CP4A and Stackhub Setup - acmeair-svt/acmeair-mainservice-java GitHub Wiki

• Find the following
  • api cluster url (ie. api.acmeair45.cp.fyre.ibm.com)
  • host for cluster (ie. apps.acmeair45.cp.fyre.ibm.com)
• ping api.acmeair45.cp.fyre.ibm.com (9.30.68.231): 56 data bytes
• Add the following to /etc/hosts
  9.30.68.231 console-openshift-console.<host> <api_cluster_url> oauth-openshift.<host> kabanero-index-kabanero.<host>
• Run oc get mcp to ensure both master and worker has true for "UPDATED"
  • if not
  • Run these commands to expose the internal registry route and got the external route
    oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge oc get route -n openshift-image-registry default-route -o=jsonpath='{.status.ingress[0].host}'
  • Run this with the registry route from the previous command
    oc patch --type=merge --patch='{ "spec": { "registrySources": { "insecureRegistries": [ "default-route-openshift-image-registry.<host>" ] } } }' image.config.openshift.io/cluster

https://www.ibm.com/support/knowledgecenter/SSCSJL_4.2.x/install-icpa-cli.html

• Create new directory for installing and change directory into it
• Get entitlement key
• Set the entitled registry information
  export ENTITLED_REGISTRY=cp.icr.io export ENTITLED_REGISTRY_USER=cp export ENTITLED_REGISTRY_KEY=<apikey>
• Log in to the entitled registry with the following docker login command:
  docker login "$ENTITLED_REGISTRY" -u "$ENTITLED_REGISTRY_USER" -p "$ENTITLED_REGISTRY_KEY"
• Pull down the installer container image and view the license.
  docker run -e LICENSE=view \ "$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0"
• Create the data directory and extract the configuration files to it.
  mkdir data docker run -v $PWD/data:/data:z -u 0 \ -e LICENSE=accept \ "$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" cp -r "data/*" /data
• Make sure you are logged in to your cluster oc login https://<api_cluster_url>:port -u <username> -p <password>
• Check prerequisites for ICPA and ensure successful
  docker run -v ~/.kube:/root/.kube:z -u 0 -t \ -v $PWD/data:/installer/data:z \ -e LICENSE=accept \ -e ENTITLED_REGISTRY -e ENTITLED_REGISTRY_USER -e ENTITLED_REGISTRY_KEY \ "$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" check
  • If you do not have the correct OCP version, add --skip-tags check-version to install command below
• Run the install command
  docker run -v ~/.kube:/root/.kube:z -u 0 -t \ -v $PWD/data:/installer/data:z \ -e LICENSE=accept \ -e ENTITLED_REGISTRY -e ENTITLED_REGISTRY_USER -e ENTITLED_REGISTRY_KEY \ "$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" install
• Ensure installation was successful

- (NOTE: Customizing required)

https://www.ibm.com/support/knowledgecenter/SSCSJL_4.2.x/settingup.html

• Make sure you are logged in to your cluster oc login https://<api_cluster_url>:port -u <username> -p <password>
• Update data/config.yaml with

teams:
 github:
   url: "<GitHub_URL>" 
   organization: "<GitHub_organization>" 
   teams: ["<GitHub_team1>", "<GitHub_team2>"] 
   token: "<GitHub_personal_access_token>"
   stackhub:
     registry: <registry>
     registryNamespace: <registryNamespace>

• Run the ICPA installer stack-hub-setup command which creates the stack-hub repository under the specified GitHub Enterprise organization and populates it with the Accelerators for Teams application stacks. Ensure the setup is successful

docker run -u 0 -t \
           -v $PWD/data:/installer/data:z \
           -e LICENSE=accept \
           "$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" stack-hub-setup

• Ensure that a stack-hub repository has been created in the GitHub organization

• Ensure these lines have been appended to stack-hub/incubator/java-openliberty/image/project/Dockerfile:

COPY --chown=1001:0 --from=compile /project/user-app/config/ /config/ 
RUN chmod 755 /config/finalSteps.sh 
RUN /config/finalSteps.sh

• To get the key file into the auth service (auth/config/resources/security/key.p12) and run mp-3.3
• Ensure stack-hub/incubator/java-openliberty/stack.yaml has libertyversion: '20.0.0.6'

• Create service account oc create -n kabanero sa kabanero-index
• Ensure default route has been added to /etc/hosts: default-route-openshift-image-registry.<host>
• Run the following script to set up the Kabanero secrets and oc patch

oc -n kabanero registry login -z kabanero-index --insecure --to=kabanero-config.json

oc -n kabanero create secret generic my-registry \
--from-file=.dockerconfigjson=kabanero-config.json \
--type=kubernetes.io/dockerconfigjson

oc -n kabanero secrets link kabanero-index my-registry --for=pull,mount

oc -n kabanero secrets link kabanero-pipeline my-registry --for=pull,mount

oc patch --type=merge --patch='{
 "spec": {
   "registrySources": {
     "insecureRegistries": [
       "default-route-openshift-image-registry.<host>"
     ]
   }
 }
}' image.config.openshift.io/cluster

• Make sure you are logged in to your cluster oc login https://<api_cluster_url>:port -u <username> -p <password>
• Switch to kabanero project with oc project kabanero
• Run stack-hub-build command and ensure success

docker run -v ~/.kube:/root/.kube:z -u 0 -t \
           -v $PWD/data:/installer/data:z \
           -e LICENSE=accept \
           -e ENTITLED_REGISTRY -e ENTITLED_REGISTRY_USER -e ENTITLED_REGISTRY_KEY \
           "$ENTITLED_REGISTRY/cp/icpa/icpa-installer:4.2.0" stack-hub-build

• If you update your stack, rebuild stack hub using the stack-hub-build command above.
• The stack-hub-build command may run into errors the first time it is run, so it may require re-runing the command a few times before successfully building.
• If you are running this on a cluster that already has stacks set up, you may want to delete old versions of stacks.