Optional: Customizing Workflow Server to connect to Workflow Authoring
You can configure a remote on-container Workflow Server so users can debug an instance on a production or test environment to ensure it runs correctly in that environment.
Note: This topic does not apply to stand-alone Business Automation Workflow.
Procedure
-
Exchange the certificate of your Workflow Server and IBM Workflow Authoring
environment.
Extract the IBM Cloud Pak Platform UI (Zen) CA and the common services CA of the Workflow Authoring delivery and copy them to your Workflow Server container-located server. For instructions, see Exporting the Zen CA and common services CA.For example, suppose that their locations are /root/zenRootCAPC.cert and /root/csRootCAPC.cert. On the Business Automation Workflow runtime environment, run the following oc command to create secrets:
> oc create secret generic baw-tls-zen-secret --from-file=tls.crt=/root/zenRootCAPC.cert oc create secret generic baw-tls-cs-secret --from-file=tls.crt=/root/csRootCAPC.cert
Extract the Zen CA and the common services CA of Workflow Server delivery and copy them to your Workflow Authoring container-located server. For instructions, see Exporting the Zen CA and common services CA.
For example, suppose that their locations are /root/zenRootCAPS.cert and /root/csRootCAPS.cert. On the Workflow Authoring environment, run the following oc command to create secrets:
> oc create secret generic bawaut-tls-zen-secret --from-file=tls.crt=/root/zenRootCAPS.cert oc create secret generic bawaut-tls-cs-secret --from-file=tls.crt=/root/csRootCAPS.cert
-
Create a secret that holds the username and password of the IBM Workflow Center
administrator.
- On the Business Automation Workflow
runtime environment, create a new secret called ibm-baw-wc-secret in the
adminSecrets4operator-ctnrs.yaml file. You add the following content into
adminSecrets4operator-ctnrs.yaml file. This secret will contain the credentials
of an administrator for Workflow Center, for
example
apiVersion: v1 kind: Secret metadata: name: ibm-baw-wc-secret type: Opaque stringData: username: <workflow_authoring_admin_user> password: <workflow_authoring_admin_user_password>
<workflow_authoring_admin_user>
is the admin user of Workflow Authoring. You can get this specification from theworkflow_authoring_configuration.admin_user
Workflow Authoring configuration. - Apply the adminSecrets4operator-ctnrs.yaml file to the runtime environment:
oc apply -f ./adminSecrets4operator-ctnrs.yaml
- On the Business Automation Workflow
runtime environment, create a new secret called ibm-baw-wc-secret in the
adminSecrets4operator-ctnrs.yaml file. You add the following content into
adminSecrets4operator-ctnrs.yaml file. This secret will contain the credentials
of an administrator for Workflow Center, for
example
-
Add the Zen CA and the common services CA of Workflow Authoring that you created in
step 1 to the trust list section of the Business Automation Workflow custom resource (CR) YAML
file. In the
workflow_center
section of the Business Automation Workflow CR file, update the following parameters.This example shows a production deployment.baw_configuration: - name: instance1 tls: tls_trust_list: [baw-tls-zen-secret, baw-tls-cs-secret] workflow_center: offline: false url: "https://cpd-<namespace>.apps.<clusterhost>/bawaut/ProcessCenter" secret_name: "ibm-baw-wc-secret" heartbeat_interval: 30
- For a starter deployment, the
workflow_center url
ishttps://cpd-<namespace>.apps.<clusterhost>/bas/ProcessCenter
- For a production deployment, the
workflow_center url
ishttps://cpd-<namespace>.apps.<clusterhost>/bawaut/ProcessCenter
You can do this for all features, as shown in Importing the certificate of an external service. - For a starter deployment, the
-
Add the Zen CA and the common services CA of the Workflow Server that you
created in step 1 to the trust list section of the Workflow Authoring CR file:
workflow_authoring_configuration: tls: tls_trust_list: [bawaut-tls-zen-secret, bawaut-tls-cs-secret] federated_portal: # Content security policy additional origins for federate on container Workflow Server, for example ["on container Workflow Server host name:on container Workflow Server port"] content_security_policy_additional_origins: [ https://cpd-<namespace>.apps.<clusterhost>/baw-instance1:443]
- Apply the CR changes by running oc apply -f <customResourceFileName>.
- Add users to the Debug user group. For more information, see the steps to add members to a group in Managing access to the Workflow repository.