Skip to content

Commit cbf8122

Browse files
authored
Merge pull request #504 from Suse-KevinKlinger/main
Change EIC annotations
2 parents d98a681 + 91cdf1a commit cbf8122

16 files changed

+263
-186
lines changed

adoc/SAP-EIC-General.adoc

Lines changed: 10 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,6 @@ https://help.sap.com/docs/integration-suite?locale=en-US and search for the "Edg
88

99

1010

11-
# tag::disclaimer-annotation[]
12-
NOTE: In this guide, we use $ and # for shell commands, where # means that the command needs to be executed as a root user and
13-
$ means that the command can be run by any user.
14-
15-
# end::disclaimer-annotation[]
16-
17-
1811
# tag::disclaimer-production-versions[]
1912
IMPORTANT: If you want to use different versions of {slem} or {slm}, {rancher}, {rke}, or {lh}, make sure to check the support matrix for the related solutions you want to use:
2013
https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/ +
@@ -36,7 +29,7 @@ The following excerpt provides an example of how to create a CA with a passphras
3629

3730
[source, bash]
3831
----
39-
$ openssl req -x509 -sha256 -days 1825 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt -passout pass:<ca-passphrase> -subj "/C=DE/ST=BW/L=Nuremberg/O=SUSE"
32+
openssl req -x509 -sha256 -days 1825 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt -passout pass:<ca-passphrase> -subj "/C=DE/ST=BW/L=Nuremberg/O=SUSE"
4033
----
4134

4235
This will generate the files _rootCA.key_ and _rootCA.crt_.
@@ -45,7 +38,7 @@ The following excerpt shows how to create such a CSR:
4538

4639
[source, bash]
4740
----
48-
$ openssl req -newkey rsa:2048 -keyout domain.key -out domain.csr -passout pass:<csr-passphrase> -subj "/C=DE/ST=BW/L=Nuremberg/O=SUSE"
41+
openssl req -newkey rsa:2048 -keyout domain.key -out domain.csr -passout pass:<csr-passphrase> -subj "/C=DE/ST=BW/L=Nuremberg/O=SUSE"
4942
----
5043

5144
Before you can sign the CSR, you need to add the DNS names of your Kuberntes Services to the CSR.
@@ -65,7 +58,7 @@ You can now use the previously created files _rootCA.key_ and _rootCA.crt_ with
6558
The example below shows how to do that by passing the extension file (here called _domain.ext_):
6659
[source, bash]
6760
----
68-
$ openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in domain.csr -out server.pem -days 365 -CAcreateserial -extfile domain.ext -passin pass:<ca-passphrase>
61+
openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in domain.csr -out server.pem -days 365 -CAcreateserial -extfile domain.ext -passin pass:<ca-passphrase>
6962
----
7063

7164
This creates a file called _server.pem_, which is the certificate to be used for your application.
@@ -75,15 +68,15 @@ Your _domain.key_ is still encrypted at this point, but the application requires
7568
To decrypt it, run the provided command, which will generate the _server.key_.
7669
[source, bash]
7770
----
78-
$ openssl rsa -passin pass:<csr-passphrase> -in domain.key -out server.key
71+
openssl rsa -passin pass:<csr-passphrase> -in domain.key -out server.key
7972
----
8073

8174
Some applications (like Redis) require a full certificate chain to operate.
8275
To get a full certificate chain, link the generated file _server.pem_ with the file _rootCA.crt_ as follows:
8376

8477
[source, bash]
8578
----
86-
$ cat server.pem rootCA.crt > chained.pem
79+
cat server.pem rootCA.crt > chained.pem
8780
----
8881

8982
# end::self-signed-certificates[]
@@ -96,7 +89,7 @@ For an example of uploading your certificates to Kubernetes, see the following e
9689

9790
[source, bash]
9891
----
99-
$ kubectl -n <namespace> create secret generic <certName> --from-file=./root.pem --from-file=./server.pem --from-file=./server.key
92+
kubectl -n <namespace> create secret generic <certName> --from-file=./root.pem --from-file=./server.pem --from-file=./server.key
10093
----
10194

10295
NOTE: All applications are expecting to have the secret to be used in the same namespace as the application.
@@ -174,10 +167,10 @@ spec:
174167
Apply the yaml file to your kubernetes cluster.
175168
[source, bash]
176169
----
177-
$ kubectl apply -f selfsigned-issuer.yaml
178-
$ kubectl apply -f my-ca-cert.yaml
179-
$ kubectl apply -f my-ca-issuer.yaml
180-
$ kubectl apply -f application-name-certificate.yaml
170+
kubectl apply -f selfsigned-issuer.yaml
171+
kubectl apply -f my-ca-cert.yaml
172+
kubectl apply -f my-ca-issuer.yaml
173+
kubectl apply -f application-name-certificate.yaml
181174
----
182175
183176
When you deploy your applications via Helm Charts, you can use the generated certificate.

adoc/SAP-EIC-Harvester-main.adoc

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ It will guide you through the steps of:
3535
* Deploying mandatory components for {eic}
3636
// * Deploying {eic} into your {rke}
3737

38-
include::SAP-EIC-General.adoc[tags=disclaimer-EIC-sizing;disclaimer-annotation]
38+
include::SAP-EIC-General.adoc[tags=disclaimer-EIC-sizing]
3939

4040
++++
4141
<?pdfpagebreak?>
@@ -110,6 +110,10 @@ While the VMs for the {rancher} cluster must be created directly in {harvester},
110110
The {eic} will need to run in a dedicated Kubernetes cluster.
111111
For an HA setup of this cluster, we recommend using three Kubernetes control planes and three Kubernetes worker nodes.
112112

113+
++++
114+
<?pdfpagebreak?>
115+
++++
116+
113117
For a graphical overview of what is needed, take a look at the landscape overview:
114118

115119
image::SAP-EIC-Harvester-Architecture.svg[title=Architecture EIC Cluster,scaledwidth=99%,opts=inline,Embedded]
@@ -121,6 +125,7 @@ image::SAP-EIC-Harvester-Architecture.svg[title=Architecture EIC Cluster,scaledw
121125

122126
We will use this graphic overview in the guide to illustrate what the next step is and what it is for.
123127

128+
NOTE: If you want to test upgrades of {harvester}, we recommend setting up an additional {harvester} cluster and seperate the production {eic} instances from the development and test instances.
124129

125130
Starting with installing {harvester}, we will walk you through all the steps you need to take to get a fully set-up Kubernetes landscape for deploying {eic}.
126131

adoc/SAP-EIC-ImagePullSecrets.adoc

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,9 @@ Using `kubectl` to create the imagePullSecret is quite easy.
1515
Get your user name and your access token for the {rac}.
1616
Then run:
1717

18+
[source, bash]
1819
----
19-
$ kubectl -n <namespace> create secret docker-registry application-collection --docker-server=dp.apps.rancher.io --docker-username=<yourUser> --docker-password=<yourPassword>
20+
kubectl -n <namespace> create secret docker-registry application-collection --docker-server=dp.apps.rancher.io --docker-username=<yourUser> --docker-password=<yourPassword>
2021
----
2122

2223
As secrets are namespace-sensitive, you need to create this for every required namespace.

adoc/SAP-EIC-LoginRegistryApplicationCollection.adoc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ This needs to be done with the Helm client.
1010
To log in to the {rac}, run:
1111
[source, bash]
1212
----
13-
$ helm registry login dp.apps.rancher.io/charts -u <yourUser> -p <your-token>
13+
helm registry login dp.apps.rancher.io/charts -u <yourUser> -p <your-token>
1414
----
1515

1616
end::general-login[]

adoc/SAP-EIC-Main.adoc

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ It will guide you through the steps of:
2020
* Deploying mandatory components for {eic}
2121
// * Deploying {eic} into your {rke}
2222

23-
include::SAP-EIC-General.adoc[tags=disclaimer-EIC-sizing;disclaimer-annotation]
23+
include::SAP-EIC-General.adoc[tags=disclaimer-EIC-sizing]
2424

2525
++++
2626
<?pdfpagebreak?>
@@ -35,7 +35,7 @@ The support matrix below shows which versions of the given software we will use
3535
|Product | Version
3636

3737
|{slem} | {slem_version}
38-
|{rke} | 1.28
38+
|{rke} | 1.31
3939
|{rancher} | {rancher_version}
4040
|{lh} | {lh_version}
4141
|{cm} | {cm_version}
@@ -174,7 +174,7 @@ You must log in to {rac}. This can be done as follows:
174174

175175
[source, bash]
176176
----
177-
$ helm registry login dp.apps.rancher.io/charts -u <yourUser> -p <your-token>
177+
helm registry login dp.apps.rancher.io/charts -u <yourUser> -p <your-token>
178178
----
179179

180180

adoc/SAP-EIC-Metallb.adoc

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,10 @@ Make sure to have one IP address available for configuring {metallb}.
1616

1717
Before you can deploy {metallb} from {rac}, you need to create the namespace and an imagePullSecret.
1818
To create the related namespace, run:
19+
20+
[source, bash]
1921
----
20-
$ kubectl create namespace metallb
22+
kubectl create namespace metallb
2123
----
2224

2325
[#metalIPS]
@@ -41,7 +43,7 @@ imagePullSecrets:
4143
Then install the metallb application.
4244
[source, bash]
4345
----
44-
$ helm install metallb oci://dp.apps.rancher.io/charts/metallb \
46+
helm install metallb oci://dp.apps.rancher.io/charts/metallb \
4547
-f values.yaml \
4648
--namespace=metallb \
4749
--version 0.14.7
@@ -58,7 +60,7 @@ $ helm install metallb oci://dp.apps.rancher.io/charts/metallb \
5860
Create the configuration files for the {metallb} IP address pool:
5961
[source,bash]
6062
----
61-
$ cat <<EOF >iprange.yaml
63+
cat <<EOF >iprange.yaml
6264
apiVersion: metallb.io/v1beta1
6365
kind: IPAddressPool
6466
metadata:
@@ -73,7 +75,7 @@ EOF
7375
Create the layer 2 network advertisement:
7476
[source,bash]
7577
----
76-
$ cat <<EOF > l2advertisement.yaml
78+
cat <<EOF > l2advertisement.yaml
7779
apiVersion: metallb.io/v1beta1
7880
kind: L2Advertisement
7981
metadata:
@@ -86,6 +88,6 @@ Apply the configuration:
8688

8789
[source,bash]
8890
----
89-
$ kubectl apply -f iprange.yaml
90-
$ kubectl apply -f l2advertisement.yaml
91+
kubectl apply -f iprange.yaml
92+
kubectl apply -f l2advertisement.yaml
9193
----

adoc/SAP-EIC-PostgreSQL.adoc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ The {pg} chart can be found at https://apps.rancher.io/applications/postgresql.
2222
First, create a namespace and the *imagePullSecret* for installing the {pg} database onto the cluster.
2323
[source, bash, subs="attributes"]
2424
----
25-
$ kubectl create namespace {pg_app_name}
25+
kubectl create namespace {pg_app_name}
2626
----
2727

2828
[#pgIPS]
@@ -89,7 +89,7 @@ podSecurityContext:
8989
To install the application, run:
9090
[source, bash, subs="attributes"]
9191
----
92-
$ helm install {pg_app_name} oci://dp.apps.rancher.io/charts/{pg_app_name} -f values.yaml --namespace={pg_app_name}
92+
helm install {pg_app_name} oci://dp.apps.rancher.io/charts/{pg_app_name} -f values.yaml --namespace={pg_app_name}
9393
----
9494

9595

adoc/SAP-EIC-Redis.adoc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ To create the namespace, run:
2929

3030
[source, bash, subs="attributes"]
3131
----
32-
$ kubectl create namespace {app_name}
32+
kubectl create namespace {app_name}
3333
----
3434

3535
[#redisIPS]
@@ -80,7 +80,7 @@ tls:
8080
To install the application, run:
8181
[source, bash, subs="attributes"]
8282
----
83-
$ helm install {app_name} oci://dp.apps.rancher.io/charts/{app_name} \
83+
helm install {app_name} oci://dp.apps.rancher.io/charts/{app_name} \
8484
-f values.yaml \
8585
--namespace={app_name}
8686
----

adoc/SAP-EIC-SLEMicro.adoc

Lines changed: 18 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -28,11 +28,13 @@ For information that goes beyond the scope of this section, refer to the inline
2828
To register {slem} with SUSE Customer Center, run `transactional-update register` as follows:
2929
[source, bash]
3030
----
31-
$ transactional-update register -r REGISTRATION_CODE -e EMAIL_ADDRESS
31+
sudo transactional-update register -r REGISTRATION_CODE -e EMAIL_ADDRESS
3232
----
3333
To register with a local registration server, additionally specify the URL to the server:
34+
35+
[source, bash]
3436
----
35-
$ transactional-update register -r REGISTRATION_CODE -e EMAIL_ADDRESS \
37+
sudo transactional-update register -r REGISTRATION_CODE -e EMAIL_ADDRESS \
3638
--url "https://suse_register.example.com/"
3739
----
3840
Do not forget to replace
@@ -47,8 +49,10 @@ Find more information about registering your system in the {slem} {slem_version}
4749
=== Updating your system
4850

4951
Log in to the system. After your system is registered, you can update it with the `transactional-update` command.
52+
53+
[source, bash]
5054
----
51-
$ transactional-update
55+
sudo transactional-update
5256
----
5357

5458
=== Disabling automatic reboot
@@ -58,7 +62,7 @@ Disable it with the following command:
5862

5963
[source, bash]
6064
----
61-
$ systemctl --now disable transactional-update.timer
65+
sudo systemctl --now disable transactional-update.timer
6266
----
6367

6468
=== Preparing for {lh}
@@ -69,20 +73,20 @@ The size of the second disk will depend on your use case.
6973
Install some packages as a requirement for {lh} and Logical Volume Management for adding a file system to {lh}.
7074
[source, bash]
7175
----
72-
$ transactional-update pkg install lvm2 jq nfs-client cryptsetup open-iscsi
76+
sudo transactional-update pkg install lvm2 jq nfs-client cryptsetup open-iscsi
7377
----
7478

7579
After the required packages are installed, you need to reboot your machine.
7680
[source, bash]
7781
----
78-
$ reboot
82+
sudo reboot
7983
----
8084

8185
Now you can enable the `iscsid` server.
8286

8387
[source, bash]
8488
----
85-
$ systemctl enable iscsid --now
89+
sudo systemctl enable iscsid --now
8690
----
8791

8892
==== Creating file system for {lh}
@@ -92,42 +96,42 @@ The next step is to create a new logical volume with the Logical Volume Manageme
9296
First, you need to create a new physical volume. In our case, the second disk is called _vdb_. Use this as {lh} volume.
9397
[source, bash]
9498
----
95-
$ pvcreate /dev/vdb
99+
sudo pvcreate /dev/vdb
96100
----
97101

98102
After the physical volume is created, create a volume group called _vgdata_:
99103
[source, bash]
100104
----
101-
$ vgcreate vgdata /dev/vdb
105+
sudo vgcreate vgdata /dev/vdb
102106
----
103107

104108
Now create the logical volume; use 100% of the disk.
105109
[source, bash]
106110
----
107-
$ lvcreate -n lvlonghorn -l100%FREE vgdata
111+
sudo lvcreate -n lvlonghorn -l100%FREE vgdata
108112
----
109113

110114
On the logical volume, create the XFS file system. You do not need to create a partion on top of it.
111115
[source, bash]
112116
----
113-
$ mkfs.xfs /dev/vgdata/lvlonghorn
117+
sudo mkfs.xfs /dev/vgdata/lvlonghorn
114118
----
115119

116120
Before you can mount the device, you need to create the directory structure.
117121
[source, bash]
118122
----
119-
$ mkdir -p /var/lib/longhorn
123+
sudo mkdir -p /var/lib/longhorn
120124
----
121125

122126
Add an entry to _fstab_ to ensure that the mount of the file system is persistent:
123127
[source, bash]
124128
----
125-
$ echo -e "/dev/vgdata/lvlonghorn /var/lib/longhorn xfs defaults 0 0" >> /etc/fstab
129+
sudo echo -e "/dev/vgdata/lvlonghorn /var/lib/longhorn xfs defaults 0 0" >> /etc/fstab
126130
----
127131

128132
Finally, you can mount the file system as follows:
129133
[source, bash]
130134
----
131-
$ mount -a
135+
sudo mount -a
132136
----
133137

adoc/SAP-EIC-Variables.adoc

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
:sles4sap: SUSE Linux Enterprise Server for SAP applications
33
:slm: SUSE Linux Micro
44
:slem: SUSE Linux Enterprise Micro
5-
:slem_version: 5.4
5+
:slem_version: 6.0
66
:sles_version: 15 SP5
77

88

99
:sle_ha: SUSE Linux Enterprise High Availability
1010
:lh: Longhorn
11-
:lh_version: 1.5.5
11+
:lh_version: 1.7.2
1212
:rancher: SUSE Rancher Prime
13-
:rancher_version: 2.8.3
13+
:rancher_version: 2.10.1
1414
:rancher4SAP: Rancher for SAP applications
1515
:rke: Rancher Kubernetes Engine 2
1616
:rac: Rancher Application Collection

0 commit comments

Comments
 (0)