Chapter 2. Preparing to deploy Red Hat Process Automation Manager in your OpenShift environment

Procedure

1. Ensure you are logged in to OpenShift with the oc command and that your project is active.
2. Complete the steps documented in Registry Service Accounts for Shared Environments. You must log in to Red Hat Customer Portal to access the document and to complete the steps to create a registry service account.
3. Select the OpenShift Secret tab and click the link under Download secret to download the YAML secret file.
4. View the downloaded file and note the name that is listed in the name: entry.

5. Run the following commands:

   oc create -f <file_name>.yaml
   oc secrets link default <secret_name> --for=pull
   oc secrets link builder <secret_name> --for=pull

   Replace <file_name> with the name of the downloaded file and <secret_name> with the name that is listed in the name: entry of the file.

Procedure

1. Generate an SSL keystore with a private and public key for SSL encryption for KIE Server. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for KIE Server.

2. Save the keystore in a file named keystore.jks.
3. Record the name of the certificate. The default value for this name in Red Hat Process Automation Manager configuration is jboss.
4. Record the password of the keystore file. The default value for this name in Red Hat Process Automation Manager configuration is mykeystorepass.

5. Use the oc command to generate a secret named kieserver-app-secret from the new keystore file:

   $ oc create secret generic kieserver-app-secret --from-file=keystore.jks

Procedure

1. Generate an SSL keystore with a private and public key for SSL encryption for Business Central. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for Business Central.

2. Save the keystore in a file named keystore.jks.
3. Record the name of the certificate. The default value for this name in Red Hat Process Automation Manager configuration is jboss.
4. Record the password of the keystore file. The default value for this name in Red Hat Process Automation Manager configuration is mykeystorepass.

5. Use the oc command to generate a secret named businesscentral-app-secret from the new keystore file:

   $ oc create secret generic businesscentral-app-secret --from-file=keystore.jks

Procedure

1. Generate an SSL keystore with a private and public key for SSL encryption for the AMQ broker connection. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for the AMQ broker connection.

2. Save the keystore in a file named keystore.jks.
3. Record the name of the certificate. The default value for this name in Red Hat Process Automation Manager configuration is jboss.
4. Record the password of the keystore file. The default value for this name in Red Hat Process Automation Manager configuration is mykeystorepass.

5. Use the oc command to generate a secret named broker-app-secret from the new keystore file:

   $ oc create secret generic broker-app-secret --from-file=keystore.jks

Procedure

1. Generate an SSL keystore with a private and public key for SSL encryption for Smart Router. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for Smart Router.

2. Save the keystore in a file named keystore.jks.
3. Record the name of the certificate. The default value for this name in Red Hat Process Automation Manager configuration is jboss.
4. Record the password of the keystore file. The default value for this name in Red Hat Process Automation Manager configuration is mykeystorepass.

5. Use the oc command to generate a secret named smartrouter-app-secret from the new keystore file:

   $ oc create secret generic smartrouter-app-secret --from-file=keystore.jks

Procedure

1. For IBM DB2, Oracle Database, or Sybase, provide the JDBC driver JAR file in a local directory.
2. Download the rhpam-7.7.0-openshift-templates.zip product deliverable file from the Software Downloads page of the Red Hat Customer Portal.
3. Unzip the file and, using the command line, change to the templates/contrib/jdbc directory of the unzipped file. This directory contains the source code for the custom build.

4. Run one of the following commands, depending on the database server type:

   • For Microsoft SQL Server:

     make build mssql

   • For MariaDB:

     make build mariadb

   • For IBM DB2:

     make build db2

   • For Oracle Database:

     make build oracle artifact=/tmp/ojdbc7.jar version=7.0

     In this command, replace /tmp/ojdbc7.jar with the path name of the downloaded Oracle Database driver and 7.0 with the version of the driver.

   • For Sybase:

     make build sybase artifact=/tmp/jconn4-16.0_PL05.jar version=16.0_PL05

     In this command, replace /tmp/jconn4-16.0_PL05.jar with the path name of the downloaded Sybase driver and 16.0_PL05 with the version of the driver.

5. Run the following command to list the Docker images that are available locally:

   docker images

   Note the name of the image that was built, for example, jboss-kie-db2-extension-openshift-image, and the version tag of the image, for example, 11.1.4.4 (not the latest tag).

6. Access the registry of your OpenShift environment directly and push the image to the registry. Depending on your user permissions, you can push the image into the openshift namespace or into a project namespace. For instructions about accessing the registry and pushing the images, see Accessing registry directly from the cluster in the Red Hat OpenShift Container Platform product documentation.

7. When configuring your KIE Server deployment with a template that supports an external database server, set the following parameters:

   • Drivers Extension Image (EXTENSIONS_IMAGE): The ImageStreamTag definition of the extension image, for example, jboss-kie-db2-extension-openshift-image:11.1.4.4
   • Drivers ImageStream Namespace (EXTENSIONS_IMAGE_NAMESPACE): The namespace to which you uploaded the extension image, for example, openshift or your project namespace.

Procedure

1. Configure a Maven release repository to which you have write access. The repository must allow read access without authentication and your OpenShift environment must have network access to this repository.

   You can deploy a Nexus repository manager in the OpenShift environment. For instructions about setting up Nexus on OpenShift, see Setting up Nexus in the Red Hat OpenShift Container Platform 3.11 documentation. The documented procedure is applicable to Red Hat OpenShift Container Platform version 4. Use this repository as a separate mirror repository.

   Alternatively, if you use a custom external repository (for example, Nexus) for your services, you can use the same repository as a mirror repository.

2. On the computer that has an outgoing connection to the public Internet, complete the following steps:

   1. Download the rhpam-7.7.0-offliner.zip product deliverable file from the Software Downloads page of the Red Hat Customer Portal.
   2. Extract the contents of the rhpam-7.7.0-offliner.zip file into any directory.

   3. Change to the directory and enter the following command:

      ./offline-repo-builder.sh offliner.txt

      This command creates a repository subdirectory and downloads the necessary artifacts into this subdirectory.

      If a message reports that some downloads have failed, run the same command again. If downloads fail again, contact Red Hat support.

   4. Upload all artifacts from the repository subdirectory to the Maven mirror repository that you prepared. You can use the Maven Repository Provisioner utility, available from the Maven repository tools Git repository, to upload the artifacts.

3. If you developed services outside Business Central and they have additional dependencies, add the dependencies to the mirror repository. If you developed the services as Maven projects, you can use the following steps to prepare these dependencies automatically. Complete the steps on the computer that has an outgoing connection to the public Internet.

   1. Create a backup of the local Maven cache directory (~/.m2/repository) and then clear the directory.
   2. Build the source of your projects using the mvn clean install command.

   3. For every project, enter the following command to ensure that Maven downloads all runtime dependencies for all the artifacts generated by the project:

      mvn -e -DskipTests dependency:go-offline -f /path/to/project/pom.xml --batch-mode -Djava.net.preferIPv4Stack=true

      Replace /path/to/project/pom.xml with the correct path to the pom.xml file of the project.

   4. Upload all artifacts from the local Maven cache directory (~/.m2/repository) to the Maven mirror repository that you prepared. You can use the Maven Repository Provisioner utility, available from the Maven repository tools Git repository, to upload the artifacts.