Red Hat Training

A Red Hat training course is available for Red Hat Decision Manager

Deploying Red Hat Decision Manager on Red Hat OpenShift Container Platform

Red Hat Decision Manager 7.0

Red Hat Customer Content Services

Abstract

This document describes deploying Red Hat Decision Manager 7.0 in an OpenShift environment.

Preface

As a system administrator, you can deploy and manage Red Hat Decision Manager in an OpenShift environment. The OpenShift platform automates container deployment and management. You can use the templates provided with Decision Manager to deploy it into OpenShift and to scale it as necessary.

Prerequisite

You must have a deployed OpenShift environment. For details, see the documentation for the OpenShift product that you use.

Chapter 1. Overview

If you have an OpenShift environment, you can deploy Red Hat Decision Manager into this environment instead of a regular on-premises deployment.

In this solution, Decision Server is deployed as an OpenShift pod. You can scale the pod up and down, providing as few or as many containers as necessary. You can use all standard OpenShift methods to manage the pod, balance the load, and deploy new versions.

You can also deploy Decision Central on the OpenShift infrastructure together with Decision Server. In this case, you can use Decision Central to manage the Decision Server and to develop new rules.

Alternatively, you can deploy Decision Server without Decision Central. To manage Decision Server in this case, you have several options:

  • Use the source to image (S2I) template and provide a Git repository with the source of your decision service. OpenShift automatically builds the source, installs the decision service into the Decision Server image, and starts the service. You do not need to manage the Decision Server. If you want to use a new version of the decision service, you can build a new image. This option is often preferable for typical integration approaches in a containerized infrastructure.
  • Configure the Decision Server to load the service automatically from a Maven repository.
  • Use an instance of Decision Central, a controller, or the REST API to manage the Decision Server.
Important

All calls to a Decision Server that runs on OpenShift must be stateless. While the server accepts stateful calls, the state might not be saved between calls, because the server can be scaled to multiple containers or might be restarted by OpenShift automatically.

Chapter 2. Preparing to deploy Red Hat Decision Manager in your OpenShift environment

Before deploying Red Hat Decision Manager in your OpenShift environment, you need to complete several preparatory tasks. You do not need to repeat these tasks if you want to deploy additional images, for example, for new versions of decision services or for other decision services.

Prerequisites

  1. Ensure that at least four gigabytes of memory are available in the OpenShift environment.
  2. Create the OpenShift project for the deployment.
  3. Log in to the project using the OpenShift web console and using the oc command.

2.1. Ensuring the availability of image streams

You must ensure that the image streams that are required for the deployment are available in your OpenShift environment. Some versions of the OpenShift environment include the necessary image streams. You must check if they are available. If they are not available, you must install the rhdm70-image-streams.yaml file.

Procedure

  1. Run the following commands: 

    $ oc get imagestreamtag -n openshift | grep rhdm70-decisioncentral-openshift
$ oc get imagestreamtag -n openshift | grep rhdm70-kieserver-openshift

    If the outputs of both commands are not empty, the required image streams are available and no further action is required.

  2. If the output of one or both of the commands is empty, download the rhdm-7.0.1-openshift-templates.zip product deliverable file from the Software Downloads page for Red Hat Decision Manager 7.0. Extract the rhdm70-image-streams.yaml file from it. Complete one of the following actions:

    • Run the following command: 

      $ oc create -f rhdm70-image-streams.yaml
    • Using the OpenShift Web UI, select Add to Project → Import YAML / JSON, then choose the file or paste its contents.

2.2. Creating the secrets for Decision Server

OpenShift uses objects called Secrets to hold sensitive information, such as passwords or keystores. See the Secrets chapter in the OpenShift documentation for more information.

You must create an SSL certificate for Decision Server and provide it to your OpenShift environment as a secret.

Note

You do not need to create the secrets object if you are planning to deploy a Decision Server using source to image (S2I) without support for HTTPS.

Procedure

  1. Generate an SSL keystore with a private and public key for SSL encryption for Decision Server. In a production environment, generate a valid signed certificate that matches the expected URL of the Decision Server. Save the keystore in a file named keystore.jks. Record the name of the certificate and the password of the keystore file.

    See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.

  2. Use the oc command to generate a secret named kieserver-app-secret from the new keystore file: 

    $ oc create secret generic kieserver-app-secret --from-file=keystore.jks

  3. Create a service account named kieserver-service-account: 

    $ oc create serviceaccount kieserver-service-account

  4. Add the secret to the service account: 

    $ oc secret add sa/kieserver-service-account secret/kieserver-app-secret

2.3. Creating the secrets for Decision Central

If you are planning to deploy Decision Central in your OpenShift environment, you must create an SSL certificate for Decision Central and provide it to your OpenShift environment as a secret. Do not use the same certificate and keystore for Decision Central and for Decision Server.

Procedure

  1. Generate an SSL keystore with a private and public key for SSL encryption for Decision Central. In a production environment, generate a valid signed certificate that matches the expected URL of the Decision Central. Save the keystore in a file named keystore.jks. Record the name of the certificate and the password of the keystore file.

    See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.

  2. Use the oc command to generate a secret named decisioncentral-app-secret from the new keystore file: 

    $ oc create secret generic decisioncentral-app-secret --from-file=keystore.jks

  3. Create a service account named decisioncentral-service-account: 

    $ oc create serviceaccount decisioncentral-service-account

  4. Add the secret to the service account: 

    $ oc secret add sa/decisioncentral-service-account secret/decisioncentral-app-secret

Chapter 3. Deploying Red Hat Decision Manager in your OpenShift environment

To deploy Red Hat Decision Manager in your OpenShift environment, use the OpenShift templates that are provided with Red Hat Decision Manager.

Prerequisites

You must complete the preparatory tasks as described in Chapter 2, Preparing to deploy Red Hat Decision Manager in your OpenShift environment.

Note

As an alternative to using the OpenShift web UI, you can use the oc command line tool to deploy the templates and set their parameters. For details, see the documentation for the version of OpenShift in your environment.

3.1. Deploying Decision Central and Decision Server

You can deploy Decision Central on the OpenShift infrastructure together with Decision Server. In this case, you can use Decision Central to manage the Decision Server and to develop new rules.

Procedure

  1. In the OpenShift Web UI, select Add to Project → Browse Catalog, search for decision, and then select the Red Hat Decision Manager 7.0 applications (Persistent with https) template.

    • If this template is not available, download the rhdm-7.0.1-openshift-templates.zip product deliverable file from the Software Downloads page for Red Hat Decision Manager 7.0. Extract the rhdm70-full.yaml file. Select Add to Project → Import YAML / JSON and then select or paste the rhdm70-full.yaml file. In the Add Template window, ensure Process the template is selected and click Continue.

  2. Set the following mandatory parameters:

    • Application Name: The name of the OpenShift application. It is used in the default URLs for Decision Central and Decision Server.
    • Decision Central Server Certificate Name: The name of the certificate in the keystore that you created in Section 2.3, “Creating the secrets for Decision Central”.
    • Decision Central Server Keystore Password: The password for the keystore that you created in Section 2.3, “Creating the secrets for Decision Central”.
    • KIE Server Certificate Name: The name of the certificate in the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”.
    • KIE Server Keystore Password: The password for the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”.
    • KIE Server ID: The name of the server template on the Decision Central that the Decision Server is to join. Set this parameter to any value. If you do not set it and then the Decision Server pod is restarted or scaled, each new instance of the server might join a new template.

    • ImageStream Namespace: The namespace where the image streams are available. If the image streams were already available in your OpenShift environment (see Section 2.1, “Ensuring the availability of image streams”), the namespace is openshift. If you have installed the image streams file, the namespace is the name of the OpenShift project.

      You can also set other parameters as necessary. In particular, you can change the username and password for the Maven repository that is built into Decision Central. Use the Maven repository username and Maven repository password fields.

      ATTENTION: Do not change the Maven repository URL field. If you change it, the Decision Server will work with a different Maven repository, but the Decision Central will still use its own built-in repository. Therefore, the Decision Central will not deploy services to the Decision Server.

  3. Click Create.

3.2. Deploying Decision Server using Source to Image (S2I)

You can deploy Decision Server on the OpenShift infrastructure using Source to Image (S2I). In this case, provide a Git repository with the source of your decision service. OpenShift automatically builds the source, installs the decision service into the Decision Server image, and starts the service. No further management of the image is required. If you want to use a new version of the decision service, you can build a new image. This option is often preferable for typical version management approaches (DevOps) in a containerized infrastructure.

You can deploy Decision Server using S2I with or without support for HTTPS.

Before you begin

Ensure that the complete source code for your decision service is available in a Git repository that the OpenShift server can access. The source code is built using a Maven process, so it must include a pom.xml file.

Procedure

  1. In the OpenShift Web UI, select Add to Project → Browse Catalog, search for decision, and then select the Red Hat Decision Manager Execution Server 7.0 S2I Ephemeral (no https) or Red Hat Decision Manager Execution Server 7.0 S2I (Ephemeral with https) template.

    • If this template is not available, download the rhdm-7.0.1-openshift-templates.zip product deliverable file from the Software Downloads page for Red Hat Decision Manager 7.0. Extract the rhdm70-kieserver-basic-s2i.yaml or rhdm70-kieserver-https-s2i.yaml file. Select Add to Project → Import YAML / JSON and then select or paste the file. In the Add Template window, ensure Process the template is selected and click Continue.

  2. Set the following mandatory parameters:

    • Application Name: The name of the OpenShift application. It is used in the default URLs for Decision Central and Decision Server.
    • KIE Server Certificate Name: The name of the certificate in the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”. Not available if you are configuring a server without HTTPS support.
    • KIE Server Keystore Password: The password for the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”. Not available if you are configuring a server without HTTPS support.
    • KIE Server Container Deployment: The identifying information of the decision service (KJAR file) that is built from your source. The format is: <containerId>=<groupId>:<artifactId>:<version>. You can provide two or more KJAR files using the | separator, for example: containerId=groupId:artifactId:version|c2=g2:a2:v2. The Maven build process must produce all these files from the source in the Git repository.
    • Git Repository URL: The URL for the Git repository that contains the source for your decision service.
    • Git Reference: The branch in the Git repository
    • Context Directory: The path to the source within the project downloaded from the Git repository
    • Artefact Directory: The path within the project that contains the required binary files (KJAR files and any other necessary files) after a successful Maven build. Normally this directory is the target directory of the build. However, you can provide prebuilt binaries in this directory in the Git repository

    • ImageStream Namespace: The namespace where the image streams are available. If the image streams were already available in your OpenShift environment (see Section 2.1, “Ensuring the availability of image streams”), the namespace is openshift. If you have installed the image streams file, the namespace is the name of the OpenShift project.

      You can also set other parameters as necessary. In particular, if the Maven build of your decision service pulls packages from a Maven repository, you can set the URL for a mirror repository and, if necessary, set the username and password to access the mirror repository. In this case, the build process will pull packages from the mirror repository instead of the configured original repository:

      • Maven mirror URL
      • Maven repository username
      • Maven repository password
  3. Click Create.

3.3. Deploying Decision Server without using Source to Image (S2I)

You can deploy Decision Server on the OpenShift infrastructure without Decision Central and without S2I. In this case, Decision Server can pick up a decision service from a Maven repository. You can configure the Decision Server to load a service automatically; alternatively, you can manage the Decision Server using Decision Central, a controller, or the API.

Before you begin

Ensure that the Maven repository for your decision service is available.

If you are planning to use Decision Central or a management console, ensure that it is installed and record its settings for controlling a KIE server.

Procedure

  1. In the OpenShift Web UI, select Add to Project → Browse Catalog, search for decision, and then select the Red Hat Decision Manager Execution Server 7.0 (Ephemeral with https) template.

    • If this template is not available, download the rhdm-7.0.1-openshift-templates.zip product deliverable file from the Software Downloads page for Red Hat Decision Manager 7.0. Extract the rhdm70-kieserver.yaml. Select Add to Project → Import YAML / JSON and then select or paste the rhdm70-kieserver.yaml file. In the Add Template window, ensure Process the template is selected and click Continue.

  2. Set the following mandatory parameters:

    • Application Name: The name of the OpenShift application. It is used in the default URLs for Decision Central and Decision Server.
    • KIE Server Certificate Name: The name of the certificate in the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”.
    • KIE Server Keystore Password: The password for the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”.

    • ImageStream Namespace: The name of the OpenShift project.

      You can also set other parameters as necessary. In particular:

      • If you want to set the Maven repository for retrieving the decision service, set the following parameters to point to the repository:

        • Maven repository URL
        • Maven repository username
        • Maven repository password

      • If you want to configure the Decision Server to load a decision service automatically, set the following parameter:

        • KIE Server Container Deployment: The identifying information of the decision service (KJAR file). The format is: <containerId>=<groupId>:<artifactId>:<version>. You can provide two or more KJAR files using the | separator, for example: containerId=groupId:artifactId:version|c2=g2:a2:v2. The Decision Server pulls the files from the Maven repository.

      • If you want to use Decision Central deployed on the same OpenShift infrastructure to manage the Decision Server, set the following parameter:

        • KIE server controller service: The OpenShift service name for the Decision Central
        • KIE server controller user: a user name for logging onto the Decision Central
        • KIE server controller password: The password for logging onto the Decision Central
        • KIE Server ID: The name of the server template on the Decision Central that this server is to join.

      • If you want to use Decision Central or a controller to manage the Decision Server, set the protocol, host, and port parameters according to the URL that you use to access the web user interface of the Decision Central or according to the configuration of the controller:

        • KIE server controller protocol (http or https)
        • KIE server controller host
        • KIE server controller port
        • KIE server controller user: a user name for logging onto the Decision Central or controller
        • KIE server controller password: The password for logging onto the Decision Central or controller
        • KIE Server ID: The name of the server template on the Decision Central or controller that this server is to join.
  3. Click Create.

Chapter 4. Managing Red Hat Decision Manager on OpenShift

You can scale Decision Server on OpenShift as necessary.

Do not scale Decision Central on OpenShift. If you deploy Decision Central and Decision Server and then scale Decision Server, the Decision Central automatically manages all the copies of Decision Server.

4.1. Updating your decision service

When you want to update to a new version of your decision service, you can either use the existing pod to deploy the new version or create a new pod.

To change the decision service in an existing pod, you must manage the Decision Server using Decision Central, a controller, or the API. In this case, changes are handled the same way as in an on-premise deployment without containers.

If you want to use a typical container application lifecycle, build a new pod to update your decision service. The Source to Image (S2I) deployment is usually most convenient for this solution.

Important

A server deployed with S2I does not support changing the decision service using Decision Central, a controller, or the API. To change the decision service, build a new S2I image.

To update a service on the same URL alias, use the recreate strategy. Decision Server does not support the rolling strategy.

Appendix A. Versioning information

Documentation last updated on: Monday, October 1, 2018.

Legal Notice

Copyright © 2018 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.