Post-installation setup for IBM Match 360 with Watson

To finish setting up the IBM® Match 360 with Watson™ service after installation, complete the mandatory tasks and the appropriate optional tasks.

Mandatory tasks

Give users access to the service

Cloud Pak for Data administrators are not granted any access to the IBM Match 360 service by default. To access the service, even administrator users must also be added to an appropriate service user group. For example, to create and set up a master data configuration asset, users must belong to the DataEngineer user group. For details, see Giving users access to IBM Match 360 with Watson.

Required role: To complete this task, you must be a Cloud Pak for Data administrator.

Set up the service

To get your IBM Match 360 service instance up and running after installation, a data engineer user must create your master data configuration asset. The configuration asset is where you can onboard data sources, map your data into the system, customize your data model, and set up and tune the matching algorithm. For details, see Creating a configuration asset for IBM Match 360.

Required role: To complete this task, you must belong to the IBM Match 360 DataEngineer user group.

Optional tasks

Change your deployment to use self-defined credentials instead of generated credentials

By default, the IBM Match 360 installation generates credentials that are used for authenticating the service to IBM WebSphere® Liberty Profile, IBM Aspera®, RabbitMQ, Elasticsearch, and Redis. If you choose, you can define your own credentials to use in place of the generated ones.

Note: Credentials must be at least 8 characters in length and contain at least one lowercase letter, one uppercase letter, and one number. If invalid credentials are provided, the operator logs an error and uses generated credentials instead.

Required role: To complete this task, you must be a cluster administrator.

To provide your own authentication credentials after installing IBM Match 360:
  1. Shut down the IBM Match 360 service instance.
    oc patch mdm mdm-cr -n ${PROJECT_CPD_INSTANCE} -p '{"spec":{"shutdown":"true"}}' --type=merge
  2. Wait for the status to return as shutdown. Check the status using the following command.
    cpd-cli help get-cr-status \
    --cpd_instance_ns=${PROJECT_CPD_INSTANCE} \
    --components=match360
  3. Delete the existing service authentication secrets.
    MDM_INSTANCE_ID=$(oc get mdm -n ${MDM_OPERAND_NAMESPACE} -o json | jq '.items[0].status.instance_id' | tr -d '"')
    oc delete secret -n $MDM_OPERAND_NAMESPACE mdm-${MDM_INSTANCE_ID}-ibm-rabbitmq-auth-secret mdm-rabbitmq-secret-${MDM_INSTANCE_ID}
    oc delete secret -n $MDM_OPERAND_NAMESPACE c-mdm-redis-${MDM_INSTANCE_ID}-m c-mdm-redis-${MDM_INSTANCE_ID}-s mdm-redis-secret-${MDM_INSTANCE_ID}
    oc delete secret -n $MDM_OPERAND_NAMESPACE mdm-aspera-secret-${MDM_INSTANCE_ID}
    oc delete secret -n $MDM_OPERAND_NAMESPACE mdm-elasticsearch-secret-${MDM_INSTANCE_ID} mdm-elasticsearch-auth-secret-${MDM_INSTANCE_ID} mdm-${MDM_INSTANCE_ID}-ibm-elasticsearch-haproxy-config
    oc delete secret -n ${MDM_OPERAND_NAMESPACE} mdm-wlp-secret-${MDM_INSTANCE_ID}
  4. Delete the RedisSentinal CR.
    oc delete RedisSentinel -n ${MDM_OPERAND_NAMESPACE} mdm-redis-${MDM_INSTANCE_ID}
  5. Check to see if there's an existing secret named mdm-user-defined-auth.
    • If the mdm-user-defined-auth secret exists and you want to define new credentials, edit the Secret to update the credentials.
    • If the mdm-user-defined-auth secret does not exist and you want the system to generate new credentials, go to the next step.
    • If the mdm-user-defined-auth secret does not exist and you want to define new credentials, create a secret containing your chosen credentials named mdm-user-defined-auth. Use the following format:
      secrets:
        user_defined_auth:
          name: mdm-user-defined-auth
          aspera:
            private_key: aspera.private_key
            public_key: aspera.public_key
          elasticsearch:
            password: elasticsearch.password
          rabbitmq:
            erlang_cookie: rabbitmq.erlang-cookie
            management_password: rabbitmq.management-password
            password: rabbitmq.password
          redis:
            compose_password: redis.compose_password
          wlp:
            keystore_pass: wlp.key.store.password
      Sample Secret template:
      apiVersion: v1
      data:
        aspera.private_key: [ENCODED_CRED]
        aspera.public_key: [ENCODED_CRED]
        elasticsearch.password: [ENCODED_CRED]
        rabbitmq.management-password: [ENCODED_CRED]
        rabbitmq.password: [ENCODED_CRED]
        rabbitmq.erlang-cookie: [ENCODED_CRED]
        redis.compose_password: [ENCODED_CRED]
        wlp.key.store.password: [ENCODED_CRED]
      kind: Secret
      metadata:
        name: mdm-user-defined-auth
        namespace: $MDM_OPERAND_NAMESPACE
      type: Opaque
  6. Restart the service.
    oc patch mdm mdm-cr -n ${PROJECT_CPD_OPS} -p '{"spec":{"shutdown":"false"}}' --type=merge
    When the service restarts, it will use the new credentials.
Tune and customize the IBM Match 360 deployment

IBM Match 360 provides several configuration options in the custom resource (CR) spec to enable you to adjust your IBM Match 360 deployment. For details and information about the parameters in the CR, see Modifying the CR to customize your IBM Match 360 with Watson installation.

To edit the value of a single property in the IBM Match 360 CR (mdm-cr) spec, use the oc patch command.
oc patch mdm mdm-cr --namespace ${PROJECT_CPD_OPS} -p '{"spec":{"<SPEC-FIELD-NAME>":"<VALUE>"}}' --type=merge
To edit the values of multiple properties in the IBM Match 360 CR spec, use the oc edit command.
oc edit mdm mdm-cr --namespace ${PROJECT_CPD_OPS}

Required role: To complete this task, you must be a cluster administrator.

Administration tasks

After the IBM Match 360 service is set up, you can administer the service and the platform. For more information, see Administering IBM Match 360 with Watson and Administering Cloud Pak for Data.