Installing the IBM Cloud Pak for Multicloud Management

Follow these steps for installing the IBM Cloud Pak® for Multicloud Management by using the OpenShift Container Platform console. You can also install the modules and services.

You can use the Installation checklist to keep track of the tasks that you must complete to prepare for installation.

The following links point to sections within this topic.

Prepare to install the IBM Cloud Pak for Multicloud Management
Install the IBM Cloud Pak for Multicloud Management operator and install IBM Cloud Pak for Multicloud Management
- Install by using the OpenShift Container Platform console (for online and offline clusters)
  2.1. Create the IBM Cloud Pak for Multicloud Management installer operator
  2.2. Install IBM Cloud Pak for Multicloud Management
  - 2.2.1 Simple installation
  - 2.2.2 Advanced installation
- Install by using the CLI (for offline clusters only)
Verify the installation
Access the console
Additional configuration for modules
Configure common services IAM as the OAuth identity provider
Optional: switch the subscription approval to manual

Note: The display names of some OpenShift Container Platform console components, such as window titles and push buttons, vary between OpenShift Container Platform versions. The instructions in this topic are based on OpenShift Container Platform version 4.6 console components.

1. Prepare to install the IBM Cloud Pak for Multicloud Management

Before you install the IBM Cloud Pak for Multicloud Management, complete the prerequisites that are mentioned in the Preparing to install IBM Cloud Pak® for Multicloud Management topic.

If your cluster has internet access, then you must complete the steps in the Preparing an online cluster for installation topic to create the resources that are required for installation.

If your cluster is in an airgap environment, then you must complete the steps in the Preparing an offline cluster for installation topic to create the resources that are required for installation.

Note: Operations operator, which is ChatOps (ibm-management-sre-chatops) is not supported to be installed in a FIPS-enabled environment. If you want to use ChatOps, do not install IBM Cloud Pak for Multicloud Management in FIPS-enabled environments.

2. Install the IBM Cloud Pak for Multicloud Management operator and the IBM Cloud Pak for Multicloud Management

First, install the IBM Cloud Pak for Multicloud Management operator. Then, install the IBM Cloud Pak for Multicloud Management.

Note: If your cluster is in an airgap environment, you can use the cloudctl CLI to install the IBM Cloud Pak®. See Install by using the CLI.

Install by using the OpenShift Container Platform console

Complete these steps to install IBM Cloud Pak for Multicloud Management by using the OpenShift Container Platform console.

2.1. Install the IBM Cloud Pak for Multicloud Management operator

Complete these steps to install the IBM Cloud Pak for Multicloud Management operator.

2.1.1 From your OpenShift Container Platform console, click Operators > OperatorHub. The OperatorHub page is displayed.
2.1.2 In the All Items field, enter IBM Cloud Pak for Multicloud Management. The IBM Cloud Pak for Multicloud Management operator is displayed.
2.1.3 Click the IBM Cloud Pak for Multicloud Management tile. The IBM Cloud Pak for Multicloud Management window is displayed.
2.1.4 Click Install. You see the Install Operator page.
2.1.5. Set Update Channel to 2.3-stable.
2.1.6 Set Approval Strategy to Automatic.
2.1.7. Click Install. After a few minutes, the IBM Cloud Pak for Multicloud Management operator is installed. You can see this operator on the Installed Operators page.

2.2 Install IBM Cloud Pak for Multicloud Management

You can install IBM Cloud Pak for Multicloud Management by completing either a simple installation or an advanced installation. Use the Form View for simple installation or use the YAML View for advanced installation.

Important: Pick any one mode of installation.

Important: You can install the default services and the module operators by following the simple installation process. However, if you want to change the configuration parameters of any operator to customize its configuration for your own environment, you must pick the advanced installation mode. Before you pick the installation mode, you might want to review the advanced configuration (parameters you can change) for these operators.

Or, you can complete a simple installation on Day 1. Then, on Day 2, you can edit the YAML file of the Installation instance and add the updated configuration parameters of the default services. You can also install other modules and services by enabling them in the YAML file. When you save the YAML file, the Installation instance installs the module or service in your cluster.

In both the installation modes, you can disable the following default services on Day 1:

Default services, which are the foundation operators. The foundation operators are Application management (ibm-management-hybridapp), Governance and risk (ibm-management-hybridgrc-car and ibm-management-vmpolicy-ansible), Kong API Gateway (ibm-management-kong), License Advisor (ibm-management-license-advisor and ibm-management-license-advisor-sender), Cluster management (ibm-management-mcm), Bastion-based privileged access management system (ibm-management-sre-bastion), Secure Tunnel (ibm-management-secure-tunnel), Global search (ibm-management-sre-inventory), and Console (ibm-management-ui).

In both the installation modes, the following modules and services are disabled by default. You can choose to enable or disable these modules and services. For more information, see Enabling operators after IBM Cloud Pak for Multicloud Management installation.

Infrastructure management operators, which include Policies and Profiles (ibm-management-infra-grc), Provisioning Virtual Machines and Instances (ibm-management-infra-vm), Managed services (ibm-management-cam-install), and Creating and managing services (ibm-management-service-library).
Operations operator, which is ChatOps (ibm-management-sre-chatops). After this operator is enabled, the Chatops operand can be installed along with the IBM Cloud Pak® for Multicloud Management installer. You don't need to create the ChatOps operand later.

Note: Do not enable this operator if you are installing in a FIPS-enabled environment. ChatOps is based on the open source Stackstorm, and Stackstorm doesn't support Federal Information Processing Standards (FIPS). So ChatOps is not supported to be installed in FIPS-enabled environments.
Monitoring operator, which is Monitoring (ibm-management-monitoring). Note: the Red Hat® Advanced Cluster Management for Kubernetes observability service is required for Monitoring, for more information, see Enabling the observability service in Red Hat Advanced Cluster Management.
Security services operators, which include Notary service for image signing (ibm-management-notary), Image signing support for image policies (ibm-management-image-security-enforcement), Mutation Advisor (ibm-management-mutation-advisor), and Vulnerability Advisor (ibm-management-vulnerability-advisor).
Runtime (ibm-management-manage-runtime) operator, which is a technology preview code.

Note: You must manually create instances (operands) of some operators after you install IBM Cloud Pak for Multicloud Management. The IBM Cloud Pak for Multicloud Management installer does not create these operands during installation. However, you must enable these operators during IBM Cloud Pak for Multicloud Management installation so that the operators are available for you to deploy the operands after IBM Cloud Pak for Multicloud Management is installed. For more information about these operators, see Deploying operands.

2.2.1 Simple installation

In the simple installation mode, you use a form to provide the information that is required for the installation.

Complete these steps from your OpenShift cluster console.

2.2.1.1. From your OpenShift Container Platform console, switch to your IBM Cloud Pak for Multicloud Management namespace. For example, cp4mcm.
2.2.1.2. Click Operators > Installed Operators.
2.2.1.3. Click IBM Cloud Pak for Multicloud Management.
2.2.1.4. Select Installation tab.
2.2.1.5. Click Create Installation. The default Form View is displayed.
2.2.1.6. Provide the following information on the form:

Name: Specify a name for your installation instance. For example, cp4mcm-install.
License: Expand the License drawer. Toggle the License Acceptance switch to True to accept the license.
Image Pull Secret: Select the secret that you created in the Create the entitled registry secret section.
Multicloud Management Core Disabled: The default value is True.
Storage Class: Select the storage class that you want to use. If you do not select any storage class, the default storage class that you set during preparation is used.
Pak Modules: If you want to install module operators, you must enable the module category, and enable the operators within the category.

Note: The Pak Modules is available only in OpenShift Container Platform versions 4.6.x and 4.8.x.
1. Expand the Pak Modules drawer. You see the module categories.
2. To install operators from a module category, first toggle the category enabled switch to true.
3. Expand the Config drawer of the category. You see all operators in that category.
4. To install an operator, ensure that the enabled switch is set to true. If you do not want to install an operator within a module category, you can toggle its enabled switch to false.

2.2.1.7. Click Create. An installation instance is created with the name that you specified. For example, cp4mcm-install.

You can see the installed default services on the Operator Hub > Installed Operators page in the kube-system namespace.

2.2.2 Advanced installation

The advanced installation mode uses a YAML specification to install IBM Cloud Pak for Multicloud Management and its modules and services. Use this YAML file to select the operators that you want to install, to provide the installation parameters, and to update the default configurations, if required.

For more information about the parameters, see Advanced configuration. For each operator, the Advanced configuration topic provides the parameters that you can add to the installation YAML file. You must add the parameters in the same syntax as described in the topics.

2.2.2.1. From your OpenShift Container Platform console, switch to the namespace where you created the IBM Cloud Pak for Multicloud Management operator. For example, cp4mcm.
2.2.2.2. Click Operators > Installed Operators.
2.2.2.3. Click IBM Cloud Pak for Multicloud Management.
2.2.2.4. Select the Installation tab.
2.2.2.5. Click Create Installation. The Installation YAML file content is displayed in the YAML editor.
2.2.2.6. Update the YAML file to enable the operators that you want to install, and to update the configuration parameters, if required.
2.2.2.7. Click Create to install IBM Cloud Pak for Multicloud Management.

The installer creates the namespaces for the modules and services that you are installing. You can see the installed module or service operators on the Operator Hub > Installed Operators page in the module or service namespaces. For more information about the namespaces where the operators are installed, see Available operators and their namespaces.

Install by using the CLI

Note: These steps are applicable only for installation in an airgap environment.

If you install by using the CLI, you can install only the foundation services with their default configuration, which is a simple installation. You can later install other services or modules by editing the installation instance YAML file.

Complete these steps to install by using the cloudctl CLI.

Create an environment variable for the storage class that you are using for your IBM Cloud Pak for Multicloud Management installation. For more information, see Storage.
```
export STORAGE_CLASS=<storage_class_name>
```

Install the IBM Cloud Pak for Multicloud Management.

cloudctl case launch \
  --case $OFFLINE_DIR/${CASE_ARCHIVE} \
  --inventory ${CASE_INVENTORY_SETUP} \
  --action install-cp4mcm \
  --namespace ${NAMESPACE} \
  --args "--registry ${LOCAL_DOCKER_REGISTRY} --user ${LOCAL_DOCKER_USER} --pass ${LOCAL_DOCKER_PASSWORD} --inputDir $OFFLINE_DIR --secret ibm-management-pull-secret --storageClass ${STORAGE_CLASS}" \
  --tolerance 1

To install other services or modules, see Enabling operators after IBM Cloud Pak for Multicloud Management installation.

3. Verify the installation

Check whether the installation succeeded by verifying the pods in those namespaces by using one of the following different methods:

3.1 Verify the pod status in the following namespaces:

Your IBM Cloud Pak for Multicloud Management namespace. For example, cp4mcm.
ibm-common-services
kube-system

3.2 Verify the pod status in the namespace of any module or service that you enabled.

management-infrastructure-management
management-operations
management-security-services
management-monitoring

3.3 Verify the pod status from the OpenShift Container Platform console.

3.3.1 Click Workloads > Pods.
3.3.2 Switch to a namespace by selecting it in the Project drop-down list.
3.3.3 Verify whether all the pods are running.

3.4 Verify pod status from the boot node.

3.4.1 Log in to your boot node.
3.4.2. Run the oc login command and provide your kubeadmin credentials.
3.4.3. Verify the pod status.
```
oc get pods -n <namespace>
```

4. Access the console

Use the following command to get the URL to access the console:

oc get route -n ibm-common-services cp-console -o jsonpath=‘{.spec.host}’

Following is a sample output:

‘cp-console.apps.test-q2.os.example.com’

Based on the example output, your console URL would be https://cp-console.apps.test-q2.os.example.com.

Note: If you access Monitoring menus from the console and a 401 self-signed error message is returned, refer to 401 self-signed certificate error returned when accessing Monitoring menus to troubleshoot.

Console username and password

Note: This information is for the Default authentication type.

The default username to access the console is admin. You can check the default username by running the following command:

oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_username}' | base64 -d && echo

You can get the password for the admin username by running the following command:

oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d

Following is a sample output:

EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA

Based on the example output, you would use EwK9dj9fwPZHyHTyu9TyIgh9klZSzVsA as the password.

You can change the default password at any time. For more information, see Changing the cluster administrator password.

5. Additional configuration for modules

You must run the following post-installation tasks for additional configuration for the following modules before all the pods run.

Infrastructure Management - See Deploying Infrastructure management as a containerized deployment (podified)
Notary - See Notary service
ChatOps - See Configuring ChatOps

For more information about post installation tasks on other modules, see Post installation tasks.

6. Configure common services IAM as the OAuth identity provider

You must configure common services Identity and Access Management (IAM) as an OpenShift OAuth identity provider. For more information, see Configuring single sign-on for Red Hat Advanced Cluster Management.

7. Optional: switch the subscription approval to manual

The subscription approval is automatic by default. In this case, the previously-installed IBM Cloud Pak for Multicloud Management 2.3.x can be upgraded to the latest fixpack level automatically. If you want to control which IBM Cloud Pak for Multicloud Management fixpack you want to install in your cluster, you need to switch the subscription approval to manual by following the steps:

On your OpenShift Container Platform console, switch to the namespace where you created the IBM Cloud Pak for Multicloud Management operator. For example, cp4mcm.
Click Operators > Installed Operators.
Click IBM Cloud Pak for Multicloud Management.
Select the Subscription tab.
Click Automatic under the Approval section, select Manual, and then click Save.

To upgrade IBM Cloud Pak for Multicloud Management 2.3.x to a specific fixpack level, click Upgrade at each IBM Cloud Pak for Multicloud Management operator on the OpenShift Container Platform console to cause the upgrading to take place.