Bootstrapping OMT

Bootstrapping OMT is a method of installing a few basic pods onto the Kubernetes cluster created previously (when you configured EKS and worker nodes).

During this process, the OMT bootstrap script does the following:

After the OMT bootstrap process completes, you will need to import the intermediate certificate to the OMT, configure some required networking settings, then continue installation using the OMT web installation interface.

Note: If you used a non-root user to install Kubernetes, you must use the same non-root user to install OMT as well. In addition, the non-root user installation process will prompt for additional steps.

Preparing the OMT Deployer

The EKS and worker nodes you have configured are completely isolated from access from the internet, each of the nodes can access it if needed. As a result, the process of bootstrapping OMT must be performed from the bastion.

You have already copied the package arcsight-platform-cloud-installer-<version>.zip to the bastion and unpacked it during configuration of EFS. As a part of this package, the cdf-deployer.zip is included.

To prepare the OMT deployer:

Unpack the cdf-deployer.zip archive by running the following command:

unzip ./arcsight-platform-cloud-installer-<version>/cdf-deployer.zip

This will create the directory arcsight-platform-cloud-installer-<version>/cdf-deployer.

Retrieving the ECR Credentials

OMT needs the credentials to access the ECR in order to be able to download images.

To retrieve the ECR credentials:

  1. On the bastion, run the command:
    2.  ./arcsight-platform-cloud-installer-<version>/aws-scripts/scripts/upload_images_to_ECR --get-ecr-credentials
  2. The file ecr_credentials is created in the directory where the script was run, containing username, password, and ECR URL.
  3. Run the following command:
    4. source ecr_credentials
 The password retrieved here is valid for only 12 hours after creation.

To bootstrap OMT:

Change the working folder to cdf-deployer and run the following command:

./install \
--k8s-provider aws \
--external-access-host <RecordSet name> \

--nfs-server <Filesystem FQDN> \
--nfs-folder <OMT ITOM volume> \
--registry-url $ECR_URL \
--registry-username $ECR_USER_NAME \
--registry-password $ECR_USER_PASSWORD \
--registry-orgname <orgname>

-p <suite admin password>

Where:

Variables $ECR_URL, $ECR_USER_NAME, and $ECR_USER_PASSWORD come from the ecr_credentials file which you sourced previously.

<suite admin password>: Choose a password between 8 to 20 characters in length. A password must include numbers, lowercase chars, uppercase chars and special characters. Exclude whitespace characters, such as space, newline, and so on.

<orgname> : Use the same value as for upload images; check the AWS worksheet for this value.

<Filesystem FQDN>: Use the value from the AWS worksheet.

<OMT ITOM volume>: The directory on NFS/EFS into which OMT starts the installation. The path is a combination of the parent directory as specified in your AWS worksheet as Parent Folder Name, plus the predefined subfolder name. For example, /srgdemo/itom-vol.

<RecordSet name> : The A-record (FQDN) used for connecting to the OMT installation and management portal. Use the value from the AWS worksheet.

Note: Ensure that you remove the trailing period from the FQDN.
./install --registry-url $ECR_URL \
--registry-username $ECR_USER_NAME \
--registry-password $ECR_USER_PASSWORD \
-P "Password@123" \
--registry-orgname srgdemo \
--nfs-server fs-ebe456b3.efs.eu-central-1.amazonaws.com \
--nfs-folder /srgdemo/itom-vol \
--k8s-provider aws \
--external-access-host srgdemo.arcsight-dev.com

After the OMT bootstrap completes, you are prompted to log in at the following URL:
https://<external access host>:3000

However, you will not be able to log in successfully yet, as there are some network infrastructure resources still to prepare, as explained in the succeeding steps.

Next Step: Securing External Communication with the RE Certificate