Installing Cloud Automation Manager offline on OpenShift

Steps to install Cloud Automation Manager offline on OpenShift. In the offline installation of Cloud Automation Manager, the OpenShift environment does not require any access to the internet. Cloud Automation Manager runs on the OpenShift Kubernetes platform, even though it still leverages some common services of IBM Multicloud Manager, which is installed on top of OpenShift.

Before you begin

• Install IBM Cloud Pak for Multicloud Management 1.1.0, or IBM Cloud Pak for Multicloud Management 1.2.0.
• Go through the prerequisites in Prerequisites for installing Cloud Automation Manager.

• Run the following command to add the default pod security policy:

   oc adm policy add-scc-to-user ibm-anyuid-hostpath-scc system:serviceaccount:services:default
  

• Ensure that all steps mentioned in Preparing to install Cloud Automation Manager topic are completed successfully.
• Create persistent volumes that are required for Cloud Automation Manager database, log files, terraform, and Cloud Automation Manager Template Designer. For the procedure to create persistent volumes, see Creating Cloud Automation Manager persistent volumes.

• Generate a deployment ServiceID API Key:

  export serviceIDName='service-deploy'
  export serviceApiKeyName='service-deploy-api-key'
  cloudctl login -a <ibm_cloud_pak_mcm_console_url> --skip-ssl-validation -u <ibm_cloud_pak_mcm_admin_id> -p <ibm_cloud_pak_mcm_admin_password> -n services
  cloudctl iam service-id-create ${serviceIDName} -d 'Service ID for service-deploy'
  cloudctl iam service-policy-create ${serviceIDName} -r Administrator,ClusterAdministrator --service-name 'idmgmt'
  cloudctl iam service-policy-create ${serviceIDName} -r Administrator,ClusterAdministrator --service-name 'identity'
  cloudctl iam service-api-key-create ${serviceApiKeyName} ${serviceIDName} -d 'Api key for service-deploy'
  

  Use the API Key that you receive from the service-api-key-create command in deployApiKey value of Helm Chart install.

  Notes:

  • Create a new ServiceID that includes a service policy to grant Cluster Administrator/Administrator role to Cloud Automation Manager and Helm API.
  • Generate an API Key for Cloud Automation Manager ServiceID. This key is used to onboard Cloud Automation Manager into the Platform Identity and Access Management(IAM). IAM is used for authorization checks in Cloud Automation Manager.

Procedure

1. Download the Cloud Automation Manager.

   • Download the following packages and transfer to your master node using your product ID from IBM Passport Advantage :

     • For Cloud Automation Manager version 4.1.0.0:

       • x86 - icp-cam-x86_64-4.1.tar.gz
       • ppc64le - icp-cam-ppc-4.1.tar.gz

     • For Cloud Automation Manager version 4.1.0.1:

       • x86 - icp-cam-x86_64-4.1.0.1.tar.gz
       • ppc64le - icp-cam-ppc-4.1.0.1.tar.gz

       Cloud Automation Manager Version	Version number (version_number)	TGZ File name (cam_tgz_filename)
       4.1.0.0	4.1	ibm-cam-4.1.0.tgz
       4.1.0.1	4.1.0.1	ibm-cam-4.1.1.tgz

2. SSH login to the infra node and configure the kubectl and Helm CLI commands as follows:

   • Accessing your IBM Multicloud Manager cluster by using the kubectl CLI
   • Setting up the Helm CLI

3. Run the following commands to load the Cloud Automation Manager offline PPA image into OpenShift docker registry:

   • For Openshift 3.11:

       oc login -u <openshift console admin user> -p <openshfit console admin password>      
     
       cloudctl login -a <ibm_cloud_pak_mcm_console url> --skip-ssl-validation -u <ibm_cloud_pak_mcm_admin_ID> -p <ibm_cloud_pak_mcm_admin_password> -n services       
     
       docker login docker-registry.default.svc:5000 -u <openshfit admin user>  -p `oc whoami -t`      
     
       cloudctl catalog load-archive --archive icp-cam-[x86-64 | ppc]-<version_number>.tar.gz --registry docker-registry.default.svc:5000/services
     

   • For OpenShit 4.2:

     Copy the login command from OpenShift Console and paste it to the Infra node that can access the OpenShift Console.

      HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
     
      cloudctl login -a <ibm_cloud_pak_mcm_Console_Url> --skip-ssl-validation -u <ibm_cloud_pak_mcm_admin_ID> -p <ibm_cloud_pak_mcm_password> -n services
     
      docker login -u <oc admin> -p $(oc whoami -t) $HOST
     
      cloudctl catalog load-archive --archive icp-cam-[x86-64 | ppc]-<version_number>.tar.gz --registry $HOST/services
     

4. Install Cloud Automation Manager either from the IBM Cloud Pak for Multicloud Management user interface or from the command line:

   • To install Cloud Automation Manager from UI, follow the steps from Installing from UI.

   • To install Cloud Automation Manager using the command line, do the following steps:

     1. SSH login to the IBM Multicloud Manager master node and configure the kubectl and helm CLI commands as follows:

        cloudctl login -a <ibm_cloud_pak_mcm_console_url> --skip-ssl-validation -u <ibm_cloud_pak_mcm_admin_ID> -p <ibm_cloud_pak_mcm_admin_password> -n services
        

        • For OpenShift 3.11, run the following command:

          docker login docker-registry.default.svc:5000 -u <openshfit admin user>  -p 'oc whoami -t'
          

        • For OpenShift 4.2, run the following command:

          HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
          docker login -u <oc admin> -p $(oc whoami -t) $HOST
          

     2. Run the following command to download the Cloud Automation Manager chart from IBM Multicloud Manager:

         wget <ibm_cloud_pak_mcm_console_url>/helm-repo/requiredAssets/<cam_tgz_filename> --no-check-certificate
        

     1. Install Cloud Automation Manager by using the helm commands

        • For OpenShift 3.11:

          helm install <cam_tgz_filename> --name cam --namespace <selected namespace> --set icp.port=443 --set global.iam.deployApiKey=[Api key for service-deploy]  --set global.enableFIPS=false --tls
          

        • For OpenShift 4.2:

          helm install <cam_tgz_filename> --name cam --namespace <selected namespace> --set icp.port=443 --set global.iam.deployApiKey=[Api key for service-deploy]  --set global.enableFIPS=false --set image.repository=image-registry.openshift-image-registry.svc:5000/services/ --tls
          

          Notes:

        • The global.enableFIPS is required only if you want to be FIPS compliant.

        • Use --set secureValues.secretName=cam-secure-values-secret only if you want to override the default secrets. For more information about the command line to create secrets and override them, see Before you begin section.
        • The global.iam.deployApiKey is used to generate Cloud Automation Manager specific Service ID and API Key. The Cloud Automation Manager API Key is used to interact with the platform authorization.
        • The global.offline skips the import of library starter templates from public github.
        • The icp.port is used to specify the IBM Multicloud Manager console port.
        • If you are using GlusterFS for persistent volumes, then specify additional chart install parameters: Creating Cloud Automation Manager persistent volumes using GlusterFS.

        • For additional installation parameter options, see Installation parameters.

          Tip - To simplify specifying multiple --set parameters on the command line, you can create a yaml file to define multiple parameters and pass it in the command line. For more about helm installation, see Helm install command documentation .

        1. Optionally, monitor the Cloud Automation Manager installation and pod deployment by running the following kubectl command:

        kubectl get -n <namespace> pods
        

        1. If you are planning to use IBM Business Process Manager, IBM Cloud Orchestrator, Ansible provider or Broker then do the following steps:

           1. Increase the replica count to 1 for Business Process Manager service in values.yml. By default, the replica count for these services is set to 0.

           camBpmProvider:
             replicaCount: 1
           camAnsibleProvider:
             replicaCount: 1
           camIcoProvider:
             replicaCount: 1
           camBrokerProvider:
             replicaCount: 1
             storeNamespace: helm-consume-test
           

           Note: If you increase the replica count from 0, then the ACTIVATE_BPM in cam-iaas is set to true automatically.

           1. Add the following environment variables in env section of cam-provider-bpm:

                name: BPM_ENDPOINT
                  value: https://9.9.9.9:9443/
                name: BPM_USERNAME
                  value: admin
                name: BPM_PASSWORD
                  value: passw0rd
              

              Notes:

              • The supported version of IBM Business Process Manager is 8.5.7 and 19.0.0.1.
              • The supported version of IBM Cloud Orchestrator is 2.5.0.9.

What to do next

• Access the Cloud Automation Manager user interface at the following URL:

   oc get route -n services
   https://<HOST>
  

  where <HOST> is the value returned from oc get route -n services.

• Optionally, Password migration of Cloud Automation Manager
• Configure a Cloud Connection
• Deploy a Starterpack template
• Provision the Content Runtime
• If you want to enable or disable Business Process Manager and IBM Cloud Orchestrator post the installation of Cloud Automation Manager, see Enabling and disabling Business Process Manager.