Chapter 3. Deployment and management of a Red Hat Process Automation Manager environment using OpenShift Operators

To deploy a Red Hat Process Automation Manager environment, the OpenShift Operator uses a YAML source that describes the environment. Red Hat Process Automation Manager provides an installer that you can use to form the YAML source and deploy the environment.

When the Business Automation operator deploys the environment, it creates a YAML description of the environment, and then ensures that the environment is consistent with the description at all times. You can edit the description to modify the environment.

3.1. Subscribing to the Business Automation operator

To be able to deploy Red Hat Process Automation Manager using operators, you must subscribe to the Business Automation operator in OpenShift. If the operator is not available in the catalog, you must download and install it.

Procedure

  1. Enter your project in the OpenShift Web cluster console.
  2. In the OpenShift Web console navigation panel, select Catalog and then OperatorHub.
  3. Search for Business Automation, select it and click Install.
  4. On the Create Operator Subscription page, select your target namespace and approval strategy.

    Optional: Set Approval strategy to Automatic to enable automatic operator updates. An operator update does not immediately update the product, but is required before you update the product. Configure automatic or manual product updates using the settings in every particular product deployment.

  5. Click Subscribe to create a subscription.

3.2. Deploying a Red Hat Process Automation Manager environment using the operator

After you subscribe to the Business Automation operator, you can use the installer wizard to configure and deploy a Red Hat Process Automation Manager environment.

Important

In Red Hat Process Automation Manager 7.4, the operator installer wizard is for Technology Preview only. For more information on Red Hat Technology Preview features, see Technology Preview Features Support Scope.

3.2.1. Starting the deployment of a Red Hat Process Automation Manager environment using the Business Automation operator

To start deploying a Red Hat Process Automation Manager environment using the Business Automation operator, access the installer wizard. The installer wizard is deployed when you subscribe to the Operator.

Prerequisites

Procedure

  1. In the Red Hat OpenShift Container Platform web cluster console menu, select Catalog → Installed operators.
  2. Click the name of the operator that contains businessautomation. Information about this operator is displayed.
  3. Click the Installer link on the left side of the window.
  4. If prompted, log in with your OpenShift credentials.

Result

The Installation tab of the wizard is displayed.

3.2.2. Setting the basic configuration of the environment

After you start to deploy a Red Hat Process Automation Manager environment using the Business Automation operator, you must select the type of the environment and set other basic configuration.

Prerequisites

Procedure

  1. In the Application Name field, enter a name for the OpenShift application. This name is used in the default URLs for all components.
  2. In the Environment list, select the type of environment. This type determines the default configuration; you can modify this configuration as necessary. The following types are available for Red Hat Process Automation Manager:

    • rhpam-trial: A trial environment that you can set up quickly and use to evaluate or demonstrate developing and running assets. Includes Business Central and a Process Server. This environment does not use any persistent storage, and any work you do in the environment is not saved.
    • rhpam-authoring: An environment for creating and modifying services using Business Central. It consists of pods that provide Business Central for the authoring work and a Process Server for test execution of the services.
    • rhpam-authoring-ha: An environment for creating and modifying services using Business Central. It consists of pods that provide Business Central for the authoring work and a Process Server for test execution of the services. This version of the authoring environment supports scaling the Business Central pod to ensure high availability.

      Important

      In Red Hat Process Automation Manager {VERSION}, high-availability Business Central functionality is for Technology Preview only. For more information on Red Hat Technology Preview features, see Technology Preview Features Support Scope.

    • rhpam-production: An environment for running existing services for staging and production purposes. This environment includes Business Central Monitoring, Smart Router, and two groups of Process Server pods. You can deploy and undeploy services on every such group and also scale the group up or down as necessary. Use Business Central Monitoring to deploy, run, and stop the services and to monitor their execution.
    • rhpam-production-immutable: An alternate environment for running existing services for staging and production purposes. You can configure one or more Process Server pods that build services from source or pull them from a Maven repository. You can then replicate each pod as necessary.

      You cannot remove any service from the pod or add any new service to the pod. If you want to use another version of a service or to modify the configuration in any other way, deploy a new server image to replace the old one. You can use any container-based integration workflows to manage the pods.

      When configuring this environment, in the KIE Servers tab you must customize the Process Server and either click the Set immutable server configuration button or set the KIE_SERVER_CONTAINER_DEPLOYMENT environment variable. For instructions about configuring the Process Server, see Section 3.2.5, “Setting custom Process Server configuration of the environment”.

      Optionally, you can also use the Console tab to include Business Central Monitoring in this environment to monitor, stop, and restart the execution of process services. For instructions about configuring Business Central Monitoring, see Section 3.2.4, “Setting the Business Central configuration of the environment”.

  3. If you want to use a custom image registry, under Custom registry, enter the URL of the registry in the Image registry field. If this registry does not have a properly signed and recognized SSL certificate, select the Insecure box.
  4. Under Admin user, enter the user name and password for the administrative user for Red Hat Process Automation Manager in the Username and Password fields. If you use RH-SSO or LDAP authentication, the same user must be configured in your authentication system with the kie-server,rest-all,admin roles for Red Hat Process Automation Manager.
  5. If you want to use a custom version tag for images, complete the following steps:

    1. Click Next to access the Security tab.
    2. Scroll to the bottom of the window.
    3. Enter the image tag in the Image tag field.

Next steps

If you want to deploy the environment with the default configuration, click Finish and then click Deploy to deploy the environment. Otherwise, continue to set other configuration parameters.

3.2.3. Setting the security configuration of the environment

After you set the basic configuration of a Red Hat Process Automation Manager environment using the Business Automation operator, you can optionally configure authentication (security) settings for the environment.

Prerequisites

  • You completed basic configuration of a Red Hat Process Automation Manager environment using the Business Automation operator in the installer wizard according to the instructions in Section 3.2.2, “Setting the basic configuration of the environment”.
  • If you want to use RH-SSO or LDAP for authentication, you created users with the correct roles in your authentication system. You must create at least the following users:

    • An administrative user (for example, adminUser) with the kie-server,rest-all,admin roles
    • A user named controllerUser with the kie-server,rest-all,guest roles.
    • A user named executionUser with the kie-server,rest-all,guest roles.
  • If you want to use RH-SSO authentication, you created the clients in your RH-SSO system for all components of your environment, specifying the correct URLs. This action ensures maximum control. Alternatively, the deployment can create the clients.

Procedure

  1. If the Installation tab is open, click Next to view the Security tab.
  2. In the Authentication mode list, select one of the following modes:

    • Internal: You configure the initial users when deploying the environment. The user can use Business Central to set up other users as necessary.
    • RH-SSO: Red Hat Process Automation Manager uses Red Hat Single Sign-On for authentication.
    • LDAP: Red Hat Process Automation Manager uses LDAP for authentication
  3. Complete the security configuration based on the Authentication mode that you selected.

    If you selected Internal, you can optionally set the KIE Server password field. Applications can use the executionUser user name with this password to send REST API requests to Process Servers in this environment.

    If you selected RH-SSO, configure RH-SSO authentication:

    1. In the RH-SSO URL field, enter the RH-SSO URL.
    2. In the Realm field, enter the RH-SSO realm name.
    3. If you did not create RH-SSO clients for components of your environment enter the credentials of an administrative user for your RH-SSO system in the SSO admin user and SSO admin password fields.
    4. If your RH-SSO system does not have a proper signed SSL certificate, select the Disable SSL cert validation box.
    5. If you want to change the RH-SSO principal attribute used for the user name, in the Principal attribute field enter the name of the new attribute.
    6. In the Controller password field, enter the password that you configured in RH-SSO for the controllerUser user.
    7. In the KIE Server password field, enter the password that you configured in RH-SSO for the executionUser user.

    If you selected LDAP, configure LDAP authentication:

    1. In the LDAP URL field, enter the LDAP URL.
    2. Configure LDAP parameters that correspond to the settings of the LdapExtended Login module of Red Hat JBoss EAP. For instructions about using these settings, see LdapExtended Login Module.
    3. In the Controller password field, enter the password that you configured in RH-SSO for the controllerUser user.
    4. In the KIE Server password field, enter the password that you configured in RH-SSO for the executionUser user.
  4. Configure other passwords, if necessary:

    • AMQ password and AMQ cluster password are passwords for interaction with ActiveMQ using the JMS API.
    • Maven password is the password for mavenUser. If your environment includes Business Central, you can use this user to access the built-in Maven repository.
    • Database password is the password for database server pods that are a part of the environments.

Next steps

If you want to deploy the environment with the default configuration of all components, click Finish and then click Deploy to deploy the environment. Otherwise, continue to set configuration parameters for Business Central, Process Servers, and Smart Router.

3.2.4. Setting the Business Central configuration of the environment

After you set the basic and security configuration of a Red Hat Process Automation Manager environment using the Business Automation operator, you can optionally configure settings for the Business Central or Business Central Monitoring component of the environment.

Prerequisites

Procedure

  1. If the Installation or Security tab is open, click Next until you view the Console tab.
  2. If you created the secret for Business Central according to the instructions in Section 2.3, “Creating the secrets for Business Central”, enter the name of the secret in the Secret field.
  3. Optionally, enter the number of replicas for Business Central or Business Central monitoring in the Replicas field. Do not change this number in a rhpam-authoring environment.
  4. Optionally, enter requested and maximum CPU and memory limits in the fields under Resource quotas.
  5. If you selected RH-SSO authentication, configure RH-SSO for Business Central:

    1. Enter the client name in the Client name field and the client secret in the Client secret field. If a client with this name does not exist, the deployment attempts to create a new client with this name and secret.
    2. If the deployment is to create a new client, enter the HTTP and HTTPS URLs that will be used for accessing the Process Server into the SSO HTTP URL and SSO HTTPS URL fields. This information is recorded in the client.
  6. Optionally, depending on your needs, set environment variables. To set an environment variable, click Add new Environment variable, then enter the name and value for the variable in the Name and Value fields.

    • If you want to use an external Maven repository, set the following variables:

      • MAVEN_REPO_URL: The URL for the Maven repository
      • MAVEN_REPO_ID: An identifier for the Maven repository, for example, repo-custom
      • MAVEN_REPO_USERNAME: The user name for the Maven repository
      • MAVEN_REPO_PASSWORD The password for the Maven repository

        Important

        In an authoring environment, if you want Business Central to push a project into an external Maven repository, you must configure this repository during deployment and also configure exporting to the repository in every project. For information about exporting Business Central projects to an external Maven repository, see Packaging and deploying a Red Hat Process Automation Manager project.

    • If your OpenShift environment does not have a connection to the public Internet, configure access to a Maven mirror that you set up according to Section 2.6, “Preparing a Maven mirror repository for offline use”. Set the following variables:

      • MAVEN_MIRROR_URL: The URL for the Maven mirror repository that you set up in Section 2.6, “Preparing a Maven mirror repository for offline use”. This URL must be accessible from a pod in your OpenShift environment.
      • MAVEN_MIRROR_OF: The value that determines which artifacts are to be retrieved from the mirror. For instructions about setting the mirrorOf value, see Mirror Settings in the Apache Maven documentation. The default value is external:*. With this value, Maven retrieves every required artifact from the mirror and does not query any other repositories.

        If you configure an external Maven repository (MAVEN_REPO_URL), change MAVEN_MIRROR_OF to exclude the artifacts in this repository from the mirror, for example, external:*,!repo-custom. Replace repo-custom with the ID that you configured in MAVEN_REPO_ID.

        If your authoring environment uses a built-in Business Central Maven repository, change MAVEN_MIRROR_OF to exclude the artifacts in this repository from the mirror: external:*,!repo-rhpamcentr.

Next steps

If you want to deploy the environment with the default configuration of Process Servers and Smart Router, click Finish and then click Deploy to deploy the environment. Otherwise, continue to set configuration parameters for Process Servers and Smart Router.

3.2.5. Setting custom Process Server configuration of the environment

Every environment type in the Business Automation operator includes one or several Process Servers by default.

Optionally, you can set custom configuration for Process Servers. In this case, default Process Servers are not created and only the Process Servers that you configure are deployed.

Prerequisites

Procedure

  1. If the Installation, Security, or Console tab is open, click Next until you view the KIE Servers tab.
  2. Click Add new KIE Server to add a new Process Server configuration.
  3. In the Id field, enter an identifier for the Process Server. If the Process Server connects to a Business Central or Business Central Monitoring instance, this identifier determines which server group the server joins.
  4. In the Name field, enter a name for the Process Server.
  5. In the Deployments field, enter the number of similar Process Servers that are to be deployed. The installer can deploy several Process Servers with the same configuration. The identifiers and names of the Process Servers are modified automatically and remain unique.
  6. If you created the secret for Process Server according to the instructions in Section 2.2, “Creating the secrets for Process Server”, enter the name of the secret in the Secret field.
  7. Optionally, enter the number of replicas for the Process Server in the Replicas field.
  8. If you want to use a custom image for the Process Server, complete the following additional steps:

    1. Click Set KIE Server image.
    2. Enter the name of the image stream in the Name field.
    3. If the image stream is not in the openshift namespace, enter the namespace in the Namespace field.
  9. If you want to configure an immutable Process Server using a Source to Image (S2I) build, complete the following additional steps:

    Important

    If you want to configure an immutable Process Server that pulls services from the Maven repository, do not click Set Immutable server configuration and do not complete these steps. Instead, set the KIE_SERVER_CONTAINER_REPLOYMENT environment variable.

    1. Click Set Immutable server configuration.
    2. In the KIE Server container deployment field, enter the identifying information of the services (KJAR files) that the deployment must extract from the result of a Source to Image (S2I) build. The format is <containerId>=<groupId>:<artifactId>:<version> or, if you want to specify an alias name for the container, <containerId>(<aliasId>)=<groupId>:<artifactId>:<version>. You can provide two or more KJAR files using the | separator, as illustrated in the following example: containerId=groupId:artifactId:version|c2(alias2)=g2:a2:v2.
    3. If your OpenShift environment does not have a connection to the public Internet, enter the URL of the Maven mirror that you set up according to Section 2.6, “Preparing a Maven mirror repository for offline use” in the Maven mirror URL field.
    4. In the Artifact directory field, enter the path within the project that contains the required binary files (KJAR files and any other necessary files) after a successful Maven build. Normally this directory is the target directory of the build. However, you can provide prebuilt binaries in this directory in the Git repository.
    5. If you want to use a custom base Process Server image for the S2I build, click Set Base build image and then enter the name of the image stream in the Name field. If the image stream is not in the openshift namespace, enter the namespace in the Namespace field. If you want to use a Docker image name and not an OpenShift image stream tag, change the Kind value to DockerImage.
    6. Click Set Git source and enter information in the following fields:

      • S2I Git URI:The URI for the Git repository that contains the source for your services.
      • Reference: The branch in the Git repository.
      • Context directory: (Optional) The path to the source within the project downloaded from the Git repository. By default, the root directory of the downloaded project is the source directory.
    7. If you want to set a Git Webhook so changes in the Git repository cause an automatic rebuild of the Process Server, click Add new Webhook. Select the type of the Webhook from the Type list and enter the secret string for the Webhook in the Secret field.
  10. Optionally, enter requested and maximum CPU and memory limits in the fields under Resource quotas. If you are configuring several Process Servers, the limits apply to each server separately.
  11. If you selected RH-SSO authentication, configure RH-SSO for the Process Server:

    1. Enter the client name in the Client name field and the client secret in the Client secret field. If a client with this name does not exist, the deployment attempts to create a new client with this name and secret.
    2. If the deployment is to create a new client, enter the HTTP and HTTPS URLs that will be used for accessing the Process Server into the SSO HTTP URL and SSO HTTPS URL fields. This information is recorded in the client.
  12. Select the database that the Process Server must use. The following values are available:

    • mysql: A MySQL server, created in a separate pod.
    • postgresql: A PostgreSQL server, created in a separate pod. Use this setting unless you have a specific reason to use any other setting.
    • h2: A built-in h2 database engine that does not require a separate pod. Do not scape the Process Server pod if you use this setting.
    • external: An external database server.

      Note

      In Red Hat Process Automation Manager 7.4, when you deploy an environment using the Business Automation operator, only MySQL and PostgreSQL external dabatase servers are supported.

  13. Optionally, in the Size field, enter the size of the peristence volume to create for the database server.
  14. If you selected an external database server, provide the following information in additional fields:

    1. Driver: Enter the database server driver, depending on the server type:

      • mysql
      • postgresql
      • mariadb
      • mssql
      • db2
      • oracle
      • sybase
    2. Dialect: Enter the Hibernate dialect for the server, depending on the server type:

      • org.hibernate.dialect.MySQL5InnoDBDialect (used for MySQL and MariaDB)
      • org.hibernate.dialect.PostgreSQL82Dialect
      • org.hibernate.dialect.SQLServer2012Dialect (used for MS SQL)
      • org.hibernate.dialect.DB2Dialect
      • org.hibernate.dialect.Oracle10gDialect
      • org.hibernate.dialect.SybaseASE157Dialect
    3. Host: Enter the host name of the external database server.
    4. Port: Enter the port number of the external database server.
    5. Jdbc URL: Enter the JDBC URL for the external database server.
    6. NonXA: Select this box if you want to configure the data source in non-XA mode.
    7. JNDI name: Enter the JNDI name that the application uses for the data source.
    8. User name and Password: Enter the user name and password for the external database server.
    9. Background validation: Optionally, select this box to enable background SQL valication and enter the background validation interval.
    10. Optionally, set the minimum and maximum connection pool sizes, valid connection checker class, and exception sorter class for the database server.
  15. Optionally, depending on your needs, set environment variables. To set an environment variable, click Add new Environment variable, then enter the name and value for the variable in the Name and Value fields.

    • If you want to configure an immutable KIE server that pulls services from the configured Maven repository, enter the following settings:

      1. Set the KIE_SERVER_CONTAINER_DEPLOYMENT environment variable. The variable must contain the identifying information of the services (KJAR files) that the deployment must pull from the Maven repository. The format is <containerId>=<groupId>:<artifactId>:<version> or, if you want to specify an alias name for the container, <containerId>(<aliasId>)=<groupId>:<artifactId>:<version>. You can provide two or more KJAR files using the | separator, as illustrated in the following example: containerId=groupId:artifactId:version|c2(alias2)=g2:a2:v2.
      2. Configure an external Maven repository.
    • If you want to configure an external Maven repository, set the following variables:

      • MAVEN_REPO_URL: The URL for the Maven repository
      • MAVEN_REPO_ID: An identifier for the Maven repository, for example, repo-custom
      • MAVEN_REPO_USERNAME: The user name for the Maven repository
      • MAVEN_REPO_PASSWORD: The password for the Maven repository
    • If your OpenShift environment does not have a connection to the public Internet, configure access to a Maven mirror that you set up according to Section 2.6, “Preparing a Maven mirror repository for offline use”. Set the following variables:

      • MAVEN_MIRROR_URL: The URL for the Maven mirror repository that you set up in Section 2.6, “Preparing a Maven mirror repository for offline use”. This URL must be accessible from a pod in your OpenShift environment. If you configured this Process Server as S2I, you already entered this URL.
      • MAVEN_MIRROR_OF: The value that determines which artifacts are to be retrieved from the mirror. If you configured this Process Server as S2I, do not set this value. For instructions about setting the mirrorOf value, see Mirror Settings in the Apache Maven documentation. The default value is external:*. With this value, Maven retrieves every required artifact from the mirror and does not query any other repositories.

        If you configure an external Maven repository (MAVEN_REPO_URL), change MAVEN_MIRROR_OF to exclude the artifacts in this repository from the mirror, for example, external:*,!repo-custom. Replace repo-custom with the ID that you configured in MAVEN_REPO_ID.

        If your authoring environment uses a built-in Business Central Maven repository, change MAVEN_MIRROR_OF to exclude the artifacts in this repository from the mirror: external:*,!repo-rhpamcentr.

    • If you want to configure your Process Server deployment to use Prometheus to collect and store metrics, set the PROMETHEUS_SERVER_EXT_DISABLED environment variable to false. For instructions about configuring Prometheus metrics collection, see {URL_MANAGING_SETTINGS}#prometheus-monitoring-ocp-proc_execution-server[Managing and monitoring Process Server].

Next steps

To configure additional Process Servers, click Add new KIE Server again and repeat the procedure for the new server configuration.

If you want to deploy the environment with the default configuration Smart Router, click Finish and then click Deploy to deploy the environment. Otherwise, continue to set configuration parameters for Smart Router.

3.3. Modifying an environment that is deployed using operators

If an environment is deployed using operators, you cannot modify it using typical OpenShift methods. For example, if you delete a deployment configuration or a service, it is re-created automatically with the same parameters.

To modify the environment, you must modify the YAML description of the environment. You can change common settings such as passwords, add new Process Servers, and scale Process Servers.

Procedure

  1. Enter your project in the OpenShift web cluster console.
  2. In the OpenShift Web console navigation panel, select Catalog → Installed Operators.
  3. Find the Business Automation operator line in the table and click KieApp in the line. Information about the environments that you deployed using this operator is displayed.
  4. Click the name of a deployed environment.
  5. Select the YAML tab. A YAML source is displayed.
  6. If you want to change common settings, such as passwords, edit the values under commonConfig:.
  7. If you want to add new Process Servers, add their descriptions at the end of the block under servers:, as shown in the following examples:

    • To add two servers named server-a and server-a-2, add the following lines:

      - deployments: 2
        name: server-a
    • To add an immutable Process Server that includes services built from source in an S2I process, add the following lines:

      - build:
          kieServerContainerDeployment: <deployment>
          gitSource:
            uri: <url>
            reference: <branch>
            contextDir: <directory>

      Replace the following values:

      • <deployment>: The identifying information of the decision service (KJAR file) that is built from your source. The format is <containerId>=<groupId>:<artifactId>:<version>. You can provide two or more KJAR files using the | separator, for example containerId=groupId:artifactId:version|c2=g2:a2:v2. The Maven build process must produce all these files from the source in the Git repository.
      • <url>: The URL for the Git repository that contains the source for your decision service.
      • <branch>: The branch in the Git repository.
      • <directory>: The path to the source within the project downloaded from the Git repository.
  8. If you want to scale a Process Server, find the description of the server in the block under servers: and add a replicas: setting under that description. For example, replicas: 3 scales the server to three pods.
  9. Click Save and then wait for a has been updated pop-up message.
  10. Click Reload to view the new YAML description of the environment.