DataPower

  • 1.  Difficulties installing DataPower (alone) on OpenShift

    Posted Wed April 28, 2021 11:05 AM
    I have been struggling for the last days on the installation of DataPower on OpenShift (DP alone, not part of CP4I or APIC).
    I was able to create a DataPowerService, but not to use it.

    Here are the details of what I did:
    -  I was able to create an operator, a DataPowerService and a DataPowerMonitor. However, I could not go any further. I found kind of a documentation (https://ibm.github.io/datapower-operator-doc/), but it did not provide me with the level of information I needed.

    - It seems that the DataPowerService which was created includes the REST admin interface only:
       mgmtPorts:
        - name: rest-mgmt
          port: 5554
    And it does not seem possible to add other interfaces (such as the Web mgmt interface) when creating the DataPowerService.

    - A "datapower-operator" service was also created, but it does not include the 5554 port. I added it:
        - name: rest-mgmt
          protocol: TCP
          port: 5554
          targetPort: 5554

    - No route was created and I created one with settings suitable for the REST mgmt interface:
      host: datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com
      to:
        kind: Service
        name: datapower-operator
        weight: 100
      port:
        targetPort: rest-mgmt
      tls:
        termination: passthrough
      wildcardPolicy: None

    With these settings, I am still not able to reach the REST mgmt interface:
    curl -u admin:******* -k -v https://datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com/mgmt/status/default/DateTimeStatus
    *   Trying 9.30.189.245...
    * TCP_NODELAY set
    * Connected to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com (9.30.189.245) port 443 (#0)
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * TLSv1.2 (OUT), TLS header, Certificate Status (22):
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com:443
    * Closing connection 0
    curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to datapower-os.datapower-os.apps.ace4pm.os.fyre.ibm.com:443

    Any idea?

    ------------------------------
    Patrick Marie
    ------------------------------


  • 2.  RE: Difficulties installing DataPower (alone) on OpenShift

    Posted Wed April 28, 2021 06:10 PM
    The problem is fixed now. I had to create a Configuration map, to refer to it in the DataPowerService, then to define and service and a route. Now the Web management interface is available.

    ------------------------------
    Patrick Marie
    ------------------------------



  • 3.  RE: Difficulties installing DataPower (alone) on OpenShift

    Posted Wed April 28, 2021 08:03 PM
    Hi Patrick,

    The DataPower Operator does not automatically configure the WebGUI (web-mgmt) service in the DataPower operand. The rest-mgmt service is configured by default because it is used for internal communication between the operator and the DataPower itself. If you wish you enable the web-mgmt service you would do so via ConfigMap utilizing the domains API. For example, the ConfigMap might look like:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: web-mgmt
    data:
      web-mgmt.cfg: |
        top; configure terminal;
        web-mgmt
          admin-state enabled
          local-address 0.0.0.0
          port 9090
          save-config-overwrite
          idle-timeout 9000
          ssl-config-type server
        exit​

    Then you can add this in a domains spec, like so:

    spec:
      domains:
      - name: default
        dpApp:
          config:
          - web-mgmt​

    There is an in-depth guide to the domains API here: https://ibm.github.io/datapower-operator-doc/guides/domain-configuration

    If you wish to expose any service (whether it be an MPGW or web-mgmt), you would do so by creating your own Service object and exposing it with either an Ingress or a Route. You should not modify the Service objects that the operator creates by default.

    https://ibm.github.io/datapower-operator-doc/guides/service-ingress-route

    I hope this helps.

    ------------------------------
    Aidan Harbison
    ------------------------------