Chapter 2. Preparing to deploy Red Hat Process Automation Manager in your OpenShift environment

Procedure

1. Determine whether Red Hat OpenShift Container Platform is configured with the user name and password for Red Hat registry access. For details about the required configuration, see Configuring a Registry Location. If you are using an OpenShift Online subscription, it is configured for Red Hat registry access.

2. If Red Hat OpenShift Container Platform is configured with the user name and password for Red Hat registry access, run the following commands:

   $ oc get imagestreamtag -n openshift | grep rhpam73-businesscentral
   $ oc get imagestreamtag -n openshift | grep rhpam73-kieserver

   Copy to Clipboard Toggle word wrap

   If the outputs of both commands are not empty, the required image streams are available in the openshift namespace and no further action is required.

3. If the output of one or both of the commands is empty or if OpenShift is not configured with the user name and password for Red Hat registry access, complete the following steps:

   1. Ensure you are logged in to OpenShift with the oc command and that your project is active.
   2. Complete the steps documented in Registry Service Accounts for Shared Environments. You must log in to Red Hat Customer Portal to access the document and to complete the steps to create a registry service account.
   3. Select the OpenShift Secret tab and click the link under Download secret to download the YAML secret file.
   4. View the downloaded file and note the name that is listed in the name: entry.

   5. Run the following commands:

      oc create -f <file_name>.yaml
      oc secrets link default <secret_name> --for=pull
      oc secrets link builder <secret_name> --for=pull

      Copy to Clipboard Toggle word wrap

      Where <file_name> is the name of the downloaded file and <secret_name> is the name that is listed in the name: entry of the file.

   6. Download the rhpam-7.3.0-openshift-templates.zip product deliverable file from the Software Downloads page and extract the rhpam73-image-streams.yaml file.

   7. Complete one of the following actions:

      • Run the following command:

        $ oc create -f rhpam73-image-streams.yaml

        Copy to Clipboard Toggle word wrap

      • Using the OpenShift Web UI, select Add to Project Import YAML / JSON and then choose the file or paste its contents.

        Note

        If you complete these steps, you install the image streams into the namespace of your project. If you install the image streams using these steps, you must set the IMAGE_STREAM_NAMESPACE parameter to the name of this project when deploying templates.

Procedure

1. Generate an SSL keystore with a private and public key for SSL encryption for Process Server. In a production environment, generate a valid signed certificate that matches the expected URL of the Process Server. Save the keystore in a file named keystore.jks. Record the name of the certificate and the password of the keystore file.

   For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

2. Use the oc command to generate a secret named kieserver-app-secret from the new keystore file:

   $ oc create secret generic kieserver-app-secret --from-file=keystore.jks

   Copy to Clipboard Toggle word wrap

Procedure

1. Generate an SSL keystore with a private and public key for SSL encryption for Business Central. In a production environment, generate a valid signed certificate that matches the expected URL of the Business Central. Save the keystore in a file named keystore.jks. Record the name of the certificate and the password of the keystore file.

   For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

2. Use the oc command to generate a secret named businesscentral-app-secret from the new keystore file:

   $ oc create secret generic businesscentral-app-secret --from-file=keystore.jks

   Copy to Clipboard Toggle word wrap

Procedure

1. To check whether your environment uses GlusterFS, run the following command:

   oc get storageclass

   Copy to Clipboard Toggle word wrap

   In the results, check whether the (default) marker is on the storage class that lists glusterfs. For example, in the following output the default storage class is gluster-container, which does list glusterfs:

   NAME              PROVISIONER                       AGE
   gluster-block     gluster.org/glusterblock          8d
   gluster-container (default) kubernetes.io/glusterfs 8d

   Copy to Clipboard Toggle word wrap

   If the result has a default storage class that does not list glusterfs or if the result is empty, you do not need to make any changes. In this case, skip the rest of this procedure.

2. To save the configuration of the default storage class into a YAML file, run the following command:

   oc get storageclass <class-name> -o yaml >storage_config.yaml

   Copy to Clipboard Toggle word wrap

   Replace <class-name> with the name of the default storage class. For example:

   oc get storageclass gluster-container -o yaml >storage_config.yaml

   Copy to Clipboard Toggle word wrap

3. Edit the storage_config.yaml file:

   1. Remove the lines with the following keys:

      • creationTimestamp
      • resourceVersion
      • selfLink
      • uid

   2. On the line with the volumeoptions key, add the following two options: features.cache-invalidation on, performance.nl-cache on. For example:

      volumeoptions: client.ssl off, server.ssl off, features.cache-invalidation on, performance.nl-cache on

      Copy to Clipboard Toggle word wrap

4. To remove the existing default storage class, run the following command:

   oc delete storageclass <class-name>

   Copy to Clipboard Toggle word wrap

   Replace <class-name> with the name of the default storage class. For example:

   oc delete storageclass gluster-container

   Copy to Clipboard Toggle word wrap

5. To re-create the storage class using the new configuration, run the following command:

   oc create -f storage_config.yaml

   Copy to Clipboard Toggle word wrap

Procedure

1. For IBM DB2, Oracle Database, or Sybase, provide the JDBC driver JAR in a local directory or on an HTTP server. Within the local directory or HTTP server, the following paths are expected:

   • For IBM DB2, <local_path_or_url>/com/ibm/db2/jcc/db2jcc4/10.5/db2jcc4-10.5.jar
   • For Oracle Database, <local_path_or_url>/com/oracle/ojdbc7/12.1.0.1/ojdbc7-12.1.0.1.jar

   • For Sybase, <local_path_or_url>/com/sysbase/jconn4/16.0_PL05/jconn4-16.0_PL05.jar

     Where <local_path_or_url> is the path to the local directory or the URL for the HTTP server where the driver is provided.

2. To install the source code for the custom build, download the rhpam-7.3.0-openshift-templates.zip product deliverable file from the Software Downloads page. Unzip the file and, using the command line, change to the templates/contrib/jdbc directory of the unzipped file.

3. Change to the following subdirectory:

   • For Microsoft SQL Server, mssql-driver-image
   • For MariaDB, mariadb-driver-image
   • For IBM DB2, db2-driver-image
   • For Oracle Database, oracle-driver-image
   • For Sybase, sybase-driver-image

4. Run the following command:

   • For Microsoft SQL Server or MariaDB:

   ../build.sh

   Copy to Clipboard Toggle word wrap
   • For IBM DB2, Oracle Database, or Sybase:

   ../build.sh --artifact-repo=<local_path_or_url>

   Copy to Clipboard Toggle word wrap

   Where <local_path_or_url> is the path to the local directory or the URL for the HTTP server where the driver is provided. For example:

   ../build.sh --artifact-repo=/home/builder/drivers
   ../build.sh --artifact-repo=http://nexus.example.com/nexus/content/groups/public

   Copy to Clipboard Toggle word wrap

   If you want to configure your OpenShift docker registry address in the process, add also the --registry=<registry_name.domain_name:port> parameter to your build command.

   Examples:

   ../build.sh --registry=docker-registry.custom-domain:80
   
   ../build.sh --artifact-repo=/home/builder/drivers --registry=docker-registry.custom-domain:80

   Copy to Clipboard Toggle word wrap

Procedure

1. Use the following command to extract the source code:

   git clone ssh://adminUser@business-central-host:8001/MySpace/MyProject

   Copy to Clipboard Toggle word wrap

   Replace:

   • adminUser with the administrative user for Business Central
   • business-central-host with the host on which Business Central is running
   • MySpace with the name of the Business Central space in which the project is located
   • MyProject with the name of the project
2. Upload the source code to another Git repository for the S2I build.

Procedure

1. Prepare a Maven release repository to which you can write. The repository must allow read access without authentication. Your OpenShift environment must have access to this repository. You can deploy a Nexus repository manager in the OpenShift environment. For instructions about setting up Nexus on OpenShift, see Setting up Nexus.

2. Complete the following actions on a computer that has an outgoing connection to the public Internet:

   1. Clear the local Maven cache directory (~/.m2/repository).
   2. Build the source of your services using the mvn clean install command.
   3. Upload all artifacts from the local Maven cache directory (~/.m2/repository) to the Maven repository that you prepared. You can use the Maven Repository Provisioner utility to upload the artifacts.