IBM Support

Readme for IBM Business Automation Workflow on Containers 20.0.0.1 IF001

Fix Readme


Abstract

The following document is the documentation for IBM Business Automation Workflow on Containers 20.0.0.1 IF001.
It includes download and installation information and the list of APARs that are resolved in this interim fix.

Content

Readme file for: IBM Business Automation Workflow
Product Release: 20.0.0.1
Update Name: 20.0.0.1 IF001
Fix ID: 20.0.0.1-WS-CP4A-BAW-IF001
Publication Date: 2020-10-02

Contents

Download location

Download 20.0.0.1-WS-CP4A-BAW-IF001 from Fix Central here.

Prerequisites

  • Download the interim fix GitHub repository to your local machine.
  • Change directory to the "BAW-Ctnr" folder.

Components impacted

  • Business Automation Workflow

Prior to installation

If you installed any of the components on a Kubernetes cluster, you can update them with the 20.0.0.1 IF001 by using the updated operator and the relevant container interim fixes. Details like the image: tag of the interim fix image can be found in the pattern templates on GitHub.
To deploy this interim fix as an update to a 20.0.0.1 deployment, follow the instructions in the Installing section. If you want to use the interim fix as a part of a new deployment refer to IBM Knowledge Center. For more information, see IBM Cloud Pak for Automation 20.0.x.

Installing

Step 1: Get access to the interim fix container images
You can access the container images in the IBM image registry with your IBMid (Option 1), or you can download the images from Fix Central (Option 2).
Option 1: Create a pull secret for the IBM Cloud Entitled Registry
  1. Log in to MyIBM Container Software Library with the IBMid and password that is associated with the entitled software.
  2. In the Container software library tile, click "View library" and then click "Copy key" to copy the entitlement key to the clipboard.
  3. Log in to your Kubernetes cluster and set the context to the project/namespace for your existing deployment.
  4. Create a pull secret by running a kubectl create secret command.
    $ kubectl create secret docker-registry admin.registrykey --docker-server=cp.icr.io --docker-username=cp --docker-password="<API_KEY_GENERATED>" --docker-email=<USER_EMAIL>
    Note: The "cp.icr.io" value for the docker-server parameter is the only registry domain name that contains the images. Use "cp" for the docker-username. The docker-email must be a valid email address (associated to your IBM ID). Make sure you are copying the Entitlement Key in the docker-password field within double quotation marks.
  5. Take a note of the secret and the server values so that you can set them to the "pullSecrets" and "repository" parameters when you update the operator for your containers.
Option 2: Download the packages from Fix Central
  1. Download the images per the instructions in the Download location section, and make a note of the file names.
  2. Log in to your Kubernetes cluster and set the context to the project/namespace for your existing deployment.
  3. Check that you can run a Docker or Podman command.
    For OpenShift 3.11:
    $ docker ps
    For OpenShift 4.3+:
    $ podman ps
  4. Log in to the Docker registry with a token.
    For OpenShift 3.11:
    $ docker login $(oc registry info) -u <ADMINISTRATOR> -p $(oc whoami -t)
    You can also log in to an external Docker registry by using the following command:
    $ docker login <registry_url> -u <your_account>
    For OpenShift 4.3+:
    $ podman login $(oc registry info) -u <ADMINISTRATOR> -p $(oc whoami -t) –tls-verify=false
  5. Run a kubectl command to make sure that you have access to Kubernetes.
    $ kubectl cluster-info
  6. Change the permissions of the scripts/loadimages.sh script so that you can run it.
    $ cd scripts
    $ chmod +x loadimages.sh
  7. Run the loadimages.sh script to load the images into your image registry. The following example shows the input values in the command line.
    ./loadimages.sh -p <ARCHIVE> -r $(oc registry info)/<project-name>
    Where:
    -p  The archive files location or archive file name
    -r  Target image registry and namespace
  8. Check that the images are pushed correctly to the registry.
    $ oc get is
  9. If you want to use an external registry, create a registry secret:
    $ oc create secret docker-registry admin.registrykey --docker-server=<registry_url> --docker-username=<your_account> --docker-password=<your_password> --docker-email=<your_email>
    Take a note of the secret and the server values so that you can set them to the "pullSecrets" and "repository" parameters when you update the operator for your containers.
Step 2: Update the installed operator
  1. Log in to your Kubernetes cluster and set the context to the project for your existing deployment.
    $ oc login https://<CLUSTERIP>:<port> -u <ADMINISTRATOR>
  2. Provide group write permission to the persistent volume (PV) of the operator. According to the PV hostPath.path definition (/root/operator), run the following commands.
    $ chmod -R g=u /root/operator
    $ chmod g+rw /root/operator
    Remove the .OPERATOR_TYPE file in case it exists from a previous deployment.
    $ rm -f /<hostPath>/.OPERATOR_TYPE
    Where hostPath is the value in your PV (root/operator).
  3. Go to the downloaded BAW-Ctnr.git for the IF001 interim fix.
  4. Upgrade the operator in your project by running the following command.
    $ ./scripts/upgradeOperator.sh -i <registry_url>/icp4a-operator:20.0.2-IF001 -p '<my_secret_name>' -a accept
    Where registry_url is the value for your internal registry or cp.icr.io/cp/cp4a for the IBM Cloud Entitled Registry. The my_secret_name is the secret that is created to access the registry, and accept means that you accept the license.
    Note: If you plan to use a non-admin user to install the operator, you must add the user to the "ibm-cp4a-operator" role.
    $ oc adm policy add-role-to-user ibm-cp4a-operator <user_name>
  5. Monitor the pod until it shows a STATUS of Running:
    $ oc get pods -w
    Note: When started, you can monitor the operator logs with the following command:
    $ oc logs -f deployment/ibm-cp4a-operator -c operator
Step 3: Update the custom resource YAML file for your deployment
Get the custom resource YAML file that you previously deployed (e.g., ../scripts/generated-cr/ibm_cp4a_cr_final.yaml) and edit it to update each component:
  1. Update the release and appVersion is 20.0.2.1.
  2. If you are using the enterprise CR YAML file for your existing deployment, then the Operator will deploy the updated 20.0.2.1 containers based on the value of appVersion updated above.
  3. If you are using the fully customizable CRs (e.g., ibm_cp4a_cr_enterprise_FC_workflow.yaml), then in the sections for each of the components that are included in your deployment, modify the component.image.tag configuration parameter to reflect the value for the new images. For example, to update the image for Content Platform Engine (CPE) use the following tag:
    cpe:
        image:
        ## The default repository is the IBM Entitled Registry.
        repository: cp.icr.io/cp/cp4a/fncm/cpe
        tag: ga-555-p8cpe-if002
    Tip: The values of the tags for a given interim fix can be found in the readme file that is provided with that interim fix. Verify that the secret named in the CR YAML file as the imagePullSecrets is valid. Note that the secret might be expired, in which case you must re-create the secret.
    Repeat this step for each component that you want to update.
Step 4: Apply the updated custom resource YAML file
  1. Check that all the components that you want to upgrade are configured with interim fix image tag values.
    $ cat ../scripts/generated-cr/ibm_cp4a_cr_final.yaml
  2. Update the configured components by applying the custom resource.
    $ kubectl apply -f ../scripts/generated-cr/ibm_cp4a_cr_final.yaml
Step 5: Verify the updated automation containers
The operator reconciliation loop might take several minutes. When all of the pods are Running, you can access the status of your containers by running the following commands:
$ oc status
$ oc get pods -w
$ oc logs <operatorPodName> -f -c operator
 

Performing the necessary tasks after installation

For more information, see IBM Cloud Pak for Automation 20.0.x.

Uninstalling

For more information, see IBM Cloud Pak for Automation 20.0.x.

List of Fixes

The following table lists APARs specific to Business Automation Workflow on Containers. Depending on what components and capabilities you have installed and configured, additional fix information may apply to you. See the "List of Fixes" in Readme for Cloud Pak for Automation 20.0.2 .
Fixes that involve correct security exposures are indicated with an 'X'.
APAR Security APAR Behavior Change Title
JR62327 X SECURITY APAR CVE-2020-4516 - SECURITY VULNERABILITY IN MANAGED ASSET API
JR62354 X SECURITY APAR - MULTIPLE VULNERABILITIES IN JQUERY MIGHT AFFECT DEPRECATED PORTAL
JR62436 X SECURITY APAR - CVE-2020-4557 - STORED XSS (A3 - CROSS-SITE SCRIPTING)
JR62656 X SECURITY APAR - CVE-2020-4698 - CROSS-SITE SCRIPTING VULNERABILITY AFFECTS THE PRCOESS INSTANCE DETAIL PAGE
JR62388 A CASE SOLUTION CREATED FROM A BASE TEMPLATE HAS UNRESOLVED TASK IMPLEMENTATIONS IN PROCESSES
JR62410 THE "ORG.APACHE.CXF.*=ALL:COM.IBM.WS.JAXWS.*=ALL" LIBERTY JAX-WS TRACE STRING DOESN'T WORK AS EXPECTED
JR62413 WEB PROCESS INSPECTOR MIGHT CAUSE UNINTENTIONAL ACTIONS ON INSTANCES WHEN "SELECT ALL INSTANCES" OPTION IS SELECTED
JR62453 RESPONSIVE DOCUMENT LIST VIEW CAN'T RETRIEVE DOCUMENTS WHEN "ASSOCIATE WITH PROCESS INSTANCE" IS SELECTED
JR62480 YOU RECEIVE A CLASSNOTFOUNDEXCEPTION
JR62497 YOU MIGHT SEE AN AUTHENTICATION ERROR IN THE IBM WORKFLOW CASE EVENT EMITTER WHEN USING SASL SCRAM IS USED
JR62563 DECIMAL FIELD IS EMPTIED IF A VALUE WITH DECIMALS IS ENTERED AND THE LANGUAGE USES A COMMA SEPARATOR INSTEAD OF A DECIMAL
JR62564 YOU CAN'T USE THE MAIL SESSION CONFIGURED IN IBM WEBSPHERE APPLICATION SERVER

Back to top

Document change history

  • 2020-10-08: First publish

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CcdEAAS","label":"Upgrade and Migration->Installation Manager related"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"20.0.0"}]

Document Information

Modified date:
26 October 2021

UID

ibm16339527

Page Feedback