Configuring authentication

Passwords are stored in secrets. Manually create the passwords and secrets that are required by IBM Netcool Operations Insight® prior to install, or let the installer generate the required passwords and secrets for you.

Overview of required secrets

The following secrets are required for the IBM Netcool Operations Insight installation.
Table 1: Secrets required for a IBM Netcool Operations Insight cloud deployment
Users requiring password Corresponding secret Data key(s) in secret
smadmin release_name-was-secret WAS_PASSWORD
impactadmin release_name-impact-secret IMPACT_ADMIN_PASSWORD
icpadmin release_name-icpadmin-secret ICP_ADMIN_PASSWORD
OMNIbus root release_name-omni-secret OMNIBUS_ROOT_PASSWORD
LDAP admin release_name-ldap-secret LDAP_BIND_PASSWORD
couchdb release_name-couchdb-secret password username=root secret=couchdb
internal user release_name-ibm-hdm-common-ui-session-secret session
internal user release_name-systemauth-secret password username=system
hdm release_name-cassandra-auth-secret username password
redis release_name-ibm-redis-authsecret username password
kafka release_name-kafka-admin-secret username password
admin release_name-kafka-client-secret username password
Where <release_name> is the name of your deployment, as specified by the value used for name (Operator Lifecycle Manager UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml or noi.ibm.com_nois_cr.yaml files (YAML view).

Create these passwords and secrets manually, or leave the installer to create the passwords and secrets automatically and then retrieve the passwords post-install.

Automatic creation of passwords and secrets

The Netcool® Operations Insight installer uses existing passwords and secrets. If any of the required passwords and secrets do not exist, then the installer automatically creates random passwords for the required passwords and then creates the required secrets from these passwords. For automatic creation of passwords and secrets, use the following procedure.
  1. Proceed with the installation, using Installing. If you set the LDAP mode to proxy, then you must manually configure the passwords and secrets for LDAP admin and impactadmin before you install. For information on how to create the secrets release_name-impact-secret and release_name-ldap-secret, refer to the Manual creation of passwords and secrets section. The LDAP admin role is used to verify users in the external LDAP. For more information, see Creating users on an external LDAP server.
  2. After installation has successfully completed, you can extract the passwords from the secrets. See Retrieving passwords from secrets.

Manual creation of passwords and secrets

To create all the required passwords and secrets manually, use the following procedure. All passwords must be less than 32 characters long and contain only alphanumeric characters.
  1. Create passwords for the users in Table 1 if these do not already exist.
  2. Use the following commands to create the required secrets:
    oc create secret generic release_name-icpadmin-secret --from-literal=ICP_ADMIN_PASSWORD=icpadmin_password --namespace namespace
    oc create secret generic release_name-impact-secret --from-literal=IMPACT_ADMIN_PASSWORD=impact_password --namespace namespace
    oc create secret generic release_name-ldap-secret --from-literal=LDAP_BIND_PASSWORD=ldap_password --namespace namespace
    oc create secret generic release_name-omni-secret --from-literal=OMNIBUS_ROOT_PASSWORD=ObjServ_password --namespace namespace
    oc create secret generic release_name-was-secret --from-literal=WAS_PASSWORD=OMNI_password --namespace namespace
    oc create secret generic release_name-couchdb-secret --from-literal=password=couchdb_password --from-literal=secret=couchdb --from-literal=username=root --namespace namespace
    oc create secret generic release_name-systemauth-secret --from-literal=password=interpod_password --from-literal=username=system --namespace namespace
    oc create secret generic release_name-ibm-hdm-common-ui-session-secret --from-literal=session=interpod_password --namespace namespace
    oc create secret generic release_name-cassandra-auth-secret --from-literal=username=hdm_username --from-literal=password=interpod_password --namespace namespace
    oc create secret generic release_name-ibm-redis-authsecret --from-literal=username=redis_username --from-literal=password=interpod_password --namespace namespace
    oc create secret generic release_name-kafka-admin-secret --from-literal=username=ka_admin_username --from-literal=password=interpod_password --namespace namespace
    oc create secret generic release_name-kafka-client-secret --from-literal=username=ka_client_username --from-literal=password=interpod_password --namespace namespace
    Where
    • icpadmin_password is the password for icpadmin. For more information, see Default users.
    • impact_password is the password for impactadmin.
    • ldap_password is the password of your organization's LDAP server.
    • ObjServ_password is the root password to set for the Netcool/OMNIbus ObjectServer.
    • OMNI_password is the password for OMNIbus admin user.
    • couchdb_password is the password for the internal couch.
    • interpod_password is the password for communication between pods.
    • hdm_username default is hdm. Do not use cassandra.
    • redis_username default is redis.
    • ka_admin_username default is kafka.
    • ka_client_username default is admin.
    • release_name is the name that you will use for your Netcool Operations Insight on OpenShift deployment in name (OLM UI Form view), or name in the metadata section of the noi.ibm.com_nois_cr.yaml file (YAML view).
    • namespace is the name of the namespace into which you want to install Netcool Operations Insight.
  3. Proceed with the installation, using Installing.

If you want to change a password after installation, see Changing passwords and recreating secrets.