Hybrid operator properties
This topic lists the operator properties that can be configured for your hybrid installation. The first table lists the installation properties that are required specifically for a hybrid installation, while the second table lists the properties that are common to both a Cloud and a Hybrid installation.
The following tables present the properties in alphabetical order. Where no value is given for the default, this means that the default for that operator in the YAML file is empty.
Installation properties required specifically for a hybrid installation
The following table lists the installation properties that are required specifically for a hybrid installation.
Property | Description | Default |
---|---|---|
backupRestore.enableAnalyticsBackups |
Cloud: This parameter must be set to Hybrid: This parameter must be set to If set to |
false |
dash.crossRegionUrls | Cross region URLs. | [] |
dash.trustedCAConfigMapName | Config map containing CA certificates to be trusted | |
dash.url |
URL of the DASH server, for example, 'protocol://fully.qualified.domain.name:port'. For load balanced environments, use the URL of the load balancer. |
|
dash.username | Username for connecting to on-premise DASH. | |
helmValuesNOI.ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyURLs |
Proxy URLs by comma separation. Required on the backup cluster (optional on primary) if you want to activate the Disaster Recovery (DR) service. For more information, see HAProxy configuration. |
|
helmValuesNOI.ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxySSLCheck |
To enable and disable SSL, check for the connection with primary deployment.
Note: Valid for backup deployment only. |
false |
helmValuesNOI.ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyCertificateConfigMap |
A name of configmap with root certificates for proxies.
Note: Valid for backup deployment only. |
false |
helmValuesNOI.ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.numberOfProxyConnectionCheck |
Numbers of check for primary availability need to be done before backup to take charge as acting primary.
Note: Valid for backup deployment only. |
10 |
helmValuesNOI.ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.intervalBetweenRetry |
Interval between each check to primary availability. The value is in milliseconds. Note: Valid for backup deployment only. |
1000 |
helmValuesNOI.ibm-ea-dr-coordinator-service.coordinatorSettings.logLevel | Log level for coordinator service. | DEBUG |
objectServer.backupHost | Hostname of the backup ObjectServer. | |
objectServer.backupPort | Port number of the backup ObjectServer. | 4100 |
objectServer.deployPhase | This setting determines when the OMNIbus CNEA schema is deployed. | install |
objectServer.primaryHost | Hostname of the primary ObjectServer. | |
objectServer.primaryPort | Port number of the primary ObjectServer. | 4100 |
objectServer.sslRootCAName | This is used to specify the CN name for the CA certificate | |
objectServer.sslVirtualPairName | Only needed when setting up an SSL connection to the ObjectServer pair | |
objectServer.username | Username for connecting to the on-premises ObjectServer. | root |
objectServer.collectionLayer.collectionBackupHost | Optional: Hostname of the backup host for connecting to the collection layer of the on-premises ObjectServer. Currently only applies to the topology analytics probe. | |
objectServer.collectionLayer.collectionBackupPort Draft comment: DEIRDRELAWTON
asm-tracking #4008 and #4199 |
Optional: Port for backup host for connecting to the collection layer of the on-premises ObjectServer. Currently only applies to the topology analytics probe. | |
objectServer.collectionLayer.collectionDeployPhase Draft comment: DEIRDRELAWTON
asm-tracking #4008 and #4199 |
Optional: Deploy phase for connecting to the
collection layer of the on-premises ObjectServer. Currently only applies to the topology analytics probe. Note: If you set the
objectServer.collectionLayer.collectionUsername value to connect to a non-root
user, you must set the objectServer.collectionLayer.collectionDeployPhase value to
none and pre-configure the ObjectServer schema. For more information, see Configuring the probe and gateway for a hybrid system. |
|
objectServer.collectionLayer.collectionPrimaryHost Draft comment: DEIRDRELAWTON
asm-tracking #4008 and #4199 |
Optional: Hostname of the primary host for connecting to the collection layer of the on-premises ObjectServer. Currently only applies to the topology analytics probe. | |
objectServer.collectionLayer.collectionPrimaryPort Draft comment: DEIRDRELAWTON
asm-tracking #4008 and #4199 |
Optional: Port of the primary host for connecting to the collection layer of the on-premises ObjectServer. Currently only applies to the topology analytics probe. | |
objectServer.collectionLayer.collectionSslRootCAName Draft comment: DEIRDRELAWTON
asm-tracking #4008 and #4199 |
Optional: This parameter is used to specify the CN name for the CA certificate. Currently only applies to the topology analytics probe. | |
objectServer.collectionLayer.collectionSslVirtualPairName Draft comment: DEIRDRELAWTON
asm-tracking #4008 and #4199 |
Optional: This parameter is only needed when setting up an SSL connection to the ObjectServer pair. Currently only applies to the topology analytics probe. | |
objectServer.collectionLayer.collectionUsername Draft comment: DEIRDRELAWTON
asm-tracking #4008 and #4199 |
Optional: User name for connecting to the collection
layer of the on-premises ObjectServer. Currently only applies to the topology analytics probe. Note: If you set the
objectServer.collectionLayer.collectionUsername value to connect to a non-root
user, you must set the objectServer.collectionLayer.collectionDeployPhase value to
none and pre-configure the ObjectServer schema. For more information, see Configuring the probe and gateway for a hybrid system. |
|
serviceContinuity.continuousAnalyticsCorrelation |
Cloud: This parameter must be set to Hybrid: This parameter must be set to |
false |
serviceContinuity.isBackupDeployment |
If Determines the deployment state of the coordinator service. When set to Cloud: This parameter must be set to |
false |
webgui.url | URL of the Web GUI server, for
example:
Note: Ensure
that
/webtop is included at the end of the Web GUI server
URL.For load balanced environments, use the load balancer host and port. Draft comment: DEIRDRELAWTON
Sept 2020 #6893 |
Installation properties common to both a Cloud and a Hybrid installation
Property | Description | Default |
---|---|---|
advanced.antiAffinity | To prevent primary and backup server pods from being installed on the same worker node, set
this option to true . When enabled, anti-affinity is configured for
affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution. |
false |
advanced.imagePullPolicy | The default pull policy is IfNotPresent , which causes the kubelet to skip
pulling an image that already exists. |
IfNotPresent |
advanced.imagePullRepository | Docker registry that all component images are pulled from. Defaults to the IBM Entitled Registry, cp.icr.io Note: Trailing forward slash in the Image Pull Repository parameters causes
datalayer not to deploy. A blockage occurs in the installation process because the datalayer pod fails due to the invalid image name. To fix the issue, you have to uninstall and reinstall without the trailing forward slash. |
cp.icr.io/cp/noi |
clusterDomain | Use the fully qualified domain name (FQDN) to formulate the clusterDomain property, using the
following formula:
Note: The
apps prefix must be included in the FQDN. For more information see this Red Hat® OpenShift documentation:
https://docs.openshift.com/container-platform/4.10/installing/installing_bare_metal/installing-bare-metal-network-customizations.html#installation-dns-user-infra_installing-bare-metal-network-customizations |
|
deploymentType | Deployment type (trial or production). | trial |
entitlementSecret | Entitlement secret to pull images. | |
global.networkpolicies.enabled | Set this property to false if you want to omit the network policies from the
installation. |
true |
global.service.nodePort.enable | Enables nodePort communication. For more information, see Configuring ObjectServer and proxy service types. | |
helmValuesASM.asm.aaionap.enabled | Enables the Open Network Automation Platform (ONAP) Active and Available Inventory (AAI) service. For more information, see Configuring the ONAP AAI service. | |
helmValuesNOI.ibm-noi-bkuprestore.noibackuprestore.backupDestination.hostname | Optional: The destination hostname of the machine where the backups are copied
to. Note: Valid for primary deployment only.
|
false
|
helmValuesNOI.ibm-noi-bkuprestore.noibackuprestore.backupDestination.username |
Optional: The username on the destination hostname that does the SCP copy. Note: Valid for primary deployment only.
|
false
|
helmValuesNOI.ibm-noi-bkuprestore.noibackuprestore.backupDestination.directory | Optional: The directory on the destination hostname that receives the
backups. Note: Valid for primary deployment only.
|
false
|
helmValuesNOI.ibm-noi-bkuprestore.noibackuprestore.backupDestination.secretName |
Optional: The Kubernetes secret name, which contains the private ssh key that is used to
do the SCP. The secret key Note: Valid for primary deployment only.
If you want to use SCP, set this property before installing Netcool Operations Insight. |
false
|
helmValuesNOI.ibm-noi-bkuprestore.noibackuprestore.schedule | Optional: It is the Cron schedule format that is used to determine how often the
backups are taken. See
https://en.wikipedia.org/wiki/Cron for more details on this used approach for running
scheduled runs. Note: Valid for primary deployment only.
|
Every 3 minutes |
helmValuesNOI.ibm-noi-bkuprestore.noibackuprestore.claimName |
Optional: The PVC claim name that is used to store the backups. An empty value implies no
use of Kubernetes persistent storage.
Note: Valid for primary deployment only.
This property must be specified before the NOI deployment if Kubernetes persistent storage is required. |
false
|
helmValuesNOI.ibm-noi-bkuprestore.noibackuprestore.maxbackups | Optional: The maximum number of historic policy backups to keep on the persistent
volume to preserve storage space. Note: Valid for primary deployment only.
|
10
|
helmValuesNOI.nciserver.importNCICACerts.enabled | Enables SSL communications from IBM Tivoli Netcool/Impact. For more information, see Enabling SSL communications from Netcool/Impact on Red Hat OpenShift and Netcool/Impact core server configmap. | |
helmValuesNOI.global.cassandra.clientEncryption | Enables TLS for Cassandra client communication. | False |
helmValuesNOI.cassandra.requireClientAuth | Enables mutual TLS (mTLS). To enable mTLS, the enableMTLS property is also
required. |
False |
helmValuesNOI.cassandra.enableMTLS | Enables mTLS. To enable mTLS, the requireClientAuth property is also
required. |
False |
helmValuesNOI.ibm-hdm-analytics-dev.cassandra.internodeEncryption | Enables mTLS for Cassandra internode and inter-cluster communication. The values can be
either dc (within a data center), all , or
none . |
None |
integrations.humio.repository | Internal repository for Humio data. | |
integrations.humio.url | URL of the Humio server. Set the value of this property to a URL in order to enable the
Search Humio event action. |
|
ldap.baseDN | Configure the LDAP base entry by specifying the base distinguished name (DN). Note: If the
value contains spaces, enclose the value in double quotation marks
(").
|
dc=mycluster,dc=icp |
ldap.bindDN | Configure LDAP bind user identity by specifying the bind distinguished name (bind
DN). Note: If the value contains spaces, enclose the value in double quotation marks
(").
|
cn=admin,dc=mycluster,dc=icp |
ldap.groupFilter | Set LDAP group filter. Note: Spaces are not supported in the value for the
ldap.groupFilter parameter.
|
uid=%s,ou=groups |
ldap.mode | Choose (standalone) for a built-in LDAP server or (proxy) and connect to an external
organization LDAP server. Note: Set LDAP properties as follows:
|
standalone |
ldap.port | Configure the port of your organization's LDAP server. If you need LDAP users that are created in the ObjectServers, set the LDAP port to 389 and set the sslPort to 636. For more information, see Pod fails to connect to LDAP. | 389 |
ldap.serverType | Set LDAP user filter. | CUSTOM |
ldap.sslPort | Configure the SSL port of your organization's LDAP server. If you need LDAP users that are created in the ObjectServers, set the LDAP port to 389 and set the sslPort to 636. For more information, see Pod fails to connect to LDAP. | 636 |
ldap.storageClass | LDAP storage class. Update this to a valid storage class. | |
ldap.storageSize | LDAP storage size. | 1Gi |
ldap.suffix | Configure the top entry in the LDAP directory information tree .(DIT). | dc=mycluster,dc=icp |
ldap.url | Configure the URL of your organization's LDAP server. | ldap://localhost:389 |
ldap.userFilter | Set LDAP user filter. Note: If the value contains spaces, enclose the value in double
quotation marks (").
|
uid=%s,ou=users |
license.accept | Agreement to license. | false |
persistence.enabled | Enable persistence storage. | false |
persistence.storageClassCassandraBackup | CassandraBackup storage class. | |
persistence.storageClassCassandraData | CassandraData storage class. | |
persistence.storageClassCouchdb | Couchdb storage class. | |
persistence.storageClassDB2 | Db2®
storage class. This property was removed in version 1.6.3.1. Select
Availability: |
|
persistence.storageClassElastic | Elasticsearch storage class. | |
persistence.storageClassImpactGUI | ImpactGUI storage class. | |
persistence.storageClassImpactServer | ImpactServer storage class. | |
persistence.storageClassKafka | Kafka storage class. | |
persistence.storageClassNCOBackup | NCOBackup storage class. | |
persistence.storageClassNCOPrimary | NCOPrimary storage class. | |
persistence.storageClassZookeeper | Zookeeper storage class. | |
persistence.storageSizeCassandraBackup | CassandraBackup storage size. | 50Gi |
persistence.storageSizeCassandraData | CassandraData storage size. | 50Gi |
persistence.storageSizeCouchdb | Couchdb storage size. | 5Gi |
persistence.storageSizeDB2 | Db2 storage size. This property was removed in version 1.6.3.1. Select Availability: |
5Gi |
persistence.storageSizeElastic | Elasticsearch storage size. | 75Gi |
persistence.storageSizeImpactGUI | ImpactGUI storage size. | 5Gi |
persistence.storageSizeImpactServer | ImpactServer storage size. | 5Gi |
persistence.storageSizeKafka | Kafka storage size. | 50Gi |
persistence.storageSizeNCOBackup | NCOBackup storage size. | 5Gi |
persistence.storageSizeNCOPrimary | NCOPrimary storage size. | 5Gi |
persistence.storageSizeZookeeper | Zookeeper storage size. | 5Gi |
topology.appDisco.db2database | Name of Db2 instance. Default value: taddm |
|
topology.appDisco.db2archuser | Name of database archive user. Default value: archuser |
|
topology.appDisco.dbport | Post of Db2 server. Default value: 50000 |
|
topology.appDisco.db2user | Name of database user. Default value: db2inst1 |
|
topology.appDisco.scaleSSS | Value must be greater than 0. Default value: 1 |
|
topology.appDisco.scaleDS | Value must be greater than 0. Default value: 1 |
|
topology.appDisco.enabled | Enable Application Discovery services and its observer. |
false |
topology.appDisco.dburl | Db2 Host URL for Application Discovery. | |
topology.appDisco.dbsecret | Db2 secret for Application Discovery. | |
topology.appDisco.secure | Enable secure connection to Db2 Host URL for Application Discovery. | false |
topology.appDisco.certSecret | This secret must contain the Db2 certificate by the name tls.crt
Applicable only if the
property name is secure. |
|
topology.enabled | Enable topology. | true |
topology.iafCartridgeRequirementsName | Do not edit this parameter. | |
topology.netDisco | Enable Network Discovery services and its observer. | false |
topology.observers.alm | Enable ALM observer. | false |
topology.observers.ansibleawx | Enable Ansible® AWX observer. | false |
topology.observers.appdynamics | Enable AppDynamics observer. | false |
topology.observers.aws | Enable AWS observer. | false |
topology.observers.azure | Enable Azure observer. | false |
topology.observers.bigfixinventory | Enable Bigfixinventory observer. | false |
topology.observers.cienablueplanet | Enable Cienablueplanet observer. | false |
topology.observers.ciscoaci | Enable Ciscoaci observer. | false |
topology.observers.contrail | Enable Contrail observer. | false |
topology.observers.dns | Enable DNS observer. | false |
topology.observers.docker | Enable Docker observer. | false |
topology.observers.dynatrace | Enable Dynatrace observer. | false |
topology.observers.file | Enable File observer. | false |
topology.observers.googlecloud | Enable Googlecloud observer. | false |
topology.observers.ibmcloud | Enable Ibmcloud observer. | false |
topology.observers.itnm | Enable ITNM observer. | false |
topology.observers.jenkins | Enable Jenkins observer. | false |
topology.observers.junipercso | Enable Junipercso observer. | false |
topology.observers.kubernetes | Enable Kubernetes observer. | false |
topology.observers.newrelic | Enable Newrelic observer. | false |
topology.observers.openstack | Enable Openstack observer. | false |
topology.observers.rancher | Enable Rancher observer. | false |
topology.observers.rest | Enable REST observer. | false |
topology.observers.servicenow | Enable Servicenow observer. | false |
topology.observers.taddm | Enable TADDM observer. | false |
topology.observers.vmvcenter | Enable Vmvcenter observer. | false |
topology.observers.vmwarensx | Enable Vmwarensx observer. | false |
topology.observers.zabbix | Enable Zabbix observer. | false |
topology.storageClassElasticTopology | Elasticsearch storage class. Production only. | |
topology.storageClassFileObserver | FileObserver storage class. Production only. | |
topology.storageSizeElasticTopology | Elasticsearch storage size. Production only. | 75Gi |
topology.storageSizeFileObserver | FileObserver storage size. Production only. | 5Gi |
version | Version. | 1.6.5 |
zen.serviceInstanceName | Support for Zen is deprecated, this parameter can be removed. | iaf-zen-cpdservice |
zen.serviceNamespace | Support for Zen is deprecated, this parameter can be removed. |
asm-tracking #4008 and #4199