MAXIMO Blog

Friday, February 9, 2024

Maximo Application Suite core pods

ibm-mas-operator

The operator that manages Maximo Application Suite core. Watches the Maximo Application Suite CR specifications. This operator deploys the following pods:

ltpakeysgenerator
coreapi
internalapi
admindashboard
homepage
navigator
usersynccoordinator
groupsynccoordinator
workspacecoordinator
catalogmgr
catalogapi
mobileapi
monagentmas

ibm-truststore-mgr-controller-manager

The operator subsystem that is responsible for handling the truststore request and adding the provided truststore in the format that is consumed by the servers.

More more information find the reference Link below:

https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=reference-maximo-application-suite-pod-details

Maximo Application Suite core services

Kubernetes control plane

Controller managers

ibm-mas-operator

ibm-mas-operator watches Suite.core.mas.ibm.com, acts as the primary controller manager for an installation of the Maximo Application Suite core services, installing all required entity managers and provisioning the primary resources detailed on this page.

ibm-truststore-mgr-controller-manager: ibm-truststore-mgr-controller-manager watches Truststore.ibm-truststore-mgr.ibm.com and manages all of the truststores in use in the core services namespace.

Entity managers

entitymgr-addons: entitymgr-addons add ons configuration.

entitymgr-bascfg: entitymgr-bascfg watches BASCfg.config.mas.ibm.com, manages the UDS integration with Maximo Application Suite.

entitymgr-coreidp: entitymgr-coreidp watches CoreIDP.internal.mas.ibm.com, manages the Core IDP component.

entitymgr-idpcfg: entitymgr-idpcfg watches IDPCfg.config.mas.ibm.com, manages IDP integration with Maximo Application Suite.

entitymgr-jdbccfg: entitymgr-jdbccfg watches JDBCCfg.config.mas.ibm.com, manages JDBC integration with Maximo Application Suite, performing configuration validation.

entitymgr-kafkacfg: entitymgr-kafkacfg watches KafkaCfg.config.mas.ibm.com, manages Kafka integration with Maximo Application Suite, performing configuration validation.

entitymgr-jdbccfg: entitymgr-jdbccfg watches MongoCfg.config.mas.ibm.com, manages Mongo integration with Maximo Application Suite, performing configuration validation.

entitymgr-objectstorage: entitymgr-objectstorage watches ObjectStorageCfg.config.mas.ibm.com, manages ObjectStorage integration with Maximo Application Suite, performing configuration validation.

entitymgr-pushnotificationcfg: entitymgr-pushnotificationcfg, watches PushNotificationCfg.config.mas.ibm.com, manages PushNotification integration with Maximo Application Suite, performing configuration validation.

entitymgr-scimcfg: entitymgr-scimcfg watches SCIMCfg.config.mas.ibm.com, manages SCIM (LDAP User sync) integration with Maximo Application Suite, performing configuration validation and resources creation such as scimsync-agent job and scimsync liberty pod.

entitymgr-slscfg: entitymgr-slscfg watches SLSCfg.config.mas.ibm.com, manages SLS integration with Maximo Application Suite, performing configuration validation and resources creation such as licensing-mediator pod. This pod is also responsible to register the SLS client in the SLS server.

entitymgr-smtpcfg: entitymgr-smtpcfg watches SMTPCfg.config.mas.ibm.com, manages SMTP integration with Maximo Application Suite, performing configuration validation.

entitymgr-watsonstudiocfg: entitymgr-watsonstudiocfg watches WatsonStudioCfg.config.mas.ibm.com, manages Watson™ Studio integration with Maximo Application Suite, performing configuration validation.

entitymgr-ws: entitymgr-ws watches Workspace.core.mas.ibm.com, manages Workspace creation in Maximo Application Suite.; For More information find the reference Link below:; https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=reference-maximo-application-suite-core-services

Wednesday, February 7, 2024

Known Issue MAS - SAML users replacing local user login

SAML users replacing local user login.

Unless explicitly defined, we should not allow a SAML user to login to MAS using a local user userid.

The scenario is:

You have SAML configured.

userA is a local user;

userA is also a SAML user (in the company IDP) but not part of MAS.

userB is a SAML user in MAS.

1- Customer goes to MAS login page and input userB username;

2- MAS will redirect the user to SAML;

3- Customer inputs credentials for userA instead of userB in the IDP login page;

4- SAML assertion will return nameID as userA, which in MAS the user is a local user only.

What should happen?

In the step 4, user should get a not-authorized message as it does not exists in MAS as SAML user.

Reference Link : https://www.ibm.com/mysupport/s/defect/aCI3p000000bm8C/dt196144?language=en_US

Installing and configuring Grafana _ Monitoring

Procedure

In the Red Hat OpenShift Container Platform console, select Operators > OperatorHub and search for the Grafana operator that is provided by Red Hat OpenShift.
Install the Grafana operator for the openshift-user-workload-monitoring namespace.

Create an instance of Grafana.

Select Operator > OperatorHub > Grafana Operator and then select the Grafana tab.
Click Create Grafana.

On YAML tab, enter the following text:

apiVersion: integreatly.org/v1alpha1
kind: Grafana
metadata:
  name: mas-grafana
  namespace: openshift-user-workload-monitoring
spec:
  ingress:
    enabled: true
  dataStorage:
    accessModes:
      - ReadWriteOnce
    size: 10Gi
    class: ocs-storagecluster-cephfs
  config:
    log:
      mode: "console"
      level: "warn"
    security:
      admin_user: "root"
      admin_password: "secret"
    auth:
      disable_login_form: False
      disable_signout_menu: True
    auth.anonymous:
      enabled: True
  dashboardLabelSelector:
    - matchExpressions:
        - {key: app, operator: In, values: [grafana]}

A route is created, and the public URL is included in that route definition in the openshift-user-workload-monitoring namespace project.

Remember to update the subscription.yaml file and add the following configuration so that Grafana scans for the dashboard across the whole cluster:

Config:
       env: 
       - name: "DASHBOARD_NAMESPACES_ALL" 
          value: "true"

After an update, the subscription.yaml file looks like the following:

apiVersion: operators.coreos.com/v1alpha1
        kind: Subscription
        metadata:
          name: grafana-operator
          namespace: "{{ grafana_namespace }}"
          labels:
            operators.coreos.com/grafana-operator.{{ grafana_namespace }}: ''
        spec:
          channel: v4
          installPlanApproval: Automatic
          name: grafana-operator
          source: community-operators
          sourceNamespace: openshift-marketplace
          config:
            env:
              - name: "DASHBOARD_NAMESPACES_ALL"
                value: "true"

Run the following command to grant the user permission.

oc adm policy add-cluster-role-to-user cluster-monitoring-view -z grafana-serviceaccount

Run the following command to obtain the BEARER_TOKEN.

- oc serviceaccounts get-token grafana-serviceaccount -n openshift-user-workload-monitoring

Create the GrafanaDataSource, which points to the Prometheus instance that you installed earlier.

Select the Grafana Operator > Installed operators > GrafanaDataSource tab.

Enter the following text and replace the ${BEARER_TOKEN} value with the value that you obtained in a previous step.

apiVersion: integreatly.org/v1alpha1
kind: GrafanaDataSource
metadata:
  name: prometheus-grafanadatasource
  namespace:  openshift-user-workload-monitoring
spec:
  datasources:
    - access: proxy
      editable: true
      isDefault: true
      jsonData:
        httpHeaderName1: 'Authorization'
        timeInterval: 5s
        tlsSkipVerify: true
      name: Prometheus
      secureJsonData:
        httpHeaderValue1: 'Bearer ${BEARER_TOKEN}'
      type: prometheus
      url: 'https://thanos-querier.openshift-monitoring.svc.cluster.local:9091'
  name: prometheus-grafanadatasource.yaml

Reference Link : https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=dashboards-installing-configuring-grafana