Running the all-in-one-script

Automate the installation of Guardium® Insights by running the all-in-one installation script.

Procedure

  1. Define the location of the custom resource (CR) file:
    export LOCAL_INSTALL_DIR=<CR file location>

    And then run the following command to start the installation process of Guardium Insights and its dependencies. This command takes approximately 15 to 20 minutes to complete.

    cd $LOCAL_CASE_DIR/$CASE_NAME/inventory/automateInstall/files
    oc ibm-pak launch $CASE_NAME \
    --version $CASE_VERSION \
    --namespace ${NAMESPACE} \
    --inventory automateInstall \
    --action autoInstall \
    --tolerance 1 | tee -a ${LOCAL_INSTALL_DIR}/installation.log
  2. A sample Guardium Insights CR file is available in following location: $LOCAL_CASE_DIR/ibm-guardium-insights/inventory/guardiumInsightsOperator/files/samples/gi-custom-AWS.yaml.
    When prompted with If you want to continue with the provided yaml file for Guardium Insights CR creation (yes/no)?, you have two options.
    1. If you enter yes, the system output is similar to the following message:
      APPLYING
      guardiuminsights.gi.ds.isc.ibm.com/staging created
      -----IBM Security Guardium Insights Auto-Installation Successfully Completed----------
      
    2. If you enter no, you can installGuardium Insights manually by creating a .yaml file.
      The following example shows what your .yaml file can look like.
      apiVersion: gi.ds.isc.ibm.com/v1
      kind: GuardiumInsights
      metadata:
      #name: This must be 10 or less characters
      name: Staging
      #Provide the name of the namespace in which you want to install the CR.
      namespace: staging
      spec:
      version: 3.4.0
      license:
      accept: true licenseType: "L-YRPR-ZV3BA6" 
      connections:
      insightsEnv: FEATURE_STAP_STREAMING: "false"
      guardiumInsightsGlobal:
      backupsupport: enabled: true name: <GI_Backup_PVC> storageClassName: managed-nfs-storage size: 500Gi guardiumInsightsVersion: 3.4.0 dev: “false” licenseAccept: true size: values-small image: insightsPullSecret: ibm-entitlement-key repository: cp.icr.io/cp/ibm-guardium-insights insights: ingress: hostName: staging.apps.gi-ocp47.guardium-insights.com domainName: api.gi-ocp47.guardium-insights.com ics: namespace: <GI Namespace> registry: common-service storageClassName: ibmc-file-gold-gid
      dependency-db2:
      image: insightsPullSecret: ibm-entitlement-key db2: size: 2 resources: requests: cpu: “6” memory: “48Gi” limits: cpu: “6” memory: “48Gi” storage: - name: meta spec: storageClassName: “ibmc-file-gold-gid” accessModes: - ReadWriteMany resources: requests: storage: “1000Gi” type: create - name: data spec: storageClassName: “ibmc-file-gold-gid” accessModes: - ReadWriteOnce resources: requests: storage: “4000Gi” type: template mln: distribution: 0:0 total: 2
      dependency-kafka:
      kafka: storage: type: persistent-claim size: 250Gi class: “ibmc-file-gold-gid” zookeeper: storage: type: persistent-claim size: 20Gi class: “ibmc-file-gold-gid”
      mini-snif:
      persistentVolumesClaims: mini-snif-shared: storageClassName: “ibmc-file-gold-gid”
      universal-connector-manager:
      persistentVolumesClaims: universal-connector-manager-shared: storageClassName: “ibmc-file-gold-gid”
      settings-datasources:
      persistentVolumesClaims: settings-datasources: storageClassName: “ibmc-file-gold-gid”
      ticketing:
      persistentVolumesClaims: ticketing-keystore: storageClassName: “ibmc-file-gold-gid”
      After you create the .yaml file, apply it by running the following command:
      
      oc apply -f <filename.yaml>
      

What to do next

Verify that the installation is successful.