Online installation of Infrastructure Automation for use with IBM Cloud Pak for AIOps (console)

Follow these steps to use the Red Hat® OpenShift® Container Platform console to complete an online installation of Infrastructure Automation, for use with IBM Cloud Pak® for AIOps. The online installation is deployed in Red Hat® OpenShift® Container Platform.

If you have a license for IBM Cloud Pak for AIOps, you are entitled to install and use Infrastructure Automation. Install IBM Cloud Pak for AIOps before you install Infrastructure Automation.

Before you begin

Installation steps

Follow these steps to install Infrastructure Automation.

  1. Install IBM Cloud Pak for AIOps
  2. Create the catalog source
  3. Install Cert Manager
  4. Install the License Service
  5. Install the Infrastructure Automation operator
  6. Install Infrastructure Automation
  7. Verify the deployment
  8. Log in to the Infrastructure Automation console
  9. Deploying Infrastructure Management
  10. Assign user roles and permissions
  11. Enable usage data collection (optional)

Prerequisites

Allow access to the following sites and ports:

Table 1. Sites and ports that must be accessible
Site Description
icr.io
cp.icr.io
dd0.icr.io
dd2.icr.io
dd4.icr.io
dd6.icr.io		 Allow access to these hosts on port 443 to enable access to the IBM Cloud Container Registry and IBM Cloud Pak® foundational services catalog source.
dd1-icr.ibm-zh.com
dd3-icr.ibm-zh.com
dd5-icr.ibm-zh.com
dd7-icr.ibm-zh.com 		If you are located in China, also allow access to these hosts on port 443.
github.com Github houses IBM Cloud Pak tools and scripts.
redhat.com Red Hat OpenShift registries that are required for Red Hat OpenShift, and for Red Hat OpenShift upgrades.

For more information, see Configuring your firewall for OpenShift Container Platform.

1. Install IBM Cloud Pak for AIOps

It is recommended that you install IBM Cloud Pak for AIOps before you install Infrastructure Automation. IBM Cloud Pak for AIOps and Infrastructure Automation can be deployed on the same Red Hat OpenShift cluster.

Important: IBM Cloud Pak for AIOps and Infrastructure Automation must be installed in the same namespace. Installing IBM Cloud Pak for AIOps and Infrastructure Automation in separate namespaces is not supported.

To install IBM Cloud Pak for AIOps, follow the instructions in Installing IBM Cloud Pak for AIOps.

2. Create the catalog source

Add the Infrastructure Automation catalog source to your Red Hat OpenShift cluster.

After installation, the ibm-operator-catalog CatalogSource object determines whether the upgrade of your Infrastructure Automation deployment is initiated automatically when a new patch becomes available. The ibm-operator-catalog CatalogSource object can be configured to automatically poll for and retrieve a newer catalog by enabling the polling attribute spec.updateStrategy.registryPoll. If a newer catalog for a patch is found and retrieved, then an automatic upgrade of your Infrastructure Automation deployment is initiated. For more information, see Upgrading Infrastructure Automation.

You can disable or re-enable automatic patch upgrade after installation if you change your mind. For more information, see Configuring automatic patch upgrades.

Note: ibm-operator-catalog also contains the catalogs for other IBM Cloud Paks®. If multiple IBM Cloud Paks are installed on your cluster, then the polling attribute is configured for all of them.

Run the steps in Create the catalog source with automatic upgrade disabled or Create the catalog source with automatic upgrade enabled.

Create the catalog source with automatic upgrade disabled

  1. Create the ibm-operator-catalog CatalogSource object without polling enabled.

    Log in to your Red Hat OpenShift cluster's console. Click the plus icon in the upper right to open the Import YAML dialog box, paste in the following YAML, and then click Create.

    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: ibm-operator-catalog
  publisher: IBM Content
  sourceType: grpc
  image: icr.io/cpopen/ibm-operator-catalog:latest

  2. Update the ibm-operator-catalog CatalogSource to fix it to always use the current image digest, instead of icr.io/cpopen/ibm-operator-catalog:latest. This ensures that the ibm-operator-catalog CatalogSource pods do not pull the latest image if a node reload or other issue causes them to restart.

    1. Go to Home > Projects, and select openshift-marketplace.

    2. Go to Workloads > Pods (on the left menu), and then search for ibm-operator-catalog.

    3. Click the returned ibm-operator-catalog-<...> pod.

    4. Click YAML to switch to the YAML view.

    5. Search for imageID in the YAML, and copy down the value of spec.containerStatuses.imageID. The value is in a format similar to the following example:

      icr.io/cpopen/ibm-operator-catalog@sha256:<...>

    6. Go to Administration > Cluster Settings. Under Configuration > OperatorHub > Sources, scroll down and click ibm-operator-catalog.

    7. Click YAML to switch to the YAML view.

    8. Set the value of spec.image to the value of the current image digest that you found in step 2, instead of to icr.io/cpopen/ibm-operator-catalog:latest.

  3. Go to Administration > Cluster Settings. Under Configuration > OperatorHub > Sources, verify that the ibm-operator-catalog CatalogSource object is present.

Create the catalog source with automatic upgrade enabled

  1. Create the ibm-operator-catalog CatalogSource object with polling enabled.

    Log in to your Red Hat OpenShift cluster's console. Click the plus icon in the upper right corner to open the Import YAML dialog box, paste in the following YAML, and then click Create.

    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: ibm-operator-catalog
  publisher: IBM Content
  sourceType: grpc
  image: icr.io/cpopen/ibm-operator-catalog:latest
  updateStrategy:
    registryPoll:
      interval: 45m

  2. Go to Administration > Cluster Settings. Under Configuration > OperatorHub > Sources, verify that the ibm-operator-catalog CatalogSource object is present.

3. Install Cert Manager

Skip this step if you already have a certificate manager installed on the Red Hat OpenShift cluster that you are installing Infrastructure Automation on. If you do not have a certificate manager then you must install one. The IBM Cloud Pak® foundational services Cert Manager is recommended, and can be installed with the following steps.

Note: If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on the same Red Hat OpenShift cluster, then you already installed a certificate manager as part of the IBM Cloud Pak for AIOps installation process. If you are installing Infrastructure Automation and IBM Cloud Pak for AIOps on different clusters, then you must ensure that you have a certificate manager on each cluster.

For more information about IBM Cloud Pak® foundational services Cert Manager hardware requirements, see IBM Certificate Manager (cert-manager) hardware requirements Opens in a new tab in the IBM Cloud Pak foundational services documentation.

  1. Log in to your Red Hat OpenShift cluster's console.

  2. Click Operators > OperatorHub. The OperatorHub page is displayed.

  3. In the All Items field, enter IBM Cert Manager. The IBM Cert Manager operator is displayed.

  4. Click the IBM Cert Manager tile. The IBM Cert Manager window is displayed.

  5. Click Install. You see the Install Operator page.

  6. Set the Update Channel to the v4.2 version. If the Channel `v4.2`` version is not available, click other IBM Cert Manager tile from OperatorHub to install the correct version.

  7. Set Installation Mode to All namespaces on the cluster (default).

  8. Set Installed Namespace to ibm-cert-manager(Operator recommended).

  9. Set Update approval to Automatic.

  10. Click Install.

4. Install the License Service

Skip this step if the IBM Cloud Pak® foundational services License Service is already installed on the Red Hat OpenShift cluster that you are installing IBM Cloud Pak for AIOps on. If you do not know whether the License Service is already installed, then see Verifying if License Service is already installed on the cluster Opens in a new tab in the IBM Cloud Pak foundational services documentation.

IBM Cloud Pak for AIOps requires the installation of the IBM Cloud Pak foundational services License Service. You must install the IBM Cloud Pak foundational services License Service on the Red Hat OpenShift cluster that you are installing IBM Cloud Pak for AIOps on.

Follow the instructions in Installing the License Service with OpenShift console Opens in a new tab in the IBM Cloud Pak foundational services documentation, from step 2 Create the ibm-licensing namespace onwards.

For more information about the IBM Cloud Pak® foundational services License Service, see License Service Opens in a new tab in the IBM Cloud Pak foundational services documentation.

5. Install the Infrastructure Automation operator

For more information about operators, see Adding Operators to a cluster in the Red Hat OpenShift documentation.

  1. Click Operators > OperatorHub. The OperatorHub page is displayed.

  2. In the All Items field, enter IBM Infrastructure Automation. The IBM Infrastructure Automation operator is displayed.

  3. Click the IBM Infrastructure Automation tile. The IBM Infrastructure Automation window is displayed.

  4. Click Install. The Install Operator page is displayed.

  5. Enter the following values:

    • Set Update channel to v4.9.
    • Installation mode - For more information about installation modes, see Operator installation mode.
    • Installed Namespace - If you are using the OwnNamespace installation mode (a specific namespace), then set this field to be the project (namespace) in which to install the operator. If you are using the AllNamespaces installation mode, then set this field to openshift-operators.
    • Set Update approval to Automatic.

    Warning: Update approval must not be changed to Manual. Manual approval, which requires the manual review and approval of the generated InstallPlans, is not supported. Incorrect timing or ordering of manual approvals of InstallPlans can result in a failed installation.

  6. Click Install and wait for the IBM Infrastructure Automation operator to install.

  7. Verify that the IBM Infrastructure Automation operator is successfully installed.

    Navigate to Operators > Installed Operators, and select your project from the Projects dropdown. IBM Infrastructure Automation operator and its dependant operators in the project are listed with a Status of Succeeded.

6. Create Infrastructure Automation custom resource with default values

You can create the Infrastructure Automation custom resource with the default set of values, or customize these values before you create the Infrastructure Automation custom resource.

Customize the default values for the Infrastructure Automation custom resource to modify the default replica count of the pods in Managed services, or to adjust any of the following defaults for Managed services:

The following YAML file creates an instance of the Infrastructure Automation custom resource called IAConfig. The list of installation parameters with its default values are listed in Managed services installation parameters page.

  1. Navigate to Operators > Installed Operators.

  2. Under the Provided APIs section, click IBM Infrastructure Automation.

  3. Click Create IAConfig tab.

  4. Switch to the YAML view and paste the following file:

    kind: IAConfig
apiVersion: aiops.ibm.com/v1alpha1
metadata:
name: ibm-ia-installer
namespace: cp4aiops
spec:
imagePullSecret: ibm-entitlement-key
infraAutoComposableComponents:
- enabled: <set to true to install Infrastructure Management component of Infrastructure Automation, false otherwise>
   name: ibm-management-im-install
   spec: {}
- enabled: <set to true to install Managed services component of Infrastructure Automation, false otherwise>
   name: ibm-management-cam-install
   spec: {}
license:
   accept: <set true to accept the license>
storageClass: <set to the same storageClass that IBM Cloud Pak for AIOps uses>
storageClassLargeBlock: <set to the same storageClassLargeBlock that IBM Cloud Pak for AIOps uses>

    To customize Managed services, you must have your customization parameters under spec.manageservice section.

    - enabled: <Set to true to install Managed services component of Infrastructure Automation, false otherwise>
  name: ibm-management-cam-install
  spec:
    manageservice:
      <Set your custom installation parameter values>

  5. Click Apply.

    Note: This option does not install Infrastructure Management. If you need to install Infrastructure Management, complete the installation of Infrastructure Automation and follow the steps that are listed in Deploying Infrastructure Management..

7. Verify the deployment

After a few minutes, use the following steps to check the status of your installation.

  1. Click Operators > Installed Operators.

  2. From the Project list, select the project (namespace) where Infrastructure Automation is deployed.

  3. Click IBM Infrastructure Automation, then click IBM Infrastructure Automation tab.

  4. Under IAConfigs, look at the entry with the name that you specified in the IAConfigs custom resource (Infrastructure Automation instance), and verify that the Status indicates Phase: Running.

8. Log in to the Infrastructure Automation console

After you successfully install Infrastructure Automation, get the URL for accessing the Infrastructure Automation console.

You can use the Launch Cloud Pak in IBM Automation link to access the Infrastructure Automation console:

  1. Log in to the Red Hat OpenShift Container Platform web console as an administrator.

  2. Click Operators > Installed Operators.

  3. Click IBM Cloud Pak for AIOps.

  4. On the Operator Details page, click the IBM Cloud Pak for AIOps tab, and then click the IBM Cloud Pak for AIOps installation name.

  5. In the Details tab, right-click on the URL underneath Launch Cloud Pak in IBM Automation, and select Open Link in New Tab.

  6. In the Cloud Pak for AIOps console login page, select one of the following login options:

    • OpenShift authentication: The kubeadmin user is automatically used to log in to the Cloud Pak for AIOps console. The kubeadmin user has the same privileges as the Cloud Pak for AIOps console admin user.

    • IBM provided credentials (admin only): The default username to access the console is admin. To obtain the username and password, see Obtain IBM provided credentials (admin only).

    • Enterprise LDAP: LDAP users can log in to the Cloud Pak for AIOps console after IBM Cloud Pak for AIOps is configured with a single or multiple LDAP servers for the authentication and authorization. For more information, see Identity Management (IM).

Obtain IBM provided credentials (admin only)

  1. To find the default username, select the project (namespace) that IBM Cloud Pak for AIOps is deployed, then navigate to Workloads > Secrets. Search the platform-auth-idp-credentials secret name in the search bar. Click platform-auth-idp-credentials to view the secret. You can see the value of username from the admin_username field.

  2. To get the password for the admin username, see the admin_password field in platform-auth-idp-credentials secret.

    The following is a sample output:

    EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA

    Based on the sample output, your password would be EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA.

    Important: You can change this default password at any time. For more information, see Changing the cluster administrator password.

9. Deploying Infrastructure Management

For more information about how to deploy Infrastructure Management, see the following topics:

10. Assign user roles and permissions

When you install Infrastructure Automation and deploy Infrastructure Management, you, or an administrator, must add the required Kubernetes permissions to user roles before your users can access and use Infrastructure Automation tools, such as Managed services or the Service catalog. For instance, users that do not have an Administrator role are not able to use the Infrastructure Management Managed services and Service Catalog or create user groups. For more information about how to add permissions to a role, see Managing roles for Infrastructure Automation.

11. Disable usage data collection (optional)

To help the development of Infrastructure Automation - Infrastructure Management, aggregated usage data is collected to analyze how Infrastructure Management is used. The collection of usage data is enabled by default, but can be disabled.

For the data collection, Infrastructure Management uses the existing daily job that is used for audit logging of managed resources and for licensing tracking. This job is extended to collect and send the usage data metrics to IBM. The sent data is then stored in IBM controlled GDPR-compliant systems. The usage data that is collected does not include personal information, passwords, or specific details. Only the following data is collected:

  • The number of virtual machines (VMs), hosts, providers (and provider types), services, and service catalog items that are being used in the Infrastructure Management inventory.
  • Whether Infrastructure Management is deployed as a containerized deployment (podified) or virtual machine appliance.
  • (Stand-alone deployments) The architecture where Infrastructure Management is deployed (Linux x86_64, Linux on Power (ppc64le), Linux® on IBM Z® and LinuxONE (s390x)).

Configuring the collection of usage data

To configure the collection of usage data, a secret is used, which includes your opt-in details, or your opt-out (disabling) of the data collection. Infrastructure Management uses the same aiops-metrics-processor secret as IBM Cloud Pak for AIOps to configure the opt-in or opt-out details for usage data collection. If you deployed Infrastructure Automation - Infrastructure Management and IBM Cloud Pak for AIOps in the same namespace, you can share this secret for configuring the data collection.

Follow the steps to create the aiops-metrics-processor secret to configure your opt-in details:

  1. From OpenShift Container Platform console, click Workloads > Secrets.

  2. From the Project menu, select the project that you created earlier in Create a custom project (namespace) step.

  3. Click Create > Key/value secret from the menu. The create key/value secret form is displayed.

  4. Enter the following Key/Value pairs:

    • Secret name: name of the secret, for example aiops-metrics-processor.
    • customerName: your company name.
    • customerICN: your IBM Customer Number (ICN).
    • environment: you can choose trial for testing, poc for proof of concept, or production for production environments.

Important: Usage data without your customer details is still collected even if you do not create this secret. If you do not want any usage data collected, then you must disable the collection of usage data.

Disabling the collection of usage data

To disable the collection of usage data, add the key/value pair enableCollection=false in the created secret.

  1. From OpenShift Container Platform console, click Workloads > Secrets.
  2. Click secret name that you created for collection of usage data, for example aiops-metrics-processor.
  3. Add enableCollection as key and false as its value.
  4. Click Save.

Note: You can update your usage data collection preferences after installation.