DataPower Gateway for Linux

DataPower® Gateway for Linux® is installed from RPM packages.

The DataPower Gateway runs as an application on a Linux host. The DataPower Gateway requires exclusive access to some host resources. You can control the interaction by configuring the datapower.conf file.

Resource requirements on Linux hosts

To install the DataPower Gateway, the host must meet the following requirements.
  • To install the RPM packages, the host must be running a supported 64-bit version of Linux.
  • 2 GiB of free storage must be available on /opt.
  • 5 GiB of free storage must be available on /var.
  • At least two free loop devices are needed, with another loop device when RAID storage is used.
  • RAID storage, if used, must be configured in the datapower.conf file.
The absolute minimum resource allocation depends on expected workload and edition. After deployment, you can increase resource settings to meet workload requirements.
Note: To install a fix pack with a scrypt4 file on DataPower Gateway Virtual Edition, the minimum RAM requirement is 8 GB. Before you install a fix pack, validate that you have the appropriate memory allocation. If not, increase the memory for the firmware change operation. After the operation completes, you can decrease the memory allocation.
Without API workload
The minimum resource allocation is 4 vCPU (virtual processors) and 4 GB RAM.
With API workload
The minimum resource allocation is 4 vCPU and 8 GB RAM independent of edition.

The datapower.conf file

The DataPower service reads the /opt/ibm/datapower/datapower.conf file on startup. The file sets directives for features such as local: and config: directory mapping, RAID configuration, and standalone standby control. For a change to take effect, restart the DataPower service. The datapower.conf file contains self-explanatory comments for each directive.

Attention: Do not modify the datapower.conf until after you installed the RPMs. With the following directive on initial startup or after you run the reinitialize command, you are not prompted to set operational modes or change the default password for the admin account as explained in Initializing the DataPower Gateway. In other words, you want different startup processing for the initial startup than for each subsequent startup.
DataPowerAcceptLicense=true
For this directive specifically, you want it to be false for the cited cases. In other words, you want to follow the following steps.
  1. Install the RPMs
  2. Log in to DataPower service, and complete the initialization. Be sure to save the configuration with the following command sequence.
    top;configure terminal;write memory
  3. Edit the datapower.conf file to change the DataPowerAcceptLicense directive to true.
  4. Restart the DataPower service with the systemctl restart datapower command.

With these steps, you do not need to access the DataPower GUI to accept the terms of license agreements.

By default, the startup of the DataPower service is as follows.

  • Standby control is not enabled
  • RAID function is not enabled
  • The service uses all available CPUs
  • The service uses all available memory
  • The service reads and writes config: and local: inside its own file system
  • Free encrypted space is 4 GiB
  • License agreements require manual acceptance in the DataPower GUI

The following list explains each directive in the datapower.conf file.

High availability that the DataPower service manages
EnableStandbyControl=[ true | false ]
By default, high availability is not enabled for the DataPower service. In this state, the following conditions apply.
  • Standby control is not enabled.
  • The DataPower service does not modify the iptables and ip_vs kernel subsystems.
  • The DataPower service does not create a network interface for each standby control group.
When true, the following conditions apply.
  • Standby control is enabled.
  • You cannot have a firewall on the Linux host.
  • The DataPower service is in complete control of the iptables and ip_vs kernel subsystems.
  • The DataPower service creates a network interface for each standby control group.
  • Although self-balancing that requires the Application Optimization feature is available, it is unsupported.

For more information, see Standby control and DataPower Gateway for Linux.

Control how the DataPower service emulates the RAID device
DataPowerRaidDevice=[ (none) | device | file ]
For more information, see Enabling RAID for DataPower for Linux.
Number of CPUs to allocate to the DataPower service
DataPowerCpuCount=number
The directive informs the DataPower service how many CPUs to expect to use. If specified, DataPower acts as though it is running on a host with the specified number of CPUs. If not specified, the DataPower service tunes itself to use all available CPUs. This entry is useful when the DataPower service is not the only application on a host and is routinely needed in Docker.
Total memory to allocate to the DataPower service
DataPowerMemoryLimit=memory_limit
By default, the DataPower service assumes that all available memory is dedicated to it. Specifying DataPowerMemoryLimit allows the DataPower service to better coexist with other applications. If the specification is less than the minimum 4096 MiB, then 4096 MiB is used. If the specification is greater than total memory available to the system, then the host system's total memory is used. This entry is useful when the DataPower service is not the only application on a host and is routinely needed in Docker.
External directory access for the DataPower service
DataPowerConfigDir=path
DataPowerLocalDir=path
By default, the DataPower service reads and writes to the config: and local: directories from its own file system. When specified, the DataPower service reads and writes to the user-specified directories in the Linux file system.
Directory mapping can impact your workflow.
  • You can use any DataPower management interface to save changes externally.
  • You can enforce version control on file changes that are reflected in the local: and config: directories.
  • The mapped config: directory is used for DataPower configuration files.
  • The mapped local: directory is used for files that are associated with DataPower processing such as custom processing files.
Primary disk device size for the encrypted /var file system of the DataPower service
DataPowerImageSize=disk_space
The minimum free disk space is sufficient for basic operations of the DataPower service but does not support large configurations or disk-space intensive operations such as firmware upgrades. The maximum supported disk size is 16 GiB. Attempts to decrease the disk size are ignored. You can specify the value in bytes, KiB, MiB, or GiB. The following declarations set the disk size to 8 GiB.
  • DataPowerImageSize=8589934592
  • DataPowerImageSize=8388608K
  • DataPowerImageSize=8192M
  • DataPowerImageSize=8G
Accept the terms of the license agreements for the DataPower service
DataPowerAcceptLicense=[ true | false ]
By default, you must access the DataPower GUI to accept the terms of the license agreements. When true, the acceptance of the terms of the license agreements is automatic.
Note: When true, you are not prompted to set operational modes or change the default password for the admin account as explained in Initializing the DataPower Gateway.

What running as an application means

When the DataPower service runs as an application on Linux hosts, the following accommodations apply.
  • The DataPower Gateway runs as root.
  • Depending on the host, the DataPower Gateway is controlled with different commands.
    • When installed from RPM packages, the DataPower Gateway daemon is controlled with the systemctl command.
    • On Docker, the DataPower Gateway is started with the datapower-launch command.
  • The DataPower Gateway inherits many settings and some configuration from the operating system.
    • DNS settings are inherited. You cannot modify the inherited DNS configuration in DataPower. You can modify only in the host. For more information, see DNS settings and DataPower Gateway for Linux.
    • The hostname is inherited. The hostname is the system identifier for the DataPower Gateway in system settings. If you attempt to change the system identifier, the change is silently ignored.
    • Time management, which the operating system handles. Time and date settings are not available on the DataPower Gateway.
    • Network interfaces are used as they are found. The Ethernet, VLAN, and link aggregation interfaces are not available for configuration in the DataPower Gateway.
    • Host aliases are created from the network interfaces that are defined in the operating system. The name for each host alias uses the ethernet_version_n format and its value is the original IP address from the operating system. For example, eth0_ipv4_1 is the host alias that is created for the first IP address on eth0 that uses IPv4.
  • Sysplex target control service is not available.
  • The installation wizard, started with the startup command, is not available.

DataPower Gateway for Docker compared to DataPower Gateway for Linux

Although DataPower Gateway for Linux can run inside a Docker container, DataPower Gateway for Docker is more flexible, less resource intensive, requires fewer privileges, and requires less preparation work. Therefore, DataPower Gateway for Docker is the preferable approach to deploy a DataPower Gateway in a Docker container.