Adding Connector Designer to your deployment
You can add Connector Designer to your existing deployment of i2 Analyze. Connector Designer runs on a container and allows users to create connectors that can be used to access external data sources.
Before you begin
You do not have to install Connector Designer on the same servers as your i2 Analyze deployment, but it must be able to communicate with the Liberty servers in your deployment.
When you install Connector Designer, a load balancer is configured to route traffic to the i2 Analyze deployment and to Connector Designer. Before you start the process, ensure that you have configured the DNS for the load balancer and that you have the required certificates for the load balancer and the Connector Designer server.
For more information about the network and security architecture of Connector Designer, see Connector Designer deployment architecture.
The prerequisites for Connector Designer are as follows:
- x64 Linux
Connector Designer runs on a container and requires the Docker engine to be installed on an x64 Linux system.
- Docker Engine
To install the Docker Engine, see Install Docker Engine.
You can make the Docker engine available through Docker Desktop. Commercial use of Docker Desktop might require a paid subscription, Docker Core Subscriptions.
To add Connector Designer to your deployment, your existing deployment of i2 Analyze must be configured to use TLS when communicating with connectors. For more information, see Client-authenticated Transport Layer Security with the i2 Connect gateway
About this task
The following procedure describes how to add Connector Designer to your existing deployment of i2 Analyze. The process involves installing analyze-deployment-tooling (which is used to install and run Connector Designer), configuring it to connect to your existing deployment, and configuring Connector Designer itself.
You can deploy Connector Designer in a development environment to let users create and test connectors before moving your Connector Designer configuration and connectors into your production environment.
Procedure
Download the analyze-deployment-tooling.tar.gz artifact from analyze-deployment-tooling on GitHub.
Open a terminal.
Navigate to the directory where you copied the downloaded file.
Extract the contents of the downloaded file.
For example, tar -xzf analyze-deployment-tooling.tar.gz.
Navigate to the analyze-deployment-tooling directory.
For example, cd analyze-deployment-tooling.
Download i2 Analyze v4.4.4 Minimal for Linux.
To download i2 Analyze, follow the procedure described in Where can I download the latest i2 Products?
Populate the subject of the form with Request for i2 Analyze 4.4.4 minimal toolkit for Linux.
Rename the i2analyzeMinimal_4.4.4.tar.gz file to i2analyzeMinimal.tar.gz, and then copy it to the analyze-deployment-tooling/pre-reqs directory.
Run the following command to install Connector Designer:
install-connector-designer
When prompted, provide the following information:
The fully qualified domain name (FQDN) for the load balancer. For example, i2.my-organization.
This is the FQDN that users will use to access the i2 Analyze application via the load balancer that is configured as part of installing and running Connector Designer. You must use the common name of the certificate that you are using for the load balancer.
The port for the application on the load balancer. For example, 9443.
The context root of your i2 Analyze application. By default this is opal.
The URLs of the Liberty servers in your i2 Analyze deployment. For example, https://liberty1:9082,https://liberty2:9082.
Accept the license agreement.
Read the notices file in analyze-deployment-tooling/licenses/connector-designer/NOTICES.
If you agree to the terms, open the analyze-deployment-tooling/licenses.conf file, set LIC_AGREEMENT=ACCEPT, and save the file.
To configure the TLS connection between the Connector Designer server and your existing i2 Analyze deployment, you must provide Connector Designer with the CA trust certificate for certificates that are received from Liberty. The certificate must be in PEM format, and the certificate must be in the analyze-deployment-tooling/environment-secrets/generated-secrets/certificates/externalCA/CA.cer file. Overwrite the existing CA.cer file with your certificate.
You must obtain a signed certificate for the server where you are deploying Connector Designer. You must provide the certificate and private key in the environment-secrets/generated-secrets/certificates/i2analyze/server.key and environment-secrets/generated-secrets/certificates/i2analyze/server.cer files. Overwrite the existing server.key and server.cer files with your own.
The following steps must be completed in your i2 Analyze configuration:
Configure JWT authentication.
Copy the jwt-key.p12 and jwt-trust.p12 files from the environment-secrets/generated-secrets/certificates/jwt directory to your i2 Analyze deployment.
Configure Liberty to use JWT tokens to allow authenticated users to access Connector Designer. For more information, see Configuring JWT authentication.
For the jwtKeyStore and jwtTrustStore elements, use the location of the jwt-key.p12 and jwt-trust.p12 files that you copied.
For the jwtKeyStore and jwtTrustStore elements, use the password in the environment-secrets/generated-secrets/certificates/jwt/jwt_PASSWORD file.
For the Issue=<i2-analyze-url> attributes, use the FQDN and port of the load balancer specified when you installed Connector Designer. For example, https://acme:9443.
In the i2 Analyze configuration, specify the Connector Designer configuration endpoint. In an XML editor, open the configuration/environment/topology.xml file and add the following element:
<connector-config-providers> <connector-config-provider url="https://<fqdn>:<port>/connector-designer/api/configuration/connectors"/> </connector-config-providers>
Here, <fqdn> is the FQDN of the load balancer and <port> is the port number that you specified when you installed Connector Designer. For example, https://i2.my-organization:9443.
The system requires an administrator user to be available that can access the i2 Analyze application. The user must have the name adt-admin and be a member of the Administrator group. The password for the user is in the environment-secrets/generated-secrets/simulated-secret-store/adt-admin-password file.
Configure i2 Analyze for connection to Connector Designer:
Edit the i2analyze/deploy/wlp/usr/servers/opal-server/jvm.options file to add the following line:
-DBASIC_AUTH_ENDPOINTS=/api/v1/metrics /api/v1/gateway/reload /api/v1/health/live /api/v1/admin/*
Add the adt-admin user and adt-admin-group to the i2analyze/deploy/wlp/usr/shared/config/user.registry.xml file:
<user name="adt-admin" password="<password>"/> <group name="adt-admin-group"> <member name="adt-admin"/> </group>
Here, <password> is the password in the analyze-deployment-tooling/environment-secrets/generated-secrets/application/admin_PASSWORD file where you installed Connector Designer.
Update the command access control file:
<CommandAccessPermissions UserGroup="adt-admin-group"> <Permission Value="i2:Administrator" /> </CommandAccessPermissions>
After you make these changes, redeploy and restart i2 Analyze. In a command prompt, navigate to the toolkit/scripts directory and run the following commands:
./setup -t deploy ./setup -t start
On the Connector Designer server, run the following command in analyze-deployment-tooling to start Connector Designer:
./scripts/deploy
To access the system, the workstation that you are connecting from must trust the certificate that it receives from the load balancer. If the workstation does not already trust the certificates, install the /environment-secrets/generated-secrets/certificates/externalCA/CA.cer certificate as a trusted root certificate authority in your browser and operating system's certificate stores.
For information about installing the certificate:
In Windows, install certificates with the Microsoft Management Console.
In Firefox, on the Settings page, type View Certificates and click the button. Then, click Import and locate the CA.cer file.
To connect to Connector Designer, log in to your deployment in a web browser at https://<fqdn>:<port_number>/<context_root>. For example, https://i2.my-organization:9443/opal.
Then, navigate to https://<fqdn>:<port_number>/connector-designer/connectors. For example, https://i2.my-organization:9443/connector-designer/connectors.
Important: Connector Designer uses an allowlist to specify the hosts that connectors can connect to. By default, the allowlist is empty. To allow connectors to connect to external data sources, follow the instructions in Configuring data access in Connector Designer.
What to do next
To configure custom authentication methods for connectors to connect to external sources, see Configuring custom functions in Connector Designer.
If you need to change the values that you provided to the installation script, you can re-run it. The script will prompt you to provide the values again.
Other commands that you can run from analyze-deployment-tooling are:
To stop Connector Designer:
./scripts/manage-environment -t stop
To restart Connector Designer:
./scripts/deploy
To repair or update Connector Designer:
./install-connector-designer.sh