Configuring primary and secondary Impact GUI servers

Complete the following steps to configure geo-redundancy for your primary and secondary IBM® Tivoli® Netcool®/Impact GUI servers.

Before you begin

Procedure

On the primary Netcool/Impact GUI server, complete the following steps to set external hosts and import certificates from the secondary Netcool/Impact GUI server.

  1. Edit the <release-name>-impactgui-startup-scripts configmap and in the Pre server startup script section, add the following lines, as in the following example:
    #
    # Pre server startup script
    #
    
    echo "Running pre-server startup custom scripts"
    
    echo "Geo specific configuration scripts"
    
    #
    # Set Variables for the Local and Remote Server names, and Name Server ports
    #
    
    export LOCAL_PRIMARY_SERVER_NAME=<local hostname of primary nciserver>
    
    export LOCAL_PRIMARY_NAME_SERVER_PORT=9081
    
    export EXTERNAL_SECONDARY_SERVER_HOST_NAME=<external hostname of secondary nciserver>
    
    export EXTERNAL_PRIMARY_SERVER_HOST_NAME=<external hostname of primary nciserver>
    
    export PRIMARY_NAME_SERVER_PORT=9081
    
    export SECONDARY_NAME_SERVER_PORT=9081
    
    #
    # End Set Variables
    #
    
    /home/netcool/bin/geo_redundancy_impactgui.sh
    
    echo "Geo specific configuration script end."
    Where:
    • <release-name> is the name that is specified for the release in the Netcool Operations Insight® CR YAML file.
    • <LOCAL_PRIMARY_SERVER_NAME> is the local hostname of the <release-name>-nciserver-0 pod on the primary cluster, for example, primary-nciserver-0.primary-nciservers.primary.svc.cluster.local. This name can be found by running the hostname -f command, when logged in to the primary nciserver pod.
    • <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and <EXTERNAL_SECONDARY_SERVER_HOST_NAME> are the hostnames where the Netcool/Impact ports are exposed externally from the primary and secondary clusters, potentially where the load balancer is running. Examples of <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and <EXTERNAL_SECONDARY_SERVER_HOST_NAME> are api.primary.cp.ibm.com and api.backup.cp.ibm.com.
  2. Save the <release-name>-impactgui-startup-scripts configmap.
  3. After the nciserver pod on the primary cluster starts, extract its certificates by using openssl:
    openssl s_client -showcerts -verify 5 -connect  <EXTERNAL_PRIMARY_SERVER_HOST_NAME>:9081 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="certprimary"a".pem"; print >out}'

    The <EXTERNAL_PRIMARY_SERVER_HOST_NAME> variable is the hostname where the Netcool/Impact ports are exposed externally from the primary cluster and potentially where the load balancer is running. An example of an <EXTERNAL_PRIMARY_SERVER_HOST_NAME> variable is api.primary.cp.ibm.com.

    The openssl command creates two PEM files per host in the current directory:
    -rw-r--r--   1 root root     1537 Oct 27 02:55 certprimary1.pem
    -rw-r--r--   1 root root     1212 Oct 27 02:55 certprimary2.pem
  4. Create or edit the -impactgui-external-cacerts configmap for the backup impactgui pod to load the primary certificates. Copy the two PEM files that were created in the previous step to the backup cluster. Then, run the following command on the backup cluster to create the configmap that contains the certificates from the primary cluster.
    kubectl create configmap <release-name>-impactgui-external-cacerts --from-file=./certprimary1.pem  --from-file=./certprimary2.pem
  5. Restart the impactgui pod on the primary cluster.
  6. Restart the primary Netcool/Impact server and GUI by scaling up the primary Netcool/Impact server and GUI pods:
    oc scale sts/<release-name>-nciserver --replicas=${REPLICAS} -n primary
    oc scale sts/<release-name>-impactgui --replicas=${REPLICAS} -n primary

On the secondary Netcool/Impact GUI server, complete the following steps to set external hosts and import certificates from the primary Netcool/Impact GUI server.

  1. Edit the <release-name>-impactgui-startup-scripts configmap and in the Pre server startup script section, add the following lines, as in the following example:
    #
    # Pre server startup script
    #
    
    echo "Running pre-server startup custom scripts"
    
    echo "Geo specific configuration scripts"
    
    #
    # Set Variables for the Local and Remote Server names, and Name Server ports
    #
    
    export LOCAL_SECONDARY_SERVER_NAME=<local hostname of backup nciserver>
    
    export LOCAL_SECONDARY_NAME_SERVER_PORT=9081
    
    export EXTERNAL_SECONDARY_SERVER_HOST_NAME=<external hostname of secondary nciserver>
    
    export EXTERNAL_PRIMARY_SERVER_HOST_NAME=<external hostname of primary nciserver>
    
    export PRIMARY_NAME_SERVER_PORT=9081
    
    export SECONDARY_NAME_SERVER_PORT=9081
    
    #
    # End Set Variables
    #
    
    /home/netcool/bin/geo_redundancy_impactgui.sh
    
    echo "Geo specific configuration script end."
    Where:
    • <release-name> is the name that is specified for the release in the Netcool Operations Insight CR YAML file.
    • <LOCAL_SECONDARY_SERVER_NAME> is the local hostname of the <release-name>-nciserver-0 pod on the secondary cluster, for example, backup-nciserver-0.backup-nciservers.backup.svc.cluster.local. This name can be found by running the hostname -f command, when logged in to the secondary nciserver pod.
    • <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and <EXTERNAL_SECONDARY_SERVER_HOST_NAME> are the hostnames where the Netcool/Impact ports are exposed externally from the primary and secondary clusters, potentially where the load balancer is running. Examples of <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and <EXTERNAL_SECONDARY_SERVER_HOST_NAME> are api.primary.cp.ibm.com and api.backup.cp.ibm.com.
  2. Save the <release-name>-impactgui-startup-scripts configmap.
  3. After the nciserver pod on the secondary cluster starts, extract its certificates by using openssl:
    openssl s_client -showcerts -verify 5 -connect  EXTERNAL_SECONDARY_SERVER_HOST_NAME:9081 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="certsecondary"a".pem"; print >out}'

    The <EXTERNAL_SECONDARY_SERVER_HOST_NAME> variable is the hostname where the Netcool/Impact ports are exposed externally from the secondary cluster and potentially where the load balancer is running. An example of an <EXTERNAL_SECONDARY_SERVER_HOST_NAME > variable is api.secondary.cp.ibm.com.

    The openssl command creates two PEM files per host in the current directory:
    -rw-r--r--   1 root root     1537 Oct 27 02:55 certsecondary1.pem
    -rw-r--r--   1 root root     1212 Oct 27 02:55 certsecondary2.pem
  4. Create or edit the -impactgui-external-cacerts configmap for the primary impactgui pod to load the secondary certificates. Copy the two PEM files that were created in the previous step to the primary cluster API host. Then, run the following command on the primary cluster to create the configmap that contains the certificates from the secondary cluster.
    kubectl create configmap <release-name>-impactgui-external-cacerts --from-file=./certsecondary1.pem  --from-file=./certsecondary2.pem
  5. Restart the impactgui pod on the secondary cluster.
  6. Restart the secondary Netcool/Impact server and GUI by scaling up the secondary Netcool/Impact server and GUI pods:
    oc scale sts/<release-name>-nciserver --replicas=${REPLICAS} -n secondary
    oc scale sts/<release-name>-impactgui --replicas=${REPLICAS} -n secondary