Online and offline/air gap installation of Guardium Insights using automated (all-in-one) installation script
Before you begin
Procedure
- Log in to your OpenShift cluster instance:
oc login -u <KUBE_USER> -p <KUBE_PASS> [--insecure-skip-tls-verify=true]
For example,
oc login api.example.ibm.com:6443 -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx
- Locate
$LOCAL_CASE_DIR/ibm-guardium-insights/inventory/automateInstall/files/values.conf
and edit the file to provide the mandatory parameters for an installation. For more information
about the parameters in values.conf, see Configuration file parameters for all-in-one installation. Note: Editing the optional parameters is not required for a standard deployment, but you can customize your installation by editing them.
- Run this command to start the installation process of Guardium
Insights and its dependencies:
cloudctl case launch \ --case ${LOCAL_CASE_DIR}/ibm-guardium-insights \ --namespace ${NAMESPACE} \ --inventory automateInstall \ --action autoInstall \ --tolerance 1 | tee -a ${LOCAL_INSTALL_DIR}/installation.log
Tip: If the script fails, consult the installation.log file. In this file, these error messages can safely be ignored:Error from server (AlreadyExists): secrets "ibm-entitlement-key" already exists
- The values.conf file includes a
SKIP_GI_INSTANCE
parameter that is set tofalse
by default. When this parameter is set tofalse
, the Guardium Insights CR (custom resource) is automatically created for the target environment that is defined by the values.conf file. The CR is then saved to the $INSTALL_DIR. This saved file is output to the screen and you are prompted to apply the file to your Openshift system. If you choose not to apply the generated file, you can create and apply a custom file by completing these steps:- To customize the CR for Guardium
Insights, edit
the sample-cr.yaml file. Note: If you are employing a custom load balancer for secure copy protocol (SCP) or data marts, you can pass these values as overrides in the CR:
... spec: .. ibm-insights-sequencer: GUARDIUM_AGENT_SCP_PORT: "30002" GUARDIUM_AGENT_SCP_TARGET_HOST: "YourOverrideURL"
where:
GUARDIUM_AGENT_SCP_PORT
is the load balancer port.GUARDIUM_AGENT_SCP_TARGET_HOST
is the load balancer URL or IP.
- To apply the custom CR, run this command:
oc apply -f ${LOCAL_INSTALL_DIR}/sample-cr.yaml
- To customize the CR for Guardium
Insights, edit
the sample-cr.yaml file.
- Check the status of the instance creation:
oc get guardiuminsights
Before completion, the output should be similar to:
NAME TYPE STATUS REASON MESSAGE DESIRED_VERSION INSTALLED_VERSION staging Running True GuardiumInsightsInstallRunning Running installation of Guardium Insights 3.2.0
After completion, the output should be similar to:
NAME TYPE STATUS REASON MESSAGE DESIRED_VERSION INSTALLED_VERSION staging Ready True Completed Completed Reconciliation 3.2.0 3.2.0
Note: If you do not receive theCompleted Reconciliation
message within approximately one hour of instance verification, you may be able to resolve the problem by following the steps in this troubleshooting topic.