Illuminate Integration Gateway Installation Instructions

Find the most recent directions here.

TABLE OF CONTENTS

• What is the Illuminate Integration Gateway?
  • How it works
  • What is the current version of the Integration Gateway?
  • What do we provide?
• General System Requirements
  • Software
  • Hardware (VM)
• What is Docker and why does N2N use this?
  • What is Docker?
  • What is Docker Compose?
  • Why does N2N use Docker for the Illuminate Integration Gateway?
• Docker Installation Instructions
  • Supported Platforms
• Detailed instructions for installing Docker & Docker Compose (on CentOS)
  • Prerequisites
  • Docker Installation
    • Install with yum
  • Docker Compose Installation
• Integration Gateway Installation
  • Prerequisites
  • Authorization to Access Integration Gateway Docker Images
  • Integration Gateway Installation
  • Applying the SSL Certificate
  • Establishing a connection between Illuminate, Integration Gateway, and the SIS Database
• APPENDIX-1(OPTIONAL): Load Balancing the Integration Gateway
• APPENDIX-2: Integration Gateway setup for PROD on the same QA host/server
• APPENDIX-3: Optional step to autostart the containers after a server reboot
• APPENDIX-4: SSL Certs In Dataport/IIG
  • What is an SSL certificate?
  • What are Certificate Chains?
  • What is SSL Certificate Chain Order?
  • There are three parts to the chain certificates
  • How To Update SSL Certs In Dataport
  • How To form a bundle .crt file
  • Additional step if the private key is password protected:
  • Now you have the bundled cert and private key ready, do the below steps to update these files in the Nginx container:
  • Step 1:
  • sudo docker cp dataport-test.school.edu.crt nginx:/certs/dataport-test-school-edu.crtStep 2:
  • Step 3: 
  • Step 4:
  • Step 5:
• APPENDIX-5: Integration Gateway upgrade using manual steps
• Login to the VM instance as root
• To pull N2N’s Integration Gateway image from the N2N private repository (quay.io), please enter Docker login credentials that are obtained from Illuminate. 
  • STEP 1) Authorization to Access Integration Gateway Docker Images
  • STEP 2) Find and stop the dataport container
  • STEP 3) Save the previous version of dataport
  • STEP 5: Auto Restart the containers
  • STEP 6) Add Database Credentials.
  • Step 6(i)- Create & run the CURL command
  • Step 6(ii) - Create & run the CURL command
  • Step 6(iiI) - Restart dataport container
• APPENDIX-6: Maintenance steps
  • Docker/Containers -Current Status Check
  • Checking Logs
  • Manual Stop/Start/Restart of a Container

What is the Illuminate Integration Gateway?

The Illuminate Integration Gateway, also called the Dataport, is a tool used to provide the Illuminate platform with access to data that is located in physically and logically secure configurations, such as behind a firewall in the organization’s data center. The Integration Gateway provides a secure, encrypted channel to transport this data to the Illuminate cloud environment, where Illuminate creates a secure Application Program Interface (API) access platform.

How it works

N2N provides a Docker container that runs Illuminate's Integration Gateway (IIG). This is installed on a Virtual Machine (VM) that is provided by the University and typically hosted on the University's network. The IIG is used to facilitate secure communication between the University database and the Illuminate Platform without having to allow direct external communication to the actual database. VM setup is operating system specific, please refer to your onsite System Administrator for VM setup.

What is the current version of the Integration Gateway?

Illuminate Integration Gateway is at Version 4.12

*Note: Prior versions of the Illuminate Integration Gateway were branded "Illuminate Dataport"

What do we provide?

N2N provides a Docker image with the following software packages included:

• Tomcat 9.0.20

• JVM 11.0

• Illuminate Integration Gateway Project 4.12 (the N2N application code)

General System Requirements

General system requirements for installing the Integration Gateway:

Software

• Docker 17.x version or higher

Hardware (VM)

• 4 to 8 CPU Cores (processors)

• 8GB to 16GB RAM

• Enough disk space to run the OS and other supporting software (recommended disk space 40+ GB)

Typically an 8 GB ram server with 4 core processor can serve about 700-800 transactions per second.
For more information about Docker, prerequisites visit the Docker page

What is Docker and why does N2N use this?

What is Docker?

Docker is the world's leading software containerization platform. Docker containers wrap a piece of software in a complete file system that contains everything needed to run: code, run time, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment. Containers isolate applications from one another and the underlying infrastructure while providing an added layer of protection for the application.

For more details about Docker please visit this Docker page

What is Docker Compose?

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.

For more details about docker-compose please visit the Docker Compose page

Why does N2N use Docker for the Illuminate Integration Gateway?

The Docker platform provides N2N with a simple, effective way to deliver the right package of software to the Illuminate Integration Gateway. Docker allows N2N to combine tested versions of software with validated configuration files into one deployment package. This process greatly reduces the number of manual steps, which improves reliability and robustness, as well as making deployment faster!

Docker Installation Instructions

Docker CE (Community Edition) is available on multiple platforms. Use the following matrix to choose a supported operating system that provides the best installation path for you. Click on the platform to navigate for detailed documentation on the docker site. We provide detailed instructions for installing Docker and the Integration Gateway on CentOS along with other required configurations. Other Linux implementations will be similar.

Supported Platforms

For more details please visit docker supported-platform documentation

Detailed instructions for installing Docker & Docker Compose (on CentOS)

Prerequisites

• An SSL certificate ready (self-signed is not supported) which includes .crt file (the .crt file must have the public, root, and intermediate certs, with public cert on top of the file) and a private key. (See SSL Certs FAQs at the end of this document)

• Ports 443, 80, 2376 (2376 port is optional) need to be open on the VM instance where Docker and Integration Gateway are installed

• Get the authorization credentials from N2N to pull the Docker image

Docker Installation

There are two ways to install Docker Engine

1. Install using the yum package manager (Recommended)

2. Install using the instruction from https://docs.docker.com/install/linux/docker-ce/centos/

Install with yum

• Log into your VM as a user with sudo rights to install and manage services or root user. If you are logged in as root you do not need to add the "sudo" at the beginning of each command.
• Make sure your existing packages are up-to-date using yum

sudo yum update -y

We will also need to enable the Redhat "extras" repository for RHEL 7 (The third command to enable the Redhat extras repository will only need to be run if you are running RHEL 7).

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum-config-manager --enable rhel-7-server-rhui-extras-rpms

• Install the Docker package for RHEL 8.  

sudo yum install -y --nobest docker-ce docker-ce-cli containerd.io

sudo yum install -y docker-ce docker-ce-cli containerd.io

sudo systemctl enable docker.service

• Start the Docker daemon

sudo systemctl start docker

• Verify Docker has been installed correctly by running a test image in a container

sudo docker ps

Now that Docker installation is complete, the next step is to install Docker compose. 

Docker Compose Installation

• Run this command to download the current stable release of Docker Compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

If you have problems installing with curl, see Alternate Installation Option

• Apply executable permissions to the binary. 

sudo chmod +x /usr/local/bin/docker-compose

If the command `docker-compose` fails after installation, check your path. You can also create a symbolic link to `/usr/bin` or any other directory in your path

For Example:
`sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose`

for details about Docker compose, please visit here

• Test the docker-compose Installation

docker-compose --version

O/P: docker-compose version 1/24/0, build 1110ad01 it will show docker-compose version

Prerequisites

• Firewall rules need to be set up by this time. Whitelist N2N NAT IPs below

  • QA NAT - 23.20.165.255

  • PROD NAT - 54.204.165.208

• Occasionally, some clients will block their server for all publicly hosted websites - in this case, they need to whitelist access to quay.io as the below instruction talk about downloading our docker container images from our quay.io repository.

• Look at Appendix-4 for SSL certs setup info

• N2N will need an FQDN which connects to the Integration Gateway on HTTPS

Authorization to Access Integration Gateway Docker Images

Getting the quay credentials through the Illuminate app

• For QA IIG Setup, Login into the QA Illuminate app: https://qa.illuminateapp.com/api-universe/login

• For Production IIG Setup, Login into the PROD Illuminate app: https://illuminateapp.com/api-universe/login

If you do not have an Illuminate account please contact appsupport@n2nservices.com

Get the credentials by following the below steps

• From the left-side menu, select the connection button.

• Next, click the button IIG CONTAINER KEY to the right top corner.

• Copy the username and password within the popup box.

• Run the below command on the dataport server using the credentials above.

docker login -u="n2ndevops+User" -p="xxxxxxxxxxxxxxxxxxx" quay.io

Integration Gateway Installation

• Login as root on to the VM

• Create a folder with your preferred name (below is an example)

mkdir n2ndataport

docker-compose up -d

Once docker-compose up -d is executed:
Default Docker network is created with the folder name where the docker-compose.yml file is located (in the screenshot above n2ndataport_default docker network is created based on folder n2ndataport)
Then in the next step, it started pulling the Integration Gateway image and Nginx image
In the final step, Integration Gateway and Nginx containers are created

• The output after running the above command will look like the screenshot below.

• Run `docker ps` command to view the installed/running containers. In the screenshot below, we can see that the Integration Gateway (Dataport) and Nginx containers are up and running.

Applying the SSL Certificate

• Check the Appendix-4 on additional details on forming the cert files (.crt & .key).

•  Now copy all your SSL certificate files (such as the .crt and .key files*) to the “certs” folder inside the Nginx container

docker cp <your file name>.crt nginx:/certs/<your file name>.crt 
docker cp <your file name>.key nginx:/certs/<your file name>.key   

File extensions .crt and .key are used as an example, use appropriate valid extensions as needed.
FAQ: What type of certificates are we using for connecting to your Integration Gateway?
          We are using X.509 type certificates.
FAQ: Should SSL certificates point to the server or docker containers?
          Here SSL certificates should be in relation with host_name or domain name (while generating certificates).
          These certificates should point to the docker containers. Here, in this case, we are placing certificates in the Nginx container.

• Login to the Nginx container

docker exec -it nginx bash

vi /etc/nginx/conf.d/default.conf

• Open default.conf file:

$ Add "ssl" at line 2 as shown below
Example: listen 443 ssl;

$ Change server_name to yourdnsname.com at lines 3 and 22
$Uncomment lines 4 and 5 (Note: Do this step after copying certificates to nginx container)
$wq! (save the configurations)

• Now test Nginx config using this command (the command checks whether the certificates are valid)

nginx -t

exit

• Restart the Nginx container

docker restart nginx

• Test the connection using the curl command below. It should return a response: "Not a valid request.”. Note that you need to configure the command below to match your organizational nomenclature.

curl -X GET https://{server_name(or)host_name}/idp

{"status":"FAIL","message":"Not a valid request."}

Note: Firewall rules need to be set up by this time. Whitelist N2N NAT IPs below

• QA NAT - 23.20.165.255

• PROD NAT - 54.204.165.208

Step 1 - Adding Integration Gateway URL in Illuminate app

Note: In this step, we will configure the Integration Gateway details in the Illuminate App.

• Setting up Integration Gateway in Illuminate app

  • For QA Setup, Login into QA Illuminate app: https://qa.illuminateapp.com/api-universe/login

  • For Production Setup, Login into PROD Illuminate app: https://illuminateapp.com/api-universe/login

If you do not have an Illuminate account please contact appsupport@n2nservices.com

• Configure the Integration Gateway details within the Illuminate App's Connection Module by following below steps

  • From the left-side menu, select the connection button.

  • Next, select Setup Dataport from the list of options

  • Click on GET STARTED

  • Enter the 'Dataport Name' field and the 'Dataport URL' field then click on the publish button on the screen.

Dataport Url example looks like https://{server_name(or)host_name

Step 2 - Add the database provider in the Illuminate app

This step is also performed in the Illuminate App.

• Configure the Database provider details within the Illuminate App's Connection Module using the following steps:

  • From the left-side menu, select Connections.

  • Click the ADD PROVIDER button above the provider list index table

  • Next, under Provider Details select the Provider Type as Database.

  • Select the appropriate database under Provider (i.e Oracle or SQL Server per your SIS).

  • Enter the desired name for Provider Name.

  • Enter a Connection Name for this setup.

  • Enter a description for this connection.

  • Click Save.

  • A popup will appear with authorization details that should be copied and used to run the database curl command in Step 5.

The generated token will expire in 5 mins.
You can also follow the steps from this link Step by Step visual instructions for Step 2

Step 3 - Connecting the Integration Gateway to the Database(s)

Note: The instructions below are to be performed on the Integration Gateway Server.

In this step, we will establish the connection between the Integration Gateway and the database by creating a property file.

Use the below method to configure the property file:

The properties are generated using a curl command. For security, please turn off Linux history before running the curl command, using the following set command:

set +o history

• The Illuminate Integration Gateway includes a web service that will create these properties in the system.

Step 4 - Creating the request body with the database properties

This service needs a JSON request body as shown below. Pick the version of the body as per your database.

ORACLE

{ "DBHost": "0.0.0.0", "port": "1234", "SID": "", "ServiceName": "servicename", "DBUsername": "username", "DBPassword": "***********" }

# A value should be populated for either SID or ServiceName but not both
# Don't delete the keys in the JSON, which will result in errors.
# Ensure there is no carriage return/line feed(CR/LF) characters in the parameter before running the curl command.

{ "DBHost": "0.0.0.0", "port": "1234", "databaseName": "", "DBUsername": "username", "DBPassword": "***********" }

{ "DBHost": "0.0.0.0","instance":"POWERCAMPUSDB", "port": "", "databaseName": "", "DBUsername": "username", "DBPassword": "***********" }

{ "DBHost": "0.0.0.0", "port": "1234", "databaseName": "", "DBUsername": "username", "DBPassword": "***********","informixServer": "" }

SYBASE

{ "DBHost": "0.0.0.0", "port": "1234", "databaseName": "", "DBUsername": "username", "DBPassword": "***********" }

• In the below curl command, you will need to replace the post body option (everything following -d option) with the one you picked in step 4.

• The Authorization token as obtained in step 2 is plugged in the below curl command after 'Authorization:' string

• In the below curl command, you can either choose the url with dataport_container_ip:port or the with the your_dns_name option. 

• Note: If you chose the dataport_container_ip:port option, run the following command to retrieve the Docker container IP (in this case we need the Integration Gateway container port)

docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' dataport

• Choose one of the curl commands below:

$ curl -X POST 'http://{dataport_container_ip:port}/idp/addDBproperties' -H 'Authorization:Token from Illuminate connections page in Step 2' -H 'Content-Type: application/json' -d '{"DBHost": "0.0.0.0","port": "1234","SID": "","ServiceName": "servicename","DBUsername": "username","DBPassword": "***********"}'

• You can also use DNS (which is assigned to the Integration Gateway) to add DB properties file

$ curl -X POST 'https://{your_dns_name}/idp/addDBproperties' -H 'Authorization:Token from Illuminate connections page in Step 2' -H 'Content-Type: application/json' -d '{"DBHost": "0.0.0.0","port": "1234","SID": "","ServiceName": "servicename","DBUsername": "username","DBPassword": "***********"}'

{"status":"success","message":"Properties Added"}

If the Integration Gateway is on a load-balanced network and you use the DNS method to add the properties it will not update in all the containers. In this case, use the container IP to individually update the properties.

• Restart the dataport container with the commands mentioned in the Appendix-6.

APPENDIX-1: Load Balancing the Integration Gateway (OPTIONAL)

Note: Recommended but optional

Load balancing refers to efficiently distributing incoming network traffic across a group of servers. A Load Balancer acts as the "traffic cop" sitting in front of your servers and routing requests across all servers capable of fulfilling those requests in a manner that maximizes speed and capacity utilization and ensures that no one server is overworked, which could degrade performance. If a single server goes down, the load balancer redirects traffic to the remaining online servers. When a new server is added to the server group, the load balancer automatically starts to send requests to it.

If the Integration Gateway is on a load-balanced network, please ensure appropriate steps are followed to update the database properties in all relevant servers/containers.
For general background information, see this article about Load Balancing

Sample load balancing diagram leveraging Docker

APPENDIX-2: Integration Gateway setup for PROD on the same QA host/server

If the client wants to set up a PROD integration gateway on the QA host, they need to follow these steps

• Create a new docker network

docker network create n2ndataport_prod_default

docker network connect n2ndataport_prod_default nginx

• Create prod integration Gateway Docker container

docker run --network=n2ndataport_prod_default --net-alias dataportProd --name dataportProd -it -d quay.io/n2ndevops/illuminatedataport:4.12

• Test Nginx configurations

nginx -t

service nginx reload

• Test the connection using curl. It should “return a response status as not a valid request”. Note that you need to configure the command below to match organizational nomenclature

curl -X GET https://{server_name(or)host_name}/idp2

APPENDIX-3: Optional step to autostart the containers after a server reboot

If a server is rebooted, restarted, or start/restart, the docker engine must be restarted. To accomplish that automatically follow the steps below

chkconfig docker on

docker update --restart=unless-stopped $(docker ps -q)

The above command starts all the containers within the docker engine of the server

APPENDIX-4: SSL Certs In Dataport/IIG

If a client wants to update SSL certs in Nginx, they can go through these instructions for more details

What is an SSL certificate?

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.

What are Certificate Chains?

A certificate chain (or Chain of Trust) is made up of a list of certificates that start from a server’s certificate and terminate with the root certificate.

What is SSL Certificate Chain Order?

The SSL certificate chain order consists of root certificates, intermediate certificates, and a server’s certificate. Root CAs are a trusted source of certificates. Intermediate CAs are bridges that link the server’s certificate to the root CA.

There are three parts to the chain certificates

• Server Certificate: The server certificate is issued to the specific domain the user needs coverage for.

• Intermediate Certificate: Intermediate certificates act as middle-men between the protected root certificates and the server certificates issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.

• Root Certificate: A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by CAs.

For an SSL certificate to be authenticated by the web browsers, it must be authentic and issued by a trusted certificate authority embedded in the browser’s trusted store. If your SSL certificate isn’t issued by a trusted certificate authority, i.e., if it isn’t issued by a Root CA, then the connecting device or web browser will continue to check if the issuing CA was issued by a root CA. It will keep going back down the SSL certificate chain order to find the root CA. If it finds a root CA, a secure connection will be established. If it doesn’t find a root CA, then the connection will be dropped, and your web browser will display an error message that reads “invalid certificate” or “certificate not trusted.”

How To Update SSL Certs In Dataport

• Ensure you have a private key

• Create a full certificate bundle for NGINX using one of the methods below, depending on how your SSL provider delivered the certificates to you.

How To form a bundle .crt file

# Open up a notepad or any text editor.
# Copy-paste the Public cert (public should always be on the top of the file)
# Copy-paste the Intermediate cert
# Copy-paste the Root cert
# Now save the file with the desired name(dataport-test-school-edu.crt) within an extension of     the .crt
# You will have to create a .crt(self-signed is not accepted) file and a private key.

(OR)

Example GoDaddy:

cat signed_ssl.crt gd_bundle.crt > dataport-test-school-edu.crt 

Above gd_bundle assumes both intermediate and root

Other SSL providers with a single intermediate certificate:

cat signed_ssl.crt intermediate1.crt root.crt > dataport-test-school-edu.crt

Other SSL providers with multiple intermediate certificates:

cat signed_ssl.crt intermediate1.crt intermediate2.crt root.crt > dataport-test-school-edu.crt

Additional step if the private key is password protected:

If your private key is password-protected, we will need to make a copy without that password to use on the NGINX instance. If you run these commands and are not prompted for a passphrase, your SSL key did not have a passphrase. If you are prompted for a passphrase, enter it when prompted.

• NGINX will not properly restart if the private key is password protected.

• Hence, run the below command to turn the password-protected to a file.

openssl rsa -in private.key -out dataport-test-school-edu.key

Step 1:

• Upload the new cert and the key files to the server

• Copy the new files to the NGINX Docker container to the certs folder.

sudo docker cp dataport-test.school.edu.key nginx:/certs/dataport-test-school-edu.key

• Navigate to the below location

docker exec -it nginx bash

vi etc/nginx/conf.d/default.conf

• You will need to update the following items in the file and save them.

  • Modify the ssl_certificate on line 4 (if you are changing the name of the cert than previous)

  • Modify the ssl_certificate_key on line 5 (if you are changing the name of the cert than previous) 

server {
  listen 443 ssl;
  server_name dataport-test.school.edu;
  ssl_certificate /certs/dataport-test-school-edu.crt;
  ssl_certificate_key /certs/dataport-test-school-edu.key;
  underscores_in_headers on;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  add_header X-Frame-Options DENY;
  location /idp {
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_pass http://dataport:8080/idp;
  }

  # if you want to use same host for two environments(TEST. QA and PROD) uncomment this location block and give appropriate container name

  #location /idp2{
  #    proxy_redirect off;
  #    proxy_set_header Host $host;
  #    proxy_set_header X-Real-IP $remote_addr;
  #    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  #    proxy_set_header X-Forwarded-Host $server_name;
  #    proxy_pass http://dataport:8080/idp;
  #}
}
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name dataport-test.school.edu;
  return 301 https://$host$request_uri;
}

• Save the changes in the default.conf file

wq!

• Test NGINX

nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Step 4:

• Restart NGINX

service nginx reload

A successful restart of NGINX looks like below
[user@dataport-test ~]$ sudo docker exec -it nginx service nginx reload [ ok ] Reloading nginx: nginx.

• Exit from the container

exit

• Verify that the NGINX container is running

docker ps

[user@dataport-test ~]$ sudo docker ps 
CONTAINER ID  IMAGE            COMMAND        CREATED         STATUS        PORTS       NAMES
907b970bfd51  quay.io/nginx  "/docker-entrypoint.…"   2 months ago   Up 6 days        nginx                       
a4adc7911498        quay.io/n2ndevops/illuminatedataport:4.4  "catalina.sh run"        4 weeks ago         Up 3 weeks (healthy)    0.0.0.0:8081->8080/tcp   dataport

APPENDIX-5: Integration Gateway upgrade using manual steps

• Login to the VM instance as root

• To pull N2N’s Integration Gateway image from the N2N private repository (quay.io), please enter Docker login credentials that are obtained from Illuminate. 

STEP 1) Authorization to Access Integration Gateway Docker Images

• Getting the quay credentials through the Illuminate app

  • Login into the QA Illuminate app: https://qa.illuminateapp.com/api-universe/login

    Login into the PROD Illuminate app: https://illuminateapp.com/api-universe/login

•      Note: If you do not have an Illuminate account please contact appsupport@n2nservices.com 

• Get the credentials by following the below steps

  • From the left-side menu, select the connection button.

  • Next, click the button IIG CONTAINER KEY to the right top corner.

  • Copy the username and password within the popup box.

• Run the below command on the dataport server using the credentials above

docker login quay.io

enter the username (grab the username from Illuminate as in the screenshot)

enter the password (grab the password from Illuminate as in the screenshot)

STEP 2) Find and stop the dataport container

• Use the following command to show the containers running on the docker

docker ps

The container name can be seen by typing in `docker ps` as below. The column name NAMES will let you know the container name.

STEP 3) Save the previous version of dataport

• This command should be used to take the backup. If your dataport container has an alternate name, put that in place of ‘dataport’.

docker rename dataport dataport.bk

STEP 4) Pull and Run N2N's Integration Gateway image.

* Your network name in the below command could be different.
* You can get your network name by inspect command as below(the entry will be in the 'Networks' array - see the image below)
 
$ docker inspect nginx (nginx is the container name)

Example:Image below

docker pull quay.io/n2ndevops/illuminatedataport:4.12

To run this dataport image, the network name n2ndataport_default should be grabbed as below

docker run --network=n2ndataport_default --net-alias dataport --name dataport -it -d quay.io/n2ndevops/illuminatedataport:4.12

STEP 5: Auto Restart the containers

• This command helps to auto-restart upon server reboot unless manually stopped.

docker update --restart=unless-stopped dataport

docker stop dataport.bk (dataport is the container name)

docker rm dataport.bk

• Restart the docker engine to ensure it picks the new container.

service docker restart (start the containers manually if they go down)

When you inspect the docker network the new dataport image and nginx should be in the same “Containers” array as shown below image. If you don’t see them in the same network. Check the note above the run command

#docker inspect n2ndataport_default

• Test the connection using curl. It should “return a response status as not a valid request.” Note that you need to configure the command below to match organizational nomenclature

curl -X GET https://{server_name(or)host_name}/idp

{"status":"FAIL","message":"Not a valid request."}

STEP 6) Add Database Credentials.

• To grab the authorization token from the Illuminate app

  • Login into QA Illuminate app: https://qa.illuminateapp.com/api-universe/login

    Login into PROD Illuminate app: https://illuminateapp.com/api-universe/login

  • From the left-side menu, select Connections.

  • From Applied Database Providers select the eye icon(as shown in the figure as option 2).

    Click on GENERATE TOKEN button to the right side of the screen.

  • A popup will appear with authorization details that should be copied and used to run the database curl command

    • Note: The generated token will expire in 5 mins.

Step 6(i)- Create & run the CURL command

• Run the following command to retrieve the Docker container IP (in this case we need the Integration Gateway container port)

docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' dataport

$ curl -X POST 'https://{your_dns_name}/idp/addDBproperties' -H 'Authorization:Token from Illuminate connections page in Step 2' -H 'Content-Type: application/json' -d 'Grab the database type from below table'

Don't alter the keys and single quotes from the above curl

(OR)

• You can also use DNS (which is assigned to the Integration Gateway) to add DB properties file 

$ curl -X POST 'https://{your_dns_name}/idp/addDBproperties' -H 'Authorization:Token from Illuminate connections page in Step 2' -H 'Content-Type: application/json' -d 'Grab the database type from below table'

Step 6(ii) - Create & run the CURL command

• Upon successful connection, you will see the following message

{"status":"success","message":"Properties Added"}

Step 6(iiI) - Restart dataport container

• Upon successful connection, you will need to restart the container

service docker restart

APPENDIX-6: Maintenance steps

Docker/Containers -Current Status Check

• Look for the “healthy” status on the three containers

  dataportProd

  Dataport

  nginx

docker ps

Checking Logs

docker exec -it dataport bash (replace “dataport” with the name of the container)

cd logs

tail -f dataport.log (The log file is named “dataport” for both the prod and test containers)

Manual Stop/Start/Restart of a Container

docker start containerId

docker stop containerId

docker restart containerId

OR
The below command restarts all the containers at once

docker update --restart=unless-stopped $(docker ps -q)
service docker restart

To check on the current restart setting:

• docker inspect containerId

• Then check the “restart policy” section of the file

To change the restart behavior:

docker update --restart=no $(docker ps -q)

restart: always

restart: on-failure

restart: unless-stopped