search

IBM / cloud-pak-deployer

Configuration-based installation of OpenShift and Cloud Pak for Data/Integration/Watson AIOps on various private and public cloud infrastructure providers. Deployment attempts to achieve the end-state defined in the configuration. If something fails along the way, you only need to restart the process to continue the deployment.
https://ibm.github.io/cloud-pak-deployer/
Apache License 2.0
131 stars 66 forks source link

Default Db2U configs are not implemented when using Deployer to install CPD 4.7.x services. Add config option to deployer for Db2 privileges for CPD v4.7.x installations #557

Closed MrStutterZ closed 9 months ago

MrStutterZ commented 9 months ago

Describe the bug A clear and concise description of what the bug is.

When installing the services listed in Changing kernel parameter settings (CPD v4.7 Docs) via Cloud Pak Deployer, the KubletConfig and/or Tuned resources are deployed. This doesn't align with expected default behavior (Db2U running with elevated privileges) described by CPD Documentation.

If you look at the cluster resources/objects after an install of CPD v4.7.x and any services using Db2U, then you will see a db2u-product-cm ConfigMap with no data entries.

A configuration option, DB2U_RUN_WITH_LIMITED_PRIVS: "true" or "false" (with "false" being the default), should be added to the deployer so that the ConfigMap is created correctly. Current installs using the deployer of CPD v4.7.x software result in implementations that align with limited privileges selections (KubeletConfig and Tuned object creation).

To Reproduce Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'

  4. See error

    Install CPD v4.7.x, WKC, and DV (Watson Query) on 'fresh' cluster. After successful completion, check the following resources/objects in the cluster:

    • db2u-product-cm ConfigMap (in cpd-operators project)
    • db2u-kubelet KubeletConfig
    • cp4d-ipc Tuned (in openshift-cluster-node-tuning-operator project)

Expected behavior A clear and concise description of what you expected to happen.

KubeletConfigs and Tuned resources should only be created if installers want Db2U to run with limited privileges.

Screenshots If applicable, add screenshots to help explain your problem.

None.

Desktop (please complete the following information):

Smartphone (please complete the following information):

Additional context Add any other context about the problem here.

None.

fketelaars commented 9 months ago

@MrStutterZ Agreed with this change. Will implement ASAP.

joeculli commented 9 months ago

Additional finding on the creation of the tuned and kubeletconfig. I found that even if you are not installing any service that uses db2 both these still get created. I ran an install with only installing the platform, datastage and ws_pipelines and both the tuned and kubeletcofig were created.

fketelaars commented 9 months ago

@joeculli This has been resolved as well as part of this change.