Install and run IBM Sterling B2B Integrator on AWS Cloud
Pre-requisites
- Permissions to create DB instance on AWS RDS (Oracle or MSSQL server)
- Permissions to create and use EC2 instances and key-value pairs
- Permissions to create iam role to assign to EKS or Pre existing IAM role with assigned corresponding EKS policies
- Permissions to create cloudFormation stack
- EC2 instances with Minimum configuration t3.medium (2 CPUs, 4 GB RAM)
Create Oracle instance using AWS RDS.
- Login on to the following url https://console.aws.amazon.com/rds/using aws credentials
- Click on create database, to create a db we need permissions as described in pre-requisite 1.
- Select Oracle and provide other necessary details
- Please note down the following once the db instance is created
- DB-Name
- Endpoint (This will be used as hostname to connect to the db created)
- Port (For oracle we will continue using the default port 1521)
- master username/password (These are the credentials which have the rights to create Schemas)
- Login to the oracle DB using SQL Developer or a similar tool
- Create a schema user and grant it the necessary permissions:
The following script can be used to create schema on oracle
alter session set "_ORACLE_SCRIPT"=true;
CREATE TABLESPACE <TABLESPACE_NAME> DATAFILE SIZE 10M AUTOEXTEND ON;
CREATE USER <SCHEMA_NAME> IDENTIFIED BY "password" DEFAULT TABLESPACE <TABLESPACE_NAME> QUOTA 500K ON <TABLESPACE_NAME> PROFILE default;
GRANT CREATE PROCEDURE TO <SCHEMA_NAME>;
GRANT CREATE TRIGGER TO <SCHEMA_NAME>;
GRANT CREATE TYPE TO <SCHEMA_NAME>;
GRANT EXECUTE ANY PROCEDURE TO <SCHEMA_NAME>;
GRANT EXECUTE ANY TYPE TO <SCHEMA_NAME>;
GRANT SELECT ANY DICTIONARY TO <SCHEMA_NAME>;
GRANT SELECT ANY TABLE TO <SCHEMA_NAME>;
GRANT UNLIMITED TABLESPACE TO <SCHEMA_NAME>;
GRANT CONNECT TO <SCHEMA_NAME>;
GRANT RESOURCE TO <SCHEMA_NAME>;
GRANT SELECT_CATALOG_ROLE TO <SCHEMA_NAME>;
GRANT CREATE ANY VIEW TO <SCHEMA_NAME>;
- Following tutorial could be used to setup oracle instance on AWS
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.CreatingConnecting.Oracle.html
Create SQLServer instance using AWS RDS.
- Login on to the following url https://console.aws.amazon.com/rds/using aws credentials
- Click on create database, to create a db we need permissions as described in pre-requisite 1.
- Select SQL Server and provide other necessary details
- Please note down the following once the db instance is created
- Endpoint (This will be used as hostname to connect to the db created)
- Port (For oracle we will continue using the default port 1433)
- master username/password (These are the credentials which have the rights to create Schemas)
- Login to the SQL Server using SQL client
- Create a Database on the SQL Server using the following steps
- Right click on Databases -> New database-> enter Database name say "TEST123"
- After database is created-> right click on it and ->new query and run "sp_changedbowner <username>"
- Following tutorial could be used to setup SQLServer on AWS
https://aws.amazon.com/getting-started/tutorials/create-microsoft-sql-db/
Setup AWS EKS cluster (using aws console) with worker nodes
- Setup AWS CLI, kubectl for AWS CLI and EKSCTL on a machine (VM or native Machine). This will act as an interface to connect to the EKS master node and deploy applications
Refer to below urls:
https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html
https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html
- EKS requires an iam role with EKS policies so that this role is assigned to the master node and it will manage the cluster on our behalf
Refer to below url:
https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html
- As mentioned in Pre-requisite 3, you either need to create this role (from users screen on aws console) which requires create iam role permissions or ask aws admin to create the role for you
- Once the role is created, go to the aws EKS console
- Search for EKS, open EKS dashboard
- Create EKS cluster > add iam role created for EKS > provide VPC and Security group details (default or create new) > complete the process
- Once EKS cluster is created we need to create a stack to attach worker nodes to the Cluster
- We need cloudFormation create stack permission to create stacks as mentioned in Pre-requisite 4
- Once we have the permission, we need to create a stack of worker nodes by going to the cloudFormation dashboard and associate it to our EKS cluster
- Once the stack is created, the worker nodes will be created which need to be joined to EKS cluster
- Create your kubeconfig file manually by following below steps
a) Create the default ~/.kube directory if it does not already exist
mkdir -p ~/.kube
b) Open your favorite text editor and copy below kubeconfig code blocks into it.
apiVersion: v1
clusters:
- cluster:
server: <endpoint-url>
certificate-authority-data: <base64-encoded-ca-cert>
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: aws
name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
command: aws
args:
- "eks"
- "get-token"
- "--cluster-name"
- "<cluster-name>"
# - "--role"
# - "<role-arn>"
# env:
# - name: AWS_PROFILE
# value: "<aws-profile>"
c) Replace the <endpoint-url> with the endpoint URL that was created for your cluster.
d) Replace the <base64-encoded-ca-cert> with the certificateAuthority.data that was created for your cluster.
e) Replace the <cluster-name> with your cluster name.
f) Always use a specific named AWS credential profile (instead of the default AWS credential provider chain), uncomment the env
lines and substitute <aws-profile> with the profile name to use.
g) Save the file to the default kubectl folder, with your cluster name in the file name. For example, if your cluster name is devel, save
the file to ~/.kube/config-devel
h) Add that file path to your KUBECONFIG environment variable so that kubectl knows where to look for your cluster configuration.
*For Bash shells on macOS or Linux:
export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel
*For PowerShell on Windows:
$ENV:KUBECONFIG="{0};{1}" -f $ENV:KUBECONFIG, "$ENV:userprofile\.kube\configdevel"
i) (Optional) Add the configuration to your shell initialization file so that it is configured when you open a shell.
*For Bash shells on macOS:
echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bash_profile
*For Bash shells on Linux:
echo 'export KUBECONFIG=$KUBECONFIG:~/.kube/config-devel' >> ~/.bashrc
*For PowerShell on Windows:
[System.Environment]::SetEnvironmentVariable('KUBECONFIG', $ENV:KUBECONFIG, 'Machine')
j) Confirm once if your current shell is bash.
echo $SHELL
k) Test your configuration.
kubectl get svc
Output should be similar to below:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 1m
For more information, refer to the url below:
https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
- Download the aws-auth-cm.yaml using "curl -o aws-auth-cm.yaml https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-02-11/aws-auth-cm.yaml"
- In the yaml update the - rolearn value to the ARN of instance role (This value can be found in the cloudFormation dashboard value of NodeInstanceRole)
- Once the yaml is updated use the kubectl apply -f aws-auth-cm.yaml, from the environment setup in step 1
- "kubectl get nodes" will confirm that the worker nodes have attached.
The following tutorial could be used to setup the eks cluster on aws
https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html
- Once the cluster is created on the aws console the worker nodes can be seen
- Once EKS cluster is ready with the worker nodes, you can proceed with installation of helm by following below steps:
a) curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
b) chmod +x get_helm.sh
c) ./get_helm.sh
d) Create the rbac.yaml for helm
cat <<EoF > ~/environment/rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
EoF
e) kubectl apply -f rbac.yaml
f) helm init --service-account tiller
Once, helm is installed you can deploy the ibm-b2bi-prod chart as per its documentation on EKS cluster to install IBM B2bi application.