Automated installation on Amazon Web Services (AWS)
This document walks you through the installation of Guardium® Insights on AWS with the all-in-one installation script.
Before you begin
Before you proceed with the installation,
complete these steps:
- Verify that your environment meets the System requirements and prerequisites and Hardware cluster requirements.
- Prepare for installation.
- Log in to the OpenShift® command-line interface.
- Downloading the Guardium Insights CASE file and set up your environment for dependencies.
About this task
- Creating the Red Hat OpenShift cluster on AWS
- Installing Openshift Data Foundation (previously OpenShift Container Storage) storage class
- Downloading the Guardium Insights CASE file and set up your environment for dependencies
- Editing the values.conf file to install IBM Common Services and Guardium Insights
- Running the all-in-one script
- Verifying the installation
Creating the Red Hat OpenShift cluster on AWS
Procedure
What to do next
Installing Openshift Data Foundation (previously OpenShift Container Storage) storage class
Procedure
Downloading the Guardium Insights CASE file and set up your environment for dependencies
Procedure
Editing the values.conf file to install IBM® Common Services and Guardium Insights
About this task
Running the all-in-one script
About this task
Define the location of the custom resource (CR) file by running
the following command:
export LOCAL_INSTALL_DIR=<CR file location>
Then,
run the following commands to start the installation process of Guardium Insights and its dependencies:cd $LOCAL_CASE_DIR/$CASE_NAME/inventory/automateInstall/files
oc ibm-pak launch $CASE_NAME \
--version $CASE_VERSION \
--namespace ${NAMESPACE} \
--inventory automateInstall \
--action autoInstall \
--tolerance 1 | tee -a ${LOCAL_INSTALL_DIR}/installation.log
This process takes approximately 15 to 20 minutes to complete.
See this sample Guardium Insights CR file:
$LOCAL_CASE_DIR/ibm-guardium-insights/inventory/guardiumInsightsOperator/files/samples/gi-custom-AWS.yaml
When prompted with If you want to continue with the
provided yaml file for Guardium Insights CR creation (yes/no)?
, you have two options:
- Enter yes to create the CR file. The
following example shows a successful output:
APPLYING guardiuminsights.gi.ds.isc.ibm.com/staging created -----IBM Security Guardium Insights Auto-Installation Successfully Completed----------
- If you enter
no
, you can install Guardium Insights manually by creating a .yaml file. For thestorageClassName
, use the RWX/FileSystemstorageClassName
.apiVersion: gi.ds.isc.ibm.com/v1 kind: GuardiumInsights metadata: #name: This must be 10 or less characters name: Staging #Provide the name of the namespace in which you want to install the CR. namespace: staging spec: version: 3.4.0 license: accept: true licenseType: "L-YRPR-ZV3BA6" connections: insightsEnv: FEATURE_STAP_STREAMING: "false" guardiumInsightsGlobal: backupsupport: enabled: true name: <GI_Backup_PVC> storageClassName: ocs-storagecluster-cephfs size: 500Gi dev: "false" licenseAccept: true size: values-small image: insightsPullSecret: ibm-entitlement-key repository: cp.icr.io/cp/ibm-guardium-insights insights: ingress: hostName: staging.apps.gi-ocp47.guardium-insights.com domainName: api.gi-ocp47.guardium-insights.com ics: namespace: ibm-common-services registry: common-service storageClassName: ocs-storagecluster-cephfs #storageClassNameRWO: Must be a ReadWriteOnce StorageClass storageClassNameRWO: "ocs-storagecluster-ceph-rbd" dependency-db2: image: insightsPullSecret: ibm-entitlement-key db2: size: 2 resources: requests: cpu: "6" memory: "24Gi" limits: cpu: "6" memory: "24Gi" storage: - name: meta spec: storageClassName: "ocs-storagecluster-cephfs" accessModes: - ReadWriteMany resources: requests: storage: "1000Gi" type: create - name: data spec: storageClassName: "ocs-storagecluster-cephfs" accessModes: - ReadWriteOnce resources: requests: storage: "4000Gi" type: template mln: distribution: 0:0 total: 2 dependency-kafka: kafka: storage: type: persistent-claim size: 250Gi class: "ocs-storagecluster-ceph-rbd" zookeeper: storage: type: persistent-claim size: 20Gi class: "ocs-storagecluster-ceph-rbd" mini-snif: persistentVolumesClaims: mini-snif-shared: storageClassName: "ocs-storagecluster-cephfs" universal-connector-manager: persistentVolumesClaims: universal-connector-manager-shared: storageClassName: "ocs-storagecluster-cephfs" settings-datasources: persistentVolumesClaims: settings-datasources: storageClassName: "ocs-storagecluster-cephfs" ticketing: persistentVolumesClaims: ticketing-keystore: storageClassName: "ocs-storagecluster-cephfs"
After you create the
yaml
file, apply it:oc apply -f <filename.yaml>
Verifying the installation
About this task
After you install Guardium Insights, run this command:
oc get guardiuminsights -w
The output is similar to this example, with all pods in a Running
or
Complete
state:
NAME TYPE STATUS REASON MESSAGE DESIRED_VERSION INSTALLED_VERSION
staging Running True Reconciling Starting to Reconcile 3.2.0
staging Running True GuardiumInsightsInstallRunning Secret creation completed 3.2.0
staging Running True GuardiumInsightsInstallRunning Instantiated Redis Sentinel CR 3.2.0
staging Running True GuardiumInsightsInstallRunning Instantiated MongoDB CR 3.2.0
staging Running True GuardiumInsightsInstallRunning Instantiated Kafka CR 3.2.0
staging Running True GuardiumInsightsInstallRunning Instantiated DB2 CR 3.2.0
staging Failure True Failed Failed to gather information about Certificate(s) even after waiting for 120 seconds 3.2.0
staging Running True Running Running reconciliation 3.2.0
staging Running True Reconciling Starting to Reconcile 3.2.0
staging Running True GuardiumInsightsInstallRunning Checking for Kafka CR Success 3.2.0
staging Running True GuardiumInsightsInstallRunning Validating Kafka Connection Success 3.2.0
staging Running True GuardiumInsightsInstallRunning Checking for Redis CR Success 3.2.0
staging Running True GuardiumInsightsInstallRunning Validating Redis Connection Success 3.2.0
staging Running True GuardiumInsightsInstallRunning Checking for MongoDB CR Success 3.2.0
staging Running True GuardiumInsightsInstallRunning Validating MongoDB Connection Success 3.2.0
staging Running True GuardiumInsightsInstallRunning Checking for DB2 CR Success 3.2.0
staging Running True GuardiumInsightsInstallRunning Validating DB2 Connection Success 3.2.0
staging Running True GuardiumInsightsInstallRunning Checking for initial Tenant creation 3.2.0
staging Running True GuardiumInsightsInstallRunning Checking for initial Tenant creation 3.2.0
staging Running True Reconciling Checking GI Pods/Deployments/Statefulsets are running 3.2.0
staging Running True Reconciling Checking GI Pods/Deployments/Statefulsets are running 3.2.0
staging Running True Reconciling Checking GI Pods/Deployments/Statefulsets are running 3.2.0 3.2.0
staging Ready True Complete Completed Reconciliation 3.2.0 3.2.0
staging Ready True Complete Completed Reconciliation 3.2.0 3.2.0
staging Ready True Complete Completed Reconciliation 3.2.0 3.2.0
Next, run this command:
oc get guardiuminsights
The following example shows a successful output:
NAME TYPE STATUS REASON MESSAGE DESIRED_VERSION INSTALLED_VERSION
staging Ready True Complete Completed Reconciliation 3.3.0 3.3.0