Installing the Component Pack's connections-env
Install the connections-env Helm chart, which is required for all three offerings (Customizer, Elasticsearch and Orient Me) of the Component Pack for IBM Connections™.
Installing the connections-env Helm chart
The command for installing connections-env depends on whether SSL is enforced for the Connections deployment and whether you are installing in a SPNEGO environment.
With Connections, you can enforce SSL directly by updating the LotusConnections-config.xml file to set the forceConfidentialCommunications flag to true. If you enable this setting, then you must also enforce SSL for communications between the Orient Me component and Connections; otherwise users will not be able to Like, comment on, or post updates to tiles in Orient Me.
Install the connections-env Helm chart using the appropriate command for your SSL setting.
- Install when SSL is enforced
If forceConfidentialCommunications flag is set to true, run the following command to install connections-env, replacing the ic.host value with the FQDN of your IBM Connections front door address (for example, the load balancer), and replacing ic.internal with the FQDN of your IBM Connections HTTP server.
Note: By default, deployment is done to the connections namespace. If you created a namespace with a different name and would like to deploy there, the following extra value must be included in the helm install command: namespace=namespaceIf you are also configuring the mail service in a SPNEGO environment, add those settings to the command.
helm install \ --name=connections-env extractedFolder/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20190122-110818.tgz \ --set \ onPrem=true,\ createSecret=false,\ ic.host=ic_front_door,\ ic.internal=ic_http_server,\ ic.interserviceOpengraphPort=443,\ ic.interserviceConnectionsPort=443,\ ic.interserviceScheme=https
You can verify the installation by running the helm list command. A successful installation shows the chart with a status of DEPLOYED.
- Install when SSL is not enforced
If forceConfidentialCommunications flag is set to false, run the following command to install connections-env, replacing the ic.host value with the FQDN of your IBM Connections front door address (for example, the load balancer), and ic.internal with the FQDN of your IBM Connections HTTP server.
Note: By default, deployment is done to the connections namespace. If you created a namespace with a different name and would like to deploy there, the following extra value must be included in the helm install command: namespace=namespaceIf you are also configuring the mail service in a SPNEGO environment, add those settings to the command.
helm install \ --name=connections-env <extracted_folder>/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20190122-110818.tgz \ --set \ onPrem=true,\ createSecret=false,\ ic.host=ic_front_door,\ ic.internal=ic_http_server
You can verify the installation by running the helm list command. A successful installation shows the chart with a status of DEPLOYED.
Configuring the mail service if SPNEGO is enabled
For environments that use SPNEGO, the settings described in Table 1 must be included in the Helm install command if you wish to configure the mail service.
Setting | Description |
---|---|
mail.spn | Service Principal Name (SPN) of the Connections server |
mail.server.host | Mail server host name |
mail.server.type | Mail server type |
mail.server.spn | Service Principal Name (SPN) of the Microsoft Exchange server |
For example:
helm install \
--name=connections-env <extracted_folder>/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20190122-110818.tgz \
--set \
onPrem=true,\
createSecret=false,\
ic.host=ic_front_door,\
ic.internal=ic_http_server,\
mail.spn=HTTP/connections.litbg2012r2.example.com@LITBG2012R2.EXAMPLE.COM,\
mail.server.type=Exchange2010,\
mail.server.host=adsw81.email.example.com,\
mail.server.spn=HTTP/exchange-server.litbg2012r2.example.com@LITBG2012R2.EXAMPLE.COM
Enabling interservice communications
When you install the connections-env Helm chart, you provide both the ic.host (front door) and ic.internal (HTTP server) values. All interservice communications use the ic.internal value to avoid sending traffic out through the front door -- this approach makes your environment more efficient.
- Enforce the use of SSL (set forceConfidentialCommunications to true) and then update the connections-env deployment.
- Configure the Connections server to answer in HTTPS by creating an httpsIndicatorHeader custom property in IBM® WebSphere® Application Server. For information, see Web container custom properties in the WebSphere Application Server documentation.
Updating the connections-env deployment to enforce SSL
If you installed connections-env without enforcing SSL communication and now want to enforce SSL communication, you can do so by running a helm upgrade with the following command.
helm upgrade \
connections-env <extracted_folder>/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20190122-110818.tgz \
--set \
onPrem=true,\
createSecret=false,\
ic.host=ic_front_door,\
ic.internal=ic_http_server,\
ic.interserviceOpengraphPort=443,\
ic.interserviceConnectionsPort=443,\
ic.interserviceScheme=https
You can verify the installation by running the helm list command. A successful update shows the chart with a status of DEPLOYED.