Chapter 3. Installing the Migration Toolkit for Applications user interface

You install the Migration Toolkit for Applications (MTA) user interface as part of the process of installing the MTA Operator on the OpenShift Container Platform.

The MTA Operator is a structural layer that manages resources deployed on Kubernetes (database, front end, back end) to automatically create an MTA instance instead of you doing it manually.

3.1. Persistent volume requirements

To successfully deploy, the MTA Operator requires 3 RWO persistent volumes (PVs) used by different components. If the rwx_supported configuration option is set to true, the MTA Operator requires an additional 2 RWX PVs that are used by Maven and the hub file storage. The PVs are described in the table below:

Table 3.1. Required persistent volumes

NameDefault sizeAccess modeDescription

hub database

5 GiB

RWO

Hub database

hub bucket

100 GiB

RWX

Hub file storage; required if the rwx_supported configuration option is set to true

keycloak postgresql

1 GiB

RWO

Keycloak back end database

pathfinder postgresql

1 GiB

RWO

Pathfinder back end database

cache

100 GiB

RWX

Maven m2 cache; required if the rwx_supported configuration option is set to true

3.2. Installing the Migration Toolkit for Applications Operator and the user interface

You can install the Migration Toolkit for Applications (MTA) and the user interface on OpenShift Container Platform versions 4.9-4.11 when you install the Migration Toolkit for Applications Operator.

Prerequisites

  • 4 vCPUs, 8 GB RAM, and 40 GB persistent storage.
  • OpenShift Container Platform 4.9-4.11 installed.
  • You must be logged in as a user with cluster-admin permissions.

Procedure

  1. In the OpenShift Container Platform web console, click Operators → OperatorHub.
  2. Use the Filter by keyword field to search for MTA.
  3. Click the Migration Toolkit for Applications Operator and then click Install.
  4. On the Install Operator page, click Install.
  5. Click Operators → Installed Operators to verify that the MTA Operator appears in the openshift-mta project with the status Succeeded.
  6. Click the MTA Operator.

  7. Under Provided APIs, locate Tackle, and click Create Instance.

    The Create Tackle window opens in Form view.

  8. Review the CR settings. The default choices should be acceptable, but make sure to check the system requirements for storage, memory, and cores.

  9. If you prefer to work directly with the YAML file, click YAML view and review the CR settings that are listed in the spec section of the YAML file.

    The most commonly used CR settings are listed in this table:

    Table 3.2. Tackle CR settings

    NameDefaultDescription

    cache_data_volume_size

    100 GiB

    Size requested for the cache volume; ignored when rwx_supported=false

    cache_storage_class

    Default storage class

    Storage class used for the cache volume; ignored when rwx_supported=false

    feature_auth_required

    True

    Flag to indicate whether keycloak authorization is required (single user/“noauth”)

    feature_isolate_namespace

    True

    Flag to indicate whether namespace isolation using network policies is enabled

    hub_database_volume_size

    5 GiB

    Size requested for the Hub database volume

    hub_bucket_volume_size

    100 GiB

    Size requested for the Hub bucket volume

    hub_bucket_storage_class

    Default storage class

    Storage class used for the bucket volume

    keycloak_database_data_volume_size

    1 GiB

    Size requested for the Keycloak database volume

    pathfinder_database_data_volume_size

    1 GiB

    Size requested for the Pathfinder database volume

    maven_data_volume_size

    100 GiB

    Size requested for the Maven m2 cache volume; deprecated in MTA 6.0.1

    rwx_storage_class

    NA

    Storage class requested for the Tackle RWX volumes; deprecated in MTA 6.0.1

    rwx_supported

    True

    Flag to indicate whether the cluster storage supports RWX mode

    rwo_storage_class

    NA

    Storage class requested for the Tackle RW0 volumes

    rhsso_external_access

    False

    Flag to indicate whether a dedicated route is created to access the MTA managed RHSSO instance

    Example YAML file

    kind: Tackle
apiVersion: tackle.konveyor.io/v1alpha1
metadata:
  name: mta
  namespace: openshift-mta
spec:
  hub_bucket_volume_size: "25Gi"
  maven_data_volume_size: "25Gi"
  rwx_supported: "false"

  10. Edit the CR settings if needed, and then click Create.
  11. In Administrator view, click Workloads → Pods to verify that the MTA pods are running.
  12. Access the user interface from your browser by using the route exposed by the mta-ui application within OpenShift.

  13. Use the following credentials to log in:

    • User name: admin
    • Password: Passw0rd!
  14. When prompted, create a new password.

3.3. Memory requirements for running MTA on Red Hat OpenShift Local

When installed on Red Hat OpenShift Local, MTA requires a minimum amount of memory to complete its analysis. Adding memory above the required minimum makes the analysis process run faster. The table below describes the MTA performance with varying amounts of memory.

Table 3.3. OpenShift Local MTA memory requirements

Memory (GB)Description

10

MTA cannot run the analysis due to insufficient memory

11

MTA cannot run the analysis due to insufficient memory

12

MTA works and the analysis is completed in approximately 3 minutes

15

MTA works and the analysis is completed in less than 2 minutes

20

MTA works quickly and the analysis is completed in less than 1 minute

The test results indicate that the minimum amount of memory for running MTA on OpenShift Local is 12 GB.

Note
  • The tests were performed by running the MTA binary analysis through the user interface.
  • All the analyses used the tackle-testapp binary.
  • All the tests were conducted on an OpenShift Local cluster without the monitoring tools installed.
  • Installing the cluster monitoring tools requires an additional 5 GB of memory.

3.4. Red Hat Single Sign-On

MTA delegates authentication and authorization to a Red Hat Single Sign-On (RHSSO) instance managed by the MTA operator. Aside from controlling the full lifecycle of the managed RHSSO instance, the MTA operator also manages the configuration of a dedicated realm that contains all the roles and permissions that MTA requires.

If an advanced configuration is required in the MTA managed RHSSO instance, such as adding a provider for User Federation or integrating identity providers, users can log into the RHSSO Admin Console through the /auth/admin subpath in the mta-ui route. The admin credentials to access the MTA managed RHSSO instance can be retrieved from the credential-mta-rhsso secret available in the namespace in which the user interface was installed.

A dedicated route for the MTA managed RHSSO instance can be created by setting the rhsso_external_access parameter to True in the Tackle CR that manages the MTA instance.

For more information, see Red Hat Single Sign-On features and concepts.

3.4.1. Roles and Permissions

The following table contains the roles and permissions (scopes) that MTA seeds the managed RHSSO instance with:

tackle-admin

Resource Name

Verbs

 

addons

delete
get
post
put

 

adoptionplans

post

 

applications

delete
get
post
put

 

applications.facts

delete
get
post
put

 

applications.tags

delete
get
post
put

 

applications.bucket

delete
get
post
put

 

assessments

delete
get
patch
post
put

 

businessservices

delete
get
post
put

 

dependencies

delete
get
post
put

 

identities

delete
get
post
put

 

imports

delete
get
post
put

 

jobfunctions

delete
get
post
put

 

proxies

delete
get
post
put

 

reviews

delete
get
post
put

 

settings

delete
get
post
put

 

stakeholdergroups

delete
get
post
put

 

stakeholders

delete
get
post
put

 

tags

delete
get
post
put

 

tagtypes

delete
get
post
put

 

tasks

delete
get
post
put

 

tasks.bucket

delete
get
post
put

 

tickets

delete
get
post
put

 

trackers

delete
get
post
put

 

cache

delete
get

 

files

delete
get
post
put

 

rulebundles

delete
get
post
put

tackle-architect

Resource Name

Verbs

 

addons

delete
get
post
put

 

applications.bucket

delete
get
post
put

 

adoptionplans

post

 

applications

delete
get
post
put

 

applications.facts

delete
get
post
put

 

applications.tags

delete
get
post
put

 

assessments

delete
get
patch
post
put

 

businessservices

delete
get
post
put

 

dependencies

delete
get
post
put

 

identities

get

 

imports

delete
get
post
put

 

jobfunctions

delete
get
post
put

 

proxies

get

 

reviews

delete
get
post
put

 

settings

get

 

stakeholdergroups

delete
get
post
put

 

stakeholders

delete
get
post
put

 

tags

delete
get
post
put

 

tagtypes

delete
get
post
put

 

tasks

delete
get
post
put

 

tasks.bucket

delete
get
post
put

 

trackers

get

 

tickets

delete
get
post
put

 

cache

get

 

files

delete
get
post
put

 

rulebundles

delete
get
post
put

tackle-migrator

Resource Name

Verbs

 

addons

get

 

adoptionplans

post

 

applications

get

 

applications.facts

get

 

applications.tags

get

 

applications.bucket

get

 

assessments

get
post

 

businessservices

get

 

dependencies

delete
get
post
put

 

identities

get

 

imports

get

 

jobfunctions

get

 

proxies

get

 

reviews

get
post
put

 

settings

get

 

stakeholdergroups

get

 

stakeholders

get

 

tags

get

 

tagtypes

get

 

tasks

delete
get
post
put

 

tasks.bucket

delete
get
post
put

 

tackers

get

 

tickets

get

 

cache

get

 

files

get

 

rulebundles

get