Installing IBM Cloud Pak for Watson AIOps on Red Hat OpenShift Service on AWS (ROSA)

If you are installing on Red Hat OpenShift Service on AWS (ROSA), you can follow any of the main installation options for installing IBM Cloud Pak® for Watson AIOps. These procedures demonstrate how to install on Red Hat® OpenShift® Container Platform. For installing on Red Hat OpenShift Service on AWS, you need to complete some additional and replacement steps.

Before you begin following one of the main installation options, you need to configure AWS, your cluster, and your storage to support installing IBM Cloud Pak for Watson AIOps on Red Hat OpenShift Service on AWS.

When you are following your selected installation method afterward, you can skip some steps as the steps were completed as part of setting up the supported storage for installing on Red Hat OpenShift Service on AWS.

Prerequisites for installing on Red Hat OpenShift Service on AWS

  • Ensure that you have the following accounts:

    • AWS account.
    • Red Hat subscription.
    • Portworx account and license. The following steps are tested with, and require, Portworx storage. If needed, register for a PortWorx account.

  • Ensure that your environment meets the prerequisites for Red Hat® OpenShift® Service on AWS.

Additional and replacement steps for installing on Red Hat OpenShift Service on AWS

  1. Configure AWS and Red Hat access
  2. Configure a Red Hat OpenShift Service on AWS Red Hat OpenShift Container Platform cluster
  3. Configure storage
  4. Install IBM Cloud Pak for Watson AIOps
  5. Optional: Delete the cluster

1. Configure AWS and Red Hat access

  1. Log in to the AWS console to verfiy that you have access to the console. If needed, the Login page provides a link to register for an account.

  2. From the AWS console, deploy Red Hat OpenShift Container Platform into a VPC within your AWS environment if it is not already deployed. For more information, see the Red Hat OpenShift Container Platform on the AWS Cloud Quick Start Reference.

  3. Log in to the Red Hat console to verfiy that you have access to the console. If needed, the Login page provides a link to register for an account.

  4. Retrieve your Red Hat Red Hat OpenShift Cluster Manager API Token by entering the following URL:

  5. Configure the rosa CLI to work with your AWS account. For more information, see Getting started with the rosa CLI.

  6. (Optional) Create a test cluster to validate your environment configuration

    1. Log in to Red Hat OpenShift Service on AWS.

      rosa login --token="<token>"

    2. Configure your AWS account to allow a IAM (non-STS) ROSA cluster.

      rosa init

    3. Create the test cluster.

      rosa create cluster --cluster-name=mytest

      During the cluster creation, you can review the installation logs to watch the progress.

      rosa logs install -c mytest --watch

    4. After the installation completes, list the cluster and note the cluster ID.

      rosa list clusters

    5. Describe your cluster using the cluster ID.

      rosa describe cluster -c 1ab23de4fghijk5lmno6p78q9r1stu2v

    6. Add an identity provider.

      rosa create idp --cluster 1ab23de4fghijk5lmno6p78q9r1stu2v --interactive

      You need to use the noninteractive mode and get some constant values to use

    7. Create your initial admin account.

      rosa create admin --cluster=1ab23de4fghijk5lmno6p78q9r1stu2v

    8. Log in to your test cluster by using the admin and password.

      oc login https://api.jgtest01.dj5a.p1.openshiftapps.com:6443 --username cluster-admin --password XXXXXX

      If your login is successful, your test cluster is working and your environment is configured.

    9. Clean up and delete the test cluster to proceed with creating your main cluster.

      rosa delete cluster -c 1ab23de4fghijk5lmno6p78q9r1stu2v

2. Configure a Red Hat OpenShift Service on AWS Red Hat OpenShift Container Platform cluster

  1. Log in to the Red Hat OpenShift Service on AWS CLI.

    rosa login

    Log in to the site https://cloud.redhat.com/openshift/token/rosa to retrieve your token. Then, copy and paste the token into the CLI prompt.

  2. Create your cluster.

    rosa create cluster --cluster-name=<myclustername> --compute-machine-type=m5.8xlarge  --compute-nodes=<Number of Compute Nodes>  --version <Red Hat OpenShift_version>

    Example:

    rosa create cluster --cluster-name=cluster-test1  --compute-machine-type=m5.8xlarge  --compute-nodes=6 --version 4.10.3

  3. After your cluster is ready, create your cluster administrator account.

    1. Run the following command:

      rosa create admin -c <myclustername>

      Important: Record the admin username (cluster-admin) and password for future use.

    2. Run the oc login command with the cluster administrator credentials.

  4. Verify that all nodes are in Ready state before proceeding. Your cluster may take 40+ minutes to create and for you to be able successfully log in with the 'oc login' command.

    1. Run the following command:

      oc get nodes

    2. Run the following command:

      rosa describe cluster -c <myclustername>

      Record the console URL for the Red Hat OpenShift Console and the Details Page for viewing the cluster details.

    3. Verify that you can access the Red Hat OpenShift console by logging in to the provided Red Hat OpenShift Console URL using the cluster-admin role and credentials.

3. Configure storage

Portworx is the tested and supported storage option for Installing IBM Cloud Pak for Watson AIOps on Red Hat OpenShift Service on AWS (ROSA).

3.1 Configure the Portworx services spec

  1. Log in to your Portworx account. Select to use the Portworx Enterprise edition. Then, click Next.

  2. On the Spec Generator - Enterprise page, enter or select the following settings for your storage:

    1. Select the checkbox for Use the Portworx Operator.
    2. Select 2.10 or higher for the Portworx Version.
    3. Select the Built-in radio button for ETCD. Click Next.
    4. Select the Cloud radio button. Then, select AWS for Cloud Platform.
    5. Select the type of disk: Create Using a Spec
    6. Select the EBS volume type: GP2, Size (GB): 2000.  Click Next.
    7. Click Next to skip the Network configuration page.
    8. On the Customize page, select OpenShift 4+. Click Finish.
    9. Click Agree to accept the license agreement.
    10. Choose your own values to enter under the Spec Name and Spec Tags fields. Then, click Save Spec.

  3. From Spec List page, find your Spec name and expand the Actions column menu and select Copy to Clipboard. Save the kubectl command. You use this command later.

3.2 Configure the AWS infrastructure for Portworx storage

  1. Edit the Inbound Rules for both your master and worker nodes to allow for Network File System (NFS).

    1. Log in to the AWS EC2 Console.
    2. Under EC2, select Instances. Click an Instance ID for one of your worker nodes.
    3. Click the Security tab, and click the Security Group Name for the node.
    4. Click Edit Inbound Rules. Scroll to the bottom, and click Add Rule.
    5. Update the following settings for the rule:
      • Expand the first drop-down menu, and change the setting from Custom TCP to All TCP.
      • In the CIDR blocks Source field, enter 10.0.0.0/8.
      • For the ports, open the following ports: 111, 2049, 20048, 17001-17020, 27017.
      • If you encounter issues during the installation, considering opening all inbound ports from 10.0.0.0/8.
    6. Click Save rules.
    7. Repeat the above steps for your other nodes.

  2. Create your Portworx policy in the AWS Identity and Access Management (IAM) tool.

    1. Go to IAM > Access management > Policies.

    2. Choose Create policy.

    3. Choose the JSON tab.

    4. Replace all the text with the following content:

      {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PortworxPolicy",
      "Effect": "Allow",
      "Action": [
        "ec2:AttachVolume",
        "ec2:ModifyVolume",
        "ec2:DetachVolume",
        "ec2:CreateTags",
        "ec2:CreateVolume",
        "ec2:DeleteTags",
        "ec2:DeleteVolume",
        "ec2:DescribeTags",
        "ec2:DescribeVolumeAttribute",
        "ec2:DescribeVolumesModifications",
        "ec2:DescribeVolumeStatus",
        "ec2:DescribeVolumes",
        "ec2:DescribeInstances",
        "autoscaling:DescribeAutoScalingGroups"
      ],
    "Resource": [
      "*"
    ]
  }
]
}

    5. Click Next: Tags. Then, click Next: Review.

    6. Enter the name for your new policy. Then, click Create policy.

  3. Attach the policy.

    1. Go to IAM > Roles.
    2. Click the worker-role name for your cluster.
    3. Click Attach policy. Search for, and select, the policy that you created. Then, select to attach the policy.

3.3 Install the Portworx operator from Red Hat OpenShift Container Platform

  1. Open the Red Hat OpenShift Container Platform console for your Red Hat OpenShift Service on AWS cluster.
  2. Go to Operators > OperatorHub.
  3. Search for Portworx Enterprise. Then, click Install > Install.
  4. Portworx Enterprise is now be listed under Installed Operators.

3.4. Configure the Portworx operator

  1. Import the Spec from Portworx.

    1. Run oc login to log in to your Red Hat OpenShift Service on AWS cluster.
    2. Run kubectl apply -f <command> where <command> is the command that you saved earlier from the Portworx console.

  2. Verify that Portworx Enterprise shows as one of the Installed Operators in Project: kube-system. Click Portworx Enterprise tile.

    In the Storage Cluster tab, you can see the storage cluster being initialized. Wait until Status is Phase: Online.

  3. Create the Portworx storage classes by running the following commands.

    Create the portworx-fs storage class.

    cat << _EOF_ | oc apply -f -
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: portworx-fs
provisioner: kubernetes.io/portworx-volume
parameters:
  repl: "3"
  io_profile: "db"
  priority_io: "high"
  sharedv4: "true"
allowVolumeExpansion: true
_EOF_

    Create the portworx-aiops storage class.

    cat << _EOF_ | oc apply -f -
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: portworx-aiops
provisioner: kubernetes.io/portworx-volume
parameters:
  repl: "3"
  priority_io: "high"
  snap_interval: "0"
  io_profile: "db"
  block_size: "64k"
  sharedv4: "true"
allowVolumeExpansion: true
_EOF_

4. Installing IBM Cloud Pak for Watson AIOps

You are now ready to install IBM Cloud Pak for Watson AIOps.

Follow the procedure for installing IBM Cloud Pak for Watson AIOps from step 3 in one of the following topics, according to your requirements:

When you create an instance of the IBM Cloud Pak for Watson AIOps custom resource, set the storage as follows:

storageClass: portworx-fs
storageClassLargeBlock: portworx-aiops

5. Optional: Delete the cluster

Delete the cluster only when you need to do so. Follow the steps:

  1. Run oc login to log in to your Red Hat OpenShift Service on AWS cluster.

  2. Run the following command to delete the cluster:

    rosa delete cluster -c <clustername> --watch

  3. Run the following command to verify that the cluster is deleted:

    rosa list clusters

    Ensure that your cluster no longer is listed.

  4. Delete any Identity and Access Management (IAM) policies for the cluster.