© 2015 IBM Corporation

IBM DataPower GatewaysdevOps with UrbanCode DeployMarch 2016

DataPower devOps

Operational Context

▪Role-Base Access Control

▪Auditing

▪who, what, where, when

Common Activities

▪Quiesce traffic to the appliance

▪Deploy new firmware

▪Create an application domain

▪Deploy a new version of an application domain with environment-specific parameters

▪Rollback to a previous version

▪Quiesce traffic to an application domain

2

Manual Approach

3

Manual Approach

o Pros

Uses built-in DataPower features

All activities within the context of DataPower’s Role Based Management framework

o Cons

➢ Least scalable

➢ Least consistent/repeatable

o Human Error is very likely

o DataPower is completely alien to most Operations teams

o Configurations in each domain become inconsistent, over time

4

“Role-Your-Own Automation” Approach

o Pros

Use one of DataPower’s management interfaces

XML Management Interface, REST Management Interface, Command Line Interface

All DataPower changes performed within the context of DataPower’s Role Based Management framework

o Cons

Automation via scripting (e.g. Shell Script, Jython, PERL, etc)

Inconsistent approaches to scripting; incomplete devOps features

Relies on a few “heroes” that know how the scripts are written, what they do.

Expensive to build & maintain

Not consistent with tools/how Ops teams deploy everything else; requires developers to be close-by

Not fault tolerant 5

Automated with UrbanCode Deploy

6

Automation with UrbanCode Deploy

o Pros

Full application domain and firmware life-cycle management.

Integration with 3rd party Source Code Control Repositories

Functions executed within context of DataPower’s Role Based Management framework

Easily understood and adopted by Operations teams

Fault tolerant - can roll-back to earlier version if necessary

Most cost-effective approach (buy a world-class capability, versus attempting to build the capability)

UrbanCode Deploy usage can be expanded to automate devOps for many other parts of your environment

o Cons

o ???

7

IBM UrbanCode Deploy – Deployment Automation

Deployment of Applications through Environments Rapidly deliver to multiple environments for testing

Visibility into deployment status via dashboards

Easily roll back applications due to errors or changes

Compliance via audit trails and security

Integrated with existing investments (middleware, database, source control, configuration management, change management, etc.)

Versioned Artifacts

QAEnvironment

Production Environment

Development Environment

Artifacts Artifacts Artifacts

Execute Against Execute Against Execute Against

Deploy orRollback

Deploy orRollback

Deploy orRollback

Application Blueprint

8

DataPower UrbanCode Deploy Plugin

o Available for downloaded from the developerWorks UrbanCode plugins site:

‒ https://developer.ibm.com/urbancode/plugins/ibm-urbancode-deploy/

o The plugin utilizes the DataPower Configuration Management (DCM) tool as the basis for plugin functionality. Ant is included and is used to drive the automation and is included in the plugin

o The DCM tool connects remotely to a DataPower instance and executes the steps via that connection. Therefore, any UCD agent that has network connectivity to the DataPower nodes can be used.

‒ Note: Since the plugin utilizes Ant, a JDK must be used as the basis of the agent instead of a JRE.

9

DataPower UrbanCode Deploy Plugino The available DataPower plugin steps:

‒ Backup Device

‒ Backup Domains

‒ Checkpoint Delete

‒ Checkpoint Restore

‒ Checkpoint Save

‒ Create Domain

‒ Crypto Identity Credential from Definition

‒ Crypto Validation Credential from Definition

‒ Delete Domain

‒ Host Alias Remove

‒ Host Alias Set

‒ Import (Basic)

‒ Import (Definition)

‒ Import (Deployment Policy Object)10

– Invoke any deploy.ant.xml target

– Load Balancer Group from Definition

– Quiesce Domain– Restart Domain– Restore Backup– Save Configuration– Set Log Level– Unquiesce Domain– Upload Directory– Upload from Definition

DataPower UrbanCode Deploy Plugin

o Every plugin step contains the same 5 hidden properties that capture the connection information

o The values should be captured in resource and/or environment properties

o Target Environment property specifies the properties to use from the configuration file (see next slide)

11

DataPower UrbanCode Deploy Plugin

o DCM takes a properties file to override values that are environment specific. Many plugin steps accept the properties file as input.

o Various ways to address these environment specific property values:

‒ Config files (see below)

‒ Store them in UCD and generate the file

12

<dcm:definition xmlns:dcm="urn:datapower:configuration:manager">

<dcm:loadbalancergroup environment="dev" name="ucdDemo‐backends"> <dcm:member server="192.168.13.89" port="443" enabled="true"/>

</dcm:loadbalancergroup>

<dcm:loadbalancergroup environment=“test" name="ucdDemo‐backends"><dcm:member server="192.168.13.81" port="443" enabled="true"/> 

</dcm:loadbalancergroup> 

</dcm:definition>