Preparing to install an active-active configuration on AWS
Use this information to prepare to install IBM® Cloud Pak for Network Automation in an active-active configuration on self-managed clusters on Amazon Web Services (AWS).
Before you begin
- Review the Planning information.
- Set up these installation dependencies:
- Create three or more self-managed Red Hat® OpenShift® clusters. For detailed steps, see the Red Hat OpenShift Container Platform 4.16 Documentation.
- Install the Red Hat OpenShift CLI,
oc_cli
on each cluster's boot node. For detailed steps, see Getting started with the OpenShift CLI (Red Hat OpenShift Container Platform 4.16). If you are using a different version of Red Hat OpenShift, select the appropriate version on the Red Hat OpenShift documentation page.
Preparing to install the Cloud Pak
- Configure storage
- Create a custom namespace
- Create the entitlement key secret
- Expose metrics for Prometheus
- Add the catalog sources
- Optional: Install and configure a certificate manager
- Optional: Create a secret for custom Site Planner plug-ins
- Optional: Consider the storage requirements for application logging
oc login
command to log in to your
cluster.Configure storage
gp3
and
efs-sc
storage classes. gp3
is available by default in every
cluster, but efs-sc
is not. To make the efs-sc
class available in
your cluster, complete these tasks by using the instructions in Setting up AWS Elastic File Service CSI Driver Operator:- Create the AWS Elastic File Service (EFS) driver operator.
- Install the EFS Container Storage Interface (CSI) driver.
- Create and configure access to an EFS storage volume in AWS.
- Create the AWS EFS storage class, that is,
efs-sc
.
Create a custom namespace
Use either of the following methods to create a namespace or project into which you can install IBM Cloud Pak for Network Automation. A project is a Kubernetes namespace.
- Create a project with the OpenShift Container Platform console.
-
- Log in to your OpenShift Container Platform console.
- From the navigation menu, click Projects.
- Click Create Project.
- Enter the project name and click Create.
- Create a namespace with the Red Hat OpenShift CLI.
- Run the following command, where
<namespace>
is the namespace that you want to create:oc create namespace <namespace>
Create the entitlement key secret
- Obtain the entitlement key that is assigned to your IBMid. For more information, see Obtaining an entitlement key.
- Create an image pull secret called ibm-entitlement-key. You can use either of
the following methods.
- Create the secret with the OpenShift Container Platform console.
-
- From the navigation menu, click .
- From the Project list, select the project that you want to create the
instance in.
A project is a Kubernetes namespace. Select the namespace that you created in the step Create a custom namespace.
- On the Secrets page, click Create and select Image Pull Secret.
- Enter the following values:
- In the Secret Name field, enter ibm-entitlement-key.
- In the Registry Server Address field, enter cp.icr.io.
- In the Username field, enter cp.
- In the Password field, enter the entitlement key that you copied in step 1.
- Click Create.
- Create the secret with the Red Hat OpenShift CLI.
- From the Red Hat OpenShift CLI, run the following
command to create an image pull secret called
ibm-entitlement-key:
Where:oc create secret docker-registry ibm-entitlement-key \ --docker-username=cp \ --docker-password=<entitlement-key> \ --docker-server=cp.icr.io \ --namespace=<namespace>
<entitlement-key>
is the entitlement key that you copied in step 1.<namespace>
is the namespace that you created in the step Create a custom namespace.
Expose metrics for Prometheus
Prometheus is a monitoring and alerting toolkit and is deployed by default on OpenShift Container Platform clusters. Before the orchestration metrics can be collected and stored in Prometheus, you must expose the metric endpoints to Prometheus.
cluster-monitoring-config
and
user-workload-monitoring-config
configmaps, which enable Prometheus to collect the metrics:- Create a YAML file and add the following configuration information:
apiVersion: v1 kind: ConfigMap metadata: name: cluster-monitoring-config namespace: openshift-monitoring data: config.yaml: | enableUserWorkload: true --- apiVersion: v1 kind: ConfigMap metadata: name: user-workload-monitoring-config namespace: openshift-user-workload-monitoring data: config.yaml: |
- Deploy the configmaps by running the following command:
oc apply -f <filename>
For more information about how to configure monitoring for your cluster, see Enabling monitoring for user-defined projects (Red Hat OpenShift Container Platform 4.16).
Add the catalog sources
- IBM Operator Catalog
- IBM Cloud Pak foundational services
- A specific catalog source for IBM Elasticsearch
Adding catalog sources for IBM Operator Catalog and IBM Cloud Pak foundational services
- Add the catalog sources with the OpenShift Container Platform console
- Add the catalog sources with the OpenShift CLI
- Add the catalog sources with the OpenShift Container Platform console
-
- Add the catalog source for the IBM Operator Catalog.
- Click the Import YAML plus (+) icon in the console toolbar to open the Import YAML page.
- Paste the following text:
apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-operator-catalog namespace: openshift-marketplace spec: displayName: IBM Operator Catalog publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-operator-catalog updateStrategy: registryPoll: interval: 45m
- Click Create.
- Add the catalog source for IBM Cloud Pak
foundational services.
- Click +.
- Paste the following text:
apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: opencloud-operators namespace: openshift-marketplace spec: displayName: IBMCS Operators publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-common-service-catalog:latest updateStrategy: registryPoll: interval: 45m
- Click Create.
- Verify that the catalog sources are added to your cluster.
- From the navigation menu, click .
- Click the Global Configuration tab.
- Click OperatorHub.
- Click the Sources tab.
- Verify that the new catalog sources are shown.
- Add the catalog source for the IBM Operator Catalog.
- Add the catalog sources with the Red Hat OpenShift CLI
-
- Add the catalog source for the IBM Operator Catalog.
- Create a YAML file and add the following resource definition:
apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-operator-catalog namespace: openshift-marketplace spec: displayName: IBM Operator Catalog publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-operator-catalog updateStrategy: registryPoll: interval: 45m
- Add the catalog source by running the following command, replacing
<filename>
with the file that you created.oc apply -f <filename>
- Create a YAML file and add the following resource definition:
- Add the catalog source for IBM Cloud Pak
foundational services.
- Create a YAML file and add the following resource definition:
apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: opencloud-operators namespace: openshift-marketplace spec: displayName: IBMCS Operators publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-common-service-catalog:latest updateStrategy: registryPoll: interval: 45m
- Add the catalog source by running the following command, replacing
<filename>
with the file that you created.oc apply -f <filename>
- Create a YAML file and add the following resource definition:
- Verify that the catalog sources are added, and are returned with the following
command:
oc get CatalogSources ibm-operator-catalog opencloud-operators -n openshift-marketplace
- Add the catalog source for the IBM Operator Catalog.
Adding a specific catalog source for IBM Elasticsearch
You must add version 1.1.1336 of the IBM Elasticsearch catalog source to your cluster by using the OpenShift CLI.
oc
ibm-pak
commands against your cluster.- In the cluster where you plan to install the Cloud Pak, export these local environment variables
for the command line to
use:
<cp4na_arch> is the architecture where you plan to install the Cloud Pak. Replace this value with amd64, s390x or ppc64le.export CASE_NAME="ibm-elasticsearch-operator" export CASE_VERSION="1.1.1336" export ARCH="<cp4na_arch>"
- Download the files for version 1.1.1336 of the IBM
Elasticsearch operator by running this
command:
oc ibm-pak get ${CASE_NAME} --version ${CASE_VERSION}
- Generate the specific catalog source for the IBM
Elasticsearch operator by running this
command:
oc ibm-pak generate mirror-manifests ${CASE_NAME} icr.io --version ${CASE_VERSION}
- Edit the catalog source by running this
command:
vi ~/.ibm-pak/data/mirror/${CASE_NAME}/${CASE_VERSION}/catalog-sources-linux-${ARCH}.yaml
- In the YAML for the catalog source, update the
spec.priority
setting to 100, as shown in this example, and save your changes.apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-elasticsearch-catalog namespace: openshift-marketplace spec: displayName: ibm-elasticsearch-operator-1.1.1336-linux-amd64 publisher: IBM image: icr.io/cpopen/opencontent-elasticsearch-operator-catalog@sha256:14fb125009645bf053a4fd72f26416b9f1abb07049c83a08aaab971453cc3694 sourceType: grpc updateStrategy: registryPoll: interval: 30m0s priority: 100
- Apply the catalog source to your cluster by running this
command:
oc apply -f ~/.ibm-pak/data/mirror/${CASE_NAME}/${CASE_VERSION}/catalog-sources-linux-${ARCH}.yaml
- Verify that the catalog source is ready by running this
command:
oc get catalogSource ibm-elasticsearch-catalog -n openshift-marketplace -o jsonpath='{.status.connectionState.lastObservedState}'
It might take several minutes before the catalog source is ready. If the command does not return READY, wait a few minutes and try to verify the status again.
Optional: Install and configure a certificate manager
In Red Hat
OpenShift Container
Platform 4.12 and later, the
cert-manager
operator provides a service for application certificate lifecycle
management. If you plan to use the cert-manager
or any other certificate manager,
make sure that you install it before you install IBM Cloud Pak for Network
Automation.
You must also configure the cert-manager
operator to use any existing
certificate manager rather than installing a new manager. For more information. see Problem when you install two different cert-managers.
Optional: Create a secret for custom Site Planner plug-ins
If you want to use custom Site Planner plug-ins, you must create a plug-in manifest and a secret that includes the manifest contents. You must also update the custom resource (CR). You can configure these items before or after you install Site Planner. For more information, see Installing plug-ins.
Optional: Consider the storage requirements for application logging
Application logging is installed automatically when you install IBM Cloud Pak for Network Automation. The Cloud Pak uses OpenSearch to store application logging data. Depending on your application logging storage requirements, you might want to adjust the OpenSearch configuration.
It is difficult to change the OpenSearch configuration after the Cloud Pak is installed. Therefore, consider the configuration that best suits your storage requirements before you install the Cloud Pak.
You can configure the OpenSearch settings in the Cloud Pak CR. For more information, see Custom resources.