Installing Cloud Automation Manager offline
In the offline installation of Cloud Automation Manager, IBM Cloud Private environment does not require any access to the internet.
Before you begin
- Go through the prerequisites in Prerequisites for installing Cloud Automation Manager.
- Ensure that all steps mentioned in Preparing to install Cloud Automation Manager topic are completed successfully.
- Create persistent volumes that are required for Cloud Automation Manager database, log files, terraform, and Cloud Automation Manager Template Designer. For the procedure to create persistent volumes, see Creating Cloud Automation Manager persistent volumes.
-
Generate a deployment ServiceID API Key:
export serviceIDName='service-deploy' export serviceApiKeyName='service-deploy-api-key' cloudctl login -a https://mycluster.icp:8443 --skip-ssl-validation -u <icp_admin_id> -p <icp_admin_password> -n services cloudctl iam service-id-create ${serviceIDName} -d 'Service ID for service-deploy' cloudctl iam service-policy-create ${serviceIDName} -r Administrator,ClusterAdministrator --service-name 'idmgmt' cloudctl iam service-policy-create ${serviceIDName} -r Administrator,ClusterAdministrator --service-name 'identity' cloudctl iam service-api-key-create ${serviceApiKeyName} ${serviceIDName} -d 'Api key for service-deploy'
Use the API Key that you receive from the
service-api-key-create
command in deployApiKey value of Helm Chart install.Notes:
- Create a new ServiceID that includes a service policy to grant Cluster Administrator/Administrator role to Cloud Automation Manager and Helm API.
- Generate an API Key for Cloud Automation Manager ServiceID. This key is used to onboard Cloud Automation Manager into the Platform Identity and Access Management(IAM). IAM is used for authorization checks in Cloud Automation Manager.
Procedure
-
Download the Cloud Automation Manager.
- Download Cloud Automation Manager 3.1.2.1 package from Fix Central and transfer to your master node:
- x86 -
icp-cam-x86_64-3.1.2.1.tar.gz
- ppc64le -
icp-cam-ppc-3.1.2.1.tar.gz
- s390x -
icp-cam-z-3.1.2.1.tar.gz
- x86 -
- Download Cloud Automation Manager 3.1.2.1 package from Fix Central and transfer to your master node:
-
SSH login to the IBM Cloud Private master node.
-
Run the following commands to load the Cloud Automation Manager offline PPA image into IBM Cloud Private:
cloudctl login -a https://<cluster_CA_domain>:8443 --skip-ssl-validation -u icp_Cluster_administrator_id> -p <icp_Cluster_administrator_password> -n services docker login <cluster_CA_domain>:8500 cloudctl catalog load-archive --archive icp-cam-[ARCH]-3.1.2.1.tar.gz
By default, the
cluster_CA_domain
ismycluster.icp
, but during IBM Cloud Private installation, you can change it in IBM Cloud Private config.yaml.For more information about this procedure, see Installing bundled products in IBM Cloud Private Knowledge Center.
For more information about CLI catalog command, see IBM Cloud Private CLI catalog commands.
-
Install Cloud Automation Manager either from the IBM Cloud Private user interface or from the command line:
-
If you are using the IBM Cloud Private user interface, do the following steps:
- Log in to IBM Cloud Private by using the supported browser. For list of supported browsers, see Other requirements section of System requirements.
- Go to Manage > Helm Repositories > Sync repositories to synchronize the helm repositories.
- Go to Catalog.
- Search for
ibm-cam
and click to open it. - Review instructions and click Configuration tab.
-
Enter the following install parameters:
-
In the Configuration section, enter the following values and accept the license agreement:
- Release name - Enter
cam
in release name. -
Target namespace - From the drop down list, select
Services
.Note: The
services
namespace is required because Cloud Automation Manager uses the ConfigMap of IBM Cloud Private to support single sign-on. If you define and use your own namespace during Cloud Automation Manager installation, then the installation might fail.
- Release name - Enter
- Enter the following values in the Parameters section:
- In the All Parameters section > Worker node architecture, select amd64 to deploy on intel (default), ppc64le to deploy on Power, and s390x to deploy on zLinux.
- In the All Parameters > Global section, enter the following values:
- IAM Service API Key - Enter the IAM service API Key. It is used to generate Cloud Automation Manager specific Service ID and API Key. The Cloud Automation Manager API Key is used to interact with the platform authorization.
- Optionally, select Optimize the installation for offline to optimize the installation for offline. For example, skip internet access to import public starter templates from github.com on the public internet during the installation.
- Optionally, select Enable audit to enable the audit for actions in Cloud Automation Manager. It requires the management logging service to be installed. For audit related installation parameters, see Installation parameters.
-
Optionally, in the Secure Values section, enter Secret name. The Secret name is the name of a secret that you created prior to the installation of Cloud Automation Manager. By default, the Secret name is empty because Cloud Automation Manager automatically creates a secret at install time and it contains the default database credentials and proxy information. If you enter secret to override the default values, then Cloud Automation Manager does not create a secret with default values instead makes use of the secret you provided. For steps to override the default secret, see Using pre-created secrets in Cloud Automation Manager chart. Example of a Secret name is
cam-secure-values-secret
. -
Optionally, in the Proxy section, select Use a proxy option if you are using a proxy server.
Notes:
- The values can be set in the secure values secret mentioned in the previous step. For more information, see Using pre-created secrets in Cloud Automation Manager chart.
- Whitelist the following URLs/IPs addresses so Cloud Automation Manager can access them for its normal functioning:
- Github access for templates that are needed for content:
- api.github.com
- Cloud Providers
- api.softlayer.com (Needed for IBM deployments)
- management.azure.com (Needed for Azure deployments)
- amazonaws.com (Needed for Amazon Web Services (AWS) deployments)
- Github access for templates that are needed for content:
- Whitelist URLs and Cloud Automation Manager port numbers.
- For IBM Cloud Private, open port 22 and the following urls:
- The following provider's terraform plugins are supported to work with HTTPS proxy:
- Amazon Web Services (AWS)
- Microsoft Azure
- IBM
- OpenStack
- VMware vSphere
- Limitations of Proxy support:
remote-exec
and file provisioners to remote systems that are behind the firewall do not work. Terraform does not support SSH over a proxy. If you wantremote-exec
and file provisioners to work from behind a firewall, use a bastion host. For more information about the usage of bastion, see Deploying content and content runtime from Cloud Automation Manager that is behind a firewall. For more information, see Provisioner Connections - Terraform by HashiCorp .- Helm deploys does not work with proxy
- Google deploys are not supported behind proxy
- You cannot deploy to an external IBM Cloud Private that is outside the proxy
- UCDClient does not support a proxy server. For the connection to work, bypass UCDClient and use HttpClientBuilder directly. The HttpClientBuilder supports proxy settings.
- Mail management does not work in a proxy environment.
- Optionally, select Enable persistence for Cloud Automation Manager volumes.
-
Optionally, if you are using GlusterFS for persistent volumes, then specify additional chart install parameters: Creating Cloud Automation Manager persistent volumes using GlusterFS.
Note: For information on additional installation parameters, see Installation parameters.
-
-
- Optionally, if you already have existing persistent volume claims from a previous installation of Cloud Automation Manager, enter the name of the existing persistent volume claim in Existing Claim Name for each of the four volumes.
-
Click Install.
-
If you are using the command line, then do the following steps:
-
SSH login to the IBM Cloud Private master node and configure the kubectl and helm CLI commands as follows:
-
Run the following command to download the Cloud Automation Manager chart from IBM Cloud Private:
wget https://mycluster.icp:8443/helm-repo/requiredAssets/ibm-cam-3.1.3.tgz --no-check-certificate
-
Install Cloud Automation Manager by using the helm commands:
Note: If you are using GlusterFS for persistent volumes, then specify additional chart install parameters: Creating Cloud Automation Manager persistent volumes using GlusterFS.
For additional installation parameter options, see Installation parameters.
helm install ibm-cam-3.1.3.tgz --name cam --namespace services --set global.iam.deployApiKey=[Api key for service-deploy] --set global.audit=<true | false> --set global.offline=<true | false> --tls
Use
--set secureValues.secretName=cam-secure-values-secret
only if you want to override the default secrets. For more information about the command line to create secrets and override them, see Before you begin section.The
global.iam.deployApiKey
is used to generate Cloud Automation Manager specific Service ID and API Key. The Cloud Automation Manager API Key is used to interact with the platform authorization.The
global.offline
skips the import of library starter templates from public github.Tip - To simplify specifying multiple
--set
parameters on the command line, you can create a yaml file to define multiple parameters and pass it in the command line. For more about helm installation, see Helm install command documentation .Note: The
services
namespace is required because Cloud Automation Manager uses the ConfigMap of IBM Cloud Private to support single sign-on. If you define and use your own namespace during Cloud Automation Manager installation, then the installation might fail.
-
-
-
If you are planning to use IBM Business Process Manager and IBM Cloud Orchestrator, then do the following steps:
Note:
- The supported version of IBM Business Process Manager is 8.5.7.
-
The supported version of IBM Cloud Orchestrator is 2.5.0.9.
-
Increase the replica count to 1 for Business Process Manager service in
values.yml
. By default, the replica count for both Business Process Manager and IBM Cloud Orchestrator services are set to 0.camBpmProvider: replicaCount: 1 camIcoProvider: replicaCount: 1
{: codeblock} -->
Note: If you increase the replica count from 0, then the
ACTIVATE_BPM
incam-iaas
is set to true automatically. -
Add the following environment variables in env section of
cam-provider-bpm
:- name: BPM_ENDPOINT value: https://9.9.9.9:9443/ - name: BPM_USERNAME value: admin - name: BPM_PASSWORD value: passw0rd
What to do next
-
Access the Cloud Automation Manager user interface at the following URL:
https://<CAM_IP_address>:<cam_port>
where
<CAM_IP_address>
is the virtual IP address that is used to access your IBM Cloud Private cluster user interface. In standard clusters, it is the virtual IP address of the master node. - If IBM Cloud Private Installation is behind a Proxy, see https://medium.com/ibm-cloud/ibm-cloud-private-behind-a-proxy-633d6e66021 .
- Optionally, Password migration of Cloud Automation Manager
- Configure a Cloud Connection
- Download Terraform templates and Chef cookbooks that are available for use with IBM Cloud Automation Manager. For more information, see cloneRepositories.sh .
- Provision an offline Content Runtime
- If you want to enable or disable Business Process Manager and IBM Cloud Orchestrator post the installation of Cloud Automation Manager, see Enabling and disabling Business Process Manager.