Starting the Pink story by installing Orient Me

By Martin Schmidt Apr 8, 2017
Starting the Pink story by installing Orient Me

This article lines out all my findings during the test installation of the new Orient Me service for IBM Connections 6.0 on a test system. I will tell you where I had to interprete the documentation of IBM the right way to get the system working.

The new Orient Me page design is similar to Verse and the new IBM Connections 6.0 Community design. In the current status, it seems to mainly display the same items as the activity stream, though in a slightly new design...

The most important part is to get your server and network right!

To install the new system, IBM tells you to prepare 3 servers with hundreds of GB on disk space with huge amount of RAM and a dozen CPUs. For a test system this numbers are way too high. A single server with 4 Cores, 16GB of RAM and 80GB of disk space is sufficient. I even would expect that it would run as additional component on your existing IBM Connections Server when it is large enough, though I did not test it.

When it comes to disk space, you need to interpret the IBM Documentation in the right way: 100GB of disk space does not mean anywhere e.g. /opt as I do it usually when installing IBM Connections. It literally means 100GB of disk space on the root partition. Docker and Kubernetes create their containers in /var/lib/docker and refuse to start, when you tell Docker to place the container in a different directory. The persistent storage is also created in /pv. This can be moved but after I created the large root partition, I never tested it. I used a m3.xlarge AWS EC2 instance with CentOS7 where I extended the root partition during setup using a CloudFormation template.

Make sure, your network correctly resolves your IBM Connections installation. Do not place the name in the hosts file. The Kubernetes dns will not pick it up from there. The name must be part of the DNS server that is used by your master, worker and proxy server. The Kubernetes dns server will import the resolv.conf from your master server and then use it for his root dns server. I will tell you later how you can test your configuration.

The most worrisome part is the root password. Yes, the installation must be executed as root, root password login must be possible and you need somebody close to you who knows the root password. The root password must be equally on all master, worker and proxy server. I have not tested yet what happens when you disable root login after installation. I suppose it is possible as the installer uses the root password to deploy a ssh key for automatic login. When using the AWS CentOS image, update /etc/ssh/sshd_config with "PasswordAuthentication yes" and set your root password.

Make sure you put deployCfC directory in /opt. This path is hard coded in the command. To install CfC silently, you need to specify all of this parameters:

bash /opt/deployCfC/ \
--boot=$boothostname \
--master=$boothostname \
--worker_list=$workerhostname \
--proxy=$proxyhostname \
--set_mongo_secret="$mongosecret" \
--set_redis_secret="$redissecret" \
--set_search_secret="$searchsecret" \
--set_solr_secret="$solrsecret" \
--set_krb5_secret="./secrets/krb5keytab.yml" \
--root_login_passwd="$rootsecret" \
--set_ic_host="$publichostname" \
--set_ic_admin_user="$ldapadminusr" \
--set_ic_admin_password="$ldapadminpwd" \

The boot and master servers must be the same servers. The worker and the proxy can. The file I used for the krb5_secret is the file that the installer uses when you just press "enter" during interactive installation.

The setup of the persistent volumes is straight forward and I had never any issues with them. As I just set up a single box test server, I did not bother with a NFS server configuration.

Installing the Orient Me images just works fine, as long as you:

  1. have enough disk space in /var/lib
  2. your network setup (dns) is right
  3. you did not change the CfC admin password as admin / admin is hard coded in the installer for the orient me images.
  4. Your IBM Connections Administrator account (the one you specified during CfC installation as ic_admin_user / ic_admin_password ) does not contain an @ sign.

The @ sign bothered me a little bit. The script fails at line 158 or 159 when you use an email address as username. The installer uses sed to extract the username and password. Unfortunately IBM development choose @ as the separator in the sed command. This is a good idea when you expect to have a URL but not when it comes to usernames. The simplest way I found is to use a different username / password without @ or to modify the bin/ script. I modified it like so: (lines 156-160)

sed -i \
-e "s@\"ic-host\".*@\"ic-host\" : \"${ic_host}\",@" \
-e "s/\"ic-admin-user\".*/\"ic-admin-user\" : \"${ic_admin_user}\",/" \

-e "s/\"ic-admin-password\".*/\"ic-admin-password\" : \"${ic_admin_password}\",/" \
-e "s@\"ic-connections-url\".*@\"ic-connections-url\" : \"https://${ic_host}/connections\",@" \

The modifications on the profiles-config.xml, the tdi-profiles-config.xml and the httpd.conf worked without issues.

I always did the redis configuration but I'm still not sure everything worked right. In the 2nd half of the document, you should check if redis is working with the command: redis-cli subscribe connections-events

I always start this command but I never got any output but the information that the community was created is shown in Orient Me. So either the check is not valid or my redis is not configured correctly and the community creation event is showing up for other reasons.

Populating the Orient Me page is lined out in much detail. A one pager as all the other steps would be sufficient in my opinion. Here you should make sure your Kubernetes dns is working as expected. You should, before entering the command "npm run start migrate", check the right resolution of your IBM Connections server. Unfortunately nslookup is not in the docker image but you can use curl. Just enter... curl -k -v 'https://url.of.your.cnx'...and see the output. When you get some html back, your DNS is working as expected. When you get back "Could not resolve host: url.of.your.cnx" you have a network problem.

The configuration of the notifications is also very simple. Unfortunately I'm missing any details on how I can verify if this is working as expected. I never found a way to verify the function.

All in all the installation of Orient Me is simple and straight forward. It can be fully automated if you need.

To access the Orient Me feature use /social. So far, I'm not sure whether it is expected to be seen directly from the existing IBM Connections page withouth header modifcation...

The result is a nice looking page with no new information but presented in a nice way.

The journey to Pink has just begun...