Introduction to Red Hat OpenShift Service on AWS (ROSA)
Verify that an AWS account meets all prerequisites to create a ROSA cluster.
Outcomes
Install and configure the
awsandrosacommands on your system.Confirm that your AWS account meets the requirements for creating a Red Hat OpenShift on AWS (ROSA) cluster.
To perform this exercise, verify the following items:
You have access to a Linux (Debian or Fedora-based), macOS, or Windows system, including the required permissions to install software on that system.
You have an Identity and Access Management (IAM) user and its credentials to access an Amazon Web Services (AWS) account.
You have an AWS access key ID and the associated AWS secret access key for your IAM user. If not, then you can create these keys by following the instructions in the Managing Access Keys for IAM Users document at https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html.
You have a Red Hat account. If not, then navigate to https://console.redhat.com, click , and then follow the instructions.
Procedure 1.1. Instructions
Subscribe to the ROSA service from the AWS Marketplace.
Log in to the AWS Management Console at https://console.aws.amazon.com/ by using a web browser.
Select the AWS Region in which you plan to create your ROSA cluster.
Navigate to → → and then click .
If the service is already enabled, then skip this step.
Otherwise, select and then click .
The service activation might fail if you do not have enough permissions. In that case, review the Troubleshoot ROSA Enablement Errors in the AWS ROSA Console document at https://docs.aws.amazon.com/ROSA/latest/userguide/troubleshoot-rosa-enablement.html and then contact the administrator of your AWS organization.
On the same page, verify the prerequisites for creating a ROSA cluster.
If the page reports insufficient quotas, then navigate to https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html-single/installing_accessing_and_deleting_rosa_clusters/index#rosa-required-aws-service-quotas and follow the instructions to request a quota increase.
Install the
awscommand on your system.Use the web browser to navigate to https://aws.amazon.com/cli/.
Download the package for your operating system.
Follow the instructions on the download page to install the tool on your system.
Configure the
awscommand.Open a command-line terminal.
Run the
aws configurecommand. You must provide your own credentials and choose an AWS Region for your ROSA cluster.$
aws configureAWS Access Key ID [None]:AKIAXBPATO4UQQERVA6Ij8X/hphaBCOK0J5Ry64PZBRYcT0AV9gn7TWdXxw4us-east-1<Enter>The
rosacommand that you install in a following step relies on this configuration to access the AWS API.Confirm that you correctly set the AWS Region in your configuration.
$
aws configure get regionus-east-1Execute an
awscommand to confirm that your installation is successful. The following command queries the AWS API for your identity.$
aws sts get-caller-identity{ "UserId": "AIDAWS2RFFI4PZDKXB45T", "Account": "452954386616", "Arn": "arn:aws:iam::452954386616:user/user1@example.com-fqppg-admin" }The credentials in the preceding output are different on your system. Your own credentials should be displayed.
If the command fails, then rerun the
aws configurecommand and provide the correct parameters.
Install the
rosacommand.Use the web browser to navigate to https://console.redhat.com/openshift/downloads. Use your Red Hat account to log in to the console.
Locate the
Red Hat OpenShift Service on AWS command-line interface (rosa)tool, select your operating system, and then download the archive.
Extract the archive, switch to the command-line terminal, and then move the executable file to a standard system directory so that you can run the command. For example, on Linux and macOS systems, you can move the
rosabinary file into the/usr/local/bin/directory:$
sudo mv rosa /usr/local/bin/
Configure the
rosacommand.You must generate an access token so that the
rosacommand can log in to your account without having to use your username and password. To do so, use the web browser to navigate to https://console.redhat.com/openshift/token/rosa.Click and then copy the API token to the clipboard.
Important
You cannot view that token again after you leave the page. If you lose the token, then you must re-create one.
From the command-line terminal, use your Red Hat account to log in to the Red Hat OpenShift Cluster Manager (OCM):
$
rosa loginTo login to your Red Hat account, get an offline access token at https://console.redhat.com/openshift/token/rosa ? Copy the token and paste it here:Do not cancel the command, and do not close the terminal.
Paste the token from the clipboard into the terminal:
...output omitted... To login to your Red Hat account, get an offline access token at https://console.redhat.com/openshift/token/rosa ? Copy the token and paste it here:
*******************************************I: Logged in as 'wlombardo' on 'https://api.openshift.com'The username in the preceding output is different on your system. Your own username should be displayed.
Run the
rosa whoamicommand to confirm that the AWS and OCM configuration is successful. The command returns your credentials for both your AWS user and your Red Hat account.$
rosa whoamiAWS ARN: arn:aws:iam::...:user/user1@example.com-fqppg-admin AWS Account ID: 452954386616 AWS Default Region: us-east-1 OCM API: https://api.openshift.com OCM Account Email: wlombardo@example.com OCM Account ID: 1VhrXTjpDWnt4rfZvdgLj2fEcso OCM Account Name: Wilhelm Lombardo OCM Account Username: wlombardo OCM Organization External ID: 15701801 OCM Organization ID: 1HMOv5QDUifj2g6Si1hyskyv2IP OCM Organization Name: Wilhelm LombardoThe credentials in the preceding output capture are different on your system. Your own credentials should be displayed.
Do not delete your work, because later activities depend on the completion of this exercise.
