Installing the connection layer operator with the CLI

(Optional) Learn how to install the connection layer operator with the command line interface (CLI). Each connection layer operator establishes a connection to an extra ObjectServer in your hybrid environment.

Before you begin

First, deploy IBM® Netcool® Operations Insight® on Red Hat® OpenShift® in a hybrid environment. For more information, see Installing cloud native components on hybrid. This installation connects an ObjectServer aggregation pair to a Netcool Operations Insight on OpenShift instance.

Before you deploy the connection layer, create two secrets.

  1. Create a secret to enable cloud native components to access your on-premises ObjectServer.
    oc create secret generic release_name-omni-secret --from-literal=OMNIBUS_ROOT_PASSWORD=omni_password --namespace namespace
    Where
    • release_name is the name that you use for your cloud native components deployment in name (OLM UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml file (YAML view).
    • namespace is the name of the namespace into which you want to install the cloud native components.
    • omni_password is the root password for the on-premises Netcool/OMNIbus that you want to connect to.
  2. Create a secret to enable SSL communication between the OMNIbus component of your on-premises Operations Management installation and the cloud native components. If you do not require an SSL connection, create the secret with blank entries. Complete the following steps to configure authentication:
    1. Configure OMNIbus on your on-premises Operations Management installation to use SSL, if it is not doing so already. To check, run the command oc get secrets -n namespace and check whether the secret release_name-omnicertificate-secret exists. If the secret does not exist and the OMNIbus components are using SSL, the following steps must be completed.
    2. Extract the certificate from your on-premises Operations Management installation.
      $NCHOME/bin/nc_gskcmd -cert -extract -db "key_db" -pw password -label "cert_name" -target "ncomscert.arm"
      Where
      • key_db is the name of the key database file.
      • password is the password to your key database.
      • cert_name is the name of your certificate.
    3. Copy the extracted certificate, ncomscert.arm, over to the infrastructure node of your Red Hat OpenShift Container Platform cluster, or to the node on your cluster where the oc CLI is installed.
    4. Create a secret for the certificate.
      oc create secret generic release_name-omni-certificate-secret --from-leral=PASSWORD=password --from-file=ROOTCA=certificate --namespace namespace --from-literal=INTERMEDIATECA=""
      Where
      • release_name is the name that you use for your cloud native components deployment in name (OLM UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml file (YAML view).
      • password is a password of your choice.
      • certificate is the path and file name of the certificate that was copied to your cluster in the previous step, ncomscert.arm.
      • namespace is the name of the namespace into which you want to install the cloud native components.
      Note: If the ObjectServer is not named 'AGG_V', which is the default, then you must set the global.hybrid.objectserver.config.ssl.virtualPairName parameter when you configure the installation parameters later. For more information, see Hybrid operator properties.

About this task

Learn about the properties that can be specified for each connection layer:
Table 1. Connection layer properties
Property Description
noiReleaseName Provide the release name to be associated with the ObjectServer properties. The noiReleaseName property is the release name of the hybrid or cloud instance that must be connected with the ObjectServer aggregation pair.
objectServer.backupHost Hostname of the backup ObjectServer
objectServer.backupPort Port number of the backup ObjectServer
objectServer.deployPhase This setting determines when the OMNIbus Netcool Operations Insight on OpenShift schema is deployed.
objectServer.primaryHost Hostname of the primary ObjectServer
objectServer.primaryPort Port number of the primary ObjectServer
objectServer.sslRootCAName This property is used to specify the common name (CN) name for the certificate authority (CA) certificate
objectServer.sslVirtualPairName This property is only needed when you set up an SSL connection.
objectServer.username Username for connecting to an on-premises ObjectServer

The operator has cluster scope permissions. It requires role-based access control (RBAC) authorization at a cluster level because it deploys and modifies Custom Resource Definitions (CRDs) and cluster roles.

Create and deploy a custom resource: NOIConnectionLayer, for the connection layer by completing the following steps:

Procedure

  1. Note: Specify a unique release name for each connection layer.
    For each connection layer, create the custom resource by editing the parameters in the deploy/crds/<custom_resource_file_name>.yaml file, where <custom_resource_file_name> is the name of your custom resource YAML file for your cloud or hybrid deployment. Specify the connection layer release name and the ObjectServer details. For more information, see Table 1.
  2. Run the following command:
    kubectl apply -f deploy/crds/<custom_resource_file_name>.yaml

What to do next

Deploy a connection layer for each separate aggregation pair that you want to connect to a single Netcool Operations Insight on OpenShift instance.