How do I validate my ODM topology with CP4BA 24.0.0?
Blog entry link: Library PDF entry
Target audience: ODM user with ODM Administrator role
Estimated duration: 90 minutes
This article is part of an article series around Operational Decision Manager (ODM) topologies in context of Cloud Pak for Business Automation (CP4BA).
For more information about ODM environments and the topologies, see CP4BA ODM topologies on OpenShift.
This technical article is made in the context of validating an ODM topology at the end of the process to deploy your Cloud Pak for Business Automation deployment Custom Resource (CR) in all of your environments.
Once you have at least one cycle of the Cloud Pak for Business Automation operator being performed, you can start to progress on the following checklist.
It completes the installation document Installing a CP4BA multi-pattern production deployment.
Check Pods
Check the status of your Pods.
All Pods of the targeted namespace should be up-and-running.
Check the status: if there are some Pods on error, try to resolve the issue before going further.
To do that, you can follow the doc below:
https://kubernetes.io/docs/tasks/debug/debug-application/debug-pods/
Check LDAP service
Check if an LDAP user can connect on each environment.
Try to log on to the Cloud Pak Dashboard (CPD) Console using a user with the Administrator role.
To access Operational Decision Manager (ODM), you must assign a user role through the Cloud Pak Platform UI (Zen) console.
To do that, you can follow the doc below:
https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.0?topic=manager-configuring-user-access
Also try to log on to the CPD Console using a user from the LDAP and try to access to the expected ODM Consoles (Decision Center and/or Decision Server).
[Optional] Check Basic Authentication users
Check if BasicAuth users are well registered on each environment.
If you want to test the Decision Center Console REST API call, try to execute the following cURL call:
url=$(oc get routes cpd -o jsonpath={.spec.host} -n <your-authoring-namespace>)
curl -Ik -u odmAdmin:odmAdmin https://${url}/odm/decisioncenter-api/v1/repository/metrics
And check the response if:
· It's either valid answer: HTTP/1.1 200 OK [...]
· Or an error: HTTP/1.1 401 Unauthorized [...], in this case, try to review your webSecurity.xml file custom secret.
If you want to test the Decision Server Console REST API call, try to execute the following cURL call:
url=$(oc get routes cpd -o jsonpath={.spec.host} -n <your-runtime-namespace>)
curl -Ik -u odmAdmin:odmAdmin https://${url}/odm/res/api/v1/utilities/consoleinfo
And check the response if:
· It's either valid answer: HTTP/1.1 200 OK [...]
· Or an error: HTTP/1.1 401 Unauthorized [...], in this case, try to review your webSecurity.xml file custom secret.
Run the Diagnostic of your Decision Center Console
Run the Diagnostic of your Decision Center Console on each environment.
- Log on to the Decision Center Console using a user that has the rtsAdministrator role.
- Click the Administration > Diagnostics tab.
- Click on the Run All button.
Decision Center Diagnostics report the following:
- About: Information about the Decision Center;
- Manager bean access: Various checks, such as whether the DC was properly installed and database was initialized, license check, hostname, port of the host machine and checks whether a project can be created with the existing installation;
- Data source: checks the database information based on the connected data source, and whether the schema is compatible with the current version of Decision Center;
- Extensions: Determines the model extensions that were defined;
- Verbalizers: retrieves all the verbalizers that are available;
- Database: Various checks on the metadata of the tables and schema level comparisons.
For more details, see: https://www.ibm.com/support/pages/odm-decision-center-diagnostics
Run the Diagnostic of your Decision Server Console
Run the Diagnostic of your Decision Server Console on each environment.
- Log on the RES Console using a user that has the resAdministrators role.
- Click the Diagnostics tab.
- Diagnostics are run automatically, and you can see their results directly.
All the steps in the diagnostics should have green check marks.
If you want to see more detail, you can expand the results of each step or click Expand All to view all the results for all steps.
Note: The local XU connectivity and two rule session execution entries are grayed out because the sample server uses the WebSphere Liberty application server in J2SE mode. And in J2SE mode, the eXecution Units (XUs) are embedded in the client applications, and the Rule Execution Server console does not have J2EE XUs.
If something goes wrong, please go to the troubleshooting section of the official Knowledge Center of the ODM 9.0 product.
Configure and test your environment connections
For the Silver and Gold topologies, you must validate that your Authoring environment is able to establish connections to run a "Test and Simulation" testsuite, and also to publish Decision Services to the Sandbox and Production environments.
- Log on to the Decision Center Console using a user that has the rtsAdministrator role.
- Click the Administration > Servers tab.
- Click on the New Server (+) button to add your server.
- Enter the Server name, the Server URL (i.e. RES console of the Production environment), enable the Use OpenID Connect switch.
- Give the Username and put the Zen API key of the Production environment as a Password.
- Before the final click on the Create button, try to connect using the Test button that will try to perform a real connection with the provided parameters.
- Repeat the above steps to create another server configuration for Testing and simulation. This server configuration will be used later in "Ruleset Test & Simulation" section. The following parameters must be adapted to the Sandbox environment:
- Select "Testing and simulation" for the Usage parameter.
- Enter the Server URL with the URL of Decision Runner in the Sandbox environment.
For example: https://<cpd_sandbox>/odm/DecisionRunner
- In this case, the Zen API key for the Password parameter will be the one generated in the Sandbox environment.
If the connection is not possible, the most common issue is related to the Certificate: Be sure having created an additional secret that stores the certificates of the targeted environment and also be sure that this secret is well registered in the list of certificates from the spec.shared_configuration.trusted_certificate_list parameter of your CR file. For more information, see https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.0?topic=access-using-zen-api-key-authentication
Note: if you encounter the "java.lang.RuntimeException: Unknown OIDC provider: zen" exception, then try to restart all your DecisionCenter Pods.
Check the Execution Units
To validate your installation, you can also check the Execution Units (XUs) list from the Decision Server Console from the Production Environment has a visibility to the correct number of Runtimes.
To do so:
- Log on to the RES Console using a user that has the resAdministrators role.
- Click the Server Info tab and select the Inspect Execution Units sub-topic.
You must be able to read the number of XUs attached to your Decision Server Console: the number of replicas you've configured + 1, attached to the Decision Server Console directly, which is not used for the production execution purpose (usually named localhost).
If it's not the case, double check your CR file. To change the number of runtime, you can either choose to change the spec.shared_configuration.sc_deployment_profile_size with [small=1, medium=3, large=6], spec.odm_configuration.deployment_profile_size with [small=1, medium=3, large=6].
Check the Licensing service
Finally, you need to check that everything is well configured on the metering service as well, to conform to the IBM pricing policy.
All services from all environments should be able to connect to the Metering service.
Verify that the Production Environment is registered as production (Operational Decision Manager Containers - CP4BA).
Verify that the Authoring and Sandbox Environment is registered as non-production (Operational Decision Manager Containers - CP4BA - Non Prod).
To do that, you must query the Licensing service.
The Licensing service exposes three REST endpoints:
- GET /snapshot
- GET /products
- GET /bundled_products
Example of querying the licensing service endpoints:
url=$(oc get routes ibm-licensing-service-instance -o jsonpath={.spec.host} -n <your-namespace>)
token=$(oc get secret ibm-licensing-token -o jsonpath={.data.token} -n <your-namespace> | base64 -d)
# Endpoints with -k option in order to authorize self sign certificate (if any)
curl -k https://${url}/snapshot?token=${token} > snapshot.zip
curl -k https://${url}/products?token=${token} > products.json
curl -k https://${url}/bundled_products?token=${token} > bundled-products.json
In addition, you can connect to the human readable view available in:
https://${url}/status?token=${token}
Final System Verification Testing
Ruleset Promotion
Check if you can deploy from Decision Center Authoring environment to Production environment.
Try to load a dummy project in your Decision Center Console.
Some projects are available on https://github.com/DecisionsDev/odm-for-dev-getting-started
- Loan Validation Service.zip ;
- Miniloan Service.zip, which permits also to validate the Test & Simulation aspect of your installation.
Once downloaded, you must follow the steps above:
- Go to Library > Import Decision Service (up arrow) button and load your zip file.
- Go to your project and select the main branch.
- Click on the Deployments and click on the Deploy button.
- Select either the Sandbox or Production server.
- Your report status should be green at the end of the deployment process.
The deployment should succeed. If it's not the case, try to troubleshoot the issue with the official Knowledge Center of the ODM 9.0 product.
Ruleset Test & Simulation
Check if you can execute simulation from Decision Center Authoring Environment to Sandbox Environment
Try to load a dummy project in your Decision Center Console, which contains Test Suites and/or Simulations.
If you don’t have one, the classical test project "Miniloan" is available on https://github.com/DecisionsDev/odm-for-dev-getting-started
- Miniloan Service.zip, which permits also to validate the Test & Simulation aspect of your installation.
Once downloaded, you must follow the steps above:
- Go to Library > Import Decision Service (up arrow) button and load your zip file.
- Go to your project and select the main branch.
- If you use the MiniLoan project, you can download the Test Suite from: miniloan-test.xlsx
- Click on the New Test Suite (+) button and fill in your file with the Test Suite and target the Sandbox environment.
- Click Save and Run and enter a Commit message before running your Test Suite.
- Click ok to go to the Tests Report view and check whether the Status is green or not at the end of the testing process.
The simulation should succeed. If it's not the case, try to troubleshoot the issue with the official Knowledge Center of the ODM 9.0 product.
If your reach that part of this Technical blog post, then your topology is now up-and-running: have fun with ODM!
#CloudPakforBusinessAutomation#OperationalDecisionManager(ODM)#topology