Integration between PC and Spectrum OneClick via HTTPS / SSL
Article ID: 202451
Updated On:
Products
Issue/Introduction
After enabled the SSL on the OneClick web server with a self-signed certificate, the Spectrum Data Source test fails in Performance Center (PC).
These two files in the OneClick web server are properly configured:
$SPECROOT/tomcat/conf/server.xml file:
$SPECROOT/tomcat/webapps/axis2/WEB-INF/conf/axis2.xml file:
<transportReceiver name="http"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8080</parameter>
</transportReceiver>
<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
Environment
Release : All Supported Releases
Component : IM Reporting / Admin / Configuration
Cause
The OneClick SSL certificates and any intermediate certificates have not been imported to the following file on the Performance Center host: /opt/CA/jre/lib/security/cacerts.
Integrate CA Spectrum with CA Performance Management
Configure CA Spectrum as a Data Source
5. Select the communication protocol.
Before you select https, ensure the following prerequisites:
- SSL is enabled on the OneClick web server host by configuring the server.xml and axis2.xml files appropriately.
- The OneClick SSL certificates and any intermediate certificates have been imported to the following file on the Performance Center host: /opt/CA/jre/lib/security/cacerts. For more information, see the DX NetOps Spectrum documentation.
Resolution
Here are the steps to export the OneClick SSL certificate from the OneClick web server machine:
1. On the OneClick server machine, open a bash shell (bash -login)
2. Navigate to the $SPECROOT/Java/bin/ directory
3. Run the following syntax:
$ ./keytool -export -keystore ../../custom/keystore/cacerts -alias tomcatssl -file OCServer.cer
4. Enter the keystore password: (which is "changeit" without quotes)
5. The following message is displayed:
Certificate stored in file <OCServer.cer>
6. Copy the $SPECROOT/Java/bin/OCServer.cer file from the OneClick web server machine to the /opt/CA/jre/lib/security/ directory of the PC (Performance Center/Portal) machine.
Here are the steps to import the OneClick SSL certificate on the Performance Center (PC/Portal) machine:
7. On the PC (Performance Center/Portal) machine, navigate to the /opt/CA/jre/lib/security/ directory.
$ cd /opt/CA/jre/lib/security/
8. Make a backup/copy of the current /opt/CA/jre/lib/security/cacerts file.
$ cp cacerts cacerts.ori
9. Navigate to the /opt/CA/jre/bin/ directory.
$ cd /opt/CA/jre/bin/
10. Run the following command to import the OCServer.cer certificate into the cacerts file:
$ ./keytool -importcert -alias tomcatssl -file ../lib/security/OCServer.cer -keystore ../lib/security/cacerts
Supply the password "changeit" (without quotes)
Type yes to confirm.
11. Go to the Performance Center Portal and test the Spectrum Data Source with HTTPS.
12. Save the change.
Additional Information
Spectrum and PC integration - Data source test failed, Communication with the data source failed
https://knowledge.broadcom.com/external/article?articleId=202988
How to enable SSL on OneClick and WebApp with self-signed certificate
https://knowledge.broadcom.com/external/article?articleId=200602
axis2.xml format error ">" breaks Netops Spectrum-NetOps Portal integration
https://knowledge.broadcom.com/external/article?articleId=221146
Troubleshooting (in case you get the following error in Spectrum Data Source test):
Error Message: Data Souce Test Failed
Communication with data source failed.
1. From a browser open the following URLs to check the axis2 service:
http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
2. From the PC host run the following curl syntaxes:
# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
Expected output:
< HTTP/1.1 200
< Content-Type: text/xml
< Transfer-Encoding: chunked
< Date: Fri, 08 Apr 2022 11:30:55 GMT
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
3. Review the PCService.log file (/opt/CA/PerformanceCenter/PC/logs):
# cat PCService.log | grep <OneClick_FQDN>
One example:
| Test DataSource: Spectrum Infrastructure Manager@<OneClick_FQDN>
| Received WebServiceException from version check for data source Spectrum Infrastructure Manager@<OneClick_FQDN>. CAUSE=java.net.SocketTimeoutException: SocketTimeoutException invoking https://<OneClick_FQDN>:443/axis2/services/DataSourceWS: connect timedout. MESSAGE=Could not send Message.. Returning DS_COMM_FAILURE result.
4. Run the following curl and nc syntaxes on DA host:
# curl -v -k http://<OneClick_FQDN>/axis2/services/DataSourceWS?wsdl
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
# nc -z -v <OneClick_FQDN> 80
# nc -z -v <OneClick_FQDN> 443
Some examples:
# curl -v -k https://<OneClick_FQDN>:443/axis2/services/DataSourceWS?wsdl
* About to connect() to example.net port 443 (#0)
* Trying 10.xx.yy.zz...
* Connection timed out
* Failed connect to <OneClick_FQDN>:443; Connection timed out
* Closing connection 0
curl: (7) Failed connect to <OneClick_FQDN>:443; Connection timed out
# nc -z -v <OneClick_FQDN> 80
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.xx.yy.zz:80.
Ncat: 0 bytes sent, 0 bytes received in 0.04 seconds.
# nc -z -v <OneClick_FQDN> 443
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
Open port 443 between DA and OneClick host on the firewall.
Feedback
