Red Hat Training
A Red Hat training course is available for Red Hat Decision Manager
Deploying Red Hat Decision Manager on Red Hat OpenShift Container Platform
Red Hat Customer Content Services
brms-docs@redhat.com
Abstract
Preface
As a system administrator, you can deploy and manage Red Hat Decision Manager in an OpenShift environment. The OpenShift platform automates container deployment and management. You can use the templates provided with Decision Manager to deploy it into OpenShift and to scale it as necessary.
Prerequisite
You must have a deployed OpenShift environment. For details, see the documentation for the OpenShift product that you use.
Chapter 1. Overview
If you have an OpenShift environment, you can deploy Red Hat Decision Manager into this environment instead of a regular on-premises deployment.
In this solution, Decision Server is deployed as an OpenShift pod. You can scale the pod up and down, providing as few or as many containers as necessary. You can use all standard OpenShift methods to manage the pod, balance the load, and deploy new versions.
You can also deploy Decision Central on the OpenShift infrastructure together with Decision Server. In this case, you can use Decision Central to manage the Decision Server and to develop new rules.
Alternatively, you can deploy Decision Server without Decision Central. To manage Decision Server in this case, you have several options:
- Use the source to image (S2I) template and provide a Git repository with the source of your decision service. OpenShift automatically builds the source, installs the decision service into the Decision Server image, and starts the service. You do not need to manage the Decision Server. If you want to use a new version of the decision service, you can build a new image. This option is often preferable for typical integration approaches in a containerized infrastructure.
- Configure the Decision Server to load the service automatically from a Maven repository.
- Use an instance of Decision Central, a controller, or the REST API to manage the Decision Server.
All calls to a Decision Server that runs on OpenShift must be stateless. While the server accepts stateful calls, the state might not be saved between calls, because the server can be scaled to multiple containers or might be restarted by OpenShift automatically.
Chapter 2. Preparing to deploy Red Hat Decision Manager in your OpenShift environment
Before deploying Red Hat Decision Manager in your OpenShift environment, you need to complete several preparatory tasks. You do not need to repeat these tasks if you want to deploy additional images, for example, for new versions of decision services or for other decision services.
Prerequisites
- Ensure that at least four gigabytes of memory are available in the OpenShift environment.
- Create the OpenShift project for the deployment.
-
Log in to the project using the OpenShift web console and using the
oc
command.
2.1. Ensuring the availability of image streams
You must ensure that the image streams that are required for the deployment are available in your OpenShift environment. Some versions of the OpenShift environment include the necessary image streams. You must check if they are available. If they are not available, you must install the rhdm70-image-streams.yaml
file.
Procedure
Run the following commands:
$ oc get imagestreamtag -n openshift | grep rhdm70-decisioncentral-openshift $ oc get imagestreamtag -n openshift | grep rhdm70-kieserver-openshift
If the outputs of both commands are not empty, the required image streams are available and no further action is required.
If the output of one or both of the commands is empty, download the
rhdm-7.0.1-openshift-templates.zip
product deliverable file from the Software Downloads page for Red Hat Decision Manager 7.0. Extract therhdm70-image-streams.yaml
file from it. Complete one of the following actions:Run the following command:
$ oc create -f rhdm70-image-streams.yaml
- Using the OpenShift Web UI, select Add to Project → Import YAML / JSON, then choose the file or paste its contents.
2.2. Creating the secrets for Decision Server
OpenShift uses objects called Secrets
to hold sensitive information, such as passwords or keystores. See the Secrets chapter in the OpenShift documentation for more information.
You must create an SSL certificate for Decision Server and provide it to your OpenShift environment as a secret.
You do not need to create the secrets object if you are planning to deploy a Decision Server using source to image (S2I) without support for HTTPS.
Procedure
Generate an SSL keystore with a private and public key for SSL encryption for Decision Server. In a production environment, generate a valid signed certificate that matches the expected URL of the Decision Server. Save the keystore in a file named
keystore.jks
. Record the name of the certificate and the password of the keystore file.See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.
Use the
oc
command to generate a secret namedkieserver-app-secret
from the new keystore file:$ oc create secret generic kieserver-app-secret --from-file=keystore.jks
Create a service account named
kieserver-service-account
:$ oc create serviceaccount kieserver-service-account
Add the secret to the service account:
$ oc secret add sa/kieserver-service-account secret/kieserver-app-secret
2.3. Creating the secrets for Decision Central
If you are planning to deploy Decision Central in your OpenShift environment, you must create an SSL certificate for Decision Central and provide it to your OpenShift environment as a secret. Do not use the same certificate and keystore for Decision Central and for Decision Server.
Procedure
Generate an SSL keystore with a private and public key for SSL encryption for Decision Central. In a production environment, generate a valid signed certificate that matches the expected URL of the Decision Central. Save the keystore in a file named
keystore.jks
. Record the name of the certificate and the password of the keystore file.See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.
Use the
oc
command to generate a secret nameddecisioncentral-app-secret
from the new keystore file:$ oc create secret generic decisioncentral-app-secret --from-file=keystore.jks
Create a service account named
decisioncentral-service-account
:$ oc create serviceaccount decisioncentral-service-account
Add the secret to the service account:
$ oc secret add sa/decisioncentral-service-account secret/decisioncentral-app-secret
Chapter 3. Deploying Red Hat Decision Manager in your OpenShift environment
To deploy Red Hat Decision Manager in your OpenShift environment, use the OpenShift templates that are provided with Red Hat Decision Manager.
Prerequisites
You must complete the preparatory tasks as described in Chapter 2, Preparing to deploy Red Hat Decision Manager in your OpenShift environment.
As an alternative to using the OpenShift web UI, you can use the oc
command line tool to deploy the templates and set their parameters. For details, see the documentation for the version of OpenShift in your environment.
3.1. Deploying Decision Central and Decision Server
You can deploy Decision Central on the OpenShift infrastructure together with Decision Server. In this case, you can use Decision Central to manage the Decision Server and to develop new rules.
Procedure
In the OpenShift Web UI, select Add to Project → Browse Catalog, search for
decision
, and then select the Red Hat Decision Manager 7.0 applications (Persistent with https) template.-
If this template is not available, download the
rhdm-7.0.1-openshift-templates.zip
product deliverable file from the Software Downloads page for Red Hat Decision Manager 7.0. Extract therhdm70-full.yaml
file. Select Add to Project → Import YAML / JSON and then select or paste therhdm70-full.yaml
file. In the Add Template window, ensure Process the template is selected and click Continue.
-
If this template is not available, download the
Set the following mandatory parameters:
- Application Name: The name of the OpenShift application. It is used in the default URLs for Decision Central and Decision Server.
- Decision Central Server Certificate Name: The name of the certificate in the keystore that you created in Section 2.3, “Creating the secrets for Decision Central”.
- Decision Central Server Keystore Password: The password for the keystore that you created in Section 2.3, “Creating the secrets for Decision Central”.
- KIE Server Certificate Name: The name of the certificate in the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”.
- KIE Server Keystore Password: The password for the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”.
- KIE Server ID: The name of the server template on the Decision Central that the Decision Server is to join. Set this parameter to any value. If you do not set it and then the Decision Server pod is restarted or scaled, each new instance of the server might join a new template.
ImageStream Namespace: The namespace where the image streams are available. If the image streams were already available in your OpenShift environment (see Section 2.1, “Ensuring the availability of image streams”), the namespace is
openshift
. If you have installed the image streams file, the namespace is the name of the OpenShift project.You can also set other parameters as necessary. In particular, you can change the username and password for the Maven repository that is built into Decision Central. Use the Maven repository username and Maven repository password fields.
ATTENTION: Do not change the Maven repository URL field. If you change it, the Decision Server will work with a different Maven repository, but the Decision Central will still use its own built-in repository. Therefore, the Decision Central will not deploy services to the Decision Server.
- Click Create.
3.2. Deploying Decision Server using Source to Image (S2I)
You can deploy Decision Server on the OpenShift infrastructure using Source to Image (S2I). In this case, provide a Git repository with the source of your decision service. OpenShift automatically builds the source, installs the decision service into the Decision Server image, and starts the service. No further management of the image is required. If you want to use a new version of the decision service, you can build a new image. This option is often preferable for typical version management approaches (DevOps) in a containerized infrastructure.
You can deploy Decision Server using S2I with or without support for HTTPS.
Before you begin
Ensure that the complete source code for your decision service is available in a Git repository that the OpenShift server can access. The source code is built using a Maven process, so it must include a pom.xml
file.
Procedure
In the OpenShift Web UI, select Add to Project → Browse Catalog, search for
decision
, and then select the Red Hat Decision Manager Execution Server 7.0 S2I Ephemeral (no https) or Red Hat Decision Manager Execution Server 7.0 S2I (Ephemeral with https) template.-
If this template is not available, download the
rhdm-7.0.1-openshift-templates.zip
product deliverable file from the Software Downloads page for Red Hat Decision Manager 7.0. Extract therhdm70-kieserver-basic-s2i.yaml
orrhdm70-kieserver-https-s2i.yaml
file. Select Add to Project → Import YAML / JSON and then select or paste the file. In the Add Template window, ensure Process the template is selected and click Continue.
-
If this template is not available, download the
Set the following mandatory parameters:
- Application Name: The name of the OpenShift application. It is used in the default URLs for Decision Central and Decision Server.
- KIE Server Certificate Name: The name of the certificate in the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”. Not available if you are configuring a server without HTTPS support.
- KIE Server Keystore Password: The password for the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”. Not available if you are configuring a server without HTTPS support.
-
KIE Server Container Deployment: The identifying information of the decision service (KJAR file) that is built from your source. The format is:
<containerId>=<groupId>:<artifactId>:<version>
. You can provide two or more KJAR files using the|
separator, for example:containerId=groupId:artifactId:version|c2=g2:a2:v2
. The Maven build process must produce all these files from the source in the Git repository. - Git Repository URL: The URL for the Git repository that contains the source for your decision service.
- Git Reference: The branch in the Git repository
- Context Directory: The path to the source within the project downloaded from the Git repository
- Artefact Directory: The path within the project that contains the required binary files (KJAR files and any other necessary files) after a successful Maven build. Normally this directory is the target directory of the build. However, you can provide prebuilt binaries in this directory in the Git repository
ImageStream Namespace: The namespace where the image streams are available. If the image streams were already available in your OpenShift environment (see Section 2.1, “Ensuring the availability of image streams”), the namespace is
openshift
. If you have installed the image streams file, the namespace is the name of the OpenShift project.You can also set other parameters as necessary. In particular, if the Maven build of your decision service pulls packages from a Maven repository, you can set the URL for a mirror repository and, if necessary, set the username and password to access the mirror repository. In this case, the build process will pull packages from the mirror repository instead of the configured original repository:
- Maven mirror URL
- Maven repository username
- Maven repository password
- Click Create.
3.3. Deploying Decision Server without using Source to Image (S2I)
You can deploy Decision Server on the OpenShift infrastructure without Decision Central and without S2I. In this case, Decision Server can pick up a decision service from a Maven repository. You can configure the Decision Server to load a service automatically; alternatively, you can manage the Decision Server using Decision Central, a controller, or the API.
Before you begin
Ensure that the Maven repository for your decision service is available.
If you are planning to use Decision Central or a management console, ensure that it is installed and record its settings for controlling a KIE server.
Procedure
In the OpenShift Web UI, select Add to Project → Browse Catalog, search for
decision
, and then select the Red Hat Decision Manager Execution Server 7.0 (Ephemeral with https) template.-
If this template is not available, download the
rhdm-7.0.1-openshift-templates.zip
product deliverable file from the Software Downloads page for Red Hat Decision Manager 7.0. Extract therhdm70-kieserver.yaml
. Select Add to Project → Import YAML / JSON and then select or paste therhdm70-kieserver.yaml
file. In the Add Template window, ensure Process the template is selected and click Continue.
-
If this template is not available, download the
Set the following mandatory parameters:
- Application Name: The name of the OpenShift application. It is used in the default URLs for Decision Central and Decision Server.
- KIE Server Certificate Name: The name of the certificate in the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”.
- KIE Server Keystore Password: The password for the keystore that you created in Section 2.2, “Creating the secrets for Decision Server”.
ImageStream Namespace: The name of the OpenShift project.
You can also set other parameters as necessary. In particular:
If you want to set the Maven repository for retrieving the decision service, set the following parameters to point to the repository:
- Maven repository URL
- Maven repository username
- Maven repository password
If you want to configure the Decision Server to load a decision service automatically, set the following parameter:
-
KIE Server Container Deployment: The identifying information of the decision service (KJAR file). The format is:
<containerId>=<groupId>:<artifactId>:<version>
. You can provide two or more KJAR files using the|
separator, for example:containerId=groupId:artifactId:version|c2=g2:a2:v2
. The Decision Server pulls the files from the Maven repository.
-
KIE Server Container Deployment: The identifying information of the decision service (KJAR file). The format is:
If you want to use Decision Central deployed on the same OpenShift infrastructure to manage the Decision Server, set the following parameter:
- KIE server controller service: The OpenShift service name for the Decision Central
- KIE server controller user: a user name for logging onto the Decision Central
- KIE server controller password: The password for logging onto the Decision Central
- KIE Server ID: The name of the server template on the Decision Central that this server is to join.
If you want to use Decision Central or a controller to manage the Decision Server, set the protocol, host, and port parameters according to the URL that you use to access the web user interface of the Decision Central or according to the configuration of the controller:
- KIE server controller protocol (http or https)
- KIE server controller host
- KIE server controller port
- KIE server controller user: a user name for logging onto the Decision Central or controller
- KIE server controller password: The password for logging onto the Decision Central or controller
- KIE Server ID: The name of the server template on the Decision Central or controller that this server is to join.
- Click Create.
Chapter 4. Managing Red Hat Decision Manager on OpenShift
You can scale Decision Server on OpenShift as necessary.
Do not scale Decision Central on OpenShift. If you deploy Decision Central and Decision Server and then scale Decision Server, the Decision Central automatically manages all the copies of Decision Server.
4.1. Updating your decision service
When you want to update to a new version of your decision service, you can either use the existing pod to deploy the new version or create a new pod.
To change the decision service in an existing pod, you must manage the Decision Server using Decision Central, a controller, or the API. In this case, changes are handled the same way as in an on-premise deployment without containers.
If you want to use a typical container application lifecycle, build a new pod to update your decision service. The Source to Image (S2I) deployment is usually most convenient for this solution.
A server deployed with S2I does not support changing the decision service using Decision Central, a controller, or the API. To change the decision service, build a new S2I image.
To update a service on the same URL alias, use the recreate strategy. Decision Server does not support the rolling strategy.
Appendix A. Versioning information
Documentation last updated on: Monday, October 1, 2018.