Creating OpenShift project<\/h2>\n\n\n\n
First of all, let’s create an OpenShift project :<\/p>\n\n\n\n
#!\/bin\/bash\n\nfunction configure_openshift(){\n\t# Creating new project\n\toc login -u ${OPENSHIFT_USER_NAME} -p ${OPENSHIFT_USER_PASSWORD}\n\toc new-project ${OPENSHIFT_PROJECT_NAME} --display-name=\"${OPENSHIFT_PROJECT_DISPLAY_NAME}\" --description=\"${OPENSHIFT_PROJECT_DESCRIPTION}\"\n\t\n\t# Configuring project \n\toc login -u system:admin\n\toc patch namespace ${OPENSHIFT_PROJECT_NAME} -p '{\"metadata\": {\"annotations\": { \"openshift.io\/sa.scc.uid-range\":\"'${OPENSHIFT_BASE_USER_UID}'\/10000\" } } }'\n\toc patch namespace ${OPENSHIFT_PROJECT_NAME} -p '{\"metadata\": {\"annotations\": { \"openshift.io\/sa.scc.supplemental-groups\":\"'${OPENSHIFT_BASE_GROUP_UID}'\/10000\" } } }'\n}\n\nconfigure_openshift<\/pre>\n\n\n\nLogin to OpenShift using your user account and create a new project. Next, to run IBM Content Platform Engine and IBM Content Navigator as non-root uset, you should set “openshift.io\/sa.scc.uid-range” and “openshift.io\/sa.scc.supplemental-groups” according to the user you will configure on your system.<\/p>\n\n\n\n
Pulling Docker images<\/h2>\n\n\n\n
Before deploying images on OpenShift, we will push them on Docker.<\/p>\n\n\n\n
#!\/bin\/bash\n\nfunction pull_ibm_images(){\n\t# Installing Docker images from tar.gz archives\n\tif [ -d ${IBM_DOCKER_ARCHIVES} ] ; then\n\t\n\t\techo -e \"\\e[92mPulling images from ${IBM_DOCKER_ARCHIVES}\\033[0m\"\n\t\t\n\t\t# Loading OpenShift images to Docker\n\t\tfind ${IBM_DOCKER_ARCHIVES} -type f -name \"*.tar.gz\" -exec docker load -i {} \\;\n\t\t\n\t\techo -e \"\\e[92mImages successfully pulled\\033[0m\"\n\tfi\n\t\n}\n\nprerequisites ${1}\npull_ibm_images<\/pre>\n\n\n\nRunning Active Directory<\/h2>\n\n\n\n
In this specific case, I will run an OpenLDAP instance. Of course, if you are in an enterprise network, you will be able to connect to the principal LDAP server.<\/p>\n\n\n\n
#!\/bin\/bash\n\nfunction prerequisites(){\t\n\texport i=0\n}\n\nfunction run_openldap(){\n\n\techo -e \"\\e[92mRunning ${OPENLDAP_CONTAINER_NAME} container\\033[0m\"\n\tdocker run -d -t --name=${OPENLDAP_CONTAINER_NAME} --add-host=$(hostname -f):$(ip -4 addr show docker0 | grep -Po 'inet \\K[\\d.]+') --restart=always -p ${OPENLDAP_LDAP_UNSECURED_PORT}:389 -p ${OPENLDAP_LDAP_HTTPPORT}:80 --env LDAP_BASE_DN=${OPENLDAP_BASE_DN} --env LDAP_DOMAIN=${OPENLDAP_DOMAIN} --env LDAP_ADMIN_PASSWORD=${OPENLDAP_ADMIN_PASSWORD} osixia\/openldap:1.3.0 bash\n\t\n\twhile((${i}<${OPENLDAP_RETRY}*2))\n\tdo\n\t\tisLDAPReady=$(docker logs ${OPENLDAP_CONTAINER_NAME} | grep \"openldap\")\n\t\tif [[ \"${isLDAPReady}\" != \"\" ]]; then\n\t\t\techo \"${OPENLDAP_CONTAINER_NAME} container started, check ldap service now.\"\n\t\t\tisLDAPonLine=$(docker exec -i ${OPENLDAP_CONTAINER_NAME} service slapd status | grep running)\n\t\t\tif [[ \"${isLDAPonLine}\" = \"\" ]]; then\n\t\t\t\techo \"Need to restart LDAP service now.\"\n\t\t\t\tdocker exec -i ${OPENLDAP_CONTAINER_NAME} service slapd start\n\t\t\t\texit_script_if_error \"docker exec -i ${OPENLDAP_CONTAINER_NAME} service slapd start\"\n\t\t\t\t\n\t\t\t\tdocker exec -i ${OPENLDAP_CONTAINER_NAME} service slapd status\n\t\t\t\texit_script_if_error \"docker exec -i ${OPENLDAP_CONTAINER_NAME} service slapd status\"\n\t\t\t\tbreak\n\t\t\telse\n\t\t\t\techo -e \"\\e[92mLDAP service is ready.\\033[0m\"\n\t\t\t\tbreak\n\t\t\tfi\n\t\telse\n\t\t\techo \"$i. LDAP is not ready yet, wait 5 seconds and recheck again....\"\n\t\t\tsleep 5s\n\t\t\tlet i++\n\t\tfi\n\tdone\n\n\techo -e \"\\e[92mAdding sample users and groups to LDAP\\033[0m\"\n\tdocker exec -i ${OPENLDAP_CONTAINER_NAME} bash <<EOF\necho \"\ndn: cn=P8Admin,dc=ecm,dc=ibm,dc=com\ncn: P8Admin\nsn: P8Admin\nuserpassword: password\nobjectclass: top\nobjectclass: organizationalPerson\nobjectclass: person\n\ndn: cn=tester,dc=ecm,dc=ibm,dc=com\ncn: tester\nsn: tester\nuserpassword: password\nobjectclass: top\nobjectclass: organizationalPerson\nobjectclass: person\n\ndn: cn=P8Admins,dc=ecm,dc=ibm,dc=com\nobjectclass: groupOfNames\nobjectclass: top\ncn: P8Admins\nmember: cn=P8Admin,dc=ecm,dc=ibm,dc=com\n\ndn: cn=GeneralUsers,dc=ecm,dc=ibm,dc=com\nobjectclass: groupOfNames\nobjectclass: top\ncn: GeneralUsers\nmember: cn=P8Admin,dc=ecm,dc=ibm,dc=com\nmember: cn=tester,dc=ecm,dc=ibm,dc=com\n\">\/tmp\/ecm.ldif\necho \"\ndn: olcDatabase={1}mdb,cn=config\nchangetype: modify\nreplace: olcAccess\nolcAccess: to * by * read\n\">\/tmp\/ecm_acc.ldif\nldapadd -x -D \"cn=admin,dc=ecm,dc=ibm,dc=com\" -w password -f \/tmp\/ecm.ldif\nldapmodify -Y EXTERNAL -Q -H ldapi:\/\/\/ -f \/tmp\/ecm_acc.ldif\nrm -f \/tmp\/ecm.ldif\nEOF\n\n\techo -e \"\\e[92mLDAP is ready to be used !\\033[0m\"\n}\n\nprerequisites\nrun_openldap<\/pre>\n\n\n\nNothing particular here. Just running an OpenLDAP instance, waiting from it to be ready, then injecting some users and groups to use in IBM softwares.<\/p>\n\n\n\n
Running DataBase<\/h2>\n\n\n\n
Same thing as OpenLDAP, in this specific case, I will run DB2 instance. Of course, if you are in an enterprise network, you will be able to connect to the principal DB server.<\/p>\n\n\n\n
#!\/bin\/bash\n\nfunction prerequisites(){\t\n\texport i=0\n}\n\nfunction run_db2(){\n\n\techo -e \"\\e[92mCreating '${IBM_DB2_ROOT_DIR}', '${IBM_DB2_SCRIPT_DIR}' and '${IBM_DB2_STORAGE_DIR}' directories\\033[0m\"\n\tmkdir -p ${IBM_DB2_ROOT_DIR} ${IBM_DB2_SCRIPT_DIR} ${IBM_DB2_STORAGE_DIR}\n\n\techo -e \"\\e[92mGenerating ${IBM_DB2_ROOT_DIR}\/.config file\\033[0m\"\n\ttee ${IBM_DB2_ROOT_DIR}\/.config<<EOF\nLICENSE=accept\nDB2INSTANCE=${IBM_DB2_INST_NAME}\nDB2INST1_PASSWORD=${IBM_DB2_INST_PASSWORD}\nDBNAME=\nBLU=false\nENABLE_ORACLE_COMPATIBILITY=false\nUPDATEAVAIL=NO\nTO_CREATE_SAMPLEDB=true\nIS_OSXFS=false\nBIND_HOME=true\nREPODB=false\nEOF\n\n\techo -e \"\\e[92mRunning ${IBM_DB2_CONTAINER_NAME} container\\033[0m\"\n\tdocker run -d -h db2server --name ${IBM_DB2_CONTAINER_NAME} --add-host=$(hostname -f):$(ip -4 addr show docker0 | grep -Po 'inet \\K[\\d.]+') --restart=always --privileged=true -p ${IBM_DB2_SERVER_PORT}:50000 --env-file ${IBM_DB2_ROOT_DIR}\/.config -v ${IBM_DB2_SCRIPT_DIR}:\/tmp\/db2_script -v ${IBM_DB2_STORAGE_DIR}:\/db2fs ibmcom\/db2:11.5.0.0\n\t\n\twhile((${i}<${IBM_DB2_RETRY}*2))\n\tdo\n\t\tisLDAPReady=$(docker logs ${IBM_DB2_CONTAINER_NAME} | grep \"Setup has completed.\")\n\t\tif [[ \"${isLDAPReady}\" == \"\" ]]; then\n\t\t\techo \"$i. DB2 is not ready yet, wait 5 seconds and recheck again....\"\n\t\t\tsleep 10s\n\t\t\tlet i++\n\t\telse\n\t\t\techo -e \"\\e[92mDB2 service is ready.\\033[0m\"\n\t\t\tbreak\n\t\tfi\n\tdone\n\n\techo -e \"\\e[92mCopying scripts and datas to create DB2 tables\\033[0m\"\n\tdocker cp ${IBM_DB2_SCRIPTS}\/DB2_ONE_SCRIPT.sql $(docker ps |grep \"${IBM_DB2_CONTAINER_NAME}\"|awk '{print $1}'):\/database\/config\/db2inst1\n\tdocker cp ${IBM_DB2_SCRIPTS}\/GCDDB.sh $(docker ps |grep \"${IBM_DB2_CONTAINER_NAME}\"|awk '{print $1}'):\/database\/config\/db2inst1\n\tdocker cp ${IBM_DB2_SCRIPTS}\/ICNDB.sh $(docker ps |grep \"${IBM_DB2_CONTAINER_NAME}\"|awk '{print $1}'):\/database\/config\/db2inst1\n\tdocker cp ${IBM_DB2_SCRIPTS}\/OS1DB.sh $(docker ps |grep \"${IBM_DB2_CONTAINER_NAME}\"|awk '{print $1}'):\/database\/config\/db2inst1\n\tdocker cp ${IBM_DB2_SCRIPTS}\/setup_db.sh $(docker ps -a|grep \"ibm-db2\"|awk '{print $1}'):\/database\/config\/db2inst1\n\techo -e \"\\e[92mCreating DB2 tables\\033[0m\"\n\tdocker exec -i ${IBM_DB2_CONTAINER_NAME} \/bin\/bash \/database\/config\/db2inst1\/setup_db.sh\n\techo -e \"\\e[92mDB2 tables successfully created !\\033[0m\"\n\n}\n\nprerequisites\nrun_db2\n<\/pre>\n\n\n\nPreparing IBM Content Platform Engine deployment<\/h2>\n\n\n\n
In order to be ready to deploy IBM Content Platform Engine on OpenShift, you will need some specific configuration.<\/p>\n\n\n\n
Directories<\/h3>\n\n\n\n
According to the official documentation, and because I don’t know what you will use a functionalities, I will use 7 directories:<\/p>\n\n\n\n
- cpecfgstore\/cpe\/configDropins\/overrides<\/li>
- cpelogstore\/cpe\/logs<\/li>
- cpefilestore\/asa<\/li>
- cpetextextstore\/textext<\/li>
- cpebootstrapstore\/bootstrap<\/li>
- cpefnlogstore\/FileNet<\/li>
- cpeicmrulesstore\/icmrules<\/li><\/ul>\n\n\n\n
The configuration files<\/h3>\n\n\n\n
The “cpecfgstore\/cpe\/configDropins\/overrides” will store all the IBM Content Platform Engine configuration, as LDAP or DB configuration files or DB drivers.<\/p>\n\n\n\n
The DB2JCCDriver.xml configuration file<\/h4>\n\n\n\n
Because I’m using a DB2 instance as main database, I need to specify the java library to use to connect to the instance.<\/p>\n\n\n\n
<server>\n<transaction totalTranLifetimeTimeout=\"300s\" \/>\n<library id=\"DB2JCC4Lib\">\n<fileset dir=\"${server.config.dir}\/configDropins\/overrides\" includes=\"db2jcc4.jar db2jcc_license_cu.jar\"\/>\n<\/library> \n<\/server><\/pre>\n\n\n\n2 files are required in this specific scenario: db2jcc4.jar, the driver library, and the db2jcc_license_cu.jar, the license library.<\/p>\n\n\n\n
The ldap_TDS.xml configuration file<\/h4>\n\n\n\n
This file specify the LDAP connection, the base Distinguished Name (dn) to use, the credentials to connect to the LDAP server, and some others informations related to the group or user filter.<\/p>\n\n\n\n
<server>\n\t<!-- Unique ID Attribute to use : entryUUID -->\n\t<ldapRegistry id=\"MyTDS\" realm=\"defaultRealm\"\n\t\thost=\"172.17.0.6\" \n\t\tbaseDN=\"dc=ecm,dc=ibm,dc=com\"\n\t\tport=\"389\"\n\t\tldapType=\"IBM Tivoli Directory Server\"\n\t\tbindDN=\"cn=P8Admin,dc=ecm,dc=ibm,dc=com\"\n\t\tsslEnabled=\"False\"\n\t\tbindPassword=\"password\">\n\t\t<idsFilters\n\t\t\tuserFilter=\"(&(cn=%v)(objectclass=person))\"\n\t\t\tgroupFilter=\"(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))\"\n userIdMap=\"*:cn\"\n groupIdMap=\"*:cn\"\n groupMemberIdMap=\"memberof:member\">\n\t\t<\/idsFilters>\n\t<\/ldapRegistry>\n<\/server>\n<\/pre>\n\n\n\n
The GCD.xml configuration file<\/h4>\n\n\n\n
This configuration file is the main file to specify FileNet GCD database instance, used to store the FileNet domain. This file will store all the configuration to use to create datasources on IBM Content Platform Engine Liberty when deploying the IBM Content Platform Engine container.<\/p>\n\n\n\n
For each datasource (simple and XA datasource), there is few informations to provide:<\/p>\n\n\n\n
- the datasource name (“id” and “jndiName” attributes)<\/li>
- the libraries to use to interact with the DataBase (“jdbcDriver” node)<\/li>
- the properties used to connect the DataBase (“properties.db2.jcc” node in this case), including:
- the DataBase name (“GCDDB”)<\/li>
- the server name (can be both server name if resolved or server ip, “172.17.0.8”)<\/li>
- the server port to reach the DataBase instance (“50000”)<\/li>
- the DataBase user name (“db2inst1”)<\/li>
- the DataBase user password (“password”)<\/li><\/ul><\/li><\/ul>\n\n\n\n
With all those informations, IBM Content Platform Engine will be able to connect to the SQL instance holding the FileNet domain.<\/p>\n\n\n\n
<server>\n\t<dataSource id=\"FNGDDS\" jndiName=\"FNGDDS\" isolationLevel=\"TRANSACTION_READ_COMMITTED\" type=\"javax.sql.DataSource\">\n\t\t<jdbcDriver libraryRef=\"DB2JCC4Lib\"\/>\n\t\t<properties.db2.jcc \n\t\t\tdatabaseName=\"GCDDB\" \n\t\t\tserverName=\"172.17.0.8\"\n\t\t\tportNumber=\"50000\"\n \t\tuser=\"db2inst1\" \n\t\t\tpassword=\"password\"\n\t\t\tresultSetHoldability=\"HOLD_CURSORS_OVER_COMMIT\"\n\t\t\/>\n\t\t<connectionManager maxIdleTime=\"1m\" maxPoolSize=\"50\" minPoolSize=\"0\" reapTime=\"2m\" enableSharingForDirectLookups=\"false\"\/>\n\n\t<\/dataSource>\n\n\t<dataSource id=\"FNGDDSXA\" jndiName=\"FNGDDSXA\" isolationLevel=\"TRANSACTION_READ_COMMITTED\" type=\"javax.sql.XADataSource\" supplementalJDBCTrace=\"true\">\n\t\t<properties.db2.jcc \n\t\t\tdatabaseName=\"GCDDB\"\n\t\t\tserverName=\"172.17.0.8\"\n\t\t\tportNumber=\"50000\"\n \t\tuser=\"db2inst1\"\n password=\"password\"\n\t\t\/>\n\t\t<connectionManager maxIdleTime=\"1m\" maxPoolSize=\"50\" minPoolSize=\"0\" reapTime=\"2m\" enableSharingForDirectLookups=\"true\"\/>\n\n\t\t<jdbcDriver libraryRef=\"DB2JCC4Lib\"\/>\n\n\t<\/dataSource>\n<\/server>\n<\/pre>\n\n\n\n
The OBJSTORE.xml configuration file<\/h4>\n\n\n\n
As done in the GCD.xml configuration file, the OBJSTORE.xml configuration file will provide same kind of properties. I will not list them again, it’s the same file structure as above (only values are changing).<\/p>\n\n\n\n
<server>\n\t<dataSource id=\"FNOSDS\" jndiName=\"FNOSDS\" isolationLevel=\"TRANSACTION_READ_COMMITTED\" type=\"javax.sql.DataSource\">\n\t\t<jdbcDriver libraryRef=\"DB2JCC4Lib\"\/>\n\t\t<properties.db2.jcc \n\t\t\tdatabaseName=\"OS1DB\" \n\t\t\tserverName=\"172.17.0.8\"\n\t\t\tportNumber=\"50000\"\n \t\tuser=\"db2inst1\" \n password=\"password\"\n\t\t\tresultSetHoldability=\"HOLD_CURSORS_OVER_COMMIT\"\n\t\t\/>\n\t\t<connectionManager maxIdleTime=\"1m\" maxPoolSize=\"50\" minPoolSize=\"0\" reapTime=\"2m\" enableSharingForDirectLookups=\"false\"\/>\n\n\t<\/dataSource>\n\n\t<dataSource id=\"FNOSDSXA\" jndiName=\"FNOSDSXA\" isolationLevel=\"TRANSACTION_READ_COMMITTED\" type=\"javax.sql.XADataSource\" supplementalJDBCTrace=\"true\">\n\t\t<properties.db2.jcc \n\t\t\tdatabaseName=\"OS1DB\"\n\t\t\tserverName=\"172.17.0.8\"\n\t\t\tportNumber=\"50000\"\n \t\tuser=\"db2inst1\"\n password=\"password\"\n\t\t\/>\n\t\t<connectionManager maxIdleTime=\"1m\" maxPoolSize=\"50\" minPoolSize=\"0\" reapTime=\"2m\" enableSharingForDirectLookups=\"true\"\/>\n\n\t\t<jdbcDriver libraryRef=\"DB2JCC4Lib\"\/>\n\n\t<\/dataSource>\n<\/server>\n<\/pre>\n\n\n\n
Copying and specifying directories rights<\/h3>\n\n\n\n
Finally, you will have to copy all your configuration files into the “cpecfgstore\/cpe\/configDropins\/overrides” directory, and setting all your directories rights to the appropriate user\/group.<\/p>\n\n\n\n
#!\/bin\/bash\n\nfunction prepare_cpe(){\n\n\t# Creating IBM Content Platform Engine directories\n\techo -e \"\\e[92mCreating IBM Content Platform Engine directories\\033[0m\"\n\tmkdir -p ${IBM_CPE_CONFIG_DIR}\/cpecfgstore\/cpe\/configDropins\/overrides\n\tmkdir -p ${IBM_CPE_CONFIG_DIR}\/cpelogstore\/cpe\/logs \n\tmkdir -p ${IBM_CPE_CONFIG_DIR}\/cpefilestore\/asa\n\tmkdir -p ${IBM_CPE_CONFIG_DIR}\/cpetextextstore\/textext\n\tmkdir -p ${IBM_CPE_CONFIG_DIR}\/cpebootstrapstore\/bootstrap\n\tmkdir -p ${IBM_CPE_CONFIG_DIR}\/cpefnlogstore\/FileNet\n\tmkdir -p ${IBM_CPE_CONFIG_DIR}\/cpeicmrulesstore\/icmrules\n\n\t# Copying IBM Content Platform Engine configuration\n\techo -e \"\\e[92mCopying IBM Content Platform Engine configuration\\033[0m\"\n\tcp -Rrf ${IBM_CPE_BASE_DIR}\/config\/CPE\/custom\/configDropins\/overrides\/* ${IBM_CPE_CONFIG_DIR}\/cpecfgstore\/cpe\/configDropins\/overrides\n\n\t# Setting rights according to the OpenShift container user\n\techo -e \"\\e[92mSetting IBM Content Platform Engine rights on directories\\033[0m\"\n\tchown -R ${IBM_CPE_CONTAINER_USER_ID}:${IBM_CPE_CONTAINER_GROUP_ID} ${IBM_CPE_CONFIG_DIR}\/cpecfgstore\n\tchown -R ${IBM_CPE_CONTAINER_USER_ID}:${IBM_CPE_CONTAINER_GROUP_ID} ${IBM_CPE_CONFIG_DIR}\/cpelogstore \n\tchown -R ${IBM_CPE_CONTAINER_USER_ID}:${IBM_CPE_CONTAINER_GROUP_ID} ${IBM_CPE_CONFIG_DIR}\/cpefilestore\n\tchown -R ${IBM_CPE_CONTAINER_USER_ID}:${IBM_CPE_CONTAINER_GROUP_ID} ${IBM_CPE_CONFIG_DIR}\/cpetextextstore\n\tchown -R ${IBM_CPE_CONTAINER_USER_ID}:${IBM_CPE_CONTAINER_GROUP_ID} ${IBM_CPE_CONFIG_DIR}\/cpebootstrapstore\n\tchown -R ${IBM_CPE_CONTAINER_USER_ID}:${IBM_CPE_CONTAINER_GROUP_ID} ${IBM_CPE_CONFIG_DIR}\/cpefnlogstore\n\tchown -R ${IBM_CPE_CONTAINER_USER_ID}:${IBM_CPE_CONTAINER_GROUP_ID} ${IBM_CPE_CONFIG_DIR}\/cpeicmrulesstore\n\n}\n\nprepare_cpe\n<\/pre>\n\n\n\nDeploying IBM Content Platform Engine<\/h2>\n\n\n\n
Creating persistent volumes<\/h3>\n\n\n\n
Before deploying the IBM Content Platform Engine image, you will need to declare some persistent volumes on OpenShift side (persistent volume and persistent volume claim).<\/p>\n\n\n\n
Bootstrap volumes<\/h4>\n\n\n\n
This volume will be used for upgrade only.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: cpe-bootstrap-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/cpebootstrapstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: cpe-bootstrap-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: cpe-bootstrap-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: cpe-bootstrap-pv\n volumeName: cpe-bootstrap-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
Cfgstore volumes<\/h4>\n\n\n\n
This volume will be used to store the IBM Content Platform Engine configuration files.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: cpe-cfgstore-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/cpecfgstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: cpe-cfgstore-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: cpe-cfgstore-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: cpe-cfgstore-pv\n volumeName: cpe-cfgstore-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
Filestore volumes<\/h4>\n\n\n\n
This volume will be used as file store or system-based advanced storage.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: cpe-filestore-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/cpefilestore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: cpe-filestore-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: cpe-filestore-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: cpe-filestore-pv\n volumeName: cpe-filestore-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
FileNet Log store volumes<\/h4>\n\n\n\n
This volume will be used to store IBM Content Platform Engine logs.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: cpe-fnlogstore-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/cpefnlogstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: cpe-fnlogstore-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: cpe-fnlogstore-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: cpe-fnlogstore-pv\n volumeName: cpe-fnlogstore-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
ICM Rules volumes<\/h4>\n\n\n\n
This volume will be used to store IBM Case Manager Rules.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: cpe-icmrules-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/cpeicmrulesstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: cpe-icmrules-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: cpe-icmrules-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: cpe-icmrules-pv\n volumeName: cpe-icmrules-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
Log store volumes<\/h4>\n\n\n\n
This volume will be used to store IBM Content Platform Engine Liberty logs.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: cpe-logstore-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/cpelogstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: cpe-logstore-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: cpe-logstore-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: cpe-logstore-pv\n volumeName: cpe-logstore-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
Text ext volumes<\/h4>\n\n\n\n
This volume will be used as a temporary working space.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: cpe-textext-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: cpe-textext-pv\n volumeName: cpe-textext-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: cpe-textext-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/cpetextextstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: cpe-textext-pv<\/pre>\n\n\n\n
Pushing IBM images to OpenShift Docker registry<\/h3>\n\n\n\n
Before deploying IBM Content Platform Engine on OpenShift, you must push your Docker images to the OpenShift Docker registry. This is done using the following command lines.<\/p>\n\n\n\n
echo -e \"\\e[92mPushing IBM Content Platform Engine image to OpenShift\\033[0m\"\noc login -u ${OPENSHIFT_USER_NAME} -p ${OPENSHIFT_USER_PASSWORD}\noc project ${OPENSHIFT_PROJECT_NAME}\ndocker login -u ${OPENSHIFT_USER_NAME} -p $(oc whoami -t) ${OPENSHIFT_REGISTRY_URL}\ndocker tag cpe:ga-553-p8cpe ${OPENSHIFT_REGISTRY_URL}\/${OPENSHIFT_PROJECT_NAME}\/cpe:ga-553-p8cpe\ndocker push ${OPENSHIFT_REGISTRY_URL}\/${OPENSHIFT_PROJECT_NAME}\/cpe:ga-553-p8cpe\ndocker logout ${OPENSHIFT_REGISTRY_URL}\n<\/pre>\n\n\n\nDefining the IBM Content Platform Engine deployment configuration file<\/h3>\n\n\n\n
In the deployment configuration file, you will specify the OpenShift service to create, and the deployment profile (used to create a pod). There is a lot of editable configuration, as the capacity to create dynamic entries in the \/etc\/hosts file, specifying the user id to use when running the container, or the ports to deploy. All this configuration is related to your environment.<\/p>\n\n\n\n
apiVersion: v1\nkind: Service\nmetadata:\n name: ecm-cpe-svc\nspec:\n ports:\n - name: http\n protocol: TCP\n port: 9080\n targetPort: 9080\n - name: https\n protocol: TCP\n port: 9443\n targetPort: 9443\n selector:\n app: cpeserver-cluster1\n type: NodePort\n sessionAffinity: ClientIP\n---\napiVersion: apps\/v1beta1\nkind: Deployment\nmetadata:\n name: ecm-cpe\nspec:\n replicas: 1\n strategy:\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: cpeserver-cluster1\n spec:\n imagePullSecrets:\n - name: admin.registrykey\n spec:\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchExpressions:\n - key: app\n operator: In\n values:\n - cpeserver-cluster1\n topologyKey: \"kubernetes.io\/hostname\"\n # Adding specific network aliases\n hostAliases:\n # resolving ldap hostname\n - ip: \"172.17.0.6\"\n hostnames:\n - \"ldap\"\n # Resolving db2 hostname\n - ip: \"172.17.0.8\"\n hostnames:\n - \"db2\"\n containers:\n - image: 172.30.1.1:5000\/dev\/cpe:ga-553-p8cpe\n imagePullPolicy: Always\n name: ecm-cpe\n # Specifying security context\n securityContext:\n # Running container as 50001\n runAsUser: 50001\n allowPrivilegeEscalation: false\n resources:\n requests:\n memory: 512Mi\n # 1 core = 1000 milicores = 1000m\n # 500m = half core\n cpu: 500m\n limits:\n memory: 1024Mi\n cpu: 1\n ports:\n - containerPort: 9080\n name: http\n - containerPort: 9443\n name: https\n env:\n - name: LICENSE\n value: \"accept\"\n - name: CPESTATICPORT\n value: \"false\"\n - name: CONTAINERTYPE\n value: \"1\"\n - name: TZ\n value: \"Etc\/UTC\"\n - name: JVM_HEAP_XMS\n value: \"512m\"\n - name: JVM_HEAP_XMX\n value: \"1024m\"\n - name: GCDJNDINAME\n value: \"FNGDDS\"\n - name: GCDJNDIXANAME\n value: \"FNGDDSXA\"\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n # Application initialization complet\n readinessProbe:\n httpGet:\n path: \/P8CE\/Health\n port: 9080\n httpHeaders:\n - name: Content-Encoding\n value: gzip\n initialDelaySeconds: 180\n periodSeconds: 5\n # Application is available\n livenessProbe:\n httpGet:\n path: \/P8CE\/Health\n port: 9080\n httpHeaders:\n - name: Content-Encoding\n value: gzip\n initialDelaySeconds: 600\n periodSeconds: 5\n volumeMounts:\n - name: cpe-cfgstore-pvc\n mountPath: \"\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/configDropins\/overrides\" \n subPath: cpe\/configDropins\/overrides\n - name: cpe-logstore-pvc\n mountPath: \"\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/logs\" \n subPath: cpe\/logs\n - name: cpe-filestore-pvc\n mountPath: \"\/opt\/ibm\/asa\" \n subPath: asa\n - name: cpe-icmrules-pvc\n mountPath: \"\/opt\/ibm\/icmrules\" \n subPath: icmrules\n - name: cpe-textext-pvc\n mountPath: \/opt\/ibm\/textext \n subPath: textext\n - name: cpe-bootstrap-pvc\n mountPath: \"\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/lib\/bootstrap\" \n subPath: bootstrap\n - name: cpe-fnlogstore-pvc\n mountPath: \"\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/FileNet\" \n subPath: FileNet\n volumes:\n - name: cpe-cfgstore-pvc\n persistentVolumeClaim: \n claimName: \"cpe-cfgstore-pvc\"\n - name: cpe-logstore-pvc\n persistentVolumeClaim: \n claimName: \"cpe-logstore-pvc\"\n - name: cpe-filestore-pvc\n persistentVolumeClaim: \n claimName: \"cpe-filestore-pvc\"\n - name: cpe-icmrules-pvc\n persistentVolumeClaim: \n claimName: \"cpe-icmrules-pvc\"\n - name: cpe-textext-pvc\n persistentVolumeClaim: \n claimName: \"cpe-textext-pvc\"\n - name: cpe-bootstrap-pvc\n persistentVolumeClaim: \n claimName: \"cpe-bootstrap-pvc\"\n - name: cpe-fnlogstore-pvc\n persistentVolumeClaim: \n claimName: \"cpe-fnlogstore-pvc\"<\/pre>\n\n\n\n
Defining the route to create to reach your IBM Content Platform Engine cluster<\/h3>\n\n\n\n
Finally, you will have to declare a route to access your IBM Content Platform Engine instance. To do this, you can use the following yaml file (make sure that you modified the “metadata.name”, “metadata.namespace” and “spec.to.name” values to match your environment profile).<\/p>\n\n\n\n
apiVersion: route.openshift.io\/v1\nkind: Route\nmetadata:\n annotations:\n openshift.io\/host.generated: 'true'\n name: my-route\n namespace: dev\nspec:\n port:\n targetPort: http\n to:\n kind: Service\n name: ecm-cpe-svc\n weight: 100\n wildcardPolicy: None\n # TLS termination\n tls:\n # edge, passthrough or reencrypt\n termination: edge\n # Allow http connections\n insecureEdgeTerminationPolicy: Allow <\/pre>\n\n\n\n
The whole script<\/h3>\n\n\n\n
#!\/bin\/bash\n\nfunction prerequisites(){\t\n\t# OpenShift Docker Registry\n\texport OPENSHIFT_REGISTRY_URL=$(docker exec $(docker ps --format \"{{.Names}}\" | grep k8s_registry_docker-registry) env | grep DOCKER_REGISTRY_PORT_5000_TCP_ADDR | cut -d'=' -f2):$(docker exec $(docker ps --format \"{{.Names}}\" | grep k8s_registry_docker-registry) env | grep DOCKER_REGISTRY_PORT_5000_TCP_PORT | cut -d'=' -f2)\n}\n\nfunction run_cpe(){\n\n\t# Creating Persistent Volumes\n\techo -e \"\\e[92mCreating IBM Content Platform Engine persistent volumes\\033[0m\"\n\toc login -u system:admin\n\toc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-bootstrap-pv.yaml ; oc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-bootstrap-pvc.yaml\n\toc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-cfgstore-pv.yaml ; oc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-cfgstore-pvc.yaml\n\toc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-filestore-pv.yaml ; oc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-filestore-pvc.yaml\n\toc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-fnlogstore-pv.yaml ; oc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-fnlogstore-pvc.yaml\n\toc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-icmrules-pv.yaml ; oc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-icmrules-pvc.yaml\n\toc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-logstore-pv.yaml ; oc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-logstore-pvc.yaml\n\toc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-textext-pv.yaml ; oc apply -f ${IBM_CPE_BASE_DIR}\/persistent-volumes\/cpe\/cpe-textext-pvc.yaml\n\t\n\t# Adding IBM Content Platform Engine to OpenShift Docker registry\n\techo -e \"\\e[92mPushing IBM Content Platform Engine image to OpenShift\\033[0m\"\n\toc login -u ${OPENSHIFT_USER_NAME} -p ${OPENSHIFT_USER_PASSWORD}\n\toc project ${OPENSHIFT_PROJECT_NAME}\n\tdocker login -u ${OPENSHIFT_USER_NAME} -p $(oc whoami -t) ${OPENSHIFT_REGISTRY_URL}\n\tdocker tag cpe:ga-553-p8cpe ${OPENSHIFT_REGISTRY_URL}\/${OPENSHIFT_PROJECT_NAME}\/cpe:ga-553-p8cpe\n\tdocker push ${OPENSHIFT_REGISTRY_URL}\/${OPENSHIFT_PROJECT_NAME}\/cpe:ga-553-p8cpe\n\tdocker logout ${OPENSHIFT_REGISTRY_URL}\n\n\t# Deploying IBM Content Platform Engine\n\techo -e \"\\e[92mCustomizing IBM Content Platform Engine deployment file\\033[0m\"\n\tcp -p ${IBM_CPE_BASE_DIR}\/deploys\/generic-cpe-deploy.yml ${IBM_CPE_BASE_DIR}\/deploys\/cpe-deploy.yml\n\tDB_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ibm-db2)\n\tsed -i \"s\/@DB_IP@\/${DB_IP}\/g\" ${IBM_CPE_BASE_DIR}\/deploys\/cpe-deploy.yml\n\tLDAP_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ldap)\n\tsed -i \"s\/@LDAP_IP@\/${LDAP_IP}\/g\" ${IBM_CPE_BASE_DIR}\/deploys\/cpe-deploy.yml\n\t\n\techo -e \"\\e[92mDeploying IBM Content Platform Engine\\033[0m\"\n\toc create -f ${IBM_CPE_BASE_DIR}\/deploys\/cpe-deploy.yml\n\t\n\t# Creating route\n\techo -e \"\\e[92mCreating IBM Content Platform Engine route\\033[0m\"\n\toc create -f ${IBM_CPE_BASE_DIR}\/route\/cpe-route.yaml\n}\n\nprerequisites\nrun_cpe\n<\/pre>\n\n\n\nPreparing IBM Content Navigator deployment<\/h2>\n\n\n\n
As done for IBM Content Platform Engine, IBM Content Navigator required some directories to work correctly.<\/p>\n\n\n\n
- icncfgstore\/cpe\/icn\/configDropins\/overrides<\/li>
- icnlogstore\/cpe\/logs<\/li>
- icnpluginstore\/plugins<\/li>
- icnvwcachestore\/viewercache<\/li>
- icnvwlogstore\/viewerlogs<\/li><\/ul>\n\n\n\n
The configuration files<\/h3>\n\n\n\n
The “icnfgstore\/icn\/configDropins\/overrides” will store all the IBM Content Navigator configuration, as LDAP or DB configuration files or DB drivers, as it was done for IBM Content Platform Engine.<\/p>\n\n\n\n
The DB2JCCDriver.xml configuration file<\/h4>\n\n\n\n
Same configuration as it was previously done for IBM Content Platform Engine, and because I’m using a DB2 instance, I also need to specify the java library to use to connect to the instance.<\/p>\n\n\n\n
<server>\n<transaction totalTranLifetimeTimeout=\"300s\" \/>\n<library id=\"DB2JCC4Lib\">\n<fileset dir=\"${server.config.dir}\/configDropins\/overrides\" includes=\"db2jcc4.jar db2jcc_license_cu.jar\"\/>\n<\/library> \n<\/server><\/pre>\n\n\n\n2 files are required in this specific scenario: db2jcc4.jar, the driver library, and the db2jcc_license_cu.jar, the license library.<\/p>\n\n\n\n
The ldap_TDS.xml configuration file<\/h4>\n\n\n\n
I’m also still using OpenLDAP as principal LDAP, so the configuration is the same that I already used for IBM Content Platform Engine.<\/p>\n\n\n\n
<server>\n\t<ldapRegistry id=\"MyTDS\" realm=\"defaultRealm\"\n\t\thost=\"ldap\" \n\t\tbaseDN=\"dc=ecm,dc=ibm,dc=com\"\n\t\tport=\"389\"\n\t\tldapType=\"IBM Tivoli Directory Server\"\n\t\tbindDN=\"cn=P8Admin,dc=ecm,dc=ibm,dc=com\"\n\t\tsslEnabled=\"False\"\n\t\tbindPassword=\"password\">\n\t\t<idsFilters\n\t\t\tuserFilter=\"(&(cn=%v)(objectclass=person))\"\n\t\t\tgroupFilter=\"(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))\"\n userIdMap=\"*:cn\"\n groupIdMap=\"*:cn\"\n groupMemberIdMap=\"memberof:member\">\n\t\t<\/idsFilters>\n\t<\/ldapRegistry>\n<\/server><\/pre>\n\n\n\n
The ICNDS.xml configuration file<\/h4>\n\n\n\n
As done for the GCD or ObjectStore configuration file, the ICN datasource should be defined to ensure the connection to DB2 from IBM Content Navigator.<\/p>\n\n\n\n
<server>\n<dataSource id=\"ECMClientDS\" jndiName=\"ECMClientDS\" isolationLevel=\"TRANSACTION_READ_COMMITTED\" type=\"javax.sql.DataSource\">\n<jdbcDriver libraryRef=\"DB2JCC4Lib\"\/>\n<properties.db2.jcc\ndatabaseName=\"ICNDB\"\nserverName=\"db2\"\nportNumber=\"50000\"\nuser=\"db2inst1\" \npassword=\"password\"\nresultSetHoldability=\"HOLD_CURSORS_OVER_COMMIT\"\n\/>\n<!-- connectionManager globalConnectionTypeOverride=\"unshared\" \/ -->\n<\/dataSource>\n<\/server><\/pre>\n\n\n\n
Only a non XA datasource must be defined, all related to the DB2 configuration (database name, DB2 server name or IP, DB2 instance port, and DB2 credentials).<\/p>\n\n\n\n
COPYING AND SPECIFYING DIRECTORIES RIGHTS<\/h3>\n\n\n\n
Finally, you will have to copy all your configuration files into the “icncfgstore\/icn\/configDropins\/overrides” directory, and setting all your directories rights to the appropriate user\/group.<\/p>\n\n\n\n
#!\/bin\/bash\n\nfunction prepare_icn(){\n\n\t# Creating IBM Content Platform Engine directories\n\techo -e \"\\e[92mCreating IBM Content Navigator directories\\033[0m\"\n\tmkdir -p ${IBM_ICN_CONFIG_DIR}\/icncfgstore\/icn\/configDropins\/overrides\/\n\tmkdir -p ${IBM_ICN_CONFIG_DIR}\/icnlogstore\/logs\n\tmkdir -p ${IBM_ICN_CONFIG_DIR}\/icnpluginstore\/plugins\n\tmkdir -p ${IBM_ICN_CONFIG_DIR}\/icnvwcachestore\/viewercache\n\tmkdir -p ${IBM_ICN_CONFIG_DIR}\/icnvwlogstore\/viewerlogs\n\n\t# Copying IBM Content Platform Engine configuration\n\techo -e \"\\e[92mCopying IBM Content Navigator configuration\\033[0m\"\n\tcp -Rrf ${IBM_ICN_BASE_DIR}\/config\/ICN\/custom\/configDropins\/overrides\/* ${IBM_ICN_CONFIG_DIR}\/icncfgstore\/icn\/configDropins\/overrides\n\n\t# Setting rights according to the OpenShift container user\n\techo -e \"\\e[92mSetting IBM Content Navigator rights on directories\\033[0m\"\n\tchown -R ${IBM_ICN_CONTAINER_USER_ID}:${IBM_ICN_CONTAINER_GROUP_ID} ${IBM_ICN_CONFIG_DIR}\/icncfgstore\n\tchown -R ${IBM_ICN_CONTAINER_USER_ID}:${IBM_ICN_CONTAINER_GROUP_ID} ${IBM_ICN_CONFIG_DIR}\/icnlogstore \n\tchown -R ${IBM_ICN_CONTAINER_USER_ID}:${IBM_ICN_CONTAINER_GROUP_ID} ${IBM_ICN_CONFIG_DIR}\/icnpluginstore\n\tchown -R ${IBM_ICN_CONTAINER_USER_ID}:${IBM_ICN_CONTAINER_GROUP_ID} ${IBM_ICN_CONFIG_DIR}\/icnvwcachestore\n\tchown -R ${IBM_ICN_CONTAINER_USER_ID}:${IBM_ICN_CONTAINER_GROUP_ID} ${IBM_ICN_CONFIG_DIR}\/icnvwlogstore\n\t\t\n}\n\nprepare_icn<\/pre>\n\n\n\nDeploying IBM Content Navigator<\/h2>\n\n\n\n
IBM Content Navigator need some persistent volumes and persistent volume claims to be deployed. <\/p>\n\n\n\n
CREATING PERSISTENT VOLUMES<\/h3>\n\n\n\n
Cfgstore volumes<\/h4>\n\n\n\n
This volume will be used to store the IBM Content Navigator configuration files.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: icn-cfgstore-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/icncfgstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: icn-cfgstore-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: icn-cfgstore-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: icn-cfgstore-pv\n volumeName: icn-cfgstore-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
Log store volumes<\/h4>\n\n\n\n
This volume will be used to store IBM Content Navigator and Liberty logs.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: icn-logstore-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/icnlogstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: icn-logstore-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: icn-logstore-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: icn-logstore-pv\n volumeName: icn-logstore-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
Plugin store volumes<\/h4>\n\n\n\n
This volume will be used to store IBM Content Navigator plugins.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: icn-pluginstore-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/icnpluginstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: icn-pluginstore-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: icn-pluginstore-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: icn-pluginstore-pv\n volumeName: icn-pluginstore-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
Viewer log volumes<\/h4>\n\n\n\n
This volume will be used to store IBM Content Navigator viewer logs.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: icn-vwlogstore-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/icnvwlogstore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: icn-vwlogstore-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: icn-vwlogstore-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: icn-vwlogstore-pv\n volumeName: icn-vwlogstore-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
Viewer cache volumes<\/h4>\n\n\n\n
This volume will be used to store IBM Content Navigator viewer cache.<\/p>\n\n\n\n
apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: icn-vwcachestore-pv\n labels:\n type: local\nspec:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi\n hostPath:\n path: \/home\/worker\/icnvwcachestore\/\n persistentVolumeReclaimPolicy: Retain\n storageClassName: icn-vwcachestore-pv<\/pre>\n\n\n\n
apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: icn-vwcachestore-pvc\n namespace: dev\nspec:\n accessModes:\n - ReadWriteMany\n resources:\n requests:\n storage: 1Gi\n storageClassName: icn-vwcachestore-pv\n volumeName: icn-vwcachestore-pv\nstatus:\n accessModes:\n - ReadWriteMany\n capacity:\n storage: 1Gi<\/pre>\n\n\n\n
PUSHING IBM IMAGES TO OPENSHIFT DOCKER REGISTRY<\/h3>\n\n\n\n
As done for IBM Content Platform Engine, you must push IBM Content Navigator images to the OpenShift Docker registry. This is done using the following command lines.<\/p>\n\n\n\n
oc login -u ${OPENSHIFT_USER_NAME} -p ${OPENSHIFT_USER_PASSWORD}\noc project ${OPENSHIFT_PROJECT_NAME}\ndocker login -u ${OPENSHIFT_USER_NAME} -p $(oc whoami -t) ${OPENSHIFT_REGISTRY}\ndocker tag navigator:ga-307-icn ${OPENSHIFT_REGISTRY}\/${OPENSHIFT_PROJECT_NAME}\/navigator:ga-307-icn\ndocker push ${OPENSHIFT_REGISTRY}\/${OPENSHIFT_PROJECT_NAME}\/navigator:ga-307-icn\ndocker logout ${OPENSHIFT_REGISTRY}<\/pre>\n\n\n\nDEFINING THE IBM CONTENT PLATFORM ENGINE DEPLOYMENT CONFIGURATION FILE<\/h3>\n\n\n\n
As done previously for IBM Content Platform Engine, prepare the IBM Content Navigator deployment file.<\/p>\n\n\n\n
apiVersion: v1\nkind: Service\nmetadata:\n name: ecm-icn-svc\nspec:\n ports:\n - name: http\n protocol: TCP\n port: 9080\n targetPort: 9080\n - name: https\n protocol: TCP\n port: 9443\n targetPort: 9443\n - name: metrics\n protocol: TCP\n port: 9103\n targetPort: 9103 \n selector:\n app: icnserver-cluster1\n type: NodePort\n sessionAffinity: ClientIP\n---\napiVersion: apps\/v1beta1\nkind: Deployment\nmetadata:\n name: ecm-icn\nspec:\n replicas: 1\n strategy:\n type: RollingUpdate\n template:\n metadata:\n labels:\n app: icnserver-cluster1\n spec:\n imagePullSecrets:\n - name: admin.registrykey\n spec:\n affinity:\n podAntiAffinity:\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 100\n podAffinityTerm:\n labelSelector:\n matchExpressions:\n - key: app\n operator: In\n values:\n - icnserver-cluster1\n topologyKey: \"kubernetes.io\/hostname\"\n # Adding specific network aliases\n hostAliases:\n # resolving ldap hostname\n - ip: \"172.17.0.6\"\n hostnames:\n - \"ldap\"\n # Resolving db2 hostname\n - ip: \"172.17.0.8\"\n hostnames:\n - \"db2\"\n containers:\n - image: 172.30.1.1:5000\/dev\/navigator:ga-307-icn\n imagePullPolicy: Always\n name: ecm-icn\n securityContext:\n runAsUser: 50001\n allowPrivilegeEscalation: false\n resources:\n requests:\n memory: 512Mi\n cpu: 500m\n limits:\n memory: 1024Mi\n cpu: 1\n ports:\n - containerPort: 9080\n name: http\n - containerPort: 9443\n name: https\n - containerPort: 9103\n name: metrics \n env:\n - name: LICENSE\n value: \"accept\"\n - name: JVM_HEAP_XMS\n value: \"512m\"\n - name: JVM_HEAP_XMX\n value: \"1024m\"\n - name: TZ\n value: \"Etc\/UTC\"\n - name: ICNDBTYPE\n value: \"db2\"\n - name: ICNJNDIDS\n value: \"ECMClientDS\"\n - name: ICNSCHEMA\n value: \"ICNDB\"\n - name: ICNTS\n value: \"ICNDB\"\n - name: MY_POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: MY_POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: MY_POD_IP\n valueFrom:\n fieldRef:\n fieldPath: status.podIP\n readinessProbe:\n httpGet:\n path: \/navigator\n port: 9080\n httpHeaders:\n - name: Content-Encoding\n value: gzip\n initialDelaySeconds: 180\n periodSeconds: 5\n livenessProbe:\n httpGet:\n path: \/navigator\n port: 9080\n httpHeaders:\n - name: Content-Encoding\n value: gzip\n initialDelaySeconds: 600\n periodSeconds: 5\n volumeMounts:\n - name: icncfgstore-pvc\n mountPath: \"\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/configDropins\/overrides\" \n subPath: icn\/configDropins\/overrides\n - name: icnlogstore-pvc\n mountPath: \"\/opt\/ibm\/wlp\/usr\/servers\/defaultServer\/logs\" \n subPath: logs\n - name: icnpluginstore-pvc\n mountPath: \"\/opt\/ibm\/plugins\" \n subPath: plugins\n - name: icnvwcachestore-pvc\n mountPath: \"\/opt\/ibm\/viewerconfig\/cache\" \n subPath: viewercache\n - name: icnvwlogstore-pvc\n mountPath: \"\/opt\/ibm\/viewerconfig\/logs\" \n subPath: viewerlogs\n\n volumes:\n - name: icncfgstore-pvc \n persistentVolumeClaim: \n claimName: \"icn-cfgstore-pvc\"\n - name: icnlogstore-pvc \n persistentVolumeClaim: \n claimName: \"icn-logstore-pvc\"\n - name: icnpluginstore-pvc \n persistentVolumeClaim: \n claimName: \"icn-pluginstore-pvc\"\n - name: icnvwcachestore-pvc \n persistentVolumeClaim: \n claimName: \"icn-vwcachestore-pvc\"\n - name: icnvwlogstore-pvc \n persistentVolumeClaim: \n claimName: \"icn-vwlogstore-pvc\"<\/pre>\n\n\n\n
DEFINING THE ROUTE TO CREATE TO REACH YOUR IBM CONTENT PLATFORM ENGINE CLUSTER<\/h3>\n\n\n\n
Creating the route to access the IBM Content Navigator cluster.<\/p>\n\n\n\n
apiVersion: route.openshift.io\/v1\nkind: Route\nmetadata:\n annotations:\n openshift.io\/host.generated: 'true'\n name: my-icn-route\n namespace: dev\nspec:\n port:\n targetPort: http\n to:\n kind: Service\n name: ecm-icn-svc\n weight: 100\n wildcardPolicy: None\n # TLS termination\n tls:\n # edge, passthrough or reencrypt\n termination: edge\n # Allow http connections\n insecureEdgeTerminationPolicy: Allow <\/pre>\n\n\n\n
THE WHOLE SCRIPT<\/h3>\n\n\n\n
#!\/bin\/bash\n\nfunction prerequisites(){\t\n\t# OpenShift Docker Registry\n\texport OPENSHIFT_REGISTRY=$(docker exec $(docker ps --format \"{{.Names}}\" | grep k8s_registry_docker-registry) env | grep DOCKER_REGISTRY_PORT_5000_TCP_ADDR | cut -d'=' -f2):$(docker exec $(docker ps --format \"{{.Names}}\" | grep k8s_registry_docker-registry) env | grep DOCKER_REGISTRY_PORT_5000_TCP_PORT | cut -d'=' -f2)\n}\n\nfunction run_icn(){\n\t\t\n\t# Creating Persistent Volumes\n\techo -e \"\\e[92mCreating IBM Content Navigator persistent volumes\\033[0m\"\n\toc login -u system:admin\n\toc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-cfgstore-pv.yaml ; oc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-cfgstore-pvc.yaml\n\toc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-logstore-pv.yaml ; oc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-logstore-pvc.yaml\n\toc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-pluginstore-pv.yaml ; oc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-pluginstore-pvc.yaml\n\toc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-vwcachestore-pv.yaml ; oc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-vwcachestore-pvc.yaml\n\toc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-vwlogstore-pv.yaml ; oc apply -f ${IBM_ICN_BASE_DIR}\/persistent-volumes\/icn\/icn-vwlogstore-pvc.yaml\n\t\n\t# Adding IBM Content Platform Engine to OpenShift Docker registry\n\techo -e \"\\e[92mPushing IBM Content Navigator image to OpenShift\\033[0m\"\n\toc login -u ${OPENSHIFT_USER_NAME} -p ${OPENSHIFT_USER_PASSWORD}\n\toc project ${OPENSHIFT_PROJECT_NAME}\n\tdocker login -u ${OPENSHIFT_USER_NAME} -p $(oc whoami -t) ${OPENSHIFT_REGISTRY}\n\tdocker tag navigator:ga-307-icn ${OPENSHIFT_REGISTRY}\/${OPENSHIFT_PROJECT_NAME}\/navigator:ga-307-icn\n\tdocker push ${OPENSHIFT_REGISTRY}\/${OPENSHIFT_PROJECT_NAME}\/navigator:ga-307-icn\n\tdocker logout ${OPENSHIFT_REGISTRY}\n\n\t# Deploying IBM Content Platform Engine\n\techo -e \"\\e[92mCustomizing IBM Content Navigator deployment file\\033[0m\"\n\tcp -p ${IBM_ICN_BASE_DIR}\/deploys\/generic-icn-deploy.yml ${IBM_ICN_BASE_DIR}\/deploys\/icn-deploy.yml\n\tDB_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ibm-db2)\n\tsed -i \"s\/@DB_IP@\/${DB_IP}\/g\" ${IBM_ICN_BASE_DIR}\/deploys\/icn-deploy.yml\n\tLDAP_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ldap)\n\tsed -i \"s\/@LDAP_IP@\/${LDAP_IP}\/g\" ${IBM_ICN_BASE_DIR}\/deploys\/icn-deploy.yml\n\tsed -i \"s\/@OPENSHIFT_REGISTRY@\/${OPENSHIFT_REGISTRY}\/g\" ${IBM_ICN_BASE_DIR}\/deploys\/icn-deploy.yml\n\tsed -i \"s\/@OPENSHIFT_PROJECT_NAME@\/${OPENSHIFT_PROJECT_NAME}\/g\" ${IBM_ICN_BASE_DIR}\/deploys\/icn-deploy.yml\n\t\n\techo -e \"\\e[92mDeploying IBM Content Navigator\\033[0m\"\n\toc create -f ${IBM_ICN_BASE_DIR}\/deploys\/icn-deploy.yml\n\t\n\t# Creating route\n\techo -e \"\\e[92mCreating IBM Content Navigator route\\033[0m\"\n\toc create -f ${IBM_ICN_BASE_DIR}\/route\/icn-route.yaml\n}\n\nprerequisites\nrun_icn<\/pre>\n\n\n\nThe result<\/h2>\n\n\n\n
Finally, what was created using those scripts ?<\/p>\n\n\n\n
OpenShift Docker Registry<\/h3>\n\n\n\n
Images were successfully loaded on OpenShift docker registry.<\/p>\n\n\n\n
![\"\"](\"https:\/\/blog.xoupix.fr\/wp-content\/uploads\/2020\/06\/image-5.png\")
<\/figure>\n\n\n\nOpenShift project<\/h3>\n\n\n\n
The OpenShift project is created, and there is actually 2 pods running on it.<\/p>\n\n\n\n
![\"\"](\"https:\/\/blog.xoupix.fr\/wp-content\/uploads\/2020\/06\/image-8-1024x612.png\")
<\/figure>\n\n\n\nThe first on is related to IBM Content Platform Engine.<\/p>\n\n\n\n
![\"\"](\"https:\/\/blog.xoupix.fr\/wp-content\/uploads\/2020\/06\/image-9.png\")
<\/figure>\n\n\n\nAnd the second one is running IBM Content Navigator !<\/p>\n\n\n\n
![\"\"](\"https:\/\/blog.xoupix.fr\/wp-content\/uploads\/2020\/06\/image-10.png\")
<\/figure>\n\n\n\nAll services are up and running.<\/p>\n\n\n\n
![\"\"](\"https:\/\/blog.xoupix.fr\/wp-content\/uploads\/2020\/06\/image-7-1024x612.png\")
<\/figure>\n\n\n\nRoutes are declared<\/p>\n\n\n\n
![\"\"](\"https:\/\/blog.xoupix.fr\/wp-content\/uploads\/2020\/06\/image-6-1024x612.png\")
<\/figure>\n\n\n\nAccessing IBM Content Platform Engine<\/h3>\n\n\n\n
Using the associated route, I’m able to connect to the IBM Administration Console for Content Engine.<\/p>\n\n\n\n
![\"\"](\"https:\/\/blog.xoupix.fr\/wp-content\/uploads\/2020\/06\/image-2-1024x564.png\")
<\/figure>\n\n\n\nAccessing IBM Content Navigator<\/h3>\n\n\n\n
Using the second route, I’m able to connect to IBM Content Navigator !<\/p>\n\n\n\n
![\"\"](\"https:\/\/blog.xoupix.fr\/wp-content\/uploads\/2020\/06\/image-3-1024x564.png\")
<\/figure>\n\n\n\nWhat to do next ?<\/h2>\n\n\n\n
You can now create a domain and an objectstore using the ACCE, and configure the associated desktop on IBM Content Navigator.<\/p>\n\n\n\n
THings to know<\/h3>\n\n\n\n
You can configure each route to be queried using ssl protocol. Very useful on production environment.<\/p>\n\n\n\n
All available volumes to store documents, “\/home\/worker\/cpefilestore\/” directory locally, will be available in the “\/opt\/ibm\/asa” directory on container side.<\/p>\n\n\n\n
All your IBM Content Navigator plugins, stored in the “\/home\/worker\/icnpluginstore\/” directory on my side, will be available in the “\/opt\/ibm\/plugins” directory on container side.<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Let’s see how to deploy IBM FileNet using OpenShift !<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,4,24,23],"tags":[],"class_list":["post-404","post","type-post","status-publish","format-standard","hentry","category-docker","category-ibm-content-navigator","category-ibm-content-platform-engine","category-openshift"],"_links":{"self":[{"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/posts\/404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/comments?post=404"}],"version-history":[{"count":14,"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/posts\/404\/revisions"}],"predecessor-version":[{"id":506,"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/posts\/404\/revisions\/506"}],"wp:attachment":[{"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/media?parent=404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/categories?post=404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.xoupix.fr\/index.php\/wp-json\/wp\/v2\/tags?post=404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}