Chat now with support
Chat with Support

Foglight for Virtualization Enterprise Edition 8.9 - Federation Field Guide

Setting up a federated environment

4
Enable the federation mode by setting the server.federation variable to TRUE, in the Federation Master’s server.config file.
7
In the server.config file of each Federated Child, identify the port number allocated for communicating with the Federation Master (that is, identify the server.federation.port property).
Federated Child 1: server.federation.port = "1099";
Federated Child 2: server.federation.port = "1099";
Federated Child 3: server.federation.port = "1099";
8
Add the port number of each Federated Child in the federation to the federation.config file of the Federation Master.
The following is an example of how to add to the federation.config file the port numbers for the three Federated Children specified in Step 7.
9
In the federation.config file, edit the topology auto refresh period, if required. The default provided is 300 seconds (5 minutes):

Federation configuration changes

If you are about to upgrade the Management Server to 5.9.1 from any version of 5.7.5.x, refer to Table 2: Federation configuration changes for the detailed configuration changes about Federation environment.

Port change

<FMS_home>/config/server.config

The following ports used in 5.7.5.x have been removed in 5.9.1.

The Management Server only requires server.federation.port, as JBoss Server has been removed in 5.9.1.

The value of server.federation.port is the value of server.jndi.jnp.port.

URL configuration change

<FMS_home>/config/federation.config

The following illustrates the implementation of URL configuration in 5.7.5.x.

# *** JndiURLs ***

#

# This list contains JNDI provider URLs for federated servers.

...

# The default value is JndiURLs = ();

#

JndiURLs = (

);

The following illustrates the implementation of URL configuration in 5.9.1

# *** FederationURLs ***

#

# This list contains RMI provider URLs for federated servers.

...

# The default value is FederationURLs = ();

#

FederationURLs = (

);

 

Security settings change

<FMS_home>/config/federation.config

The following illustrates the implementation of SecurityToken used in 5.7.5.x.

# *** SecurityToken ***

#

# A token can be specified here, to enable token-based authentication. Once the master and children

...#

# Example:

# SecurityToken = "PutYourFederationSecretTokenHere";

#

The implementation of SecurityToken has been removed in 5.9.1. Instead, the Management Server provides the SSL configuration which offers the more advanced security settings for Federation environment. For more information, see To configure an SSL for communication between the Federation Master and a Federated Child:.

For more information, see Security settings.

Topology sync change

<FMS_home>/config/federation.config

The following illustrates the implementation of topology objects sync in 5.7.5.x.

# *** TopologyRefreshPeriod ***

#

...

# The default value is 1800, that is 30 minutes.

#

TopologyRefreshPeriod = 1800;

The following illustrates the implementation of topology objects sync in 5.9.1.

# *** TopologyRefreshPeriod ***

#

...

# The default value is 300, that is 5 minutes.

#

TopologyRefreshPeriod = 300;

The default value of TopologyRefreshPeriod in federation.config has changed to 5 minutes. For more information, see Topology synchronization.

Security settings

The security settings of Federated Children are not shared with the Federation Master, each is its own security domain with user authentication settings, users, groups and role assignments.

Operations that require authentication (such as clearing alarms), when performed on the Federation Master, are authenticated on the Federation Master and executed on a respective Federation Child based on a trusted relationship. This trust is established by a security sockets layer (SSL) for Federation that must be configured on both the Federation Master and the Federated Child. Failing to configure an SSL for Federation prevents the authentication of Federation Master actions on the Federated Child, such as acknowledging or clearing alarms.

NOTE: Configuration of SecurityToken through the federation.config file (adopted in Foglight 5.7.5.8 and before) has been removed in Foglight 5.9.1. Therefore, configuring an SSL for Federation is required when you upgrade the Federation environment to version 5.9.1, if your Federation environment configures SecurityToken before.
NOTE: By default, federation SSL is not configured on federation environment, so that operations that require authentication (such as clearing alarms on Federation Master) will not allowed. Other operations (such as topology synchronization, observation fetching and alarm fetching which are the main operations for federation) still work properly on a normal socket. If federation SSL is configured on federation environment, all operations will work on an SSL.
1
Open the Foglight JMX Console on the Federation Master. Click service=FederationConfig under the com.quest.nitro.fed service.
The FederationConfig service dashboard opens. Locate the generateFederationKeyStores() function, and then click Invoke to generate Keystore and certificate files. The generated Keystore and certificate files for Federation Master and Federation Child are saved under the <Foglight HOME>/config directory on the Federation Master.
2
Open the federation.config file on the Federation Master and locate the following lines:
4
Save the federation.config file.
5
Copy the federation-child.keystore file of Federation Master to the <Foglight HOME>/config directory on the Federation Child.
6
Open the server.config file on Federation Child and locate the following lines:
8
Save the server.config file.
10
Repeat Step 5 through Step 9 for each Federated Child that is connected to Federation Master.

Query limitations

The following is an example of a topology object query that limits the objects pulled by the server:

In general, when limiting the scope of topology queries, some interface views may not work properly or have missing data. If the federation topology must be limited, then the queries must be manually modified with respect to the desired topology scope and the cartridges involved. Customizing queries after the initial topology pull is less likely to cause errors. The benefit would be shorter topology refresh cycles, which can be configured to run more frequently (to refresh only the “interesting” part of the model).

Related Documents