Connecting on-premise probes and gateways to IBM Cloud Pak for AIOps

This section describes how to configure on-premise integrations.

Connecting on-premise probes

The probe will make a connection to the TLS proxy of IBM Cloud Pak® for AIOps.

Get details of the proxy port connection and its secret on AIOPs.

oc get service | grep proxy
   evtmanager-proxy             NodePort       172.30.44.167    <none>    6001:30455/TCP,6002:31823/TCP    

oc get secret | grep proxy
evtmanager-proxy-tls-secret     kubernetes.io/tls                     2      15

In the example, the NodePort for the primary ObjectServer is 30455 and the NodePort for the backup ObjectServer is 31823.

Import the proxy tls secret to omni.kdb at the on-premise server.

kubectl get secrets evtmanager-proxy-tls-secret -o yaml -n cp4waiops | egrep "tls.crt:" | awk '{print $2}' | base64 --decode  > emproxy.cem
$NCHOME/bin/nc_gskcmd -keydb -create -db "$NCHOME/etc/security/keys/omni.kdb" -pw password -stash -expire 366
$NCHOME/bin/nc_gskcmd -cert -add -file emproxy.cem -db $NCHOME/etc/security/keys/omni.kdb -stashed
$NCHOME/bin/nc_gskcmd -cert -list -db $NCHOME/etc/security/keys/omni.kdb -pw password

Edit $NCHOME/etc/omni.dat and add the proxy services.

For example proxyport from Step 2.
```
[AGG_P]
{
    Primary:       evtmanager-proxy.cp4waiops.svc ssl proxyport
}
```
Edit /etc/hosts and add the proxy service details.

IP address : Cluster master node IP address.
```
9.30.138.122 evtmanager-proxy.cp4waiops.svc
```
Configure the probe to connect to the servers set up in the previous step.

Connecting on-premise gateways

The gateway will make a connection to the TLS proxy of IBM Cloud Pak for AIOps.

Get details of the proxy port connection and its secret on AIOPs.

oc get service | grep proxy
   evtmanager-proxy             NodePort       172.30.44.167    <none>   6001:30455/TCP,6002:31823/TCP    
   
oc get secret | grep proxy
evtmanager-proxy-tls-secret                                       kubernetes.io/tls                     2      15

Import the proxy tls secret to omni.kdb at on premise server.

kubectl get secrets evtmanager-proxy-tls-secret -o yaml -n cp4waiops | egrep "tls.crt:" | awk '{print $2}' | base64 --decode  > emproxy.cem
$NCHOME/bin/nc_gskcmd -keydb -create -db "$NCHOME/etc/security/keys/omni.kdb" -pw password -stash -expire 366
$NCHOME/bin/nc_gskcmd -cert -add -file emproxy.cem -db $NCHOME/etc/security/keys/omni.kdb -stashed
$NCHOME/bin/nc_gskcmd -cert -list -db $NCHOME/etc/security/keys/omni.kdb -pw password

Edit $NCHOME/etc/omni.dat and add the proxy services.

For example proxyport from Step 2.
```
[AGG_P]
{
    Primary:       evtmanager-proxy.cp4waiops.svc ssl proxyport
}
```

Edit /etc/hosts and add the proxy service details. Three entries are required for the gateway connection to work, IP address of the AIOPS Cluster, svc name and nodeport service name.

oc get services | grep evtmanager

Nodeport:
evtmanager-objserv-agg-primary-nodeport                          NodePort       172.30.164.99    <none>                                                         
4100:31933/TCP,30102:30102/TCP                          30h

/etc/hosts:

9.30.138.122 evtmanager-proxy.cp4waiops.svc evtmanager-objserv-agg-primary-nodeport

Note: The evtmanager-objserv-agg-primary-nodeport hostname is required for IDUC connection by the gateway.

Configure the gateway to connect to the servers set up in the previous step.