Post-installation tasks

Consider the following tasks after installing Event Endpoint Management.

Verifying an installation

To verify that your Event Endpoint Management installation deployed successfully, you can check the status of your instance either by using the command line (CLI), or if you are running on OpenShift Container Platform, by using the web console (UI).

Using the OpenShift Container Platform UI

  1. Log in to the OpenShift Container Platform web console using your login credentials.
  2. Expand the Operators dropdown and select Installed Operators to open the Installed Operators page.
  3. Expand the Project dropdown and select the project the instance is installed in. Click the operator called IBM Event Endpoint Management.
  4. Select the Event Endpoint Management tab.
  5. The Status column displays the current state of the EventEndpointManagement custom resource. When the Event Manager instance is ready, the status displays Phase: Running.

Using the CLI

After all the components of an Event Manager instance are active and ready, the EventEndPointManagement custom resource will have a Running phase in the status.

To verify the status:

  1. Run the kubectl get command as follows:

    kubectl get eventendpointmanagement <instance-name> -n <namespace> -o jsonpath='{.status.phase}'
    

    An example output for a successful deployment:

    $ kubectl get eventendpointmanagement development -n eem -o jsonpath='{.status.phase}'
    Running
    

Note: It might take several minutes for all the resources to be created and the instance to become ready.

Setting up access

After the Event Manager instance is successfully created, set up user authentication, authorization, and roles for your chosen implementation.

  • LOCAL: Define a list of users and passwords locally in your Event Endpoint Management environment.
  • OIDC: Use an existing OIDC-compatible security provider that is available in your environment.
  • INTEGRATION_KEYCLOAK: Use an IBM Cloud Pak for Integration installation on the same cluster to manage users and roles.

Authentication is configured in the EventEndpointManagement custom resource.

The following code snippet is an example of a configuration that has authentication set to LOCAL.

   apiVersion: events.ibm.com/v1beta1
   kind: EventEndpointManagement
   ...
   spec:
     ...
     manager:
       authConfig:
          authType: LOCAL
     ...

Edit the spec.manager.authConfig section to include authType as LOCAL, OIDC, or INTEGRATION_KEYCLOAK as required.

For more information, see managing access and managing roles.

Backup the data encryption key

The secret <instance-name>-ibm-eem-mek contains an important key for decrypting the data that is stored by Event Endpoint Management. Ensure you back up and store the key safely outside your cluster.

To save the key to a file, complete the following steps.

  1. Run the following command to retrieve the encryption secret.

    kubectl get secret <instance-name>-ibm-eem-mek -n <namespace>
    
  2. Create a backup of the encryption secret with the command:

    kubectl get secret <instance-name>-ibm-eem-mek -n <namespace> -o yaml > encryption-secret.yaml
    

    This command retrieves the encryption secret in YAML format and redirects the output to a file named encryption-secret.yaml.

  3. Ensure that the backup file (encryption-secret.yaml) is stored in a secure location outside the cluster.

Validating a usage-based deployment

You can confirm if a usage-based deployment is operating as expected by checking the logs and the /ready endpoint of a running Event Manager instance.

When you start the Event Manager instance, verify in the Event Manager logs if it is operating in usage-based mode. If it is, the Manager performs an initial test of the provided configuration settings. The following example shows a successful check:

...
<DATETIME> INFO  com.ibm.ei.eim.ubp.UBPCollector (UBP Collector) - [configReceived:181] Usage Based Pricing enabled : License Service reporting usage to: <ENDPOINT>
...
<DATETIME> INFO  com.ibm.ei.eim.ubp.UBPCollector (UBP Collector) - [lambda$configReceived$8:188] Usage Based Pricing configuration test successful..
...

If at any time an issue occurs when reporting metrics, including the initial test, a message is written to the logs, detailing the cause of the error, and the payload that was being sent. The following example shows an error message:

...
<DATETIME> WARN  com.ibm.ei.eim.ubp.UBPCollector (UBP Collector) - [lambda$sendMetrics$18:295] Failed to send data to the license service : <ENDPOINT> : <ERROR> : <PAYLOAD>

Note: If an error occurs when submitting the number of API calls to the Licensing Service, the actual number of API calls made is not lost. They will be reported, in addition to any new API calls, in the next submission.

This message and status is also available in the Event Manager instance /ready endpoint on port 8081, under the UBP.Reporting.Status ID. This endpoint can be queried at any time. The following example shows a query:

kubectl exec $(kubectl get pod -l app.kubernetes.io/instance=<INSTANCE_NAME> -n <NAMESPACE> -o name) -n <NAMESPACE> curl http://localhost:8081/ready

The result returns the current status of the gateway. The following example shows the result from a healthy system with usage-based licensing configured:

{
  "code" : 200,
  "body" : {
    "components" : [ {
      "id" : "GatewayServices",
      "description" : "ok",
      "code" : 200,
      "conditions" : [ ]
    }, {
      "id" : "FileStorageProvider",
      "description" : "ok",
      "code" : 200,
      "conditions" : [ ]
    }, {
      "id" : "UBP.Reporting.Status",
      "description" : "ok",
      "code" : 200,
      "conditions" : [ ]
    }, {
      "id" : "EEMUI",
      "description" : "ok",
      "code" : 200,
      "conditions" : [ ]
    }, {
      "id" : "OperatorServices",
      "description" : "ok",
      "code" : 200,
      "conditions" : [ ]
    } ],
    "readyComponentCount" : 5,
    "notReadyComponentCount" : 0,
    "code" : 200,
    "status" : "ok"
  }
}

The following example shows the result of a system that has usage-based licensing configured, but is running with errors:

{
  "code" : 503,
  "body" : {
    "components" : [ {
      "id" : "GatewayServices",
      "description" : "ok",
      "code" : 200,
      "conditions" : [ ]
    }, {
      "id" : "FileStorageProvider",
      "description" : "ok",
      "code" : 200,
      "conditions" : [ ]
    }, {
      "id" : "UBP.Reporting.Status",
      "description" : "Failed to send data to the license service : https://ibm-licensing-service-instance.ibm-common-services.svc.cluster.local:8089/v2/metric_upload?token=cEDdqE9sodSl8n87Vz82Im39 : No route to host: ibm-licensing-service-instance.ibm-common-services.svc.cluster.local/172.30.42.210:8089 : {\"cloudpakId\":\"279abae6bfe647eca1f0efcbf136099c\",\"cloudpakName\":\"IBM Cloud Pak for Integration - API Calls\",\"productId\":\"3af7dda8ce3e4369b1c461c2982719c8\",\"productName\":\"IBM Event Endpoint Management Non Production\",\"productMetric\":\"MONTHLY_API_CALL\",\"productCloudpakRatio\":\"2:1\",\"cloudpakMetric\":\"RESOURCE_VALUE_UNIT\",\"aggregationPolicy\":\"ADD\",\"metricValue\":0}",
      "code" : 500,
      "conditions" : [ ]
    }, {
      "id" : "EEMUI",
      "description" : "ok",
      "code" : 200,
      "conditions" : [ ]
    }, {
      "id" : "OperatorServices",
      "description" : "ok",
      "code" : 200,
      "conditions" : [ ]
    } ],
    "readyComponentCount" : 4,
    "notReadyComponentCount" : 1,
    "code" : 503,
    "status" : "Not ready"
  }
}