Installing operators with the CLI using PPA

Follow these instructions to install operators with the command-line interface (CLI) using PPA.

To push the images to the image registry, the script install-noi-archive.sh requires one of the below:
- Podman [Recommended] (https://podman.io/getting-started/)
- Docker (https://www.docker.com/get-started)
- Skopeo (https://github.com/containers/skopeo)
To validate the image archive, the script install-noi-archive.sh requires shasum (RHEL 7/8: yum install -y perl-Digest-SHA )
To unpack images and push to image registry install-noi-archive.sh requires 150 Gi free storage.
The operator has cluster scope permissions. It requires role-based access control (RBAC) authorization at a cluster level because it deploys and modifies Custom Resource Definitions (CRDs) and cluster roles.

Complete the following steps to verify that your IBM® Passport Advantage® software download is valid and has been signed by IBM:
1. Untar or unzip the download so that you have five files:
  - *.tar
  - *-public-key
  - *-public-key-ocsp
  - *-public-key-cops-intermediate
  - *.sig file
2. Ensure that you have OpenSSL installed and then issue the following command using the signature and public key files:
```
openssl dgst -sha256 -verify <PUBLICKEYNAME> -signature <SIGNATUREFILENAME> <FILETOSIGN>
```
  Example command:
```
openssl dgst -sha256 -verify noi-public-key -signature test.tar.sig test.tar
```
3. If the file has been signed by IBM, the openssl command returns the verified OK message on the command line.
Run the following command to verify that the certificate used to sign your Passport Advantage download is valid and verify its ownership by IBM:
```
openssl x509 -inform pem -in <OSCP_PUBLICKEYNAME> -noout -subject -issuer -startdate -enddate
```
Example command:
```
openssl x509 -inform pem -in noi-public-key-ocsp -noout -subject -issuer -startdate -enddate
```
This command displays the certificate issuer, the owner, as well as the certificate validity dates.

Run the following command to verify with the Digicert Certificate Authority whether the certificate is still valid:

openssl ocsp -no_nonce -issuer <OCSP_CHAINPUBLICKEYNAME> -cert <OCSPUBLICKEYNAME> -VAfile <OCSP_CHAINPUBLICKEYNAME> -text -url http://ocsp.digicert.com-respout ocsptest

Example command:

openssl ocsp -no_nonce -issuer noi-public-key-ocsp-intermediate -cert noi-public_key_ocsp -VAfile noi-public_key_ocsp_intermediate -text -url http://ocsp.digicert.com

This command connects to the Digicert Certificate Authority and verifies whether the certificate used to create the keys is still valid and in good standing.

Extract the downloaded file into a local directory.
```
tar -xvf ibm-netcool-prod-1.6.1.tar
```

Run the installation script from within the archive directory:

./install-noi-archive.sh --help
This script installs images required by Netcool Operations Insight v1.6.1
Usage: ./install-noi-archive.sh
  [-n, --namespace]             : namespace
  [-u, --user]                  : user
  [-p, --password]              : password
  [-d, --use-docker]            : use docker command
  [-o, --use-podman]            : use podman command
  [-s, --use-skopeo]            : use skopeo command
  [-r, --registry]              : image registry
  [-a, --validate-archive]      : validate archive
  [-h, --help]

Validate the install archive by running the command:
```
./install-noi-archive.sh --validate-archive
```
Install the images to an image registry by running the command:
```
./install-noi-archive.sh --user <username> --password <password> --namespace <namespace> --use-podman
Install Netcool Operations Insight v1.6.1

registry...: image-registry.openshift-image-registry.svc
namespace..: <namespace>
user.......: <username>
command....: <command>

Enter y to continue: 
```
It will take between 30 and 60 minutes to complete the install.
Note: The defaults username is kubeadmin, the default password is the values from running /root/auth/kubeadmin-password and the default namespace is default.

Note: Podman is recommended for Red Hat OpenShift systems.

Unpack the Netcool® Operations Insight® operator archive by running the commands:

tar -xvf noi-operator-1.0.0.tgz

cd noi-operator-1.0.0

./install.sh --help
This script installs the Netcool Operations Insight operator
Usage: ./install.sh
  [-n, --namespace]             : namespace
  [-u, --user]                  : user
  [-p, --password]              : password
  [-r, --registry]              : image registry
  [-k, --kubectl]               : use kubectl
  [-h, --help]

Install the Netcool Operations Insight operator Kubernetes artifacts by using the command:

./install.sh --user <user> --password <password> --namespace <namespace>

Install Netcool Operations Insight operator v1.6.1

registry...: image-registry.openshift-image-registry.svc:5000
namespace..: <namespace>
user.......: <user>
command....: <command>

Enter y to continue:

Note: The default namespace is default, the default user is the value obtained by running oc whoami, and the default password is the value obtained from running oc whoami -t.

Configure your deployment for either a full cloud or hybrid installation.
1. For a full installation, edit the parameters in deploy/crds/noi.ibm.com_nois_cr.yaml with configuration values suitable for your deployment. For more information, see Operator properties. Then, run the following command:
```
oc apply -f deploy/crds/noi.ibm.com_nois_cr.yaml
```
2. For a hybrid installation, edit the properties in deploy/crds/noi.ibm.com_noihybrids_cr.yaml with configuration values suitable for your deployment. For more information, see Hybrid operator properties. Then, run the following command:
```
oc apply -f deploy/crds/noi.ibm.com_noihybrids_cr.yaml
```
Note: Changing an existing deployment from a trial deployment type to a production deployment type is not supported.

Note: The topology management capability is enabled by default. If you want to disable it, open your custom resource file and edit it by setting topology.enabled:false. The file is deploy/crds/noi.ibm.com_nois_cr.yaml for a Red Hat OpenShift deployment and deploy/crds/noi.ibm.com_noihybrids_cr.yaml for a hybrid deployment.

If you want to enable or disable a feature after your installation, you can edit the Netcool Operations Insight instance by running the command:

oc edit noi <noi-instance-name>

Where <noi-instance-name> is the name of the instance you want to edit. You can then select enable or disable the observer.

Note: When you disable features at post install, the resource is not automatically deleted. To find out if the feature is deleted or not you need to check the operator log.