While configuring D-MONA, you can view 2 types of runtime behavior, one where you can view the full behavior expected from
a typical ESC deployment, and the other one depicts the capabilities provided by D-MONA.
The D-MONA runtime behavior is controlled by the day-0 configuration that is provided to the VM at deployment time. For more
information on day zero configuration, see the D-MONA Day Zero Configuration section.
You must provide the notification URL for HA Active/Standby and Standalone. However, for the Active/Active HA, the URL is
auto-generated or computed during the deployment.
D-MONA Day Zero Configuration
The following example shows D-MONA SSH VM access configuration:
<configuration>
<dst>--user-data</dst>
<file>file:///opt/cisco/esc/esc-config/dmona/user-data.template</file>
<variable>
<name>vm_credentials</name>
<val>REPLACED_WITH_GENERATED_PWD</val>
</variable>
</configuration>
The following example shows the notification URL for HA Active/Standby and Standalone:
<variable>
<name>notification.url</name>
<val>
http(s)://xxx.xx.x.xx:xxxx/ESCManager/dmona/api/events/notif
</val>
</variable>
The vm_credentials
passes the encrypted password to admin for SSH access to the D-MONA.
The following example shows the D-MONA ESC certificate configuration:
<configuration>
<dst>/opt/cisco/esc/moan/dmona.crt</dst>
<data>$DMONA_CERT</data>
</configuration>
The following example shows the D-MONA application user data configuration:
<configuration>
<dst/opt/cisco/esc/mona/config/application-dmona.properties</dst>
<file>file:///opt/cisco/esc/esc-config/dmona/application-dmona.template</file>
<variable>
<name>monitoring.agent</name>
<val>true</val>
</variable>
<variable>
<name>monitoring.agent.vim.mapping</name>
<val>true</val>
</variable>
<!—Used to enable Basic Authentication for communication with the D-MONA Application.->
<variable>
<name>security_basic_enabled</name>
<val>true</val>
</variable>
<variable>
<name>security_user_name</name>
<val>REPLACED_WITH_USER_NAME</val>
</variable>
<variable>
<name>security_user_password</name>
<val>REPLACED_WITH_USER_PASSWORD</val>
</variable>
</configuration>
The following example shows the D-MONA day-0 template file for CSP:
Upload the D-MONA day-0 template to the /var/tmp/ directory in all the ESC instances with proper access permission prior to deployment.
#cloud-config
users:
- name: admin # The user's login name
gecos: admin # The user name's real name
groups: esc-user # add admin to group esc-user
passwd: $vm_credentials
# The hash -- not the password itself -- of the password you want
# to use for this user. You can generate a safe hash via:
# mkpasswd --method=SHA-512 --rounds=4096
lock-passwd: false # Defaults to true. Lock the password to disable password login
# Set to false if you want to password login
homedir: /home/admin # Optional. Set to the local path you want to use. Defaults to /home/<username>
sudo: ALL=(ALL) ALL # Defaults to none. Set to the sudo string you want to use
ssh_pwauth: True # Defaults to False. Set to True if you want to enable password authentication for sshd.
write_files:
# ESC Configuration
- path: /opt/cisco/esc/esc-config/esc-config.yaml
content: |
resources:
mona:
dmona: true
- path: /etc/sysconfig/network-scripts/ifcfg-eth0
content: |
DEVICE="eth0"
BOOTPROTO="none"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
IPADDR="${NICID_0_IP_ADDRESS}"
NETMASK="${NICID_0_NETMASK}"
GATEWAY="${NICID_0_GATEWAY}"
DEFROUTE="yes"
NM_CONTROLLED="no"
IPV6INIT="no"
IPV4_FAILURE_FATAL="yes"
- path: /etc/sysconfig/network-scripts/ifcfg-eth1
content: |
DEVICE="eth1"
BOOTPROTO="none"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
IPADDR="${NICID_1_IP_ADDRESS}"
NETMASK="${NICID_1_NETMASK}"
GATEWAY="${NICID_1_GATEWAY}"
DEFROUTE="yes"
NM_CONTROLLED="no"
IPV6INIT="no"
IPV4_FAILURE_FATAL="yes"
runcmd:
- [ cloud-init-per, once, apply_network_config, sh, -c, "systemctl restart network"]
- [ cloud-init-per, once, copy_dmona_config, sh, -c, "cp -RT /media/cdrom/opt/cisco/esc/mona/ /opt/cisco/esc/mona/"]
- [ cloud-init-per, once, esc_service_start, sh, -c, "chkconfig esc_service on && service esc_service start"] # You must include this line