Introduction

HashiCorp provides a suite of open-source tools intended to support the development and deployment of large-scale service-oriented software installations. Each tool is aimed at specific stages in the life cycle of a software application, with a focus on automation. Many have a plugin-oriented architecture in order to provide integration with third-party technologies and services. Additional proprietary features for some of these tools are offered commercially and are aimed at enterprise customers.

OpsRamp integrates with Hashicorp through REST APIs.

This integration stores secrets in the vault and then it fetches secrets from the vault to use for console launch.

Prerequisites

  • OpsRamp Classic Gateway 12.0.0 and 12.0.1 (or) OpsRamp NextGen Gateway
  • Gateway should be connected to the OpsRamp portal.
  • The vault should be accessible to the gateway.

Configure and Install the integration

  1. From All Clients, select a client.

  2. Go to Setup > Integrations and Apps. If there are apps already installed, it will redirect to the INSTALLED APPS page where all the installed apps are displayed. Click +ADD and search for the App on the Available apps page.

If there are no installed apps, it will navigate to the AVAILABLE APPS page.

Use the search option available to search for the Hashicorp application. Alternatively, use All Categories dropdown to search. In this case, select Password Vault.
Note: The search option is used to search for apps on a page.

  1. Click ADD under Hashicorp:

  2. In Add Hashicorp page, enter BASIC DETAILS:

    • End Point: Enter the Hashicorp Vault API server IPAddress/HostName and Port.
      Example: http://192.168.1.152:8200
    • Static Token: Provide the token. This token is static.

  3. Click NEXT. The VAULT POLICY page is displayed.

  4. Enter the details to create a vault policy. This policy is created to fetch the required secret details from the vault.

  • Name: Enter the name for the policy.
  • Gateway profile: Select the appropriate gateway profile to connect to the vault. Gateway will fetch all details from the vault.
  • Credential Type: Select the appropriate credential type: SSH or WINDOWS. This credential will be used to log in to the console.

PROPERTIES:

Based on the credential type selected the values in the Property fields vary slightly.

  1. Enter the key (from the vault) against the OpsRamp properties engineName and secretName. Similarly, select other properties like Username, Password, PrivateKey, etc. and enter the keys.
    Click the delete icon if you want to delete an entry. Click +ADD PROPERTIES to add more properties.
    Note: engineName and secretName are mandatory fields.

    Click +ADD VAULT POLICY if you want to add multiple vault policies. Click REMOVE to remove the policy.

  2. Click FINISH. The app is installed and appears in the INSTALLED APPS page.

Actions on App

There are Edit and Uninstall actions you can perform on the App.

Edit

Allows you to perform the edit actions on BASIC DETAILS and the VAULT POLICY.

To edit:

  1. Click the Hashicorp app. The account details are displayed.

  2. Click Action > Edit. The Edit Hashicorp page is displayed.

  3. Edit the details as required.

  4. Click the VAULT POLICY tab if you want to edit VAULT POLICY details. The policy details are displayed.
    If you want to add more policies, click +ADD. For information on adding a policy, see the Configure and Install the integration section of this document.

  5. Click the action menu at the end of the row. Edit and Remove options are displayed.

  6. Click Edit. The Edit Vault Policy page is displayed.

  7. Edit the details as required. You can also add more properties as required.

  8. Click UPDATE. The Vault Policy is updated.

  9. Click Remove if you want to remove the delete the vault policy.

  10. Click SAVE to save the changes.

Uninstall

To uninstall the integration:

  1. Click the Hashicorp app. The account details are displayed.

  2. Click Action > Uninstall. A confirmation popup is displayed.

  3. Provide the reason for uninstalling the app.

  4. Click UNINSTALL. The integration is uninstalled.

Note: This action is not reversible. Un-installation will fail if the credentials are already mapped with the vault policy.

Similarly, you can disable the integration. Click the toggle icon under the Enabled column. The icon color changes to gray.

The next step is to launch the console. To launch the console you need to provide credentials manually or use an already created credential set.

Create credentials

  1. Go to Setup > Setup > Accounts > Clients. The client listing page is displayed.

  2. Search for the client you want to create credentials for, using the search option.

  3. Click the client name. The CLIENT DETAILS page is displayed.

  4. Click the Credentials tab. The credentials list is displayed.

  5. Click +Add to create a credential.

  6. Enter the details:

    • Name: Provide a name for the credential.
    • Description: Provide a brief description about the credential.
    • Type: Select the credential type that you selected when creating the vault policy: SSH or Windows.
      Based on the credential type selected, the input fields are displayed.
    • If you select SSH:
      • Choose the Authentication Type: Password or Key Pair
        • If you choose Password, provide the following details:
          • Username: Enter the username
          • The Use Password Vault option is checked.
          • Integration: Hashicorp is selected by default.
          • Policy Mapping: Select the vault policy. All vault policies you created appear here.
          • Port: Enter the port
          • Connection Time out (ms): Enter the time out.
            Default is 10000.
        • If you choose Key Pair, provide the details for: Policy Mapping, Username, Port and Connection Time out (ms).
    • If you select Windows:
      • Provide the following details:
        • Domain Name: Enter the domain name.
        • Provide details for Username, Policy Mapping and Connection Time out (ms)

  7. Click Save. The credential is saved.

The next step will be to assign the credential to the resource.

Assign credential to resource

To launch the console, you have to first assign the credential to the resource.

To assign the credential:

  1. Go to Infrastructure > Resources. The resource listing page is displayed.

  2. Click the resource from the left side panel.

  3. Click resource name to view the resource details.

  4. Click Credentials from the left side panel.

  5. Click +Assign. The Assign Credentials popup is displayed.

  6. Select the credential name and click +Assign. A confirmation popup is displayed.

  7. Click Yes. The credential is assigned to the resource.

Launch a console

To launch a console:

  1. Click the Consoles icon located in the upper-right corner of the resource overview page.

  2. Click the Browser Console icon.

  3. Provide the required details in the Launch Browse Console popup:

  4. The Use Credentials option is selected by default. Select the credential from the Credentials dropdown list.

  5. Enter the access token in the Access Token box. You can leave it empty if you have provided the token already during collector profile configuration.

  6. Click Launch. The console will launch after fetching the credentials from the vault.