Installing the capabilities in the Red Hat OpenShift console
If you want to select the capabilities to install and use only the default values, then it is easier to do that in the Form View of the Cloud Pak for Business Automation operator.
Before you begin
- Log in to your OCP or ROKS cluster as a cluster administrator.
To allow a non-administrator user to install the Cloud Pak capabilities, see the What to do next section in Installing the IBM Cloud Pak catalogs and operators.
- If you used the
All namespaces
option to install the Cloud Pak operator, switch to the project that you created for your CP4BA deployment. - In the Installed Operators view, verify the status of the IBM Cloud Pak for Business Automation operator installation reads succeeded, and verify the deployment by checking that all the pods are running.
Procedure
What to do next
To verify that your deployment is up and running:
- Check the foundational services and CP4BA deployment status
- First check the status of the foundational services
Conditions
isReady
,PrereqReady
,Running
. You can then check the CP4BA deployment status.Note: If you are able to run a script, then you can also run the post installation shell script to help you validate your deployment. For more information, see Validating your starter deployment. - Access the capability services
A ConfigMap is created in the namespace to provide the cluster-specific details to access the services and applications. Components that are successfully deployed have URLs in the ConfigMap. If any components failed, the URLs and credentials are not included. The ConfigMap name is prefixed with the deployment name (default is
.icp4adeploy
). You can find the ConfigMap containing the routes information by clicking and then searching for the string "cp4ba-access-info
"The contents of the ConfigMap depends on the components that are included. Each component has one or more URLs, and if needed a username and password.
<component1> URL: <RouteUrlToAccessComponent1> <component1> Credentials: <UserName>/<Password> (optional) <component2> URL: <RouteUrlToAccessComponent2> <component2> Credentials: <UserName>/<Password> (optional)
Note: Thebastudio-access-info
section provides access information for the Cloud Pak dashboard (Zen UI) and Business Automation Studio, which is installed by several patterns, including Business Automation Workflow. The included URLs and credentials can be used to access the applications designers of the installed components.You can also click the YAML tab in the CP4BA deployment (
icp4adeploy
) to view the endpointsuri
of the installed capabilities.After you have the routes and admin user information, check whether you need to do the following tasks.
Tip: If you want or need to update values in a starter deployment that you made in the Form View, you must edit the deployment in the YAML View. You can edittrue
orfalse
values in the Form View, but the other parameters need to be done in the YAML View. You can access the custom resource from the YAML tab, or by clicking .- Log in to the IBM Cloud Pak Platform UI (Zen UI)
- Business Automation
Studio uses the Zen UI to
provide a role-based user interface for all Cloud Pak capabilities. Capabilities are dynamically
available in the UI based on the role of the user that logs in. You can find the URL for the Zen UI
by clicking and looking for the name cpd, or by running the following
command.
oc get route | grep "^cpd"
You have two options to log in, Enterprise LDAP and IBM provided credentials (cpadmin only). To log in to the Admin Hub to configure the LDAP, then click IBM provided credentials (cpadmin only). You can get the details for the IBM-provided
cpadmin
user by getting the contents of the platform-auth-idp-credentials secret in the namespace used for the CP4BA deployment.oc -n <namespace> get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d && echo
If you want to log in using the configured LDAP, then click Enterprise LDAP and enter the
cp4admin
user and the password in thecp4ba-access-info
ConfigMap. Thecp4admin
user has access to Business Automation Studio features.If you want to add more users, you need to log in with the Zen UI administrator. The kubeadmin user in the Red Hat OpenShift authentication and the IBM-provided
cpadmin
user have the Zen UI administrator role.When logged in, you can add users to the Automation Developer role to enable users and user groups to access Business Automation Studio and work with business applications and business automations.
For more information about adding users, see Completing post-deployment tasks for Business Automation Studio. For more information about the Automation Developer role, see Roles and permissions.
Note: If you included multiple capabilities from IBM FileNet Content Manager (FNCM), Automation Document Processing (ADP), and Business Automation Application (BAA) in your CP4BA deployment, then use the Navigator for CP4BA heading in the cp4ba-access-info ConfigMap and the custom resource status fields to find the route URL for IBM Business Automation Navigator.If you included IBM FileNet Content Manager (FNCM) without the other capabilities, then use the Navigator for FNCM heading in the cp4ba-access-info ConfigMap and the custom resource status fields to find the route URL for IBM Business Automation Navigator.
- Use the LDAP user registry
- The LDAP server has a set of predefined users and groups to use with your starter environment.
Changes to the user repository are not persisted after a pod restart.
- To provide a user for Task Manager, the following LDAP users and groups are created by the deployment.
- In the OCP console, select the project in which you deployed the Cloud Pak, and then click .
- Usernames:
cp4admin
,user1
,user2
, up to and includinguser10
. - Group names:
TaskAdmins
,TaskUsers
, andTaskAuditors
.
The
cp4admin
user is assigned toTaskAdmins
. The LDAP usersuser1
-user5
are assigned toTaskUsers
, and the usersuser6
-user10
are assigned toTaskAuditors
. - To modify an existing user's password:Note: Do not change the password of the
cp4admin
user after the Content Platform Engine (CPE) is initialized. Changing the password of the Domain admin user needs extra steps. For more information, see Update System User credentials.- In the Red Hat OpenShift console, go to
icp4adeploy-openldap-customldif
secret.
, and
select the - Click .
- Change the password for a specified user and click Save.
- Go to openldap pod. , and search for the
- In the overflow menu for the pod, click Delete Pod to restart it.
- In the Red Hat OpenShift console, go to
- To add a user:
- In the Red Hat OpenShift console, go to
icp4adeploy-openldap-customldif
secret.
, and
select the - Click .
- Copy and paste the attributes from an existing user, take out the unnecessary attributes, put
the information for the new user, and click Save. The following example is
for the user
newuser
:dn: uid=newuser,dc=example,dc=org uid: newuser cn: newuser sn: newuser userPassword: <password> objectClass: top objectClass: posixAccount objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: person uidNumber: 14583345 gidNumber: 1456456 homeDirectory: /home/newuser/ mail: newuser@example.org
The
uidNumber
must be a unique and different number from the existing uidNumbers. - Go to openldap pod. , and search for the
- In the overflow menu for the pod, click Delete Pod to restart it.
- Sign in to the Common Web UI by following the steps in Accessing your cluster by using the console.
- Follow the steps in Managing console access to add the user to the Cloud Pak Platform UI (Zen).
- In the Red Hat OpenShift console, go to
- To add a group:
- In the Red Hat OpenShift console, go to
icp4adeploy-openldap-customldif
secret.
, and
select the - Click .
- Copy and paste the attributes from an existing group, take out the unnecessary attributes, put
the information for the new group, and click Save.
The following example is for a group name of "
NewGroup
".dn: cn=NewGroup,dc=example,dc=org objectClass: groupOfNames objectClass: top cn: NewGroup member: uid=user1,dc=example,dc=org member: uid=user2,dc=example,dc=org member: uid=user3,dc=example,dc=org member: uid=user4,dc=example,dc=org
- Go to openldap pod. , and search for the
- In the overflow menu for the pod, click Delete Pod to restart it.
- Sign in to the Common Web UI by following the steps in Accessing your cluster by using the console.
- Follow the steps in Managing user groups to add the group to the Cloud Pak Platform UI (Zen).
- In the Red Hat OpenShift console, go to
- To provide a user for Task Manager, the following LDAP users and groups are created by the deployment.
- Create a storage policy and associate the Advanced Storage Area that is created during the deployment
-
- Create a storage policy and associate the storage policy with the existing advanced storage area. See Storage policies for more information.
- Assign the newly created storage policy to an existing document class.
- Enable GraphQL integrated development environments for FileNet Content Manager
- The GraphQL integrated development environment (IDE) is not enabled by default because of a
security risk. If you want to include this capability in your starter environment, add the parameter
to enable the IDE.
- Click YAML to go into the YAML view. , then click
- Add the following parameters to the
file:
graphql: graphql_production_setting: enable_graph_iql: true
- Apply the updated custom resource YAML file.
In the next reconciliation loop, the operator picks up the change and includes GraphQL with your deployment.
- Import sample data for IBM Business Automation Insights
- If you selected Business Automation Insights as an optional
component, you can test and explore the component by importing sample data.
For more information, see https://github.com/icp4a/bai-data-samples.
- Enable Business Automation Insights for FileNet Content Manager
- If you selected Business Automation Insights as an optional
component and included the Content event emitter in your deployment, you must update the deployment
to add the Kafka certificate to the trusted certificate list.
- Create a secret with your Kafka certificate, for
example:
oc create secret generic eventstreamsecret --from-file=tls.crt=eventstream.crt
- Update the
trusted_certificate_list
parameter to the YAML View in the OCP console to include the secret that you created.shared_configuration: trusted_certificate_list: ['eventstreamsecret']
If other certificates are in the list, use a comma to separate your new entry.
- Save the updated custom resource YAML file.
- Create a secret with your Kafka certificate, for
example:
- Verify the creation of the CDD repository for Content Designer
-
If you installed FileNet Content Manager, use an ssh command line to go into the gitea-deploy pod to run the following command:
ls -l /data/git/repositories/content-designer/
- If the output shows cdd.git, then the content-designer
directory exists and the Git repository is created
successfully.
drwxr-xr-x 7 git git 147 May 5 15:58 cdd.git
- If the output does not show the CDD repository, go to the operator logs to understand why the deployment failed.
- If the output shows cdd.git, then the content-designer
directory exists and the Git repository is created
successfully.