Part 1: Installing Terraform & Service Automation Module on IBM Cloud Pak for MultiCloud Management V1.3.0-Prerequisite Readiness

In this post, we will go through the steps involved in completing the Prerequisites for Installation of Terraform & Service Automation Module on IBM Cloud Pak for Multicloud Management V1.3 in a demo setup. The mode of installation is offline on Openshif.

Terraform & Service Automation is a multi-cloud, self-service management platform running on IBM Cloud Pak for Multicloud Management that helps to manage and deliver cloud infrastructure as code.

The infrastructure used in this case is for demo purpose and is same as the one in my previous posts. I am using the same environment where MCM V1.3.0 is installed

Before installing the Terraform & Service Automation Module, complete the following prerequisites:

1. Ensure that IBM Cloud Pak for Multicloud Management V1.3.0 is installed on your hub cluster
2. Complete steps 3 to 5 as mentioned in Prerequisite Readiness for Installing Monitoring Module of my previous post in link here.

3. Add default pod security policy by running the command below:

oc adm policy add-scc-to-user ibm-anyuid-hostpath-scc system:serviceaccount:services:default

The output of the command is as shown below:

4. Complete the following steps to create a new ServiceID that includes a service policy to grant Cluster Administrator/Administrator role to Terraform & Service Automation Module and Helm API and to generate an API Key for Terraform & Service Automation Module ServiceID.

This key is used to onboard Terraform & Service Automation Module into the Platform Identity and Access Management(IAM). IAM is used for authorization checks in Terraform & Service Automation Module.

a. Export Service ID and Service API Key name by running the below command:

export serviceIDName='service-deploy'
export serviceApiKeyName='service-deploy-api-key'

b. Login to IBM Cloud Pak MCM Console by running the below command:

cloudctl login -a <ibm_cloud_pak_mcm_console_url> --skip-ssl-validation -u <ibm_cloud_pak_mcm_admin_id> -p <ibm_cloud_pak_mcm_admin_password> -n services

The output of the above command is as shown below:

c. Create Service ID by running the below command:

cloudctl iam service-id-create ${serviceIDName} -d 'Service ID for service-deploy'

The output of the command is as shown below:

d. Create Service Policy for ‘idmgmt’ service by running the below command:

cloudctl iam service-policy-create ${serviceIDName} -r Administrator,ClusterAdministrator --service-name 'idmgmt'

The output of the command is as shown below:

e. Create Service Policy for ‘identity’ service by running the below command:

cloudctl iam service-policy-create ${serviceIDName} -r Administrator,ClusterAdministrator --service-name 'identity'

The output of the command is as shown below:

f. Generate the API key for service deploy by running the below command:

cloudctl iam service-api-key-create ${serviceApiKeyName} ${serviceIDName} -d 'Api key for service-deploy'

The output of the command is as shown below:

5. Run the following commands to load the Terraform & Service Automation Module offline PPA image into OpenShift docker registry:

a. Login to the Openshift command line console by running the below command:

oc login -u <openshift console admin user> -p <openshfit console admin password>

b. Login to the IBM Cloud Pak MCM Console command line by running the below command

cloudctl login -a <ibm_cloud_pak_mcm_console url> --skip-ssl-validation -u <ibm_cloud_pak_mcm_admin_ID> -p <ibm_cloud_pak_mcm_admin_password> -n services

The output of the command is as shown below:

c. Login to the local docker registry by running the command as shown below:

docker login <docker-registry-url> -u <openshift console admin user> -p `oc whoami -t`

The output of the command is as shown below:

d. Load the Terraform & Service Automation Module archive in to the the local docker registry by running the below command:

cloudctl catalog load-archive --archive icp-cam-[x86-64 | ppc]-<version_number>.tar.gz --registry docker-registry.default.svc:5000/services

The output of the command is as shown below:

The docker images are imported one by one and the loading progresses to complete as shown in the output below:

6. The Terraform & Service Automation Module requires persistent volumes for mongo db database, log files, terraform, and Terraform & Service Automation Module Template Designer. In my environment I have used GlusterFS volumes with Dynamic Provisioning enabled. Hence during the install step, I will use the “Use Dynamic Provisioning” and set “Dynamic Provisioning: Storage Class Name” to the “GlusterFS storage class” for the chart parameters for storage.

This completes the first part of preparing for installing the Terraform & Service Automation Module.