IBM Cloud Pak Deployments

This topic provides instructions for deploying AnzoGraph DB with IBM Cloud Pak.

Prerequisites

Before deploying AnzoGraph DB install the following applications on your workstation:

• Helm Version 2 or 3: See Installing Helm in the Helm documentation.
• Docker Engine: See the Docker documentation for instructions.
• OpenShift CLI: See the OpenShift documentation for installation instructions.

Deploying AnzoGraph with Cloud Pak

Follow the instructions below to deploy AnzoGraph DB.

1. Log in to the OpenShift client:

   oc login openshiftURL:port 

2. Run the following command to retrieve the internal registry information:

   oc registry info

3. Add the internal registry to the insecure registry list in the Docker daemon. For instructions, see Test an insecure registry in the Docker documentation.
4. Run the following command to log in to Docker:

   docker login -u admin -p $(oc whoami -t) $(oc registry info)

5. To offer versatility for different types of environments and deployment preferences, Cambridge Semantics provides three AnzoGraph DB DB container images:
   • anzograph (all-in-one image): The all-in-one image includes the front end (user interface) as well the back end (database) in one image.
   • anzograph-frontend (user interface): The front end image includes the user interface only. One front end client can connect to multiple AnzoGraph DB DB instances, or multiple users can deploy the front end locally and use it to access a central AnzoGraph DB DB cluster.
   • anzograph-db (back end/database): The back end image includes the database only. If you have existing client applications to use with AnzoGraph DB DB and do not need the front end, you can deploy the database by itself.

   See Red Hat Container Registry Authentication for information about accessing the Red Hat registry. Then run the following commands as needed to pull the desired AnzoGraph DB DB images from registry.connect.redhat.com:

   docker pull registry.connect.redhat.com/cambridgesemantics/anzograph

   docker pull registry.connect.redhat.com/cambridgesemantics/anzograph-frontend

   docker pull registry.connect.redhat.com/cambridgesemantics/anzograph-db

6. Run the following Docker commands to tag the images and push them to the internal repository. Run the commands for each of the images that you want to push to the repository:

Run the docker images command to return the list of images and view the image IDs, image names, and tags.

docker tag image_id internal_repo/cambridgesemantics/image_name:tag

docker push internal_repo/cambridgesemantics/image_name:tag

7. Run the following command to create an OpenShift Service Account:

   oc -n namespace create serviceaccount service_account_name

8. Run the following command to provide access to the service account to pull images from the internal registry:

   oc policy add-role-to-user \
   system:image-puller system:serviceaccount:namespace:service_account_name \
   --namespace=cambridgesemantics

9. Create a Security Context Constraint (SCC) for the service account to be able to start the AnzoGraph container as root. Note that the actual service in the container runs unprivileged.
   1. Create a file called scc.yml and add the following contents to the file:

      apiVersion: security.openshift.io/v1
      kind: SecurityContextConstraints
      
      metadata:
        name: csi-anyuid
        namespace: namespace
      priority: 10
      runAsUser:
        type: RunAsAny
      seLinuxContext:
        type: MustRunAs
      supplementalGroups:
        type: RunAsAny
      fsGroup:
        type: RunAsAny
      users:
      - system:serviceaccount:namespace:service_account_name

   2. Save the file and then run the following command to give OpenShift the SCC resource specification:

      oc create -f scc.yml

10. Configure Helm for use with your version of Cloud Pak. First, change directories to the Helm directory:

    cd ~/.helm

    Then run the appropriate commands below depending on your version of Cloud Pak:

    Cloud Pak 2.5

    tiller_pod=$(oc  get  po  |  grep  icpd-till  |  awk  '{print  $1}');
    oc  cp  ${tiller_pod}:etc/certs/..data/helm.cert.pem  cert.pem;
    oc  cp  ${tiller_pod}:etc/certs/..data/helm.key.pem  key.pem

    Cloud Pak 3.0+

    cd $HELM_HOME && ocget secret helm-secret -n $TILLER_NAMESPACE -o yaml|grep 
        -A3 '^data:'|tail -3 | awk -F: '{system("echo "$2" |base64 --decode > "$1)}'

    export HELM_TLS_CA_CERT=$HELM_HOME/ca.cert.pem

    export HELM_TLS_CERT=$HELM_HOME/helm.cert.pem

    export HELM_TLS_KEY=$HELM_HOME/helm.key.pem

    export  TILLER_NAMESPACE=zen

    helm  version  --tls

11. Deploy AnzoGraph DB DB with Helm. See Deploy AnzoGraph DB with Helm for instructions.

    The AnzoGraph DB Helm chart includes sample-values files. Use the values04-ibm-cloud-pak-data.yaml sample file for your deployment and customize the values as needed. In the .yaml file, make sure that you update the serviceAccountName value with the OpenShift Service Acccount (service_account_name from the previous steps).

12. When you have finished deploying AnzoGraph DB DB, run the following command to create a route to expose the AnzoGraph DB DB service:

    oc create route passthrough --service=anzograph-helm_release_name-frontend-lb --port=https anzograph

13. (Optional) Create a route to expose the AnzoGraph DB DB Open Data Protocol (OData) service. The OData service enables users to generate OData-based feeds that can be used to access AnzoGraph DB programmatically via a RESTful API or from business intelligence tools such as TIBCO Spotfire, Tableau, and Microsoft Power BI. Run the following command to create an OData route:

    oc create route passthrough --service=anzograph-helm_release_name-frontend-lb --port=http odata