Installing the HCL Connections Component Pack 6.5 CR1 – Part 5: Installing the applications

Posted on by

In the previous part I discussed preparing the environment for the applications. If everything is working till this point, then installing the applications is actually really easy, so I expect this part will be the shortest article of the series. That said, there are some parts in the HCL documentation which will benefit from some extra explanation. I will also discuss installing the Kubernetes Dashboard, where the HCL documentation is completely off.

I was in doubt whether I would discuss installation and configuration of the different applications in one article per application, or first install all applications and then discuss the configuration in another article. I chose the latter as sometimes problems with the environment come up while installing the applications and it’s better to find that out as early as possible.

Installing Elasticsearch

If you follow the documentation, the first application you’ll encounter is OrientMe. You can use OrientMe either with Elasticsearch or with Solr. On installing OrientMe, Solr will be automatically installed. Elasticsearch however has it’s own Helm chart, so if you want to use OrientMe with Elasticsearch, you have to install Elasticsearch first. To install Elasticsearch, you simply use this command:

helm install --name=elasticsearch <path-to>/microservices_connections/hybridcloud/helmbuilds/elasticsearch-0.1.0-20200319-223218.tgz --set image.repository=<my-docker-registry:5000>/connections,nodeAffinityRequired=true

Use kctl get pods -o wide to check if all pods deploy successfully (remember that I use kctl as an alias for kubectl -n connections). If they don’t, check what’s wrong with commands like: kctl get events | grep  "es-" and kctl logs <pod-name>. Also check if the Elasticsearch pods indeed installed on the tainted nodes.

Installing OrientMe

There are some options to use here if you do not wish to use Elasticsearch (but use SOLR instead), use ISAM or did choose to use another namespace than connections, but if you want to use OrientMe with Elasticsearch and kept things standard, this is your command:

helm install --name=orientme <path-to>/microservices_connections/hybridcloud/helmbuilds/orientme-0.1.0-20200321-174037.tgz --set global.onPrem=true,global.image.repository=<my-docker-registry:5000>/connections,orient-web-client.service.nodePort=30001,itm-services.service.nodePort=31100,mail-service.service.nodePort=32721,community-suggestions.service.nodePort=32200,orient-indexing-service.indexing.solr=false,orient-indexing-service.indexing.elasticsearch=true,orient-retrieval-service.retrieval.elasticsearch=true

again, check with kctl get pods, if everything installed correctly

Installing Ingress

Here HCL does something strange in the documentation. They want you to take the domain of your Kubernetes master server and use that domain in your helm command. However, the domain they’re looking for is the domain of your Connections url. This domain might have nothing to do with the domain your servers are residing in. Actually, most of the Connections environments I know have the servers in a different domain from the main Connections URL. Summarising, just forget that part of the documentation and enter your domain yourself.

helm install --name=cnx-ingress <path-to>/microservices_connections/hybridcloud/helmbuilds/cnx-ingress-0.1.0-20200320-150203.tgz --set global.onPrem=true,global.image.repository=<my-docker-registry:5000>/connections,ingress.hosts.domain="example.com"

Check again via kctl get pods if the Ingress controller installed correctly

Installing Customizer

The installation of Customizer is just another helm command:

helm install --name=mw-proxy <path-to>/microservices_connections/hybridcloud/helmbuilds/mw-proxy-0.1.0-20200321-114108.tgz --set image.repository=<my-docker-registry:5000>/connections,deploymentType=hybrid_cloud

Installing Activities Plus

This one is more interesting as there are some decisions to make here. Activities Plus is provided by ISW. HCL made their offering part of the component pack, but they simply provided the version of that moment. Updates of Activities Plus are far more frequent than the CR releases of Component Pack. This is especially true if you consider that the Component pack CR1 was released in March 2020 and no other releases are expected this year. If you want to stick to the release from the Component pack, the documentation from ISW is better than the documentation from HCL. Basically you have to perform these steps:

  1. Setup OAuth
  2. Setup storage (if you followed my instructions in the previous part, you’ve done this already)
  3. Get a (free) license key
  4. Update the config file which you can find in <path-to>/microservices_connections/hybridcloud/support/kudos-boards/boards-cp.yaml
    (There’s no need anymore to download the version from the website of ISW as HCL updated the version of this file in CR1)
    Note: If your PV path is different from /pv-connections then you have to edit this in the boards-cp.yaml (persistentVolumePath: <your path here>)
  5. Download the correct Helm chart
    (In my next command, I’m going to assume you saved it in <path-to>/microservices_connections/hybridcloud/helmbuilds)
  6. Run the Helm command: 
    cd <path-to>/microservices_connections/hybridcloud/support/kudos-boards/
    helm upgrade kudos-boards-cp <path-to>/microservices_connections/hybridcloud/helmbuilds/kudos-boards-cp-1.1.1.tgz -i -f ./boards-cp.yaml --namespace connections --recreate-pods
  7. Configure IBM HTTP Server

As said, the release of Activities Plus in the Component pack is not the latest. At the time of writing (30th of July 2020), ISW has already released 4 updates compared to CP CR1. To get the more frequent updates from ISW, you have to create a login for Docker Hub. As the login and password will be stored in a Kubernetes secret which could be read by anyone having access to the Kubernetes environment, you might not want to use your personal login. The login you created has to be added to the ISW repository. Send them a mail on support@kudosapps.com with your login name. Once you got their confirmation, create a Kubernetes secret with:

kubectl create secret docker-registry dockerhub --docker-server=docker.io --docker-username=[user] --docker-password=[password] --docker-email=[email] --namespace=connections

Next you have to update the boards-cp.yaml. There’s quite a lot of changes you have to do, including adding a couple of services. Read this information carefully and look at the example file. When you’re done, follow the steps mentioned earlier to roll out or upgrade Activities Plus/Kudos Boards.

Installing Elastic Stack

The next couple of packages are only for monitoring. Obviously the configuration is key here, but I’m including them here for completeness. The first one is Elastic Stack. The command to install it is:

helm install --name=elasticstack <path-to>/microservices_connections/hybridcloud/helmbuilds/elasticstack-0.1.0-20200321-174055.tgz --set global.onPrem=true,global.image.repository=<my-docker-registry:5000>/connections

If you want to filter out certain log statistics, you can add a logstash.filterOut property as discussed here.

Installing the Kubernetes web-based dashboard with Metrics Server

Though HCL recently updated the documentation at this point, they still missed a couple of items, so don’t use theirs. This is how you install the dashboard:

Check at https://github.com/kubernetes/dashboard/releases what the current latest release of the Kubernetes Dashboard is. At the time of writing it’s 2.0.3, so you’ll see that reflected below.

On your master node, type:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

By default you’ll be logged out of the dashboard every 10 minutes. That’s pretty annoying, especially if you would like to show it on a monitor. Luckily you can change this:

kubectl -n kubernetes-dashboard edit deployments kubernetes-dashboard

add to the container arguments: --token-ttl=0 as in below image (note: use spaces, no tabs in this file)



Check if the containers are running:

kubectl get pods --all-namespaces | grep dashboard

You should see something like this:
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-c79c65bb7-fn5hs 1/1 Running 0 34m
kubernetes-dashboard-fbf5bc776-xtl2d 1/1 Running 0 15s

The next step is to create an admin user. HCL provided a file to help you create one. Regretfully they made a mistake with the namespace as the dashboard since version 2.0 is deployed in the kubernetes-dashboard namespace instead of the kube-system namespace. The command below will fix the file for you:

sed -i 's/kube-system/kubernetes-dashboard/g' <path-to>/microservices_connections/hybridcloud/support/dashboard-admin.yaml

Then you can create the admin user with this command:

kubectl apply -f <path-to>/microservices_connections/hybridcloud/support/dashboard-admin.yaml

Install Metrics Server using Helm:

helm install --name metrics-server stable/metrics-server --namespace metrics --set args={"--kubelet-insecure-tls=true, --kubelet-preferred-address-types=InternalIP\,Hostname\,ExternalIP"}

By default you can only access the dashboard on the server itself. You could put a reverse proxy in front of it, or you can enable the dashboard to be accessible from external sources. The latter was described here. This boils down to the following:

Edit the dashboard service:

kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

Replace “Type: ClusterIP” by NodePort as below.

if you type kubectl -n kubernetes-dashboard get services now, you’ll see that port 443 got mapped to a port on the host:

You can verify this using lsof -i tcp:31206 (31206 was the port that it was mapped to on my Master, but it’s probably different for you):

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
kube-prox 4379 root 32u IPv6 285026740 0t0 TCP *:31206 (LISTEN)

If you have the firewall on the machine enabled, you’ll have to open this port on the firewall

Finally, you have to find the token that you will use to log in to your dashboard:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') | grep token: | awk {'print $2'}

This will produce a long token, which you have to enter to login on your dashboard. Your dashboard you can reach by going to https://<hostname of you Kubernetes master>:<portnumber you found before. 31206 in my case>

I’d like to thank Jan Flipsen of the Dutch Tax office for helping me with this one.

Installing the Sanity dashboard

The last application to install is the sanity dashboard. This is again a simple one and boils down to 2 Helm commands:

helm install --name=sanity <path-to>/microservices_connections/hybridcloud/helmbuilds/sanity-0.1.8-20200321-160144.tgz --set image.repository=<my-docker-registry:5000>/connections,logLevel=info

and

helm install --name=sanity-watcher <path-to>/microservices_connections/hybridcloud/helmbuilds/sanity-watcher-0.1.0-20200218-182137.tgz --set image.repository=<my-docker-registry:5000>/connections

Check with kctl get pods if both pods, sanity and sanity-watcher, deployed successfully.

References

HCL documentation on installing the applications
Elastic search, Elastic stack and Kibana
Kudos Boards / Activities Plus
Kubernetes Dashboard on kubernetes.io
Kubernetes Dashboard on github

Back to part 4 | On to part 6