Customizing Process Federation Server for Business Automation Workflow on containers

You can add custom configuration for Process Federation Server.

About this task

After you install Business Automation Workflow, the <CR_Name>-federated_ps_short-secret-custom secret contains a Process Federation Server configuration file named user.xml. If federated_ps_short_configuration.enable_default_security_roles is set to true in the custom resource (CR) file, you can use the user.xml to configure the user registry and user roles for Process Federation Server.

You can customize the Process Federation Server configuration by using the federated_ps_short_configuration.config_dropins_overrides_secret property in the CR. You must create a secret and set the secret name to federated_ps_short_configuration.config_dropins_overrides_secret. Use the following command to create the secret:
kubectl create secret generic ibm-federated_ps_short-config --from-file=/opt/federated_ps_short/configDropins
where /opt/federated_ps_short/configDropins is the folder that contains the Process Federation Server configuration files.

Procedure

The following example shows how to update the custom configuration roles for Process Federation Server by changing the user.xml file.

  1. Get the content of the user.xml file.
    The file is encoded with base64 in the ibm-federated_ps_short-config secret. Run the following command to get it: 
    kubectl get secret <CR_Name>-federated_ps_short-secret-custom -o yaml
  2. Decode the data in the user.xml file and update the content, then encode the updated content with base64. If you are on a Linux® based system, you can decode and encode with the base64 command. For more information, see Base64 Linux man page External link opens a new window or tab. If you are on Windows, you can decode and encode with the built-in certutil command. For more information, see Certutil windows command External link opens a new window or tab.
  3. Update ibm-federated_ps_short-config to add the new secret.
    Run the following command:
    kubectl edit secret <CR_Name>-federated_ps_short-secret-custom
    Replace the data in user.xml with the updated base64-encoded content.
    When you save and quit, the content is updated in the Process Federation Server Pod starter-ibm-process-federation-server-0 synchronously.

What to do next

You can add custom configuration for Process Federation Server, like custom user authorizations, custom logging for troubleshooting, and custom logging. When Process Federation Server is installed as part of the CR, the operator defines a default set of authorizations for Process Federation Server users, that you can customize depending on your needs. For more information, see Specifying Process Federation Server user authorizations on Kubernetes External link opens a new window or tab. For more information on customizing logging, see Troubleshooting Process Federation Server in a container environment External link opens a new window or tab..