Red Hat xPaaS Decision Server Image

Red Hat xPaaS 0

Using the Decision Server (BRMS) xPaaS Image

Red Hat xPaaS Documentation Team xpaas-docs@redhat.com

Legal Notice

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.

Abstract

Guide to using the Red Hat xPaaS Decision Server image

Chapter 1. Introduction to the Decision Server Image

1.1. What Is the Red Hat JBoss BRMS decision server?

The Red Hat JBoss BRMS decision server xPaaS image provides a platform for executing business rules on JBoss BRMS Realtime Decision Server. Developers can quickly build, scale, and test applications deployed across hybrid environments.

Chapter 2. Before You Begin

2.1. Comparison: BRMS and Decision Server Image

This topic details the differences between the Decision Server xPaaS image and the full, non-PaaS release of JBoss BRMS, and provides instructions specific to running and configuring the Decision Server xPaaS image. Documentation for other JBoss BRMS functionality not specific to the Decision Server xPaaS image can be found in the JBoss BRMS documentation on the Red Hat Customer Portal.

EAP_HOME in this documentation, as in the JBoss BRMS documentation, is used to refer to the JBoss EAP installation directory where the decision server is deployed. The location of EAP_HOME inside a Decision Server xPaaS image is /opt/eap/, which the JBOSS_HOME environment variable is also set to by default.

2.1.1. Functionality Differences for OpenShift Decision Server xPaaS Images

There are several major functionality differences in the OpenShift Decision Server xPaaS image:

The Decision Server image extends the OpenShift EAP image, and any capabilities or limitations it has are also found in the Decision Server image.
Only stateless scenarios are supported.
To connect to the Decision Server web console, click the Connect button in the Decision Server pod of the OpenShift web console, or the Open Java Console button in OpenShift 3.2.
Authoring of any content through the BRMS Console or API is not supported.

2.1.2. Managing OpenShift Decision Server xPaaS Images

As the Decision Server image is built off the OpenShift JBoss EAP xPaaS image, the JBoss EAP Management CLI is accessible from within the container for troubleshooting purposes.

First open a remote shell session to the running pod:
```
$ oc rsh <pod_name>
```
Then run the following from the remote shell session to launch the JBoss EAP Management CLI:
```
$ /opt/eap/bin/jboss-cli.sh
```

Warning

Any configuration changes made using the JBoss EAP Management CLI on a running container will be lost when the container restarts.

Making configuration changes to the JBoss EAP instance inside the JBoss EAP xPaaS image is different from the process you may be used to for a regular release of JBoss EAP.

2.2. Security in the OpenShift Decision Server xPaaS Image

Access is limited to users with the kie-server authorization role. A user with this role can be specified via the KIE_SERVER_USER and KIE_SERVER_PASSWORD environment variables.

Note

The HTTP/REST endpoint is configured to only allow the execution of KIE containers and querying of KIE Server resources. Administrative functions like creating or disposing Containers, updating ReleaseIds or Scanners, etc. are restricted. The JMS endpoint currently does not support these restrictions. In the future, more fine-grained security configuration should be available for both endpoints.

2.3. Version Compatibility and Support

See the xPaaS part of the OpenShift and Atomic Platform Tested Integrations page for details about OpenShift image version compatibility.

2.4. Initial Setup

The Tutorials in this guide follow on from and assume an OpenShift instance similar to that created in the OpenShift Primer.

Chapter 3. Get Started

3.1. Deployment Considerations for the Decision Server xPaaS Image

3.1.1. Configuring Keystores

The Decision Server image requires two keystores:

An SSL keystore to provide private and public keys for https traffic encryption
A JGroups keystore to provide private and public keys for network traffic encryption between nodes in the cluster

These keystores are expected by the Decision Server image, even if the application uses only http on a single-node OpenShift instance. Note that self-signed certificates do not provide secure communication and are intended for internal testing purposes.

Warning

For production environments Red Hat recommends that you use your own SSL certificate purchased from a verified Certificate Authority (CA) for SSL-encrypted connections (HTTPS).

See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.

3.1.2. Generating the Secret

OpenShift uses objects called Secrets to hold sensitive information, such as passwords or keystores. See the Secrets chapter in the OpenShift documentation for more information.

The Decision Server image requires a secret that holds the two keystores described earlier. This provides the necessary authorization to applications in the project.

Use the Java and JGroup keystore files to create a secret for the project:

$ oc create secret generic <rds-secret-name> --from-file=<jgroups.jceks> --from-file=<keystore.jks>

After the secret has been generated, it can be associated with a service account.

3.1.3. Creating the Service Account

The service account allows users to associate certain secrets and roles with applications in a project namespace. This provides the application with the necessary authorization to run with all required privileges.

Create a service account to be used for the Decision Server deployment:
```
$ oc create serviceaccount <service-account-name>
```
Add the view role to the service account. This enables the service account to view all the resources in the application namespace in OpenShift, which is necessary for managing the cluster.
```
$ oc policy add-role-to-user view system:serviceaccount:<project-name>:<service-account-name>
```

Add the secret created for the project to the service account:

$ oc secret add sa/<service-account-name> secret/<secret-name>

3.2. Preparing a JBoss BRMS Project Repository for OpenShift

3.2.1. Stateless Sessions

Note

The BRMS project must be configured to be stateless. OpenShift does not support stateful sessions on KIE servers.

A BRMS project running in JBoss BRMS could be configured to be stateless of stateful. A project that has already been deployed on a Decision Server xPaaS image will be configured to be stateless.

Ensuring a BRMS project is stateless:
The Knowledge Session (in the web console, Open Project Editor → Project Settings → Knowledge bases and sessions) displays whether the session is configured to be Stateless.

3.2.2. Configuring the Project Remote Repository

The project must be configured to use a remote repository so that BRMS can push changes and OpenShift can pull the repository to build the application. In the application repository files:

The pom.xml must be configured to use a remote repository so that OpenShift can access it.

...
<distributionManagement>
  <repository>
    <id>deployment</id>
    <name>OpenShift Maven repo</name>
    <url>http://maven.example/deployment/filepath/</url>
  </repository>

  <snapshotRepository>
    <id>deployment</id>
    <name>OpenShift Maven repo</name>
    <url>http://maven.example/snapshots/filepath/</url>
  </snapshotRepository>
</distributionManagement>
...

For more information, see the Red Hat JBoss BRMS Administration and Configuration Guide.

The configuration/settings.xml file must have the remote repository defined so that OpenShift can download the application artifacts.

...
<profiles>
  <profile>
    <id>openshift-mirror-repositories</id>
    <repositories>
      <repository>
        <id>openshift-mirror</id>
        <url>http://maven.example/public/filepath/</url>
      </repository>
    </repositories>

    <pluginRepositories>
      <pluginRepository>
        <id>openshift-mirror</id>
        <url>http://maven.example/public/filepath/</url>
      </pluginRepository>
    </pluginRepositories>
  </profile>
</profiles>
...

For more information, see the Red Hat JBoss BRMS Installation Guide.

The hidden .s2i/environment file defines the KIE container deployment, including which KIE jars to use and the location from which to retrieve them. When OpenShift deploys the built image, the pod name is derived from the deployment alias defined in this file:
```
KIE_CONTAINER_DEPLOYMENT=<alias>=<group_id>:<artifact_id>:<version>
```
For example:
```
KIE_CONTAINER_DEPLOYMENT=RulesTest=com.example.openshift:example_workflow:1.0
```
Note
Defining the container name here is necessary because the default behavior of the KIE server is to search for the default stateful session and fail if it does not find one.

3.3. Updating Rules

Each image is built from a snapshot of a specific Maven repository. When a new rule is added, or an existing rule modified, a new image must be created and deployed for the rule modifications to take effect.

Updating the Application
The KIE_CONTAINER_DEVELOPMENT_OVERRIDE variable can be used to explicitly override the KIE_CONTAINER_DEPLOYMENT variable set in the original deployment.
When an application has been modified and is ready to be deployed, include the updated version details for the KIE_CONTAINER_DEPLOYMENT_OVERRIDE variable in the .s2i/environment file. This can then be pushed to your repository to be built as an image.
Alternatively, start a binary build from the local repo:

$ oc start-build <RulesTest> --from-repo=</repository/filepath>

This sends the contents of the Git repository directly to OpenShift. If Incremental Builds has been configured, the new build pulls the image previously used, extracts the Maven repository for the new pod, and downloads the missing content.

3.3.1. Recreate Update Strategy

Use the Recreate Update Strategy for the Decision Server deployment. This update strategy automatically scales down the old deployment to 0 and deploys the new version. After the new version is validated, the new deployment is automatically scaled up to the replica size of the old deployment.

The Recreate update strategy supports Lifecycle Hooks and is set as the default update strategy in the Decision Server application templates.

Note

The Decision Server will be inactive during the Recreate update process, until the new deployment has been validated and scaled. During this period, REST clients may return 503 service unavailable errors and A-MQ clients may experience timeouts.

Important

The Rolling Update Strategy is not supported for the Decision Server xPaaS image. Although multiple concurrent versions of an application are supported in a deployment, a cluster can only support valid routing to pods of the same version.

3.4. Multiple Concurrent Versions

An application may contain multiple concurrent KIE containers of different versions. Each container has a classloader environment and a unique identifier. The unique identifier is one of either a container ID or a deployment ID, which are synonymous.

Multiple versions are deployed using the KIE_CONTAINER_DEPLOYMENT variable, specifying the <alias>=<group_id>:<artifact_id>:<version> for each version of the application, separated by a pipe ( | ) in the .s2i/environment file. For example:

KIE_CONTAINER_DEPLOYMENT=RulesTest=com.example.openshift:example_workflow:1.0|RulesTest=com.example.openshift:example_workflow:1.1

creates the following:

KIE_CONTAINER_DEPLOYMENT=RulesTest=com.example.openshift:example_workflow:1.0|RulesTest=com.example.openshift:example_workflow:1.1
KIE_CONTAINER_DEPLOYMENT_ORIGINAL:
KIE_CONTAINER_DEPLOYMENT_OVERRIDE: RulesTest=com.example.openshift:example_workflow:1.0|RulesTest=com.example.openshift:example_workflow:1.1
KIE_CONTAINER_DEPLOYMENT_COUNT: 2
KIE_CONTAINER_ID_0: df729302a0b7293c0729384710dd82a1
KIE_CONTAINER_KJAR_GROUP_ID_0: com.example.openshift
KIE_CONTAINER_KJAR_ARTIFACT_ID_0: example_workflow
KIE_CONTAINER_KJAR_VERSION_0: 1.0
KIE_CONTAINER_ID_1: 01932fc2931b02cb042ab29d9fc82a8a
KIE_CONTAINER_KJAR_GROUP_ID_1: com.example.openshift
KIE_CONTAINER_KJAR_ARTIFACT_ID_1: example_workflow
KIE_CONTAINER_KJAR_VERSION_1: 1.0
KIE_CONTAINER_REDIRECT_ENABLED: true

or, as represented in XML format:

<kie-server-state>
  <containers>
    <container>
      <containerId>df729302a0b7293c0729384710dd82a1</containerId>
      <releaseId>
        <groupId>com.example.openshift</groupId>
        <artifactId>example_workflow</artifactId>
        <version>1.0</version>
      </releaseId>
      <status>STARTED</status>
      <configItems/>
      <messages/>
    </container>
    <container>
      <containerId>01932fc2931b02cb042ab29d9fc82a8a</containerId>
      <releaseId>
        <groupId>com.example.openshift</groupId>
        <artifactId>example_workflow</artifactId>
        <version>1.1</version>
      </releaseId>
      <status>STARTED</status>
      <configItems/>
      <messages/>
    </container>
  </containers>
</kie-server-state>

Important

To deploy multiple concurrent versions, the KIE_CONTAINER_REDIRECT_ENABLED variable must be set to true. This variable defaults to true and only needs to be explicitly included in the .s2i/environment file if setting to false.

The KIE_CONTAINER_REDIRECT_ENABLED variable enables override of the container ID. When set to true, a unique md5 sum hash is generated from the <alias>=<group_id>:<artifact_id>:<version> for each version of the application. It also enables alias redirection so that client requests using the deployment alias are redirected to the container of the correct version.

If set to false, the deployment alias is used as the container ID and multiple concurrent versions are not possible. If multiple versions of an application are specified for KIE_CONTAINER_DEPLOYMENT, and KIE_CONTAINER_REDIRECT_ENABLED is set to false, only the latest version of the application will be deployed and alias redirection will be disabled.

Changing the KIE_CONTAINER_REDIRECT_ENABLED variable in the .s2i/environment file of a running application generates a new container ID for the running application, which may make it incompatible with any clients using the old container ID.

3.4.1. Container ID

The container ID is an md5 sum hash generated from the <alias>=<group_id>:<artifact_id>:<version> of the application, and is used for client communication. In the case of multiple versions, each version of the application will have a unique container ID, but share the deployment alias name.

3.4.2. Adding, Overriding, or Updating Multiple Versions of the Application

If an application has already been deployed, use the KIE_CONTAINER_DEPLOYMENT_OVERRIDE variable in the .s2i/environment file, and specify the <alias>=<group_id>:<artifact_id>:<version> for each version of the application to override the KIE_CONTAINER_DEPLOYMENT variable in the json application template. This is useful for preserving older versions of an application that are still in use.

For example, The RulesTest application example:

KIE_CONTAINER_DEPLOYMENT=RulesTest=com.example.openshift:example_workflow:1.0

To maintain this version of the application, but to add an updated version, update the .s2i/environment file:

KIE_CONTAINER_DEPLOYMENT_OVERRIDE=RulesTest=com.example.openshift:example_workflow:1.0|RulesTest=com.example.openshift:example_workflow:1.1

See Example Workflow: Deploying an Updated Version Concurrently with Original Application for an example on deploying an updated application alongside the older version.

3.4.3. Request Targeting for Multiple Versions

In most cases, clients must target a particular container by name to execute server-side functions. This can be done by specifying the full deployment name, the container ID hash, or the deployment alias.

For example:

Full Deployment Name: RulesTest=com.example.openshift:example_workflow:1.0
Container ID Hash: df729302a0b7293c0729384710dd82a1
Deployment Alias: RulesTest

Specifying either the full deployment name or the container ID targets the appropriate container. Specifying the deployment alias, which is used by all the containers in the KIE server, requires a multi-stage resolution process to target the correct version container.

3.4.4. Alias Redirection

In a multi-version deployment, all applications share the same deployment alias. Requests that use the deployment alias of the application require a resolution process in order to redirect the request to the container of the correct version.

Resolution Process Hierarchy

The multi-stage resolution process depends on the method invoked by the client, and the ID associated with the request:

Process Hierarchy (in descending order):

Conversation ID
Default Container ID

Clients

Multiple clients can be used to invoke the server, depending on the client interaction type:

Client	Interaction
KIE interaction	org.kie.server.client.KieServicesClient
Decision Server interaction	org.kie.server.client.RuleServicesClient

Conversation ID

A conversation represents interactions between KIE Services java clients and the server. When a client initiates a conversation, the response from the server includes an encoded multi-part heading. The client will then use this heading in subsequent requests to the server. This conversation header contains the conversation ID, which is used by the Servlet Filter in the REST interface, or the EJB Interceptor in the JMS interface, to determine the correct version of the application to invoke.

Default Container ID

If a specific container ID cannot be resolved, the default container ID is determined as the application with the latest version (based on <alias>=<group_id>:<artifact_id>:<version>).

3.5. Running and Configuring the Decision Server xPaaS Image

You can make changes to the Decision Server configuration in the xPaaS image using either the S2I templates, or by using a modified Decision Server image.

3.5.1. Using the Decision Server xPaaS Image Source-to-Image (S2I) Process

The recommended method to run and configure the OpenShift Decision Server xPaaS image is to use the OpenShift S2I process together with the application template parameters and environment variables.

The S2I process for the Decision Server xPaaS image works as follows:

If there is a pom.xml file in the source repository, a Maven build is triggered with the contents of $MAVEN_ARGS environment variable.
- By default, the package goal is used with the openshift profile, including the system properties for skipping tests (-DskipTests) and enabling the Red Hat GA repository (-Dcom.redhat.xpaas.repo.redhatga).
The results of a successful Maven build are installed into the local Maven repository, /home/jboss/.m2/repository/, along with all dependencies for offline usage. The Decision Server xPaaS Image will load the created kjars from this local repository.
- In addition to kjars resulting from the Maven build, any kjars found in the deployments source directory will also be installed into the local Maven repository. Kjars do not end up in the EAP_HOME/standalone/deployments/ directory.
Any JAR (that is not a kjar), WAR, and EAR in the deployments source repository directory will be copied to the EAP_HOME/standalone/deployments directory and subsequently deployed using the JBoss EAP deployment scanner.
All files in the configuration source repository directory are copied to EAP_HOME/standalone/configuration.
Note
If you want to use a custom JBoss EAP configuration file, it should be named standalone-openshift.xml.
All files in the modules source repository directory are copied to EAP_HOME/modules.

3.5.2. Using a Modified Decision Server xPaaS Image

An alternative method is to make changes to the image, and then use that modified image in OpenShift. The templates currently provided, along with the interfaces they support, are listed below:

Table 3.1. Provided Templates

Template Name	Supported Interfaces
*decisionserver63-basic-s2i.json*	http-rest, jms-hornetq
*decisionserver63-https-s2i.json*	http-rest, https-rest, jms-hornetq
*decisionserver63-amq-s2i.json*	http-rest, https-rest, jms-activemq

You can run the Decision Server xPaaS image in Docker, make the required configuration changes using the JBoss EAP Management CLI (EAP_HOME/bin/jboss-cli.sh) included in the Decision Server xPaaS image, and then commit the changed container as a new image. You can then use that modified image in OpenShift.

Important

It is recommended that you do not replace the OpenShift placeholders in the JBoss EAP xPaaS configuration file, as they are used to automatically configure services (such as messaging, datastores, HTTPS) during a container’s deployment. These configuration values are intended to be set using environment variables.

Note

Ensure that you follow the guidelines for creating images.

Chapter 4. Tutorials

4.1. Example Workflow: Deploying BRMS Application on Decision Server xPaaS

This tutorial prepares a BRMS application to be deployed as Decision Server xPaaS image. The BRMS application may require modification to be deployed as an image.

Preparing the Application
The BRMS project must be configured to have a stateless knowledge session, use a remote repository, and have defined KIE container deployment.
Refer to the Red Hat JBoss BRMS User Guide for more information on any of these tasks.

Log in to the BRMS console and edit the project settings in the Project Explorer.
Click Open Project Editor and in the Project Settings:
1. Under Knowledge bases and sessions, ensure that the Knowledge Session is set to Stateless. OpenShift does not support stateful sessions on KIE servers.
2. Using Repository View, ensure the pom.xml is configured to use a remote repository by containing xml similar to the following:
```
...
<distributionManagement>
  <repository>
    <id>deployment</id>
    <name>OpenShift Maven repo</name>
    <url>http://maven.example/content/repo/deployments/</url>
  </repository>

  <snapshotRepository>
    <id>deployment</id>
    <name>OpenShift Maven repo</name>
    <url>http://maven.example.xas/content/repo/snapshots/</url>
  </snapshotRepository>
</distributionManagement>
...
```
  For more information, see the Red Hat JBoss BRMS Administration and Configuration Guide.
In the application’s repository, ensure the settings.xml and the .s2i/environment files define the Maven repository and the KIE container deployment respectively:
1. The Maven repository should be defined in the settings.xml so that OpenShift can download the application artefacts. It should contain xml similar to the following:
```
...
<profiles>
  <profile>
    <id>openshift-mirror-repositories</id>
    <repositories>
      <repository>
        <id>openshift-mirror</id>
        <url>http://maven.example/content/group/public/</url>
      </repository>
    </repositories>

    <pluginRepositories>
      <pluginRepository>
        <id>openshift-mirror</id>
        <url>http://maven.example/content/group/public/</url>
      </pluginRepository>
    </pluginRepositories>
  </profile>
</profiles>
...
```
  For more information, see the Red Hat JBoss BRMS Installation Guide.
2. The .s2i/environment file must define the KIE container deployment, including which KIE jars to use and the location from which to retrieve them. The pod name is derived from the deployment alias, which is defined as DemoContainer in this example:
```
KIE_CONTAINER_DEPLOYMENT_OVERRIDE=DemoContainer=com.example.openshift:example_workflow:1.0
```

4.1.1. Preparing Decision Server Deployment

Create a new project:
```
$ oc new-project rds-app-demo
```
Create a service account to be used for the deployment of the Decision Server application:
```
$ oc create serviceaccount rds-service-account
```
Add the view role to the service account. This enables the service account to view all the resources in the rds-app-demo namespace, which is necessary for managing the cluster.
```
$ oc policy add-role-to-user view system:serviceaccount:rds-app-demo:rds-service-account
```
The Decision Server template requires an SSL keystore and a JGroups keystore.
These keystores are expected even if the application will not use https.
This example uses ‘keytool’, a package included with the Java Development Kit, to generate self-signed certificates for these keystores. The following commands will prompt for passwords.
1. Generate a secure key for the SSL keystore:
```
$ keytool -genkeypair -alias https -storetype JKS -keystore keystore.jks
```
2. Generate a secure key for the JGroups keystore:
```
$ keytool -genseckey -alias jgroups -storetype JCEKS -keystore jgroups.jceks
```

Use the SSL and JGroup keystore files to create the secret for the project:

$ oc create secret generic rds-app-secret --from-file=jgroups.jceks --from-file=keystore.jks

Add the secret to the service account created earlier:

$ oc secret add sa/rds-service-account secret/rds-app-secret

4.1.2. Deployment

Log in to the OpenShift web console and select the rds-app-demo project space.
Click Add to Project to list all of the default image streams and templates.
Use the Filter by keyword search bar to limit the list to those that match decisionserver. You may need to click See all to show the desired application template.
Select and configure the desired template and click Deploy.

During the build, the Maven repository is downloaded and build into the container so that no additional packages or dependencies are downloaded at runtime.

The application is available once the pod is running. To connect to the Decision Server web console, navigate to the pod and click Open Java Console button.

4.2. Example Workflow: Deploying an Upgraded Version Concurrently with Original Application

This example workflow follows on from Example Workflow: Deploying BRMS Application on Decision Server xPaaS, in which the 1.0 version of the example_workflow artifact was deployed with a deployment alias of DemoContainer. This example deploys a 1.1 version of the of the example_workflow artifact alongside the 1.0 version so that both versions of the example_workflow artifact are running simultaneously, both with the DemoContainer deployment alias.

Update the repository with the new version of the server.
Edit the .s2i/environment file for the application:
1. Change the KIE_CONTAINER_DEPLOYMENT variable to KIE_CONTAINER_DEPLOYMENT_OVERRIDE
2. Add the new version to the end of the value string, separated from the older version with a pipe.
```
KIE_CONTAINER_DEPLOYMENT_OVERRIDE=DemoContainer=com.example.openshift:example_workflow:1.0|DemoContainer=com.example.openshift:example_workflow:1.1
```
Save the changes.
If the project has GitHub Webhooks configured, the new version will be deployed automatically alongside the older running applicaiton. Otherwise it can be manually built:
```
$ oc start-build rds-app-demo
```

Once the build has completed, the two different versions of the application will be running simultaneously using the same deployment alias. See Request Targeting for Multiple Versions for more information on how client requests are redirected to the correct version of the application.

4.3. Example Workflow: Deploying BRMS Application on Openshift with Webhooks Enabled for Automatic Application Updates

This workflow details how to configure BRMS, GitHub, and OpenShift to have your configuration changes automatically push to OpenShift. This example covers:

Setting up a forked GitHub repository
Cloning the repository
Creating a hook in JBoss Decision Server to automatically update the GitHub repository
Modifying the example JBoss Decision Server rules
Creating a Decision Service on OpenShift
Improving OpenShift build times using Maven
Integrating the Maven Proxy
Configuring the OpenShift webhook to automatically update the decision service OpenShift whenever a code change occurs in the GitHub repository
Testing the configured service and hooks

Note

Make sure you are running Red Hat JBoss BRMS on your local machine.

4.3.1. Forking the Repository

Visit the Decision Server example page while you are logged in to GitHub.
Fork the repository.
You are redirected to your new fork.
Copy the HTTPS clone URL for your fork.

This Decision Server example receives a name, and if it matches the user name specified as master in the rules file, then the user is recognized and greeted as the master user. If the name does not match, then the user is recognized as an intruder.

4.3.2. Cloning the Repository

From the Red Hat JBoss BRMS workbench:

From the File Explorer, click Authoring → Administration.
Click Repositories → Clone repository.
Type the Repository Name decision-services.
Select an Organizational Unit.
Type in the HTTPS clone URL of your forked Git repository: https://github.com/<Your_Github_Username>/decisionserver.git
Click Clone.
Once cloned, the repository displays the commit history.

4.3.3. Creating a Hook to Automate GitHub Updates

To make Red Hat JBoss BRMS automatically update your GitHub repository any time a file in this project changes:

Note

You must have SSH key access configured for GitHub before following these steps.

From the command line, navigate into the /.niogit directory in the project you forked earlier:
```
$ cd EAPHOME/bin/.niogit/decision-services.git
```
The path above is the default, which may differ depending on where the workbench has been configured to store its data. This location is set using the org.uberfire.nio.git.dir system property.

Set the remote URL for this project:

$ git remote set-url origin git@github.com:/decisionserver

Navigate into the hooks directory:
```
$ cd hooks
```
Create a simple post-commit file:
```
$ touch post-commit
```
Edit the file and type the following:
```
#!/bin/sh

git push origin master
```
Save your changes and exit the file.
Change the permissions on the file to allow BRMS the access it requires:
```
$ chmod 777 post-commit
```
The hook is now configured, meaning that any change to the files in this BRMS project will automatically update your forked decisionserver GitHub repository.

4.3.4. Modifying the Example Decision Server Rules

From the Red Hat JBoss BRMS workbench:

Click Authoring → Project authoring.

Under DRL, click to load the HelloRules.drl file:

package org.openshift.quickstarts.decisionserver.hellorules

query "get greeting"()
    greeting : Greeting()
end

rule "greet master"
    when
        person : Person( name == "john")
    then
        String salutation = "Hello " + person.getName() + "! What can I help you with today?";
        insert(new Greeting(salutation));
end
rule "greet strangers"
    when
        person : Person(name != "john")
    then
        String salutation = "Hey there " + person.getName() + ". I don't think I know you yet!";
        insert(new Greeting (salutation));
end

Modify the lines with john by replacing them with your user name.
Click Save, type a check in comment, and click Save again.
The hook you created earlier will automatically update your forked GitHub repository with these saved changes.

4.3.5. Creating a Decision Service on OpenShift

From the OpenShift web console:

Log in using the username and password recommended to you by your administrator.
To create a new project, click New Project.
Type a unique name, display name, and description for the new project.
Click Create.
The web console’s welcome screen loads.
Click Add to Project.
In the Filter by keyword field, start typing decision to see the available xPaaS templates related to Decision Server.
Click the decisionserver63-basic-s2i template.
In the Parameters section, change the KIE_SERVER_PASSWORD to the password to access the KIE Server REST or JMS interface.
Change the SOURCE_REPOSITORY_URL to the Git source URI for your forked repository. For example:
```
https://github.com/<your_github_username>/decisionserver.git
```
Change the SOURCE_REPOSITORY_REF to master.
Change the CONTEXT_DIR to greeting.
Scroll to the bottom of the page and click Create.

While your application builds, you can click View Log from the Overview page to see the build progress.

4.3.6. Improving Build Time Using Maven

Follow the details in this OpenShift blog post to configure the Maven proxy, which improves the build times of java builds on OpenShift.

4.3.7. Integrating the Maven Proxy

To change the build configuration so that it uses the Maven proxy, complete the following from the OpenShift web console:

Click Browse → Builds → <your_application>
Click the three vertical dots next to Start Build and then click Edit (Raw).

Add the MAVEN_MIRROR_URL environment variable below the KIE_CONTAINER_DEPLOYMENT variable:

strategy
 sourceStrategy:
  env:
   -
    name: KIE_CONTAINER_DEPLOYMENT
    value: 'HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final'
   -
    name: MAVEN_MIRROR_URL
    value: 'http://nexus-ci.cloudapps.bos.openshift3roadshow.com/content/groups/public/'

The value for MAVEN_MIRROR_URL can be found in Maven by viewing the repositories, then copying the path for the Public Repositories group.

Click Save.
Click the Configuration tab of your build to verify that MAVEN_MIRROR_URL is actively listed under Environment Variables.

Now that you have Maven configured for this OpenShift project, the build process will be shorter for all future builds. This is because subsequent builds only need to download updated files, which are then combined with the previously loaded files.

4.3.8. Test the Service

After integrating the Maven proxy, you can test that service is working and see how quickly the build process completes compared to previous builds. From the OpenShift web console:

Click Browse → Builds → <your_application>
Click Start Build.
In the list at the bottom of the screen, click the new build you just started.
Click the Logs tab, then click Follow.

Verify that the new build is using the new Maven proxy to download locally by finding the line in the log that references Downloading. For example:

I0130 12:32:25.664594     1 sti.go:492] Downloading: http://nexus-ci.cloudapps.openshift.com/content/groups/public/org/kie/kie-maven-plugin/6.3.0.Final-redhat-5/kie-maven-plugin-6.3.0.Final-redhat-5.pom

When the build is complete, you can check the new build time against the previous build by clicking Browse → Builds → <your_application> and viewing the summary. The newest build will be considerably shorter with the Maven proxy in use.
Click Overview to see the status of the pod. It displays a Not Ready status while it is checked with readiness probes.
Click Browse → Pods to follow its progress. The status of the Containers Ready column will change to 1/1 when the pod has passed the readiness probes.

4.3.9. Configure the OpenShift Webhook

From the OpenShift web console:

Click the Browse tab, then click Builds.
Click your build name, then click the Configuration tab.
Click the copy icon next to GitHub webhook URL to copy your webhook payload URL.
Navigate to your forked repository on GitHub, then click Settings.
Click Webhooks & Services.
Click Add webhook.
Paste your webhook URL into the Payload URL field.
Click Disable SSL verification, then confirm it in the pop-up window.
Click Add webhook to save.

Github pings the OpenShift server to ensure communication is successful. A green check mark next to the webhook URL signifies that it is configured correctly. Hover your cursor over the check mark to view the status of the last ping.

The next time you push a code change to your forked repository, your application will automatically rebuild.

4.3.10. Testing the Configured Hooks

From the Red Hat JBoss BRMS workbench:

Load the HelloRules.drl file:

package org.openshift.quickstarts.decisionserver.hellorules

query "get greeting"()
    greeting : Greeting()
end

rule "greet master"
    when
        person : Person( name == "john")
    then
        String salutation = "Hello " + person.getName() + "! What can I help you with today?";
        insert(new Greeting(salutation));
end
rule "greet strangers"
    when
        person : Person(name != "john")
    then
        String salutation = "Hey there " + person.getName() + ". I don't think I know you yet!";
        insert(new Greeting (salutation));
end

Modify the String salutation line by changing At your service my master to something else.
Click Save, type a check-in comment, and click Save again.

The hook that you created earlier updates your forked GitHub repository, and then the GitHub webhook triggers a new build in OpenShift.

With this configuration, you need only save your configuration changes on the Red Hat JBoss BRMS workbench, and the rest of the process is completely automated.

Chapter 5. Reference

5.1. Application Template Parameters

Variable	Description
APPLICATION_NAME	The name for the application (required).
KIE_CONTAINER_DEPLOYMENT	The KIE Containers to deploy (required). Example: containerId=groupId:artifactId:version
MYSQL_LOWER_CASE_TABLE_NAMES	Sets how the table names are stored and compared.
AMQ_SECRET	The name of a secret containing SSL related files. If no value is specified, a random password is generated.
SOURCE_REPOSITORY_URL	Git source URI for application.
SOURCE_REPOSITORY_REF	Git branch/tag reference.
CONTEXT_DIR	Path within Git project to build; empty for root project directory.
KIE_SERVER_USER	The user name to access the KIE Server REST or JMS interface.
KIE_SERVER_PASSWORD	The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).

5.2. Endpoints

Clients can access the Decision Server xPaaS Image via multiple endpoints; by default the provided templates include support for REST, HornetQ, and ActiveMQ.

5.2.1. REST

Clients can use the REST API in various ways:

5.2.1.1. Browser

Current server state: http://host/kie-server/services/rest/server
List of containers: http://host/kie-server/services/rest/server/containers
Specific container state: http://host/kie-server/services/rest/server/containers/HelloRulesContainer

5.2.1.2. Java

// HelloRulesClient.java
KieServicesConfiguration config = KieServicesFactory.newRestConfiguration(
  "http://host/kie-server/services/rest/server", "kieserverUser", "kieserverPassword");
config.setMarshallingFormat(MarshallingFormat.XSTREAM);
RuleServicesClient client =
  KieServicesFactory.newKieServicesClient(config).getServicesClient(RuleServicesClient.class);
ServiceResponse<String> response = client.executeCommands("HelloRulesContainer", myCommands);

5.2.1.3. Command Line

# request.sh
#!/bin/sh
curl -X POST \
  -d @request.xml \
  -H "Accept:application/xml" \
  -H "X-KIE-ContentType:XSTREAM" \
  -H "Content-Type:application/xml" \
  -H "Authorization:Basic a2llc2VydmVyOmtpZXNlcnZlcjEh" \
  -H "X-KIE-ClassType:org.drools.core.command.runtime.BatchExecutionCommandImpl" \
http://host/kie-server/services/rest/server/containers/instances/HelloRulesContainer

<!-- request.xml -->
<batch-execution lookup="HelloRulesSession">
  <insert>
    <org.openshift.quickstarts.decisionserver.hellorules.Person>
      <name>errantepiphany</name>
    </org.openshift.quickstarts.decisionserver.hellorules.Person>
  </insert>
  <fire-all-rules/>
  <query out-identifier="greetings" name="get greeting"/>
</batch-execution>

5.2.2. JMS

Client can also use the Java Messaging Service, as demonstrated below:

5.2.2.1. Java (HornetQ)

// HelloRulesClient.java
Properties props = new Properties();
props.setProperty(Context.INITIAL_CONTEXT_FACTORY,
  "org.jboss.naming.remote.client.InitialContextFactory");
props.setProperty(Context.PROVIDER_URL, "remote://host:4447");
props.setProperty(Context.SECURITY_PRINCIPAL, "kieserverUser");
props.setProperty(Context.SECURITY_CREDENTIALS, "kieserverPassword");
InitialContext context = new InitialContext(props);
KieServicesConfiguration config =
  KieServicesFactory.newJMSConfiguration(context, "hornetqUser", "hornetqPassword");
config.setMarshallingFormat(MarshallingFormat.XSTREAM);
RuleServicesClient client =
  KieServicesFactory.newKieServicesClient(config).getServicesClient(RuleServicesClient.class);
ServiceResponse<String> response = client.executeCommands("HelloRulesContainer", myCommands);

5.2.2.2. Java (ActiveMQ)

// HelloRulesClient.java
props.setProperty(Context.INITIAL_CONTEXT_FACTORY,
  "org.apache.activemq.jndi.ActiveMQInitialContextFactory");
props.setProperty(Context.PROVIDER_URL, "tcp://host:61616");
props.setProperty(Context.SECURITY_PRINCIPAL, "kieserverUser");
props.setProperty(Context.SECURITY_CREDENTIALS, "kieserverPassword");
InitialContext context = new InitialContext(props);
ConnectionFactory connectionFactory = (ConnectionFactory)context.lookup("ConnectionFactory");
Queue requestQueue = (Queue)context.lookup("dynamicQueues/queue/KIE.SERVER.REQUEST");
Queue responseQueue = (Queue)context.lookup("dynamicQueues/queue/KIE.SERVER.RESPONSE");
KieServicesConfiguration config = KieServicesFactory.newJMSConfiguration(
  connectionFactory, requestQueue, responseQueue, "activemqUser", "activemqPassword");
config.setMarshallingFormat(MarshallingFormat.XSTREAM);
RuleServicesClient client =
  KieServicesFactory.newKieServicesClient(config).getServicesClient(RuleServicesClient.class);
ServiceResponse<String> response = client.executeCommands("HelloRulesContainer", myCommands);

5.3. Troubleshooting

In addition to viewing the OpenShift logs, you can troubleshoot a running Decision Server xPaaS Image container by viewing its logs. These are outputted to the container’s standard out, and are accessible with the following command:

$ oc logs -f <pod_name>

Note

By default, the OpenShift Decision Server xPaaS image does not have a file log handler configured. Logs are only sent to the container’s standard out.