Maximo

 View Only

Deploying Maximo on Air-gapped (Private) Azure Redhat Openshift (ARO)

By Saurabh Rajguru posted Thu March 07, 2024 08:05 AM

  

Deploying Maximo on Air-gapped (Private) Azure Redhat Openshift (ARO)

In this blog post, we will walk through the process of Installation Maximo App Suite (MAS) on Air-Gapped (Private) Azure Redhat Openshift cluster.

Let's understand the basic keywords used so far.

  • Azure Redhat Openshift (ARO)
    Azure Red Hat OpenShift provides highly available, fully managed OpenShift clusters on demand, monitored and operated jointly by Microsoft and Red Hat. Kubernetes is at the core of Red Hat OpenShift. OpenShift brings added-value features to complement Kubernetes, making it a turnkey container platform as a service (PaaS) with a significantly improved developer and operator experience.

  • Maximo App Suite (MAS)
    IBM Maximo® Application Suite is a set of applications for asset monitoring, management, predictive maintenance and reliability planning.

  •         Air-Gap/Private Setup
    An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. In this case creating the cluster which is disconnected from the internet and has limited network connectivity.

Versions

ARO Cluster Creation

Please follow the below detailed document on steps to create private ARO cluster.
(Make sure to set apiserver and ingress visibility to private as mentioned in the document)

https://learn.microsoft.com/en-us/azure/openshift/howto-create-private-cluster-4x

In order to connect to a private Azure Red Hat OpenShift cluster, you'll need to connect from a host that is either in the Virtual Network you created or in a Virtual Network that is peered with the Virtual Network the cluster was deployed to.

For this example, We have created the VM in the same virtual network to access Openshift. Please follow below document on VM creation.

https://learn.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-portal

Azure Container Registry(ACR) Creation

Image Registry is required to store and manage images required in the installation process.

Azure Container Registry is a managed registry service based on the open-source Docker Registry 2.0. Create and maintain Azure container registries to store and manage your container images and related artifacts.

Azure Container Registry is used as the example however you are free to use other Registry on Azure.

Please follow the below document on steps to create Azure Container Registry from Azure Portal

https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal?tabs=azure-cli

Make sure to use private endpoint to restrict access to Azure container registry. Please follow below document to setup private endpoint.

https://learn.microsoft.com/en-us/azure/container-registry/container-registry-private-link

Mirror Images on Azure Container Registry

The images which are required by installation process needs to be mirrored on ACR.
We will use the MAS CLI to mirror the images.

Please follow below link on instructions to install and run MAS CLI.

https://ibm-mas.github.io/cli/

Use the CLI tool from the VM we have created in the first step since that VM has the connectivity to ACR.

Start the interactive mirroring process by running below command

docker run -ti --pull always quay.io/ibmmas/cli mas mirror-images

Within the interactive prompts, Provide details for ACR, Working directory and catalog.MAS CLI Interactive prompts filling up informations related to mirror and MAS Catalog

Confirm and review all the details to start the mirroring process, Wait for the completion.

Additionally, If the environment does not allow any access to Redhat registries.
Please use MAS CLI to mirror necessary Redhat catalog.

Run the following command to start the interactive process.

docker run -ti --pull always quay.io/ibmmas/cli mas mirror-redhat-images

 

Provide the necessary details like ACR, Redhat pull secret, OCP version.

MAS CLI Interactive prompts filling up information for mirroring redhat images.

Mirror MAS CLI 

Visit the http://quay.io/ibmmas/cli and note the version and the digest that you are using.

Use any familiar tool to import that image into Azure Container registry.

For this example we have used Azure CLI to import image.

az acr import --name {ACRName} --source quay.io/ibmmas/cli@sha256:d1092b058928633f8e4f2f6052ad20427d01589d3365b9db3dd31784b7edcd8d

Openshift Storage class

For proper functioning of the MAS application, We need to create appropriate storage class.

Goto Openshift Console – Storage – StorageClasses – Create StorageClass.

Add the following YAML.

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: azurefiles-premium
provisioner: file.csi.azure.com
parameters:
  protocol: nfs
  skuName: Premium_ZRS
reclaimPolicy: Retain
volumeBindingMode: Immediate
allowVolumeExpansion: true


Configure OpenShift to use your Private Registry for MAS

Run the following command to configure private registry as a mirror.

docker run -ti --pull always quay.io/ibmmas/cli mas configure-airgap

Fill out the information related to ACR and Openshift cluster.

Install MAS

Run the following command to start the installation process.

docker run -ti --pull always quay.io/ibmmas/cli mas install

 

Provide the information related to OCP cluster and select the catalog for the installation.

At the next step, Provide information related to MAS Instance Id and Workspace details.

Choose the Applications to install.

Provide the Storage classes for Maximo.
Please make sure to choose following storage classes
RWO – managed-csi
RWX – azurefiles-premium

Before proceeding further, Login into Openshift console and goto
Projects – openshift-ingress – Secrets

Look for the TLS certificate secret with unique identifier and copy the secret name.

Move back to CLI, and Configure Advanced Settings as mentioned below.

Provide the ingress certificate secret name copied in earlier step.

Provide basic details for UDS, MAS License file and IBM Entitlement key and confirm to start the installation.

Once installation is started console with provide the URL to monitor the progress on the installation pipeline.
Open the URL in the browser to monitor the installation.
Once installation is completed successfully, The credentials and URL of MAS Admin will be provided.
Launch the Admin URL in the browser and login with provided credentials.


#sustainability-featured-area-2
0 comments
31 views

Permalink