Optional: Customizing Workflow Server to connect to Workflow Authoring

Edit online

You can configure a remote on-container Workflow Server so users can debug an instance on a production or test environment to ensure it runs correctly in that environment.

Note: This topic does not apply to stand-alone Business Automation Workflow.

Procedure

Exchange the certificate of your Workflow Server and IBM Workflow Authoring environment.
Extract the IBM Cloud Pak Platform UI (Zen) CA and the common services CA of the Workflow Authoring delivery and copy them to your Workflow Server container-located server. For instructions, see Exporting the Zen CA and common services CA.
For example, suppose that their locations are /root/zenRootCAPC.cert and /root/csRootCAPC.cert. On the Business Automation Workflow runtime environment, run the following oc command to create secrets:
```
> oc create secret generic baw-tls-zen-secret --from-file=tls.crt=/root/zenRootCAPC.cert
oc create secret generic baw-tls-cs-secret --from-file=tls.crt=/root/csRootCAPC.cert
```
Extract the Zen CA and the common services CA of Workflow Server delivery and copy them to your Workflow Authoring container-located server. For instructions, see Exporting the Zen CA and common services CA.

For example, suppose that their locations are /root/zenRootCAPS.cert and /root/csRootCAPS.cert. On the Workflow Authoring environment, run the following oc command to create secrets:
```
> oc create secret generic bawaut-tls-zen-secret --from-file=tls.crt=/root/zenRootCAPS.cert
oc create secret generic bawaut-tls-cs-secret --from-file=tls.crt=/root/csRootCAPS.cert
```
Create a secret that holds the username and password of the IBM Workflow Center administrator.
1. On the Business Automation Workflow runtime environment, create a new secret called ibm-baw-wc-secret in the adminSecrets4operator-ctnrs.yaml file. You add the following content into adminSecrets4operator-ctnrs.yaml file. This secret will contain the credentials of an administrator for Workflow Center, for example
```
apiVersion: v1
kind: Secret
metadata:
  name: ibm-baw-wc-secret
type: Opaque
stringData:
  username: <workflow_authoring_admin_user>
  password: <workflow_authoring_admin_user_password>
```
  <workflow_authoring_admin_user> is the admin user of Workflow Authoring. You can get this specification from the workflow_authoring_configuration.admin_user Workflow Authoring configuration.
2. Apply the adminSecrets4operator-ctnrs.yaml file to the runtime environment:
```
oc apply -f ./adminSecrets4operator-ctnrs.yaml
```
Add the Zen CA and the common services CA of Workflow Authoring that you created in step 1 to the trust list section of the Business Automation Workflow custom resource (CR) YAML file. In the workflow_center section of the Business Automation Workflow CR file, update the following parameters.
This example shows a production deployment.
```
  baw_configuration:
  - name: instance1
    tls:
      tls_trust_list: [baw-tls-zen-secret, baw-tls-cs-secret]
    workflow_center:
     offline: false
     url: "https://cpd-<namespace>.apps.<clusterhost>/bawaut/ProcessCenter"
     secret_name: "ibm-baw-wc-secret"
     heartbeat_interval: 30
```
- For a starter deployment, the workflow_center url is https://cpd-<namespace>.apps.<clusterhost>/bas/ProcessCenter
- For a production deployment, the workflow_center url is https://cpd-<namespace>.apps.<clusterhost>/bawaut/ProcessCenter
You can do this for all features, as shown in Importing the certificate of an external service.

Add the Zen CA and the common services CA of the Workflow Server that you created in step 1 to the trust list section of the Workflow Authoring CR file:

  workflow_authoring_configuration:
    tls:
      tls_trust_list: [bawaut-tls-zen-secret, bawaut-tls-cs-secret]

    federated_portal:
      # Content security policy additional origins for federate on container Workflow Server, for example ["on container Workflow Server host name:on container Workflow Server port"]
 content_security_policy_additional_origins: [ https://cpd-<namespace>.apps.<clusterhost>/baw-instance1:443]

Apply the CR changes by running oc apply -f <customResourceFileName>.
Add users to the Debug user group. For more information, see the steps to add members to a group in Managing access to the Workflow repository.