1. Installing ManageIQ

Installing ManageIQ consists of the following steps:

  1. Downloading the appliance for your environment as a virtual machine snapshot template.
  2. Setting up a virtual machine based on the appliance.
  3. Configuring the ManageIQ appliance.

After you have completed all the procedures in this guide, you will have a working environment on which additional customizations and configurations can be performed.

1.1. Obtaining the appliance

In a browser, navigate to https://www.manageiq.org/download/.

Find the table with the relevant type of release.

Click Amazon AWS EC2 from the list to download the appliance image.

1.2. Requirements

Below are the two sets of requirements for installing ManageIQ on Amazon EC2.

1.2.1. ManageIQ Requirements

  1. 44 GB of space on the chosen datastore.
  2. 12 GB RAM.
  3. 4 vCPUs.

1.2.2. Amazon EC2 Requirements

  1. An Amazon S3 bucket to store the disk image that will be imported to AWS as a snapshot.
  2. A VM import service role (IAM role) named vmimport.

1.3. Uploading the Appliance to an Amazon S3 Bucket

From your local file system, you can now upload the ManageIQ appliance VHD image obtained in Obtaining the appliance to the Amazon S3 bucket, using your choice of tool.

1.4. Configuring Amazon EC2 to Import the Appliance

1.Install the AWS client on the computer you want to interact with the AWS API from.

$ pip install awscli

2.Configure and download your AWS secret/access key by following the steps in the Managing Access Keys for Your AWS Account documentation.

3.Configure the AWS client with your access/secret key. For example:

$ aws configure 

AWS Access Key ID [******]: ACCESS_KEY AWS 

Secret Access Key [******]: SECRET_KEY 

Default region name [None]: 

Default output format [None]:

4.Create the trust-policy.json file for the vmimport role. For example:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
}
}

5.Create the vmimport role using the trust-policy.json file that you just created.

$ aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
Create the role-policy.json file. Be sure to use the exact S3 bucket name. For example:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": ["arn:aws:s3:::BUCKET_TO_UPLOAD_IMAGE","arn:aws:s3:::BUCKET_TO_UPLOAD_IMAGE/*"]
},
{
"Effect": "Allow",
"Action": [
"iam:CreateRole",
"iam:PutRolePolicy"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CancelConversionTask",
"ec2:CancelExportTask",
"ec2:CreateImage",
"ec2:CreateInstanceExportTask",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DescribeConversionTasks",
"ec2:DescribeExportTasks",
"ec2:DescribeExportImageTasks",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:ExportImage",
"ec2:ImportInstance",
"ec2:ImportVolume",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:ImportImage",
"ec2:ImportSnapshot",
"ec2:DescribeImportImageTasks",
"ec2:DescribeImportSnapshotTasks",
"ec2:CancelImportTask"
],
"Resource": "*"
}
]
}

Apply the vmimport role to the ManageIQ appliance image you uploaded to the S3 bucket.

$ aws iam put-role-policy –role-name vmimport –policy-name vmimport –policy-document file://role-policy.json

1.5. Importing the Appliance to Amazon Elastic Compute Cloud (Amazon EC2)

To import the appliance:

1.Create a containers.json file:

{
    "Description": " NAME OF IMPORTED SNAPSHOT IN AWS",
    "Format": "vhd",
    "UserBucket": {
        "S3Bucket": "BUCKET WITH UPLOADED .VHD IMAGE",
        "S3Key": "PATH OF .VHD IMAGE"
    }
}

See the VM import and export requirements, such as image formats, instances, volume and file system types, and using regions.

2.Use the AWS-CLI tools to import a disk as a snapshot. See the AWS documentation on using VM Import/Export to import a disk as a snapshot.

You can either specify a region, or if not, ensure that the S3 bucket is in the same region where you want to import the snapshot.

$ aws ec2 import-snapshot –disk-container file://containers.json

3.Check the progress of your snapshot import by running the following command:

 $ aws ec2 describe-import-snapshot-tasks --import-task-ids SNAPSHOT_ID_GOT_FROM_RESPONSE

4.Create an AMI from the snapshot.

 $ aws ec2 register-image

2. Configuring ManageIQ

After installing ManageIQ and running it for the first time, you must perform some basic configuration. To configure ManageIQ, you must at a minimum:

1.Add a disk to the infrastructure hosting your appliance.

2.Configure the database.

Configure the ManageIQ appliance using the internal appliance console.

2.1. Accessing the Appliance Console

1.Start the appliance and open a terminal console.

2.After starting the appliance, log in with a user name of root and the default password of smartvm. This displays the Bash prompt for the root user.

3.Enter the appliance_console command. The ManageIQ appliance summary screen displays.

4.Press Enter to manually configure settings.

5.Press the number for the item you want to change, and press Enter. The options for your selection are displayed.

6.Follow the prompts to make the changes.

7.Press Enter to accept a setting where applicable.

3.Amazon EC2 Providers

Permissions for Amazon EC2 Providers

Use Amazon EC2’s Power User Identity and Access Management (IAM) policy when adding Amazon EC2 as a cloud provider in ManageIQ. This policy allows those in the Power User group full access to AWS services except for user administration, meaning a ManageIQ API user can access all of the API functionality, but cannot access or change user permissions.

Further limiting API access limitations can limit Automate capabilities, as Automate scripts directly access the AWS SDK to create brand new application functionality.

The AWS services primarily accessed by the ManageIQ API include:

1.Elastic Compute Cloud (EC2)

2.CloudFormation

3.CloudWatch

4.Elastic Load Balancing

5.Simple Notification Service (SNS)

6.Simple Queue Service (SQS)

Manually Creating an Amazon EC2 Role

To eliminate the need to assign Admin group privileges to the Amazon EC2 provider, create an IAM role following the procedure described in Creating a Role for an AWS Service (Console) in the Amazon Web Services documentation.

Use the following parameters:

1.Select EC2 as the service the role will use.

2.Attach the following permissions:

a.AmazonEC2FullAccess

b.AmazonS3FullAccess

c.AmazonSQSFullAccess

3.Enter smartstate for the Role name.

Once the IAM role is created, assign the provider Power User privileges as described in Permissions for Amazon EC2 Providers.

3.2. Adding Amazon EC2 Providers

Complete the following procedure to add an Amazon EC2 cloud provider in ManageIQ.

1.Navigate to Compute Clouds Providers.

2.Click(Configuration), then click(Add a New Cloud Provider).

3.Enter a Name for the provider.

4.From the Type list, select Amazon EC2.

5.Select a Region.

6.Select the appropriate Zone if you have more than one available.

7.Under Endpoints, click the Default tab.

a. Enter the Endpoint URL.

       AWS allows users to set a custom endpoint URL when connecting to certain services, which you can add in the ManageIQ user interface per                  Amazon EC2 provider. See Interface VPC Endpoints (AWS PrivateLink) for more information.

   b. Generate an Access Key in the Security Credentials of your Amazon AWS account. The Access Key ID acts as your User ID, and                            your Secret Access Key acts as your Password.

   c.Click Validate to validate the credentials.

8.Click the SmartState Docker tab.

     a.Enter the SmartState Docker User Name and SmartState Docker Password. Here use your docker registry credentials required to                     perform SmartState analysis on AWS. These credentials are required so that you can pull the image from the docker registry.

9.Click Add.

3.3. Enabling Public AMIs from Amazon EC2

By default, public AMIs from an Amazon EC2 provider are not viewable in ManageIQ. To make these images viewable, you must edit the main configuration file for the appliance.

1.Navigate to the settings menu, then Configuration  Zone  Advanced.

2.Select the configuration file to edit from the File list. If not already automatically selected, select EVM Server Main Configuration.

3.Set the get_public_images parameter:

      a. Set the parameter to get_public_images: true to make public images viewable.

      b. Set the parameter to get_public_images: false to make public images not viewable.

4. Optionally, configure an array of filters in public_images_filters to restrict which images are synced.                                                                                   See http://docs.aws.amazon.com/sdkforruby/api/Aws/EC2/Client.html#describe_images-instance_method for more details.

4.Provisioning an EC2 Instance from an Image

1.Navigate to Compute Clouds Instances.

2.Click(Lifecycle), then click(Provision Instances).

3.Select an image from the list presented.

4.Click Continue.

5.On the Request tab, enter information about this provisioning request. In Request Information, type in at least a first and last name and an email address. This email is used to send the requester status emails during the provisioning process for items such as auto-approval, quota, provision complete, retirement, request pending approval, and request denied. The other information is optional. If the ManageIQ Server is configured to use LDAP, you can use the Look Up button to populate the other fields based on the email address.

Parameters with a * next to the label are required to submit the provisioning request. To change the required parameters, see Customizing Provisioning Dialogs.

6.Click the Purpose tab to select the appropriate tags for the provisioned instance.

7.Click the Catalog tab for basic instance options.

      1.To change the image to use as a basis for the instance, select it from the list of images.

     2.Select the Number of VMs to provision.

     3.Type a VM Name and VM Description.

8.Click the Environment tab to select the instance’s Availability ZoneVirtual Private CloudCloud SubnetSecurity Groups, and Elastic IP Address. If no specific availability zone is required, select the Choose Automatically checkbox.

9.Click the Properties tab to set provider options such as hardware flavor and security settings.

1.Select a flavor from the Instance Type list.

2.Select a Guest Access Key Pair for access to the instance.

3.Select the CloudWatch monitoring level. Leave as Basic for the default EC2 monitoring.

10.Click the Customize tab to set additional instance options.

     1.Under Credentials, enter a Root Password for the root user access to the instance.

2.Enter a IP Address Information for the instance. Leave as DHCP for automatic IP assignment from the provider.

3.Enter any DNS information for the instance if necessary.

4.Select a Customize Template for additional instance configuration. Select from the Cloud-Init scripts stored on your appliance.

11.Click the Schedule tab to set the provisioning and retirement date and time.

     1.In Schedule Info, choose whether the provisioning begins upon approval, or at a specific time. If you select Schedule, you will be prompted to enter a date and time.

    2.In Lifespan, select whether to power on the instances after they are created, and whether to set a retirement date. If you select a retirement period, you will be prompted for when to receive a retirement warning.

12.Click Submit.

The provisioning request is sent for approval. For the provisioning to begin, a user with the admin, approver, or super admin account role must approve the request. The admin and super admin roles can also edit, delete, and deny the requests. You will be able to see all provisioning requests where you are either the requester or the approver.

After submission, the appliance assigns each provision request a Request ID. If an error occurs during the approval or provisioning process, use this ID to locate the request in the appliance logs. The Request ID consists of the region associated with the request followed by the request number. As regions define a range of one trillion database IDs, this number can be several digits long.

Request ID Format

Request 99 in region 123 results in Request ID 123000000000099.

Creating a catalog

You need a catalog for the user to choose from it. Let’s create a catalog with a basic name and description

Go to Services → Catalogs and choose Catalogs in the accordion.

Press Configuration → Add a New Catalog and fill the fields. As there are no catalog items yet, you won’t see any in the Assign Catalog Items tabs.

Creating a catalog item####

Let’s add all together, so the user can order a service instead of doing a traditional provisioning.

Navigate to Services → Catalogs and Select Catalog Items in the accordion, and within it the catalog you just created

Add a new Configuration → Add a New Catalog Item

Select Google as Catalog Item type and you will get a dialog to configure what will happen when the customer orders the item. Don’t forget to select Display in Catalog to be make it available.

Fill the description in details and fill Request Info with the same data you did in the traditional provisioning.

When finished, press Add

Now you will be able to see your service catalog and the item will be orderable within Service Catalogs in the accordion.

Ordering a service####

Go to the Service catalog again. Now you can see your catalog item as part of the catalog. You can order it pressing the Order below the icon.

A service item can be more complex than a single VM, including bundles and items that comprise different providers, and are provisioned through a series of automation workflows. The dialog we created will be used to gather information from the customer, hiding all the complexity of the details needed to actually deploy any of the components.

Services has their own life cycle on top of the lifecycle of its components. With the appropriate permissions you can see the resources associated to it in each moment

Ordering consists of different phases that are outside of the scope of this guide.

Press Administrator|EVM in the upper right part of the screen, and then Logout.

Once you are logged out, enter https://[your IP ADDRESS]]/self_service in your web browser. This is the self service interface, that can be used to isolate you from the nuances of the underlying infrastructure.

The Service UI allows for a more simple design for end users compared to the Operational UI.

Generate a new instance

Go to Compute → Cloud → Instances, and select your Google provider in the tree.

You will see all the instances in the provider independently of the availability zone they belong to.

If you have more than a cloud provider all your instances from all your providers will be available at the same time and you will be able to interact with them.

Select Lifecycle → Provision Instances from the bar on the top.

After a few seconds you will have a list of all images available, select the latest version of centos-7. Press Continue

There are different elements that you need to fulfill:

Request####

The information about the request itself, it will be used for reporting, notifications, and to help decide whether approve it or not.

Purpose####

Tags are running deeply in ManageIQ, to allow the system to provide functionality like visibility of instances, chargeback, best place provisioning decisions, quotas, etc. You can find a lot of information about this in the documentation.

5.Catalog####

This will allow to modify some characteristics of the instance, like the number of instances, its name and description.

6.Environment####

This will allow you to choose the availability zone and the cloud network to be used.

You can always check choose automatically to allow the system to find the best option for you.

Properties

This allows you to modify the instance type and boot disk size to adapt it to your necessities.

Choose a small instance type: (g1-small) and a boot-disk of 10 GB.

Schedule

This allows you to decide if you want to provision the Instance now or in a later time.

Press Submit

You will see your request go through different stages (you can press Reload to see the changes)

After a few seconds, a new VM will be present, owner and group will be properly set up for this new VM and you will see all the information about it.

Once you have this VM created, you can go to any of the VM and choose Power → Stop or Power → Delete in the upper menu to avoid unnecessary charges