Fix Readme
Abstract
The following document is for IBM Cloud Pak for Business Automation 23.0.1 IF005. It includes the CASE package download, installation information, and the list of APARs/Known Issues that are resolved in this interim fix.
Content
Readme file for: | IBM Cloud Pak® for Business Automation |
---|---|
Product Release: | 23.0.1 |
Update Name: | 23.0.1 IF005 |
Fix ID: | 23.0.1-WS-CP4BA-IF005 |
Publication Date: | 30 November 2023 |
Contents
Prerequisites and supersedes
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history
Prerequisites and supersedes
- Supersedes all prior interim fixes for Cloud Pak for Business Automation 23.0.1.
Components impacted
- General
- Cloud Pak for Business Automation Operator
- Automation Document Processing
- Automation Decision Services
- Business Automation Application
- Business Automation Insights
- Business Automation Navigator
- Business Automation Studio
- Business Automation Workflow including Automation Workstream Services
- Enterprise Records
- FileNet Content Manager
- Operational Decision Management
- User Management Service
- Workflow Process Service
Before installation
- Ensure you take regular backups of any databases associated with the environment.
- Ensure your operators are in a healthy state, before upgrading.
If one or more operators are failing, then it can prevent the system from completing an upgrade.
It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist: -
oc get icp4acluster -o yaml oc get content -o yaml oc get Foundation -o yaml
- Remove any image settings in CRs
If you used any individual image tag settings in your CRs, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. This doesn't apply to starter installation as it requires a new install.
Installing the interim fix
This interim fix contains the following version of Cloud Pak for Business Automation and Cloud Pak Foundational Services (CPFS):
- Cloud Pak for Business Automation 23.0.1-IF005
- Cloud Pak Foundational Services 4.2
Note: This interim fix only supports the Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Cloud Pak for Business Automation using the catalog sources in this readme document (the same catalog sources are also in the referenced CASE package). If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Cloud Pak Foundational Services versions, listed above, with other Cloud Paks' specifications.
Important interim fix details:
- Case Package: ibm-cp-automation-5.0.5+20231124.001758.tgz
- Case Package mirror file (IBM-Pak steps): cp4ba-case-to-be-mirrored-23.0.1-IF005.txt
- Cloud Pak Foundational Services channel: 4.2
Cloud Pak for Business Automation 23.0.1 interim fixes are released to the v23.1 operator channel. Once the operators are upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
Step 1: Setup the CASE package
- Download the CASE package provided with this interim fix to a Linux based machine (RHEL or macOS).
- Use the tar command to extract the cert-kubernetes directory.
tar -xvzf ibm-cp-automation-5.0.5+20231124.001758.tgz
cd ibm-cp-automation/inventory/cp4aOperatorSdk/files/deploy/crs
tar -xvf cert-k8s-23.0.1.tar
cd cert-kubernetes
Step 2: Perform the installation or update the existing deployment
Depending on the current setup and state of your existing environment, there are various upgrade actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.
-
Scenario 1: You are installing a Starter deployment or have an existing Starter deploymentActions: Starter deployments do not support upgrades. Although you can use this interim fix content to perform a Starter deployment. To deploy a Starter deployment using the content of this interim fix, please see install a new Starter environment and use the CASE package from this interim fix.Note: If you have an existing Cloud Pak Foundation Services instance installed in the cluster or in the namespace where CP4BA is being installed, then it is not supported. The Starter deployment of CP4BA is only supported when deploying into a new namespace without CPFS.
-
Scenario 2: You are installing a Production deploymentActions: You can use this interim fix content to perform a Production deployment. To deploy a Production deployment using the content of this interim fix, please see install a new Production environment and use the CASE package from this interim fix.Note: If you have an existing Cloud Pak Foundation Services instance installed in the cluster or in the namespace where CP4BA is being installed, then it is not supported. The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFS.
- Scenario 3: Your installed Production deployment version is 22.0.2 IF00x (at least IF002).
Actions:
Follow the upgrade instructions, Upgrading CP4BA multi-pattern clusters from 22.0.2.
Warning: You can only upgrade existing environments if they were using a single namespace scoped foundational services(CPFS) instance. Which mean the CPFS instance is installed in the same namespace as the cloud pak and isn't shared with any other Cloud Pak instances. Otherwise you would need to rebuild to upgrade.
Note: Direct upgrade from version prior to 22.0.2 is not supported. If you are upgrading from a prior version then you would need to perform incremental upgrading using the instructions from each prior version. - Scenario 4: Your installed Production deployment is 23.0.1 GA or any previous 23.0.1 iFix and is online
Actions:
Perform the following steps and then the upgrade of operators and deployments will start.- Upgrade the CP4BA operators using one of two methods.
- Option 1: Running the operator upgrade script from the case package.
./scripts/cp4a-deployment.sh -m upgradeOperator -n <project_name>
- Option 2: Manually deploy the catalog source and update the CPFS channels using the CPFS upgrade script.
- Apply the new catalog sources.
oc apply -f ./descriptors/op-olm/catalog_source.yaml
- Update the cert manager and license service channels to the appropriate level with this script:
./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_singleton.sh --enable-licensing --cert-manager-source ibm-cert-manager-catalog --licensing-source ibm-licensing-catalog --license-accept -v 1 -c v4.2
- Update the channels to the appropriate levels for the rest of the CPFS subscriptions.
./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_tenant.sh --operator-namespace <CP4BA Namespace> -s opencloud-operators-v4-2 -c v4.2 --license-accept -v 1
- Apply the new catalog sources.
- Option 1: Running the operator upgrade script from the case package.
- Wait for the operators to complete their upgrades.
By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
Use the below command to see the current status of the install plans.oc get installPlan
- You can use the following scripts to check the status of the upgrades.
- Run the script in [upgradeOperatorStatus] mode to check that the upgrade of the CP4BA operator and its dependencies is successful.
./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <project_name>
- Run the script in [upgradeDeploymentStatus] mode to check that the upgrade of the CP4BA deployment is successful.
./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <project_name>
- Run the script in [upgradeOperatorStatus] mode to check that the upgrade of the CP4BA operator and its dependencies is successful.
- Upgrade the CP4BA operators using one of two methods.
-
Scenario 5: Your installed Production deployment is 23.0.1 GA or any previous 23.0.1 iFix and using airgap/offline.
Actions:
Perform the following steps and then the upgrade of operators and deployments will start.-
Download the case package mirror file, cp4ba-case-to-be-mirrored-23.0.1-IF005.txt, for this interim fix and you must rename the file to cp4ba-case-to-be-mirrored-23.0.1-IF005.yaml. Then execute this command to download the case files:
oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-23.0.1-IF005.yaml
For more information, see Downloading the CASE files. -
You will need to mirror the images associated with the new case package. Follow the instructions for either mirroring option in Mirroring images to the private registry using the new version values associated with this fix.
export CASE_NAME=ibm-cp-automation export CASE_VERSION=5.0.5+20231124.001758
-
Update the catalog with the new version.
cat $HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml | sed 's/opencloud-operators/opencloud-operators-v4-2/g' | oc apply -f -
-
Update the cert manager and license service channels to the appropriate level with this script:
./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_singleton.sh --enable-licensing --cert-manager-source ibm-cert-manager-catalog --licensing-source ibm-licensing-catalog --license-accept -v 1 -c v4.2
-
Update the channels to the appropriate levels for the rest of the CPFS subscriptions.
./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_tenant.sh --operator-namespace <CP4BA Namespace> -s opencloud-operators-v4-2 -c v4.2 --license-accept -v 1
-
Wait for the operators to complete their upgrades.
By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
Use oc get installPlan to see the current status of the install plans.
The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this can make the upgrade more error prone.
-
Performing the necessary tasks after installation
a. Review the installation
It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
If you are interested in verifying the expected image digest for a particular image, then you can review the
ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml
file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.b. Required when you are using Operational Decision Manager
You must update your Rule Designer:
- Open Eclipse
- Open menu Help > Check for Updates
- Select IBM Operational Decision Manager for Developers v8.12.x - Rule Designer
- Proceed with installation.
c. Required If you are installing or upgrading Business Automation Insights with this iFix.
You must update CP4BA Custom Resource with digests for iaf-flink & iaf-eventprocessing-proxy images before applying custom resource to deploy this iFix.
- Update custom resource file to add below with correct digests for Flink.
-
apiVersion: icp4a.ibm.com/v1 kind: ICP4ACluster metadata: name: icp4adeploy spec: shared_configuration: --- ############################################################################## ######## IBM Business Automation Insights (BAI) configuration ######## ############################################################################## bai_configuration: flink: manager_image: cp.icr.io/cp/iaf-flink@sha256:0a5e18b137524877b4378113f362a67c1768453ff65273fd667dc57d55afa005 eventprocessing_proxy_image: cp.icr.io/cp/iaf-eventprocessing-proxy@sha256:954ef0ee64b447736dd69083ec94afeae4229382798f1317cc44a0a208e5b82e
- Apply the modified custom resource
Uninstalling
There is no procedure to uninstall the interim fix.
List of Fixes
APARs/Known Issues fixed by this interim fix are listed in the following tables.
The columns are defined as follows:
Column title | Column description |
APAR/Known Issue | The defect number |
Title | A short description of the defect |
Sec. | A mark indicates a defect related to security |
Cont. | A mark indicates a defect specific to the Cloud Pak integration of the component |
B.I. | A mark indicates the fix has a business impact. Details are found in the title column or the APAR/Known Issue document |
- General
- Cloud Pak for Business Automation Operator
- Automation Document Processing
- Automation Decision Services
- Business Automation Application
- Business Automation Insights
- Business Automation Navigator
- Business Automation Studio
- Business Automation Workflow including Automation Workstream Services
- Enterprise Records
- FileNet Content Manager
- Operational Decision Management
- User Management Service
- Workflow Process Service
General
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A |
Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
This interim fix includes fixes for these libraries to address:
CVE-2018-1099, CVE-2018-16886, CVE-2020-11080, CVE-2020-15106, CVE-2020-19909, CVE-2021-22147, CVE-2021-31684, CVE-2021-32050, CVE-2021-33503, CVE-2021-36222, CVE-2021-37750, CVE-2021-40690, CVE-2022-1471, CVE-2022-23709, CVE-2022-24834, CVE-2022-25883, CVE-2022-29458, CVE-2022-35951, CVE-2022-35977, CVE-2022-36021, CVE-2022-4285, CVE-2022-45688, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-1637, CVE-2023-1667, CVE-2023-2002, CVE-2023-20593, CVE-2023-22006, CVE-2023-22025, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-22081, CVE-2023-22458, CVE-2023-2283, CVE-2023-23931, CVE-2023-25155, CVE-2023-25399, CVE-2023-27522, CVE-2023-27533, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-28484, CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2023-28856, CVE-2023-29159, CVE-2023-29469, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-30630, CVE-2023-3090, CVE-2023-3138, CVE-2023-31417, CVE-2023-31418, CVE-2023-31419, CVE-2023-32002, CVE-2023-32006, CVE-2023-32360, CVE-2023-32559, CVE-2023-3390, CVE-2023-34034, CVE-2023-34035, CVE-2023-34462, CVE-2023-34969, CVE-2023-35001, CVE-2023-35788, CVE-2023-35887, CVE-2023-36824, CVE-2023-3776, CVE-2023-38552, CVE-2023-3899, CVE-2023-39151, CVE-2023-39333, CVE-2023-39410, CVE-2023-4004, CVE-2023-41053, CVE-2023-43494, CVE-2023-43495, CVE-2023-43496, CVE-2023-43497, CVE-2023-43498, CVE-2023-44466, CVE-2023-44981, CVE-2023-45143, CVE-2023-46673, CVE-2023-4853, CVE-2023-5072, GHSA-58qw-p7qm-5rvh, GHSA-5cpq-8wj7-hf2v, GHSA-6xv5-86q9-7xr8, GHSA-jm77-qphf-c4w8, RHSA-2023:4498, RHSA-2023:4523, RHSA-2023:4529, RHSA-2023:4706, RHSA-2023:5249, RHSA-2023:5252
Previous interim fixes have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.
|
Cloud Pak for Business Automation Operator
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
DT246377 | Remove Ansible Collection infinidat.infinibox from version 1.2.4 |
Automation Document Processing
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
DT244693 | Fast extraction training results are very large | X | X | |
DT247665 | Memory usage excessive for documents in Content Designer | X | X |
Automation Decision Services
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
Business Automation Application
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
DT244412 | max_request_body_size property can not be accessed or edited |
Business Automation Insights
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
Business Automation Navigator
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
Please see Business Automation Navigator Fix List APARs for Cloud Pak for Business Automation technote |
Business Automation Studio
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
DT237961 | 'bas_itp_username' is undefined error when installing BA Studio as part of Cloud Pak for Business Automation | |||
DT243347 | THE DEFAULT DATE IN THE DATE PICKER SHOWS THE PAST DATE WHEN YOU CREATE A NEW VALUE FOR AN EXPOSED PROCESS VALUE IN PROCESS ADMIN CONSOLE | |||
DT244412 | max_request_body_size property can not be accessed or edited | |||
DT246535 | IBM Business automation studio fails to load business application |
Business Automation Workflow including Automation Workstream Services
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
DT230451 | SECURITY APAR CVE-2023-40691 - INFORMATION LEAKAGE IN IBM BUSINESS AUTOMATION WORKFLOW | X | ||
DT189591 | Changing the admin_user setting for Business Automation Studio or Business Automation Workflow is not effective | |||
DT243230 | Case editor in IBM Process Designer returns "TypeError: Cannot read properties of undefined (reading '_model')" when a reused property is dragged to the coach | |||
DT243347 | THE DEFAULT DATE IN THE DATE PICKER SHOWS THE PAST DATE WHEN YOU CREATE A NEW VALUE FOR AN EXPOSED PROCESS VALUE IN PROCESS ADMIN CONSOLE | |||
DT243748 | IN PROCESS ADMIN CONSOLE PREFIX OF THE SERVER NAME DISPLAYS THE ACRONYM OF THE PROCESS APPLICATION INSTEAD OF THE TOOLKIT |
Enterprise Records
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A
|
N/A
|
FileNet Content Manager
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
See FileNet Content Manager Release Fix List APARs for IBM Cloud Pak for Business Automation technote |
Operational Decision Management
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
DT244987 | UNABLE TO EXECUTE DE RULES DURING ROLLING UPGRADE | |||
DT245118 | IN K8S TUNING THE AUTHENTICATION FOR THE RUNTIME MAY BREAK THE AUTHENTICATION FOR THE RES CONSOLE |
User Management Service
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
Workflow Process Service
Known Issue | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
DT230451 | SECURITY APAR CVE-2023-40691 - INFORMATION LEAKAGE IN IBM BUSINESS AUTOMATION WORKFLOW | X | ||
DT243748 | IN PROCESS ADMIN CONSOLE PREFIX OF THE SERVER NAME DISPLAYS THE ACRONYM OF THE PROCESS APPLICATION INSTEAD OF THE TOOLKIT |
Known Limitations
Document change history
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"Other-\u003ECloudPak4Automation Platform"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"23.0.1"}]
Was this topic helpful?
Document Information
Modified date:
29 February 2024
UID
ibm17061377