Online starter installation of IBM Cloud Pak for Watson AIOps (CLI)

If you are a trial user of IBM Cloud Pak® for Watson AIOps, or you want a proof-of-concept deployment that does not require a sustained workload, consider a starter installation to get a smaller, nonproduction deployment up and running quickly.

If you are installing on Azure Red Hat OpenShift (ARO), Google Cloud Platform (GCP), Red Hat® OpenShift® on IBM Cloud® service (ROKS), or Red Hat® OpenShift® Service on AWS (ROSA) then review the information in Installing on cloud platforms.

If you require a production-grade deployment, or an offline air-gapped deployment, see Installing IBM Cloud Pak for Watson AIOps.

Before you begin

  • Review the Planning section. The cluster meets the system requirements for a starter deployment.
  • Online installations of IBM Cloud Pak for Watson AIOps can be run entirely as a nonroot user, and do not require that user to have sudo access.
  • Ensure that you are logged in to your Red Hat OpenShift cluster with oc login for any steps that use the Red Hat OpenShift command-line interface (CLI).
  • If you require details about the permissions that the IBM Cloud Pak for Watson AIOps operators need, see Permissions (IBM Cloud Pak for Watson AIOps).
  • Red Hat® OpenShift® Container Platform requires a user with admin privileges to Create a custom project, and a user with cluster-admin privileges for the following operations:

Limitations

  • After installation, you cannot increase the size of your IBM Cloud Pak for Watson AIOps deployment from a starter deployment to a larger production deployment.
  • High availability is not supported for starter deployments.
  • This starter installation uses the OwnNamespace installation mode, which is the recommended installation mode for IBM Cloud Pak for Watson AIOps, to provide better resilience and performance. For more information, see Operator installation mode.

1. Install and configure Red Hat OpenShift Container Platform

IBM Cloud Pak for Watson AIOps requires Red Hat OpenShift to be installed and running. You must have administrative access to your Red Hat OpenShift cluster.

For more information about the supported versions of Red Hat OpenShift, see Supported Red Hat OpenShift Container Platform versions. The hardware architecture that you install IBM Cloud Pak for Watson AIOps on must be AMD64.

  1. Install Red Hat OpenShift by using the instructions in the Red Hat OpenShift documentation Opens in a new tab.

  2. Install the Red Hat OpenShift (oc) command-line interface (CLI) on your cluster's boot node. For more information, see Getting started with the Red Hat OpenShift CLI Opens in a new tab, and then run oc login.

  3. Optionally configure a custom certificate for IBM Cloud Pak for Watson AIOps to use. You can use either of the following methods:

    • Configure a custom certificate for the Red Hat OpenShift cluster. Follow the instructions in the Red Hat OpenShift documentation Replacing the default ingress certificate. Then, deploy the signing CA certificate into the cluster by following the instructions in the Red Hat OpenShift documentation Replacing the CA Bundle certificate.
    • If you would like to use a custom certificate for IBM Cloud Pak for Watson AIOps only, then after installation is complete follow the instructions in Using a custom certificate.

2. Configure storage

Configure your own storage for use with IBM Cloud Pak for Watson AIOps. For more information, see Storage.

3. Create a custom project (namespace)

Create a project (namespace) called cp4waiops for your IBM Cloud Pak for Watson AIOps deployment, by running the following command:

oc create namespace cp4waiops

4. Create an OperatorGroup in your custom project (namespace)

Create the Operator group by running the following command:

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: cp4waiops-operator-group
  namespace: cp4waiops
spec:
  targetNamespaces:
    - cp4waiops
EOF

5. Create the entitlement key pull secret

  1. Log in to MyIBM Container Software Library Opens in a new tab with the IBMid and password details that are associated with the entitled software.

  2. In the Entitlement keys section, select Copy to copy your entitlement key to the clipboard.

  3. From the Red Hat OpenShift CLI, run the following command:

    oc create secret docker-registry ibm-entitlement-key \
    --docker-username=cp\
    --docker-password=<entitlement-key> \
    --docker-server=cp.icr.io \
    --namespace=cp4waiops

    Where <entitlement-key> is the entitlement key that you copied in the previous step.

6. Configure usage data collection

To help the development of IBM Cloud Pak for Watson AIOps, daily aggregated usage data is collected to analyse how IBM Cloud Pak for Watson AIOps is used. The usage data is collected by the cp4waiops-metricsprocessor pod, and is sent to and stored in IBM controlled GDPR-compliant systems. The collection of usage data is enabled by default, but can be disabled. For transparency, the cp4waiops-metricsprocessor pod's logs contain all the information that is collected. The usage data that is collected is all numeric, and does not include email addresses, passwords, or specific details. Only the following data is collected:

  • Current number of applications
  • Current number of alerts (all severities aggregated)
  • Current number of incidents (all priorities aggregated)
  • Current number of policies (includes predefined and user created)
  • Current number of runbooks run since installation
  • Current number of connectors of each type (For example ServiceNow, Instana, Falcon Logscale)

Configuring the collection of usage data

If you do not want to disable the collection of usage data, run the following steps.

  1. Set environment variables.

    export CUSTOMER_NAME=<your company name>
export CUSTOMER_ICN=<your IBM Customer Number>
export CUSTOMER_ENVIRONMENT=<Set to `trial`, `poc`, or `production`>
export PROJECT_CP4WAIOPS=cp4waiops

  2. Configure the usage data with your customer details.

    oc create secret generic aiops-metrics-processor -n ${PROJECT_CP4WAIOPS} --from-literal=customerName=${CUSTOMER_NAME} --from-literal=customerICN=${CUSTOMER_ICN} --from-literal=environment=${CUSTOMER_ENVIRONMENT}

  3. If you have a firewall enabled, ensure that outbound traffic to https://api.segment.io is allowed.

Important: Usage data without your customer details is still collected even if you do not create this secret. If you do not want any usage data collected, then you must run the command given in Disabling the collection of usage data.

Disabling the collection of usage data

If you want to disable the collection of usage data, run the following commands.

  1. Set environment variables.

    export CUSTOMER_NAME=<your company name>
export CUSTOMER_ICN=<your IBM Customer Number>
export CUSTOMER_ENVIRONMENT=<Set to `trial`, `poc`, or `production`>
export PROJECT_CP4WAIOPS=cp4waiops

  2. Disable usage data collection

    oc create secret generic aiops-metrics-processor -n ${PROJECT_CP4WAIOPS} --from-literal=customerName=${CUSTOMER_NAME} --from-literal=customerICN=${CUSTOMER_ICN} --from-literal=environment=${CUSTOMER_ENVIRONMENT} --from-literal=enableCollection=false

Note: You can update your usage data collection preferences after installation. For more information, see Updating usage data collection preferences.

7. Create the catalog source

Add the IBM Cloud Pak for Watson AIOps catalog source to your Red Hat OpenShift cluster.

After installation, the ibm-operator-catalog CatalogSource object determines whether the upgrade of your IBM Cloud Pak for Watson AIOps deployment is initiated automatically when a new patch becomes available. The ibm-operator-catalog CatalogSource object can be configured to automatically poll for and retrieve a newer catalog by enabling the polling attribute, spec.updateStrategy.registryPoll. If a newer catalog for a patch is found and retrieved, then an automatic upgrade of your IBM Cloud Pak for Watson AIOps deployment is initiated. For more information, see Controlling upgrade.

Note: ibm-operator-catalog also contains the catalogs for other IBM Cloud Paks®. If multiple IBM Cloud Paks are installed on your cluster, then the polling attribute is configured for all of them.

If you want to enable the automatic initiation of patch upgrades, run the following command to create the ibm-operator-catalog CatalogSource object with polling enabled.

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: ibm-operator-catalog
  publisher: IBM Content
  sourceType: grpc
  image: icr.io/cpopen/ibm-operator-catalog:latest
  updateStrategy:
    registryPoll:
      interval: 45m
EOF

If you want to disable the automatic initiation of patch upgrades, then use the following steps.

  1. Run the following command to create the ibm-operator-catalog CatalogSource object without polling enabled.

    cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: ibm-operator-catalog
  publisher: IBM Content
  sourceType: grpc
  image: icr.io/cpopen/ibm-operator-catalog:latest
EOF

  2. Update the ibm-operator-catalog CatalogSource to fix it to always use the current image digest, instead of icr.io/cpopen/ibm-operator-catalog:latest. This ensures that the ibm-operator-catalog CatalogSource pods do not pull the latest image if a node reload or other issue causes them to restart. Run the following commands:

    IMGDIGEST=`oc get pods -n openshift-marketplace -l=olm.catalogSource=ibm-operator-catalog --no-headers -o=jsonpath="{.items[0].status.containerStatuses[0].imageID}" -n openshift-marketplace` && \
oc patch catalogsource ibm-operator-catalog -n openshift-marketplace --type=json -p "[{ "op": "test", "path": "/spec/image", "value": "\"icr.io/cpopen/ibm-operator-catalog:latest\"" }, { "op": "replace", "path": "/spec/image", "value": "\"$IMGDIGEST\"" }]"

You can disable or re-enable automatic patch upgrade after installation if you change your mind. For more information, see Configuring automatic patch upgrades.

8. Verify cluster readiness

Run the prerequisite checker script to verify whether your Red Hat OpenShift cluster is correctly set up for an IBM Cloud Pak for Watson AIOps installation. For more information about the script, and how to download and run it, see github.com/IBM Opens in a new tab.

9. Install the IBM Cloud Pak for Watson AIOps operator

Run the following command:

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: ibm-aiops-orchestrator
  namespace: cp4waiops
spec:
  channel: v4.1
  installPlanApproval: Automatic
  name: ibm-aiops-orchestrator
  source: ibm-operator-catalog
  sourceNamespace: openshift-marketplace
EOF

Warning: installPlanApproval must not be changed to Manual. Manual approval, which requires the manual review and approval of the generated InstallPlans, is not supported. Incorrect timing or ordering of manual approvals of InstallPlans can result in a failed installation.

After a few minutes, the IBM Cloud Pak for Watson AIOps operator is installed. Verify that the all of the components have a state of Succeeded by running the following command:

oc get csv -n cp4waiops | egrep "ibm-aiops-orchestrator|ibm-automation|ibm-common-service"

Example output:

$ oc get csv -n cp4waiops | egrep "ibm-aiops-orchestrator|ibm-automation|ibm-common-service"
ibm-aiops-orchestrator.v4.1.0         IBM Cloud Pak for Watson AIOps AI Manager   4.1.0                                      Succeeded
ibm-automation-elastic.v1.3.13        IBM Elastic                                 1.3.13   ibm-automation-elastic.v1.3.12    Succeeded
ibm-automation-flink.v1.3.13          IBM Automation Foundation Flink             1.3.13   ibm-automation-flink.v1.3.12      Succeeded
ibm-common-service-operator.v3.23.3   IBM Cloud Pak foundational services         3.23.3                                     Succeeded

Important: A dependency may not yet be present when this command is run, and cause IBM Elastic to be Failed. This dependency is resolved when the custom resource is created and rollout continues. No user intervention or delay is required.

10. Install IBM Cloud Pak for Watson AIOps

  1. Run the following command to create an instance of the IBM Cloud Pak for Watson AIOps custom resource called ibm-cp-watson-aiops.

    Warning: The pakModules aiopsFoundation, applicationManager, and aiManager must be enabled as in the following YAML. Do not change these values to false.

    cat << EOF | oc apply -f -
apiVersion: orchestrator.aiops.ibm.com/v1alpha1
kind: Installation
metadata:
  name: ibm-cp-watson-aiops
  namespace: cp4waiops
spec:
  imagePullSecret: ibm-entitlement-key
  license:
    accept: <license_acceptance>
  pakModules:
  - name: aiopsFoundation
    enabled: true
  - name: applicationManager
    enabled: true
  - name: aiManager
    enabled: true
  - name: connection
    enabled: false
  size: small
  storageClass: <storage_class_name>
  storageClassLargeBlock: <large_block_storage_class_name>
  topologyModel: application
EOF

    Where

    • <license_acceptance> - is set to true to agree to the license terms.
    • <storage_class_name> and <large_block_storage_class_name> are the storage classes that you want to use, as detailed in the following table. For more information about storage, see Storage.

    Note: To confirm that you have the storage classes for your chosen storage provider as shown in the table, run oc get sc.

Table. Storage provider classes
Storage provider storage_class_name large_block_storage_class_name
IBM Cloud® ibmc-file-gold-gid ibmc-block-gold
Red Hat® OpenShift® Data Foundation ocs-storagecluster-cephfs ocs-storagecluster-ceph-rbd
IBM Storage Fusion ibm-spectrum-scale-sc ibm-spectrum-scale-sc
IBM Spectrum Scale Container Native ibm-spectrum-scale-sc ibm-spectrum-scale-sc
Portworx portworx-fs portworx-aiops

  1. Verify your installation.

    Run the following command to check that the PHASE of your installation is Updating.

    oc get installations.orchestrator.aiops.ibm.com -n cp4waiops

    Example output:

    NAME                  PHASE     LICENSE    STORAGECLASS   STORAGECLASSLARGEBLOCK   AGE
ibm-cp-watson-aiops   Updating  Accepted   rook-cephfs    rook-ceph-block          3m

    It takes around 60-90 minutes for the installation to complete (subject to the speed with which images can be pulled). When installation is complete and successful, the PHASE of your installation changes to Running. If your installation phase does not change to Running, then use the following command to find out which components are not ready:

    oc get installation.orchestrator.aiops.ibm.com -o yaml | grep 'Not Ready'

    Example output:

    lifecycleservice: Not Ready
zenservice: Not Ready

    To see details about why a component is Not Ready run the following command, where <component> is the component that is not ready, for example zenservice.

    oc get <component> -o yaml

    (Optional) You can also download and run a status checker script to see information about the status of your deployment. For more information about how to download and run the script, see github.com/IBMOpens in a new tab.

If the installation fails, or is not complete and is not progressing, then see Troubleshooting installation and upgrade and Known Issues to help you identify any installation problems.

11. Create a network policy for log anomaly detection

If you plan to use log anomaly, run the following commands before you create log connections. Replace the AIOPS_NAMESPACE value with the name of the project in which Cloud Pak for Watson AIOps is installed.

AIOPS_NAMESPACE="cp4waiops"
cat << EOF | oc apply -n $AIOPS_NAMESPACE -f -
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  labels:
    app: flink
    cluster: cp4waiops-eventprocessor-eve-29ee-ep
    component: taskmanager
  name: cp4waiops-eventprocessor-eve-29ee-ep-tm-patch
spec:
  egress:
  - {}
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: flink
          cluster: cp4waiops-eventprocessor-eve-29ee-ep
          component: taskmanager
    - podSelector:
        matchLabels:
          app: flink
          cluster: cp4waiops-eventprocessor-eve-29ee-ep
          component: jobmanager
  - ports:
    - port: 9248
      protocol: TCP
    - port: 6122
      protocol: TCP
    - port: 6121
      protocol: TCP
  podSelector:
    matchLabels:
      app: flink
      cluster: cp4waiops-eventprocessor-eve-29ee-ep
      component: taskmanager
  policyTypes:
  - Ingress
  - Egress
EOF

cat << EOF | oc apply -n $AIOPS_NAMESPACE -f -
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  labels:
    app: flink
    cluster: cp4waiops-eventprocessor-eve-29ee-ep
    component: jobmanager
  name: cp4waiops-eventprocessor-eve-29ee-ep-jm-patch
spec:
  egress:
  - {}
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: flink
          cluster: cp4waiops-eventprocessor-eve-29ee-ep
          component: taskmanager
    - podSelector:
        matchLabels:
          app: flink
          cluster: cp4waiops-eventprocessor-eve-29ee-ep
          component: jobmanager
  - ports:
    - port: 8081
      protocol: TCP
    - port: 6123
      protocol: TCP
    - port: 6125
      protocol: TCP
    - port: 8080
      protocol: TCP
    - port: 6124
      protocol: TCP
    - port: 9249
      protocol: TCP
  podSelector:
    matchLabels:
      app: flink
      cluster: cp4waiops-eventprocessor-eve-29ee-ep
      component: jobmanager
  policyTypes:
  - Ingress
  - Egress
EOF

12. Log in to the IBM Cloud Pak Automation console

  1. Find the password for the admin username by running the following command:

    oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d

  2. Find the URL to access the IBM Cloud Pak Automation console with the following command.

    oc get route -n cp4waiops cpd -o jsonpath='{.spec.host}'

    The following output is a sample output:

    cpd-cp4waiops.apps.mycluster.mydomain

    Based on the sample output, your console URL would be https://cpd-cp4waiops.apps.mycluster.mydomain

  3. Enter the URL in your browser to open the IBM Cloud Pak Automation console and log in with a username of admin and the password that you found in the previous step.

What to do next

  • Define integrations and applications with Defining.
  • If you have an existing on-premises IBM Tivoli Netcool/OMNIbus deployment, then you can connect IBM Cloud Pak for Watson AIOps to it with the Netcool connector. For more information, see Creating IBM Tivoli Netcool/OMNIbus connections.
  • If you have an existing on-premises IBM Tivoli Netcool/Impact deployment, then you can connect IBM Cloud Pak for Watson AIOps to it with the IBM Tivoli Netcool/Impact connector. For more information, see Creating IBM Tivoli Netcool/Impact connections