IBM Support

Cloud Pak for Security: Power-on Procedures

How To


Summary

What are the power-on startup procedures for Cloud Pak for Security (CP4S)?

Steps

NOTE: A prerequisite is that Red Hati OpenShifti Cluster was previously gracefully shut down.
  1. Start the supporting Red Hati OpenShifti resources in the following order:
    1. Gateway: DHCP
    2. Bastion Host
    3. Service Host: DNS, haproxy
    4. NFS Storage: nfsd
  2. Verify all resources are working correctly:
    1. On services host:​​​​ 
      systemctl status named
​​​​​​​systemctl status haproxy
      ​​
    2. On storage host: 
      exportfs
​​​​​​​systemctl status nfs-server.service
      ​​​​​
  3. Start the Control servers.
  4. Once the command prompt is available on each control server proceed.
  5. Start the worker|processor servers.
  6. Once the command prompt is available on each processor server proceed.
  7. Verify all servers are working correctly.
  8. ​​​​​​​​​​​​​​Login to the Red Hati OpenShifti Cluster: 
    oc login -u ADMIN https://CONSOLE:PORT
    NOTE: Replace ADMIN with your admin user, and replace CONSOLE and PORT with your server-specific information.
  9. Log in to the Red Hati OpenShifti Admin UI.
    NOTE: You might need to clear browser cache for correct functionality.
  10. Verify all of the Pods are started.
    NOTE: If a pod is misbehaving, delete that pod and give more time.
  11. ​​​​​​​​​​​​​​If there are certificates pending, validate:
    1. Check for new certificates: 
      oc get csr
    2. Verify the certificate is valid: 
      oc describe csr CSR_NAME
      NOTE: CSR_NAME is replaced with the name of the certificate.
    3. If the certificate is valid, approve it: 
      oc adm certificate approve CSR_NAME
      NOTE: CSR_NAME is replaced with the name of the certificate.
  12. Verify nodes are in Ready status: 
    oc get nodes
  13. Validate all Cluster Operators are all available True and degraded False: 
    oc get clusteroperators
  14. Check etcd for the Control nodes: 
    oc get pods -n openshift-etcd | grep -v etcd-quorum-guard | grep etcd
    NOTE: Validate that all of the etcd pods are 3/3 and running.
    Select the first etc node from previous step: 
    oc rsh -n openshift-etcd etcd-cp4s-lab-control-1
    NOTE: Change openshift-etcd and etcd-cp4s-lab-control-1 to the values appropriate for your environment.
  15. Validate that etcd is in sync and there are no issues: 
    etcdctl member list -w table
  16. ​​​​​​​​​​​​​​All done: 
    exit
exit

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m3p0000000rbnAAA","label":"Support-\u003EAdministration Task"}],"ARM Case Number":"TS018859401","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
03 April 2025

UID

ibm17230041

Page Feedback