One of the installation paths provided by IBM Cloud Pak for Automation is the “evaluation” or “demo” installation, which makes it possible for you to experience the capabilities of the Cloud Pak in a shorter period of time.

However, Cloud Pak for Automation includes a complex set of capabilities and, even for the “demo” configuration, you may end up spending quite a bit of time figuring out pre-requisites and the minimum set of steps that you need to perform to complete the installation.

Here we want to provide a guided installation tutorial of a representative set of capabilities. We performed the installation on an Openshift Container Platform (OCP) cluster, provisioned on AWS.

We relied on version 4.5.15 of OCP and installed version 20.0.3 of the Cloud Pak for Automation.

The cluster we used had full internet access. Additional steps would be required if you were deploying to a cluster with restricted internet access – check the Knowledge Center for details.

The capabilities we have picked are:

• Operational Decision Manager (ODM)
• Business Automation Workflow (BAW)
• Business Automation Insights (BAI)

The “demo” installation will take care of provisioning for you some – but not all – the software pre-requisites. In particular, a database server (Db2) and an LDAP server will be deployed for you. However, you are still responsible for deploying IBM Event Streams, which is required by BAI.

Let’s go step-by-step.

Preparing the cluster

• We start out with a rather “substantial” cluster topology, which includes 6 worker nodes with 16 cores each and 128 GB of memory. The reason why we use 6 nodes is that, in this example, we decided to make use of Openshift Container Storage (OCS) to allow for dynamic provisioning of RWX volumes. OCS itself requires to be deployed on 3 nodes, and 64GB of free memory.
  
  
• We then proceed to installing OCS.
  • Install the OCS operator from the operator catalog, accessible from the OCP console under Operators > OperatorHub.
  • When the operator is done installing, open it up and click the Storage Cluster Then click Create OCS Cluster Service.
  • Select three nodes as indicated by the UI. Leave everything else as is and click
  • Wait until the service becomes Ready – at that point, you’ll have dynamic volume provisioning for RWX volume claims.
    
    
• And now it’s time to create a non-admin user, if you do not have one (which was the case in our brand new OCP cluster on AWS). There are various ways to do that – we chose to use “social authentication” via GitHub:
  • Follow the steps outlined here: https://docs.openshift.com/container-platform/4.5/authentication/identity_providers/configuring-github-identity-provider.html
  • Make sure you log out, and log back in as a GitHub user at least once. This will register the user in OCP as a non-admin user.
    
    
• Create a project to host your Cloud Pak for Automation – we called ours cp4auto.
  
  
• Make sure you have your IBM Entitlement Key

Installing Prerequisites

As we said, the “demo” installation takes care of provisioning most prerequisites for you. The only software pre-req that the installation process will not provide for you is IBM Event Streams. This is required by BAI. If you are not interested in BAI, you can simply skip this section.

• Install the IBM Event Streams operator. The steps are outlined in this document: https://ibm.github.io/event-streams/10.1/installing/installing/. We recommend installing the operator in the same namespace you created for the Cloud Pak (in our case, cp4auto). Also install it in a single namespace rather than in “all namespaces”.
• Let the Event Streams operator complete its installation – this might take a few minutes – some activities will asynchronously be performed even after the Event Streams operator status shows as successfully installed.
• Make sure you create the image pull secret, as shown in the document mentioned earlier, using your entitlement key.
• Now, create an instance of Event Streams:
  • Click the Event Streams operator tile in Installed Operators
  • Click Event Streams from the top level menu bar. The click the Create EventStreams
  • On the subsequent panel, name the EventStreams instance and make sure you accept the license:
    

    

  • Click Create.
  • If you see the error shown below, you’ll need to create a Network Policy to allow communications to and from the pods in the cp4auto namespace:
    

    

  • The Network Policy YAML is shown below – apply it to the namespace where EventStreams is installed (cp4auto):

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: web-allow-all
spec:
  podSelector: {}
  ingress:
  - {}
  egress:
  - {}

• Once the EventStreams instance comes up, there is one additional step you need to perform. The Cloud Pak requires TLS authentication to be set up for EventStreams, and the default instance does not provide that configuration. You can take the following approach:
  1. In the Installed Operators view, click the IBM Event Streams operator, and click Event Streams. Then click the instance of the EventStreams you created.
  2. On the details panel, click YAML, to edit the YAML file.
  3. Scroll down to the listeners section:

      listeners:
        plain: {}

• Replace that element with the following:

      listeners:
        external:
          type: route
          authentication:
            type: scram-sha-512
        tls:
          authentication:
            type: tls

• Scroll up to the top of the kafka element:

  strimziOverrides:
    kafka:
      config:
        inter.broker.protocol.version: '2.6'

• Add an authorization element just under kafka:

  strimziOverrides:
    kafka:
      authorization:
        type: runas
      config:
        inter.broker.protocol.version: '2.6'

• Save the YAML.

Running the Installation Scripts

It’s time to run the actual installation scripts. There are two of them – one finalizes cluster preparation, while the second deploys the capabilities.

• You need to obtain the scripts first. Clone the GitHub repository that contains the scripts, as indicated in the documentation. The latest version should be obtained by running the following command:

git clone https://github.com/icp4a/cert-kubernetes.git

• Change directories to the scripts directory
  
  
• Run the admin setup script first as kubeadmin:
  • Log in with the oc CLI as kubeadmin in a terminal window. Ensure that the current project is the one where you want the Cloud Pak to be installed (run oc project cp4auto).
  • Run the following command:./cp4a-clusteradmin-setup.sh
• Follow the instructions provided by the script – make sure you pick the Demo version, and that you pick the non-admin user you’ve created during the cluster prep steps. 
• After the script completes, make sure you capture its output. In particular, you will need the name of a storage class, and the host name of the API server, which are shown as part of the script final output. The storage class we used successfully is ocs-storagecluster-ceph.
  
  
• Wait for a few minutes to make sure all async activities have completed. If you installed IBM Event Streams, the script will have detected the presence of the IBM Common Services – but if you skipped that step, IBM Common Services will be installed now. In that case, you may want to wait for a longer time, and monitor the pods on the system to make sure all the activities have completed.

• Let’s now run the script that performs the actual installation of the capabilities.
  • In your terminal session, make sure you log in as the non-admin user we discussed a few times. You may want to log into the OCP console as that non-admin user, and then copy the login command from there.
    
    
  • Now run the installation script:

./cp4a-deployment.sh

• Follow the instructions – and pick the capabilities you want to install. Make sure you specify New for the installation type and No to answer the question Are you using the OCP catalog (OLM)…
  
  
• You will be required to provide your entitlement key, the name of the storage class that provides dynamic PV provisioning for RWX PVCs, and the host name of the cluster’s API server.
  
  
• After the script completes, wait for a good lapse of time (at least 1 hour) to allow all the pods to come up. You can monitor the ibm-cp4a-operator-<uid> pod logs for ongoing activity, but be aware of long (~10 minutes) periods of apparent “pauses” between the creation of pods.
  
  
• Once all activity has subsided, you can run the post-installation script. The objective of this script is display the URLs and the credentials of the various capabilities you have installed. Run the following command as kubeadmin:

./cp4a-post-deployment.sh

Here is an excerpt of the output of the post-installation script, showing how you would access the ODM facilities:

Showing the access information and User credentials
You can access Operational Decision Manager using the following URLs:

To access Decision Center console, first go to the following URLs and accept the self-signed certificates:
https://decisioncenter.odm.icp4adeploy.cp4auto.apps.mc-aws357.cloudpak-bringup.com

To access Decision Server Console, first go to the following URLs and accept the self-signed certificates:
https://decisionserverconsole.odm.icp4adeploy.cp4auto.apps.mc-aws357.cloudpak-bringup.com

To access Decision Server Runtime, first go to the following URLs and accept the self-signed certificates:
https://decisionserverruntime.odm.icp4adeploy.cp4auto.apps.mc-aws357.cloudpak-bringup.com

To access Decision Runner, first go to the following URLs and accept the self-signed certificates:
https://decisionrunner.odm.icp4adeploy.cp4auto.apps.mc-aws357.cloudpak-bringup.com

User credentials:
================
Default administrator username: odmAdmin
Default administrator password: odmAdmin
…

The installation is now complete and you can start experiencing Cloud Pak for Automation!