Installing IBM Cloud Pak for AIOps on Red Hat OpenShift Service on AWS (ROSA)

If you are installing IBM Cloud Pak® for AIOps on Red Hat OpenShift Service on AWS (ROSA), then you must complete some additional steps before you rejoin the main installation procedure for installing IBM Cloud Pak for AIOps on Red Hat® OpenShift® Container Platform.

Before you begin

Ensure that you meet the following prerequisites:

  • You have an AWS account.
  • You have a Red Hat subscription.
  • Ensure that your environment meets the prerequisites for Red Hat OpenShift Service on AWS.

Installation procedure

Follow these steps to install IBM Cloud Pak for AIOps on Red Hat OpenShift Service on AWS

  1. Configure AWS and Red Hat access
  2. Create a Red Hat OpenShift Service on AWS Red Hat OpenShift Container Platform cluster
  3. Configure storage
  4. Install IBM Cloud Pak for AIOps

1. Configure AWS and Red Hat access

  1. Log in to the AWS console to verify that you have access to the console. If needed, the Login page provides a link to register for an account.

  2. From the AWS console, deploy Red Hat OpenShift Container Platform into a VPC within your AWS environment if it is not already deployed. For more information see Red Hat OpenShift Service on AWS quickstart guide.

  3. Log in to the Red Hat console to verify that you have access to the console. If needed, the Login page provides a link to register for an account.

  4. Retrieve your Red Hat Red Hat OpenShift Cluster Manager API Token by entering the following URL:

  5. Configure the ROSA CLI to work with your AWS account. For more information, see Install and configure the latest ROSA CLI.

  6. (Optional) Create a test cluster to validate your environment configuration

    1. Log in to Red Hat OpenShift Service on AWS.

      rosa login --token="<token>"
      
    2. Configure your AWS account to allow a IAM (non-STS) ROSA cluster.

      rosa init
      
    3. Create the test cluster.

      rosa create cluster --cluster-name=mytest
      

      During the cluster creation, you can review the installation logs to watch the progress.

      rosa logs install -c mytest --watch
      
    4. After the installation completes, list the cluster and note the cluster ID.

      rosa list clusters
      
    5. Describe your cluster using the cluster ID.

      rosa describe cluster -c 1ab23de4fghijk5lmno6p78q9r1stu2v
      
    6. Add an identity provider.

      rosa create idp --cluster 1ab23de4fghijk5lmno6p78q9r1stu2v --interactive
      

      You need to use the noninteractive mode and get some constant values to use

    7. Create your initial admin account.

      rosa create admin --cluster=1ab23de4fghijk5lmno6p78q9r1stu2v
      
    8. Log in to your test cluster by using the admin and password.

      oc login https://api.jgtest01.dj5a.p1.openshiftapps.com:6443 --username cluster-admin --password XXXXXX
      

      If your login is successful, your test cluster is working and your environment is configured.

    9. Clean up and delete the test cluster to proceed with creating your main cluster.

      rosa delete cluster -c 1ab23de4fghijk5lmno6p78q9r1stu2v
      

2. Create a Red Hat OpenShift Service on AWS Red Hat OpenShift Container Platform cluster

  1. Log in to the Red Hat OpenShift Service on AWS CLI.

    rosa login
    

    Log in to the site https://cloud.redhat.com/openshift/token/rosa to retrieve your token. Then, copy and paste the token into the CLI prompt.

  2. Create your cluster.

    rosa create cluster --cluster-name=<myclustername> --compute-machine-type=m5.8xlarge  --compute-nodes=<Number of Compute Nodes>  --version <Red Hat OpenShift_version>
    

    Example:

    rosa create cluster --cluster-name=cluster-test1  --compute-machine-type=m5.8xlarge  --compute-nodes=6 --version 4.16
    
  3. After your cluster is ready, create your cluster administrator account.

    1. Run the following command:

      rosa create admin -c <myclustername>
      

      Important: Record the admin username (cluster-admin) and password for future use.

    2. Run the oc login command with the cluster administrator credentials.

  4. Verify that all nodes are in Ready state before proceeding. Your cluster may take 40+ minutes to create and for you to be able to successfully log in with the 'oc login' command.

    1. Run the following command:

      oc get nodes
      
    2. Run the following command:

      rosa describe cluster -c <myclustername>

      Record the console URL for the Red Hat OpenShift Console and the Details Page for viewing the cluster details.

    3. Verify that you can access the Red Hat OpenShift console by logging in to the provided Red Hat OpenShift console URL using the cluster-admin role and credentials.

3. Configure storage

AWS native storage and Portworx are tested and supported storage options for installing IBM Cloud Pak for AIOps on ROSA. Use the following instructions to configure AWS native storage or Portworx as your storage solution.

Note: Storage classes and storage providers cannot be changed after you install IBM Cloud Pak for AIOps. OADP backup and restore requires that a ReadWriteMany (RWX) storage class must be provided. If OADP backup and restore is not needed, a ReadWriteOnce (RWO) storage class can be provided as the RWX-storage-class-name in the installation instance CR YAML file. This configuration cannot be changed after IBM Cloud Pak for AIOps is installed.

AWS native storage

The AWS native storage class that is required by IBM Cloud Pak for AIOps is gp3-csi. If you want to use OADP backup and restore, the efs-sc AWS native storage class is required. Storage class configuration cannot be changed after installing IBM Cloud Pak for AIOps.

Amazon Elastic Block Store (EBS) provides block storage. The storage class is gp3-csi, and is created when ROSA is installed.

Amazon Elastic File System (EFS) provides file storage. The storage class is efs-sc, and you must create it. For more information, see Setting up the AWS EFS CSI Driver Operator and Creating the AWS EFS storage class in the Red Hat OpenShift documentation. You can also review the information in the Red Hat article Enabling the AWS EFS CSI Driver Operator on ROSA.

Portworx

To use Portworx for storage you must have a Portworx account and license. If needed, register for a Portworx account.

3.1 Configure the Portworx services spec

  1. Log in to your Portworx account. Select to use the Portworx Enterprise edition. Then, click Next.

  2. On the Spec Generator - Enterprise page, enter or select the following settings for your storage:

    1. Select the checkbox for Use the Portworx Operator.
    2. Select 2.10 or higher for the Portworx Version.
    3. Select the Built-in radio button for ETCD. Click Next.
    4. Select the Cloud radio button. Then, select AWS for Cloud Platform.
    5. Select the type of disk: Create Using a Spec
    6. Select the EBS volume type: GP2, Size (GB): 2000.  Click Next.
    7. Click Next to skip the Network configuration page.
    8. On the Customize page, select OpenShift 4+. Click Finish.
    9. Click Agree to accept the license agreement.
    10. Choose your own values to enter under the Spec Name and Spec Tags fields. Then, click Save Spec.
  3. From Spec List page, find your Spec name and expand the Actions column menu and select Copy to Clipboard. Save the kubectl command. You use this command later.

3.2 Configure the AWS infrastructure for Portworx storage

  1. Edit the Inbound Rules for both your master and worker nodes to allow for Network File System (NFS).

    1. Log in to the AWS EC2 Console.
    2. Under EC2, select Instances. Click an Instance ID for one of your worker nodes.
    3. Click the Security tab, and click the Security Group Name for the node.
    4. Click Edit Inbound Rules. Scroll to the bottom, and click Add Rule.
    5. Update the following settings for the rule:
      • Expand the first drop-down menu, and change the setting from Custom TCP to All TCP.
      • In the CIDR blocks Source field, enter 10.0.0.0/8.
      • For the ports, open the following ports: 111, 2049, 20048, 17001-17020, 27017.
      • If you encounter issues during the installation, considering opening all inbound ports from 10.0.0.0/8.
    6. Click Save rules.
    7. Repeat the above steps for your other nodes.
  2. Create your Portworx policy in the AWS Identity and Access Management (IAM) tool.

    1. Go to IAM > Access management > Policies.

    2. Choose Create policy.

    3. Choose the JSON tab.

    4. Replace all the text with the following content:

      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Sid": "PortworxPolicy",
            "Effect": "Allow",
            "Action": [
              "ec2:AttachVolume",
              "ec2:ModifyVolume",
              "ec2:DetachVolume",
              "ec2:CreateTags",
              "ec2:CreateVolume",
              "ec2:DeleteTags",
              "ec2:DeleteVolume",
              "ec2:DescribeTags",
              "ec2:DescribeVolumeAttribute",
              "ec2:DescribeVolumesModifications",
              "ec2:DescribeVolumeStatus",
              "ec2:DescribeVolumes",
              "ec2:DescribeInstances",
              "autoscaling:DescribeAutoScalingGroups"
            ],
          "Resource": [
            "*"
          ]
        }
      ]
      }
      
    5. Click Next: Tags. Then, click Next: Review.

    6. Enter the name for your new policy. Then, click Create policy.

  3. Attach the policy.

    1. Go to IAM > Roles.
    2. Click the worker-role name for your cluster.
    3. Click Attach policy. Search for, and select, the policy that you created. Then, select to attach the policy.

3.3 Install the Portworx operator from Red Hat OpenShift Container Platform

  1. Open the Red Hat OpenShift Container Platform console for your Red Hat OpenShift Service on AWS cluster.
  2. Go to Operators > OperatorHub.
  3. Search for Portworx Enterprise. Then, click Install > Install.
  4. Portworx Enterprise is now be listed under Installed Operators.

3.4 Configure the Portworx operator

  1. Import the Spec from Portworx.

    1. Run oc login to log in to your Red Hat OpenShift Service on AWS cluster.
    2. Run kubectl apply -f <command> where <command> is the command that you saved earlier from the Portworx console.
  2. Verify that Portworx Enterprise shows as one of the Installed Operators in Project: kube-system. Click Portworx Enterprise tile.

    In the Storage Cluster tab, you can see the storage cluster being initialized. Wait until Status is Phase: Online.

  3. Create the Portworx storage classes. Follow the Define a custom Portworx storage class instructions in Installing recommended storage providers and configuring storage classes: Portworx.

4. Install IBM Cloud Pak for AIOps

You are now ready to install IBM Cloud Pak for AIOps.

Follow the procedure for installing IBM Cloud Pak for AIOps from step 3 in one of the following topics, according to your requirements:

Deleting the Red Hat OpenShift Service on AWS cluster

If you no longer require your Red Hat OpenShift Service on AWS cluster, you can remove it with the following steps.

  1. Run oc login to log in to your Red Hat OpenShift Service on AWS cluster.

  2. Run the following command to delete the cluster:

    rosa delete cluster -c <clustername> --watch
    
  3. Run the following command to verify that the cluster is deleted:

    rosa list clusters
    

    Ensure that your cluster no longer is listed.

  4. Delete any Identity and Access Management (IAM) policies for the cluster.