Deploying HCL Commerce Version 9 on Kubernetes

This sample solution illustrates how to deploy an HCL Commerce Version 9 environment based on Helm Charts on Kubernetes, or IBM Cloud Private (ICP).

Important:
  • The environment that you create should not be used for a live production site without further consideration toward security hardening, load balancing, ingress routing, and performance tuning. To operate HCL Commerce Version 9.1 in a live production environment, you must commit further time and resources to both performance and security considerations.

    With load balancing and ingress routing specifically, you can configure which services you want to expose externally, and restrict the remaining services within the cluster network. This configuration limits their access from and exposure to the wider Internet.

Before you begin

Starting from Version 9, HCL Commerce has been separated into different application services. These services are running within Docker containers. By leveraging the Kubernetes and Helm Charts based technology, the deployment process for HCL Commerce containers is significantly simplified.

This sample solution is provided as is and is meant to be used as a reference. Learn how you can use Helm Charts to deploy an HCL Commerce runtime system that includes an authoring environment and a live environment. For more information about the servers and interactions between an authoring and live environment, see HCL Commerce runtime environment overview.

To quickly deploy HCL Commerce Version 9 on Kubernetes, it is suggested that you use IBM Cloud Private, which includes all necessary components for deploying HCL Commerce Version 9 on Kubernetes. However, you can also set up all necessary components on Kubernetes manually. Details will be illustrated in the following sections.

Before you customize the source script for your own purposes or even create your own Helm Charts and customize the deployment logic, it is highly recommended that you review the deployment script that is embedded in the sample package while you complete the procedure. This reference solution will not cover the advanced topics regarding how to customize the reference deployment package.

The following topology diagram illustrates the relationship between Kubernetes nodes and other components.
Kubernetes topology diagram
Prerequisites
Before you begin, complete the following prerequisite steps to configure an appropriate environment:
  1. Prepare the hardware. To deploy HCL Commerce Version 9, the minimum hardware requirements are the following:
    Table 1.
    Node type Quantity Requirement per node
    Master node 1 4 CPU; 8 GB memory
    Subordinate node 2 4 CPU; 8 GB memory
  2. Prepare a Kubernetes environment.
    • If you are going to use ICP, refer to Installing IBM Cloud Private for the detailed steps.
      Note: The tested steps are created based on ICP 2.1.0.3 Cloud Native Edition. If you are using any other ICP versions, this procedure is provided for your reference only.
    • If you are going to start deploying a new Kubernetes environment, you need to:
      1. Install Kubernetes version 1.27 to 1.28. For more information, see Creating a single master cluster with kubeadm.
      2. Deploy an Ingress resource for load balancing. Record the IP address of the node on which the ingress-lb is deployed. You will need the IP address later. For more information, see NGINX Ingress Controller for Kubernetes
  3. Prepare the Helm and kubectl clients.
    1. Locate the master node of Kubernetes or ICP. kubectl should be already on this node.
    2. Run the following command to validate both the Kubernetes server and client: 
      #kubectl version
      The following are returned if the Kubernetes server and client are installed successfully: 
      [root@svt100 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"7+", GitVersion:"v1.7.3-11+f747daa02c9ffb", \
GitCommit:"f747daa02c9ffba3fabc9f679b5003b3f7fcb2c0", GitTreeState:"clean", \
BuildDate:"2017-08-28T07:04:45Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.3+icp+ee", \
GitCommit:"5bf8ff102c9cd883604f1902d01745c73b44fe6c", GitTreeState:"clean", \
BuildDate:"2017-12-12T23:16:45Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
      Note: ICP environment has predefined context configuration. The token for the context expires everyday. If you encounter authentication error while you run kubectl or Helm, follow these steps to refresh the token:
      1. Open the ICP admin portal: https://masterNodeIP: 8443/console/
      2. Click admin > Configure client
      3. Execute the following commands in your terminal window, in the environment where kubectl is installed.
        kubectl config set-cluster mycluster.icp --server=https://9.112.226.101:8001 --insecure-
kubectl config set-context mycluster.icp-context --cluster=mycluster.icp
kubectl config set-credentials admin --token=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOkJhZG1pt
kubectl config set-context mycluster.icp-context --user=admin --namespace=default
kubectl config use-context mycluster.icp-context
    3. Download Helm 3.13+ from https://github.com/helm/helm/releases.
    4. Unpack the Helm client with the following command:
      tar –zxvf Helm-vx.x.x-linux-amd64.tgz
    5. Locate the Helm binary in the unpacked directory, and move it to the desired destination:
      mv unpacked-directory/linux-amd64/helm /usr/local/bin/helm
    6. If you are not using IBM Cloud Private, install the Helm server with the following command:
      #helm init
    7. Run the following command to validate both the Helm server and Helm client:
      #helm version
      The following is returned if Helm server and Helm client are installed successfully:
      [root@svt100 ~]# Helm version
Client: &version.Version{SemVer:"v2.6.0", \
GitCommit:"5bc7c619f85d74702e810a8325e0a24f729aa11a", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.6.0", \
GitCommit:"5bc7c619f85d74702e810a8325e0a24f729aa11a", GitTreeState:"clean"}
  4. Download the appropriate Helm Chart package before deployment. HCL Commerce is delivered and refreshed the configurations in a monthly basis. To ensure a success deployment, choose the appropriate Helm Chart package according to your application version.
    Note: Ensure that you deploy the Helm Chart under the default namespace on Kubernetes.
    Table 2.
    Release Helm Chart packages and assets
    9.0.0.0 only WCSV9_HelmChartsDeploy.zip

    Download and extract this ZIP onto the machine that has kubectl and Helm client installed. The ZIP includes the following packages:

    Package Name Purpose
    Vault Deploy Package. To deploy Vault and Consul which used as CA to issue certification to container internal communication and as Configuration Center to store environment related data
    WCSV9Auth Helm Package. To deploy Commerce V9 Auth environment
    WCSV9Live Helm Package. To deploy Commerce V9 Live environment
    init-wcs-1.4.zip

    This image is used as an initial container to control the HCL Commerce Docker container start up sequence. For this sample solution, it is used to demonstrate how to check the Version 9 Docker container status to ensure that they start in the correct order.
    9.0.0.1 to 9.0.1.8 WCSV9_HelmChartsDeploy_advanced.zip

    Download and extract WCSV9_HelmChartsDeploy_Advance.zip onto the machine that has kubectl and Helm client installed. The ZIP includes the following packages:
    Package name Purpose
    Vault Deploy Package. To deploy Vault and Consul which used as CA to issue certification to container internal communication and as Configuration Center to store environment related data.
    WCSV9 Helm Package. To deploy HCL Commerce Version 9 environment (Auth and Live Helm Chart have been integrated).
    SupportContainer_2.0.0.tar.gz

    This image is used as an initial container (init-container) to control the HCL Commerce Docker container startup sequence. For this sample solution, it is used to demonstrate how to check the Version 9 Docker container status to ensure that they start in the correct order.

    9.0.1.9 or higher WCSV9_HelmChartsDeploy_advanced_9019.zip
    Important: This is a sample file, and must be customized to suit your environment.

    Download and extract WCSV9_HelmChartsDeploy_Advance_9019.zip onto the machine that has kubectl and Helm client installed. The ZIP includes the following packages:
    Package name Purpose
    HCL Commerce Version 9.0.1.9 Helm Package. To deploy HCL Commerce Version 9 environment (Auth and Live Helm Chart have been integrated).
    Vault Deploy Package. To deploy Vault and Consul which used as CA to issue certification to container internal communication and as Configuration Center to store environment related data.
    SupportContainer_2.0.0.tar.gz

    This image is used as an initial container (init-container) to control the HCL Commerce Docker container startup sequence. For this sample solution, it is used to demonstrate how to check the Version 9 Docker container status to ensure that they start in the correct order.

    9.0.1.10 or higher commerce-helmchart-9.0.1.10.zip
    Important: This is a sample file, and must be customized to suit your environment.

    Download and extract commerce-helmchart-9.0.1.10.zip onto the machine that has kubectl and Helm client installed. The ZIP includes the following packages:
    Package name Purpose
    HCL Commerce Version 9.0.1.10 Helm Package. To deploy HCL Commerce Version 9 environment (Auth and Live Helm Chart have been integrated).
    Vault Deploy Package. To deploy Vault and Consul which used as CA to issue certification to container internal communication and as Configuration Center to store environment related data.
    SupportContainer_2.0.0.tar.gz

    This image is used as an initial container (init-container) to control the HCL Commerce Docker container startup sequence. For this sample solution, it is used to demonstrate how to check the Version 9 Docker container status to ensure that they start in the correct order.

    9.0.1.11 or higher commerce-helmchart-9.0.1.11.zip
    Important: This is a sample file, and must be customized to suit your environment.

    Download and extract commerce-helmchart-9.0.1.11.zip onto the machine that has kubectl and Helm client installed. The ZIP includes the following packages:
    Package name Purpose
    HCL Commerce Version 9.0.1.11 Helm Package. To deploy HCL Commerce Version 9 environment (Auth and Live Helm Chart have been integrated).
    Vault Deploy Package. To deploy Vault and Consul which used as CA to issue certification to container internal communication and as Configuration Center to store environment related data.
    SupportContainer_2.0.0.tar.gz

    This image is used as an initial container (init-container) to control the HCL Commerce Docker container startup sequence. For this sample solution, it is used to demonstrate how to check the Version 9 Docker container status to ensure that they start in the correct order.

  5. Load the Docker image to your private Docker Repository.
    1. Download the server containers (such as ts-app, search-app, and crs-app) and utility container (ts-utils). For details, see Downloading HCL Commerce software.
    2. Download the init container docker image:
      Note: This image is used as an initial container to control the HCL Commerce Docker container start up sequence. For this sample solution, it is used to demonstrate how to check the Version 9 Docker container status to ensure that they are started in the correct order.
    3. Run the following commands to load the docker images to your private docker repository:
      1. docker load -i docker image tar file. For example:
        docker load -i SupportContainer_2.0.0.tar.gz
      2. docker image tag SOURCE_IMAGE:[:TAG] TARGET_IMAGE[:TAG]. For example:
        docker image tag supportcontainer:2.0.0 \
<repository host name>/commerce/supportcontainer:2.0.0
      3. docker push TARGET_IMAGE[:TAG]. For example:
        docker push repository host name/commerce/supportcontainer:2.0.0
      Note: Ensure that the Docker images in your private Docker Repository can be pulled on all Kubernetes or ICP node.
  6. Because the deployment logic is to talk with a preinstalled Db2 Server for both authoring and live environments, you need to prepare IBM Db2 Server for use with HCL Commerce. It is recommended to set up one database for the authoring environment and one database for the live environment.
    1. Install IBM Db2 Version 11.1.2.2 or higher to serve as your database.
    2. Prepare a database for use with HCL Commerce. You need to use a script to prepare a database for use with HCL Commerce.
    3. Load the HCL Commerce database schema. You need to use DB utility to load the HCL Commerce database schema.
      Note: When you run the initdb_database_sample.bat/sh script, ensure that you also publish the sample data.
    4. Record the following parameters that you have used in step c.
      Important: The parameters will be used in a subsequent step. Make sure you record them.
      1. The plain-text merchant key that is generated when you initialized the database. You will need to encrypt the key later.
      2. The wcsadminPassword. You need this password to access Management Center and access the store front age (the default user is wcsadmin).
      3. The plain-text spiuser password you used to initialize the Db2 instance. You will need to encrypt the password later.
This concludes the prerequisites that are required to deploy an HCL Commerce Version 9 environment.

About this task

Before you start your journey to deploy an HCL Commerce version 9 environment using Helm Chart on top of a Kubernetes-based infrastructure, you should spend some time to get yourself familiar with Kubernetes or IBM Cloud Private (ICP) and HCL Commerce Version 9.

This sample solution illustrates how to deploy an HCL Commerce Version 9 environment based on Helm Charts on Kubernetes (or ICP). Sample code with predefined configurations and internal connections information can further simplify your trial experience. Use this sample as a reference to deploy your own environment on Kubernetes. Note that this article is only for your reference. You need to consider your real-life requirements when you plan and design the production environment.

Procedure

  1. Deploy and initiate the Vault and Consul servers.
    Vault and Consul are used as the Certificate Authority (CA) to issue certificates to containers for internal communication, and as the Configuration Center to store environment related data. For more information, see Environment data structure in Vault.

    The recommended version of Vault is 1.14.4.

    1. Update the WCSV9_HelmChartsDeploy Package/Vault/Vault_consul/env.profile file based on your current system environment. You can define environment related configuration in this file. The following is the mini-scope configure on Vault to support deploying HCL Commerce V9. If you want to use Vault as a configuration center, this is a good starting point.
      Parameter Name Description
      dbHostAuth Authoring environment database IP address.
      dbHostLive Live environment database IP address.
      dbPortAuth Authoring environment database port number. By default, this value is 50001.
      dbPortLive Live environment database port number. By default, this value is 50002.
      dbNameAuth Authoring environment database name.
      dbNameLive Live environment database name.
      dbUserAuth Authoring environment database user name.
      dbUserLive Live environment database user name.
      dbPasswordAuth Authoring environment database user password.
      dbPasswordLive Live environment database user password.
      dbType For HCL Commerce version 9.0.0.4 or higher only: Specify the database type [ db2 | oracle]
      dbaUserAuth Authoring environment database administrator user name.
      dbaUserLive Live environment database administrator user name.
      dbaPasswordAuth Authoring environment database administrator user password.
      dbaPasswordLive Live environment database administrator user password.
      dbPassEncryptAuth Encryption of authoring environment database user password.
      dbPassEncryptLive Encryption of live environment database user password.
      dbaPassEncryptAuth Encryption of authoring environment database administrator user password.
      dbaPassEncryptLive Encryption of live environment database administrator user password.
      internalDomainName The default value is predefined for default namespace. Do not change.
      kube_minion_ip

      Any IP address of a kubernetes or an ICP node.

      One of the Kubernetes Node IP addresses for accessing as NodePort model to call Vault API to do some preliminary data load and Vault security backend creation.
      Note: To generate encrypted database user passwords, use the wcs_encrypt utility.
    2. Run the shell script WCSV9_HelmChartsDeploy Package/Vault/deploy_vault.sh and record the root Vault token from the shell output. You will need the Vault token later.
      Note: Ensure that all the nodes have access to the Internet to pull Consul and Vault images, or Docker loads the Consul and Vault images into all your nodes locally. Otherwise you might be pending on waiting for vault_consul ready while you run deploy_vault.sh.
      You will see a message similar to the following when deploy_vault.sh is run successfully.
      Success! Data written to: selfserve_production_pki/roles/generate-cert
Init Vault and Consul successfully
The Vault token is:  fab5c543-ce02-46d-f304-f1d7559914f2
https://cmcdemoqaauth.hcl.com/lobtools/cmc/ManagementCenter  for cmc
https://store.demoqaauth.hcl.com/wcs/shop/en/aururaesite  for store
...
    3. Validate the deployment with the following steps:
      1. Check logs from the terminal console, and ensure that there is no error. If the deployment is successful, a screen similar to the following is displayed: 
        [root@svt100 Vault]# ./deploy_vault.sh 
Deploying Vault and Consul
configmap "vault" created
deployment "vault.consul" created
service "vault-consul" created
Preparing data for auth in Vault_Consul
waiting for vault_consul ready
waiting for vault_consul ready
kube client 1.7 lower or equal then 1.7
Creating mount point for demo
push dbName to vault
push dbPassword to vault
push dbUser to vault
push dbPort into vault
push dbHost into vault
push domainName into vault internalDomainName
Create a Root Cert
Successfully mounted 'pki' at 'selfserve_production_pki'!
Key 	Value
--- 	-----
certificate 	-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
expiration 	1843450949
issuing_ca 	-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
serial_number	10:39:4a:91:f6:eb:06:9f:a8:91:2f:ef:19:9c:30:1c:64:ec:aa:7a

Success! Data written to: selfserve_production_pki/roles/generate-cert
Init Vault and Consul successfully
The Vault token is: 54dfe06e-ba89-75a7-7304-0b016e9d4c95 
https://cmc.demoqaauth.hcl.com/lobtools/cmc/ManagementCenter for cmc
https://store.demoqaauth.hcl.com/wcs/shop/en/aururaesite for store
      2. Run the following commands to ensure that the populated data exists. Ensure that any parameters configured in env.profile are populated into Vault.
        • Check domainName with the following command: 
          curl -X GET -H "X-Vault-Token:<Vault token>"  
http://<master node IP>:30552/v1/demo/qa/domainName
          The returned message should be similar to the following: 
          {"request_id":"d75060e5-5202-01f4-f2f6-88be433e7546", 
"lease_id":"","renewable":false,"lease_duration":2764800,"data":{"value":"default.svc.cluster.local"},
"wrap_info":null,"warnings":null,"auth":null}
        • Check Auth dbName with the following command: 
          curl -X GET -H "X-Vault-Token:<Vault token>"
http://<master node IP>:30552/v1/demo/qa/auth/dbName
        • Check Live dbName with the following command: 
          curl -X GET -H "X-Vault-Token:<Vault token>" 
http://<master node IP>:30552/v1/demo/qa/live/dbName
      Note: To check other parameters, change the parameter names in the command.
  2. Create SSL certificates for exposed services.
    Note: This step is for HCL Commerce 9.0.0.0 only. If you are deploying HCL Commerce V9.0.0.1 or higher, ignore this step.

    Create certificates to access Management Center and your store over secured ports with the following steps:

    1. Go to the WCSV9_HelmChartsDeploy Package/WCSV9Auth/secret directory and run the following commands: 
      kubectl create secret tls authtls-certificate --key authtls.key --cert authtls.crt 
kubectl create secret generic authtls-dhparam --from-file=authtls_public_key.pem
    2. Go to the WCSV9_HelmChartsDeploy Package/WCSV9Live/secret directory and run the following commands: 
      kubectl create secret tls livetls-certificate –key livetls.key --cert livetls.crt 
kubectl create secret generic livetls-dhparam --from-file=livetls_public_key.pem
  3. Prepare encrypted passwords.
    You will need the encrypted passwords when deploying HCL Commerce.
    The values of the following parameters are to be encrypted in this step:
    • spiuser_name
    • spiuser_password
    • merchantKey

    To encrypt passwords:

    1. Launch the Utility server Docker container with the following command: 
      docker run –d –e LICENSE=accept utilities docker images
    2. Log onto the Utility server Docker container to run HCL Commerce utilities with the following command: 
      docker exec –it utilities container /bin/bash
    3. For 9.0.0.1 or higher, encrypt the SPIUser password with the wcs_encrypt utility: 
      cd /opt/WebSphere/CommerceServer90/bin/
./wcs_encrypt.sh spiuser_password
      Note:
    4. Encrypt the Merchant key with the KeyEncryptionKey by using the wcs_encrypt utility.
      ./wcs_encrypt.sh merchantKey KeyEncryptionKey

      For example:

      ./wcs_encrypt.sh 1a1a1a1a1a1a1a1a2b2b2b2b2b2b2b2b 1234567890abcdef1234567890abcdef
      Note: You can find the KeyEncryptionKey.xml file in the /opt/WebSphere/AppServer/profiles/default/installedApps/localhost/ts.ear/xml/config/ directory.
    5. Encode the spiuser name and spiuser password in Base64 by piping them into the Base64 system utility with the echo system utility:
      echo –n “spiuser_namename:spiuser_password” | base64
  4. Deploy HCL Commerce.
    1. Run the following command to deploy an HCL Commerce authoring environment.
      Version Helm commands
      9.0.0.0
      Note: In 9.0.0.0, spiuser and spiuser passwords are built into the docker image.
       helm install 
--name demoauth
--set Common.Vault_token=vaultToken \
--set Common.Image_repo=Docker_repository \
--set Tsapp.Merchantkey=wc_encrypted_merchantkey \
--set Common.SPIUser_PWD=base64_encrypted spiuser and password \
helm_repo_name/WCSV9Auth --tls
      9.0.0.1 
      helm install 
--name demoauth
--set Common.Vault_token=vaultToken \
--set Common.Image_repo=Docker_repository \
--set Tsapp.Merchantkey=wc_encrypted_merchantkey \
--set Common.SPIUser_PWD_Base64=base64_encrypted spiuser and password \
--set Common.SPIUser_PWD_AES=wc_encrypted_spiuser password \
--set Common.SPIUser_Name=spiuser name \
--set Common.CommerceVersion=9.0.0.1 \
--set Common.OVERRIDE_PRECONFIG=true \
--set Common.Environment_Type=auth \
./WCSV9 --tls
      9.0.0.2 or higher 
      helm install --name demoauth
--set Common.Vault_token=vaultToken \
--set Common.Image_repo=Docker_repository \
--set Tsapp.Merchantkey=wc_encrypted merchantkey \
--set Common.SPIUser_PWD_Base64=base64_encrypted spiuser and password \
--set Common.SPIUser_PWD_AES=wc_encrypted spiuser password \
--set Common.SPIUser_Name=spiuser name \
--set Common.Environment_Type=auth \
./WCSV9 --tls
      Note:
      1. Because TLS is enabled on ICP 2.1.0.3, when running the helm command, the tls parameter is required. If you are using other ICP versions, check whether TLS is enabled to decide whether to keep the tls parameter in the command.
      2. Docker_repository: The Docker host name and library name.
        For example:
        myhost.com/commerce/
      Notes:
      1. The command is separated into multiple lines with a backslash to make it easier to read. Ensure that you delete the backslash ‘\’ at the end of each line and run the command in a single line.
      2. You should have recorded the following values in Step 3:

        – Common.SPIUser_PWD_AES in step 3.4

        – Tsapp.Merchantkey in step 3.5

        – Common.SPIUser_PWD in step 3.6

      3. 3. By default, the docker image tag is 9.0.0. If you want to change the Docker image to other tags such as 9.0.0.1, you can edit HelmCharts package/WCSV9/values.yaml and change the tag value:

        Crsapp:
        Name: crs-app
 Image: crs-app
 Tag: 9.0.0
 Replica: 1
    2. Run the following command to deploy an HCL Commerce live environment.
      Version Helm commands
      9.0.0.0
      Note: In 9.0.0.0 spiuser and spiuser pwd have been built into docker image.
      helm install --name demolive
--set Common.Vault_token=vaultToken \
--set Common.Image_repo=Docker_repository \
--set Tsapp.Merchantkey=ASCII_encrypted merchantkey \
--set Common.SPIUser_PWD=base64_encrypted spiuser and password \
helm_repo_name/WCSV9Live --tls
      9.0.0.1 
      helm install --name demolive
--set Common.Vault_token=vaultToken \
--set Common.Image_repo=Docker_repository \
--set Tsapp.Merchantkey=ASCII_encrypted merchantkey \
--set Common.SPIUser_PWD_Base64=base64_encrypted spiuser and password \
--set Common.SPIUser_PWD_AES= wc_encrypted spiuser password \
--set Common.SPIUser_Name=base64_encrypted spiuser name \
--set Common.CommerceVersion=9.0.0.1 \
--set Common.OVERRIDE_PRECONFIG=true \
--set Common.Environment_Type=live \
./WCSV9 --tls
      9.0.0.2 or higher 
      helm install --name demolive
--set Common.Vault_token=vaultToken \
--set Common.Image_repo=Docker_repository \
--set Tsapp.Merchantkey=wc_encrypted merchantkey \
--set Common.SPIUser_PWD_Base64=base64_encrypted spiuser and password \
--set Common.SPIUser_PWD_AES=wc_encrypted spiuser password \
--set Common.SPIUser_Name=spiuser name \
--set Common.Environment_Type=live \
./WCSV9 --tls

      Notes:

      1. Because TLS is enabled on ICP 2.1.0.3, when running the helm command, the tls parameter is required. If you are using other ICP versions, check whether TLS is enabled to decide whether to keep the tls parameter in the command.

      2. <Docker_repository>: The Docker host name and library name.

      For example:

      myhost.com/commerce/
    3. Run the following command to check the status of the deployment.
      # kubectl get pods
      You may see a screen similar to the following:
      [root@kvm-014545 WCSV9Live]# kiubectl get po
NAME                                              READY         STATUS               RESTARTS    AGE
demoqaauthcrs-app7ff5bcbcc9-4q4cd                 1/1           Running              0           11m
demoqaauthsearch-app-master-787ff67496-vv27c      1/1           Running              0           11m
demoqaauthts-app-7964cbb66f-fjn5x                 1/1           Running              0           11m
demoqaauthts-web-5669674847-9qgsx                 1/1           Running              0           11m
demoqalivecrs-app-7955b77996-cdb6g                0/1           Init:0/1             0           5s
demoqalivesearch-app-repeater-5fb695cb8f-kphst    0/1           Init:0/1             0           5s
demoqalivesearch-app-slave-6c5d44b674-ckl5r       0/1           Init:0/1             0           5s
demoqalivets-app-6bbf669cbf-zm8rn                 0/1           ContainerCreating    0           5s
demoqalivets-web-84d4fc894f-pxw5z                 0/1           Init:0/1             0           5s
vault.consul-db966c8b-r6626                       2/2           Running              0           15m

      You may see the following values in the Status column:

      Running: this container is started.

      Init: 0/1: this container is pending on another container to start.

      You may see the following values in the Ready column:

      0/1: this container is started but the application is not yet ready.

      1/1: this application is ready to use.

      Run the following command to make sure there is no error in the log file:
      #kubectl logs <pod_name> -f
    4. Map the IP address and host names with the following steps:
      1. Locate the Ingress_IP addresses by running the following command: 
        #kubectl get ingress
[root@svt100 ~]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
demoqaauth-ingress cmc.demoqaauth.hcl.com,accelerator.demoqaauth.hcl.com,\
admin.demoqaauth.hcl.com + 4 more... 9.112.226.101 80, 443 1m
demoqalive-ingress cmc.demoqalive.hcl.com,accelerator.demoqalive.hcl.com,\
admin.demoqalive.hcl.com + 5 more... 9.112.226.101 80, 443 20m
      2. Add the following mapping to the host file of the machine that you want to access the store and tools:
        Ingress_IP   cmc.demoqaauth.hcl.com (To access Management Center for HCL Commerce in the authoring environment)
Ingress_IP   cmc.demoqalive.hcl.com (To access Management Center for HCL Commerce in the live environment)
Ingress_IP   accelerator.demoqaauth.hcl.com (To access Commerce Accelerator in the authoring environment)
Ingress_IP   accelerator.demoqalive.hcl.com (To access Commerce Accelerator in the live environment)
Ingress_IP   admin.demoqaauth.hcl.com (To access Administration Console in the authoring environment)
Ingress_IP   admin.demoqalive.hcl.com (To access Administration Console in the live environment)
Ingress_IP   org.demoqaauth.hcl.com (To access Organization Administration Console in the authoring environment)
Ingress_IP   org.demoqalive.hcl.com (To access Organization Administration Console in the live environment)
Ingress_IP   store.demoqaauth.hcl.com (To access the Aurora sample store in the authoring environment)
Ingress_IP   store.demoqalive.hcl.com (To access the Aurora sample store in the live environment)
      3. Add the following mapping to the hosts file of the machine that you want to trigger build index:
        Ingress_IP   tsapp.demoqaauth.hcl.com (To trigger build index)
Ingress_IP   searchrepeater.demoqalive.hcl.com (To trigger search index replication
Ingress_IP   search.demoqaauth.hcl.com (To check build index status)
    5. Build the search index for your store. Perform these steps only when all containers are ready to use. For details, see Building the search index.
      Because the Transaction service is exposed on Ingress, you can build the search index with the HTTPS protocol only:
      1. Send the following REST request (POST) to build the search index:
        Note:

        – The mastercatalogId 10001 is the default ID that is assigned to the Aurora sample store that you published when you initialized the HCL Commerce database.

        – The command is separated into multiple lines with a backslash to make it easier to read. Ensure that you delete the backslash ‘\’ at the end of each line and run the command as a single line. 

        curl -k -u spiuser:plain_text_spiuserPassword -X \
POST https://tsapp.demoqaauth.hcl.com/wcs/resources/admin/index/dataImport/build?masterCatalogId=10001
        You should get a response with a jobStatusId.
      2. Use the jobStatusId and send the following REST request (GET) to check status of the build search index process. Make sure to copy the entire line.
        curl -k -u spiuser:plain_text_spiuserPassword -X \
GET https://search.demoqaauth.hcl.com/search/admin/resources/index/build/status?jobStatusId=<jobstatusId>
        You should see a response similar to the following:
        "status": {
"finishTime": "2017-11-09 08:03:39.825689",
"lastUpdate": "2017-11-09 08:03:39.825689",
"progress": "100%",
"jobStatusId": "8002",
"startTime": "2017-11-09 08:02:36.649198",
"message": "Indexing job started for masterCatalogId:10,001.\r\nIndexing job finished successfully for masterCatalogId:10001.\r\n",
"jobType": "SearchIndex",
"properties": "[localeName=en_CA]",
"status": "0"
    6. Propagate the search index with the following steps. For more information, see Propagating the search index.
      1. Send the following REST request (POST) to replicate the search index to the search repeater:
        Note: The command is separated into multiple lines with a backslash to make it easier to read. Ensure that you delete the backslash ‘\’ at the end of each line and run the command as a single line. 
        curl -k -u spiuser:plain_text_spiuserPassword -X POST \
https://searchrepeater.demoqalive.hcl.com/search/admin/resources/index/replicate

        You should get a response with a jobStatusId.

      2. Use the jobstatusId and send the following REST request (GET) to check the request execution status. Make sure to copy the entire line.
        curl -k -u spiuser:spiuserPassword -X GET \
https://searchrepeater.demoqalive.hcl.com/search/admin/resources/index/replicate/status?jobStatusId=jobStatusID
        If you get a response with {"status: ": 0}, you are done with deploying your HCL Commerce environment.
  5. Verify the deployment of the HCL Commerce environment
    Complete the following steps to verify that you HCL Commerce is deployed successfully:
    1. Ensure that you can log on to Management Center with the following steps:
      1. Go to https://cmc.demoqaauth.hcl.com/lobtools/cmc/ManagementCenter, and login with user name wcsadmin and the password that you used when you load the HCL Commerce database schema. If you forget the password of user wcsadmin, refer to Resetting the wcsadmin to reset the password. user password
      2. Go to https://accelerator.demoqaauth.hcl.com/webapp/wcs/tools/servlet/ToolsLogon?XMLFile=common.mcLogon and log in as user wcsadmin to access Commerce Accelerator.
      3. Go to https://admin.demoqaauth.hcl.com/webapp/wcs/admin/servlet/ToolsLogon?XMLFile=adminconsole.AdminConsoleLogon and log in as user wcsadmin to access Administration Console.
      4. Go to https://org.demoqaauth.hcl.com/webapp/wcs/orgadmin/servlet/ToolsLogon?XMLFile=buyerconsole.BuyAdminConsoleLogon and log in as user wcsadmin to access Organization Administration Console.
    2. Log into the following URL to verify that the Aurora sample store works:

      Authoring: https://store.demoqaauth.hcl.com/wcs/shop/en/auroraesite

      Live: https://store.demoqalive.hcl.com/wcs/shop/en/auroraesite

  6. Troubleshoot the deployment.
    Note: Read the following only when you encounter errors during deployment.
    Issue Solution

    If you see the following error message:

    set DOMAIN_NAME from OS environment parameter.use domain name: 
default.svc.cluster.local.Vault returned errors when trying to generate 
a certificate: [ “no handler for route 
‘selfserve_production_pki/issue/generate-cert'”

    It means your vault PKI was not set correctly so that the PKI on vault was not enabled.

    Fix the errors during deploying deploy_vault.sh and run deploy_vault.sh again.
    Failed to deploy HCL Commerce.

    Perform the following steps:

    1. Get the pod list with the following command: 
      #kubectl get pod
    2. Get the pod detail status with the following command and locate the pod with errors: 
      #kubectl describe <pod_name>
    3. Check the logs of the pod with errors and fix the errors: 
      #kubectl logs <pod_name> -f
    4. Run the following command to get the helm release: 
      helm list
    5. Delete the helm release with the following command: 
      helm delete –purge <helm_release>

      For example:

      helm delete –purge demoauth
    6. Run the helm deployment command again.
    502 or 503 error code is displayed when you access the HCL Commerce V9 environment through Ingress with the dedicated hostname.

    Your ingress version is higher than our tested version. Follow these steps:

    1. In WCSV9/Template/ingress.yaml, update ingress.kubernetes.io/secure-backends: “true” to nginx.ingress.kubernetes.io/secure-backends: “true”.

    2. Delete the annotation configuration in ingress-lb-controller pod by following Enable Ingress Controller to use a new annotation prefix.
References

The following information is for reference only.

Exposed services (Load balance)

The Helm package creates an Ingress record to expose services. The ingress-lb should be deployed as host mode on a dedicated Kubernetes node. In this sample solution, we have exposed all the HCL Commerce tools. To access HCL Commerce tools and services, bind the following domain names with the IP address of the node where Ingress is deployed. By doing this, you can share the same Ingress-lb with different domain names.

The helm chart in this topic will expose the following hostnames:

  • cmc.demoqaauth.hcl.com: To access Management Center in the authoring environment
  • cmc.demoqalive.hcl.com: To access Management Center in the live environment
  • accelerator.demoqaauth.hcl.com: To access Commerce Accelerator in the authoring environment
  • accelerator.demoqalive.hcl.com: To access Commerce Accelerator in the live environment
  • admin.demoqaauth.hcl.com: To access Administration Console in the authoring environment
  • admin.demoqalive.hcl.com: To access Administration Console in the live environment
  • org.demoqaauth.hcl.com: To access Organization Administration Console in the authoring environment
  • org.demoqalive.hcl.com: To access Organization Administration Console in the live environment
  • store.demoqaauth.hcl.com: To access the Aurora sample store in the authoring environment
  • store.demoqalive.hcl.com: To access the Aurora sample store in the live environment
  • tsapp.demoqaauth.hcl.com: To trigger build index
  • searchrepeater.demoqalive.hcl.com: To trigger search index replication
  • search.demoqaauth.hcl.com: To check build index status

For example, after you add the following mapping to the host file:

<Ingress_IP> cmc.demoqaauth.hcl.com

You can access Management Center in the authoring environment with the following URL:

https://cmc.demoqaauth.hcl.com/lobtools/cmc/ManagementCenter

To access services through load balance, ensure to use the HTTPS protocol.

The sample code configures the TLS protocol in Ingress for access to Management Center and your store. Those Ingress configurations are bundled with the Kubernetes Secret through certifications. The common name in the certification matches the domain name that is configured in Ingress.

Internal services (Service discovery and Service register)

The Docker containers deployed by this package leverages Kubernetes Service to implement service discovery and service access.

Internal service enables SSL connection on the HCL Commerce foundation layer. It verifies the request domain name. To simplify SSL configuration, HCL Commerce supports resetting the certification dynamically. Using Vault and Consul is the default solution. Thus, in this package the Vault and Consul deployment packages are also provided.

HCL Commerce requires the environment to be organized in a three level hierarchy (Group /Environment / Environment Type). With this model, you can easily identify one environment. For example, Group=demo Environment=qa Environment Type= auth.

HCL Commerce supports retrieving environment-related configuration values from a remote configuration center, as long as the data is organized with the three-tier model. In this package, we configure each container with this model. All pre-defined environment values will be loaded to Vault when you initialize Vault and Consul with the /HelmChats/Vault/Vault_Consul/vault.sh script.