Installing Agile Service Manager on OCP

Agile Service Manager Version 1.1.7 is supported on RedHat OpenShift Container Platform (OCP) Version 4.3.

Before you begin

Important: Ensure you have the latest version of the IBM Netcool Operations Insight documentation.

IBM Common Services: IBM Common Services must be installed.; You can obtain IBM Common Services from the IBM Passport Advantage website.
Note: IBM Common Services require an additional 32Gb of RAM on the worker node on which it is to be deployed.

RedHat OpenShift Container Platform: Obtain RedHat OpenShift Container Platform Version 4.3; You can access the Red Hat OpenShift documentation here: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.3/

Docker: Ensure Docker is installed.

Command line tools

The following command line tools must be available and configured for use:

oc
cloudctl
docker
helm

Expose the OCP Docker registry

To find the docker registry:

oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
oc get routes -n openshift-image-registry

The output should be similar to the following example:

NAME            HOST/PORT                                                              
default-route   default-route-openshift-image-registry.apps.svt-ocp42.os.fyre.ibm.com

The information returned confirms that the registry is in the default namespace.

Find the OCP Docker registry

Once exposed, find the hostname for the route.

OCP_REGISTRY=$(oc get route -n openshift-image-registry default-route -o jsonpath='{.spec.host}')
echo $OCP_REGISTRY

Trust the image registry certificate

mkdir -p /etc/docker/certs.d/$OCP_REGISTRY
openssl s_client -showcerts -servername $OCP_REGISTRY -connect $OCP_REGISTRY:443 2>/dev/null | openssl x509 -inform pem > /etc/docker/certs.d/$OCP_REGISTRY/ca.crt

Login docker registry

Using both the oc and docker command line tools, you can run the following command to authenticate with the docker registry:

docker login -u $(oc whoami) -p $(oc whoami -t) ${OCP_REGISTRY}

Download the Agile Service Manager package

This procedure is described in the NOI documentation.

As part of completing the NOI step, you will have downloaded the Agile Service Manager package. The download file contains all images that you require to run the software, as well as the Helm charts used to install the images.

Ensure you have obtained the latest package.

Load the archive

This procedure is described in the NOI documentation.

Ensure that you point to the OCP docker registry, and append the namespace into which to install.

Tip: You can use local storage volumes or configure external storage. However, this requires a command line installation that you should only perform if you have the required expertise.

Procedure

Prepare the Agile Service Manager environment

Extract the scripts from the pak_extensions directory. Use the following command:
```
$ tar xvf ibm-netcool-asm-v1.1.7-x86_64.tar.gz pak_extensions/
```
To create the custom pod security policy, run the following command:
```
bash createSecurityClusterPrereqs.sh 
```
The script creates the SecurityContextConstraints (or PSP on non-OCP cluster) and cluster role for Agile Service Manager.
To grant service account access to the role created in the previous script, use the following command:
```
bash createSecurityNamespacePrereqs.sh myNamespace
```

Create the required storage volumes for a single deployment of the chart.

Add all required configuration data, such as worker node URLs, disk locations and capacity, to the storageConfig.env file Example:

WORKER1=172.99.0.1
WORKER2=172.99.0.2
WORKER3=172.99.0.3
FS_ROOT=/opt/ibm/netcool
# Volume capacity in Gi
CAPACITY_CASSANDRA=50
CAPACITY_KAFKA=15
CAPACITY_ELASTICSEARCH=75
CAPACITY_ZOOKEEPER=5
# (Optional) File Observer Settings
FILE_OBSERVER_DATA_CAPACITY=5
FILE_OBSERVER_DATA_NODE=${WORKER1}

Create the storage volume, specifying the namespace and release name for the install.
```
bash createStorageVolumes.sh myNamespace myReleaseName
```

Create the directories on each of the worker nodes. For example:

oc get pv -l release=${ASM_RELEASE_NAME} -o jsonpath="{range .items[*]}{'ssh core@'}{.metadata.labels.node}{' -C sudo mkdir -p '}{.spec.local.path}{'\n'}{end}" > createVolumes.sh
bash createVolumes.sh

Install Agile Service Manager from the catalog

Before accessing the console (UI), you need to check the routes in the kube-system namespace. You logon with the credentials you supplied when you installed IBM Common Services.

# oc get routes -n kube-system

The output will be similar to the following example:

NAME          HOST/PORT                                    PATH   SERVICES             PORT
icp-console   icp-console.apps.svt-ocp43.os.fyre.ibm.com          management-ingress   <all>
icp-proxy     icp-proxy.apps.svt-ocp43.os.fyre.ibm.com            nginx-ingress        https

Install the Agile Service Manager chart from the console.
1. Login to the Cloud Pak Catalog UI, and click the catalog icon.
2. Enter netcool in the Filter and select the appropriate Helm chart, then click Configure. You set the internal registry name (including the port and namespace) on the console Global Settings page. The value is typically image-registry.openshift-image-registry.svc:5000/netcool where netcool is the namespace name.
  
  Quick start
  
  Complete this section if you want to install a trial deployment. You only need to enter the master node and image repository details for your trial environment.
  
  All parameters
  
  Complete this section if you want to install a production deployment. To customize the installation, configure the installation parameters.

Install Agile Service Manager from the command line

Before installing Agile Service Manager from the command line, you must find the repository URL. Example:

# cloudctl catalog repos
Name                   URL                                                                   Local
ibm-charts             https://raw.githubusercontent.com/IBM/charts/master/repo/stable/      false
local-charts           https://icp-console.apps.bert.acme.co.uk:443/helm-repo/charts         true
mgmt-charts            https://icp-console.apps.bert.acme.co.uk:443/mgmt-repo/charts         true
ibm-charts-public      https://registry.bluemix.net/helm/ibm/                                false
ibm-community-charts   https://raw.githubusercontent.com/IBM/charts/master/repo/community/   false
ibm-entitled-charts    https://raw.githubusercontent.com/IBM/charts/master/repo/entitled/    false

In this example, the required URL returned is for 'local-charts', that is https://icp-console.apps.bert.acme.co.uk:443/helm-repo/charts

After finding the URL, you add it to the repository: Example:

helm repo add local-charts https://icp-console.apps.bert.acme.co.uk:443/helm-repo/charts  --ca-file .helm/ca.pem

Install Agile Service Manager using the helm command line:

helm search netcool

NAME                             	CHART VERSION	APP VERSION	DESCRIPTION                        
local-charts/ibm-netcool-asm-prod	4.3.0        	1.1.7      	IBM® Netcool® Agile Service Manager

Set the internal registry name, including the port and namespace. The value is typically image-registry.openshift-image-registry.svc:5000/netcool where netcool is the namespace name.
```
global:
  image:
    repository: image-registry.openshift-image-registry.svc:5000/netcool
```
Install your product using the helm install command.

Example

Tip: See the Netcool Operations Insight Knowledge Center for more OpenShift installation and configuration information: https://www.ibm.com/support/knowledgecenter/SSTPTP_1.6.0/com.ibm.netcool_ops.doc/soc/integration/task/int_installing-opsmg-rhocpt.html