Setting up the cluster with the admin script

To install the Cloud Pak capabilities with the Cloud Pak operator, a cluster administrator user must run a script to set up the cluster. They also need to provide a non-administrator user the information that they need to be able to run the deployment script. Each Cloud Pak capability can be installed with extra components. Db2® and OpenLDAP are always installed.

Before you begin

Make sure you prepared your cluster with the necessary infrastructure and software. For more information, see Preparing for a Demo deployment.

Important: The Cloud Pak cannot be installed on a cluster with an existing installation of IBM Automation foundational that used the All namespaces on the cluster option. Check the openshift-operators namespace to find installed operators. The Cloud Pak supports installation on a single namespace and not on all namespaces. To install more than one deployment of the Cloud Pak, each deployment must be installed in a different namespace and the operator needs to be installed for each namespace.

About this task

The cluster setup script is one of several scripts that are provided to help you install the Cloud Pak capabilities. You must be a cluster administrator to run the setup script. For more information, see user archetypes.

The cluster setup script identifies or creates a namespace and applies the custom resource definitions (CRD). The script provides the administrator with the cluster hostname on the cluster and available storage classes. This information must be provided to the user who runs the deployment script.

Note: The admin setup script does not set any parameters in the custom resource (CR) because the administrator might not be using the same host as the user who runs the deployment script.

Use the following steps to complete the setup.

Procedure

Log in to the target cluster as the <cluster-admin> user.
If you are not already logged in on OpenShift (OCP), then log in using the oc CLI:
```
oc login https://<cluster-ip>:<port> -u <cluster-admin> -p <password>
```
On IBM Cloud (ROKS), if you are not already logged in use the following command:
```
oc login --token=<token> --server=https://<cluster-ip>:<port>
```
For 21.0.1 Set the ClusterRole for the operator to the target namespace.
1. Change directory to the cert-kubernetes/descriptors folder.
```
cd cert-kubernetes/descriptors
```
  For more information about downloading cert-kubernetes, see Preparing for a Demo deployment.
2. Open the cluster_role_binding.yaml file and replace the placeholder string <NAMESPACE> with the target namespace where you want to install the Cloud Pak.
  For example, cp4a-demo.
3. Apply the cluster_role_binding.yaml and cluster_role.yaml files.
```
oc apply -f cluster_role.yaml
oc apply -f cluster_role_binding.yaml
```
For 21.0.1-IF001 or later interim fixes. Create the ibm-cp4ba-privileged service account (SA), and bind the security context constraints (SCC) to control the actions the SA can take and what it can access.

Note: For 21.0.1 You do not need to create these service accounts.
```
oc apply -f service-account-for-privileged.yaml -n ${NAMESPACE}
```
Where the content of the service-account-for-privileged.yaml file includes the following service accounts:
```
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ibm-cp4ba-privileged
imagePullSecrets:
- name: "admin.registrykey"
```
Bind the SCC to the service account:
```
oc adm policy add-scc-to-user privileged -z ibm-cp4ba-privileged -n ${NAMESPACE}
```
Create the ibm-cp4ba-anyuid service account (SA), and bind the security context constraints (SCC) to control the actions the SA can take and what it can access.
```
oc apply -f service-account-for-anyuid.yaml -n ${NAMESPACE}
```
Where the content of the service-account-for-anyuid.yaml file includes the following service accounts:
```
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ibm-cp4ba-anyuid
imagePullSecrets:
- name: "admin.registrykey"
```
Bind the SCC to the service account:
```
oc adm policy add-scc-to-user anyuid -z ibm-cp4ba-anyuid -n ${NAMESPACE}
```
Change directory to the scripts folder.
```
cd ../scripts
```
Run the cluster setup script and follow the prompts in the command window.
```
./cp4a-clusteradmin-setup.sh
```
1. Select the platform type: ROKS (1) or OCP (2).
  Option 3 is not supported for a demo deployment.
2. Select the deployment type demo.
3. Enter the name for a new project or an existing project (namespace). For example, cp4a-demo.
4. Select a username from the list of eligible users by entering the number associated with that user.
5. Enter your IBM Entitled Registry key and login credentials (user and password). For more information, see Setting up the cluster.
6. Enter a dynamic storage class name.
Note: The following message appears on OCP 4.6, but the warning does not have any functional impact.
```
Creating the custom resource definition (CRD) and a service account that has the permissions to manage the resources...
W1102 26405 warnings.go:67] apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
```
If you intend to install Content Collector for SAP as an optional component of the Content Manager pattern, then you must download the necessary libraries and put them in the operator pod.
1. Make a saplibs directory.
  Give read and write permissions to the directory by running the chmod command.
2. Download the SAP Netweaver SDK 7.50 library from the SAP Service Marketplace.
  - https://launchpad.support.sap.com/#/softwarecenter/object/0020000000957442020 for libsapcrypto.so
  - https://launchpad.support.sap.com/#/softwarecenter/object/0020000001646522020 for libicudata.so.50, libicudecnumber.so, libicui18n.so.50, libicuuc.so.50, libsapnwrfc.so, and libsapucum.so
3. Download the SAP JCo Release 3.0.x from the SAP Service Marketplace.
  - https://launchpad.support.sap.com/#/softwarecenter/object/0020000001721092019 for sapjco3.jar and libsapjco3.so
4. Extract all of the content of the packages to the saplibs directory.
5. Check you have all of the following libraries.
```
saplibs/
├── libicudata.so.50
├── libicudecnumber.so
├── libicui18n.so.50
├── libicuuc.so.50
├── libsapcrypto.so
├── libsapjco3.so
├── libsapnwrfc.so
├── libsapucum.so
└── sapjco3.jar
```
6. Copy the saplibs directory that you created to the operator pod.
```
podname=$(oc get pod | grep ibm-cp4a-operator | awk '{print $1}')
kubectl cp $PATH_TO_SAPLIBS/saplibs <project_name>/$podname:/opt/ansible/share
```
  Note: The $PATH_TO_SAPLIBS is the path to the driver files on your system. The <project_name> must be set to the namespace of the installed operator.
  To verify that the files are in the pod, run the following commands:
```
oc rsh $(oc get pod | grep ibm-cp4a-operator | awk '{print $1}')
ls -ltr /opt/ansible/share/saplibs
```
For 21.0.1 If you intend to include Business Automation Insights as an optional component in your deployment, create a secret with the name ibm-entitlement-key with your <user_password> for the IBM Entitled Registry.
From the OCP CLI, run the following commands:
```
kubectl create secret docker-registry ibm-entitlement-key -n <project_name> \
   --docker-username=cp \
   --docker-password="<user_password>" \
   --docker-server=cp.icr.io
```
Note: The <project_name> must be set to the namespace of the installed operator.

Results

When the script is finished, all of the available storage class names are displayed along with the infrastructure node name. Take a note of the following information and provide it to the Cloud Pak admin user as they are needed for the deployment script:

Project name or namespace.
For 21.0.1 Route hostname.
Storage class names.
Username to log in to the cluster.

Verify the deployment to make sure that all pods, including the IBM Automation foundation (iaf-) pods, are Running. Using the OpenShift CLI:

oc get pods

To get the operator log, run the following commands:

podname=$(oc get pod | grep ibm-cp4a-operator | awk '{print $1}')
oc logs $podname -c operator -n <project-name>