IBM Cloud Automation Manager 3.1 delivers improved offline installation experience

Posted byhvanrunPosted inUncategorized

Originally posted on IBM Developer blog “IBM Cloud Best Practices from the Field” by Hendrik van Run on 17 October April 2018 (1540 visits)

IBM Cloud Automation Manager (CAM) is an offering to simplify the orchestration of cloud resources. It uses Terraform providers to interact with a variety of resources providers, for example VMware, IBM Cloud and AWS to provision Virtual Machines (which can either be on-premises or off-premises). But the power of Terraform is the rich set of Terraform providers, allowing you to integrate with a variety of other resources. For example Kubernetes, IBM UrbanCode Deploy or BigIp F5 load balancers.

CAM runs on top of IBM Cloud Private (ICP), an offering that provides a supported Kubernetes cluster that can be deployed on- or off-premises. As part of your CAM license, you are entitled to install and run IBM Cloud Private native edition. One challenge that a number of on-premises CAM clients have been facing is that CAM was originally designed with the assumption that it would always have outbound access to the internet. However many clients either do not tolerate outbound traffic at all, or only allow traffic to a set of whitelisted domains through an outbound proxy. This was a problem when deploying CAM as a helm chart on ICP, in particular the pod “cam-iaas” would not be set to ready for quite some time.

-bash-4.2# kubectl get pods -n services
NAME                                       READY     STATUS    RESTARTS   AGE
cam-bpd-cds-79d8d54cf4-f9dhb               1/1       Running   0          1h
cam-bpd-mariadb-5fd9c999fd-qdd9z           1/1       Running   0          1h
cam-bpd-mds-68c99dcf98-szmm7               1/1       Running   0          1h
cam-bpd-ui-7f9946f67f-j246p                1/1       Running   0          1h
cam-broker-65c85dcb9b-vk99v                1/1       Running   0          1h
cam-iaas-7f8746cc95-zlr4q                  0/1       Running   0          1h
cam-mongo-5cf6ffc5d9-mfr2f                 1/1       Running   0          1h
cam-orchestration-7d46f5b55d-bldk7         1/1       Running   0          1h
cam-portal-ui-7cc667fd56-kwdr2             1/1       Running   0          1h
cam-provider-helm-6dd8cb9994-rcdpk         1/1       Running   0          1h
cam-provider-terraform-6d55cf95f6-zwnwd    1/1       Running   0          1h
cam-proxy-594b9959f6-rswjx                 1/1       Running   0          1h
cam-service-composer-api-75fc4947b-7pdz6   1/1       Running   0          1h
cam-service-composer-ui-69fb9c4978-xgmkv   1/1       Running   0          1h
cam-tenant-api-59b5595cfb-s5jvt            1/1       Running   0          1h
cam-ui-basic-5959876cdc-fgsh9              1/1       Running   0          1h
cam-ui-connections-569d5b86fc-jx9jp        1/1       Running   0          1h
cam-ui-instances-7f6d8ff6bb-thczf          1/1       Running   0          1h
cam-ui-templates-95bd4575b-cvzz5           1/1       Running   0          1h
redis-755766755b-68xvg                     1/1       Running   0          1h

When examining the logs of the cam-iaas pod, it would attempt to download a number of terraform templates from github.com. If internet access is blocked, each of those attempts would eventually time out. However given that there are over 100 of those templates to be downloaded, it would typically take several hours until the cam-iaas pod would be running.

[2018-10-17T17:28:08.641Z] ERROR: orpheus-api-common/110 on cam-iaas: Failed to import git template from https://github.com/IBM-CAMHub-Open/starterlibrary/BlueMix/terraform/hcl/nodejs (script=load-prebuilt-content)

Now the good news is that CAM 3.1 introduces two options to considerably improve the offline installation experience. Both options are also available in CAM 2.1.0.3 FP1, which can be downloaded from IBM Fix Central here.

1. There is now a new page “Installing Cloud Automation Manager offline” available in the CAM 3.1 Knowledge Center, which explains how to optionally configure an outbound proxy. It also explains what domains have to be whitelisted, all templates that are downloaded by the cam-iaas pod are from use the api.github.com domain.

2. You can also change the behaviour of the cam-iaas pod so that it never attempts to download those terraform templates from github.com in the first place. This is useful if you cannot use an outbound proxy. The option “Optimize for offline install” of the CAM helm chart is what you would use in that case.

Note that you can also enable this flag when deploying CAM using the helm command line interface using the parameter global-offline=true:

helm install --name cam --namespace <namespace> ibm-cam-3.1.0.tgz --set global-iam.deployApiKey=<key> --set global-offline=true --tls

Note: At the time of writing, this option was not documented yet in the CAM Knowledge Center.

Leave a comment

Design a site like this with WordPress.com
Get started