Webinar: Automate IBM Connections Installations and more

@stoeps #panagendaWebinar #ansible

Automate IBM ConnectionsInstallations and moreChristoph Stoettner

1


Speakers

2


Christoph Stoettner

Senior Consultant at IBM Domino since 1999, IBM Connections since 2009

Experience inMigrations, Deployments

Performance Analysis

Focusing inMonitoring, Security

panagenda ConnectionsExpert

IBM Champion

panagenda

3

https://www.panagenda.com/


Idea and history

Several attempts to deploy IBM Connectionsautomatically

Social Connections VII - StockholmKlaus Bild: Silence of the Installers

Why do we need automation?Demos

Migration / Testing

Continous Delivery

It’s not only providing response files

4


Orient Me / IBM Private Cloud installer[master]

1.1.1.1

[worker]

2.2.2.2

...

2.2.2.9

[proxy]

3.3.3.3

5


Automation speeds up your installation

System requirements installed

ulimits set / limits.conf configuredIncrease nproc for WebSphere and IBM Domino

Easier troubleshootingYou don’t need to check all requirements and settings

You can be sure that they are set

root - nproc 16384

root - nofile 65536

root - stack 10240

6


Possible Opensource Tools

PuppetGreat for Windows too

Enterprise Support

Cryptic

ChefEasy to learn (if you’re ruby developer)

SaltStack

https://puppet.com/

https://www.chef.io

https://saltstack.com

7

https://puppet.com/

https://www.chef.io/

https://saltstack.com/


Ansible

Agentless

Uses SSH

Easy to read (Everything is YAML)

Easy to use (Extensible via modules)

Encryption and security built in

Written in Python

Supported by Red Hat and Communities

8


Comparison

Language Agent Config Communication Difficulty

Ansible Python No YAML OpenSSH

Chef Ruby, Erlang Yes Ruby SSL

Puppet Ruby Yes PuppetDSL SSL

SaltStack Python Yes YAML ZeroMQ

9


Why should you learn Ansible?

Ansible is built for Cloud orchestration

Dynamic and static inventoryUse playbooks for multiple environments

Inventory example

It’s just YAML

Easy to keep in source control (git, svn)

[ihs]

cnx-web-60.panastoeps.local

[was-dmgr]

cnx-was-60.panastoeps.local

10


How does it work?

11


SSH is your friend

SSH Key Authentication saves a lot of time

Create a SSH KeyLinux: ssh-keygen

Windows: puttygen.exe

SSH Key should be secured with a password

Copy the public key to the remote serverssh-copy-id

You need to add the content of <keyname>.pub to.ssh/authorized_keys in the home directory of theuser

12


SSH with Windows

PuttyDownload:

Putty Pageant Documentation

KiTTY

Download:

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

http://the.earth.li/~sgtatham/putty/0.70/htmldoc/Chapter9.html

http://www.9bis.net/kitty/

http://www.9bis.net/kitty/?page=Download

13

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

http://the.earth.li/~sgtatham/putty/0.70/htmldoc/Chapter9.html

http://www.9bis.net/kitty/

http://www.9bis.net/kitty/?page=Download


SSH with Linux

~/.ssh/config

X11Forward

Host

Used Key

SSH-Agent (configure )Autostart SSH-Agent

$> ssh-add ~/.ssh/stoeps_rsa

Enter passphrase for /home/stoeps/.ssh/stoeps_rsa:

Identity added: /home/stoeps/.ssh/stoeps_rsa

14

http://mah.everybody.org/docs/ssh


Can this help with IBM Connections?

Ansible basicsPlaybook is a collection of roles

Playbooks can import other playbooks

Role is a collection of tasksDependencies of Roles

Groups and Hostnames from Inventory

15


Organization of your folders├── group_vars

│ └── all

├── library

├── roles

│ ├── common

│ ├── db2

│ ├── db2-requirements

│ ├── installationmanager

│ ├── tdi

│ ├── vm

│ ├── was-dmgr

│ ├── was-nd

│ ├── was-node

│ ├── was-requirements

│ └── was-suppl

└── templates

16


1. Variable definition

2. Tasks for role

Organization of your files

Root FolderPlaybooks

Inventory

RolesExample: Installationmanager

├── defaults

│ └── main.yml (1)

└── tasks

└── main.yml (2)

17


1. Group ihs with one member

2. Group was-node with two members

Inventory

Groupname definition in inventory file

[ihs] (1)

cnx-web-60.panastoeps.local

[was-dmgr]


[was-node] (2)


cnx-was2-60.panastoeps.local

[db2]

cnx-db2-panastoeps.local

18


1. All hosts of inventory, run role vm and common for all hosts

2. Hostgroups ihs and was-dmgr

3. Import playbook webserver.yml

Main playbook

Groupnames from inventory used for applying roles

Special: all

# file: site.yml

- hosts: all (1)

roles:

- common

- vm

- hosts: ihs was-dmgr (2)

roles:

- was-requirements

- installationmanager

- import_playbook: webserver.yml (3)

19


1. hard and so� limits

2. item name

3. value

Change ulimit

Configure /etc/security/limits.conf

# Increase limits.conf for IBM products

- name: Change limits.conf

pam_limits:

domain: root

limit_type: '-' (1)

limit_item: nofile (2)

value: 65536 (3)

20


1. Edit sshd_config

2. Search line beginning with X11Forwarding

3. Search X11UseLocalhost

4. Handler: restart ssh

SSHD enable X11Forward# Configure SSH X11Forward

- name: Update SSH configuration to be more secure.

lineinfile:

dest: "/etc/ssh/sshd_config" (1)

regexp: "{{ item.regexp }}"

line: "{{ item.line }}"

state: present

with_items:

- regexp: "^X11Forwarding" (2)

line: "X11Forwarding yes"

- regexp: "^X11UseLocalhost" (3)

line: "X11UseLocalhost no"

notify: Restart SSH (4)

21


Package Management

Install prerequisists forInstallation Manager

DB2

WebSphere Application Server

Which distribution do you use?SuSE (zypper)

Red Hat (yum)

Debian (apt)

Doesn't matter!

22


1. Requirement for WebSphere manageprofiles.sh

2. VM drivers

Package Management with Ansible# Install unzip

- name: Install unzip (used in unarchive)

package:

name=unzip

state=latest

# Multiple packages

- name: Install prerequisists

package:

name={{ item }}

state=latest

with_items:

- unzip

- xauth

- psmisc (1)

- open-vm-tools (2)

23


Install prerequisists

When package names are not consistent in all useddistributions

Use when statement

- name: Install system packages for DB2

package: name={{ item }} state=latest

with_items:

- libaio.i686

- libaio.x86_64

- compat-libstdc++-33.i686

- compat-libstdc++-33.x86_64

- libstdc++.x86_64

- libstdc++.i686

- pam.i686

when: ansible_distribution == 'Red Hat Enterprise Linux'

24


Disable IPv6

IPv6 o�en is a pain in (IBM) so�ware deployments

Sometimes I forget to do it on one of the servers

# Disable IPv6

- name: Disable IPv6 in sysctl

sysctl:

name={{ item }}

value=1

state=present

with_items:

- net.ipv6.conf.all.disable_ipv6

- net.ipv6.conf.default.disable_ipv6

- net.ipv6.conf.lo.disable_ipv6

25


Disable Firewall, SELinux

I always disable Firewalls and Security Extensions duringdeployments

# Disable Firewall

- name: Disable Firewall

service:

name=firewalld

state=stopped

enabled=no

# Disable SELinux

- name: Disable SELinux

selinux:

state: disabled

26


Shell Extension To Mount Share

Mount a local folder into the VM

Just a shell command

# Mount Disk with installation sources

- name: Mount software repository

shell: umount /mnt; vmhgfs-fuse .host:/software /mnt

27


1. Create Vault

2. Edit Vault

3. Encrypt file a�erwords

Secure your configuration

You shouldn't keep passwords in cleartext

Ansible knows something named Vault

Vaults are AES256 encrypted

ansible-vault --ask-vault-pass create group_vars/all/vault.yml (1)

ansible-vault --ask-vault-pass edit group_vars/all/vault.yml (2)

ansible-vault --ask-vault-pass encrypt group_vars/all/main.yml (3)

28


Run your Playbook

Run Playbook when vault.yml is used

Run Playbook without vault.yml

ansible-playbook -i inventory site.yml --ask-vault-pass

ansible-playbook -i inventory site.yml

29


Create Users

IBM Connections needs a database userlcuser

Define password in vault.yml

User creation needs a password hash!

# Content of vault.yml

lcuser_password: 'password'

- name: Create DB2 Connections Users

user:

name: lcuser

password: "{{ lcuser_password | password_hash('512') }}"

30


IBM Installation Manager

Role get the installer from a webserver

Role originally comes from:

I use Docker with nginx to serv the file

Role contains following tasks:Download and extract of the package

Silent Install of Installation Manager

Delete the extracted content

https://github.com/sgwilbur/ansible-ibm-installation-manager

31

https://github.com/sgwilbur/ansible-ibm-installation-manager


IBM Installation Manager Variables

Used Variables:

im_media_host: http://172.16.20.1

im_ibmim_install_location: /opt/IBM/InstallationManager

im_tmp_location: /tmp/im

im_version: 1.8.7.0

im_platform: linux

im_architecture: x86_64

im_version_tag: 1.8.7000.20170706_2137

32


Installation Manager tasks# file: roles/installationmanager/tasks/main.yml

- name: Create Temp directory

file: path={{ im_tmp_location }} state=directory mode=0755

- name: Download and extract local copy of installer

unarchive:

src: "{{ im_media_host }}/software/ibm/installation_manager/{{ im_

dest: "{{ im_tmp_location }}"

remote_src: yes

- name: Run silent install to {{ im_ibmim_install_location }}

command:

chdir={{ im_tmp_location }}

{{ im_tmp_location }}/install -acceptLicense --launcher.ini silent

creates={{ im_ibmim_install_location }}

register: install

changed_when: install.rc != 0

- name: Remove Installer

fil th {{ i t l ti }} t t b t

33


WebSphere Components (Variables)

Define repositories

Set properties

wasnd:

properties: "user.wasjava=java8"

dmgrhost: "cnx-was-60.panastoeps.local"

ibmrepositories: "/mnt/ibm/WebSphere/8.5.5/ND/repository.config,

/mnt/ibm/WebSphere/8.5.5/SUPPL/repository.config,

/mnt/ibm/WebSphere/8.5.5FP11/ND/repository.config,

/mnt/ibm/WebSphere/8.5.5FP11/SUPPL/repository.config,

/mnt/ibm/WebSphere/8.5.5FP11/WCT/repository.config,

/mnt/ibm/WebSphere/8.0.3.0/IBMWASJAVA/repository.config,

/mnt/ibm/WebSphere/Fixes/IFPI80729/repository.config"

34


Install WebSphere Components

Copy library into your playbook directory

https://github.com/amimof/ansible-WebSphere

- name: Install WebSphere Application Server Network Deployment

ibmim:

id: "com.ibm.websphere.ND.v85 com.ibm.websphere.IBMJAVA.v80"

repositories: "{{ ibmrepositories }}"

properties: "{{ wasnd.properties }}"

- name: Update all WebSphere packages

ibmim:

id: null

state: update

repositories: "{{ ibmrepositories }}"

properties: "{{ wasnd.properties }}"

35

https://github.com/amimof/ansible-WebSphere


Create Deployment Manager Profile# file: roles/was-dmgr/tasks/main.yml

- name: Create DMGR Profile

profile_dmgr:

state: present

wasdir: /opt/IBM/WebSphere/AppServer

name: Dmgr01

cell_name: CnxCell

host_name: "{{ inventory_hostname}}"

node_name: CnxCell-dmgr

username: wasadmin

password: password

# Start the Deploymentmanager to add the additional profiles

- name: Start Deployment Manager

shell:

cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin; ./startManage

36


Jinja2 templates

Response files as templates

Jinja2 Templating

Dynamic

Access to Variables

Save into <playbook>/templates

37


Example template for DB2

Variables

Response file

db2:

install: "/mnt/ibm/db2/11.1.2FP2a"

resp:

prod: "DB2_SERVER_EDITION"

file: "/opt/ibm/db2/V11.1"

lic_agreement: "ACCEPT" # ACCEPT or DECLINE

install_type: "TYPICAL" # TYPICAL, COMPACT, CUSTOM

...

* Product Installation

LIC_AGREEMENT = {{ resp.lic_agreement }}

PROD = {{ resp.prod }}

FILE = {{ resp.file }}

INSTALL_TYPE = {{ resp.install_type }}

...

38


DB2 role with template parsing

Parse response file and store in tmp

Call db2setup with this response file

- name: Parse response file

template: src=db2server.j2.rsp dest=/tmp/db2server.rsp

tags: parse

- name: Installing DB2 11.1

command: "{{ db2.install }}/db2setup -r /tmp/db2server.rsp"

register: db2_setup

args:

creates: "{{resp.file}}"

39


Import DB2 license

Using a shell command

- name: Add DB2 license

shell:

cp /mnt/ibm/db2/cnx_lic/ese_u/db2/license/db2ese_u.lic /home/db2in

chown db2inst1 /home/db2inst1/db2ese_u.lic && \

su - db2inst1 -c 'db2licm -a /home/db2inst1/db2ese_u.lic'

40


Install TDI 7.1.1

Tivoli Directory Integrator 7.1.1

Jinja2 Response file

# Install Tivoli Directory Integrator 7.1.1 and FP6

- name: Parse response file

template: src=tdi_install.j2.rsp dest=/tmp/tdi_install.rsp

tags: parse

# Installer search gnome or kde and gives an error on exit

# after successful installation

- name: Installing TDI 7.1.1

command: "{{ tdi.install }}/install_tdiv711_linux_x86_64.bin

-f /tmp/tdi_install.rsp -i silent"

ignore_errors: yes

41


Update TDI to 7.1.1 FP6

Copy UpdateInstaller.jar

Update TDI

# Update to FP6

- name: Download and extract local copy of installer

unarchive:

src: "{{ tdi.fixpack }}/7.1.1-TIV-TDI-FP0006.zip"

dest: "{{ tdi.tmp }}"

remote_src: yes

# Copy update

- name: Copy UpdateInstaller.jar

copy:

src: "{{ tdi.tmp }}/7.1.1-TIV-TDI-FP0006/UpdateInstaller.jar"

dest: /opt/IBM/TDI/V7.1.1/maintenance

remote_src: yes

- name: Update TDI to FP6

command: "/opt/IBM/TDI/V7.1.1/bin/applyUpdates.sh -update

{{ tdi.tmp }}/7.1.1-TIV-TDI-FP0006/TDI-7.1.1-FP0006.zip"

42


Run Playbook

ansible-playbook -i inventory site.yml

PLAY [all] ***********************************************************

TASK [Gathering Facts] ***********************************************

ok: [cnx-p60-doc-01.panagenda.local]

TASK [common : Disable Firewall] *************************************


TASK [common : Disable SELinux] **************************************


TASK [common : Change limits.conf] ***********************************


TASK [common : pam_limits] *******************************************


43


Nearly everything is possible

Manage Docker container

Reboot your systems

Update multiple hosts at one time

44


Works with Microso� Windows

WinRM / Remote Powershell

Gather facts on Windows hosts

Manage Windows packages via

Install and uninstall MSIs

Enable and disable Windows Features

Start, stop, and manage Windows services

Create and manage local users and groups

Manage and install Windows updates

Push and execute any PowerShell script

Chocolatey

45

https://chocolatey.org/


Administrator or Developer?

Have a look at AnsibleSaves you time

Easy to deploy and use in different environments

QA

Testing

Production

KISSKeep it simple stupid

46


Thank You

Christoph Stoettner +49 173 8588719 christophstoettner

[email protected]@stoeps https://linkedin.com/in/christophstoettner https://slideshare.net/christophstoettner https://github.com/stoeps13 https://www.stoeps.de

47

mailto:[email protected]

https://twitter.com/stoeps

https://linkedin.com/in/christophstoettner

https://slideshare.net/christophstoettner

https://github.com/stoeps13

https://www.stoeps.de/


Questions?

48

Date post:	23-Jan-2018
Category:	Data & Analytics
Upload:	panagenda
View:	48 times
Download:	0 times

Webinar: Automate IBM Connections Installations and more

Data & Analytics