Enabling SSL communications from Netcool/Impact on Red Hat OpenShift

Learn how to configure Secure Sockets Layer (SSL) communications from IBM® Tivoli® Netcool®/Impact on Red Hat® OpenShift® Container Platform.

About this task

For more information about enabling SSL communications from an on-premises deployment of Netcool/Impact, see Enabling SSL connections with external servers external link.

To enable SSL communications from a Netcool Operations Insight® on OpenShift deployment, complete the following steps:

Procedure

  1. Create the configmap in either of the following ways:
    1. Add your external certificate to the YAML file:
      vi <release-name>-nciserver-external-cacerts.yaml
      The following example shows that the external certificate is added to the YAML file:
      Note: You must indent the certificate in the YAML file.
      apiVersion: v1
      kind: ConfigMap
      metadata:
           name: <release-name>-nciserver-external-cacerts
      data:
           file.crt: |
             -----BEGIN CERTIFICATE-----
             MIIDRTCCAi2gAwIBAgIJAMWULciaKp4bMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
             ..
             WkUE81/qflUaSOVZRneo3xvkmYNfiYBkpw==
             -----END CERTIFICATE-----
      In this example, <release-name> is your deployed release name.

      Next, generate the configmap from the YAML file by running the kubectl create command:

      kubectl create -f <release-name>-nciserver-external-cacerts.yaml
    2. Another way to create the configmap is to create it from the certificate:
      kubectl create configmap <release-name>-nciserver-external-cacerts --from-file=./cert.pem
  2. Add the nciserver property to the noi cr YAML file under the spec field:
      spec:    
        helmValuesNOI:
          nciserver.importNCICACerts.enabled: true
  3. You can edit the noi cr YAML file in either of the following ways:
    1. Edit from the command line:
      oc edit noi
    2. Or edit the deployment from Red Hat OpenShift Container Platform with the Operator Lifecycle Manager (OLM) console. Go to Operators > Installed Operators > IBM Cloud Pak for AIOpsEvent Manager > NOI. Then, click your NOI deployment and the YAML tab to edit and save the YAML file.
      Your changes are auto-deployed.
  4. Delete the noi-operator pod with the kubectl delete command:
    1. Get the noi-operator pod name:
      oc get pod | grep operator
    2. Delete the noi-operator pod:
      kubectl delete pod <noi-operator pod name>
    Restarting the noi-operator pod triggers the related pods, such as the nciserver pod, to restart. The Netcool/Impact core server pod is restarted with the external certificates in the trust.jks file. SSL communications from the Netcool/Impact core server pod are enabled.