Webinar: Automate IBM Connections Installations and more

@stoeps #panagendaWebinar #ansible
Automate IBM Connections
Installations and more
Christoph Stoettner
1

Speakers
2

Christoph Stoettner
Senior Consultant at
IBM Domino since 1999, IBM Connections since 2009
Experience in
Migrations, Deployments
Performance Analysis
Focusing in
Monitoring, Security
panagenda ConnectionsExpert
IBM Champion
panagenda
3

Idea and history
Several attempts to deploy IBM Connections
automatically
Social Connections VII - Stockholm
Klaus Bild: Silence of the Installers
Why do we need automation?
Demos
Migration / Testing
Continous Delivery
It’s not only providing response files
4

Orient Me / IBM Private Cloud installer
[master]
1.1.1.1
[worker]
2.2.2.2
...
2.2.2.9
[proxy]
3.3.3.3
5

Automation speeds up your installation
System requirements installed
ulimits set / limits.conf configured
Increase nproc for WebSphere and IBM Domino
Easier troubleshooting
You don’t need to check all requirements and settings
You can be sure that they are set
root - nproc 16384
root - nofile 65536
root - stack 10240
6

Possible Opensource Tools
Puppet
Great for Windows too
Enterprise Support
Cryptic
Chef
Easy to learn (if you’re ruby developer)
SaltStack
https://puppet.com/
https://www.chef.io
https://saltstack.com
7

Ansible
Agentless
Uses SSH
Easy to read (Everything is YAML)
Easy to use (Extensible via modules)
Encryption and security built in
Written in Python
Supported by Red Hat and Communities
8

Comparison
Language Agent Config Communication Diﬀiculty
Ansible Python No YAML OpenSSH
Chef Ruby, Erlang Yes Ruby SSL
Puppet Ruby Yes PuppetDSL SSL
SaltStack Python Yes YAML ZeroMQ




9

Why should you learn Ansible?
Ansible is built for Cloud orchestration
Dynamic and static inventory
Use playbooks for multiple environments
Inventory example
It’s just YAML
Easy to keep in source control (git, svn)
[ihs]
cnx-web-60.panastoeps.local
[was-dmgr]
cnx-was-60.panastoeps.local
10

How does it work?
11

SSH is your friend
SSH Key Authentication saves a lot of time
Create a SSH Key
Linux: ssh-keygen
Windows: puttygen.exe
SSH Key should be secured with a password
Copy the public key to the remote server
ssh-copy-id
You need to add the content of <keyname>.pub to
.ssh/authorized_keys in the home directory of the
user
12

SSH with Windows
Putty
Download:
Putty Pageant Documentation
KiTTY
Download:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
http://the.earth.li/~sgtatham/putty/0.70/htmldoc/Chapter9.html
http://www.9bis.net/kitty/
http://www.9bis.net/kitty/?page=Download
13

SSH with Linux
~/.ssh/config
X11Forward
Host
Used Key
SSH-Agent (configure )Autostart SSH-Agent
$> ssh-add ~/.ssh/stoeps_rsa
Enter passphrase for /home/stoeps/.ssh/stoeps_rsa:
Identity added: /home/stoeps/.ssh/stoeps_rsa
14

Can this help with IBM Connections?
Ansible basics
Playbook is a collection of roles
Playbooks can import other playbooks
Role is a collection of tasks
Dependencies of Roles
Groups and Hostnames from Inventory
15

Organization of your folders
├── group_vars
│   └── all
├── library
├── roles
│   ├── common
│   ├── db2
│   ├── db2-requirements
│   ├── installationmanager
│   ├── tdi
│   ├── vm
│   ├── was-dmgr
│   ├── was-nd
│   ├── was-node
│   ├── was-requirements
│   └── was-suppl
└── templates
16

1. Variable definition
2. Tasks for role
Organization of your files
Root Folder
Playbooks
Inventory
Roles
Example: Installationmanager
├── defaults
│ └── main.yml (1)
└── tasks
└── main.yml (2)
17

1. Group ihs with one member
2. Group was-node with two members
Inventory
Groupname definition in inventory file
[ihs] (1)
cnx-web-60.panastoeps.local
[was-dmgr]
[was-node] (2)
cnx-was2-60.panastoeps.local
[db2]
cnx-db2-panastoeps.local
18

1. All hosts of inventory, run role vm and common for all hosts
2. Hostgroups ihs and was-dmgr
3. Import playbook webserver.yml
Main playbook
Groupnames from inventory used for applying roles
Special: all
# file: site.yml
- hosts: all (1)
roles:
- common
- vm
- hosts: ihs was-dmgr (2)
roles:
- was-requirements
- installationmanager
- import_playbook: webserver.yml (3)
19

1. hard and so limits
2. item name
3. value
Change ulimit
Configure /etc/security/limits.conf
# Increase limits.conf for IBM products
- name: Change limits.conf
pam_limits:
domain: root
limit_type: '-' (1)
limit_item: nofile (2)
value: 65536 (3)
20

1. Edit sshd_config
2. Search line beginning with X11Forwarding
3. Search X11UseLocalhost
4. Handler: restart ssh
SSHD enable X11Forward
# Configure SSH X11Forward
- name: Update SSH configuration to be more secure.
lineinfile:
dest: "/etc/ssh/sshd_config" (1)
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items:
- regexp: "^X11Forwarding" (2)
line: "X11Forwarding yes"
- regexp: "^X11UseLocalhost" (3)
line: "X11UseLocalhost no"
notify: Restart SSH (4)
21

Package Management
Install prerequisists for
Installation Manager
DB2
WebSphere Application Server
Which distribution do you use?
SuSE (zypper)
Red Hat (yum)
Debian (apt)
Doesn't matter!
22

1. Requirement for WebSphere manageprofiles.sh
2. VM drivers
Package Management with Ansible
# Install unzip
- name: Install unzip (used in unarchive)
package:
name=unzip
state=latest
# Multiple packages
- name: Install prerequisists
package:
name={{ item }}
state=latest
with_items:
- unzip
- xauth
- psmisc (1)
- open-vm-tools (2)
23

Install prerequisists
When package names are not consistent in all used
distributions
Use when statement
- name: Install system packages for DB2
package: name={{ item }} state=latest
with_items:
- libaio.i686
- libaio.x86_64
- compat-libstdc++-33.i686
- compat-libstdc++-33.x86_64
- libstdc++.x86_64
- libstdc++.i686
- pam.i686
when: ansible_distribution == 'Red Hat Enterprise Linux'
24

Disable IPv6
IPv6 o en is a pain in (IBM) so ware deployments
Sometimes I forget to do it on one of the servers
# Disable IPv6
- name: Disable IPv6 in sysctl
sysctl:
name={{ item }}
value=1
state=present
with_items:
- net.ipv6.conf.all.disable_ipv6
- net.ipv6.conf.default.disable_ipv6
- net.ipv6.conf.lo.disable_ipv6
25

Disable Firewall, SELinux
I always disable Firewalls and Security Extensions during
deployments
# Disable Firewall
- name: Disable Firewall
service:
name=firewalld
state=stopped
enabled=no
# Disable SELinux
- name: Disable SELinux
selinux:
state: disabled
26

Shell Extension To Mount Share
Mount a local folder into the VM
Just a shell command
# Mount Disk with installation sources
- name: Mount software repository
shell: umount /mnt; vmhgfs-fuse .host:/software /mnt
27

1. Create Vault
2. Edit Vault
3. Encrypt file a erwords
Secure your configuration
You shouldn't keep passwords in cleartext
Ansible knows something named Vault
Vaults are AES256 encrypted
ansible-vault --ask-vault-pass create group_vars/all/vault.yml (1)
ansible-vault --ask-vault-pass edit group_vars/all/vault.yml (2)
ansible-vault --ask-vault-pass encrypt group_vars/all/main.yml (3)
28

Run your Playbook
Run Playbook when vault.yml is used
Run Playbook without vault.yml
ansible-playbook -i inventory site.yml --ask-vault-pass
ansible-playbook -i inventory site.yml
29

Create Users
IBM Connections needs a database user
lcuser
Define password in vault.yml
User creation needs a password hash!
# Content of vault.yml
lcuser_password: 'password'
- name: Create DB2 Connections Users
user:
name: lcuser
password: "{{ lcuser_password | password_hash('512') }}"
30

IBM Installation Manager
Role get the installer from a webserver
Role originally comes from:
I use Docker with nginx to serv the file
Role contains following tasks:
Download and extract of the package
Silent Install of Installation Manager
Delete the extracted content
https://github.com/sgwilbur/ansible-ibm-installation-manager
31

IBM Installation Manager Variables
Used Variables:
im_media_host: http://172.16.20.1
im_ibmim_install_location: /opt/IBM/InstallationManager
im_tmp_location: /tmp/im
im_version: 1.8.7.0
im_platform: linux
im_architecture: x86_64
im_version_tag: 1.8.7000.20170706_2137
32

Installation Manager tasks
# file: roles/installationmanager/tasks/main.yml
- name: Create Temp directory
file: path={{ im_tmp_location }} state=directory mode=0755
- name: Download and extract local copy of installer
unarchive:
src: "{{ im_media_host }}/software/ibm/installation_manager/{{ im_
dest: "{{ im_tmp_location }}"
remote_src: yes
- name: Run silent install to {{ im_ibmim_install_location }}
command:
chdir={{ im_tmp_location }}
{{ im_tmp_location }}/install -acceptLicense --launcher.ini silent
creates={{ im_ibmim_install_location }}
register: install
changed_when: install.rc != 0
- name: Remove Installer
fil th {{ i t l ti }} t t b t
33

WebSphere Components (Variables)
Define repositories
Set properties
wasnd:
properties: "user.wasjava=java8"
dmgrhost: "cnx-was-60.panastoeps.local"
ibmrepositories: "/mnt/ibm/WebSphere/8.5.5/ND/repository.config,
/mnt/ibm/WebSphere/8.5.5/SUPPL/repository.config,
/mnt/ibm/WebSphere/8.5.5FP11/ND/repository.config,
/mnt/ibm/WebSphere/8.5.5FP11/SUPPL/repository.config,
/mnt/ibm/WebSphere/8.5.5FP11/WCT/repository.config,
/mnt/ibm/WebSphere/8.0.3.0/IBMWASJAVA/repository.config,
/mnt/ibm/WebSphere/Fixes/IFPI80729/repository.config"
34

Install WebSphere Components
Copy library into your playbook directory
https://github.com/amimof/ansible-WebSphere
- name: Install WebSphere Application Server Network Deployment
ibmim:
id: "com.ibm.websphere.ND.v85 com.ibm.websphere.IBMJAVA.v80"
repositories: "{{ ibmrepositories }}"
properties: "{{ wasnd.properties }}"
- name: Update all WebSphere packages
ibmim:
id: null
state: update
repositories: "{{ ibmrepositories }}"
properties: "{{ wasnd.properties }}"
35

Create Deployment Manager Profile
# file: roles/was-dmgr/tasks/main.yml
- name: Create DMGR Profile
profile_dmgr:
state: present
wasdir: /opt/IBM/WebSphere/AppServer
name: Dmgr01
cell_name: CnxCell
host_name: "{{ inventory_hostname}}"
node_name: CnxCell-dmgr
username: wasadmin
password: password
# Start the Deploymentmanager to add the additional profiles
- name: Start Deployment Manager
shell:
cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin; ./startManage
36

Jinja2 templates
Response files as templates
Jinja2 Templating
Dynamic
Access to Variables
Save into <playbook>/templates
37

Example template for DB2
Variables
Response file
db2:
install: "/mnt/ibm/db2/11.1.2FP2a"
resp:
prod: "DB2_SERVER_EDITION"
file: "/opt/ibm/db2/V11.1"
lic_agreement: "ACCEPT" # ACCEPT or DECLINE
install_type: "TYPICAL" # TYPICAL, COMPACT, CUSTOM
...
* Product Installation
LIC_AGREEMENT = {{ resp.lic_agreement }}
PROD = {{ resp.prod }}
FILE = {{ resp.file }}
INSTALL_TYPE = {{ resp.install_type }}
...
38

DB2 role with template parsing
Parse response file and store in tmp
Call db2setup with this response file
- name: Parse response file
template: src=db2server.j2.rsp dest=/tmp/db2server.rsp
tags: parse
- name: Installing DB2 11.1
command: "{{ db2.install }}/db2setup -r /tmp/db2server.rsp"
register: db2_setup
args:
creates: "{{resp.file}}"
39

Import DB2 license
Using a shell command
- name: Add DB2 license
shell:
cp /mnt/ibm/db2/cnx_lic/ese_u/db2/license/db2ese_u.lic /home/db2in
chown db2inst1 /home/db2inst1/db2ese_u.lic &&
su - db2inst1 -c 'db2licm -a /home/db2inst1/db2ese_u.lic'
40

Install TDI 7.1.1
Tivoli Directory Integrator 7.1.1
Jinja2 Response file
# Install Tivoli Directory Integrator 7.1.1 and FP6
- name: Parse response file
template: src=tdi_install.j2.rsp dest=/tmp/tdi_install.rsp
tags: parse
# Installer search gnome or kde and gives an error on exit
# after successful installation
- name: Installing TDI 7.1.1
command: "{{ tdi.install }}/install_tdiv711_linux_x86_64.bin
-f /tmp/tdi_install.rsp -i silent"
ignore_errors: yes
41

Update TDI to 7.1.1 FP6
Copy UpdateInstaller.jar
Update TDI
# Update to FP6
- name: Download and extract local copy of installer
unarchive:
src: "{{ tdi.fixpack }}/7.1.1-TIV-TDI-FP0006.zip"
dest: "{{ tdi.tmp }}"
remote_src: yes
# Copy update
- name: Copy UpdateInstaller.jar
copy:
src: "{{ tdi.tmp }}/7.1.1-TIV-TDI-FP0006/UpdateInstaller.jar"
dest: /opt/IBM/TDI/V7.1.1/maintenance
remote_src: yes
- name: Update TDI to FP6
command: "/opt/IBM/TDI/V7.1.1/bin/applyUpdates.sh -update
{{ tdi.tmp }}/7.1.1-TIV-TDI-FP0006/TDI-7.1.1-FP0006.zip"
42

Run Playbook
ansible-playbook -i inventory site.yml
PLAY [all] ***********************************************************
TASK [Gathering Facts] ***********************************************
ok: [cnx-p60-doc-01.panagenda.local]
TASK [common : Disable Firewall] *************************************
TASK [common : Disable SELinux] **************************************
TASK [common : Change limits.conf] ***********************************
TASK [common : pam_limits] *******************************************
43

Nearly everything is possible
Manage Docker container
Reboot your systems
Update multiple hosts at one time
44

Works with Microso Windows
WinRM / Remote Powershell
Gather facts on Windows hosts
Manage Windows packages via
Install and uninstall MSIs
Enable and disable Windows Features
Start, stop, and manage Windows services
Create and manage local users and groups
Manage and install Windows updates
Push and execute any PowerShell script
Chocolatey
45

Administrator or Developer?
Have a look at Ansible
Saves you time
Easy to deploy and use in diﬀerent environments
QA
Testing
Production
KISS
Keep it simple stupid
46

Thank You
Christoph Stoettner
+49 173 8588719
christophstoettner
 christoph.stoettner@panagenda.com

 @stoeps
 https://linkedin.com/in/christophstoettner
 https://slideshare.net/christophstoettner
 https://github.com/stoeps13
 https://www.stoeps.de

47

Questions?
48

Webinar: Automate IBM Connections Installations and more

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (7)

Similar to Webinar: Automate IBM Connections Installations and more

Similar to Webinar: Automate IBM Connections Installations and more (20)

More from panagenda

More from panagenda (20)

Recently uploaded

Recently uploaded (20)

Webinar: Automate IBM Connections Installations and more