Installation¶

Usage¶

mas install [OPTIONS]

MAS Catalog Selection & Entitlement¶

Configure which IBM Maximo Operator Catalog to install and provide your IBM entitlement key for access to container images.

Option	Type	Default	Description
`-c`, `--mas-catalog-version`	`string`	-	IBM Maximo Operator Catalog to install
`--mas-catalog-digest`	`string`	-	IBM Maximo Operator Catalog Digest, only required when installing development catalog sources
`--ibm-entitlement-key`	`string`	-	IBM entitlement key

Basic Configuration¶

Core configuration options for your MAS instance including instance ID, workspace settings, subscription channels, and user settings.

Option	Type	Default	Description
`-i`, `--mas-instance-id`	`string`	-	MAS Instance ID
`-w`, `--mas-workspace-id`	`string`	-	MAS Workspace ID
`-W`, `--mas-workspace-name`	`string`	-	MAS Workspace Name
`--mas-channel`	`string`	-	Subscription channel for the Core Platform
`--aiservice-instance-id`	`string`	-	AI Service Instance ID
`--allow-special-chars`	flag	`false`	Allow special characters for user username/ID

Advanced Configuration¶

Advanced configuration options for MAS including DNS providers, certificates, domain settings, and IPv6 support.

Option	Type	Default	Description
`--superuser-username`	`string`	-
`--superuser-password`	`string`	-
`--additional-configs`	`string`	-	Path to a directory containing additional configuration files to be applied
`--pod-templates`	`string`	-	Path to directory containing custom podTemplates configuration files to be applied
`--non-prod`	flag	`false`	Install MAS in non-production mode
`--disable-ca-trust`	flag	-	Disable built-in trust of well-known CAs
`--routing`	`{path, subdomain}`	-	Configure MAS with path or subdomain routing
`--configure-ingress`	flag	`false`	Automatically configure IngressController to allow InterNamespaceAllowed for path-based routing
`--ingress-controller-name`	`string`	-	Name of the IngressController to use for path-based routing (default: 'default')
`--manual-certificates`	`string`	-	Path to directory containing the certificates to be applied
`--domain`	`string`	-	Configure MAS with a custom domain
`--disable-walkme`	flag	-	Disable MAS guided tour
`--disable-feature-usage`	flag	-	Disable feature adoption metrics reporting
`--disable-deployment-progression`	flag	-	Disable deployment progression metrics reporting
`--disable-usability-metrics`	flag	-	Disable usability metrics reporting
`--dns-provider`	`{cloudflare, cis, route53}`	-	Enable automatic DNS management (see DNS Configuration options)
`--ocp-ingress`	`string`	-	Overwrites Ingress Domain
`--mas-cluster-issuer`	`string`	-	Provide the name of the ClusterIssuer to configure MAS to issue certificates
`--enable-ipv6`	flag	-	Configure MAS to run in IP version 6. Before setting this option, be sure your cluster is configured in IP version 6

DNS Integration - CIS¶

Option	Type	Default	Description
`--cis-email`	`string`	-	Required when DNS provider is CIS and you want to use a Let's Encrypt ClusterIssuer
`--cis-apikey`	`string`	-	Required when DNS provider is CIS
`--cis-crn`	`string`	-	Required when DNS provider is CIS
`--cis-subdomain`	`string`	-	Optionally setup MAS instance as a subdomain under a multi-tenant CIS DNS record

DNS Integration - CloudFlare¶

Configuration options for Cloudflare DNS provider, including API credentials, zone, and subdomain settings.

Option	Type	Default	Description
`--cloudflare-email`	`string`	-	Required when DNS provider is Cloudflare
`--cloudflare-apitoken`	`string`	-	Required when DNS provider is Cloudflare
`--cloudflare-zone`	`string`	-	Required when DNS provider is Cloudflare
`--cloudflare-subdomain`	`string`	-	Required when DNS provider is Cloudflare

Storage¶

Configure storage classes for ReadWriteOnce (RWO) and ReadWriteMany (RWX) volumes, and pipeline storage settings.

Option	Type	Default	Description
`--storage-class-rwo`	`string`	-	ReadWriteOnce (RWO) storage class (e.g. ibmc-block-gold)
`--storage-class-rwx`	`string`	-	ReadWriteMany (RWX) storage class (e.g. ibmc-file-gold-gid)
`--storage-pipeline`	`string`	-	Install pipeline storage class (e.g. ibmc-file-gold-gid)
`--storage-accessmode`	`{ReadWriteMany, ReadWriteOnce}`	-	Install pipeline storage class access mode

IBM Suite License Service¶

Configure IBM Suite License Service (SLS) including license file location, namespace, and subscription channel.

Option	Type	Default	Description
`--license-file`		-	Path to MAS license file
`--sls-namespace`	`string`	`ibm-sls`	Customize the SLS install namespace
`--dedicated-sls`	flag	`false`	Set the SLS namespace to mas-<instanceid>-sls
`--sls-channel`	`string`	-	Customize the SLS channel when in development mode

IBM Data Reporting Operator¶

Configure IBM Data Reporting Operator (DRO) with contact information and namespace settings for usage data collection.

Option	Type	Default	Description
`--contact-email`, `--uds-email`	`string`	-	Contact e-mail address
`--contact-firstname`, `--uds-firstname`	`string`	-	Contact first name
`--contact-lastname`, `--uds-lastname`	`string`	-	Contact last name
`--dro-namespace`	`string`	-	Namespace for DRO

MongoDB Community Operator¶

Configure the namespace for MongoDB Community Operator deployment.

Option	Type	Default	Description
`--mongodb-namespace`	`string`	-	Namespace for MongoDB Community Operator

OCP Configuration¶

OpenShift Container Platform specific configuration including ingress certificate settings.

Option	Type	Default	Description
`--ocp-ingress-tls-secret-name`	`string`	-	Name of the secret holding the cluster's ingress certificates

MAS Applications¶

Configure subscription channels for MAS applications including Assist, IoT, Monitor, Optimizer, Predict, and Visual Inspection.

Option	Type	Default	Description
`--assist-channel`	`string`	-	Subscription channel for Maximo Assist
`--iot-channel`	`string`	-	Subscription channel for Maximo IoT
`--monitor-channel`	`string`	-	Subscription channel for Maximo Monitor
`--manage-channel`	`string`	-	Subscription channel for Maximo Manage
`--predict-channel`	`string`	-	Subscription channel for Maximo Predict
`--visualinspection-channel`	`string`	-	Subscription channel for Maximo Visual Inspection
`--optimizer-channel`	`string`	-	Subscription channel for Maximo optimizer
`--optimizer-plan`	`{full, limited}`	-	Install plan for Maximo Optimizer
`--facilities-channel`	`string`	-	Subscription channel for Maximo Real Estate and Facilities
`--aiservice-channel`	`string`	-	Subscription channel for Maximo AI Service

Maximo Location Services for Esri (arcgis)¶

Option	Type	Default	Description
`--arcgis-channel`	`string`	-	Subscription channel for IBM Maximo Location Services for Esri. Only applicable if installing Manage with Spatial or Facilities

Advanced Settings - Manage¶

Option	Type	Default	Description
`--manage-server-bundle-size`	`{dev, snojms, small, jms}`	-	Set Manage server bundle size configuration
`--manage-jms`	flag	-	Set JMS configuration
`--manage-persistent-volumes`	flag	-
`--manage-jdbc`	`{system, workspace-application}`	-
`--manage-demodata`	flag	-
`--manage-components`	`string`	`""`	Set Manage Components to be installed (e.g 'base=latest,health=latest,civil=latest')
`--manage-health-wsl`	flag	-	Set boolean value indicating if Watson Studio must be bound to Manage. It is expected a system level WatsonStudioCfg applied in the cluster.
`--manage-customization-archive-name`	`string`	-	Manage Archive name
`--manage-customization-archive-url`	`string`	-	Manage Archive url
`--manage-customization-archive-username`	`string`	-	Manage Archive username (HTTP basic auth)
`--manage-customization-archive-password`	`string`	-	Manage Archive password (HTTP basic auth)
`--manage-db-tablespace`	`string`	-	Database tablespace name that Manage will use to be installed. Default is 'MAXDATA'
`--manage-db-indexspace`	`string`	-	Database indexspace name that Manage will use to be installed. Default is 'MAXINDEX'
`--manage-db-schema`	`string`	-	Database schema name that Manage will use to be installed. Default is 'maximo'
`--manage-crypto-key`	`string`	-	Customize Manage database encryption keys
`--manage-cryptox-key`	`string`	-	Customize Manage database encryption keys
`--manage-old-crypto-key`	`string`	-	Customize Manage database encryption keys
`--manage-old-cryptox-key`	`string`	-	Customize Manage database encryption keys
`--manage-encryption-secret-name`	`string`	-	Name of the Manage database encryption secret
`--manage-base-language`	`string`	-	Manage base language to be installed. Default is `EN` (English)
`--manage-secondary-languages`	`string`	-	Comma-separated list of Manage secondary languages to be installed (e.g. 'JA,DE,AR')
`--manage-server-timezone`	`string`	-	Manage server timezone. Default is `GMT`
`--manage-upgrade-type`	`{regularUpgrade, onlineUpgrade}`	`regularUpgrade`	Set Manage upgrade type (default: regularUpgrade)
`--manage-attachments-provider`	`{filestorage, ibm, aws}`	-	Storage provider type for Maximo Manage attachments
`--manage-attachments-mode`	`{cr, db}`	-	How attachment properties will be configured in Manage
`--manage-aiservice-instance-id`	`string`	-	AI Service Instance ID to bind with Manage
`--manage-aiservice-tenant-id`	`string`	-	AI Service Tenant ID to bind with Manage

Advanced Settings - Facilities¶

Advanced configuration for Maximo Real Estate and Facilities including deployment size, image pull policy, routes timeout, Liberty extensions, vault secrets, workflow agents, connection pool size, and storage settings.

Option	Type	Default	Description
`--facilities-size`	`{small, medium, large}`	-	Size of Facilities deployment
`--facilities-pull-policy`	`{IfNotPresent, Always}`	-	Image pull policy for Facilities
`--facilities-routes-timeout`	`string`	`600s`	Timeout for Facilities routes (default: 600s)
`--facilities-xml-extension`	`string`	-	Secret name containing Liberty server extensions
`--facilities-vault-secret`	`string`	-	Secret name containing AES encryption password
`--facilities-dwfagent`	`str`	-	List of dedicated workflow agents
`--facilities-maxconnpoolsize`	`int`	`200`	Maximum database connection pool size (default: 200)
`--facilities-log-storage-class`	`string`	-	Storage class for Facilities logs
`--facilities-log-storage-mode`	`string`	-	Storage mode for Facilities logs
`--facilities-log-storage-size`	`string`	-	Storage size for Facilities logs
`--facilities-userfiles-storage-class`	`string`	-	Storage class for Facilities user files
`--facilities-userfiles-storage-mode`	`string`	-	Storage mode for Facilities user files
`--facilities-userfiles-storage-size`	`string`	-	Storage size for Facilities user files

Open Data Hub¶

Option	Type	Default	Description
`--odh-model-deployment-type`	`string`	`raw`	Model deployment type for ODH

RedHat Openshift AI¶

Option	Type	Default	Description
`--rhoai-model-deployment-type`	`string`	`raw`	Model deployment type for RedHat Openshift AI
`--rhoai`	flag	-	temporary flag to install Redhat Openshift AI instead of Opendatahub

S3 Storage¶

Configure S3-compatible object storage for AI Service including Minio installation or external S3 connection details (host, port, SSL, credentials, bucket, and region).

Option	Type	Default	Description
`--install-minio`	flag	-	Install Minio and configure it as the S3 provider for AI Service
`--minio-root-user`	`string`	-	Root user for minio
`--minio-root-password`	`string`	-	Password for minio root user
`--s3-host`	`string`	-	Hostname or IP address of the S3 storage service
`--s3-port`	`string`	-	Port number for the S3 storage service
`--s3-ssl`	`string`	-	Enable or disable SSL for S3 connection (true/false)
`--s3-accesskey`	`string`	-	Access key for authenticating with the S3 storage service
`--s3-secretkey`	`string`	-	Secret key for authenticating with the S3 storage service
`--s3-region`	`string`	-	Region for the S3 storage service
`--s3-bucket-prefix`	`string`	-	Bucket prefix configured with S3 storage service
`--s3-tenants-bucket`	`string`	`km-tenants`	Name of the S3 bucket for tenants storage
`--s3-templates-bucket`	`string`	`km-templates`	Name of the S3 bucket for templates storage

Watsonx¶

Configure IBM Watsonx integration for AI Service including API key, instance ID, project ID, and service URL.

Option	Type	Default	Description
`--watsonxai-apikey`	`string`	-	API key for WatsonX
`--watsonxai-url`	`string`	-	URL endpoint for WatsonX
`--watsonxai-project-id`	`string`	-	Project ID for WatsonX
`--watsonx-action`	`string`	-	Action to perform with WatsonX (install/remove)
`--watsonxai-ca-crt`	`string`	-	CA certificate for WatsonX AI (PEM format, optional, only if using self-signed certs)
`--watsonxai-deployment-id`	`string`	-	WatsonX deployment ID
`--watsonxai-space-id`	`string`	-	WatsonX space ID
`--watsonxai-instance-id`	`string`	-	WatsonX instance ID
`--watsonxai-username`	`string`	-	WatsonX username
`--watsonxai-version`	`string`	-	WatsonX version
`--watsonxai-onprem`	`string`	-	WatsonX deployed on prem

Maximo AI Service Tenant¶

Option	Type	Default	Description
`--tenant-entitlement-type`	`string`	`standard`	Entitlement type for AI Service tenant
`--tenant-entitlement-start-date`	`string`	-	Start date for AI Service tenant
`--tenant-entitlement-end-date`	`string`	-	End date for AI Service tenant
`--rsl-url`	`string`	-	rsl url
`--rsl-org-id`	`string`	-	org id for rsl
`--rsl-token`	`string`	-	token for rsl
`--rsl-ca-crt`	`string`	-	CA certificate for RSL API (PEM format, optional, only if using self-signed certs)

Maximo AI Service¶

Maximo AI Service configuration such as certificate Issuer, environment type

Option	Type	Default	Description
`--environment-type`	`string`	`non-production`	Environment type (default: non-production)
`--aiservice-certificate-issuer`	`string`	-	Provide the name of the Issuer to configure AI Service to issue certificates

IBM Cloud Pak for Data¶

Configure IBM Cloud Pak for Data applications including Watson Studio, Watson Machine Learning, Watson Discovery, Analytics Engine (Spark), Cognos Analytics, SPSS Modeler, and Canvas Base.

Option	Type	Default	Description
`--cp4d-version`	`string`	-	Product version of CP4D to use
`--cp4d-install-cognos`	flag	-	Add Cognos as part of Cloud Pak for Data
`--cp4d-install-ws`	flag	-	Add Watson Studio as part of Cloud Pak for Data
`--cp4d-install-wml`	flag	-	Add Watson Machine Learning as part of Cloud Pak for Data
`--cp4d-install-ae`	flag	-	Add Spark Analytics Engine as part of Cloud Pak for Data

IBM Db2 Universal Operator¶

Configure IBM Db2 instances including namespace, channel, installation options for system/manage/facilities databases, database type, timezone, affinity, tolerations, resource limits, and storage capacity.

Option	Type	Default	Description
`--db2-namespace`	`string`	-	Change namespace where Db2u instances will be created
`--db2-channel`	`string`	-	Subscription channel for Db2u
`--db2-system`	flag	-	Install a shared Db2u instance for MAS (required by IoT & Monitor, supported by Manage)
`--db2-manage`	flag	-	Install a dedicated Db2u instance for Maximo Manage (supported by Manage)
`--db2-facilities`	flag	-	Install a dedicated Db2u instance for Maximo Real Estate and Facilities (supported by Facilities)
`--db2-type`	`{db2wh, db2oltp}`	-	Type of Manage dedicated Db2u instance (default: db2wh)
`--db2-timezone`	`string`	-	Timezone for Db2 instance
`--db2-affinity-key`	`string`	-	Set a node label to declare affinity to
`--db2-affinity-value`	`string`	-	Set the value of the node label to affine with
`--db2-tolerate-key`	`string`	-	Set a node taint to tolerate
`--db2-tolerate-value`	`string`	-	Set the value of the taint to tolerate
`--db2-tolerate-effect`	`{NoSchedule, PreferNoSchedule, NoExecute}`	-	Taint effect to tolerate
`--db2-cpu-requests`	`string`	-	Customize Db2 CPU request
`--db2-cpu-limits`	`string`	-	Customize Db2 CPU limit
`--db2-memory-requests`	`string`	-	Customize Db2 memory request
`--db2-memory-limits`	`string`	-	Customize Db2 memory limit
`--db2-backup-storage`	`string`	-	Db2 backup storage capacity
`--db2-data-storage`	`string`	-	Db2 data storage capacity
`--db2-logs-storage`	`string`	-	Db2 logs storage capacity
`--db2-meta-storage`	`string`	-	Db2 metadata storage capacity
`--db2-temp-storage`	`string`	-	Db2 temporary storage capacity

ECK Integration¶

Configure Elastic Cloud on Kubernetes (ECK) integration for logging and monitoring capabilities.

Option	Type	Default
`--eck`	flag	-
`--eck-enable-logstash`	flag	`false`
`--eck-remote-es-hosts`	`string`	-
`--eck-remote-es-username`	`string`	-
`--eck-remote-es-password`	`string`	-

Kafka - Common¶

Common Kafka configuration options including provider selection (Strimzi, Red Hat AMQ Streams, IBM Event Streams, or AWS MSK) and authentication credentials.

Option	Type	Default	Description
`--kafka-provider`	`{strimzi, redhat, ibm, aws}`	-	Kafka provider: redhat (Red Hat AMQ Streams), strimzi, ibm (IBM Event Streams), or aws (AWS MSK)
`--kafka-username`	`string`	-	Kafka instance username (applicable for redhat, strimzi, or aws providers)
`--kafka-password`	`string`	-	Kafka instance password (applicable for redhat, strimzi, or aws providers)
`--kafka-namespace`	`string`	-	Set Kafka namespace. Only applicable if installing `redhat` (Red Hat AMQ Streams) or `strimzi`

Kafka - Strimzi and AMQ Streams¶

Configuration options specific to Strimzi and Red Hat AMQ Streams Kafka deployments including namespace and cluster version.

Option	Type	Default	Description
`--kafka-version`	`string`	-	Set version of the Kafka cluster that the Strimzi or AMQ Streams operator will create

Kafka - AWS MSK¶

Configuration options for Amazon Managed Streaming for Apache Kafka (MSK) including instance type, node count, volume size, CIDR subnets for availability zones, and egress settings.

Option	Type	Default	Description
`--msk-instance-type`	`string`	-	Set the MSK instance type
`--msk-instance-nodes`	`string`	-	Set total number of MSK instance nodes
`--msk-instance-volume-size`	`string`	-	Set storage/volume size for the MSK instance
`--msk-cidr-az1`	`string`	-	Set the CIDR subnet for availability zone 1 for the MSK instance
`--msk-cidr-az2`	`string`	-	Set the CIDR subnet for availability zone 2 for the MSK instance
`--msk-cidr-az3`	`string`	-	Set the CIDR subnet for availability zone 3 for the MSK instance
`--msk-cidr-egress`	`string`	-	Set the CIDR for egress connectivity
`--msk-cidr-ingress`	`string`	-	Set the CIDR for ingress connectivity

Kafka - Event Streams¶

Configuration options for IBM Event Streams including resource group, instance name, and location.

Option	Type	Default	Description
`--eventstreams-resource-group`	`string`	-	Set IBM Cloud resource group to target the Event Streams instance provisioning
`--eventstreams-instance-name`	`string`	-	Set IBM Event Streams instance name
`--eventstreams-instance-location`	`string`	-	Set IBM Event Streams instance location

Cloud Object Storage¶

Option	Type	Default	Description
`--cos`	`{ibm, ocs}`	-	Set cloud object storage provider. Supported options are `ibm` and `ocs`
`--cos-resourcegroup`	`string`	-	When using IBM COS, set the resource group where the instance will run
`--cos-apikey`	`string`	-	When using IBM COS, set COS priviledged apikey for IBM Cloud
`--cos-instance-name`	`string`	-	When using IBM COS, set COS instance name to be used/created
`--cos-bucket-name`	`string`	-	When using IBM COS, set COS bucket name to be used/created

Cloud Providers¶

Configure cloud provider settings including AWS region, availability zones, and IBM Cloud API key.

Option	Type	Default	Description
`--ibmcloud-apikey`	`string`	-	Set IBM Cloud API Key
`--aws-region`	`string`	-	Set target AWS region for the MSK instance
`--aws-access-key-id`	`string`	-	Set AWS access key ID for the target AWS account
`--secret-access-key`	`string`	-	Set AWS secret access key for the target AWS account
`--aws-vpc-id`	`string`	-	Set target Virtual Private Cloud ID for the MSK instance

Integrated Approval Workflow¶

Configure approval checkpoints during installation for Core Platform and each MAS application workspace (Assist, IoT, Manage, Monitor, Optimizer, Predict, Visual Inspection, Facilities, and AI Service). Format: MAX_RETRIES:RETRY_DELAY:IGNORE_FAILURE

Option	Type	Default	Description
`--approval-core`	`string`	`""`	Require approval after the Core Platform has been configured
`--approval-assist`	`string`	`""`	Require approval after the Maximo Assist workspace has been configured
`--approval-iot`	`string`	`""`	Require approval after the Maximo IoT workspace has been configured
`--approval-manage`	`string`	`""`	Require approval after the Maximo Manage workspace has been configured
`--approval-monitor`	`string`	`""`	Require approval after the Maximo Monitor workspace has been configured
`--approval-optimizer`	`string`	`""`	Require approval after the Maximo Optimizer workspace has been configured
`--approval-predict`	`string`	`""`	Require approval after the Maximo Predict workspace has been configured
`--approval-visualinspection`	`string`	`""`	Require approval after the Maximo Visual Inspection workspace has been configured
`--approval-facilities`	`string`	`""`	Require approval after the Maximo Real Estate and Facilities workspace has been configured
`--approval-aiservice`	`string`	`""`	Require approval after the AI Service has been configured

More¶

Additional options including advanced/simplified mode toggles, license acceptance, development mode, Artifactory credentials, PVC wait control, pre-check skip, Grafana installation, confirmation prompts, image pull policy, and custom service account.

Option	Type	Default	Description
`--artifactory-username`	`string`	-	Username for access to development builds on Artifactory
`--artifactory-token`	`string`	-	API Token for access to development builds on Artifactory
`--advanced`	flag	`false`	Show advanced install options (in interactive mode)
`--simplified`	flag	`false`	Don't show advanced install options (in interactive mode)
`--accept-license`	flag	`false`	Accept all license terms without prompting
`--dev-mode`	flag	`false`	Configure installation for development mode
`--skip-pre-check`	flag	`false`	Disable the 'pre-install-check' at the start of the install pipeline
`--skip-grafana-install`	flag	`false`	Skip Grafana installation
`--no-confirm`	flag	`false`	Launch the installation without prompting for confirmation
`--image-pull-policy`	`{IfNotPresent, Always}`	-	Image pull policy for Tekton Pipeline
`--service-account`	`string`	-	Custom service account for install pipeline (disables default 'pipeline' service account creation)

Preparation¶

IBM Entitlement Key¶

Access Container Software Library using your IBMId to obtain your entitlement key.

MAS License File¶

Access IBM License Key Center, on the Get Keys menu select IBM AppPoint Suites. Select IBM MAXIMO APPLICATION SUITE AppPOINT LIC and on the next page fill in the information as below:

Field	Content
Number of Keys	How many AppPoints to assign to the license file
Host ID Type	Set to Ethernet Address
Host ID	Enter any 12 digit hexadecimal string
Hostname	Set to the hostname of your OCP instance, but this can be any value really.
Port	Set to 27000

The other values can be left at their defaults. Finally, click Generate and download the license file to your home directory as entitlement.lic.

Note

For more information about how to access the IBM License Key Center review the getting started documentation available from the IBM support website.

OpenShift Cluster¶

You should already have a target OpenShift cluster ready to install Maximo Application suite into. If you do not already have one then refer to the OpenShift Container Platform installation overview.

The CLI also supports OpenShift provisioning in many hyperscaler providers:

Operator Catalog Selection¶

If you have not already determined the catalog version for your installation, refer to the information in the Operator Catalog topic, or contact IBM Support for guidance.

Disconnected Install Preparation¶

Prepare the Private Registry¶

You must have a production grade Docker v2 compatible registry such as Quay Enterprise, JFrog Artifactory, or Docker Registry. If you do not already have a private registry available to use as your mirror then you can use the setup-mirror function to deploy a private registry using the Docker registry container image inside a target OpenShift cluster.

docker run -ti --rm --pull always quay.io/ibmmas/cli mas setup-registry

The registry will be setup running on port 32500. For more details on this step, refer to the setup-registry command's documentation. Regardless of whether you set up a new registry or already had one, you need to collect the following information about your private registry:

Name	Detail
Private Hostname	The hostname by which the registry will be accessible from the target OCP cluster.
Private Port	The port number by which the registry will be accessible from the target OCP cluster.
Public Hostname	The hostname by which the registry will be accessible from the machine that will be performing image mirroring.
Public Port	The port number by which the registry will be accessible from the machine that will be performing image mirroring.
CA certificate file	The CA certificate that the registry will present on the private hostname. Save this to your home directory.
Username	Optional. Authentication username for the registry.
Password	Optional. Authentication password for the registry.

Mirror Container Images¶

Mirroring the images is a simple but time consuming process, this step must be performed from a system with internet connectivity and network access your private registry, but does not need access to your target OpenShift cluster. Three modes are available for the mirror process:

direct mirrors images directly from the source registry to your private registry
to-filesystem mirrors images from the source to a local directory
from-filesystem mirrors images from a local directory to your private registry

For full details on this process review the image mirroring guide.

Configure OpenShift to use your Private Registry¶

Your cluster must be configured to use the private registry as a mirror for the MAS container images. An ImageContentSourcePolicy named mas-and-dependencies will be created in the cluster, this is also the resource that the MAS install will use to detect whether the installation is a disconnected install and tailor the options presented when you run the mas install command.

docker run -ti --pull always quay.io/ibmmas/cli mas configure-airgap

To set up Red Hat Operator, Community, and Certified catalogs with IDMS, run the below command. (Needed to install DRO and Grafana operators)

docker run -ti --pull always quay.io/ibmmas/cli mas configure-airgap --setup-redhat-catalogs

You will be prompted to provide information about the private registry, including the CA certificate necessary to configure your cluster to trust the private registry.

This command can also be ran non-interactive, for full details refer to the configure-airgap command documentation.

mas configure-airgap \
  -H myprivateregistry.com -P 5000 -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD \
  --ca-file /mnt/local-mirror/registry-ca.crt \
  --no-confirm

Interactive Install¶

Regardless of whether you are running a connected or disconnected installation, simply run the mas install command and follow the prompts, the basic structure of the interactive flow is described below. We will need the entitlement.lic file to perform the installation so we will mount your home directory into the running container. When prompted you will be able to set license file to /mnt/home/entitlement.lic

NEW: AI Service Installation Options

NEW UPDATE: AI Service can now be installed in two ways:

Integrated Installation: AI Service is now available as an option during the MAS installation process using the mas install command. You can select AI Service along with other MAS applications during the interactive application selection step or you can run Non-interactive command as well.
Standalone Installation: For standalone AI Service installation, use the dedicated mas aiservice-install command to install AI Service independently of the main MAS installation.

docker run -ti --rm -v ~:/mnt/home quay.io/ibmmas/cli:18.16.0 mas install

The interactive install will guide you through a series of questioned designed to help you arrive at the best configuration for your scenario, it can be broken down as below:

If you are not already connected to an OpenShift cluster you will be prompted to provide the server URL & token to make a new connection. If you are already connected to a cluster you will be given the option to change to another cluster

You will be presented with a table of available catalogs with information about the different releases of MAS available in each

Confirm that you accept the IBM Maximo Application Suite license terms

MAS requires both a `ReadWriteMany` and a `ReadWriteOnce` capable storage class to be available in the cluster. The installer has the ability to recognize certain storage class providers and will default to the most appropriate storage class in these cases:

IBMCloud Storage (ibmc-block-gold & ibmc-file-gold-gid)
OpenShift Container Storage (ocs-storagecluster-ceph-rbd & ocs-storagecluster-cephfs)
External OpenShift Container Storage (ocs-external-storagecluster-ceph-rbd & ocs-external-storagecluster-cephfs)
NFS Client (nfs-client)
Azure Managed Storage (managed-premium & azurefiles-premium)
AWS Storage (gp3-cs & efs)

The names in brackets represent the `ReadWriteOnce` and `ReadWriteMany` class that will be used, in the case of NFS the same storage class will be used for both `ReadWriteOnce` and `ReadWriteMany` volumes. Even when a recognized storage provider is detected you will be provided with the option to select your own storages classes if you wish.

When selecting your own storage classes you will be presented with a list of those available and must select both a `ReadWriteMany` and a `ReadWriteOnce` storage class. Unfortunately there is no way for the install to verify that the storage class selected actually supports the appropriate access mode, refer to the documentation from the storage class provider to determine whether your storage class supports `ReadWriteOnce` and/or `ReadWriteMany`.

Provide the location of your license file, contact information, and IBM entitlement key (if you have set the IBM_ENTITLEMENT_KEY environment variable then this field will be pre-filled with that value already).

Provide the basic information about your MAS instance:

Instance ID
Workspace ID
Workspace Display Name
Operational Mode (production or non-production)

By default MAS will be installed in a subdomain of your OpenShift clusters domain matching the MAS instance ID that you chose. For example if your OpenShift cluster is myocp.net and you are installing MAS with an instance ID of prod1 then MAS will be installed with a default domain something like prod1.apps.myocp.net, depending on the exact network configuration of your cluster.

If you wish to use a custom domain for the MAS install you can choose to configure this by selecting "n" at the prompt. The install supports DNS integrations for Cloudflare, IBM Cloud Internet Services, AWS Route 53 out of the box and is able to configure a certificate issuer using LetsEncrypt (production or staging) or a self-signed certificate authority per your choices.

You will also be able to configure the following advanced settings:

Single Sign-On (SSO)
Whether to allow special character in User IDs and Usernames
Whether Guided Tours are enabled

Select the applications that you would like to install. Note that some applications cannot be installed unless an application they depend on is also installed:

Monitor is only available for install if IoT is selected
Assist and Predict are only available for install if Monitor is selected
From MAS 9.1 onwards, Assist will be rebranded as Collaborate in the MAS UI. It will still appear as Assist in the MAS CLI and within the OpenShift Cluster, but from the MAS UI it will appear as Collaborate.
NEW UPDATE: AI Service is now available as an installation option during the application selection step.

Some Maximo applications support additional configuration, you will be taken through the configuration options for each application that you chose to install.

NEW UPDATE: Maximo Manage - AI Service Binding

NEW UPDATE: When installing Maximo Manage, you can optionally bind it to an AI Service Tenant. This integration enables AI capabilities within Manage through the AI Config Application.

Installing AI Service with Manage: If you select AI Service during the application selection step (using --aiservice-channel), the binding is configured automatically:
- A default tenant ID "user" is automatically created and bound to Manage
- The AI Service instance being installed is automatically used for the binding
- No additional configuration is required - the binding parameters are set automatically
- Important: When AI Service is being installed, any --manage-aiservice-instance-id or --manage-aiservice-tenant-id parameters provided will be ignored, as the binding is automatically configured
Using Existing AI Service: If AI Service is already installed in your cluster (not using --aiservice-channel), you can bind Manage to an existing AI Service tenant:
- Interactive Mode: You will be prompted to select from available AI Service instances and tenants
- Non-Interactive Mode: Use --manage-aiservice-instance-id and --manage-aiservice-tenant-id parameters to specify the binding

The install supports the automatic provision of in-cluster MongoDb and Db2 databases for use with Maximo Application Suite, you may also choose to bring your own (BYO) by providing the necessary configuration files (which the installer will also help you create).

The install supports the abilty to install and configure the Grafana Community Operator. Additional resource definitions can be applied to the OpenShift Cluster during the MAS configuration step, here you will be asked whether you wish to provide any additional configurations and if you do in what directory they reside.

If you provided one or more configurations for BYO databases then additional configurations will already be enabled and pointing at the directory you chose earlier.

You can choose between three pre-defined pod templates allowing you to configure MAS in each of the standard Kubernetes quality of service (QoS) levels: Burstable, BestEffort and Guaranteed. By default MAS applications are deployed with a Burstable QoS.

Additionally, you may provide your own custom pod templates definition by providing the directory containing your configuration files. More information on podTemplates can be found in the product documentation. Note that pod templating support is only available from IBM Maximo Application Suite v8.11 onwards

Before the install actually starts you will be presented with a summary of all your choices and a non-interactive command that will allow you to repeat the same installation without going through all the prompts again.

Non-Interactive Install¶

The following command will launch the MAS CLI container image, login to your OpenShift Cluster and start the install of MAS without triggering any prompts. This is how we install MAS in development hundreds of times every single week.

IBM_ENTITLEMENT_KEY=xxx
SUPERUSER_PASSWORD=xxx

docker run -e IBM_ENTITLEMENT_KEY -e SUPERUSER_PASSWORD -ti --rm -v ~:/mnt/home quay.io/ibmmas/cli:18.16.0  bash -c "
  oc login --token=sha256~xxxx --server=https://xxx &&
  mas install \
    --mas-catalog-version v9-260129-amd64 \
    --mas-instance-id mas1 \
    --mas-workspace-id ws1 \
    --mas-workspace-name "My Workspace"
    \
    --superuser-username superuser \
    --superuser-password '${SUPERUSER_PASSWORD}' \
    \
    --mas-channel 9.1.x \
    \
    --ibm-entitlement-key '${IBM_ENTITLEMENT_KEY}' \
    --license-file /mnt/home/entitlement.lic \
    --contact-email myemail@email.com \
    --contact-firstname John \
    --contact-lastname Barnes \
    \
    --storage-rwo ibmc-block-gold \
    --storage-rwx ibmc-file-gold-gid \
    --storage-pipeline ibmc-file-gold-gid \
    --storage-accessmode ReadWriteMany \
    \
    --accept-license --no-confirm

More Information¶

The install is designed to work on any OCP cluster, but has been specifically tested in these environments:

IBMCloud ROKS
Microsoft Azure
AWS ROSA
IBM DevIT FYRE (internal)

The engine that performs all tasks is written in Ansible, you can directly use the same automation outside of this CLI if you wish. The code is open source and available in ibm-mas/ansible-devops, the collection is also available to install directly from Ansible Galaxy, the install supports the following actions:

IBM Maximo Operator Catalog installation
Required dependency installation:
- MongoDb (Community Edition)
- IBM Suite License Service
- IBM Data Reporter Operator
- Red Hat Certificate Manager
Optional dependency installation:
- Apache Kafka
- IBM Db2
- IBM Cloud Pak for Data Platform and Services
  - Watson Studio Local
  - Watson Machine Learning
  - Analytics Engine (Apache Spark)
  - Cognos Analytics
- Grafana
Suite core services installation
Suite application installation

The installation is performed inside your RedHat OpenShift cluster utilizing Openshift Pipelines

OpenShift Pipelines is a Kubernetes-native CI/CD solution based on Tekton. It builds on Tekton to provide a CI/CD experience through tight integration with OpenShift and Red Hat developer tools. OpenShift Pipelines is designed to run each step of the CI/CD pipeline in its own container, allowing each step to scale independently to meet the demands of the pipeline.