IBM Support

Readme for Cloud Pak for Business Automation 21.0.3 IF008

Fix Readme


Abstract

The following document is for IBM Cloud Pak for Business Automation 21.0.3 IF008. It includes the CASE package download, installation information, and the list of APARs that are resolved in this interim fix.

Content

Readme file for: IBM Cloud Pak® for Business Automation
Product Release: 21.0.3
Update Name: 21.0.3 IF008
Fix ID: 21.0.3-WS-CP4BA-IF008
Publication Date: 27 April 2022
Last modified date: 29 April 2022

Before installation

  1. Ensure you take regular backups of any databases associated with the environment.
  2. Ensure your operators are in a healthy state before upgrading.
    If one or more operators are failing, then it can prevent the system from completing an upgrade.
    It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:
    oc get icp4acluster -o yaml
    oc get AutomationUIConfig -o yaml 
    oc get Cartridge -o yaml 
    oc get AutomationBase -o yaml 
    oc get CartridgeRequirements -o yaml
  3. Required when you are using Business Automation Insights
    If Business Automation Insights is deployed, prune the Business Automation Insights deployment and jobs before you apply the updated custom resource YAML file.
    $ oc delete Deployment,Job -l \
    > 'app.kubernetes.io/name=ibm-business-automation-insights'
    Tip: For Flink event processing to resume from its previous state, make sure that savepoints are created before the upgrade and specified in the updated CR. For more information see, Restarting from a checkpoint or savepoint

Installing the interim fix

Important: If you used any individual image tag settings in your CP4BA CR, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings for a production installation when you upgrade.
The CASE package associated with this interim fix is ibm-cp-automation-3.2.8.tgz.  Download the CASE package to wherever you are planning to perform the installation or upgrade of this interim fix (e.g., the infrastructure node of your OCP cluster) and extract the CASE package into a directory.
Cloud Pak for Business Automation 21.0.3 interim fixes are released to the v21.3 operator channel. Once the operator is upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
If your environment has access to IBM entitled registry and has an automatic v21.3 channel subscription then production installations are upgraded automatically. This upgrade generally occurs when the interim fix is released or when images are mirrored for air gap setup.
Starting with 21.0.3-IF007 interim fix, we "pin" the version of CP4BA along with all its dependencies (i.e., IBM Automation Foundation (IAF) and IBM Foundational Services (IBM Common Services)).  In other words, the automatic updates will be turned off and you will need to perform the steps listed to upgrade your environments in the future. 
This interim fix contains the following version of CP4BA, IAF, and Common Services:
 
  • CP4BA – 21.0.3-IF008
  • IAF Core – 1.3.6
  • IAF Base – 1.3.6
  • IBM Foundational Services (IBM Common Services) – 3.17.0
Note:  If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the IAF and IBM Foundational Servcies versions above with other Cloud Paks.
Depending on the current setup and state of your existing environment, there are various upgrade actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.
  • Scenario 1: You are using a starter installation.
    Actions: Starter environments do not support upgrades. Although you can use the interim fix content, install a new starter environment and use the CASE package from this interim fix.
  • Scenario 2: Your installation is version 21.0.2.x or earlier.
    Actions: If you are using a version before 21.0.3, then you must upgrade first. To upgrade your environment, follow the Upgrading automation containers instructions.
    • If attempting to upgrade using script ONLY (upgradeOperator.sh) from 21.0.2.x > 21.0.3.7 (and subsequent IFixes after), its a MUST to upgrade to 21.0.3 GA before moving on to IF007 (or any future iFixes). This is due to the change using the pinned operator catalog. It is NOT an issue if you use the Operator Hub UI and upgrade the channel.
    • When you perform the upgrade, you can substitute the CASE package from this interim fix for the 21.0.3 CASE package while you follow the instructions. For air gap, you can use the case save command in step 1 of scenario 4.
      Note: If you are using versions prior to 21.0.2 then you must incrementally upgrade and follow the instructions for each version between your source version and 21.0.3
  • Scenario 3:  Your installation is online and 21.0.3.x
    Actions: Once these steps are completed, the operators will be upgraded based on the versions from the catalog sources.
    1. Apply the catalog sources to pin the above mentioned versions for IBM Automation Foundation , IBM Foundational Services with Cloudpak for Business Automation. 
      Before applying the catalog sources make sure installed operators are up to date under ibm-common-services, CP4BA namespace and the installPlan set to automatic.
    2. You can apply the catalog sources below from a command line by creating a YAML file (e.g., cp4ba_catalog_sources.yaml) with the catalog sources below and performing "oc apply -f cp4ba_catalog_sources.yaml" or you can apply the catalog sources via the OCP console
      Note: you can only apply one catalog source at a time via the OCP console. 
      Note:  The DB2, IBM Business Team Service, and Postgres catalog sources are dependent components of CP4BA.
      # CP4BA 21.0.3 IF008 catalog
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: ibm-cp4a-operator-catalog
        namespace: openshift-marketplace
      spec:
        displayName: ibm-cp4a-operator
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:b69511c70ec8fc004add547b5db648d31bfcf686a5027807f2eadc992ea8b36a
        updateStrategy:
          registryPoll:
            interval: 45m
      ---
      # IBM Automation Foundation Base 1.3.6
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: ibm-cp-automation-foundation-catalog
        namespace: openshift-marketplace
      spec:
        displayName: IBM Automation Foundation Operators
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-cp-automation-foundation-catalog@sha256:2b23bf765ba424b5a33acefad9a243cc7578574fb444bd0c0b3294b33656919f
        updateStrategy:
          registryPoll:
            interval: 45m
      ---
      # IBM Automation Foundation Core 1.3.6
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: ibm-automation-foundation-core-catalog
        namespace: openshift-marketplace
      spec:
        displayName: IBM Automation Foundation Core Operators
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-automation-foundation-core-catalog@sha256:c92754aa3144a4e4d6a729d26f219e77e9581bb058494d6727ef087582b73887
        updateStrategy:
          registryPoll:
            interval: 45m
      ---
      # IBM Cloud Foundational Services 3.17.0
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        annotations:
          bedrock_catalogsource_priority: '1'
        name: opencloud-operators
        namespace: openshift-marketplace
      spec:
        displayName: IBMCS Operators
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-common-service-catalog@sha256:c7548371c9085492e59a813547618034c5a5628e40437b796e4151c664efd01e
        updateStrategy:
          registryPoll:
            interval: 45m
      ---
      # IBM DB2 Operator Catalog 4.0.9
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        annotations:
          bedrock_catalogsource_priority: '1'
        name: ibm-db2uoperator-catalog
        namespace: openshift-marketplace
      spec:
        sourceType: grpc
        image: icr.io/cpopen/ibm-db2uoperator-catalog@sha256:99f725098b801474ff77e880ca235023452116e4b005e49de613496a1917f719
        displayName: IBM Db2U Catalog
        publisher: IBM
        updateStrategy:
          registryPoll:
            interval: 45m
      ---
      # IBM Business Teams Service version 3.17.0
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        annotations:
          bedrock_catalogsource_priority: '1'
        name: bts-operator
        namespace: openshift-marketplace
      spec:
        displayName: BTS Operator
        publisher: IBM
        sourceType: grpc
        image: quay.io/opencloudio/ibm-bts-operator-catalog@sha256:770405846978fe731ac40d804a27f1666fcb4c29d76ca30e52edec51b1995d9a
        updateStrategy:
          registryPoll:
            interval: 45m
      ---
      # Cloud Native PostgresSQL 4.0.8
      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        annotations:
          bedrock_catalogsource_priority: '1'
        name: cloud-native-postgresql-catalog
        namespace: openshift-marketplace
      spec:
        displayName: Cloud Native Postgresql Catalog
        publisher: IBM
        sourceType: grpc
        image: icr.io/cpopen/ibm-cpd-cloud-native-postgresql-operator-catalog@sha256:f3feb39b0dfb444a46d99a9cd160c616f8548d84d452cbc89e4985f0a2574486
        updateStrategy:
          registryPoll:
            interval: 45m

       
    3. Update the existing subscriptions of CP4BA, IAF, and Common Services to change from IBM Operator Catalog to the individual catalogs applied above.
      1. Find the update_subscription.sh script from the extracted CASE package under "../ibm-cp-automation/inventory/cp4aOperatorSdk/files/deploy/crs/cert-kubernetes/scripts"
      2. Login to your OCP cluster as a cluster administrator
      3. Execute the update_subscription.sh -n <your cp4ba namespace>
        Note: At this point the environment will be updated to use the new "pinned" catalogs. Your environment will no longer auto-update the operators when new versions are released.
    4. If you have any subscriptions set to manual, then you will need to approve any pending operator updates.
      It is not recommended to set subscriptions to manual as it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions would be set to automatic.
       
  • Scenario 4:  Your installation is air gap and 21.0.3.x
    Actions:
    1. Save this specific set of case packages
      cloudctl case save --case docker://icr.io/cpopen/ibm-cp-automation-case-cache@sha256:5cafaa7a13ee62afe082640a6d502daf205db961ef8650a18753e00698254ba9 --outputdir /tmp/cp4ba-if008
    2. Once the above command completed all the Case archive and inventory are saved under -> /tmp/cp4ba-if008
    3. Setup the environment variables for CASE. 
      • export CASE_NAME=ibm-cp-automation 
      • export OFFLINEDIR=/tmp/cp4ba-if008
      • export CASE_VERSION=3.2.8
      • export CASE_INVENTORY_SETUP=cp4aOperatorSetup 
      • export CASE_ARCHIVE=${CASE_NAME}-${CASE_VERSION}.tgz 
      • export CASE_LOCAL_PATH=${OFFLINEDIR}/${CASE_ARCHIVE}
    4. Mirror images to trigger the operator upgrades. 
      Mirror the entitled registry images to the local registry by completing the same steps used during install. For more information about this, see Mirroring images to the private registry.
      Make sure to use the CASE image outputdir (/tmp/cp4ba-if008) from step 1.
    5. If you have any subscriptions set to manual, then you will need to approve any pending operator updates.
      It is not recommended to set subscriptions to manual as it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions would be set to automatic.
After the operators are upgraded, it will trigger the upgrade of the related deployments and pods. See the items mentioned in "Performing the necessary tasks after installation" for additional actions that may be needed after the upgrade is completed.
 

Performing the necessary tasks after installation

  1. Update Kafka certificates when you are using Business Automation Insights
    If you are using Business Automation Insights and upgrading from an IBM Automation Foundation version before 1.3, the operator will fail to become ready after the upgrade and kafka/zookeeper pods show SSL errors. To resolve the issue, follow the "To renew the leaf certificates for Kafka" instructions in Changes to CA certificate and key does not automatically rotate Kafka leaf certificates.
  2. Review the installation
    It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
    oc get icp4acluster -o yaml > CP4BAconfig.yaml
    oc logs deployment/ibm-cp4a-operator -c operator > operator.log
    If you are interested in verifying the expected image digest for a particular image, then you can review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.
  3. Required when you are using Workflow Process Service OCP deployment
    If you used any individual image tag settings in your WfPSRuntime CR, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade.
  4. Required when you are using Workflow Process Service Docker Compose Edition
    1. Follow the step 2 of section "3. Running your environment" in Installing Workflow Process Service to log in to the entitled registry with your entitlement key.
    2. Back up your database backup, docker-compose.yml and folder for docker volumes “production_workflow_runtime_data” and “production_workflow_runtime_logs”.
    3. (Optional) Push the images to your docker registry. Log in to your docker registry, and push the docker images into your docker registry  by using the following commands:
      docker login <server>
      docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-server:<tag> \
       <server>/workflow-ps-server:<tag>
      docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-authoring:<tag> \
       <server>/workflow-ps-authoring:<tag>
      docker push <server>/workflow-ps-server:<tag>
      docker push <server>/workflow-ps-authoring:<tag>
      Where <server> is the host of the docker image registry that you want to use to pull the images. For example, myregistry.local:5000 or localhost:8080 for a self-hosted registry. Also, replace <tag> with the corresponding tag matching this interim fix's tag in the form of <release>-IFxxx, for example, 21.0.3-IF008.
    4. Run docker-compose down command to stop the Workflow Process Server container.
    5. Update the image url's tags in docker-compose.yml.
      <server>/workflow-ps-server:<tag>
      <server>/workflow-ps-authoring:<tag>
      Where <tag> is the corresponding tag matching this interim fix's tag in the form of <release>-IFxxx, for example, 21.0.3-IF008.
    6. Run docker-compose up command to start the Workflow Process Server container
    For more detail on Workflow Process Service refer to Installing Workflow Process Service .
    Troubleshooting: If you are using a Docker Desktop version 4.3.0 or greater, you might get an out of memory error when you start the server. For more details and possible resolution to this issue, and other troubleshooting guidance, refer to Troubleshooting Workflow Process Service.
  5. Required when you are using Operational Decision Manager
    You must update your Rule Designer:
    • Open Eclipse 
    • Open menu Help > Check for Updates
    • select IBM Operational Decision Manager for Developers v8.11.x - Rule Designer
    • Proceed with installation.

Uninstalling

There is no procedure to uninstall the interim fix.

List of Fixes

APARs fixed by this interim fix are listed in the following tables.
The columns are defined as follows: 
Column title Column description
APAR The defect number
Title A short description of the defect
Sec. A mark indicates a defect related to security
Cont. A mark indicates a defect specific to the Cloud Pak integration of the component
B.I. A mark indicates the fix has a business impact. Details are found in the title column or the APAR document
General
APAR Title Sec. Cont. B.I.
N/A
Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
 
This interim fix includes fixes for these libraries to address:
CVE-2021-40690,CVE-2022-24785,CVE-2022-23557,CVE-2022-23558,CVE-2022-23559,CVE-2022-23560,CVE-2022-23561,CVE-2022-23562,CVE-2022-23563,CVE-2022-23564,CVE-2022-23565,CVE-2022-23566,CVE-2022-23570,CVE-2022-23571,CVE-2022-23572,CVE-2022-23573,CVE-2022-23574,CVE-2022-23575,CVE-2022-23576,CVE-2022-23577,CVE-2022-23578,CVE-2022-23579,CVE-2022-23580,CVE-2022-23581,CVE-2022-23582,CVE-2022-23583,CVE-2022-23584,CVE-2022-23585,CVE-2022-23586,CVE-2022-23587,CVE-2022-23588,CVE-2022-23589,CVE-2022-23591,CVE-2022-23595,CVE-2022-22720,CVE-2021-37692,CVE-2021-41195,CVE-2021-41196,CVE-2021-41197,CVE-2021-41198,CVE-2021-41199,CVE-2021-41200,CVE-2021-41201,CVE-2021-41202,CVE-2021-41203,CVE-2021-41204,CVE-2021-41205,CVE-2021-41206,CVE-2021-41207,CVE-2021-41208,CVE-2021-41209,CVE-2021-41210,CVE-2021-41212,CVE-2021-41213,CVE-2021-41214,CVE-2021-41215,CVE-2021-41216,CVE-2021-41217,CVE-2021-41218,CVE-2021-41219,CVE-2021-41221,CVE-2021-41222,CVE-2021-41223,CVE-2021-41224,CVE-2021-41225,CVE-2021-41226,CVE-2021-41227,CVE-2021-41228,CVE-2022-21725,CVE-2022-21726,CVE-2022-21727,CVE-2022-21728,CVE-2022-21729,CVE-2022-21730,CVE-2022-21731,CVE-2022-21732,CVE-2022-21733,CVE-2022-21734,CVE-2022-21735,CVE-2022-21736,CVE-2022-21737,CVE-2022-21738,CVE-2022-21739,CVE-2022-21740,CVE-2022-21741,CVE-2022-23567,CVE-2022-23568,CVE-2022-23569,CVE-2022-23590,PRISMA-2021-0099
 
Previous interim fixes will have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.
Cloud Pak for Business Automation Operator
APAR Title Sec. Cont. B.I.
N/A N/A
Automation Document Processing
APAR Title Sec. Cont. B.I.
JR64747 KVP FIELD LIST EMPTY IN ADP RUNTIME AFTER NEW PROJECT DEPLOYMENT X X
JR64876 DECIMAL CONVERTER FAILS TO IDENTIFY POST DECIMAL DIGITS
 
X X
JR64878 REMOVE TEXT FORMATTER LEAVES AN EXTRA SPACE AT THE END OF AN EXTRACTED VALUE X X
Automation Decision Services
APAR Title Sec. Cont. B.I.
N/A N/A
APAR Title Sec. Cont. B.I.
N/A N/A
Business Automation Insights
APAR Title Sec. Cont. B.I.
N/A N/A
Business Automation Navigator
APAR Title Sec. Cont. B.I.
N/A N/A
Business Automation Studio
APAR Title Sec. Cont. B.I.
JR64753 PAGINATION DOESN'T WORK IN IBM BUSINESS AUTOMATION STUDIO WHEN RETURNING FROM WEB PROCESS DESIGNER
JR64789 AN UNAUTHORIZED USERS HAVE ACCESS TO EDIT PUBLISHED AUTOMATION SERVICES PERMISSIONS IN IBM BUSINESS AUTOMATION STUDIO
JR64815 SELECTING A DECISION AUTOMATION SERVICE FAILS WITH 404 IN IBM BUSINESS AUTOMATION STUDIO
JR64817 CANNOT PUBLISH DECISION AUTOMATION SERVICES FROM IBM BUSINESS AUTOMATION STUDIO
JR64808 CAN'T EDIT PERMISSIONS OF PUBLISHED AUTOMATION SERVICE IN IBM BUSINESS AUTOMATION STUDIO
JR64823 AN UNAUTHORIZED USER CAN SEE THE LIST OF PUBLISHED AUTOMATION SERVICES IN IBM IBM BUSINESS AUTOMATION STUDIO
Business Automation Workflow including Automation Workstream Services
APAR Title Sec. Cont. B.I.
JR64423 IF YOU SORT THE ROWS IN A CASE LIST THAT IS POPULATED WITH A CUSTOM SCRIPT ADAPTER, VALUES FOR CASE TITLE COLUMN DISAPPEAR
JR64827 PROCESS FEDERATION SERVER MAY THROW NULLPOINTEREXCEPTION WHEN PROCESSING FEDERATED NOTIFICATIONS X
JR64947 EACH ACTIVITY IN ACTIVITIES TAB OF CASE INFORMATION WIDGET IS DISPLAYED WITH EXTRA TOP AND BOTTOM PADDING
Enterprise Records
APAR Title Sec. Cont. B.I.
N/A
N/A
FileNet Content Manager
Operational Decision Management
APAR Title Sec. Cont. B.I.
RS03901 BUSINESS CONSOLE LAYOUT ISSUE WHEN DECISION ARTIFACTS VERTICAL SCROLLBAR IS VISIBLE   
RS03902 AFTER AN EXECUTION FAILED WITH A NPE, ALL SUBSEQUENT EXECUTIONS MAY FAIL AS WELL   
RS03904 ELEMENTNOTFOUND EXCEPTION WHEN TRYING TO MERGE TWO BRANCHES   
RS03907 ORG.XML.SAX.SAXPARSEEXCEPTION: THE ENTITY NAME MUST IMMEDIATELY FOLLOW THE '&' IN THE ENTITY REFERENCE   
RS03908 METERING NOT RELIABLE IN CASE OF CONNECTION ISSUES   
RS03910 LIBRARY TAB LISTING ALL SERVICES AFTER CLOSING DEPLOY DIALOG BOX   
User Management Service
APAR Title Sec. Cont. B.I.
JR64609 BUSINESS TEAMS SERVICE IN CLOUDPAK FOR BUSINESS AUTOMATION BLOCKS OPENSHIFT MAINTENANCE
Workflow Process Service
APAR Title Sec. Cont. B.I.
N/A N/A

Known Limitations

Document change history

  • 29 April 2022: Add APAR list for Operational Decision Manager
  • 27 April 2022: Initial publish.
  • [{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"Other-\u003ECloudPak4Automation Platform"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

    Document Information

    Modified date:
    14 September 2022

    UID

    ibm16574813