Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 2. Preparing to deploy Red Hat Process Automation Manager in your OpenShift environment
Before deploying Red Hat Process Automation Manager in your OpenShift environment, you need to complete several preparatory tasks. You do not need to repeat these tasks if you want to deploy additional images, for example, for new versions of processes or for other processes.
2.1. Ensuring the availability of image streams
You must ensure that the image streams that are required for the deployment are available in your OpenShift environment. Some versions of the OpenShift environment include the necessary image streams. You must check if they are available. If they are not available, you must install the rhpam71-image-streams.yaml file.
Procedure
Run the following commands:
oc get imagestreamtag -n openshift | grep rhpam71-businesscentral oc get imagestreamtag -n openshift | grep rhpam71-kieserver
$ oc get imagestreamtag -n openshift | grep rhpam71-businesscentral $ oc get imagestreamtag -n openshift | grep rhpam71-kieserverCopy to Clipboard Copied! Toggle word wrap Toggle overflow If the outputs of both commands are not empty, the required image streams are available and no further action is required.
If the output of one or both of the commands is empty, download the
rhpam-7.1.0-openshift-templates.zipproduct deliverable file from the Software Downloads page. Extract therhpam71-image-streams.yamlfile from it. Complete one of the following actions:Run the following command:
oc create -f rhpam71-image-streams.yaml
$ oc create -f rhpam71-image-streams.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow -
Using the OpenShift Web UI, select Add to Project
Import YAML / JSON, then choose the file or paste its contents.
2.2. Creating the secrets for Process Server
OpenShift uses objects called Secrets to hold sensitive information, such as passwords or keystores. See the Secrets chapter in the OpenShift documentation for more information.
You must create an SSL certificate for Process Server and provide it to your OpenShift environment as a secret.
Procedure
Generate an SSL keystore with a private and public key for SSL encryption for Process Server. In a production environment, generate a valid signed certificate that matches the expected URL of the Process Server. Save the keystore in a file named
keystore.jks. Record the name of the certificate and the password of the keystore file.See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.
Use the
occommand to generate a secret namedkieserver-app-secretfrom the new keystore file:oc create secret generic kieserver-app-secret --from-file=keystore.jks
$ oc create secret generic kieserver-app-secret --from-file=keystore.jksCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.3. Creating the secrets for Business Central
If you are planning to deploy Business Central or Business Central Monitoring in your OpenShift environment, you must create an SSL certificate for Business Central and provide it to your OpenShift environment as a secret. Do not use the same certificate and keystore for Business Central and for Process Server.
Procedure
Generate an SSL keystore with a private and public key for SSL encryption for Business Central. In a production environment, generate a valid signed certificate that matches the expected URL of the Business Central. Save the keystore in a file named
keystore.jks. Record the name of the certificate and the password of the keystore file.See Generate a SSL Encryption Key and Certificate for more information on how to create a keystore with self-signed or purchased SSL certificates.
Use the
occommand to generate a secret namedbusinesscentral-app-secretfrom the new keystore file:oc create secret generic businesscentral-app-secret --from-file=keystore.jks
$ oc create secret generic businesscentral-app-secret --from-file=keystore.jksCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.4. Changing GlusterFS configuration
Check whether your OpenShift environment uses GlusterFS to provide permanent storage volumes. If it uses GlusterFS, to ensure optimal performance, tune your GlusterFS storage by changing the storage class configuration.
Procedure
To check whether your environment uses GlusterFS, run the following command:
oc get storageclass
oc get storageclassCopy to Clipboard Copied! Toggle word wrap Toggle overflow In the results, check whether the
(default)marker is on the storage class that listsglusterfs. For example, in the following output the default storage class isgluster-container, which does listglusterfs:NAME PROVISIONER AGE gluster-block gluster.org/glusterblock 8d gluster-container (default) kubernetes.io/glusterfs 8d
NAME PROVISIONER AGE gluster-block gluster.org/glusterblock 8d gluster-container (default) kubernetes.io/glusterfs 8dCopy to Clipboard Copied! Toggle word wrap Toggle overflow If the result has a default storage class that does not list
glusterfsor if the result is empty, you do not need to make any changes. In this case, skip the rest of this procedure.To save the configuration of the default storage class into a YAML file, run the following command:
oc get storageclass <class-name> -o yaml >storage_config.yaml
oc get storageclass <class-name> -o yaml >storage_config.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow Where
class-nameis the name of the default storage class. For example:oc get storageclass gluster-container -o yaml >storage_config.yaml
oc get storageclass gluster-container -o yaml >storage_config.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow Edit the
storage_config.yamlfile:Remove the lines with the following keys:
-
creationTimestamp -
resourceVersion -
selfLink -
uid
-
On the line with the
volumeoptionskey, add the following two options:features.cache-invalidation on, performance.nl-cache on. For example:volumeoptions: client.ssl off, server.ssl off, features.cache-invalidation on, performance.nl-cache on
volumeoptions: client.ssl off, server.ssl off, features.cache-invalidation on, performance.nl-cache onCopy to Clipboard Copied! Toggle word wrap Toggle overflow
To remove the existing default storage class, run the following command:
oc delete storageclass <class-name>
oc delete storageclass <class-name>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Where
class-nameis the name of the default storage class. For example:oc delete storageclass gluster-container
oc delete storageclass gluster-containerCopy to Clipboard Copied! Toggle word wrap Toggle overflow To re-create the storage class using the new configuration, run the following command:
oc create -f storage_config.yaml
oc create -f storage_config.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}