Creating the Engineering Lifecycle Management instance secret

Edit online

The Engineering Lifecycle Management instance secret stores sensitive information like database credentials that are used in the Engineering Lifecycle Management applications. You must create the Engineering Lifecycle Management instance secret in the Red Hat® OpenShift® before you create the Engineering Lifecycle Management instance. If it is not created or done incorrectly in the cluster, the Engineering Lifecycle Management instance creation might fail.

About this task

You can create the instance secret by using any one of the following methods:

Red Hat OpenShift Container Platform web console method

Edit online

Procedure

  1. In the Red Hat OpenShift platform, go to Projects and open the project where the Engineering Lifecycle Management instance secret is to be created.
  2. Click Workloads > Secrets.
  3. Select From YAML from the Create list.
    The Create Secret page opens.
  4. Enter elm-auth-secret in the name field.
    Important: For the successful creation of the Engineering Lifecycle Management instance, you must provide the secret name as elm-auth-secret.
    The properties that are used in the example are specific to the cluster that is created. You must update the properties according to your cluster configuration.

    Replace stringData with the following code block and provide the input for all the fields.

    apiVersion: v1
kind: Secret
metadata: 
  name: elm-auth-secret
  namespace: <namespace>                          # Kubernetes Cluster Namespace
stringData: 
  CCM_DB_JDBC_PASSWORD: <password>                
  DB_USER_PASSWORD: <password>                  
  DCC_DB_JDBC_PASSWORD: <password>                
  DW_JDBC_PASSWORD: <password>                    
  GC_DB_JDBC_PASSWORD: <password>                 
  JTS_DB_JDBC_PASSWORD: <password>               
  LDX_DB_JDBC_PASSWORD: <password>                
  LQE_DB_JDBC_PASSWORD: <password>                
  ENI_DB_JDBC_PASSWORD: <password>               
  QM_DB_JDBC_PASSWORD: <password>                
  RM_DB_JDBC_PASSWORD: <password>                 
  OIDC_PROVIDER_USERID: <oidc-provider-user>      
  OIDC_PROVIDER_PASSWORD: <password>              
  SCIM_PROVIDER_USERID: <scim-provider-user>      
  SCIM_PROVIDER_PASSWORD: <password>              
  SCIM_USERID_MAPPING: <scim-userid-mapping>      
  SSL_KEYSTORE_PW: <password>                     
  GC_ACTIVATION_KEY: <gc-activation-key>          
  LDAP_PASSWORD: <password>                       
  OIDC_CLIENT_ID: <oidc-client-id>                
  OIDC_CLIENT_SECRET: <oidc-client-secret>       
type: Opaque
    Where:
    <application>_DB_JDBC_PASSWORD
    Engineering Lifecycle Management application database password
    DB_USER_PASSWORD
    Jazz® Authorization Server password
    DW_JDBC_PASSWORD
    Data warehouse password
    OIDC_PROVIDER_USERID
    JAS OIDC provider user ID
    Note: If you are using the authType:LDAP, you need to specify the JAS LDAP provider user ID.
    OIDC_PROVIDER_PASSWORD
    JAS OIDC provider password, which is used during the Engineering Lifecycle Management installation.
    Note: If you are using the authType:LDAP, you need to specify the JAS LDAP provider password.
    SCIM_PROVIDER_USERID
    JAS SCIM provider user ID
    SCIM_PROVIDER_PASSWORD
    JAS SCIM provider password, which is used during the user registry configuration.
    LDAP_PASSWORD
    LDAP user password, which is used to query the LDAP directory. If the bindPassword property is used in the LDAP_CONFIG file to set up the LDAP user registry, you must provide the LDAP password in Engineering Lifecycle Management instance secret. For more information, see Authenticating Jazz Authorization Server by using the LDAP user registry.
    SSL_KEYSTORE_PW
    SSL keystore password that is used in all Engineering Lifecycle Management applications.
    OIDC_CLIENT_ID
    Client ID of the application that is registered with the OIDC authentication provider server.
    OIDC_CLIENT_SECRET
    Client secret of the application that is registered with the OIDC authentication provider server.
    SSL_TRUSTSTORE_PW
    Password to set up the truststore for SSL certificates in Liberty.
    GC_ACTIVATION_KEY
    Provide the activation key for the configuration management of the Engineering Lifecycle Management instance. For more information about activating configuration management, see Enabling configuration management for the Engineering Lifecycle Management instance.
    Important: If you do not plan to activate configuration management for the Engineering Lifecycle Management instance, you must remove the GC_ACTIVATION_KEY field from the secret elm-auth-secret.
    SCIM_USERID_MAPPING
    Provide the value of SCIM property to USER ID mapping to other than the default values.
    Important: If you do not plan to use a customized value for SCIM USER ID mapping, you must remove the SCIM_USERID_MAPPING field from the secret elm-auth-secret
    Note: The fields OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, and SSL_TRUSTSTORE_PW are applicable only when you configure JAS with the OIDC authentication provider. For more information, see Authenticating Jazz Authorization Server by using an OIDC authentication provider.
    For more information on Secrets, see Template and sample YAML of Secret
  5. Click Create to save the Engineering Lifecycle Management instance secret elm-auth-secret.

Red Hat OpenShift CLI method

Edit online

Procedure

Use the following command to create the elm-instance secret 
oc create --filename=<folder-path>/elm-auth-secret.yaml
For more information, see Template and sample YAML of Secret

Kubernetes CLI method

Edit online

Procedure

Use the following command to create the elm-instance secret 
kubectl create --filename=<folder-path>/elm-auth-secret.yaml
For more information, see Template and sample YAML of Secret