Configuring authentication

Passwords are stored in secrets. Manually create the passwords and secrets that are needed by IBM Netcool Operations Insight® before installation. Otherwise, the installer generates the necessary passwords and secrets for you.

Overview of secrets

The following secrets are needed for the IBM Netcool Operations Insight installation.
Table 1: Secrets required for a IBM Netcool Operations Insight cloud deployment
Users requiring password Corresponding secret Data keys in secret
smadmin release_name-was-secret WAS_PASSWORD
impactadmin release_name-impact-secret IMPACT_ADMIN_PASSWORD
icpadmin release_name-icpadmin-secret ICP_ADMIN_PASSWORD
OMNIbus root release_name-omni-secret OMNIBUS_ROOT_PASSWORD
LDAP admin release_name-ldap-secret LDAP_BIND_PASSWORD
couchdb release_name-couchdb-secret password username=root secret=couchdb
internal user release_name-ibm-hdm-common-ui-session-secret session
internal user release_name-systemauth-secret password username=system
hdm release_name-cassandra-auth-secret username password
redis release_name-ibm-redis-authsecret username password
kafka release_name-kafka-admin-secret username password
admin release_name-kafka-client-secret username password
Where <release_name> is the name of your deployment, as specified by the value used for name (Operator Lifecycle Manager UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml or noi.ibm.com_nois_cr.yaml files (YAML view).

Create these passwords and secrets manually, or leave the installer to create the passwords and secrets automatically and then retrieve the passwords post-install.

Automatic creation of passwords and secrets

The Netcool® Operations Insight installer uses existing passwords and secrets. If any of the necessary passwords and secrets do not exist, then the installer automatically creates random passwords for the necessary passwords and then creates the necessary secrets from these passwords. For automatic creation of passwords and secrets, use the following procedure.
  1. Proceed with the installation, by using Installing. If you set the LDAP mode to proxy, then you must manually configure the passwords and secrets for LDAP admin and impactadmin before you install. For information about how to create the release_name-impact-secret and release_name-ldap-secret secrets, see the Manual creation of passwords and secrets section. The LDAP admin role is used to verify users in the external LDAP. For more information, see Creating users on an external LDAP server.
  2. After installation successfully completes, you can extract the passwords from the secrets. See Retrieving passwords from secrets.

Manual creation of passwords and secrets

To create all the necessary passwords and secrets manually, use the following procedure. All passwords must be fewer than 32 characters long and contain only alphanumeric characters.
  1. Create passwords for the users in Table 1 if these passwords do not already exist.
  2. Use the following commands to create the necessary secrets.
    oc create secret generic release_name-icpadmin-secret --from-literal=ICP_ADMIN_PASSWORD=icpadmin_password --namespace namespace
    oc create secret generic release_name-impact-secret --from-literal=IMPACT_ADMIN_PASSWORD=impact_password --namespace namespace
    oc create secret generic release_name-ldap-secret --from-literal=LDAP_BIND_PASSWORD=ldap_password --namespace namespace
    oc create secret generic release_name-omni-secret --from-literal=OMNIBUS_ROOT_PASSWORD=ObjServ_password --namespace namespace
    oc create secret generic release_name-was-secret --from-literal=WAS_PASSWORD=OMNI_password --namespace namespace
    oc create secret generic release_name-couchdb-secret --from-literal=password=couchdb_password --from-literal=secret=couchdb --from-literal=username=root --namespace namespace
    oc create secret generic release_name-systemauth-secret --from-literal=password=interpod_password --from-literal=username=system --namespace namespace
    oc create secret generic release_name-ibm-hdm-common-ui-session-secret --from-literal=session=interpod_password --namespace namespace
    oc create secret generic release_name-cassandra-auth-secret --from-literal=username=hdm_username --from-literal=password=interpod_password --namespace namespace
    oc create secret generic release_name-ibm-redis-authsecret --from-literal=username=redis_username --from-literal=password=interpod_password --namespace namespace
    oc create secret generic release_name-kafka-admin-secret --from-literal=username=ka_admin_username --from-literal=password=interpod_password --namespace namespace
    oc create secret generic release_name-kafka-client-secret --from-literal=username=ka_client_username --from-literal=password=interpod_password --namespace namespace
    Where
    • icpadmin_password is the password for icpadmin. For more information, see Default users.
    • impact_password is the password for impactadmin.
    • ldap_password is the password of your organization's LDAP server.
    • ObjServ_password is the root password to set for the Netcool/OMNIbus ObjectServer.
    • OMNI_password is the password for OMNIbus admin user.
    • couchdb_password is the password for the internal couch.
    • interpod_password is the password for communication between pods.
    • hdm_username default is hdm. Do not use cassandra.
    • redis_username default is redis.
    • ka_admin_username default is kafka.
    • ka_client_username default is admin.
    • release_name is the name that you will use for your Netcool Operations Insight on OpenShift deployment in name (OLM UI Form view), or name in the metadata section of the noi.ibm.com_nois_cr.yaml file (YAML view).
    • namespace is the name of the namespace into which you want to install Netcool Operations Insight.
  3. Proceed with the installation, by using Installing.

If you want to change a password after installation, see Changing passwords and re-creating secrets.