Install ACM on the moc-infra cluster

[cdoan1]

release ACM 2.1 is available now:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/install/installing#installing-red-hat-advanced-cluster-management-from-the-cli

[cdoan1]

So we tried to install ACM 2.1 into this environment.

OCP 4.6.17 ACM 2.1.0

Following the documentation exactly, specifying the version as Release-2.1.0 in the subscription.

The cert-manager-webhook started up with CreateContainerError and the following messages:

container create failed: time="2021-02-18T16:29:59Z" level=error msg="container_linux.go:366: starting container process caused: chdir to cwd (\"/home/webhook\") set in config.json failed: permission denied"

Workaround

oc adm policy add-scc-to-user anyuid -z cert-manager-webhook
oc delete pods -l app=webhook

Hang on

[cdoan1]

Was not expecting the version to be 2.0.7? This must be the from the for attempt at installing, the release was set to Release-2.0.

We need to uninstall acm and retry the install, should put us into 2.1.3.

[cdoan1]

Redeployed ACM @ 2.1.3

oc get mch -o yaml

    conditions:
    - lastTransitionTime: "2021-02-20T15:19:47Z"
      lastUpdateTime: "2021-02-20T15:21:54Z"
      message: Created new resource
      reason: NewResourceCreated
      status: "True"
      type: Progressing
    - lastTransitionTime: "2021-02-20T15:40:47Z"
      lastUpdateTime: "2021-02-20T15:40:47Z"
      message: All hub components ready.
      reason: ComponentsAvailable
      status: "True"
      type: Complete
    currentVersion: 2.1.3
    desiredVersion: 2.1.3
    phase: Running

[cdoan1]

[kni@provisioner acm]$ oc get pods
NAME                                                              READY   STATUS    RESTARTS   AGE
application-chart-4ad52-applicationui-7b7bb4fd58-5m58r            1/1     Running   0          24m
application-chart-4ad52-applicationui-7b7bb4fd58-dz727            1/1     Running   0          26m
cert-manager-417a5-5c7b945b9b-8g4dp                               1/1     Running   0          28m
cert-manager-417a5-5c7b945b9b-j9hjq                               1/1     Running   0          28m
cert-manager-webhook-b8d9866f8-m5w48                              1/1     Running   1          28m
cert-manager-webhook-b8d9866f8-xx2pn                              1/1     Running   2          28m
cert-manager-webhook-fe457-cainjector-76bb96f947-p6j5l            1/1     Running   0          28m
cert-manager-webhook-fe457-cainjector-76bb96f947-ptpxl            1/1     Running   0          28m
cluster-manager-64bcf584c6-2vl6j                                  1/1     Running   0          31m
cluster-manager-64bcf584c6-bjvqs                                  1/1     Running   0          31m
cluster-manager-64bcf584c6-wwctd                                  1/1     Running   0          31m
configmap-watcher-b9d23-5568694497-7wgqq                          1/1     Running   0          27m
configmap-watcher-b9d23-5568694497-gqdl5                          1/1     Running   0          27m
console-chart-05062-consoleapi-b9f7877f6-n6w2f                    1/1     Running   0          27m
console-chart-05062-consoleapi-b9f7877f6-xfvmf                    1/1     Running   0          27m
console-chart-05062-consoleui-754577574-j9xvr                     1/1     Running   0          27m
console-chart-05062-consoleui-754577574-m6gfm                     1/1     Running   0          27m
console-header-77d47959f9-g6k9t                                   1/1     Running   0          27m
console-header-77d47959f9-hpwrb                                   1/1     Running   0          27m
grc-422d8-grcui-fdcffc59b-d9n2d                                   1/1     Running   0          27m
grc-422d8-grcui-fdcffc59b-m2nld                                   1/1     Running   0          27m
grc-422d8-grcuiapi-6b9688b4f9-95kj9                               1/1     Running   0          27m
grc-422d8-grcuiapi-6b9688b4f9-mgzb9                               1/1     Running   0          27m
grc-422d8-policy-propagator-7f6599b94f-2vfh6                      1/1     Running   0          27m
grc-422d8-policy-propagator-7f6599b94f-m6zpj                      1/1     Running   0          27m
hive-operator-7988b67bdc-tbl8m                                    1/1     Running   0          31m
klusterlet-addon-controller-66654d6b44-8qst6                      1/1     Running   0          26m
klusterlet-addon-controller-66654d6b44-dz9xj                      1/1     Running   0          26m
kui-web-terminal-78c487445c-jhjpp                                 1/1     Running   0          25m
managedcluster-import-controller-56b49767c4-k2g6m                 1/1     Running   0          26m
managedcluster-import-controller-56b49767c4-krfvt                 1/1     Running   0          26m
management-ingress-c0398-cbcbdb956-hgw9v                          2/2     Running   0          26m
management-ingress-c0398-cbcbdb956-xzsl4                          2/2     Running   0          26m
multicluster-observability-operator-74bddf7578-swcm6              1/1     Running   0          31m
multicluster-operators-application-79c8cccb9b-fhm2h               4/4     Running   3          31m
multicluster-operators-hub-subscription-858fb46596-lrv4b          1/1     Running   0          31m
multicluster-operators-standalone-subscription-68866f88cc-6b2qf   1/1     Running   0          31m
multiclusterhub-operator-5bf69ddb99-mbtg7                         1/1     Running   0          31m
multiclusterhub-repo-57c7b84f5f-zh8vn                             1/1     Running   0          29m
ocm-controller-75578594f7-29ssf                                   1/1     Running   0          27m
ocm-controller-75578594f7-c4nrx                                   1/1     Running   0          27m
ocm-proxyserver-cf69dd48b-j64kv                                   1/1     Running   0          27m
ocm-proxyserver-cf69dd48b-wznmz                                   1/1     Running   0          27m
ocm-webhook-65fc749bc5-q59w5                                      1/1     Running   0          27m
ocm-webhook-65fc749bc5-x9h97                                      1/1     Running   0          27m
search-operator-5db48ccb65-lrsvk                                  1/1     Running   0          26m
search-prod-98d13-redisgraph-c7b74bd7d-qb5wq                      1/1     Running   0          26m
search-prod-98d13-search-aggregator-56868694db-25xcp              1/1     Running   0          26m
search-prod-98d13-search-api-67487bb7f8-k4wp5                     1/1     Running   0          25m
search-prod-98d13-search-api-67487bb7f8-tgdcl                     1/1     Running   0          23m
search-prod-98d13-search-collector-77db5bbf8b-pq82b               1/1     Running   0          26m
topology-0b2e3-topology-6b6bf69cb-8spsj                           1/1     Running   0          26m
topology-0b2e3-topology-6b6bf69cb-z2kvt                           1/1     Running   0          26m
topology-0b2e3-topologyapi-55d9594fd4-cdh56                       1/1     Running   0          26m
topology-0b2e3-topologyapi-55d9594fd4-mr7tf                       1/1     Running   0          26m

[cdoan1]

Update

1. There is a bug in 2.0/2.0.7 that prevent cert-manager-webhook from starting up appropriately. When we created the subscription, it was originally pointing to 2.0, and so we experienced that same issue.
2. We applied the manual workaround, as documented in the hacks folder, and worked around this issue at 2.0.7.
3. Since we really want to run at 2.1, we uninstalled, and reinstalled, 2.1, which automatically brings us up to the 2.1.3 level, including the fix for the cert-manager-webhook issue running on OCP 4.6.z.

[cdoan1]

with this, we should be able to close this card @ipolonsk ?

[tumido]

This issue can be closed now. ACM installed and tracked in git (https://github.com/operate-first/apps/pull/284)