./cp4a-clusteradmin-setup.sh
[INFO] Setting up the cluster for IBM Cloud Pak for Business Automation
Do you wish setup your cluster for a online based CP4BA deployment or for a airgap/offline based CP4BA deployment:
1) Online
2) Offline/Airgap
Enter a valid option [1 to 2]: 1
Select the cloud platform to deploy:
1) RedHat OpenShift Kubernetes Service (ROKS) - Public Cloud
2) OpenShift Container Platform (OCP) - Private Cloud
3) Other (Certified Kubernetes Cloud Platform / CNCF)
Enter a valid option [1 to 3]: 2
What type of deployment is being performed?
ATTENTION: The BAI standalone only supports "Production" deployment type.
1) Starter
2) Production
Enter a valid option [1 to 2]: 2
[NOTES] If you are planning to enable FIPS for CP4BA deployment, this script can perform a check on the OCP cluster to ensure the compute nodes have FIPS enabled.
Do you want to proceed with this check? (Yes/No, default: No): No
[NOTES] You can install the CP4BA deployment as either a private catalog (namespace scope) or the global catalog namespace (GCN). The private option uses the same target namespace of the CP4BA deployment, the GCN uses the openshift-marketplace namespace.
Do you want to deploy CP4BA using private catalog (recommended)? (Yes/No, default: Yes): Yes
[NOTES] CP4BA deployment supports separation of operators and operands, the script can deploy CP4BA operators and it's capabilities in different projects.
Do you want to deploy CP4BA as separation of operators and operands? (Yes/No, default: No): No
Where do you want to deploy Cloud Pak for Business Automation?
Enter the name for a new project or an existing project (namespace): bronze
The Cloud Pak for Business Automation Operator (Pod, CSV, Subscription) not found in cluster
Continue....
Project "bronze" already exists! Continue...
[INFO] Creating project "ibm-cert-manager" for IBM Cert Manager operator catalog.
Project "ibm-cert-manager" already exists! Continue...
[✔] Created project "ibm-cert-manager" for IBM Cert Manager operator catalog.
[INFO] Creating project "ibm-licensing" for IBM Licensing operator catalog.
Project "ibm-licensing" already exists! Continue...
[✔] Created project "ibm-licensing" for IBM Licensing operator catalog.
[INFO] Creating ibm-cp4ba-common-config configMap for this CP4BA deployment in the project "bronze"
[✔] Created ibm-cp4ba-common-config configMap for this CP4BA deployment in the project "bronze".
This script prepares the OLM for the deployment of some Cloud Pak for Business Automation capabilities
Here are the existing users on this cluster:
1) Cluster Admin
2) <my_admin>
Enter an existing username in your cluster, valid option [1 to 2], non-admin is suggested: 2
[INFO] Creating cp4ba-fips-status configMap in the project "bronze"
[✔] Created cp4ba-fips-status configMap in the project "bronze".
Follow the instructions on how to get your Entitlement Key:
https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.0?topic=deployment-getting-access-images-from-public-entitled-registry
Do you have a Cloud Pak for Business Automation Entitlement Registry key (Yes/No, default: No): Yes
Enter your Entitlement Registry key:
Verifying the Entitlement Registry key...
Login Succeeded!
Entitlement Registry key is valid.
The existing storage classes in the cluster:
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
managed-nfs-storage (default) redhat-emea-ssa-team/hetzner-ocp4 Delete Immediate false 112m
Creating docker-registry secret for Entitlement Registry key in project bronze...
secret/ibm-entitlement-key created
Done
[INFO] Applying the latest IBM CP4BA Operator catalog source...
[✔] IBM CP4BA Operator catalog source Updated!
[INFO] Starting to install IBM Cert Manager and IBM Licensing Operator ...
[✔] ibm-licensing-catalog/ibm-cert-manager-catalog pod ready!
All arguments passed into the setup_singleton.sh: --enable-licensing --license-accept --enable-private-catalog --yq <my_path>/cert-kubernetes/scripts/cpfs/yq/amd64/yq -c v4.2
[✔] oc command available
[✔] <my_path>/cert-kubernetes/scripts/cpfs/yq/amd64/yq command available
[✔] oc command logged in as <my_admin>
[✔] Channel v4.2 is valid
[INFO] No ibm-common-service-operator found on the cluster, skipping delegation check
[✗] Flag --enable-private-catalog is enabled, please make sure the CatalogSource is deployed in the same namespace as operator
# Check migrating LTSR ibm-licensing-operator
[INFO] There is no LTSR ibm-licensing-operator to migrate, skipping
# Check migrating and deactivating LTSR ibm-cert-manager-operator
[INFO] LTSR ibm-cert-manager-operator already deactivated, skipping
# Installing cert-manager
[✗] There is a cert-manager Subscription already
[✗] There is a cert-manager-webhook pod Running, so most likely another cert-manager is already installed
[INFO] Continue to upgrade check
[✗] Cluster has a RedHat cert-manager or Helm cert-manager, skipping
# Validate CatalogSource for operator ibm-licensing-operator-app in ibm-licensing namespace
[✔] CatalogSource ibm-licensing-catalog from ibm-licensing CatalogSourceNamespace is available for ibm-licensing-operator-app in ibm-licensing namespace
# Installing licensing
[✗] There is an ibm-licensing-operator-app Subscription already, so will upgrade it
# Checking whether Namespace ibm-licensing exist...
[✔] Namespace ibm-licensing already exists. Skip creating
# Checking whether OperatorGroup in ibm-licensing exist...
[✔] OperatorGroup already exists in ibm-licensing. Skip creating
# Updating ibm-licensing-operator-app in namesapce ibm-licensing...
[INFO] v4.2 is equal to v4.2
[INFO] catalogsource ibm-licensing-catalog is the same as ibm-licensing-catalog
[INFO] ibm-licensing-operator-app has already updated channel v4.2 and catalogsource ibm-licensing-catalog in the subscription.
subscription.operators.coreos.com/ibm-licensing-operator-app configured
[✔] Successfully patched subscription ibm-licensing-operator-app in ibm-licensing
[INFO] Waiting for operator ibm-licensing-operator-app to be upgraded
[✔] Operator ibm-licensing-operator-app is upgraded to latest version in channel v4.2
[INFO] Waiting for operator ibm-licensing-operator-app CSV in namespace ibm-licensing to be bound to Subscription
[✔] Operator ibm-licensing-operator-app CSV in namespace ibm-licensing is bound to Subscription
[INFO] Waiting for operator ibm-licensing-operator in namespace ibm-licensing to be made available
[✔] Operator ibm-licensing-operator in namespace ibm-licensing is available
[INFO] Waiting for ibmlicensing instance to be present.
[✔] ibmlicensing instance present
# Accepting license for ibmlicensing instance in namespace ...
[✔] License accepted for ibmlicensing instance
[INFO] Checking cert manager readiness.
[INFO] Waiting for pod cert-manager-webhook to be running ...
[✔] Pod cert-manager-webhook is running.
# Smoke test for Cert Manager existence...
[INFO] Creating following issuer:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: test-issuer
namespace: cert-manager
spec:
selfSigned: {}
issuer.cert-manager.io/test-issuer created
[INFO] Creating following certificate:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: test-certificate
namespace: cert-manager
spec:
commonName: test-certificate
issuerRef:
kind: Issuer
name: test-issuer
secretName: test-certificate-secret
certificate.cert-manager.io/test-certificate created
[INFO] Waiting for Issuer test-issuer in namespace cert-manager to be Ready
[✔] Issuer test-issuer in namespace cert-manager is Ready
[INFO] Waiting for Certificate test-certificate in namespace cert-manager to be Ready
[✔] Certificate test-certificate in namespace cert-manager is Ready
[INFO] Deleting test-issuer Issuer ...
issuer.cert-manager.io "test-issuer" deleted
[INFO] Deleting test-certificate Certificate ...
certificate.cert-manager.io "test-certificate" deleted
[INFO] Deleting 22382secret_name Secret ...
secret "test-certificate-secret" deleted
[✔] Cert manager is ready.
[INFO] SETUP_SINGLETON_STATUS : 0
[INFO] setup_singleton.sh script executed successfully; hence there is a cert-manager present on the cluster
Waiting for the Cloud Pak for Business Automation operator to be ready. This might take a few minutes...
ibm-cp4a-operator-catalog ibm-cp4a-operator grpc IBM 3m15s
Found existing ibm operator catalog source, updating it
catalogsource.operators.coreos.com/ibm-cp4a-operator-catalog unchanged
catalogsource.operators.coreos.com/ibm-opencontent-flink unchanged
catalogsource.operators.coreos.com/ibm-cs-opensearch-catalog unchanged
catalogsource.operators.coreos.com/ibm-cert-manager-catalog unchanged
catalogsource.operators.coreos.com/ibm-licensing-catalog unchanged
catalogsource.operators.coreos.com/ibm-cs-install-catalog-v4-6-4 unchanged
catalogsource.operators.coreos.com/bts-operator unchanged
catalogsource.operators.coreos.com/ibm-iam-operator-catalog unchanged
catalogsource.operators.coreos.com/ibm-zen-operator-catalog unchanged
catalogsource.operators.coreos.com/ibm-events-operator-catalog unchanged
catalogsource.operators.coreos.com/cloud-native-postgresql-catalog unchanged
catalogsource.operators.coreos.com/ibm-fncm-operator-catalog unchanged
IBM Operator Catalog source updated!
[INFO] Waiting for CP4BA Operator Catalog pod initialization
[INFO] CP4BA Operator Catalog is running...
ibm-cp4a-operator-catalog-rpbl2
operatorgroup.operators.coreos.com/ibm-cp4a-operator-catalog-group created
CP4BA Operator Group Created!
subscription.operators.coreos.com/ibm-cp4a-operator-catalog-subscription created
CP4BA Operator Subscription Created!
[INFO] Waiting for CP4BA operator pod initialization
..............................
CP4BA operator is running...
ibm-cp4a-operator-6b67dd4f5-ptf2q
[INFO] Waiting for CP4BA Content operator pod initialization
..............................
CP4BA Content operator is running...
ibm-content-operator- 77975dd598-7mhvd
Adding the user <my_admin> to the ibm-cp4a-operator role...Done!
Label the default namespace to allow network policies to open traffic to the ingress controller using a namespaceSelector...namespace/default labeled
Done
Storage classes are needed to run the deployment script. For the Starter deployment scenario, you may use one (1) storage class. For an Production deployment, the deployment script will ask for three (3) storage classes to meet the slow, medium, and fast storage for the configuration of CP4BA components. If you don't have three (3) storage classes, you can use the same one for slow, medium, or fast. Note that you can get the existing storage class(es) in the environment by running the following command: oc get storageclass. Take note of the storage classes that you want to use for deployment.
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
<my-storage> (default) redhat-emea-ssa-team/hetzner-ocp4 Delete Immediate false 119m |