Fix Readme
Abstract
The following document is for IBM Cloud Pak for Business Automation 21.0.3 IF005. It includes the CASE package download, installation information, and the list of APARs that are resolved in this interim fix.
Content
Readme file for: | IBM Cloud Pak® for Business Automation |
---|---|
Product Release: | 21.0.3 |
Update Name: | 21.0.3 IF005 |
Fix ID: | 21.0.3-WS-CP4BA-IF005 |
Publication Date: | 2 March 2022 |
Last modified date: | 3 June 2022 |
Contents
Prerequisites and supersedes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history
Prerequisites and supersedes
- Supersedes all prior interim fixes for CP4BA 21.0.3.
- Common Services 3.15.1 fix pack is now available. The update addresses Automation Base custom resource (CR) failure, which prevented Cloud Paks that use Kafka from installing when also using IBM Automation Foundation 1.3.3 and Common Services 3.15.
Components impacted
- General
- Cloud Pak for Business Automation Operator
- Automation Document Processing
- Automation Decision Services
- Business Automation Application
- Business Automation Insights
- Business Automation Navigator
- Business Automation Studio
- Business Automation Workflow including Automation Workstream Services
- Enterprise Records
- FileNet Content Manager
- Operational Decision Management
- User Management Service
- Workflow Process Service
Before installation
- Ensure you take regular backups of any databases associated with the environment.
- Ensure your operators are in a healthy state before upgrading.
If one or more operators are failing, then it can prevent the system from completing an upgrade.
It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:oc get icp4acluster -o yaml oc get AutomationUIConfig -o yaml oc get Cartridge -o yaml oc get AutomationBase -o yaml oc get CartridgeRequirements -o yaml
- Required when you are using Business Automation Insights
If Business Automation Insights is deployed, prune the Business Automation Insights deployment and jobs before you apply the updated custom resource YAML file.
$ oc delete Deployment,Job -l \ > 'app.kubernetes.io/name=ibm-business-automation-insights'
Tip: For Flink event processing to resume from its previous state, make sure that savepoints are created before the upgrade and specified in the updated CR. For more information see, Restarting from a checkpoint or savepoint
Installing the interim fix
Cloud Pak for Business Automation 21.0.3 interim fixes are released to the v21.3 operator channel. If your environment has access to IBM entitled registry and has an automatic v21.3 channel subscription then production installations are upgraded automatically. This upgrade generally occurs when the interim fix is released. Once the operator is upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
Important: If you used any individual image tag settings in your CP4BA CR, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings for a production installation when you upgrade.
The CASE package associated with this interim fix is ibm-cp-automation-3.2.5.tgz.
Depending on the current setup and state of your existing environment, there are various manual actions that might be required. The following scenarios cover what actions might be needed for a particular setup.
-
Scenario 1: You are using a starter installation.Actions: Starter environments do not support upgrades. Although you can use the interim fix content, install a new starter environment and use the CASE package from this interim fix.
- Scenario 2: Your installation is version 21.0.2.x or earlier.
Actions: If you are using a version before 21.0.3, then you must upgrade first. To upgrade your environment, follow the Upgrading automation containers instructions.
When you perform the upgrade, you can substitute the CASE package from this interim fix for the 21.0.3 CASE package while you follow the instructions. -
Scenario 3: You are using an air gapped environment.Actions: To upgrade a 21.0.3 air gapped environment mirror the entitled registry images to the local registry by completing the same steps on the bastion host that you used to install. For more information about this installation, see Setting up a mirror image registry.Make sure to use the CASE package from this interim fix.Once the images are mirrored, the automatic channel subscription completes the upgrade
. -
Scenario 4: Your v21.3 channel subscription is set to manual.Actions: If your channel subscription is set to manual, then you must approve any operator upgrades.
a. Select the CP4BA operator from the OCP web console under Operators>Installed Operators.
b. Go to the subscription tab for the operator.
c. Trigger the operator update.
Once the operator is updated, it triggers the upgrade of the other CP4BA images.
Performing the necessary tasks after installation
- Update Kafka certificates when you are using Business Automation Insights
If you are using Business Automation Insights and upgrading from an IBM Automation Foundation version before 1.3, the operator will fail to become ready after the upgrade and kafka/zookeeper pods show SSL errors. To resolve the issue, follow the "To renew the leaf certificates for Kafka" instructions in Changes to CA certificate and key does not automatically rotate Kafka leaf certificates. - Review the installation
It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml oc logs deployment/ibm-cp4a-operator -c operator > operator.log
If you are interested in verifying the expected image digest for a particular image, then you can review theibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml
file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level. - Required when you are using Workflow Process Service OCP deployment
If you used any individual image tag settings in your WfPSRuntime CR, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. - Required when you are using Workflow Process Service Docker Compose Edition
- Follow the step 2 of section "3. Running your environment" in Installing Workflow Process Service to log in to the entitled registry with your entitlement key.
- Back up your database backup, docker-compose.yml and folder for docker volumes “production_workflow_runtime_data” and “production_workflow_runtime_logs”.
- (Optional) Push the images to your docker registry. Log in to your docker registry, and push the docker images into your docker registry by using the following commands:
docker login <server> docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-server:21.0.3-IF005 \ <server>/workflow-ps-server:21.0.3-IF005 docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-authoring:21.0.3-IF005 \ <server>/workflow-ps-authoring:21.0.3-IF005 docker push <server>/workflow-ps-server:21.0.3-IF005 docker push <server>/workflow-ps-authoring:21.0.3-IF005
- Run
docker-compose down
command to stop the Workflow Process Server container. - Update the image url's tags in docker-compose.yml.
<server>/workflow-ps-server:21.0.3-IF005 <server>/workflow-ps-authoring:21.0.3-IF005
- Run
docker-compose up
command to start the Workflow Process Server container
For more detail on Workflow Process Service refer to Installing Workflow Process Service .Troubleshooting: If you are using a Docker Desktop version 4.3.0 or greater, you might get an out of memory error when you start the server. For more details and possible resolution to this issue, and other troubleshooting guidance, refer to Troubleshooting Workflow Process Service on Podman or Troubleshooting Workflow Process Service on Docker. - Required when you are using Operational Decision Manager
You must update your Rule Designer:
- Open Eclipse
- Open menu Help > Check for Updates
- select IBM Operational Decision Manager for Developers v8.11.x - Rule Designer
- Proceed with installation.
Uninstalling
There is no procedure to uninstall the interim fix.
List of Fixes
APARs fixed by this interim fix are listed in the following tables.
The columns are defined as follows:
Column title | Column description |
APAR | The defect number |
Title | A short description of the defect |
Sec. | A mark indicates a defect related to security |
Cont. | A mark indicates a defect specific to the Cloud Pak integration of the component |
B.I. | A mark indicates the fix has a business impact. Details are found in the title column or the APAR document |
- General
- Cloud Pak for Business Automation Operator
- Automation Document Processing
- Automation Decision Services
- Business Automation Application
- Business Automation Insights
- Business Automation Navigator
- Business Automation Studio
- Business Automation Workflow including Automation Workstream Services
- Enterprise Records
- FileNet Content Manager
- Operational Decision Management
- User Management Service
- Workflow Process Service
General
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A |
Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
This interim fix includes fixes for these libraries to address:
CVE-2022-21271, CVE-2022-20612, CVE-2021-44832, CVE-2021-23555, CVE-2022-21248,
CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293,
CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340,
CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366, CVE-2019-10746,
CVE-2021-34429
All previous interim fixes are included in this interim fix. Consult the Related Information section for readme documents of previous interim fixes for details.
|
X | X |
Cloud Pak for Business Automation Operator
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64597 | ICP4ADEPLOY-BAN-EXT-TLS-SECRET GETS INCORRECTLY UPDATED WITH EACH OPERATOR RECONCILE LOOP | X |
Automation Document Processing
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64627 | CDD IS TIMING OUT ON COMMIT | X | X | |
JR64628 | CPDS DEPLOYMENT TIMES OUT ON SLOWER SYSTEMS | X | X | |
JR64629 | SYSTEMT EXTRACTOR FAILS TO IDENTIFY FIELDS | X | X |
Automation Decision Services
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
Business Automation Application
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64620 | VIEW VISIBILITY MIGHT NOT FUNCTION CORRECTLY WHEN USING THE NO CODE VIEW VALIDATION | |||
JR64622 | WORKFLOW AUTHORING STARTER PATTERN WOULD BE MISSING CONTRIBUTIONS FOR BUSINESS AUTOMATION WORKFLOW TOOLKITS |
Business Automation Insights
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
Business Automation Navigator
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
Business Automation Studio
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64497 | SECURIT APAR - LUCENE-9981 DENIAL OF SERVICE VULNERABILITY MAY AFFECT IBM BAW | X | ||
JR64540 | UNABLE TO SAVE A CASE SOLUTION IN IBM CASE MANAGER | |||
JR64512 | A CASE SOLUTION PROMOTION FAILS IN IBM CASE MANAGER |
Business Automation Workflow including Automation Workstream Services
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64280 | SECURITY APAR CVE-2021-39046 STORES USER CREDENTIALS IN PLAIN CLEAR TEXT WHICH CAN BE READ BY A PRIVILEGED USER | X | ||
JR64556 | REMOVE REFERENCE TO LOG4J FROM 21.0.2 AND 21.0.3 | X | ||
JR64565 | MULTIPLE LOG4J VULNERABILITIES IN IBM PROCESS FEDERATION SERVER | X | ||
JR64589 | REFERENCES TO CASE OBJECT CASEINSTANCE.PROPERTIES IN CLIENT-SIDE HUMAN SERVICE VIEWS NO LONGER AVAILABLE AFTER YOU UPGRADE | |||
JR64595 | ACTIVITY PROCESS FAILS TO START WITH CLASSLOADER EXCEPTIONS IN CP4BA 21.0.3 | |||
JR64620 | VIEW VISIBILITY MIGHT NOT FUNCTION CORRECTLY WHEN USING THE NO CODE VIEW VALIDATION | |||
JR64647 | CASE INIT JOB FAILS WHEN YOU UPGRADE FROM CLOUD PAK FOR BUSINESS AUTOMATION V2102 TO V2103 WITH ZEN UI ENABLED | |||
JR64676 | AFTER SCALING FROM DEPLOYMENT PROFILE SIZE MEDIUM TO SMALL, BAW IS UNREACHABLE | X |
Enterprise Records
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A
|
N/A
|
FileNet Content Manager
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
Operational Decision Management
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
RS03802 | DECISION CENTER MAY BECOME SLOW AFTER EDITING RULES | |||
RS03874 | CVE-2021-44228 LOG4J VULNERABILITY | X | ||
RS03860 | ERRONEOUS FRENCH TRANSLATION OF RES STATISTICS "MIN. TIME" | |||
RS03890 | IN RULE DESIGNER ON MACOS, USER CANNOT CHANGE THE TYPE OF A PACKAGE VARIABLE |
User Management Service
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64252 | WHEN CHANGING IAM ROUTE CERTIFICATES, UMS SSO PODS FAIL TO CONNECT | X | ||
JR64614 | BUSINESS TEAMS SERVICE TEAMSERVER FAILS TO MIRROR EDB POSTGRESQL IMAGES IN AN AIRGAP DEPLOYMENT | X | ||
JR64615 | BUSINESS TEAMS SERVICE TEAMSERVER CASE FAILS TO INSTALL PREREQUISITE CATALOGS IN AN AIRGAP DEPLOYMENT | X | ||
JR64566 | BUSINESS TEAMS SERVICE USER INTERFACE INACCESSIBLE AND API CALLS RETURN "NOT AUTHORIZED TO PERFORM THE REQUEST." | X | ||
JR64461 | BUSINESS TEAM SERVICE (BTS) FAILS WITH AN IMAGE PULL ERROR WHEN DEPLOYING CLOUD PAK FOR BUSINESS AUTOMATION | X |
Workflow Process Service
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
Known Limitations
Document change history
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS2JQC","label":"IBM Cloud Pak for Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"CloudPak4Automation Platform"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
01 April 2024
UID
ibm16557050