vROps/Log Insight Integration and Troubleshooting

Update: Special thanks to Yogita N. Patil and VMware Technical Support for their assistance with the issues below!

Last week, I was trying to integrate vRealize Log Insight with vRealize Operations (vROps) so that I could ‘launch in context’ from vROps. This adds a context-sensitive action to vROps that lets you pull up Log Insight’s Interactive Analysis feature against the alert or object you are currently viewing. This makes it easy to drill down into logs with a lot less clicking around:

Launch in context is a feature in vRealize Operations Manager that lets you launch an external application via URL in a specific context. The context is defined by the active UI element and object selection. Launch in context lets the vRealize Log Insight adapter add menu items to a number of different views within the Custom user interface and the vSphere user interface of vRealize Operations Manager.

The documentation to enable this features seems pretty simple. I ran into a few problems, though…

The requirements are pretty simple, but were the first thing to trip me up. You want to be on Log Insight 3.6 and vROps 6.3. While Log Insight had been upgraded a day or two earlier, vROps was at 6.1. When performing the upgrade of vROps, it did not register its extension properly! Going into the Managed Object Browser showed there was still a vCOps 6.1 registration instance (yes, the extension is still called vCOps!). In addition, the extension was registered by IP, not by DNS. The extension needs to be in place for the steps below, or you receive even more opaque error messages, so I encourage you to verify it now. You can investigate your own MOB at a link similar to https://vcsa.fqdn.example.com/mob, and specifically look at the vROps extension at https://vcsa.fqdn.example.com/mob/?moid=ExtensionManager&doPath=extensionList%5B“com.vmware.vcops”%5D.client

You can correct this in two steps. First, unregister the com.vmware.vcops extension using KB1025360. Then, use KB2135740 to register your updated vROps server. Use the MOB to view the newly registered extension and ensure it has the correct url and version values before continuing. If you have trouble with the new registration, check out KB2146360 for another method before opening a VMware support case. If you feel more comfortable rebooting the entire VCSA, rather than an individual service, that should suffice as well.

Thus shaves the first yak.

Next, it’s time to configure vROps. First, add the Log Insight management pack from the Solution Exchange. That part is pretty simple. Next, you need to create a user and a role in vROps, as specified in the Log Insight documentation here. I created a role and a user called loginsight and assigned just the permissions in the table (astute readers may notice the problem already!). Next, we follow the Log Insight documentation to enable the integration. When you test your connection and you should end up with something like this:

vrops-log-insight-fig-1

If you enable just the alerts integration, all goes well:

vrops-log-insight-fig-2

But add enable launch in context and it goes south quickly (the box is unchecked when the failure is reported):

vrops-log-insight-fig-3

Crap. Don’t bother googling for that string, you won’t find it, trust me! This goes back to the permissions in vROps. If we check out the loginsight user, the permissions look like this:

vrops-log-insight-fig-4

That matches what is in the table. What gives? Well, there’s a little footnote that’s easy to miss, so I highlighted it for you:

vrops-log-insight-fig-5

Well, poop. I really wish they would have made that stand out more, but it IS documented. To fix this, assign global admin to your loginsight user and delete the loginsight role. That leaves you with these permissions:

vrops-log-insight-fig-6

Go back to Log Insight and try and register again. Check the update password button, even if you don’t need to change the password, otherwise it re-uses the token with the old, incorrect permissions. You should receive a much happier message now:

vrops-log-insight-fig-7

Yay, it’s working! Well, almost. Two yaks shaved, one to go.

When you log into vROps, you want to have SSO enabled, otherwise only only local users who have the administrator role will see the context menu. I thought I did, but the All vCenter Servers login option isn’t actually SSO, it’s using vCenter as an authentication system. Slightly different. If SSO were working, you’d be able to log into the vSphere Web Client, then connect to vROps and choose SSO and log in without having to enter authentication information again. If you don’t have that set up, when you log in, you will NOT get the context menu to launch in context.

Follow the vROps instructions to add an SSO source. I will point out that it is unclear to me how to log into vROps using the admin user if you set Automatically redirect to vRealize Operations single sign-on URL? to true, so I left that false (if you know how, please post in the comments!). I find this annoying, as it adds a few clicks to logging in, but I feel confident that I won’t get locked out if SSO breaks for any reason. Make sure that in step 7, you select the user/groups who need to access this action and grant them administrator role in step 9. Once you have SSO working, you can log in using SSO, click on an alert, and in the Action menu, you’ll see a new item:

vrops-log-insight-fig-8

Whew, that was a lot of yak shaving, but we can now launch in context successfully and everything just works. I hope this helps others who want to enable this integration!

One thought on “vROps/Log Insight Integration and Troubleshooting

  1. Pingback: Newsletter: September 10, 2016 | Notes from MWhite

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s