Dave Jousma wrote: >Ive successfully stood up Rocket Terminal Emulator(RTE) in a couple >of separate ZCX hosts on z/OS V2.5. I am now trying to get the >clustering feature of RTE to work, but there are specific network >changes in Docker that need to be made to allow separate >containers to communicate that Rocket doesn’t document, probably >because docker experience is expected.
It should be easy assuming you’ve got your z/OS networking set up properly for zCX and have also set up your Docker/OCI container image properly. The redbook provides a big clue on page 99. https://www.redbooks.ibm.com/redbooks/pdfs/sg248457.pdf It provides an example using nginx, a popular HTTP(S) server. The example uses this startup command: docker run -p 8080:80 -d nginx The -p parameter is crucial. In this example it means, “Expose port 8080 to the outside world, and any traffic to/from port 8080 should be directed to/from port 80 within this nginx container image.” So if you’re trying to get two container images (on two different z/OS LPARs, as Dave Crayford suggested) to talk to each other you’d start them up with the -p option and then tell them to talk to each other on the respective external ports you’ve chosen. Hopefully obviously you should pick external ports that aren’t already occupied or reserved for other z/OS uses in that LPAR. Just to rule out various potential issues you could try the nginx example and then see if you can reach that nginx server from the other z/OS LPAR — using curl on z/OS, for example. There’s a curl Docker/OCI container image available on Docker Hub: https://hub.docker.com/r/curlimages/curl If curl running on zCX in LPAR #2 can reach nginx running on zCX in LPAR #1 then you know you’ve got network connectivity. Reverse the spot test (nginx running in zCX LPAR #1, curl running in zCX LPAR #2) to make sure it works in the other direction, too. If you don’t want to pull from Docker Hub you can pull from the IBM Z and LinuxONE Container Registry: https://ibm.github.io/ibm-z-oss-hub/containers/index.html There’s a nginx container image available there, but you’d use something else in place of the curl container image — anything that can test a HTTP connection. The ClefOS or Alpine container image probably includes curl or wget (since they’re common base Linux distribution commands), but that’s a guess. If you’ve verified that curl (or wget) can reach nginx in both directions then you know you’ve at least got HTTP connectivity. It’s still possible to have a firewall blocking some other protocol, so if Rocket Terminal Emulator Web uses something besides HTTP(S) then you’ll cross that bridge if/when you get to it. Then you may need to work on configuring that cross-cluster network connection with security in mind. One way is internal to Rocket Terminal Emulator Web (whatever it uses) to secure the connection. Or you could establish an IPsec/IKEv2 hop between your two z/OS LPARs. Or a hop that uses z/OS AT-TLS at both ends. If it’s on the same machine you could use a HiperSockets/SMC-D hop, although you may still want to use z/OS AT-TLS (with client and server certificate authentication) atop the HiperSocket/SMC-D hop. ————— Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
