Installing Cloud Automation Manager Community Edition online

Steps to install Cloud Automation Manager Community Edition online. You can install directly from IBM Cloud Private catalog without any prior download.

Before you begin

Go through the prerequisites in Prerequisites for installing Cloud Automation Manager.
Create Docker Store secret. For instructions, see Creating a Docker Store secret.

Generate a deployment ServiceID API Key:

export serviceIDName='service-deploy'
export serviceApiKeyName='service-deploy-api-key'
cloudctl login -a https://mycluster.icp:8443 --skip-ssl-validation -u <icp_admin_id> -p <icp_admin_password> -n services
cloudctl iam service-id-create ${serviceIDName} -d 'Service ID for service-deploy'
cloudctl iam service-policy-create ${serviceIDName} -r Administrator,ClusterAdministrator --service-name 'idmgmt'
cloudctl iam service-policy-create ${serviceIDName} -r Administrator,ClusterAdministrator --service-name 'identity'
cloudctl iam service-api-key-create ${serviceApiKeyName} ${serviceIDName} -d 'Api key for service-deploy'

Use the API Key that you receive from the service-api-key-create command in deployApiKey value of Helm Chart install.

Notes:

Create a new ServiceID that includes a service policy to grant Cluster Administrator/Administrator role to Cloud Automation Manager and Helm API.
Generate an API Key for Cloud Automation Manager ServiceID. This key is used to onboard Cloud Automation Manager into the Platform Identity and Access Management(IAM). IAM is used for authorization checks in Cloud Automation Manager.

Procedure

Create persistent volumes that are required for Cloud Automation Manager database, log files, terraform, and Cloud Automation Manager Template Designer. For the procedure to create persistent volumes, see Creating Cloud Automation Manager persistent volumes.
Install Cloud Automation Manager Community Edition either from the IBM Cloud Private user interface or from the command line:
- If you are using the IBM Cloud Private user interface, then do the following steps:
  1. Log in to IBM Cloud Private by using the supported browser. For a list of supported browsers, see Other requirements section of System requirements.
  2. Navigate to Manage > Helm Repositories > Sync repositories to synchronize the helm repositories.
  3. Navigate to Catalog.
  4. Find and click ibm-cam.
  5. Review instructions and click Configure.
  6. In the Configuration section, enter the following values:
    - Release name - Enter release name. For example, cam.
    - Target namespace - Select Services from the target namespace drop-down list.
      
      Note: The services namespace is required because Cloud Automation Manager uses the ConfigMap of IBM Cloud Private to support single sign-on. If you define and use your own namespace during Cloud Automation Manager installation, then the installation might fail.
    - Select I have read and agreed to license agreements to accept the license agreements.
  7. In the Parameters section, enter the following details:
    - In the Quick start > Global section, enter the following values:
      - Docker Image Pull Secret - Enter the Docker Store secret name that you generated in Creating a Docker Store secret.
      - IAM Service API Key - Enter the IAM service API Key. It is used to generate Cloud Automation Manager specific Service ID and API Key. The Cloud Automation Manager API Key is used to interact with the platform authorization.
    - In the All Parameters > Worker node architecture drop-down list, select amd64 to deploy on intel (default), ppc64le to deploy on Power, and s390x to deploy on zLinux.
    - Optionally, select Optimize the installation for offline to optimize the installation for offline. For example, skip internet access to import public starter templates from github.com on the public internet during the installation.
    - Optionally, select Enable audit to enable the audit for actions in Cloud Automation Manager. For audit related installation parameters, see Installation parameters.
  8. Optionally, in the Secure Values section, enter Secret name. The Secret name is the name of a secret that you created prior to the installation of Cloud Automation Manager. By default, the Secret name is empty because Cloud Automation Manager automatically creates a secret at install time and it contains the default database credentials and proxy information. If you enter a secret to override the default values, then Cloud Automation Manager does not create a secret with default values instead makes use of the secret you provided. For steps to override the default secret, see Using pre-created secrets in Cloud Automation Manager chart. Example of a Secret name is cam-secure-values-secret.
  9. Optionally, in the Proxy section, select Use a proxy option if you are using a proxy server.
    
    Notes:
    - Whitelist the following URLs/IPs addresses so Cloud Automation Manager can access them for its normal functioning:
      - Github access for templates that are needed for content:
        
        api.github.com
      - Cloud Providers
        
        api.softlayer.com (Needed for IBM deployments)
        
        management.azure.com (Needed for Azure deployments)
        
        amazonaws.com (Needed for Amazon Web Services (AWS) deployments)
    - The following provider's terraform plugins are supported to work with HTTPS proxy:
      - Amazon Web Services (AWS)
      - Microsoft Azure
      - IBM
      - OpenStack
      - VMware vSphere
    - Limitations of Proxy support:
      - remote-exec and file provisioners to remote systems that are behind the firewall do not work. Terraform does not support SSH over a proxy. If you want remote-exec and file provisioners to work from behind a firewall, use a bastion host. For more information about the usage of bastion, see Deploying content and content runtime from Cloud Automation Manager that is behind a firewall. For more information, see Provisioner Connections - Terraform by HashiCorp .
      - Helm deploys does not work with proxy
      - Google deploys are not supported behind proxy
      - You cannot deploy to an external IBM Cloud Private that is outside the proxy
      - UCDClient does not support a proxy server. For the connection to work, bypass UCDClient and use HttpClientBuilder directly. The HttpClientBuilder supports proxy settings.
      - Mail management does not work in a proxy environment.
  10. Optionally, select Enable persistence for Cloud Automation Manager volumes.
  11. If you are using GlusterFS for persistent volumes then you will need to specify additional chart install parameters: Creating Cloud Automation Manager persistent volumes using GlusterFS.
  12. Optionally, if you already have existing persistent volume claims from a previous installation of Cloud Automation Manager, enter the name of the existing persistent volume claim in Existing Claim Name for each of the four volumes.
  13. Click Install.
- If you are using the command line, then do the following steps:
  1. SSH login to the IBM Cloud Private master node.
  2. Configure the kubectl and helm CLI commands as follows:
    - Accessing your IBM® Cloud Private cluster by using the kubectl CLI
    - Setting up the Helm CLI
    1. Run the following commands to add the IBM chart repo to the Helm client and sync the Helm repositories:
```
helm repo add ibm-stable https://raw.githubusercontent.com/IBM/charts/master/repo/stable/
helm repo update
```
    2. Run the following command to download the Cloud Automation Manager Helm chart:
```
helm fetch ibm-stable/ibm-cam --version 3.1.3
```
    3. Install the Cloud Automation Manager Helm chart:
      
      Note: If you are using GlusterFS for persistent volumes then you will need to specify additional chart install parameters: Creating Cloud Automation Manager persistent volumes using GlusterFS.
      
      For additional installation parameter options, see Installation parameters.
```
helm install ibm-cam-3.1.3.tgz --name cam --namespace services --set global.image.secretName=[docker secret name] --set arch=[amd64/ppc64le/s390x] --set global.iam.deployApiKey=[Api key for service-deploy] --set global.audit=<true | false> --tls
```
      The global.iam.deployApiKey is used to generate Cloud Automation Manager specific Service ID and API Key. The Cloud Automation Manager API Key is used to interact with the platform authorization.
      
      Tip - To simplify specifying multiple --set parameters on the command line, you can create a yaml file to define multiple parameters and pass it in the command line. For more information about Helm installation, see Helm install command documentation .
      
      Note: The services namespace is required because Cloud Automation Manager uses the ConfigMap of IBM Cloud Private to support single sign-on. If you define and use your own namespace during Cloud Automation Manager installation, then the installation might fail.
Optionally, run the following kubectl command to monitor the Cloud Automation Manager Community Edition installation and pod deployment:
```
   kubectl get -n services pods
```
If you are planning to use IBM Business Process Manager, then do the following steps:

Note:
- The supported version of IBM Business Process Manager is 8.5.7.
- The supported version of IBM Cloud Orchestrator is 2.5.0.9.
- Increase the replica count to 1 for Business Process Manager service in values.yml. By default, the replica count for both Business Process Manager and IBM Cloud Orchestrator services are set to 0.
```
camBpmProvider:
   replicaCount: 1      
camIcoProvider:
  replicaCount: 1
```
  {: codeblock} -->
  
  Note: If you increase the replica count from 0, then the ACTIVATE_BPM in cam-iaas is set to true automatically.
- Add the following environment variables in env section of cam-provider-bpm:
```
- name: BPM_ENDPOINT
    value: https://9.9.9.9:9443/
- name: BPM_USERNAME
    value: admin
- name: BPM_PASSWORD
    value: passw0rd
```

What to do next

Access the Cloud Automation Manager user interface at the following URL:
```
 https://<CAM_IP_address>:<cam_port>
```
where <CAM_IP_address> is the virtual IP address that is used to access your IBM Cloud Private cluster user interface. In standard clusters, it is the virtual IP address of the master node.
Configure a Cloud Connection
Deploy a Starterpack template
Provision the Content Runtime
If you want to enable or disable Business Process Manager and IBM Cloud Orchestrator post the installation of Cloud Automation Manager, see Enabling and disabling Business Process Manager.