Configuring the ODM event emitter

To gain insights into the decision-making process of your applications, configure your Operational Decision Manager installation to emit events to IBM Business Automation Insights. IBM Business Automation Insights is part of the IBM Cloud Pak® for Business Automation offering.

About this task

When you configure the ODM event emitter, the execution of rulesets generates events that are sent to a Kafka server so that Business Automation Insights can process them. To enable a connection between Operational Decision Manager and a Kafka server you need to define the connection parameters through a Kubernetes secret. This secret must contain at least one entry, which is a property file that is named plugin-configuration.properties, and optionally a JKS truststore file. The JKS truststore is required if you want a secured communication between Operational Decision Manager and the Kafka server.

Procedure

  1. Create a Kafka topic.
  2. Create a plugin-configuration.properties file.
    This file must contain the name of the Kafka topic and at least one Kafka bootstrap server. 
    com.ibm.rules.bai.plugin.topic=<kafka_topic_name>
com.ibm.rules.bai.plugin.kafka.bootstrap.servers=<kafka_IP>:<kafka_port>
    Where topic defines the name of the Kafka topic and bootstrap.servers defines the Kafka target servers.

    All properties must be prefixed with com.ibm.rules.bai.plugin.

    All Kafka producer properties (here, bootstrap.servers) must be prefixed with com.ibm.rules.bai.plugin.kafka.

    Other properties are optional. For a list of possible Kafka producer properties, see Producer Configs.

    The connection to Kafka can be configured with or without security.

    • Configure event emission without security.

      Here is an example of a configuration file with an extra Kafka producer property named retries. This property causes the client to resend any record that fails with a potentially transient error. However, the connection is not secured.

      com.ibm.rules.bai.plugin.topic=<kafka_topic_name>                       
com.ibm.rules.bai.plugin.kafka.bootstrap.servers=192.168.1.15:9092
com.ibm.rules.bai.plugin.kafka.retries=2
    • Configure event emission with security.
      To ensure that your connection to the Kafka servers is secure, add a truststore to your Kafka configuration. Here is an example of a configuration file with a SASL_SSL secured connection. 
      com.ibm.rules.bai.plugin.topic=<kafka_topic_name>
com.ibm.rules.bai.plugin.kafka.bootstrap.servers=192.168.1.15:9092
com.ibm.rules.bai.plugin.kafka.security.protocol=SASL_SSL
com.ibm.rules.bai.plugin.kafka.ssl.truststore.location=/config/baiemitterconfig/<truststore.jks>
com.ibm.rules.bai.plugin.kafka.ssl.truststore.password=<truststore_password>
com.ibm.rules.bai.plugin.kafka.sasl.mechanism=PLAIN
com.ibm.rules.bai.plugin.kafka.ssl.protocol=TLSv1.2
com.ibm.rules.bai.plugin.kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="token" password="<api_key>";

      The directory /config/baiemitterconfig/ must be used as a prefix to your certificate name. For example, if your certificate file name is truststore.jks, then the property must be defined as com.ibm.rules.bai.plugin.kafka.ssl.truststore.location=/config/baiemitterconfig/trustore.jks.

      For more information, see https://kafka.apache.org/11/documentation.html#security.

  3. Create a Kubernetes secret for the plugin-configuration.properties file, and optionally for the truststore. Make sure that you create the secret in the same namespace as the namespace that you use for the ODM release.
    • To create a Kubernetes secret without a truststore.
      kubectl create secret generic mybaieventsecret --from-file=plugin-configuration.properties

      Where mybaieventsecret is the name you give to the secret.

    • To create a Kubernetes secret with a truststore.
      kubectl create secret generic mybaieventsecret --from-file=plugin-configuration.properties --from-file=<truststore.jks>

      Where mybaieventsecret is the name you give to the secret.

      The truststore file must be referenced in the plugin-configuration.properties file.

      com.ibm.rules.bai.plugin.kafka.ssl.truststore.location=/config/baiemitterconfig/<truststore.jks>
com.ibm.rules.bai.plugin.kafka.ssl.truststore.password=<truststore_password>
    Make a note of the name of your secret (mybaieventsecret) so that it is at hand when you configure the ODM deployment.
  4. Specify the parameter customization.baiEmitterSecretRef in the configuration for your ODM release. 
    customization.baiEmitterSecretRef=mybaieventsecret
    For more information, see Built-in ruleset properties for the ODM event emitter.