Post installation configuration

Prerequisites

IBM Cloud Pak CLI (cloudctl) and OpenShift client CLI (oc)
jq
git
docker version 1.13 or greater
make

Installation verification

Complete the steps in Install IEAM

Ensure that all pods in the IEAM namespace are either Running or Completed:

oc get pods

This is an example of what should be seen with local databases installed. Some initialization restarts are expected, multiple restarts usually indicate an issue.:

$ oc get pods
NAME                                           READY   STATUS      RESTARTS   AGE
create-agbotdb-cluster-j4fnb                   0/1     Completed   0          88m
create-exchangedb-cluster-hzlxm                0/1     Completed   0          88m
ibm-common-service-operator-68b46458dc-nv2mn   1/1     Running     0          103m
ibm-eamhub-operator-7bf99c5fc8-7xdts           1/1     Running     0          103m
ibm-edge-agbot-5546dfd7f4-4prgr                1/1     Running     0          81m
ibm-edge-agbot-5546dfd7f4-sck6h                1/1     Running     0          81m
ibm-edge-agbotdb-keeper-0                      1/1     Running     0          88m
ibm-edge-agbotdb-keeper-1                      1/1     Running     0          87m
ibm-edge-agbotdb-keeper-2                      1/1     Running     0          86m
ibm-edge-agbotdb-proxy-7447f6658f-7wvdh        1/1     Running     0          88m
ibm-edge-agbotdb-proxy-7447f6658f-8r56d        1/1     Running     0          88m
ibm-edge-agbotdb-proxy-7447f6658f-g4hls        1/1     Running     0          88m
ibm-edge-agbotdb-sentinel-5766f666f4-5qm9x     1/1     Running     0          88m
ibm-edge-agbotdb-sentinel-5766f666f4-5whgr     1/1     Running     0          88m
ibm-edge-agbotdb-sentinel-5766f666f4-9xjpr     1/1     Running     0          88m
ibm-edge-css-5c59c9d6b6-kqfnn                  1/1     Running     0          81m
ibm-edge-css-5c59c9d6b6-sp84w                  1/1     Running     0          81m
ibm-edge-css-5c59c9d6b6-wf84s                  1/1     Running     0          81m
ibm-edge-cssdb-server-0                        1/1     Running     0          88m
ibm-edge-exchange-b6647db8d-k97r8              1/1     Running     0          81m
ibm-edge-exchange-b6647db8d-kkcvs              1/1     Running     0          81m
ibm-edge-exchange-b6647db8d-q5ttc              1/1     Running     0          81m
ibm-edge-exchangedb-keeper-0                   1/1     Running     1          88m
ibm-edge-exchangedb-keeper-1                   1/1     Running     0          85m
ibm-edge-exchangedb-keeper-2                   1/1     Running     0          84m
ibm-edge-exchangedb-proxy-6bbd5b485-cx2v8      1/1     Running     0          88m
ibm-edge-exchangedb-proxy-6bbd5b485-hs27d      1/1     Running     0          88m
ibm-edge-exchangedb-proxy-6bbd5b485-htldr      1/1     Running     0          88m
ibm-edge-exchangedb-sentinel-6d685bf96-hz59z   1/1     Running     1          88m
ibm-edge-exchangedb-sentinel-6d685bf96-m4bdh   1/1     Running     0          88m
ibm-edge-exchangedb-sentinel-6d685bf96-mxv2b   1/1     Running     1          88m
ibm-edge-sdo-0                                 1/1     Running     0          81m
ibm-edge-ui-545d694f6c-4rnrf                   1/1     Running     0          81m
ibm-edge-ui-545d694f6c-97ptz                   1/1     Running     0          81m
ibm-edge-ui-545d694f6c-f7bf6                   1/1     Running     0          81m

Notes:

For more information about any pods in the Pending state due to resource or scheduling issues, see the cluster sizing page. This includes information about how to reduce scheduling costs of components.
For more information about any other errors, see troubleshooting.

Ensure that all pods in the ibm-common-services namespace are either Running or Completed:
```
oc get pods -n ibm-common-services
```
Download the agent package from IBM Passport Advantage to your installation environment and unpack the installation media:
```
 tar -zxvf ibm-eam-4.2.1-bundle.tar.gz && \
 cd ibm-eam-4.2.1-bundle/tools
```

Validate the installation state:

 ./service_healthcheck.sh

See the following example output:

 $ ./service_healthcheck.sh
 ==Running service verification tests for IBM Edge Application Manager==
 SUCCESS: IBM Edge Application Manager Exchange API is operational
 SUCCESS: IBM Edge Application Manager Cloud Sync Service is operational
 SUCCESS: IBM Edge Application Manager Agbot database heartbeat is current
 SUCCESS: IBM Edge Application Manager SDO API is operational
 SUCCESS: IBM Edge Application Manager UI is properly requiring valid authentication
 ==All expected services are up and running==

If there are service_healthcheck.sh command failures, if you experience issues running the commands below, or if there are issues during runtime, see troubleshooting.

Post installation configuration

The following process must run on a host that supports installation of the hzn CLI, which currently can be installed on a Debian/apt based Linux, amd64 Red Hat/rpm Linux, or macOS host. These steps use the same media downloaded from PPA in the Installation verification section.

Install the hzn CLI using the instructions for your supported platform:

Navigate to the agent directory and unpack the agent files:

cd ibm-eam-4.2.1-bundle/agent && \
tar -zxvf edge-packages-4.2.1.tar.gz

Debian Linux example:

sudo apt-get install ./edge-packages-4.2.1/linux/deb/amd64/horizon-cli*.deb

Red Hat Linux example:

sudo dnf install -yq ./edge-packages-4.2.1/linux/rpm/x86_64/horizon-cli-*.x86_64.rpm

macOS example:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain edge-packages-4.2.1/macos/pkg/x86_64/horizon-cli.crt && \
sudo installer -pkg edge-packages-4.2.1/macos/pkg/x86_64/horizon-cli-*.pkg -target /

Define the following environment variable:

export HZN_FSS_CSSURL=https://$(oc get cm management-ingress-ibmcloud-cluster-info -o jsonpath='{.data.cluster_ca_domain}')/edge-css

Run the post installation script. This script performs all the necessary initialization to create your first organization. (Organizations are how IEAM separates resources and users to enable multi-tenancy. Initially, this first organization is sufficient. You can configure more organizations later. For more information, see Multi-tenancy).

Note: ibm and root are internal use orgs and cannot be chosen as your initial org.
```
./post_install.sh <choose-your-org-name>
```

Run the following to print the IEAM management console link for your installation:

echo https://$(oc get cm management-ingress-ibmcloud-cluster-info -o jsonpath='{.data.cluster_ca_domain}')/edge

Authentication

User authentication is required when accessing the IEAM management console. An initial admin account was created by this installation and can printed out by the following command:

echo "$(oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_username}' | base64 --decode) // $(oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 --decode)"

You can use this admin account for initial authentication, and can additionally configure LDAP by accessing the management console link printed out by the following command:

echo https://$(oc get cm management-ingress-ibmcloud-cluster-info -o jsonpath='{.data.cluster_ca_domain}')

After you establish an LDAP connection, create a team, grant that team access to the namespace the IBM Edge Application Manager operator was deployed to, and add users to that team. This grants individual users the permission to create API keys.

API-keys are used for authentication with the IBM Edge Application Manager CLI and permissions that are associated with API keys are identical to the user they are generated with.

If you have not created an LDAP connection you can still create API keys using the initial admin credentials, however be aware the API key will have Cluster Administrator privileges.

What's Next

Follow the process on the Gather edge node files page to prepare installation media for your edge nodes.