Applying the upgraded custom resource
An upgraded custom resource must be applied to the operator.
Before you begin
If you installed the custom resource (CR) by running the deployment script, you can view the edited CR file and check that all the components that you want to upgrade are configured.
cat cert-kubernetes/scripts/generated-cr/ibm_cp4a_cr_final.yaml
If you prepared the CR in the OpenShift console, open the YAML View to see the file and copy its contents to a file that is named cert-kubernetes/scripts/generated-cr/ibm_cp4a_cr_final.yaml. If you downloaded the file from the console, then make a copy of this file (icp4acluster-icp4adeploy.yaml) in cert-kubernetes/scripts/generated-cr/ibm_cp4a_cr_final.yaml.
Procedure
Results
Use the following command to see the list of versions you now have on the cluster:
oc exec -it `oc get pod|grep ibm-cp4a-operator | awk '{print $1}'` -- cat /opt/ibm/version.txt
All the URL paths to the capabilities change during an upgrade and you must update any existing bookmarks.
How to access the capability services
A ConfigMap is created in the namespace to provide the cluster-specific details to access the
services and applications. Components that are successfully upgraded have the new URLs in the
ConfigMap. If any components failed, the URLs are not included. The ConfigMap name is prefixed with
the deployment name (default is icp4adeploy
). You can find the ConfigMap containing
the routes information by clicking
and
then searching for the string "cp4ba-access-info
".
The contents of the ConfigMap depends on the components that are included. Each component has one or more URLs.
<component1> URL: <RouteUrlToAccessComponent1>
<component2> URL: <RouteUrlToAccessComponent2>
If you included FileNet Content Manager (FNCM) without the other capabilities, then use the Navigator for FNCM heading in the cp4ba-access-info ConfigMap and the custom resource status fields to find the route URL for Business Automation Navigator.
When all of the containers are running, you can access the services. For the components that are not defined in the CP4BA custom resource, like Business Teams Service, you can add the defined prefix for the UI (teamserver/ui) to the cpd_host. The full URL is https://cpd_host/teamserver/ui, where cpd_host is the result of the command oc get route cpd.
Using some of the URLs in the cp4ba-access-info ConfigMap, you might see a 404 (Not Found) error.
You might also see the following errors in the log of the zen-watcher-*** pod:
nginx: configuration file /usr/local/openresty/nginx/conf/nginx.conf test failed
time="2021-12-07 03:48:42" level=error msg=reload-nginx message=err pod_name=ibm-nginx-68d5877466-8dd5w
time="2021-12-07 03:48:42" level=info msg=processConfigData event="failed reloading Nginx config file. Retrying. " reason="command terminated with exit code 1" retry_count=10
time="2021-12-07 03:48:42" level=error msg=processConfigData error="command terminated with exit code 1" event="failed reloading Nginx config file for bawps-cpe-zen-extension"
time="2021-12-07 03:48:42" level=info msg=watchConfigMap event="config bawps-cpe-zen-extension added"
Workaround:
- Kill the zen-watcher-*** pod.
- Wait until the pod is re-created.
- Check the log of the Nginx pod (named ibm-nginx-***) to make sure that you do not have the following error "nginx: configuration file /usr/local/openresty/nginx/conf/nginx.conf test failed".
- Make sure that you have the configuration files for your components in the /user-home/_global/nginx-conf.d directory of the Nginx pod. For example, <namespace>-cpe-zen-extension.conf.
- Reopen the URLs that are in the cp4ba-access-info ConfigMap.
What to do next
The IBM Cloud Pak Platform (Zen) UI is used to provide a role-based user interface for all Cloud Pak capabilities. Capabilities are dynamically available in the UI based on the role of the user that logs in. You can find the URL for the Zen UI by clicking cpd, or by running the following command.
and looking for the nameoc get route |grep "^cpd"
Log in to the Admin Hub to configure your LDAP with the Identity and Access Management (IAM) service. You have two authentication types that you can log in with: OpenShift authentication and IBM provided credentials (admin only). Use your kubeadmin username and credentials to log in with OpenShift authentication. On ROKS, you must use IBM provided credentials. The default username for these credentials is "admin". You can get the default username by running the following command:
oc -n ibm-common-services get secret platform-auth-idp-credentials \
-o jsonpath='{.data.admin_username}' | base64 -d && echo
You get the password by running the following command:
oc -n ibm-common-services get secret platform-auth-idp-credentials \
-o jsonpath='{.data.admin_password}' | base64 -d && echo
You can change the default password at any time. For more information, see Changing the cluster administrator password.
You can then onboard users and groups to Zen for any capability that provides a route. These users and user groups can then work with business applications and business automations by using the Zen-enabled routes. For more information, see Completing post-deployment tasks for Business Automation Studio.
Go to and complete the steps in Completing post-upgrade tasks.