Chapter 2. Preparation for deploying Red Hat Decision Manager in your OpenShift environment

Procedure

1. Ensure you are logged in to OpenShift with the oc command and that your project is active.
2. Complete the steps documented in Registry Service Accounts for Shared Environments. You must log in to Red Hat Customer Portal to access the document and to complete the steps to create a registry service account.
3. Select the OpenShift Secret tab and click the link under Download secret to download the YAML secret file.
4. View the downloaded file and note the name that is listed in the name: entry.

5. Run the following commands:

   oc create -f <file_name>.yaml
   oc secrets link default <secret_name> --for=pull
   oc secrets link builder <secret_name> --for=pull

   Replace <file_name> with the name of the downloaded file and <secret_name> with the name that is listed in the name: entry of the file.

Procedure

1. Generate an SSL keystore named keystore.jks with a private and public key for SSL encryption for KIE Server. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for KIE Server.

2. Record the name of the certificate. The default value for this name in Red Hat Decision Manager configuration is jboss.
3. Record the password of the keystore file. The default value for this name in Red Hat Decision Manager configuration is mykeystorepass.

4. Use the oc command to generate a secret named kieserver-app-secret from the new keystore file:

   $ oc create secret generic kieserver-app-secret --from-file=keystore.jks

Procedure

1. Generate an SSL keystore named keystore.jks with a private and public key for SSL encryption for KIE Server. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for Business Central.

2. Record the name of the certificate. The default value for this name in Red Hat Decision Manager configuration is jboss.
3. Record the password of the keystore file. The default value for this name in Red Hat Decision Manager configuration is mykeystorepass.

4. Use the oc command to generate a secret named decisioncentral-app-secret from the new keystore file:

   $ oc create secret generic decisioncentral-app-secret --from-file=keystore.jks

Procedure

1. Generate an SSL keystore named keystore.jks with a private and public key for SSL encryption for KIE Server. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for the AMQ broker connection.

2. Record the name of the certificate. The default value for this name in Red Hat Decision Manager configuration is jboss.
3. Record the password of the keystore file. The default value for this name in Red Hat Decision Manager configuration is mykeystorepass.

4. Use the oc command to generate a secret named broker-app-secret from the new keystore file:

   $ oc create secret generic broker-app-secret --from-file=keystore.jks

Procedure

1. Create the Git hooks files. For instructions, see the Git hooks reference documentation.

   Note

   A pre-commit script is not supported in Business Central. Use a post-commit script.

2. Create a configuration map (ConfigMap) or persistent volume with the files.

   • If the Git hooks consist of one or several fixed script files, use the oc command to create a configuration map. For example:

     oc create configmap git-hooks --from-file=post-commit=post-commit

   • If the Git hooks consist of long files or depend on binaries, such as executable or JAR files, use a persistent volume. You must create a persistent volume, create a persistent volume claim and associate the volume with the claim, and transfer files to the volume.

     For instructions about persistent volumes and persistent volume claims, see Storage in the Red Hat OpenShift Container Platform documentation. For instructions about copying files onto a persistent volume, see Transferring files in and out of containers.

3. If the Git hooks scripts must interact with an upstream repository using SSH authentication, prepare a secret with the necessary files:

   1. Prepare the id_rsa file with a private key that matches a public key stored in the repository.
   2. Prepare the known_hosts file with the correct name, address, and public key for the repository.

   3. Create a secret with the two files using the oc command, for example:

      oc create secret git-hooks-secret --from-file=id_rsa=id_rsa --from-file=known_hosts=known_hosts

      Note

      When the deployment uses this secret, it mounts the id_rsa and known_hosts files into the /home/jboss/.ssh directory on Business Central pods.

Procedure

1. Use the following command to extract the source code:

   git clone https://<decision-central-host>:443/git/<MySpace>/<MyProject>

   In this command, replace the following variables:

   • <decision-central-host> with the host on which Business Central is running
   • <MySpace> with the name of the Business Central space in which the project is located
   • <MyProject> with the name of the project
   Note

   To view the full Git URL for a project in Business Central, click Menu → Design → <MyProject> → Settings.

   Note

   If you are using self-signed certificates for HTTPS communication, the command might fail with an SSL certificate problem error message. In this case, disable SSL certificate verification in git, for example, using the GIT_SSL_NO_VERIFY environment variable:

   env GIT_SSL_NO_VERIFY=true git clone https://<decision-central-host>:443/git/<MySpace>/<MyProject>

2. Upload the source code to another Git repository, such as GitHub or GitLab, for the S2I build.

Procedure

1. Configure a Maven release repository to which you have write access. The repository must allow read access without authentication and your OpenShift environment must have network access to this repository.

   You can deploy a Nexus repository manager in the OpenShift environment. For instructions about setting up Nexus on OpenShift, see Setting up Nexus in the Red Hat OpenShift Container Platform 3.11 documentation. The documented procedure is applicable to Red Hat OpenShift Container Platform 4.

   Use this repository as a mirror to host the publicly available Maven artifacts. You can also provide your own services in this repository in order to deploy these services on immutable servers.

2. On the computer that has an outgoing connection to the public Internet, complete the following steps:

3. Navigate to the Software Downloads page in the Red Hat Customer Portal (login required), and select the product and version from the drop-down options:

   • Product: Red Hat Decision Manager

   • Version: 7.10

     1. Download and extract the Red Hat Process Automation Manager 7.10.0 Offliner Content List (rhdm-7.10.0-offliner.zip) product deliverable file.
     2. Extract the contents of the rhdm-7.10.0-offliner.zip file into any directory.

     3. Change to the directory and enter the following command:

        ./offline-repo-builder.sh offliner.txt

        This command creates the repository subdirectory and downloads the necessary artifacts into this subdirectory. This is the mirror repository.

        If a message reports that some downloads have failed, run the same command again. If downloads fail again, contact Red Hat support.

     4. Upload all artifacts from the repository subdirectory to the Maven mirror repository that you prepared. You can use the Maven Repository Provisioner utility, available from the Maven repository tools Git repository, to upload the artifacts.

4. If you developed services outside of Business Central and they have additional dependencies, add the dependencies to the mirror repository. If you developed the services as Maven projects, you can use the following steps to prepare these dependencies automatically. Complete the steps on the computer that has an outgoing connection to the public Internet.

   1. Create a backup of the local Maven cache directory (~/.m2/repository) and then clear the directory.
   2. Build the source of your projects using the mvn clean install command.

   3. For every project, enter the following command to ensure that Maven downloads all runtime dependencies for all the artifacts generated by the project:

      mvn -e -DskipTests dependency:go-offline -f /path/to/project/pom.xml --batch-mode -Djava.net.preferIPv4Stack=true

      Replace /path/to/project/pom.xml with the path of the pom.xml file of the project.

   4. Upload all artifacts from the local Maven cache directory (~/.m2/repository) to the Maven mirror repository that you prepared. You can use the Maven Repository Provisioner utility, available from the Maven repository tools Git repository, to upload the artifacts.