Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 87 Current »

Introduction

This document describes the hardware, software, and network configuration that need to be in place before MettleCI can be deployed and configured in your environment. 

Lots of detail here but...

...the actual requirements amount to just:

  • a couple of modestly-sized VMs
  • around five user accounts (depending on organisational constraints); and
  • a few additional firewall rules, albeit for standard protocols.

The document is long because we want to help our customers avoid delays by providing thorough and unambiguous guidance for their MettleCI preparations.

You may also be interested in an example where some of the Atlassian components are cloud hosted.

MettleCI Platform Components

The following high-level MettleCI architecture shows the key software components to be installed and their communications between hosts.

Topology notes:

  • MettleCI works with all Information Server deployment topologies including High Availability, Grid, and Clustered environments.  For clarity, this diagram shows each tier residing on its own, dedicated host.
  • The Atlassian components can be cloud hosted, if necessary.



Infrastructure Requirements

MettleCI Host

MettleCI requires a dedicated physical or virtual server with the following specification to act as the MettleCI Host:

  • A recent model 8-Core (minimum) Intel-compatible CPU running at 2.5GHz (minimum)
  • 16GB RAM (minimum)
  • 250GB (minimum) available high-speed disk, allocated as follows:
    • 100GB for MettleCI components
    • 150GB (estimated) for your assets in Git. Increase this value if you believe your Information Server assets will occupy more space than this.
  • Microsoft Windows Server 2016* Base (64-Bit) operating system.
    • This should be a ‘clean’ operating system which does not contain any co-resident third party software or artefacts remaining from previous software installations.
    • Ensure your Windows version is compatible with the DataStage Client Tools bundled with your Information Server version.  For more information visit https://www-01.ibm.com/support/docview.wss?uid=swg27050442.
  • Able to support two concurrent RDP sessions
  • Provides a mechanism to easy transfer files (e.g. application installation files, log files) between the installer's computer and this host.

* Window Server 2012 is a fall-back option but comes with operating system restrictions regarding filesystem path lengths that should be discussed with your MettleCI consultant prior to delivering this infrastructure.

MettleCI Legacy Client Tier

MettleCI requires a dedicated physical or virtual server to act as the MettleCI Legacy Client Tier.  This host should be provisioned with the specifications necessary to meet IBM's prescribed system requirement for a Client Tier-only installation for your specific legacy version.  The following specification is normally more than adequate for this purpose: 

  • A recent model 8-Core (minimum) Intel-compatible CPU running at 2.5GHz (minimum)
  • 8GB RAM (minimum)
  • 250GB (minimum) available high-speed disk
  • Microsoft Windows Server 2016* Base (64-Bit) operating system.
    • This should be a ‘clean’ operating system which does not contain any co-resident third party software or artefacts remaining from previous software installations.
    • Ensure your Windows version is compatible with the DataStage Client Tools bundled with your Information Server version.  For more information visit https://www-01.ibm.com/support/docview.wss?uid=swg27050442.
  • Able to support at least one RDP session
  • Provides a mechanism to easy transfer files (e.g. application installation files, log files) between the installer's computer and this host.

* Window Server 2012 is a fall-back option but comes with operating system restrictions regarding filesystem path lengths that should be discussed with your MettleCI consultant prior to delivering this infrastructure.

MettleCI Consultant Personal Computer

The MettleCI expert performing your installation - or supporting your staff to perform the installation - will need either

  1. the ability to remotely access the hosts shown in the MettleCI Platform Components diagram from their company-supplied computer (running a current MacOS or Windows version) via your VPN; or
  2. a laptop computer provided by your organisation that allows them to remotely access the MettleCI Platform Components over a secure connection.



User Accounts

MettleCI needs the following dedicated accounts to enable installation activities as well as support on-going operation.

Note: The names given below are simply proposals for reference purposes and can be changed to meet your organisational requirements. If a customer administers its accounts via a centralised repository (e.g. Active Directory) then any accounts specified in the following list with the same name can, of course, be the same account with privileges as necessary to cover multiple roles across multiple environments and components.

MettleCI Host

  1. Two Windows user accounts are required for the purpose of installing and administering MettleCI-related components on this host. They must...
    1. ideally be named 'mciconfig1' and 'mciconfig2'
    2. have administrator privileges sufficient to
      1. run Windows tools "...as administrator"
      2. install software for use by other users on the host; and
      3. create, remove, start and stop Windows services.
    3. Note: The second account acts to complement the first account in case the owner of the first account becomes unavailable (e.g. sick) or we collectively choose to perform work in parallel. 
  2. A Windows user account is required to act as a service account for executing Atlassian and MettleCI services. It must...
    1. ideally be named 'mciservice'
    2. have only sufficient privileges to run the services installed by the 'mciconfig#' accounts

MettleCI Legacy Client Tier

  1. A Windows user account is required for the purpose of installing and administering MettleCI-related components on this host. It must...
    1. Ideally be named 'mciconfig1'
    2. Have administrator privileges sufficient to

      1. run Windows tools "...as administrator"

      2. install software for use by other users on the host; and

      3. create, remove, start and stop Windows services.

  2. A Windows user account is required to act as a service account for executing Atlassian and MettleCI services. It must...
    1. ideally be named 'mciservice'
    2. Requires fewer privileges than the 'mciconfig1' account.

Legacy DataStage development Engine Tier

  1. An operating system user account and corresponding DataStage application account for in-bulk tasks (e.g. CI, CD) performed by MettleCI
    1. Ideally named 'mciagent'
    2. Accessible via SSH from both the MettleCI Legacy Client Tier and the MettleCI consultant's computer.
    3. Capable of accessing your DataStage Engine Tier's filesystem such that DataStage can read files and directories generated or modified by this account.
      1. In particular this account will make changes to the contents of your DataStage Projects directory.
    4. Primary group must be 'dstage' (or equivalent as configured for your DataStage platform)
    5. On *nix hosts, this account must be able to source the $DSHOME/.dsenv file.
    6. The DataStage application account must be assigned the Information Server 'Suite Administrator' role.
  2. An operating system user account and corresponding DataStage application account for use by MettleCI end-user functions (e.g. MettleCI Workbench)
    1. Ideally named 'mciworkb'
    2. Accessible via SSH from both the MettleCI Legacy Client Tier and the MettleCI consultant's computer.
    3. Primary group must be 'dstage' (or equivalent as configured for your DataStage platform)
    4. root must be able to run commands under this user (via sudo) from within a SysVinit service.

    5. On *nix hosts, this account must be able to source the $DSHOME/.dsenv file.
    6. The DataStage application account must be assigned the Information Server 'Suite Administrator' role.

Target DataStage development Engine Tier

  1. An operating system user account and corresponding DataStage application account for in-bulk tasks (e.g. CI, CD) performed by MettleCI
    1. Ideally named 'mciagent'
    2. Accessible via SSH from both the MettleCI Host and the MettleCI installation consultant's computer.
    3. Capable of accessing your DataStage Engine Tier's filesystem such that DataStage can read files and directories generated or modified by this account.
      1. In particular this account will make changes to the contents of your DataStage Projects directory.
    4. Primary group must be 'dstage' (or equivalent as configured for your DataStage platform)
    5. On *nix hosts, this account must be able to source the $DSHOME/.dsenv file.
    6. The DataStage application account must be assigned the Information Server 'Suite Administrator' role.
  2. An operating system user account and corresponding DataStage application account for use by MettleCI end-user functions (e.g. MettleCI Workbench)
    1. Ideally named 'mciworkb'
    2. Accessible via SSH from both the MettleCI Host and the MettleCI installation consultant's computer.
    3. Primary group must be 'dstage' (or equivalent as configured for your DataStage platform)
    4. root must be able to run commands under this user (via sudo) from within a SysVinit service.

    5. On *nix hosts, this account must be able to source the $DSHOME/.dsenv file.
    6. The DataStage application account must be assigned the Information Server 'Suite Administrator' role.

Password Expiry

All MettleCI-related service accounts (both application and operating system) should have passwords that either don't expire or are set to expire at the forecast end of the upgrade initiative. A change to a service account password will require updates to MettleCI configuration to re-enable the MettleCI functions that rely on that service account. Unplanned service account password changes are highly likely to cause unnecessary delay to your upgrade initiative.


Network Connections


Ports labelled [IBM] depend upon what was selected by your organisation at the point the particular Information Server component was installed.  The selection of port 80 or 443 depends upon whether your organisation mandates the use of HTTP or HTTPS, respectively.  To understand which ports are configured in your environment please see this FAQ entry.



HostComponentService NameExternal PortInternal PortPurpose

MettleCI Host

Atlassian Bamboo

MettleCI Bamboo

80858085Build automation server.  This instance uses a suite of MettleCI Bamboo Plugins which provide MettleCI's advanced Information Server deployment and build capabilities.   
MettleCI HostAtlassian JIRAMettleCI JIRA80808080Work item management.
MettleCI HostAtlassian BitbucketMettleCI Bitbucket

7990

7999 (SSH)

7990 (HTTP)

7999 (SSH) 

Git source code repository.  This instance uses a single MettleCI Bitbucket Plugin which enables the visualisation of a DataStage job's canvas in Bitbucket's source code preview.

MettleCI HostPostgres DBPostgres DBn/a5432Storage service for the Atlassian tools.
MettleCI HostAtlassian Bamboo Local AgentMettleCI Bamboon/a54663
MettleCI HostDataStage Designer Target Platform Client (for MettleCI automated use only)n/an/aAs required

Interfacing MettleCI to Information Server via whichever port you are planning on using for your new platform's DataStage clients. Internal ports are configured as required by the customer, and/or IBM

MettleCI HostWindows Remote DesktopRemote Desktop Services

3389 (default)

n/a


MettleCI Legacy ClientDataStage Designer Legacy Platform Client (for MettleCI automated use only)n/a

8085

80 / 443

54663

n/a

Communication between the Bamboo agent and Bamboo is initiated (outbound) from the agent and connects (inbound) to Bamboo Server on port 8085, 80, or 443, depending on whether you wish to use a reverse proxy and HTTP(S).  Port 8085 is the default Bamboo port, and 54663 is the default JMS Broker Port.

DataStage Development Engine Tier

MettleCI Workbench

MettleCI Workbench

8080

8081 (optional)

8080

8081

Browser-based user interface for Unit Test specification and results, Compliance invocation, and Git check in. Note that diagnostic output is exposed on port 8081.

The Workbench can be easily configured to run on different ports if required

DataStage Development Engine TierInformation Server processesAs requiredAs requiredAs requiredAs supported by O/S, configured by customer, and/or required by IBM
DataStage Development Engine TierSSH server processAs requiredAs requiredAs requiredAs supported by O/S, configured by customer, and/or required by IBM
DataStage Development Services TierInformation Server processesAs requiredAs requiredAs requiredAs supported by O/S, configured by customer, and/or required by IBM

Public Internet Access

Ideally, developers, testers, and any other MettleCI users should be provided with unfiltered HTTP (port 80) and HTTPS (port 443) internet access to the following domains:

Component Connections

The following table describes which interactions take place between the software components listed above, and which functions those interactions support.  Note that if a component or protocol isn't specified then it’s either irrelevant to MettleCI or MettleCI can re-use whatever your infrastructure dictates.

Client HostClient ApplicationServer HostServer ApplicationProtocol(s)Related MettleCI Function(s)Notes
Developer Legacy WorkstationWeb browser

MettleCI Host

Atlassian suite

(JIRA, Bitbucket, 

Bamboo)

HTTP(S)
  • Check-In UI
  • Compliance UI
  • Release Deployment
  • Build Summary Results (Automated Testing/Continuous Integration)
  • GIT repository viewer

Developer Legacy WorkstationGit clientMettleCI HostBitbucket Git serviceSSH / HTTP(S)
  • Filesystem asset version control
  • Non Information Server (ISX) asset version control
Could be ignored as the Bitbucket UI (HTTPS) provides a lot of support in this area. 
Developer Legacy WorkstationRemote Desktop ClientMettleCI HostRemote Desktop ServiceRDP
  • Administration of Bamboo-triggered and supporting processes
  • Administration of Azkaban Software
  • Detailed debug log access

MettleCI Host

BambooMettleCI HostBamboo (Local Agent)Internal
  • Check-In
  • Compilation
  • Compliance
  • Deployment (CI and beyond)
  • Execution
  • Testing

MettleCI HostBamboo (Local Agent)MettleCI HostBitBucketSSH (default), HTTP(S)
  • Check-In

MettleCI HostTarget Platform DataStage ClientInformation Server Engine TierInformation Server processesMultiple
  • Check-In
  • Compilation
  • Deployment
  • Compliance
  • Execution
  • Testing
The MettleCI solution will use the same ports and protocols that the customer uses for its standard installation of the DataStage Client on end-user hardware.
MettleCI HostSSHInformation Server Engine TierSSH server processSSL
  • Deployment (via SCP)
  • Script Execution (via SSH)
The MettleCI solution will use the port that the customer's standards mandate for this protocol.
MettleCI HostTarget Platform DataStage ClientInformation Server Services Tier
Information Server processesMultiple
  • Check-In
  • Compilation
  • Deployment
  • Compliance
  • Execution
  • Testing

The MettleCI solution will use the same ports and protocols that the customer uses for its standard installation of the DataStage Client on end-user hardware.

MettleCI HostBambooLegacy Platform DataStage clientBamboo (Remote Agent)HTTP(S)
  • Check-In
  • Compilation
  • Deployment
  • Compliance
  • Execution
  • Testing
Communication between the Bamboo agent and Bamboo is initiated (outbound) from the agent and connects (inbound) to Bamboo Server on port 8085, 80, or 443, depending on whether you wish to use a reverse proxy and HTTP(S).  Port 8085 is the default Bamboo port, and 54663 is the default JMS Broker Port.



Software

Customer Software Requirements

The following must be installed or provided on each of the MettleCI Platform infrastructure components listed below.

MettleCI Host

MettleCI Legacy Client Tier

Legacy DataStage development Engine Tier

Target DataStage development Engine Tier

Installed by MettleCI Consultant

The MettleCI consultant will provide and install the following software (or guide your personnel to do so) on the relevant MettleCI Platform infrastructure components

  • Previously listed customer-provided software installation media / files
  • All MettleCI components
  • PostgreSQL
  • Atlassian Bitbucket
  • Atlassian Bamboo
  • Atlassian Jira
  • Atlassian Sourcetree

Security

  • If you wish to configure MettleCI to use HTTPS you will need to provide a certificate.  We will work with you to describe how your certificate renewal process will work with MettleCI's components.
  • MettleCI Workbench uses your existing Information Server authentication scheme so users login to Workbench using their DataStage Designer credentials.

Certificate reference:

https://www.ibm.com/support/knowledgecenter/en/SSZJPZ_11.7.0/com.ibm.swg.im.iis.found.admin.common.doc/topics/cert_truststore.html


Licenses

  • If you license Information Server under a model that requires per-seat licenses please ensure that at least four Information Server seat licenses are reserved for the Rapid DataStage Upgrade MettleCI platform:
    • 2 x MettleCI Consultants
    • 2 x MettleCI Server Service Accounts ('mciworkb' and 'mciagent')


  • No labels