Decision Management (ODM, ADS)

 View Only

How do I install ODM Bronze topology with CP4BA 22.0.1?

By Sia Sin Tay posted Thu September 01, 2022 04:06 AM

  
This article is part of an article series around Operational Decision Manager (ODM) topologies in context of Cloud Pak for Business Automation (CP4BA).  For more information about ODM environments and the topologies, see CP4BA ODM topologies on OpenShift.

Please find a PDF version of this article here.

1. Introduction
This document aims to describe how to make an ODM Bronze topology deployment on OpenShift as a component of CP4BA 22.0.1.
ODM Bronze topology is an enterprise deployment of ODM in a single namespace of a cluster. It corresponds to the default production pattern deployment. 
                • Schema of an ODM bronze topology (fig. 1)
Bronze topology is best suited for prototypes or applications with low production constraints (Small, no HA). It can also be seen as the baseline for Silver and Gold topologies and will be referenced as such in other articles.

2. Installation
Prior to installation, go through Planning for a production installation guide to understand what you need, what options you have, storage classes, security, license entitlements, and how you can measure the usage of your deployments. 
Deploying ODM production pattern comes with some choices which can lead to different installation instructions. In Review your options, there are several production deployment guides for CP4BA 22.0.1. In this article, we focus on CP4BA multi-pattern production deployment on ROKS classic and OCP to guide you in implementing your deployment in an OpenShift cluster
Follow the various topics in Preparing for a production deployment to set up your cluster before you create the ODM deployment in a specified namespace. In case of air gap environment, see Preparing an air gap environment.
Preparation steps
Topic
Awaited action and results
Preparing your cluster
This is an action. 
Before you install any of the automation containers, you must prepare a cluster for the patterns that you want to use.
Preparing a client to connect to the cluster
This is an action. 
You must make sure that the client that you intend to use to connect to the OpenShift cluster has all the necessary tools.
Preparing a namespace for the Cloud Pak operator
This is an action. 
All instances of an operator need a namespace whether it is on a private cloud (OCP) or on IBM Cloud® Public (ROKS). Depending on your platform type, either prepare the namespace on OCP or on ROKS.
An example to create a namespace (bronze) for ODM Bronze topology:
oc new-project bronze
Getting access to container images
This is a decision to be made. 
You must get access to the Cloud Pak container images before you edit the custom resource file. You can use the IBM Entitled Registry or a local image registry.
Setting up the cluster
This is an action. 
If you plan to use the Form view in Operator Hub, then set up the cluster with the OpenShift console. You can also use the admin script to set up the cluster by running the following Shell script: "cert-kubernetes/scripts/cp4a-clusteradmin-setup.sh"
Preparing customized versions of JDBC drivers and ICCSAP libraries
 
Optional
The Cloud Pak operator includes a single version of Db2 (db2jcc4.jar), Oracle (ojdbc8.jar), Microsoft SQL Server (mssql-jdbc.jre8.jar), and PostgreSQL (postgresql-42.3.3.jar) JDBC drivers to use in your production deployments. If you need to use other versions, then you must package these files into a compressed file and use the sc_drivers_url configuration parameter to download them from an accessible web server. 
At this stage, you should have your target cluster ready to be used with the Cloud Pak operators up and running. 
The next stage is to architecture, execute and validate an ODM Bronze topology deployment.  The Installing Operational Decision Manager guide provides further instructions to prepare and make the deployment.
Topic
Awaited action and results
Preparing to install Operational Decision Manager
This is an action
Before you install ODM, check your environment to make sure that you have everything that are needed for the installation. Follow the guide to configure database, user access and ODM components.
Creating a production deployment
This is an action
You can generate an ODM Bronze topology CR YAML file by "cert-kubernetes/scripts/cp4a-deployment.sh" script, check and fill up the custom resource parameter values for the data source, the LDAP configuration in the generated CR YAML file, and lastly deploy it. 
Refer to the next section for more details about modifying the custom resource parameters.
Some modifications can be done to the generated CR YAML file. Use the following table to help you identify the customizable parameters. 

Action
Parameter
New value
Replace
metadata.name
Add a meaningful name which will is the name of your ICP4Cluster instance.
e.g. odmbronze
Delete
spec.shared_configuration.sc_deployment_fncm_license
Delete
spec.shared_configuration.sc_deployment_baw_license
Delete
spec.shared_configuration.sc_ingress_enable
Delete
spec.shared_configuration.sc_ingress_tls_secret_name
Delete
spec.shared_configuration.sc_cpe_limited_storage
Update
spec.*.*port
The awaited value type is a string and must be between quotes
e.g. database_port: '60001'
Update
spec.odm_configuration.deployment_profile_size
Possible values are: small, medium and large
To compute the best size, see System requirements.
Update
oc patch AutomationUIConfig iaf-system --type=merge -p '{"spec":{"zenService":{"scaleConfig":"<size>"}}}'
It is recommended that you set the IBM Cloud Platform UI (Zen) service to the same size as Cloud Pak for Business Automation. The possible values are small, medium, and large.
Update
spec.datasource_configuration.dc_ssl_enabled
true
ODM Topology guidelines prescribe the usage of SSL
Create secret
spec.datasource_configuration.dc_odm_datasource.dc_ssl_secret_name
Secret used for DB2 SSL configuration for ODM
e.g. odm-db2-ssl-secret
To manually create this create, run the command: oc create secret generic odm-db2-ssl-secret --from-file=db2-server-certificate=<your_path>/server.crt   whereby server.crt is the Db2 SSL certificate public key in ASCII format. For more information, see Step 4 of Configuration an external database.
Create secret
spec.datasource_configuration.dc_odm_datasource.dc_common_database_instance_secret
Secret used to keep DB2 login credentials
To manually create this secret, run the following command
oc create secret generic <odm-db-secret> --from-literal=db-user=<user_name> --from-literal=db-password=<user_password>
e.g. topology-odm-db-secret
Create secret
spec.ldap_configuration.lc_ldap_ssl_secret_name
Secret used for LDAP SSL configuration
To manually configure the LDAP certificate, follow the instructions from this page: Configuring LDAP over SSL.
e.g. topology-ad-ldap-ssl-cert 
Create secret
 spec.ldap_configuration.lc_bind_secret
Secret used for LDAP configuration
To manually configure the LDAP certificate following instructions from this page: LDAP configuration.
e.g. topology-ad-ldap-bind-secret

Having modified the custom resource parameters, proceed with the deployment. At this stage, the ICP4Cluster instance that you named odmbronze is created. After a couple of reconcile loops of the CP4BA operator, you can verify the deployment.

3. Validation
To ensure that the environment works correctly, follow the steps in completing post-installation tasks for ODM.  Additional validations can be done at ODM level using Validate your ODM topology - 22.0.1.
Lastly, here is a sample of CR YAML file allowing an ODM Bronze topology with DB2 with SSL external database and Active Directory LDAP:
apiVersion: icp4a.ibm.com/v1
kind: ICP4ACluster
metadata:
  name: odmbronze
  labels:
    app.kubernetes.io/instance: ibm-dba
    app.kubernetes.io/managed-by: ibm-dba
    app.kubernetes.io/name: ibm-dba
    release: 22.0.1
spec:
  appVersion: 22.0.1
  ibm_license: accept
  shared_configuration:
    sc_deployment_license: production
    sc_deployment_context: "CP4A"
    sc_image_repository: cp.icr.io
    root_ca_secret: icp4a-root-ca
    sc_deployment_patterns: "foundation,decisions"
    sc_optional_components: "decisionCenter,decisionRunner,decisionServerRuntime"
    sc_deployment_type: "Production"
    sc_deployment_platform: "OCP"
    sc_deployment_profile_size: medium
    trusted_certificate_list: []
    storage_configuration:
      sc_slow_file_storage_classname: managed-nfs-storage
      sc_medium_file_storage_classname: managed-nfs-storage
      sc_fast_file_storage_classname: managed-nfs-storage
      sc_block_storage_classname: managed-nfs-storage
    image_pull_secrets:
    - admin.registrykey
    
  ## The beginning section of LDAP configuration for CP4A
  ldap_configuration:
    lc_selected_ldap_type: Microsoft Active Directory
    lc_ldap_server: *****
    lc_ldap_port: '***'
    lc_bind_secret: topology-ad-ldap-bind-secret
    lc_ldap_base_dn: *****
    lc_ldap_ssl_enabled: true
    lc_ldap_ssl_secret_name: topology-ad-ldap-ssl-cert
    lc_ldap_user_name_attribute: *****
    lc_ldap_user_display_name_attr: cn
    lc_ldap_group_base_dn: *****
    lc_ldap_group_name_attribute: *:cn
    lc_ldap_group_display_name_attr: cn
    lc_ldap_group_membership_search_filter: *****
    lc_ldap_group_member_id_map: *****
    ad:
      lc_ad_gc_host: *****
      lc_ad_gc_port: '***'
    tds:
      lc_user_filter: "(&(cn=%v)(objectclass=person))"
      lc_group_filter: "(&(cn=%v)(|(objectclass=groupofnames)(objectclass=groupofuniquenames)(objectclass=groupofurls)))"
## The beginning section of database configuration for CP4A
  datasource_configuration:
    dc_ssl_enabled: true
    dc_icn_datasource:
      database_ssl_secret_name: ''
      dc_hadr_retry_interval_for_client_reroute: 15
      dc_hadr_max_retries_for_client_reroute: 3
      database_port: '***'
      dc_common_icn_datasource_name: ECMClientDS
      dc_hadr_standby_port: ''
      database_name: *****
      database_servername: *****
      dc_hadr_validation_timeout: 15
      dc_oracle_icn_jdbc_url: ''
      dc_hadr_standby_servername: ''
      dc_database_type: db2
    dc_odm_datasource:
      database_servername: *****
      dc_common_database_name: *****
      dc_common_database_instance_secret: topology-odm-db-secret
      dc_common_database_port: '***'
      dc_common_ssl_enabled: true
      dc_database_type: db2
      dc_ssl_secret_name: topology-db2-ssl-cert-for-odm
      ########################################################################
      ########      IBM Operational Decision Manager configuration    ########
      ########################################################################
    #  odm_configuration:
  odm_configuration:
    decisionCenter:
      enabled: true
    decisionServerRuntime:
      enabled: true
    decisionRunner:
      enabled: true


#businessrules
#CloudPakforBusinessAutomation
#OperationalDecisionManager(ODM)
#topology
0 comments
78 views

Permalink