Openshift AI workbench

In this section, we will just install and configure Openshift AI.

In order to do so, we will switch on all three users:

  • The cluster admin installs OAI operator and configures it

  • The opsec expert extends the Trustee image policy

  • The developer runs the workbench

Untrusted admin

PERSONA: Untrusted admin

Prerequisites

First of all, we need to make sure we can install Openshift AI. The main requirement for OAI is to have big enough worker nodes, as they have to run OAI, OSC and Trustee.

Please ensure you have big enough worker nodes. In ARO, 3 workers with size Standard_D8s_v5 should be enough. In case you don’t have them, you can manually upgrade the worker node, deploy a new cluster with bigger workers or try to add more worker nodes.

Install OAI

In order to simplify the installation of OAI and since it’s not the focus of this workshop, we will provide a script to automatically handle that:

curl -L https://raw.githubusercontent.com/confidential-devhub/workshop-on-ARO-showroom/refs/heads/main/helpers/install-oai.sh -o install-oai.sh

chmod +x install-oai.sh

./install-oai.sh

Once completed, you will receive a link to access the RHOAI dashboard and also the notebook itself directly.

Operational security expert

PERSONA: Operational security expert

Update the signature verification policy

As we are now running other images, we need to extend the image signature verification policy to also support them.

This is automatically handled by this script:

curl -L https://raw.githubusercontent.com/confidential-devhub/workshop-on-ARO-showroom/refs/heads/main/helpers/oai-opsec.sh -o oai-opsec.sh

chmod +x oai-opsec.sh

./oai-opsec.sh

Developer

PERSONA: Application developer

At this point the developer starts the CoCo workbench.

This is automatically handled by this script:

Before running this script, ensure you set CLUSTER_ID (domain name) and ARO_REGION correctly otherwise the workbench generated url in the script will point to an invalid url.

+ In any case you can always find the right workbench url by going via the web UI.

curl -L https://raw.githubusercontent.com/confidential-devhub/workshop-on-ARO-showroom/refs/heads/main/helpers/run-oai-devel.sh -o run-oai-devel.sh

chmod +x run-oai-devel.sh

./run-oai-devel.sh

Run the application

Now you can go through the notebook.