcs12 -storepass nnmkeypass
B. Note down the alias, mostly selfsigned
C. Export the NNMi certificate:
nnmkeytool.ovpl -exportcert -alias <ALIAS_NAME> -keystore /var/opt/OV/shared/nnm/certificates/nnm-key.p12 -storetype pkcs12 -storepass nnmkeypass -file /tmp/nnmi.pem -rfc
D. Copy this file on OMi CDF master system (say at /tmp/nnmi.pem)
- Import NNMi certificate into OBM trust store
A. Copy the NNMi certificate into OMi pod (omi-0):
kubectl cp /tmp/nnmi.pem opsbridge1/omi-0:/tmp/ -c omi
B. Open a session into OMi pod:
kubectl exec -ti omi-0 -n opsbridge1 -c omi bash
C. Import the NNMi certificate
/opt/OV/bin/ovcert –importtrusted -file /tmp/nnmi.cer
D. List the certificates and ensure that NNMi certificate is listed there.
E. Exit from of pod
- Restart NNMi & OBM
The restart is needed because Java reads certificates only at the startup of the JVM
- Use NNMi Configuration Wizard as described in the HPE Network Node Manager i Software—HPE Business Service Management/Universal CMDB Topology Integration Guide to set up the topology integration.
- Once integration is done, the following two figures show the results, comparing an NNMi Layer 2 Neighbor View with the equivalent Layer 2 by NNMi view in OBM
All the BEST!!