IBM Sterling: Deploy do Sterling B2B no OpenShift

From Wiki

Procedimento

Alternando para o Projeto

1) O projeto já foi criado anteriormente, vamos alter para ele

oc project sterling-b2bi-app

Executando os scripts pre-instalação

1) Extrair o arquivo ibm-b2bi-prod-2.0.0.tgz, que vinha com o arquivo STER_B2B_INT_CERT_CONT_V6.1_ML.tar

tar -xzvf ibm-b2bi-prod-2.0.0.tgz

2) Alternar o diretório e executar as permissões

cd ibm-b2bi-prod/ibm_cloud_pak/pak_extensions/pre-install/clusterAdministration
oc apply -f ibm-b2bi-scc.yaml --validate=false
oc apply -f ibm-b2bi-cr-scc.yaml --validate=false
oc apply -f ibm-b2bi-psp.yaml
oc apply -f ibm-b2bi-cr.yaml

retornar para o diretório anterior

3) Alternar o diretório, gerar os novos arquivos e criar as permissões

cd ibm-b2bi-prod/ibm_cloud_pak/pak_extensions/pre-install/clusterAdministration

sed 's/{{ NAMESPACE }}/'$MY_SB2BI_PROJECT'/g' ibm-b2bi-rb-scc.yaml > $MY_SB2BI_PROJECT-ibm-b2bi-rb-scc.yaml
sed 's/{{ NAMESPACE }}/'$MY_SB2BI_PROJECT'/g' ibm-b2bi-rb.yaml > $MY_SB2BI_PROJECT-ibm-b2bi-rb.yaml

oc create -f $MY_SB2BI_PROJECT-ibm-b2bi-rb-scc.yaml
oc create -f $MY_SB2BI_PROJECT-ibm-b2bi-rb.yaml

Configurando o Armazenamento

1) Localize as informações necessárias no default storage volume (volume de armazenamento padrão)

oc get pv -n openshift-image-registry

NAME       CAPACITY ACCESS MOD  RECLAIM POLICY  STATUS  CLAIM                                              STORAGECLASS    
pvc-42...  20Gi     RWO           Delete          Bound   sterling-b2bi-mq/data-mqsterling-ibm-mq-0                                 
pvc-99...  100Gi    RWX           Delete          Bound   openshift-image-registry/image-registry-storage  ibmc-file-gold      
pvc-ac3... 20Gi     RWO           Delete          Bound   sterling-b2bi-db2/db2vol-db2-0                                          

2) Pegue os detalhes do pv

oc describe pv pvc-99...

:Ref 5
...
failure-domain.beta.kubernetes.io/region=us-south
failure-domain.beta.kubernetes.io/zone=dal10
...
Type:   NFS (an NFS mount that lasts the lifetime of a pod)
Server: fsf-xxxxxxx-xx.adn.networklayer.com
Path:   /IBMxxSEVxxxxxxx_xx/data01
...

3) Crie o arquivo b2bi-pv.yaml e faça os ajustes

kind: PersistentVolume
apiVersion: v1
metadata:
  name: sterling-b2bi-app-resources-pv
  labels:
    intent: resources
spec:
  storageClassName: "ibmc-file-gold"
  accessModes:
    - ReadOnlyMany
  capacity: 
    storage: 500Mi
  nfs:
   server: fsf-xxxxxxx-xx.adn.networklayer.com
   path: /IBMxxSEVxxxxxxx_xx/data01/resources/

---
kind: PersistentVolume
apiVersion: v1
metadata:
  name: sterling-b2bi-app-logs-pv
  labels:
    intent: logs
spec:
  storageClassName: "ibmc-file-gold"
  accessModes:
    - ReadWriteMany
  capacity: 
    storage: 1000Mi
  nfs:
   server: fsf-xxxxxxx-xx.adn.networklayer.com
   path: /IBMxxSEVxxxxxxx_xx/data01/logs/

---
kind: PersistentVolume
apiVersion: v1
metadata:
  name: sterling-b2bi-app-documents-pv
  labels:
    intent: documents
spec:
  storageClassName: "ibmc-file-gold"
  accessModes:
    - ReadWriteMany
  capacity: 
    storage: 1Gi
  nfs:
   server: fsf-xxxxxxx-xx.adn.networklayer.com
   path: /IBMxxSEVxxxxxxx_xx/data01/documents/

4) Realize a criação do PV/PVC

oc create -f b2bi-pv.yaml

persistentvolume/sterling-b2bi-app-resources-pv created
persistentvolume/sterling-b2bi-app-logs-pv created
persistentvolume/sterling-b2bi-app-documents-pv created


Configurando a passphrase para B2Bi, DB secret e MQ secret

1) Crie o arquivo b2bi-secrets.yaml e faça os ajustes

apiVersion: v1
kind: Secret
metadata:
  name: b2b-system-passphrase-secret
type: Opaque
stringData:
  SYSTEM_PASSPHRASE: password

---
apiVersion: v1
kind: Secret
metadata:
  name: b2b-db-secret
type: Opaque
stringData:
  DB_USER: db2inst1
  DB_PASSWORD: db2inst1
#  DB_TRUSTSTORE_PASSWORD: password
#  DB_KEYSTORE_PASSWORD: password

---
apiVersion: v1
kind: Secret
metadata:
  name: b2b-jms-secret
type: Opaque
stringData:
  JMS_USERNAME: jms
  JMS_PASSWORD: password
  JMS_KEYSTORE_PASSWORD: password
  JMS_TRUSTSTORE_PASSWORD: password
  
---
apiVersion: v1
kind: Secret
metadata:
  name: b2b-liberty-secret
type: Opaque
stringData:
  LIBERTY_KEYSTORE_PASSWORD: password

2) Realize a criação do PV/PVC

oc create -f b2bi-secrets.yaml

Ajustando o arguivo override.yaml

1) Pegando a informação do pullSecret

oc describe sa default

Name:                default
Namespace:           sterling-b2bi-app
Labels:              <none>
Annotations:         <none>
Image pull secrets:  default-dockercfg-mrk6k
...

2) Crie o arquivo override.yaml e faça os ajustes

global:
  image:
    repository: "image-registry.openshift-image-registry.svc:5000/sterling-b2bi-app/b2bi"
    tag: "6.1.0.0"
    pullPolicy: IfNotPresent
    pullSecret: "default-dockercfg-mrk6k"  # oc describe sa default ; at purge image also
  
appResourcesPVC:
  name: sterling-b2bi-app-resources-pvc
  storageClassName: "ibmc-file-gold"
  selector:
    label: "intent"
    value: "resources"
  accessMode: ReadOnlyMany
  size: 500Mi

appLogsPVC:
  name: sterling-b2bi-app-logs-pvc
  storageClassName: "ibmc-file-gold"
  selector:
    label: "intent"
    value: "logs"
  accessMode: ReadWriteMany
  size: 1000Mi
  
appDocumentsPVC:
  enabled: true
  name: sterling-b2bi-app-documents-pvc
  storageClassName: "ibmc-file-gold"
  selector:
    label: "intent"
    value: "documents"
  accessMode: ReadWriteMany
  size: 1Gi

security:
  supplementalGroups: [65534]
  fsGroup: 1010
  runAsUser: 1010

dataSetup:
  enabled: true
  upgrade: false

env:
  tz: "UTC"
  license: "accept"
  upgradeCompatibilityVerified: false
  
logs:
  # true if user wish to redirect the application logs to console else false. If provided value is true , then application logs will reside inside containers. No volume mapping will be used.
  enableAppLogOnConsole: false
      
  #setup.cfg configuration starts here. Property names must follow camelCase format.
setupCfg:
  #Upgrade
  #upgrade: false
  basePort: 5000
  #License - specify values as true/false
  licenseAcceptEnableSfg: true

  # Name of system passphrase secret if available
  systemPassphraseSecret: b2b-system-passphrase-secret
  enableFipsMode: false
  nistComplianceMode: "off"

  # Provide the DB attributes --> "oc get svc -n sterling-b2bi-db2"
  dbVendor: db2
  dbHost: 169.46.72.83
  dbPort: 50000  
  dbData: B2BIDB
  dbDrivers: db2jcc4.jar
  dbCreateSchema: true
  # Name of DB secret
  dbSecret: b2b-db-secret

  #Provide the admin email address
  adminEmailAddress: [email protected]
  # Provide the SMTP host details  
  smtpHost: mail.company.com
  
  #WMQ   --> "oc get svc -n sterling-b2bi-mq"
  #JMS properties are optional if jmsVendor is empty
  #To use IBMMQ for communication between ASI & AC, change property to jmsVendor: IBMMQ
  # and provide other connection details
  jmsVendor: IBMMQ
  # Provide the name of connection factory class. 
  jmsConnectionFactory: com.ibm.mq.jms.MQQueueConnectionFactory
  jmsConnectionFactoryInstantiator:
  jmsQueueName: DEV.QUEUE.1
  jmsHost: 172.21.6.39
  jmsPort: 1414
  jmsConnectionNameList: 172.21.6.39(1414)
  jmsEnableSsl: false
  jmsChannel: DEV.APP.SVRCONN
  jmsSecret: sterling-b2bi-mq-secret
  
  SANDBOX_LAUNCH_CLA2_SERVER: true
  SANDBOX_WEBAPP_PROTOCOL: https
  SANDBOX_WEBAPP_LIST_PORT: 5001

asi:
  replicaCount: 1

  service:
    type: LoadBalancer
    ports:
      http: 
        name: http
        port: 35000
        targetPort: http
        nodePort: 30000
        protocol: TCP

    extraPorts:
      TCP1:
        name: asi-http-1
        port: 6443
        targetPort: 6443
        protocol: TCP
      TCP2:
        name: asi-sftp-1
        port: 6022
        targetPort: 6022
        protocol: TCP
             
ac:

  replicaCount: 1

  service:
    type: LoadBalancer
    ports:
      http: 
        name: http
        port: 35001
        targetPort: http
        nodePort: 30001
        protocol: TCP
    
    extraPorts:
      TCP1:
        name: ac-http-1
        port: 5443
        targetPort: 5443
        protocol: TCP
      TCP2:
        name: ac-sftp-1
        port: 5022
        targetPort: 5022
        protocol: TCP 

api:

  replicaCount: 1
  
  service:
    type: LoadBalancer
    ports:
      http:
        name: http
        port: 35002
        targetPort: http
        nodePort: 30002
        protocol: TCP
      https:
        name: https
        port: 35003
        targetPort: https
        nodePort: 30003
        protocol: TCP    

dashboard:
    enabled: true

purge:
  enabled: true
  image:
    repository: "image-registry.openshift-image-registry.svc:5000/sterling-b2bi-app/purge"
  # Provide the tag value in double quotes
    tag: "6.1.0.0"
    pullPolicy: IfNotPresent
    pullSecret: "default-dockercfg-mrk6k"
  schedule: "*/30 * * * *"

See Also