Versions Compared

Old Version 68

changes.mady.by.user John McKeever

Saved on

compared with

New Version Current

changes.mady.by.user Justin McCamish

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Introduction

...

Introduction

This section describes the hardware, software,

...

and network configuration that needs to be in place before MettleCI can be deployed and configured in

...

your

...

environment

...

.

The deployment topology of a MettleCI platform, whether being used for evaluation or production purposes, has been deliberately designed to be as simple as possible. The biggest difference between evaluation and production deployments of MettleCI is the selection of software components residing on the dedicated MettleCI Host that would be better deployed to separate servers. Alternatively, some components of the MettleCI stack could be delivered by integrating with existing solutions already in place in your organisation. While MettleCI is easily integrated with Customers' existing Jira, Git, and Bamboo instances, describing the full range of integration options available is beyond the scope of this document.

The delivered architecture will focus on evaluation purposes only, and has been designed for ease and speed of deployment. The evaluation will validate which parts of this architecture could be re-used for a MettleCI production deployment, and which may need to be re-deployed or reconfigured to meet your organisational requirements.

Whilst not representing our recommended production deployment of MettleCI, this MettleCI architecture assembles all of the software forming MettleCI's DevOps platform for Information Server into a single, pre-configured, easily deployed package. This optimises the time spent on the evaluation process.

Panel
borderColorblack
borderWidth1
borderStylesolid
titleContents

Table of Contents

Info

See also Rapid DataStage Upgrade - Technical Prerequisites for a description of the Rapid DataStage Upgrade technical pre-requisites for MettleCI.

MettleCI Platform Components

The following high-level MettleCI architecture shows the key software components to be installed, and their communications between hosts. 

Gliffy
imageAttachmentIdatt373522447
macroIdc2597739-805c-4170-8d3e-11ea7656b611
baseUrlhttps://datamigrators.atlassian.net/wiki

...

displayName

...

MettleCI topology - Generic
nameMettleCI topology (simplified) Copy
migration1
diagramAttachmentIdatt373555207
containerId373424141
timestamp

...

1603197468002

In-scope Hosts

  • Developer's Workstation: Where the Windows DataStage Designer client is typically run

  • Application Lifecycle Management Tools: One or more hosts running Work Item Management, Git, and Build services

  • Information Server Development Environment: Your development instance of Information Server, which may be deployed in any topology, and on any number of hosts.

  • Other Information Server Environment(s): Downstream Information Server environments, including testing and (optionally) Production.  These environments can be MettleCI deployment targets without requiring the deployment of any MettleCI components. 

  • MettleCI Agent Host: A MettleCI-dedicated Windows server hosting an IBM DataStage Client tier which is used by your Build system's agent, in conjunction with the MettleCI Command Line Interface, to automate build and deployment activities.

Info

NOTE

  • MettleCI works with all Information Server deployment topologies, including High Availability, Grid, and Cluster environments, For clarity, this diagram shows each tier residing on its own, dedicated host.

  • Application Lifecycle Management components can be co-hosted with the other tools on the MettleCI Host or located on another host (on-premise, cloud or SaaS).

...

Connections

MettleCI Host

MettleCI requires a dedicated physical or virtual server with the following specification to act as the MettleCI Host:

  • A recent model 8-Core (minimum) Intel-compatible CPU running at 2.5GHz (minimum)
  • 16GB RAM (minimum)
  • 250GB (minimum) available high-speed disk, allocated as follows:
    • 100GB for MettleCI components
    • 150GB (estimated) for your assets in Git. Increase this value if you believe your Information Server assets will occupy more space than this.
  • Microsoft Windows Server 2016* Base (64-Bit) operating system.
    • This should be a ‘clean’ operating system which does not contain any co-resident third party software or artefacts remaining from previous software installations.
    • Ensure your Windows version is compatible with the DataStage Client Tools bundled with your Information Server version.  For more information visit https://www-01.ibm.com/support/docview.wss?uid=swg27050442.
  • Able to support two concurrent RDP sessions
  • Provides a mechanism to easy transfer files (e.g. application installation files, log files) between the installer's computer and this host.

* Window Server 2012 is a fall-back option but comes with operating system restrictions regarding filesystem path lengths that should be discussed with your MettleCI consultant prior to delivering this infrastructure.

MettleCI Consultant Personal Computer

The MettleCI expert performing your installation - or supporting your staff to perform the installation - will need either

  1. the ability to remotely access the hosts shown in the MettleCI Platform Components diagram from their company-supplied computer (running a current MacOS or Windows version) via your VPN; or
  2. a laptop computer provided by your organisation that allows them to remotely access the MettleCI Platform Components over a secure connection.

User Accounts

MettleCI needs the following dedicated accounts to enable installation activities as well as support on-going operation.

Note: The names given below are simply proposals for reference purposes and can be changed to meet your organisational requirements. If a customer administers its accounts via a centralised repository (e.g. Active Directory) then any accounts specified in the following list with the same name can, of course, be the same account with privileges as necessary to cover multiple roles across multiple environments and components.

MettleCI Host

  1. Two Windows user accounts are required for the purpose of installing and administering MettleCI-related components on this host. They must...
    1. ideally be named 'mciconfig1' and 'mciconfig2'
    2. have administrator privileges sufficient to
      1. run Windows tools "...as administrator"
      2. install software for use by other users on the host; and
      3. create, remove, start and stop Windows services.
    3. Note: The second account acts to complement the first account in case the owner of the first account becomes unavailable (e.g. sick) or we collectively choose to perform work in parallel. 
  2. A Windows user account is required to act as a service account for executing Atlassian and MettleCI services. It must...
    1. ideally be named 'mciservice'
    2. have only sufficient privileges to run the services installed by the 'mciconfig#' accounts

DataStage Development Engine Tier

  1. An operating system user account and corresponding DataStage application account for in-bulk tasks (e.g. CI, CD) performed by MettleCI
    1. Ideally named 'mciagent'
    2. Accessible via SSH from both the MettleCI Host and the MettleCI consultant's computer.
    3. Capable of accessing your DataStage Engine Tier's filesystem such that DataStage can read files and directories generated or modified by this account.
      1. In particular this account will make changes to the contents of your DataStage Projects directory.
    4. Primary group must be 'dstage' (or equivalent as configured for your DataStage platform)
    5. On *nix hosts, this account must be able to source the $DSHOME/.dsenv file.
    6. The DataStage application account must be assigned the Information Server 'Suite Administrator' role.
  2. An operating system user account and corresponding DataStage application account for use by MettleCI end-user functions (e.g. MettleCI Workbench)
    1. Ideally named 'mciworkb'
    2. Accessible via SSH from both the MettleCI Host and the MettleCI consultant's computer.
    3. Primary group must be 'dstage' (or equivalent as configured for your DataStage platform)

    4. root must be able to run commands under this user (via sudo) from within a SysVinit service.

    5. On *nix hosts, this account must be able to source the $DSHOME/.dsenv file.
    6. The DataStage application account must be assigned the Information Server 'Suite Administrator' role.

Password Expiry

All MettleCI-related service accounts (both application and operating system) should have passwords that either don't expire or are set to expire at the forecast end of the upgrade initiative. A change to a service account password will require updates to MettleCI configuration to re-enable the MettleCI functions that rely on that service account. Unplanned service account password changes are highly likely to cause unnecessary delay to your upgrade initiative.

Firewall Rules

...

Interfacing MettleCI to Information Server via whichever port you are currently using for DataStage clients.  This Designer Client is exclusively for MettleCI automated use only.  Internal port is set based on customer standards, and/or as required by IBM.

...

3389 (default)

...

n/a

...

DataStage Development Engine Tier

...

MettleCI Workbench

...

8080 & 8081

...

8080 & 8081

...

Public Internet Access

Ideally, developers, testers, and any other MettleCI users should be provided with unfiltered HTTP (port 80) and HTTPS (port 443) internet access to the following domains for installation support purposes only:

MettleCI itself does not access the internet

Component Connections

The following table describes which interactions take place between the software components listed above, and which functions those interactions support.  Note that if a component or protocol isn't specified then it’s either irrelevant to MettleCI, or MettleCI can re-use whatever your infrastructure dictates.

...

  • Automated execution monitoring
  • Ad hoc execution
  • Execution Failure Recovery

...

  • Solution health monitoring
  • Build/Delivery metric monitoring

...

  • Filesystem asset version control
  • Non Information Server (ISX) asset version control

...

  • Administration of Azkaban Software
  • Detailed debug log access

...

  • Check-In

...

  • Sprint Health Metrics
  • Build/Deployment Health Metrics

...

  • DataStage Engine Tier CPU load
  • Job execution statistics

...

  • Check-In
  • Compilation
  • Deployment
  • Compliance
  • Execution
  • Testing

...

  • Deployment (via SCP)
  • Script Execution (via SSH)

...

  • Check-In
  • Compilation
  • Deployment
  • Compliance
  • Execution
  • Testing

...

The MettleCI solution will use the same ports and protocols that the customer uses for its standard installation of the DataStage Client on end-user hardware.

...

  • Execution
  • Testing

...

  • Optional. This is only required where Azkaban is being used as the Job execution scheduling solution.

Software

Customer Software Requirements

The following must be installed or provided on each of the MettleCI Platform infrastructure components listed below.

MettleCI Host

DataStage development Engine Tier

Optional IIS Components

Optionally, the MettleCI Host makes use of the following optional Information Server components:

  • Optional: IBM Information Server Information Governance Catalog ('IGC') installed, configured, and available.  MettleCI uses IGC to determine job lineage when generating execution schedules for MettleCI's bundled scheduling tool.  You will not require IGC if you are planning on using your existing job scheduling approach for Continuous Integration (e.g. DataStage Job Sequences, Shell scripts, Control-M, etc.) 
  • Optional: IBM Information Server Operations Console installed, configured, and available.  MettleCI uses the Operations Console API for authentication, but can be configured to utilise other authentication services  if this is not available.  Users are required to manually configure their email address in the MettleCI Workbench as part of a one-step registration process during their first login.  This enables MettleCI to identify their subsequent activity in the Bitbucket Git repository.

Security

  • If you wish to configure MettleCI to use HTTPS you will need to provide a certificate.  We will work with you to describe how your certificate renewal process will work with MettleCI's components.
  • MettleCI Workbench uses your existing Information Server authentication scheme so users login to Workbench using their DataStage Designer credentials.

See IBM's page on Storing certificates for client applications.

Licenses

  • If you license Information Server under a model that requires per-seat licenses please ensure that the following Information Server seat licenses are reserved for the Rapid DataStage Upgrade MettleCI platform:
    • Sufficient to cover any MettleCI Consultants involved in the installation of MettleCI.
    • 2 x MettleCI Server Service Accounts ('mciworkb' and 'mciagent')

...

  1. The MettleCI Workbench application running on your DataStage Engine tier needs to performs a commit to your Git platform.

  2. The MettleCI Workbench application running on your DataStage Engine tier needs to perform a dynamic lookup of Work items when displaying the Git Commit page.

  3. The Developer Workstation provides data engineers with access to the ALM tools' user interfaces via a supported web browser.  This should cover...

    1. the Git host, 

    2. the Work item Management host, and

    3. the Build Host

  4. The Developer Workstation requires regular DataStage client tier access to the development environment's ...

    1. DataStage Engine tier, and

    2. DataStage Services tier.

  5. Optional link based on your requirements.  

  6. Your Build system performs its duties via its agent installed on the MettleCI Host

  7. The MettleCI Host requires regular access to the development environment's ...

    1. DataStage Engine tier, and

    2. DataStage Services tier

  8. The MettleCI Host requires regular access to the downstream test environments' DataStage Engine and Services tiers, to affect automated deployment.

See also

Child pages (Children Display)

...