After completing this tutorial, you’ll understand how to install IBM Cloud Pak for Data on Red Hat® OpenShift® on IBM Cloud™, using a custom container registry. Then you can access IBM AI and data tools on-premises.
Prerequisites
A license to install from IBM Passport Advantage:
To install IBM Cloud Pak for Data, you’ll need a license to access binaries on IBM Passport Advantage. If you don’t have a license use Cloud Pak for Data Experience instead, which grants a user access to a Cloud Pak for Data cluster for one week, and follow one of our code patterns.
An OpenShift cluster:
We want to run IBM Cloud Pak for Data on OpenShift, so we need an OpenShift cluster. We decided to provision a Red Hat OpenShift on IBM Cloud cluster from IBM Cloud. It only takes a few minutes before you can log into the console. According the official documentation The minimum requirements for the cluster is at least 3 workers, 16 VCPUs, and 64 GB RAM. We opted for a beefier set up and used 128 GB RAM, keeping the workers and VCPUs the same.
| OpenShift Cluster Options | OpenShift Cluster Overview |
|---|---|
 |
 |
A Linux box
The IBM Cloud Pak for Data install binaries need to be run on a Linux box (we tried on a Mac and ran into issues so we don’t recommend that). We provisioned a VM on IBM Cloud with RHEL 7 and the following specs: 4 CPUs, 16 GB RAM, 100 GB of boot disk, and added another 500 GB of storage (mounted on /ibm). We also used the Minimal configuration, not the LAMP stack.
Here are our machine details
[root@aida-vm-raft ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 3.9G 8.6M 3.9G 1% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/xvda2 98G 3.3G 90G 4% /
/dev/xvda1 976M 165M 760M 18% /boot
tmpfs 782M 0 782M 0% /run/user/0
/dev/xvdc1 493G 97G 371G 21% /ibm
[root@aida-vm-raft ~]# uname -a
Linux aida-vm-raft.IBM.cloud 3.10.0-1062.el7.x86_64 #1 SMP Thu Jul 18 20:25:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@aida-vm-raft ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.7 (Maipo)
If you’re like me, and haven’t had to partition and mount a drive in a while, here’s what we did to mount our secondary drive (/dev/xvdc1), while using this guide as a reference.
# use parted to format /dev/xvdc1
# mkfs.ext3
# mount /dev/xvdc1 /ibm
# edit /etc/fstab
Tools to install on a Linux box
The following tools are used by the Cloud Pak for Data installer and need to be installed on the same host you are running the install scripts from.
The OpenShift command-line interface (CLI)
The OpenShift CLI (oc) at v3.11, which can be downloaded from the OKD page. Choose to download the oc Client Tools and follow the install instructions. We’ll be using this to communicate with our OpenShift cluster.
Alternatively, download and install the CLI with a few commands:
# wget https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
# gzip -d openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
# tar -xvf openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar
# cd openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit
# cp kubectl oc /usr/local/bin/
The IBM Cloud CLI
The IBM Cloud CLI (ibmcloud) (at the latest version). We’ll be using this to talk to our IBM Container Registry. It can be installed with a single command.
curl -sL https://ibm.biz/idt-installer | bash
A yum update
At this point it would be a good idea to do a yum update.
yum update
Docker runtime
We’ll need the Docker runtime at v1.13.1, we’ll need to update our yum conifg to install older versions of Docker. We followed this guide and summarized the main steps in the code block below.
rpm --import "https://sks-keyservers.net/pks/lookup?op=get&search=0xee6d536cf7dc86e2d7d56f59a178ac6c6238f52e"
yum install -y yum-utils
yum-config-manager --add-repo https://packages.docker.com/1.13/yum/repo/main/centos/7
yum install docker-engine-1.13.1.cs1-1.el7.centos
systemctl enable docker.service
systemctl start docker.service
docker info
What we used
Here’s a quick snapshot of tools we used and their various versions.
[root@aida-vm-raft ~]# ibmcloud --version
ibmcloud version 0.18.1+09d36ed-2019-08-19T08:23:11+00:00
[root@aida-vm-raft ~]# docker --version
Docker version 1.13.1-cs1, build 8709b81
[root@aida-vm-raft ~]# oc version
oc v3.11.0+0cbc58b
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO
Server https://c100-e.us-south.containers.cloud.ibm.com:31921
openshift v3.11.135
kubernetes v1.11.0+d4cacc0
Okay, now that we’re done with our pre-requisites, let’s get to installing IBM Cloud Pak for Data.
Estimated time
Completing this tutorial should take about 3 – 4 hours.
Step 1: Installing IBM Cloud Pak for Data
In this section we’ll talk about getting the install images, configuring the tools we installed, and running the installer.
Getting IBM Cloud Pak for Data install files
Depending on the version of IBM Cloud Pak for Data you are able to download, it should come with various .bin (binary) files. Here are the files that came in our eAssembly which was downloaded to our local machine. These files were only a few MB in size.
stevemar$ ls
db2whse_for_icp4d_x86_V3.7.1.bin IBMDb2zOSConnector_V2.1.0.1.bin ICP4DATA_Conf_Map_Gen_BPS_1.0.bin
ICP4Data_streams_V5.1.0.1.bin ICP4DATA_V2.1.0.1_AnalyticsEnv.bin ICP4DATA_V2.1.0.1_DV.bin
ICP4DATA_V2.1.0.1_WML.bin ICP4D_ENT_INC_ICP_x86_V2.1.0.1.bin ICP4D_ENT_Req_ICP_x86_V2.1.0.1.bin
WKC_for_ICP4D_V2.0.bin
The table below provides a brief description for each file name that was in our eAssemnbly. For this section of the guide we’re only interested in ICP4D_ENT_INC_ICP_x86_V2.1.0.1.bin. We’ll explore the other files in the section labelled Installing Cloud Pak for Data (add-ons).
| File | Description |
|---|---|
| db2whse_for_icp4d_x86_V3.7.1.bin | Db2 Warehouse add-on |
| IBMDb2zOSConnector_V2.1.0.1.bin | Db2 Connector for z/OS add-on |
| ICP4DATA_Conf_Map_Gen_BPS_1.0.bin | Config Map Generator add-on |
| ICP4Data_streams_V5.1.0.1.bin | Streams add-on |
| ICP4DATA_V2.1.0.1_AnalyticsEnv.bin | Additional notebook environments add-on |
| ICP4DATA_V2.1.0.1_DV.bin | Data Virtualization add-on |
| ICP4DATA_V2.1.0.1_WML.bin | Watson Machine Learning add-on |
| ICP4D_ENT_INC_ICP_x86_V2.1.0.1.bin | Base Cloud Pak for Data |
| ICP4D_ENT_Req_ICP_x86_V2.1.0.1.bin | Base Cloud Pak for Data, requires ICP already exists |
| WKC_for_ICP4D_V2.0.bin | Watson Knowlege Catalog add-on |
After the files are on your local device move them to a Linux box. In our case we moved them to our VM using sftp.
stevemar$ sftp root@ip.of.your.vm
Connected to root@ip.of.your.vm
sftp> put *.bin
Ensure the files are executable.
[root@aida-vm-raft ~]# chmod +x *.bin
Before we run these files we need to configure the underlying tools we installed earlier. Let’s get to that.
Configure OpenShift, IBM Cloud, and Helm CLIs
For the install scripts to work we need to configure OpenShift CLI to talk to our cluster, IBM Cloud to store our containers, and Helm to manage the deployments on OpenShift.
Configure OpenShift CLI
Copy the oc login command by launching the OpenShift console and selecting the Copy Login Command from the user profile menu.
| OpenShift Launch Console | Copy Login Command |
|---|---|
 |
 |
Run the copied oc login command in a terminal:
$ oc login https://c100-e.us-south.containers.cloud.ibm.com:30258 --token=some_token_from_the_openshift_console
Logged into "https://c100-e.us-south.containers.cloud.ibm.com:30258" as "IAM#stevemar@ca.ibm.com" using the token provided.
You have access to the following projects and can switch between them with 'oc project <projectname>':
* default
ibm-cert-store
ibm-system
kube-proxy-and-dns
kube-public
kube-service-catalog
kube-system
openshift
openshift-ansible-service-broker
openshift-console
openshift-infra
openshift-monitoring
openshift-node
openshift-template-service-broker
openshift-web-console
Using project "default".
Try running oc gets pods to ensure everything is working as expected.
$ oc get pods
NAME READY STATUS RESTARTS AGE
docker-registry-55c45555f8-7nwgn 1/1 Running 0 2h
docker-registry-55c45555f8-wsxgf 1/1 Running 0 2h
registry-console-584bc4cdb5-k6fp4 1/1 Running 0 1h
router-64d5df8b-mgkvr 1/1 Running 0 2h
router-64d5df8b-n6z76 1/1 Running 0 2h
$
Configure the Helm CLI
Helm is used to manage deployments, we’ll need to run helm init but with the --client-only flag. This will populate the ~/.helm so we can drop in our certificates.
[root@aida-vm-raft ~]# helm init --client-only
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Not installing Tiller due to 'client-only' flag having been set
The next step is to configure your Helm certs. We followed the instructions from the Helm Documentation to generate ca.pem, cert.pem, and key.pem, which were placed under ~/.helm. Here’s what our ~/.helm looked like.
[root@aida-vm-raft ~]# ls ~/.helm/
cache ca.pem cert.pem key.pem plugins repository starters
Next we’ll want to re-run our helm init command, but we’ll pass in our the newly created certificates, too.
[root@aida-vm-raft ~]# helm init --debug --tiller-tls --tiller-tls-cert cert.pem --tiller-tls-key key.pem --tiller-tls-verify --tls-ca-cert ca.pem
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Assuming this works, you’ll notice that the helm list command hangs and helm list --tls should return.
[root@aida-vm-raft ~]# helm list --debug
[debug] Created tunnel using local port: '46737'
[debug] SERVER: "127.0.0.1:46737"
^C
[root@aida-vm-raft ~]# helm list --tls --debug
[debug] Created tunnel using local port: '37671'
[debug] SERVER: "127.0.0.1:37671"
[debug] Host="", Key="/root/.helm/key.pem", Cert="/root/.helm/cert.pem", CA="/root/.helm/ca.pem"
Configure the IBM Cloud CLI
We’ll be using the IBM Cloud Container Registry of IBM Cloud, so we’ll need to login with the CLI using ibm cloud login. For our example, we pass in the --sso flag, your scenarion may be different.
[root@aida-vm-raft ~]# ibmcloud login --sso
API endpoint: https://cloud.ibm.com
Get One Time Code from https://identity-3.us-south.iam.cloud.ibm.com/identity/passcode to proceed.
Open the URL in the default browser? [Y/n] > y
One Time Code >
Authenticating...
OK
API endpoint: https://cloud.ibm.com
Region: us-south
User: stevemar@ca.ibm.com
Account: IBM
Resource group: No resource group targeted, use 'ibmcloud target -g RESOURCE_GROUP'
Set a default target group if you don’t have one:
[root@aida-vm-raft ~]# ibmcloud target -g default
Targeted resource group default
And finally log into the IBM Container Registry by running ibmcloud cr login.
[root@aida-vm-raft ~]# ibmcloud cr login
Logging in to 'us.icr.io'...
Logged in to 'us.icr.io'.
OK
Configure the IBM Container Registry
Ensure you have at least one container registry namespace you can use. In our example we have one called aida. If one does not exist, create one with ibmcloud cr namespace-add.
[root@aida-vm-raft ~]# ibmcloud cr namespace-list
Listing namespaces for account 'IBM' in registry 'us.icr.io'...
Namespace
aida
Now we want to set up our Docker runtime to talk to the new namespace and container registry. We’ll need to supply an IBM Cloud API key for this. Ensure you can see the Login Succeeded message.
[root@aida-vm-raft ~]# docker login us.icr.io/aida -u iamapikey -p apikey
Login Succeeded
Note that if you do not have an API key you can create one by using the ibmcloud iam api-key-create command.
[root@aida-vm-raft ~]# ibmcloud iam api-key-create stevemar-key -d "stevemar key" --file key.json
$ cat key.json
{
"name": "stevemar-key",
"description": "stevemar key",
"apikey": "some-api-key",
"createdAt": "2019-08-21T20:46+0000",
"locked": false,
"uuid": "some-uuid"
}
Configure OpenShift namespace and service accounts
The Cloud Pak for Data installer assumes an OpenShift namespace called zen can be used, or it’ll create one. Let’s create it, set it to be our project context.
[root@aida-vm-raft ~]# oc create ns zen
[root@aida-vm-raft ~]# oc project zen
Within our new namespace we’ll need two new service accounts: 1) tiller, which will be used by Helm, and 2) icpd-anyuid-sa which is assumed to be available by the installer.
[root@aida-vm-raft ~]# oc create sa -n zen tiller
[root@aida-vm-raft ~]# oc create sa -n zen icpd-anyuid-sa
Still within the zen namespace we want to give the deployer service account to the system:deployer role too.
[root@aida-vm-raft ~]# oc -n zen adm policy add-role-to-user -z deployer system:deployer
Next we need to create Docker registry secrets with the oc create secret command, this will allow OpenShift to pull images from the the docker namespace we created earlier. We’ll have to link these secrets to the service accounts too. You can read more about Docker registry secrets in the Kubernetes Documentation
[root@aida-vm-raft ~]# oc create secret docker-registry icp4d-anyuid-docker-pull -n zen --docker-server=us.icr.io/aida --docker-username=iamapikey --docker-password=some-api-key
[root@aida-vm-raft ~]# oc secrets -n zen link icpd-anyuid-sa icp4d-anyuid-docker-pull --for=pull
[root@aida-vm-raft ~]# oc secrets -n zen link default icp4d-anyuid-docker-pull --for=pull
Next, create a Security Context Constraint.
[root@aida-vm-raft ~]# oc create -f - << EOF
> allowHostDirVolumePlugin: false
> allowHostIPC: true
> allowHostNetwork: false
> allowHostPID: false
> allowHostPorts: false
> allowPrivilegedContainer: false
> allowedCapabilities:
> - '*'
> allowedFlexVolumes: null
> apiVersion: v1
> defaultAddCapabilities: null
> fsGroup:
> type: RunAsAny
> groups:
> - cluster-admins
> kind: SecurityContextConstraints
> metadata:
> annotations:
> kubernetes.io/description: zenuid provides all features of the restricted SCC but allows users to run with any UID and any GID.
> name: zenuid
> priority: 10
> readOnlyRootFilesystem: false
> requiredDropCapabilities: null
> runAsUser:
> type: RunAsAny
> seLinuxContext:
> type: MustRunAs
> supplementalGroups:
> type: RunAsAny
> users: []
> volumes:
> - configMap
> - downwardAPI
> - emptyDir
> - persistentVolumeClaim
> - projected
> - secret
> EOF
securitycontextconstraints.security.openshift.io "zenuid" already exists
And apply that Security Context to some of some accounts within our namespace.
[root@aida-vm-raft ~]# oc adm policy add-scc-to-user zenuid system:serviceaccount:zen:default
scc "zenuid" added to: ["system:serviceaccount:zen:default"]
[root@aida-vm-raft ~]# oc adm policy add-scc-to-user anyuid system:serviceaccount:zen:icpd-anyuid-sa
scc "anyuid" added to: ["system:serviceaccount:zen:icpd-anyuid-sa"]
[root@aida-vm-raft ~]# kubectl create clusterrolebinding admin-on-zen --clusterrole=admin --user=system:serviceaccount:zen:default -n zen
[root@aida-vm-raft ~]# oc adm policy add-cluster-role-to-user cluster-admin "system:serviceaccount:zen:icpd-anyuid-sa"
cluster role "cluster-admin" added: "system:serviceaccount:zen:icpd-anyuid-sa"
[root@aida-vm-raft ~]# oc adm policy add-cluster-role-to-user cluster-admin "system:serviceaccount:zen:default"
cluster role "cluster-admin" added: "system:serviceaccount:zen:default"
Great, now we can start using the Cloud Pak for Data install tools.
Run the IBM Cloud Pak for Data installer
This part of the tutorial is broken up into three sections:
1) Downloading official images with the install tools 2) Unzipping the downloads 3) Deploying to OpenShift
Launch the binary to download the main IBM Cloud Pak for Data images and tooling
On your Linux box, find the binaries that were uploaded and run the base installer, ./ICP4D_ENT_INC_ICP_x86_V2.1.0.1.bin, this download a tar file (40 GB!) to /ibm. This step can take some time – go ahead and grab a coffee.
[root@aida-vm-raft ~]# ./ICP4D_ENT_INC_ICP_x86_V2.1.0.1.bin
Verifying archive integrity... 100% All good.
Uncompressing ICP4D_EE 100%
***************************************************************************************************************
*** IBM Cloud Private for Data Enterprise Edition V2.1.0.1 - Includes ICP (Default Install Image) - Linux x86 ***
***************************************************************************************************************
Ready to download 'IBM Cloud Private for Data Enterprise Edition V2.1.0.1 - Includes ICP (Default Install Image) - Linux x86'? (y/n) : y
************************************************************************
Executing BIN File
************************************************************************
The /ibm/icp4d directory exists; starting the download.
Downloading the tarball to /ibm/icp4d/icp4d_ee_2.1.0.1_x86_64.tar
Downloading...
Saving to: 'icp4d_ee_2.1.0.1_x86_64.tar'
100% [==============================================================================] 44,934,594,560
Download completed.
BIN File ended cleanly
Unzip and run the IBM Cloud Pak for Data installer
Once the tar file has finished downloading untar the file and again run chmod on the file installer.x86_64.490. Note that a /ibm/icpd directory should have been created automatically in the previous step.
[root@aida-vm-raft icp4d]# pwd
/ibm/icp4d
[root@aida-vm-raft icp4d]# ls
icp4d_ee_2.1.0.1_x86_64.tar
[root@aida-vm-raft icp4d]# tar -xvf icp4d_ee_2.1.0.1_x86_64.tar
installer.x86_64.490
modules/
modules/ibm-iisee-zen-1.0.0.tar
modules/ibm-dde-0.13.19-x86_64.tar
[root@aida-vm-raft icp4d]# ls
icp4d_ee_2.1.0.1_x86_64.tar installer.x86_64.490 modules
[root@aida-vm-raft icp4d]# chmod +x installer.x86_64.490
Note that two add-ons will be untarred to the modules folder, these will be included in Cloud Pak for Data’s base install, and are described in the table below.
| File | Description |
|---|---|
| ibm-dde-0.13.19-x86_64.tar | Analytics Dashboard |
| ibm-iisee-zen-1.0.0.tar | Unified Governance and Integration |
Running the installer will bring up the following:
[root@aida-vm-raft icp4d]# ./installer.x86_64.490
The installer includes the module path '/ibm/icp4d/modules'. The following packages will be installed:
ibm-dde-0.13.19-x86_64.tar
ibm-iisee-zen-1.0.0.tar
Press Enter to confirm and continue the installation.
Thank you for using IBM Cloud Pak for Data
Installer is preparing files for the initial setup, this will take several minutes ......................
Initial setup started, log file will be located at /ibm/icp4d/InstallPackage/tmp/wdp.2019_08_22__15_29_20.log
Extracting package ibm-dde-0.13.19-x86_64.tar ...........
Extracting package ibm-iisee-zen-1.0.0.tar ..............
Removed symlink /etc/systemd/system/multi-user.target.wants/docker.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
Checking if the docker daemon is running
Cleaning up old docker images and containers if any exist
Loading the ansible docker image
Loading the web installer docker image
Running the ansible container
cd46d738112baf4e284342a653dff05115783e33af448b4156f4b6181a464242
The initial installation has completed successfully
A new folder was created in the path /ibm/icp4d/InstallPackage where we’ll now have a full suite of install tools at our disposal.
[root@aida-vm-raft ~]# cd /ibm/icp4d/InstallPackage/
[root@aida-vm-raft InstallPackage]# ls
addnode_package DockerImg k8s setting.sh wdp-min-rhel7-ppc64le.tar wdp-repo-centos7-s390x.tar
attach.sh DockerMount LICENSES template wdp-min-rhel7-s390x.tar wdp-repo-centos7-x86_64.tar
base_modules ibm-cloud-private-x86_64-3.1.2.tar.gz platform_upgrade.sh uninstall.sh wdp-min-rhel7-x86_64.tar
components icp-docker-18.09.2_x86_64.bin run_installer.sh utils wdp-min-ubuntu-xenial.tar
deploy_on_existing.sh install_docker.sh run_time_check.sh utils.sh wdp-repo-centos7-ppc64le.tar
Deploy IBM Cloud Pak for Data to OpenShift
From the /ibm/icp4d/InstallPackage/ folder we can call ./deploy_on_existing.sh to start deploying Cloud Pak for Data to our OpenShift cluster. It will push images to our IBM Container Registry and then use Helm to deploy those images in containers and pods to our OpenShift cluster.
The interactive install wizard will ask for a few specific values, here are what we used:
| Key | Value |
|---|---|
| Namespace | zen |
| Port | 31843 |
| Cluster Docker image prefix | us.icr.io/aida |
| External Docker image prefix | us.icr.io/aida |
| Storage Class Name | 14 (ibmc-file-retain-custom) |
[root@aida-vm-raft InstallPackage]# ./deploy_on_existing.sh
Checking k8s authentication...
Kubernetes is authenticated
Checking Helm authentication...
Helm is authenticated
Inform the namespace to be used on the installation: zen
Namespace: zen
Please type (Y) to accept this value or (N) to set a different namespace: y
Inform the console port to be used on the installation: 31843
Console Port: 31843
Please type (Y) to accept this value or (N) to set a different console port: y
Cluster docker image prefix = The registry prefix of the docker image used by the cluster to pull the images
External docker image prefix = The registry prefix of the docker image used to push the images to. It will be the same as the above when installing from a cluster node.
Cluster docker image prefix: us.icr.io/aida
External docker image prefix (Press Enter to use the same value as above):
Docker Image Prefix Address: us.icr.io/aida
External Docker Image Prefix Address: us.icr.io/aida
Please type (Y) to procede or (N) to select different registry addresses: y
Verifying the prefix via the docker push command...
Registry us.icr.io/aida push successful
Provide the storage information:
Storage Class Name:
1) default 11) ibmc-file-custom
2) ibmc-block-bronze 12) ibmc-file-gold
3) ibmc-block-custom 13) ibmc-file-retain-bronze
4) ibmc-block-gold 14) ibmc-file-retain-custom
5) ibmc-block-retain-bronze 15) ibmc-file-retain-gold
6) ibmc-block-retain-custom 16) ibmc-file-retain-silver
7) ibmc-block-retain-gold 17) ibmc-file-silver
8) ibmc-block-retain-silver 18) NFS
9) ibmc-block-silver 19) No dynamic provisioning
10) ibmc-file-bronze
#? 14
Storage Class Name: ibmc-file-retain-custom
Please type (Y) to accept this value or (N) to select a different storage class: y
The following environments variables will be used during the installation:
-----------------------------------------------------------------------------
namespace: zen
Console Port: 31843
clusterDockerImagePrefix: us.icr.io/aida
externalDockerImagePrefix: us.icr.io/aida
useDynamicProvisioning: true
storageClassName: ibmc-file-retain-custom
-----------------------------------------------------------------------------
If these values are not correct, type N to go back and change it.
Please type (Y) to proceed or (N) to exit the installation: y
Docker version found: 1.13.1-cs1
Docker config file found: /root/.docker/config.json
Kubernete version found: Server Version: v1.11.0+d4cacc0
Kubernete config file found: /root/.kube/config
kubectl is working
Openshift binary found: oc v3.11.0+0cbc58b
Load and push all modules images ...
Load and push 0005-boot images
Loading images
/ibm/icp4d/InstallPackage/components/../base_modules/0005-boot/images
Loaded Images [==============================================================================] 16s (2/2) done
Pushed Images [==============================================================================] 19s (2/2) done
Load and push 0010-infra images
Loading images
/ibm/icp4d/InstallPackage/components/../base_modules/0010-infra/images
Loaded Images [==============================================================================] 31s (5/5) done
Pushed Images [==============================================================================] 33s (5/5) done
Load and push 0015-setup images
Loading images
/ibm/icp4d/InstallPackage/components/../base_modules/0015-setup/images
Loaded Images [==============================================================================] 11s (1/1) done
Pushed Images [==============================================================================] 13s (1/1) done
Load and push 0020-core images
Loading images
/ibm/icp4d/InstallPackage/components/../base_modules/0020-core/images
Loaded Images [==============================================================================] 24s (10/10) done
Pushed Images [==============================================================================] 26s (10/10) done
Load and push 0030-admindash images
Loading images
/ibm/icp4d/InstallPackage/components/../base_modules/0030-admindash/images
Loaded Images [==============================================================================] 12s (3/3) done
Pushed Images [===================================================>--------------------------] 14s (2/3) 67 %
Load and push 0040-dsx-base images
Loading images
/ibm/icp4d/InstallPackage/components/../base_modules/0040-dsx-base/images
Loaded Images [==============================================================================] 31s (10/10) done
Pushed Images [==============================================================================] 35s (10/10) done
Load and push 0050-jupyter-py36 images
Loading images
/ibm/icp4d/InstallPackage/components/../base_modules/0050-jupyter-py36/images
Loaded Images [==============================================================================] 2m18s (1/1) done
Pushed Images [==============================================================================] 2m19s (1/1) done
Load and push daas images
Loading images
/ibm/icp4d/InstallPackage/components/../modules/daas/images
Loaded Images [==============================================================================] 26s (4/4) done
Pushed Images [==============================================================================] 29s (4/4) done
Load and push ibm-iisee-zen:1.0.0 images
Loading images
/ibm/icp4d/InstallPackage/components/../modules/ibm-iisee-zen:1.0.0/images
Loaded Images [==============================================================================] 4m17s (35/35) done
Pushed Images [==============================================================================] 4m19s (35/35) done
Creating configmap install-info for the namespace zen
configmap/install-info created
Installing base module 0005-boot...
secret/sa-zen created
kubectl patch sa default -n zen -p '{"imagePullSecrets":[{"name":"sa-zen"}]}'
serviceaccount/default patched
Starting the installation ...
Package Release zen-0005-boot installed.
Pods: [------------------------------------------------------------------------------] 10m23s (0/1) 0 %
Pods: [------------------------------------------------------------------------------] 10m24s (0/1) 0 %
Pods: [------------------------------------------------------------------------------] 10m24s (0/1) 0 %
Pods: [------------------------------------------------------------------------------] 10m24s (0/1) 0 %
Pods: [------------------------------------------------------------------------------] 10m32s (0/1) 0 %
Pods: [------------------------------------------------------------------------------] 10m34s (0/1) 0 %
Pods: [==============================================================================] 20m54s (1/1) done
PVCs: [==============================================================================] 2m1s (1/1) done
Deployments: [==============================================================================] 20m54s (1/1) done
The deploy script finished successfully
Installing base module 0010-infra...
error: server took too long to respond with version information.
Starting the installation ...
Package Release zen-0010-infra installed.
Pods: [==============================================================================] 6m45s (11/11) done
PVCs: [==============================================================================] 4m13s (7/7) done
Deployments: [==============================================================================] 6m44s (4/4) done
StatefulSets: [==============================================================================] 4m53s (1/1) done
Jobs: [==============================================================================] 4m2s (2/2) done
The deploy script finished successfully
Installing base module 0015-setup...
Starting the installation ...
Package Release zen-0015-setup100 installed.
Pods: [==============================================================================] 1m31s (5/5) done
Deployments: [==============================================================================] 1m31s (1/1) done
Jobs: [==============================================================================] 40s (2/2) done
The deploy script finished successfully
Installing base module 0020-core...
Starting the installation ...
Package Release zen-0020-core installed.
Pods: [==============================================================================] 3m17s (18/18) done
Deployments: [==============================================================================] 3m17s (9/9) done
Jobs: [==============================================================================] 2m6s (2/2) done
The deploy script finished successfully
Installing base module 0040-dsx-base...
Starting the installation ...
Package Release zen-0040-dsx-base installed.
Pods: [==============================================================================] 1m47s (13/13) done
Deployments: [==============================================================================] 1m51s (6/6) done
Jobs: [==============================================================================] 0s (2/2) done
The deploy script finished successfully
Installing base module 0050-jupyter-py36...
Starting the installation ...
Package Release zen-0050-jupyter-py36 installed.
Pods: [==============================================================================] 7m31s (7/7) done
Deployments: [==============================================================================] 7m34s (4/4) done
Jobs: [==============================================================================] 6m23s (1/1) done
The deploy script finished successfully
Installing module daas...
Starting the installation ...
Package Release zen-cognos-dde installed.
Pods: [==============================================================================] 5m24s (3/3) done
PVCs: [==============================================================================] 1m41s (2/2) done
Deployments: [==============================================================================] 5m23s (3/3) done
service/zendaasproxy exposed
deployment.extensions/dsx-core patched
The deploy script finished successfully
Installing module ibm-iisee-zen:1.0.0...
Starting the installation ...
Package Release zen-ibm-iisee-zen100 installed.
Pods: [==========================================================================>---] 2m11s (29/30) 97 %
PVCs: [==============================================================================] 0s (7/7) done
Deployments: [=========================================================================>----] 2m11s (19/20) 95 %
StatefulSets: [==============================================================================] 0s (11/11) done
Jobs: [==============================================================================] 0s (1/1) done
If all goes well, then all Pods, Persistent Volume Claims, Deployments, Stateful Sets, and Jobs will be successful. Check your OpenShift cluster periodically to see if any pods are stuck or in an error state.
Gotchas
Watch out for the following issues.
The Solr, Cassandra, and Kafa pods are failing
We ran into issues where the pods: solr-data-solr-0, kafka-data-kafka-0, and cassandra-data-cassandra-0 were failing. We resolved this issue by changing the storage class from ibmc-file-retain-custom to ibmc-block-retain-custom for those specific pods. Here’s how we did it:
Remove the link from the volume claim to the running pod:
kubectl patch pvc solr-data-solr-0 -p '{"metadata":{"finalizers": []}}' --type=mergeDelete the volume claim.
oc delete pvc solr-data-solr-0Repeat these steps for all three affected services:
Back in the OpenShift console, go to the Storage tab and create three new persistent volume claims with the following settings:
| Name | Storage Class | Size | Access | | —- | ————- | —- | —— | |
cassandra-data-cassandra-0|ibmc-block-retain-custom| 90Gi | ReadWriteOnce | |kafka-data-kafka-0|ibmc-block-retain-custom| 20Gi | ReadWriteOnce | |solr-data-solr-0|ibmc-block-retain-custom| 30Gi | ReadWriteOnce |
Redeploying a specific chart
At one point the ibm-iisee-zen package had failed to deploy and timed out. Rather than calling deploy_on_existing.sh and starting from the beginning you can simply called ./deploy.sh and point to a specific folder or file.
[root@aida-vm-raft InstallPackage]# ./deploy.sh ../modules/ibm-iisee-zen\:1.0.0/
Create a route to reach the IBM Cloud Pak for Data console
The last step is to expose the Cloud Pak for Data console. This can be done via a Route. Admittedly, this step was surprising as the previous guide had created the route automatically. With this approach we have to create one ourselves, luckily it’s pretty easy.
Go to Applications > Routes and choose to create a new one
Give it the name
cp4data-console, bind it to theibm-nginx-svcservice, and choose to secure the route with the Passthrough option for TLS Termination.![create-route-options]()
The route should be created quickly and a link provided in the overview page.
![route-overview]()
Click the route to launch Cloud Pak for Data! By default the username and password are
adminandpassword.![icp4d-login]()
Congratulations, you have installed IBM Cloud Pak for Data.
Step 2: Installing IBM Cloud Pak for Data (add-ons)
Now that we’ve installed the base version of Cloud Pak for Data it’s time to install a few add-ons. Since we went through all the set up earlier we should be able to install a few powerful add-ons with relatively minimal effort. For this guide we’ll install the Watson Machine Learning add-on, and the Data Refinery add-on.
Installing Watson Machine Learning
Watson Machine Learning build and deploys machine learning models which can be accessed via a RESTful API call.
Launch the binary to download the main Watson Machine Learning image
To begin, we execute the ICP4DATA_V2.1.0.1_WML.bin binary file. That will begin downloading a tar file to /ibm/modules.
[root@aida-vm-raft ~]# ./ICP4DATA_V2.1.0.1_WML.bin
Verifying archive integrity... 100% All good.
Uncompressing WML 100%
****************************************************************************
******** IBM Cloud Private for Data V2.1.0.1- Watson Machine Learning ********
****************************************************************************
Ready to download 'IBM Cloud Private for Data V2.1.0.1- Watson Machine Learning'? (y/n) : y
************************************************************************
Executing BIN File
************************************************************************
Directory exists, start downloading…
Downloading the tarball to /ibm/modules/watson_machine_learning.tar
Downloading...
Download completed.
BIN File ended cleanly
Deploy Watson Machine Learning to OpenShift
Once the tar file is finished downloading we can run deploy.sh and pass in the new tar file. A familiar interactive install wizard will ask for a specific values, here are what we used:
| Key | Value |
|---|---|
| Namespace | zen |
| Port | 31843 |
| Cluster Docker image prefix | us.icr.io/aida |
| External Docker image prefix | us.icr.io/aida |
| Storage Class Name | 14 (ibmc-file-retain-custom) |
[root@aida-vm-raft ~]# cd /ibm/icp4d/InstallPackage/components/
[root@aida-vm-raft components]# ./deploy.sh /ibm/modules/watson_machine_learning.tar
Target is a tar file. Extracting right now ...................................
Checking k8s authentication...
Kubernetes is authenticated
Checking Helm authentication...
Helm is authenticated
Namespace: zen
Please type (Y) to accept this value or (N) to set a different namespace: y
Docker Image Prefix Address: us.icr.io/aida
External Docker Image Prefix Address: us.icr.io/aida
Please type (Y) to procede or (N) to select different registry addresses: y
Verifying the prefix via the docker push command...
e17133b79956: Loading layer [==================================================>] 744.4 kB/744.4 kB
Loaded image: pause:3.1
Registry us.icr.io/aida push successful
Provide the storage information:
Storage Class Name: ibmc-block-retain-custom
Please type (Y) to accept this value or (N) to select a different storage class: y
The following environments variables will be used during the installation:
-----------------------------------------------------------------------------
namespace: zen
clusterDockerImagePrefix: us.icr.io/aida
externalDockerImagePrefix: us.icr.io/aida
useDynamicProvisioning: true
storageClassName: ibmc-block-retain-custom
-----------------------------------------------------------------------------
If these values are not correct, type N to go back and change it.
Please type (Y) to proceed or (N) to exit the installation: y
Docker version found: 1.13.1-cs1
Docker config file found: /root/.docker/config.json
Kubernete version found: Server Version: v1.11.0+d4cacc0
Kubernete config file found: /root/.kube/config
kubectl is working
HELM_HOME set to: /root/.helm
Tiller pod found.
Loading images
/ibm/icp4d/InstallPackage/modules/wml//images
Loaded Images [==============================================================================] 16m51s (17/17) done
Pushed Images [==============================================================================] 23m37s (17/17) done
Deploying the chart as name wml
Running command: /ibm/icp4d/InstallPackage/components/dpctl --config /ibm/icp4d/InstallPackage/components/install.yaml helm rewriteChart -i /ibm/icp4d/InstallPackage/modules/wml//charts/*.tgz -o /ibm/icp4d/InstallPackage/modules/wml//charts/updated_wml.tgz
Running command: /ibm/icp4d/InstallPackage/components/dpctl --config /ibm/icp4d/InstallPackage/components/install.yaml helm installChart -f /ibm/icp4d/InstallPackage/components/global.yaml -r zen-wml -n zen -c /ibm/icp4d/InstallPackage/modules/wml//charts/updated_wml.tgz
Starting the installation ...
Package Release zen-wml installed.
Running command: /ibm/icp4d/InstallPackage/components/dpctl --config /ibm/icp4d/InstallPackage/components/install.yaml helm waitChartReady -r zen-wml -t 60
Pods: [==============================================================================] 58m7s (13/13) done
PVCs: [==============================================================================] 53m39s (1/1) done
Deployments: [==============================================================================] 58m6s (5/5) done
StatefulSets: [==============================================================================] 6m24s (2/2) done
The deploy script finished successfully
If all goes well, then all Pods, Persistent Volume Claims, Deployments, Stateful Sets, and Jobs will be successful. Check your OpenShift cluster periodically to see if any pods are stuck or in an error state.
Verify Watson Machine Learning is available
The fastest way to check if Watson Machine Learning is enabled is by going to the catalog in the upper-right hand corner and looking for the Watson Machine Learning tile.
Once a model is created the model can be viewed by looking at a project’s assets. Scoring data against the model is also available through the web console.
| Model overview | Model scoring |
|---|---|
| 
Installing Data Refinery
Data Refinery allows users to analyze local data sets, so you can refine the data by cleansing and shaping it.
NOTE: Data Refinery is a premium add-on and availability depends on the Cloud Pak for Data license.
Launch the binary to download the main Data Refinery image
To begin, we execute the WSPre_Data_Refinery_V1.2.1.1.bin binary file. That will begin downloading a tar file to /ibm/modules.
[root@aida-vm-raft ~]# ./WSPre_Data_Refinery_V1.2.1.1.bin
Deploy Data Refinery to OpenShift
Once the tar file is finished downloading we can run deploy.sh and pass in the new tar file. A familiar interactive install wizard will ask for a specific values, here are what we used:
| Key | Value |
|---|---|
| Namespace | zen |
| Port | 31843 |
| Cluster Docker image prefix | us.icr.io/aida |
| External Docker image prefix | us.icr.io/aida |
| Storage Class Name | 14 (ibmc-file-retain-custom) |
[root@aida-vm-raft ibm]# cd icp4d/InstallPackage/components/
[root@aida-vm-raft components]# ./deploy.sh /ibm/modules/data_refinery.tar
Target is a tar file. Extracting right now ...
Checking k8s authentication...
Kubernetes is authenticated
Checking Helm authentication...
Helm is authenticated
Namespace: zen
Please type (Y) to accept this value or (N) to set a different namespace: y
Docker Image Prefix Address: us.icr.io/aida
External Docker Image Prefix Address: us.icr.io/aida
Please type (Y) to procede or (N) to select different registry addresses: y
Verifying the prefix via the docker push command...
Registry us.icr.io/aida push successfull
Provide the storage information:
Storage Class Name: ibmc-file-retain-custom
Please type (Y) to accept this value or (N) to select a different storage class: y
The following environments variables will be used during the installation:
-----------------------------------------------------------------------------
namespace: zen
clusterDockerImagePrefix: us.icr.io/aida
externalDockerImagePrefix: us.icr.io/aida
useDynamicProvisioning: true
storageClassName: ibmc-file-retain-custom
-----------------------------------------------------------------------------
If these values are not correct, type N to go back and change it.
Please type (Y) to proceed or (N) to exit the installation: y
Docker version found: 1.13.1-cs1
Docker config file found: /root/.docker/config.json
Kuberneteis version found: Server Version: v1.11.0+d4cacc0
Kubernetes config file found: /root/.kube/config
kubectl is working
HELM_HOME set to: /root/.helm
Tiller pod found.
Loading images
/ibm/icp4d/InstallPackage/modules/0190-shaper//images
Loaded Images [==============================================================================] 1m24s (1/1) done
Pushed Images [==============================================================================] 3m1s (1/1) done
Deploying the chart as name 0190-shaper
Running command: /ibm/icp4d/InstallPackage/components/dpctl --config /ibm/icp4d/InstallPackage/components/install.yaml helm rewriteChart -i /ibm/icp4d/InstallPackage/modules/0190-shaper//charts/*.tgz -o /ibm/icp4d/InstallPackage/modules/0190-shaper//charts/updated_0190-shaper.tgz
Running command: /ibm/icp4d/InstallPackage/components/dpctl --config /ibm/icp4d/InstallPackage/components/install.yaml helm installChart -f /ibm/icp4d/InstallPackage/components/global.yaml -f /ibm/icp4d/InstallPackage/modules/0190-shaper//icp4d-override.yaml -r zen-0190-shaper -n zen -c /ibm/icp4d/InstallPackage/modules/0190-shaper//charts/updated_0190-shaper.tgz
Starting the installation ...
Package Release zen-0190-shaper installed.
Running command: /ibm/icp4d/InstallPackage/components/dpctl --config /ibm/icp4d/InstallPackage/components/install.yaml helm waitChartReady -r zen-0190-shaper -t 60
Pods: [------------------------------------------------------------------------------] 1m38s (0/3) 0 %
Jobs: [------------------------------------------------------------------------------] 1m37s (0/1) 0 %
If all goes well, then all Pods, Persistent Volume Claims, Deployments, Stateful Sets, and Jobs will be successful. Check your OpenShift cluster periodically to see if any pods are stuck or in an error state.
Verify Data Refinery is available
Aside from looking in the catalog, the quickest way to ensure Data Refinery is available is to click on the context menu for a data set and select the “Explore and Refine” option. Scoring data against the model is also available through the web console.
| Launch Data Refinery | Data Refinery Tooling |
|---|---|
| 
Gotchas (for installing add-ons)
Watch out for the following issues. Here’s what we learned.
Running out of space on our VM
Some of the pods were failing to deploy because we ran out of space on our Linux box. To resolve this we cleaned up any lingering Docker images with docker system prune. This freed up a bunch of space and got us past our issue.
docker system prune --all
Watson Machine Learning volume claim required ReadWriteMany access
We also ran into an issue where the the volume for Watson Machine Learning (wml-repo-pvc) required ReadWriteMany access, but the selected Block Storage class didn’t support that. Here was the error message:
ProvisioningFailed 52m (x3 over 53m) ibm.io/ibmc-block_ibmcloud-block-storage-plugin-260f18665e1d failed to provision volume with StorageClass "ibmc-block-retain-custom":
"ReadWriteMany" is an unsupported access mode. Block Storage supports only 'ReadWriteOnce' mode
We ended up unlocking the volume, deleting it, and re-creating it with the File Storage class.
[root@aida-vm-raft ibm]# kubectl patch pvc wml-repo-pvc -p '{"metadata":{"finalizers": []}}' --type=merge
persistentvolumeclaim/wml-repo-pvc patched
[root@aida-vm-raft ibm]# oc delete pvc wml-repo-pvc
persistentvolumeclaim "wml-repo-pvc" deleted
Back in the OpenShift console, go to the Storage tab and create a new volumes with the following settings:
| name | storage class | size | access |
|---|---|---|---|
wml-repo-pvc |
ibmc-file-retain-custom |
90Gi | ReadWriteMany |
To resume the deployment process run:
./deploy.sh /ibm/modules/watson_machine_learning.tar
Summary
Now that you’ve installed IBM Cloud Pak for Data on Red Hat OpenShift using a custom container registry, you can try out our IBM Cloud Pak for Data code pattern to get started on your AI journey.