Installing a production deployment

Edit online

Containers:
Installation of stand-alone IBM Business Automation Workflow on containers uses an operator, which is a Kubernetes feature that makes it simpler to install and update without having to worry about the underlying cloud provider. However, it is important for cluster administrators and non-administrators who want to install containers to understand the main concepts and how you interact with the operator.

For more information, see Quick reference Q&A for production deployments. This page is for Cloud Pak, although the information is still useful for stand-alone Business Automation Workflow.

Deployment scripts are provided to significantly reduce the number of configuration steps.

Before you begin

You must prepare your environment and install the necessary software before you go to the GitHub repositories to find resources to install the IBM certified software. See Planning for IBM Business Automation Workflow on containers in 21.0.3.

Before you run the scripts, be aware of the following considerations:

The scripts can be used only on Red Hat® (RHEL), CentOS, and macOS.
You need a cluster admin or a non-admin user in the OpenShift® identity provider to run the deployment script. For more information about users on OpenShift, see Understanding identity provider configuration.
You can use an existing project in the cluster or create a namespace by entering a new name with the setup cluster script. It is likely that you create a namespace when you prepare the operator storage.
The deployment script needs a storage class name to use for dynamic storage. The administrator must make a note of the storage class to use, and provide this name to the user who runs the deployment script. All the container images require persistent volumes (PVs) and persistent volume claims (PVCs), so review the topics on preparing these PVs and PVCs. For more information, see Storage considerations.

Important: If you plan to use Db2®, make sure that Db2 does not run any compatibility features before you create the databases. Run the following Db2 commands before you create the databases to set the compatibility features to NULL (default):

db2set DB2_COMPATIBILITY_VECTOR= 
db2stop
db2start

About this task

Before you install any of the automation containers, you must prepare a cluster for the patterns you want to use.

Tip: If possible, delegate or at least work with subject matter experts to help you prepare each pattern that you intend to install. Patterns can be installed with a minimum amount of customization with default secrets and configurations. However, you are more than likely to want to customize a pattern at some point. Therefore, you must assess the configuration parameters with the help of the software experts to identify the values that you need to provide to the custom resource.

Procedure

Prepare storage for the operator. All instances of an operator need a place to store the operator's log files, whether it is on a private cloud or on IBM Cloud® Public.
Follow the instructions in Preparing storage for the Cloud Pak operator.
Get the software. You must get access to the Cloud Pak container images before you edit the custom resource file. The Cloud Native Computing Foundation (CNCF) platform type or "Other" is the only platform that supports a local image registry in the script to set up the cluster. The OpenShift Container Platform (OCP) and Red Hat OpenShift Kubernetes Service (ROKS) platform types support only the IBM Entitled Registry in the cluster setup script. For instructions, see Getting access to container images.
Set up the cluster.
There are several ways to set up the cluster. If you plan to use the IBM Entitled Registry and use the OCP Catalog in Operator Hub, you can set up the cluster with the OCP CLI and console. The OCP catalog helps you to discover all of the certified products and services that you can install on your system. You can also use an admin script.
- You can install the operator from the OpenShift Operator Hub to use the operator lifecycle manager (OLM) in your deployment. OLM helps you to install, update, and manage the lifecycle of all operators and services that are deployed in OCP clusters. It is part of the Operator Framework, which is an open source toolkit that is designed to manage Kubernetes applications in an effective, automated, and scalable way. To prepare the cluster this way, follow the instructions in Setting up the cluster for Operator Hub for IBM Business Automation Workflow on containers in 21.0.3.
- You can store everything that you need to install stand-alone Business Automation Workflow on a local host and use this server for your deployment. Follow the instructions in Setting up the cluster in an air-gapped environment for IBM Business Automation Workflow on containers in 21.0.3.
- A cluster administrator user can run a script to set up the cluster. The administrator must also provide information that they get from the script to a non-administrator user so they can run the deployment script. Follow the instructions in Setting up the cluster by running a script or Setting up the cluster in silent mode.
  Important:
  - When you are told to download the appropriate repository, go to https://github.com/IBM/cloud-pak/tree/master/repo/case/ and get the latest version of ibm-cs-bawautomation-2.2 to get the .tar.gz file for Business Automation Workflow. Extract the package, and then extract the contents from the .tar file in the ibm-cs-bawautomation/inventory/cp4aOperatorSdk/files/deploy/crs folder. Use the tar -xvzf command to extract it to the cert-kubernetes directory directory.
  - When you run the cluster setup script, cp4a-clusteradmin-setup.sh, add a baw parameter:
```
./cp4a-clusteradmin-setup.sh baw
```
If you are installing in an air-gapped environment, follow the instructions in Preparing an air-gapped environment.
If you want to use SSL-enabled LDAP in your container environment, you must create the SSL secret with the certificate of the LDAP server. Follow the instructions in Configuring SSL-enabled LDAP.
Prepare for Business Automation Workflow on containers before you apply your custom resource. Follow the detailed instructions in the substeps.

Note: Ignore any instructions about Workstream Services, Business Automation Insights, or Machine Learning Server (including Intelligent Task Prioritization and Workforce Insights). These are not included in stand-alone Business Automation Workflow.
1. Set up and configure a directory server to provide the authentication repository.
  See Preparing users and groups.
2. Create the required databases for Business Automation Workflow, IBM Business Automation Application Engine, FileNet® Content Manager, and IBM Business Automation Navigator.
  See Creating required databases.
3. Create the required database for User Management Service (UMS).
  See "Preparing the UMS database" in Installing IBM Business Automation Workflow Version 21.0.3 User Management Services on containers.
4. Prepare storage, including the required persistent volumes (PVs) and persistent volume claim (PVCs) for the operator, Application Engine, Business Automation Navigator, FileNet Content Manager, Business Automation Navigator. Java™ Message Service (JMS), Process Federation Server, and Business Automation Workflow.
  Note: Ignore the steps about Intelligent Task Prioritization and Workforce Insights.
  See Preparing storage.
5. Prepare storage for the Elasticsearch cluster deployed for Process Federation Server.
  See Preparing storage for Elasticsearch for Business Automation Workflow on containers in 21.0.3.
  You can also use your own external Elasticsearch if you prefer. See Referencing your own Elasticsearch.
  
  Note: Linux® on IBM Z® must use external Elasticsearch.
6. Create secrets for LDAP, Business Automation Workflow, Application Engine, Resource Registry, FileNet Content Manager, and Business Automation Navigator.
  See Creating secrets to protect sensitive configuration data.
7. Create the secret for UMS.
  See "Creating the UMS database admin secret" in Installing IBM Business Automation Workflow Version 21.0.3 User Management Services on containers.
8. Set up SCC for Elasticsearch.
  See Setting up the security context constraint for Elasticsearch for containers in 21.0.3.
9. Optional: If you have custom case widgets and custom case extensions that you want to configure, see Preparing your environment for customizations.
10. Optional: If you want to see a visual representation of the extended history for a case, see Optional: Enabling the Timeline Visualizer widget to display Business Automation Workflow process activity flow.
  For more information, see Timeline Visualizer widget.
Install the production deployment.
There are two ways to install the deployment.
You set up the cluster with the IBM operator catalog in the OpenShift Operator Hub or you can create a custom resource file by running the deployment script or copying a template. Follow the instructions in Installing IBM Business Automation Workflow capability
.
Optional: If you want to configure multiple instances, see Configuring multiple instances of Business Automation Workflow and Workstream Services.
Verify that you installed stand-alone Business Automation Workflow correctly.
See Verifying the installation of IBM Business Automation Workflow on containers in 21.0.3.
After installation, extra steps are needed to ensure that the environment works correctly.
1. The Application Engine administrative user must exist in your LDAP user registry. Add your user into the User Management Services (UMS) team server admin group. Either add the user to the team server admin LDAP group (ums_configuration.teamserver.admingroup) or add the user to the internal Administrators team by following the instructions in "Managing teams" in Installing IBM Business Automation Workflow Version 21.0.3 User Management Services on containers.
2. After you run the container deployment, enable users and groups to access Business Automation Workflow.
  See Providing user access. There are also optional tasks you might want to perform:
  - To add custom configuration for Process Federation Server, see Customizing Process Federation Server.
  - To add custom properties to the runtime configuration, see Customizing runtime server properties.
  - To integrate with IBM MQ, see Enabling Liberty feature to integrate with IBM MQ.
  - To connect with Workflow Center on premise, see Customizing Workflow Server to connect to Workflow Center on premise.
3. For FileNet Content Manager, you must do additional tasks to configure and start your domain.
  See Completing post-installation tasks for FileNet Content Manager.
4. For UMS, you can perform optional tasks to configure Business Automation Workflow or Process Federation Server to use UMS, or create a client application that invokes UMS-protected APIs.
  See the post-deployment tasks in Installing IBM Business Automation Workflow Version 21.0.3 User Management Services on containers.
5. For Business Automation Navigator, you must do some additional configuration to ensure that the application works with your content services environment.
  See Completing post-installation tasks for Business Automation Navigator.
6. For most deployments on Red Hat OpenShift Kubernetes Service (ROKS), extra steps are needed to ensure that the environment works correctly.
  See Completing extra post-installation tasks on ROKS.

Results

Your production deployment is complete.