IBM Cloud Pak Deployments

This topic provides instructions for deploying AnzoGraph DB with IBM Cloud Pak.

Prerequisites

Before deploying AnzoGraph install the following applications on your workstation:

Deploying AnzoGraph with Cloud Pak

Follow the instructions below to deploy AnzoGraph.

  1. Log in to the OpenShift client:
    oc login openshiftURL:port 
  2. Run the following command to retrieve the internal registry information:
    oc registry info
  3. Add the internal registry to the insecure registry list in the Docker daemon. For instructions, see Test an insecure registry in the Docker documentation.
  4. Run the following command to log in to Docker:
    docker login -u admin -p $(oc whoami -t) $(oc registry info)
  5. To offer versatility for different types of environments and deployment preferences, Cambridge Semantics provides three AnzoGraph DB container images:
    • anzograph (all-in-one image): The all-in-one image includes the front end (user interface) as well the back end (database) in one image.
    • anzograph-frontend (user interface): The front end image includes the user interface only. One front end client can connect to multiple AnzoGraph DB instances, or multiple users can deploy the front end locally and use it to access a central AnzoGraph DB cluster.
    • anzograph-db (back end/database): The back end image includes the database only. If you have existing client applications to use with AnzoGraph DB and do not need the front end, you can deploy the database by itself.

    See Red Hat Container Registry Authentication for information about accessing the Red Hat registry. Then run the following commands as needed to pull the desired AnzoGraph DB images from registry.connect.redhat.com:

    docker pull registry.connect.redhat.com/cambridgesemantics/anzograph
    docker pull registry.connect.redhat.com/cambridgesemantics/anzograph-frontend
    docker pull registry.connect.redhat.com/cambridgesemantics/anzograph-db
  6. Run the following Docker commands to tag the images and push them to the internal repository. Run the commands for each of the images that you want to push to the repository:

    Run the docker images command to return the list of images and view the image IDs, image names, and tags.

    docker tag image_id internal_repo/cambridgesemantics/image_name:tag
    docker push internal_repo/cambridgesemantics/image_name:tag
  7. Run the following command to create an OpenShift Service Account:
    oc -n namespace create serviceaccount service_account_name
  8. Run the following command to provide access to the service account to pull images from the internal registry:
    oc policy add-role-to-user \
    system:image-puller system:serviceaccount:namespace:service_account_name \
    --namespace=cambridgesemantics
  9. Create a Security Context Constraint (SCC) for the service account to be able to start the AnzoGraph container as root. Note that the actual service in the container runs unprivileged.
    1. Create a file called scc.yml and add the following contents to the file:
      apiVersion: security.openshift.io/v1
      kind: SecurityContextConstraints
      
      metadata:
        name: csi-anyuid
        namespace: namespace
      priority: 10
      runAsUser:
        type: RunAsAny
      seLinuxContext:
        type: MustRunAs
      supplementalGroups:
        type: RunAsAny
      fsGroup:
        type: RunAsAny
      users:
      - system:serviceaccount:namespace:service_account_name
    2. Save the file and then run the following command to give OpenShift the SCC resource specification:
      oc create -f scc.yml
  10. Configure Helm for use with your version of Cloud Pak. First, change directories to the Helm directory:
    cd ~/.helm

    Then run the appropriate commands below depending on your version of Cloud Pak:

    Cloud Pak 2.5

    tiller_pod=$(oc  get  po  |  grep  icpd-till  |  awk  '{print  $1}');
    oc  cp  ${tiller_pod}:etc/certs/..data/helm.cert.pem  cert.pem;
    oc  cp  ${tiller_pod}:etc/certs/..data/helm.key.pem  key.pem

    Cloud Pak 3.0+

    cd $HELM_HOME && ocget secret helm-secret -n $TILLER_NAMESPACE -o yaml|grep 
        -A3 '^data:'|tail -3 | awk -F: '{system("echo "$2" |base64 --decode > "$1)}'
    export HELM_TLS_CA_CERT=$HELM_HOME/ca.cert.pem
    export HELM_TLS_CERT=$HELM_HOME/helm.cert.pem
    export HELM_TLS_KEY=$HELM_HOME/helm.key.pem
    export  TILLER_NAMESPACE=zen
    helm  version  --tls
  11. Deploy AnzoGraph DB with Helm. See Deploying AnzoGraph with Helm for instructions.

    The AnzoGraph Helm chart includes sample-values files. Use the values04-ibm-cloud-pak-data.yaml sample file for your deployment and customize the values as needed. In the .yaml file, make sure that you update the serviceAccountName value with the OpenShift Service Acccount (service_account_name from the previous steps).

  12. When you have finished deploying AnzoGraph DB, run the following command to create a route to expose the AnzoGraph DB service:
    oc create route passthrough --service=anzograph-helm_release_name-frontend-lb --port=https anzograph
  13. (Optional) Create a route to expose the AnzoGraph DB Open Data Protocol (OData) service. The OData service enables users to generate OData-based feeds that can be used to access AnzoGraph programmatically via a RESTful API or from business intelligence tools such as TIBCO Spotfire, Tableau, and Microsoft Power BI. Run the following command to create an OData route:
    oc create route passthrough --service=anzograph-helm_release_name-frontend-lb --port=http odata
Related Topics