WD515G 2.0 en WD5152LSG
WD515G 2.0 en WD5152LSG
WD515G 2.0 en WD5152LSG
IBM Training
August 2021 edition
Notices
This information was developed for products and services offered in the US.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any reference to an IBM product,
program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally
equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it
is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this
document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied
warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information
herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the
product(s) and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an
endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those
websites is at your own risk.
IBM may use or distribute any of the information you provide in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or
other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility
or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as
possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any
similarity to actual people or business enterprises is entirely coincidental.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in
many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
© Copyright International Business Machines Corporation 2020, 2021.
This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Contents
Trademarks..............................................................................................................................................................v
Requirements..........................................................................................................................................................3
Lab configuration overview.................................................................................................................................................3
Network requirements..........................................................................................................................................................3
Software requirements.........................................................................................................................................................4
Host or server system requirements.....................................................................................................................................4
IDs and passwords...............................................................................................................................................................4
Verification procedures....................................................................................................................................103
Remote labs........................................................................................................................................................104
Trademarks
The reader should recognize that the following terms, which appear in the content of this training
document, are official trademarks of IBM or other companies:
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in many
jurisdictions worldwide:
Bluemix® Cloudant® DataPower®
DB™ Express® IBM API Connect™
IBM Bluemix™ IMS™ Notes®
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
both. Windows is a trademark of Microsoft Corporation in the United States, other countries,
or both.
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates.
UNIX is a registered trademark of The Open Group in the United States and other countries.
LoopBack® and StrongLoop® are trademarks or registered trademarks of StrongLoop, Inc., an IBM
Company.
Social® is a trademark or registered trademark of TWC Product and Technology, LLC, an IBM
Company.
Other product and service names might be trademarks of IBM or other companies.
Overview
The purpose of this lab setup guide is to assist the classroom preparer in setting up the WD515
classroom lab environment.
This installation is useful for setting up a learning environment but may not be large enough
for a production environment.
The lab environment is only available on the IBM Remote Lab Platform (IRLP) environment. No
instructions are given for manually creating the course environment. This guide only provides
instructions for installing and verifying the software on the base image:
• "Requirements" on page -3
• "Network setup instructions" on page -5
• "Operating system setup instructions" on page -6
• "Software setup instructions" on page -7
• "Verification procedures" on page -103
• "Remote labs" on page -104
Important
The classroom must be ready to run lab exercises before the first day of class. Test the entire setup
thoroughly to avoid problems during class time. If you experience problems and need
assistance, contact the IBM Help Desk:
Toll-Free: 1-888-502-5511
International: 1-404-238-6000
Email: insthelp@us.ibm.com
Requirements
The following section provides information about how to set up the lab environment that is
needed to conduct the lab exercises in this course. As the classroom provider, you are
responsible for providing the following configuration for this class.
The total number of systems that are required for a class is the number of instructors
and students in the class.
Network requirements
Configure and test the specific network requirements for this class as shown in Table 2 on
page -3. The words must not provide indicate that this feature interferes with student
exercises
and must not be present in the classroom. The words not necessary indicate that the course
does not require the feature, but if it is present in the classroom, it does not interfere with
exercises.
If isolated networks are required, each system must be on its own private network that is
not visible to any other systems in the classroom. If a single network is required, all
classroom systems must be connected to the same network.
Table 2. Required network configurations
Network configurationClassroom requirement
Software requirements
Obtain the following software before starting classroom setup. The classroom provider is
responsible for obtaining software licenses for any non-IBM software.
Table 3. Required software for class
Additional Information
Software product Version Operating systems
RedHat Enterprise
IBM API Connect 10.0.1.2
Linux (RHEL) Server
Included in IBM API
RedHat Enterprise
IBM DataPower Gateway 10.0.1.2 Connect software
Linux (RHEL) Server install
v88.0.1
Mozilla Firefox RedHat Enterprise
or lat Linux (RHEL) Server 7
3. In Fix Central, specify the product, version, and platform to find the API Connect files.
a. In the Product selector field, enter IBM API Connect.
4. On Identify fixes, leave Browse for fixes checked and click Continue.
c. Click Continue.
Information
6. On Download options, select Download using your browser (HTTPS) and click Continue.
8. Click the download links for your selected files and save them to a temporary folder,
such as Downloads.
a. Select these files:
-apiconnect-image-tool_10.0.1.2-ifix2.tar.gz
-apiconnect-operator-release-files_10.0.1.2-ifix2.zip
11. Confirm that the files are available in the Downloads folder.
3. Run SoapUI.
./SoapUI-x64-5.2.1.sh
a. Click Next on the Welcome to the SoapUI 5.2.1 Setup Wizard window.
f. Select /root/SoapUI-Tutorials as the target directory for SoapUI Tutorials and click
Next.
i. Click Finish.
Username: admin
Email address: admin@ibm.com
5. Configure the Set Up Your Existing Email Address window manually with the following
credentials and click Advanced config:
Username: admin
Email address: admin@ibm.com
Server: .ibm.com
Port: Auto
SSL: Autodetect
Authentication: Autodetect
Username: admin@ibm.com
6. On the System Integration window, select E-Mail and click Set as Default.
Attention
You must enter every command separately. After you type a command, press Enter.
• If steps contain multiple commands, each individual command will begin with #. Do
not include the # in typing the command.
• To avoid errors, copy and paste the commands that are provided for each step.
4. Set hostname and disable SELinux and run the following commands:
# setenforce 0
# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g'
/etc/sysconfig/selinux
# hostnamectl set-hostname think.ibm
2. Configure the Kubernetes repository by entering the following command into the terminal.
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
Attention
Do not enter the above command as multiple commands. Copy and paste the entire body of the
command into the terminal.
Attention
To complete the following steps, you must have a valid RedHat subscription.
Attention
6. Open docker-ce.repo.
gedit /etc/yum.repos.d/docker-ce.repo
a. Find (Ctrl+F):
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/st
able
and replace it with:
baseurl=https://download.docker.com/linux/centos/7/$basearch/stable
7. Install Docker.
yum install docker-ce-18.06.3.ce-3.el7
Attention
Information
For creating the certificate, enter “.” in the fields, but for Common Name, enter think.ibm.
4. Move certificates.
# mkdir -p /etc/docker/certs.d/think.ibm:5443
# cp /root/certs/think.ibm.crt /etc/docker/certs.d/think.ibm:5443/ca.crt
# cp /root/certs/think.ibm.crt /etc/pki/ca-trust/source/anchors/ca.crt
# update-ca-trust
5. Install the EPEL repository.
yum -y install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Troubleshooting
If Kubernetes does not install, re-configure the Kubernetes repository before reinstalling.
• Copy and paste the following into terminal:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
• Install Kubernetes.
yum install -y kubelet-1.18.10 kubectl-1.18.10 kubeadm-1.18.10
Troubleshooting
If initializing the Kubernetes control-plane doesn’t work, run the following commands:
# modprobe br_netfilter
# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
Information
Wait for a few seconds and re-run kubectl get nodes if status is NotReady.
Wait for a few seconds and re-run kubectl get po --all-namespaces if all READY statuses
are not 1/1 yet.
Attention
When entering code into YAML files, verify that the indentation and spacing is intact.
3. Set variables.
# export NAMESPACE=apiconnect
# export TILLER_NAMESPACE=apiconnect
# echo "export NAMESPACE=apiconnect" >> /root/.bashrc
# echo "export TILLER_NAMESPACE=apiconnect" >> /root/.bashrc
4. Create a Kubernetes namespace.
kubectl create namespace $NAMESPACE
5. Deploy Tiller.
kubectl create clusterrolebinding add-on-cluster-admin
--clusterrole=cluster-admin --serviceaccount=apiconnect:default
6. Install Helm.
# wget https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz
# tar -zxvf helm-v2.17.0-linux-amd64.tar.gz
9. Initialize Helm.
helm init
Attention
You may have to wait and re-run k get po | grep tiller before the status changes to 1/1 and
Running.
Attention
You may have to wait and re-run kubectl get po -n kube-system | grep ingress before
both ingress pods’ statuses change to 1/1 and Running.
Attention
You may have to wait and re-run the command before all cert-manager pods are 1/1.
2. Create a registry secret for the DataPower registry with credentials to pull down
product images and replace ⏴USER_EMAIL> with any valid email address.
kubectl create secret docker-registry datapower-docker-local-cred
--docker-server=think.ibm:5443 --docker-username=any --docker-password=any
--docker-email=<USER_EMAIL> -n apiconnect
4. Configure ibm-
apiconnect.yaml. gedit ibm-
apiconnect.yaml
a. Replace (Ctrl+F) every instance of namespace: default with namespace: apiconnect
5. Configure ibm-
datapower.yaml. gedit ibm-
datapower.yaml
a. Replace (Ctrl+F) every instance of namespace: default with apiconnect
Attention
It may take quite some time for this command to finish processing. Please be patient and wait.
2. Validate that certificates were created and pods are 1/1 and Running.
# k get
certificates # k
get po
$APP_PRODUCT_VERSION = 10.0.1.2-eus
$PROFILE = n1xc2.m8
$SECRET_NAME = apic-registry-secret
$DOCKER_REGISTRY = think.ibm:5443
$STACK_HOST = think.ibm
(api.think.ibm,
portal.think.ibm)
$STORAGE_CLASS = myblock
accept: true
use: nonproduction
accept: true
use: nonproduction
$PROFILE = n1xc2.m16
$SECRET_NAME = apic-registry-secret
$DOCKER_REGISTRY = think.ibm:5443
$STACK_HOST = think.ibm
(ac.think.ibm,
ai.think.ibm)
$STORAGE_CLASS = myblock
$DATA_VOLUME_SIZE = 250Gi
2. Prepare the required ClusterRole and ClusterRoleBinding file for the provisioner
by running the following command in the terminal:
gedit storage-rbac.yaml
a. Enter the following code into the editor:
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: hostpath-provisioner
namespace: apiconnect
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list",
"watch"]
- apiGroups: [""]
resources:
["events"]
verbs: ["list", "watch", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: hostpath-provisioner
namespace: apiconnect
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: hostpath-provisioner
subjects:
- kind:
ServiceAccount
name: default
namespace:
apiconnect
spec:
replicas: 1
revisionHistoryLimit: 0
selector:
matchLabels:
k8s-app: hostpath-provisioner
template:
metadata:
labels:
k8s-app: hostpath-provisioner
spec:
containers:
- name: hostpath-provisioner
image: mazdermind/hostpath-provisioner:latest
env:
- name:
NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: PV_DIR
value: /root/storage
- name: PV_RECLAIM_POLICY
value: Retain
volumeMounts:
- name: pv-volume
mountPath:
/root/storage
volumes:
- name: pv-
volume
Troubleshooting
In the case of an Error from server (InternalError): an error on the server ("") has
prevented the request from succeeding error, run the following commands:
# rpm -qa | grep -i haproxy-
1.5.18 # rpm -e haproxy-1.5.18-
9.el7.x86-64
2. Verify that the subsystems are fully installed and that all subsystem statuses are Running.
# kubectl get ManagementCluster -n
apiconnect # kubectl get PortalCluster -n
apiconnect
# kubectl get GatewayCluster -n
apiconnect # kubectl get AnalyticsCluster
-n apiconnect
Troubleshooting
If a subsystem installation has exceeded 10 minutes and its status has not yet changed, run
the following command and replace ⏴SUBSYSTEM_YAML> with the YAML name of the stalled
subsystem:
kubectl delete -f <SUBSYSTEM_YAML> -n apiconnect
Re-run the following command to reapply the subsystem YAML:
kubectl apply -f <SUBSYSTEM_YAML> -n apiconnect
3. Click Save.
options {
listen-on port 53 { 127.0.0.1; 10.0.0.10; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any;
}; recursion yes;
dnssec-enable yes;
dnssec-validation
yes; dnssec-lookaside
auto;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type master;
file
"named.ca";
};
zone "think.ibm" IN {
type master;
file "think.ibm.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Attention
Information
If a Firefox pop-up appears asking to save your login, feel free to select whichever option you
prefer so long as the login information is correct.
5. On the Change Password page, enter a valid email address in the Email field and enter
the following information for the other fields:
Current password: 7iron-hide
New Password: Passw0rd!
Confirm password: Passw0rd!
Do not alter or use a different password for the course since your instructor needs to
know your login information to assist you. The email address is shaded below for privacy.
a. Click Save.
Information
If you are redirected to the IBM API Connect Cloud Manager login page, enter admin/Passw0rd!
for Username/Password and click Login.
c. Enter the following information in the fields for Edit sender & email server and click
Save:
Name: APIC Administrator
Email address: apicadm@my.apic.local
3. Configure your topology by connecting all subsystems together. Add the Analytics
subsystem.
a. Go to the left taskbar and select Topology.
c. Select Analytics.
b. Select Portal.
Information
The login credentials the same values we used to configure the provider organization.
e. The page refreshes and redirects to the IBM API Connect API Manager home page.
4. Configure Gateway services and click Manage from the left taskbar.
a. Select Sandbox.
d. Click Edit.
a. Click Create.
b. On the Portal site, select portal as the portal service from the drop-down list. This
will automatically populate the URL field.
c. Click Create.
5. When the Opening go1.16.3.linux-amd64.tar.gz window appears, select Save File and
click OK.
Attention
When entering code into the editor, verify that the indentation and spacing is intact.
Attention
6. Configure schema.graphqls.
# cd
/root/distr/go-graphql/graph #
gedit schema.graphqls
a. Enter the following code into the editor and click Save:
type Query {
account(id: ID!): Account
accounts(limit: Int): [Account]
}
type Account
{ id: ID!
name:
Name!
shippingAddress: Address!
creditCard: CreditCard!
}
type Name {
first:
String! last:
String!
}
type Address {
country: String!
street: String!
state: String!
zip: String!
building: String!
}
type CreditCard
{ number:
String! pin:
Int!
expirationDate: String!
}
input NewName{
first:
String! last:
String!
}
input NewAddress{
country: String!
street: String!
state: String!
input
NewCreditCard{ nu
mber: String!
pin: Int!
expirationDate: String!
}
input
NewAccount{ id
: ID!
name: NewName!
shippingAddress: NewAddress!
creditCard: NewCreditCard!
}
type Mutation {
createAccount(input: NewAccount!): Account!
}
9. Configure schema.resolvers.go.
# cd
/root/distr/go-graphql/graph #
gedit schema.resolvers.go
a. Enter the following code into the editor and click Save:
func (r *mutationResolver) CreateAccount(ctx context.Context, input
model.NewAccount) (*model.Account, error) {
mockAcc :=
model.Account{ ID:
input.ID,
Name: &model.Name{
First: input.Name.First,
Last: input.Name.Last,
},
ShippingAddress: &model.Address{
Country:
input.ShippingAddress.Country, Street:
input.ShippingAddress.Street,
State: input.ShippingAddress.State,
Zip: input.ShippingAddress.Zip,
Building:
input.ShippingAddress.Building,
},
CreditCard: &model.CreditCard{
Number: input.CreditCard.Number,
Pin: input.CreditCard.Pin,
ExpirationDate: input.CreditCard.ExpirationDate,
},
}
Accounts[input.ID] =
&mockAcc return &mockAcc,
nil
}
})
router.Handle("/", playground.Handler("GraphQL playground", "/query"))
router.Handle("/query", srv)
//log.Printf("connect to http://localhost:%s/ for GraphQL playground",
port)
//log.Fatal(http.ListenAndServe(":"+port, nil))
log.Printf("connect to https://localhost:%s/ for GraphQL
playground", port)
err := http.ListenAndServeTLS(":"+port, "certs/go-
graphql.crt", "certs/go-graphql.key", router)
if err != nil {
log.Fatal("ListenAndServe: ",
err)
}
}
Information
For creating the certificate, enter “.” in the fields, but for Common Name, enter think.ibm.
Verification procedures
Follow the verification procedures to access the IBM Remote Lab Platform in the preface of the
course exercise guide.
Remote labs
Note
For more information about reserving and accessing remote labs on the IBM Remote Lab
Platform, see the Training Provider Operations Guide. IBM strongly encourages you to test the
remote lab access before the class start date. Local network restrictions can cause access
problems.