Installing the Component Pack's connections-env
Install the connections-env Helm chart, which is required for all three offerings (Customizer, Elasticsearch and Orient Me) of the Component Pack for HCL Connections™.
Installing the connections-env Helm chart
The command for installing connections-env depends on whether SSL is enforced for the Connections deployment and whether you are installing in a SPNEGO environment.
With Connections, you can enforce SSL directly by updating the
LotusConnections-config.xml file to set the
forceConfidentialCommunications
flag to true
. If you enable this
setting, then you must also enforce SSL for communications between the Orient Me component and
Connections; otherwise users will not be able to Like, comment on, or post updates to tiles in
Orient Me.
Install the connections-env Helm chart using the appropriate command for your SSL setting.
- Install when SSL is enforced
-
If
forceConfidentialCommunications
flag is set totrue
, run the following command to install connections-env, replacing theic.host
value with the FQDN of your Connections front door address (for example, the load balancer), and replacingic.internal
with the FQDN of your Connections HTTP server.Note: By default, deployment is done to theconnections
namespace. If you created a namespace with a different name and would like to deploy there, the following extra value must be included in the helm install command:namespace=namespace
If you are also configuring the mail service in a SPNEGO environment, add those settings to the command.
helm install \ --name=connections-env extractedFolder/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20200320-143558.tgz.tgz\ --set\ onPrem=true,\ createSecret=false,\ ic.host=ic_front_door,\ ic.internal=ic_http_server,\ ic.interserviceOpengraphPort=443,\ ic.interserviceConnectionsPort=443,\ ic.interserviceScheme=https
You can verify the installation by running the
helm list
command. A successful installation shows the chart with a status of DEPLOYED. - Install when SSL is not enforced
-
If
forceConfidentialCommunications
flag is set tofalse
, run the following command to install connections-env, replacing theic.host
value with the FQDN of your Connections front door address (for example, the load balancer), andic.internal
with the FQDN of your Connections HTTP server.Note: By default, deployment is done to theconnections
namespace. If you created a namespace with a different name and would like to deploy there, the following extra value must be included in the helm install command:namespace=namespace
If you are also configuring the mail service in a SPNEGO environment, add those settings to the command.
helm install \ --name=connections-env <extracted_folder>/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20191121-232052.tgz \ --set \ onPrem=true,\ createSecret=false,\ ic.host=ic_front_door,\ ic.internal=ic_http_server
You can verify the installation by running the
helm list
command. A successful installation shows the chart with a status of DEPLOYED.
Configuring the mail service if SPNEGO is enabled
For environments that use SPNEGO, the settings described in Table 1 must be included in the Helm install command if you wish to configure the mail service.
Setting | Description |
---|---|
mail.spn |
Service Principal Name (SPN) of the Connections server |
mail.server.host |
Mail server host name |
mail.server.type |
Mail server type |
mail.server.spn |
Service Principal Name (SPN) of the Microsoft™ Exchange server |
For example:
helm install \
--name=connections-env <extracted_folder>/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20191121-232052.tgz \
--set \
onPrem=true,\
createSecret=false,\
ic.host=ic_front_door,\
ic.internal=ic_http_server,\
mail.spn=HTTP/connections.litbg2012r2.example.com@LITBG2012R2.EXAMPLE.COM,\
mail.server.type=Exchange2010,\
mail.server.host=adsw81.email.example.com,\
mail.server.spn=HTTP/exchange-server.litbg2012r2.example.com@LITBG2012R2.EXAMPLE.COM
Enabling interservice communications
When you install the connections-env Helm chart, you provide both the
ic.host
(front door) and ic.internal
(HTTP server) values. All
interservice communications use the ic.internal
value to avoid sending traffic out
through the front door -- this approach makes your environment more efficient.
forceConfidentialCommunications
flag is set to false
and your HCL Connections server is not configured to answer in
HTTPS, then some interservice header requests will use the ic.host
(front door)
value. If using the ic.host
presents a problem in your environment (for example, if
a firewall rule blocks traffic from the Component Pack servers to the front door address), then you
can use one of the following methods to enable the interservice communications:- Enforce the use of SSL (set
forceConfidentialCommunications
totrue
) and then update the connections-env deployment. - Configure the Connections server to answer in HTTPS by creating an
httpsIndicatorHeader
custom property in IBM® WebSphere® Application Server. For information, see Web container custom properties in the WebSphere Application Server documentation.
Updating the connections-env deployment to enforce SSL
If you installed connections-env without enforcing SSL communication and now want to enforce SSL communication, you can do so by running a helm upgrade with the following command.
connections
namespace. If you created a
namespace with a different name and would like to deploy there, the following extra value must be
included in the helm install command: namespace=namespace
helm upgrade \
connections-env <extracted_folder>/microservices_connections/hybridcloud/helmbuilds/connections-env-0.1.40-20191121-232052.tgz \
--set \
onPrem=true,\
createSecret=false,\
ic.host=ic_front_door,\
ic.internal=ic_http_server,\
ic.interserviceOpengraphPort=443,\
ic.interserviceConnectionsPort=443,\
ic.interserviceScheme=https
You can verify the installation by running the helm list
command. A successful
update shows the chart with a status of DEPLOYED.