Installing the connection layer operator with the CLI
(Optional) Learn how to install the connection layer operator with the command line interface (CLI). Each connection layer operator establishes a connection to an extra ObjectServer in your hybrid environment.
Before you begin
First, deploy IBM® Netcool® Operations Insight® on Red Hat® OpenShift® in a hybrid environment. For more information, see Installing cloud native components on hybrid. This installation connects an ObjectServer aggregation pair to a Netcool Operations Insight on OpenShift instance.
Before you deploy the connection layer, create two secrets.
- Create a secret to enable cloud native components to access your
on-premises ObjectServer.
Whereoc create secret generic release_name-omni-secret --from-literal=OMNIBUS_ROOT_PASSWORD=omni_password --namespace namespace
- release_name is the name that you use for your cloud native components deployment in name (OLM UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml file (YAML view).
- namespace is the name of the namespace into which you want to install the cloud native components.
- omni_password is the root password for the on-premises Netcool/OMNIbus that you want to connect to.
- Create a secret to enable SSL communication between the OMNIbus component of your on-premises
Operations Management installation and the cloud native components. If you do not
require an SSL connection, create the secret with blank entries. Complete the following steps to
configure authentication:
- Configure OMNIbus on your on-premises Operations Management installation to use SSL, if it
is not doing so already. To check, run the command
oc get secrets -n namespace
and check whether the secretrelease_name-omnicertificate-secret
exists. If the secret does not exist and the OMNIbus components are using SSL, the following steps must be completed. - Extract the certificate from your on-premises Operations Management
installation.
Where$NCHOME/bin/nc_gskcmd -cert -extract -db "key_db" -pw password -label "cert_name" -target "ncomscert.arm"
- key_db is the name of the key database file.
- password is the password to your key database.
- cert_name is the name of your certificate.
- Copy the extracted certificate, ncomscert.arm, over to the infrastructure
node of your Red Hat
OpenShift Container Platform
cluster, or to the node on your cluster where the
oc
CLI is installed. - Create a secret for the
certificate.
Whereoc create secret generic release_name-omni-certificate-secret --from-leral=PASSWORD=password --from-file=ROOTCA=certificate --namespace namespace --from-literal=INTERMEDIATECA=""
- release_name is the name that you use for your cloud native components deployment in name (OLM UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml file (YAML view).
- password is a password of your choice.
- certificate is the path and file name of the certificate that was copied to your cluster in the previous step, ncomscert.arm.
- namespace is the name of the namespace into which you want to install the cloud native components.
Note: If the ObjectServer is not named 'AGG_V', which is the default, then you must set the global.hybrid.objectserver.config.ssl.virtualPairName parameter when you configure the installation parameters later. For more information, see Hybrid operator properties.
- Configure OMNIbus on your on-premises Operations Management installation to use SSL, if it
is not doing so already. To check, run the command
About this task
Property | Description |
---|---|
noiReleaseName | Provide the release name to be associated with the ObjectServer properties. The noiReleaseName property is the release name of the hybrid or cloud instance that must be connected with the ObjectServer aggregation pair. |
objectServer.backupHost | Hostname of the backup ObjectServer |
objectServer.backupPort | Port number of the backup ObjectServer |
objectServer.deployPhase | This setting determines when the OMNIbus Netcool Operations Insight on OpenShift schema is deployed. |
objectServer.primaryHost | Hostname of the primary ObjectServer |
objectServer.primaryPort | Port number of the primary ObjectServer |
objectServer.sslRootCAName | This property is used to specify the common name (CN) name for the certificate authority (CA) certificate |
objectServer.sslVirtualPairName | This property is only needed when you set up an SSL connection. |
objectServer.username | Username for connecting to an on-premises ObjectServer |
The operator has cluster scope permissions. It requires role-based access control (RBAC) authorization at a cluster level because it deploys and modifies Custom Resource Definitions (CRDs) and cluster roles.
Create and deploy a custom resource:
NOIConnectionLayer
, for the connection layer by completing the following
steps: