Configuring authentication
Passwords are stored in secrets. Manually create the passwords and secrets that are required by IBM Netcool Operations Insight® prior to install, or let the installer generate the required passwords and secrets for you.
Overview of required secrets
The following secrets are required for the IBM Netcool Operations Insight installation.Table 1: Secrets required for a IBM Netcool Operations Insight cloud deployment
Users requiring password | Corresponding secret | Data key(s) in secret |
---|---|---|
smadmin | release_name-was-secret | WAS_PASSWORD |
impactadmin | release_name-impact-secret | IMPACT_ADMIN_PASSWORD |
icpadmin | release_name-icpadmin-secret | ICP_ADMIN_PASSWORD |
OMNIbus root | release_name-omni-secret | OMNIBUS_ROOT_PASSWORD |
LDAP admin | release_name-ldap-secret | LDAP_BIND_PASSWORD |
couchdb | release_name-couchdb-secret | password username=root secret=couchdb |
internal user | release_name-ibm-hdm-common-ui-session-secret | session |
internal user | release_name-systemauth-secret | password username=system |
hdm | release_name-cassandra-auth-secret | username password |
redis | release_name-ibm-redis-authsecret | username password |
kafka | release_name-kafka-admin-secret | username password |
admin | release_name-kafka-client-secret | username password |
Create these passwords and secrets manually, or leave the installer to create the passwords and secrets automatically and then retrieve the passwords post-install.
Automatic creation of passwords and secrets
The Netcool® Operations Insight installer uses existing passwords and secrets. If any of the required passwords and secrets do not exist, then the installer automatically creates random passwords for the required passwords and then creates the required secrets from these passwords. For automatic creation of passwords and secrets, use the following procedure.- Proceed with the installation, using Installing. If you
set the LDAP mode to
proxy
, then you must manually configure the passwords and secrets forLDAP admin
andimpactadmin
before you install. For information on how to create the secrets release_name-impact-secret and release_name-ldap-secret, refer to the Manual creation of passwords and secrets section. TheLDAP admin
role is used to verify users in the external LDAP. For more information, see Creating users on an external LDAP server. - After installation has successfully completed, you can extract the passwords from the secrets. See Retrieving passwords from secrets.
Manual creation of passwords and secrets
To create all the required passwords and secrets manually, use the following procedure. All passwords must be less than 32 characters long and contain only alphanumeric characters.- Create passwords for the users in Table 1 if these do not already exist.
- Use the following commands to create the required secrets:
Whereoc create secret generic release_name-icpadmin-secret --from-literal=ICP_ADMIN_PASSWORD=icpadmin_password --namespace namespace oc create secret generic release_name-impact-secret --from-literal=IMPACT_ADMIN_PASSWORD=impact_password --namespace namespace oc create secret generic release_name-ldap-secret --from-literal=LDAP_BIND_PASSWORD=ldap_password --namespace namespace oc create secret generic release_name-omni-secret --from-literal=OMNIBUS_ROOT_PASSWORD=ObjServ_password --namespace namespace oc create secret generic release_name-was-secret --from-literal=WAS_PASSWORD=OMNI_password --namespace namespace oc create secret generic release_name-couchdb-secret --from-literal=password=couchdb_password --from-literal=secret=couchdb --from-literal=username=root --namespace namespace oc create secret generic release_name-systemauth-secret --from-literal=password=interpod_password --from-literal=username=system --namespace namespace oc create secret generic release_name-ibm-hdm-common-ui-session-secret --from-literal=session=interpod_password --namespace namespace oc create secret generic release_name-cassandra-auth-secret --from-literal=username=hdm_username --from-literal=password=interpod_password --namespace namespace oc create secret generic release_name-ibm-redis-authsecret --from-literal=username=redis_username --from-literal=password=interpod_password --namespace namespace oc create secret generic release_name-kafka-admin-secret --from-literal=username=ka_admin_username --from-literal=password=interpod_password --namespace namespace oc create secret generic release_name-kafka-client-secret --from-literal=username=ka_client_username --from-literal=password=interpod_password --namespace namespace
- icpadmin_password is the password for icpadmin. For more information, see Default users.
- impact_password is the password for impactadmin.
- ldap_password is the password of your organization's LDAP server.
- ObjServ_password is the root password to set for the Netcool/OMNIbus ObjectServer.
- OMNI_password is the password for OMNIbus admin user.
- couchdb_password is the password for the internal couch.
- interpod_password is the password for communication between pods.
- hdm_username default is
hdm
. Do not usecassandra
. - redis_username default is
redis
. - ka_admin_username default is
kafka
. - ka_client_username default is
admin.
- release_name is the name that you will use for your Netcool Operations Insight on OpenShift deployment in name (OLM UI Form view), or name in the metadata section of the noi.ibm.com_nois_cr.yaml file (YAML view).
- namespace is the name of the namespace into which you want to install Netcool Operations Insight.
- Proceed with the installation, using Installing.
If you want to change a password after installation, see Changing passwords and recreating secrets.