Creating the Secure Build Server¶
You can create the Secure Build virtual server by using the hpvs deploy
command by specifying a configuration yaml file as an input for the hpvs deploy
command. This is the recommended option to provision the instance because of it's ease of use, and is also an easier method of creating multiple instances quickly.
You can also use the hpvs vs create
command to create the virtual server, however this method requires you to enter several configuration information using multiple commands. For more information about this method, see Create a virtual server by using the hpvs image and hpvs vs create commands.
Prerequisites¶
Before you start the Secure Build process, you must create the certificate and key to securely communicate with Secure Build Server. Complete the following steps.
-
Run the following command.
cd $HOME/hpvs/config/securebuild/keys
-
Create the certificate and key to securely communicate with Secure Build Server.
openssl req -newkey rsa:2048 \ -new -nodes -x509 \ -days 3650 \ -out sbs.cert \ -keyout sbs.key \ -subj "/C=GB/O=IBM/CN=johndoe.example.com"
Note
If you see errors like
random number generator:RAND_load_file:Cannot open file
, then run the following commands.openssl rand -out $HOME/.rnd -hex 256
-
Run the following command to change the certificate to base64 encoding.
echo $(cat sbs.cert | base64) | tr -d ' ' >> sbs_base64.cert
Creating a Secure Build virtual server¶
-
Create the configuration yaml file
securebuild.yml
for the instance by referring to the example file $HOME/hpvs/config/securebuild/vs_securebuild.yml. Thevs_securebuild.yml
has the configuration details for the virtual server and refers to the corresponding sections of thevirtualserver.template.yml
when you run thehpvs deploy
command. The virtual server template file contains the definitions of the resources, volumes, environment templates, and networks that are required to create a virtual server. For example, theresourcedefinition: ref
value refers to theresourcedefinitiontemplate
definition in the template file.Example of a Secure Build virtual server configuration file
This Secure Build virtual server is used to build the MongoDB image.version: v1 type: virtualserver virtualservers: - name: test_securebuild host: test2 repoid: SecureDockerBuild imagetag: 1.2.5 imagefile: /home/hpvs_user/hpvs/config/securebuild/images/SecureDockerBuild.tar.gz resourcedefinition: ref: small environment: - key: ROOTFS_LOCK value: "y" - key: CLIENT_CRT value: "@/home/hpvs_user/hpvs/config/securebuild/keys/sbs_withbase64.cert" # provide certificate file in base64 format - key: RUNQ_ROOTDISK value: newroot ports: - containerport: 443 protocol: tcp hostport: 21443 volumes: - name: qg_securebuild ref: np-medium mounts: - mountpoint: /data filesystem: ext4 size: 16GB mount_id: data - mountpoint: /docker filesystem: ext4 size: 16GB mount_id: docker - mountpoint: /newroot filesystem: ext4 size: 10GB mount_id: newroot reset_root: false
Note: You can view the example configuration files at
home/hpvs_user/HPVS12x_Production/config/yaml
. -
Create the Secure Build virtual server by using the configurations in the yaml file.
hpvs deploy --config $HOME/hpvs/config/securebuild/securebuild.yaml --templatefile ../../templates/virtualserver.template.yml
Example of the command
hpvs deploy --config $HOME/hpvs/config/securebuild/securebuild.yaml --templatefile ../../templates/virtualserver.template.yml
The deploy process automates creation of the quotagroup, network, and loads the Secure Dockerbuild image to the Secure Service Container LPAR. After the command completes execution, the Secure Build Server will be available at the IP Address of the Hyper Protect Virtual Server LPAR and port (GuestPort) specified. To showcase the sample application, this Secure Build virtual Server will be used to build the MongoDB Docker image later in this trial. You can follow the same procedure listed above, for creating a Secure Build virtual Server that will be used to build the digital banking application Docker image later in this trial.
Example Output
Creating the virtual server for MongoDB¶
-
Create the configuration file
mongo_demo.yml
for the MongoDB virtual server by referring to the examplevs_configfile_readme.yaml
available at$HOME/home/hpvs/config
. The following is an example of the configuration file:mongo_demo.yml
version: v1 type: virtualserver virtualservers: - name: test_mongo host: test2 repoid: mongodemo imagetag: latest imagefile: /home/hpvs_user/hpvs/config/securebuild/regfiles/encryptedRepoRegistration_mongo.enc resourcedefinition: ref: small networks: - ref: external_network ipaddress: 129.40.15.19 volumes: - name: qg_securebuild ref: np-medium mounts: - mount_id: data mountpoint: /data filesystem: ext4 size: 10GB
Tip
Step 3 of "Procedure to create the MongoDB image" from the topic
Securely Build your application
generates the encrypted registration fileencryptedRepoRegistration_mongo.enc
that is used in the above example yaml file. You can view the example configuration files athome/hpvs_user/HPVS12x_Production/config/yaml
. -
Create the MongoDB virtual server by using the configurations in the yaml file (in this step, the MongoDB image is pulled from DockerHub).
hpvs deploy --config $HOME/hpvs/config/vs_configfile_readme.yml --templatefile ../../templates/virtualserver.template.yml
Example of the command
hpvs deploy --config $HOME/hpvs/config/mongo_demo.yml --templatefile ../../templates/virtualserver.template.yml
Example Output
Creating a Secure Build virtual server to build the digital banking application¶
You can complete the same steps for creating the Secure Build virtual server to build the digital banking application Docker image.
After you complete the steps to create the virtual server, this server is used to build the digital banking application Docker image, later in this trial.
Tip
If you do not want to create another configuration file, you can delete the Secure Build virtual server that was earlier created (test_securebuild) for building the MongoDB image, and follow the same steps for creating a Secure Build virtual server .You can view the example configuration files at home/hpvs_user/HPVS12x_Production/config/yaml
.
Creating the virtual server for the digital banking application¶
The procedure is the same as the one you would use to create the virtual server for MongoDB, but use a configuration file that specifies the details that are required for the digital virtual server.
-
Create the configuration file for the digital banking application virtual server by referring to the example
vs_configfile_readme.yaml
available at$HOME/home/hpvs/config
. This following is an example of the configuration file:digital_demo.yml
version: v1 type: virtualserver virtualservers: - name: test_digital host: test2 repoid: digitaldemo imagetag: latest imagefile: /home/hpvs_user/hpvs/config/securebuild/regfiles/encryptedRepoRegistration_digital.enc resourcedefinition: ref: small networks: - ref: external_network ipaddress: 129.40.15.20 environment: - key: LOGTARGET value: /dev/console - key: ROOTFS_LOCK value: "y" - key: ROOT_SSH_KEY value: '@/home/hpvs_user/.ssh/id_rsa' - key: RUNQ_ROOTDISK value: new_qg_digitalbank volumes: - mounts: - filesystem: ext4 mount_id: new_qg_digitalbank mountpoint: /newroot size: 10GB - filesystem: ext4 mount_id: data mountpoint: /data size: 10GB name: qg_hpvs_digitalbank ref: np-medium
Note: You can view the example configuration files at
home/hpvs_user/HPVS12x_Production/config/yaml
. -
Create the digital application virtual server by using the configurations in the yaml file (in this step, the digital banking application image is pulled from DockerHub).
hpvs deploy --config $HOME/hpvs/config/vs_configfile_readme.yml --templatefile ../../templates/virtualserver.template.yml
Example of the command
hpvs deploy --config $HOME/hpvs/config/digital_demo.yml --templatefile ../../templates/virtualserver.template.yml
Example Output
Note
- You can assign IP addresses and hostnames for containers as necessary for your purposes but using the docker network and host ports is a nice way to quickly get running without having to use up IP addresses on your network.
- You can use the
hpvs undeploy
command to delete a virtual server. For more information, seeUndeploying virtual servers
. - You can update the resources or configuration of a virtual server after the completion of the deploy operation by using the
-u
, or the--update
flag of thehpvs deploy
command. For more information, seeUpdating virtual servers
.