Configuring primary and secondary Impact GUI servers
Complete the following steps to configure geo-redundancy for your primary and secondary IBM® Tivoli® Netcool®/Impact GUI servers.
Before you begin
- Ensure that you complete the prerequisites listed in Prerequisites.
- Ensure that you complete steps 1 - 6 listed in Configuring geo-redundancy for Impact.
Procedure
On the primary Netcool/Impact GUI server, complete the following steps to set external hosts and import certificates from the secondary Netcool/Impact GUI server.
- Edit the
<release-name>-impactgui-startup-scripts
configmap and in thePre server startup script section
, add the following lines, as in the following example:# # Pre server startup script # echo "Running pre-server startup custom scripts" echo "Geo specific configuration scripts" # # Set Variables for the Local and Remote Server names, and Name Server ports # export LOCAL_PRIMARY_SERVER_NAME=<local hostname of primary nciserver> export LOCAL_PRIMARY_NAME_SERVER_PORT=9081 export EXTERNAL_SECONDARY_SERVER_HOST_NAME=<external hostname of secondary nciserver> export EXTERNAL_PRIMARY_SERVER_HOST_NAME=<external hostname of primary nciserver> export PRIMARY_NAME_SERVER_PORT=9081 export SECONDARY_NAME_SERVER_PORT=9081 # # End Set Variables # /home/netcool/bin/geo_redundancy_impactgui.sh echo "Geo specific configuration script end."
Where:- <release-name> is the name that is specified for the release in the Netcool Operations Insight® CR YAML file.
- <LOCAL_PRIMARY_SERVER_NAME> is the local hostname of the
<release-name>-nciserver-0
pod on the primary cluster, for example,primary-nciserver-0.primary-nciservers.primary.svc.cluster.local
. This name can be found by running the hostname -f command, when logged in to the primarynciserver
pod. - <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and
<EXTERNAL_SECONDARY_SERVER_HOST_NAME> are the hostnames where the Netcool/Impact ports are
exposed externally from the primary and secondary clusters, potentially where the load balancer is
running. Examples of <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and
<EXTERNAL_SECONDARY_SERVER_HOST_NAME> are
api.primary.cp.ibm.com
andapi.backup.cp.ibm.com
.
- Save the
<release-name>-impactgui-startup-scripts
configmap. - After the
nciserver
pod on the primary cluster starts, extract its certificates by using openssl:openssl s_client -showcerts -verify 5 -connect <EXTERNAL_PRIMARY_SERVER_HOST_NAME>:9081 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="certprimary"a".pem"; print >out}'
The <EXTERNAL_PRIMARY_SERVER_HOST_NAME> variable is the hostname where the Netcool/Impact ports are exposed externally from the primary cluster and potentially where the load balancer is running. An example of an <EXTERNAL_PRIMARY_SERVER_HOST_NAME> variable is
api.primary.cp.ibm.com
.The openssl command creates two PEM files per host in the current directory:-rw-r--r-- 1 root root 1537 Oct 27 02:55 certprimary1.pem -rw-r--r-- 1 root root 1212 Oct 27 02:55 certprimary2.pem
- Create or edit the
-impactgui-external-cacerts
configmap for the backupimpactgui
pod to load the primary certificates. Copy the two PEM files that were created in the previous step to the backup cluster. Then, run the following command on the backup cluster to create the configmap that contains the certificates from the primary cluster.kubectl create configmap <release-name>-impactgui-external-cacerts --from-file=./certprimary1.pem --from-file=./certprimary2.pem
- Restart the
impactgui
pod on the primary cluster. - Restart the primary Netcool/Impact server and
GUI by scaling up the primary Netcool/Impact server and
GUI
pods:
oc scale sts/<release-name>-nciserver --replicas=${REPLICAS} -n primary oc scale sts/<release-name>-impactgui --replicas=${REPLICAS} -n primary
On the secondary Netcool/Impact GUI server, complete the following steps to set external hosts and import certificates from the primary Netcool/Impact GUI server.
- Edit the
<release-name>-impactgui-startup-scripts
configmap and in thePre server startup script section
, add the following lines, as in the following example:# # Pre server startup script # echo "Running pre-server startup custom scripts" echo "Geo specific configuration scripts" # # Set Variables for the Local and Remote Server names, and Name Server ports # export LOCAL_SECONDARY_SERVER_NAME=<local hostname of backup nciserver> export LOCAL_SECONDARY_NAME_SERVER_PORT=9081 export EXTERNAL_SECONDARY_SERVER_HOST_NAME=<external hostname of secondary nciserver> export EXTERNAL_PRIMARY_SERVER_HOST_NAME=<external hostname of primary nciserver> export PRIMARY_NAME_SERVER_PORT=9081 export SECONDARY_NAME_SERVER_PORT=9081 # # End Set Variables # /home/netcool/bin/geo_redundancy_impactgui.sh echo "Geo specific configuration script end."
Where:- <release-name> is the name that is specified for the release in the Netcool Operations Insight CR YAML file.
- <LOCAL_SECONDARY_SERVER_NAME> is the local hostname of the
<release-name>-nciserver-0
pod on the secondary cluster, for example,backup-nciserver-0.backup-nciservers.backup.svc.cluster.local
. This name can be found by running the hostname -f command, when logged in to the secondarynciserver
pod. - <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and
<EXTERNAL_SECONDARY_SERVER_HOST_NAME> are the hostnames where the Netcool/Impact ports are
exposed externally from the primary and secondary clusters, potentially where the load balancer is
running. Examples of <EXTERNAL_PRIMARY_SERVER_HOST_NAME> and
<EXTERNAL_SECONDARY_SERVER_HOST_NAME> are
api.primary.cp.ibm.com
andapi.backup.cp.ibm.com
.
- Save the
<release-name>-impactgui-startup-scripts
configmap. - After the
nciserver
pod on the secondary cluster starts, extract its certificates by using openssl:openssl s_client -showcerts -verify 5 -connect EXTERNAL_SECONDARY_SERVER_HOST_NAME:9081 < /dev/null | awk '/BEGIN/,/END/{ if(/BEGIN/){a++}; out="certsecondary"a".pem"; print >out}'
The <EXTERNAL_SECONDARY_SERVER_HOST_NAME> variable is the hostname where the Netcool/Impact ports are exposed externally from the secondary cluster and potentially where the load balancer is running. An example of an <EXTERNAL_SECONDARY_SERVER_HOST_NAME > variable is
api.secondary.cp.ibm.com
.The openssl command creates two PEM files per host in the current directory:-rw-r--r-- 1 root root 1537 Oct 27 02:55 certsecondary1.pem -rw-r--r-- 1 root root 1212 Oct 27 02:55 certsecondary2.pem
- Create or edit the
-impactgui-external-cacerts
configmap for the primaryimpactgui
pod to load the secondary certificates. Copy the two PEM files that were created in the previous step to the primary cluster API host. Then, run the following command on the primary cluster to create the configmap that contains the certificates from the secondary cluster.kubectl create configmap <release-name>-impactgui-external-cacerts --from-file=./certsecondary1.pem --from-file=./certsecondary2.pem
- Restart the
impactgui
pod on the secondary cluster. - Restart the secondary Netcool/Impact server and
GUI by scaling up the secondary Netcool/Impact server and
GUI pods:
oc scale sts/<release-name>-nciserver --replicas=${REPLICAS} -n secondary oc scale sts/<release-name>-impactgui --replicas=${REPLICAS} -n secondary