Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 62 Next »

Introduction

This document describes the hardware, software, and network configuration that needs to be in place before MettleCI can be deployed and configured in your environment. The platform delivered will include all MettleCI software, and will interface with your nominated non-production Information Server environment to enable the demonstration of all of MettleCI's capabilities.

The deployment topology of a MettleCI platform, whether being used for evaluation or production purposes, has been deliberately designed to be as simple as possible. The biggest difference between evaluation and production deployments of MettleCI is the selection of software components residing on the dedicated MettleCI Host that would be better deployed to separate servers. Alternatively, some components of the MettleCI stack could be delivered by integrating with existing solutions already in place in your organisation. While MettleCI is easily integrated with Customers' existing Jira, Git, and Bamboo instances, describing the full range of integration options available is beyond the scope of this document.

The delivered architecture will focus on evaluation purposes only, and has been designed for ease and speed of deployment. The evaluation will validate which parts of this architecture could be re-used for a MettleCI production deployment, and which may need to be re-deployed or reconfigured to meet your organisational requirements.

Whilst not representing our recommended production deployment of MettleCI, this MettleCI architecture assembles all of the software forming MettleCI's DevOps platform for Information Server into a single, pre-configured, easily deployed package. This optimises the time spent on the evaluation process.



Contents

See also Rapid DataStage Upgrade - Technical Prerequisites for a description of the Rapid DataStage Upgrade technical pre-requisites for MettleCI.

MettleCI Platform Components

The following high-level MettleCI architecture shows the key software components to be installed, and their communications between hosts. 

Some points to note:

  • MettleCI works with all Information Server deployment topologies, including High Availability, Grid, and Cluster environments, For clarity, this diagram shows each tier residing on its own, dedicated host.
  • Application Lifecycle Management components can be co-hosted with the other tools on the MettleCI Host or located on another host (on-premise, cloud or SaaS).

Infrastructure Requirements

MettleCI Host

MettleCI requires a dedicated physical or virtual server with the following specification to act as the MettleCI Host:

  • A recent model 8-Core (minimum) Intel-compatible CPU running at 2.5GHz (minimum)
  • 16GB RAM (minimum)
  • 250GB (minimum) available high-speed disk, allocated as follows:
    • 100GB for MettleCI components
    • 150GB (estimated) for your assets in Git. Increase this value if you believe your Information Server assets will occupy more space than this.
  • Microsoft Windows Server 2016* Base (64-Bit) operating system.
    • This should be a ‘clean’ operating system which does not contain any co-resident third party software or artefacts remaining from previous software installations.
    • Ensure your Windows version is compatible with the DataStage Client Tools bundled with your Information Server version.  For more information visit https://www-01.ibm.com/support/docview.wss?uid=swg27050442.
  • Able to support two concurrent RDP sessions
  • Provides a mechanism to easy transfer files (e.g. application installation files, log files) between the installer's computer and this host.

* Window Server 2012 is a fall-back option but comes with operating system restrictions regarding filesystem path lengths that should be discussed with your MettleCI consultant prior to delivering this infrastructure.

MettleCI Consultant Personal Computer

The MettleCI expert performing your installation - or supporting your staff to perform the installation - will need either

  1. the ability to remotely access the hosts shown in the MettleCI Platform Components diagram from their company-supplied computer (running a current MacOS or Windows version) via your VPN; or
  2. a laptop computer provided by your organisation that allows them to remotely access the MettleCI Platform Components over a secure connection.


User Accounts

MettleCI needs the following dedicated accounts to enable installation activities as well as support on-going operation.

Note: The names given below are simply proposals for reference purposes and can be changed to meet your organisational requirements. If a customer administers its accounts via a centralised repository (e.g. Active Directory) then any accounts specified in the following list with the same name can, of course, be the same account with privileges as necessary to cover multiple roles across multiple environments and components.

MettleCI Host

  1. Two Windows user accounts are required for the purpose of installing and administering MettleCI-related components on this host. They must...
    1. ideally be named 'mciconfig1' and 'mciconfig2'
    2. have administrator privileges sufficient to
      1. run Windows tools "...as administrator"
      2. install software for use by other users on the host; and
      3. create, remove, start and stop Windows services.
    3. Note: The second account acts to complement the first account in case the owner of the first account becomes unavailable (e.g. sick) or we collectively choose to perform work in parallel. 
  2. A Windows user account is required to act as a service account for executing Atlassian and MettleCI services. It must...
    1. ideally be named 'mciservice'
    2. have only sufficient privileges to run the services installed by the 'mciconfig#' accounts

DataStage development Engine Tier

  1. An operating system user account and corresponding DataStage application account for in-bulk tasks (e.g. CI, CD) performed by MettleCI
    1. Ideally named 'mciagent'
    2. Accessible via SSH from both the MettleCI Legacy Client Tier and the MettleCI consultant's computer.
    3. Capable of accessing your DataStage Engine Tier's filesystem such that DataStage can read files and directories generated or modified by this account.
      1. In particular this account will make changes to the contents of your DataStage Projects directory.
    4. Primary group must be 'dstage' (or equivalent as configured for your DataStage platform)
    5. On *nix hosts, this account must be able to source the $DSHOME/.dsenv file.
    6. The DataStage application account must be assigned the Information Server 'Suite Administrator' role.
  2. An operating system user account and corresponding DataStage application account for use by MettleCI end-user functions (e.g. MettleCI Workbench)
    1. Ideally named 'mciworkb'
    2. Accessible via SSH from both the MettleCI Legacy Client Tier and the MettleCI consultant's computer.
    3. Primary group must be 'dstage' (or equivalent as configured for your DataStage platform)

    4. root must be able to run commands under this user (via sudo) from within a SysVinit service.

    5. On *nix hosts, this account must be able to source the $DSHOME/.dsenv file.
    6. The DataStage application account must be assigned the Information Server 'Suite Administrator' role.

Password Expiry

All MettleCI-related service accounts (both application and operating system) should have passwords that either don't expire or are set to expire at the forecast end of the upgrade initiative. A change to a service account password will require updates to MettleCI configuration to re-enable the MettleCI functions that rely on that service account. Unplanned service account password changes are highly likely to cause unnecessary delay to your upgrade initiative.


Firewall Rules

HostComponentWindows Service NameExternal PortInternal PortComment
MettleCI HostMettleCI SchedulerMettleCI Schedulern/a8081MettleCI Scheduler.
MettleCI HostMettleCI WallboardMettleCI Wallboardn/a5000MettleCI Wallboard.
MettleCI HostCI / CD Automation Agent / SlaveAs requiredn/aAs required
MettleCI HostDataStage Designer Clientn/an/aAs required

Interfacing MettleCI to Information Server via whichever port you are currently using for DataStage clients.  This Designer Client is exclusively for MettleCI automated use only.  Internal port is set based on customer standards, and/or as required by IBM.

MettleCI HostWindows Remote DesktopRemote Desktop Services

3389 (default)

n/a


DataStage Development Engine Tier

MettleCI Workbench

MettleCI Workbench

8080 & 8081

8080 & 8081

Browser-based user interface for Unit Test specification and results, Compliance invocation, and Git check in. Note that these ports are configurable.  Port 8081 is required only for the exposure of MettleCI diagnostic output.
DataStage Development Engine TierData Migrators access during commissioningSSH22n/a
DataStage Development Engine TierInformation Server processesAs requiredAs requiredAs requiredAs supported by O/S, configured by customer, and/or required by IBM
DataStage Development Engine TierSSH server processAs requiredAs requiredAs requiredAs supported by O/S, configured by customer, and/or required by IBM
DataStage Development Services TierInformation Server processesAs requiredAs requiredAs requiredAs supported by O/S, configured by customer, and/or required by IBM
DataStage Development Services TierInformation Server Operations ConsoleAs required9443 (default)9443 (default)As supported by O/S, configured by customer, and/or required by IBM
DataStage Development Services TierInformation Governance Catalog REST APIAs required9443 (default)9443 (default)As supported by O/S, configured by customer, and/or required by IBM

Public Internet Access

Ideally, developers, testers, and any other MettleCI users should be provided with unfiltered HTTP (port 80) and HTTPS (port 443) internet access to the following domains for installation purposes only:

Component Connections

The following table describes which interactions take place between the software components listed above, and which functions those interactions support.  Note that if a component or protocol isn't specified then it’s either irrelevant to MettleCI, or MettleCI can re-use whatever your infrastructure dictates.

Client HostClient ApplicationServer HostServer ApplicationProtocol(s)Related MettleCI Function(s)Comments
Developer WorkstationWeb browserMettleCI HostMettleCI Scheduler (Azkaban)HTTP(S)
  • Automated execution monitoring
  • Ad hoc execution
  • Execution Failure Recovery

Developer WorkstationWeb browserMettleCI HostMettleCI WallboardHTTP(S)
  • Solution health monitoring
  • Build/Delivery metric monitoring

Developer WorkstationGit clientALM HostGit serviceSSH / HTTP(S)
  • Filesystem asset version control
  • Non Information Server (ISX) asset version control
Could be ignored as various Git UI's (HTTPS) provide a lot of support in this area. 
Developer WorkstationRemote Desktop ClientMettleCI HostRemote Desktop ServiceRDP
  • Administration of Azkaban Software
  • Detailed debug log access

DataStage Development Engine TierMettleCI WorkbenchALM HostGit serviceSSH (default), HTTP(S)
  • Check-In

MettleCI HostMettleCI WallboardALM Host
ALM software componentsHTTP(S)
  • Sprint Health Metrics
  • Build/Deployment Health Metrics
The MettleCI Wallboard needs to extract data from the work item management and CI / CD components via their REST APIs to present health metrics to users.
MettleCI HostMettleCI WallboardInformation Server Services Tier
Operations ConsoleHTTP(S)
  • DataStage Engine Tier CPU load
  • Job execution statistics
The MettleCI solution will use the ports and protocols mandated by the customer's standards (see IBM IIS documentation) for the database technology that hosts DSODB.
MettleCI HostDataStage ClientInformation Server Engine TierInformation Server processesMultiple
  • Check-In
  • Compilation
  • Deployment
  • Compliance
  • Execution
  • Testing
The MettleCI solution will use the same ports and protocols that the customer uses for its standard installation of the DataStage Client on end-user hardware.
MettleCI HostSSHInformation Server Engine TierSSH server processSSL
  • Deployment (via SCP)
  • Script Execution (via SSH)
The MettleCI solution will use the port that the customer's standards mandate for this protocol.
MettleCI HostDataStage ClientInformation Server Services Tier
Information Server processesMultiple
  • Check-In
  • Compilation
  • Deployment
  • Compliance
  • Execution
  • Testing

The MettleCI solution will use the same ports and protocols that the customer uses for its standard installation of the DataStage Client on end-user hardware.

MettleCI HostMettleCI CLI Plugin (triggered via CI / CD Agent / Slave)
Information Server Services TierInformation Governance Catalog REST APIHTTP(S)
  • Execution
  • Testing
  • Optional. This is only required where Azkaban is being used as the Job execution scheduling solution.

Software

Software Requirements

The MettleCI commissioning process can be expedited by pre-configuring the MettleCI Host with the following software components: 

Optionally, the MettleCI Host makes use of the following optional Information Server components:

  • Optional: IBM Information Server Information Governance Catalog ('IGC') installed, configured, and available.  MettleCI uses IGC to determine job lineage when generating execution schedules for MettleCI's bundled scheduling tool.  You will not require IGC if you are planning on using your existing job scheduling approach for Continuous Integration (e.g. DataStage Job Sequences, Shell scripts, Control-M, etc.) 
  • Optional: IBM Information Server Operations Console installed, configured, and available.  MettleCI uses the Operations Console API for authentication, but can be configured to utilise other authentication services  if this is not available.  Users are required to manually configure their email address in the MettleCI Workbench as part of a one-step registration process during their first login.  This enables MettleCI to identify their subsequent activity in the Bitbucket Git repository.  


Security

  • All services on the MettleCI server are accessed via a reverse proxy which can be configured to use HTTP (typically on port 80) or HTTPS (typically on port 443). 
  • If you wish to configure MettleCI to use HTTPS you will need to provide a certificate.  We will work with you to describe how your certificate renewal process will work with MettleCI's components.
  • MettleCI Workbench uses your existing Information Server authentication scheme, operating via the Operations Console, so users login to Workbench using the same credentials they use for DataStage designer.


Licences

  • If you licence Information Server under a model that requires per-seat licences, please ensure that at least three seat licences are reserved for MettleCI:
    • 1 x MettleCI Server Service Account
    • 2 x MettleCI Developers (only required for the duration of the MettleCI commissioning process)
  • Evaluation: An evaluation licence for MettleCI will be granted for the duration of the evaluation.  Similarly, licences for all Atlassian components will be supplied gratis by Data Migrators for the duration of the evaluation.
  • Production: Your purchase entitles you to 12 months of MettleCI updates and electronic support.  Your licence expiry date can be checked in the MettleCI workbench, or in the 'MettleCI' section of your Atlassian Bamboo instance's 'Settings' page.  Bamboo will display a warning message when your licence is within 30 days of expiry, and a notification message when your licence has expired. 


  • No labels

© 2015-2024 Data Migrators Pty Ltd.