Installing the Component Pack's connections-env

Install the connections-env Helm chart, which is required for all three offerings (Customizer, Elasticsearch and Orient Me) of the Component Pack for HCL Connections.

Attention: Before attempting to install the connections-env Helm chart, review of the sections in this topic to ensure that you use the appropriate settings for your deployment.

Installing the connections-env Helm chart

The command for installing connections-env depends on whether SSL is enforced for the Connections deployment and whether you are installing in a SPNEGO environment.

With Connections, you can enforce SSL directly by updating the LotusConnections-config.xml file to set the forceConfidentialCommunications flag to true. If you enable this setting, then you must also enforce SSL for communications between the Orient Me component and Connections; otherwise users will not be able to Like, comment on, or post updates to tiles in Orient Me.

Install the connections-env Helm chart using the appropriate command for your SSL setting.

Install when SSL is enforced

If forceConfidentialCommunications flag is set to true, run the following command to install connections-env, replacing the ic.host value with the FQDN of your Connections front door address (for example, the load balancer), and replacing ic.internal with the FQDN of your Connections HTTP server.

Note: By default, deployment is done to the connections namespace. If you created a namespace with a different name and would like to deploy there, the following extra value must be included in the helm install command: namespace=namespace

If you are also configuring the mail service in a SPNEGO environment, add those settings to the command.

helm install \
--name=connections-env extractedFolder/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20191121-232052.tgz
 \
--set \
onPrem=true,\
createSecret=false,\
ic.host=ic_front_door,\
ic.internal=ic_http_server,\
ic.interserviceOpengraphPort=443,\
ic.interserviceConnectionsPort=443,\
ic.interserviceScheme=https

You can verify the installation by running the helm list command. A successful installation shows the chart with a status of DEPLOYED.

Install when SSL is not enforced

If forceConfidentialCommunications flag is set to false, run the following command to install connections-env, replacing the ic.host value with the FQDN of your Connections front door address (for example, the load balancer), and ic.internal with the FQDN of your Connections HTTP server.

Note: By default, deployment is done to the connections namespace. If you created a namespace with a different name and would like to deploy there, the following extra value must be included in the helm install command: namespace=namespace

If you are also configuring the mail service in a SPNEGO environment, add those settings to the command.

helm install \
--name=connections-env <extracted_folder>/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20191121-232052.tgz
 \
--set \
onPrem=true,\
createSecret=false,\
ic.host=ic_front_door,\
ic.internal=ic_http_server

You can verify the installation by running the helm list command. A successful installation shows the chart with a status of DEPLOYED.

Configuring the mail service if SPNEGO is enabled

For environments that use SPNEGO, the settings described in Table 1 must be included in the Helm install command if you wish to configure the mail service.

Table 1. Settings for configuring the mail service
Setting Description
mail.spn Service Principal Name (SPN) of the Connections server
mail.server.host Mail server host name
mail.server.type Mail server type
mail.server.spn Service Principal Name (SPN) of the Microsoft Exchange server

For example:

helm install \
--name=connections-env <extracted_folder>/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20191121-232052.tgz \
--set \
onPrem=true,\
createSecret=false,\
ic.host=ic_front_door,\
ic.internal=ic_http_server,\
mail.spn=HTTP/connections.litbg2012r2.example.com@LITBG2012R2.EXAMPLE.COM,\
mail.server.type=Exchange2010,\
mail.server.host=adsw81.email.example.com,\
mail.server.spn=HTTP/exchange-server.litbg2012r2.example.com@LITBG2012R2.EXAMPLE.COM

Enabling interservice communications

When you install the connections-env Helm chart, you provide both the ic.host (front door) and ic.internal (HTTP server) values. All interservice communications use the ic.internal value to avoid sending traffic out through the front door -- this approach makes your environment more efficient.

However, if you deploy connections-env in an environment where the forceConfidentialCommunications flag is set to false and your HCL Connections server is not configured to answer in HTTPS, then some interservice header requests will use the ic.host (front door) value. If using the ic.host presents a problem in your environment (for example, if a firewall rule blocks traffic from the Component Pack servers to the front door address), then you can use one of the following methods to enable the interservice communications:
  • Enforce the use of SSL (set forceConfidentialCommunications to true) and then update the connections-env deployment.
  • Configure the Connections server to answer in HTTPS by creating an httpsIndicatorHeader custom property in IBM® WebSphere® Application Server. For information, see Web container custom properties in the WebSphere® Application Server documentation.

Updating the connections-env deployment to enforce SSL

If you installed connections-env without enforcing SSL communication and now want to enforce SSL communication, you can do so by running a helm upgrade with the following command.

Note: By default, deployment is done to the connections namespace. If you created a namespace with a different name and would like to deploy there, the following extra value must be included in the helm install command: namespace=namespace
helm upgrade \
connections-env <extracted_folder>/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20191121-232052.tgz \
--set \
onPrem=true,\
createSecret=false,\
ic.host=ic_front_door,\
ic.internal=ic_http_server,\
ic.interserviceOpengraphPort=443,\
ic.interserviceConnectionsPort=443,\
ic.interserviceScheme=https

You can verify the installation by running the helm list command. A successful update shows the chart with a status of DEPLOYED.