Red Hat Training
A Red Hat training course is available for Red Hat Decision Manager
Chapter 2. Preparing to deploy Red Hat Decision Manager in your OpenShift environment
Before deploying Red Hat Decision Manager in your OpenShift environment, you need to complete several preparatory tasks. You do not need to repeat these tasks if you want to deploy additional images, for example, for new versions of decision services or for other decision services
2.1. Ensuring the availability of image streams and the image registry
To deploy Red Hat Decision Manager components of Red Hat OpenShift Container Platform, you must ensure that OpenShift can download the correct images from the Red Hat registry. To download the images, OpenShift requires the information about their location (known as image streams). OpenShift also must be configured to authenticate with the Red Hat registry using your service account user name and password.
Some versions of the OpenShift environment include the required image streams. You must check if they are available. If image streams are available in OpenShift by default, you can use them if the OpenShift infrastructure is configured for registry authentication server. The administrator must complete the registry authentication configuration when installing the OpenShift environment.
Otherwise, you can configure registry authentication in your own project and install the image streams in the same project.
Procedure
- Determine whether Red Hat OpenShift Container Platform was configured with the user name and password for Red Hat registry access. For details about the required configuration, see Configuring a Registry Location. If you are using an OpenShift Online subscription, it is configured for Red Hat registry access.
If Red Hat OpenShift Container Platform was configured with the user name and password for Red Hat registry access, run the following commands:
$ oc get imagestreamtag -n openshift | grep rhdm72-decisioncentral-openshift $ oc get imagestreamtag -n openshift | grep rhdm72-kieserver-openshift
If the outputs of both commands are not empty, the required image streams are available in the
openshift
namespace and no further action is required.If the output of one or both of the commands is empty or if OpenShift was not configured with the user name and password for Red Hat registry access, complete the following steps:
-
Ensure you are logged in to OpenShift with the
oc
command and that your project is active. - Complete the steps documented in Registry Service Accounts for Shared Environments. You must log on to Red Hat Customer Portal to access the document and to complete the steps to create a registry service account.
- Select the OpenShift Secret tab and click the link under Download secret to download the YAML secret file.
-
View the downloaded file and note the name that is listed in the
name:
entry. Run the following commands:
oc create -f <file_name>.yaml oc secrets link default <secret_name> --for=pull oc secrets link builder <secret_name> --for=pull
Where
<file_name>
is the name of the downloaded file and <secret_name> is the name that is listed in thename:
entry of the file.-
Download the
rhdm-7.2.0-openshift-templates.zip
product deliverable file from the Software Downloads page and extract therhdm72-image-streams.yaml
file. Complete one of the following actions:
Run the following command:
$ oc create -f rhdm72-image-streams.yaml
Using the OpenShift Web UI, select Add to Project → Import YAML / JSON and then choose the file or paste its contents.
NoteIf you complete these steps, you install the image streams into the namespace of your project. If you install the image streams using these steps, you must set the
IMAGE_STREAM_NAMESPACE
parameter to the name of this project when deploying templates.
-
Ensure you are logged in to OpenShift with the
2.2. Creating the secrets for Decision Server
OpenShift uses objects called Secrets
to hold sensitive information, such as passwords or keystores. See the Secrets chapter in the OpenShift documentation for more information.
You must create an SSL certificate for Decision Server and provide it to your OpenShift environment as a secret.
You do not need to create the secrets object if you are planning to deploy only Decision Servers without support for HTTPS.
Procedure
Generate an SSL keystore with a private and public key for SSL encryption for Decision Server. In a production environment, generate a valid signed certificate that matches the expected URL of the Decision Server. Save the keystore in a file named
keystore.jks
. Record the name of the certificate and the password of the keystore file.See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.
Use the
oc
command to generate a secret namedkieserver-app-secret
from the new keystore file:$ oc create secret generic kieserver-app-secret --from-file=keystore.jks
2.3. Extracting the source code from Decision Central for use in an S2I build
If you are using Decision Central for authoring services, you can extract the source code for your service and place it into a separate Git repository (such as GitHub or an on-premise installation of GitLab) for use in the S2I build.
Procedure
Use the following command to extract the source code:
git clone ssh://adminUser@decision-central-host:8001/MySpace/MyProject
Replace:
-
adminUser
with the administrative user for Decision Central -
decision-central-host
with the host on which Decision Central is running -
MySpace
with the name of the Decision Central space in which the project is located -
MyProject
with the name of the project
-
- Upload the source code to another Git repository for the S2I build.
2.4. Preparing a Maven repository for offline use
If your Red Hat OpenShift Container Platform environment does not have outgoing access to the public Internet, you must prepare a Maven repository with a mirror of all the necessary artifacts and make this repository available to your environment for use in source to image (S2I) builds.
Skip this procedure if your Red Hat OpenShift Container Platform environment is connected to the Internet.
Procedure
-
Build the source of your services on any machine using the
mvn clean install
command. - Copy the downloaded Maven artifacts from the machine onto an internal Maven repository (for example, Nexus).
- Make this repository available in your Red Hat OpenShift Container Platform environment.