Configuring networks and ports for WML for z/OS IDE
WML for z/OS IDE requires dedicated networks and ports for communication across component systems and services. Some of the ports are predefined while others can be user-defined. You must configure all the required networks and ports in your firewall before the installation of WMLz IDE.
Cluster networks
If you install WMLz IDE on Linux® on Z or Linux, the installer sets up a Kubernetes cluster. The cluster provides high availability to the WML for z/OS web user interface and administration dashboard. Make sure that you configure the cluster to meet the following network requirements:
- All nodes in the cluster must be in the same subnet, each of which is assigned a private static IP address.
- Each node is associated with a gateway within the subnet, regardless whether or not the gateway allows outbound network access.
- The subnet itself is assigned a private static IP address that is to be used as a proxy server address, ensuring high availability of the nodes. The IP address must be offline during the installation.
- The SELinux module on each node is set to "permissive" or "enforcing"
(
SELINUX=permissiveorSELINUX=enforcing) in the /etc/selinux/config file. Restart a node after any setting change. - The cluster firewall must be disabled. The cluster is managed by Kubernetes which uses IP tables for cluster communication.
- The cluster requires two unique IP ranges in CIDR format, one to be used by the Kubernetes service network and the other by the
cluster overlay network.
- Kubernetes service network: A Kubernetes service defines a logical set of pods and a corresponding network policy. It redirects the network traffic to each of the pods at the service's backend. Kubernetes manages the IP range and assigns an IP address to each service. You must assign an IP range for the Kubernetes service network.
- Cluster overlay network: A pod is the basic building block of Kubernetes, which encapsulates an application container. Kubernetes relies on an overlay network to manage how groups of pods are allowed to communicate with each other and other endpoints. You must assign an IP range for the cluster overlay network.
Make sure that the IP ranges are represented by a CIDR notation. CIDR specifies an IP address range by the combination of an IP address and its associated network mask. Take the range of 192.168.0.0/16 as an example. Although 192.168.0.0 is the network IPv4 address itself, the number 16 indicates that the first 16 bits are the network part of the address, and the remaining 16 bits are for host addresses. If the subnet mask is 255.255.0.0, the range can start from 192.168.0.0 to 192.168.255.255.
Carefully select the required IP ranges. As shown in the following example, the ranges must not overlap with each other. The IP addresses in the ranges must not conflict with those used by the WMLz IDE proxy server or your local networks.
Host IP configuration Host network/IP Cluster overlay network Kubernetes service network Host has a single IP 172.16.x.x 192.168.0.0/16 10.0.0.0/16 Host IP conflicts with the overlay network default 192.168.x.x 172.16.0.0/16 10.0.0.0/16 Host has more than one IP address 192.168.x.x, 10.3.x.x 172.16.0.0/16 172.17.0.0/16 - Disable the RHN plugin on all nodes if the nodes do not have access to the Red Hat® network. Keeping the RHN plugin enabled without giving the nodes access to the RHN network prolongs the installation process considerably. Set
enabled=0in the /etc/yum/pluginconf.d/rhnplugin.conf file on all nodes. If necessary, enable the plugin after the installation is completed.
Required ports
The following ports are required for installing and running WMLz IDE on Linux on Z or Linux:
| System or service | Port number | Outbound system | Inbound system |
|---|---|---|---|
| WMLz IDE UI service | 443 | Your network or z/OS Spark system | Linux on Z or Linux system |
| WMLz IDE installer UI service | 3232 | Your network | Linux on Z or Linux system |
| Kubernetes | 2379 2380 6443 |
Linux on Z or Linux system | Linux on Z or Linux system |
| RabbitMQ service | 5671 | Linux on Z, Linux or z/OS Spark system | Linux on Z or Linux system |
After you assign and configure the ports, make sure that all WMLz IDE component systems in your installation can communicate with each other.
Firewall configuration
Instead of a traditional server firewall, Kubernetes uses IP tables for cluster communication. So, disable your cluster firewall. If an extra firewall must be in place, set it up around the cluster, and open the ports in your local network that need to interact with the cluster, such as port 443 for web access.
Ensure that every node in the cluster has a single local host entry in the /etc/hosts file that corresponds to the 127.0.0.1 address. Do not allow any daemon or script process or any cron job to modify the hosts file, IP tables, routing rules, or firewall settings during or after the installation.