Installing a production deployment

Edit online

Containers:
Installation of stand-alone IBM Business Automation Workflow on containers uses an operator, which is a Kubernetes feature that makes it simpler to install and update without having to worry about the underlying cloud provider. However, it is important for cluster administrators and non-administrators who want to install containers to understand the main concepts and how you interact with the operator.

For more information, see Quick reference Q&A for production deployments. This topic is for Cloud Pak, although the information is still useful for stand-alone Business Automation Workflow.

Deployment scripts are provided to significantly reduce the number of configuration steps.

Before you begin

You must prepare your environment and install the necessary software before you go to the GitHub repositories to find resources to install the IBM certified software. See Planning.

Before you run the scripts, be aware of the following considerations:

The scripts can be used only on Red Hat (RHEL), CentOS, and macOS.
You need a cluster admin or a non-admin user in the OpenShift identity provider to run the deployment script. For more information about users on OpenShift, see Understanding identity provider configuration.
You can use an existing project in the cluster or create a namespace by entering a new name with the setup cluster script. It is likely that you create a namespace when you prepare the operator storage.
The deployment script needs a storage class name to use for dynamic storage. The administrator must make a note of the storage class to use, and provide this name to the user who runs the deployment script. All the container images require persistent volumes (PVs) and persistent volume claims (PVCs), so review the topics on preparing these PVs and PVCs. For more information, see Storage considerations.

Important: If you plan to use Db2, make sure that Db2 does not run any compatibility features before you create the databases. Run the following Db2 commands before you create the databases to set the compatibility features to NULL (default):

db2set DB2_COMPATIBILITY_VECTOR= 
db2stop
db2start

About this task

Before you install any of the automation containers, you must prepare a cluster for the patterns you want to use.

Tip: If possible, delegate or at least work with subject matter experts to help you prepare each pattern that you intend to install. Patterns can be installed with a minimum amount of customization with default secrets and configurations. However, you are more than likely to want to customize a pattern at some point. Therefore, you must assess the configuration parameters with the help of the software experts to identify the values that you must provide to the custom resource.

Procedure

Get the software. You must get access to the Cloud Pak container images before you edit the custom resource file. The Cloud Native Computing Foundation (CNCF) platform type or "Other" is the only platform that supports a local image registry in the script to set up the cluster. The OpenShift Container Platform (OCP) and Red Hat OpenShift Kubernetes Service (ROKS) platform types support only the IBM Entitled Registry in the cluster setup script. For instructions, see Getting access to container images.
Set up the cluster.
There are several ways to set up the cluster. If you plan to use the IBM Entitled Registry and use the OCP catalog in Operator Hub, you can set up the cluster with the OCP CLI and console. The OCP catalog helps you to discover all of the certified products and services that you can install on your system. You can also use an admin script.
- You can install the operator from the OpenShift Operator Hub to use the operator lifecycle manager (OLM) in your deployment. OLM helps you to install, update, and manage the lifecycle of all operators and services that are deployed in OCP clusters. It is part of the Operator Framework, which is an open source toolkit that is designed to manage Kubernetes applications in an effective, automated, and scalable way. To prepare the cluster this way, follow the instructions in Setting up the cluster for Operator Hub.
- You can store everything that you must install in stand-alone Business Automation Workflow on a local host and use this server for your deployment. Follow the instructions in Setting up the cluster without an internet connection.
- A cluster administrator user can run a script to set up the cluster. The administrator must also provide information that they get from the script to a non-administrator user so they can run the deployment script. Follow the instructions in Setting up the cluster by running a script or Setting up the cluster in silent mode.
  Important:
  - When you are told to download the appropriate repository, go to https://github.com/IBM/cloud-pak/tree/master/repo/case/ and get the latest version of ibm-cs-bawautomation-2.4 to get the .tar.gz file for Business Automation Workflow. Extract the package, and then extract the contents from the .tar file in the ibm-cs-bawautomation/inventory/cp4aOperatorSdk/files/deploy/crs folder. Use the tar -xvzf command to extract it to the cert-kubernetes directory directory.
  - When you run the cluster setup script, cp4a-clusteradmin-setup.sh, add a baw parameter:
```
./cp4a-clusteradmin-setup.sh baw
```
If you are installing in an offline environment, follow the instructions in Preparing your cluster for an air gapped (offline) deployment
If you want to use SSL-enabled LDAP in your container environment, you must create the SSL secret with the certificate of the LDAP server. Follow the instructions in Configuring SSL-enabled LDAP.
Prepare for Business Automation Workflow on containers before you apply your custom resource. If you used the baw-prerequisites.sh script to generate the database SQL statement files (scripts) and YAML template files for the database secrets, then follow the substeps.
Notes:
- You can prepare an installation of Business Automation Workflow, by using the baw-prerequisites.sh script that is provided in the cert-kubernetes archive of the CASE package. The script generates property files for the selected capabilities in your deployment and must be run before your deployment is installed. Follow the instructions in Recommended: Preparing databases and LDAP by running a script.
- Ignore any instructions about Workstream Services, Business Automation Insights, or Machine Learning Server (including Intelligent Task Prioritization and Workforce Insights). These instructions are not included in stand-alone Business Automation Workflow.
1. Set up and configure a directory server to provide the authentication repository.
  See Preparing users and groups.
2. Optional: Prepare customized versions of JDBC drivers to use in your production deployments.
  See Preparing customized versions of JDBC drivers.
3. Prepare storage, including the persistent volumes (PVs) and persistent volume claim (PVCs) for the operator, Application Engine, Business Automation Navigator, FileNet® Content Manager, Business Automation Navigator. Java Message Service (JMS), Process Federation Server, and Business Automation Workflow.
  Note: Ignore the steps about Intelligent Task Prioritization and Workforce Insights.
  See Preparing storage.
4. Prepare storage for the Elasticsearch cluster deployed for Process Federation Server.
  See Preparing storage for Elasticsearch.
  If you prefer, you can also use your own external Elasticsearch. See Referencing your own Elasticsearch .
  
  Note: Linux on IBM Z must use external Elasticsearch.
5. Set up SCC for Elasticsearch.
  See Setting up the security context constraint for Elasticsearch.
6. Optional: If you have custom case widgets and custom case extensions that you want to configure, see Preparing your environment for customizations.
7. Optional: If you want to see a visual representation of the extended history for a case, see Optional: Enabling the Timeline Visualizer widget to display Business Automation Workflow process activity flow.
  For more information, see Timeline Visualizer widget.
If you did not use the baw-prerequisites.sh script to generate the database SQL statement files (scripts) and YAML template files for the database secrets, then you must follow the manual sub steps as listed.
1. Set up and configure a directory server to provide the authentication repository.
  See Preparing users and groups.
2. Create databases for Business Automation Workflow, IBM Business Automation Application Engine, FileNet Content Manager, and IBM Business Automation Navigator.
  See Creating required databases.
3. Optional: Prepare customized versions of JDBC drivers to use in your production deployments.
  See Preparing customized versions of JDBC drivers.
4. Create the database for User Management Service (UMS).
  See "Preparing the UMS database" in Installing User Management Services on containers for IBM Business Automation Workflow.
5. Prepare storage, including the persistent volumes (PVs) and persistent volume claim (PVCs) for the operator, Application Engine, Business Automation Navigator, FileNet Content Manager, Business Automation Navigator. Java Message Service (JMS), Process Federation Server, and Business Automation Workflow.
  Note: Ignore the steps about Intelligent Task Prioritization and Workforce Insights.
  See Preparing storage.
6. Prepare storage for the Elasticsearch cluster deployed for Process Federation Server.
  See Preparing storage for Elasticsearch.
  If you prefer, you can also use your own external Elasticsearch. See Referencing your own Elasticsearch .
  
  Note: Linux on IBM Z must use external Elasticsearch.
7. Create secrets for LDAP, Business Automation Workflow, Application Engine, Resource Registry, FileNet Content Manager, and Business Automation Navigator.
  See Creating secrets to protect sensitive configuration data.
8. Create the secret for User Management Services.
  See "Creating the User Management Services database admin secret" in Installing User Management Services on containers for IBM Business Automation Workflow.
9. Set up SCC for Elasticsearch.
  See Setting up the security context constraint for Elasticsearch.
10. Optional: If you have custom case widgets and custom case extensions that you want to configure, see Preparing your environment for customizations.
11. Optional: If you want to see a visual representation of the extended history for a case, see Optional: Enabling the Timeline Visualizer widget to display Business Automation Workflow process activity flow.
  For more information, see Timeline Visualizer widget.
Install the production deployment.
There are two ways to install the deployment.
You can set up the cluster with the IBM operator catalog in the OpenShift Operator Hub, or you can create a custom resource file by running the deployment script or copying a template. Follow the instructions in Installing the capability.
Optional: If you want to configure multiple instances, see Configuring multiple instances of Business Automation Workflow and Workstream Services.
Verify that you installed stand-alone Business Automation Workflow correctly.
See Verifying the installation.
After installation, extra steps are needed to ensure that the environment works correctly.
1. The Application Engine administrative user must exist in your LDAP user registry. Add your user into the User Management Services (UMS) team server admin group. Either add the user to the team server admin LDAP group (ums_configuration.teamserver.admingroup) or add the user to the internal Administrators team by following the instructions in "Managing teams" in Installing User Management Services on containers for IBM Business Automation Workflow.
2. After you run the container deployment, enable the users and groups to access Business Automation Workflow.
  See Completing post-installation tasks for Business Automation Workflow Authoring, Runtime, and Workstream Services. The optional tasks that you might want to perform are listed.
  - To add custom configuration for Process Federation Server, see Customizing Process Federation Server.
  - To add custom properties to the runtime configuration, see Customizing Business Automation Workflow properties.
  - To integrate with IBM MQ, see Enabling the Liberty feature to integrate with IBM MQ.
  - To connect with Workflow Center on-premises, see Customizing Workflow Server to connect to Workflow Center on premise.
3. For FileNet Content Manager, you must do more tasks to configure and start your domain.
  See Completing post-installation tasks for FileNet Content Manager.
4. For User Management Services, you can perform optional tasks to configure Business Automation Workflow or Process Federation Server to use User Management Services, or create a client application that starts UMS-protected APIs.
  See the post-deployment tasks in Installing User Management Services on containers for IBM Business Automation Workflow.
5. For Business Automation Navigator, you must do some additional configuration to ensure that the application works with your content services environment.
  See Completing post-installation tasks for Business Automation Navigator.
6. For most deployments on Red Hat OpenShift Kubernetes Service (ROKS), extra steps are needed to ensure that the environment works correctly.
  See Completing extra post-installation tasks on ROKS.
Optional: Customize your Business Automation Workflow route's hostname or certificates. See Providing certificates for external routes.
You can configure the Lightweight Directory Access Protocol (LDAP), see LDAP configuration

Results

Your production deployment is complete.