Configuring Decision Center with a configuration file
New in 8.10.5 Decision Center can configure itself by using properties that you define in a file. This approach is a convenient way to initialize Decision Center, configure its database, define servers and Lightweight Directory Access Protocol (LDAP) configurations, and set other configuration properties.
The first step is to enable this feature. You can do so by defining a Java or an environment property:
com.ibm.rules.decisioncenter.setup.enable = true
Then, you must define the path to the file that contains the configuration properties:
com.ibm.rules.decisioncenter.setup.configuration-file
The following example shows the full declaration:
com.ibm.rules.decisioncenter.setup.enable = true
com.ibm.rules.decisioncenter.setup.configuration-file = ./conf/decisioncenter-configuration.properties
Configuring the database
The following properties are used to generate a database schema.
The JNDI name of the data source is jdbc/ilogDataSource
by default:
com.ibm.rules.decisioncenter.setup.datasource = jdbc/ilogDataSource
The path to the extension model is used by Decision Center to build the database schema. If you don’t have a model extension, don't set this property to keep the default value. Otherwise, provide a full or relative path of your .brmx file, for example:
com.ibm.rules.decisioncenter.setup.extension-model = /ilog/rules/teamserver/model/defaultExtension.brmx
The path to the extension data is used by Decision Center to populate the extension model. If you don’t have a model extension, don't set this property to keep the default value. Otherwise, provide a full or relative path of your .brdx file, for example:
com.ibm.rules.decisioncenter.setup.extension-data = /ilog/rules/teamserver/model/defaultExtension.brdx
The persistence locale is used to persist business artifacts. If you plan to create business
artifacts in US English, keep the default value en_US
:
com.ibm.rules.decisioncenter.setup.locale = en_US
Configuring LDAP
In this section, you configure Decision Center to connect to an LDAP directory to manage groups and users. Authorization is fully handled by Decision Center, and you do not have to repackage or restart the server every time you need a new group to control access to your projects.
After you set up the connection, you must set up Decision Center to see your LDAP directory to get groups and users. To do so, you need to set the following property:
com.ibm.rules.decisioncenter.setup.ldap-configurations
This property defines the path to the XML file that defines the LDAP configurations, for example:
com.ibm.rules.decisioncenter.setup.ldap-configurations = ./conf/ldap-configurations.xml
The following example shows such a file:
<dc-usermanagement>
<ldapConnections>
<ldapConnection name="Local Directory">
<ldapUrl>ldap://localhost:10389</ldapUrl>
<searchConnectionDN>uid=admin,ou=system</searchConnectionDN>
<searchConnectionPassword>secret</searchConnectionPassword>
<groupSearchBase>ou=Groups,dc=example,dc=com</groupSearchBase>
<groupSearchFilter>(cn=*)</groupSearchFilter>
<groupNameAttribute>cn</groupNameAttribute>
<groupMemberAttribute>member</groupMemberAttribute>
<userIdAttribute>uid</userIdAttribute>
<userNameAttribute>sn</userNameAttribute>
<userMailAttribute>mail</userMailAttribute>
</ldapConnection>
</ldapConnections>
</dc-usermanagement>
For information, see Managing users and groups from the Business console.
When you work with an LDAP directory, Decision Center provides three modes to import groups and users. The mode is set with the following property:
com.ibm.rules.decisioncenter.ldap.sync.users-and-groups
Possible values for this property:
Value | Description |
---|---|
|
In the Business console, you can manually import groups and users in Decision Center with no restriction on how you organize the users in the groups. In this mode, the organization of groups in Decision Center does not reflect the groups in the LDAP directory. |
|
Groups and users are automatically imported. In this mode, the organization of groups exactly reflects the groups in the LDAP directory. |
|
Groups are imported manually, and users for these groups are automatically imported. This mode is the most flexible because it gives you more granularity for setting up the LDAP groups. |
In modes all
and users
, Decision Center periodically imports users. The frequency
can be configured in the following property:
com.ibm.rules.decisioncenter.ldap.sync.refresh.period
This property defines the refresh rate of the LDAP repository in milliseconds. When you update an LDAP directory, you must wait for the next refresh to see the changes in Decision Center. However, you can manually do the import in either the Business console or a dedicated REST API.
To manage groups and users in the Business console, a user needs to connect with the role rtsAdministrator. You have two options:
- Create an rtsAdministrator group in your LDAP directory. Users in this group have rtsAdministrator access.
- Create a super user in your application server and connect to the Business console to grant some LDAP users rtsAdministrator access. The advantage of this option is that you do not need to ask an IT developer to change the LDAP of your organization to add an rtsAdministrator group.
Configuring groups
You can configure the list of groups that are available in Decision Center by using the groups
property. This property value uses a comma-separated list of groups, for example:
groups=rtsUser,rtsAdministrator,rtsDeployersStaging,rtsDeployersRun
Configuring the server
In this section, you configure the servers that can be used to connect to Rule Execution Server to deploy a RuleApp, or run test suites or simulations.
You must set the property:
com.ibm.rules.decisioncenter.setup.server-configurations = ./conf/server-configurations.json
This property defines the path to the JSON file that defines the server configurations, for example:
com.ibm.rules.decisioncenter.setup.server-configurations = ./conf/server-configurations.json
This JSON file must contain an array of JSON objects. Each JSON object defines a server by using the following fields:
Field | Description |
---|---|
|
The name of the server as it is displayed in the Business console interface. |
|
Indicate the server type:
|
|
Indicate authentication type:
|
|
If the authenticationKind is OAUTH , this property defines
the name of the OIDC provider. This name must match one of the OIDC providers that are uploaded to
the Business Console (see Configuring for OpenID Connect). |
|
The URL of the server. |
|
The username for logging in to this server. |
|
The password for logging in to this server. |
|
A describing the server. |
|
The list of groups. |
The following example shows the fields in a JSON file:
[
{
"name": "Test and Simulation Execution (BASIC)",
"kind": "DECISION_RUNNER",
"authenticationKind": "BASIC_AUTH",
"url": "http://localhost:8080/DecisionRunner",
"loginServer": "odmAdmin",
"loginPassword": "odmAdmin",
"description": "Use this server to run tests and simulationsfor decision services.",
"groups": ["*"]},
{"name": "Decision Service Execution (OIDC)",
"kind": "RES",
"authenticationKind": "OAUTH",
"authenticationProvider": "frlab",
"url": "http://localhost:8080/res",
"loginServer": "odmAdmin",
"loginPassword": "odmAdmin",
"description": "Use this server to deploy decision services that you want to execute.",
"groups": ["*"]
}
}
Defining Decision Center properties
p>You can also define any Decision Center property, or setting, in the configuration file. A setting is a configuration property that is saved in the Decision Center database.- Define a property
- To define a property, you must prefix the property name with
property
. For example, to define the propertydecisioncenter.web.dt.rowOrderingMode
, you might put in the configuration file the following line:property.decisioncenter.web.dt.rowOrderingMode=Manual
This example defines the setting
decisioncenter.web.dt.rowOrderingMode
with the valueManual
.
- Set System (Java) properties
- You can also set System (Java) properties in a similar way, by prefixing the property name with
system
. The following example sets the build severity level:system.teamserver.build.severityLevel=info;
The system property
teamserver.build.severity
is set to the valueinfo
.
- Replace user-defined values
-
The deployment configuration file initializes the settings in the Decision Center database if they are not already set. However, if the settings are already set, use the following property to make the automatic setup apply the settings in the configuration file:
teamserver.setup.overrideAvailableProps=true;