Post-installation setup for IBM Match 360 with Watson
To finish setting up the IBM® Match 360 with Watson™ service after installation, complete the mandatory tasks and the appropriate optional tasks.
Mandatory tasks
- Give users access to the service
-
Cloud Pak for Data administrators are not granted any access to the IBM Match 360 service by default. To access the service, even administrator users must also be added to an appropriate service user group. For example, to create and set up a master data configuration asset, users must belong to the DataEngineer user group. For details, see Giving users access to IBM Match 360 with Watson.
Required role: To complete this task, you must be a Cloud Pak for Data administrator.
- Set up the service
-
To get your IBM Match 360 service instance up and running after installation, a data engineer user must create your master data configuration asset. The configuration asset is where you can onboard data sources, map your data into the system, customize your data model, and set up and tune the matching algorithm. For details, see Creating a configuration asset for IBM Match 360.
Required role: To complete this task, you must belong to the IBM Match 360 DataEngineer user group.
Optional tasks
- Change your deployment to use self-defined credentials instead of generated credentials
-
By default, the IBM Match 360 installation generates credentials that are used for authenticating the service to IBM WebSphere® Liberty Profile, IBM Aspera®, RabbitMQ, Elasticsearch, and Redis. If you choose, you can define your own credentials to use in place of the generated ones.
Note: Credentials must be at least 8 characters in length and contain at least one lowercase letter, one uppercase letter, and one number. If invalid credentials are provided, the operator logs an error and uses generated credentials instead.Required role: To complete this task, you must be a cluster administrator.
To provide your own authentication credentials after installing IBM Match 360:- Shut down the IBM Match
360 service
instance.
oc patch mdm mdm-cr -n ${PROJECT_CPD_INSTANCE} -p '{"spec":{"shutdown":"true"}}' --type=merge
- Wait for the status to return as shutdown. Check the status using
the following command.
cpd-cli help get-cr-status \ --cpd_instance_ns=${PROJECT_CPD_INSTANCE} \ --components=match360
- Delete the existing service authentication secrets.
MDM_INSTANCE_ID=$(oc get mdm -n ${MDM_OPERAND_NAMESPACE} -o json | jq '.items[0].status.instance_id' | tr -d '"') oc delete secret -n $MDM_OPERAND_NAMESPACE mdm-${MDM_INSTANCE_ID}-ibm-rabbitmq-auth-secret mdm-rabbitmq-secret-${MDM_INSTANCE_ID} oc delete secret -n $MDM_OPERAND_NAMESPACE c-mdm-redis-${MDM_INSTANCE_ID}-m c-mdm-redis-${MDM_INSTANCE_ID}-s mdm-redis-secret-${MDM_INSTANCE_ID} oc delete secret -n $MDM_OPERAND_NAMESPACE mdm-aspera-secret-${MDM_INSTANCE_ID} oc delete secret -n $MDM_OPERAND_NAMESPACE mdm-elasticsearch-secret-${MDM_INSTANCE_ID} mdm-elasticsearch-auth-secret-${MDM_INSTANCE_ID} mdm-${MDM_INSTANCE_ID}-ibm-elasticsearch-haproxy-config oc delete secret -n ${MDM_OPERAND_NAMESPACE} mdm-wlp-secret-${MDM_INSTANCE_ID}
- Delete the
RedisSentinal
CR.oc delete RedisSentinel -n ${MDM_OPERAND_NAMESPACE} mdm-redis-${MDM_INSTANCE_ID}
- Check to see if there's an existing secret named
mdm-user-defined-auth
.- If the
mdm-user-defined-auth
secret exists and you want to define new credentials, edit the Secret to update the credentials. - If the
mdm-user-defined-auth
secret does not exist and you want the system to generate new credentials, go to the next step. - If the
mdm-user-defined-auth
secret does not exist and you want to define new credentials, create a secret containing your chosen credentials namedmdm-user-defined-auth
. Use the following format:secrets: user_defined_auth: name: mdm-user-defined-auth aspera: private_key: aspera.private_key public_key: aspera.public_key elasticsearch: password: elasticsearch.password rabbitmq: erlang_cookie: rabbitmq.erlang-cookie management_password: rabbitmq.management-password password: rabbitmq.password redis: compose_password: redis.compose_password wlp: keystore_pass: wlp.key.store.password
Sample Secret template:apiVersion: v1 data: aspera.private_key: [ENCODED_CRED] aspera.public_key: [ENCODED_CRED] elasticsearch.password: [ENCODED_CRED] rabbitmq.management-password: [ENCODED_CRED] rabbitmq.password: [ENCODED_CRED] rabbitmq.erlang-cookie: [ENCODED_CRED] redis.compose_password: [ENCODED_CRED] wlp.key.store.password: [ENCODED_CRED] kind: Secret metadata: name: mdm-user-defined-auth namespace: $MDM_OPERAND_NAMESPACE type: Opaque
- If the
- Restart the
service.
When the service restarts, it will use the new credentials.oc patch mdm mdm-cr -n ${PROJECT_CPD_OPS} -p '{"spec":{"shutdown":"false"}}' --type=merge
- Shut down the IBM Match
360 service
instance.
- Tune and customize the IBM Match 360 deployment
-
IBM Match 360 provides several configuration options in the custom resource (CR) spec to enable you to adjust your IBM Match 360 deployment. For details and information about the parameters in the CR, see Modifying the CR to customize your IBM Match 360 with Watson installation.
To edit the value of a single property in the IBM Match 360 CR (mdm-cr
) spec, use theoc patch
command.oc patch mdm mdm-cr --namespace ${PROJECT_CPD_OPS} -p '{"spec":{"<SPEC-FIELD-NAME>":"<VALUE>"}}' --type=merge
To edit the values of multiple properties in the IBM Match 360 CR spec, use theoc edit
command.oc edit mdm mdm-cr --namespace ${PROJECT_CPD_OPS}
Required role: To complete this task, you must be a cluster administrator.
Administration tasks
After the IBM Match 360 service is set up, you can administer the service and the platform. For more information, see Administering IBM Match 360 with Watson and Administering Cloud Pak for Data.