Running the apic-configsync utility as a cronjob on Red Hat
OpenShift or IBM Cloud Pak for Integration enables the utility to be run on a timed basis, such as
every 10 minutes.
Before you begin
Ensure that the following prerequisites are satisfied before attempting to configure the
cronjob:
- Ensure that you have a tool available for copying the image into your image registry.
The
examples in this topic use skopeo
to copy the image to the target registry, but you
could use equivalent docker
or podman
commands instead.
- Expose the OpenShift registry with
defaultRoute
by running the following
command:oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
For
more information, see Exposing the registry in the OpenShift documentation. It is
not necessary to perform step 5 (the "podman login" step) in the instructions.
- Set the
REGISTRY_HOST
environment variable to the OpenShift registry by running
the following
command:REGISTRY_HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
- Set the
APIC_PROJECT
environment variable to the namespace (project) where you
intend to run the cronjob. For optimal performance, the cronjob should run within the same OpenShift
environment as the target API Connect cluster.
About this task
You can configure the apic-configsync utility to run as a cronjob in an API
Connect deployment running on OpenShift or Cloud Pak for Integration. The
apic-configsync utility should run as close to the target cluster as possible,
so the cronjob should be configured to run within the same OpenShift environment as the target API
Connect cluster.
Procedure
-
Download and extract the API Connect
Config Sync package.
- Extract the Config Sync image from the extracted API Connect Config
Sync package by running the following command:
tar xf ibm-apic-configsync-image.tar.gz
- Copy the extracted Config Sync image to the target registry.
For example, if you use skopeo, run the following command:
skopeo copy --dest-tls-verify=false --dest-registry-token=$(oc whoami -t) dir:./ibm-apic-configsync/ibm-apic-configsync-<version>/<tag> docker://$REGISTRY_HOST/$APIC_PROJECT/ibm-apic-configsync-<version>:<tag>
Replace <version>
and
<tag>
with their actual values. To ensure that you use the
most recent values, copy them from the README file located in the root of the extracted API Connect
Config Sync package.
-
Define the environment variables for
the source and target catalogs.
- Create secrets to host configuration details for the source cluster and the target
cluster.
- Create a secret to host the configuration details for the source cluster in the
namespace where you intend to run the cronjob:
oc create secret --namespace $APIC_PROJECT generic source-catalog-details \
--from-literal=SOURCE_MGMT_SERVER=$SOURCE_MGMT_SERVER \
--from-literal=SOURCE_ORG=$SOURCE_ORG \
--from-literal=SOURCE_REALM=$SOURCE_REALM \
--from-literal=SOURCE_ADMIN_USER=$SOURCE_ADMIN_USER \
--from-literal=SOURCE_ADMIN_PASSWORD=$SOURCE_ADMIN_PASSWORD \
--from-literal=SOURCE_CATALOG=$SOURCE_CATALOG \
--from-literal=SOURCE_TOOLKIT_CREDENTIALS_CLIENTID=$SOURCE_TOOLKIT_CREDENTIALS_CLIENTID \
--from-literal=SOURCE_TOOLKIT_CREDENTIALS_CLIENTSECRET=$SOURCE_TOOLKIT_CREDENTIALS_CLIENTSECRET
- Create a secret to host the configuration details for the target cluster in the
namespace where you intend to run the cronjob:
oc create secret --namespace $APIC_PROJECT generic target-catalog-details \
--from-literal=TARGET_MGMT_SERVER=$TARGET_MGMT_SERVER \
--from-literal=TARGET_ORG=$TARGET_ORG \
--from-literal=TARGET_REALM=$TARGET_REALM \
--from-literal=TARGET_ADMIN_USER=$TARGET_ADMIN_USER \
--from-literal=TARGET_ADMIN_PASSWORD=$TARGET_ADMIN_PASSWORD \
--from-literal=TARGET_CATALOG=$TARGET_CATALOG \
--from-literal=TARGET_TOOLKIT_CREDENTIALS_CLIENTID=$TARGET_TOOLKIT_CREDENTIALS_CLIENTID \
--from-literal=TARGET_TOOLKIT_CREDENTIALS_CLIENTSECRET=$TARGET_TOOLKIT_CREDENTIALS_CLIENTSECRET
- Create the cronjob:
- Open the
helper_files/configsync-cronjob-ocp.yaml
file located in the
extracted API Connect Config Sync package.
- Modify the
schedule
property to specify how frequently the job will
run.
The minimum recommended schedule period is 1 minute; however, a deployment with a large number of
objects might require more time for the job to complete. Because concurrent jobs are not allowed,
the total time between the start of two consecutive jobs might be longer.
- Set the
concurrencyPolicy
to Forbid
.
Config Sync operates on a single source-target catalog pair at a time. If you want to sync
multiple different source-target catalog pairs, create a separate cronjob for each pair.
- In the
image
property, replace the
<APIC_PROJECT>
variable with the namespace (project) where
you will run the cronjob.
- Create the cronjob resource in the cluster by running the following command:
oc --namespace $APIC_PROJECT apply -f helper_files/configsync-cronjob-ocp.yaml