Online installation of Infrastructure Automation for use with IBM Cloud Pak for AIOps (CLI)
Follow these steps to complete an online installation of Infrastructure Automation, for use with IBM Cloud Pak® for AIOps.
If you have a license for IBM Cloud Pak for AIOps, you are entitled to install and use Infrastructure Automation. Install IBM Cloud Pak for AIOps before you install Infrastructure Automation.
Before you begin
- Review the Planning section.
- Check that your system meets the minimum requirements for installing IBM Cloud Pak for AIOps and Infrastructure Automation.
Important: The
storageClass
andstorageClassLargeBlock
that are used for creating the IBM Cloud Pak for AIOps custom resource must have the same value as thestorageClass
andstorageClassLargeBlock
that are used for creating the Infrastructure Automation custom resource. - Ensure that you are logged in to your Red Hat® OpenShift® Container Platform cluster with
oc login
for any steps that use the Red Hat OpenShift command-line interface (CLI). - If you require details about the permissions that the Infrastructure Automation operators need, see Permissions (Infrastructure Automation).
- A user with
cluster-admin
privileges is needed for the following operations:
Installation steps
Follow these steps to install Infrastructure Automation.
- Install IBM Cloud Pak for AIOps
- Install Cert Manager
- Install the License Service
- Install the Infrastructure Automation operator
- Create the custom resource for Infrastructure Automation
- Verify the deployment
- Log in to the IBM Cloud Pak for AIOps console
- Deploying Infrastructure Management
- Assign user roles and permissions
- Enable usage data collection (optional)
Prerequisites
Allow access to the following sites and ports:
Site | Description |
---|---|
icr.io cp.icr.io dd0.icr.io dd2.icr.io dd4.icr.io dd6.icr.io |
Allow access to these hosts on port 443 to enable access to the IBM Cloud Container Registry and IBM Cloud Pak® foundational services catalog source. |
dd1-icr.ibm-zh.com dd3-icr.ibm-zh.com dd5-icr.ibm-zh.com dd7-icr.ibm-zh.com |
If you are located in China, also allow access to these hosts on port 443. |
github.com |
Github houses IBM Cloud Pak tools and scripts. |
redhat.com |
Red Hat OpenShift registries that are required for Red Hat OpenShift, and for Red Hat OpenShift upgrades. |
For more information, see Configuring your firewall for OpenShift Container Platform.
1. Install IBM Cloud Pak for AIOps
It is recommended that you install IBM Cloud Pak for AIOps before you install Infrastructure Automation. IBM Cloud Pak for AIOps and Infrastructure Automation can be deployed on the same Red Hat OpenShift cluster.
Important: IBM Cloud Pak for AIOps and Infrastructure Automation must be installed in the same namespace. Installing IBM Cloud Pak for AIOps and Infrastructure Automation in separate namespaces is not supported.
To install IBM Cloud Pak for AIOps, follow the instructions in Installing IBM Cloud Pak for AIOps.
2. Install Cert Manager
Skip this step if you already have a certificate manager installed on the Red Hat OpenShift cluster that you are installing Infrastructure Automation on. If you do not have a certificate manager then you must install one. The IBM Cloud Pak® foundational services Cert Manager is recommended, and can be installed with the following steps.
Note: If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on the same Red Hat OpenShift cluster, then you already installed a certificate manager as part of the IBM Cloud Pak for AIOps installation process. If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on different clusters, then you must ensure that you have a certificate manager on each cluster.
For more information about IBM Cloud Pak® foundational services Cert Manager hardware requirements, see IBM Certificate Manager (cert-manager) hardware requirements in the IBM Cloud Pak foundational services documentation.
-
Run the following command to create the resource definitions that you need:
cat << EOF | oc apply -f - apiVersion: v1 kind: Namespace metadata: name: ibm-cert-manager --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ibm-cert-manager-operator-group namespace: ibm-cert-manager --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-cert-manager-operator namespace: ibm-cert-manager spec: channel: v4.2 installPlanApproval: Automatic name: ibm-cert-manager-operator source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
-
Run the following command to ensure that the IBM Cloud Pak foundational services Cert Manager pods have a STATUS of Running before proceeding to the next step.
oc -n ibm-cert-manager get pods
Example output for a successful IBM Cloud Pak foundational services Cert Manager installation:
NAME READY STATUS RESTARTS AGE cert-manager-cainjector-674854c49d-vstq4 1/1 Running 0 8d cert-manager-controller-646d4bd6fd-zwmqm 1/1 Running 0 8d cert-manager-webhook-8598787c8-s4lkt 1/1 Running 0 8d ibm-cert-manager-operator-c96957695-dkxnm 1/1 Running 0 8d
3. Install the License Service
Skip this step if the IBM Cloud Pak foundational services License Service is already installed on the Red Hat OpenShift cluster that you are installing Infrastructure Automation on.
Note: If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on the same Red Hat OpenShift cluster, then you already installed IBM Cloud Pak foundational services License Service as part of the IBM Cloud Pak for AIOps installation process. If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on different clusters then you must ensure that IBM Cloud Pak foundational services License Service is installed on each cluster.
Infrastructure Automation requires the installation of the IBM Cloud Pak foundational services License Service. You must install the IBM Cloud Pak foundational services License Service on the Red Hat OpenShift cluster that you are installing Infrastructure Automation on.
-
Run the following command to create the resource definitions that you need:
cat << EOF | oc apply -f - apiVersion: v1 kind: Namespace metadata: name: ibm-licensing --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: ibm-licensing-operator-group namespace: ibm-licensing spec: targetNamespaces: - ibm-licensing --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-licensing-operator-app namespace: ibm-licensing spec: channel: v4.2 installPlanApproval: Automatic name: ibm-licensing-operator-app source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
-
Run the following command to ensure that the IBM Cloud Pak foundational services License Server pods have a STATUS of Running before proceeding to the next step.
oc -n ibm-licensing get pods
Example output for a successful IBM Cloud Pak foundational services License Service installation:
NAME READY STATUS RESTARTS AGE ibm-licensing-operator-db4cd746c-xzmlf 1/1 Running 0 8d ibm-licensing-service-instance-596b99588f-76cc5 1/1 Running 0 8d
For more information about the IBM Cloud Pak® foundational services License Service, see License Service in the IBM Cloud Pak foundational services documentation.
4. Install the Infrastructure Automation operator
For more information about operators, see Adding Operators to a cluster in the Red Hat OpenShift documentation.
-
Create an OperatorGroup.
Important: Skip this step if you are installing using the
All Namespaces
installation mode, and proceed to step 2, Install the Infrastructure Automation operator.If you are installing using the
OwnNamespace
installation mode, then you must create an operator group in your custom project (namespace), or the Infrastructure Automation operator will not install. There might be an operator group for managing a namespace for given APIs. If there is an operator group for the namespace, do not create a second one. For more information, see Operator installation modes.Create the operator group by running the following command:
cat << EOF | oc apply -f - apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: cp4aiops-operator-group namespace: cp4aiops spec: targetNamespaces: - cp4aiops EOF
-
Set an environment variable for the Infrastructure Automation catalog.
export CATALOG_SRC_IA=<ia_catalog>
Where
<ia_catalog
> isibm-operator-catalog
for an online deployment, oribm-infrastructure-automation-operator-catalog
for an offline deployment. -
Install the Infrastructure Automation operator.
Run the following command.
cat << EOF | oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-infrastructure-automation-operator namespace: cp4aiops spec: channel: v4.6 installPlanApproval: Automatic name: ibm-infrastructure-automation-operator source: ${CATALOG_SRC_IA} sourceNamespace: openshift-marketplace EOF
Warning:
installPlanApproval
must not be changed toManual
. Manual approval, which requires the manual review and approval of the generated InstallPlans, is not supported. Incorrect timing or ordering of manual approvals of InstallPlans can result in a failed installation.
After a few minutes, verify that the Infrastructure Automation operator is installed in the cp4aiops
project (namespace) with the following command:
oc get pods -n cp4aiops | grep ibm-infrastructure-automation-operator-controller-manager
5. Create Infrastructure Automation custom resource with default values
You can create the Infrastructure Automation custom resource with the default set of values, or customize these values before you create the Infrastructure Automation custom resource.
Customize the default values for the Infrastructure Automation custom resource to modify the default replica count of the pods in Managed services, or to adjust any of the following defaults for Managed services:
- Default pre-created secrets in Managed services
- DefaultManaged services proxy setting
- Default Managed services default github.com token to import templates
- Default HTTPS certificate for Managed services Management Console
- Configuring Managed services to set the SSH keys and known hosts in provider terraform pod
Run the following command to create an instance of the Infrastructure Automation custom resource called IAConfig
with its default values. With the default values, you can install Managed services.
The list of installation parameters with its default values are listed in Managed services installation parameters page.
cat << EOF | oc apply -f -
kind: IAConfig
apiVersion: aiops.ibm.com/v1alpha1
metadata:
name: ibm-ia-installer
namespace: cp4aiops
spec:
imagePullSecret: ibm-entitlement-key
infraAutoComposableComponents:
- enabled: <set to true to install Infrastructure Management component of Infrastructure Automation, false otherwise>
name: ibm-management-im-install
spec: {}
- enabled: <set to true to install Managed services component of Infrastructure Automation, false otherwise>
name: ibm-management-cam-install
spec: {}
license:
accept: <set true to accept the license>
storageClass: <Storage Class name that supports RWX>
storageClassLargeBlock: <Select a storage class with a large block size (for example, 64k)>
EOF
To customize Managed services, you must have your customization parameters under spec.manageservice
section.
- enabled: <Set to true to install Managed services component of Infrastructure Automation, false otherwise>
name: ibm-management-cam-install
spec:
manageservice:
<Set your custom installation parameter values>
The list of install parameters that can be customized along with its default values are listed in Managed services installation parameters page.
Note: This option does not install Infrastructure Management. If you need to install Infrastructure Management, complete the installation of Infrastructure Automation and follow the steps that are listed in Deploying Infrastructure Management.
6. Verify the deployment
After a few minutes, run the following command to verify that your deployment is successful.
oc get iaconfigs.aiops.ibm.com -A
Example output:
NAME PHASE VERSION STORAGECLASS STORAGECLASSLARGEBLOCK AGE
ibm-ia-installer Running 4.6.1 rook-cephfs rook-ceph-block 8m44s
7. Log in to the IBM Cloud Pak for AIOps console
After you successfully install Infrastructure Automation, get the URL for accessing the Cloud Pak for AIOps console.
-
Use the following command to get the URL to access the Cloud Pak for AIOps console:
oc get route -n cp4aiops cpd -o jsonpath={.spec.host}
The following output is a sample output:
cpd-cp4aiops.apps.mycluster.mydomain
Based on the sample output, your console URL would be
https://cpd-cp4aiops.apps.mycluster.mydomain
-
Enter the URL in your browser to open the Cloud Pak for AIOps console. Log in with your username and password.
Find the IBM Cloud Pak for AIOps console username and password
The default username to access the Cloud Pak for AIOps console is admin
. You can check the default username and their password with the following commands.
Note: This information is for the IBM provided credentials (admin only) authentication type.
-
Find the default username.
oc -n cp4aiops get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_username}' | base64 -d && echo
-
Get the password for the
admin
username.oc -n cp4aiops get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d
The following extract shows a sample output:
EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA
Based on the sample output, your password would be
EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA
.
Important: You can change this default password at any time. For more information, see Changing the cluster administrator password.
8. Deploying Infrastructure Management
For more information about how to deploy Infrastructure Management, see the following topics:
9. Assign user roles and permissions
When you install Infrastructure Automation and deploy Infrastructure Management, you, or an administrator, must add the required Kubernetes permissions to user roles before your users can access and use Infrastructure Automation tools, such as Managed services or the Service catalog. For instance, users that do not have an Administrator role are not able to use the Infrastructure Management Managed services and Service Catalog or create user groups. For more information about how to add permissions to a role, see Managing roles for Infrastructure Automation.
10. Disable usage data collection (optional)
To help the development of Infrastructure Automation - Infrastructure Management, aggregated usage data is collected to analyze how Infrastructure Management is used. The collection of usage data is enabled by default, but can be disabled.
For the data collection, Infrastructure Management uses the existing daily job that is used for audit logging of managed resources and for licensing tracking. This job is extended to collect and send the usage data metrics to IBM. The sent data is then stored in IBM controlled GDPR-compliant systems. The usage data that is collected does not include personal information, passwords, or specific details. Only the following data is collected:
- The number of virtual machines (VMs), hosts, providers (and provider types), services, and service catalog items that are being used in the Infrastructure Management inventory.
- Whether Infrastructure Management is deployed as a containerized deployment (podified) or virtual machine appliance.
- (Stand-alone deployments) The architecture where Infrastructure Management is deployed (Linux x86_64, Linux on Power (ppc64le), Linux® on IBM Z® and LinuxONE (s390x)).
If you want to disable the collection of usage data, run the following command to set enableCollection=false
in the secret:
oc create secret generic aiops-metrics-processor -n <PROJECT_NAMESPACE> --from-literal=customerName=<CUSTOMER_NAME> --from-literal=customerICN=<CUSTOMER_ICN --from-literal=environment=<CUSTOMER_ENVIRONMENT> --from-literal=enableCollection=false
Note: You can update your usage data collection preferences after installation.