Setting up the cluster in silent mode

Edit online

A cluster administrator user can set up a cluster in a more automated and consistent manner by running a script in silent mode. A set of environment variables are needed before the script can be run in silent mode. The administrator must also provide information that they get from the script to a non-administrator user so they can run the deployment script.

Before you begin

Make sure you prepared your cluster with the necessary infrastructure and software. For more information, see Preparing for a production deployment.

Important: Before you use the All namespaces on the cluster option, check the openshift-operators namespace to find installed operators. The openshift-operators namespace is watched by the Operator Lifecycle Manager (OLM). If Automation foundation operators are already installed by another Cloud Pak, then you must install Cloud Pak for Business Automation in All namespaces on the cluster. If you already have a CP4BA operator in a different namespace on the cluster, the script stops to ask whether you want to create another operator in the new namespace.

Do you want to deploy another CP4BA operator in a new project? (Yes/No, default: No)

If the operator is already installed in a namespace and you set the CP4BA_AUTO_ALL_NAMESPACES parameter to Yes, then the script also stops to inform you that you cannot switch to All Namespaces.

About this task

The cluster setup script is one of three core scripts (cluster setup, deployment, and post-deployment) that are provided to help you install the Cloud Pak capabilities. You must be a cluster administrator to run the setup script. For more information, see Targeted role-based user archetypes.

Note: The cluster setup script installs a set of Cloud Platform Foundation Services for the Cloud Pak.

The cluster setup script identifies or creates a namespace and applies the custom resource definitions (CRD). It then adds the specified user to the ibm-cp4a-operator role, binds the role to the service account, and applies a security context constraint (SCC) for the Cloud Pak.

Note: The scripts can be used only on Red Hat (RHEL), CentOS, or a client to a Linux-based machine or virtual machine that can run Podman. The setup script does not set any parameters in the custom resource (CR). The cluster administrator might be running the script on a different host than the user who later runs the deployment script.

Use the following steps to complete the setup.

Procedure

Download the appropriate repository to a Linux® based machine (RHEL, CentOS, and so on) or a client to a linux-based machine or VM that runs podman natively, and go to the cert-kubernetes directory.

For more information about downloading cert-kubernetes, see Preparing for a production deployment.
Create the environment variables that are needed for your installation. For more information, see Environment variables for installation in silent mode.

Using the OpenShift CLI:

oc login https://<cluster-ip>:<port> -u <cluster-admin> -p <password>

On ROKS, if you are not already logged in:

oc login --token=<token> --server=https://<cluster-ip>:<port>

Run the cluster setup script from where you downloaded the cert-kubernetes repository.

cd scripts
./cp4a-clusteradmin-setup.sh

Note: The following message appears on OCP 4.6, but the warning does not have any functional impact.

Creating the custom resource definition (CRD) and a service account that has the permissions to manage the resources...
W1102 26405 warnings.go:67] apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition

Monitor the operator pod until it shows a STATUS of "Running".
```
oc get pod -w
```
Tip: If ibm-cp4a-operator is inactive for some time, you can delete the operator pod and let it reconcile.
To confirm that the operator is stuck, check to see whether the log is providing an output.
```
oc project <namespace of Cloud Pak for Business Automation operator>
NAMESPACE=$(oc project -q)
podname=$(oc get pod -n $NAMESPACE | grep ibm-cp4a-operator | awk '{print $1}')
oc logs $podname -f
```
If the operator is installed for All namespaces on your cluster, the namespace is openshift-operators.
Add JDBC drivers to the operator pod for Business Automation Navigator and all of the other patterns in your deployment that need them.
Copy all of the JDBC drivers that are needed by the components to the operator pod. Depending on your storage configuration, you might not need all these drivers. For more information about compatible JDBC drivers, see Db2 JDBC information, Oracle JDBC information, SQL Server JDBC information, and PostgreSQL JDBC information. The following .jar files are examples.
- Db2®
  - db2jcc4.jar
  - db2jcc_license_cu.jar
  The Db2 license file is included in all Db2 server editions and you must take the license file from the Db2 Activation CD or download it from Passport Advantage. For more information, see Db2 license files.
- Oracle
  - ojdbc8.jar
  - orai18n.jar
- Microsoft SQL Server
  - mssql-jdbc-8.2.2.jre8.jar
- PostgreSQL
  - postgresql-42.2.9.jar
The following structure shows an example remote file system. The jdbc directory and the subfolder name for the database must be created.
```
/root/operator
   └── jdbc
        ├── db2
            ├── db2jcc4.jar
            └── db2jcc_license_cu.jar
        ├── oracle
            ├── ojdbc8.jar
            └── orai18n.jar
        ├── sqlserver
            └── mssql-jdbc-8.2.2.jre8.jar
        ├── postgresql
            └── postgresql-42.2.9.jar
```
Copy the JDBC files to the operator pod.
```
oc project <namespace of Cloud Pak for Business Automation operator>
NAMESPACE=$(oc project -q)
podname=$(oc get pod -n $NAMESPACE | grep ibm-cp4a-operator | awk '{print $1}')
oc cp PATH_TO_JDBC/jdbc $NAMESPACE/$podname:/opt/ansible/share
```
The PATH_TO_JDBC is the path to the driver files on your system.
To verify that the JDBC files are in the operator pod, run the following command:
```
oc exec -n $NAMESPACE $podname -- ls -lR /opt/ansible/share
```
Optional: If you intend to install Content Collector for SAP as an optional component of the Content Manager pattern, then you must download the necessary libraries, put them in a directory, and copy the files to the operator pod.
1. Make a saplibs directory.
  Give read and write permissions to the directory by running the chmod command.
2. Download the SAP Netweaver SDK 7.50 library from the SAP Service Marketplace.
  - https://launchpad.support.sap.com/#/softwarecenter/object/0020000000957442020 for libsapcrypto.so
  - https://launchpad.support.sap.com/#/softwarecenter/object/0020000001646522020 for libicudata.so.50, libicudecnumber.so, libicui18n.so.50, libicuuc.so.50, libsapnwrfc.so, and libsapucum.so
3. Download the SAP JCo Release 3.0.x from the SAP Service Marketplace.
  - https://launchpad.support.sap.com/#/softwarecenter/object/0020000001721092019 for sapjco3.jar and libsapjco3.so
4. Extract all of the content of the packages to the saplibs directory.
5. Check you have all of the following libraries.
```
saplibs/
├── libicudata.so.50
├── libicudecnumber.so
├── libicui18n.so.50
├── libicuuc.so.50
├── libsapcrypto.so
├── libsapjco3.so
├── libsapnwrfc.so
└── sapjco3.jar
```
6. Copy the SAP files to the operator pod.
```
oc cp PATH_TO_SAPLIBS/saplibs $NAMESPACE/$podname:/opt/ansible/share
```
  The PATH_TO_SAPLIBS is the path to the driver files on your system.
  To verify that the files are in the pod, run the following command:
```
oc exec -n $NAMESPACE $podname -- ls -lR /opt/ansible/share
```

Results

When the script is finished, all of the available storage class names are displayed along with the infrastructure node name. Take a note of the following information and provide it to the Cloud Pak admin user as they are needed for the deployment script:

Project name or namespace.
Storage class names.
Username to log in to the cluster.

What to do next

You can see the list of services that are installed in your cluster on the Operators > Installed Operators page. For more information about foundational services, see IBM Cloud Pak foundational services operators and versions.

To verify the Common Services installation, check whether all the pods in the ibm-common-services namespace are running. Use the following command:

oc get pods -n ibm-common-services

You can also use the following command to verify whether the services are successfully installed:

oc -n ibm-common-services get csv

Change the admin user for IAM

The installation of IBM Cloud Pak foundational services creates an admin user, who is a cluster administrator. To avoid the admin user from being removed when you uninstall foundational services, you can customize the username by adding the defaultAdminUser parameter to the OperandConfig instance in the ibm-common-services namespace. Set a custom name that is not admin.

- name: ibm-iam-operator
  spec:
    authentication:
      config:
        defaultAdminUser: <custom-username>

You can access the common-service instance by using the OpenShift Container Platform console or by using the command-line interface (CLI).

In the console, use the following steps:
1. From the navigation menu, click Operators > Installed Operators > Operand Deployment Lifecycle Manager > OperandConfig.
2. Click the overflow menu icon of the common-service instance, and click Edit OperandConfig.

To use the CLI, run the following command:

oc edit OperandConfig common-service -n ibm-common-services

Continue to prepare everything that you need for each capability that you want to install in Preparing capabilities.