Installing IBM License Service offline without Operator Lifecycle Manager (OLM)

Learn how to install License Service with no Internet connection without the Operator Lifecycle Manager (OLM).

Prerequisites

Before installation, see Preparing for installation to check the installation requirements.

Installation

Note: For OpenShift cluster, check whether License Service is installed in cs-control or ibm-common-services namespace of the cluster to prevent the multiple License Service instances. If License Service is already installed, you can upgrade License Service to the latest version. If you install multiple License Service instances in the same namespace, an incorrect license usage report is generated.

The following procedure guides you through the installation of License Service.

  1. Clone the ibm-licensing-operator GitHub repository by using git clone. Run the following command:

    export operator_release_version=latest-4.x
    git clone -b ${operator_release_version} https://github.com/IBM/ibm-licensing-operator.git
    cd ibm-licensing-operator/
    

    Note: If you cannot use git clone, download the sources, extract, and enter ibm-licensing-operator directory. Sources

  2. Prepare Docker images.

    1. Run the following command to prepare your Docker images:

      export my_docker_registry=<YOUR PRIVATE REGISTRY IMAGE PREFIX HERE; for example: "my.registry:5000" or "my.private.registry.example.com">
      export operator_version=$(git describe --tags --abbrev=0 | tr -d v)
      export operand_version=$(git describe --tags --abbrev=0  | tr -d v)
      
    2. Pull the required images with the following command:

      docker pull icr.io/cpopen/ibm-licensing-operator:${operator_version}
      docker pull icr.io/cpopen/cpfs/ibm-licensing:${operand_version}
      
    3. Before pushing the images to your private registry, make sure that you are logged in. Use the following command:

      docker login ${my_docker_registry}
      
    4. Tag the images with your registry prefix and push with the following commands:

      docker tag icr.io/cpopen/ibm-licensing-operator:${operator_version} ${my_docker_registry}/ibm-licensing-operator:${operator_version}
      docker push ${my_docker_registry}/ibm-licensing-operator:${operator_version}
      
      docker tag icr.io/cpopen/cpfs/ibm-licensing:${operand_version} ${my_docker_registry}/ibm-licensing:${operand_version}
      docker push ${my_docker_registry}/ibm-licensing:${operand_version}
      
  3. Create the required resources.

    1. Run the following command on a machine where you have access to your cluster and can use kubectl.

      export my_docker_registry=<SAME REGISTRY AS BEFORE>
      
    2. Run the following command to set the licensing_namespace variable and create the namespace for installing the operator.

      Notes:

      • The ibm-licensing namespace is the default namespace of License Service. If you need to install License Service in a custom namespace for your cluster, replace ibm-licensing with your custom namespace.

      • For OpenShift cluster, check whether License Service is installed in cs-control or ibm-common-services namespace of the cluster to prevent the multiple License Service instances. If License Service is already installed, you can upgrade License Service to the latest version. If you install multiple License Service instances in the same namespace, an incorrect license usage report is generated.

      export licensing_namespace=<installation_namespace>
      kubectl create namespace ${licensing_namespace}
      

      where <installation_namespace> is the name of the namespace where you want to install the operator.

      For example:

      export licensing_namespace=ibm-licensing
      kubectl create namespace ${licensing_namespace}
      
    3. If your cluster needs the access token to your private Docker registry, create the secret in the dedicated installation namespace:

      • For LINUX users:

        kubectl create secret -n ${licensing_namespace} docker-registry my-registry-token --docker-server=${my_docker_registry} --docker-username=<YOUR_REGISTRY_USERNAME> --docker-password=<YOUR_REGISTRY_TOKEN> --docker-email=<YOUR_REGISTRY_EMAIL>
        sed -i -e "5s/^//p; 5s/^.*/imagePullSecrets:\n- name: my-registry-token/" config/rbac/service_account.yaml
        
      • For MAC users:

        kubectl create secret -n ${licensing_namespace} docker-registry my-registry-token --docker-server=${my_docker_registry} --docker-username=<YOUR_REGISTRY_USERNAME> --docker-password=<YOUR_REGISTRY_TOKEN> --docker-email=<YOUR_REGISTRY_EMAIL>
        sed -i '' -e "5s/^//p; 5s/^.*/imagePullSecrets:\n- name: my-registry-token/" config/rbac/service_account.yaml
        
    4. Set the context so that the resources are created in a dedicated installation namespace:

      kubectl config set-context --current --namespace=${licensing_namespace}
      
    5. Apply RBAC roles, CRD and operator.yaml:

      • For LINUX users:

        ESCAPED_REPLACE=$(echo ${my_docker_registry} | sed -e 's/[\/&]/\\&/g')
        sed -i 's/icr\.io\/cpopen\/cpfs/'"${ESCAPED_REPLACE}"'/g' config/manager/manager.yaml
        sed -i 's/icr\.io\/cpopen/'"${ESCAPED_REPLACE}"'/g' config/manager/manager.yaml
        sed -i "s/annotations\['olm.targetNamespaces'\]/namespace/g" config/manager/manager.yaml
        if [ "${licensing_namespace}" != "" ] && [ "${licensing_namespace}" != "ibm-licensing" ]; then
          sed -i 's|ibm-licensing|'"${licensing_namespace}"'|g' config/rbac/*.yaml
        fi
        # add CRD:
        kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensings.yaml
        kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingmetadatas.yaml
        kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingdefinitions.yaml
        kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingquerysources.yaml
        # add RBAC:
        kubectl apply -f config/rbac/role.yaml
        kubectl apply -f config/rbac/role_operands.yaml
        kubectl apply -f config/rbac/service_account.yaml
        kubectl apply -f config/rbac/role_binding.yaml
        # add operator:
        kubectl apply -f config/manager/manager.yaml
        
      • For MAC users:

        ESCAPED_REPLACE=$(echo ${my_docker_registry} | sed -e 's/[\/&]/\\&/g')
        sed -i "" 's/icr\.io\/cpopen\/cpfs/'"${ESCAPED_REPLACE}"'/g' config/manager/manager.yaml
        sed -i "" 's/icr\.io\/cpopen/'"${ESCAPED_REPLACE}"'/g' config/manager/manager.yaml
        sed -i "" "s/annotations\['olm.targetNamespaces'\]/namespace/g" config/manager/manager.yaml
        if [ "${licensing_namespace}" != "" ] && [ "${licensing_namespace}" != "ibm-licensing" ]; then
          sed -i "" 's|ibm-licensing|'"${licensing_namespace}"'|g' config/rbac/*.yaml
        fi
        # add CRD:
        kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensings.yaml
        kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingmetadatas.yaml
        kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingdefinitions.yaml
        kubectl apply -f config/crd/bases/operator.ibm.com_ibmlicensingquerysources.yaml
        # add RBAC:
        kubectl apply -f config/rbac/role.yaml
        kubectl apply -f config/rbac/role_operands.yaml
        kubectl apply -f config/rbac/service_account.yaml
        kubectl apply -f config/rbac/role_binding.yaml
        # add operator:
        kubectl apply -f config/manager/manager.yaml
        

Results: You created the Operator for License Service. The Operator is only responsible for watching over the configuration and managing resources used by License Service. License Service Operator automatically creates the IBMLicensing instance.

Configuring access to your registry

  1. If you created the secret that is needed to access the images, add it to the configuration by using the following command. If it is not created yet, either wait up to 10 minutes, or check logs of IBMLicensing operator pod in installed namespace.

    kubectl edit IBMLicensing
    
    apiVersion: operator.ibm.com/v1alpha1
    kind: IBMLicensing
    metadata:
    name: instance
    spec:
    ...
    imagePullSecrets:     # <-- this needs to be added
       - my-registry-token
    ...
    
  2. Delete the ibm-licensing-service-instance deployment by using the following command:

    kubectl delete deployment ibm-licensing-service-instance -n ${licensing_namespace}
    

A new deployment with the configuration needed for accessing the registry is created automatically afterwards.

Results: Installation is complete and License Service is running in your cluster.

Configuring ingress

This step is required only if you installed License Service on IBM Cloud Kubernetes Services (IKS) or Amazon Elastic Kubernetes Service (EKS). After you complete the installation, configure ingress before you proceed to verification. For detailed instructions, see Configuring ingress.

If you installed License Service on OpenShift Container Platform, proceed to verification.

Verification

To check whether License Service components are properly installed and running, check if License Service components are running. For more information, see Validating License Service deployment.