Installing Guardium Data Security Center operator and related components

Procedure

  1. Obtain the CASE bundle.
    1. Your cp.icr.io login credentials are CP_REPO_USER="cp" and CP_REPO_PASS=entitlement key that is available at https://myibm.ibm.com/products-services/containerlibrary.
    2. Set the following environment variables. 
      export CP_REPO_USER=<Your Username to cp.icr.io>
export CP_REPO_PASS=<Your Password / Entitlement Key to cp.icr.io>
export NAMESPACE=<your chosen namespace>
    3. Create the following environment variables with the installer image name and the version.
      For example, to use version 3.6.0, specify the 2.6.0 bundle file.
      export CASE_NAME=ibm-guardium-data-security-center
export CASE_VERSION=2.6.0
export LOCAL_CASE_DIR=$HOME/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION
      Important: If you do not specify the CASE version, it downloads the latest CASE.
    4. Save the CASE bundle locally. 
      oc ibm-pak get $CASE_NAME \
--version $CASE_VERSION \
--skip-verify
      Important: If you encounter the following error, you may experience a temporary communication problem with the remote repository. Wait a few minutes and try again.
      No Case registries found for case ibm-cert-manager->=1.3.0 <1.3.1.tgz with the given repository URL information
FAILED
  2. Install the Guardium Data Security Center operator and related components.
    1. Switch the namespace in which you installed IBM® Common Services in the previous step for your installation, and change the context into it with this command. 
      kubectl config set-context --current --namespace=${NAMESPACE}
      For example, the namespace can be staging.
    2. Set the inventory setup. 
      export GI_INVENTORY_SETUP=install
    3. To disable prerequisite checks, run the following command. 
      export IBMPAK_LAUNCH_SKIP_PREREQ_CHECK=true
    4. Label the Db2 nodes by running the per-install command. 
      oc ibm-pak launch $CASE_NAME \
   --version $CASE_VERSION \
   --inventory $GI_INVENTORY_SETUP \
   --action pre-install \
   --namespace $NAMESPACE \
   --args "-n ${NAMESPACE} -h <DB worker host> -l <true/false> -e true"

      The parameters that are used in this script are described in Manually installing Guardium Data Security Center online.

      1. Obtain the running nodes.
        NODES=$(kubectl get nodes -o jsonpath='{.items[*].metadata.name}')
NODES=$(echo $NODES | tr ' ' ',')
echo $NODES
      2. Export the node information:
        export CASE_NAME=ibm-guardium-data-security-center
export CASE_VERSION=2.6.0
export LOCAL_CASE_DIR=$HOME/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION
export NAMESPACE=<your namespace>
export GI_INVENTORY_SETUP=install
export IBMPAK_LAUNCH_SKIP_PREREQ_CHECK=true
kubectl config set-context --current --namespace=${NAMESPACE}
      3. Use the node information in the following command.
        oc ibm-pak launch $CASE_NAME \
   --version $CASE_VERSION \
   --inventory $GI_INVENTORY_SETUP \
   --action pre-install \
   --namespace $NAMESPACE \
   --args "-n ${NAMESPACE} -h ${NODES} -t false -l true -e true"
      4. To confirm successful labeling, run the following command.
        oc get nodes --no-headers -o custom-columns=":metadata.name" | xargs -I {} sh -c 'oc describe node {} | grep db2 | grep -v $NAMESPACE'

        You receive icp4data=database-db2wh in response.

  3. Install the catalogs.
    1. Run this command: 
      oc ibm-pak launch $CASE_NAME \
   --version $CASE_VERSION \
   --inventory $GI_INVENTORY_SETUP \
   --action install-catalog \
   --namespace openshift-marketplace \
   --args "--inputDir ${LOCAL_CASE_DIR}"
    2. Verify that the catalogs are installed: 
      oc get catsrc -n openshift-marketplace
NAME                                           DISPLAY                                    TYPE   PUBLISHER   AGE
certified-operators                            Certified Operators                        grpc   Red Hat     29h
community-operators                            Community Operators                        grpc   Red Hat     29h
ibm-cloud-databases-redis-operator-catalog     ibm-cloud-databases-redis-1.6.5            grpc   IBM         29h
ibm-db2uoperator-catalog                       ibm-db2uoperator-5.1.4                     grpc   IBM         29h
ibm-guardium-insights-operator-catalog         ibm-guardium-insights-2.4.0-linux-amd64    grpc   IBM         29h
opencloud-operators                            IBMCS Operators                            grpc   IBM         29h
redhat-marketplace                             Red Hat Marketplace                        grpc   Red Hat     29h
redhat-operators                               Red Hat Operators                          grpc   Red Hat     29h
  4. Install the operators.
    1. Run this command: 
      oc ibm-pak launch $CASE_NAME \
   --version $CASE_VERSION \
   --inventory $GI_INVENTORY_SETUP \
   --action install-operator \
   --namespace ${NAMESPACE} \
   --args "--registry cp.icr.io --user ${CP_REPO_USER} --pass ${CP_REPO_PASS} --secret ibm-entitlement-key --inputDir ${LOCAL_CASE_DIR}"
    2. Verify that the operators are installed: 
      oc get sub
      The expected output is similar to:
      
NAME                                             PACKAGE                                   SOURCE                                      CHANNEL
ibm-redis-cp-operator-catalog-subscription       ibm-cloud-databases-redis-operator        ibm-redis-cp-operator-catalog               v1.1
ibm-db2uoperator-catalog-subscription            db2u-operator                             ibm-db2uoperator-catalog                    v110509.0
ibm-guardium-insights-operator-subscription      ibm-guardium-insights-operator            ibm-guardium-insights-operator-catalog      v3.3