IBM Sterling: Deploy do Sterling B2B no OpenShift
Procedimento
Alternando para o Projeto
1) O projeto já foi criado anteriormente, vamos alter para ele
oc project sterling-b2bi-app
Executando os scripts pre-instalação
1) Extrair o arquivo ibm-b2bi-prod-2.0.0.tgz, que vinha com o arquivo STER_B2B_INT_CERT_CONT_V6.1_ML.tar
tar -xzvf ibm-b2bi-prod-2.0.0.tgz
2) Alternar o diretório e executar as permissões
cd ibm-b2bi-prod/ibm_cloud_pak/pak_extensions/pre-install/clusterAdministration oc apply -f ibm-b2bi-scc.yaml --validate=false oc apply -f ibm-b2bi-cr-scc.yaml --validate=false oc apply -f ibm-b2bi-psp.yaml oc apply -f ibm-b2bi-cr.yaml cd ../../../../..
retornar para o diretório anterior
3) Alternar o diretório, gerar os novos arquivos e criar as permissões
cd ibm-b2bi-prod/ibm_cloud_pak/pak_extensions/pre-install/namespaceAdministration
sed 's/{{ NAMESPACE }}/'$MY_SB2BI_PROJECT'/g' ibm-b2bi-rb-scc.yaml > my-ibm-b2bi-rb-scc.yaml
sed 's/{{ NAMESPACE }}/'$MY_SB2BI_PROJECT'/g' ibm-b2bi-rb.yaml > my-ibm-b2bi-rb.yaml
oc create -f my-ibm-b2bi-rb-scc.yaml
oc create -f my-ibm-b2bi-rb.yaml
cd ../../../../..
Configurando o Armazenamento
1) Localize as informações necessárias no default storage volume (volume de armazenamento padrão)
oc get pv -n openshift-image-registry NAME CAPACITY ACCESS MOD RECLAIM POLICY STATUS CLAIM STORAGECLASS pvc-42... 20Gi RWO Delete Bound sterling-b2bi-mq/data-mqsterling-ibm-mq-0 pvc-99... 100Gi RWX Delete Bound openshift-image-registry/image-registry-storage ibmc-file-gold pvc-ac3... 20Gi RWO Delete Bound sterling-b2bi-db2/db2vol-db2-0
2) Pegue os detalhes do pv
oc describe pv pvc-99... :Ref 5 ... failure-domain.beta.kubernetes.io/region=us-south failure-domain.beta.kubernetes.io/zone=dal10 ... Type: NFS (an NFS mount that lasts the lifetime of a pod) Server: fsf-xxxxxxx-xx.adn.networklayer.com Path: /IBMxxSEVxxxxxxx_xx/data01 ...
3) Crie o arquivo my-b2bi-pv.yaml e faça os ajustes
kind: PersistentVolume
apiVersion: v1
metadata:
name: sterling-b2bi-app-resources-pv
labels:
intent: resources
spec:
storageClassName: "ibmc-file-gold"
accessModes:
- ReadOnlyMany
capacity:
storage: 500Mi
nfs:
server: fsf-xxxxxxx-xx.adn.networklayer.com
path: /IBMxxSEVxxxxxxx_xx/data01/resources/
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: sterling-b2bi-app-logs-pv
labels:
intent: logs
spec:
storageClassName: "ibmc-file-gold"
accessModes:
- ReadWriteMany
capacity:
storage: 1000Mi
nfs:
server: fsf-xxxxxxx-xx.adn.networklayer.com
path: /IBMxxSEVxxxxxxx_xx/data01/logs/
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: sterling-b2bi-app-documents-pv
labels:
intent: documents
spec:
storageClassName: "ibmc-file-gold"
accessModes:
- ReadWriteMany
capacity:
storage: 1Gi
nfs:
server: fsf-xxxxxxx-xx.adn.networklayer.com
path: /IBMxxSEVxxxxxxx_xx/data01/documents/
4) Realize a criação do PV/PVC
oc create -f my-b2bi-pv.yaml persistentvolume/sterling-b2bi-app-resources-pv created persistentvolume/sterling-b2bi-app-logs-pv created persistentvolume/sterling-b2bi-app-documents-pv created
Configurando a passphrase para B2Bi, DB secret e MQ secret
1) Crie o arquivo b2bi-secrets.yaml e faça os ajustes
apiVersion: v1 kind: Secret metadata: name: b2b-system-passphrase-secret type: Opaque stringData: SYSTEM_PASSPHRASE: password --- apiVersion: v1 kind: Secret metadata: name: b2b-db-secret type: Opaque stringData: DB_USER: db2inst1 DB_PASSWORD: db2inst1 # DB_TRUSTSTORE_PASSWORD: password # DB_KEYSTORE_PASSWORD: password --- apiVersion: v1 kind: Secret metadata: name: b2b-jms-secret type: Opaque stringData: JMS_USERNAME: jms JMS_PASSWORD: password JMS_KEYSTORE_PASSWORD: password JMS_TRUSTSTORE_PASSWORD: password --- apiVersion: v1 kind: Secret metadata: name: b2b-liberty-secret type: Opaque stringData: LIBERTY_KEYSTORE_PASSWORD: password
2) Realize a criação do PV/PVC
oc create -f b2bi-secrets.yaml
Ajustando o arquivo override.yaml
1) Pegando a informação do pullSecret
oc describe sa default Name: default Namespace: sterling-b2bi-app Labels: <none> Annotations: <none> Image pull secrets: default-dockercfg-mrk6k ...
2) Crie o arquivo my-b2bi-override.yaml e faça os ajustes
global:
image:
repository: "image-registry.openshift-image-registry.svc:5000/sterling-b2bi-app/b2bi"
tag: "6.1.0.0"
pullPolicy: IfNotPresent
# Get value --> "oc describe sa default" and check line
pullSecret: "default-dockercfg-<CHANGE HERE>"
appResourcesPVC:
enabled: true
name: sterling-b2bi-app-resources-pvc
storageClassName: "ibmc-file-gold"
selector:
label: "intent"
value: "resources"
accessMode: ReadOnlyMany
size: 500Mi
appLogsPVC:
name: sterling-b2bi-app-logs-pvc
storageClassName: "ibmc-file-gold"
selector:
label: "intent"
value: "logs"
accessMode: ReadWriteMany
size: 1000Mi
appDocumentsPVC:
enabled: true
name: sterling-b2bi-app-documents-pvc
storageClassName: "ibmc-file-gold"
selector:
label: "intent"
value: "documents"
accessMode: ReadWriteMany
size: 1Gi
security:
supplementalGroups: [65534]
fsGroup: 1010
runAsUser: 1010
dataSetup:
# enabled=true only on setup, after enabled=false
enabled: true
upgrade: false
env:
tz: "UTC"
license: "accept"
upgradeCompatibilityVerified: false
logs:
enableAppLogOnConsole: false
setupCfg:
#Upgrade
#upgrade: false
basePort: 50000
licenseAcceptEnableSfg: true
licenseAcceptEnableEbics: false
licenseAcceptEnableFinancialServices: false
licenseAcceptEnableFileOperation: false
# Name of system passphrase secret if available
systemPassphraseSecret: b2b-system-passphrase-secret
enableFipsMode: false
nistComplianceMode: "off"
# Database Attributes --> "oc get svc -n sterling-b2bi-db2" -> # <EXTERNAL-IP>
dbVendor: db2
dbHost: <CHANGE HERE>
dbPort: 50000
dbData: B2BIDB
dbDrivers: db2jcc4.jar
dbSecret: b2b-db-secret
# enabled=true only on setup, after enabled=false
dbCreateSchema: true
# SMTP Attributes
adminEmailAddress: [email protected]
smtpHost: mail.company.com
#WMQ --> "oc get svc -n sterling-b2bi-mq"
#JMS properties are optional if jmsVendor is empty
#To use IBMMQ for communication between ASI & AC, change property to jmsVendor: IBMMQ and provide other connection details
jmsVendor: IBMMQ
jmsConnectionFactory: com.ibm.mq.jms.MQQueueConnectionFactory
jmsConnectionFactoryInstantiator:
jmsQueueName: DEV.QUEUE.1
jmsHost: <CHANGE HERE>
jmsPort: 1414
jmsConnectionNameList: <CHANGE HERE>(1414)
jmsEnableSsl: false
jmsChannel: DEV.APP.SVRCONN
jmsSecret: b2b-jms-secret
updateJcePolicyFile: false
#jcePolicyFile: local_policy.jar
SANDBOX_LAUNCH_CLA2_SERVER: true
SANDBOX_WEBAPP_PROTOCOL: https
SANDBOX_WEBAPP_LIST_PORT: 5001
asi:
replicaCount: 1
frontendService:
type: ClusterIP
ports:
http:
name: http
port: 35000
targetPort: http
nodePort: 30000
protocol: TCP
https:
name: https
port: 35001
targetPort: https
nodePort: 30001
protocol: TCP
soa:
name: soa
port: 35002
targetPort: soa
nodePort: 30002
protocol: TCP
soassl:
name: soassl
port: 35003
targetPort: soassl
nodePort: 30003
protocol: TCP
extraPorts: []
#-name: http-1
# port: 46000
# targetPort: http
# nodePort: 30100
# protocol: TCP
backendService:
#type: NodePort
type: LoadBalancer
ports:
- name: adapter-1
port: 30201
targetPort: 30201
nodePort: 30201
protocol: TCP
portRanges:
- name: adapters
portRange: 30301-30400
targetPortRange: 30301-30400
nodePortRange: 30301-30400
protocol: TCP
ingress:
internal:
# Get this value on IBM Cloud > Console > OpenShift > Cluster > <YOUR_CLUSTER> > Ingress Domain
host: asi.<YOUR_CLUSTER Ingress Domain>
tls:
enabled: true
secretName: ""
extraPaths: []
# - routePrefix: "hello"
# path: "/hello"
# servicePort: "my-http"
# enableHttps: false
ac:
replicaCount: 1
frontendService:
type: ClusterIP
ports:
http:
name: http
port: 35004
targetPort: http
nodePort: 30004
protocol: TCP
extraPorts: []
#-name: http-1
# port: 37000
# targetPort: http
# nodePort: 30200
# protocol: TCP
backendService:
#type: NodePort
type: LoadBalancer
ports:
- name: adapter-1
port: 30401
targetPort: 30401
nodePort: 30401
protocol: TCP
portRanges: []
#- name: adapters
# portRange: 30501-30600
# targetPortRange: 30501-30600
# nodePortRange: 30501-30600
# protocol: TCP
ingress:
internal:
# Get this value on IBM Cloud > Console > OpenShift > Cluster > <YOUR_CLUSTER> > Ingress Domain
host: ac.<YOUR_CLUSTER Ingress Domain>
tls:
enabled: true
secretName: ""
extraPaths: []
# - routePrefix: "hello"
# path: "/hello"
# servicePort: "my-http"
# enableHttps: false
api:
replicaCount: 1
frontendService:
type: ClusterIP
ports:
http:
name: http
port: 35005
targetPort: http
nodePort: 30005
protocol: TCP
https:
name: https
port: 35006
targetPort: https
nodePort: 30006
protocol: TCP
extraPorts: []
#-name: http-1
# port: 35000
# targetPort: http
# nodePort: 30300
# protocol: TCP
ingress:
internal:
# Get this value on IBM Cloud > Console > OpenShift > Cluster > <YOUR_CLUSTER> > Ingress Domain
host: api.<CHANGE HERE YOUR_CLUSTER Ingress Domain>
tls:
enabled: true
secretName: ""
dashboard:
enabled: true
purge:
enabled: true
image:
repository: "image-registry.openshift-image-registry.svc:5000/sterling-b2bi-app/purge"
tag: "6.1.0.0"
pullPolicy: IfNotPresent
# Get value --> oc describe sa default
pullSecret: "default-dockercfg-<CHANGE HERE>"
schedule: "*/30 * * * *"
startingDeadlineSeconds:
activeDeadlineSeconds: 3600
concurrencyPolicy: Forbid
suspend: false
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 1
salve e feche o arquivo.
Executando o Deploy com o Helm
1) Execute o seguinte comando:
cd ibm-b2bi-prod helm install sterling-b2bi-app --namespace sterling-b2bi-app --timeout 120m0s -f ../my-b2bi-override.yaml .
Essa operação é bem demorada. Vá tomar um café!!!
2) Abra uma nova janela de terminal e execute o comando
oc get pods NAME READY STATUS RESTARTS AGE sterling-b2bi-app-b2bi-db-setup-fbf64 1/1 Running 0 12m
3) Execute o comando para acompanhar
oc logs -f sterling-b2bi-app-b2bi-db-setup-fbf64
O resultado final é
Total B2biSetup time : 01:31:02 Total B2biInDockerTotal time: 01:33:05
4) Conferindo o resultado
oc get pods NAME READY STATUS RESTARTS AGE sterling-b2bi-app-b2bi-ac-server-0 1/1 Running 0 3h6m sterling-b2bi-app-b2bi-api-server-0 1/1 Running 0 3h6m sterling-b2bi-app-b2bi-asi-server-0 1/1 Running 0 3h6m
oc get jobs NAME COMPLETIONS DURATION AGE sterling-b2bi-app-b2bi-db-setup 1/1 93m 3h31
Pós install
Após o deploy, devemos desabilitar o setup do database, caso seja necessário executar o helm install novamente
1) Edite o arquivo my-b2bi-override.yaml e altere os parâmetros para false:
... dataSetup: enabled: false ... setupCfg: ... dbCreateSchema: false
Salve e feche o arquivo
Dicas
Pegando a url para acesso
oc get routes NAME HOST/PORT PATH sterling-b2bi-app-b2bi-api-internal-route api.ebasso-roks-demo-sb2bi8...appdomain.cloud ... sterling-b2bi-app-b2bi-api-internal-route-b2bapi api.ebasso-roks-demo-sb2bi8...appdomain.cloud /B2BAPIs/svc ... sterling-b2bi-app-b2bi-api-internal-route-customization api.ebasso-roks-demo-sb2bi8...appdomain.cloud /propertyUI/app ... sterling-b2bi-app-b2bi-asi-internal-route asi.ebasso-roks-demo-sb2bi8...appdomain.cloud ... sterling-b2bi-app-b2bi-asi-internal-route-dashboard asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /dashboard ... sterling-b2bi-app-b2bi-asi-internal-route-filegateway asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /filegateway ... sterling-b2bi-app-b2bi-asi-internal-route-mailbox asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /mailbox ... sterling-b2bi-app-b2bi-asi-internal-route-myfg asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /myfg ... sterling-b2bi-app-b2bi-asi-internal-route-myfilegateway asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /myfilegateway ... sterling-b2bi-app-b2bi-asi-internal-route-queuewatch asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /queueWatch ... sterling-b2bi-app-b2bi-asi-internal-route-soap asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /soap ... sterling-b2bi-app-b2bi-asi-internal-route-soap-new asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /soap-new ... sterling-b2bi-app-b2bi-asi-internal-route-soap-sync asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /soap-sync ... sterling-b2bi-app-b2bi-asi-internal-route-soap-sync-new asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /soap-sync-new ... sterling-b2bi-app-b2bi-asi-internal-route-wsdl asi.ebasso-roks-demo-sb2bi8...appdomain.cloud /wsdl ...
Acesse com um navegador
https://asi.ebasso-roks-demo-sb2bi8...appdomain.cloud/dashboard
Verificando em quais Nodes nossos Pods estão executando
Vamos pegar os nome dos Nodes primeiro
$ oc get nodes NAME STATUS ROLES AGE VERSION 10.xxx.xx.68 Ready master,worker 6h29m v1.19.0+d856161 10.xxx.xx.73 Ready master,worker 6h24m v1.19.0+d856161
Listando o Primeiro Node
oc get pods --all-namespaces -o wide --field-selector spec.nodeName=10.xxx.xx.68 | grep sterling NAMESPACE NAME READY STATUS sterling-b2bi-app sterling-b2bi-app-b2bi-ac-server-0 1/1 Running sterling-b2bi-app sterling-b2bi-app-b2bi-api-server-0 1/1 Running
Listando o Segundo Node
oc get pods --all-namespaces -o wide --field-selector spec.nodeName=10.xxx.xx.73 | grep sterling NAMESPACE NAME READY STATUS sterling-b2bi-app sterling-b2bi-app-b2bi-asi-server-0 1/1 Running sterling-b2bi-app sterling-b2bi-app-b2bi-ext-purge-1621981800-lfpll 0/1 Completed sterling-b2bi-app sterling-b2bi-app-b2bi-ext-purge-1621985400-zvszc 0/1 Completed sterling-b2bi-app sterling-b2bi-app-b2bi-ext-purge-1621989000-lfg8h 1/1 Running sterling-b2bi-db2 db2-0 1/1 Running sterling-b2bi-mq sterling-b2bi-mq-ibm-mq-0 1/1 Running sterling-b2bi-toolkit sterling-b2bi-toolkit-859c45f7c-mr6h8 1/1 Running