Online and offline/air gap installation of Guardium Insights by using automated (all-in-one) installation script
Before you begin
Before you proceed with the installation,
complete these steps:
- Verify that your environment meets the System requirements and prerequisites and Hardware cluster requirements.
- Prepare for installation.
- Log in to the OpenShift® command-line interface.
- Downloading the Guardium Insights CASE file and set up your environment for dependencies.
Procedure
- Log in to your Red Hat® OpenShift cluster instance.
oc login -u <KUBE_USER> -p <KUBE_PASS> [--insecure-skip-tls-verify=true]For example,oc login api.example.ibm.com:6443 -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx - Locate
$LOCAL_CASE_DIR/ibm-guardium-insights/inventory/automateInstall/files/values.conf
and edit the file to provide the mandatory parameters for an installation. For more information
about the parameters in values.conf, see Configuration file parameters for all-in-one installation.Important:
- Editing the optional parameters is not required for a standard deployment, but you can customize your installation by editing them.
- Setting
ONLINE_INSTALL=falseattempts to mirror the installation files. If you already mirrored the images, do not choose the automated installation.
- Define the location of the custom resource (CR) file:
export LOCAL_INSTALL_DIR=<CR file location>And then start the installation process of Guardium Insights and its dependencies:
oc ibm-pak launch $CASE_NAME \ --version $CASE_VERSION \ --namespace ${NAMESPACE} \ --inventory automateInstall \ --action autoInstall \ --tolerance 1 | tee -a ${LOCAL_INSTALL_DIR}/installation.logTip: If the script fails, consult the installation.log file. In this file, these error messages can safely be ignored:Error from server (AlreadyExists): secrets "ibm-entitlement-key" already exists - The values.conf file includes a
SKIP_GI_INSTANCEparameter that is set tofalseby default. When this parameter is set tofalse, the Guardium Insights CR file is automatically created for the target environment that is defined by the values.conf file. The CR is then saved to the ${LOCAL_INSTALL_DIR}. This saved file is output to the screen and you are prompted to apply the file to your OpenShift system. If you choose not to apply the generated file, you can create and apply a custom file by completing the following steps.- To customize the CR for Guardium Insights,
edit the sample-cr.yaml file.Important: If you are employing a custom load balancer for secure copy protocol (SCP) or data marts, you can pass these values as overrides in the CR.
... spec: .. ibm-insights-sequencer: GUARDIUM_AGENT_SCP_PORT: "30002" GUARDIUM_AGENT_SCP_TARGET_HOST: "YourOverrideURL"GUARDIUM_AGENT_SCP_PORTis the load balancer port.GUARDIUM_AGENT_SCP_TARGET_HOSTis the load balancer URL or IP.
- To apply the CR, run this command:
oc apply -f ${LOCAL_INSTALL_DIR}/sample-cr.yaml
- To customize the CR for Guardium Insights,
edit the sample-cr.yaml file.
- Check the status of the instance creation by using the following
command.
oc get guardiuminsightsIn the following output examples, theDESIRED_VERSIONis 3.5.0. The displayed versions in the output can vary based on the Guardium Insights version that you want to install.Before completion, the output is similar to the following example.
After completion, the output is similar to the following example.NAME TYPE STATUS REASON MESSAGE DESIRED_VERSION INSTALLED_VERSION staging Running True GuardiumInsightsInstallRunning Running installation of Guardium Insights 3.5.0NAME TYPE STATUS REASON MESSAGE DESIRED_VERSION INSTALLED_VERSION staging Ready True Completed Completed Reconciliation 3.5.0 3.5.0