Deploy Mobile Foundation on Red Hat OpenShift Container Platform on IBM Cloud
improve this page | report issuePrerequisites
Following are the prerequisites before you begin the process of installing Mobile Foundation instance.
- Create an OpenShift cluster on IBM Cloud using your IBM Account.
- IBM Cloud CLI (
ibmcloud
). - Download the IBM Mobile Foundation package for Openshift from IBM Passport Advantage (PPA).
- Mobile Foundation requires a database. Create a supported database and keep the database access details handy for further use. See here.
- [Optional] NFS mounted volume (or) File Storage for Mobile Foundation Analytics.
Steps to deploy Mobile Foundation to Red Hat OpenShift cluster on IBM Cloud
Follow the steps outlined in this section to deploy the Mobile Foundation OpenShift Container Platform (OCP) package to Red Hat OpenShift cluster on IBM Cloud.
-
Push the image into your private registry and create a secret which can be used at the time of pulling the image.
a. Log in to IBM Cloud.
ibmcloud login
b. Login into OpenShift’s internal docker registry by running the following commands.
# Create a route from the terminal to the docker registry oc create route reencrypt --service=docker-registry -n default oc get route docker-registry -n default # login into the OpenShift internal container registry docker login -u $(oc whoami) -p $(oc whoami -t) <docker-registry-url>
For example,
$ oc get route docker-registry -n default NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD docker-registry docker-registry-default.-xxxx.appdomain.cloud docker-registry 5000-tcp reencrypt None $ docker login -u $(oc whoami) -p $(oc whoami -t) docker-registry-default.-xxxx.appdomain.cloud Login Succeeded
c. Unpack the PPA archive into a work directory (say
mfoskpg
) and load the IBM Mobile Foundation images locally.mkdir mfospkg tar xzvf IBM-MobileFoundation-Openshift-Pak-<version>.tar.gz -C mfospkg/ cd mfospkg/images ls * | xargs -I{} docker load --input {} export MFOS_PROJECT=<my_namespace> export CONTAINER_REGISTRY_URL=<docker-registry-url> # e.g. docker-registry-default.-xxxx.appdomain.cloud
d. Load and push the images to OpenShift registry from local machine.
cd <workdir>/images ls * | xargs -I{} docker load --input {} for file in * ; do docker tag ${file/.tar.gz/} $CONTAINER_REGISTRY_URL/$MFOS_PROJECT/${file/.tar.gz/} docker push $CONTAINER_REGISTRY_URL/$MFOS_PROJECT/${file/.tar.gz/} done
IMPORTANT NOTE: Here after, to access the container images from the OpenShift’s internal container registry use the image url as
docker-registry.default.svc:5000/<project_name>/<image_name>:<image_tag>
. -
Create an OpenShift project.
a. Open the OpenShift cluster dashboard from the IBM Cloud.
b. Go the Access tab and follow the quick set of instructions to access the OpenShift Console.
c. Click on the OpenShift Web Console button on the cluster page to open the openshift console.
d. Create an OpenShift project on the webconsole. (Alternatively you may create a project using
oc
CLI. Refer to the documentation. -
Deploy the Operator.
a. Ensure the MF operator image (mf-operator) with tag is set for the operator in
deploy/operator.yaml
. (Replace the placeholder REPO_URL with openshift container internal registry url. e.g.docker-registry.default.svc:5000/myprojectname/mf-operator:1.0.1
)b. Ensure the OpenShift Project name is set for the cluster role binding definition in
deploy/cluster_role_binding.yaml
. (Replace the placeholder REPLACE_NAMESPACE.)c. Run the below commands to deploy the operator and install Security Context Constraints (SCC).
oc create -f deploy/crds/charts_v1_mfoperator_crd.yaml oc create -f deploy/ # Use your own <project_name> while running the command oc adm policy add-scc-to-group mf-operator system:serviceaccounts:<project_name>
This creates and runs the mf-operator pod. List the pods and ensure the pod is created successfully. The output looks as follows.
$ oc get pods NAME READY STATUS RESTARTS AGE mf-operator-5db7bb7w5d-b29j7 1/1 Running 0 1m
- Create secret for the IBM Mobile Foundation deployment to access the database.
Refer to the documentation here.
- Create Persistent Volume and Volume Claim for Analytics.
Refer to the documentation here.
-
Deploy IBM Mobile Foundation components.
To deploy any of the Mobile Foundation components, modify the appropriate custom resource values in the
deploy/crds/charts_v1_mfoperator_cr.yaml
.a. Set the docker repository url in
deploy/crds/charts_v1_mfoperator_cr.yaml
by replacing the placeholder REPO_URL (e.g.docker-registry.default.svc:5000/myprojectname/mfpf-server:2.0.1
).b. [OPTIONAL] If the image registry is outside OpenShift cluster, add the pullSecret in
deploy/crds/charts_v1_mfoperator_cr.yaml
file. The secret definition may look similar to the following sample snippet.image: pullPolicy: IfNotPresent pullSecret: pull-secret-name
Refer to the documentation here to complete the rest of the configurations (like replicas, scaling, DB properties etc.)
-
Create or update the custom resource. This step creates and runs the pods for all the mobile foundation component enabled in the CR yaml.
oc apply -f deploy/crds/charts_v1_mfoperator_cr.yaml
Run the following command and ensure the pods are created and running successfully. In a deployment scenario where Mobile Foundation Server and push are enabled with 3 replicas each (default), the output looks as shown below.
$ oc get pods NAME READY STATUS RESTARTS AGE mf-operator-5db7bb7w5d-b29j7 1/1 Running 0 1m mfpf-server-2327bbewss-3bw31 1/1 Running 0 1m 20s mfpf-server-29kw92mdlw-923ks 1/1 Running 0 1m 21s mfpf-server-5woxq30spw-3bw31 1/1 Running 0 1m 19s mfpf-push-2womwrjzmw-239ks 1/1 Running 0 59s mfpf-push-29kw92mdlw-882pa 1/1 Running 0 52s mfpf-push-1b2w2s973c-983lw 1/1 Running 0 52s
NOTE: Pods in Running (1/1) status shows the service is available for access.
-
Check if the routes are created for accessing the Mobile Foundation endpoints by running the following command.
$ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD ibm-mf-cr-1fdub-mfp-ingress-57khp myhost.mydomain.cloud /imfpush ibm-mf-cr--mfppush 9080 None ibm-mf-cr-1fdub-mfp-ingress-8skfk myhost.mydomain.cloud /mfpconsole ibm-mf-cr--mfpserver 9080 None ibm-mf-cr-1fdub-mfp-ingress-dqjr7 myhost.mydomain.cloud /doc ibm-mf-cr--mfpserver 9080 None ibm-mf-cr-1fdub-mfp-ingress-ncqdg myhost.mydomain.cloud /mfpadminconfig ibm-mf-cr--mfpserver 9080 None ibm-mf-cr-1fdub-mfp-ingress-x8t2p myhost.mydomain.cloud /mfpadmin ibm-mf-cr--mfpserver 9080 None ibm-mf-cr-1fdub-mfp-ingress-xt66r myhost.mydomain.cloud /mfp ibm-mf-cr--mfpserver 9080 None
Accessing the console of IBM Mobile Foundation components
Following are the endpoints for accessing the consoles of Mobile Foundation components
- Mobile Foundation Server Administration Console -
http://<ingress_subdomain>/mfpconsole
- Operational Analytics Console -
http://<ingress_subdomain>/analytics/console
- Application Center Console -
http://<ingress_subdomain>/appcenterconsole
Uninstall
Following steps can be used to cleanup the deployment.
-
Delete the Custom Resource(CR) and Custom Resource Definition(CRD) using following steps.
oc delete -f deploy/crds/charts_v1_mfoperator_cr.yaml oc delete -f deploy/ oc delete -f deploy/crds/charts_v1_mfoperator_crd.yaml oc patch crd/ibmmf.charts.helm.k8s.io -p '{"metadata":{"finalizers":[]}}' --type=merge
Additional information
To work around the permission issue to write the analytics data into the persistent volume, for Mobile Foundation Analytics using File Storage on IBM Cloud, please run the following command.
oc run perms-pod --overrides='
{
"spec": {
"containers": [
{
"command": [
"/bin/sh",
"-c",
"mkdir -p /opt/ibm/wlp/usr/servers/mfpf-analytics/analyticsData && chown -R 1001:0 /opt/ibm/wlp/usr/servers/mfpf-analytics/analyticsData"
],
"image": "alpine:3.2",
"name": "perms-pod",
"volumeMounts": [{
"mountPath": "/opt/ibm/wlp/usr/servers/mfpf-analytics/analyticsData",
"name": "pvc-data"
}]
}
],
"volumes": [
{
"name": "pvc-data",
"persistentVolumeClaim": {
"claimName": "<pvc-name>"
}
}
]
}
}
' --image=notused --restart=Never
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.