Enabling SSL communications from Netcool/Impact on Red Hat OpenShift

Learn how to configure Secure Sockets Layer (SSL) communications from IBM® Tivoli® Netcool®/Impact on Red Hat® OpenShift®.

About this task

For information about enabling SSL communications from an on-premises deployment of Netcool/Impact, see https://www.ibm.com/docs/SSSHYH_7.1.0/admin/imag_enablingssl_for_external_servers.html external link.

To enable SSL communications from an Netcool Operations Insight® on OpenShift deployment, complete the following steps:

Procedure

  1. Add your external certificate to the YAML file:
    vi <release-name>-nciserver-external-cacerts.yaml
    For example:
    Note: You must indent the certificate in the YAML file.
    apiVersion: v1
    kind: ConfigMap
    metadata:
         name: <release-name>-nciserver-external-cacerts
    data:
         file.crt: |
           -----BEGIN CERTIFICATE-----
           MIIDRTCCAi2gAwIBAgIJAMWULciaKp4bMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
           ..
           WkUE81/qflUaSOVZRneo3xvkmYNfiYBkpw==
           -----END CERTIFICATE-----
    Where <release-name> is your deployed release name.
  2. Generate the configmap from the YAML file, by running the kubectl create command, as in the following example:
    kubectl create -f <release-name>-nciserver-external-cacerts.yaml
    The configmap can also be created from the certificate, as in the following example:
    kubectl create configmap <release-name>-nciserver-external-cacerts --from-file=./cert.pem
  3. If you deployed Netcool Operations Insight on OpenShift with the CLI, complete the following steps:
    1. Create the nciserver.importNCICACerts.enabled property and set it to true in the custom resource YAML file, as in the following example:
      helmValuesNOI:
           nciserver.importNCICACerts.enabled: true
      Edit one of the following custom resource YAML files:
      • For a cloud deployment with the CLI: deploy/crds/noi.ibm.com_nois_cr.yaml
      • For a hybrid deployment with the CLI: deploy/crds/noi.ibm.com_noihybrids_cr.yaml
    2. Apply the nciserver.importNCICACerts.enabled property by running the following command:
      kubectl apply -f <custom-resource-file-name>.yaml
      Where <custom-resource-file-name> is the file name and path of your custom resource YAML file, for example deploy/crds/noi.ibm.com_nois_cr.yaml.
  4. If you deployed Netcool Operations Insight on OpenShiftwith the Operator Lifecycle Manager (OLM) console, as described in the Installing Netcool Operations Insight with the Operator Lifecycle Manager (OLM) user interface topic, complete the following steps:
    1. Edit the deployment from the OLM console. Edit and save the YAML file directly in the console. Your changes are auto-deployed.
  5. Delete the Netcool/Impact core server pod with the kubectl delete command:
    kubectl delete pod <release-name>-nciserver-0
    The Netcool/Impact core server pod is restarted with the external certs in the trust.jks file. SSL communications from the Netcool/Impact core server pod is enabled.