Option 1b: Deploying the custom resource you created with the deployment script
To install the deployment, you must apply the custom resource to the operator.
Before you begin
Make sure that you followed the instructions to prepare your environment for all the capabilities you want to install, and you have access to all the container images. For more information, see Getting access to images from the public IBM Entitled Registry.
oc get no -l node-role.kubernetes.io/worker --no-headers -o name | xargs -I {} -- oc debug {} -- chroot /host sh -c 'systemctl restart chronyd'
Procedure
Results
The operator reconciliation loop can take some time. You must verify that the automation containers are running.
When the deployment is complete, the message Deployment created is displayed.
- You can open the operator log to view the progress. Using the OpenShift
CLI:
oc logs <operator pod name> -c operator -n <project-name>
Get the full syntax by entering the
help
command.oc logs --help
- Monitor the status of your pods from the command line. Using the OpenShift
CLI:
oc get pods -w
- When all the pods are "Running", you can access the status of your services with the following
OCP CLI command.
oc status
See Troubleshooting to access the operator logs.
If you selected EDB Postgres as
the database, the CP4BA operator creates an EDB Cluster customer resource for the EDB instance
(postgres-cp4ba
), and sets the authentication to the instance to use
sslmode=verify-ca
. The postgres-cp4ba
instance hosts the CP4BA
capabilities, and runs in a single pod (postgres-cp4ba-1
). Multiple pods can be
created by scaling up. A secret (postgres-cp4ba-app
) is created that contains
access information to the EDB cluster.
For each database that the operator creates in the EDB Postgres instance, it has a
corresponding entry in the pg_hba.conf file for the database user to have
access to it. For example, the user gcdusr
, has access to the database
gcddb
.
{{ meta.name
}}-pg-client-cert-secret
for the users to authenticate. The secret contains the following keys:clientkey.pem
clientcert.pem
serverca.pem
sslmode
The EDB Postgres instance is not accessible outside of the cluster. To view the database in the EDB Postgres instance, use the following command.
oc rsh postgres-cp4ba-1 -n <project-name>
From inside the EDB Postgres
instance, you can run the psql
command. By using the terminal-based front end to
PostgreSQL you can type in queries interactively, issue them to PostgreSQL, and see the query
results. For more information, see psql.
psql -U postgres
What to do next
When all the containers are running, you can access the services.
- Go to the
cert-kubernetes
directory on your local machine.cd cert-kubernetes
For more information about downloading cert-kubernetes, see Option 1: Preparing your cluster for an online deployment.
- Log in to the cluster with the non-administrator user. Using the OpenShift
CLI:
oc login
- Look for the status field of each capability by running an
oc get
command.oc get ICP4ACluster <instance_name> -o=jsonpath='{.status.components.<component_id>}'
Note: If you selected "FileNet Content Manager" with no other capabilities, then theKind
parameter is set toContent
instead ofICP4ACluster
.oc get Content <instance_name> -o=jsonpath='{.status.components.<component_id>}'
Where the <component_id> can be any of the following ids:status: components: ae-icp4adeploy-workspace-aae viewone gitgatewayService css adsMongo contentDesignerRepoAPI adsLtpaCreation adsCredentialsService workflow-authoring graphql adsRrRegistration adsRuntimeService ae-icp4adeploy-pbk app-engine contentProjectDeploymentService contentDesignerService adsGitService cmis adsParsingService bastudio ier adsRestApi adsBuildService navigator baw odm cpe iccsap tm adsFront adsRunService prereq adsRuntimeBaiRegistration resource-registry pfs adsDownloadService ca baml extshare
- Get the access information by running either of the following
commands:
oc get cm <instance_name>-cp4ba-access-info -o=jsonpath='{.data.<component_id>-access-info}'
oc describe icp4acluster <instance_name> -n <namespace>
Note: If you selected "FileNet Content Manager" with no other capabilities, then theKind
parameter is set toContent
instead ofICP4ACluster
.oc describe Content <instance_name> -n <namespace>
Note: Thebastudio-access-info
section provides access information for the Cloud Pak dashboard (Zen UI) and Business Automation Studio, which is installed by several patterns. The included URLs and credentials can be used to access the applications designers of the installed components.
Business Automation Studio uses the IBM Cloud Pak Platform UI (Zen UI) to provide a role-based user interface for all Cloud Pak capabilities. Capabilities are dynamically available in the UI based on the role of the user that logs in. The URL for the Admin Hub is included in the cp4ba-access-info ConfigMap.
You have two options to log in, Enterprise LDAP and IBM
provided credentials (cpadmin only). To log in to the Admin Hub to configure the LDAP,
then click IBM provided credentials (cpadmin only). You can get the details
for the IBM-provided cpadmin
user by getting the contents of the
platform-auth-idp-credentials secret in the namespace used for the CP4BA
deployment.
oc -n <namespace> get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}
' | base64 -d && echo
If you want to log in using the configured LDAP, then click Enterprise
LDAP and enter the cp4admin
user and the password in the
cp4ba-access-info
ConfigMap. The cp4admin
user has access to
Business Automation
Studio features.
If you want to add more users, you need to log in with the Zen UI administrator. The
kubeadmin user in the Red Hat OpenShift authentication and the IBM-provided
cpadmin
user have the Zen UI administrator role.
You can change the default password at any time. For more information, see Changing the cluster administrator password.
After you created a deployment, the operator automatically connects your LDAP to IM. The users and groups you defined in your LDAP are now available via IM.
You must associate your users and groups to Zen roles to be able to use them in all the applications. IBM Automation has four roles that are defined: Automation Administrator, Automation Analyst, Automation Developer, and Automation Operator. For more information, see Roles and permissions.
Log in to the Common Web UI to get the IBM Cloud Pak console route and admin's password. Use the Platform UI (Zen) to create a group for your CP4BA Developers, and add your LDAP users and groups to this group. You then need to assign the Zen group with the Automation Developer role.
Some capabilities need you to follow post-deployment steps. For more information, see Completing post-installation tasks.