Bringing up the Hyper Protect Secure Build on the KVM LPAR

1. To create the Hyper Protect Virtual Servers in KVM LPARS, follow the instructions in Example of bringing up IBM Hyper Protect Virtual Servers on a KVM host by using the virsh utility. Note that you must provide the combined env and workload section obtained from the previous step, and use them as the content of the user-data file for deployment.

2. Once the instance is up and running, map the container IP with the hostname in the /etc/hosts file that was given during the certificate creation. For example:

   192.168.x.170 sbs.example.com
   

   Note that if the secure-build-cli is not cloned on the KVM LPAR and you need to access container application from outside of the LPAR, you need to apply ip table rules as the following commands:

   iptables -I FORWARD -o virbr0 -p tcp -d 192.168.x.170 --dport 443 -j ACCEPT
   
   iptables -t nat -I PREROUTING -p tcp -d 9.20.x.99 --dport 8082 -j DNAT --to 192.168.x.170:443
   

   In the example, 192.168.x.170 is the IP of the guest VSI (HPSB server) and 9.20.x.99 is the KVM Host IP. 8082 is the Host Port.

3. Change the value of CICD_PORT in the sbs-config.json to the Host Port used while applying the IP table rules. For example:

    "CICD_PORT": "8082",
   

4. Map the KVM Host IP with the hostname in the /etc/hosts file, if the repository for Secure Build cli is not cloned on the KVM LPAR. For example:

   9.20.x.99 sbs.example.com