R23 Stack16 Transact OpenShift LinuxONE Runbook Customer
R23 Stack16 Transact OpenShift LinuxONE Runbook Customer
on IBM LinuxONE
Customer Runbook
Version 1.1, June 2023
Contents
4 Deploying Transact 11
4.1 Building the Transact container image 11
4.2 Building the Transact Explorer container image 14
4.3 Configuring networking in OpenShift console 16
4.3.1 Configuring the route for Transact Explorer 16
4.3.2 Creating the route for TB Server 17
4.4 Preparing the Transact Helm chart 20
4.5 Installing Transact 24
4.6 Accessing Transact Explorer 25
5 Glossary 27
2 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
1.1 Introduction
This R23 Stack 16 runbook shows how to deploy Transact in Red Hat OpenShift Container Platform (OCP) enabled
on an IBM LinuxONE server. It covers the deployment of Temenos Transact and Transact Explorer, the new browser
offered by Temenos with the R23 release. This runbook is relevant to all post R22 AMR releases up to and
including R23 AMR.
1.2 Legal
© Copyright 2023 Temenos Headquarters SA. All rights reserved.
The information in this guide relates to TEMENOSTM information, products and services. It also includes
information, data and keys developed by other parties.
While all reasonable attempts have been made to ensure accuracy, currency and reliability of the content in this
guide, all information is provided "as is".
There is no guarantee as to the completeness, accuracy, timeliness or the results obtained from the use of this
information. No warranty of any kind is given, expressed or implied, including, but not limited to warranties of
performance, merchantability and fitness for a particular purpose.
In no event will TEMENOS be liable to you or anyone else for any decision made or action taken in reliance on the
information in this document or for any consequential, special or similar damages, even if advised of the possibility
of such damages.
TEMENOS does not accept any responsibility for any errors or omissions, or for the results obtained from the use of
this information. Information obtained from this guide should not be used as a substitute for consultation with
TEMENOS.
References and links to external sites and documentation are provided as a service. TEMENOS is not endorsing any
provider of products or services by facilitating access to these sites or documentation from this guide.
The content of this guide is protected by copyright and trademark law. Apart from fair dealing for the purposes of
private study, research, criticism or review, as permitted under copyright law, no part may be reproduced or reused
for any commercial purposes whatsoever without the prior written permission of the copyright owner. All
trademarks, logos and other marks shown in this guide are the property of their respective owners.
1.3 History
Version Date Change Author
1.0 June 2023 Initial version Jumpstart
1.1 June 2023 Formatting changes and updated Introduction Jumpstart
3 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
1.4 Conventions
Convention Description
Bold typeface Indicates GUI elements that are associated with an action and terms used in the
body of the text or in Glossary (if available).
Italic typeface Indicates placeholder variables and publication titles.
Monospace typeface Indicates the following textual content:
• Commands
• Code blocks and snippets
• Text that you enter (user input)
• URLs
Italicised monospace Code variables
typeface
4 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
2.1 Architecture
This installation and configuration guide shows how to install Temenos Transact and Transact Explorer in a Red Hat
OpenShift cluster. In this deployment exercise, the cluster and database have been provisioned on one LinuxONE
server while the build server (VM) used for managing the cluster and building container images is provisioned on a
separate LinuxONE server.
Temenos Transact
Temenos Transact, TAFJ and Transact Banking (TB) server run in the first container. TB server is an additional
component that has been introduced in R23 AMR. The TB Server API accepts requests in JSON format, sends
them to Transact in XML format and then sends the returned responses back to UI in JSON format. TB Server
supports both the queue and queue-less architectures.
Note:
Starting with the R23 release, a message broker is no longer required to run in the cluster. The architectural
change allows APIs and UI to work without a message broker, however, the broker might be required for
custom integrations. The IRIS/APIs pod is required for running COB in Autoscale mode.
5 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
Transact database
You can use either Oracle Database 12.2.0.x or PostgreSQL 15 as the RDBMS. In this deployment exercise,
PostgreSQL 13.10 was installed on a dedicated VM running on the same LinuxONE hardware as the cluster.
(Version 13.10 was the highest version compiled for RHEL 8 on System Z available in April 2023.)
Transact Explorer
In this deployment exercise, Transact Explorer runs in the second (web) pod. This is the new browser that has
been released as part of R23 AMR and it replaces UXP Browser. Transact Explorer has a modern layout
engine, generates GUI screens faster, and consumes less hardware resources than its predecessors.
OpenShift router
This is an ingress controller with a shared router service that runs as a pod in the OpenShift cluster. An ingress
controller in OpenShift is created on the basis of HAProxy, which is an open source load balancer solution.
• Ingress has features that are like those of an OpenShift route: it accepts external requests and redirects
them based on the chosen route. An Ingress allows only certain types of connections such as HTTP 2,
HTTPS, server name identification, and TLS with certificate.
• Routes on the other hand provide advanced features such as TLS re-encryption or TLS passthrough.
For more information about OpenShift networking, see Understanding networking.
For more information about the differences between the OpenShift route and ingress, see Kubernetes Ingress
vs OpenShift Route.
Build server
This server is used to connect to the OpenShift cluster and manage its resources with the OpenShift and Helm
command-line interfaces.
6 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
TAFJ DEV_202303 TAFJ is embedded in the preimage.tar file in the app preimage kit.
IBM Semeru JDK 8 In this deployment exercise, IBM Semeru JDK 8 was used:
ibm-semeru-open-8-jdk-1.8.0.362.b09_0.36.0-1.s390x.rpm
PostgreSQL 13.10 This was the highest version of PostgreSQL compiled for System Z platform that
was available in April 2023.
7 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
8 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
Procedure
2. Access the installation page: click the question mark icon that is in the upper right corner of the page and
then click Command line tools.
3. To download the oc file for your build server on IBM LinuxONE, click Download oc for Linux for IBM Z.
4. To install the OpenShift CLI on your build server, follow the instructions for your target version and
operating system that are provided in Installing the OpenShift CLI on Linux in OpenShift documentation.
Result:
9 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
Procedure
1. In OpenShift web console, access the Command line tools page and then click Download Helm. This will
take you to a Red Hat public mirror repository.
2. If you are running your build server on IBM LinuxONE, as shown in this guide, select the helm-linux-
s390x package, as this is suitable for the s390x processor architecture used on IBM LinuxONE.
3. Install the Helm CLI by following the steps in Installing Helm in OpenShift documentation.
Result:
Expose the registry externally through a Route by following the steps in Exposing the registry in the OpenShift
Container Platform documentation.
You can retrieve the external/public Route for the OpenShift Registry, which will be used for tagging and pushing
your built Transact container images by running the following command:
oc registry info
Results:
You have configured external access to your internal OpenShift container image registry.
10 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
4 Deploying Transact
To deploy Transact in your OpenShift cluster, you need to build the Transact and Transact Explorer container
images, prepare the Helm chart and configure additional routes.
You do not need to amend the tafj.properties file at this stage because it will be loaded from the Helm
chart into a configmap during Transact installation. You can edit tafj.properties while preparing the Helm
chart.
Procedure
1. Using WinSCP or other FTP client, upload the app preimage kit file preimage-transact-app-pos-
202303.0.0.zip to a directory on your Build Server, for example app-preimagekit.
2. Log in to the Build Server, change to the app-preimagekit directory and extract the preimage-
transact-app-pos-202303.0.0.zip file.
cd /data/r23/app-preimagekit
unzip preimage-transact-app-pos-202303.0.0.zip
a) Using the FTP client, upload the MB.202303.TAFJ202303.bnk.tar.gz file to the app
subdirectory of your application preimage kit.
cd preimage-transact-app-pos-202303.0.0/app
11 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
As a result, multiple directories with Transact libraries are created under the app/bnk directory.
c) Move the directories up one level in the path so that they are directly under the app directory.
cd bnk
mv ESBProjects ..
mv Extensions ..
mv NonESBProjects ..
mv T24_BP ..
mv t24lib ..
mv Transact_L3_Javadoc ..
mv UD ..
4. Upload the tb-server.war file to the deployment_extras subdirectory in your app preimage kit
directory.
https://developer.ibm.com/languages/java/semeru-runtimes/downloads/
b) In the drop-down list at the top of the page, choose Java 8(LTS). The page is reloaded.
c) Scroll down the page to locate the section devoted to the s390x platform, find the link for the
compressed JDK file and download it.
e) Create the tmp subdirectory in your preimage kit directory structure on the Build Server and upload
the JDK installer there.
cd app-preimagekit/preimage-transact-app-pos-202303.0.0
mkdir tmp
f) Open the Dockerfile in an editor of your choice, for example vi, and comment out the existing JDK
installation section:
12 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
#JDK on LinuxONE
ADD /tmp/ibm-semeru-open-8-jdk-1.8.0.362.b09_0.36.0-1.s390x.rpm /tmp
RUN yum -y update ; yum -y install /tmp/ibm-semeru-open-8-jdk-
1.8.0.362.b09_0.36.0-1.s390x.rpm ; yum -y install gettext ; yum install -y
openssl-devel
RUN ln -s /usr/lib/jvm/ibm-semeru-open-8-jdk /usr/lib/jvm/jre
RUN rm /tmp/ibm-semeru-open-8-jdk-1.8.0.362.b09_0.36.0-1.s390x.rpm
From now on, the Docker build will use the Semeru image instead of the standard JDK image.
oc login
oc registry login
Example:
Example:
Result:
You have built the Transact container image and pushed it to the dedicated container image repository.
13 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
Procedure
2. Log in to the build server, change to the web-preimagekit directory and extract the preimage-
transact-web-202303.0.zip file.
cd /data/r23/web-preimagekit
unzip preimage-transact-web-202303.0.zip
https://developer.ibm.com/languages/java/semeru-runtimes/downloads/
b) Create the tmp subdirectory in your preimage kit and upload the Java installer there.
c) Open the Dockerfile in an editor of your choice, for example vi, and comment out the existing JDK
section:
#JDK on LinuxONE
ADD /tmp/ibm-semeru-open-8-jdk-1.8.0.362.b09_0.36.0-1.s390x.rpm /tmp
RUN yum -y update ; yum -y install /tmp/ibm-semeru-open-8-jdk-
14 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
oc login
oc registry login
10. Build the container image by running the following Docker command:
Example:
Example:
Result:
You have built the Transact Explorer container image and pushed it to the dedicated container image repository.
15 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
Procedure
b) Leave the hostname empty – it will be generated. In this example, the following host name has been
generated:
transact-explorer-console-temenos-transact-r23.apps.temenos-
ocp410.private.dal-ebis.ihost.com.
c) Path: enter the Transact Explorer WAR file name without the extension, here transact-
explorer-wa.
16 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
6. Take note of the URL: click the URL under Location. You will later use it to access the Transact Explorer
login page.
Result:
You have created a route for accessing Transact Explorer from public internet.
Procedure
a) Name: tb-server.
b) Hostname – use the same host as in the case of the Transact Explorer route:
transact-explorer-console-temenos-transact-r23.apps.temenos-
ocp410.private.dal-ebis.ihost.com.
c) Path: /tb-server.
17 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
d) From the drop-down list, choose the target port, here 8080.
6. Optional: Check that you can access TB Server APIs - access the following URL in your web browser:
http://host_name/tb-server/api/v1.0.0/meta/apis
Example:
http://transact-explorer-console-temenos-transact-r23.apps.temenos-
ocp410.private.dal-ebis.ihost.com/tb-server/api/v1.0.0/meta/apis
18 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
Result:
You have configured the ingress and a route that enable Transact Explorer calls to reach the TB server APIs from
your web browser.
19 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
Upload the compressed Helm chart package to a directory of your choice on your Build Server and extract the files
from the package. In this deployment exercise, the Helm package was stored in the /data/r23/helm directory
on the Build Server.
Log in to your Build Server and edit several files of your Helm chart using an editor of your choice, for example vi.
Procedure
serviceAccountName: transact-scc
b) Disable the installer so that it does not bind SCC to the OpenShift service account – set
bindSccToSa to false in values.yaml.
installer:
addWildFlyUserOnPodStart: false
manualAmqBroker: false
amqVersionOnPPC: true
bindSccToSa: false
Note:
You disable the creation of the Service Account and the associated Security Context Constraint
configuration so that the deployment can be run without the need for OpenShift cluster admin
privileges. This means that a cluster administrator will, as a pre-requisite, need to create this
Service Account in the target namespace/project and add/assign the anyuid Security
Context Constraint to it.
{{- if .Values.installer.bindSccToSa }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccountName }}
namespace: {{ .Values.namespace }}
{{- end }}
namespace: temenos-transact-r23
20 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
image:
pullPolicy: Always
pullSecret: ""
registry: image-registry.openshift-image-registry.svc:5000/temenos-
transact-r23
app:
repository: transact-app
tag: "2303-0.1"
web:
repository: transact-web
tag: "2303-0.1"
• Database name
database:
# Database Type: AzureSQL or NuoDB
type: PostgreSQL
user: t24
password: t24
#EDB Postgresql Host
connectionstring:
jdbc:postgresql://172.29.150.166:5432/r23db03?idle_in_transaction_session
_timeout=2000&tcpKeepAlive=true&cleanupSavepoints=true
database: r23db02
host: 172.29.150.XXX
port: 5432
b) Amend the _helpers.tpl file so that the URL can have the three required parameters.
• idle_in_transaction_session_timeout=2000
• tcpKeepAlive=true
21 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
• cleanupSavepoints=true
{{- if eq .Values.database.type "PostgreSQL" }}
{{- "jdbc:postgresql://" }}
{{- .Values.database.host }}{{ ":" }}{{ .Values.database.port | default 5432
}}{{ "/" }}
{{- .Values.database.database | default "transact" -}}{{ "?" }}
{{-
"idle_in_transaction_session_timeout=2000&tcpKeepAlive=true&cleanupSavepoints
=true" }}
{{- end }}
{{- end }}
5. Specify hardware requests and limits in values.yaml. Ensure that the application server has the
prerequisite amount of RAM and number of processors available:
requests:
app:
cpu: "3"
memory: "7G"
web:
cpu: "1"
memory: "6G"
api:
cpu: "1.5"
memory: "6G"
limits:
app:
cpu: "10"
memory: "12G"
web:
cpu: "1"
memory: "6G"
api:
cpu: "2"
memory: "12G"
jboss:
MDB_POOL_MAX: "16"
DB_POOL_MIN: "200"
DB_POOL_MAX: "1000"
MAX_THREAD_COUNT: "600"
#JMS Connection factory pool size
MAX_POOL_SIZE: "16"
JBOSS_PWD: "admin"
22 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
IDLE_TIMEOUT_VALUE: "1"
- name: MAX_POOL_SIZE
value: {{ .Values.jboss.MAX_POOL_SIZE | quote }}
- name: IDLE_TIMEOUT_VALUE
value: {{ .Values.jboss.IDLE_TIMEOUT_VALUE | quote }}
Note:
You must set the IDLE_TIMEOUT_VALUE parameter to 1, otherwise there might be
problems using Transact Explorer (UI freezing). If this happens, numerous locking, closed
connections and aborted transaction errors will be recorded in Transact logs.
7. Edit the tafj.properties file that is in the resources subdirectory of the Helm chart.
a) Add variables to the database section so that database user name, password and URL are taken
from values.yaml.
temn.tafj.jdbc.url={{.Values.database.connectionstring}}
# Class that describes the specific Driver for a database,
# ex. oracle: oracle.jdbc.driver.OracleDriver
# ex. db2: com.ibm.db2.jcc.DB2Driver
# ex. ms-sql: com.microsoft.sqlserver.jdbc.SQLServerDriver
# ex. H2: org.h2.Driver
# ex. postgresql: org.postgresql.Driver
#
temn.tafj.jdbc.driver=org.postgresql.Driver
temn.tafj.jdbc.username={{.Values.database.user}}
temn.tafj.jdbc.password={{.Values.database.password}}
temn.tafj.locking.mode=DATABASE
Result:
23 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
Procedure
1. Log in to your Build Server and change to the directory where you edited your Transact Helm chart.
cd data/r23/helm
where
instance_name
chart_dir_name
is the name of the directory where you store your Transact Helm chart.
Example:
oc get pod
NAME READY STATUS RESTARTS AGE
transact-tranhc-app-5ff486f477-vnz95 1/1 Running 0 3m2s
transact-tranhc-web-946f44454-pk96n 1/1 Running 0 3m2s
oc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
transact-tranhc-app-svc ClusterIP 172.30.56.169 <none> 8080/TCP 4m24s
transact-tranhc-lb ClusterIP 172.30.146.88 <none> 80/TCP 4m24s
transact-tranhc-svc ClusterIP 172.30.7.96 <none> 8080/TCP 4m24s
Result:
24 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
Procedure
http://lb_external_ip_address/transact-explorer-wa
Example: http://transact-explorer-console-temenos-transact-r23.apps.temenos-ocp410.private.dal-
ebis.ihost.com/transact-explorer-wa
25 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
2. Log in using a valid Transact username and password. After the successful login, the landing page is
displayed.
3. Launch a Transact application, for example SPF S SYSTEM. The application configuration is displayed.
Result:
You have accessed Transact Explorer and run a simple command to verify that Transact is running properly.
26 Jumpstart
Stack 16 Red Hat OpenShift on IBM LinuxONE Customer Runbook
5 Glossary
COB
Close of Business (COB) denotes a group of services that are run at the end of banking day, which process all
the financial events of the day in a bank. When COB is run, the Transact date is rolled to the next business
day. Examples of such events include loan schedules, accruals, internal bank accounting and various reports.
COB Autoscale
This Transact feature allows you to run COB with dynamic TSA agent allocation that can be affected by time,
queue depth and job. Elastic scaling of agents allows you to scale up or down agent allocation according to a
bank’s needs so that the COB services can run quickly and efficiently.
27 Jumpstart