Configuring primary and secondary Impact servers

Complete the following steps to configure geo-redundancy for your primary and secondary IBM® Tivoli® Netcool®/Impact servers.

Before you begin

Procedure

On the primary Netcool/Impact server, complete the following steps to set external hosts and import certificates from the secondary Netcool/Impact server.

  1. Edit the <release-name>-nciserver-config ConfigMap. Add the following lines after -Xgc:classUnloadingKickoffThreshold=100:
    -Djava.rmi.server.hostname=<external_hostname>
    Where:
    • <release-name> is the name that is specified for the release in the Netcool Operations Insight® CR YAML file.
    • <external_hostname> is the api or infrastructure (inf) node DNS address.

    Save the <release-name>-nciserver-config ConfigMap.

  2. Edit the <release-name>-nciserver-startup-scripts ConfigMap and in the Pre server startup script section, add the following lines, as in the following example:
    Note: In this example, a small range of RMI ports is used. These values can differ in your environment.
    # 
    # Pre server startup script  
    #
    
    echo "Running pre-server startup custom scripts"
    
    echo "Geo specific configuration scripts"
    
    # 
    # Set Variables for the Local and Remote Server names, and Name Server ports 
    #
    
    export LOCAL_PRIMARY_SERVER_HOST_NAME=<local hostname of primary nciserver>
    
    export EXTERNAL_PRIMARY_SERVER_HOST_NAME=<external hostname of primary nciserver>
    
    export EXTERNAL_SECONDARY_SERVER_HOST_NAME=<external hostname of secondary nciserver>
    
    export PRIMARY_NAME_SERVER_PORT=9081
    
    export SECONDARY_NAME_SERVER_PORT=9081
    
    export PRIMARY_DERBY_PORT=1527
    
    export SECONDARY_DERBY_PORT=1527
    
    export RMI_PORT=3000
    
    export RMI_PORT_RANGE_START=3001
    
    export RMI_PORT_RANGE_END=3002
    
    export PRIMARY_RELEASE_NAME=<the release name of the Netcool Operations Insight deployment on the primary OCP cluster>
    export SECONDARY_RELEASE_NAME=<the release name of the Netcool Operations Insight deployment on the secondary OCP cluster>
    
    # 
    # End Set Variables 
    #
    
    /home/netcool/bin/geo_redundancy_main_separate_servers.sh
    
    echo "Geo specific configuration script end."
    Where:
    • <LOCAL_PRIMARY_SERVER_HOST_NAME> is the local hostname of the <release-name>-nciserver-0 pod on the primary cluster, for example, primary-nciserver-0.primary-nciservers.primary.svc.cluster.local. This name can be found by running the hostname -f command, when logged in to the primary nciserver pod.
    • <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and <EXTERNAL_SECONDARY_SERVER_HOST_NAME> are the hostnames where the Netcool/Impact ports are exposed externally from the primary and secondary clusters, potentially where the load balancer is running. Examples of <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and <EXTERNAL_SECONDARY_SERVER_HOST_NAME> are api.primary.cp.ibm.com and api.backup.cp.ibm.com.
  3. Save the <release-name>-nciserver-startup-scripts ConfigMap.
  4. Start the nciserver pod on the primary cluster.
  5. After the nciserver pod on the primary cluster starts, extract its certificates by using openssl:
    openssl s_client -showcerts -verify 5 -connect  EXTERNAL_PRIMARY_SERVER_HOST_NAME:9081 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="certprimary"a".pem"; print >out}'

    The EXTERNAL_PRIMARY_SERVER_HOST_NAME variable is the hostname where the Netcool/Impact ports are exposed externally from the primary cluster, potentially where the load balancer is running. An example of an <EXTERNAL_PRIMARY_SERVER_HOST_NAME> variable is api.primary.cp.ibm.com.

    The openssl command creates two PEM files per host in the current directory:

    -rw-r--r--   1 root root     1537 Oct 27 02:55 certprimary1.pem
    -rw-r--r--   1 root root     1212 Oct 27 02:55 certprimary2.pem
  6. Create or edit the <releasename>-nciserver-external-cacerts ConfigMap for the backup nciserver pod to load the primary certificates. Copy the two PEM files that were created in the previous step to the backup cluster. Then, run the following command on the backup cluster to create the ConfigMap that contains the certificates from the primary cluster.
    kubectl create configmap <release-name>-nciserver-external-cacerts --from-file=./certprimary1.pem --from-file=./certprimary2.pem

    For more information, see Enabling SSL communications from Netcool/Impact on Red Hat OpenShift.

  7. Rescale the primary pod to zero:
    oc scale sts/<release-name>-nciserver --replicas=0 -n primary

On the secondary Netcool/Impact server, complete the following steps to set external hosts and import certificates from the primary Netcool/Impact server.

  1. Edit the <release-name>-nciserver-config ConfigMap on the secondary cluster. Add the following lines after -Xgc:classUnloadingKickoffThreshold=100:
    -Djava.rmi.server.hostname=<external_hostname>
    Where:
    • <release-name> is the name that is specified for the release in the Netcool Operations InsightCR YAML file.
    • <external_hostname> is the api or infrastructure (inf) node DNS address.

    Save the <release-name>-nciserver-config ConfigMap.

  2. Edit the <release-name>-secondary-nciserver-startup-scripts ConfigMap and in the Pre server startup script section, add the following lines, as in the following example:
    Note: In this example, a small range of RMI ports is used. These values can differ in your environment.
    # 
    # Pre server startup script  
    #
    
    echo "Running pre-server startup custom scripts"
    
    echo "Geo specific configuration scripts"
    
    # 
    # Set Variables for the Local and Remote Server names, and Name Server ports 
    #
    
    export LOCAL_SECONDARY_SERVER_HOST_NAME=<local hostname of secondary nciserver>
    
    export EXTERNAL_PRIMARY_SERVER_HOST_NAME=<external hostname of primary nciserver>
    
    export EXTERNAL_SECONDARY_SERVER_HOST_NAME=<external hostname of secondary nciserver>
    
    export PRIMARY_NAME_SERVER_PORT=9081
    
    export SECONDARY_NAME_SERVER_PORT=9081
    
    export PRIMARY_DERBY_PORT=1527
    
    export SECONDARY_DERBY_PORT=1527
    
    export RMI_PORT=3000
    
    export RMI_PORT_RANGE_START=3001
    
    export RMI_PORT_RANGE_END=3002
    
    export PRIMARY_RELEASE_NAME=<the release name of the Netcool Operations Insight deployment on the primary OCP cluster>
    export SECONDARY_RELEASE_NAME=<the release name of the Netcool Operations Insight deployment on the secondary OCP cluster>
    
    # 
    # End Set Variables 
    #
    
    /home/netcool/bin/geo_redundancy_main_separate_servers.sh
    
    echo "Geo specific configuration script end."
    Where:
    • <LOCAL_SECONDARY_SERVER_HOST_NAME> is the local hostname of the <release-name>-nciserver-0 pod on the secondary cluster, for example, backup-nciserver-0.backup-nciservers.backup.svc.cluster.local. This name can be found by running the hostname -f command, when logged in to the secondary nciserver pod.
    • <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and <EXTERNAL_SECONDARY_SERVER_HOST_NAME> are the hostnames where the Netcool/Impact ports are exposed externally from the primary and secondary clusters, potentially where the load balancer is running. Examples of <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and <EXTERNAL_SECONDARY_SERVER_HOST_NAME> are api.primary.cp.ibm.com and api.backup.cp.ibm.com.
  3. Save the <release-name>-secondary-nciserver-startup-scripts ConfigMap.
  4. Start the nciserver pod on the secondary cluster.
  5. After the nciserver pod on the secondary cluster starts, extract its certificates by using openssl:
    openssl s_client -showcerts -verify 5 -connect  EXTERNAL_SECONDARY_SERVER_HOST_NAME:9081 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="certsecondary"a".pem"; print >out}'

    The EXTERNAL_SECONDARY_SERVER_HOST_NAME variable is the hostname where the Netcool/Impact ports are exposed externally from the secondary cluster, potentially where the load balancer is running. An example of an <EXTERNAL_SECONDARY_SERVER_HOST_NAME > variable is api.secondary.cp.ibm.com.

    The openssl command creates two PEM files per host in the current directory:

    -rw-r--r--   1 root root     1537 Oct 27 02:55 certsecondary1.pem
    -rw-r--r--   1 root root     1212 Oct 27 02:55 certsecondary2.pem
  6. Create or edit the <releasename>-nciserver-external-cacerts ConfigMap for the primary nciserver pod to load the secondary certificates. Copy the two PEM files that were created in the previous step to the primary cluster. Then, run the following command on the primary cluster to create the ConfigMap that contains the certificates from the secondary cluster.
    kubectl create configmap <release-name>-nciserver-external-cacerts --from-file=./certsecondary1.pem  --from-file=./certsecondary2.pem

    For more information, see Enabling SSL communications from Netcool/Impact on Red Hat OpenShift.

  7. Rescale the secondary pod to zero:
    oc scale sts/<release-name>-nciserver --replicas=0 -n secondary
  8. Start the primary pod. When it is fully running, start the secondary pod.
  9. Rescale the primary pod to one:
    oc scale sts/<release-name>-nciserver --replicas=1 -n primary
  10. Wait for the primary pod to start before you start the secondary pod.
  11. Rescale the secondary pod to one:
    oc scale sts/<release-name>-nciserver --replicas=1 -n secondary