Optional: Customizing Workflow Server to connect to Workflow Center on premise

Edit online

Using Business Automation Workflow on containers, you can establish and work with IBM Workflow Center running on a traditional runtime environment.

About this task

Business Automation Workflow on containers can connect to a Workflow Center if you configure the workflow_center section of the custom resource (CR) YAML file.

Procedure

When Workflow Server connects to Workflow Center, authentication is required. Create a TLS secret in the operator using the root certificate authority certificate of Workflow Center so that it can be recognized as a trusted server:

  1. Extract the Workflow Center root SSL certificate.
    1. In the Workflow Center WebSphere® administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates.
    2. Select the root certificate and click Extract.
    3. Name the file. For example, name the file WorkflowCenter.cert.
    4. For the data type, select Base64-encoded ASCII data.
    5. Click Apply. From the message, note where the certificate is stored on the file system.
  2. Copy the file and create the secret:
    1. Copy the certificate from step 1 to Workflow Server.
    2. On the Business Automation Workflow runtime environment, run the following oc command to create a secret: 
      oc create secret generic baw-tls-secret --from-file=tls.crt=/root/WorkflowCenter.cert
    3. Add this secret to the trust list section of the Business Automation Workflow CR file, for example 
      baw_configuration:
- name: instance1
  tls:
   tls_trust_list: [baw-tls-secret]
  3. Create a new secret that will hold the username and password of the IBM Workflow Center administrator.
    1. On the Business Automation Workflow runtime environment, create a new secret called ibm-baw-wc-secret in the adminSecrets4operator-ctnrs.yaml file. You add the following content into adminSecrets4operator-ctnrs.yaml file. This secret will contain the credentials of an administrator for Workflow Center, for example
      apiVersion: v1
kind: Secret
metadata:
  name: ibm-baw-wc-secret
type: Opaque
stringData:
  username: deadmin
  password: deadmin
    2. Apply the adminSecrets4operator-ctnrs.yaml file to the runtime environment: 
      oc apply -f ./adminSecrets4operator-ctnrs.yaml
  4. Update the following parameters in the workflow_center section of the Business Automation Workflow CR YAML file to apply changes to your deployment environment, for example 
      baw_configuration:
  - name: instance1
    workflow_center:
     offline: false
     url: "https://<Workflow Center host name>:<Workflow Center port>/ProcessCenter"
     secret_name: "ibm-baw-wc-secret"
     heartbeat_interval: 30
    After these steps, Workflow Server appears on the Servers page for Workflow business automations.
  5. So that the Workflow Center recognizes Workflow Server as a trusted server, complete these steps:
    1. Extract the IBM Cloud Pak® for Business Automation operator root CA certificate and copy it to your Workflow Center located server. For instructions, see Exporting the Zen CA and common services CA.
    2. In the Workflow Center WebSphere administrative console click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates.
    3. Click Add and enter your-path/rootCA.crt, which you get from above step a.
    4. Click OK to add the certificate.