Learn how to configure Secure Sockets Layer (SSL) communications from IBM®
Tivoli®
Netcool®/Impact on
Red Hat® OpenShift®.
About this task
For information about enabling SSL communications from an on-premises deployment of
Netcool/Impact,
see https://www.ibm.com/docs/SSSHYH_7.1.0/admin/imag_enablingssl_for_external_servers.html
.To enable
SSL communications from an Netcool Operations Insight® on OpenShift deployment, complete
the following steps:
Procedure
- Add your external certificate to the YAML
file:
vi <release-name>-nciserver-external-cacerts.yaml
For
example:
Note: You must indent the certificate in the YAML
file.
apiVersion: v1
kind: ConfigMap
metadata:
name: <release-name>-nciserver-external-cacerts
data:
file.crt: |
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIJAMWULciaKp4bMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
..
WkUE81/qflUaSOVZRneo3xvkmYNfiYBkpw==
-----END CERTIFICATE-----
Where
<release-name> is your deployed release name.
- Generate the configmap from the YAML file, by running the kubectl
create command, as in the following example:
kubectl create -f <release-name>-nciserver-external-cacerts.yaml
The configmap can also be created from the certificate, as in the following
example:
kubectl create configmap <release-name>-nciserver-external-cacerts --from-file=./cert.pem
- If you deployed Netcool Operations Insight on OpenShift with the CLI,
complete the following steps:
- Create the nciserver.importNCICACerts.enabled property and set it
to true in the custom resource YAML file, as in the following
example:
helmValuesNOI:
nciserver.importNCICACerts.enabled: true
Edit one of the following custom resource
YAML files:
- For a cloud deployment with the CLI:
deploy/crds/noi.ibm.com_nois_cr.yaml
- For a hybrid deployment with the CLI:
deploy/crds/noi.ibm.com_noihybrids_cr.yaml
- Apply the nciserver.importNCICACerts.enabled property by running
the following
command:
kubectl apply -f <custom-resource-file-name>.yaml
Where
<custom-resource-file-name> is the file name and path of your custom resource
YAML file, for example
deploy/crds/noi.ibm.com_nois_cr.yaml.
- If you deployed Netcool Operations Insight on OpenShiftwith the Operator
Lifecycle Manager (OLM) console, as described in the Installing Netcool Operations Insight with the Operator Lifecycle Manager (OLM) user interface
topic, complete the following steps:
- Edit the deployment from the OLM console. Edit and save the YAML file directly in the
console. Your changes are auto-deployed.
- Delete the Netcool/Impact core
server pod with the kubectl delete command:
kubectl delete pod <release-name>-nciserver-0
The Netcool/Impact core
server pod is restarted with the external certs in the trust.jks file. SSL
communications from the Netcool/Impact core
server pod is enabled.