Configuring authentication
Passwords are stored in secrets. Manually create the passwords and secrets that are needed by IBM Netcool Operations Insight® before installation. Otherwise, the installer generates the necessary passwords and secrets for you.
Overview of secrets
The following secrets are needed for the IBM Netcool Operations Insight installation.Table 1: Secrets required for a IBM Netcool Operations Insight cloud deployment
Users requiring password | Corresponding secret | Data keys in secret |
---|---|---|
smadmin | release_name-was-secret | WAS_PASSWORD |
impactadmin | release_name-impact-secret | IMPACT_ADMIN_PASSWORD |
icpadmin | release_name-icpadmin-secret | ICP_ADMIN_PASSWORD |
OMNIbus root | release_name-omni-secret | OMNIBUS_ROOT_PASSWORD |
LDAP admin | release_name-ldap-secret | LDAP_BIND_PASSWORD |
couchdb | release_name-couchdb-secret | password username=root secret=couchdb |
internal user | release_name-ibm-hdm-common-ui-session-secret | session |
internal user | release_name-systemauth-secret | password username=system |
hdm | release_name-cassandra-auth-secret | username password |
redis | release_name-ibm-redis-authsecret | username password |
kafka | release_name-kafka-admin-secret | username password |
admin | release_name-kafka-client-secret | username password |
Create these passwords and secrets manually, or leave the installer to create the passwords and secrets automatically and then retrieve the passwords post-install.
Automatic creation of passwords and secrets
The Netcool® Operations Insight installer uses existing passwords and secrets. If any of the necessary passwords and secrets do not exist, then the installer automatically creates random passwords for the necessary passwords and then creates the necessary secrets from these passwords. For automatic creation of passwords and secrets, use the following procedure.- Proceed with the installation, by using Installing. If you
set the LDAP mode to
proxy
, then you must manually configure the passwords and secrets forLDAP admin
andimpactadmin
before you install. For information about how to create the release_name-impact-secret and release_name-ldap-secret secrets, see the Manual creation of passwords and secrets section. TheLDAP admin
role is used to verify users in the external LDAP. For more information, see Creating users on an external LDAP server. - After installation successfully completes, you can extract the passwords from the secrets. See Retrieving passwords from secrets.
Manual creation of passwords and secrets
To create all the necessary passwords and secrets manually, use the following procedure. All passwords must be fewer than 32 characters long and contain only alphanumeric characters.- Create passwords for the users in Table 1 if these passwords do not already exist.
- Use the following commands to create the necessary secrets.
Whereoc create secret generic release_name-icpadmin-secret --from-literal=ICP_ADMIN_PASSWORD=icpadmin_password --namespace namespace oc create secret generic release_name-impact-secret --from-literal=IMPACT_ADMIN_PASSWORD=impact_password --namespace namespace oc create secret generic release_name-ldap-secret --from-literal=LDAP_BIND_PASSWORD=ldap_password --namespace namespace oc create secret generic release_name-omni-secret --from-literal=OMNIBUS_ROOT_PASSWORD=ObjServ_password --namespace namespace oc create secret generic release_name-was-secret --from-literal=WAS_PASSWORD=OMNI_password --namespace namespace oc create secret generic release_name-couchdb-secret --from-literal=password=couchdb_password --from-literal=secret=couchdb --from-literal=username=root --namespace namespace oc create secret generic release_name-systemauth-secret --from-literal=password=interpod_password --from-literal=username=system --namespace namespace oc create secret generic release_name-ibm-hdm-common-ui-session-secret --from-literal=session=interpod_password --namespace namespace oc create secret generic release_name-cassandra-auth-secret --from-literal=username=hdm_username --from-literal=password=interpod_password --namespace namespace oc create secret generic release_name-ibm-redis-authsecret --from-literal=username=redis_username --from-literal=password=interpod_password --namespace namespace oc create secret generic release_name-kafka-admin-secret --from-literal=username=ka_admin_username --from-literal=password=interpod_password --namespace namespace oc create secret generic release_name-kafka-client-secret --from-literal=username=ka_client_username --from-literal=password=interpod_password --namespace namespace
- icpadmin_password is the password for icpadmin. For more information, see Default users.
- impact_password is the password for impactadmin.
- ldap_password is the password of your organization's LDAP server.
- ObjServ_password is the root password to set for the Netcool/OMNIbus ObjectServer.
- OMNI_password is the password for OMNIbus admin user.
- couchdb_password is the password for the internal couch.
- interpod_password is the password for communication between pods.
- hdm_username default is
hdm
. Do not usecassandra
. - redis_username default is
redis
. - ka_admin_username default is
kafka
. - ka_client_username default is
admin.
- release_name is the name that you use for your Netcool Operations Insight on OpenShift deployment in name (OLM UI Form view), or name in the metadata section of the noi.ibm.com_nois_cr.yaml file (YAML view).
- namespace is the name of the namespace into which you want to install Netcool Operations Insight.
- Proceed with the installation, by using Installing.
If you want to change a password after installation, see Changing passwords and re-creating secrets.