安装 IBM Cloud Pak 基础服务
程序
- 导出环境变量并创建本地目录。对于 Guardium ® Insights 3.2.10 和更高版本:
指定适用于您正在部署的 Guardium Insights 版本的export CASE_NAME=ibm-guardium-insights export CASE_VERSION=<CASE VERSION> export LOCAL_CASE_DIR=$HOME/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSIONCASE_VERSION。 例如, Guardium Insights 3.2.10 需要CASE_VERSION2.2.10。 有关更多信息,请参阅 Container Application Software for Enterprises (CASE) 版本支持。对于 Guardium Insights 3.2.8 和更低版本:- 为安装创建本地目录:
export LOCAL_INSTALL_DIR=$HOME/guardium-insights mkdir $LOCAL_INSTALL_DIR - 为 CASE 捆绑软件创建本地目录:
export LOCAL_CASE_DIR=$LOCAL_INSTALL_DIR/local_case mkdir $LOCAL_CASE_DIR - 指定适用于您正在部署的 Guardium Insights 版本的
CASE_VERSION。 例如, Guardium Insights 3.2.0 需要CASE_VERSION2.2.0。 有关更多信息,请参阅 Container Application Software for Enterprises (CASE) 版本支持。export CASE_VERSION=<CASE_VERSION> export CASE_ARCHIVE=ibm-guardium-insights-$CASE_VERSION.tgz其中, CASE 版本 (
<CASE_VERSION>) 是 Guardium Insights 部署的新版本,<CASE_ARCHIVE>是包含新 CASE 版本的 CASE 文件名。 CASE 版本在 Container Application Software for Enterprises (CASE) 版本支持中进行了说明。
- 为安装创建本地目录:
- 在本地保存 CASE 捆绑软件。对于 Guardium Insights 3.2.10 和更高版本:
oc ibm-pak get $CASE_NAME \ --version $CASE_VERSION \ --skip-verify对于 Guardium Insights 3.2.8 和更低版本:cloudctl case save \ --case https://github.com/IBM/cloud-pak/raw/master/repo/case/ibm-guardium-insights/$CASE_VERSION/$CASE_ARCHIVE \ --outputdir $LOCAL_CASE_DIR --tolerance 1您收到的输出将类似于:
Downloading and extracting the CASE ... - Success Retrieving CASE version ... - Success Validating the CASE ... [warn] - certifications/ibmdefault.yaml: validation error: Certification file name [ibmdefault] not currently in supported list: [ibmmc, ibmccs, ibmccscp, ibmccp, ecomc, ecoccs] [warn] - certifications/ibmdefault.yaml: validation error: The certification file ibmdefault.yaml is not listed under the certifications parameter in case.yaml [review] - Validation review found in inventory/db2uOperatorSetup/resources.yaml: image ibmcom/ibm-db2uoperator-catalog has "catalog" in its image name with no catalog information in its metadata Validating the signature for the ibm-guardium-insights CASE... - Success Creating inventory ... - Success Finding inventory items - Success Resolving inventory items ... Parsing inventory items Validating the signature for the ibm-db2uoperator CASE... Validating the signature for the ibm-cp-common-services CASE... Validating the signature for the ibm-auditlogging CASE... Validating the signature for the ibm-cert-manager CASE... Validating the signature for the ibm-cs-commonui CASE... Validating the signature for the ibm-events-operator CASE... Validating the signature for the ibm-cs-healthcheck CASE... Validating the signature for the ibm-cs-iam CASE... Validating the signature for the ibm-zen CASE... Validating the signature for the ibm-licensing CASE... Validating the signature for the ibm-management-ingress CASE... Validating the signature for the ibm-cs-mongodb CASE... Validating the signature for the ibm-cs-monitoring CASE... Validating the signature for the ibm-platform-api-operator CASE... Validating the signature for the ibm-cloud-databases-redis CASE... - Success注: 如果迂到类似于以下内容的错误:
您可能迂到与远程存储库的临时通信问题。 请等待几分钟并重试。No Case registries found for case ibm-cert-manager->=1.3.0 <1.3.1.tgz with the given repository URL information FAILED - 为 Cloud Pak 基础服务创建名称空间。 建议使用的名称空间为
ibm-common-services。oc create namespace ibm-common-services - 安装 Cloud Pak 基础服务 目录。对于 Guardium Insights 3.2.10 和更高版本:
oc ibm-pak launch $CASE_NAME \ --version $CASE_VERSION \ --namespace ibm-common-services \ --inventory ibmCommonServiceOperatorSetup \ --action install-catalog \ --tolerance 1 \ --args "--registry icr.io --recursive --inputDir ${LOCAL_CASE_DIR}"对于 Guardium Insights 3.2.8 和更低版本:cloudctl case launch \ --case ${LOCAL_CASE_DIR}/${CASE_ARCHIVE} \ --namespace ibm-common-services \ --inventory ibmCommonServiceOperatorSetup \ --action install-catalog \ --tolerance 1 \ --args "--registry icr.io --inputDir ${LOCAL_CASE_DIR}"您收到的输出将类似于:
Welcome to the CASE launcher Attempting to retrieve and extract the CASE from the specified location [✓] CASE has been retrieved and extracted Attempting to validate the CASE Skipping CASE validation... Attempting to locate the launch inventory item, script, and action in the specified CASE [✓] Found the specified launch inventory item, action, and script for the CASE Attempting to check the cluster and machine for required prerequisites for launching the item Checking for required prereqs... No requires section specified. Required prereqs result: OK Checking user permissions... No user rules specified. [✓] Cluster and Client Prerequisites have been met for the CASE Running the CASE ibmCommonServiceOperatorSetup launch script with the following action context: installCatalog Executing inventory item ibmCommonServiceOperatorSetup, action installCatalog : launch.sh Checking arguments for install catalog action -------------Create catalog source------------- apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: opencloud-operators namespace: openshift-marketplace spec: displayName: IBMCS Operators publisher: IBM sourceType: grpc image: docker.io/ibmcom/ibm-common-service-catalog:3.7.4 catalogsource.operators.coreos.com/opencloud-operators configured check for any existing operator group in ibm-common-services ... no existing operator group found -------------Create operator group------------- operatorgroup.operators.coreos.com/common-service created [✓] CASE launch script completed successfully OK - 检查 pod:
oc get pods -n openshift-marketplace您收到的输出将类似于:
NAME READY STATUS RESTARTS AGE 31f3978636f88f94317abfaeda289019c51d8ede961eccf079a452--1-hxjcn 0/1 Completed 0 27h 506b7a4ca92560e7e5477ca6a3ba7ba043c9e096c655a3c9b26f1f--1-s9vxv 0/1 Completed 0 27h 5c606fb3706ffc952dec40167c21a2a30267386c3ac55ae80eab64--1-bdmv8 0/1 Completed 0 27h 5eb42e591ecd3d68624765a27c4fd943afd8823876f7d23fb15350--1-bm7mm 0/1 Completed 0 27h 790a925d4f28230ddf6c7354a36b71a44ad554edd253c4c1d0667e--1-6nmsn 0/1 Completed 0 27h 79b710f855f11e8b15321220ae5768de02d89eb5cac97e013959ec--1-kzsm9 0/1 Completed 0 27h 971d8c063c69d358a198cc1a72fa5a28ad76ce0206fa903301bdfc--1-kwnsh 0/1 Completed 0 27h 98136c2138d2517266afcd61ef00289b54721a88146fe0da332186--1-x52kp 0/1 Completed 0 27h a0efcb3338053b991ce1a51c1e9498ea9f542d98af6bc630384c73--1-lkklv 0/1 Completed 0 27h b63fbd321100393a75d017ab46fa4f5c67e7075a9569da360c6444--1-6b84d 0/1 Completed 0 27h certified-operators-fn4nb 1/1 Running 0 28h community-operators-fxl55 1/1 Running 0 21h d2036ee8170e71bccebd242f83571a2efb7d50da3096e7031eccc9--1-q7hxm 0/1 Completed 0 27h e45fd7900a246061a00831270d10a8016ff13f4935e31f40fa1fc9--1-6pcxb 0/1 Completed 0 27h ed6ff9e58ee2497866c8f99f3edcd2c26208634246d486907ca7b2--1-7dt8p 0/1 Completed 0 27h f83a27421b18ee699e72657ac2eb45937068045bc2ee4bdf76d4d0--1-7r6jr 0/1 Completed 0 27h ibm-cloud-databases-redis-operator-catalog-q952s 1/1 Running 0 22h ibm-db2uoperator-catalog-xmmc4 1/1 Running 0 26h marketplace-operator-6687647b9f-5nvkw 1/1 Running 3 (28h ago) 28h opencloud-operators-rn857 1/1 Running 0 27h redhat-marketplace-74r5w 1/1 Running 0 28h redhat-operators-jgpvx 1/1 Running 0 28h - 检查目录源状态:
oc get catalogsource -n openshift-marketplace您收到的输出将类似于:
NAME DISPLAY TYPE PUBLISHER AGE certified-operators Certified Operators grpc Red Hat 28h community-operators Community Operators grpc Red Hat 28h ibm-cloud-databases-redis-operator-catalog ibm-cloud-databases-redis-operator-catalog grpc IBM 22h ibm-db2uoperator-catalog IBM Db2U Catalog grpc IBM 26h opencloud-operators IBMCS Operators grpc IBM 27h redhat-marketplace Red Hat Marketplace grpc Red Hat 28h redhat-operators Red Hat Operators grpc Red Hat 28h - 安装 Cloud Pak 基础服务 操作程序。对于 Guardium Insights 3.2.10 和更高版本:
export ICS_SIZE=small oc ibm-pak launch $CASE_NAME \ --version $CASE_VERSION \ --namespace ibm-common-services \ --inventory ibmCommonServiceOperatorSetup \ --tolerance 1 \ --action install-operator \ --args "--size ${ICS_SIZE} --inputDir ${LOCAL_CASE_DIR}"对于 Guardium Insights 3.2.5 到 3.2.8:export ICS_SIZE=small cloudctl case launch \ --case ${LOCAL_CASE_DIR}/${CASE_ARCHIVE} \ --namespace ibm-common-services \ --inventory ibmCommonServiceOperatorSetup \ --tolerance 1 \ --action install-operator \ --args "--size ${ICS_SIZE} --inputDir ${LOCAL_CASE_DIR}"对于 Guardium Insights 3.2.4 或更低版本:export ICS_SIZE=small cloudctl case launch \ --case ${LOCAL_CASE_DIR}/${CASE_ARCHIVE} \ --namespace ibm-common-services \ --inventory ibmCommonServiceOperatorSetup \ --tolerance 1 \ --action install-operator \ --args "--size ${ICS_SIZE}"您收到的输出将类似于:
Welcome to the CASE launcher Attempting to retrieve and extract the CASE from the specified location [✓] CASE has been retrieved and extracted Attempting to validate the CASE Skipping CASE validation... Attempting to locate the launch inventory item, script, and action in the specified CASE [✓] Found the specified launch inventory item, action, and script for the CASE Attempting to check the cluster and machine for required prerequisites for launching the item Checking for required prereqs... No requires section specified. Required prereqs result: OK Checking user permissions... Kubernetes RBAC Prerequisite Verbs Result Reason rbac.authorization.k8s.io.clusterroles/* get,list,watch,create,patch,update true apiextensions.k8s.io.customresourcedefinitions/v1beta1 get,list,watch,create,patch,update true security.openshift.io.securitycontextconstraints/ get,list,watch,create,patch,update true User permissions result: OK [✓] Cluster and Client Prerequisites have been met for the CASE Running the CASE ibmCommonServiceOperatorSetup launch script with the following action context: installOperator Executing inventory item ibmCommonServiceOperatorSetup, action installOperator : launch.sh -------------Installing common services via OLM------------- -------------Create common services operator subscription------------- subscription.operators.coreos.com/ibm-common-service-operator unchanged -------------Create common service custom resource------------- Warning: oc apply should be used on resource created by either oc create --save-config or oc apply commonservice.operator.ibm.com/common-service configured wait for operand config is ready ... -------------Create operand request------------- operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched operandrequest.operator.ibm.com/common-service patched -------------Install complete------------- [✓] CASE launch script completed successfully OK - 安装操作程序后,请确保所有 Cloud Pak 基础服务 pod 都处于
Running或Completed状态 (请注意,这应该需要 10 到 20 分钟才能完成):oc get pods -n ibm-common-services您收到的输出将类似于:
NAME READY STATUS RESTARTS AGE audit-logging-cleanup--1-mqfks 0/1 Completed 0 27h audit-logging-fluentd-ds-b7l5h 1/1 Running 0 27h audit-logging-fluentd-ds-kvtw7 1/1 Running 0 27h audit-logging-fluentd-ds-wztrv 1/1 Running 0 27h audit-policy-controller-5bddc7744b-sgs6n 1/1 Running 0 27h auth-idp-6c6799c4d9-w9hr4 4/4 Running 0 27h auth-pap-58dd9665c-j69x4 2/2 Running 0 27h auth-pdp-79d9f8867d-h42dl 2/2 Running 0 27h cert-manager-cainjector-b9bfc6bf9-gs4p2 1/1 Running 7 (66m ago) 27h cert-manager-controller-84d7b95985-nlfhc 1/1 Running 0 27h cert-manager-webhook-5768869b85-r7mv5 1/1 Running 0 27h common-web-ui-9bf96df78-m5v6t 1/1 Running 0 27h configmap-watcher-56ff6788-2w242 1/1 Running 0 27h default-http-backend-564c8b4c9d-d7smn 1/1 Running 0 27h iam-onboarding--1-4pm7x 0/1 Completed 0 27h iam-policy-controller-5847c7bc7-xx429 1/1 Running 0 27h ibm-auditlogging-operator-84d8554677-67jn2 1/1 Running 4 (66m ago) 27h ibm-cert-manager-operator-77f45488c5-mq7sq 1/1 Running 0 27h ibm-common-service-operator-77c95f6749-lj4rk 1/1 Running 0 27h ibm-common-service-webhook-757b645f9d-twnlc 1/1 Running 0 27h ibm-commonui-operator-7d68488c8d-r6v9k 1/1 Running 0 27h ibm-events-operator-v3.15.0-5787d4bcc-ptdhj 1/1 Running 0 27h ibm-healthcheck-operator-9f7f8dc99-vsrzm 1/1 Running 0 27h ibm-iam-operator-64695f8dcb-7kqz4 1/1 Running 0 27h ibm-ingress-nginx-operator-788994f8bb-x5zqb 1/1 Running 0 27h ibm-licensing-operator-67797d6654-gr54v 1/1 Running 0 27h ibm-licensing-service-instance-68cb9997fd-j977z 1/1 Running 0 27h ibm-management-ingress-operator-5744f996d6-hmxtp 1/1 Running 0 27h ibm-mongodb-operator-f59cbdb5-sxnsj 1/1 Running 0 27h ibm-namespace-scope-operator-56d54dc557-wggh4 1/1 Running 0 27h ibm-platform-api-operator-76c8f6486f-gfljf 1/1 Running 3 (66m ago) 27h icp-memcached-5679ccb7b8-52xxd 1/1 Running 0 27h icp-mongodb-0 2/2 Running 0 27h management-ingress-69c5487b8-45pzt 1/1 Running 0 27h must-gather-service-0 1/1 Running 0 27h nginx-ingress-controller-6c787574cd-hdbxw 1/1 Running 0 27h oidc-client-registration--1-2j5sx 0/1 Completed 0 27h oidcclient-watcher-5c874b9c77-qq2qp 1/1 Running 0 27h operand-deployment-lifecycle-manager-555d997dc9-jr9mc 1/1 Running 0 27h platform-api-697ff6f4dc-bwmmd 2/2 Running 0 27h secret-watcher-77c4dbc968-6tsmd 1/1 Running 0 27h secretshare-69558568f-g674n 1/1 Running 0 27h security-onboarding--1-bqx9r 0/1 Completed 0 27h system-healthcheck-service-568d96dc56-mg5sv 1/1 Running 0 27h