If you want to configure the ISKLM information on the Cloud Pak for Data System, work with the platform administrator to perform
the following steps.
Before you begin
After the ISKLM administrator has created a device group for
Cloud Pak for Data System in the ISKLM server, make sure that you have the
following information:
- The Server certificate in
.pem format from the ISKLM server.
- The device group name created on the ISKLM server.
- The ISKLM IP address and KMIP port value.
To configure the ISKLM information on Cloud Pak for Data System, the platform administrator must perform the following steps:
Procedure
-
Log in to a control node as
apadmin or equivalent.
-
Run the command:
apsedsklm configure --url <protocol://ip address:port> --servercert <server certificate path> --devgrp <device-group>
where
- protocol
- either
tls or http
- ip address
- the SKLM IP address
- port
- the KMIP port of SKLM
- server certificate path
- the downloaded location of the SKLM server certificate in Cloud Pak for Data System
- device-group
- the device group created for this system by the ISKLM administrator
Example:
[apadmin@e1n1]# apsedsklm configure --url tls://9.30.220.247:5696 --devgrp IIAS_GROUP_TEST --servercert /tmp/ssl/server_cert_export.cer
Creating Client Key and Certificate..
Successfully Created Client Key and Certificate.
Configuring Client Parameters.
sedsupport.cfg.json File already exists in /var/lib/sedsupport.. Rewriting the Configuration.
Successfully Configured SKLM Client Parameters..
Please find log at /var/log/appliance/platform/sedsupport/apsedsklm_20190303222531.log
-
Once the command runs successfully, it will create a client certificate that needs to be
uploaded into the ISKLM server with the help of ISKLM administrator.
-
After the successful upload to ISKLM, you can delete this file from Cloud Pak for Data System.