Using Business Automation Workflow on containers,
you can establish and work with IBM® Workflow
Center running on a traditional runtime
environment.
Before you begin
Cluster security must allow Business Automation Workflow runtime to perform
an outgoing connection to the Workflow Center on premise. For more
information, see Configuring cluster security.
About this task
Business Automation Workflow on containers can
connect to a Workflow Center if you configure the
workflow_center
section of the custom resource (CR) YAML file.
Procedure
Create a TLS secret in the operator by using the root certificate authority certificate
of Workflow Center so that it
can be recognized as a trusted server:
-
Extract the Workflow Center root SSL
certificate.
- In the Workflow Center WebSphere® administrative console, click .
- Select the root certificate and click Extract.
- Name the file. For example, name the file WorkflowCenter.cert.
- For the data type, select Base64-encoded ASCII data.
- Click Apply. From the message, note where the certificate is stored on
the file system.
-
Copy the file and create the secret:
- Copy the certificate from step 1 to Business Automation Workflow Runtime.
- On the Business Automation Workflow runtime environment,
run the following oc command to create a secret:
oc create secret generic baw-tls-secret --from-file=tls.crt=/root/WorkflowCenter.cert
- Add this secret to the trust list section of the Business Automation Workflow CR file, for example
baw_configuration:
- name: instance1
tls:
tls_trust_list: [baw-tls-secret]
- Create a new secret that will hold the username and password of the Workflow Center administrator.
- On the Business Automation Workflow
runtime environment, create a new secret called ibm-baw-wc-secret in the
adminSecrets4operator-ctnrs.yaml file. You add the following content into
adminSecrets4operator-ctnrs.yaml file. This secret will contain the credentials
of an administrator for Workflow Center, for
example
apiVersion: v1
kind: Secret
metadata:
name: ibm-baw-wc-secret
type: Opaque
stringData:
username: deadmin
password: deadmin
- Apply the adminSecrets4operator-ctnrs.yaml file to the runtime environment:
oc apply -f ./adminSecrets4operator-ctnrs.yaml
-
Update the following parameters in the
workflow_center
section of the Business Automation Workflow CR YAML file to
apply changes to your deployment environment, for example
baw_configuration:
- name: instance1
workflow_center:
url: "https://<Workflow Center host name>:<Workflow Center port>/ProcessCenter"
secret_name: "ibm-baw-wc-secret"
heartbeat_interval: 30
After these steps,
Business Automation Workflow Runtime appears on
the
Servers page for Workflow business automations.
-
So that the Workflow Center recognizes Business Automation Workflow Runtime as a trusted
server, complete these steps:
- Extract the Cloud Pak for Business Automation
operator root CA certificate and copy it to your Workflow Center located server. For
instructions, see Exporting the root CA certificate.
- Extract the router-ca certificate of Business Automation Workflow
Runtime:
oc get secret router-ca -n openshift-ingress-operator -o template --template='{{ index .data "tls.crt" }}' | base64 --decode > routercaPS.crt
- In the Workflow Center
WebSphere administrative console click .
- Click Add and enter
your-path/zenRootCA.crt,
your-path/csRootCA.crt, and
your-path/routercaPS.crt that you get from the previous
steps.
- Click OK to add the certificate.