Online starter installation of IBM Cloud Pak for Watson AIOps AI Manager (CLI)

If you are a trial user of IBM Cloud Pak® for Watson AIOps AI Manager, or you want a proof-of-concept deployment that does not require a sustained workload, consider a starter installation to get a smaller, nonproduction deployment up and running quickly.

If you require a production-grade deployment, or an offline air-gapped deployment, see Installing IBM Cloud Pak for Watson AIOps AI Manager.

Before you begin

You must provision a cluster that meets the following requirements.

Red Hat® OpenShift® Container Platform requires a user with admin privileges to Create a custom project, and a user with cluster-admin privileges for the following operations:

If you require details about the permissions that are required by the AI Manager operators, see Permissions (AI Manager).

Limitations

1. Install Red Hat OpenShift Container Platform

For more information about the supported OpenShift versions, see Supported Red Hat OpenShift Container Platform versions.

Install OpenShift by using the instructions in Installing Red Hat OpenShift Container Platform Opens in a new tab.

2. Install the OpenShift CLI

Install the OpenShift (oc) command-line interface (CLI) on your cluster's boot node by using the instructions in Getting started with the OpenShift CLI Opens in a new tab, and then run oc login.

3. Configure storage

You must configure your own storage for use with AI Manager. For more information, see Storage considerations.

4. Create a custom project (namespace)

Create a project (namespace) called cp4waiops for your AI Manager deployment, by running the following command:

oc create namespace cp4waiops

5. Create an OperatorGroup in your custom project (namespace)

Create the Operator group by running the following command:

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: cp4waiops-operator-group
  namespace: cp4waiops
spec:
  targetNamespaces:
    - cp4waiops
EOF

6. Create the entitlement key pull secret

  1. Log in to MyIBM Container Software Library Opens in a new tab with the IBMid and password details that are associated with the entitled software.

  2. In the Entitlement keys section, select Copy key to copy your entitlement key to the clipboard.

  3. From the OpenShift CLI, run the following command:

    oc create secret docker-registry ibm-entitlement-key \
        --docker-username=cp\
        --docker-password=<entitlement-key> \
        --docker-server=cp.icr.io \
        --namespace=cp4waiops
    

    Where <entitlement-key> is the entitlement key that you copied in the previous step.

7. Ensure external traffic access to AI Manager

Run the following command to update endpointPublishingStrategy.type in your ingresscontroller if it is set to HostNetwork, to allow traffic.

if [ $(oc get ingresscontroller default -n openshift-ingress-operator -o jsonpath='{.status.endpointPublishingStrategy.type}') = "HostNetwork" ]; then oc patch namespace default --type=json -p '[{"op":"add","path":"/metadata/labels","value":{"network.openshift.io/policy-group":"ingress"}}]'; fi

8. Create the catalog source

Run the following command:

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: ibm-operator-catalog
  publisher: IBM Content
  sourceType: grpc
  image: icr.io/cpopen/ibm-operator-catalog:latest
EOF

9. Verify cluster readiness

Run the prerequisite checker script to verify whether your OpenShift cluster is correctly set up for an AI Manager installation. For more information about the script, and how to download and run it, see github.com/IBM Opens in a new tab.

10. Install the AI Manager operator

Run the following command:

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: ibm-aiops-orchestrator
  namespace: cp4waiops
spec:
  channel: v3.3
  installPlanApproval: Automatic
  name: ibm-aiops-orchestrator
  source: ibm-operator-catalog
  sourceNamespace: openshift-marketplace
EOF

Warning: installPlanApproval must not be changed to Manual. Manual approval, which requires the manual review and approval of the generated InstallPlans, is not supported. Incorrect timing or ordering of manual approvals of InstallPlans can result in a failed installation.

After a few minutes, verify that the AI Manager operator is installed in the cp4waiops project (namespace) with the following command:

oc get pods -n cp4waiops | grep ibm-aiops-orchestrator

11. Install AI Manager

  1. Run the following command to create an instance of the AI Manager custom resource called ibm-cp-watson-aiops.

    cat << EOF | oc apply -f -
    apiVersion: orchestrator.aiops.ibm.com/v1alpha1
    kind: Installation
    metadata:
      name: ibm-cp-watson-aiops
      namespace: cp4waiops
    spec:
      imagePullSecret: ibm-entitlement-key
      license:
        accept: <license_acceptance>
      pakModules:
      - name: aiopsFoundation
        enabled: true
      - name: applicationManager
        enabled: true
      - name: aiManager
        enabled: true
      - name: connection
        enabled: false
      size: small
      storageClass: <storage_class_name>
      storageClassLargeBlock: <large_block_storage_class_name>
    EOF
    

    Where

    • <license_acceptance> - is set to true to agree to the license terms.
    • <storage_class_name> is the storage class that you want to use. If the storage provider for your deployment is Red Hat OpenShift Data Foundation, previously called Red Hat OpenShift Container Storage, then set this value to ocs-storagecluster-cephfs. For more information, see Storage considerations.
    • <large_block_storage_class_name> If the storage provider for your deployment is Red Hat OpenShift Data Foundation, previously called Red Hat OpenShift Container Storage, then set this value to ocs-storagecluster-ceph-rbd. For more information, see Storage considerations.

    Warning: The pakModules aiopsFoundation, applicationManager, and aiManager must be enabled as in the preceding YAML. Do not change these values to false.

  2. After a few minutes, run the following command to verify that your deployment is successful.

    oc get installations.orchestrator.aiops.ibm.com -A && echo "" &&  oc get ircore,AIOpsAnalyticsOrchestrator -A -o custom-columns="KIND:kind,NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.conditions[?(@.type==\"Ready\")].reason" && echo "" && oc get lifecycleservice -A -o custom-columns="KIND:kind,NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.conditions[?(@.type==\"Lifecycle Service Ready\")].reason" && echo "" && oc get BaseUI -A -o custom-columns="KIND:kind,NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.conditions[?(@.type==\"Ready\")].reason" && echo "" && oc get AIManager,aiopsedge,asm -A -o custom-columns="KIND:kind,NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.phase"
    

    Verify that the STATUS and PHASE of your deployment artifacts are the same as those in the following example output.

    Example output:

    NAMESPACE   NAME        PHASE     LICENSE    STORAGECLASS                STORAGECLASSLARGEBLOCK      AGE
    cp4waiops   ibm-aiops   Running   Accepted   ocs-storagecluster-cephfs   ocs-storagecluster-cephfs   34d
    
    KIND                         NAMESPACE   NAME    STATUS
    IssueResolutionCore          cp4waiops   aiops   Ready
    AIOpsAnalyticsOrchestrator   cp4waiops   aiops   Ready
    
    KIND               NAMESPACE   NAME        STATUS
    LifecycleService   aiops       cp4waiops   LifecycleService ready
    
    KIND     NAMESPACE   NAME              STATUS
    BaseUI   cp4waiops   baseui-instance   Ready
    
    KIND        NAMESPACE   NAME             STATUS
    AIManager   cp4waiops   aimanager        Completed
    AIOpsEdge   cp4waiops   aiopsedge        Configured
    ASM         cp4waiops   aiops-topology   OK
    

    Note: The values output for STORAGECLASS and STORGECLASSLARGEBLOCK are what you selected at installation time, and might differ from the values shown in the example output.

    If the STATUS and PHASE of your deployment artifacts does not match the example output, see Troubleshooting installation to help you identify any installation problems.

    Alternatively, you can download and run a status checker script to verify that your deployment is successful. For more information, see github.com/IBM Opens in a new tab.

12. Log in to the AI Manager console

  1. Find the password for the admin username by running the following command:

    oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d
    
  2. Find the URL to access the AI Manager console with the following command.

    oc get route -n cp4waiops cpd -o jsonpath='{.spec.host}'
    

    The following output is a sample output:

    cpd-cp4waiops.apps.test.cp.os.example.com
    

    Based on the sample output, your console URL would be https://cpd-cp4waiops.apps.test.cp.os.example.com

  3. Enter the URL in your browser to open the AI Manager console and log in with a username of admin and the password that you found in the previous step.

13. Configure signed certificates for NGINX

A signed certificate is needed on the NGNIX pods for the Slack and Teams integrations. The AutomationUIConfig instance controls the certificates and the NGINX pods that use them. Run the following commands to patch the AutomationUIConfig instance with a new secret that contains the AI Manager ingress certificate, and then restart the NGINX pods.

NAMESPACE=<project>

AUTO_UI_INSTANCE=$(oc get AutomationUIConfig -n $NAMESPACE --no-headers -o custom-columns=":metadata.name")

ingress_pod=$(oc get secrets -n openshift-ingress | grep tls | grep -v router-metrics-certs-default | awk '{print $1}')

oc get secret -n openshift-ingress -o 'go-template={{index .data "tls.crt"}}' ${ingress_pod} | base64 -d > cert.crt
oc get secret -n openshift-ingress -o 'go-template={{index .data "tls.key"}}' ${ingress_pod} | base64 -d > cert.key
oc get secret -n $NAMESPACE external-tls-secret -o yaml > external-tls-secret.yaml
oc delete secret -n $NAMESPACE external-tls-secret
sleep 3
oc create secret generic -n $NAMESPACE external-tls-secret --from-file=cert.crt=cert.crt --from-file=cert.key=cert.key -o yaml | oc apply -f -

oc patch AutomationUIConfig $AUTO_UI_INSTANCE \
 -n $NAMESPACE \
 --type merge \
 --patch '{"spec": {"tls": {"caSecret": {"key":"ca.crt", "secretName": "external-tls-secret"}, "certificateSecret": { "secretName": "external-tls-secret"}}}}'

REPLICAS=$(oc get Deployment/ibm-nginx -n $NAMESPACE -o jsonpath='{.spec.replicas}')
oc scale Deployment/ibm-nginx --replicas=0 -n $NAMESPACE
sleep 3
oc scale Deployment/ibm-nginx --replicas=${REPLICAS} -n $NAMESPACE

Where <project> is the project that your AI Manager installation is deployed in.

Note: It takes a few minutes for the NGINX pods to come back up.

14. Restart Cassandra pods

After installation, Cassandra may have problems in schema creation. Run the sync-cassandra.sh script to resolve this.

  1. Run the following command to switch to your AI Manager project.

    oc project <project>
    

    Where <project> is the project that your AI Manager installation is deployed in.

  2. Download and run the sync-cassandra.sh script.