Introduction to Red Hat OpenShift Service on AWS (ROSA)

Bookmark this page
P12
PreviousNext

Guided Exercise: Prerequisites to Create a ROSA Cluster

  • Verify that an AWS account meets all prerequisites to create a ROSA cluster.

Outcomes

You should be able to:

  • Install and configure the aws and rosa commands on your system.

  • Confirm that your AWS account meets the requirements for creating a Red Hat OpenShift on AWS (ROSA) cluster.

To perform this exercise, ensure that:

  • You have access to a Linux (Debian or Fedora-based), macOS, or Windows system, including the required permissions to install software on that system.

  • You have an Identity and Access Management (IAM) user and its credentials to access an Amazon Web Services (AWS) account.

  • You have an AWS access key ID and the associated AWS secret access key for your IAM user. If not, then refer to the Managing Access Keys for IAM Users document at https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html to create these keys.

  • You have a Red Hat account. If not, then navigate to https://console.redhat.com, click Register for a Red Hat account, and then follow the instructions.

Procedure 1.1. Instructions

  1. Subscribe to the ROSA service from the AWS Marketplace.

    1. Open a web browser and then log in to the AWS Management Console at https://console.aws.amazon.com/.

    2. Select the AWS region in which you plan to create your ROSA cluster.

    3. Navigate to ServicesContainersRed Hat OpenShift Service on AWS.

    4. If the service is not enabled, then click Enable OpenShift.

      The service activation might fail if you do not have enough permissions. In that case, review the Troubleshoot ROSA Enablement Errors in the AWS ROSA Console document at https://docs.aws.amazon.com/ROSA/latest/userguide/troubleshoot-rosa-enablement.html and then contact the administrator of your AWS organization.

  2. Install the aws command on your system.

    1. Use the web browser to navigate to https://aws.amazon.com/cli/.

    2. Download the package for your operating system.

    3. Follow the instructions available on the download page to install the tool on your system.

  3. Configure the aws command.

    1. Open a command-line terminal.

    2. Run the aws configure command. You must provide your own credentials and choose an AWS region for your ROSA cluster.

      $ aws configure
AWS Access Key ID [None]: AKIAXBPATO4UQQERVA6I
AWS Secret Access Key [None]: j8X/hphaBCOK0J5Ry64PZBRYcT0AV9gn7TWdXxw4
Default region name [None]: us-east-1
Default output format [None]: <Enter>

      The rosa command that you install in a following step relies on this configuration to access the AWS API.

    3. Confirm that you correctly set the AWS region in your configuration.

      $ aws configure get region
us-east-1

    4. Execute an aws command to confirm that your installation is successful. The following command queries the AWS API for your identity.

      $ aws sts get-caller-identity
{
    "UserId": "AIDAWS2RFFI4PZDKXB45T",
    "Account": "452954386616",
    "Arn": "arn:aws:iam::452954386616:user/user1@example.com-fqppg-admin"
}

      The credentials in the preceding output capture are different on your system. Your own credentials should display.

      If the command fails, then rerun the aws configure command and provide the correct parameters.

  4. Install the rosa command.

    1. Use the web browser to navigate to https://console.redhat.com/openshift/downloads. Use your Red Hat account to log in to the console.

    2. Locate the Red Hat OpenShift Service on AWS command-line interface (rosa) tool, select your operating system, and then download the archive.

    3. Extract the archive, switch to the command-line terminal, and then move the executable file to a standard system directory so that you can run the command. For example, on Linux and macOS systems, you can move the rosa binary file into the /usr/local/bin/ directory:

      $ sudo mv rosa /usr/local/bin/

  5. Configure the rosa command.

    1. You must generate an access token so that the rosa command can log in to your account without having to use your username and password. To do so, use the web browser to navigate to https://console.redhat.com/openshift/token/rosa.

    2. Click Load token and then copy the API token to the clipboard. You cannot view that token again after you leave the page. If you lose the token, then you need to recreate a new one.

    3. From the command-line terminal, log in to Red Hat OpenShift Cluster Manager (OCM) by using your Red Hat account:

      $ rosa login
To login to your Red Hat account, get an offline access token at https://console.redhat.com/openshift/token/rosa
? Copy the token and paste it here:

      Do not cancel the command and do not close the terminal.

    4. Paste the token from the clipboard into the terminal:

      ...output omitted...
To login to your Red Hat account, get an offline access token at https://console.redhat.com/openshift/token/rosa
? Copy the token and paste it here: *******************************************
I: Logged in as 'wlombardo' on 'https://api.openshift.com'

      The username in the preceding output capture is different on your system. Your own username should display.

    5. Run the rosa whoami command to confirm that the AWS and OCM configuration is successful. The command returns your credentials for both your AWS user and your Red Hat account.

      $ rosa whoami
AWS ARN:                      arn:aws:iam::...:user/user1@example.com-fqppg-admin
AWS Account ID:               452954386616
AWS Default Region:           us-east-1
OCM API:                      https://api.openshift.com
OCM Account Email:            wlombardo@example.com
OCM Account ID:               1VhrXTjpDWnt4rfZvdgLj2fEcso
OCM Account Name:             Wilhelm Lombardo
OCM Account Username:         wlombardo
OCM Organization External ID: 15701801
OCM Organization ID:          1HMOv5QDUifj2g6Si1hyskyv2IP
OCM Organization Name:        Wilhelm Lombardo

      The credentials in the preceding output capture are different on your system. Your own credentials should display.

  6. Verify the prerequisites for creating a ROSA cluster.

    1. Verify that the IAM role for the AWS Elastic Load Balancing (ELB) service exists in your AWS account.

      $ aws iam get-role --role-name "AWSServiceRoleForElasticLoadBalancing"
{
    "Role": {
        "Path": "/aws-service-role/elasticloadbalancing.amazonaws.com/",
        "RoleName": "AWSServiceRoleForElasticLoadBalancing",
...output omitted...
    }
}

      If the command output does not list the role, then you must create it. On a Microsoft Windows system, replace the line continuation character (\) in the following long command with the backtick (`) character, which is the line continuation character in PowerShell.

      $ aws iam create-service-linked-role --aws-service-name \
  "elasticloadbalancing.amazonaws.com"

    2. Verify your AWS account quotas to confirm that enough resources are available to create a ROSA cluster. The rosa command performs that control for you.

      $ rosa verify quota
I: Validating AWS quota...
I: AWS quota ok. If cluster installation fails, validate actual AWS resource usage against https://docs.openshift.com/rosa/rosa_getting_started/rosa-required-aws-service-quotas.html

      If the command reports insufficient quotas, then navigate to the URL from the preceding command output and follow the instructions to request a quota increase.

This concludes the section.

PreviousNext
Revision: do120-4.11-db7a8ed