Online manual installation of Guardium Insights
Before you begin
Procedure
- Log in to your OpenShift® cluster instance:
oc login -u <KUBE_USER> -p <KUBE_PASS> [--insecure-skip-tls-verify=true]
For example,
oc login api.example.ibm.com:6443 -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx
- Set these environment variables:
export CP_REPO_USER=<entitlement_user> export CP_REPO_PASS=<entitlement_key> export NAMESPACE=<guardium_insights_namespace>
where:
<entitlement_user>
and<entitlement_key>
are the entitlement user and key, as described in Obtain your entitlement key.<guardium_insights_namespace>
is the namespace you will create in step 3. This namespace must be 10 or fewer characters in length.
- Create the namespace for the Guardium
Insights instance.
oc create namespace ${NAMESPACE}
- Install the Guardium
Insights operator and
related components:
- Run the pre-install script. This script
sets up secrets and parameters for the Guardium
Insights
instance.
export GI_INVENTORY_SETUP=install
For Guardium Insights 3.2.10 and later:oc ibm-pak launch $CASE_NAME \ --version $CASE_VERSION \ --namespace ${NAMESPACE} \ --inventory install \ --action preInstall \ --tolerance 1 \ --args "-n ${NAMESPACE} -h <DB_worker_host> -l <true/false>"
Note: For Red Hat OpenShift service on Amazon Web Services (ROSA), avoid labeling by setting-l
to false.For Guardium Insights 3.2.8 and earlier:cloudctl case launch \ --case ${LOCAL_CASE_DIR}/${CASE_ARCHIVE} \ --namespace ${NAMESPACE} \ --inventory install \ --action pre-install \ --tolerance 1 \ --args "-n ${NAMESPACE} -h <DB_worker_host> -l <true/false>"
The pre-install script supports these parameters:Table 1. Parameters for preInstall.sh Name Description Type -n
or--i-namespace
Guardium Insights OpenShift namespace (this value must be 10 or fewer characters) Mandatory -h
or--host-datanodes
Specify the comma-delimited host names of the data nodes that you have designated for data computation (you can determine the host names by running oc get nodes
).Note: When managing Hardware cluster requirements, the larger set of Guardium Insights nodes should be used as your data nodes. To determine which node has the most free requests, issue theoc describe nodes
command and then look in theAllocation
section.Mandatory -l
or--label-datanodes
If you specify true
, data nodes will be labeled as dedicated for data service usage. If you specifyfalse
, labeling will be skipped. Default istrue
.Mandatory -t
or--taint-datanodes
If you specify true
, data nodes will be tainted and dedicated for data service usage. If you specifyfalse
, tainting will be skipped (do not usefalse
to skip tainting for production deployments).Optional -k
or--ingress-keystore
The path of the TLS certificate associated with the Guardium Insights application domain.
If you will supply a custom Ingress (this is recommended), provide the path to its key file. This file can only contain newline (
\n
) delimiters. If you do not supply a custom Ingress, a default ofnone
will be assumed (this is not recommended).See Domain name and TLS certificates for more information.
Optional -f
or--ingress-cert
The path of the TLS key associated with the Guardium Insights application domain.
If you will supply a custom Ingress (this is recommended), provide the path to its cert file. This file can only contain newline (
\n
) delimiters. If you do not include this, a default ofnone
will be assumed (this is not recommended).See Domain name and TLS certificates for more information.
Optional -c
or--ingress-ca
The path of the custom TLS certificate associated with the Guardium Insights application domain.
If you will supply a custom Ingress (this is recommended), provide the path to its certificate authority (CA) file. This file can only contain newline (
\n
) delimiters. If you do not include this, a default ofnone
will be assumed (this is not recommended).See Domain name and TLS certificates for more information.
Optional -help
or--help
Displays the preInstall.sh parameters. Optional - Install the catalogs. For Guardium Insights 3.2.10 and later:
oc ibm-pak launch $CASE_NAME \ --version $CASE_VERSION \ --namespace openshift-marketplace \ --inventory install \ --action installCatalog \ --args "--inputDir ${LOCAL_CASE_DIR}" \ --tolerance 1
For Guardium Insights 3.2.8 and earlier:cloudctl case launch \ --case ${LOCAL_CASE_DIR}/${CASE_ARCHIVE} \ --namespace openshift-marketplace \ --inventory install \ --action install-catalog \ --args "--inputDir ${LOCAL_CASE_DIR}" \ --tolerance 1
To verify that the catalogs are installed, issue this command:oc get pod -n openshift-marketplace
The output should be similar to:
ibm-cloud-databases-redis-operator-catalog-ms97x 1/1 Running 0 12m ibm-db2uoperator-catalog-k8pwc 1/1 Running 0 13m
- Install the operators. For Guardium Insights 3.2.10 and later:
oc ibm-pak launch $CASE_NAME \ --version $CASE_VERSION \ --namespace ${NAMESPACE} \ --inventory install \ --action installOperator \ --tolerance 1 \ --args "--registry cp.icr.io --user ${CP_REPO_USER} --pass ${CP_REPO_PASS} --secret ibm-entitlement-key --inputDir ${LOCAL_CASE_DIR}"
For Guardium Insights 3.2.5 to 3.2.8:cloudctl case launch \ --case ${LOCAL_CASE_DIR}/${CASE_ARCHIVE} \ --namespace ${NAMESPACE} \ --inventory install \ --action install-operator \ --tolerance 1 \ --args "--registry cp.icr.io --user ${CP_REPO_USER} --pass ${CP_REPO_PASS} --secret ibm-entitlement-key --inputDir ${LOCAL_CASE_DIR}"
For Guardium Insights 3.2.4 and earlier:cloudctl case launch \ --case ${LOCAL_CASE_DIR}/${CASE_ARCHIVE} \ --namespace ${NAMESPACE} \ --inventory install \ --action install-operator \ --tolerance 1 \ --args "--registry cp.icr.io --user ${CP_REPO_USER} --pass ${CP_REPO_PASS} --secret ibm-entitlement-key"
- Verify that the operators are installed by issuing this command:
oc get pods
The output should be similar to:
NAME READY STATUS RESTARTS AGE guardiuminsights-controller-manager-6c5f8c685c-85d7s 1/1 Running 0 6m22s ibm-cloud-databases-redis-operator-54f95f8d48-csrxj 1/1 Running 0 6m20s mongodb-kubernetes-operator-745746b45c-jz7hw 1/1 Running 0 6m37s
- Run the pre-install script. This script
sets up secrets and parameters for the Guardium
Insights
instance.