Optional: Preparing customized versions of JDBC drivers and ICCSAP libraries
The Cloud Pak operator includes a single version of Db2 (db2jcc4.jar), Oracle (ojdbc8.jar), Microsoft SQL Server (mssql-jdbc.jre8.jar), and PostgreSQL (postgresql-42.7.2.jar) JDBC drivers to use in your production deployments. If you need to use other versions, then you must package these files into a compressed file and use the sc_drivers_url configuration parameter to download them from an accessible web server. If you need IBM Content Collector for SAP Applications libraries, you must also put them inside the compressed file.
Before you begin
Procedure
- Prepare your JDBC files and organize them into the following folder structure:
Add JDBC drivers for Business Automation Navigator and all the other patterns in your deployment that need them. For more information about compatible JDBC drivers, see Db2 JDBC information, Oracle JDBC information, SQL Server JDBC information, and PostgreSQL JDBC information.
The following JAR files are the default versions:
/jdbc/db2/db2jcc4.jar /jdbc/oracle/ojdbc8.jar /jdbc/sqlserver/mssql-jdbc.jre8.jar /jdbc/postgresql/postgresql-42.7.2.jar
The Db2 license file (db2jcc_license_cu.jar) is included in all Db2 server editions and you must take the license file from the Db2 Activation CD or download it from Passport Advantage. For more information, see Db2 license files.
For Oracle, you must download the required JDBC JAR and other companion JAR files such as orai18n.jar, oraclepki.jar, osdt_core.jar, osdt_cert.jar from the Oracle Technology Network JDBC Download Page.
If you want to deploy Application Engine or playback server and use a customized JDBC driver for Oracle, then you need ODPI-C applications with Oracle Instant Client to connect to the database. Download the Oracle Instant Client compressed file from Oracle Instant Client Download Page. Download the Oracle Instant Client file required for your operating system. Extract the file and copy the extracted files to the/oracle_node
directory as shown in the following example:/jdbc/oracle_node/<extracted files>
-
Download the SAP Netweaver SDK 7.50 library from the SAP Service Marketplace or SAP NW RFC SDK 7.50. Ensure that the library includes the
following files: libicudata.so.50, libicudecnumber.so, libicui18n.so.50, libicuuc.so.50,
libsapnwrfc.so, and libsapucum.so.
Note: You need an SAP Support user (S-user) ID to access the SAP Service Marketplace.
- Download the SAP Cryptographic Library version 8 from the SAP Service Marketplace or COMMONCRYPTOLIB 8. Ensure that the library includes the following file: libsapcrypto.so.
- Download the SAP Java Connector Release 3.1 from the SAP Service Marketplace or SAP JCO 3.1. Ensure that the library includes the following file: sapjco3.
- Extract all the content of the packages to a saplibs directory and
give read and write permissions to the directory by running the chmod
command.
/saplibs/libicudata.so.50 /saplibs/libicudecnumber.so /saplibs/libicui18n.so.50 /saplibs/libicuuc.so.50 /saplibs/libsapcrypto.so /saplibs/libsapjco3.so /saplibs/libsapnwrfc.so /saplibs/libsapucum.so /saplibs/sapjco3.jar
- Compress them into a file (.zip, .tar,
.tar.gz, .tar.bz2, .tar.xz) by
running the following command.
zip -r $localpath_to_zip/jdbc.zip jdbc saplibs
The command generates the path and file name: $localpath_to_zip/jdbc.zip.
- Use HTTPd as a download service for the JDBC files.
- Choice 1: Use the HTTPd docker image to start a container with the name
http
.- Start a HTTPd container by running the following command.
docker run -dit --name http -p 8888:80 httpd
- Open the container by using the URL http://hostname:8888. The hostname is
where you run the HTTPd docker image. It displays the following message:
"it works!"
- Copy the compressed file to the docker container by running the following
command.
docker cp $localpath_to_zip/jdbc.zip http:/usr/local/apache2/htdocs
- Start a HTTPd container by running the following command.
- Choice 2: Use a HTTP Server as a download service for the JDBC files.Attention: The CP4BA deployment and operators do not maintain this HTTP Server, so make sure that the container is protected against breaches, malware, and malicious actors.
- Go to the target project of your Cloud Pak for Business Automation deployment
(
cp4ba-project
).oc project <cp4ba-project>
- Allocate a PVC. Tip: If you already have a PVC that can be used to store the JDBC drivers, then you can ignore the step to create a PVC.
- Create a PVC by running the following command.
oc apply -f - <<EOF apiVersion: v1 kind: PersistentVolumeClaim metadata: name: jdbc-driver-pvc spec: accessModes: - ReadOnlyMany storageClassName: <storage-class-name> resources: requests: storage: 100Mi EOF
Make sure that you replace <storage-class-name> with a storage class in your cluster.
- Create a dummy pod and mount the PVC that you created.Note: Use any valid image to create your dummy pod, such as BusyBox. The following example uses
image: image-registry.openshift-image-registry.svc:5000/openshift/httpd
, but in an air-gap environment you must use the digest (SHA Hash) of the image.oc apply -f - <<EOF apiVersion: v1 kind: Pod metadata: name: dummy labels: run: dummy spec: containers: - name: mycontainer image: image-registry.openshift-image-registry.svc:5000/openshift/httpd volumeMounts: - name: tmp-mount mountPath: /mnt volumes: - name: tmp-mount persistentVolumeClaim: claimName: jdbc-driver-pvc EOF
- Create a PVC by running the following command.
- Copy the $localpath_to_zip/jdbc.zip to the
PVC.
oc cp $localpath_to_zip/jdbc.zip $(oc get pod --selector=run=dummy -o=jsonpath='{.items[*].metadata.name}'):/mnt
- Create the HTTP Server and mount the PVC.
- Create the
cp4ba-driver-http
service by running the following command.oc new-app httpd --name=cp4ba-driver-http
Important: The container must be run as non-root and deny privilege escalation (securityContext.runAsNonRoot=true
,securityContext.allowPrivilegeEscalation=false
) to prevent the risk of any exploitation. - Mount the PVC to the
cp4ba-driver-http
service.oc patch deployment cp4ba-driver-http --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/volumes", "value": [{"name": "jdbc-driver","persistentVolumeClaim": {"claimName": "jdbc-driver-pvc"}}]}]' oc patch deployment cp4ba-driver-http --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/volumeMounts", "value": [{"name": "jdbc-driver","mountPath": "/var/www/html"}]}]'
- Verify that the JDBC drivers can be downloaded from the command line by running one of the
following
commands.
oc exec -it $(oc get pod --selector=run=dummy -o=jsonpath='{.items[*].metadata.name}') -- bash curl -o /tmp/jdbc.zip http://cp4ba-driver-http:8080/jdbc.zip -s
curl -o /tmp/jdbc.zip https://cp4ba-driver-http:8443/jdbc.zip -k -s ls -lrt /tmp
- You can delete the dummy pod after the Cloud Pak for Business Automation operator downloads
the compressed file. For more information, see step 8.
oc delete pod $(oc get pod --selector=run=dummy -o=jsonpath='\{.items[*].metadata.name}')
- Create the
- Go to the target project of your Cloud Pak for Business Automation deployment
(
- Choice 1: Use the HTTPd docker image to start a container with the name
- The Cloud Pak for Business Automation operator downloads
the compressed file when you set the value of the custom resource (CR)
sc_drivers_url parameter to the URL of the file in the HTTPd container.
You set the values of the CR parameters when you create an instance of the production deployment. The following example shows the URL of the file in the HTTPd container: http://hostname:8888/jdbc.zip. The hostname is where you run the HTTPd docker image.
shared_configuration: sc_drivers_url: http://hostname:8888/jdbc.zip
The following example shows the URL of the
cp4ba-driver-http
service.shared_configuration: sc_drivers_url: http://cp4ba-driver-http:8080/jdbc.zip
To update the deployment CR after it is created, run the following command:
oc patch icp4aclusters <cr_name> --type='json' -p '[{"op": "replace", "path": "/spec/shared_configuration/sc_drivers_url", "value": "http://cp4ba-driver-http:8080/jdbc.zip"}]'
What to do next
The next task to complete depends on the capabilities that you selected for your deployment. You must prepare all of these capabilities and any dependencies. Use the instructions on how to prepare your cluster for the capabilities that you want to install. For more information, see Preparing your chosen capabilities.