Bringing up the Hyper Protect Secure Build on the KVM LPAR
To create the Hyper Protect Virtual Servers in KVM LPARS, follow the instructions in Example of bringing up IBM Hyper Protect Virtual Servers on a KVM host by using the virsh utility. Note that you must provide the combined
workloadsection obtained from the previous step, and use them as the content of the
user-datafile for deployment.
Once the instance is up and running, map the container IP with the hostname in the
/etc/hostsfile that was given during the certificate creation. For example:
Note that if the
secure-build-cliis not cloned on the KVM LPAR and you need to access container application from outside of the LPAR, you need to apply ip table rules as the following commands:
iptables -I FORWARD -o virbr0 -p tcp -d 192.168.x.170 --dport 443 -j ACCEPT iptables -t nat -I PREROUTING -p tcp -d 9.20.x.99 --dport 8082 -j DNAT --to 192.168.x.170:443
In the example,
192.168.x.170is the IP of the guest VSI (HPSB server) and
9.20.x.99is the KVM Host IP.
8082is the Host Port.
Change the value of
sbs-config.jsonto the Host Port used while applying the IP table rules. For example:
Map the KVM Host IP with the hostname in the
/etc/hostsfile, if the repository for Secure Build cli is not cloned on the KVM LPAR. For example: