Setting up the coordinator service

Learn how to set up the coordinator service.

Coordinator service secret

Note: You can create the coordinator service secret either before or after IBM® Netcool® Operations Insight® on OpenShift® is deployed as part of a full cloud or hybrid deployment. If you create the coordinator service secret after IBM Netcool Operations Insight on OpenShift is deployed, then you must restart the coordinator service.

This secret is useful for coordinator API basic authorization and communication with primary coordinator service. It also contains the following key and value pairs. All values are in base64 encoding format.

Key Name	Value Description
`api_password`	Password for coordinator API basic authorization. For a backup deployment, keep it the same as the primary deployment value.
`api_username`	Username for coordinator API basic authorization. For a backup deployment, keep it the same as the primary deployment value.
`trust_store_password`	Truststore password for the SSL verification. The certificate for the truststore is the certificate authority (CA) certificate that created the route. For more information about how to create a Red Hat® OpenShift route with a secured route, see Secured routes in the Red Hat OpenShift Container Platform documentation. Necessary for the backup deployment. This value is not used for a primary deployment, but it must be defined. Set this value to empty for your primary deployment. Note: This value is mandatory for backup deployments. If the truststore password is not set for your backup deployment, the following error is displayed. `Error: couldn't find key trust_store_password in Secret netcool/backup-coordinator-api-secret` If a dummy value is used for your backup deployment, the following error is displayed. `Readiness probe failed: HTTP probe failed with statuscode: 503`

Run the following command to create the coordinator service secret:

oc create secret generic <ReleaseName>-coordinator-api-secret --from-literal=api_username=<your_username> --from-literal=api_password=<your_password> --from-literal=trust_store_password=<your_truststore_password>

The trust_store_password can be any value as this password is created when the command runs.

Note: The username and password must be the same for both primary and backup deployments.

Create a dr_coordinator secret on both the primary and backup clusters. Run the following commands:

Primary secret example:

oc create secret generic ${PRIMARY_NAME}-coordinator-api-secret \
       --from-literal=api_username=api_username \
       --from-literal=api_password=api_password \
       --from-literal=primary_api_username=NOT-USED-BUT-MUST-BE-DEFINED \
       --from-literal=primary_api_password=NOT-USED-BUT-MUST-BE-DEFINED \
       --from-literal=trust_store_password=NOT-USED-BUT-MUST-BE-DEFINED \
       --namespace ${PRIMARY_NAMESPACE}

Backup secret example:

oc create secret generic ${BACKUP_NAME}-coordinator-api-secret \
       --from-literal=api_username=api_username \
       --from-literal=api_password=api_password \
       --from-literal=primary_api_username=api_username \
       --from-literal=primary_api_password=api_password \
       --from-literal=trust_store_password=NOT-USED-BUT-MUST-BE-DEFINED \
       --namespace ${BACKUP_NAMESPACE}

Note: If DASH SSO is configured between DASH instances, the client-id and client-secret values in the was-oauth-cnea-secret secret must be different on the primary cluster and backup cluster. Distinct values avoid confusion between the two hybrid kit deployments. After the hybrid integration kit is deployed on each DASH instance, add both client IDs to the $JAZZSM_HOME/profile/config/cells/JazzSMNode01Cell/oauth20/NetcoolOAuthProvider.xml file.

Update the noihybrid deployment properties on the primary cluster:

spec:
  serviceContinuity:
    continuousAnalyticsCorrelation: true
    isBackupDeployment: false

Update the noihybrid deployment properties on the backup cluster:

spec:
  serviceContinuity:
    continuousAnalyticsCorrelation: true
    isBackupDeployment: true
  helmValuesNOI:
    ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyURLs: https://<proxy_host1>,https://<proxy_host2>
    ibm-ea-dr-coordinator-service.coordinatorSettings.storageClassName: rook-cephfs

Optional: If you want to use SSL certificates for the connection, you can also provide the following properties.

  helmValuesNOI:
    ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyCertificateConfigMap: users-certificates
    ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxySSLCheck: true

Example values:

  helmValuesNOI:
    ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyCertificateConfigMap: users-certificates
    ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxySSLCheck: true
    ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyURLs: https://proxy1.xyz.com,https://proxy2.xyz.com
    ibm-ea-dr-coordinator-service.coordinatorSettings.storageClassName: rook-cephfs

Coordinator Service Settings

The table describes what configuration parameters are exposed for the coordinator service in the IBM Netcool Operations Insight on Red Hat OpenShift Custom Resource (CR) definition.

Cluster	SectionName	PropertyName	Description	Default
Primary, Backup	`serviceContinuity`	`continuousAnalyticsCorrelation`	Necessary to activate the disaster recovery (DR) service on a failover hybrid cluster. If you have a stand-alone hybrid cluster, then the DR service is not needed. If set to `true`, the DR coordinator service is activated. Before `serviceContinuity.continuousAnalyticsCorrelation` is set to `true`, the `ibm-ea-dr-coordinator-service.coordinatorSettings.storageClassName` storage definition needs to be in place.	`false`
Primary, Backup	`serviceContinuity`	`isBackupDeployment`	Necessary on the backup cluster, but not on the primary cluster. Determines the deployment state of the coordinator service. When set to `true`, it enables the coordinator service as backup deployment. When set to `false`, it enables the primary deployment of the coordinator service.	`false`
Primary, Backup	`helmValuesNOI`	`ibm-ea-dr-coordinator-service.coordinatorSettings.storageClassName`	Required: Storage class for the coordinator service.
Backup	`helmValuesNOI`	`ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyURLs`	Required: Proxy URLs by comma separation. This URL connects backup and the primary cluster . This is a valid setting for backup deployment. Note: Valid for backup deployment only.
Backup	`helmValuesNOI`	`ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxySSLCheck`	Optional: To enable and disable SSL, check for the connection with primary deployment. Note: Valid for backup deployment only.	`false`
Backup	`helmValuesNOI`	`ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyCertificateConfigMap`	Necessary when `ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxySSLCheck` is set to `true`. For more information, see Configmap for root certificates of the proxies. A configmap name with root certificates for proxies. Note: Valid for backup deployment only.	`false`
Backup	`helmValuesNOI`	`ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.numberOfProxyConnectionCheck`	Optional: Numbers of check for primary availability need to be done before backup to take charge as acting primary. Note: Valid for backup deployment only.	10
Backup	`helmValuesNOI`	`ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.intervalBetweenRetry`	Optional: Interval between each check to primary availability. The value is in milliseconds. Note: Valid for backup deployment only.	1000
Primary, Backup	`helmValuesNOI`	`ibm-ea-dr-coordinator-service.coordinatorSettings.logLevel`	Optional: Log level for coordinator service.	`DEBUG`

Disaster recovery coordinator properties

Example properties to add for DR:

 helmValuesNOI:
    ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyCertificateConfigMap: users-certificates
    ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxySSLCheck: true
    ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyURLs: 'https://proxy-abc.xyz.com,
      https://proxy-abc.xyz.com'
    ibm-ea-dr-coordinator-service.coordinatorSettings.storageClassName: rook-cephfs

Configmap for root certificates of the proxies

The configmap contains the root signing certificate for the front end of the proxies that are mentioned in ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyURLs. It is required when ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxySSLCheck is set to true.

The name of the configmap is the same as ibm-ea-dr-coordinator-service.coordinatorSettings.backupDeploymentSettings.proxyCertificateConfigMap. An example configmap is:

 
apiVersion: v1
data:
  proxyRootCert.crt: |
    -----BEGIN CERTIFICATE-----
    <Signing Root Certificate for Proxy Frontend>
    -----END CERTIFICATE-----
kind: ConfigMap
metadata:
  name: <Configmap Name>
  namespace: <name space>