Skip to content

Creating the Secure Build Server

You can create the Secure Build virtual server by using the hpvs deploy command by specifying a configuration yaml file as an input for the hpvs deploy command. This is the recommended option to provision the instance because of it's ease of use, and is also an easier method of creating multiple instances quickly.

You can also use the hpvs vs create command to create the virtual server, however this method requires you to enter several configuration information using multiple commands. For more information about this method, see Create a virtual server by using the hpvs image and hpvs vs create commands.

Prerequisites

Before you start the Secure Build process, you must create the certificate and key to securely communicate with Secure Build Server. Complete the following steps.

  1. Run the following command.

    cd $HOME/hpvs/config/securebuild/keys
    

  2. Create the certificate and key to securely communicate with Secure Build Server.

    openssl req -newkey rsa:2048 \
    -new -nodes -x509 \
    -days 3650 \
    -out sbs.cert \
    -keyout sbs.key \
    -subj "/C=GB/O=IBM/CN=johndoe.example.com"
    

    Note

    If you see errors like random number generator:RAND_load_file:Cannot open file, then run the following commands.

    openssl rand -out $HOME/.rnd -hex 256
    

  3. Run the following command to change the certificate to base64 encoding.

    echo $(cat sbs.cert | base64) | tr -d ' ' >> sbs_base64.cert
    

Creating a Secure Build virtual server

  1. Create the configuration yaml file securebuild.yml for the instance by referring to the example file $HOME/hpvs/config/securebuild/vs_securebuild.yml. The vs_securebuild.yml has the configuration details for the virtual server and refers to the corresponding sections of the virtualserver.template.yml when you run the hpvs deploy command. The virtual server template file contains the definitions of the resources, volumes, environment templates, and networks that are required to create a virtual server. For example, the resourcedefinition: ref value refers to the resourcedefinitiontemplate definition in the template file.

    Example of a Secure Build virtual server configuration file

    version: v1
    type: virtualserver
    virtualservers:
    - name: test_securebuild
      host: test2
      repoid: SecureDockerBuild
      imagetag: 1.2.5
      imagefile: /home/hpvs_user/hpvs/config/securebuild/images/SecureDockerBuild.tar.gz
      resourcedefinition:
         ref: small
      environment:
       - key: ROOTFS_LOCK
         value: "y"
       - key: CLIENT_CRT
         value: "@/home/hpvs_user/hpvs/config/securebuild/keys/sbs_withbase64.cert" # provide certificate file in base64 format
       - key: RUNQ_ROOTDISK
         value: newroot
      ports:
       - containerport: 443
         protocol: tcp   
         hostport: 21443
      volumes:
       - name: qg_securebuild
         ref: np-medium
      mounts:
       - mountpoint: /data
         filesystem: ext4
         size: 16GB
         mount_id: data
       - mountpoint: /docker
         filesystem: ext4
         size: 16GB
         mount_id: docker
       - mountpoint: /newroot
         filesystem: ext4
         size: 10GB
         mount_id: newroot
         reset_root: false
    
    This Secure Build virtual server is used to build the MongoDB image.

    Note: You can view the example configuration files at home/hpvs_user/HPVS12x_Production/config/yaml.

  2. Create the Secure Build virtual server by using the configurations in the yaml file.

    hpvs deploy --config $HOME/hpvs/config/securebuild/securebuild.yaml --templatefile ../../templates/virtualserver.template.yml
    

    Example of the command
    hpvs deploy --config $HOME/hpvs/config/securebuild/securebuild.yaml --templatefile ../../templates/virtualserver.template.yml
    

The deploy process automates creation of the quotagroup, network, and loads the Secure Dockerbuild image to the Secure Service Container LPAR. After the command completes execution, the Secure Build Server will be available at the IP Address of the Hyper Protect Virtual Server LPAR and port (GuestPort) specified. To showcase the sample application, this Secure Build virtual Server will be used to build the MongoDB Docker image later in this trial. You can follow the same procedure listed above, for creating a Secure Build virtual Server that will be used to build the digital banking application Docker image later in this trial.

Example Output

Create Server

Creating the virtual server for MongoDB

  1. Create the configuration file mongo_demo.yml for the MongoDB virtual server by referring to the example vs_configfile_readme.yaml available at $HOME/home/hpvs/config. The following is an example of the configuration file:

    mongo_demo.yml
    version: v1
    type: virtualserver
    virtualservers:
    - name: test_mongo
      host: test2
      repoid: mongodemo
      imagetag: latest
      imagefile: /home/hpvs_user/hpvs/config/securebuild/regfiles/encryptedRepoRegistration_mongo.enc
      resourcedefinition:
         ref: small
      networks:
      - ref: external_network
        ipaddress: 129.40.15.19
      volumes:
       - name: qg_securebuild
         ref: np-medium
         mounts:
         - mount_id: data
           mountpoint: /data
           filesystem: ext4
           size: 10GB
    

    Tip

    Step 3 of "Procedure to create the MongoDB image" from the topic Securely Build your application generates the encrypted registration file encryptedRepoRegistration_mongo.enc that is used in the above example yaml file. You can view the example configuration files at home/hpvs_user/HPVS12x_Production/config/yaml.

  2. Create the MongoDB virtual server by using the configurations in the yaml file (in this step, the MongoDB image is pulled from DockerHub).

    hpvs deploy --config $HOME/hpvs/config/vs_configfile_readme.yml --templatefile ../../templates/virtualserver.template.yml
    
    Example of the command
    hpvs deploy --config $HOME/hpvs/config/mongo_demo.yml --templatefile ../../templates/virtualserver.template.yml
    
    Example Output

    Mongo Server

Creating a Secure Build virtual server to build the digital banking application

You can complete the same steps for creating the Secure Build virtual server to build the digital banking application Docker image.

After you complete the steps to create the virtual server, this server is used to build the digital banking application Docker image, later in this trial.

Tip

If you do not want to create another configuration file, you can delete the Secure Build virtual server that was earlier created (test_securebuild) for building the MongoDB image, and follow the same steps for creating a Secure Build virtual server .You can view the example configuration files at home/hpvs_user/HPVS12x_Production/config/yaml.

Creating the virtual server for the digital banking application

The procedure is the same as the one you would use to create the virtual server for MongoDB, but use a configuration file that specifies the details that are required for the digital virtual server.

  1. Create the configuration file for the digital banking application virtual server by referring to the example vs_configfile_readme.yaml available at $HOME/home/hpvs/config. This following is an example of the configuration file:

    digital_demo.yml
    version: v1
    type: virtualserver
    virtualservers:
    - name: test_digital
      host: test2
      repoid: digitaldemo
      imagetag: latest
      imagefile: /home/hpvs_user/hpvs/config/securebuild/regfiles/encryptedRepoRegistration_digital.enc
      resourcedefinition:
         ref: small
      networks:
      - ref: external_network
        ipaddress: 129.40.15.20
      environment:
      - key: LOGTARGET
        value: /dev/console
      - key: ROOTFS_LOCK
        value: "y"
      - key: ROOT_SSH_KEY
        value: '@/home/hpvs_user/.ssh/id_rsa'
      - key: RUNQ_ROOTDISK
        value: new_qg_digitalbank         
      volumes:
       - mounts:
         - filesystem: ext4
           mount_id: new_qg_digitalbank
           mountpoint: /newroot
           size: 10GB
         - filesystem: ext4
           mount_id: data
           mountpoint: /data
           size: 10GB
         name: qg_hpvs_digitalbank
         ref: np-medium
    

    Note: You can view the example configuration files at home/hpvs_user/HPVS12x_Production/config/yaml.

  2. Create the digital application virtual server by using the configurations in the yaml file (in this step, the digital banking application image is pulled from DockerHub).

    hpvs deploy --config $HOME/hpvs/config/vs_configfile_readme.yml  --templatefile ../../templates/virtualserver.template.yml
    
    Example of the command
    hpvs deploy --config $HOME/hpvs/config/digital_demo.yml  --templatefile ../../templates/virtualserver.template.yml
    
    Example Output

    Digital Server

Note

  • You can assign IP addresses and hostnames for containers as necessary for your purposes but using the docker network and host ports is a nice way to quickly get running without having to use up IP addresses on your network.
  • You can use the hpvs undeploy command to delete a virtual server. For more information, see Undeploying virtual servers.
  • You can update the resources or configuration of a virtual server after the completion of the deploy operation by using the -u, or the --update flag of the hpvs deploy command. For more information, see Updating virtual servers.