Installing a production deployment in the OpenShift console
Operator lifecycle manager (OLM) helps you to install, update, and manage the lifecycle of all operators and services that are deployed in OpenShift clusters.
Before you begin
- If you created an air gap environment, you must complete the steps in Preparing an air gap environment before you install the operator. In other cases, complete the steps in Preparing for a production deployment.
- You must then follow the relevant steps to prepare the patterns that you want to install. For more information, see Preparing capabilities.
- Log in to your OCP or ROKS cluster.
- If you used the
All namespaces
option to install the Cloud Pak operator, switch to the project that you created for your CP4BA deployment. For example,cp4ba-project
. - In the Installed Operators view, verify the status of the IBM Cloud Pak for Business Automation operator installation reads succeeded, and verify the deployment by checking all of the pods are running.
oc get no -l node-role.kubernetes.io/worker --no-headers -o name | xargs -I {} -- oc debug {} -- chroot /host sh -c 'systemctl restart chronyd'
About this task
Operator lifecycle manager is part of the Operator Framework, which is an open source toolkit that is designed to manage Kubernetes applications in an effective, automated, and scalable way.
IBM provides operators to OpenShift in the form of a catalog. The catalog is added to an OpenShift cluster and appears in the OpenShift Operator Hub under the IBM Operator Catalog provider type.
Procedure
What to do next
Check to make sure that the icp4ba
cartridge in the IBM Automation
Foundation Core is ready. For more information about IBM Automation Foundation, see What is IBM Automation foundation?
To view the status of
the icp4ba
cartridge in the OCP Admin console, click . Click the Cartridge tab, click icp4ba,
and then scroll to the Conditions section.
![IAf core conditions](../images/scrn_iaf_conditions.jpg)
How to access the capability services
A ConfigMap is created
in the namespace to provide the cluster-specific details to access the services and applications.
Components that are successfully deployed have URLs in the ConfigMap. If any components failed, the
URLs are not included. The ConfigMap name is prefixed with the deployment name (default is
icp4adeploy
). You can find the ConfigMap containing the routes information by
clicking
and
then searching for the string "cp4ba-access-info
".
![ConfigMaps](../images/scrn_configmaps.jpg)
The contents of the ConfigMap depends on the components that are included. Each component has one or more URLs.
<component1> URL: <RouteUrlToAccessComponent1>
<component2> URL: <RouteUrlToAccessComponent2>
When all of the containers are running, you can access the services.
true
or
false
values in the Form View, but the other parameters need
to be done in the YAML View. You can access the custom resource from the
YAML tab, or by clicking . Business Automation Studio leverages the IBM Cloud Pak Platform UI (Zen UI) to provide a role-based user interface for all Cloud Pak capabilities. Capabilities are dynamically available in the UI based on the role of the user that logs in. You can find the URL for the Zen UI by clicking cpd, or by running the following command.
and looking for the nameoc get route |grep "^cpd"
Log in to the Admin Hub to configure your LDAP with the Identity and Access Management (IAM) service. You have two authentication types that you can log in with: OpenShift authentication and IBM provided credentials (admin only). Use your kubeadmin username and credentials to log in with OpenShift authentication. On ROKS, you must use IBM provided credentials. The default username for these credentials is "admin". You can get the default username by running the following command:
oc -n ibm-common-services get secret platform-auth-idp-credentials \
-o jsonpath='{.data.admin_username}' | base64 -d && echo
You get the password by running the following command:
oc -n ibm-common-services get secret platform-auth-idp-credentials \
-o jsonpath='{.data.admin_password}' | base64 -d
You can change the default password at any time. For more information, see Changing the cluster administrator password.
After you created a CP4BA deployment, the operator automatically connects your LDAP to IAM. The users and groups you defined in your LDAP are now available via IAM.
At this point, you must associate your users and groups to Zen roles to be able to use them in all of the CP4BA applications. IBM Automation has four roles defined: Automation Administrator, Automation Analyst, Automation Developer, and Automation Operator. For more information, see Roles and permissions.
Log in to the Common Web UI to get the IBM Cloud Pak console route and admin's password. Use the Platform UI (Zen) to create a group for your CP4BA Developers, and add your LDAP users and groups to this group. You then need to assign the Zen group with the Automation Developer role.
For more information about adding users, see Completing post-deployment tasks for Business Automation Studio.
If you included FileNet Content Manager (FNCM) without the other capabilities, then use the Navigator for FNCM heading in the cp4ba-access-info ConfigMap and the custom resource status fields to find the route URL for Business Automation Navigator.
To enable logs
and monitoring add the wanted YAML to the CR in the YAML view. For example, the
following parameters provide custom setting for the content
pattern.
monitoring_configuration:
collectd_disable_host_monitoring: false
collectd_interval: 10
collectd_plugin_write_graphite_host: localhost
collectd_plugin_write_graphite_port: 2003
collectd_plugin_write_prometheus_port: 9103
mon_enable_plugin_mbean: true
mon_enable_plugin_pch: true
mon_metrics_writer_option: 4
logging_configuration:
mon_log_parse: true
mon_log_shipper_option: "1"
mon_log_service_endpoint: example.com:9200
private_logging_enabled: false
logging_type: default
mon_log_path: /path_to_extra_log
ecm_configuration:
cpe:
logging_enabled: true
monitor_enabled: true
css:
logging_enabled: true
monitor_enabled: true
graphql:
logging_enabled: true
monitor_enabled: true
cmis:
logging_enabled: true
monitor_enabled: true
es:
logging_enabled: true
monitor_enabled: true
Some capabilities need you to follow post-deployment steps. For more information, see Completing post-installation tasks.