./cp4a-clusteradmin-setup.sh
[INFO] Setting up the cluster for IBM Cloud Pak for Business Automation
Select the cloud platform to deploy:
1) RedHat OpenShift Kubernetes Service (ROKS) - Public Cloud
2) OpenShift Container Platform (OCP) - Private Cloud
3) Other (Certified Kubernetes Cloud Platform / CNCF)
Enter a valid option [1 to 3]: 2
What type of deployment is being performed?
ATTENTION: The BAI standalone only supports "Production" deployment type.
1) Starter
2) Production
Enter a valid option [1 to 2]: 2
[NOTES] If you are planning to enable FIPS for CP4BA deployment, this script can perform a check on the OCP cluster to ensure the compute nodes have FIPS enabled.
Do you want to proceed with this check? (Yes/No, default: No): No
[NOTES] If your cluster is not connected to the internet, you can install Cloud Pak for Business Automation in an air gap environment with the IBM Catalog Management Plug-in. Use either a bastion host, or a portable compute/storage device to transfer the images to your air gap environment.
Do you want to deploy CP4BA using private catalog? (Yes/No, default: No): No
This script prepares the OLM for the deployment of some Cloud Pak for Business Automation capabilities.
Where do you want to deploy Cloud Pak for Business Automation?
Enter the name for a new project or an existing project (namespace): bronze
The Cloud Pak for Business Automation Operator (Pod, CSV, Subscription) not found in cluster
Continue....
Project "bronze" already exists! Continue...
Here are the existing users on this cluster:
1) Cluster Admin
2) <my_admin>
Enter an existing username in your cluster, valid option [1 to 2], non-admin is suggested: 2
[INFO] Creating cp4ba-fips-status configMap in the project "bronze"
[✔] Created cp4ba-fips-status configMap in the project "bronze".
Follow the instructions on how to get your Entitlement Key:
https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/23.2.0?topic=deployment-getting-access-images-from-public-entitled-registry
Do you have a Cloud Pak for Business Automation Entitlement Registry key (Yes/No, default: No): Yes
Enter your Entitlement Registry key:
Verifying the Entitlement Registry key...
Login Succeeded!
Entitlement Registry key is valid.
The existing storage classes in the cluster:
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
managed-nfs-storage (default) redhat-emea-ssa-team/hetzner-ocp4 Delete Immediate false 112m
Creating docker-registry secret for Entitlement Registry key in project bronze...
secret/ibm-entitlement-key created
Done
[INFO] Applying the latest IBM CP4BA Operator catalog source...
[✔] IBM CP4BA Operator catalog source Updated!
[INFO] Starting to install IBM Cert Manager and IBM Licensing Operator ...
[✔] ibm-licensing-catalog/ibm-cert-manager-catalog pod ready!
[✔] oc command available
[✔] /<my_path>/cert-kubernetes/scripts/cpfs/yq/amd64/yq command available
[✔] oc command logged in as <my_admin>
[✔] Channel v4.2 is valid
[INFO] No ibm-common-service-operator found on the cluster, skipping delegation check
# Check migrating LTSR ibm-licensing-operator
[INFO] There is no LTSR ibm-licensing-operator to migrate, skipping
# Check migrating and deactivating LTSR ibm-cert-manager-operator
[INFO] LTSR ibm-cert-manager-operator already deactivated, skipping
# Validate CatalogSource for operator ibm-cert-manager-operator in ibm-cert-manager namespace
[✔] CatalogSource ibm-cert-manager-catalog from openshift-marketplace CatalogSourceNamespace is available for ibm-cert-manager-operator in ibm-cert-manager namespace
# Validate CatalogSource for operator ibm-licensing-operator-app in ibm-licensing namespace
[✔] CatalogSource ibm-licensing-catalog from openshift-marketplace CatalogSourceNamespace is available for ibm-licensing-operator-app in ibm-licensing namespace
# Installing cert-manager
[✗] There is a cert-manager Subscription already
[✗] There is a cert-manager-webhook pod Running, so most likely another cert-manager is already installed
[INFO] Continue to upgrade check
[INFO] Upgrading ibm-cert-manager-operator to channel: v4.2
# Checking whether Namespace ibm-cert-manager exist...
[✔] Namespace ibm-cert-manager already exists. Skip creating
# Checking whether OperatorGroup in ibm-cert-manager exist...
[✔] OperatorGroup already exists in ibm-cert-manager. Skip creating
# Updating ibm-cert-manager-operator in namesapce ibm-cert-manager...
[INFO] v4.2 is equal to v4.2
[INFO] catalogsource ibm-cert-manager-catalog is the same as ibm-cert-manager-catalog
[INFO] ibm-cert-manager-operator has already updated channel v4.2 and catalogsource ibm-cert-manager-catalog in the subscription.
subscription.operators.coreos.com/ibm-cert-manager-operator configured
[✔] Successfully patched subscription ibm-cert-manager-operator in ibm-cert-manager
[INFO] Waiting for operator ibm-cert-manager-operator to be upgraded
[✔] Operator ibm-cert-manager-operator is upgraded to latest version in channel v4.2
[INFO] Waiting for operator ibm-cert-manager-operator CSV in namespace ibm-cert-manager to be bound to Subscription
[✔] Operator ibm-cert-manager-operator CSV in namespace ibm-cert-manager is bound to Subscription
[INFO] Waiting for operator ibm-cert-manager-operator in namespace ibm-cert-manager to be made available
[✔] Operator ibm-cert-manager-operator in namespace ibm-cert-manager is available
# Accepting license for certmanagerconfig.operator.ibm.com default in namespace ...
certmanagerconfig.operator.ibm.com/default patched (no change)
[✔] License accepted for certmanagerconfig.operator.ibm.com default
# Installing licensing
[✗] There is an ibm-licensing-operator-app Subscription already, so will upgrade it
# Checking whether Namespace ibm-licensing exist...
[✔] Namespace ibm-licensing already exists. Skip creating
# Checking whether OperatorGroup in ibm-licensing exist...
[✔] OperatorGroup already exists in ibm-licensing. Skip creating
# Updating ibm-licensing-operator-app in namesapce ibm-licensing...
[INFO] v4.2 is equal to v4.2
[INFO] catalogsource ibm-licensing-catalog is the same as ibm-licensing-catalog
[INFO] ibm-licensing-operator-app has already updated channel v4.2 and catalogsource ibm-licensing-catalog in the subscription.
subscription.operators.coreos.com/ibm-licensing-operator-app configured
[✔] Successfully patched subscription ibm-licensing-operator-app in ibm-licensing
[INFO] Waiting for operator ibm-licensing-operator-app to be upgraded
[✔] Operator ibm-licensing-operator-app is upgraded to latest version in channel v4.2
[INFO] Waiting for operator ibm-licensing-operator-app CSV in namespace ibm-licensing to be bound to Subscription
[✔] Operator ibm-licensing-operator-app CSV in namespace ibm-licensing is bound to Subscription
[INFO] Waiting for operator ibm-licensing-operator in namespace ibm-licensing to be made available
[✔] Operator ibm-licensing-operator in namespace ibm-licensing is available
[INFO] Waiting for ibmlicensing instance to be present.
[✔] ibmlicensing instance present
# Accepting license for ibmlicensing instance in namespace ...
ibmlicensing.operator.ibm.com/instance patched (no change)
[✔] License accepted for ibmlicensing instance
[INFO] Waiting for IBM Cert Manager Operator ready...
[✔] IBM Cert Manager Operator is running:
[INFO] Pod: cert-manager-controller-748f6f88b6-7vx75
cert-manager-webhook-56d57b8f8f-rx4xk
cert-manager-cainjector-bc587c95-xd2t2
ibm-cert-manager-operator-d8879b9f9-rvpc7
[INFO] Waiting for IBM Licensing Operator ready...
[✔] IBM Licensing Operator is running:
[INFO] Pod: ibm-licensing-operator-8976556fb-5rh2d
ibm-licensing-service-instance-549df84984-jkd7k
Waiting for the Cloud Pak for Business Automation operator to be ready. This might take a few minutes...
ibm-cp4a-operator-catalog ibm-cp4a-operator grpc IBM 49m
Found existing ibm operator catalog source, updating it
catalogsource.operators.coreos.com/ibm-cp4a-operator-catalog unchanged
catalogsource.operators.coreos.com/ibm-cs-flink-operator-catalog unchanged
catalogsource.operators.coreos.com/ibm-cs-elastic-operator-catalog unchanged
catalogsource.operators.coreos.com/ibm-cert-manager-catalog unchanged
catalogsource.operators.coreos.com/ibm-licensing-catalog unchanged
catalogsource.operators.coreos.com/opencloud-operators-v4-2 unchanged
catalogsource.operators.coreos.com/bts-operator unchanged
catalogsource.operators.coreos.com/cloud-native-postgresql-catalog unchanged
catalogsource.operators.coreos.com/ibm-fncm-operator-catalog unchanged
IBM Operator Catalog source updated!
[INFO] Waiting for CP4BA Operator Catalog pod initialization
[INFO] CP4BA Operator Catalog is running...
ibm-cp4a-operator-catalog-zqqhc 1/1 Running 0 49m
operatorgroup.operators.coreos.com/ibm-cp4a-operator-catalog-group created
CP4BA Operator Group Created!
subscription.operators.coreos.com/ibm-cp4a-operator-catalog-subscription created
CP4BA Operator Subscription Created!
[INFO] Waiting for CP4BA operator pod initialization
........................
CP4BA operator is running...
ibm-cp4a-operator-77665bdf54-48cwh
[INFO] Waiting for CP4BA Content operator pod initialization
CP4BA Content operator is running...
ibm-content-operator-6664cb6464-tzl7j
Adding the user <my_admin> to the ibm-cp4a-operator role...Done!
Label the default namespace to allow network policies to open traffic to the ingress controller using a namespaceSelector...namespace/default labeled
Done
Storage classes are needed to run the deployment script. For the Starter deployment scenario, you may use one (1) storage class. For an Production deployment, the deployment script will ask for three (3) storage classes to meet the slow, medium, and fast storage for the configuration of CP4BA components. If you don't have three (3) storage classes, you can use the same one for slow, medium, or fast. Note that you can get the existing storage class(es) in the environment by running the following command: oc get storageclass. Take note of the storage classes that you want to use for deployment.
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
<my-storage> (default) redhat-emea-ssa-team/hetzner-ocp4 Delete Immediate false 119m |