Chapter 4. Deployment and management of a Red Hat Process Automation Manager environment using OpenShift operators
To deploy a Red Hat Process Automation Manager environment, the OpenShift operator uses a YAML source that describes the environment. Red Hat Process Automation Manager provides an installer that you can use to form the YAML source and deploy the environment.
When the Business Automation operator deploys the environment, it creates a YAML description of the environment, and then ensures that the environment is consistent with the description at all times. You can edit the description to modify the environment.
You can remove the environment by deleting the operator application in Red Hat OpenShift Container Platform.
When you remove an environment with a high-availability Business Central, the operator does not delete Persistent Volume Claims that were created as part of the JBoss Datagrid and JBoss AMQ StatefulSet creation. This behaviour is a part of Kubernetes design, as deletion of the Persistent Volume Claims could cause data loss. For more information about handling persistent volumes during deletion of a StatefulSet, see the Kubernetes documentation.
If you create a new environment using the same namespace and the same application name, the environment reuses the persistent volumes for increased performance.
You can delete the Persistent Volume Claims manually.
4.1. Subscribing to the Business Automation operator
To be able to deploy Red Hat Process Automation Manager using operators, you must subscribe to the Business Automation operator in OpenShift.
Procedure
- Enter your project in the OpenShift Web cluster console.
-
In the OpenShift Web console navigation panel, select Catalog
OperatorHub or Operators OperatorHub. - Search for Business Automation, select it and click Install.
On the Create Operator Subscription page, select your target namespace and approval strategy.
Optional: Set Approval strategy to
Automatic
to enable automatic operator updates. An operator update does not immediately update the product, but is required before you update the product. Configure automatic or manual product updates using the settings in every particular product deployment.- Click Subscribe to create a subscription.
4.2. Deploying a Red Hat Process Automation Manager environment using the operator
After you subscribe to the Business Automation operator, you can use the installer wizard to configure and deploy a Red Hat Process Automation Manager environment.
In Red Hat Process Automation Manager 7.8, the operator installer wizard is for Technology Preview only. For more information on Red Hat Technology Preview features, see Technology Preview Features Support Scope.
4.2.1. Starting the deployment of a Red Hat Process Automation Manager environment using the Business Automation operator
To start deploying a Red Hat Process Automation Manager environment using the Business Automation operator, access the installer wizard. The installer wizard is deployed when you subscribe to the operator.
Prerequisites
- You subscribed to the Business Automation operator. For instructions about subscribing to the operator, see Section 4.1, “Subscribing to the Business Automation operator”.
Procedure
-
In the Red Hat OpenShift Container Platform web cluster console menu, select Catalog
Installed operators or Operators Installed operators. -
Click the name of the operator that contains
businessautomation
. Information about this operator is displayed. - Click the Installer link located on the right side of the window.
- If prompted, log in with your OpenShift credentials.
Result
The Installation tab of the wizard is displayed.
4.2.2. Setting the basic configuration of the environment
After you start to deploy a Red Hat Process Automation Manager environment using the Business Automation operator, you must select the type of the environment and set other basic configuration.
Prerequisites
- You started to deploy a Red Hat Process Automation Manager environment using the Business Automation operator and accessed the installer wizard according to the instructions in Section 4.2.1, “Starting the deployment of a Red Hat Process Automation Manager environment using the Business Automation operator”.
Procedure
- In the Application Name field, enter a name for the OpenShift application. This name is used in the default URLs for all components.
In the Environment list, select the type of environment. This type determines the default configuration; you can modify this configuration as necessary. The following types are available for Red Hat Process Automation Manager:
-
rhpam-trial
: A trial environment that you can set up quickly and use to evaluate or demonstrate developing and running assets. Includes Business Central and a KIE Server. This environment does not use any persistent storage, and any work you do in the environment is not saved. -
rhpam-authoring
: An environment for creating and modifying services using Business Central. It consists of pods that provide Business Central for the authoring work and a KIE Server for test execution of the services. rhpam-authoring-ha
: An environment for creating and modifying services using Business Central. It consists of pods that provide Business Central for the authoring work and a KIE Server for test execution of the services. This version of the authoring environment supports scaling the Business Central pod to ensure high availability.ImportantIn Red Hat Process Automation Manager 7.8, high-availability Business Central functionality deployment using the operator is for Technology Preview only. For more information about Red Hat Technology Preview features, see Technology Preview Features Support Scope. For a fully supported high-availabilityAvailability deployment, use the high-availability authoring template on Red Hat OpenShift Container Platform version 3.11. For instructions about deploying this template, see Deploying a Red Hat Process Automation Manager authoring environment on Red Hat OpenShift Container Platform.
-
rhpam-production
: An environment for running existing services for staging and production purposes. This environment includes Business Central Monitoring, Smart Router, and two groups of KIE Server pods. You can deploy and undeploy services on every such group and also scale the group up or down as necessary. Use Business Central Monitoring to deploy, run, and stop the services and to monitor their execution. rhpam-production-immutable
: An alternate environment for running existing services for staging and production purposes. You can configure one or more KIE Server pods that build services from source or pull them from a Maven repository. You can then replicate each pod as necessary.You cannot remove any service from the pod or add any new service to the pod. If you want to use another version of a service or to modify the configuration in any other way, deploy a new server image to replace the old one. You can use any container-based integration workflows to manage the pods.
When configuring this environment, in the KIE Servers tab you must customize the KIE Server and either click the Set immutable server configuration button or set the
KIE_SERVER_CONTAINER_DEPLOYMENT
environment variable. For instructions about configuring the KIE Server, see Section 4.2.5, “Setting custom KIE Server configuration of the environment”.Optionally, you can also use the Console tab to include Business Central Monitoring in this environment to monitor, stop, and restart the execution of process services. For instructions about configuring Business Central Monitoring, see Section 4.2.4, “Setting the Business Central configuration of the environment”.
-
If you want to enable automatic upgrades to new versions, select the Enable Upgrades box. If this box is selected, when a new patch version of Red Hat Process Automation Manager 7.8 becomes available, the operator automatically upgrades your deployment to this version. All services are preserved and normally remain available throughout the upgrade process.
If you also want to enable the same automatic upgrade process when a new minor version of Red Hat Process Automation Manager 7.x becomes available, select the Include minor version upgrades box.
NoteDisable automatic updates if you want to use a custom image for any component of Red Hat Process Automation Manager.
- Optional: If you want to use image tags for downloading images, select the Use Image Tags box. This setting is useful if you use a custom registry or if you are directed by Red Hat support.
- If you want to use a custom image registry, under Custom registry, enter the URL of the registry in the Image registry field. If this registry does not have a properly signed and recognized SSL certificate, select the Insecure box.
Under Admin user, enter the user name and password for the administrative user for Red Hat Process Automation Manager in the Username and Password fields.
ImportantIf you use RH-SSO or LDAP authentication, the same user must be configured in your authentication system with the
kie-server,rest-all,admin
roles for Red Hat Process Automation Manager.If you want to use a custom version tag for images, complete the following steps:
- Click Next to access the Security tab.
- Scroll to the bottom of the window.
- Enter the image tag in the Image tag field.
Next steps
If you want to deploy the environment with the default configuration, click Finish and then click Deploy to deploy the environment. Otherwise, continue to set other configuration parameters.
4.2.3. Setting the security configuration of the environment
After you set the basic configuration of a Red Hat Process Automation Manager environment using the Business Automation operator, you can optionally configure authentication (security) settings for the environment.
Prerequisites
- You completed basic configuration of a Red Hat Process Automation Manager environment using the Business Automation operator in the installer wizard according to the instructions in Section 4.2.2, “Setting the basic configuration of the environment”.
-
If you want to use RH-SSO or LDAP for authentication, you created users with the correct roles in your authentication system. You must create at least one administrative user (for example,
adminUser
) with thekie-server,rest-all,admin
roles. This user must have the user name and password that you configured on the Installation tab. - If you want to use RH-SSO authentication, you created the clients in your RH-SSO system for all components of your environment, specifying the correct URLs. This action ensures maximum control. Alternatively, the deployment can create the clients.
Procedure
- If the Installation tab is open, click Next to view the Security tab.
In the Authentication mode list, select one of the following modes:
-
Internal
: You configure the initial administration user when deploying the environment. The user can use Business Central to set up other users as necessary. -
RH-SSO
: Red Hat Process Automation Manager uses Red Hat Single Sign-On for authentication. -
LDAP
: Red Hat Process Automation Manager uses LDAP for authentication
-
Complete the security configuration based on the Authentication mode that you selected.
If you selected
RH-SSO
, configure RH-SSO authentication:- In the RH-SSO URL field, enter the RH-SSO URL.
- In the Realm field, enter the RH-SSO realm name.
- If you did not create RH-SSO clients for components of your environment enter the credentials of an administrative user for your RH-SSO system in the SSO admin user and SSO admin password fields.
- If your RH-SSO system does not have a proper signed SSL certificate, select the Disable SSL cert validation box.
- If you want to change the RH-SSO principal attribute used for the user name, in the Principal attribute field enter the name of the new attribute.
If you selected
LDAP
, configure LDAP authentication:- In the LDAP URL field, enter the LDAP URL.
- Configure LDAP parameters that correspond to the settings of the LdapExtended Login module of Red Hat JBoss EAP. For instructions about using these settings, see LdapExtended Login Module.
If you selected
RH-SSO
orLDAP
, if your RH-SSO or LDAP system does not define all the roles required for your deployment, you can map authentication system roles to Red Hat Process Automation Manager roles.To enable role mapping, you must provide a role mapping configuration file in an OpenShift configuration map or secret object in the project namespace. The file must contain entries in the following format:
ldap_role = product_role1, product_role2...
For example:
admins = kie-server,rest-all,admin
To enable the use of this file, make the following changes:
-
Under RoleMapper, in the Roles properties file field, enter the fully qualified path name of the role mapping configuration file, for example,
/opt/eap/standalone/configuration/rolemapping/rolemapping.properties
. - If you want to replace roles defined in the authentication system with roles that you define in the mapping file, select the Replace roles box. Otherwise, both the roles defined in RH-SSO or LDAP and the roles defined in the configuration file are available.
-
In the fields under RoleMapper Configuration object, select the Kind of the object that provides the file (
ConfigMap
orSecret
) and enter the Name of the object. This object is automatically mounted on Business Central and KIE Server pods in the path that you specified for the role mapping configuration file.
-
Under RoleMapper, in the Roles properties file field, enter the fully qualified path name of the role mapping configuration file, for example,
Configure other passwords, if necessary:
- AMQ password and AMQ cluster password are passwords for interaction with ActiveMQ using the JMS API.
- Keystore password is the password for the keystore files used in secrets for HTTPS communication. Set this password if you created secrets according to instructions in Section 3.2, “Creating the secrets for KIE Server” or Section 3.3, “Creating the secrets for Business Central”.
- Database password is the password for database server pods that are a part of the environments.
Next steps
If you want to deploy the environment with the default configuration of all components, click Finish and then click Deploy to deploy the environment. Otherwise, continue to set configuration parameters for Business Central, KIE Servers, and Smart Router.
4.2.4. Setting the Business Central configuration of the environment
After you set the basic and security configuration of a Red Hat Process Automation Manager environment using the Business Automation operator, you can optionally configure settings for the Business Central or Business Central Monitoring component of the environment.
Prerequisites
- You completed basic configuration of a Red Hat Process Automation Manager environment using the Business Automation operator in the installer wizard according to the instructions in Section 4.2.2, “Setting the basic configuration of the environment”.
- If you want to use RH-SSO or LDAP for authentication, you completed security configuration according to the instructions in Section 4.2.3, “Setting the security configuration of the environment”.
Procedure
- If the Installation or Security tab is open, click Next until you view the Console tab.
- If you created the secret for Business Central according to the instructions in Section 3.3, “Creating the secrets for Business Central”, enter the name of the secret in the Secret field.
Optionally, configure Git hooks.
In an authoring environment, you can use Git hooks to facilitate interaction between the internal Git repository of Business Central and an external Git repository. If you want to use Git hooks, you must prepare a Git hooks directory in an OpenShift configuration map, secret, or persistent volume claim object in the project namespace. You can also prepare a secret with the SSH key and known hosts files for Git SSH authentication. For instructions about preparing Git hooks, see Section 3.7, “Preparing Git hooks”.
To use a Git hooks directory, make the following changes:
-
Under GitHooks, in the Mount path field, enter a fully qualified path for the directory, for example,
/opt/kie/data/git/hooks
. -
In the fields under GitHooks Configuration object, select the Kind of the object that provides the file (
ConfigMap
,Secret
, orPersistentVolumeClaim
) and enter the Name of the object. This object is automatically mounted on the Business Central pods in the path that you specified for the Git hooks directory. - Optionally, in the SSH secret field enter the name of the secret with the SSH key and known hosts files.
-
Under GitHooks, in the Mount path field, enter a fully qualified path for the directory, for example,
-
Optionally, enter the number of replicas for Business Central or Business Central monitoring in the Replicas field. Do not change this number in a
rhpam-authoring
environment. - Optionally, enter requested and maximum CPU and memory limits in the fields under Resource quotas.
- If you want to customize the configuration of the Java virtual machine on the Business Central pods, select the Enable JVM configuration box and then enter information in any of the fields under Enable JVM configuration. All fields are optional. For the JVM parameters that you can configure, see Section 4.4, “JVM configuration parameters”.
If you selected RH-SSO authentication, configure RH-SSO for Business Central:
- Enter the client name in the Client name field and the client secret in the Client secret field. If a client with this name does not exist, the deployment attempts to create a new client with this name and secret.
- If the deployment is to create a new client, enter the HTTP and HTTPS URLs that will be used for accessing the KIE Server into the SSO HTTP URL and SSO HTTPS URL fields. This information is recorded in the client.
Optionally, depending on your needs, set environment variables. To set an environment variable, click Add new Environment variable, then enter the name and value for the variable in the Name and Value fields.
In a
rhpam-production
orrhpam-production-immutable
environment, if you want Business Central Monitoring to run in a simplified mode that does not use a file system, set theORG_APPFORMER_SIMPLIFIED_MONITORING_ENABLED
totrue
.In the simplified mode, Business Central Monitoring does not require a persistent volume claim. You can use this mode in environments that do not support
ReadWriteMany
access to persistent storage. You can not use Business Central Monitoring in the simplified mode to design custom dashboards.If you want to use an external Maven repository, set the following variables:
-
MAVEN_REPO_URL
: The URL for the Maven repository -
MAVEN_REPO_ID
: An identifier for the Maven repository, for example,repo-custom
-
MAVEN_REPO_USERNAME
: The user name for the Maven repository MAVEN_REPO_PASSWORD
The password for the Maven repositoryImportantIn an authoring environment, if you want Business Central to push a project into an external Maven repository, you must configure this repository during deployment and also configure exporting to the repository in every project. For information about exporting Business Central projects to an external Maven repository, see Packaging and deploying a Red Hat Process Automation Manager project.
-
If your OpenShift environment does not have a connection to the public Internet, configure access to a Maven mirror that you set up according to Section 3.11, “Preparing a Maven mirror repository for offline use”. Set the following variables:
-
MAVEN_MIRROR_URL
: The URL for the Maven mirror repository that you set up in Section 3.11, “Preparing a Maven mirror repository for offline use”. This URL must be accessible from a pod in your OpenShift environment. MAVEN_MIRROR_OF
: The value that determines which artifacts are to be retrieved from the mirror. For instructions about setting themirrorOf
value, see Mirror Settings in the Apache Maven documentation. The default value isexternal:*
. With this value, Maven retrieves every required artifact from the mirror and does not query any other repositories.If you configure an external Maven repository (
MAVEN_REPO_URL
), changeMAVEN_MIRROR_OF
to exclude the artifacts in this repository from the mirror, for example,external:*,!repo-custom
. Replacerepo-custom
with the ID that you configured inMAVEN_REPO_ID
.If your authoring environment uses a built-in Business Central Maven repository, change
MAVEN_MIRROR_OF
to exclude the artifacts in this repository from the mirror:external:*,!repo-rhpamcentr
.
-
In some authoring environments, you might need to ensure that several users can deploy services on the same KIE Server at the same time. By default, after deploying a service onto a KIE Server using Business Central, the user needs to wait for some seconds before more services can be deployed. The
OpenShiftStartupStrategy
setting is enabled by default and causes this limitation. To remove the limitation, you can configure anrhpam-authoring
environment to use the controller strategy. Do not make this change unless a specific need for it exists; if you decide to enable controller strategy, make this change on Business Central and on all KIE Servers in the same environment.NoteDo not enable the controller strategy in an environment with a high-availability Business Central. In such environments the controller strategy does not function correctly.
To enable the controller strategy on Business Central, set the
KIE_SERVER_CONTROLLER_OPENSHIFT_ENABLED
environment variable tofalse
.
Next steps
If you want to deploy the environment with the default configuration of KIE Servers, without Smart Router, and without Process Instance Migration, click Finish and then click Deploy to deploy the environment. Otherwise, continue to set configuration parameters for KIE Servers and Smart Router.
4.2.5. Setting custom KIE Server configuration of the environment
Every environment type in the Business Automation operator includes one or several KIE Servers by default.
Optionally, you can set custom configuration for KIE Servers. In this case, default KIE Servers are not created and only the KIE Servers that you configure are deployed.
Prerequisites
- You completed basic configuration of a Red Hat Process Automation Manager environment using the Business Automation operator in the installer wizard according to the instructions in Section 4.2.2, “Setting the basic configuration of the environment”.
- If you want to use RH-SSO or LDAP for authentication, you completed security configuration according to the instructions in Section 4.2.3, “Setting the security configuration of the environment”.
Procedure
- If the Installation, Security, or Console tab is open, click Next until you view the KIE Servers tab.
- Click Add new KIE Server to add a new KIE Server configuration.
- In the Id field, enter an identifier for the KIE Server. If the KIE Server connects to a Business Central or Business Central Monitoring instance, this identifier determines which server group the server joins.
- In the Name field, enter a name for the KIE Server.
- In the Deployments field, enter the number of similar KIE Servers that are to be deployed. The installer can deploy several KIE Servers with the same configuration. The identifiers and names of the KIE Servers are modified automatically and remain unique.
- If you created the secret for KIE Server according to the instructions in Section 3.2, “Creating the secrets for KIE Server”, enter the name of the secret in the Keystore secret field.
- Optionally, enter the number of replicas for the KIE Server in the Replicas field.
If you want to use a custom image for the KIE Server, complete the following additional steps:
- Click Set KIE Server image.
- Enter the name of the image stream in the Name field.
If the image stream is not in the
openshift
namespace, enter the namespace in the Namespace field.NoteDo not change the Kind value to
DockerImage
. This option does not work in Red Hat Process Automation Manager 7.8.0.For instructions about creating custom images, see Section 4.5, “Creating custom images for KIE Server”.
If you want to configure an immutable KIE Server using a Source to Image (S2I) build, complete the following additional steps:
ImportantIf you want to configure an immutable KIE Server that pulls services from the Maven repository, do not click Set Immutable server configuration and do not complete these steps. Instead, set the
KIE_SERVER_CONTAINER_REPLOYMENT
environment variable.- Click Set Immutable server configuration.
-
In the KIE Server container deployment field, enter the identifying information of the services (KJAR files) that the deployment must extract from the result of a Source to Image (S2I) build. The format is
<containerId>=<groupId>:<artifactId>:<version>
or, if you want to specify an alias name for the container,<containerId>(<aliasId>)=<groupId>:<artifactId>:<version>
. You can provide two or more KJAR files using the|
separator, as illustrated in the following example:containerId=groupId:artifactId:version|c2(alias2)=g2:a2:v2
. - If your OpenShift environment does not have a connection to the public Internet, enter the URL of the Maven mirror that you set up according to Section 3.11, “Preparing a Maven mirror repository for offline use” in the Maven mirror URL field.
- In the Artifact directory field, enter the path within the project that contains the required binary files (KJAR files and any other necessary files) after a successful Maven build. Normally this directory is the target directory of the build. However, you can provide prebuilt binaries in this directory in the Git repository.
-
If you want to use a custom base KIE Server image for the S2I build, click Set Base build image and then enter the name of the image stream in the Name field. If the image stream is not in the
openshift
namespace, enter the namespace in the Namespace field. If you want to use a Docker image name and not an OpenShift image stream tag, change the Kind value toDockerImage
. Click Set Git source and enter information in the following fields:
- S2I Git URI:The URI for the Git repository that contains the source for your services.
- Reference: The branch in the Git repository.
- Context directory: (Optional) The path to the source within the project downloaded from the Git repository. By default, the root directory of the downloaded project is the source directory.
- If you want to set a Git Webhook so changes in the Git repository cause an automatic rebuild of the KIE Server, click Add new Webhook. Select the type of the Webhook from the Type list and enter the secret string for the Webhook in the Secret field.
- Optionally, enter requested and maximum CPU and memory limits in the fields under Resource quotas. If you are configuring several KIE Servers, the limits apply to each server separately.
If you selected RH-SSO authentication, configure RH-SSO for the KIE Server:
- Enter the client name in the Client name field and the client secret in the Client secret field. If a client with this name does not exist, the deployment attempts to create a new client with this name and secret.
- If the deployment is to create a new client, enter the HTTP and HTTPS URLs that will be used for accessing the KIE Server into the SSO HTTP URL and SSO HTTPS URL fields. This information is recorded in the client.
If you want to interact with the KIE Server through JMS API using an external AMQ message broker, enable the Enable JMS Integration setting. Additional fields for configuring JMS Integration are displayed and you must enter the values as necessary:
- User name, Password: The user name and password of a standard broker user, if user authentication in the broker is required in your environment.
- Executor: Select this setting to disable the JMS executor. The executor is enabled by default.
- Executor transacted: Select this setting to enable JMS transactions on the executor queue.
- Enable signal: Select this setting to enable signal configuration through JMS.
- Enable audit: Select this setting to enable audit logging through JMS.
- Audit transacted: Select this setting to enable JMS transactions on the audit queue.
- Queue executor, Queue request, Queue response, Queue signal, Queue audit: Custom JNDI names of the queues to use. If you set any of these values, you must also set the AMQ queues parameter.
- AMQ Queues: AMQ queue names, separated by commas. These queues are automatically created when the broker starts and are accessible as JNDI resources in the JBoss EAP server. If you are using any custom queue names, you must enter the names of all the queues uses by the server in this field.
- Enable SSL integration: Select this setting if you want to use an SSL connection to the AMQ broker. In this case you must also provide the name of the secret that you created in Section 3.4, “Creating the secrets for the AMQ broker connection” and the names and passwords of the key store and trust store that you used for the secret.
- If you want to customize the configuration of the Java virtual machine on the KIE Server pods, select the Enable JVM configuration box and then enter information in any of the fields under Enable JVM configuration. All fields are optional. For the JVM parameters that you can configure, see Section 4.4, “JVM configuration parameters”.
In the Database type field, select the database that the KIE Server must use. The following values are available:
-
mysql
: A MySQL server, created in a separate pod. -
postgresql
: A PostgreSQL server, created in a separate pod. Use this setting unless you have a specific reason to use any other setting. -
h2
: A built-inh2
database engine that does not require a separate pod. Do not scale the KIE Server pod if you use this setting. -
external
: An external database server.
-
If you selected any database except
external
, a Persistent Volume Claim will be created to store the database. Optionally, set configuration parameters for the persistent volume:- In the Size field, enter the size of the persistence volume.
- In the StorageClass name field, enter the storage class name for the persistent volume.
Optionally, if you selected the
external
database, configure the KIE Server extension image. If you want to use any database server except PostgreSQL, MySQL, or MariaDB, you must provide a KIE Server extension image with the database server driver according to instructions in Section 3.6, “Building a custom KIE Server extension image for an external database”. To configure the KIE Server to use this extension image, make the following changes:- Select the Enable extension image stream box.
-
In the Extension image stream tag field, enter the ImageStreamTag definition for the image that you created, for example,
jboss-kie-db2-extension-openshift-image:11.1.4.4
-
Optionally, in the Extension image stream namespace field, enter the namespace into which you pushed the image. If you do not enter any value in this field, the operator expects the image to be in the
openshift
namespace. - Optionally, in the Extension image install directory field, enter the directory within the extensions image where the extensions are located. If you used the procedure in Section 3.6, “Building a custom KIE Server extension image for an external database” to build the image, do not enter any value for this field.
If you selected an external database server, provide the following information in additional fields:
Driver: Enter the database server driver, depending on the server type:
-
mysql
-
postgresql
-
mariadb
-
mssql
-
db2
-
oracle
-
sybase
-
Dialect: Enter the Hibernate dialect for the server, depending on the server type. The common settings are:
-
org.hibernate.dialect.MySQL5InnoDBDialect
-
org.hibernate.dialect.MySQL8Dialect
-
org.hibernate.dialect.MariaDB102Dialect
-
org.hibernate.dialect.PostgreSQL95Dialect
-
org.hibernate.dialect.PostgresPlusDialect
(used for EntrepriseDB Postgres Advanced Server) -
org.hibernate.dialect.SQLServer2012Dialect
(used for MS SQL) -
org.hibernate.dialect.DB2Dialect
-
org.hibernate.dialect.Oracle10gDialect
org.hibernate.dialect.SybaseASE15Dialect
For a complete list of supported dialects, see Table A.7 in Hibernate properties in the Red Hat JBoss EAP documentation.
-
- Host: Enter the host name of the external database server.
- Port: Enter the port number of the external database server.
Jdbc URL: Enter the JDBC URL for the external database server.
NoteIf you are using the EntrepriseDB Postgres database server, use an URL starting with
jdbc:postgresql://
and not withjdbc:edb://
. Alternatively, do not set the URL and set the host and port parameters instead.- NonXA: Select this box if you want to configure the data source in non-XA mode.
- JNDI name: Enter the JNDI name that the application uses for the data source.
- User name and Password: Enter the user name and password for the external database server.
- Background validation: Optionally, select this box to enable background SQL validation and enter the background validation interval.
- Optionally, set the minimum and maximum connection pool sizes, valid connection checker class, and exception sorter class for the database server.
If you are using a MySQL version 8 external database server, enable the
mysql_native_password
plugin and use it for authentication. For instructions about this pluding, see Native Pluggable Authentication in the MySQL 8.0 Reference Manual.If you are using a MySQL version 8 image provided by Red Hat on Red Hat OpenShift Container Platform, to enable the plugin, set the
MYSQL_DEFAULT_AUTHENTICATION_PLUGIN
environment variable tomysql_native_password
.If you created users on the MySQL version 8 server before enabling the
mysql_native_password
plugin, you must update themysql-user
table after you enable the plugin.Optionally, depending on your needs, set environment variables. To set an environment variable, click Add new Environment variable, then enter the name and value for the variable in the Name and Value fields.
If you want to configure an immutable KIE server that pulls services from the configured Maven repository, enter the following settings:
-
Set the
KIE_SERVER_CONTAINER_DEPLOYMENT
environment variable. The variable must contain the identifying information of the services (KJAR files) that the deployment must pull from the Maven repository. The format is<containerId>=<groupId>:<artifactId>:<version>
or, if you want to specify an alias name for the container,<containerId>(<aliasId>)=<groupId>:<artifactId>:<version>
. You can provide two or more KJAR files using the|
separator, as illustrated in the following example:containerId=groupId:artifactId:version|c2(alias2)=g2:a2:v2
. - Configure an external Maven repository.
-
Set the
If you want to configure an external Maven repository, set the following variables:
-
MAVEN_REPO_URL
: The URL for the Maven repository -
MAVEN_REPO_ID
: An identifier for the Maven repository, for example,repo-custom
-
MAVEN_REPO_USERNAME
: The user name for the Maven repository -
MAVEN_REPO_PASSWORD
: The password for the Maven repository
-
If your OpenShift environment does not have a connection to the public Internet, configure access to a Maven mirror that you set up according to Section 3.11, “Preparing a Maven mirror repository for offline use”. Set the following variables:
-
MAVEN_MIRROR_URL
: The URL for the Maven mirror repository that you set up in Section 3.11, “Preparing a Maven mirror repository for offline use”. This URL must be accessible from a pod in your OpenShift environment. If you configured this KIE Server as S2I, you already entered this URL. MAVEN_MIRROR_OF
: The value that determines which artifacts are to be retrieved from the mirror. If you configured this KIE Server as S2I, do not set this value. For instructions about setting themirrorOf
value, see Mirror Settings in the Apache Maven documentation. The default value isexternal:*
. With this value, Maven retrieves every required artifact from the mirror and does not query any other repositories.If you configure an external Maven repository (
MAVEN_REPO_URL
), changeMAVEN_MIRROR_OF
to exclude the artifacts in this repository from the mirror, for example,external:*,!repo-custom
. Replacerepo-custom
with the ID that you configured inMAVEN_REPO_ID
.If your authoring environment uses a built-in Business Central Maven repository, change
MAVEN_MIRROR_OF
to exclude the artifacts in this repository from the mirror:external:*,!repo-rhpamcentr
.
-
-
If you want to configure your KIE Server deployment to use Prometheus to collect and store metrics, set the
PROMETHEUS_SERVER_EXT_DISABLED
environment variable tofalse
. For instructions about configuring Prometheus metrics collection, see {URL_MANAGING_SETTINGS}#prometheus-monitoring-ocp-proc_execution-server[Managing and monitoring KIE Server]. -
If you are using {RH-SSO} authentication and the interaction of your application with {RH-SSO} requires support for CORS, set the
SSO_ENABLE_CORS
variable totrue
. In some authoring environments, you might need to ensure that several users can deploy services on the same KIE Server at the same time. By default, after deploying a service onto a KIE Server using Business Central, the user needs to wait for some seconds before more services can be deployed. The
OpenShiftStartupStrategy
setting is enabled by default and causes this limitation. To remove the limitation, you can configure anrhpam-authoring
environment to use the controller strategy. Do not make this change unless a specific need for it exists; if you decide to enable controller strategy, make this change on Business Central and on all KIE Servers in the same environment.NoteDo not enable the controller strategy in an environment with a high-availability Business Central. In such environments the controller strategy does not function correctly.
To enable controller strategy on a KIE Server, set the
KIE_SERVER_STARTUP_STRATEGY
environment variable toControllerBasedStartupStrategy
and theKIE_SERVER_CONTROLLER_OPENSHIFT_ENABLED
environment variable tofalse
.
Next steps
To configure additional KIE Servers, click Add new KIE Server again and repeat the procedure for the new server configuration.
If you want to deploy the environment without Smart Router and without Process Instance Migration, click Finish and then click Deploy to deploy the environment. Otherwise, continue to set configuration parameters for Smart Router.
4.2.6. Setting Smart Router configuration for the environment
By default, the deployed environment does not include Smart Router. You can add a Smart Router to the environment. You can also set configuration options for the Smart Router.
Prerequisites
- You completed basic configuration of a Red Hat Process Automation Manager environment using the Business Automation operator in the installer wizard according to the instructions in Section 4.2.2, “Setting the basic configuration of the environment”.
Procedure
- If the Installation, Security, Console, or KIE Servers tab is open, click Next until you view the Smart Router tab.
- Click Set Smart Router to add Smart Router to the environment and to configure Smart Router.
- If you created the secret for Smart Router according to the instructions in Section 3.5, “Creating the secrets for Smart Router”, enter the name of the secret in the Secret field.
- Optionally, enter the number of replicas for the Smart Router in the Replicas field.
- Optionally, enter requested and maximum CPU and memory limits in the fields under Resource quotas.
Next steps
If you want to deploy the Process Instance Migration service, continue to deploy the service. Otherwise, click Finish and then click Deploy to deploy the environment.
4.2.7. Setting Process Instance Migration configuration for the environment
You can use the operator to deploy the Process Instance Migration (PIM) service. You can use the PIM service to define the migration between two different process definitions, known as a migration plan. You can apply the migration plan to the running process instances in a specific KIE Server.
The PIM service uses a database server for its operation.
Prerequisites
- You completed basic configuration of a Red Hat Process Automation Manager environment using the Business Automation operator in the installer wizard according to the instructions in Section 4.2.2, “Setting the basic configuration of the environment”.
Procedure
- If the Installation, Security, Console, KIE Servers, or Smart Router tab is open, click Next until you view the Process Instance Migration tab.
- Click Set Process Instance Migration to add PIM to the environment and to configure PIM.
In the Database type field, select the database that the PIM service must use. The following values are available:
-
mysql
: A MySQL server, created in a separate pod. -
postgresql
: A PostgreSQL server, created in a separate pod. Use this setting unless you have a specific reason to use any other setting. -
h2
: A built-inh2
database engine that does not require a separate pod.
-
Optionally, set configuration parameters of the persistent volume for the database:
- In the Size field, enter the size of the persistence volume
- In the StorageClass name field, enter the storage class name for the persistent volume
Next steps
Click Finish and then click Deploy to deploy the environment.
For instructions about using the PIM service, see Process Instance Migration in Managing and monitoring business processes in Business Central.
4.3. Modifying an environment that is deployed using operators
If an environment is deployed using operators, you cannot modify it using typical OpenShift methods. For example, if you delete a deployment configuration or a service, it is re-created automatically with the same parameters.
To modify the environment, you must modify the YAML description of the environment. You can change common settings such as passwords, add new KIE Servers, and scale KIE Servers.
Procedure
- Enter your project in the OpenShift web cluster console.
-
In the OpenShift Web console navigation panel, select Catalog
Installed operators or Operators Installed operators. -
Find the
Business Automation
operator line in the table and clickKieApp
in the line. Information about the environments that you deployed using this operator is displayed. - Click the name of a deployed environment.
Select the YAML tab.
A YAML source is displayed. In this YAML source, you can edit the content under
spec:
to change the configuration of the environment.If you want to change the deployed version of Red Hat Process Automation Manager, add the following line under
spec:
version: 7.8.0
You can replace
7.8.0
with another required version. Use this setting to upgrade Red Hat Process Automation Manager to a new version if automatic updates are disabled, for example, if you use a custom image.-
If you want to change common settings, such as passwords, edit the values under
commonConfig:
. If you want to add new KIE Servers, add their descriptions at the end of the block under
servers:
, as shown in the following examples:To add two servers named
server-a
andserver-a-2
, add the following lines:- deployments: 2 name: server-a
To add an immutable KIE Server that includes services built from source in an S2I process, add the following lines:
- build: kieServerContainerDeployment: <deployment> gitSource: uri: <url> reference: <branch> contextDir: <directory>
Replace the following values:
-
<deployment>
: The identifying information of the decision service (KJAR file) that is built from your source. The format is<containerId>=<groupId>:<artifactId>:<version>
. You can provide two or more KJAR files using the|
separator, for examplecontainerId=groupId:artifactId:version|c2=g2:a2:v2
. The Maven build process must produce all these files from the source in the Git repository. -
<url>
: The URL for the Git repository that contains the source for your decision service. -
<branch>
: The branch in the Git repository. -
<directory>
: The path to the source within the project downloaded from the Git repository.
-
-
If you want to scale a KIE Server, find the description of the server in the block under
servers:
and add areplicas:
setting under that description. For example,replicas: 3
scales the server to three pods. If you want to make other changes, review the CRD source for the available settings. To view the CRD source, log in to the Red Hat OpenShift Container Platform environment with the
oc
command as an administrative user and then enter the following command:oc get crd kieapps.app.kiegroup.org -o yaml
-
Click Save and then wait for a
has been updated
pop-up message. - Click Reload to view the new YAML description of the environment.
4.4. JVM configuration parameters
When deploying Red Hat Process Automation Manager using the operator, you can optionally set a number of JVM configuration parameters for Business Central and KIE Servers. These parameters set environment variables for the corresponding containers.
The following table lists all JVM configuration parameters that you can set when deploying Red Hat Process Automation Manager using the operator.
The default settings are optimal for most use cases. Make any changes only when they are required.
Configuration field | Environment variable | Description | Example |
---|---|---|---|
Java Opts append | JAVA_OPTS_APPEND | User specified Java options to be appended to generated options in JAVA_OPTS. |
|
Java max memory ratio | JAVA_MAX_MEM_RATIO |
The maximum percentage of container memory that can be used for the Java Virtual Machine. The remaining memory is used for the operating system. The default value is |
|
Java initial memory ratio | JAVA_INITIAL_MEM_RATIO |
The percentage of container memory that is initially used for the Java Virtual Machine. The default value is |
|
Java max initial memory | JAVA_MAX_INITIAL_MEM |
The maximum amount of memory, in megabytes, that can be initially used for the Java Virtual Machine. If the initial allocated memory, as set in the Java initial memory ratio parameter, would otherwise be greater than this value, the amount of memory set in this value is allocated using the |
|
Java diagnostics | JAVA_DIAGNOSTICS | Enable this setting to enable output of additional JVM diagnostic information to the standard output. Disabled by default. |
|
Java debug | JAVA_DEBUG |
Enable this setting to switch on remote debugging. Disabled by default. Adds the |
|
Java debug port | JAVA_DEBUG_PORT |
The port that is used for remote debugging. The default value is |
|
GC min heap free ratio | GC_MIN_HEAP_FREE_RATIO |
Minimum percentage of heap free after garbage collection (GC) to avoid expansion. Sets the |
|
GC max heap free ratio | GC_MAX_HEAP_FREE_RATIO |
Maximum percentage of heap free after GC to avoid shrinking. Sets the |
|
GC time ratio | GC_TIME_RATIO |
Specifies the ratio of the time spent outside the garbage collection (for example, the time spent for application execution) to the time spent in the garbage collection. Sets the |
|
GC adaptive size policy weight | GC_ADAPTIVE_SIZE_POLICY_WEIGHT |
The weighting given to the current GC time versus previous GC times. Sets the |
|
GC max metaspace size | GC_MAX_METASPACE_SIZE |
The maximum metaspace size. Sets the |
|
4.5. Creating custom images for KIE Server
You can create custom images to add files to KIE Server deployments. You must push the images to your own container registry. When deploying Red Hat Process Automation Manager, you can configure the operator to use the custom images.
If you use a custom image, you must disable automatic version updates. When you want to install a new version, build the image with the same name as before and the new version tag and push the image into your registry. You can then change the version and the operator automatically pulls the new image. For instructions about changing the product version in the operator, see Section 4.3, “Modifying an environment that is deployed using operators”.
In particular, you can create the following types of custom images:
- A custom image of KIE Server that includes an additional RPM package
- A custom image of KIE Server that includes an additional JAR library
4.5.1. Creating a custom KIE Server image with an additional RPM package
You can create a custom KIE Server image where an additional RPM package is installed. You can push this image into your custom registry and then use it to deploy the KIE Server.
You can install any package from the Red Hat Enterprise Linux 8 repository. This example installs the procps-ng
package, which provides the ps
utility, but you can modify it to install other packages.
Procedure
-
Authenticate to the
registry.redhat.io
registry using thepodman login
command. For instructions about authenticating to the registry, see Red Hat Container Registry Authentication. To download the supported KIE Server base image, enter the following command:
podman pull registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.8.0
Create a
Dockerfile
that defines a custom image based on the base image. The file must change the current user toroot
, install the RPM package using theyum
command, and then revert toUSER 185
, the Red Hat JBoss EAP user. The following example shows the content of theDockerfile
file:FROM registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.8.0 USER root RUN yum -y install procps-ng USER 185
Replace the name of the RPM file as necessary. The
yum
command automatically installs all dependencies from the Red Hat Enterprise Linux 8 repository. You might need to install several RPM files, in this case, use severalRUN
commands.Build the custom image using the
Dockerfile
. Supply the fully qualified name for the image, including the registry name. You must use the same version tag as the version of the base image. To build the image, enter the following command:podman build . --tag registry_address/image_name:7.8.0
For example:
podman build . --tag registry.example.com/custom/rhpam-kieserver-rhel8:7.8.0
After the build completes, run the image, log in to it, and verify that the customization was successful. Enter the following command:
podman run -it --rm registry_address/image_name:7.8.0 /bin/bash
For example:
podman run -it --rm registry.example.com/custom/rhpam-kieserver-rhel8:7.8.0 /bin/bash
In the shell prompt for the image, enter the command to test that the RPM is installed, then enter
exit
. For example, forprocps-ng
, run theps
command:[jboss@c2fab36b778e ~]$ ps PID TTY TIME CMD 1 pts/0 00:00:00 bash 13 pts/0 00:00:00 ps [jboss@c2fab36b778e ~]$ exit
To push the custom image into your registry, enter the following command:
podman push registry_address/image_name:7.8.0 docker://registry_address/image_name:7.8.0
For example:
podman push registry.example.com/custom/rhpam-kieserver-rhel8:7.8.0 docker://registry.example.com/custom/rhpam-kieserver-rhel8:7.8.0
Next steps
When deploying the KIE Server, set the image name and namespace to specify the custom image in your registry. Click Set KIE Server image, change the Kind value to DockerImage, and then provide the image name including the registry name, but without the version tag, for example:
registry.example.com/custom/rhpam-kieserver-rhel8
For instructions about deploying the KIE Server using the operator, see Section 4.2.5, “Setting custom KIE Server configuration of the environment”.
4.5.2. Creating a custom KIE Server image with an additional JAR file
You can create a custom KIE Server image where an additional JAR file (or several JAR files) is installed to extend the capabilities of the server. You can push this image into your custom registry and then use it to deploy the KIE Server.
Procedure
Develop a custom library that works with the KIE Server. You can use the following documentation and examples to develop the library:
-
Build the library using Maven, so that the JAR file is placed in the
target
directory. This example uses thecustom-kieserver-ext-1.0.0.Final.jar
file name. -
Authenticate to the
registry.redhat.io
registry using thepodman login
command. For instructions about authenticating to the registry, see Red Hat Container Registry Authentication. To download the supported KIE Server base image, enter the following command:
podman pull registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.8.0
Create a
Dockerfile
that defines a custom image based on the base image. The file must copy the JAR file (or several JAR files) into the/opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/
directory. The following example shows the content of theDockerfile
file:FROM registry.redhat.io/rhpam-7/rhpam-kieserver-rhel8:7.8.0 COPY target/custom-kieserver-ext-1.0.0.Final.jar /opt/eap/standalone/deployments/ROOT.war/WEB-INF/lib/
Build the custom image using the
Dockerfile
. Supply the fully qualified name for the image, including the registry name. You must use the same version tag as the version of the base image. To build the image, enter the following command:podman build . --tag registry_address/image_name:7.8.0
For example:
podman build . --tag registry.example.com/custom/rhpam-kieserver-rhel8:7.8.0
To push the custom image into your registry, enter the following command:
podman push registry_address/image_name:7.8.0 docker://registry_address/image_name:7.8.0
For example:
podman push registry.example.com/custom/rhpam-kieserver-rhel8:7.8.0 docker://registry.example.com/custom/rhpam-kieserver-rhel8:7.8.0
Next steps
When deploying the KIE Server, set the image name and namespace to specify the custom image in your registry. Click Set KIE Server image, change the Kind value to DockerImage, and then provide the image name including the registry name, but without the version tag, for example:
registry.example.com/custom/rhpam-kieserver-rhel8
For instructions about deploying the KIE Server using the operator, see Section 4.2.5, “Setting custom KIE Server configuration of the environment”.