Capability registration

Operations Dashboard receives distributed tracing data from registered IBM Cloud Pak for Integration capabilities. When a new capability is deployed with IBM Cloud Pak Platform UI, it must register with Operations Dashboard in order to be able to send distributed tracing data.

Capability registration is available with the following methods:

  • HTTP request (deprecated) - Approval is always manual.

  • Service binding API (based on a custom resource) - Approval is automatic (default) or manual.

Tracing for an integration capability instance can be enabled only when deploying the instance. If tracing has not been enabled, the instance of the integration capability needs to be redeployed, with tracing enabled.

Note: Until the registration process completes, two containers of the integration capability instance (the agent and the collector containers) will not be ready for use.

Capability registration with HTTP request (deprecated)

  • When a new instance of an integration capability is created with tracing enabled, a new registration request appears on Registration requests.

  • Once the registration request is approved, the Operations Dashboard administrator is displayed with a command they need to execute in order to create a secret in the namespace of the integration capability.

  • Once the command is executed, and the secret is created, the process is complete and the new integration capability instance is ready for use.

If the integration capability registration request does not appear in Operations Dashboard Web Console, follow the steps described in Troubleshooting.

Capability re-registration

If Operations Dashboard is reinstalled, integration capabilities that have been registered to the deleted instance might not be able to send tracing data to the new instance until they re-register manually to the new instance of Operations Dashboard.

Important: The re-installed Operations Dashboard instance should be installed in the same namespace as the previous instance. If this does not happen, the individual instances of the integration capabilities must be redeployed with the correct namespace name.

If the registration to the deleted instance of Operations Dashboard was done using the capability registration API, delete the icp4i-od-store-cred secret in the integration capability namespace, wait for the Operations Dashboard operator to recreate it, and restart the capability pod that is running the collector container so you can start using the new certificates and credentials.

Otherwise, perform the following steps to manually re-register:

  1. Every capability deployed with the tracing option enabled has a pod that includes a collector container. To identify the collector container and the pod that includes it, use the following command. Change <CAPABILITY_NAMESPACE> to the namespace name where your capability is deployed:

    shell
oc get pods -n <CAPABILITY_NAMESPACE> -o=jsonpath='{range .items[*]}{"\n"}{"POD NAME: "}{.metadata.name}{"   CONTAINERS: "}{range .spec.containers[*]}{.name}{", "}{end}{end}' | grep collector

    Example output:

    POD NAME: datapower-0   CONTAINERS: datapower, od-tracing-agent, od-tracing-collector

  2. To manually send a registration request to Operations Dashboard, update the placeholder values in the following command and execute it:

    shell
oc exec -it <CAPABILITY_POD_NAME> -c <CAPABILITY_COLLECTOR_CONTAINER_NAME> -n <CAPABILITY_NAMESPACE> -- sh -c 'curl -s -X GET --insecure https://icp4i-od.<OD_NAMESPACE>.svc:8090/tracing/register/<CAPABILITY_NAMESPACE>/<CAPABILITY_POD_NAME> > /dev/null; echo "Registration command RC is $?"'

    Placeholder definitions:

    • <OD_NAMESPACE> - The namespace where the Operations Dashboard instance is deployed

    • <CAPABILITY_POD_NAME> - The name of the capability pod running the collector container

    • <CAPABILITY_COLLECTOR_CONTAINER_NAME> - The collector container name

    • <CAPABILITY_NAMESPACE> - The name of the namespace where your capability is deployed

    Successful execution returns this message:

    Registration command RC is 0

    Troublehooting: Any RC different from 0 (zero) indicates a failure of the command. In case of a failure, make sure the placeholders have been replaced correctly and that the Operations Dashboard instance is up and running.
    Here is an example of the re-registration command for a Gateway deployed in the integration namespace and an Operations Dashboard instance deployed in the cp4i namespace:

    shell
oc exec -it datapower-0 -c od-tracing-collector -n integration -- sh -c 'curl -s -X GET --insecure https://icp4i-od.cp4i.svc:8090/tracing/register/integration/datapower-0 > /dev/null; echo "Registration command RC is $?"'

  3. Once the re-registration command is executed, complete the manual registration process described previously. This updates the secret with the certificates and credentials that are required to communicate with Operations Dashboard.

  4. Restart the capability pod that is running the collector container to start using the new certificates and credentials.

Capability registration with service binding API

Operations Dashboard provides a service binding API (integration.ibm.com/OperationsDashboardServiceBinding) for automating capability registration.

Prerequisites

  • The registration API can be used with capabilities deployed in namespaces that are different from the namespace for the Operations Dashboard, but only when the Operations Dashboard operator is deployed using the All namespaces on the cluster installation mode. If the Operations Dashboard operator is installed using the A specific namespace on the cluster installation mode, only capabilities that are deployed in the same namespace as Operations Dashboard are able to leverage the API.

  • The Operations Dashboard administrator can configure whether registration requests made by this API are automatically approved or not. For more information, see Security system parameters.

icp4i-od-store-cred secret

After a new instance of an integration capability is created with tracing enabled, create a secret in the same namespace where the integration capability has been deployed. The secret name should be icp4i-od-store-cred and it is used to hold the credentials for sending the distributed tracing data to Operations Dashboard for that namespace. Change <CAPABILITY_NAMESPACE> in the following command to the namespace where the integration capability has been deployed, and execute it:

oc create secret generic icp4i-od-store-cred -n <CAPABILITY_NAMESPACE> --from-literal=icp4i-od-cacert.pem="empty" --from-literal=username="empty" --from-literal=password="empty" --from-literal=tracingUrl="empty"

OperationsDashboardServiceBinding resource

Replace the placeholders and create the following resource in the same namespace where the integration capability has been deployed:

apiVersion: integration.ibm.com/v1beta2
kind: OperationsDashboardServiceBinding
metadata:
  name: od-service-binding
spec:
  odNamespace: "<OD_NAMESPACE>"
  odInstanceName: "<OD_INSTANCE_NAME>"
  sourceInstanceName: "<CAPABILITY_INSTANCE_NAME>"
  sourcePodName: "<CAPABILITY_POD_NAME>"
  sourceSecretName: "icp4i-od-store-cred"

Placeholder definitions:

  • <OD_NAMESPACE> - The namespace where the Operations Dashboard instance is deployed.

  • <OD_INSTANCE_NAME> - The name of the instance (CR) of Operations Dashboard.

  • <CAPABILITY_INSTANCE_NAME> - The name of the instance (CR) of the integration capability.

  • <CAPABILITY_POD_NAME> - The name of the pod for the integration capability that includes the runtime being traced.

Once the registration is complete, the secret icp4i-od-store-cred is populated with the credentials for sending the distributed tracing data to Operations Dashboard.