Paul Bastide

Tips for IBM Cloud and running IBM FHIR Server

Here are my tips/setup for the IBM FHIR. I hope they help you as you setup your environment.

  1. Create a variable to prefix the environment resources and the resource-group name.

The following generates a date that is 14 days in the future, and is in lower case, it’s best to lower case everything in the following case:

EXPIRY_DATE=$(date -j -v +14d +%Y-%b-%d |tr '[:upper:]' '[:lower:]')
echo ${EXPIRY_DATE}

The output is like the following:

2022-mar-07
  1. Install the plugins

When deploying the IBM FHIR Server, you’ll need a few additional plugins than the IBM Cloud default: cloud-object-storage, kubernetes-service, container-registry, cloud-database, event-streams and the infrastructure-service.

ibmcloud plugin repo-plugins -r "IBM Cloud"
ibmcloud plugin install cloud-object-storage -f
ibmcloud plugin install container-service -f
ibmcloud plugin install container-registry -f
ibmcloud plugin install cloud-databases -f
ibmcloud plugin install event-streams -f
ibmcloud plugin install infrastructure-service -f
  1. Login with an API Key (much easier if you use SSO)
API_KEY=$(cat cloudpak.json | jq -r .apiKey)
ibmcloud login --apikey ${API_KEY} -r us-east
  1. As a first step, you can check to see if there are any exisiting resources in the account:
# List the Current Databases
ibmcloud cdb ls --json

# List the Open Shift Cluster
ibmcloud oc cluster ls --json

# List the Open Shift Cluster or the Event Streams
ibmcloud resource service-instances
  1. Check to see if you have an existing resource-group, if no group exists, create one.
if ! ibmcloud resource group cloudpak-testing-${EXPIRY_DATE}
then
    ibmcloud resource group-create 'cloudpak-testing'-${EXPIRY_DATE}
fi
  1. Create a Cloud Object Storage Instance, if it does not exist.
if ! ibmcloud resource service-instance cloudpak-testing-cos-${EXPIRY_DATE}
then
    ibmcloud resource service-instance-create \
        cloudpak-testing-cos-${EXPIRY_DATE} \
        cloud-object-storage standard global \
    -g 'cloudpak-testing'-${EXPIRY_DATE}
    CRN=$(ibmcloud resource service-instance \
        cloudpak-testing-cos-${EXPIRY_DATE} \
        --output JSON | jq -r '.[].crn')
    ibmcloud cos config crn --crn "${CRN}"
    ibmcloud cos create-bucket --bucket \
        "fhir-cloudpak-testing-${EXPIRY_DATE}"
    ibmcloud resource service-key-create \
        test-user-hmac Writer --instance-id "${CRN}" \
        --parameters '{"HMAC":true}'
    ibmcloud resource service-key-create test-user-iam Writer \
        --instance-id "${CRN}" --parameters '{"HMAC":false}'
fi

Note, this creates an IAM and HMAC login user. The IBM FHIR Server team prefers the HMAC as it enables the use of presigned urls.

  1. Create an Event Streams instance, if it does not exist.
if ! ibmcloud resource service-instance cloudpak-testing-es-${EXPIRY_DATE}
then
    ibmcloud resource service-instance-create \
        cloudpak-testing-es-${EXPIRY_DATE} messagehub standard \
        us-east -g 'cloudpak-testing'-${EXPIRY_DATE}
    ibmcloud resource service-key-create service_manager Manager \
        --instance-name cloudpak-testing-es-${EXPIRY_DATE}
    ibmcloud es init -i cloudpak-testing-es-${EXPIRY_DATE}
    ibmcloud es topic-create --name FHIR_AUDIT --partitions 3
    ibmcloud es topic-create --name FHIR_NOTIFICATIONS --partitions 3
fi
  1. Create a Db2 Instance, if it does not exist.
if ! ibmcloud resource service-instance cloudpak-testing-db2-${EXPIRY_DATE}
then
    ibmcloud resource service-instance-create \
        cloudpak-testing-db2-${EXPIRY_DATE} \
        dashdb-for-transactions standard us-east \
        -g 'cloudpak-testing'-${EXPIRY_DATE} -p '{
            "datacenter": "us-south:washington d.c",
            "high_availability": "no",
            "key_protect_instance": "none",
            "key_protect_key": "none",
            "oracle_compatibility": "no",
            "service-endpoints": "public-and-private"
        }'
fi

Note, there are some manual steps to complete the db2 setup.

  1. Create a postgres instance
if ! ibmcloud resource service-instance cloudpak-testing-postgres-${EXPIRY_DATE}
then
    ibmcloud resource service-instance-create \
        cloudpak-testing-postgres-${EXPIRY_DATE} \
        databases-for-postgresql standard us-east \
        -g 'cloudpak-testing'-${EXPIRY_DATE} \
        -p '{"service-endpoints": "public-and-private"}'
fi

Note, there are some manual steps to complete the postgres setup.

  1. Create the OpenShift Cluster. The CRN is from the prior creation of the COS instance.
if [ $(ibmcloud oc cluster ls --provider vpc-gen2 --output json \
        | jq -r .[].name | grep -c cloudpak-testing) = 0 ]
then
    VPC_ID=$(ibmcloud ks vpcs --provider vpc-gen2 --output json \
                | jq -r .[].id)
    SUBNET_ID=$(ibmcloud ks subnets --provider vpc-gen2 \
        --vpc-id ${VPC_ID} --zone us-east-1 --output json \
            | jq -r '.[].id')
    ibmcloud oc cluster create vpc-gen2 \
        --name cloudpak-${EXPIRY_DATE} --flavor bx2.4x16 \
        --version 4.6_openshift \
        --cos-instance ${CRN} \
        --service-subnet 172.21.0.0/16 --pod-subnet 172.17.64.0/18 \
        --workers 3 --zone us-east-1 --vpc-id=${VPC_ID} \
        --subnet-id ${SUBNET_ID}
fi
  1. Once the postgres instance is up, you can create users – fhiradmin and fhirserver:
PG_PASSWORD="$(openssl rand -base64 21| base64 | sed 's|=||g' )>"
echo "Postgres: " ${PG_PASSWORD}
ibmcloud cdb deployment-user-create \
    cloudpak-testing-postgres-${EXPIRY_DATE} fhiradmin 
ibmcloud cdb deployment-user-create \
    cloudpak-testing-postgres-${EXPIRY_DATE} fhirserver
ibmcloud resource service-key-create service_manager \
    --instance-name cloudpak-testing-postgres-${EXPIRY_DATE}
ibmcloud resource service-keys \
    --instance-name cloudpak-testing-postgres-${EXPIRY_DATE} \
    --output json
  1. Using psql, create a fhirserver user for the db:
psql "host=********.databases.appdomain.cloud port=30794 dbname=ibmclouddb user=admin sslmode=verify-full"
    PGPASSWORD=******

Note, if you don’t have psql in your path, use brew install postgres to get it.

  1. Login with the password from the json PGPASSWORD

  2. Run the following SQL to create the fhirserver user.

CREATE USER fhirserver WITH LOGIN encrypted password '*****CHANGE*******';
GRANT CONNECT ON DATABASE ibmclouddb TO fhirserver;
  1. Check the postgres configuration, and save locally:
ibmcloud cdb deployment-connections \
    cloudpak-testing-postgres-${EXPIRY_DATE} --json
  1. Setup the necessary max_connections and max_prepared_transactions for postgres
ibmcloud cdb deployment-configuration \
    cloudpak-testing-postgres-${EXPIRY_DATE} \
    '{"max_connections": 150}'
sleep 2m
ibmcloud cdb deployment-configuration \
    cloudpak-testing-postgres-${EXPIRY_DATE} \ 
    '{"max_prepared_transactions": 150}'
  1. Create the db2 service-key
ibmcloud resource service-key-create service_manager \
    Manager --instance-name cloudpak-testing-db2-${EXPIRY_DATE}
  1. Login and create fhirserver on the https://cloud.ibm.com

Your environment is ready to run the IBM offering for IBM FHIR Server along with the supporting resources.

Posted

in

,

by

Paul

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.