Readme File for IBM® Spectrum Symphony 7.3.1 RFE 149006

Readme file for: IBM Spectrum Symphony

Product release: 7.3.1

Fix ID: sym-7.3.1-build600843-ms

Publication date: December 3, 2021

 

This enhancement supports passing the following parameters: labels, capabilities, security options, groups, and hostname to Docker containers in an IBM Spectrum Symphony 7.3.1 cluster.

1.  Scope

Before you install this enhancement to your cluster, note the following requirements:

Operating system

RHEL 6 64-bit

Product version

IBM Spectrum Symphony 7.3.1

2.  Installation

Follow these instructions to download and install this enhancement on Linux management hosts in your cluster.

Package

Name

Description

egocore-3.9.0_x86_64_build600843.tar.gz

soamcore-7.3.1.0_x86_64_build600843.tar.gz

Package for Linux cluster hosts.

 

Installing

a.       Log on to the primary host as the cluster administrator:

> egosh user logon -u Admin

b.       Disable all applications:

> soamcontrol app disable all -f

c.       Stop the SD service:

> egosh service stop SD

d.       Download the egocore-3.9.0_x86_64_build600843.tar.gz and soamcore-7.3.1.0_x86_64_build600843.tar.gz packages to each of your management and compute hosts, for example, to a /symfixes directory.

e.       Run the egoinstallfixes command to install the egocore-3.9.0_x86_64_build600843.tar.gz and soamcore-7.3.1.0_x86_64_build600843.tar.gz files:

> egoinstallfixes /symfixes/egocore-3.9.0_x86_64_build600843.tar.gz

> egoinstallfixes /symfixes/soamcore-7.3.1.0_x86_64_build600843.tar.gz

Important: Running the egoinstallfixes command automatically backs up the current binary files to a fix backup directory. For recovery purposes of the original file, do not delete this backup directory. For more information on using this command, see the egoinstallfixes command reference.

f.        Run the pversions command to verify the installation:

> pversions -b 600843

g.       Start the SD service:

> egosh service start SD

h.       Enable your applications:

> soamcontrol app enable application_name

3.  Configuration and usage

The configuration for the additional Docker parameters will be defined in the application profile’s SSM section as environment variables. The following is the list of new variables.

LABELS

A list of user defined key-value pairs.

HOSTNAME

Can be empty (void) or a valid RFC 1123 hostname.

CAPADD

A list of kernel capabilities to add to the container. For details, see: https://man7.org/linux/man-pages/man7/capabilities.7.html

CAPDROP

A list of kernel capabilities to drop from the container.

SECURITYOPT

A list of string values to customize labels for multi-level security systems (MLS), such as for SELinux support.

LOGCONFIG

Log configuration parameters for the IBM Spectrum Symphony Docker controller. Max-size is the maximum file size in megabytes. Max-file sets the number of backup log files. Level is the logging level, where level 1 shows the least information and level 7 shows the most.

GROUPADD

A list of additional groups that the container process will run as.

Only host network mode is supported by the Docker controller. Note that string pair lists are specified using braces ({}), and string arrays use brackets ([]). During startup, SSM (the IBM Spectrum Symphony session manager) performs only basic prechecking. If the prechecking finds a problem, it will log a warning and not pass this variable to the Docker controller. See the SSM log for warnings with the following format:

2021-08-09 01:52:59.316 GMT WARN [28035:140257140643584] ssm.ssmcore.ARM - The value "{"no-new-privileges"}" specified for SSM_DOCKER_ATTR_HOSTCONFIG_SECURITYOPT is not valid.

If the syntax is incorrect and the precheck did not find the problem, the container will fail to start. Inspect the dockercontroller.log files in the soam/work directory, for more information.

a.     For the application profile enabled for Docker (using the enableDockerForServiceInstance="true" setting in the Consumer section), add the new optional configuration to the SOAM > SSM > OsTypes > OsType > env section:

        <SSM resReq="" shutDownTimeout="300" startUpTimeout="60" workDir="${EGO_SHARED_TOP}/soam/work">

            <osTypes>

                <osType name="all">

                       <env name="SSM_DOCKER_ATTR_LABELS">{"com.example.vendor":"ACME", "com.example.license":"GPL"}</env>

                       <env name="SSM_DOCKER_ATTR_HOSTNAME"></env>

                       <env name="SSM_DOCKER_ATTR_HOSTCONFIG_CAPADD">["SYS_PTRACE", "IPC_LOCK"]</env>

                       <env name="SSM_DOCKER_ATTR_HOSTCONFIG_CAPDROP">["NET_BIND_SERVICE", "SETUID", "SETGID"]</env>

                       <env name="SSM_DOCKER_ATTR_HOSTCONFIG_GROUPADD">["root"]</env>

                       <env name="SSM_DOCKER_ATTR_HOSTCONFIG_SECURITYOPT">["no-new-privileges"]</env>

                       <env name="SSM_DOCKER_CONTROLLER_LOGCONFIG">{"max-size":"100", "max-file":"2", "level":"7"}</env>               

                </osType>

            </osTypes>

 

b.     From the primary host, reregister your Docker applications:

> soamreg profile.xml

4.  Uninstallation 

If required, follow these instructions to uninstall this enhancement on management hosts in your cluster:

a.       Log on to the primary host as the cluster administrator:

> egosh user logon -u Admin

b.       Disable all applications:

> soamcontrol app disable all -f

c.       Stop the SD service:

> egosh service stop SD

d.       Log on to each management and compute host in the cluster and roll back this enhancement:

> egoinstallfixes -r 600843

e.       Start the SD service:

> egosh service start SD

f.        Enable your applications:

> soamcontrol app enable application_name

5.  List of files

egocore-3.9.0_x86_64_build600843.tar.gz

b7b50b0c2188e8178189b4d14462a098

3.9/linux-x86_64/etc/egodocker/libs/pod/dockerclient.py

1f2c1841ade0204a5e5814ce638886be

3.9/linux-x86_64/etc/egodocker/libs/pod/dockercontainers.py

f7c5780461908bf9c6148c24cd2ab56b

3.9/linux-x86_64/etc/egodocker/libs/external/docker/api/container.py

425d628351257fdbe799fde7d3197074

3.9/linux-x86_64/etc/egodocker/libs/external/docker/utils/utils.py

b60ff2b39295b3f8ee7b402ca5ab9180

soamcore-7.3.1.0_x86_64_build600843.tar.gz

7149dbb77fdc0ee9229deffaaebd5c90

soam/7.3.1/linux-x86_64/etc/ssm

69772b8adc3ec34c2b32867a5b7fce7e

soam/7.3.1/linux-x86_64/etc/sim

0fff90e1c44b95a475ba1581509712bc

6.  Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.  

7.  Copyright and trademark information

© Copyright IBM Corporation 2021

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.