I have been struggling for the last days on the installation of DataPower on OpenShift (DP alone, not part of CP4I or APIC).
I was able to create a DataPowerService, but not to use it.

Here are the details of what I did:
-  I was able to create an operator, a DataPowerService and a DataPowerMonitor. However, I could not go any further. I found kind of a documentation (https://ibm.github.io/datapower-operator-doc/), but it did not provide me with the level of information I needed.

- It seems that the DataPowerService which was created includes the REST admin interface only:
   mgmtPorts:
    - name: rest-mgmt
      port: 5554
And it does not seem possible to add other interfaces (such as the Web mgmt interface) when creating the DataPowerService.

- A "datapower-operator" service was also created, but it does not include the 5554 port. I added it:
    - name: rest-mgmt
      protocol: TCP
      port: 5554
      targetPort: 5554

- No route was created and I created one with settings suitable for the REST mgmt interface:
  host: datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com
  to:
    kind: Service
    name: datapower-operator
    weight: 100
  port:
    targetPort: rest-mgmt
  tls:
    termination: passthrough
  wildcardPolicy: None

With these settings, I am still not able to reach the REST mgmt interface:
curl -u admin:******* -k -v https://datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com/mgmt/status/default/DateTimeStatus
*   Trying 9.30.189.245...
* TCP_NODELAY set
* Connected to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com (9.30.189.245) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com:443

Any idea?

------------------------------
Patrick Marie
------------------------------

The problem is fixed now. I had to create a Configuration map, to refer to it in the DataPowerService, then to define and service and a route. Now the Web management interface is available.

------------------------------
Patrick Marie
------------------------------

Original Message:
Sent: Wed April 28, 2021 11:05 AM
From: Patrick Marie
Subject: Difficulties installing DataPower (alone) on OpenShift

I have been struggling for the last days on the installation of DataPower on OpenShift (DP alone, not part of CP4I or APIC).
I was able to create a DataPowerService, but not to use it.

Here are the details of what I did:
-  I was able to create an operator, a DataPowerService and a DataPowerMonitor. However, I could not go any further. I found kind of a documentation (https://ibm.github.io/datapower-operator-doc/), but it did not provide me with the level of information I needed.

- It seems that the DataPowerService which was created includes the REST admin interface only:
   mgmtPorts:
    - name: rest-mgmt
      port: 5554
And it does not seem possible to add other interfaces (such as the Web mgmt interface) when creating the DataPowerService.

- A "datapower-operator" service was also created, but it does not include the 5554 port. I added it:
    - name: rest-mgmt
      protocol: TCP
      port: 5554
      targetPort: 5554

- No route was created and I created one with settings suitable for the REST mgmt interface:
  host: datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com
  to:
    kind: Service
    name: datapower-operator
    weight: 100
  port:
    targetPort: rest-mgmt
  tls:
    termination: passthrough
  wildcardPolicy: None

With these settings, I am still not able to reach the REST mgmt interface:
curl -u admin:******* -k -v https://datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com/mgmt/status/default/DateTimeStatus
*   Trying 9.30.189.245...
* TCP_NODELAY set
* Connected to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com (9.30.189.245) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com:443

Any idea?

------------------------------
Patrick Marie
------------------------------

Hi Patrick,

The DataPower Operator does not automatically configure the WebGUI (web-mgmt) service in the DataPower operand. The rest-mgmt service is configured by default because it is used for internal communication between the operator and the DataPower itself. If you wish you enable the web-mgmt service you would do so via ConfigMap utilizing the domains API. For example, the ConfigMap might look like:

apiVersion: v1
kind: ConfigMap
metadata:
  name: web-mgmt
data:
  web-mgmt.cfg: |
    top; configure terminal;
    web-mgmt
      admin-state enabled
      local-address 0.0.0.0
      port 9090
      save-config-overwrite
      idle-timeout 9000
      ssl-config-type server
    exit​

Then you can add this in a domains spec, like so:

spec:
  domains:
  - name: default
    dpApp:
      config:
      - web-mgmt​

There is an in-depth guide to the domains API here: https://ibm.github.io/datapower-operator-doc/guides/domain-configuration

If you wish to expose any service (whether it be an MPGW or web-mgmt), you would do so by creating your own Service object and exposing it with either an Ingress or a Route. You should not modify the Service objects that the operator creates by default.

https://ibm.github.io/datapower-operator-doc/guides/service-ingress-route

I hope this helps.

------------------------------
Aidan Harbison
------------------------------

Original Message:
Sent: Wed April 28, 2021 11:05 AM
From: Patrick Marie
Subject: Difficulties installing DataPower (alone) on OpenShift

I have been struggling for the last days on the installation of DataPower on OpenShift (DP alone, not part of CP4I or APIC).
I was able to create a DataPowerService, but not to use it.

Here are the details of what I did:
-  I was able to create an operator, a DataPowerService and a DataPowerMonitor. However, I could not go any further. I found kind of a documentation (https://ibm.github.io/datapower-operator-doc/), but it did not provide me with the level of information I needed.

- It seems that the DataPowerService which was created includes the REST admin interface only:
   mgmtPorts:
    - name: rest-mgmt
      port: 5554
And it does not seem possible to add other interfaces (such as the Web mgmt interface) when creating the DataPowerService.

- A "datapower-operator" service was also created, but it does not include the 5554 port. I added it:
    - name: rest-mgmt
      protocol: TCP
      port: 5554
      targetPort: 5554

- No route was created and I created one with settings suitable for the REST mgmt interface:
  host: datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com
  to:
    kind: Service
    name: datapower-operator
    weight: 100
  port:
    targetPort: rest-mgmt
  tls:
    termination: passthrough
  wildcardPolicy: None

With these settings, I am still not able to reach the REST mgmt interface:
curl -u admin:******* -k -v https://datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com/mgmt/status/default/DateTimeStatus
*   Trying 9.30.189.245...
* TCP_NODELAY set
* Connected to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com (9.30.189.245) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com:443

Any idea?

------------------------------
Patrick Marie
------------------------------