Weitere ähnliche Inhalte Ähnlich wie Explore Advanced CA Release Automation Configuration Topics (20) Mehr von CA Technologies (20) Kürzlich hochgeladen (20) Explore Advanced CA Release Automation Configuration Topics1. Explore Advanced CA Release Automation
Configuration Topics
Keith Puzey
DevOps: Continuous Delivery
CA Technologies
Sr Principal Engineering Services Architect
DO4X96E
@KeithPuzey
#CAWorld
2. 2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type of
warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.
For Informational Purposes Only
Terms of this Presentation
3. 3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Abstract
In this session, we will cover configuring SSL/TLS
communications within your environment,
integrating with Microsoft Active Directory® via
LDAP/LDAPS and review the usage of user roles
and permissions. We will also cover how to
manage deployments using REST, complex
architects, security, communications, scalability
and troubleshooting.
Keith Puzey
CA Technologies
Senior Principal
Engineering Services
Architect
4. 4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Agenda
ARCHITECT TERMINOLOGY AND OVERVIEW
ROLES AND PERMISSIONS - ACTIVE DIRECTORY INTEGRATION
REST INTERFACE
EXECUTION SERVER ARCHITECTURE AND FIREWALLS
SECURING COMMUNICATION
TROUBLESHOOTING
1
2
3
4
5
6
5. 5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Architecture Component Terminology
Release Operation
Center / ROC
Artifact Repository /
Nexus
NAC / Data Management
Server / Management
Server
NES / Execution Server
ASAP / Designer UI /
Studio
Agent / AGT
Database
6. 6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
High Level Architecture
Execution
Server
Management
Server (NAC)
& Repository
Agent
Node
Database
Server
3
Legend:
HTTP Traffic – HTTP 8080 / HTTPS 8443
Database Communication
End Users
Execution
Server
Agent
Node
Agent
Node
Agent
Node
Agent
Node
4
Agent Communication – TCP 6600
HTTP Traffic – HTTP 80832
1
3
4
Active
Directory
(Optional)
Email
Server
(optional)
1
1
1
4
5
5
6
6
AD User Authentication – LDAP 389 / LDAPS 636
Email Communication – SMTP 25
Active MQ – TCP 616167
7
7
Action Pack FTP
download site
Action Pack download and Updates
Ftp.ca.com or Internal ftp site – TCP 21
8
8
2
Management
Server (NAC) &
Repository
Execution
Server
Database
Server
Execution
Server
Agent
Node
Agent
Node
Agent
Node
Agent
Node
Agent
Node
Active
Directory
(optional)
Email
Server
(optional)
End Users
7. 7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Release Automation Internals
3RD PARTY
INTEGRATIONS
CI Server
TFS, Hudson, Jenkins
Help Desk
Service Desk, Service Now
Repository
Artifactory, Nexus, Archiva
SCM
SVN, TFS
Provisioning
CA Cloud Manager
Monitoring
Test Systems
Authentication
Ldap/AD
INFRASTRUCTURE
LAYER
Database
Users, Process, Release,
Audit, Environment
Repository
Artifacts
Repository & Action
Pack Store
Nexus
PRESENTATION LAYER
Designer Swing UI Dashboard UI Release Operations Center UI
DATA MANAGER
Application
Management
Artifact Management
User, Roles &
Permissions
Environment
Management
Process & Flow
Compilation
Template & Release
Compilation
Action Pack Download
Manager
Execution Engine
Scheduler & Calendar Audit & Reports Active MQServer Management
DataAccessFramework
Hibernate
OpenAPI’s
REST,SOAP,CLI
EXECUTION SERVER
Local/Geo Proxy File Distribution & Caching
Flow Control
Events/Messages
Active MQ
AGENT
Workflow Engine & Actions Executor File Caching - Artifacts
8. 8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Execution
Server
Repository
Server
Management
Server
(NAC)
Agent
Node
Database
Server
Proxy
9
3
SuperNode
Execution Server
End Users
Execution
Server
Execution
Server
Agent
Node
Agent
Node
Agent
Node
Agent
Node
7
4
Active
Directory
(Optional)
Email
Server
(optional)
1
1
1
1
4
5
6
Management
Server
(NAC)
Legend:
HTTP Traffic – HTTP 8080 / HTTPS 8443
Database Communication
Agent Communication – TCP 6600
Repository Traffic – TCP 80809
1
3
4
5
6
AD User Authentication – LDAP 389 / LDAPS 636
Email Communication – SMTP 25
Active MQ – TCP 616167
Action Pack download and Updates
Ftp.ca.com or Internal ftp site – TCP 21
8
8
2
HTTP Traffic – HTTP 80832
7
1
7
Action Pack FTP
download site
End Users
Highly Available Architecture
Management
Server (NAC)
Execution
Server
Database Server
Execution
Server
Agent
Node
Agent
Node
Agent
Node
Agent
Node
Agent
Node
Active
Directory
(optional)
Email
Server
(optional)
Execution
Server
Management
Server (NAC)
Repository
Server
Proxy
10. 10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
User Roles
USER
Application Creator
Artifact Manager
SUPERUSER
Note: The superuser role should only be used for system administration
ADMIN USER
Security and Permissions Administrator
Servers Administrator
General System Administrator
Note: Admin Users cannot access applications.
11. 11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Enable LDAP Integration
CONFIGURE ACTIVE DIRECTORY CONNECTION DETAILS
Edit distributed.properties file
use.active.directory.authentication=true
use.active.directory.domain=domain1.ad1.com
use.active.directory.url=ldap://172.17.17.90
use.active.directory.user.username=ldap_browse@domain1.ad1.com
use.active.directory.user.password=ldap_browse-Password
RESTART MANAGEMENT SERVER
Note: All users from the specified domain can now login but have no
rights
12. 12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Assigning Roles and Permissions
1. Identify the Active Directory group which
contains the relevant users based on
there roles and application requirements.
2. Import the relevant group using the
Import AD user groups section of ASAP
3. Any user who is a member of the AD
Group will inherit the role defined here.
Assigning Role
13. 13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Assigning Roles and Permissions
Permissions are set for the imported groups at the application
level and also the environment level
Assigning Permissions
ENVIRONMENT LEVEL PERMISSIONSAPPLICATION LEVEL PERMISSIONS
14. 14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Active Directory Login Example
The user1 is an Active Directory user who is a member of an AD
group with permissions for two applications “Finance” and “Test
Application” but can not see the application “Healthcare”
16. 16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Execution Server Overview
Number of Agents Per Execution Server / NES depends on several factors:
Number of executions performed in parallel
The complexity of those executions
The size of files transferred during the process executions
Default setting is 200 Agents per Execution Server / NES, 5.5.2 supports
1000 agents with 400 active deployments.
Execution servers should be located electronically close to agent machines
17. 17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Execution Server / NES Routing Architecture - STAR
Simple Execution Server / NES routing Architecture
Execution
Server A
Execution
Server C
Execution
Server D
Execution
Server E
Agent
Node
4
Agent
Node
3
Agent
Node
2
Agent
Node
1
Agent
Node
6
Agent
Node
5
Rep Agent
1
Management
Server
Legend:
HTTP Traffic – HTTP 8080 / HTTPS 8443
ActiveMQ Traffice – TCP 61616
Agent Communication – TCP 6600
NES Routing Link , TCP 6600
Execution
Server C
Execution
Server D
Execution
Server E
Execution
Server A
Management
Server
Rep
Agent 1
Agent
Node
1
Agent
Node
2
Agent
Node
3
Agent
Node
4
Agent
Node
5
Agent
Node
6
18. 18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Ring Execution Server with High Availability Architecture
Management
Server
Execution
Server A
Execution
Server C
Execution
Server D
Execution
Server B
Agent Node
4
Agent Node
3
Agent Node
2
Agent Node
1
Agent Node
6
Agent Node
5
Management
Server
Legend:
HTTP Traffic – HTTP 8080 / HTTPS 8443
ActiveMQ Traffic – TCP 61616
Agent Communication – TCP 6600
NES Routing Link , TCP 6600
Oracle
Database Server
Agent Node
6
Agent Node
5
Repository
Server
JDBC , TCP 1521
Repository, TCP 8080
Datacenter Two
Datacenter One
Management Network
Execution
Server C
Execution
Server A
Management
Server
Agent
Node 1
Agent
Node 2
Management
Server
Execution
Server B
Execution
Server D
Agent
Node 3
Agent
Node 4
Agent
Node 5
Agent
Node 6
Agent
Node 5
Agent
Node 6
Repository
Server
19. 19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Execution Server / NES Routing Architecture –
STAR with High Availability
No single point of failure in Execution Server / NES routing
Execution
Server A
Execution
Server B
Execution
Server C
Execution
Server D
Execution
Server E
Agent Node
4
Agent Node
3
Agent Node
2
Agent Node
1
Agent Node
6
Agent Node
5
Rep Agent
1
Management
Server
Legend:
HTTP Traffic – HTTP 8080 / HTTPS 8443
ActiveMQ Traffic – TCP 61616 / SSL 61617
Agent Communication – TCP 6600
NES Routing Link , TCP 6600
Execution
Server C
Execution
Server D
Execution
Server E
Execution
Server A
Management
Server
Rep
Agent 1
Agent
Node
1
Agent
Node
2
Agent
Node
3
Agent
Node
4
Agent
Node
5
Agent
Node
6
Execution
Server B
20. 20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Clustered jFrog Repository architecture
End Users
Management
Server (NAC)
Database Server
Execution
Server
Agent
Node
Agent
Node
Agent
Node
Agent
Node
Agent
Node
Active
Directory
(optional)
Email
Server
(optional)
Execution
Server
Proxy
Repository HTTP
Proxy Load
Balancer
Proxy
Management
Server (NAC)
Execution
Server
JFrog
Artifactory
Node
JFrog
Artifactory
Node
NFS Storage
21. 21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Firewall Considerations
If a small number of agents are outside of a firewall a Execution
Server / NES can be located inside the firewall and configured for
outbound communication only
If a large number of agents are outside the firewall the best
practice is to place a Execution Server / NES outside the firewall
as this will restrict the number of firewall rules required
22. 22 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Firewall Environment – Agent Outbound Port
Execution
Server
Management
Server
(NAC)
Agent Node
IP Address
12.12.12.12
Agent Port
6600
Database
Server
3
Legend:
HTTP Traffic – HTTP 8080 / HTTPS 8443
Database Communication
End Users
Agent Communication – TCP 6600
Active MQ – TCP 616162
1
3
4
Active
Directory
(Optional)
Email
Server
(optional)
1
1
4
5
5
6
6
AD User Authentication – LDAP 389 /
LDAPS 636
Email Communication – SMTP 25
4
Agent Node
IP Address
12.12.12.13
Agent Port
6600
nimi_config.xml configuration
-<reverse_settings>
-<nodes>
<node>12.12.12.12:6600</node>
<node>12.12.12.13:6600</node>
</nodes>
<connection_queue_size>5242880</connection_queue_size>
<!--5MB-->
<connection_queue_wait_time>180000</connection_queue_wait_time>
<!--in milliseconds-->
<poll_interval>150000</poll_interval>
<!-- poll every 2.5 min-->
<poll_retry>150000</poll_retry>
<!-- poll retry in case of other side is dead every 2.5 min-->
</reverse_settings>
</network>
Firewall configuration
TCP Port 6600 open from Execution Server to Agent
Network
2
4
End Users
Management Server
(NAC)
Database Server
Active Directory
(optional)
Email
Server
(optional)
Execution Server
Agent Node
IP Address
12.12.12.12
Agent Port 6600
Agent Node
IP Address
12.12.12.13
Agent Port 6600
Firewall Configuration
TCP Port 6600 open from Execution Server to
Agent Network
23. 23 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
End Users
Firewall Environments – Execution Server /
NES outside Firewall
Firewall Configuration
TCP Port 8080 open from NAC to Execution Server
TCP Port 616161 open from NAC to Execution Server
TCP Port 6600 open from NES to NES
Management
Server (NAC) &
Repository
Execution
Server
Database Server
Active Directory
(optional)
Email
Server
(optional)
Agent Node
Agent NodeAgent Node Agent Node
Execution
Server
25. 25 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Securing Release Automation Communication Overview
Release Automation is shipped with self signed certificated
and by choosing to use the secured ports these certificate's
will be used
Browser and ASAP to Data Manager
- HTTPS - 8443
Data manager to Execution Servers
- HTTPS – 8443 and ActiveMQ - 61616
Execution Server to Agents
- Nimi / TLS - 6600
26. 26 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
UI to Management Server
Use the following URL to connection between ASAP / Browsers
and the management servers using HTTPS and the default CA
Certificates:
https://managementserver:8443
If the certificates need to be replaced with custom certificates
details can be found on the CA Wiki
https://goo.gl/4ko5Dz
27. 27 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Management Server to Execution Server
Use the following URL to connection between the management
servers and the execution server using HTTPS and the default CA
Certificates:
https://executionserver:8443
If the certificates need to be replaced with custom certificates
details can be found on the CA Wiki
https://goo.gl/4ko5Dz
28. 28 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Execution Server to Agents
At installation time of the agent an option can be selected to use secure
communications
Post agent installation you can enable this functionality by editing
RA_HOMEconfnimi_config.xml
Enable secure communication by editing this section and setthing it to true
<security>
<enabled>false</enabled>
If the certificates need to be replaced with custom certificates details can be
found on the CA Wiki
https://goo.gl/4ko5Dz
30. 30 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Java Management Extensions (JMX)
JMX is a java
technology that
supplies tools for
managing and
monitoring applications
JMX can be used to
interrogate Release
Automation internals
but should only be
used when directed by
CA support
JMX is available on NAC
/ NES on port 20203 and
agents on port 8282
31. 31 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Java Management Extensions (JMX)
Primary JMX Domain is called
noliocenter
Type=HighAvailability
Shows the status of the NAC High
Availability
Type=Info:
Is a useful view of process Status and
can be used to Remove jobs
32. 32 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
ActiveMQ
CA Release Automation is now
using ActiveMQ
starting from version 5.0
ActiveMQ is a message queues
server implementation.
Implements the JMS standard
Broke
r
Broke
r
Broke
r
Consumer
Consumer
Consumer
Consumer
Consumer
Consumer
Consumer
33. 33 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Network Topology
ActiveMQ runs as an embedded server in the NAC and
in the NES
All JMS (MQ) traffic is in the direction of the NAC
All consumers are on the NAC
All producers are on the NES
The activeMQ server is exposed in JMX (port 20203,
look for ActiveMQ)
When the NES and the NAC are on the same machine
(full install), than the NES uses the NAC ActiveMQ
server.
NES (standalone)
ActiveMQ broker on
NES
NES (all-
in-one)
ActiveMQ broker
on NAC
NAC
MQ
MQ
MQ
MQ
34. 34 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Network Connections
All JMS Traffic flows
from the NES to the
NAC. The NAC still uses
HTTP to send
instructions and
messages to the NES.
ActiveMQ runs by
default on TCP port
61616 (can be
configured)
The NAC creates a
duplex connection to
the NES machines.
35. 35 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Queues on ActiveMQ
We define multiple queues on ActiveMQ
The queues are distributes (it’s the same queue on all the brokers)
– Connectivity queue
Holds keep-alive messages
– Requests queue
For example – request of parameter values
– Events queue
For example – flow started, flow finished, file transfer done.
– Step events queue
For example, step started, step in progress
36. 36 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
ActiveMQ Configuration
The configuration of ActiveMQ is
done in several XML’s
Comes preconfigured – no need to
touch (except in the case of SSL)
NAC FILES
activemq-broker-nac.xml
inbound-nac.xml
NES FILES
activemq-broker-nes.xml
activemq-external-broker-
nes.xml
outbound-nes.xml
37. 37 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
ActiveMQ Property Files
Different files for NAC and the NES
webappsdatamanagementWEB-
INFjms.properties
webappsexecutionWEB-
INFjms.properties
Automatically created and
configured during upgrade/install
#Wed Feb 18 15:47:07 GMT 2015
jms.transport.port.nes=61616
http.to.nac=false
jms.trust.store=conf/nolio.jks
jms.encrypted.key.store.password=A30B6F1F8F7
A0E456311C3142AE07D7A
jms.encrypted.trust.store.password=A30B6F1F8F
7A0E456311C3142AE07D7A
jms.transport.port.nac=61617
jms.activate.broker=true
jms.key.store=conf/keyStore.jks
38. 38 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
JMX interface / ActiveMQ
One of the first lines (brokerName=BrokerNacServer) links to
controlling the activeMQ server
The next lines contains the queues, the consumers and the producers.
39. 39 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Troubleshooting
1. IS THE CORRECT PROFILE ACTIVE (ON BOTH NAC AND NES)?
a. Profiles can be found in the log of the NAC and the NES (during the spring context definition). Just look for the words:
"Active spring profiles"
i. [main] INFO (com.nolio.platform.server.context.ProfilesApplicationContextInitializer:30) - Active spring profiles:
[http.to.nes, jms.to.nac, JPA, jms.external.broker]
2. VERIFY THAT THE ACTIVEMQ SERVER IS UP AND RUNNING
a. The server is exposed by JMX. Enter the JMX management page (http://hostname:20203) (user nolio, password nolio)
b. Look for domain org.apache.activemq
c. Check in both NAC and NES (unless NES is all-in-one)
d. org.apache.activemq:type=Broker,brokerName=brokerNacServer
i. TotalConsumerCount should be > 10
ii. TotalDequeueCount should be > 0
iii. TotalEnqueueCount should be > 0
e. org.apache.activemq:type=Broker,brokerName=brokerNacServer,service=Health
You can check the health status of the embedded activeMQ broker. The attribute CurrentStatus should be "good"
40. 40 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Troubleshooting (2)
1. Verify that the queues were created (under the JMX)
2. Look at the dm logs - are there any "connection refused" exceptions?
look for the word "broker“
It's ok to have some connection refused exceptions at the beginning. The
NES connects to the NAC before the NAC is fully up and running.
3. Is the NES showing as available in the UI? Try to edit and save.
Is the broker port configured correctly?
4. Check the firewall settings
41. 41 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
NiMi
Execution Servers and Agents connect using NiMi which is CA Technologies'
proprietary protocol.
In NiMi the serialized Java objects are transferred over plain TCP with the option
of Transport Layer Security (TLS).
Execution Servers and Agents use NiMi to communicate with each other.
NiMi is a P2P proprietary protocol, each Agent can connect to any other Agent,
as long as they are part of the same NiMi network. Agents or Execution Servers
are nodes in the NiMi network.
NiMi security configuration is defined in the configuration file nimi_config.xml
found in the /conf subfolder of an Agent or an Execution Server.
42. 42 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
nimi_config.xml
NAME REQUIRED POSSIBLE VALUES DESCRIPTION
enabled YES true, false
Element which determines whether current node requires TLS connection.
If the value is true, this node will use secure communication.
Any other value will be regarded as false.
keystore YES <file path> Path to the main keystore which contains the key pair for TLS communication.
keystore_password YES <encrypted string>
Encrypted password in BASE64 form which will be used to read the keystore and the key pair.
Note: The keystore_password is used to open both keystore and the key pair.
trust_store YES <file path> Path to the main truststore which contains the public keys that should be trusted by current node.
trustore_password YES <encrypted string> Encrypted password in BASE64 form which will be used in order to read the truststore and the keys in it.
cipher_suites/cipher_suite NO
<JAAS identification of a cipher
suite>
Element which contains cipher_suite elements each of which defines a single cipher suite permitted for
use by the node.
If no cipher suite is defined, all cipher suites will be eligible for usage.
The specific value to use can be determined by inspection of nimi.log of logs subfolder just after the
node was started. At start-up, each NiMi node lists all available cipher suites and ones that were
configured.
Xml file contains the settings for config / network and security
43. 43 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Troubleshooting Best Practice
LOG FILE MANAGEMENT
Data Manager Log file properties file Location
– <Release_Automation_Install_Folder>webappsdatamanagementWEB-INFlog4j.properties
Execution Server Log file properties file Location
– <Release_Automation_Install_Folder> webappsexecutionWEB-INFlog4j.properties
Agent Log file properties file Location
– <Release_Automation_Install_Folder>conflog4j.properties
To change the default backups and size of your logs, you can alter these Properties.
– log4j.appender.auditing.MaxFileSize=5000KB
– log4j.appender.auditing.MaxBackupIndex=5
Service restart is not required.
44. 44 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Troubleshooting Best Practice
LOG FILE REVIEWING
Log files wrap when they reach the size
specified in the log4j.properties file so the
logs should be collected as soon after an
error has occurred.
When Troubleshooting issues with the
Data Manager first check that the data
manager has completed startup by
searching for the string $$$$ in the log
Nolio_dm_all.log
45. 45 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Troubleshooting Best Practice
LOG FILE REVIEWING
If the Data Manager does not start correctly a
key configuration file to check is the database
configuration file.
– CAReleaseAutomationServerwebappsdatamanag
ementWEB-INFdistributed.properties“
Log files can be gathered from the
designer UI
When initially reviewing log files first search
for the string “error”
46. 46 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Data Management Server Overview
Management Server (NAC)
Release Operations Center
Automation Studio
Delivery Dashboard
Embedded Repository:
Sonatype Nexus
DefaultURL: http://DataManagerserver:8080/nexus
Credentials : admin / nolionolio
JMX Management Console:
MX4J
DefaultURL: http://DataManagerserver:20203
Credentials : nolio / nolio
Changes should only be made directly within the JMX when instructed to by Support
Management Server:
Apache
Default Port 8080 / 8443, 8083, 61616 / 61617
DefaultURL: http://DataManagerserver:8080
ROC URL : http://DataManagerserver:8080/datamanagement/asapui.html
Dashboard URL : http://DataManagerserver::8080/datamanagement/MngConsole.htm
Superuser Credentials : superuser / suser
Windows service names:
Nolio Release Automation Server Service
Nolio Update Service
Nolio Agent
Management Server (NAC)
Release Operations Center
Automation Studio
Delivery Dashboard
47. 47 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Data Management Server Log files
PRIMARY LOG FILE
nolio_dm_all.log
LOG FILE CONTAINS THE FOLLOWING INFORMATION
NAC start-up sequence.
DB connectivity
Amount of agents that connected to each NES and unreachable agents.
Status of processes execution
Logged in users
Details about design and publish activities
48. 48 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Data Management Server Log files
nolio_document.log
Contains information about processes that exported to xml document
File Location = <Install dir>/logs/nolio_document.log
nolio_export.log
Contains information about components/applications that imported/exported to/from
the system
LogFile Location = <Install dir>/logs/nolio_export.log
nolio_auditing.log
Contains all design and administration changes (Note that audit report need to be
enable)
Log file Location = <Install dir>/logs/nolio_auditing.log
49. 49 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Data Management Server Log files
installation.log
Contains a summary of system installation
Log file Location = <Install dir>/.install4j/installation.log installation.log.*
- Contains a summary of system upgrade from previous version
- <Install dir>/.install4j/installation.log.*
Agent_upgrade.log
Contains a summary of agents upgrade
Log file Location = <Install dir>/logs/Agent_upgrade.log
Installation log can be found in %temp% folder
50. 50 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Action Pack Download Service
CONFIGURATION
The Action Management panel in the Release
Operations Center displays the installed Action
Packs and also a list of available action packs that
can be downloaded from the CA FTP site as
shown in the following screenshot.
The REST_PORT value is the port used to connect
the Action management portlet within the ROC
UI to the update service on the NAC.
If the NAC does not have access to the internet
the content of the FTP url can be copied to an
internal FTP server and the values for CA_URL
and CA_PACK_URL modified accordingly.
51. 51 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Action Pack Download Service
The default ports for this service can be modified in the following file which
can be found on the NAC:
"C:Program FilesCAReleaseAutomationServerUpdateServiceURL.ini"
The configuration file contains the following information:
#Wed Jan 29 15:38:12 EST 2014
CA_URL=ftp://ftp.ca.com/pub/dpm/ReleaseAutomation/UpdateService
CA_PACK_URL=ftp://ftp.ca.com/pub/dpm/ReleaseAutomationActions/ActionPacks
INTERVAL=1440
REST_PORT=8083
52. 52 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Action Pack Download Service
Update Service Log location
CAReleaseAutomationServerUpdateServiceupdate-service.log
CAReleaseAutomationServerUpdateServicenolio_update_service_error.log
CAReleaseAutomationServerUpdateServicenolio_update_service_output.log
LOGGING
53. 53 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Action Pack Download Service
Confirm that the following URL is accessible from the NAC server through a direct internet connection
with no Proxies
– ftp://ftp.ca.com/pub/dpm/ReleaseAutomationActions/ActionPacks
Confirm that the Nolio Update service is running
– On Windows check that the “Nolio Update Service” is running
– On Linux run the command nolio_update_service status
Check the nolio_update_service_output.log and confirm that you see the following:
INFO: Cannot parse the ftp port from URL.ini, will use the default port : 21
INFO: remote ftp file: /pub/dpm/ReleaseAutomation/UpdateService//up.xml
INFO: Ftp File ftp://ftp.ca.com/pub/dpm/ReleaseAutomation/UpdateService//up.xml has been
downloaded successfully.
TROUBLESHOOTING
54. 54 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Action Pack Download Service
If the connection to the FTP server has succeeded the file
pkgList.xml will be found in the following location
– C:Program FilesCAReleaseAutomationServerUpdateService
Use Netstat to confirm that the port 8083 is listening and if a
firewall is used on the NAC or between the NAC and the
Browser (ROC) ensure that port TCP 8083 is open
From the Browser machine confirm that port 8083 is accessible
using telnet.
TROUBLESHOOTING
55. 55 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Execution server Overview
Execution Server JMX Management Console:
MX4J
DefaultURL: http://DataManagerserver:20203
Credentials : nolio / nolio
Changes should only be made directly within the JMX when instructed to by Support
Execution Server:
Apache
Default Port = 8080 / 8443, 6600 and 61616 / 61617
Windows service names:
CA LISA Release Automation Server Service
CA LISA Release Automation watchdog Service
Execution Server
56. 56 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Execution Server Log files
Nimi.log
Contains Information regarding communication between NAGs and NES such as handshake activity
Contains Network topology (NAG and NES versions, ID’s IP’s etc.)
Contains Information regarding parameters values and files that transfers between NAGs.
Log file location = <Install dir>/logs/nimi.log
Nolio_exec_all.log and execution.log
Contains Information regarding execution events and parameters that transfers between NAG’s NES
and NAC.
Contains Remote agent installations logging
Log file Locations = <Install dir>/logs/Nolio_exec_all.log, <Install dir>/logs/execution.log
57. 57 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Execution Server Log files
installation.log
Contains a summary of system installation
Log file Location = <Install dir>/.install4j/installation.log
installation.log.*
Contains a summary of system upgrade from previous version
<Install dir>/.install4j/installation.log.*
Installation log can be found in %temp% folder
58. 58 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Agent Server Overview
Agent Node
Agent:
Default Port = 6600
Windows service name:
Nolio Agent
JMX Management Console:
MX4J
DefaultURL: http://DataManagerserver:8282
Credentials : nolio / nolio
Changes should only be made directly within the JMX when instructed to by Support
Agent Node
59. 59 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Agent Server Log Files
Nimi.log
Contains Information regarding communication between agent and NES
Contains Information regarding parameters values and files that transfers
Log file location = <Install dir>/logs/nimi.log
Nolio_all.log
All NAG activity except the network layer (stored in nimi.log)
Log file Locations = <Install dir>/logs/Nolio_all.log
60. 60 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Agent Server Log Files
Nolio_action_exe.log
Contains specific information about actions executions and their results.
Log file Locations = <Install dir>/logs/
installation.log
Contains a summary of system installation
Log file Location = <Install dir>/install4j/installation.log
Installation log can be found in %temp% folder
62. 62 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Rest API
REST stands for Representational State Transfer.
It relies on a stateless, client-server, cacheable communications protocol
using the HTTP protocol.
REST API can be used to Externalise functionality within CA Release
Automation
Rest API documentation is available from the Help link within the ROC
63. 63 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Rest API
Open a REST client in this example we are using “POSTMAN” within the
Chrome browser
To list the applications within Release Automation the online help has the
following information
Enter this URL into the Rest Client and change the type of connection to
“GET”
Example
64. 64 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Rest API
Change the Authentication tab to “Basic Auth” and enter credentials for your release
automation server
Enter header parameters
Content-Type Text/html
Click “Send” to test the Rest connection and retrieve the response
Example – Continued
65. 65 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Rest API
The output can be shown
as JSON or XML and the
client shows the Status
return code and
response time
Example – Continued
66. 66 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Recommended Sessions
SESSION # TITLE DATE/TIME
DO4X210L
Hands-On Lab: Build Integrations You Need with CA
Release Automation Rapid Development Kit (RDK) and
Software Development Kit (SDK)
11/19/2015 at 3:00 pm
DO4T20S
Case Study: Euroclear Adopts Continuous Delivery for
New Customer-Facing Application
11/19/2015 at 4:30 pm
DO4T33T
Tech Talk: Evolve from Continuous Integration to
Continuous Delivery
11/19/2015 at 12:15 pm
67. 67 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Must See Demos
CA Release
Automation
CA Release
Automation
Theater 4
CA Release
Pipeline
Manager
Theater 4
CA RA Rapid
Dev. Kit, SDK
CA Release
Automation
Theater 4
Integrations
CA Release
Automation
Theater 4
68. 68 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Follow On Conversations At…
Smart Bar
CA Release Pipeline
Manager
Theater 4
Tech Talks
CA Release
Automation
Theater 4
69. 69 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Q & A
70. 70 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
For More Information
To learn more, please visit:
http://cainc.to/Nv2VOe
CA World ’15