Docker, Kubernetes, and Helm work together to provide a platform for managing, packaging, and orchestrating containerized workloads. For IBM App Connect Enterprise this enables the packaging of an integration server into a standardized unit for deployment that can be promoted through a development pipeline then deployed, managed, and scaled. This blog will discuss how to run IBM App Connect Enterprise (ACE) on OpenShift with IBM Cloud Private (ICP) as well as running ACE natively on OpenShift.

Background

IBM App Connect Enterprise v11 (and its previous release, named IBM Integration Bus v10) software can be used to create your own Docker images. We’ve been helping our customers build such Docker images for several years now. We began this journey in June 2015 with our first Dockerfile contribution to GitHub. Latterly, in 2017, we have also provided pre-built Docker images, both on Docker Registry Hub (containing developer-licensed IIB/ACE software, which are free to download and try out), and for download from IBM Passport Advantage by entitled paying customers (for production usage). There are of course several Linux container technologies competing for attention in the industry right now, but Docker has rapidly become ubiquitous. This has brought simplicity in packaging and portability to developers.

However, container images by themselves do not address key enterprise needs for production workloads. Container orchestration frameworks have also rapidly gathered widespread usage with the Kubernetes technology (a portable, extensible, open-source platform for managing your containers), now the clear leader of the pack. In line with this trend, we have also seen phenomenal interest and growth in IBM Cloud Private. IBM Cloud Private is an application platform for developing and managing on-premises, containerized applications. It is an integrated environment for managing containers that includes the container orchestrator Kubernetes, but provides additional value with a private image registry, a management console, and monitoring frameworks.

In November of this year we released a new and improved set of ACE Docker images and Helm Charts that are certified for use on IBM Cloud Private v3.1. Utilizing ACE on IBM Cloud Private provides customers with certified capabilities for production deployment alongside management and lifecycle operations as part of the ICP platform. Features such as pre-configured deployments based on product expertise, rolling upgrades, rollbacks, security/vulnerability testing, and integration with management services for logging, monitoring, metering, and security provide control and management of production workloads.

While IBM Cloud Private brings tangible benefits with a common support model and technology layer across IBM software offerings, other IBM customers may be interested in building their own custom ACE containers, built using Red Hat Enterprise Linux (rather than Ubuntu) directly on OpenShift without IBM Cloud Private. Those customers can also follow the instructions below that mimic the IBM process for building such containers.

First, find or create everything you need:

  • A Red Hat OpenShift cluster with IBM Cloud Private installed
  • The App Connect Enterprise (ACE) v11 binary that you download from Passport Advantage
  • Helm Charts from ot4i/ace-helm
  • A Red Hat Enterprise Linux (RHEL) machine with a valid subscription

Procedure

These instructions will take you step by step through running an ACE container on IBM Cloud Private on Red Hat OpenShift, and running ACE natively on Red Hat OpenShift. Both methods will require a RHEL-based image that’s built by using the instructions here: github.com/ot4i/ace-docker.

Alternative methods:

  • Running App Connect Enterprise on IBM Cloud Private on Red Hat OpenShift
  • Running App Connect Enterprise with IBM MQ on IBM Cloud Private on Red Hat OpenShift
  • Running App Connect Enterprise on Red Hat OpenShift
  • Running on IBM Cloud Private on Red Hat OpenShift

    1. Push your Docker image to a container registry so that the cluster can access it. You may need to create a Kubernetes secret so that the image can be pulled by the cluster; this process is documented in this guide in the Kubernetes documentation.
    2. In the IBM Cloud Private web interface, click the burger menu in the top-left corner and select Manage then Namespaces, and create a namespace for your ACE deployment. For this tutorial, the namespace is called ‘ace’.
    3. Apply a Security Context Constraint (SCC) to the cluster; these are similar to Pod Security Policies and give ACE the access it needs to the environment. Download the SCC for ACE here: github.com/ot4i/ace-helm and apply it to the cluster by using the command oc create -f scc.yaml. Validate that it was created correctly by running oc get scc ibm-ace-scc and the SCC will be displayed.
    4. Create a service account on Red Hat OpenShift to bind the SCC to the ACE deployment: oc create serviceaccount ibm-ace-sa
    5. Add the SCC to the service account: oc adm policy add-scc-to-user ibm-ace-scc -z ibm-ace-sa
    6. In the directory containing the Helm Charts from ot4i/ace-helm, install the Helm Chart to the cluster:
      helm upgrade --install ace-dev ibm-ace --tls --recreate-pods --namespace ace
    7. Patch the deployment with the service account created above by using:
      oc patch deploy/ace-dev-ibm-ace --patch '{"spec":{"template":{"spec":{"serviceAccountName": "ibm-ace-sa"}}}}' -n ace

    Running App Connect Enterprise with IBM MQ on IBM Cloud Private on Red Hat OpenShift

    1. Push your Docker image to a container registry so that the cluster can access it. You may need to create a Kubernetes secret so that the image can be pulled by the cluster; this process is documented in this guide in the Kubernetes documentation.
    2. In the IBM Cloud Private web interface, click the burger menu in the top-left corner and select Manage, then Namespaces, and create a namespace for your ACE deployment. For this tutorial, the namespace is called ‘ace’.
    3. In the directory containing the Helm Charts from ot4i/ace-helm, install the Helm Chart to the cluster:
      helm install --name ace-mq ibm-ace --set license=accept --set image.repository.acemq={IMAGE_LOCATION} --set image.tag={IMAGE_TAG} --set queueManagerEnabled=true --namespace ace

    Running App Connect Enterprise on Red Hat OpenShift

    1. Push your Docker image to a container registry so that the cluster can access it. You may need to create a Kubernetes secret so that the image can be pulled by the cluster; this process is documented in this guide from Red Hat.
    2. Run the application: oc new-app DOCKER_REGISTRY/IMAGE_NAME:IMAGE_TAG --env LICENSE=accept where DOCKER_REGISTRY, IMAGE_NAME, and IMAGE_TAG are set to the values that are configured for your registry.
      NOTE: By running this command you are accepting the license conditions of App Connect Enterprise. Review this license before running the command.
    3. Expose the service so you can access it: oc expose svc/ibm-ace-server-prod.
      You will be able to see the pods and services running in the OpenShift UI as shown below:

    6 comments on"App Connect Enterprise v11 for IBM Cloud Private on Red Hat OpenShift or natively on OpenShift"

    1. Srikanth_86 March 18, 2019

      Hello,
      I have been trying to run ace only image on openshift and facing ‘segment violation error’ when the configureLogging procedure is called in the go script,

      github.com/ot4i/ace-docker/internal/*logger.(Logger).Debugf(0x0, 0x8ea462, 0x1f, 0xc4200b7d90, 0x1, 0x1)
      | /go/src/github.com/ot4i/ace-docker/internal/logger/logger.go:134 +0x26
      | main.logTermination(0xc4201f00e0, 0x1, 0x1)
      | /go/src/github.com/ot4i/ace-docker/cmd/runaceserver/logging.go:36 +0x16e
      | main.doMain(0xc4200b7f78, 0xc4200de058)
      | /go/src/github.com/ot4i/ace-docker/cmd/runaceserver/main.go:38 +0x11b
      | main.main()
      | /go/src/github.com/ot4i/ace-docker/cmd/runaceserver/main.go:147 +0x22

      However, when i run the same image on my laptop, it works just fine. Could you advise if this is a defect in openshift?

      Below is the command I used to spin up a pod,

      oc new-app ibmcom/ace –env LICENSE=accept –env ACE_SERVER_NAME=acetest –env LOG_FORMAT=json

    2. Francois van der Merwe January 23, 2019

      What if I want to run ACE directly on OpenShift? I do not want the intermediate layer of ICP.

      • @Francois van der Merwe, Hi
        Thanks for your question. ACE V11 is supported natively on OpenShift. For example, see the instructions in the section Running App Connect Enterprise on Red Hat OpenShift.
        Regards,
        Ian

        • Federico Colangelo February 18, 2019

          Hi Ian, do you have official IBM documentation stating the support of ACE v11 running natively on OpenShift, because I couldn’t find it.

          Regards,
          fede

          • @Federico Colangelo, Hi
            I don’t think official IBM documentation of support for ACE v11 on OpenShift has been published yet. I’ve passed the question on to ACE Offering Management, and am pursuing for an answer.

            As I understand it so far, if an ACE customer wants to run ACE on Openshift without ICP, then they only receive problem support for the ACE product running inside the container itself. If they found a problem with Helm charts then they can raise an issue against the public git repo, https://github.com/ot4i/ace-helm, but IBM doesn’t mandate a time period for response like the formal Level 3 service route. There are also two ways that a customer can get formal IBM technical support for ACE on OpenShift:
            1) Get in contact with their IBM Representative (for their geo and account)
            or
            2) Use this form to contact an IBM Representative and ask for an IBM Services engagement: https://www.ibm.com/account/reg/us-en/signup?formid=MAIL-cloud

            When I learn more, I’ll update this reply.

            Regards,
            Ian

    3. keith_mantell January 08, 2019

      Great article

    Join The Discussion

    Your email address will not be published. Required fields are marked *