vCSA and HP Insight Control VASA Integration

I did a post on vCSA and getting it properly discovered inside of Insight Control (SIM).  Now another feature I had to integrate was VASA.  In case you don't know what VASA is, check your google-foo, but chances are you stumbled upon this because you are trying to get your 3PAR working with vCSA.

Now the documentation gives you the steps for a Windows vCenter.  Good, but what about vCSA?  Here are the steps to integrate VASA with vCSA.

You will have to install the vCenter installed, ICE installed, and installed the Storage portion of the Insight Control for vCenter plugin on the ICE host.

In the storage administrators portal (there is a link on the desktop after installing), you will want to add your array and input the credentials.  These are standard steps in the documentation.
Docs:  ICE for vCenter User Guide

1.) SSH to the 3PAR array(s) and start the CIM web service.

cli % > startcim

2.)  SSH to vCenter and as root run the follwing command:

keytool -exportcert -v -keystore /etc/vmware-vps/ssl/sms.keystore -file /root/sms_new.cer -alias sms

3.)  Copy the newly exported cert from the vCenter host to your local machine.  I had scp in my path you could use WinSCP or others.

scp root@virtualcenter:/root/sms_new.cer .

4.)  Open  your browser to the host where the the ICE for vCenter Plugin is installed.  The default port that was assigned to the VASA service on my install was 3513.

https://CMS-HOST-FQDN:3513/Config/Register

-> Click Browse to certificate and upload

-> Click Submit

5.)  Restart the VASA Windows service on the host where the ICE for vCenter Plugin is installed.  This is not in the documentation but it helped get it working.

Restart VASA windows service

Service as seen in services.msc is "HP 3PAR VASA Provider for VMware vSphere Web Service"

The actual Service Name is TpdVmVasaWebService for the scripters and commandliners

6.) Open up vSphere Client (web or traditional) to add the storage provider.

Home > Administration > Storage Providers > Add

Name:  HPICSM

URL:  https://CMS-HOST:3513

Username:

Password:  

Use Vendor Provider Certificate -> Browse to the sms_new.cer

The VASA plugin does not want usernames and passwords you have to use the certificate. Otherwise all attempts to authenticate will fail. There are sections in the documentation with more information.

vCSA 5.5 and HP Insight Control Integration

Just some quick notes on integrating HP Insight Control (or SIM) with VMware vCenter Server Appliance (vCSA).

You may experience problems trying to monitor the vCSA with SIM/ICE like you used to with a Windows based vCenter.  When trying to discover the vCenter (which is needed in order to register your ESXi hosts with VMM) you will get errors leaving the system as unknown/unmanaged.

Your discovery methods you will try will fail:
1.)  There is no SNMP on the vCenter
2.)  SSH will fail even though your credentials are good

Products:
vCSA 5.5.0b
Insight Control for vCenter 7.3
Insight Control 7.3 CMS installed on Windows Server 2008

I'll describe the fixes I tried to get it working here.  I went down the SNMP route first as most systems with SIM/ICE are discovered with SNMP.  SNMP not being installed was disappointing but can easily be fixed with a few commands.  However this will not allow the system to be discovered in SIM properly.  The commands are as follows, it is important to run them in this exact order.

ssh root@vcenter-server
# Add the repos and accept the keys and such...

zypper addrepo -f http://download.opensuse.org/distribution/11.2/repo/oss/ opensuse

zypper addrepo -f http://download.opensuse.org/repositories/net-snmp:/factory/SLE_11_SP2/  net-snmp

# Install the pre-requisites

zypper install libsensors4

zypper install net-snmp

#edit snmp config file to your settings

vi /etc/snmp/snmpd.conf

#edit the TCP wrappers config file to allow access to SNMP

vi /etc/hosts.allow

#Add the following line

snmpd: ALL : ALLOW

# Set the service to start at boot

chkconfig snmpd on

# Start the service

service snmpd start

After hours of this not working but getting snmp information we went down the route of trying to get SSH working.

THIS IS NOT SUPPORTED BY VMWARE and they may break it later but it works.

VMware places a customer sshd_config file on the vCenter appliance, I'm sure in hopes to make it more secure. However, the accepted ciphers are limited to aes256-ctr and aes128-ctr. Commenting this out and restarting SSH did the trick.

# Edit the sshd_config file and add a # to the Ciphers line

vi /etc/ssh/sshd_config

Change this from

Ciphers aes256-ctr,aes128-ctr

To

#Ciphers aes256-ctr,aes128-ctr

# Restart SSH

service sshd restart

I did this over an SSH session to the vCSA, so you don't need to do it over the console. After this go back into ICE and rediscover the vCSA with the SSH credentials you will have already had, or add new credentials when doing the discovery scan. Once the vCSA is identified and registered you will be able to register the VME credentials and then the ESXi hosts.