Validating the installation

About this task

Use the following procedure to validate the installation of Guardium® Insights. The installation process takes approximately 1 hour to complete.

Procedure

  1. Run the following command.
    oc get guardiuminsights
    The expected output is similar to:
    NAME        TYPE    STATUS   REASON     MESSAGE                    DESIRED_VERSION   INSTALLED_VERSION
    gi-sample   Ready   True     Complete   Completed Reconciliation   3.x.x           3.x.x
  2. To verify that all PVCs in the namespace have the Bound status with the correct storage class, run the following command.
    oc get pvc
    The expected output is similar to:
    NAME                                                      STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS                  AGE
    activelogs-c-gi-sample-db2-db2u-0                         Bound    pvc-875cffb4-7e8d-4bd6-ba3a-d45697551df9   200Gi      RWO            ocs-storagecluster-cephfs     26m
    activelogs-c-gi-sample-db2-db2u-1                         Bound    pvc-125a8bef-ccfc-47f4-8fba-1d98f37b4759   200Gi      RWO            ocs-storagecluster-cephfs     26m
    c-gi-sample-db2-meta                                   Bound    pvc-8b8df167-c744-4cfd-b92e-f8155a5b7437   1000Gi     RWX            ocs-storagecluster-cephfs     27m
    data-c-gi-sample-db2-db2u-0                               Bound    pvc-f2c517ad-af1b-4274-89c1-505fb2f8c1b8   4000Gi     RWO            ocs-storagecluster-ceph-rbd   26m
    data-c-gi-sample-db2-db2u-1                               Bound    pvc-92a01f2a-ee98-47b3-bade-35239145643a   4000Gi     RWO            ocs-storagecluster-ceph-rbd   26m
    data-c-gi-sample-redis-m-0                                Bound    pvc-4329eaa1-22b0-44a1-b7d3-6c37114f4a68   20Gi       RWO            ocs-storagecluster-cephfs     27m
    data-c-gi-sample-redis-m-1                                Bound    pvc-4d36f5d9-cb5d-4c67-a30c-40ce81c678bb   20Gi       RWO            ocs-storagecluster-cephfs     27m
    data-c-gi-sample-redis-m-2                                Bound    pvc-b9bd78d1-21bd-48c9-a09f-61a6fcf68db0   20Gi       RWO            ocs-storagecluster-cephfs     27m
    data-gi-sample-kafka-0                                    Bound    pvc-6539ce17-a722-4e68-a18d-eeb2ffa01262   250Gi      RWO            ocs-storagecluster-ceph-rbd   27m
    data-gi-sample-kafka-1                                    Bound    pvc-b1c62248-ce18-4cfe-b12e-291a7e1453c4   250Gi      RWO            ocs-storagecluster-ceph-rbd   27m
    data-gi-sample-kafka-2                                    Bound    pvc-c7c33d55-b121-426b-8a41-4f931204fcdd   250Gi      RWO            ocs-storagecluster-ceph-rbd   27m
    data-gi-sample-zookeeper-0                                Bound    pvc-35ee41e5-f655-4ead-8330-35ae54c0587c   20Gi       RWO            ocs-storagecluster-ceph-rbd   28m
    data-gi-sample-zookeeper-1                                Bound    pvc-d97cc734-ea0a-4b24-b6ab-4b992bb37dd4   20Gi       RWO            ocs-storagecluster-ceph-rbd   28m
    data-gi-sample-zookeeper-2                                Bound    pvc-7d231f5a-3fc3-4583-8418-0fedec348418   20Gi       RWO            ocs-storagecluster-ceph-rbd   28m
    data-volume-gi-sample-mongodb-0                           Bound    pvc-2f628ccc-89bb-4e3e-85d8-222b9347fad2   250Gi      RWO            ocs-storagecluster-cephfs     28m
    data-volume-gi-sample-mongodb-1                           Bound    pvc-f5f24c7b-945f-412e-8b22-f322336cede3   250Gi      RWO            ocs-storagecluster-cephfs     27m
    data-volume-gi-sample-mongodb-2                           Bound    pvc-2a984c92-8913-4f42-8860-819649679567   250Gi      RWO            ocs-storagecluster-cephfs     27m
    gi-samplevyusfhlqeb3js88nxvvany-mini-snif-shared          Bound    pvc-62b4742a-8e1a-49a3-9ab9-50c8365c3aaa   50Gi       RWX            ocs-storagecluster-cephfs     2m55s
    logs-volume-gi-sample-mongodb-0                           Bound    pvc-282002c1-3227-4315-a58f-b5f41a722265   250Gi      RWO            ocs-storagecluster-cephfs     28m
    logs-volume-gi-sample-mongodb-1                           Bound    pvc-dc6a051e-cdd1-4897-8545-5943992622d9   250Gi      RWO            ocs-storagecluster-cephfs     27m
    logs-volume-gi-sample-mongodb-2                           Bound    pvc-b3e88414-6b82-4345-ba2e-6c9197c63162   250Gi      RWO            ocs-storagecluster-cephfs     27m
    mini-snif-i-gi-samplevyusfhlqeb3js88nxvvany-mini-snif-0   Bound    pvc-bf0f98e8-5154-4706-a1c8-ce579cf72cf3   50Gi       RWO            ocs-storagecluster-cephfs     2m56s
    snif-picker-config                                        Bound    pvc-291e69cd-e88e-43b3-a8fd-6eff5e252bbf   50Mi       RWO            ocs-storagecluster-cephfs     2m51s
    ticketing-keystore                                        Bound    pvc-a74ce09b-dd50-4389-8b14-604ea5412a1b   2Mi        RWX            ocs-storagecluster-cephfs     25m
    universal-connector-manager-shared                        Bound    pvc-94ff0032-5b57-46c5-a856-03942b965fcb   50Gi       RWX            ocs-storagecluster-cephfs     24m
  3. Log in to the Guardium Insights user interface at http://staging.apps.testgcp.ibmguardiuminsights.com.
    The expected output is similar to:Guardium Insights user interface
  4. To validate SCP, run the following command.
    oc get route
    The expected output is similar to:
    NAME                                               HOST/PORT                                                                    PATH       SERVICES                                               PORT                 TERMINATION          WILDCARD
    gi-sample-apigateway-api                           staging.apps.testgcp.ibmguardiuminsights.com                                 /api       gi-sample-apigateway                                   8443                 reencrypt/Redirect   None
    gi-sample-apigateway-docs                          staging.apps.testgcp.ibmguardiuminsights.com                                 /docs/v3   gi-sample-apigateway                                   8443                 reencrypt/Redirect   None
    gi-sample-insights                                 staging.apps.testgcp.ibmguardiuminsights.com                                 /          gi-sample-insights                                     <all>                reencrypt/Redirect   None
    gi-sample-ssh-service                              staging.apps.testgcp.ibmguardiuminsights.com                                            gi-sample-ssh-service                                  service-sshservice                        None
    gi-samplevyusfhlqeb3js88nxvvany-snif-picker-feed   feed.vyusfhlqeb3js88nxvvany.gi-sample.apps.testgcp.ibmguardiuminsights.com              gi-samplevyusfhlqeb3js88nxvvany-snif-picker-headless   feed                 passthrough          None
    gi-samplevyusfhlqeb3js88nxvvany-snif-picker-unix   unix.vyusfhlqeb3js88nxvvany.gi-sample.apps.testgcp.ibmguardiuminsights.com              gi-samplevyusfhlqeb3js88nxvvany-snif-picker-headless   unix                 passthrough          None
    myUsername@LP-C02DRE3QMD6M ~ % 
    myUsername@LP-C02DRE3QMD6M ~ % oc get svc | grep ssh
    gi-sample-ssh-service                                  LoadBalancer   172.30.246.98    35.196.163.71   22222:31729/TCP                                                                   15h
    myUsername@LP-C02DRE3QMD6M ~ % mkdir test-ssh
    myUsername@LP-C02DRE3QMD6M ~ % cd test-ssh 
    myUsername@LP-C02DRE3QMD6M test-ssh % vi testfile
    myUsername@LP-C02DRE3QMD6M test-ssh % 
    myUsername@LP-C02DRE3QMD6M test-ssh % ls -ltr
    total 8
    -rw-r--r--  1 myUsername  149934974  37 Dec  2 11:33 testfile
    myUsername@LP-C02DRE3QMD6M test-ssh % cat testfile 
    echo "welcome to scp testing in GCP"
    myUsername@LP-C02DRE3QMD6M test-ssh % oc get secret ssh-service-ssh-gen -ojsonpath='{.data.guardium_to_insights_scp}' | base64 -d > guardium_to_insights_scp
    myUsername@LP-C02DRE3QMD6M test-ssh % ls -ltr
    total 16
    -rw-r--r--  1 myUsername  149934974    37 Dec  2 11:33 testfile
    -rw-r--r--  1 myUsername  149934974  1674 Dec  2 11:34 guardium_to_insights_scp
    myUsername@LP-C02DRE3QMD6M test-ssh % chmod 400 guardium_to_insights_scp
    myUsername@LP-C02DRE3QMD6M test-ssh % cat guardium_to_insights_scp 
    -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEAl1OqpJuSgxmPbN6wTSZGFoQnEjCKrt8nFQEo2KicenvMQJ3Z
    qtIfYnFQ/KDkPTX3Qh4BVoIoGFGYvc4Cq8tlbhtYQ8VwqZGKE9zeYfmALgH6w+wb
    eA7JvdC7Cpb4JOLOrop5aT+/7Qc25P5XOiG38eMx1/msBjcMy81jH42lbA3+rzDI
    2lYUpGDgHhGu54VVTQQSMsOTjh8KJTdMHvRsGTXJLiAIE5mTMKJJW8dzEkzwAOIU
    EOH7b64rnL+pYn0B7r6oqFHGI8yQf2ilublohpInrhUWCF7qqynUtVRcMAKJ8biD
    tGEkIZy/iXRvR5dbQXMSjXyujlFpxn0dYevcnQIDAQABAoIBACSuZTjNdTBOK9QK
    DtZEpsyicA4asiM9eG3BADO0e2m9RH+NQ8wCbxUfvq/eGDU2NZ9TQqPDnRB4BvxL
    SZ53CTkta7HR1ENmQgAak9VP82AznqOLQgVSIFjgldY1TiUyzULF0jRO/ajpDMdp
    V5+BuOLrXZOqs6Y2BeYI/TQS07xjMJ8ClICNXih71GsGL5EfPqWmOqwQOfKIVEEE
    hBeDH+6CiPEBfbgk12YKGfly8wRY/a7mpU2ncp52uBlaux2sjA1bNYL7q7MKdkCX
    CzQjAjhLUzrWtBi0sT6ewd2yS7opCRbM+YG7mLxzu50qGD8/TjY3XQmPW+l1qiV4
    1+UbDIECgYEAyJ8BUZ/yGawic6nZsB/8kRkXgURyLeAzFfZexIigP9nH7feQgYbL
    Cw0rfoKah6KKeZOs/DDzZDjUdQCih59cqRQYhHNYWDyMhQ6/3/um5zvZ/AMUqmte
    eLEvvNzKHTpsFH2ZKuIAAiJz1uJnb3sQqupv80gpwaGLz9/pdQTa940CgYEAwRlB
    O2yCfYjLQKwgnoVKDR/ENZ6hvti326qxIIxyacewQhj3hNkFVF0RAs5lWKRTdpbo
    QSf0ADhHenfXkp+2H2PlCimLxek2rWCGCD7Thch0XfnN3oV+XgFTQ8R9lscZrYDq
    pYRVbQbKaRK8FIA+7BGxbprzoYbN27o+vibO7VECgYAO8dlVTUbppqsCVrrCpf9Y
    h7f6hzDCPhtQHYQ9u7fESeLc1T5Mh9AESLzetbfxNqh+GgQe3T6kTp90/9EbrUFn
    zvlslHMWT5xgJRMiCksKmqjIXypg75KgBwL5XLEpsDpw5FJOoXtCrXJXpZHy+gXp
    1YD1bIC/zdruZ02qy+vL2QKBgD58BJ7NCyDCHjtMN7X0HbVHfT94mJBgIoajonOM
    3w0ZwBBzccz8SPw2rWWCEktvyU5LoNZMrmlPzNl1ZD2fDtjzg08ZiJA/WiEaZeTP
    J7VX20f5qMOD4RNcTGxWbelXfhil6cgrnVUNaHw9wrzDjxjm1Mqcu4+eRoj+qITx
    m+4xAoGBALJRnZh+vR8tRn/xbDzINfkuS+5UJO4PA89Y2YRPcimp7zrtZhB16PyY
    yLcrJQAQjrmQPuAU+kFOZarFEZ7lkDTLimUMU67karHsbsXcz0uqaluzuAAFQLr9
    rawQRfypZMDsuPYXP3jxYP1LCHxU40bWTwVZA4H5d6kHkRhiuTuG
    -----END RSA PRIVATE KEY-----%  
    myUsername@LP-C02DRE3QMD6M test-ssh % oc rsh gi-sample-ssh-service-5d65c59d58-hxk8v
    sh-4.4$ cd /service/datamart/TNT_VYUSFHLQEB3JS88NXVVANY/
    sh-4.4$ ls
    sh-4.4$ pwd
    /service/datamart/TNT_VYUSFHLQEB3JS88NXVVANY
    sh-4.4$ exit
    exit
    myUsername@LP-C02DRE3QMD6M test-ssh % scp -i guardium_to_insights_scp -P 22222 testfile scpuser@35.196.163.71:/service/datamart/TNT_VYUSFHLQEB3JS88NXVVANY/
    The authenticity of host '[35.196.163.71]:22222 ([35.196.163.71]:22222)' can't be established.
    RSA key fingerprint is SHA256:AKpZ55fe6t8YsIbsBifmvIWBKkytuS+TIZAMEKKMt+k.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added '[35.196.163.71]:22222' (RSA) to the list of known hosts.
    testfile                                                                                                                                                                                                                    100%   37     0.1KB/s   00:00    
    myUsername@LP-C02DRE3QMD6M test-ssh % oc rsh gi-sample-ssh-service-5d65c59d58-hxk8v                                                                        
    sh-4.4$ cd /service/datamart/TNT_VYUSFHLQEB3JS88NXVVANY/
    sh-4.4$ ls
    testfile