Checklists for Integration of Services

8 Checklists for Integration of Services

This chapter provides a checklist of integrating the services.

The checklists include the following variables:

<topology-project>: Refers to the Kubernetes namespace on which the UTIA service is running.
<topology-instance>: Refers to the instance name of the UTIA service running on<topology-project> namespace.
<messaging-project>: Refers to the Kubernetes namespace on which Message Bus service is running.
<messaging-instance>: Refers to the instance name of Message Bus running on <messaging-project> namespace.
<oam-domain-name>: Refers to the OAM domain name of Common Authentication.
<oam-host-suffix>: Refers to the host suffix of Common Authentication.
<loadbalancerport>: Refers to the port of loadbalancer configured. If you use Oracle Cloud Infrastructure LBaaS, or any other external load balancer, if TLS is enabled set loadbalancerport to 443. Otherwise, set loadbalancerport to 80. If there is no external loadbalancer configured for the instance, change the value of loadbalancerport to the default Traefik NodePort. If TLS is enabled on Unified Topology Traefik NodePort is 30443 and if TLS is disabled, is 30305.
<loadbalancerhost>: Refers to the host of loadbalancer configured. If you use Oracle Cloud Infrastructure LBaaS, or any other external load balancer, update the value for loadbalancerhost appropriately. If there is no external loadbalancer configured for the instance change the value of loadbalancerhost to the worker node IP/ Kubernetes cluster IP.
<hostSuffix> : Refers to the host suffix configured using applications.yaml file. The default is: uim.org.

Use the following checklist for integrating UIM cloud native instance, Message Bus, and UTIA:

Table 8-1 Checklist for UIM cloud native instance, Message Bus, and UTIA

Source Application	SSL Enablement	Deployment Configuration	Application Properties
UIM CN	See Setting Up Secure Communication with SSL in UIM Cloud Native Deployment Guide.	See Enabling OAM Authentication in UIM Cloud Native Deployment Guide	For communications between applications on the same Kubernetes cluster provide internal Kubernetes service details. Configure the Message Bus and UTIA settings. See UIM System Administrator’s Guide for more information. $UIM_CNTK/charts/uim/custom-config.properties UIM CN to Message Bus service settings bootstrap.server.url=<messaging-project>-<messaging-instance>-messaging-kafka-bootstrap.<messaging-project>.svc.cluster.local:9092 #Set below properties to pass Authentication service details kafka.client.isOAuth=true kafka.client.oauth.token.endpoint.uri=https://<oam-instance>.<oam-project>.ohs.<oam-host-suffix>:<loadbalancerport>/oauth2/rest/token kafka.client.oauth.client.id= <oauth-client-id> kafka.client.oauth.client.secret= <oauth-client-secret> #Internal commmunications between kubernetes services is non-ssl. Set kafka.client.isTLs to false. kafka.client.isTLs=false UIM CN to Unified Topology API settings disableTopology=false microServiceEnabled=true For Same Namespace: microServiceUrl=http://<topology-project>-<topologyinstance>-unified-topology-api:8080/topology/v2/ For Different Namespace : microServiceUrl=http://<topology-project>-<topologyinstance>-unified-topology-api.<namespace>.svc.cluster.local:8080/topology/v2/ UIM CN to Unified Topology UI settings uim.rest.filter.CORSAllowedOrigin=https://<topology-instance>.<topology-project>.topology.<hostSuffix>:<loadbalancerport> topology.ui.host= https://<topology-instance>.<topology-project>.topology.<hostSuffix> topology.ui.port= <loadbalancerport> topology.ui.path=/apps/unified-topology-ui
Message Bus	N/A	See Enable Authentication on Kafka Cluster from "Configuring Authentication"	N/A
Topology API or UI	"Setting up Secure Communication using TLS"	"Creating Secrets" "Configuring the applications.yaml File" "Creating a Client"	"Integrate Unified Topology Service with Message Bus Service"

Source Application

SSL Enablement

Deployment Configuration

Application Properties

UIM CN

See Setting Up Secure Communication with SSL in UIM Cloud Native Deployment Guide.

See Enabling OAM Authentication in UIM Cloud Native Deployment Guide

For communications between applications on the same Kubernetes cluster provide internal Kubernetes service details.

Configure the Message Bus and UTIA settings.

See UIM System Administrator’s Guide for more information.

$UIM_CNTK/charts/uim/custom-config.properties

UIM CN to Message Bus service settings

bootstrap.server.url=<messaging-project>-<messaging-instance>-messaging-kafka-bootstrap.<messaging-project>.svc.cluster.local:9092

#Set below properties to pass Authentication service details

kafka.client.isOAuth=true

kafka.client.oauth.token.endpoint.uri=https://<oam-instance>.<oam-project>.ohs.<oam-host-suffix>:<loadbalancerport>/oauth2/rest/token

kafka.client.oauth.client.id= <oauth-client-id>

kafka.client.oauth.client.secret= <oauth-client-secret>

#Internal commmunications between kubernetes services is non-ssl. Set kafka.client.isTLs to false.

kafka.client.isTLs=false

UIM CN to Unified Topology API settings

disableTopology=false

microServiceEnabled=true

For Same Namespace: microServiceUrl=http://<topology-project>-<topologyinstance>-unified-topology-api:8080/topology/v2/

For Different Namespace : microServiceUrl=http://<topology-project>-<topologyinstance>-unified-topology-api.<namespace>.svc.cluster.local:8080/topology/v2/

UIM CN to Unified Topology UI settings

uim.rest.filter.CORSAllowedOrigin=https://<topology-instance>.<topology-project>.topology.<hostSuffix>:<loadbalancerport>

topology.ui.host= https://<topology-instance>.<topology-project>.topology.<hostSuffix>

topology.ui.port= <loadbalancerport>

topology.ui.path=/apps/unified-topology-ui

Message Bus

N/A

See Enable Authentication on Kafka Cluster from "Configuring Authentication"

N/A

Topology API or UI

"Setting up Secure Communication using TLS"

"Creating Secrets"

"Configuring the applications.yaml File"

"Creating a Client"

"Integrate Unified Topology Service with Message Bus Service"

Use the following checklist for integrating traditional UIM, Message Bus, and UTIA:

Checklist for entries in /etc/hosts for integration:

Authentication service

<loadbalancerIP>  <oam-instance>.<oam-project>.ohs.<oam-host-suffix>

Message service

<loadbalacerIP> <messaging-instance>.<messaging-project>.messaging.bootstrap.uim.org
<loadbalacerIP> <messaging-instance>.<messaging-project>.messaging.broker0.uim.org
<loadbalacerIP> <messaging-instance>.<messaging-project>.messaging.broker1.uim.org

UTIA service

<loadbalancerIP>  <topology-instance>.<topology-project>.topology.<hostSuffix>

Table 8-2 Checklist for UIM, Message Bus, and UTIA

Source Application SSL Enablement Deployment Configuration Application Properties

UIM

N/A

Source Application	SSL Enablement	Deployment Configuration	Application Properties
UIM	N/A	For enabling OAM authentication on UIM On Premise instance, see Setting Up Unified Inventory Management for Single Sign-On Authentication section in UIM Installation Guide.	UIM on-prem to Message Bus settings Provide ingress bootstrap server details as UIM traditional instance is outside of kubernetes cluster. External access is TLS enabled bootstrap.server.url=<messaging-instance>.<messaging-project>.messaging.bootstrap.uim.org:<loadbalancerport> #set below properties to pass Authentication service details kafka.client.isOAuth=true kafka.client.oauth.token.endpoint.uri=https://<oam-instance>.<oam-project>.ohs.<oam-host-suffix>:<loadbalancerport>/oauth2/rest/token kafka.client.oauth.client.id=<oauth-client-id> kafka.client.oauth.client.secret=<oauth-client-secret> #External commmunications is ssl enabled, provide truststore details. kafka.client.isTLs=true export messaging bus certificate and add to JAVA_HOME: `$COMMON_CNTK/scripts/export-cluster-cert.sh -p sr -i quick -l . -k ./mb-cert-keystore.jks -a mb-cert keytool -import -alias uim-mb -keystore $JAVA_HOME/jre/lib/security/cacerts -file <certificate-cert-file>` Configure the UTIA settings. See UIM System Administrator’s Guide for more information. UIM on-prem to UTIA API settings #provide Unified Topology API kubernetes service name and port along with endpoint as provided in the sample below. disableTopology=false microServiceEnabled=true microServiceUrl=https://<topology-instance>.<topology- project>.topology.<hostSuffix>:<loadbalancerport>/topology/v2 UIM on-prem to UTIA UI settings uim.rest.filter.CORSAllowedOrigin=https://<topology-instance>.<topology-project>.topology.<hostSuffix>:<loadbalancerport> topology.ui.port=<loadbalancerport> topology.ui.path=/apps/unified-topology-ui
Message Bus	See Message Bus Ingress Listener in "Configuring Message Bus Listeners"	See Enable Authentication on Kafka Cluster from "Configuring Authentication"	N/A
Topology API or UI	"Setting up Secure Communication using TLS"	"Creating Secrets" "Configuring the applications.yaml File" "Creating a Client"	"Integrate Unified Topology Service with Message Bus Service"

For enabling OAM authentication on UIM On Premise instance, see Setting Up Unified Inventory Management for Single Sign-On Authentication section in UIM Installation Guide.

UIM on-prem to Message Bus settings

Provide ingress bootstrap server details as UIM traditional instance is outside of kubernetes cluster. External access is TLS enabled

bootstrap.server.url=<messaging-instance>.<messaging-project>.messaging.bootstrap.uim.org:<loadbalancerport>

#set below properties to pass Authentication service details kafka.client.isOAuth=true

kafka.client.oauth.token.endpoint.uri=https://<oam-instance>.<oam-project>.ohs.<oam-host-suffix>:<loadbalancerport>/oauth2/rest/token

kafka.client.oauth.client.id=<oauth-client-id>

kafka.client.oauth.client.secret=<oauth-client-secret>

#External commmunications is ssl enabled, provide truststore details.

kafka.client.isTLs=true

export messaging bus certificate and add to JAVA_HOME:

$COMMON_CNTK/scripts/export-cluster-cert.sh -p sr -i quick -l . -k ./mb-cert-keystore.jks -a mb-cert
keytool -import -alias uim-mb -keystore $JAVA_HOME/jre/lib/security/cacerts -file <certificate-cert-file>

Configure the UTIA settings.

See UIM System Administrator’s Guide for more information.

UIM on-prem to UTIA API settings

#provide Unified Topology API kubernetes service name and port along with endpoint as provided in the sample below.

disableTopology=false

microServiceEnabled=true

microServiceUrl=https://<topology-instance>.<topology- project>.topology.<hostSuffix>:<loadbalancerport>/topology/v2

UIM on-prem to UTIA UI settings

uim.rest.filter.CORSAllowedOrigin=https://<topology-instance>.<topology-project>.topology.<hostSuffix>:<loadbalancerport>

topology.ui.port=<loadbalancerport>

topology.ui.path=/apps/unified-topology-ui

Message Bus