Steps required to install Sterling External Authentication Server (SEAS) on OpenShift on the IBM Cloud
Download the following file from Passport Advantage:
- IBM Sterling External Authentication Server V 6.0.2 for RHOCP English
- Login on OpenShift
git clone https://github.com/ebasso/sterling-b2b-oncloud.git
cd sterling-b2b-oncloud/seas-openshift-ibmcloud- Login on OpenShift
oc login --token=sha256~... --server=https://...containers.cloud.ibm.com:31234- Create a new project on OpenShift for SEAS
oc new-project sterling-seasSetup RH OpenShift Image Registry
- Get and export variable
oc get route image-registry -n openshift-image-registry
export MY_IMG_REGISTRY=image-registry-openshift-image-registry....us-south.containers.appdomain.cloud- Change to SEAS Project and export project
oc project sterling-seas
export MY_SEAS_PROJECT=sterling-seas- Browse to the location where you have downloaded the SEAS container image.
unzip ../SEAS.V6020.Docker.tar.zip
tar -xvf SEAS.V6020.Docker.tar
tar -xvf seas_6020_docker.tar
tar -xvf seas_6020_helmchart.tar
rm SEAS.V6020.Docker.tar
rm seas_6020_docker.tar
rm seas_6020_helmchart.tar- Login to Registry. Load/tag/push and check.
docker login -u $(oc whoami) -p $(oc whoami -t) $MY_IMG_REGISTRY
docker load -i seas_docker_image_6020.tar
docker tag seas-docker-image:6.0.2.0 $MY_IMG_REGISTRY/$MY_SEAS_PROJECT/seas-docker-image:6.0.2.0
docker push $MY_IMG_REGISTRY/$MY_SEAS_PROJECT/seas-docker-image:6.0.2.0
- Check result
oc get imagestream - Returno do previous directory and extract the helm charts
cd <CHANGE HERE>/seas-openshift-ibmcloud
tar -xzvf <Downloads_Directory>/ibm-seas-1.1.0.tgzFollow the article Deploy Sterling Toolkit on OpenShift to setup toolkit
- Get pod information
oc project sterling-tookit
oc get pods
NAME READY STATUS RESTARTS AGE
sterling-tookit-59.. 1/1 Running 0 73mExport Toolkit Pod
export MY_TOOLKIT_POD=sterling-tookit-59..- Connect to Pod and setup directories
oc rsh pod/$MY_TOOLKIT_PODcd /var/nfs-data/
mkdir -p seas
chmod -R a+rwx seas
chown -R 1000:1000 seas
exit- Define our project
oc project sterling-seas- Change directory and setup permissions on OpenShift
cd ibm-seas/ibm_cloud_pak/pak_extensions/pre-install/clusterAdministration
sh createSecurityClusterPrereqs.sh
cd ../../../../..- Change Rolebinding
cd ibm-seas/ibm_cloud_pak/pak_extensions/pre-install/namespaceAdministration
sh createSecurityNamespacePrereqs.sh sterling-seas
cd ../../../../..
- Locate the required information on the default storage volume
oc get pv -n openshift-image-registry
NAME CAPACITY ACCESS MOD RECLAIM POLICY STATUS CLAIM STORAGECLASS
...
pvc-99... 100Gi RWX Delete Bound openshift-image-registry/image-registry-storage ibmc-file-gold
...
- Get the details of the PV
oc describe pv pvc-99...
...
failure-domain.beta.kubernetes.io/region=us-south
failure-domain.beta.kubernetes.io/zone=dal10
...
Type: NFS (an NFS mount that lasts the lifetime of a pod)
Server: fsf-xxxxxxx-xx.adn.networklayer.com
Path: /IBMxxSEVxxxxxxx_xx/data01
...- Create file my-seas-pv.yaml, change from previous command:
cp seas-pv-nfs.yaml my-seas-pv-nfs.yaml
- Allocate PV/PVC
oc create -f my-seas-pv-nfs.yaml- Change file my-seas-secrets.yaml for passphrase
echo -n "Passw0rd@123" | base64- Change file my-seas-secrets.yaml for password
echo -n "passw0rd" | base64- Create secrets
cp seas-secrets.yaml my-seas-secrets.yaml
oc create -f my-seas-secrets.yaml- Create file my-seas-override.yaml, and change
cp seas-override.yaml my-seas-override.yaml
- Deploy with Helm
cd ibm-seas
helm install seas --namespace sterling-seas --timeout 120m0s -f ../my-seas-override.yaml .You can check install using this commands:
$ oc get pods
NAME READY STATUS RESTARTS AGE
seasXXXXX 1/1 Running 0 24s
$ oc logs -f seasXXXXX$ oc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
seasXXXXX LoadBalancer 172.xx.xx.131 52.xxx.xxx.16 ..../TCP 5m46s