Introduction
HashiCorp provides a suite of open-source tools intended to support the development and deployment of large-scale service-oriented software installations. Each tool is aimed at specific stages in the life cycle of a software application, with a focus on automation. Many have a plugin-oriented architecture in order to provide integration with third-party technologies and services. Additional proprietary features for some of these tools are offered commercially and are aimed at enterprise customers.
OpsRamp integrates with Hashicorp through REST APIs.
This integration stores secrets in the vault and then it fetches secrets from the vault to use for console launch.
Prerequisites
- OpsRamp Classic Gateway 12.0.0 and 12.0.1 (or) OpsRamp NextGen Gateway
- Gateway should be connected to the OpsRamp portal.
- The vault should be accessible to the gateway.
Configure and Install the integration
From All Clients, select a client.
Navigate to Setup > Account.
Select the Integrations and Apps tab.
The Installed Integrations page, where all the installed applications are displayed. Note: If there are no installed applications, it will navigate to the Available Integrations and Apps page.
Click + ADD on the Installed Integrations page. The Available Integrations and Apps page displays all the available applications.
Search for Hashicorp using the search option available.
Note: Alternatively, you can use the All Categories option to search.Click ADD on the Hashicorp tile.
In the Add Hashicorp page, enter the BASIC DETAILS:
- End Point: Enter the Hashicorp Vault API server IPAddress/HostName and Port.
Example:http://192.168.1.152:8200
- Static Token: Provide the token. This token is static.
- End Point: Enter the Hashicorp Vault API server IPAddress/HostName and Port.
Click NEXT. The VAULT POLICY page is displayed.
Enter the details to create a vault policy. This policy is created to fetch the required secret details from the vault.
- Name: Enter the name for the policy.
- Gateway profile: Select the appropriate gateway profile to connect to the vault. Gateway will fetch all details from the vault.
- Credential Type: Select the appropriate credential type: SSH or WINDOWS. This credential will be used to log in to the console.
PROPERTIES:
Based on the credential type selected the values in the Property fields vary slightly.
Enter the key (from the vault) against the OpsRamp properties
engineName
andsecretName
. Similarly, select other properties like Username, Password, PrivateKey, etc. and enter the keys.
Click the delete icon if you want to delete an entry. Click +ADD PROPERTIES to add more properties.
Note:engineName
andsecretName
are mandatory fields.Click +ADD VAULT POLICY if you want to add multiple vault policies. Click REMOVE to remove the policy.
Click FINISH. The app is installed and appears in the INSTALLED APPS page.
Actions on App
There are Edit, Export, Copy Id and Uninstall actions you can perform on the App.
Edit
Allows you to perform the edit actions on BASIC DETAILS and the VAULT POLICY.
To edit:
Click the Hashicorp app. The account details are displayed.
Click Action > Edit. The Edit Hashicorp page is displayed.
Edit the details as required.
Click the VAULT POLICY tab if you want to edit VAULT POLICY details. The policy details are displayed.
If you want to add more policies, click +ADD. For information on adding a policy, see the Configure and Install the integration section of this document.Click the action menu at the end of the row. Edit and Remove options are displayed.
Click Edit. The Edit Vault Policy page is displayed.
Edit the details as required. You can also add more properties as required.
Click UPDATE. The Vault Policy is updated.
Click Remove if you want to remove the delete the vault policy.
Click SAVE to save the changes.
Uninstall
To uninstall the integration:
Click the Hashicorp app. The account details are displayed.
Click Action > Uninstall. A confirmation popup is displayed.
Provide the reason for uninstalling the app.
Click UNINSTALL. The integration is uninstalled.
Note: This action is not reversible. Un-installation will fail if the credentials are already mapped with the vault policy.
Similarly, you can disable the integration. Click the toggle icon under the Enabled column. The icon color changes to gray.
The next step is to launch the console. To launch the console you need to provide credentials manually or use an already created credential set.
Create credentials
Follow these steps to create credentials.
Navigate to Setup > Accounts > Clients. The client listing page is displayed.
Search for the client you want to create credentials for, using the search option.
Click the client name. The CLIENT DETAILS page is displayed.
Click the Credentials tab. The credentials list is displayed.
Click +Add to create a credential.
Enter the details:
- Name: Provide a name for the credential.
- Description: Provide a brief description about the credential.
- Type: Select the credential type that you selected when creating the vault policy: SSH or Windows.
Based on the credential type selected, the input fields are displayed. - If you select SSH:
- Choose the Authentication Type: Password or Key Pair
- If you choose Password, provide the following details:
- Username: Enter the username
- The Use Password Vault option is checked.
- Integration: Hashicorp is selected by default.
- Policy Mapping: Select the vault policy. All vault policies you created appear here.
- Port: Enter the port
- Connection Time out (ms): Enter the time out.
Default is 10000.
- Username: Enter the username
- If you choose Key Pair, provide the details for: Policy Mapping, Username, Port and Connection Time out (ms).
- If you choose Password, provide the following details:
- Choose the Authentication Type: Password or Key Pair
- If you select Windows:
- Provide the following details:
- Domain Name: Enter the domain name.
- Provide details for Username, Policy Mapping and Connection Time out (ms)
- Domain Name: Enter the domain name.
- Provide the following details:
Click Save. The credential is saved.
The next step will be to assign the credential to the resource.
Assign credential to resource
To launch the console, you have to first assign the credential to the resource.
To assign the credential:
Navigate to Infrastructure > Resources. The resource listing page is displayed.
Click the resource from the left side panel.
Click resource name to view the resource details.
Click Credentials from the left side panel.
Click +Assign. The Assign Credentials popup is displayed.
Select the credential name and click +Assign. A confirmation popup is displayed.
Click Yes. The credential is assigned to the resource.
Launch a console
Follow these step to launch a console:
Click the Consoles icon located in the upper-right corner of the resource overview page.
Click the Browser Console icon.
Provide the required details in the Launch Browse Console popup:
The Use Credentials option is selected by default. Select the credential from the Credentials dropdown list.
Enter the access token in the Access Token box. You can leave it empty if you have provided the token already during collector profile configuration.
Click Launch. The console will launch after fetching the credentials from the vault.