Chapter 2. Preparing to deploy Red Hat Decision Manager in your OpenShift environment

Before deploying Red Hat Decision Manager in your OpenShift environment, you need to complete several preparatory tasks. You do not need to repeat these tasks if you want to deploy additional images, for example, for new versions of decision services or for other decision services.

Prerequisites

  1. Ensure that at least four gigabytes of memory are available in the OpenShift environment.
  2. Create the OpenShift project for the deployment.
  3. Log in to the project using the OpenShift web console and using the oc command.

2.1. Ensuring the availability of image streams

You must ensure that the image streams that are required for the deployment are available in your OpenShift environment. Some versions of the OpenShift environment include the necessary image streams. You must check if they are available. If they are not available, you must install the rhdm70-image-streams.yaml file.

Procedure

  1. Run the following commands:

    $ oc get imagestreamtag -n openshift | grep rhdm70-decisioncentral-openshift
    $ oc get imagestreamtag -n openshift | grep rhdm70-kieserver-openshift

    If the outputs of both commands are not empty, the required image streams are available and no further action is required.

  2. If the output of one or both of the commands is empty, download the rhdm-7.0.1-openshift-templates.zip product deliverable file from the Software Downloads page for Red Hat Decision Manager 7.0. Extract the rhdm70-image-streams.yaml file from it. Complete one of the following actions:

    • Run the following command:

      $ oc create -f rhdm70-image-streams.yaml
    • Using the OpenShift Web UI, select Add to Project → Import YAML / JSON, then choose the file or paste its contents.

2.2. Creating the secrets for Decision Server

OpenShift uses objects called Secrets to hold sensitive information, such as passwords or keystores. See the Secrets chapter in the OpenShift documentation for more information.

You must create an SSL certificate for Decision Server and provide it to your OpenShift environment as a secret.

Note

You do not need to create the secrets object if you are planning to deploy a Decision Server using source to image (S2I) without support for HTTPS.

Procedure

  1. Generate an SSL keystore with a private and public key for SSL encryption for Decision Server. In a production environment, generate a valid signed certificate that matches the expected URL of the Decision Server. Save the keystore in a file named keystore.jks. Record the name of the certificate and the password of the keystore file.

    See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.

  2. Use the oc command to generate a secret named kieserver-app-secret from the new keystore file:

    $ oc create secret generic kieserver-app-secret --from-file=keystore.jks
  3. Create a service account named kieserver-service-account:

    $ oc create serviceaccount kieserver-service-account
  4. Add the secret to the service account:

    $ oc secret add sa/kieserver-service-account secret/kieserver-app-secret

2.3. Creating the secrets for Decision Central

If you are planning to deploy Decision Central in your OpenShift environment, you must create an SSL certificate for Decision Central and provide it to your OpenShift environment as a secret. Do not use the same certificate and keystore for Decision Central and for Decision Server.

Procedure

  1. Generate an SSL keystore with a private and public key for SSL encryption for Decision Central. In a production environment, generate a valid signed certificate that matches the expected URL of the Decision Central. Save the keystore in a file named keystore.jks. Record the name of the certificate and the password of the keystore file.

    See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.

  2. Use the oc command to generate a secret named decisioncentral-app-secret from the new keystore file:

    $ oc create secret generic decisioncentral-app-secret --from-file=keystore.jks
  3. Create a service account named decisioncentral-service-account:

    $ oc create serviceaccount decisioncentral-service-account
  4. Add the secret to the service account:

    $ oc secret add sa/decisioncentral-service-account secret/decisioncentral-app-secret