Chapter 2. Preparing to deploy Red Hat Process Automation Manager in your OpenShift environment

Procedure

1. Determine whether Red Hat OpenShift Container Platform is configured with the user name and password for Red Hat registry access. For details about the required configuration, see Configuring a Registry Location. If you are using an OpenShift Online subscription, it is configured for Red Hat registry access.

2. If Red Hat OpenShift Container Platform is configured with the user name and password for Red Hat registry access, enter the following commands:

   $ oc get imagestreamtag -n openshift | grep -F rhpam-businesscentral | grep -F 7.5
   $ oc get imagestreamtag -n openshift | grep -F rhpam-kieserver | grep -F 7.5

   Copy to Clipboard Toggle word wrap

   If the outputs of both commands are not empty, the required image streams are available in the openshift namespace and no further action is required.

3. If the output of one or both of the commands is empty or if OpenShift is not configured with the user name and password for Red Hat registry access, complete the following steps:

   1. Ensure you are logged in to OpenShift with the oc command and that your project is active.
   2. Complete the steps documented in Registry Service Accounts for Shared Environments. You must log in to the Red Hat Customer Portal to access the document and to complete the steps to create a registry service account.
   3. Select the OpenShift Secret tab and click the link under Download secret to download the YAML secret file.
   4. View the downloaded file and note the name that is listed in the name: entry.

   5. Enter the following commands:

      oc create -f <file_name>.yaml
      oc secrets link default <secret_name> --for=pull
      oc secrets link builder <secret_name> --for=pull

      Copy to Clipboard Toggle word wrap

      Replace <file_name> with the name of the downloaded file and <secret_name> with the name that is listed in the name: entry of the file.

   6. Download the rhpam-7.5.1-openshift-templates.zip product deliverable file from the Software Downloads page and extract the rhpam75-image-streams.yaml file.

   7. Enter the following command:

      $ oc apply -f rhpam75-image-streams.yaml

      Copy to Clipboard Toggle word wrap
      Note

      If you complete these steps, you install the image streams into the namespace of your project. In this case, when you deploy the templates, you must set the IMAGE_STREAM_NAMESPACE parameter to the name of this project.

Procedure

1. Generate an SSL keystore with a private and public key for SSL encryption for Process Server. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for Process Server.

2. Save the keystore in a file named keystore.jks.
3. Record the name of the certificate. The default value for this name in Red Hat Process Automation Manager configuration is jboss.
4. Record the password of the keystore file. The default value for this name in Red Hat Process Automation Manager configuration is mykeystorepass.

5. Use the oc command to generate a secret named kieserver-app-secret from the new keystore file:

   $ oc create secret generic kieserver-app-secret --from-file=keystore.jks

   Copy to Clipboard Toggle word wrap

Procedure

1. Generate an SSL keystore with a private and public key for SSL encryption for Business Central. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for Business Central.

2. Save the keystore in a file named keystore.jks.
3. Record the name of the certificate. The default value for this name in Red Hat Process Automation Manager configuration is jboss.
4. Record the password of the keystore file. The default value for this name in Red Hat Process Automation Manager configuration is mykeystorepass.

5. Use the oc command to generate a secret named businesscentral-app-secret from the new keystore file:

   $ oc create secret generic businesscentral-app-secret --from-file=keystore.jks

   Copy to Clipboard Toggle word wrap

Procedure

1. Generate an SSL keystore with a private and public key for SSL encryption for Smart Router. For more information on how to create a keystore with self-signed or purchased SSL certificates, see Generate a SSL Encryption Key and Certificate.

   Note

   In a production environment, generate a valid signed certificate that matches the expected URL for Smart Router.

2. Save the keystore in a file named keystore.jks.
3. Record the name of the certificate. The default value for this name in Red Hat Process Automation Manager configuration is jboss.
4. Record the password of the keystore file. The default value for this name in Red Hat Process Automation Manager configuration is mykeystorepass.

5. Use the oc command to generate a secret named smartrouter-app-secret from the new keystore file:

   $ oc create secret generic smartrouter-app-secret --from-file=keystore.jks

   Copy to Clipboard Toggle word wrap

Procedure

1. Prepare a Maven release repository to which you can write. The repository must allow read access without authentication. Your OpenShift environment must have access to this repository. You can deploy a Nexus repository manager in the OpenShift environment. For instructions about setting up Nexus on OpenShift, see Setting up Nexus. Use this repository as a separate mirror repository.

   Alternatively, if you use a custom external repository (for example, Nexus) for your services, you can use the same repository as a mirror repository.

2. On the computer that has an outgoing connection to the public Internet, complete the following steps:

   1. Download the latest version of the Offliner tool.
   2. Download the rhpam-7.5.1-offliner.txt product deliverable file from the Software Downloads page of the Red Hat Customer Portal.

   3. Enter the following command to use the Offliner tool to download the required artifacts:

      java -jar offliner-<version>.jar -r https://maven.repository.redhat.com/ga/ -r https://repo1.maven.org/maven2/ -d /home/user/temp rhpam-7.5.1-offliner.txt

      Copy to Clipboard Toggle word wrap

      Replace /home/user/temp with an empty temporary directory and <version> with the version of the Offliner tool that you downloaded. The download can take a significant amount of time.

   4. Upload all artifacts from the temporary directory to the Maven mirror repository that you prepared. You can use the Maven Repository Provisioner utility to upload the artifacts.

3. If you developed services outside Business Central and they have additional dependencies, add the dependencies to the mirror repository. If you developed the services as Maven projects, you can use the following steps to prepare these dependencies automatically. Complete the steps on the computer that has an outgoing connection to the public Internet.

   1. Create a backup of the local Maven cache directory (~/.m2/repository) and then clear the directory.
   2. Build the source of your projects using the mvn clean install command.

   3. For every project, enter the following command to ensure that Maven downloads all runtime dependencies for all the artifacts generated by the project:

      mvn -e -DskipTests dependency:go-offline -f /path/to/project/pom.xml --batch-mode -Djava.net.preferIPv4Stack=true

      Copy to Clipboard Toggle word wrap

      Replace /path/to/project/pom.xml with the correct path to the pom.xml file of the project.

   4. Upload all artifacts from the local Maven cache directory (~/.m2/repository) to the Maven mirror repository that you prepared. You can use the Maven Repository Provisioner utility to upload the artifacts.