Configuring optional IBM Business Automation Workflow components in an existing production deployment

Edit online
Adding or removing optional components in an existing IBM Business Automation Workflow production deployment.

Before you begin

  • Ensure you have access to the cert-kubernetes-baw/scripts directory.
  • Verify that you have permissions to run scripts and modify deployment resources.
  • Back up the existing Custom Resource (CR) and property files.
  • Confirm that the Kubernetes cluster and namespace are correctly configured.
  • Prepare SSL certificates if SSL is enabled for any configuration.

About this task

IBM Business Automation Workflow enables you to modify the active optional components in an existing deployment without performing a full redeployment. This means you can add or remove optional components for each pattern capability as needed. To apply these updates, run the baw-prerequisites.sh script in property mode with the --update-components flag. Note that this feature is limited to installing and uninstalling optional components; it does not support changing the database type, modifying the LDAP type, or generating network policies.

Procedure

  1. Run the update-components script in property mode from the scriptsfolder inside the cert-kubernetes-baw directory: 
    ./baw-prerequisites.sh -m property --update-components
  2. The script checks for property files in scripts/baw-prerequisites/<namespace>/propertyfile. If not found, you will be prompted to provide the path to the property files.
    Example:
    [INFO] The "baw-prerequisites.sh" script is being executed in update mode to modify the optional components for the current deployment. For more details on modifying the selected optional components for the current deployment refer Knowledge Center.

[INFO] Checking if the default property file directory -> "/root/cert-kubernetes/scripts/baw-prerequisites/project/cp4ba/propertyfile" contains all required property files...

All required property files are found in the default path. Do you want to use this path? (Yes/No)[Default: Yes]:
  3. The script displays the current deployment configuration and prompts you to update optional components. Available components and their current status are listed.
    Example:
    [INFO] The current configurations for the active Deployment in cp4ba are listed below.


Configuration                                      | Value                                             
---------------------------------------------------+---------------------------------------------------
Current Custom Resource Type                       | icp4acluster                                      
Current Custom Resource Name                       | bawdeploy                                         
Current Deployment Patterns Selected               | Business Automation Workflow                      
Current Optional Components Selected               | Business Automation Insights                      
LDAP Directory Type                                | IBM Security Directory Server                     
Slow Storage Class Name                            | nfs-client                                        
Medium Storage Class Name                          | nfs-client                                        
Fast Storage Class Name                            | nfs-client                                        
Block Storage Class Name                           | nfs-client                                        
Deployment Profile Size                            | small                                             
Database Server Type                               | postgresql                                        
Database Server List                               | rg-db1                                            
Network Policy template generation                 | true                                              
External PostgresDB enabled for IM                 | true                                              
External PostgresDB enabled for ZEN                | true                                              
External PostgresDB enabled for BTS                | true                                              
Number of Content Object Stores configured         | 0                                                 

Do you want to continue to update the current list of Optional Components deployed? (Yes/No)(default No): 
    Pattern "Business Automation Workflow Authoring": Select optional components: 

[INFO] cmis will be added along with optional components by default.
1) Business Automation Insights (Installed)
2) Data Collector and Data Indexer 
3) Exposed Kafka Services 
4) Workplace Assistant 
5) (Preview) Authoring Assistant 

Tips: Press [ENTER] if you do not want any optional components or when you are finished selecting your optional components
Enter a valid option [1 to 5 or ENTER]:
    User can add or remove optional components from this section.

    • If selecting already selected optional component, status of that component will be switching from Installed to To be UnInstalled.

    • If selecting a new optional component, Selected status will be added.

  4. Update property files:
    • Edit the regenerated property files.
      • baw_db_name_user.property
      • baw_db_server.property
      • baw_LDAP.property
      • baw_user_profile.property
    • Add SSL certificates into the respective folders, if SSL is enabled for any configuration.
    • Previous iteration property files are backed up in: scripts/baw-prerequisites/project/<namespace>/propertyfile/original_property_file
    Note: The script fills common properties automatically, but you must review and update the property files before proceeding.
  5. Do not recreate databases that already exist. If additional databases are required, create them using the generated database scripts. After updating the property files, run the baw-prerequisites.sh script in the generate mode to generate the files you will run to create databases and secrets. 
    ./baw-prerequisites.sh -m generate -n <namespace_name>
    If the script detects that the property files do not have custom values, it displays messages to help you identify the missing values.
    The script generates a directory (if you selected a database type other than EDB Postures) and a shell script:
    • scripts/baw-prerequisites/project/<namespace>/dbscript - Directory that contains SQL files to create databases
    • scripts/baw-prerequisites/project/<namespace>/create_secret.sh - Shell script to create secrets
  6. After you generate all the necessary files for your Business Automation Workflow deployment, make sure that the SQL files and the script have the correct values before you apply them.
  7. If the databases already exist, do not recreate them. If you need more, create them using the generated scripts. When ready, if you chose a database type other than EDB Postgres, run the scripts on your database server and then use the shell script to create the required secrets.
    1. To create databases:
      1. Copy the contents of your scripts/baw-prerequisites/project/<namespace>/dbscript directory to your database server (if needed).
      2. Log in to your database client or use the command line to run all the SQL scripts. The following example is for PostgreSQL.
        psql -f dbscript/ban/postgresql/<namespace>/createICNDB.sql
    2. The user will also be expected to drop SSL certificates to the respective folders if SSL has been chosen for any configurations. To create secrets:
      1. Make sure that you can access your cluster by using kubectl: 
        kubctl get node
      2. Run the shell script:
        ./baw-prerequisites/project/<namespace>/create_secret.sh
      3. Verify that the secrets are created in your cluster:
        kubectl get secret
...
ibm-ban-secret                                           Opaque                           8      37s
ibm-cp4ba-db-ssl-secret-for-postgres171                  Opaque                           2      34s
ibm-fncm-secret                                          Opaque                           12     35s
bawdeploy-bas-admin-secret                               Opaque                           2      39s
ldap-bind-secret                                         Opaque                           2      38s
  8. Optional: After all of the required databases and secrets are created, run the baw-prerequisites.sh script again in the validate mode to check the generated secrets, databases, and LDAP connection. 
    ./baw-prerequisites.sh -m validate -n <namespace_name>
    The command checks that all of the required secrets are found and submits a validation query to the LDAP server and the list of remote database servers. If the operation succeeds within the timeout threshold, the validation is marked as PASSED! No queries are run and no data is changed.

    If a connection is not successful, a message informs you which connection failed. Check the values in your property files so that you can correct them and try again.

    The script also immediately asks whether you want to run Storage Validation and Performance Validation tests. The Storage Validation checks the functional availability of the storage classes by creating temporary PVCs and confirming whether they bind successfully. To test the performance of the storage configuration, choose to run the Performance Validation. The storage validation takes approximately 25 minutes and the performance validation takes approximately 50 minutes.

    Note:

    When you select “no” to run the Storage Validation and the Performance Validation, the script outputs the command in storage_and_performance_validation mode in case you want to run the tests later.

    When you select “no” to run the Storage Validation, then the script outputs the command in storage_validation mode in case you want to run this test later. When you select “no” to run the Performance Validation, then the script outputs the command in performance_validation mode in case you want to run this test later.

    ./baw-storage-validation.sh -m storage_and_performance_validation -n <BAW_NAMESPACE>
./baw-storage-validation.sh -m storage_validation -n <BAW_NAMESPACE>
./baw-storage-validation.sh -m performance_validation -n <BAW_NAMESPACE>
    If you select “yes” to either of the validation tests, the script checks that the prerequisite tools are installed on your system.
    1. If a prerequisite tool is not installed, the script prompts you to run a shell script (baw-storage-validation.sh), which installs the missing tools.
    2. When all the prerequisites are installed, the script proceeds with a selected validation test.

    For more information, see Installing the prerequisites for Business Automation Workflow on containers

    Note: Storage and performance validation features works only on Red Hat® OpenShift® clusters.
  9. Run the deployment script to generate the Business Automation Workflow CR based on the property files. 
    ./baw-deployment.sh -n <namespace_name>
    Follow the prompts in the command window to enter the required information.
    1. Accept the license.
    2. Confirm the summary of capabilities.
    3. Select the cloud platform that you are using.
    4. Optionally, provide a URL to a ZIP file that contains JDBC or ICCSAP drivers. If you need to change the URL after creating the CR, see step 8 for details.
    5. Verify that the information is correct.
    The CR is created in scripts/generated-cr/project/<namespace>/ibm_cp4a_cr_final.yaml..
    Note:
    • Preserve manual changes - Before running the script, identify any sections in your current CR that were added manually and not generated by the script. You will need to add these sections back after the new CR is generated.
    • Backup and review - The script creates a backup folder containing the original CR inside the generated-cr directory. Review the newly generated CR and make any necessary adjustments.
    • File naming requirement - Do not rename the generated Custom Resource file. The file name must match the name of the live Custom Resource file.
    • Removing Business Automation Insights from deployment - If Business Automation Insights is being removed:
      • Apply the new CR and wait for the operators to reconcile.
      • Manually delete the FlinkDeployment CR.

        Leaving it behind does not affect functionality, but some Business Automation Insights Flink components will remain.

Results

The optional components in your existing Business Automation Workflow deployment are updated according to your selections without requiring a full redeployment.

What to do next

  • Validate the deployment and confirm that the added or removed components are functioning as expected.
  • Monitor logs and reconcile any manual changes in the CR if necessary.