Installing IBM Cloud Pak for AIOps on AWS GovCloud

If you are installing IBM Cloud Pak® for AIOps on AWS GovCloud, then you must complete some additional steps before you rejoin the main installation procedure for installing IBM Cloud Pak for AIOps on Red Hat® OpenShift® Container Platform.

Getting Started with IBM Cloud Pak for AIOps and AWS Marketplace

When you purchase IBM Cloud Pak for AIOps through the Amazon Web Services (AWS) Marketplace, IBM begins processing your order immediately. To complete your deployment, use the following steps:

  • Obtain your IBM Cloud Pak for AIOps entitlement key by following the prompts that are provided in the Order Processed Successfully email that you received from IBM. The entitlement key is needed to install IBM Cloud Pak for AIOps.

  • Obtain your Red Hat® OpenShift® Container Platform entitlement by following the prompts that are provided in the ACTION NEEDED: Your Red Hat Account Update email that you received from IBM, or in the Your Red Hat order has been processed email that you received from Red Hat. The sender and content of this email depends on the product purchased.

  • Review the information about enabling FIPS compliance for IBM Cloud Pak for AIOps: Federal Information Processing Standards (FIPS).

  • Review the storage requirements for IBM Cloud Pak for AIOps: Hardware requirements - Storage.

  • Review the information about viewing your audit logs: Audit logging. Audit logging is a FISMA requirement. When you complete your deployment, audit logging is configured and enabled by default.

Before you begin

Ensure that you meet the following prerequisites:

  • You have an AWS GovCloud account.
  • You have a Red Hat subscription.
  • You have a Portworx account and license. The following steps are tested with, and require, Portworx storage. If needed, register for a Portworx account.
  • Ensure that your environment meets the prerequisites for AWS GovCloud.

Installation procedure

Follow these steps to install IBM Cloud Pak for AIOps on AWS GovCloud:

  1. Create a Red Hat OpenShift Container Platform cluster on AWS GovCloud
  2. Configure storage
  3. Install IBM Cloud Pak for AIOps

1. Create a Red Hat OpenShift cluster on AWS GovCloud

To create your Red Hat OpenShift cluster, follow the instructions in the Red Hat OpenShift documentation for Installing a Cluster on AWS into a Government Region.

These steps include provisioning a Virtual Private Cloud (VPC) in your AWS account that conforms to the requirements for Red Hat OpenShift Container Platform.

Important:

2. Configure storage

Portworx is the tested and supported storage option for installing IBM Cloud Pak for AIOps on AWS GovCloud.

2.1 Configure the Portworx services spec

  1. Log in to your Portworx account. Select to use the Portworx Enterprise edition. Then, click Next.

  2. On the Spec Generator - Enterprise page, enter or select the following settings for your storage:

    1. Select the checkbox for Use the Portworx Operator.
    2. Select 2.10 or higher for the Portworx Version.
    3. Select the Built-in radio button for ETCD. Click Next.
    4. Select the Cloud radio button. Then, select AWS for Cloud Platform.
    5. Select the type of disk: Create Using a Spec
    6. Select the EBS volume type: GP2, Size (GB): 2000. Click Next.
    7. Click Next to skip the Network configuration page.
    8. On the Customize page, select OpenShift 4+. Click Finish.
    9. Click Agree to accept the license agreement.
    10. Choose your own values to enter under the Spec Name and Spec Tags fields. Then, click Save Spec.
  3. From the Spec List page, find your Spec name and expand the Actions column menu and select Copy to Clipboard. Save the kubectl command, which is needed later.

2.2 Configure the AWS infrastructure for Portworx storage

  1. Edit the Inbound Rules for both your master and worker nodes to allow for Network File System (NFS).

    1. Log in to the AWS EC2 Console.
    2. Under EC2, select Instances. Click an Instance ID for one of your worker nodes.
    3. Click the Security tab, and click the Security Group Name for the node.
    4. Click Edit Inbound Rules. Scroll to the bottom, and click Add Rule.
    5. Update the following settings for the rule:
      • Expand the first drop-down menu, and change the setting from Custom TCP to All TCP.
      • In the CIDR blocks Source field, enter 10.0.0.0/8.
      • For the ports, open the following ports: 111, 2049, 20048, 17001-17020, 27017.
      • If you encounter issues during the installation, considering opening all inbound ports from 10.0.0.0/8.
    6. Click Save rules.
    7. Repeat the preceding steps for your other nodes.
  2. Create your Portworx policy in the AWS Identity and Access Management (IAM) tool.

    1. Go to IAM > Access management > Policies.

    2. Choose Create policy.

    3. Choose the JSON tab.

    4. Replace all the text with the following content:

      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Sid": "PortworxPolicy",
            "Effect": "Allow",
            "Action": [
              "ec2:AttachVolume",
              "ec2:ModifyVolume",
              "ec2:DetachVolume",
              "ec2:CreateTags",
              "ec2:CreateVolume",
              "ec2:DeleteTags",
              "ec2:DeleteVolume",
              "ec2:DescribeTags",
              "ec2:DescribeVolumeAttribute",
              "ec2:DescribeVolumesModifications",
              "ec2:DescribeVolumeStatus",
              "ec2:DescribeVolumes",
              "ec2:DescribeInstances",
              "autoscaling:DescribeAutoScalingGroups"
            ],
          "Resource": [
            "*"
          ]
        }
      ]
      }
      
    5. Click Next: Tags. Then, click Next: Review.

    6. Enter the name for your new policy. Then, click Create policy.

  3. Attach the policy.

    1. Go to IAM > Roles.
    2. Click the worker-role name for your cluster.
    3. Click Attach policy. Search for, and select, the policy that you created. Then, select to attach the policy.

2.3 Install the Portworx operator from Red Hat OpenShift Container Platform

  1. Open the Red Hat OpenShift Container Platform console for your AWS GovCloud cluster.
  2. Go to Operators > OperatorHub.
  3. Search for Portworx Enterprise. Then, click Install > Install.
  4. Portworx Enterprise is now be listed under Installed Operators.

2.4. Configure the Portworx operator

  1. Import the Spec from Portworx.

    1. Run oc login to log in to your AWS GovCloud cluster.
    2. Run kubectl apply -f <command> where <command> is the command that you saved earlier from the Portworx console.
  2. Verify that Portworx Enterprise shows as one of the Installed Operators in Project: kube-system. Click Portworx Enterprise tile.

    In the Storage Cluster tab, you can see the storage cluster initialization. Wait until the Status is Phase: Online.

  3. Create the Portworx storage classes. Follow the Define a custom Portworx storage class instructions in Installing recommended storage providers and configuring storage classes: Portworx.

3. Install IBM Cloud Pak for AIOps

You are now ready to install IBM Cloud Pak for AIOps.

Follow the procedure for installing IBM Cloud Pak for AIOps from step 3 in one of the following topics, according to your requirements: