Preparing to install an active-active configuration on AWS

Use this information to prepare to install IBM® Cloud Pak for Network Automation in an active-active configuration on self-managed clusters on Amazon Web Services (AWS).

Before you begin

  1. Review the Planning information.
  2. Set up these installation dependencies:
    1. Create three or more self-managed Red Hat® OpenShift® clusters. For detailed steps, see the Red Hat OpenShift Container Platform 4.16 Documentation.
    2. Install the Red Hat OpenShift CLI, oc_cli on each cluster's boot node. For detailed steps, see Getting started with the OpenShift CLI (Red Hat OpenShift Container Platform 4.16). If you are using a different version of Red Hat OpenShift, select the appropriate version on the Red Hat OpenShift documentation page.

Preparing to install the Cloud Pak

Note: For any steps that use the Red Hat OpenShift command-line interface (CLI), run the oc login command to log in to your cluster.

Configure storage

On self-managed clusters in AWS, the Cloud Pak uses the gp3 and efs-sc storage classes. gp3 is available by default in every cluster, but efs-sc is not. To make the efs-sc class available in your cluster, complete these tasks by using the instructions in Setting up AWS Elastic File Service CSI Driver Operator:
  1. Create the AWS Elastic File Service (EFS) driver operator.
  2. Install the EFS Container Storage Interface (CSI) driver.
  3. Create and configure access to an EFS storage volume in AWS.
  4. Create the AWS EFS storage class, that is, efs-sc.

Create a custom namespace

Use either of the following methods to create a namespace or project into which you can install IBM Cloud Pak for Network Automation. A project is a Kubernetes namespace.

Create a project with the OpenShift Container Platform console.
  1. Log in to your OpenShift Container Platform console.
  2. From the navigation menu, click Projects.
  3. Click Create Project.
  4. Enter the project name and click Create.
Create a namespace with the Red Hat OpenShift CLI.
Run the following command, where <namespace> is the namespace that you want to create:
oc create namespace <namespace>

Create the entitlement key secret

Complete the following steps to create a docker-registry secret to enable your deployment to pull operand images from the IBM Entitled Registry.
  1. Obtain the entitlement key that is assigned to your IBMid. For more information, see Obtaining an entitlement key.
  2. Create an image pull secret called ibm-entitlement-key. You can use either of the following methods.
    Create the secret with the OpenShift Container Platform console.
    1. From the navigation menu, click Workloads > Secrets.
    2. From the Project list, select the project that you want to create the instance in.

      A project is a Kubernetes namespace. Select the namespace that you created in the step Create a custom namespace.

    3. On the Secrets page, click Create and select Image Pull Secret.
    4. Enter the following values:
      • In the Secret Name field, enter ibm-entitlement-key.
      • In the Registry Server Address field, enter cp.icr.io.
      • In the Username field, enter cp.
      • In the Password field, enter the entitlement key that you copied in step 1.
    5. Click Create.
    Create the secret with the Red Hat OpenShift CLI.
    From the Red Hat OpenShift CLI, run the following command to create an image pull secret called ibm-entitlement-key:
    oc create secret docker-registry ibm-entitlement-key \
        --docker-username=cp \
        --docker-password=<entitlement-key> \
        --docker-server=cp.icr.io \
        --namespace=<namespace>
    Where:
    • <entitlement-key> is the entitlement key that you copied in step 1.
    • <namespace> is the namespace that you created in the step Create a custom namespace.

Expose metrics for Prometheus

Prometheus is a monitoring and alerting toolkit and is deployed by default on OpenShift Container Platform clusters. Before the orchestration metrics can be collected and stored in Prometheus, you must expose the metric endpoints to Prometheus.

Complete the following steps to deploy the cluster-monitoring-config and user-workload-monitoring-config configmaps, which enable Prometheus to collect the metrics:
  1. Create a YAML file and add the following configuration information:
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: cluster-monitoring-config
      namespace: openshift-monitoring
    data:
      config.yaml: |
        enableUserWorkload: true
    ---
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: user-workload-monitoring-config
      namespace: openshift-user-workload-monitoring
    data:
      config.yaml: |
  2. Deploy the configmaps by running the following command:
    oc apply -f <filename>

For more information about how to configure monitoring for your cluster, see Enabling monitoring for user-defined projects (Red Hat OpenShift Container Platform 4.16).

Add the catalog sources

Before you can install IBM Cloud Pak for Network Automation, you must add the following catalog sources to your cluster:
  • IBM Operator Catalog
  • IBM Cloud Pak foundational services
  • A specific catalog source for IBM Elasticsearch
Tip: You must be a cluster administrator to add catalog sources to a cluster.

Adding catalog sources for IBM Operator Catalog and IBM Cloud Pak foundational services

You can add the catalog sources with either of the following methods:
Add the catalog sources with the OpenShift Container Platform console
  1. Add the catalog source for the IBM Operator Catalog.
    1. Click the Import YAML plus (+) icon in the console toolbar to open the Import YAML page.
    2. Paste the following text:
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: ibm-operator-catalog
        namespace: openshift-marketplace
      spec:
        displayName: IBM Operator Catalog
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-operator-catalog
        updateStrategy:
          registryPoll:
            interval: 45m
    3. Click Create.
  2. Add the catalog source for IBM Cloud Pak foundational services.
    1. Click +.
    2. Paste the following text:
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: opencloud-operators
        namespace: openshift-marketplace
      spec:
        displayName: IBMCS Operators
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-common-service-catalog:latest
        updateStrategy:
          registryPoll:
            interval: 45m
    3. Click Create.
  3. Verify that the catalog sources are added to your cluster.
    1. From the navigation menu, click Administration > Cluster Settings.
    2. Click the Global Configuration tab.
    3. Click OperatorHub.
    4. Click the Sources tab.
    5. Verify that the new catalog sources are shown.
Add the catalog sources with the Red Hat OpenShift CLI
  1. Add the catalog source for the IBM Operator Catalog.
    1. Create a YAML file and add the following resource definition:
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: ibm-operator-catalog
        namespace: openshift-marketplace
      spec:
        displayName: IBM Operator Catalog
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-operator-catalog
        updateStrategy:
          registryPoll:
            interval: 45m
    2. Add the catalog source by running the following command, replacing <filename> with the file that you created.
      oc apply -f <filename>
  2. Add the catalog source for IBM Cloud Pak foundational services.
    1. Create a YAML file and add the following resource definition:
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: opencloud-operators
        namespace: openshift-marketplace
      spec:
        displayName: IBMCS Operators
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-common-service-catalog:latest
        updateStrategy:
          registryPoll:
            interval: 45m
    2. Add the catalog source by running the following command, replacing <filename> with the file that you created.
      oc apply -f <filename>
  3. Verify that the catalog sources are added, and are returned with the following command:
    oc get CatalogSources ibm-operator-catalog opencloud-operators -n openshift-marketplace

Adding a specific catalog source for IBM Elasticsearch

You must add version 1.1.1336 of the IBM Elasticsearch catalog source to your cluster by using the OpenShift CLI.

Before you complete the following steps, download version 1.1.0 or later of the IBM Catalog Management plug-in from GitHub. By using this plug-in, you can run oc ibm-pak commands against your cluster.
  1. In the cluster where you plan to install the Cloud Pak, export these local environment variables for the command line to use:
    export CASE_NAME="ibm-elasticsearch-operator"
    export CASE_VERSION="1.1.1336"
    export ARCH="<cp4na_arch>"
    
    <cp4na_arch> is the architecture where you plan to install the Cloud Pak. Replace this value with amd64, s390x or ppc64le.
  2. Download the files for version 1.1.1336 of the IBM Elasticsearch operator by running this command:
    oc ibm-pak get ${CASE_NAME} --version ${CASE_VERSION}
  3. Generate the specific catalog source for the IBM Elasticsearch operator by running this command:
    oc ibm-pak generate mirror-manifests ${CASE_NAME} icr.io --version ${CASE_VERSION}
  4. Edit the catalog source by running this command:
    vi ~/.ibm-pak/data/mirror/${CASE_NAME}/${CASE_VERSION}/catalog-sources-linux-${ARCH}.yaml
  5. In the YAML for the catalog source, update the spec.priority setting to 100, as shown in this example, and save your changes.
    apiVersion: operators.coreos.com/v1alpha1
    kind: CatalogSource
    metadata:
      name: ibm-elasticsearch-catalog
      namespace: openshift-marketplace
    spec:
      displayName: ibm-elasticsearch-operator-1.1.1336-linux-amd64
      publisher: IBM
      image: icr.io/cpopen/opencontent-elasticsearch-operator-catalog@sha256:14fb125009645bf053a4fd72f26416b9f1abb07049c83a08aaab971453cc3694
      sourceType: grpc
      updateStrategy:
        registryPoll:
          interval: 30m0s
      priority: 100
  6. Apply the catalog source to your cluster by running this command:
    oc apply -f ~/.ibm-pak/data/mirror/${CASE_NAME}/${CASE_VERSION}/catalog-sources-linux-${ARCH}.yaml
  7. Verify that the catalog source is ready by running this command:
    oc get catalogSource ibm-elasticsearch-catalog -n openshift-marketplace -o jsonpath='{.status.connectionState.lastObservedState}'

    It might take several minutes before the catalog source is ready. If the command does not return READY, wait a few minutes and try to verify the status again.

Optional: Install and configure a certificate manager

In Red Hat OpenShift Container Platform 4.12 and later, the cert-manager operator provides a service for application certificate lifecycle management. If you plan to use the cert-manager or any other certificate manager, make sure that you install it before you install IBM Cloud Pak for Network Automation.

You must also configure the cert-manager operator to use any existing certificate manager rather than installing a new manager. For more information. see Problem when you install two different cert-managers.

Optional: Create a secret for custom Site Planner plug-ins

If you want to use custom Site Planner plug-ins, you must create a plug-in manifest and a secret that includes the manifest contents. You must also update the custom resource (CR). You can configure these items before or after you install Site Planner. For more information, see Installing plug-ins.

Optional: Consider the storage requirements for application logging

Application logging is installed automatically when you install IBM Cloud Pak for Network Automation. The Cloud Pak uses OpenSearch to store application logging data. Depending on your application logging storage requirements, you might want to adjust the OpenSearch configuration.

It is difficult to change the OpenSearch configuration after the Cloud Pak is installed. Therefore, consider the configuration that best suits your storage requirements before you install the Cloud Pak.

You can configure the OpenSearch settings in the Cloud Pak CR. For more information, see Custom resources.