Before you install, create PostgreSQL databases for IBM Business Automation Workflow, Business Automation
Studio, or both, and for Application
Engine, IBM FileNet® Content
Manager, and IBM Business Automation Navigator.
Before you begin
Use the latest PostgreSQL JDBC driver
and make sure the PostgreSQL database is
configured correctly for the customer workload.
Adjust the following parameters in the postgresql.conf file of the database
server:
Table 1. PostgreSQL parameters
Parameter |
Setting |
Description |
shared_buffers |
minimum 1024 MB |
The normal PostgreSQL performance
tuning recommendation is to use about 25% of the memory for the shared buffer. Adjustments to the
Linux® kernel configuration might also be required; check the
PostgreSQL tuning guides. |
work_mem |
minimum 20 MB |
This parameter applies to each session, and many user sessions can cause large memory usage.
This memory is critical because it is used for sort operations. If the value is set too low, the
running time can increase significantly (over an hour for toolkit deployments, for example). |
max_prepared_transactions |
for example, 200 |
This value must be at least as large as the max_connections setting. |
max_wal_size |
for example, 6 GB |
For larger workloads, the default value must be increased. If an increase is required, you
can find advice in the PostgreSQL server log files. |
log_min_duration_statement |
for example, 5000 |
You can optionally set this parameter. It allows extra logging of statements that exceed the
specified running time in milliseconds (which corresponds to 5 seconds in this example) to identify
bottlenecks and tuning areas. |
About this task
Restriction: You cannot use the same database user for IBM Business Automation Workflow and Workstream Services, or for other
components, such as Business Automation
Studio.
You can use a shared database but you must use a different database user for each component.
Tip: If you need to know which database versions are supported for your
installation, use this
IBM Support page to generate a software compatibility
report.
For more details of the database privileges that are required to run Business Automation Workflow, see the Process Server
component in PostgreSQL database
privileges. The other components do not apply.
Procedure
-
To create the database for IBM Business Automation Workflow:
-
Create a
create-baw-instance1-database.sql
file and copy it to your PostgreSQL server.
create-baw-instance1-database.sql
-- create user bawadmin/bawadmin
CREATE ROLE bawadmin PASSWORD 'bawadmin_password' CREATEDB CREATEROLE INHERIT LOGIN;
-- baw1db
CREATE DATABASE baw1db OWNER bawadmin ENCODING UTF8;
GRANT ALL PRIVILEGES ON DATABASE baw1db to bawadmin;
\c baw1db;
CREATE SCHEMA IF NOT EXISTS bawadmin AUTHORIZATION bawadmin;
GRANT ALL ON SCHEMA bawadmin to bawadmin;
In this example:
bawadmin
is the username that Workflow Authoring uses to
connect to the database.
bawadmin_password
is the password that Workflow Authoring
uses to connect to the database.
baw1db
is the database name for the Workflow Authoring
database, for example, BAWDB. It is case-sensitive.
Run the following commands on the
PostgreSQL server:
su - postgres
psql -f create-database.sql
- Optional:
To ensure that all communications between Workflow Server and PostgreSQL are encoded, import the database
certificate authority (CA) certificate to Workflow Server.
- To create a secret to store the certificate, run the following
command:
kubectl create secret generic ibm-dba-baw-instance1-postgresql-tlscert --from-file=tls.crt=ssl_certificate_file
Do not change tls.crt
as the key name.For better security, you can enable client
authorization for the connection. To import the client key and client certificate to
Workflow Server, run the
following
command:
kubectl create secret generic ibm-dba-baw-instance1-postgresql-tlscert --from-file=tls.crt="<your-client-certification-name>.crt" --from-file=ca.crt="<your-server-certification-name>.crt" --from-file=tls.key="<your-client-key-name>.key" --from-literal=sslmode=[verify-ca|verify-full]
Don't change
tls.crt
,
ca.crt
, and
tls.key
as the
key name.
- Add the secret to the database configuration in the
baw_configuration
section
of the custom resource file. For example, the name of the secret might be
baw-instance1-postgresql-ssl-secret
.baw_configuration:
- name: instance1
...
database:
enable_ssl: true
db_cert_secret_name: " baw-instance1- postgresql-ssl-secret"
...
- Optional:
To configure high availability disaster recovery (HADR) for the Workflow Server database,
ensure that the Workflow Server automatically
retrieves the necessary failover server information when it first connects to the database. As part
of the setup, provide a comma-separated list of failover servers and failover ports.
For example, for two failover servers, such as:
- server1.postgresql.customer.com on port 5432
- server1.postgresql.customer.com on port 5433
You can specify these hosts and ports in the custom resource configuration YAML file as
follows:
database:
... ...
hadr:
standbydb_host: server1.postgresql.customer.com, server2.postgresql.customer.com
standbydb_port: 5432,5433
retryintervalforclientreroute: default_value_is_10_min
maxretriesforclientreroute: default_value_is_5
... ...
-
To create the database for Workstream Services:
-
Create a
create-baw-instance2-database.sql
file with the following
content:
create-baw-instance2-database.sql
-- create user bawadmin/bawadmin
CREATE ROLE bawadmin PASSWORD 'bawadmin' CREATEDB CREATEROLE INHERIT LOGIN;
-- baw2db
CREATE DATABASE baw2db OWNER bawadmin ENCODING UTF8;
GRANT ALL PRIVILEGES ON DATABASE baw2db to bawadmin;
\c baw2db;
CREATE SCHEMA IF NOT EXISTS bawadmin AUTHORIZATION bawadmin;
GRANT ALL ON SCHEMA bawadmin to bawadmin;
Run the following commands on the
PostgreSQL server:
su - postgres
psql -f create-database.sql
- Optional:
To ensure that all communications between Workstream Services and PostgreSQL are encoded, import the database
certificate authority (CA) certificate to Workstream Services.
- To create a secret to store the certificate, run the following
command:
kubectl create secret generic ibm-dba-baw-instance2-postgresql-tlscert --from-file=tls.crt=ssl_certificate_file
Do not change tls.crt
as the key name.
- Add the secret to the database configuration in the
baw_configuration
section
of the custom resource file. For example, the name of the secret might be
baw-instance2-postgresql-ssl-secret
.baw_configuration:
- name: instance2
...
database:
enable_ssl: true
db_cert_secret_name: " baw-instance2- postgresql-ssl-secret"
...
- Optional:
To configure high availability disaster recovery (HADR) for the Workflow Server database,
ensure that the Workflow Server automatically
retrieves the necessary failover server information when it first connects to the database. As part
of the setup, provide a comma-separated list of failover servers and failover ports.
For example, for two failover servers, such as:
- server1.postgresql.customer.com on port 5432
- server1.postgresql.customer.com on port 5433
You can specify these hosts and ports in the custom resource configuration YAML file as
follows:
database:
... ...
hadr:
standbydb_host: server1.postgresql.customer.com, server2.postgresql.customer.com
standbydb_port: 5432,5433
retryintervalforclientreroute: default_value_is_10_min
maxretriesforclientreroute: default_value_is_5
... ...
- Optional: To use your own JDBC driver, package your JDBC files
into a compressed file and use the sc_drivers_url configuration parameter to
download them from an accessible web server.
-
To create the database for Application
Engine, follow the instructions in
Creating a PostgreSQL database.
-
To create the databases for IBM FileNet Content
Manager, create a database for the
Content Platform Engine global configuration database (GCD) and databases for the content stores.
Follow the instructions in Preparing the databases.
Business Automation Workflow needs four
different object stores (DOCS, TOS, DOS, and AEOS). If you are installing the Workflow capability,
you must run the instructions to create the PostgreSQL database and table spaces
four times. If you are installing only the Workstreams capability, you need two object stores (DOCS
and AEOS).
-
To create the database for Business
Automation Navigator, follow the instructions
in Creating the databases without running the provided scripts.
What to do next
To protect the configuration data you're going to enter, see Creating secrets to protect sensitive configuration data.