Online and offline/air gap installation of Guardium Insights using automated (all-in-one) installation script

Before you begin

Before proceeding with the installation, make sure your environment meets the System requirements and prerequisites and Hardware cluster requirements - and ensure that you have prepared for installation (ensure that you are logged in to the OpenShift® command line interface).

Procedure

  1. Log in to your OpenShift cluster instance: 
    oc login -u <KUBE_USER> -p <KUBE_PASS> [--insecure-skip-tls-verify=true]

    For example,

    oc login api.example.ibm.com:6443 -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx
  2. Locate $LOCAL_CASE_DIR/ibm-guardium-insights/inventory/automateInstall/files/values.conf and edit the file to provide the mandatory parameters for an installation. For more information about the parameters in values.conf, see Configuration file parameters for all-in-one installation.
    Note: Editing the optional parameters is not required for a standard deployment, but you can customize your installation by editing them.
  3. Run this command to start the installation process of Guardium Insights and its dependencies: 
    cloudctl case launch \
  --case ${LOCAL_CASE_DIR}/ibm-guardium-insights \
  --namespace ${NAMESPACE} \
  --inventory automateInstall \
  --action autoInstall \
  --tolerance 1 | tee -a ${LOCAL_INSTALL_DIR}/installation.log
    Tip: If the script fails, consult the installation.log file. In this file, these error messages can safely be ignored:
    Error from server (AlreadyExists): secrets "ibm-entitlement-key" already exists
  4. The values.conf file includes a SKIP_GI_INSTANCE parameter that is set to false by default. When this parameter is set to false, the Guardium Insights CR (custom resource) is automatically created for the target environment that is defined by the values.conf file. The CR is then saved to the $INSTALL_DIR. This saved file is output to the screen and you are prompted to apply the file to your Openshift system. If you choose not to apply the generated file, you can create and apply a custom file by completing these steps:
    1. To customize the CR for Guardium Insights, edit the sample-cr.yaml file.
      Note: If you are employing a custom load balancer for secure copy protocol (SCP) or data marts, you can pass these values as overrides in the CR:
      ... 
spec:
..
  ibm-insights-sequencer:
    GUARDIUM_AGENT_SCP_PORT: "30002"
    GUARDIUM_AGENT_SCP_TARGET_HOST: "YourOverrideURL"

      where:

      • GUARDIUM_AGENT_SCP_PORT is the load balancer port.
      • GUARDIUM_AGENT_SCP_TARGET_HOST is the load balancer URL or IP.
    2. To apply the custom CR, run this command: 
      oc apply -f ${LOCAL_INSTALL_DIR}/sample-cr.yaml
  5. Check the status of the instance creation: 
    oc get guardiuminsights

    Before completion, the output should be similar to:

    NAME      TYPE      STATUS   REASON                           MESSAGE                                     DESIRED_VERSION   INSTALLED_VERSION
staging   Running   True     GuardiumInsightsInstallRunning   Running installation of Guardium Insights   3.2.0

    After completion, the output should be similar to:

    NAME      TYPE    STATUS   REASON      MESSAGE                    DESIRED_VERSION   INSTALLED_VERSION
staging   Ready   True     Completed   Completed Reconciliation   3.2.0             3.2.0
    Note: If you do not receive the Completed Reconciliation message within approximately one hour of instance verification, you may be able to resolve the problem by following the steps in this troubleshooting topic.