Online production installation of IBM Cloud Pak for AIOps (console method)

If your cluster is connected to the internet, you can complete a production installation of IBM Cloud Pak® for AIOps with the Red Hat® OpenShift® Container Platform console.

Before you begin

  • You must know whether you are deploying a base deployment or a extended deployment of IBM Cloud Pak for AIOps. For more information, see Incremental adoption.
  • Review the Planning section.
  • Online installations of IBM Cloud Pak for AIOps can be run entirely as a non-root user, and do not require that user to have sudo access.
  • Some steps must still be run with the command line. Ensure that you are logged in to your Red Hat OpenShift cluster with oc login for any steps that use the Red Hat OpenShift command-line interface (CLI).
  • The display names of some Red Hat OpenShift console components, such as window titles and push buttons, vary between Red Hat OpenShift versions. The following instructions are based on Red Hat OpenShift version 4.14 console components.
  • If you require details about the permissions that the IBM Cloud Pak for AIOps operators need, see Permissions (IBM Cloud Pak for AIOps).
  • A user with cluster-admin privileges is needed for the following operations:

Installation procedure

Follow these steps to install IBM Cloud Pak for AIOps.

  1. Install and configure Red Hat OpenShift
  2. Configure storage
  3. Create a custom project (namespace)
  4. Create the entitlement key secret
  5. Configure usage data collection
  6. Create the catalog source
  7. Install Cert Manager
  8. Install the License Service
  9. Verify cluster readiness
  10. Install the operator
  11. Install IBM Cloud Pak for AIOps
  12. Verify your installation
  13. Create an EgressFirewall to restrict outgoing traffic
  14. Access the IBM Cloud Pak for AIOps console

Prerequisites

Allow access to the following sites and ports:

Table 1. Sites and ports that must be accessible
Site Description
icr.io
cp.icr.io
dd0.icr.io
dd2.icr.io
dd4.icr.io
dd6.icr.io
Allow access to these hosts on port 443 to enable access to the IBM Cloud Container Registry and IBM Cloud Pak® foundational services catalog source.
dd1-icr.ibm-zh.com
dd3-icr.ibm-zh.com
dd5-icr.ibm-zh.com
dd7-icr.ibm-zh.com
If you are located in China, also allow access to these hosts on port 443.
github.com Github houses IBM Cloud Pak tools and scripts.
redhat.com Red Hat OpenShift registries that are required for Red Hat OpenShift, and for Red Hat OpenShift upgrades.

For more information, see Configuring your firewall for OpenShift Container Platform.

1. Install and configure Red Hat OpenShift

IBM Cloud Pak for AIOps requires Red Hat OpenShift to be installed and running. You must have administrative access to your Red Hat OpenShift cluster.

For more information about supported versions of Red Hat OpenShift, see Supported Red Hat OpenShift Container Platform versions.

  1. Install Red Hat OpenShift by using the instructions in the Red Hat OpenShift documentation Opens in a new tab.

  2. Install the Red Hat OpenShift command line interface (oc) on your cluster's boot node and run oc login. For more information, see the instructions in Getting started with the Red Hat OpenShift CLI Opens in a new tab.

  3. Ensure that the clocks on your Red Hat OpenShift cluster are synchronized. Each Red Hat OpenShift node in the cluster must have access to an NTP server. Red Hat OpenShift nodes use NTP to synchronize their clocks. IBM Cloud Pak for AIOps runs on Red Hat OpenShift and also has this requirement. Discrepancies between the clocks on the Red Hat OpenShift nodes can cause IBM Cloud Pak for AIOps to experience operational issues. See the Red Hat OpenShift documentation Opens in a new tab for information about how to use a MachineConfig custom resource to configure chrony to connect to your NTP servers.

  4. Optionally configure a custom certificate for IBM Cloud Pak for AIOps to use. You can use either of the following methods:

2. Configure storage

The storage configuration must satisfy your sizing requirements. For more information about the storage classes that are needed for installing IBM Cloud Pak for AIOps, see Storage.

3. Create a custom project (namespace)

Create a project (namespace) to deploy IBM Cloud Pak for AIOps into.

A project is a Kubernetes namespace. You must create a custom project (namespace) and not use the default, kube-system, kube-public, openshift-node, openshift-infra, or openshift projects (namespaces). This is because IBM Cloud Pak for AIOps uses Security Context Constraints (SCC), and SCCs cannot be assigned to pods created in one of the default Red Hat OpenShift projects (namespaces).

  1. From your Red Hat OpenShift console, click Home > Projects.

  2. Select Create Project, specify the Name of the project that you want to create, for example cp4aiops and click Create.

4. Create the entitlement key secret

Complete the following steps to create a registry secret to enable your deployment to pull the IBM Cloud Pak for AIOps images from the IBM® Entitled Registry.

  1. Obtain the entitlement key that is assigned to your IBMid. Log in to MyIBM Container Software Library Opens in a new tab with the IBMid and password details that are associated with the entitled software.

  2. In the Active entitlement keys section, select Copy to copy the entitlement key to the clipboard.

  3. From your Red Hat OpenShift console, click Workloads > Secrets.

  4. From the Project menu, select the project that you created earlier in Create a custom project (namespace).

  5. Click the Create button, and select Image pull secret from the menu. The Create image pull secret form is displayed. Enter the following values and then click Create.

    • Secret name: ibm-entitlement-key
    • Authentication type: Image registry credentials
    • Registry server address: cp.icr.io
    • Username: cp
    • Password: use the entitlement key that you copied in step 2.

5. Configure usage data collection

To help the development of IBM Cloud Pak for AIOps, daily aggregated usage data is collected to analyse how IBM Cloud Pak for AIOps is used. The usage data is collected by the cp4waiops-metricsprocessor pod, and is sent to and stored in IBM controlled GDPR-compliant systems. The collection of usage data is enabled by default, but can be disabled. For transparency, the cp4waiops-metricsprocessor pod's logs contain all the information that is collected. The usage data that is collected is numeric, or is about the deployment type and platform. It does not include email addresses, passwords, or specific details. Only the following data is collected:

  • Current number of applications
  • Current number of alerts (all severities aggregated)
  • Current number of incidents (all priorities aggregated)
  • Current number of policies (includes predefined and user created)
  • Current number of runbooks run since installation
  • Current number of integrations of each type (For example ServiceNow, Instana, Falcon Logscale)
  • Secure tunnel enablement: whether connection (which controls whether you can create a secure tunnel) is enabled in the Installation custom resource
  • Deployment type: base deployment or extended deployment
  • Deployment platform: Red Hat® OpenShift® Container Platform or Linux®

Use the following steps to configure or disable usage data collection.

  1. From your Red Hat OpenShift console, click Workloads > Secrets.

  2. From the Project menu, select the project that you created earlier in Create a custom project (namespace).

  3. Click the Create button, and select Key/value secret from the menu. The Create key/value secret form is displayed. Enter the following values and then click Create.

    • Secret name: aiops-metrics-processor
    • Add the following Key/Value pairs:
      • customerName: your company name
      • customerICN: your IBM Customer Number (ICN)
      • environment: trial for testing, poc for proof of concept, or production for production environments.
    • If you want to disable usage data collection, also add the following key/value pair: enableCollection: false
  4. If you have a firewall enabled, ensure that outbound traffic to https://api.segment.io is allowed.

Important: Usage data without your customer details is still collected even if you do not create this secret. If you do not want any usage data collected, then you must create this secret with enableCollection set to false.

You can update your usage data collection preferences after installation. For more information, see Updating usage data collection preferences.

6. Create the catalog source

Add the IBM Cloud Pak for AIOps catalog source to your Red Hat OpenShift cluster.

After installation, the ibm-operator-catalog CatalogSource object determines whether the upgrade of your IBM Cloud Pak for AIOps deployment is initiated automatically when a new patch becomes available. The ibm-operator-catalog CatalogSource object can be configured to automatically poll for and retrieve a newer catalog by enabling the polling attribute spec.updateStrategy.registryPoll. If a newer catalog for a patch is found and retrieved, then an automatic upgrade of your IBM Cloud Pak for AIOps deployment is initiated. For more information, see Controlling upgrade.

You can disable or re-enable automatic patch upgrade after installation if you change your mind. For more information, see Configuring automatic patch upgrades.

Note: ibm-operator-catalog also contains the catalogs for other IBM Cloud Paks®. If multiple IBM Cloud Paks are installed on your cluster, then the polling attribute is configured for all of them.

Run the steps in Create the catalog source with automatic upgrade disabled or Create the catalog source with automatic upgrade enabled.

Create the catalog source with automatic upgrade disabled

  1. Create the ibm-operator-catalog CatalogSource object without polling enabled.

    Log in to your Red Hat OpenShift cluster's console. Click the plus icon in the upper right to open the Import YAML dialog box, paste in the following YAML, and then click Create.

    apiVersion: operators.coreos.com/v1alpha1
    kind: CatalogSource
    metadata:
      name: ibm-operator-catalog
      namespace: openshift-marketplace
    spec:
      displayName: ibm-operator-catalog
      publisher: IBM Content
      sourceType: grpc
      image: icr.io/cpopen/ibm-operator-catalog:latest
    
  2. Update the ibm-operator-catalog CatalogSource to fix it to always use the current image digest, instead of icr.io/cpopen/ibm-operator-catalog:latest. This ensures that the ibm-operator-catalog CatalogSource pods do not pull the latest image if a node reload or other issue causes them to restart.

    1. Go to Home > Projects, and select openshift-marketplace.

    2. Go to Workloads > Pods (on the left menu), and then search for ibm-operator-catalog.

    3. Click the returned ibm-operator-catalog-<...> pod.

    4. Click YAML to switch to the YAML view.

    5. Search for imageID in the YAML, and copy down the value of spec.containerStatuses.imageID. The value is in a format similar to the following example:

      icr.io/cpopen/ibm-operator-catalog@sha256:<...>
      

    6. Go to Administration > Cluster Settings. Under Configuration > OperatorHub > Sources, scroll down and click ibm-operator-catalog.

    7. Click YAML to switch to the YAML view.

    8. Set the value of spec.image to the value of the current image digest that you found in step 2, instead of to icr.io/cpopen/ibm-operator-catalog:latest.

  3. Go to Administration > Cluster Settings. Under Configuration > OperatorHub > Sources, verify that the ibm-operator-catalog CatalogSource object is present.

Create the catalog source with automatic upgrade enabled

  1. Create the ibm-operator-catalog CatalogSource object with polling enabled.

    Log in to your Red Hat OpenShift cluster's console. Click the plus icon in the upper right corner to open the Import YAML dialog box, paste in the following YAML, and then click Create.

    apiVersion: operators.coreos.com/v1alpha1
    kind: CatalogSource
    metadata:
      name: ibm-operator-catalog
      namespace: openshift-marketplace
    spec:
      displayName: ibm-operator-catalog
      publisher: IBM Content
      sourceType: grpc
      image: icr.io/cpopen/ibm-operator-catalog:latest
      updateStrategy:
        registryPoll:
          interval: 45m
    
  2. Go to Administration > Cluster Settings. Under Configuration > OperatorHub > Sources, verify that the ibm-operator-catalog CatalogSource object is present.

7. Install Cert Manager

Skip this step if you already have a certificate manager installed on the Red Hat OpenShift cluster that you are installing IBM Cloud Pak for AIOps on. If you do not have a certificate manager then you must install one. The IBM Cloud Pak® foundational services Cert Manager is recommended, and can be installed with the following steps.

For more information about IBM Cloud Pak® foundational services Cert Manager hardware requirements, see IBM Certificate Manager (cert-manager) hardware requirements Opens in a new tab in the IBM Cloud Pak foundational services documentation.

  1. Log in to your Red Hat OpenShift cluster's console.

  2. Click Operators > OperatorHub. The OperatorHub page is displayed.

  3. In the All Items field, enter IBM Cert Manager. The IBM Cert Manager operator is displayed.

  4. Click the IBM Cert Manager tile. The IBM Cert Manager window is displayed.

  5. Click Install. You see the Install Operator page.

  6. Set the Update Channel to the v4.2 version. If the Channel v4.2 version is not available, click other IBM Cert Manager tile from OperatorHub to install the correct version.

  7. Set Installation Mode to All namespaces on the cluster (default).

  8. Set Installed Namespace to ibm-cert-manager(Operator recommended).

  9. Set Update approval to Automatic.

  10. Click Install.

8. Install the License Service

Skip this step if the IBM Cloud Pak® foundational services License Service is already installed on the Red Hat OpenShift cluster that you are installing IBM Cloud Pak for AIOps on. If you do not know whether the License Service is already installed, then see Verifying the installation of License Service in OpenShift cluster Opens in a new tab in the IBM Cloud Pak foundational services documentation.

IBM Cloud Pak for AIOps requires the installation of the IBM Cloud Pak foundational services License Service. You must install the IBM Cloud Pak foundational services License Service on the Red Hat OpenShift cluster that you are installing IBM Cloud Pak for AIOps on.

Follow the instructions in Installing the License Service with OpenShift console Opens in a new tab in the IBM Cloud Pak foundational services documentation, from step 2 Create the ibm-licensing namespace onwards.

9. Verify cluster readiness

Run the prerequisite checker script to verify whether your Red Hat OpenShift cluster is correctly set up for a IBM Cloud Pak for AIOps installation.

Download the prerequisite checker script from github.com/IBM Opens in a new tab, and run it with the following command:

./prereq.sh -n <project>

Where <project> is the project that your IBM Cloud Pak for AIOps installation is deployed in.

Example output:

# ./prereq.sh -n cp4aiops

[INFO] Starting IBM Cloud Pak for AIOps prerequisite checker v4.6...

CLI: oc

[INFO] =================================Platform Version Check=================================
[INFO] Checking Platform Type....
[INFO] You are using Openshift Container Platform
[INFO] OCP version 4.15.19 is compatible but only nodes with AMD64 architectures are supported at this time. 
[INFO] =================================Platform Version Check=================================

[INFO] =================================Entitlement Pull Secret=================================
[INFO] Checking if the job 'cp4aiops-entitlement-key-test-job' already exists.
[INFO] The job with name 'cp4aiops-entitlement-key-test-job' was not found, so moving ahead and creating it.
[INFO] Entitlement Secret NOT found. Checking if secret is global pull secret 
[INFO] Creating the job 'cp4aiops-entitlement-key-test-job' 
job.batch/cp4aiops-entitlement-key-test-job created
[INFO] Verifying if the job 'cp4aiops-entitlement-key-test-job' completed successfully..
[INFO] SUCCESS! Entitlement secret is configured correctly. 
job.batch "cp4aiops-entitlement-key-test-job" deleted
[INFO] =================================Entitlement Pull Secret=================================

[INFO] =================================Storage Provider=================================
[INFO] Checking storage providers
[INFO] No IBM Storage Fusion Found... Skipping configuration check.

[INFO] No Portworx StorageClusters found with "Running" or "Online" status. Skipping configuration check for Portworx.
[INFO] Openshift Data Foundation found.
[INFO] No IBM Cloud Storage found... Skipping configuration check for IBM Cloud Storage Check.

Checking Openshift Data Foundation Configuration...
Verifying if Red Hat Openshift Data Foundation pods are in "Running" or "Completed" status
[INFO] Pods in openshift-storage project are "Running" or "Completed"
[WARNING] ocs-storagecluster-ceph-rbd does not exist. 
[INFO] One of more warnings found when checking for Storage Providers.
[INFO] =================================Storage Provider=================================

[INFO] =================================Cert Manager Check=================================
[INFO] Checking for Cert Manager operator

[INFO] Successfully functioning cert-manager found.

CLUSTERSERVICEVERSION             NAMESPACE
ibm-cert-manager-operator.v4.2.6  cicd-bvt

[INFO] =================================Cert Manager Check=================================

[INFO] =================================Licensing Service Operator Check=================================
[INFO] Checking for Licensing Service operator

[INFO] Successfully functioning licensing service operator found.

CLUSTERSERVICEVERSION          NAMESPACE
ibm-licensing-operator.v4.2.6  ibm-licensing

[INFO] =================================Licensing Service Operator Check=================================

[INFO] =================================Small or Large Install Resources=================================
[INFO] Checking for cluster resources

[INFO] ==================================Resource Summary=====================================================
[INFO]                                                                 Nodes               |          vCPU      |          Memory(GB)
[INFO] Small (Non-HA) Base (available/required)                       [  9 / 3 ]              [  72 / 47 ]             [  75 / 123 ]
[INFO]     (+ Log Anomaly Detection & Ticket Analysis)                [  9 / 3 ]              [  72 / 55 ]             [  75 / 136 ]

[INFO] Large (HA) Base (available/required)                           [  9 / 6 ]              [  72 / 130 ]             [  75 / 310 ]
[INFO]     (+ Log Anomaly Detection & Ticket Analysis)                [  9 / 6 ]              [  72 / 156 ]             [  75 / 368 ]
[INFO] ==================================Resource Summary=====================================================
[ERROR] Cluster does not have required resources available to install Cloud Pak for AIOps.

[INFO] =================================Small or Large Install Resources=================================


[INFO] =================================Prerequisite Checker Tool Summary=================================
      [  PASS  ] Platform Version Check 
      [  PASS  ] Entitlement Pull Secret
      [  WARNING  ] Storage Provider
      [  FAIL  ] Small (Non-HA) Base Install Resources
      [  FAIL  ] Large (HA) Base Install Resources
      [  PASS  ] Cert Manager Operator Installed
      [  PASS  ] Licensing Service Operator Installed
[INFO] =================================Prerequisite Checker Tool Summary=================================

10. Install the operator

For more information about installing operators, see Adding Operators Opens in a new tab to a cluster in the Red Hat OpenShift documentation.

For more information about the operators which are installed with IBM Cloud Pak for AIOps, see Operator Details.

  1. Log in to your Red Hat OpenShift cluster's console.

  2. Click Operators > OperatorHub. The OperatorHub page is displayed.

  3. In the All Items field, enter IBM Cloud Pak for AIOps. The IBM Cloud Pak for AIOps operator is displayed.

  4. Click the IBM Cloud Pak for AIOps tile. The IBM Cloud Pak for AIOps window is displayed.

  5. Click Install. The Install Operator page is displayed.

  6. Enter the following values:

    • Set Update channel to v4.6.
    • Installation mode - For more information about installation modes, see Operator installation mode.
    • Installed Namespace - If you are using the OwnNamespace installation mode (a specific namespace), then set this field to be the project (namespace) in which to install the operator, such as cp4aiops. If you are using the AllNamespaces installation mode, then set this field to openshift-operators.
    • Set Update approval to Automatic.

    Warning: Update approval must not be changed to Manual. Manual approval, which requires the manual review and approval of the generated InstallPlans, is not supported. Incorrect timing or ordering of manual approvals of InstallPlans can result in a failed installation.

  7. Click Install and wait for the IBM Cloud Pak for AIOps operator to install.

  8. Verify that the IBM Cloud Pak for AIOps operator is successfully installed.

    Navigate to Operators > Installed Operators, and select your project from the Projects dropdown. IBM Cloud Pak for AIOps and its dependant operators in the project are listed with a Status of Succeeded.

11. Install IBM Cloud Pak for AIOps

Create an instance of the IBM Cloud Pak for AIOps custom resource. A maximum of one IBM Cloud Pak for AIOps custom resource is allowed per cluster.

  1. From your Red Hat OpenShift console, click Operators > Installed Operators.

  2. From the Project dropdown menu, select the project that you want to create the IBM Cloud Pak for AIOps instance in. Use the project that you created earlier in Create a custom project (namespace).

    Note: You cannot use the default, kube-system, kube-public, openshift-node, openshift-infra, or openshift projects. This is because IBM Cloud Pak for AIOps uses Security Context Constraints (SCC), and SCCs cannot be assigned to pods created in one of the default Red Hat OpenShift projects.

  3. Select IBM Cloud Pak for AIOps operator, then click the IBM Cloud Pak for AIOps tab.

  4. Click Create Installation. The default Form View is displayed.

    Warning: The pakModules aiopsFoundation, applicationManager, and aiManager must be enabled. Do not change these values to false.

    Enter the following values:

    • Name: Specify the name that you want your IBM Cloud Pak for AIOps instance to be called, for example ibm-cp-aiops.

    • license: Expand the license section and read the agreement. Toggle the License Acceptance switch to true to accept the license.

    • File Storage Class and Large Block Storage Class are the storage classes that you want to use, as detailed in the following table. For more information about storage, see Storage.

    • Enable Secure Tunnel: Set to true if you want to install Secure Tunnel. For more information about Secure Tunnel, see Secure Tunnel.

    • Image Pull Secret: Select the ibm-entitlement-key secret that you created in the step Create the entitlement key secret.

    • Resource Overrides ConfigMap Do not edit this field unless you have been supplied with a custom ConfigMap by an IBM Sales representative (or Business Partner).

    • Size: Select the size that you require for your IBM Cloud Pak for AIOps installation.

    • Topology resource group terminology: Specify application or service as the terminology to be used for collections of topology resource groups. The default is application.

      Note: To confirm that you have the storage classes for your chosen storage provider as shown in the table, run oc get sc.

Table 1. Storage provider classes
Storage provider File Storage Class Large Block Storage Class
IBM Cloud® ibmc-file-gold-gid ibmc-block-gold
Red Hat® OpenShift® Data Foundation ocs-storagecluster-cephfs ocs-storagecluster-ceph-rbd
IBM Storage Fusion Data Foundation ocs-storagecluster-cephfs ocs-storagecluster-ceph-rbd
IBM Storage Fusion Global Data Platform If you are using IBM Storage Fusion, use ibm-spectrum-scale-sc.
If you are using IBM Storage Fusion HCI System, use ibm-storage-fusion-cp-sc
If you are using IBM Storage Fusion, use ibm-spectrum-scale-sc.
If you are using IBM Storage Fusion HCI System, use ibm-storage-fusion-cp-sc
IBM Storage Scale Container Native ibm-spectrum-scale-sc ibm-spectrum-scale-sc
Portworx px-csi-aiops px-csi-aiops
Portworx (multi-zone HA) px-csi-aiops-mz px-csi-aiops-mz
AWS native storage efs-sc gp3-csi
  1. Configure your deployment to be a base deployment or an extended deployment.

    For more information about these deployment types, see Incremental adoption.

    Your deployment defaults to a base deployment which does not have log anomaly detection and ticket analysis capabilites. If you want a base deployment, then proceed to the next step.

    If you want an extended deployment with log anomaly detection and ticket analysis capabilites, then switch to the YAML view and set the value of enabled to true.

    Example excerpt:

    spec:
      pakModules:
      - enabled: true
        name: logAnomalyDetection
    

    You can update your deployment type after installation. For more information, see Updating the deployment type.

  1. Click Create to create a custom resource that is an instance of IBM Cloud Pak for AIOps.

12. Verify your installation

  1. After a few minutes, use the following steps to check the status of your installation. Click Operators > Installed Operators.

  2. From the Project list, select the project (namespace) that IBM Cloud Pak for AIOps is deployed in.

  3. Select IBM Cloud Pak for AIOps and then click the IBM Cloud Pak for AIOps tab.

  4. Under Installations, look for the entry with the name that you specified for your IBM Cloud Pak for AIOps instance, and verify that it has a Status of Phase: Updating. It takes around 60-90 minutes for the installation to complete (subject to the speed with which images can be pulled). When installation is complete and successful, the Status changes to Phase: Running.

  5. (Optional) If you want to see more detail about the status of the installation's components, select the entry with the name that you specified for your IBM Cloud Pak for AIOps instance, and then switch to the YAML view. Scroll down to the Status section near the end of the YAML. A component's installation is complete and successful when the component has a value of Ready.

    Example YAML:

    status:
      size: small
      customProfileConfigmap: aiops-custom-size-profile
      customProfileValidationStatus: >-
        Custom profile configmap not found, continue installation process without customization
      storageclasslargeblock: rook-ceph-rbd
      componentstatus:
        issueresolutioncore: Ready
        kafka: Ready
        aiopsanalyticsorchestrator: Ready
        aiopsedge: Ready
        tunnel: Ready
        lifecycleservice: Ready
        zenservice: Ready
        flinkcluster: Ready
        cluster: Ready
        elasticsearch: Ready
        aiopsui: Ready
        redissentinel: Ready
        <...>
    

(Optional) You can also download and run a status checker script to see information about the status of your deployment. For more information about how to download and run the script, see github.com/IBMOpens in a new tab.

If the installation fails, or is not complete and is not progressing, then see Troubleshooting installation and upgrade and Known Issues to help you identify any installation problems

13. Create an EgressFirewall

There is no egress firewall policy defined when you install IBM Cloud Pak for AIOps, so outgoing traffic from workload pods to the internal and external network is unrestricted.

To create a more secure environment, use the following steps.

  1. Create an EgressFirewall on your Red Hat OpenShift cluster to limit egress from the IBM Cloud Pak for AIOps project (namespace).

    For more information about creating an EgressFirewall, see Configuring an egress firewall for a projectOpens in a new tab.

    Note: You can only have one EgressFirewall per project/namespace.

  2. Configure exceptions to the EgressFirewall.

    Edit your EgressFirewall to add exceptions for the following IBM Cloud Pak for AIOps components that have egress dependencies, otherwise these IBM Cloud Pak for AIOps components fail when they attempt egress.

    1. Allow egress to any external services, such as the following integrations:
      • Kubernetes
      • GitHub
      • Microsoft® Teams
      • ServiceNow
      • Slack
      • VMware® vCenter
    2. Configure your EgressFirewall to allow traffic for your GitHub, Kubernetes, ServiceNow, and VMware vCenter integrations.

      Edit your EgressFirewall to allow or deny egress, as in the following example:

      kind: EgressFirewall
      metadata:
        name: default
      spec:
        egress:
        - type: Allow
          to:
            cidrSelector: <1.2.3.0/24>
        - type: Allow
          to:
            dnsName: <www.github.com>
        - type: Allow
          to:
            dnsName: <www.developer.kubernetes.com>
        - type: Allow
          to:
            dnsName: <www.developer.servicenow.com>
        - type: Allow
          to:
            dnsName: <www.developer.vcenter.com>
        - type: Deny
          to:
            cidrSelector: <0.0.0.0/0>
      

      Where the values you enter for dnsName and cidrSelector are the DNS names and addresses of your GitHub, Kubernetes, ServiceNow, or VMware vCenter sources.

14. Access the IBM Cloud Pak for AIOps UI

After you successfully install IBM Cloud Pak for AIOps, you can use the IBM Cloud Pak Administration panel to manage the underlying deployment, or use the IBM Cloud Pak for AIOps console to use IBM Cloud Pak for AIOps.

IBM Cloud Pak Administration panel

You can use the Launch Admin Hub link to access the IBM Cloud Pak Administration panel:

  1. Log in to the Red Hat OpenShift Container Platform web console as an administrator.

  2. Click Operators > Installed Operators.

  3. Click IBM Cloud Pak for AIOps.

  4. On the Operator Details page, click the IBM Cloud Pak for AIOps tab, and then click the IBM Cloud Pak for AIOps installation name.

  5. In the Details tab, right-click on the URL underneath Launch Admin Hub, and select Open Link in New Tab.

  6. On the IBM Cloud Pak Administration panel login page, select one of the following login options:

    • OpenShift authentication: The kubeadmin user is automatically used to log in to the Administration panel. The kubeadmin user has the same privileges as the Administration panel admin user.
    • IBM provided credentials (admin only): The default username to access the console is admin. To obtain the username and password, see Obtain IBM provided credentials (admin only).

Cloud Pak for AIOps console

You can use the Launch Cloud Pak in IBM Automation link to access the Cloud Pak for AIOps console:

  1. Log in to the Red Hat OpenShift Container Platform web console as an administrator.

  2. Click Operators > Installed Operators.

  3. Click IBM Cloud Pak for AIOps.

  4. On the Operator Details page, click the IBM Cloud Pak for AIOps tab, and then click the IBM Cloud Pak for AIOps installation name.

  5. In the Details tab, right-click on the URL underneath Launch Cloud Pak in IBM Automation, and select Open Link in New Tab.

  6. In the Cloud Pak for AIOps console login page, select one of the following login options:

    • OpenShift authentication: The kubeadmin user is automatically used to log in to the Cloud Pak for AIOps console. The kubeadmin user has the same privileges as the Cloud Pak for AIOps console admin user.

    • IBM provided credentials (admin only): The default username to access the console is admin. To obtain the username and password, see Obtain IBM provided credentials (admin only).

    • Enterprise LDAP: LDAP users can log in to the Cloud Pak for AIOps console after IBM Cloud Pak for AIOps is configured with a single or multiple LDAP servers for the authentication and authorization. For more information, see Identity Management (IM).

Obtain IBM provided credentials (admin only)

  1. To find the default username, run the following command:

    oc -n <project> get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_username}' | base64 -d && echo
    

    Where <project> is the project (namespace) that IBM Cloud Pak for AIOps is deployed in.

  2. To get the password for the admin username, run the following command:

    oc -n <project> get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d
    

    Where <project> is the project (namespace) that IBM Cloud Pak for AIOps is deployed in.

    The following is a sample output:

    EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA
    

    Based on the sample output, your password would be EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA.

    Important: You can change this default password at any time. For more information, see Changing the cluster administrator password.

What to do next

  • Define integrations and applications with Defining.
  • You can install and integrate with IBM Cognos® Analytics. For more information, see Installing IBM Cognos Analytics.
  • If you have an existing on-premises IBM Tivoli Netcool/OMNIbus deployment, then you can connect it to IBM Cloud Pak for AIOps through an integration. For more information, see Creating IBM Tivoli Netcool/OMNIbus integrations.
  • If you have an existing on-premises IBM Tivoli Netcool/Impact deployment, then you can connect it to IBM Cloud Pak for AIOps through an integration. For more information, see Creating IBM Tivoli Netcool/Impact integrations.
  • Familiarize yourself with backup and restore procedures. It is recommended that you take regular backups of your IBM Cloud Pak for AIOps deployment. For more information, see Backup and restore.
  • For more information about health checks and monitoring, see Health checks and monitoring.