Post installation configuration
Prerequisites
- IBM Cloud Pak CLI (cloudctl) and OpenShift client CLI (oc) Note: IEAM must be installed before you can download cloudctl.
- jq
- git
- docker version 1.13 or greater
- make
Installation verification
- Complete the steps in Install IEAM
-
Ensure that all pods in the IEAM namespace are either Running or Completed:
oc get podsThis is an example of what should be seen with local databases and the local secrets manager installed. Some initialization restarts are expected, but multiple restarts usually indicates an issue.:
$ oc get pods NAME READY STATUS RESTARTS AGE create-agbotdb-cluster-j4fnb 0/1 Completed 0 88m create-exchangedb-cluster-hzlxm 0/1 Completed 0 88m ibm-common-service-operator-68b46458dc-nv2mn 1/1 Running 0 103m ibm-eamhub-controller-manager-7bf99c5fc8-7xdts 1/1 Running 0 103m ibm-edge-agbot-5546dfd7f4-4prgr 1/1 Running 0 81m ibm-edge-agbot-5546dfd7f4-sck6h 1/1 Running 0 81m ibm-edge-agbotdb-keeper-0 1/1 Running 0 88m ibm-edge-agbotdb-keeper-1 1/1 Running 0 87m ibm-edge-agbotdb-keeper-2 1/1 Running 0 86m ibm-edge-agbotdb-proxy-7447f6658f-7wvdh 1/1 Running 0 88m ibm-edge-agbotdb-proxy-7447f6658f-8r56d 1/1 Running 0 88m ibm-edge-agbotdb-proxy-7447f6658f-g4hls 1/1 Running 0 88m ibm-edge-agbotdb-sentinel-5766f666f4-5qm9x 1/1 Running 0 88m ibm-edge-agbotdb-sentinel-5766f666f4-5whgr 1/1 Running 0 88m ibm-edge-agbotdb-sentinel-5766f666f4-9xjpr 1/1 Running 0 88m ibm-edge-css-5c59c9d6b6-kqfnn 1/1 Running 0 81m ibm-edge-css-5c59c9d6b6-sp84w 1/1 Running 0 81m ibm-edge-css-5c59c9d6b6-wf84s 1/1 Running 0 81m ibm-edge-cssdb-server-0 1/1 Running 0 88m ibm-edge-exchange-b6647db8d-k97r8 1/1 Running 0 81m ibm-edge-exchange-b6647db8d-kkcvs 1/1 Running 0 81m ibm-edge-exchange-b6647db8d-q5ttc 1/1 Running 0 81m ibm-edge-exchangedb-keeper-0 1/1 Running 1 88m ibm-edge-exchangedb-keeper-1 1/1 Running 0 85m ibm-edge-exchangedb-keeper-2 1/1 Running 0 84m ibm-edge-exchangedb-proxy-6bbd5b485-cx2v8 1/1 Running 0 88m ibm-edge-exchangedb-proxy-6bbd5b485-hs27d 1/1 Running 0 88m ibm-edge-exchangedb-proxy-6bbd5b485-htldr 1/1 Running 0 88m ibm-edge-exchangedb-sentinel-6d685bf96-hz59z 1/1 Running 1 88m ibm-edge-exchangedb-sentinel-6d685bf96-m4bdh 1/1 Running 0 88m ibm-edge-exchangedb-sentinel-6d685bf96-mxv2b 1/1 Running 1 88m ibm-edge-sdo-0 1/1 Running 0 81m ibm-edge-ui-545d694f6c-4rnrf 1/1 Running 0 81m ibm-edge-ui-545d694f6c-97ptz 1/1 Running 0 81m ibm-edge-ui-545d694f6c-f7bf6 1/1 Running 0 81m ibm-edge-vault-0 1/1 Running 0 81m ibm-edge-vault-bootstrap-k8km9 0/1 Completed 0 80mNotes:
- For more information about any pods in the Pending state due to resource or scheduling issues, see the cluster sizing page. This includes information about how to reduce scheduling costs of components.
- For more information about any other errors, see troubleshooting.
-
Ensure that all pods in the ibm-common-services namespace are either Running or Completed:
oc get pods -n ibm-common-services -
Log in, pull and extract the agent bundle with your entitlement key through the Entitled Registry:
docker login cp.icr.io --username cp && \ docker rm -f ibm-eam-4.3.3-bundle; \ docker pull cp.icr.io/cp/ieam/ibm-eam-bundle:2.29.0-638 && \ docker create --name ibm-eam-4.3.3-bundle cp.icr.io/cp/ieam/ibm-eam-bundle:2.29.0-638 bash && \ docker cp ibm-eam-4.3.3-bundle:/ibm-eam-4.3.3-bundle.tar.gz ibm-eam-4.3.3-bundle.tar.gz && \ tar -zxvf ibm-eam-4.3.3-bundle.tar.gz && \ cd ibm-eam-4.3.3-bundle/tools -
Validate the installation state:
./service_healthcheck.shSee the following example output:
$ ./service_healthcheck.sh ==Running service verification tests for IBM Edge Application Manager== SUCCESS: IBM Edge Application Manager Exchange API is operational SUCCESS: IBM Edge Application Manager Cloud Sync Service is operational SUCCESS: IBM Edge Application Manager Agbot database heartbeat is current SUCCESS: IBM Edge Application Manager SDO API is operational SUCCESS: IBM Edge Application Manager UI is properly requiring valid authentication ==All expected services are up and running==- If there are service_healthcheck.sh command failures, if you experience issues running the commands below, or if there are issues during runtime, see troubleshooting.
-
Download cloudctl.
Post installation configuration
The following process must run on a host that supports installation of the hzn CLI, which currently can be installed on a Debian / apt based Linux, amd64 Red Hat / rpm Linux, or macOS host. These steps use the same media downloaded from PPA in the Installation verification section.
-
Install the hzn CLI using the instructions for your supported platform:
-
Navigate to the agent directory and unpack the agent files:
cd ibm-eam-4.3.3-bundle/agent && \ tar -zxvf edge-packages-4.3.3.tar.gz-
Debian Linux example:
sudo apt-get install ./edge-packages-4.3.3/linux/deb/amd64/horizon-cli*.deb -
Red Hat Linux example:
sudo dnf install -yq ./edge-packages-4.3.3/linux/rpm/x86_64/horizon-cli-*.x86_64.rpm -
macOS example:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain edge-packages-4.3.3/macos/pkg/x86_64/horizon-cli.crt && \ sudo installer -pkg edge-packages-4.3.3/macos/pkg/x86_64/horizon-cli-*.pkg -target /
-
-
-
Run the post installation script. This script performs all the necessary initialization to create your first organization. (Organizations are how IEAM separates resources and users to enable multi-tenancy. Initially, this first organization is sufficient. You can configure more organizations later. For more information, see Multi-tenancy).
Note: IBM and root are internal use orgs and cannot be chosen as your initial org. An organization name cannot contain underscores (_), comas (,), blank spaces ( ), single quotes ('), or question marks (?).
./post_install.sh <choose-your-org-name> -
Run the following to print the IEAM management console link for your installation:
echo https://$(oc get cm management-ingress-ibmcloud-cluster-info -o jsonpath='{.data.cluster_ca_domain}')/edge -
Take a backup of your current installation. For more information, see Backup and recovery.
Authentication
User authentication is required when accessing the IEAM management console. An initial admin account was created by this installation and can printed out by the following command:
echo "$(oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_username}' | base64 --decode) // $(oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 --decode)"
You can use this admin account for initial authentication, and can additionally configure LDAP by accessing the management console link printed out by the following command:
echo https://$(oc get cm management-ingress-ibmcloud-cluster-info -o jsonpath='{.data.cluster_ca_domain}')
After you establish an LDAP connection, create a team, grant that team access to the namespace the IBM Edge Application Manager operator was deployed to, and add users to that team. This grants individual users the permission to create API keys.
API-keys are used for authentication with the IBM Edge Application Manager CLI and permissions that are associated with API keys are identical to the user they are generated with.
If you have not created an LDAP connection you can still create API keys using the initial admin credentials, however be aware the API key will have Cluster Administrator privileges.
What's Next
Follow the process on the Gather edge node files page to prepare installation media for your edge nodes.