Cloud Pak for Watson AIOps: Migrating of NOI to Event Manager

Cloud Pak for Watson AIOps v3.2 has changed the “packaging” once more, and now AI Manager and Event Manager are installed by separate operators, into separate namespaces, and require additional steps to integrate the two solutions. This provides an incremental path for existing Netcool Operation Insights (NOI) customers to migrate to the fully Cloud Native solution:

  1. Implement the fully Cloud Native Event Manager solution
  2. Expand the processes to embrace the new functionality of Event Manager, for example Runbook Automation and Event Analytics
  3. Extend the solution with the implementation of AI Manager, including the adoption of ChatOps and analysis of unstructured data, for example logs.

As part of the first steps on the path to an OpenShift solution, customers will need to review the procedures they use for administering their existing NOI infrastructure, understand what needs to be migrated and plan that migration.

Orb Data always advise that all customisations for the NOI solution are maintained in a version control system (VCS), for example “git” or “bitbucket”. Many administration tasks can be completed from a UI, but maintaining customisations in a VCS provides many benefits, including consistency between environments, ease of promotion between those environments, and, in the case of a migration, it aids with the build of a new infrastructure.

For the three core components of NOI, the version control system should at a minimum include code for:

  • Netcool/OMNIbus ObjectServer: SQL files applied with nco_sql
  • Netcool/OMNIbus Web GUI: XML files applied with “runwaapi”
  • Netcool/Impact: Policies or projects applied with nci* commands

Assuming such a repository exists, how easy is it to apply those files to a new Cloud Native CP4WAIOps Event Manager implementation?

A management server will be required. For a dedicated OpenShift cluster this could be the bastion server, i.e. the server used to deploy and manage the OpenShift cluster itself. For a cluster shared  between multiple applications a dedicated management server would be required with the OpenShift CLI (oc) installed.

Netcool/OMNIbus ObjectServer

The Netcool/OMNIbus Administrator desktop can be used for developing Netcool/OMNIbus automations, but even for small environments, it is recommended that all automations are maintained in VCS. These repo would include SQL files to create custom databases, tables, indexes, conversions, triggers, trigger groups, procedures and files.

Application of those SQL files can be actioned using the “nco_sql” executable:

nco_sql -server {OBJECTSERVER} -user {NCOUSER} -input {SQLFILE}

“nco_sql” can be installed onto the management server as part of the Netcool/OMNIbus core feature “Administration Tools”. A connection to an ObjectServer in an OpenShift environment can be established either by exposing the ObjectServer ClusterIP service or using a TLS connection via the proxy services. Both options are detailed in the IBM documentation Connecting event sources to Netcool Operations Insight on a cloud deployment.

Netcool/OMNIbus Web GUI

Historically, Web GUI has been the primary NOI operator interface. The operator experience is customised to align with operational processes by creating or updating custom Web GUI resources, for example filters, views, prompts, tools and menus. The Web GUI Administration Application Program Interface (WAAPI) client uses XML files to create/update/delete those Web GUI resources.

Event Manager has introduced a new UI, but administration of the event list resources is still managed by Web GUI.

New Event Manager UI

The WAAPI client can be downloaded from the Web GUI UI, there is a link at the bottom of the welcome page.

WAAPI Client Download

Set-up of a WAAPI connection to an Event Manager instance of Web GUI is not as well documented as the ObjectServer connection. The key steps to set-up the WAAPI connection are:

  1. Ensure the management server can map the hostname of the Web GUI server
  2. Create a WAAPI truststore using the OCP Certificate
  3. Establish a secure connection to port 443

The following commands can help with the set-up of the WAAPI connection from the management server to the Cloud Native instance of Web GUI. They assume the WAAPI client has been unpacked on the management server to the path  represented by the placeholder {WAAPIHOME}.

Identify the Web GUI Hostname and ensure it can be resolved:

WEBGUIHOSTNAME=$(oc get routes -n cp4waiops-emgr-namespace evtmanager-webgui-ibm -o jsonpath="{.spec.host}"); echo ${WEBGUIHOSTNAME}
ping -c 3 ${WEBGUIHOSTNAME}

Create a truststore for the WAAPI client and import the OCP signer-certificate. That will usually be a CA supplied certificate. If the default certificate has not been updated, for example in a sandpit environment, the following commands will export the default OCP signer-certificate and create a truststore for WAAPI:

oc get secret -n openshift-ingress-operator router-ca -o jsonpath="{ .data['tls\.crt']}" | base64 -d > /tmp/secret.openshift-ingress-operator.router-ca.tls.crt
$JAVA_HOME/bin/keytool -importcert -trustcacerts -storetype jks -keystore {WAAPIHOME}/etc/waapi-truststore.jks -alias ocp-ingress-op-router-ca -file /tmp/secret.openshift-ingress-operator.router-ca.tls.crt

Finally, the WAAPI connection can be tested using the sample XML files:

{WAAPIHOME}/bin/runwaapi -file {WAAPIHOME}/etc/samples/list_user.xml -trustStore {WAAPIHOME}/etc/waapi-truststore.jks -trustStoreType JKS -secure on -secureport 443 -trustStorePassword {TRUSTSTOREPASSWORD} -user {WEBGUIADMINUSER} -password {WEBGUIADMINPASSWORD}

All passwords need to be encrypted using the appropriate executable, dependent on the “-secure” option.

 

Netcool/Impact

Impact resources that are usually maintained in a VCS include policies, projects, operator views and assets. The recent introduction of the RESTAPI for update of Data Sources may expand the Impact repository to include JSON files.

Unfortunately, apart from the RESTAPI, the Impact administration commands must be executed within the Impact Server container itself. This is not ideal. Generally, for security reasons, administrators should not be connecting directly to containers. I have added an “idea” to the Cloud Management and AIOps page for the addition of a remote cli for Impact. An “Idea” is equivalent to the old “request for enhancement” (RFE).

Despite that, it is possible to use standard “oc” commands to copy files to the impact server container and execute the “nci*” commands within the container.

Conclusions

Migrating from an on-premises, physical/virtual server instance of NOI to the Cloud Pak for Watson AIOps Event Manager in OpenShift can be painless. Minimal changes are required to existing procedures to replicate your solution if you maintain the resources in VCS. It is always worth using such a migration as the opportunity to review processes and code for currency, but, that must be balanced against the additional timescales for such analysis.

 

Hits: 75