Installing Cloud Automation Manager offline

In the offline installation of Cloud Automation Manager, IBM Cloud Private environment does not require any access to the internet.

Before you begin

Procedure

  1. Download the Cloud Automation Manager.

    • Download Cloud Automation Manager 3.1.2.1 package from Fix Central and transfer to your master node:
      • x86 - icp-cam-x86_64-3.1.2.1.tar.gz
      • ppc64le - icp-cam-ppc-3.1.2.1.tar.gz
      • s390x - icp-cam-z-3.1.2.1.tar.gz

  2. SSH login to the IBM Cloud Private master node.

  3. Run the following commands to load the Cloud Automation Manager offline PPA image into IBM Cloud Private:

    cloudctl login -a https://<cluster_CA_domain>:8443 --skip-ssl-validation -u icp_Cluster_administrator_id> -p <icp_Cluster_administrator_password> -n services 

docker login <cluster_CA_domain>:8500

cloudctl catalog load-archive --archive icp-cam-[ARCH]-3.1.2.1.tar.gz

    By default, the cluster_CA_domain is mycluster.icp, but during IBM Cloud Private installation, you can change it in IBM Cloud Private config.yaml.

    For more information about this procedure, see Installing bundled products in IBM Cloud Private Knowledge Center.

    For more information about CLI catalog command, see IBM Cloud Private CLI catalog commands.

  4. Install Cloud Automation Manager either from the IBM Cloud Private user interface or from the command line:

    • If you are using the IBM Cloud Private user interface, do the following steps:

      1. Log in to IBM Cloud Private by using the supported browser. For list of supported browsers, see Other requirements section of System requirements.
      2. Go to Manage > Helm Repositories > Sync repositories to synchronize the helm repositories.
      3. Go to Catalog.
      4. Search for ibm-cam and click to open it.
      5. Review instructions and click Configuration tab.

      6. Enter the following install parameters:

        • In the Configuration section, enter the following values and accept the license agreement:

          • Release name - Enter cam in release name.

          • Target namespace - From the drop down list, select Services.

            Note: The services namespace is required because Cloud Automation Manager uses the ConfigMap of IBM Cloud Private to support single sign-on. If you define and use your own namespace during Cloud Automation Manager installation, then the installation might fail.

        • Enter the following values in the Parameters section:
          • In the All Parameters section > Worker node architecture, select amd64 to deploy on intel (default), ppc64le to deploy on Power, and s390x to deploy on zLinux.
          • In the All Parameters > Global section, enter the following values:
            • IAM Service API Key - Enter the IAM service API Key. It is used to generate Cloud Automation Manager specific Service ID and API Key. The Cloud Automation Manager API Key is used to interact with the platform authorization.
            • Optionally, select Optimize the installation for offline to optimize the installation for offline. For example, skip internet access to import public starter templates from github.com on the public internet during the installation.
            • Optionally, select Enable audit to enable the audit for actions in Cloud Automation Manager. It requires the management logging service to be installed. For audit related installation parameters, see Installation parameters.

        • Optionally, in the Secure Values section, enter Secret name. The Secret name is the name of a secret that you created prior to the installation of Cloud Automation Manager. By default, the Secret name is empty because Cloud Automation Manager automatically creates a secret at install time and it contains the default database credentials and proxy information. If you enter secret to override the default values, then Cloud Automation Manager does not create a secret with default values instead makes use of the secret you provided. For steps to override the default secret, see Using pre-created secrets in Cloud Automation Manager chart. Example of a Secret name is cam-secure-values-secret.

        • Optionally, in the Proxy section, select Use a proxy option if you are using a proxy server.

          Notes:

          • The values can be set in the secure values secret mentioned in the previous step. For more information, see Using pre-created secrets in Cloud Automation Manager chart.
          • Whitelist the following URLs/IPs addresses so Cloud Automation Manager can access them for its normal functioning:
            • Github access for templates that are needed for content:
              • api.github.com
            • Cloud Providers
              • api.softlayer.com (Needed for IBM deployments)
              • management.azure.com (Needed for Azure deployments)
              • amazonaws.com (Needed for Amazon Web Services (AWS) deployments)
          • Whitelist URLs and Cloud Automation Manager port numbers.
          • For IBM Cloud Private, open port 22 and the following urls:
          • The following provider's terraform plugins are supported to work with HTTPS proxy:
            • Amazon Web Services (AWS)
            • Microsoft Azure
            • IBM
            • OpenStack
            • VMware vSphere
          • Limitations of Proxy support:
            • remote-exec and file provisioners to remote systems that are behind the firewall do not work. Terraform does not support SSH over a proxy. If you want remote-exec and file provisioners to work from behind a firewall, use a bastion host. For more information about the usage of bastion, see Deploying content and content runtime from Cloud Automation Manager that is behind a firewall. For more information, see Provisioner Connections - Terraform by HashiCorp External link icon.
            • Helm deploys does not work with proxy
            • Google deploys are not supported behind proxy
            • You cannot deploy to an external IBM Cloud Private that is outside the proxy
            • UCDClient does not support a proxy server. For the connection to work, bypass UCDClient and use HttpClientBuilder directly. The HttpClientBuilder supports proxy settings.
            • Mail management does not work in a proxy environment.
        • Optionally, select Enable persistence for Cloud Automation Manager volumes.

        • Optionally, if you are using GlusterFS for persistent volumes, then specify additional chart install parameters: Creating Cloud Automation Manager persistent volumes using GlusterFS.

          Note: For information on additional installation parameters, see Installation parameters.

  5. Optionally, if you already have existing persistent volume claims from a previous installation of Cloud Automation Manager, enter the name of the existing persistent volume claim in Existing Claim Name for each of the four volumes.

  6. Click Install.

    • If you are using the command line, then do the following steps:

      1. SSH login to the IBM Cloud Private master node and configure the kubectl and helm CLI commands as follows:

      2. Run the following command to download the Cloud Automation Manager chart from IBM Cloud Private:

        wget https://mycluster.icp:8443/helm-repo/requiredAssets/ibm-cam-3.1.3.tgz --no-check-certificate

      3. Install Cloud Automation Manager by using the helm commands:

        Note: If you are using GlusterFS for persistent volumes, then specify additional chart install parameters: Creating Cloud Automation Manager persistent volumes using GlusterFS.

        For additional installation parameter options, see Installation parameters. 

           helm install ibm-cam-3.1.3.tgz --name cam --namespace services --set global.iam.deployApiKey=[Api key for service-deploy] --set global.audit=<true | false> --set global.offline=<true | false> --tls

        Use --set secureValues.secretName=cam-secure-values-secret only if you want to override the default secrets. For more information about the command line to create secrets and override them, see Before you begin section.

        The global.iam.deployApiKey is used to generate Cloud Automation Manager specific Service ID and API Key. The Cloud Automation Manager API Key is used to interact with the platform authorization.

        The global.offline skips the import of library starter templates from public github.

        Tip - To simplify specifying multiple --set parameters on the command line, you can create a yaml file to define multiple parameters and pass it in the command line. For more about helm installation, see Helm install command documentation External link icon.

        Note: The services namespace is required because Cloud Automation Manager uses the ConfigMap of IBM Cloud Private to support single sign-on. If you define and use your own namespace during Cloud Automation Manager installation, then the installation might fail.

  7. If you are planning to use IBM Business Process Manager and IBM Cloud Orchestrator, then do the following steps:

    Note:

    • The supported version of IBM Business Process Manager is 8.5.7.

    • The supported version of IBM Cloud Orchestrator is 2.5.0.9.

    • Increase the replica count to 1 for Business Process Manager service in values.yml. By default, the replica count for both Business Process Manager and IBM Cloud Orchestrator services are set to 0.

      camBpmProvider:
   replicaCount: 1      
camIcoProvider:
  replicaCount: 1

      {: codeblock} -->

      Note: If you increase the replica count from 0, then the ACTIVATE_BPM in cam-iaas is set to true automatically.

    • Add the following environment variables in env section of cam-provider-bpm:

      - name: BPM_ENDPOINT
    value: https://9.9.9.9:9443/
- name: BPM_USERNAME
    value: admin
- name: BPM_PASSWORD
    value: passw0rd

What to do next

  1. Access the Cloud Automation Manager user interface at the following URL:

    https://<CAM_IP_address>:<cam_port>

    where <CAM_IP_address> is the virtual IP address that is used to access your IBM Cloud Private cluster user interface. In standard clusters, it is the virtual IP address of the master node.

  2. If IBM Cloud Private Installation is behind a Proxy, see https://medium.com/ibm-cloud/ibm-cloud-private-behind-a-proxy-633d6e66021 External link icon.
  3. Optionally, Password migration of Cloud Automation Manager
  4. Configure a Cloud Connection
  5. Download Terraform templates and Chef cookbooks that are available for use with IBM Cloud Automation Manager. For more information, see cloneRepositories.sh External link icon.
  6. Provision an offline Content Runtime
  7. If you want to enable or disable Business Process Manager and IBM Cloud Orchestrator post the installation of Cloud Automation Manager, see Enabling and disabling Business Process Manager.