Installing IBM Cloud Pak for Watson AIOps on Red Hat OpenShift Service on AWS (ROSA)

If you are installing IBM Cloud Pak® for Watson AIOps on Red Hat OpenShift Service on AWS (ROSA), then you must complete some additional steps before you rejoin the main installation procedure for installing IBM Cloud Pak for Watson AIOps on Red Hat® OpenShift® Container Platform.

Before you begin

Ensure that you meet the following prerequisites:

  • You have an AWS account.
  • You have a Red Hat subscription.
  • You have a Portworx account and license. The following steps are tested with, and require, Portworx storage. If needed, register for a Portworx account.
  • Ensure that your environment meets the prerequisites for Red Hat® OpenShift® Service on AWS.

Installation procedure

Follow these steps to install IBM Cloud Pak for Watson AIOps on Red Hat OpenShift Service on AWS

  1. Configure AWS and Red Hat access
  2. Create a Red Hat OpenShift Service on AWS Red Hat OpenShift Container Platform cluster
  3. Configure storage
  4. Install IBM Cloud Pak for Watson AIOps

1. Configure AWS and Red Hat access

  1. Log in to the AWS console to verify that you have access to the console. If needed, the Login page provides a link to register for an account.

  2. From the AWS console, deploy Red Hat OpenShift Container Platform into a VPC within your AWS environment if it is not already deployed. For more information see Red Hat OpenShift Service on AWS quickstart guide.

  3. Log in to the Red Hat console to verify that you have access to the console. If needed, the Login page provides a link to register for an account.

  4. Retrieve your Red Hat Red Hat OpenShift Cluster Manager API Token by entering the following URL:

  5. Configure the ROSA CLI to work with your AWS account. For more information, see Install and configure the latest ROSA CLI.

  6. (Optional) Create a test cluster to validate your environment configuration

    1. Log in to Red Hat OpenShift Service on AWS.

      rosa login --token="<token>"
      
    2. Configure your AWS account to allow a IAM (non-STS) ROSA cluster.

      rosa init
      
    3. Create the test cluster.

      rosa create cluster --cluster-name=mytest
      

      During the cluster creation, you can review the installation logs to watch the progress.

      rosa logs install -c mytest --watch
      
    4. After the installation completes, list the cluster and note the cluster ID.

      rosa list clusters
      
    5. Describe your cluster using the cluster ID.

      rosa describe cluster -c 1ab23de4fghijk5lmno6p78q9r1stu2v
      
    6. Add an identity provider.

      rosa create idp --cluster 1ab23de4fghijk5lmno6p78q9r1stu2v --interactive
      

      You need to use the noninteractive mode and get some constant values to use

    7. Create your initial admin account.

      rosa create admin --cluster=1ab23de4fghijk5lmno6p78q9r1stu2v
      
    8. Log in to your test cluster by using the admin and password.

      oc login https://api.jgtest01.dj5a.p1.openshiftapps.com:6443 --username cluster-admin --password XXXXXX
      

      If your login is successful, your test cluster is working and your environment is configured.

    9. Clean up and delete the test cluster to proceed with creating your main cluster.

      rosa delete cluster -c 1ab23de4fghijk5lmno6p78q9r1stu2v
      

2. Create a Red Hat OpenShift Service on AWS Red Hat OpenShift Container Platform cluster

  1. Log in to the Red Hat OpenShift Service on AWS CLI.

    rosa login
    

    Log in to the site https://cloud.redhat.com/openshift/token/rosa to retrieve your token. Then, copy and paste the token into the CLI prompt.

  2. Create your cluster.

    rosa create cluster --cluster-name=<myclustername> --compute-machine-type=m5.8xlarge  --compute-nodes=<Number of Compute Nodes>  --version <Red Hat OpenShift_version>
    

    Example:

    rosa create cluster --cluster-name=cluster-test1  --compute-machine-type=m5.8xlarge  --compute-nodes=6 --version 4.10.3
    
  3. After your cluster is ready, create your cluster administrator account.

    1. Run the following command:

      rosa create admin -c <myclustername>
      

      Important: Record the admin username (cluster-admin) and password for future use.

    2. Run the oc login command with the cluster administrator credentials.

  4. Verify that all nodes are in Ready state before proceeding. Your cluster may take 40+ minutes to create and for you to be able to successfully log in with the 'oc login' command.

    1. Run the following command:

      oc get nodes
      
    2. Run the following command:

      rosa describe cluster -c <myclustername>

      Record the console URL for the Red Hat OpenShift Console and the Details Page for viewing the cluster details.

    3. Verify that you can access the Red Hat OpenShift console by logging in to the provided Red Hat OpenShift console URL using the cluster-admin role and credentials.

3. Configure storage

Portworx is the tested and supported storage option for installing IBM Cloud Pak for Watson AIOps on Red Hat OpenShift Service on AWS (ROSA).

3.1 Configure the Portworx services spec

  1. Log in to your Portworx account. Select to use the Portworx Enterprise edition. Then, click Next.

  2. On the Spec Generator - Enterprise page, enter or select the following settings for your storage:

    1. Select the checkbox for Use the Portworx Operator.
    2. Select 2.10 or higher for the Portworx Version.
    3. Select the Built-in radio button for ETCD. Click Next.
    4. Select the Cloud radio button. Then, select AWS for Cloud Platform.
    5. Select the type of disk: Create Using a Spec
    6. Select the EBS volume type: GP2, Size (GB): 2000.  Click Next.
    7. Click Next to skip the Network configuration page.
    8. On the Customize page, select OpenShift 4+. Click Finish.
    9. Click Agree to accept the license agreement.
    10. Choose your own values to enter under the Spec Name and Spec Tags fields. Then, click Save Spec.
  3. From Spec List page, find your Spec name and expand the Actions column menu and select Copy to Clipboard. Save the kubectl command. You use this command later.

3.2 Configure the AWS infrastructure for Portworx storage

  1. Edit the Inbound Rules for both your master and worker nodes to allow for Network File System (NFS).

    1. Log in to the AWS EC2 Console.
    2. Under EC2, select Instances. Click an Instance ID for one of your worker nodes.
    3. Click the Security tab, and click the Security Group Name for the node.
    4. Click Edit Inbound Rules. Scroll to the bottom, and click Add Rule.
    5. Update the following settings for the rule:
      • Expand the first drop-down menu, and change the setting from Custom TCP to All TCP.
      • In the CIDR blocks Source field, enter 10.0.0.0/8.
      • For the ports, open the following ports: 111, 2049, 20048, 17001-17020, 27017.
      • If you encounter issues during the installation, considering opening all inbound ports from 10.0.0.0/8.
    6. Click Save rules.
    7. Repeat the above steps for your other nodes.
  2. Create your Portworx policy in the AWS Identity and Access Management (IAM) tool.

    1. Go to IAM > Access management > Policies.

    2. Choose Create policy.

    3. Choose the JSON tab.

    4. Replace all the text with the following content:

      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Sid": "PortworxPolicy",
            "Effect": "Allow",
            "Action": [
              "ec2:AttachVolume",
              "ec2:ModifyVolume",
              "ec2:DetachVolume",
              "ec2:CreateTags",
              "ec2:CreateVolume",
              "ec2:DeleteTags",
              "ec2:DeleteVolume",
              "ec2:DescribeTags",
              "ec2:DescribeVolumeAttribute",
              "ec2:DescribeVolumesModifications",
              "ec2:DescribeVolumeStatus",
              "ec2:DescribeVolumes",
              "ec2:DescribeInstances",
              "autoscaling:DescribeAutoScalingGroups"
            ],
          "Resource": [
            "*"
          ]
        }
      ]
      }
      
    5. Click Next: Tags. Then, click Next: Review.

    6. Enter the name for your new policy. Then, click Create policy.

  3. Attach the policy.

    1. Go to IAM > Roles.
    2. Click the worker-role name for your cluster.
    3. Click Attach policy. Search for, and select, the policy that you created. Then, select to attach the policy.

3.3 Install the Portworx operator from Red Hat OpenShift Container Platform

  1. Open the Red Hat OpenShift Container Platform console for your Red Hat OpenShift Service on AWS cluster.
  2. Go to Operators > OperatorHub.
  3. Search for Portworx Enterprise. Then, click Install > Install.
  4. Portworx Enterprise is now be listed under Installed Operators.

3.4. Configure the Portworx operator

  1. Import the Spec from Portworx.

    1. Run oc login to log in to your Red Hat OpenShift Service on AWS cluster.
    2. Run kubectl apply -f <command> where <command> is the command that you saved earlier from the Portworx console.
  2. Verify that Portworx Enterprise shows as one of the Installed Operators in Project: kube-system. Click Portworx Enterprise tile.

    In the Storage Cluster tab, you can see the storage cluster being initialized. Wait until Status is Phase: Online.

  3. Create the Portworx storage classes by running the following commands.

    Create the portworx-fs storage class.

    cat << _EOF_ | oc apply -f -
    kind: StorageClass
    apiVersion: storage.k8s.io/v1
    metadata:
      name: portworx-fs
    provisioner: kubernetes.io/portworx-volume
    parameters:
      repl: "3"
      io_profile: "db"
      priority_io: "high"
      sharedv4: "true"
    allowVolumeExpansion: true
    _EOF_
    

    Create the portworx-aiops storage class.

    cat << _EOF_ | oc apply -f -
    kind: StorageClass
    apiVersion: storage.k8s.io/v1
    metadata:
      name: portworx-aiops
    provisioner: kubernetes.io/portworx-volume
    parameters:
      repl: "3"
      priority_io: "high"
      snap_interval: "0"
      io_profile: "db"
      block_size: "64k"
      sharedv4: "true"
    allowVolumeExpansion: true
    _EOF_
    

4. Install IBM Cloud Pak for Watson AIOps

You are now ready to install IBM Cloud Pak for Watson AIOps.

Follow the procedure for installing IBM Cloud Pak for Watson AIOps from step 3 in one of the following topics, according to your requirements:

When you create an instance of the IBM Cloud Pak for Watson AIOps custom resource, set the storage as follows:

storageClass: portworx-fs
storageClassLargeBlock: portworx-aiops

Deleting the Red Hat OpenShift Service on AWS cluster

If you no longer require your Red Hat OpenShift Service on AWS cluster, you can remove it with the following steps.

  1. Run oc login to log in to your Red Hat OpenShift Service on AWS cluster.

  2. Run the following command to delete the cluster:

    rosa delete cluster -c <clustername> --watch
    
  3. Run the following command to verify that the cluster is deleted:

    rosa list clusters
    

    Ensure that your cluster no longer is listed.

  4. Delete any Identity and Access Management (IAM) policies for the cluster.