TABLE OF CONTENTS
- What is the Illuminate Integration Gateway?
- General System Requirements
- What is Docker and why does N2N use this?
- Docker Installation Instructions
- Detailed instructions for installing Docker & Docker Compose (on CentOS)
- Integration Gateway Installation
- APPENDIX-1(OPTIONAL): Load Balancing the Integration Gateway
- APPENDIX-2: Integration Gateway setup for PROD on the same QA host/server
- APPENDIX-3: Optional step to autostart the containers after a server reboot
- APPENDIX-4: SSL Certs In Dataport/IIG
- What is an SSL certificate?
- What are Certificate Chains?
- What is SSL Certificate Chain Order?
- There are three parts to the chain certificates
- How To Update SSL Certs In Dataport
- How To form a bundle .crt file
- Additional step if the private key is password protected:
- Now you have the bundled cert and private key ready, do the below steps to update these files in the Nginx container:
- Step 1:
- sudo docker cp dataport-test.school.edu.crt nginx:/certs/dataport-test-school-edu.crtStep 2:
- Step 3:
- Step 4:
- Step 5:
- APPENDIX-5: Integration Gateway upgrade using manual steps
- Login to the VM instance as root
- To pull N2N’s Integration Gateway image from the N2N private repository (quay.io), please enter Docker login credentials that are obtained from Illuminate.
- STEP 1) Authorization to Access Integration Gateway Docker Images
- STEP 2) Find and stop the dataport container
- STEP 3) Save the previous version of dataport
- STEP 5: Auto Restart the containers
- STEP 6) Add Database Credentials.
- Step 6(i)- Create & run the CURL command
- Step 6(ii) - Create & run the CURL command
- Step 6(iiI) - Restart dataport container
- APPENDIX-6: Maintenance steps
What is the Illuminate Integration Gateway?
The Illuminate Integration Gateway, also called the Dataport, is a tool used to provide the Illuminate platform with access to data that is located in physically and logically secure configurations, such as behind a firewall in the organization’s data center. The Integration Gateway provides a secure, encrypted channel to transport this data to the Illuminate cloud environment, where Illuminate creates a secure Application Program Interface (API) access platform.
How it works
N2N provides a Docker container that runs Illuminate's Integration Gateway (IIG). This is installed on a Virtual Machine (VM) that is provided by the University and typically hosted on the University's network. The IIG is used to facilitate secure communication between the University database and the Illuminate Platform without having to allow direct external communication to the actual database. VM setup is operating system specific, please refer to your onsite System Administrator for VM setup.
What is the current version of the Integration Gateway?
Illuminate Integration Gateway is at Version 4.12
*Note: Prior versions of the Illuminate Integration Gateway were branded "Illuminate Dataport"
What do we provide?
N2N provides a Docker image with the following software packages included:
Tomcat 9.0.20
JVM 11.0
Illuminate Integration Gateway Project 4.12 (the N2N application code)
General System Requirements
General system requirements for installing the Integration Gateway:
Software
Docker 17.x version or higher
Hardware (VM)
4 to 8 CPU Cores (processors)
8GB to 16GB RAM
Enough disk space to run the OS and other supporting software (recommended disk space 40+ GB)
Typically an 8 GB ram server with 4 core processor can serve about 700-800 transactions per second.
For more information about Docker, prerequisites visit the Docker page
What is Docker and why does N2N use this?
What is Docker?
Docker is the world's leading software containerization platform. Docker containers wrap a piece of software in a complete file system that contains everything needed to run: code, run time, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment. Containers isolate applications from one another and the underlying infrastructure while providing an added layer of protection for the application.
For more details about Docker please visit this Docker page
What is Docker Compose?
Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.
For more details about docker-compose please visit the Docker Compose page
Why does N2N use Docker for the Illuminate Integration Gateway?
The Docker platform provides N2N with a simple, effective way to deliver the right package of software to the Illuminate Integration Gateway. Docker allows N2N to combine tested versions of software with validated configuration files into one deployment package. This process greatly reduces the number of manual steps, which improves reliability and robustness, as well as making deployment faster!
Docker Installation Instructions
Docker CE (Community Edition) is available on multiple platforms. Use the following matrix to choose a supported operating system that provides the best installation path for you. Click on the platform to navigate for detailed documentation on the docker site. We provide detailed instructions for installing Docker and the Integration Gateway on CentOS along with other required configurations. Other Linux implementations will be similar.
Supported Platforms
Platform | Docket CE x86_64 |
---|---|
CentOS | Yes (Recommended) |
Yes | |
Yes | |
Yes | |
Yes | |
Yes | |
Yes | |
Yes | |
Yes | |
Oracle Linux | Yes |
SUSE Linux Enterprise Server | No |
Microsoft Windows Server 2016 | No |
For more details please visit docker supported-platform documentation
Detailed instructions for installing Docker & Docker Compose (on CentOS)
Prerequisites
- An SSL certificate ready (self-signed is not supported) which includes .crt file (the .crt file must have the public, root, and intermediate certs, with public cert on top of the file) and a private key. (See SSL Certs FAQs at the end of this document)
Ports 443, 80, 2376 (2376 port is optional) need to be open on the VM instance where Docker and Integration Gateway are installed
Get the authorization credentials from N2N to pull the Docker image
Docker Installation
There are two ways to install Docker Engine
Install using the yum package manager (Recommended)
Install using the instruction from https://docs.docker.com/install/linux/docker-ce/centos/
Install with yum
- Log into your VM as a user with sudo rights to install and manage services or root user. If you are logged in as root you do not need to add the "sudo" at the beginning of each command.
- Make sure your existing packages are up-to-date using yum
sudo yum update -y
- Add the yum repository if it doesn’t exist on your server where you are installing Docker.
We will also need to enable the Redhat "extras" repository for RHEL 7 (The third command to enable the Redhat extras repository will only need to be run if you are running RHEL 7).
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum-config-manager --enable rhel-7-server-rhui-extras-rpms
- Install the Docker package for RHEL 8.
sudo yum install -y --nobest docker-ce docker-ce-cli containerd.io
- Install the Docker package for RHEL 7.
sudo yum install -y docker-ce docker-ce-cli containerd.io
- Enable the Docker service. This is needed so docker will start whenever the system is restarted
sudo systemctl enable docker.service
- Start the Docker daemon
sudo systemctl start docker
- Verify Docker has been installed correctly by running a test image in a container
sudo docker ps
- The screenshot below will show the installation is done properly.
Now that Docker installation is complete, the next step is to install Docker compose.
Docker Compose Installation
- Run this command to download the current stable release of Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
If you have problems installing with curl
, see Alternate Installation Option
- Apply executable permissions to the binary.
sudo chmod +x /usr/local/bin/docker-compose
If the command `docker-compose` fails after installation, check your path. You can also create a symbolic link to `/usr/bin` or any other directory in your path
For Example:
`sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose`
for details about Docker compose, please visit here
- Test the docker-compose Installation
docker-compose --version
O/P: docker-compose version 1/24/0, build 1110ad01 it will show docker-compose version
Integration Gateway Installation
Prerequisites
- Firewall rules need to be set up by this time. Whitelist N2N NAT IPs below
QA NAT - 23.20.165.255
PROD NAT - 54.204.165.208
Occasionally, some clients will block their server for all publicly hosted websites - in this case, they need to whitelist access to quay.io as the below instruction talk about downloading our docker container images from our quay.io repository.
Look at Appendix-4 for SSL certs setup info
N2N will need an FQDN which connects to the Integration Gateway on HTTPS
Authorization to Access Integration Gateway Docker Images
Getting the quay credentials through the Illuminate app
For QA IIG Setup, Login into the QA Illuminate app: https://qa.illuminateapp.com/api-universe/login
For Production IIG Setup, Login into the PROD Illuminate app: https://illuminateapp.com/api-universe/login
If you do not have an Illuminate account please contact appsupport@n2nservices.com
Get the credentials by following the below steps
From the left-side menu, select the connection button.
Next, click the button IIG CONTAINER KEY to the right top corner.
Copy the username and password within the popup box.
- Run the below command on the dataport server using the credentials above.
docker login -u="n2ndevops+User" -p="xxxxxxxxxxxxxxxxxxx" quay.io
Integration Gateway Installation
Login as root on to the VM
Create a folder with your preferred name (below is an example)
mkdir n2ndataport
- Download the docker-compose.yml file which is attached to the bottom of this document.
- Place this docker-compose.yml file in the folder 'n2ndataport' which was created in the above step.
- Run the docker-compose.yml file to deploy both Nginx and Integration Gateway Docker containers. Use the below command;
docker-compose up -d
Once docker-compose up -d is executed:
Default Docker network is created with the folder name where the docker-compose.yml file is located (in the screenshot above n2ndataport_default docker network is created based on folder n2ndataport)
Then in the next step, it started pulling the Integration Gateway image and Nginx image
In the final step, Integration Gateway and Nginx containers are created
The output after running the above command will look like the screenshot below.
Run `
docker ps`
command to view the installed/running containers. In the screenshot below, we can see that the Integration Gateway (Dataport) and Nginx containers are up and running.
Applying the SSL Certificate
Check the Appendix-4 on additional details on forming the cert files (.crt & .key).
Now copy all your SSL certificate files (such as the .crt and .key files*) to the “certs” folder inside the Nginx container
docker cp <your file name>.crt nginx:/certs/<your file name>.crt
docker cp <your file name>.key nginx:/certs/<your file name>.key
File extensions .crt and .key are used as an example, use appropriate valid extensions as needed.
FAQ: What type of certificates are we using for connecting to your Integration Gateway?
We are using X.509 type certificates.
FAQ: Should SSL certificates point to the server or docker containers?
Here SSL certificates should be in relation with host_name or domain name (while generating certificates).
These certificates should point to the docker containers. Here, in this case, we are placing certificates in the Nginx container.
- Login to the Nginx container
docker exec -it nginx bash
vi /etc/nginx/conf.d/default.conf
- Open default.conf file:
$ Add "ssl" at line 2 as shown below
Example: listen 443 ssl;
$ Change server_name to yourdnsname.com at lines 3 and 22
$Uncomment lines 4 and 5 (Note: Do this step after copying certificates to nginx container)
$wq! (save the configurations)
Now test Nginx config using this command (the command checks whether the certificates are valid)
nginx -t
- Note: If the validation is successful, exit from the nginx container (using the below command). Otherwise, review the error and return to the Nginx default.conf file for any edits.
exit
Restart the Nginx container
docker restart nginx
Test connection
Test the connection using the curl command below. It should return a response: "Not a valid request.”. Note that you need to configure the command below to match your organizational nomenclature.
curl -X GET https://{server_name(or)host_name}/idp
The success message looks like below
{"status":"FAIL","message":"Not a valid request."}
Establishing a connection between Illuminate, Integration Gateway, and the SIS Database
Note: Firewall rules need to be set up by this time. Whitelist N2N NAT IPs below
QA NAT - 23.20.165.255
PROD NAT - 54.204.165.208
Step 1 - Adding Integration Gateway URL in Illuminate app
Note: In this step, we will configure the Integration Gateway details in the Illuminate App.
Setting up Integration Gateway in Illuminate app
For QA Setup, Login into QA Illuminate app: https://qa.illuminateapp.com/api-universe/login
For Production Setup, Login into PROD Illuminate app: https://illuminateapp.com/api-universe/login
If you do not have an Illuminate account please contact appsupport@n2nservices.com
Configure the Integration Gateway details within the Illuminate App's Connection Module by following below steps
From the left-side menu, select the connection button.
Next, select Setup Dataport from the list of options
Click on GET STARTED
Enter the 'Dataport Name' field and the 'Dataport URL' field then click on the publish button on the screen.
Dataport Url example looks like https://{server_name(or)host_name
Step 2 - Add the database provider in the Illuminate app
This step is also performed in the Illuminate App.
Configure the Database provider details within the Illuminate App's Connection Module using the following steps:
From the left-side menu, select Connections.
Click the ADD PROVIDER button above the provider list index table
Next, under Provider Details select the Provider Type as Database.
Select the appropriate database under Provider (i.e Oracle or SQL Server per your SIS).
Enter the desired name for Provider Name.
Enter a Connection Name for this setup.
Enter a description for this connection.
Click Save.
A popup will appear with authorization details that should be copied and used to run the database curl command in Step 5.
The generated token will expire in 5 mins.
You can also follow the steps from this link Step by Step visual instructions for Step 2
Step 3 - Connecting the Integration Gateway to the Database(s)
Note: The instructions below are to be performed on the Integration Gateway Server.
In this step, we will establish the connection between the Integration Gateway and the database by creating a property file.
Use the below method to configure the property file:
The properties are generated using a curl command. For security, please turn off Linux history before running the curl command, using the following set command:
set +o history
The Illuminate Integration Gateway includes a web service that will create these properties in the system.
Step 4 - Creating the request body with the database properties
This service needs a JSON request body as shown below. Pick the version of the body as per your database.
ORACLE
{ "DBHost": "0.0.0.0", "port": "1234", "SID": "", "ServiceName": "servicename", "DBUsername": "username", "DBPassword": "***********" }
# A value should be populated for either SID or ServiceName but not both
# Don't delete the keys in the JSON, which will result in errors.
# Ensure there is no carriage return/line feed(CR/LF) characters in the parameter before running the curl command.
SQL SERVER
{ "DBHost": "0.0.0.0", "port": "1234", "databaseName": "", "DBUsername": "username", "DBPassword": "***********" }
SQL SEVER (SQL Server with no port )
{ "DBHost": "0.0.0.0","instance":"POWERCAMPUSDB", "port": "", "databaseName": "", "DBUsername": "username", "DBPassword": "***********" }
INFORMIX
{ "DBHost": "0.0.0.0", "port": "1234", "databaseName": "", "DBUsername": "username", "DBPassword": "***********","informixServer": "" }
SYBASE
{ "DBHost": "0.0.0.0", "port": "1234", "databaseName": "", "DBUsername": "username", "DBPassword": "***********" }
Step 5 - Create & run the CURL command
In the below curl command, you will need to replace the post body option (everything following -d option) with the one you picked in step 4.
The Authorization token as obtained in step 2 is plugged in the below curl command after 'Authorization:' string
In the below curl command, you can either choose the url with dataport_container_ip:port or the with the your_dns_name option.
Note: If you chose the dataport_container_ip:port option, run the following command to retrieve the Docker container IP (in this case we need the Integration Gateway container port)
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' dataport
Choose one of the curl commands below:
$ curl -X POST 'http://{dataport_container_ip:port}/idp/addDBproperties' -H 'Authorization:Token from Illuminate connections page in Step 2' -H 'Content-Type: application/json' -d '{"DBHost": "0.0.0.0","port": "1234","SID": "","ServiceName": "servicename","DBUsername": "username","DBPassword": "***********"}'
(OR)
You can also use DNS (which is assigned to the Integration Gateway) to add DB properties file
$ curl -X POST 'https://{your_dns_name}/idp/addDBproperties' -H 'Authorization:Token from Illuminate connections page in Step 2' -H 'Content-Type: application/json' -d '{"DBHost": "0.0.0.0","port": "1234","SID": "","ServiceName": "servicename","DBUsername": "username","DBPassword": "***********"}'
- After forming the curl command, execute the command. Upon successful connection, you will see the following message.
{"status":"success","message":"Properties Added"}
If the Integration Gateway is on a load-balanced network and you use the DNS method to add the properties it will not update in all the containers. In this case, use the container IP to individually update the properties.
- Restart the dataport container with the commands mentioned in the Appendix-6.
APPENDIX-1: Load Balancing the Integration Gateway (OPTIONAL)
Note: Recommended but optional
Load balancing refers to efficiently distributing incoming network traffic across a group of servers. A Load Balancer acts as the "traffic cop" sitting in front of your servers and routing requests across all servers capable of fulfilling those requests in a manner that maximizes speed and capacity utilization and ensures that no one server is overworked, which could degrade performance. If a single server goes down, the load balancer redirects traffic to the remaining online servers. When a new server is added to the server group, the load balancer automatically starts to send requests to it.
If the Integration Gateway is on a load-balanced network, please ensure appropriate steps are followed to update the database properties in all relevant servers/containers.
For general background information, see this article about Load Balancing
Sample load balancing diagram leveraging Docker
APPENDIX-2: Integration Gateway setup for PROD on the same QA host/server
If the client wants to set up a PROD integration gateway on the QA host, they need to follow these steps
Create a new docker network
docker network create n2ndataport_prod_default
- Connect Nginx container to newly created dataport network
docker network connect n2ndataport_prod_default nginx
Create prod integration Gateway Docker container
docker run --network=n2ndataport_prod_default --net-alias dataportProd --name dataportProd -it -d quay.io/n2ndevops/illuminatedataport:4.12
- Uncomment lines from 16-23 in default.conf file
Test Nginx configurations
nginx -t
- Reload Nginx configurations
service nginx reload
Test the connection using curl. It should “return a response status as not a valid request”. Note that you need to configure the command below to match organizational nomenclature
curl -X GET https://{server_name(or)host_name}/idp2
- Now jump to "Establishing a connection between Illuminate, Integration Gateway, and the SIS Database"
APPENDIX-3: Optional step to autostart the containers after a server reboot
If a server is rebooted, restarted, or start/restart, the docker engine must be restarted. To accomplish that automatically follow the steps below
chkconfig docker on
docker update --restart=unless-stopped $(docker ps -q)
The above command starts all the containers within the docker engine of the server
APPENDIX-4: SSL Certs In Dataport/IIG
If a client wants to update SSL certs in Nginx, they can go through these instructions for more details
What is an SSL certificate?
An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.
What are Certificate Chains?
A certificate chain (or Chain of Trust) is made up of a list of certificates that start from a server’s certificate and terminate with the root certificate.
What is SSL Certificate Chain Order?
The SSL certificate chain order consists of root certificates, intermediate certificates, and a server’s certificate. Root CAs are a trusted source of certificates. Intermediate CAs are bridges that link the server’s certificate to the root CA.
There are three parts to the chain certificates
Server Certificate: The server certificate is issued to the specific domain the user needs coverage for.
Intermediate Certificate: Intermediate certificates act as middle-men between the protected root certificates and the server certificates issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.
Root Certificate: A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by CAs.
For an SSL certificate to be authenticated by the web browsers, it must be authentic and issued by a trusted certificate authority embedded in the browser’s trusted store. If your SSL certificate isn’t issued by a trusted certificate authority, i.e., if it isn’t issued by a Root CA, then the connecting device or web browser will continue to check if the issuing CA was issued by a root CA. It will keep going back down the SSL certificate chain order to find the root CA. If it finds a root CA, a secure connection will be established. If it doesn’t find a root CA, then the connection will be dropped, and your web browser will display an error message that reads “invalid certificate” or “certificate not trusted.”
How To Update SSL Certs In Dataport
Ensure you have a private key
Create a full certificate bundle for NGINX using one of the methods below, depending on how your SSL provider delivered the certificates to you.
How To form a bundle .crt file
# Open up a notepad or any text editor.
# Copy-paste the Public cert (public should always be on the top of the file)
# Copy-paste the Intermediate cert
# Copy-paste the Root cert
# Now save the file with the desired name(dataport-test-school-edu.crt) within an extension of the .crt
# You will have to create a .crt(self-signed is not accepted) file and a private key.
(OR)
Example GoDaddy:
cat signed_ssl.crt gd_bundle.crt > dataport-test-school-edu.crt
Above gd_bundle assumes both intermediate and root
Other SSL providers with a single intermediate certificate:
cat signed_ssl.crt intermediate1.crt root.crt > dataport-test-school-edu.crt
Other SSL providers with multiple intermediate certificates:
cat signed_ssl.crt intermediate1.crt intermediate2.crt root.crt > dataport-test-school-edu.crt
Additional step if the private key is password protected:
If your private key is password-protected, we will need to make a copy without that password to use on the NGINX instance. If you run these commands and are not prompted for a passphrase, your SSL key did not have a passphrase. If you are prompted for a passphrase, enter it when prompted.
NGINX will not properly restart if the private key is password protected.
Hence, run the below command to turn the password-protected to a file.
openssl rsa -in private.key -out dataport-test-school-edu.key
Now you have the bundled cert and private key ready, do the below steps to update these files in the Nginx container:
Step 1:
Upload the new cert and the key files to the server
Copy the new files to the NGINX Docker container to the certs folder.
sudo docker cp dataport-test.school.edu.key nginx:/certs/dataport-test-school-edu.key
sudo docker cp dataport-test.school.edu.crt nginx:/certs/dataport-test-school-edu.crt
Step 2:
Navigate to the below location
docker exec -it nginx bash
vi etc/nginx/conf.d/default.conf
You will need to update the following items in the file and save them.
Modify the ssl_certificate on line 4 (if you are changing the name of the cert than previous)
Modify the ssl_certificate_key on line 5 (if you are changing the name of the cert than previous)
server {
listen 443 ssl;
server_name dataport-test.school.edu;
ssl_certificate /certs/dataport-test-school-edu.crt;
ssl_certificate_key /certs/dataport-test-school-edu.key;
underscores_in_headers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
location /idp {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://dataport:8080/idp;
}
# if you want to use same host for two environments(TEST. QA and PROD) uncomment this location block and give appropriate container name
#location /idp2{
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $server_name;
# proxy_pass http://dataport:8080/idp;
#}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name dataport-test.school.edu;
return 301 https://$host$request_uri;
}
Save the changes in the default.conf file
wq!
Step 3:
Test NGINX
nginx -t
If NGINX does not come back as successful, then do not proceed to the restart of NGINX. A successful output looks like this.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Step 4:
Restart NGINX
service nginx reload
A successful restart of NGINX looks like below
[user@dataport-test ~]$ sudo docker exec -it nginx service nginx reload [ ok ] Reloading nginx: nginx.
Exit from the container
exit
Step 5:
Verify that the NGINX container is running
docker ps
- The output should show two containers
[user@dataport-test ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
907b970bfd51 quay.io/nginx "/docker-entrypoint.…" 2 months ago Up 6 days nginx
a4adc7911498 quay.io/n2ndevops/illuminatedataport:4.4 "catalina.sh run" 4 weeks ago Up 3 weeks (healthy) 0.0.0.0:8081->8080/tcp dataport
APPENDIX-5: Integration Gateway upgrade using manual steps
Login to the VM instance as root
To pull N2N’s Integration Gateway image from the N2N private repository (quay.io), please enter Docker login credentials that are obtained from Illuminate.
STEP 1) Authorization to Access Integration Gateway Docker Images
Getting the quay credentials through the Illuminate app
Login into the QA Illuminate app: https://qa.illuminateapp.com/api-universe/login
Login into the PROD Illuminate app: https://illuminateapp.com/api-universe/login
Note: If you do not have an Illuminate account please contact appsupport@n2nservices.com
Get the credentials by following the below steps
From the left-side menu, select the connection button.
Next, click the button IIG CONTAINER KEY to the right top corner.
Copy the username and password within the popup box.
Run the below command on the dataport server using the credentials above
docker login quay.io
enter the username (grab the username from Illuminate as in the screenshot)
enter the password (grab the password from Illuminate as in the screenshot)
STEP 2) Find and stop the dataport container
Use the following command to show the containers running on the docker
docker ps
The container name can be seen by typing in `docker ps`
as below. The column name NAMES
will let you know the container name.
STEP 3) Save the previous version of dataport
This command should be used to take the backup. If your dataport container has an alternate name, put that in place of ‘dataport’.
docker rename dataport dataport.bk
STEP 4) Pull and Run N2N's Integration Gateway image.
* Your network name in the below command could be different.
* You can get your network name by inspect command as below(the entry will be in the 'Networks' array - see the image below)
$ docker inspect nginx (nginx is the container name)
Example:Image below
docker pull quay.io/n2ndevops/illuminatedataport:4.12
To run this dataport image, the network name n2ndataport_default should be grabbed as below
docker run --network=n2ndataport_default --net-alias dataport --name dataport -it -d quay.io/n2ndevops/illuminatedataport:4.12
STEP 5: Auto Restart the containers
This command helps to auto-restart upon server reboot unless manually stopped.
docker update --restart=unless-stopped dataport
- This command then stops the running dataport container. If your dataport container has an alternate name, put that in place of ‘dataport’.
docker stop dataport.bk (dataport is the container name)
docker rm dataport.bk
Restart the docker engine to ensure it picks the new container.
service docker restart (start the containers manually if they go down)
When you inspect the docker network the new dataport image and nginx should be in the same “Containers” array as shown below image. If you don’t see them in the same network. Check the note above the run command
#docker inspect n2ndataport_default
Test the connection using curl. It should “return a response status as not a valid request.” Note that you need to configure the command below to match organizational nomenclature
curl -X GET https://{server_name(or)host_name}/idp
The success message looks like below
{"status":"FAIL","message":"Not a valid request."}
STEP 6) Add Database Credentials.
To grab the authorization token from the Illuminate app
Login into QA Illuminate app: https://qa.illuminateapp.com/api-universe/login
Login into PROD Illuminate app: https://illuminateapp.com/api-universe/login
From the left-side menu, select Connections.
From Applied Database Providers select the eye icon(as shown in the figure as option 2).
Click on GENERATE TOKEN button to the right side of the screen.
A popup will appear with authorization details that should be copied and used to run the database curl command
Note: The generated token will expire in 5 mins.
Step 6(i)- Create & run the CURL command
Run the following command to retrieve the Docker container IP (in this case we need the Integration Gateway container port)
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' dataport
- Replace "dataport_container_ip:port" with the response body from the last step, in the following curl. invoke the below service (Recommended)
$ curl -X POST 'https://{your_dns_name}/idp/addDBproperties' -H 'Authorization:Token from Illuminate connections page in Step 2' -H 'Content-Type: application/json' -d 'Grab the database type from below table'
Don't alter the keys and single quotes from the above curl
(OR)
You can also use DNS (which is assigned to the Integration Gateway) to add DB properties file
$ curl -X POST 'https://{your_dns_name}/idp/addDBproperties' -H 'Authorization:Token from Illuminate connections page in Step 2' -H 'Content-Type: application/json' -d 'Grab the database type from below table'
Database Type | Connection Info |
---|---|
Banner/Oracle | {"DBHost": "0.0.0.0","port": "1234","SID": "","ServiceName": "servicename","DBUsername": "username","DBPassword": "***********"} |
SQL Server | { "DBHost": "0.0.0.0", "port": "1234", "databaseName": "", "DBUsername": "username", "DBPassword": "***********" } |
SQL Server with no port | { "DBHost": "0.0.0.0","instance":"POWERCAMPUSDB", "port": "", "databaseName": "", "DBUsername": "username", "DBPassword": "***********" } |
Informix | { "DBHost": "0.0.0.0", "port": "1234", "databaseName": "", "DBUsername": "username", "DBPassword": "***********","informixServer": "" } |
Sybase | { "DBHost": "0.0.0.0", "port": "1234", "databaseName": "", "DBUsername": "username", "DBPassword": "***********"} |
Step 6(ii) - Create & run the CURL command
Upon successful connection, you will see the following message
{"status":"success","message":"Properties Added"}
Step 6(iiI) - Restart dataport container
Upon successful connection, you will need to restart the container
service docker restart
APPENDIX-6: Maintenance steps
Docker/Containers -Current Status Check
Look for the “healthy” status on the three containers
dataportProd
Dataport
nginx
docker ps
Checking Logs
docker exec -it dataport bash (replace “dataport” with the name of the container)
cd logs
tail -f dataport.log (The log file is named “dataport” for both the prod and test containers)
Manual Stop/Start/Restart of a Container
Note: You could use below commands if you know the containerId or you could also replace containerId with the container name like: dataport or DataportProd or nginx
docker start containerId
docker stop containerId
docker restart containerId
OR
The below command restarts all the containers at once
docker update --restart=unless-stopped $(docker ps -q)
service docker restart
Turning On/Off Container Auto-Start
To check on the current restart setting:
docker inspect containerId
Then check the “restart policy” section of the file
To change the restart behavior:
docker update --restart=no $(docker ps -q)
restart: "no"
restart: always
restart: on-failure
restart: unless-stopped
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article