Online installation of Infrastructure Automation for use with IBM Cloud Pak for AIOps (CLI)

Follow these steps to complete an online installation of Infrastructure Automation, for use with IBM Cloud Pak® for AIOps.

If you have a license for IBM Cloud Pak for AIOps, you are entitled to install and use Infrastructure Automation. Install IBM Cloud Pak for AIOps before you install Infrastructure Automation.

Before you begin

  • Review the Planning section.
  • Check that your system meets the minimum requirements for installing IBM Cloud Pak for AIOps and Infrastructure Automation. Important: The storageClass and storageClassLargeBlock that are used for creating the IBM Cloud Pak for AIOps custom resource must have the same value as the storageClass and storageClassLargeBlock that are used for creating the Infrastructure Automation custom resource.
  • Ensure that you are logged in to your Red Hat® OpenShift® Container Platform cluster with oc login for any steps that use the Red Hat OpenShift command-line interface (CLI).
  • If you require details about the permissions that the Infrastructure Automation operators need, see Permissions (Infrastructure Automation).
  • A user with cluster-admin privileges is needed for the following operations:

Installation steps

Follow these steps to install Infrastructure Automation.

  1. Install IBM Cloud Pak for AIOps
  2. Install Cert Manager
  3. Install the License Service
  4. Install the Infrastructure Automation operator
  5. Create the custom resource for Infrastructure Automation
  6. Verify the deployment
  7. Log in to the IBM Cloud Pak for AIOps console
  8. Deploying Infrastructure Management
  9. Assign user roles and permissions
  10. Enable usage data collection (optional)

Prerequisites

Allow access to the following sites and ports:

Table 1. Sites and ports that must be accessible
Site Description
icr.io
cp.icr.io
dd0.icr.io
dd2.icr.io
dd4.icr.io
dd6.icr.io
Allow access to these hosts on port 443 to enable access to the IBM Cloud Container Registry and IBM Cloud Pak® foundational services catalog source.
dd1-icr.ibm-zh.com
dd3-icr.ibm-zh.com
dd5-icr.ibm-zh.com
dd7-icr.ibm-zh.com
If you are located in China, also allow access to these hosts on port 443.
github.com Github houses IBM Cloud Pak tools and scripts.
redhat.com Red Hat OpenShift registries that are required for Red Hat OpenShift, and for Red Hat OpenShift upgrades.

For more information, see Configuring your firewall for OpenShift Container Platform.

1. Install IBM Cloud Pak for AIOps

It is recommended that you install IBM Cloud Pak for AIOps before you install Infrastructure Automation. IBM Cloud Pak for AIOps and Infrastructure Automation can be deployed on the same Red Hat OpenShift cluster.

Important: IBM Cloud Pak for AIOps and Infrastructure Automation must be installed in the same namespace. Installing IBM Cloud Pak for AIOps and Infrastructure Automation in separate namespaces is not supported.

To install IBM Cloud Pak for AIOps, follow the instructions in Installing IBM Cloud Pak for AIOps.

2. Install Cert Manager

Skip this step if you already have a certificate manager installed on the Red Hat OpenShift cluster that you are installing Infrastructure Automation on. If you do not have a certificate manager then you must install one. The IBM Cloud Pak® foundational services Cert Manager is recommended, and can be installed with the following steps.

Note: If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on the same Red Hat OpenShift cluster, then you already installed a certificate manager as part of the IBM Cloud Pak for AIOps installation process. If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on different clusters, then you must ensure that you have a certificate manager on each cluster.

For more information about IBM Cloud Pak® foundational services Cert Manager hardware requirements, see IBM Certificate Manager (cert-manager) hardware requirements Opens in a new tab in the IBM Cloud Pak foundational services documentation.

  1. Run the following command to create the resource definitions that you need:

    cat << EOF | oc apply -f -
    apiVersion: v1
    kind: Namespace
    metadata:
      name: ibm-cert-manager
    ---
    apiVersion: operators.coreos.com/v1
    kind: OperatorGroup
    metadata:
      name: ibm-cert-manager-operator-group
      namespace: ibm-cert-manager
    ---
    apiVersion: operators.coreos.com/v1alpha1
    kind: Subscription
    metadata:
      name: ibm-cert-manager-operator
      namespace: ibm-cert-manager
    spec:
      channel: v4.2
      installPlanApproval: Automatic
      name: ibm-cert-manager-operator
      source: ibm-operator-catalog
      sourceNamespace: openshift-marketplace
    EOF
    
  2. Run the following command to ensure that the IBM Cloud Pak foundational services Cert Manager pods have a STATUS of Running before proceeding to the next step.

    oc -n ibm-cert-manager get pods
    

    Example output for a successful IBM Cloud Pak foundational services Cert Manager installation:

    NAME                                        READY   STATUS    RESTARTS   AGE
    cert-manager-cainjector-674854c49d-vstq4    1/1     Running   0          8d
    cert-manager-controller-646d4bd6fd-zwmqm    1/1     Running   0          8d
    cert-manager-webhook-8598787c8-s4lkt        1/1     Running   0          8d
    ibm-cert-manager-operator-c96957695-dkxnm   1/1     Running   0          8d
    

3. Install the License Service

Skip this step if the IBM Cloud Pak foundational services License Service is already installed on the Red Hat OpenShift cluster that you are installing Infrastructure Automation on.

Note: If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on the same Red Hat OpenShift cluster, then you already installed IBM Cloud Pak foundational services License Service as part of the IBM Cloud Pak for AIOps installation process. If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on different clusters then you must ensure that IBM Cloud Pak foundational services License Service is installed on each cluster.

Infrastructure Automation requires the installation of the IBM Cloud Pak foundational services License Service. You must install the IBM Cloud Pak foundational services License Service on the Red Hat OpenShift cluster that you are installing Infrastructure Automation on.

  1. Run the following command to create the resource definitions that you need:

    cat << EOF | oc apply -f -
    apiVersion: v1
    kind: Namespace
    metadata:
      name: ibm-licensing
    ---
    apiVersion: operators.coreos.com/v1
    kind: OperatorGroup
    metadata:
      name: ibm-licensing-operator-group
      namespace: ibm-licensing
    spec:
      targetNamespaces:
      - ibm-licensing
    ---
    apiVersion: operators.coreos.com/v1alpha1
    kind: Subscription
    metadata:
      name: ibm-licensing-operator-app
      namespace: ibm-licensing
    spec:
      channel: v4.2
      installPlanApproval: Automatic
      name: ibm-licensing-operator-app
      source: ibm-operator-catalog
      sourceNamespace: openshift-marketplace
    EOF
    
  2. Run the following command to ensure that the IBM Cloud Pak foundational services License Server pods have a STATUS of Running before proceeding to the next step.

    oc -n ibm-licensing get pods
    

    Example output for a successful IBM Cloud Pak foundational services License Service installation:

    NAME                                              READY   STATUS    RESTARTS   AGE
    ibm-licensing-operator-db4cd746c-xzmlf            1/1     Running   0          8d
    ibm-licensing-service-instance-596b99588f-76cc5   1/1     Running   0          8d
    

For more information about the IBM Cloud Pak® foundational services License Service, see License Service Opens in a new tab in the IBM Cloud Pak foundational services documentation.

4. Install the Infrastructure Automation operator

For more information about operators, see Adding Operators to a cluster in the Red Hat OpenShift documentation.

  1. Create an OperatorGroup.

    Important: Skip this step if you are installing using the All Namespaces installation mode, and proceed to step 2, Install the Infrastructure Automation operator.

    If you are installing using the OwnNamespace installation mode, then you must create an operator group in your custom project (namespace), or the Infrastructure Automation operator will not install. There might be an operator group for managing a namespace for given APIs. If there is an operator group for the namespace, do not create a second one. For more information, see Operator installation modes.

    Create the operator group by running the following command:

    cat << EOF | oc apply -f -
    apiVersion: operators.coreos.com/v1
    kind: OperatorGroup
    metadata:
      name: cp4aiops-operator-group
      namespace: cp4aiops
    spec:
      targetNamespaces:
        - cp4aiops
    EOF
    
  2. Set an environment variable for the Infrastructure Automation catalog.

    export CATALOG_SRC_IA=<ia_catalog>
    

    Where <ia_catalog> is ibm-operator-catalog for an online deployment, or ibm-infrastructure-automation-operator-catalog for an offline deployment.

  3. Install the Infrastructure Automation operator.

    Run the following command.

    cat << EOF | oc apply -f -
    apiVersion: operators.coreos.com/v1alpha1
    kind: Subscription
    metadata:
      name: ibm-infrastructure-automation-operator
      namespace: cp4aiops
    spec:
      channel: v4.6
      installPlanApproval: Automatic
      name: ibm-infrastructure-automation-operator
      source: ${CATALOG_SRC_IA}
      sourceNamespace: openshift-marketplace
    EOF
    

    Warning: installPlanApproval must not be changed to Manual. Manual approval, which requires the manual review and approval of the generated InstallPlans, is not supported. Incorrect timing or ordering of manual approvals of InstallPlans can result in a failed installation.

After a few minutes, verify that the Infrastructure Automation operator is installed in the cp4aiops project (namespace) with the following command:

oc get pods -n cp4aiops | grep ibm-infrastructure-automation-operator-controller-manager

5. Create Infrastructure Automation custom resource with default values

You can create the Infrastructure Automation custom resource with the default set of values, or customize these values before you create the Infrastructure Automation custom resource.

Customize the default values for the Infrastructure Automation custom resource to modify the default replica count of the pods in Managed services, or to adjust any of the following defaults for Managed services:

Run the following command to create an instance of the Infrastructure Automation custom resource called IAConfig with its default values. With the default values, you can install Managed services.

The list of installation parameters with its default values are listed in Managed services installation parameters page.

cat << EOF | oc apply -f -
kind: IAConfig
apiVersion: aiops.ibm.com/v1alpha1
metadata:
  name: ibm-ia-installer
  namespace: cp4aiops
spec:
  imagePullSecret: ibm-entitlement-key
  infraAutoComposableComponents:
  - enabled: <set to true to install Infrastructure Management component of Infrastructure Automation, false otherwise>
    name: ibm-management-im-install
    spec: {}
  - enabled: <set to true to install Managed services component of Infrastructure Automation, false otherwise>
    name: ibm-management-cam-install
    spec: {}
  license:
    accept: <set true to accept the license>
  storageClass: <Storage Class name that supports RWX>
  storageClassLargeBlock: <Select a storage class with a large block size (for example, 64k)>
EOF

To customize Managed services, you must have your customization parameters under spec.manageservice section.

- enabled: <Set to true to install Managed services component of Infrastructure Automation, false otherwise>
  name: ibm-management-cam-install
  spec:
    manageservice:
      <Set your custom installation parameter values>

The list of install parameters that can be customized along with its default values are listed in Managed services installation parameters page.

Note: This option does not install Infrastructure Management. If you need to install Infrastructure Management, complete the installation of Infrastructure Automation and follow the steps that are listed in Deploying Infrastructure Management.

6. Verify the deployment

After a few minutes, run the following command to verify that your deployment is successful.

oc get iaconfigs.aiops.ibm.com -A

Example output:

NAME               PHASE        VERSION   STORAGECLASS   STORAGECLASSLARGEBLOCK   AGE
ibm-ia-installer   Running      4.6.1     rook-cephfs    rook-ceph-block          8m44s

7. Log in to the IBM Cloud Pak for AIOps console

After you successfully install Infrastructure Automation, get the URL for accessing the Cloud Pak for AIOps console.

  1. Use the following command to get the URL to access the Cloud Pak for AIOps console:

    oc get route -n cp4aiops cpd -o jsonpath={.spec.host}
    

    The following output is a sample output:

    cpd-cp4aiops.apps.mycluster.mydomain
    

    Based on the sample output, your console URL would be https://cpd-cp4aiops.apps.mycluster.mydomain

  2. Enter the URL in your browser to open the Cloud Pak for AIOps console. Log in with your username and password.

Find the IBM Cloud Pak for AIOps console username and password

The default username to access the Cloud Pak for AIOps console is admin. You can check the default username and their password with the following commands.

Note: This information is for the IBM provided credentials (admin only) authentication type.

  1. Find the default username.

    oc -n cp4aiops get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_username}' | base64 -d && echo
    
  2. Get the password for the admin username.

    oc -n cp4aiops get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d
    

    The following extract shows a sample output:

    EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA
    

    Based on the sample output, your password would be EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA.

Important: You can change this default password at any time. For more information, see Changing the cluster administrator password.

8. Deploying Infrastructure Management

For more information about how to deploy Infrastructure Management, see the following topics:

9. Assign user roles and permissions

When you install Infrastructure Automation and deploy Infrastructure Management, you, or an administrator, must add the required Kubernetes permissions to user roles before your users can access and use Infrastructure Automation tools, such as Managed services or the Service catalog. For instance, users that do not have an Administrator role are not able to use the Infrastructure Management Managed services and Service Catalog or create user groups. For more information about how to add permissions to a role, see Managing roles for Infrastructure Automation.

10. Disable usage data collection (optional)

To help the development of Infrastructure Automation - Infrastructure Management, aggregated usage data is collected to analyze how Infrastructure Management is used. The collection of usage data is enabled by default, but can be disabled.

For the data collection, Infrastructure Management uses the existing daily job that is used for audit logging of managed resources and for licensing tracking. This job is extended to collect and send the usage data metrics to IBM. The sent data is then stored in IBM controlled GDPR-compliant systems. The usage data that is collected does not include personal information, passwords, or specific details. Only the following data is collected:

  • The number of virtual machines (VMs), hosts, providers (and provider types), services, and service catalog items that are being used in the Infrastructure Management inventory.
  • Whether Infrastructure Management is deployed as a containerized deployment (podified) or virtual machine appliance.
  • (Stand-alone deployments) The architecture where Infrastructure Management is deployed (Linux x86_64, Linux on Power (ppc64le), Linux® on IBM Z® and LinuxONE (s390x)).

If you want to disable the collection of usage data, run the following command to set enableCollection=false in the secret:

oc create secret generic aiops-metrics-processor -n <PROJECT_NAMESPACE> --from-literal=customerName=<CUSTOMER_NAME> --from-literal=customerICN=<CUSTOMER_ICN --from-literal=environment=<CUSTOMER_ENVIRONMENT> --from-literal=enableCollection=false

Note: You can update your usage data collection preferences after installation.