Merge pull request #21 from ibm-client-engineering/adam-updates

Adam updates

.gitignore

@@ -25,3 +25,5 @@ yarn.lock
 .gitignore
 .gitignore
 yarn.lock
+assets/scripts/missing_permissions.txt
+.gitignore

assets/Cloudformation/STS-parameters-override.json

@@ -9,35 +9,35 @@
     },
     {
         "ParameterKey": "PrivateSubnet1ID",
-        "ParameterValue": "subnet-05c7d2d610d4db25f"
+        "ParameterValue": ""
     },
     {
         "ParameterKey": "PrivateSubnet2ID",
-        "ParameterValue": "subnet-015bca0698e9b4c41"
+        "ParameterValue": "-"
     },
     {
         "ParameterKey": "PrivateSubnet3ID",
-        "ParameterValue": "subnet-03ed7835a97324708"
+        "ParameterValue": "-"
     },
     {
         "ParameterKey": "PublicSubnet1ID",
-        "ParameterValue": "subnet-068bc9661bea107d1"
+        "ParameterValue": "-"
     },
     {
         "ParameterKey": "PublicSubnet2ID",
-        "ParameterValue": "subnet-05a6043f88f7c2461"
+        "ParameterValue": "-"
     },
     {
         "ParameterKey": "PublicSubnet3ID",
-        "ParameterValue": "subnet-0a3646c21243f87f9"
+        "ParameterValue": "-"
     },
     {
         "ParameterKey": "BootNodeAccessCIDR",
         "ParameterValue": "0.0.0.0/0"
     },
     {
         "ParameterKey": "RedhatPullSecret",
-        "ParameterValue": "s3://cp4d-ocp-cloudformation-dev/pull-secrets/pull_secret.json"
+        "ParameterValue": "s3://cp4d-ocp-cloudformation-dev/pull-secrets/pull-secrets.json"
     },
     {
         "ParameterKey": "VPCID",
@@ -99,6 +99,10 @@
         "ParameterKey": "BootNodeIamRoleArn",
         "ParameterValue": "OCPInstall"
     },
+    {
+        "ParameterKey": "InstallerIamRoleArn:",
+        "ParameterValue": ""
+    },
     {
         "ParameterKey": "WatsonAssistant",
         "ParameterValue": "removed"
@@ -139,4 +143,5 @@
         "ParameterKey": "MetaLlamaLlamaTwo70bChat",
         "ParameterValue": "removed"
     }
+
 ]

assets/Cloudformation/cluster-sts.yml

@@ -97,11 +97,11 @@ Parameters:
   PrivateSubnet1ID:
     Description: The ID of the private subnet in Availability Zone 1 for the workload (e.g., subnet-a0246dcd).
     Type: String
-    Default: ""
+    Default: "-"
   PrivateSubnet2ID:
     Description: The ID of the private subnet in Availability Zone 2 for the workload (e.g., subnet-b1f432cd).
     Type: String
-    Default: ""
+    Default: "-"
   PrivateSubnet3ID:
     Description: The ID of the private subnet in Availability Zone 3 for the workload (e.g., subnet-b1f4a2cd).
     Type: String
@@ -261,6 +261,10 @@ Parameters:
     Description: BootNode execution role arn. It is going to attached to BootNode EC2. The EC2 instance is resposible to trigger Openshift operation
     Type: String
     AllowedPattern: ^arn:aws:iam::\d{12}:role/[a-zA-Z0-9][\w-]*$
+  InstallerIamRoleArn:
+    Description: Install execution role arn. It is going to attached to BootNode EC2. The EC2 instance is resposible to trigger Openshift operation
+    Type: String
+    AllowedPattern: ^arn:aws:iam::\d{12}:role/[a-zA-Z0-9][\w-]*$
   CA:
     Description: >-
        Choose installed to install the Cognos Analytics service.
@@ -583,7 +587,7 @@ Resources:
       Type: String
       Value: !Sub "https://console-openshift-console.apps.${ClusterName}.${DomainName}"
 
-  BootnodeInstanceProfile:
+  BootnodeInstancePro le:
     Type: "AWS::IAM::InstanceProfile"
     Properties:
       Path: "/"
@@ -873,7 +877,7 @@ Resources:
             /bin/bash ./cp-deploy.sh vault set --vault-secret ocp-ssh-pub-key --vault-secret-file ~/.ssh/id_rsa.pub
 
             # STS token and temp credential
-            out=$(aws sts assume-role --role-arn ${BootNodeIamRoleArn} --role-session-name OCPInstall --output json)
+            out=$(aws sts assume-role --role-arn ${InstallerIamRoleArn} --role-session-name OCPInstall --output json)
             /bin/bash ./cp-deploy.sh vault set --vault-secret aws-access-key --vault-secret-value $(echo "$out" | jq -r '.Credentials.AccessKeyId')
             /bin/bash ./cp-deploy.sh vault set --vault-secret aws-secret-access-key --vault-secret-value $(echo "$out" | jq -r '.Credentials.SecretAccessKey')
             /bin/bash ./cp-deploy.sh vault set --vault-secret aws-session-token --vault-secret-value $(echo "$out" | jq -r '.Credentials.SessionToken')

docs/1-GettingStarted/2-Prequisites.mdx

@@ -715,4 +715,36 @@ To use an existing network and VPC, you must collect the following parameters fr
     RedHat Pull Secret instructions [here](https://ibm-client-engineering.github.io/solution-wxai-aws/GettingStarted/installation/#redhat-pull-secret)
     :::
 - DomainName:
-- ClusterName:
+- ClusterName:
+
+### Obtaining RedHat Pull Secret
+
+<details>
+<summary><b> Obtaining RedHat Pull Secret with a RedHat Trial Account  </b></summary>
+
+Go to www.redhat.com and click on "Log In". 
+
+![redhat_login](../../assets/images/redhat_login.png)
+
+Then click on "Register for a Red Hat Account".
+
+![redhat_register](../../assets/images/redhat_register.png)
+
+Provide the requested information and "Create Account".
+
+You will receive a verification email. Click on the link in the email to confirm. 
+
+Now go to www.openshift.com and log in with your RedHat account. After logging in you will see this:
+
+
+
+![openshift_try_it](../../assets/images/openshift_try_it.png)
+
+Click on "Try It" which will bring you to a page of different OpenShift versions to try, find the following version and click "Start your Trial":
+
+![openshift_start_trial](../../assets/images/openshift_start_trial.png)
+
+A new page will load and you will need to enter all the required information before clicking "Submit".
+
+You can now log into https://console.redhat.com/openshift/install/pull-secret and download the pull-secret.
+</details>

docs/1-GettingStarted/3-Installation.mdx

@@ -116,17 +116,122 @@ Using the ssh key from the Key Pair name used in parameters-override.yaml, ssh t
 
 ### Monitor
 
-#### SSH into bootnode
+#### SSM into bootnode
+
+Add ```AmazonSSMManagedInstanceCore``` policy to role used to execute the cloudform template and the user/role that will be connecting to the instance.
+
+The cloudform template creates a boot node that will begin executing commands. One set of commands installs, enables, and starts ```amazon-ssm-agent```. It may take up to 20 minutes before this agent comes online in the boot node.
+
+Once the instance has started the ssm agent a connection can be initiated with following command:
+
+```
+aws ssm start-session --target $InstanceID
+```
+Once a connection has been opened, you may need to change users to the 'ec2-user'. This can be accomplished with the following commands:
+
+Become ```root```
+
+```
+sudo su
+```
+Become ```ec2-user```
+
 ```
-ssh -i "$KEYPAIR_NAME.pem" ec2-user@$BOOTNDODE_IP 
+su ec2-user
+```
+
+You will now be able to review deployment logs.
+
+<details>
+<summary><b> #### Fixing aws command in SSM </b></summary>
+SSM does not work exactly the same as SSH. If you intend to use any additional commands, such as ```aws```, then you need to do the following:
+
+Check the output of running the  ```aws``` command,
+If there is an error message like this:
+
+```
+[47863] Error loading Python lib '/usr/bin/libpython3.11.so.1.0': dlopen: /usr/bin/libpython3.11.so.1.0: cannot open shared object file: No such file or directory
+```
+Another possible error message:
+
+```
+$ aws
+Python path configuration:
+  PYTHONHOME = '/usr/bin'
+  PYTHONPATH = (not set)
+  program name = '/usr/bin/aws'
+  isolated = 0
+  environment = 0
+  user site = 0
+  safe_path = 0
+  import site = 0
+  is in build tree = 0
+  stdlib dir = ''
+  sys._base_executable = '/usr/bin/aws'
+  sys.base_prefix = ''
+  sys.base_exec_prefix = ''
+  sys.platlibdir = 'lib'
+  sys.executable = '/usr/bin/aws'
+  sys.prefix = ''
+  sys.exec_prefix = ''
+  sys.path = [
+    '/usr/bin/base_library.zip',
+    '/usr/bin/lib-dynload',
+    '/usr/bin',
+  ]
+Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding
+Python runtime state: core initialized
+ModuleNotFoundError: No module named 'encodings'
+
+Current thread 0x00007fed39a06c00 (most recent call first):
+  <no Python frame>
 ```
+You may not have the correct $PATH. 
+
+Incorrect $PATH:
+```
+$ echo $PATH
+/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/bin:/usr/sbin
+```
+
+How to Correct $PATH:
+
+```
+export PATH="/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"
+```
+
+How to persist the change to $PATH:
+
+```
+echo 'export PATH="$HOME/.local/bin:$HOME/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin"' >> .bashrc
+```
+
+Confirm this change works:
+
+```
+$ echo $PATH
+/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
+$ aws
+
+usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
+To see help text, you can run:
+
+  aws help
+  aws <command> help
+  aws <command> <subcommand> help
+
+aws: error: the following arguments are required: command
+```
+
+</details>
 
 #### Monitor the deployment
 
 Check what folders exist in the ec2-home directory. if "cpd-status" has not been created yet, then wait a few minutes. Once "cpd-status" directory appears, run the following command:
 
 ```
-tail -f ~/cpd-status/state/deployer-state.out
+tail -f ~/cpd-status/log/cloud-pak-deployer
 ```
 
-This command will show the log file from the cp-deployer process. 
+This command will show the log file from the cp-deployer process. 
+

docs/1-GettingStarted/5-STS_Install.mdx

@@ -0,0 +1,7 @@
+---
+id: 5-STS_Install
+sidebar_position: 5
+title: STS Installation Instructions
+custom_edit_url: null
+---
+