Message Image  

App Connect Enterprise v11 for IBM Cloud Private on Red Hat OpenShift or natively on OpenShift

 View Only
Thu July 09, 2020 09:22 AM

Samuel Smith
Published on December 19, 2018 / Updated on September 5, 2019

Docker, Kubernetes, and Helm work together to provide a platform for managing, packaging, and orchestrating containerized workloads. For IBM App Connect Enterprise this enables the packaging of an integration server into a standardized unit for deployment that can be promoted through a development pipeline then deployed, managed, and scaled. This blog will discuss how to run IBM App Connect Enterprise (ACE) on OpenShift with IBM Cloud Private (ICP) as well as running ACE natively on OpenShift.

Background

IBM App Connect Enterprise v11 (and its previous release, named IBM Integration Bus v10) software can be used to create your own Docker images. We’ve been helping our customers build such Docker images for several years now. We began this journey in June 2015 with our first Dockerfile contribution to GitHub. Latterly, in 2017, we have also provided pre-built Docker images, both on Docker Registry Hub (containing developer-licensed IIB/ACE software, which are free to download and try out), and for download from IBM Passport Advantage by entitled paying customers (for production usage). There are of course several Linux container technologies competing for attention in the industry right now, but Docker has rapidly become ubiquitous. This has brought simplicity in packaging and portability to developers.

However, container images by themselves do not address key enterprise needs for production workloads. Container orchestration frameworks have also rapidly gathered widespread usage with the Kubernetes technology (a portable, extensible, open-source platform for managing your containers), now the clear leader of the pack. In line with this trend, we have also seen phenomenal interest and growth in IBM Cloud Private. IBM Cloud Private is an application platform for developing and managing on-premises, containerized applications. It is an integrated environment for managing containers that includes the container orchestrator Kubernetes, but provides additional value with a private image registry, a management console, and monitoring frameworks.

In November of this year we released a new and improved set of ACE Docker images and Helm Charts that are certified for use on IBM Cloud Private v3.1. Utilizing ACE on IBM Cloud Private provides customers with certified capabilities for production deployment alongside management and lifecycle operations as part of the ICP platform. Features such as pre-configured deployments based on product expertise, rolling upgrades, rollbacks, security/vulnerability testing, and integration with management services for logging, monitoring, metering, and security provide control and management of production workloads.

While IBM Cloud Private brings tangible benefits with a common support model and technology layer across IBM software offerings, other IBM customers may be interested in building their own custom ACE containers, built using Red Hat Enterprise Linux (rather than Ubuntu) directly on OpenShift without IBM Cloud Private. Those customers can also follow the instructions below that mimic the IBM process for building such containers.

First, find or create everything you need:

  • A Red Hat OpenShift cluster with IBM Cloud Private installed
  • The App Connect Enterprise (ACE) v11 binary that you download from Passport Advantage
  • Helm Charts from ot4i/ace-helm
  • A Red Hat Enterprise Linux (RHEL) machine with a valid subscription

Procedure

These instructions will take you step by step through running an ACE container on IBM Cloud Private on Red Hat OpenShift, and running ACE natively on Red Hat OpenShift. Both methods will require a RHEL-based image that’s built by using the instructions here: github.com/ot4i/ace-docker.

Alternative methods:

  • Running App Connect Enterprise on IBM Cloud Private on Red Hat OpenShift
  • Running App Connect Enterprise with IBM MQ on IBM Cloud Private on Red Hat OpenShift
  • Running App Connect Enterprise on Red Hat OpenShift

Running App Connect Enterprise on IBM Cloud Private on Red Hat OpenShift

  1. Push your Docker image to a container registry so that the cluster can access it. You may need to create a Kubernetes secret so that the image can be pulled by the cluster; this process is documented in this guide in the Kubernetes documentation.
  2. In the IBM Cloud Private web interface, click the burger menu in the top-left corner and select Manage then Namespaces, and create a namespace for your ACE deployment. For this tutorial, the namespace is called ‘ace’.
  3. Apply a Security Context Constraint (SCC) to the cluster; these are similar to Pod Security Policies and give ACE the access it needs to the environment. Download the SCC for ACE here: github.com/ot4i/ace-helm and apply it to the cluster by using the command oc create -f scc.yaml. Validate that it was created correctly by running oc get scc ibm-ace-scc and the SCC will be displayed.
  4. Create a service account on Red Hat OpenShift to bind the SCC to the ACE deployment: oc create serviceaccount ibm-ace-sa
  5. Add the SCC to the service account: oc adm policy add-scc-to-user ibm-ace-scc -z ibm-ace-sa
  6. In the directory containing the Helm Charts from ot4i/ace-helm, install the Helm Chart to the cluster:
    helm upgrade --install ace-dev ibm-ace --tls --recreate-pods --namespace ace
  7. Patch the deployment with the service account created above by using:
    oc patch deploy/ace-dev-ibm-ace --patch '{"spec":{"template":{"spec":{"serviceAccountName": "ibm-ace-sa"}}}}' -n ace

Running App Connect Enterprise with IBM MQ on IBM Cloud Private on Red Hat OpenShift

  1. Push your Docker image to a container registry so that the cluster can access it. You may need to create a Kubernetes secret so that the image can be pulled by the cluster; this process is documented in this guide in the Kubernetes documentation.
  2. In the IBM Cloud Private web interface, click the burger menu in the top-left corner and select Manage, then Namespaces, and create a namespace for your ACE deployment. For this tutorial, the namespace is called ‘ace’.
  3. In the directory containing the Helm Charts from ot4i/ace-helm, install the Helm Chart to the cluster:
    helm install --name ace-mq ibm-ace --set license=accept --set image.repository.acemq={IMAGE_LOCATION} --set image.tag={IMAGE_TAG} --set queueManagerEnabled=true --namespace ace

Running App Connect Enterprise on Red Hat OpenShift

  1. The chart used requires a Security Context Constraint (SCC) to be bound to the target namespace before you install the chart.

    Some predefined SCC names are available at https://github.com/ot4i/ace-helm.

    For example, using the SCC name, ibm-anyuid-scc:

    1. Apply a Security Context Constraint (SCC) to the cluster to give ACE the access it needs to the environment. Download ibm-anyuid-scc.yaml from here: github.com/ot4i/ace-helm and apply it to the cluster by using the command oc create -f ibm-anyuid-scc.yaml. Validate that it was created correctly by running oc get scc ibm-anyuid-scc and the SCC will be displayed.
    2. Create a service account on Red Hat OpenShift to bind the SCC to the ACE deployment: oc create serviceaccount ibm-ace-sa
    3. Add the SCC to the service account: oc adm policy add-scc-to-user ibm-anyuid-scc -z ibm-ace-sa
    4. In the directory containing the Helm Charts from ot4i/ace-helm, install the Helm Chart to the cluster:
      helm upgrade --install ace-dev ibm-ace --tls --recreate-pods --namespace ace
    5. Patch the deployment with the service account created above by using:
      oc patch deploy/ace-dev-ibm-ace --patch '{"spec":{"template":{"spec":{"serviceAccountName": "ibm-ace-sa"}}}}' -n ace
  2. Push your Docker image to a container registry so that the cluster can access it. You may need to create a Kubernetes secret so that the image can be pulled by the cluster; this process is documented in this guide from Red Hat.
  3. Run the application: oc new-app DOCKER_REGISTRY/IMAGE_NAME:IMAGE_TAG --env LICENSE=accept where DOCKER_REGISTRY, IMAGE_NAME, and IMAGE_TAG are set to the values that are configured for your registry.
    NOTE: By running this command you are accepting the license conditions of App Connect Enterprise. Review this license before running the command.
  4. Expose the service so you can access it: oc expose svc/ibm-ace-server-prod.
    You will be able to see the pods and services running in the OpenShift UI as shown below:

9 comments on"App Connect Enterprise v11 for IBM Cloud Private on Red Hat OpenShift or natively on OpenShift"

  1. Swati January 15, 2020

    Does anybody know if Global Cache works fine on ACE in Openshift container?

    Reply (Edit)
  2. Samir August 01, 2019

    We are also getting “segment violation error” when trying to deploy ace only image on openshift.
    Is there any solution available?

    Error :
    panic: runtime error: invalid memory address or nil pointer dereference
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x6af636]

    goroutine 1 [running]:
    github.com/ot4i/ace-docker/internal/logger.(*Logger).Debugf(0x0, 0x8eb534, 0x1f, 0xc4200e3d70, 0x1, 0x1)
    /go/src/github.com/ot4i/ace-docker/internal/logger/logger.go:134 +0x26
    main.logTermination(0xc420224040, 0x1, 0x1)
    /go/src/github.com/ot4i/ace-docker/cmd/runaceserver/logging.go:36 +0x16e
    main.doMain(0xc4200e3f78, 0xc42010a058)
    /go/src/github.com/ot4i/ace-docker/cmd/runaceserver/main.go:38 +0x121
    main.main()
    /go/src/github.com/ot4i/ace-docker/cmd/runaceserver/main.go:164 +0x22

    Reply (Edit)
    • IBM_Rob August 02, 2019

      Hi,

      This error normally occurs when you have not configured the SSC’s. Please follow the instructions in the “Running App Connect Enterprise on IBM Cloud Private on Red Hat OpenShift” section. This should allow the pods to run without error.

      Reply (Edit)
  3. Srikanth_86 March 18, 2019

    Hello,
    I have been trying to run ace only image on openshift and facing ‘segment violation error’ when the configureLogging procedure is called in the go script,

    github.com/ot4i/ace-docker/internal/*logger.(Logger).Debugf(0x0, 0x8ea462, 0x1f, 0xc4200b7d90, 0x1, 0x1)
    | /go/src/github.com/ot4i/ace-docker/internal/logger/logger.go:134 +0x26
    | main.logTermination(0xc4201f00e0, 0x1, 0x1)
    | /go/src/github.com/ot4i/ace-docker/cmd/runaceserver/logging.go:36 +0x16e
    | main.doMain(0xc4200b7f78, 0xc4200de058)
    | /go/src/github.com/ot4i/ace-docker/cmd/runaceserver/main.go:38 +0x11b
    | main.main()
    | /go/src/github.com/ot4i/ace-docker/cmd/runaceserver/main.go:147 +0x22

    However, when i run the same image on my laptop, it works just fine. Could you advise if this is a defect in openshift?

    Below is the command I used to spin up a pod,

    oc new-app ibmcom/ace –env LICENSE=accept –env ACE_SERVER_NAME=acetest –env LOG_FORMAT=json

    Reply (Edit)
  4. Francois van der Merwe January 23, 2019

    What if I want to run ACE directly on OpenShift? I do not want the intermediate layer of ICP.

    Reply (Edit)
    • Ian_Larner January 23, 2019

      @Francois van der Merwe, Hi
      Thanks for your question. ACE V11 is supported natively on OpenShift. For example, see the instructions in the section Running App Connect Enterprise on Red Hat OpenShift.
      Regards,
      Ian

      Reply (Edit)
      • Federico Colangelo February 18, 2019

        Hi Ian, do you have official IBM documentation stating the support of ACE v11 running natively on OpenShift, because I couldn’t find it.

        Regards,
        fede

        Reply (Edit)
        • Ian_Larner February 20, 2019

          @Federico Colangelo, Hi
          I don’t think official IBM documentation of support for ACE v11 on OpenShift has been published yet. I’ve passed the question on to ACE Offering Management, and am pursuing for an answer.

          As I understand it so far, if an ACE customer wants to run ACE on Openshift without ICP, then they only receive problem support for the ACE product running inside the container itself. If they found a problem with Helm charts then they can raise an issue against the public git repo, https://github.com/ot4i/ace-helm, but IBM doesn’t mandate a time period for response like the formal Level 3 service route. There are also two ways that a customer can get formal IBM technical support for ACE on OpenShift:
          1) Get in contact with their IBM Representative (for their geo and account)
          or
          2) Use this form to contact an IBM Representative and ask for an IBM Services engagement: https://www.ibm.com/account/reg/us-en/signup?formid=MAIL-cloud

          When I learn more, I’ll update this reply.

          Regards,
          Ian

          Reply (Edit)
  5. keith_mantell January 08, 2019

    Great article

    Reply (Edit)


#AppConnectEnterprise(ACE)
#IBMCloudprivate
#redhatopenshift
#Openshift
#Docker