Configuring IBM Blockchain monitoring in Unified Agent

When you deploy the Unified Agent, you can select to enable IBM Blockchain plug-in to collect metrics of IBM Blockchain Platform v2.1.x.

1. Preparing
   • Preparation for IBM Blockchain Platform v2.1.2 and later
   • Preparation for IBM Blockchain Platform v2.1.1 and before
2. Enable the IBM Blockchain plug-in

Preparing

Before you enable the IBM Blockchain plug-in, you must complete the following tasks.

Preparation steps for IBM Blockchain Platform v2.1.2 and later

1. Create a path to store the bulk package of nodes and identities, for example, /bcAgentWorkDir/bulkzip.
2. Create the client identities for all peer and orderer nodes.
   Note: The client identity must be named as tls_<mspid> that can be shared for all nodes with the same <mspid>.
   Do the following steps on all peer and orderer CA nodes:
   1. Click the peer or orderer CA node in the Node tab.
   2. Click the actions menu next to the admin user and click Enroll identity.
   3. Select TLS Certificate Authority from the Certificate Authority drop-down list.
   4. Enter the Enroll secret for the admin user and click Next.
   5. Enter tls_<mspid> for Identity display name and click Add identity to Wallet. <mspid> is the MSP ID of the peer or orderer nodes, and the same tls_<mspid> identify is shared by the nodes with <mspid>.
3. Export all of the nodes and identities of your console in bulk.
   1. Navigate to the Settings tab in the navigation. You can see a section that is called Bulk data management.
   2. Keep all checkboxes selected, and then click the Export button.
   3. Click Export to download the .zip file that includes the nodes and identities to your local file system.
   4. Copy the .zip package file to /bcAgentWorkDir/bulkzip.

Preparation steps for IBM Blockchain v2.1.1 and before

Without Bulk data management, it's necessary to manually package the bulk .zip package.

1. Create a path to store all peer and orderer nodes certificates and keys, for example, /bcAgentWorkDir/certs.
2. Export all peer and orderer nodes TLS CA certificate to JSON files. Do the following steps on all peer and orderer nodes:
   1. Click the peer or orderer in the Node tab.
   2. On the peer or orderer page, click Export to save the peer or orderer JSON file and name it as `_orderer.json* or *_peer.json`.
   3. Copy the JSON files to /bcAgentWorkDir/certs.
3. Create and export client identities for all peer and orderer nodes. Note: The client identify must be named as tls_<mspid> that can be shared for all nodes with the same <mspid>.
   Do the following steps on all peer and orderer CA nodes:
   1. Click the peer or orderer CA node in the Node tab.
   2. On the certificate authority page, select TLS Certificate Authority tab page, click the actions menu next to the admin user and click Enroll identity.
   3. Enter the Enroll secret for the admin user and click Next.
   4. Enter tls_<mspid> for Identity display name and click Add identity to Wallet. <mspid> is the MSP ID of the peer or orderer nodes, the same tls_<mspid> identity is shared by the nodes with <mspid>*.
   5. Open the Wallet tab and click the identity that you create.
   6. Click Export identity to download the JSON file and name it as tls_<mspid>_identity.json.
   7. Copy the JSON files to /bcAgentWorkDir/certs.
4. Manually package all JSON files to the .zip file, and then copy it to the specified path.
   1. Package all JSON files to a .zip file, for example, certs.zip
   2. Create a path to store the .zip file, for example, /bcAgentWorkDir/bulkzip.
   3. Copy the .zip file to the path /bcAgentWorkDir/bulkzip.

Enable the IBM Blockchain plug-in

1. Convert certs.zip that you get in the preparation step to ibp-tls-certs.tar.
   To convert the .zip file to .tar file, extract certs.zip and then create a .tar package ibp-tls-certs.tar for these extracted files. You can also use a script to do the conversion:
   1. Download the script file blockchain_cert_convert.sh from GitHub.
      You can directly run the following command to download:

      wget https://raw.githubusercontent.com/IBM/cp4mcm-samples/master/monitoring/2.2/blockchain_cert_convert.sh
      

   2. Run the script.
   3. Input the directory where you store the certs.zip file, for example, /bcAgentWorkDir/bulkzip. Then, you can get a new certs file ibp-tls-certs.tar in /bcAgentWorkDir/bulkzip.

2. Create ibp-secrets.

   kubectl delete secret ibp-secrets
   kubectl -n $NAMESPACE create secret generic ibp-secrets --from-file=ibp-tls-certs.tar
   

   Where NAMESPACE is the namespace where you install Unified Agent.

3. Edit the ua-blockchain CR by running the following command:

   kubectl edit UA ua-blockchain
   

   Note: The auto discovery for IBM Blockchain plug-in is disabled by default. You need to set it to always and then the CR is created. For more information, see Edit plug-in auto discovery pattern.

4. Make sure that the enabled state is true and save the CR.

Results

The IBM Blockchain plug-in is successfully enabled and configured in Unified Agent.