Overview

Skill Level: Any Skill Level

This recipe provides information on how to install IBM Cloud Cost and Asset Management on IBM Cloud Private. IBM Cloud Cost and Asset Management is a governance tool that provides a comprehensive, data-driven view across cloud and traditional IT providers

Ingredients

  • IBM Cloud Private 3.1.1¬†
  • LDAP configured on¬†IBM Cloud Private 3.1.1¬†
  • IBM Cloud Cost and Asset Management binaries downloaded from Passport Advantage
    • IBM Cloud Cost and Asset Management for Private Clouds 3.1.1 for Linux (x86_64bit) (CNXD7EN )
      • icp-ccam-private-x86-3.1.1.0.tar.gz

         Package has both IBM Cloud Management Platform and IBM Cloud Cost and Asset Management charts and images ( IBM Cloud Management Platform is a prerequisites for IBM Cloud Cost and Asset Management)

  • Keytool¬†

Step-by-step

  1. Extract the downloaded IBM Cloud Cost and Asset Management package

    1. First extract the IBM Cloud Cost and Asset Management binaries downloaded from Passport Advantage

       tar xvf icp-ccam-private-x86-3.1.1.0.tar.gz

    Extract the tar file

    2. Extract the pre-post-install tar file

      tar xvf pre-post-install.tar.gz

    Extract Pre-post install tar

  2. Create certificates required by IBM Cloud Management Platform

    1. Create the certificate required by IBM Cloud Managment Platform

       openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

    iccam311_cert

    2. Review the certificate

        openssl x509 -text -noout -in certificate.pem

    3. Rename  key.pem to grav.key

        mv key.pem grav.key

    4. Rename certificate.pem to grav.crt

        mv certificate.pem grav.crt

  3. Create secrets required by IBM Cloud Management Platform

    Scripts and properties files are supplied as part of pre-post-install.tar file to create the required secrets

    1. Go to pre-post-install/ibm-cloud-mgmt-platform-prod/pre-install/resources folder

        cd pre-post-install/ibm-cloud-mgmt-platform-prod/pre-install/resources

    2. Create cert folder and move to that folder

        mkdir cert  & cd cert

    3. Copy grav.crt and grav.key files created in the previous step to cert folder

    4. Move to the `resources` folder

         cd ..

    5. Edit the prePlatform.properties file

        vi prePlatform.properties

    6.  Add appropriate values for the parameters or replaced the content with the sample content provided in the  link and modify values if required and save the changes

    # Namespace in which Cloud Management Platform has to be deployed
    core_namespace=demo-core

    # Docker registry credentials to access the images
    docker_server=mycluster.icp:8500 # ICP image repository
    docker_username=admin # Username to access ICP image repository
    docker_password=admin # Password to access ICP image repository
    docker_email=null


    # Credentials to access CouchDB, by default username will be admin
    couchdb_password=cpassword # Password to access CouchDB

    # Credentials to access MongoDB
    mongodb_username=musername # Username to access Mongo DB
    mongodb_password=mpassword # Password to access Mongo DB

    # APIGateway credentials
    blue_ID=blueid
    blue_secret=bluesecret

    # All secret certificates used for creating secrets should be placed under resources/cert directory

    # Certificate secrets
    gravitant_certificate=grav.crt # Place grav.crt file under resources/cert directory
    gravitant_key=grav.key # Place grav.key file under resources/cert directory

    # Encryption key for the Vault
    vault_encryption_key=encryptkey

    # Credentials to access s3
    s3_url=https://dummy.net
    s3_access_key_id=dummy
    s3_access_key_secret=dummy
    s3_encryption_passphrase=dummy

        

    platform_properties

    7. Move to scripts folder

        cd ..  & cd scripts

    8. Create namespace and secrets by executing the script

        sh prePlatform.sh -c -f prePlatform.properties

    secrets_platform

     

    All secrets required by IBM Cloud Management Platform created successfully.

  4. Load the charts and images to ICP repository

    1. Login to ICP cluster

    ¬† ¬† cloudctl login -a https://9.30.94.145:8443 –skip-ssl-validation

    login_core

    2. Login to ICP docker repository

       docker login mycluster.icp:8500

     docker_login

    3. Load the ppa archive

    ¬† ¬† cloudctl catalog load-ppa-archive –archive ibm-cloud-mgmt-platform-prod-3.1.1.tar.gz

    load_ppa_plat1

    load_ppa_plat2

    load_ppa_plat3

     

    Images and Charts are loaded to IBM Cloud Private repository  successfully

  5. Installing and configuring NFS

    1. We are going to use NFS as the Storage Type, so install the NFS server

        sudo apt install nfs-kernel-server

    2. Create the folder /export

        mkdir /export

    3. Edit the /etc/exports file and add the following line and save the file

        /export   *(rw,sync,no_root_squash,no_subtree_check)

    export

    4. Create folders required by persistent volumes under /export

        cd /export

        mkdir core_couchdb

         mkdir cam_data

         mkdir cam_rabbitmq

         mkdir mariadb_data

         mkdir mariadb_backup_data

         mkdir mariadb_tmp_data

    5.  Provide write access to all the folder

         chmod -R 766 /export

    6.  Start the nfs server

         sudo service nfs-kernel-server restart

  6. Create the persistent volume required by IBM Cloud Management Platform

    1. Login to IBM Cloud Private Console

       https://9.30.94.145:8443

     icp_console

    2. Click Create resource  option available in the right side

    3. Copy & paste the content for creating the persistent volume for couchdb from the link  and update the folder name and click create

     kind: PersistentVolume
    apiVersion: v1
    metadata:
    name: core-couchdb-pv0
    labels:
    type: core-couchdb
    spec:
    storageClassName: standard
    capacity:
    storage: 20Gi
    accessModes:
    - ReadWriteMany
    nfs:
    server: mycluster.icp
    path: /export/core_couchdb

    create_pv

    4. Check the persistent volume status by clicking the Menu in the left side > Platform > Storage

    pv

     

     

  7. Install IBM Cloud Management Platform

    1. Click catalog in the right side of the screen

    2. Search for mgmt-platform

    mgmt_plat

    3. Click ibm-cloud-mgmt-platform-prod charts

    platform_1

    4. Click configure and provide the Helm release name and select Target namespace

    platform_2

     

    5. Click the License agreement checkbox and provide the mandatory parameter values

    platform_3

    6. Uncheck the Enforce self-signed TLS certificate and click Install

    platform_4

     

    7. Check the installation status in the command line

    ¬† ¬† helm status demo-core –tls

     

    helm_core_status_1

    helm_core_status_2

    helm_core_status_3

     

    IBM Cloud Management Platform has been deployed successfully

  8. Create certificates required by IBM Cloud Cost and Asset Management

    1. In the folder where certificates and keys will be created, create a folder using command

        mkdir -p demoCA/newcerts

    2. Create a index.txt file in demoCA directory

        touch demoCA/index.txt

    3. Generate rootCA key and rootCA request

        openssl req -new -keyout rootCAkey.pem -out rootCAreq.pem -nodes

        cert_ccam_1

    4. Generate rootCAcert certificate

         openssl ca -create_serial -out rootCAcert.pem -days 1095 -batch -keyfile rootCAkey.pem -selfsign -extensions  v3_ca -infiles rootCAreq.pem

    cert_ccam_2

    5. Generate CAKey and CAreq

        openssl req -new -keyout CAkey.pem -out CAreq.pem -days 365 -nodes

    cert_ccam_3

    6.  Generate CAcert certificate based on rootCA key and rootCA certificate

        openssl ca -cert rootCAcert.pem -keyfile rootCAkey.pem -policy policy_anything -out CAcert.pem -extensions v3_ca -infiles CAreq.pem

    cert_ccam_4    

    7. Generate final certificate key and certificate request

    openssl req -new -keyout certkey.pem -out certreq.pem -days 365 -subj “/C=IN/ST=Karnataka/O=IBM/OU=ISL/CN=ccam2” -nodes

    cert_ccam_5

    8.  Create certificate based on certificate request

     openssl ca -cert CAcert.pem -keyfile CAkey.pem -policy policy_anything -out cert.pem -infiles certreq.pem

    cert_ccam_6

    9. Rename key, cert and rootCA file

        mv cert.pem maria_dev.crt

        mv certkey.pem maria_dev.key

        cat rootCAcert.pem CAcert.pem > rootCA.pem

    10. Create a Java KeyStore

    ¬† ¬† ¬†keytool -genkey -alias “cloudMatrix” -keyalg RSA -keystore cloudMatrix.keystore -validity 10950

    cert_ccam_8

    11. Import database CA cert into keystore

    ¬† ¬† ¬†keytool -importcert‚Äďalias mariadevCA -file rootCA.pem -keystore cloudMatrix.keystore

        cert_ccam_7

     

    All certificates required by IBM Cloud Cost and Asset Management has been created successfully

  9. Create secrets required by IBM Cloud Cost and Asset Management

    Scripts and properties files are supplied as part of pre-post-install.tar file to create the required secrets

    1. Go to pre-post-install/ibm-cloud-cost-asset-mgmt-prod/pre-install/resources folder

        cd pre-post-install/ibm-cloud-cost-asset-mgmt-prod/pre-install/resources

    2. Create cert folder and move to that folder

        mkdir cert  & cd cert

    3. Copy grav.crt,grav.key,cloudMatrix.keystore,maria_dev.crt,maria_dev.key,rootCA.pem files to cert folder

    4. Move to the resources folder

         cd ..

    5. Edit the preCCAM.properties file

        vi preCCAM.properties

    6.  Replaced the content with the sample content provided in the  link and save the changes  

    # Namespace in which Cost and Asset Management & Cloud Management Platform has to be deployed
    cam_namespace=demo-cam
    core_namespace=demo-core

    # Docker registry credentials to access the images
    docker_server=mycluster.icp:8500
    docker_username=admin
    docker_password=admin
    docker_email=null

    # Credentials to access RabbitMQ
    rabbitmq_username=rusername #any valid string
    rabbitmq_password=rpassword #any valid string

    # Password to access KeyStore
    keystore_password=admin123 #Password used to access keystore

    # All secret config files should be under resources/cert directory

    # Certificate secrets
    gravitant_certificate=grav.crt #Place it under resources/cert directory
    gravitant_key=grav.key #Place it under resources/cert directory
    cm_keystore=cloudMatrix.keystore #Place it under resources/cert directory
    maria_dev_certificate=maria_dev.crt #Place it under resources/cert directory
    maria_dev_key=maria_dev.key #Place it under resources/cert directory
    rootCA_pem=rootCA.pem #Place it under resources/cert directory

    # Credentials to access s3
    s3_url=https://dummy.net
    s3_access_key_id=dummy #any valid string
    s3_access_key_secret=dummy #any valid string
    s3_encryption_passphrase=dummy

    # Secrets to access MariaDB, mysql_username should be 'root' , please do not change the mysql_username
    mysql_username=root
    mysql_password=mpassword

    # slack url
    slack_URL=https://dummysl.net

    ccam_properties

    7. Move to scripts folder

        cd .. & cd scripts

    8. Create namespace and secrets by executing the script

        sh preCCAM.sh -c -f preCCAM.properties

    ccam_secrets

     

    All secrets required by IBM Cloud Cost and Asset Management created successfully

  10. Load the charts and images to ICP repository

     1. Login to ICP cluster

    ¬† ¬† cloudctl login -a https://9.30.94.145:8443 –skip-ssl-validation

    login_cam

    2. Load the ppa archive

    ¬† ¬† cloudctl catalog load-ppa-archive –archive ibm-cloud-cost-asset-mgmt-prod-3.1.2.tar.gz

    cam_ppa_1-1

    cam_ppa_2

    cam_ppa_3

     

    Images and Charts loaded to IBM Cloud Private repository successfully

  11. Create the persistent volume required by IBM Cloud Cost and Asset Management

    1. Login to the ICP Console

    2. Click Create resource  option available in the right side

    3. Copy & paste the content for creating the persistent volume for camdata from the link  and update the folder name and click create

    kind: PersistentVolume
    apiVersion: v1
    metadata:
      name: cam-data-pv0
      labels:
        type: cam-data
    spec:
      storageClassName: standard 
      capacity:
        storage: 20Gi
      accessModes:
        - ReadWriteMany
      nfs:
        server: mycluster.icp
        path: /export/cam_data

    cam_data_pv

    4. Copy & paste the content for creating the persistent volume for rabbitmq from the link and update the folder name and click create

    kind: PersistentVolume
    apiVersion: v1
    metadata:
      name: cam-rabbitmq-pv0
      labels:
        type: cam-rabbitmq
    spec:
      storageClassName: standard 
      capacity:
        storage: 20Gi
      accessModes:
        - ReadWriteMany
      nfs:
        server: mycluster.icp
        path: /export/cam_rabbitmq

    cam_rabbitmq_pv

    5. Copy & paste the content for creating the persistent volume for mariadb from the link and update the folder name and click create

    kind: PersistentVolume
    apiVersion: v1
    metadata:
      name: mariadb-data-pv0
      labels:
        type: mariadb-data
    spec:
      storageClassName: standard 
      capacity:
        storage: 20Gi
      accessModes:
        - ReadWriteMany
      nfs:
        server: mycluster.icp
        path: /export/mariadb_data

    cam_mariadb_pv

    6. Copy & paste the content for creating the persistent volume for mariadb_backup from the link and update the folder name and click create


    kind: PersistentVolume
    apiVersion: v1
    metadata:
      name: mariadb-backup-pv0
      labels:
        type: mariadb-backup
    spec:
      storageClassName: standard 
      capacity:
        storage: 20Gi
      accessModes:
        - ReadWriteMany
      nfs:
        server: mycluster.icp
        path: /export/mariadb_backup_data

    cam_mariadb_backup_pv

    7. Copy & paste the content for creating the persistent volume for mariadb_tmp from the link and update the folder name and click create

    kind: PersistentVolume
    apiVersion: v1
    metadata:
      name: mariadb-tmp-pv0
      labels:
        type: mariadb-tmp
    spec:
      storageClassName: standard 
      capacity:
        storage: 20Gi
      accessModes:
        - ReadWriteMany
      nfs:
        server: mycluster.icp
        path: /export/mariadb_tmp_data

    cam_mariadb_tmp_pv

    8.  Check the persistent volume status by clicking the Menu in the left side > Platform > Storage

    cam_pv

     

    All persistent volumes required by IBM Cloud Cost and Asset Management has been created successfully

  12. Install IBM Cloud Cost and Asset Management

    1. Click catalog in the right side of the screen

    2. Search for cost

    catalog_cost

    3. Click ibm-cloud-cost-asset-mgmt-prod charts

    cost_configure1

    4. Click configure and provide the Helm release name, click the License agreement checkbox and select Target namespace

    cost_configure2

    5. Provide the mandatory parameter values

    cost_configure3

    6. Check the installation status in the command line

    ¬† ¬† helm status demo-cam –tls

     cam_status_1

    cam_status_2

    cam_status_3

     IBM Cloud Cost and Asset Management has been deployed successfully

  13. Execute post install script

    Scripts and properties files are supplied as part of pre-post-install.tar file to perform bootstrap process

    1. Go to pre-post-install/ibm-cloud-cost-asset-mgmt-prod/post-install/resources/ folder

        cd pre-post-install/ibm-cloud-cost-asset-mgmt-prod/post-install/resources/

    2. Edit post-install.properties file and add appropriate values and save the file

       vi post-install.properties

    cam_post_prop

    3. Execute the post-install script 

      sh post-install.sh -f post-install.properties

    cam_post_1

    cam_post_2

    cam_post_3

    IBM Cloud Cost and Asset Management bootstrap completed successfully

  14. Import usergroup and users from LDAP

    1. Login to ICP Console

    2. From the menu in the left side Manage > Identity & Access > Teams

       iccam_team_1

    3. Click Create team and provide Team name and select LDAP domain and select the user group and click Create

    iccam_team_2

    4. Select Users and Click Add Users

    iccam_users_1

     

    5. Select LDAP and search for the user and select the user and assign Administrator role

    iccam_users_2

  15. Login to Cost and Asset Management UI

    1. Login to IBM Cloud Cost and Asset Management UI

        https://9.30.94.145:30080

        It will take you to ICP login page, provide the credentials and login

     cam_login_1

    2. Click the check box Turn off bootstrap mode and click Submit

    cam_bootstrap

     

    3. Read Privacy Notices and click OKcam_welcome

    4. Click Let’s Get Started

    cam_welcome_2

    5. In the User Management page select the Eclipsis in the right end of the team and click Edit 

    cam_userm_1

     

    6.  Select Roles and Click Assign Roles

    cam_assign

     

    7. User needs CAM Admin privileges to perform CAM Operations, so in the Role Name drop down select CAM Admin

    cam_admin

    8. Click Assign

    cam_assign_role

    9. Click the login username in the screen and click Logout

    10. Click Log in to CAM and login again

    cam_provider

     

    Provider & Accounts page is displayed. IBM Cloud Cost and Asset Management system is ready for use now. Start adding providers and govern them 

  16. Watch the video

    1. Watch the video “IBM Cloud Cost and Asset Management on IBM Cloud Private”¬† for installing¬†IBM Cloud Cost and Asset Management on IBM Cloud Private and reviewing features of¬†IBM Cloud Cost and Asset Management¬†

    https://www.youtube.com/watch?v=fNU-dqmyVY0&t=856s

  17. Additional references

    IBM Cloud Cost and Asset Management Knowledge Center

Join The Discussion