You can install Rational® Test Automation
Server on the Red Hat OpenShift server that has the Kubernetes Engine environment to run
functional, integration, and performance tests. Rational® Test Automation
Server combines test data, test environments, and test runs and reports into a single web-based
browser for testers and non-testers.
Before you begin
You must have performed the following tasks:
Procedure
-
Log in to your OCP cluster as a cluster administrator by running the
oc login command.
-
Create a namespace in which you want to install the server software by
running the following command:
oc new-project test-system
Remember: The test-system is the name of
the namespace. If you created a namespace by using a different value, then you
must use that value in place of test-system in all
the instances in this procedure.
-
Add the entitlement
registry to Helm to access the server install charts by running the
following command:
helm repo add ibm-helm https://raw.githubusercontent.com/IBM/charts/master/repo/ibm-helm
-
Run the following command to get the latest updates from the repository:
-
Run the following command to retrieve the charts:
helm pull --untar ibm-helm/ibm-rtas-prod --version 5.1020.0
-
Create a Secret to pull images that are used by Rational® Test Automation
Server by running the following commands:
oc create secret docker-registry cp.icr.io \
-n test-system \
--docker-server=cp.icr.io \
--docker-username=cp \
--docker-password={your_entitlement_key} \
--docker-email=example@abc.com
Remember: test-system is the
name of the namespace. If you created a namespace by using a different value, then
you must use that value in place of the test-system in
all the instances in this procedure.
-
Perform one of the following steps to enable certificates as trusted
certificates:
You must go to Step 7.b if you use OpenShift Service Mesh service virtualization, a Tech Preview
feature.
-
Perform the following steps to add the Certificate Authority (CA) into
a Secret:
-
Run the following command to verify whether an additional CA
is required:
curl -sw'%{http_code}' -o/dev/null \
"https://wildcard.$(oc get -n openshift-ingress-operator ingresscontroller default -ojsonpath='{.status.domain}')"
If the result of the command is displayed as
503, the CA is already
trusted. You must continue with 8.
If the result of the command is displayed as
000, then CA must be added
into a Secret. You must continue with 7.a.ii.
-
Run the following command to get the default CA in a PEM
format:
oc get -n openshift-ingress-operator secret router-ca -ojsonpath='{.data.tls\.crt}' | base64 --decode > ca.crt
-
Run the following command to validate that the CA used to
sign the certificate is the same for ingress:
curl -sw'%{http_code}' -o/dev/null --cacert ca.crt \
"https://wildcard.$(oc get -n openshift-ingress-operator ingresscontroller default -ojsonpath='{.status.domain}')"
If the result of the command is displayed as
503, then you must continue
with next step.
If the result of the command is displayed as
000, then the configuration
of the certificate has been customized. You must find the
signer of the certificate to continue with the next
step.
-
Run the following command to create an ingress Secret to
store the CA:
oc create secret generic -n test-system ingress --from-file=ca.crt=ca.crt
-
Perform the following steps to add the Certificate Authority (CA) into
a Secret if you use OpenShift Service Mesh service virtualization, a
Tech Preview feature:
-
Run the following script from the ibm-rtas-prod/files directory:
./files/certificate.sh -n istio-system -s istio-ingressgateway-certs {openshift-cluster-dns-name}
You must replace the
{openshift-cluster-dns-name} with the
ingress DNS name that you selected for the server. You can
run the following command to obtain the default value of
openshift-cluster-dns-name:
oc get --namespace=openshift-ingress-operator ingresscontroller/default -ojsonpath='{.status.domain}'
-
Run the following command to create an ingress Secret:
oc create secret generic -n test-system ingress \
"--from-literal=ca.crt=$(oc get -n istio-system secret istio-ingressgateway-certs -ojsonpath='{.data.ca\.crt}' | base64 --decode)"
-
Run the following commands to enable an OpenShift route that
the product creates for the Istio gateway:
cat <<EOF | oc apply -n istio-system -f - >/dev/null
apiVersion: maistra.io/v1
kind: ServiceMeshMemberRoll
metadata:
name: default
spec:
members:
- test-system
EOF
When some components such as static agents or Docker agents
want to communicate with Rational® Test Automation
Server, the component presents its certificate to the server to verify its identity. Rational® Test Automation
Server trusts the component
only if it is signed by a recognized and trusted CA. Therefore, you must add the
signed CA into a trust by placing it in a Secret to enable certificates as trusted
certificates.
-
Perform the following steps to install the server software:
-
Run the following commands to update the runAsUser and fsGroup to match
the Security Context Constraints (SCCs):
sed -i -e "s/runAsUser: 1001/runAsUser: $(oc get project test-system -oyaml \
| sed -r -n 's# *openshift.io/sa.scc.uid-range: *([0-9]*)/.*#\1#p')/g;
s/fsGroup: 1001/fsGroup: $(oc get project test-system -oyaml \
| sed -r -n 's# *openshift.io/sa.scc.supplemental-groups: *([0-9]*)/.*#\1#p')/g" ibm-rtas-prod/values-openshift.yaml
Rational® Test Automation
Server is compatible with the restricted SCC. You must run this command
to ensure that the runAsUser and fsGroup strategies match with the
SCC policy.
-
Perform one of the steps described in the following table to install
the server software based on your requirement:
| Step description |
Step no |
|
To install the server software
|
Perform 8.b.i |
|
To install the server software and enable the OpenShift
Service Mesh service virtualization through Istio, a
Tech Preview feature
|
Perform 8.b.ii and 8.b.iv |
|
To install the server software, enable the OpenShift
Service Mesh service virtualization through Istio, a
Tech Preview feature, and enable Jaeger for performance
and Web UI tests logs
|
Perform 8.b.iii and 8.b.iv
|
|
To install the server software and enable Jaeger for
performance and Web UI tests logs
|
Perform 8.b.v |
Remember:
-
If you upgrade the product from the previous version, then you must use
the same value for
global.persistence.rwxStorageClass parameter
that you used in the previous installation.
You can run the following command to obtain the value that you used for
global.persistence.rwxStorageClass:
oc get pvc -n test-system data-{my-rtas}-userlibs-0 \
-ojsonpath='{.spec.storageClassName}' && echo
-
The default certificate that terminates TLS connections has a single
wildcard. Therefore, you must prefix a single hostname segment for the
global.ibmRtasIngressDomain parameter.
For example, --set global.ibmRtasIngressDomain=rtas.{dns name of
the openshift cluster}
-
Run the following command to install the server software:
helm install {my-rtas} ./ibm-rtas-prod -n test-system \
--set license=true \
-f ibm-rtas-prod/values-openshift.yaml \
--set global.persistence.rwxStorageClass=ibmc-file-gold \
--set global.ibmRtasIngressDomain=rtas.{openshift-cluster-dns-name} \
--set global.ibmRtasPasswordAutoGenSeed={password-seed} \
--set global.ibmRtasRegistryPullSecret=cp.icr.io \
--set global.rationalLicenseKeyServer=@{rlks-ip-address}
Note: You must use the
--set
global.ibmRtasCertSecretOptional=false parameter in the
helm
install command only if you performed step
7.a.iv to
create an ingress Secret to store the CA.
-
Run the following command to install the server software and
to enable OpenShift Service Mesh service virtualization, a
Tech Preview feature:
helm install {my-rtas} ./ibm-rtas-prod -n test-system \
--set license=true \
-f ibm-rtas-prod/values-openshift.yaml \
--set global.persistence.rwxStorageClass=ibmc-file-gold \
--set global.ibmRtasIngressDomain=rtas.{openshift-cluster-dns-name} \
--set global.ibmRtasPasswordAutoGenSeed={password-seed} \
--set global.ibmRtasRegistryPullSecret=cp.icr.io \
--set global.rationalLicenseKeyServer=@{rlks-ip-address} \
-f ibm-rtas-prod/values-openshift-demo.yaml
-
Run the following command to install the server software, to
enable OpenShift Service Mesh service virtualization, a Tech
Preview feature, and to enable Jaeger for performance and
Web UI tests logs:
helm install {my-rtas} ./ibm-rtas-prod -n test-system \
--set license=true \
-f ibm-rtas-prod/values-openshift.yaml \
--set global.persistence.rwxStorageClass=ibmc-file-gold \
--set global.ibmRtasIngressDomain=rtas.{openshift-cluster-dns-name} \
--set global.ibmRtasPasswordAutoGenSeed={password-seed} \
--set global.ibmRtasRegistryPullSecret=cp.icr.io \
--set global.rationalLicenseKeyServer=@{rlks-ip-address} \
-f ibm-rtas-prod/values-openshift-demo.yaml \
--set-string execution.annotations.sidecar\\.jaegertracing\\.io/inject=true \
--set global.jaegerAgent.internalHostName=localhost \
--set global.jaegerDashboard.externalURL={my-jaeger-dashboard-url}
-
Run the following command to enable service virtualization
through Istio, a Tech Preview feature in the specific
namespace:
oc create rolebinding istio-virtualization-enabled -n bookinfo --clusterrole={my-rtas}-execution-istio-test-system --serviceaccount=test-system:{my-rtas}-execution
Where, {my-rtas} is the name of the release that you
provided during the installation of the server software.
Note: When you uninstall the chart, the manually created role
bindings are not deleted from the namespace. You can run the
following command to delete the role
bindings:
oc delete rolebinding istio-virtualization-enabled -n bookinfo
-
Run the following command to install the server software and
to enable Jaeger for performance and Web UI tests logs:
helm install {my-rtas} ./ibm-rtas-prod -n test-system \
--set license=true \
-f ibm-rtas-prod/values-openshift.yaml \
--set global.persistence.rwxStorageClass=ibmc-file-gold \
--set global.ibmRtasIngressDomain=rtas.{openshift-cluster-dns-name} \
--set global.ibmRtasPasswordAutoGenSeed={password-seed} \
--set global.ibmRtasRegistryPullSecret=cp.icr.io \
--set global.rationalLicenseKeyServer=@{rlks-ip-address} \
--set-string execution.annotations.sidecar\\.jaegertracing\\.io/inject=true \
--set global.jaegerAgent.internalHostName=localhost \
--set global.jaegerDashboard.externalURL={my-jaeger-dashboard-url}
Note: You must use the
--set
global.ibmRtasCertSecretOptional=false parameter in the
helm
install command only if you performed step
7.a.iv to
create an ingress Secret to store the CA.
You must substitute the value of the variables in the
helm
install command with the actual value:
-
{my-rtas} with the release name of your
choice.
Note: The release name must consist of alphanumeric
characters that are in lowercase or -
(hyphen). The release
name must also start with an alphabetic character and end with an
alphanumeric character. For example, my-org or
abc-123.
-
{openshift-cluster-dns-name} with the ingress DNS name
that you selected for the server.
Remember: You must provide
the value that consists of alphanumeric characters that are in
lowercase, -
(hyphen) or .
(period). The value must also
start and end with an alphanumeric character.
Note: You can
run the following command to obtain the default value of
openshift-cluster-dns-name:
oc get --namespace=openshift-ingress-operator ingresscontroller/default -ojsonpath='{.status.domain}'
-
{password-seed} with a value of your choice.
Important: This password seed is used to create several default
passwords for the server. You must store the password seed securely.
When you install the server software by using the backup of the user
data, you can reuse the password seed. You can use this seed to restore
the backed-up files either on the current or later versions of the
server software.
-
Optional: {rlks-ip-address} with the IP address
of Rational License Key Server, if you want to set the license value for
the first time.
Important: If you upgrade the product from the previous version,
you must configure the value of Rational License Key
Server in the Team Space License
Configuration window when the installation of the server
is complete.
-
{my-jaeger-dashboard-url} with the URL of the Jaeger
server.
- Optional:
Run the following command to remove a job that is used to initialize the
PostgresQL database during the installation of the server software:
oc delete job {my-rtas}-postgresql-init -n test-system
- Optional:
Perform the following steps to migrate data into Rational® Test Automation
Server, if you upgraded the product from the previous version (V10.1.0, V10.1.1, or
V10.1.2):
-
Run the following script from the ibm-rtas-prod/files directory to create a directory
that contains metadata related to the Persistent Volume Claims and their
Persistent Volumes:
migrate.sh create-pvcs -n test-system {my-rtas}
-
Run the following script from the ibm-rtas-prod/files directory to merge the data
into the server:
migrate.sh merge-dbs -n test-system {my-rtas}
-
Run the following command to remove the resources that were created
during the migration process:
migrate.sh delete-temp-resources -n test-system {my-rtas}
where {my-rtas} is the name of the release that you
provided during the installation of the server software.
-
Run the following command to verify and test the installed server
software:
$ helm test {my-rtas} -n test-system
where {my-rtas} is the name of the release that was provided during
the installation of the server software.
Results
You have installed the server software. The command line
displays the following information:
What to do next
You can perform certain tasks as a Server
Administrator. See Configuration of the server software.