To gain insights into the decision-making process of your applications, configure your
Operational Decision Manager installation to emit events to
IBM Business Automation Insights. IBM Business Automation Insights is part of the IBM Cloud Pak® for Business Automation offering.
About this task
When you configure the ODM event emitter, the execution of rulesets generates events that
are sent to a Kafka server so that Business Automation Insights can process them. To enable a
connection between Operational Decision Manager and a Kafka server
you need to define the connection parameters through a Kubernetes secret. This secret must contain
at least one entry, which is a property file that is named
plugin-configuration.properties, and optionally a JKS truststore file. The JKS
truststore is required if you want a secured communication between Operational Decision Manager and the Kafka server.
Procedure
-
Create a Kafka topic.
-
Create a plugin-configuration.properties file.
This file must contain the name of the Kafka topic and at least one Kafka bootstrap server.
com.ibm.rules.bai.plugin.topic=<kafka_topic_name>
com.ibm.rules.bai.plugin.kafka.bootstrap.servers=<kafka_IP>:<kafka_port>
Where
topic
defines the name of the Kafka topic and
bootstrap.servers
defines the Kafka target servers.
All properties must be prefixed with com.ibm.rules.bai.plugin
.
All Kafka producer properties (here, bootstrap.servers
) must be prefixed with
com.ibm.rules.bai.plugin.kafka
.
Other properties are optional. For a list of possible Kafka producer properties, see Producer Configs.
The connection to Kafka can be configured with or without security.
- Configure event emission without security.
Here is an example of a configuration
file with an extra Kafka producer property named retries
. This property causes the
client to resend any record that fails with a potentially transient error. However, the connection
is not
secured.
com.ibm.rules.bai.plugin.topic=<kafka_topic_name>
com.ibm.rules.bai.plugin.kafka.bootstrap.servers=192.168.1.15:9092
com.ibm.rules.bai.plugin.kafka.retries=2
- Configure event emission with security.
To ensure that your connection to the Kafka
servers is secure, add a truststore to your Kafka configuration. Here is an example of a
configuration file with a SASL_SSL secured connection.
com.ibm.rules.bai.plugin.topic=<kafka_topic_name>
com.ibm.rules.bai.plugin.kafka.bootstrap.servers=192.168.1.15:9092
com.ibm.rules.bai.plugin.kafka.security.protocol=SASL_SSL
com.ibm.rules.bai.plugin.kafka.ssl.truststore.location=/config/baiemitterconfig/<truststore.jks>
com.ibm.rules.bai.plugin.kafka.ssl.truststore.password=<truststore_password>
com.ibm.rules.bai.plugin.kafka.sasl.mechanism=PLAIN
com.ibm.rules.bai.plugin.kafka.ssl.protocol=TLSv1.2
com.ibm.rules.bai.plugin.kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="token" password="<api_key>";
The
directory /config/baiemitterconfig/ must be used as a prefix to your
certificate name. For example, if your certificate file name is truststore.jks,
then the property must be defined as
com.ibm.rules.bai.plugin.kafka.ssl.truststore.location=/config/baiemitterconfig/trustore.jks
.
For
more information, see https://kafka.apache.org/11/documentation.html#security.
-
Create a Kubernetes secret for the plugin-configuration.properties file,
and optionally for the truststore. Make sure that you create the secret in the same namespace as the
namespace that you use for the ODM release.
- To create a Kubernetes secret without a
truststore.
kubectl create secret generic mybaieventsecret --from-file=plugin-configuration.properties
Where
mybaieventsecret is the name you give to the secret.
- To create a Kubernetes secret with a
truststore.
kubectl create secret generic mybaieventsecret --from-file=plugin-configuration.properties --from-file=<truststore.jks>
Where
mybaieventsecret is the name you give to the secret.
The truststore file
must be referenced in the plugin-configuration.properties
file.
com.ibm.rules.bai.plugin.kafka.ssl.truststore.location=/config/baiemitterconfig/<truststore.jks>
com.ibm.rules.bai.plugin.kafka.ssl.truststore.password=<truststore_password>
Make a note of the name of your secret (mybaieventsecret) so that it is at
hand when you configure the ODM deployment.
-
Specify the parameter customization.baiEmitterSecretRef in the
configuration for your ODM release.
customization.baiEmitterSecretRef=mybaieventsecret