Configuring a remote server

You can configure a remote on-container Workflow Server so users can debug an instance on a production or test environment to ensure it runs correctly in that environment.

Procedure

  1. Exchange the certificate of your Workflow Server and Workflow Authoring environment.
    Extract the IBM Cloud Pak® for Automation operator root CA certificate of the Workflow Authoring delivery and copy it to your Workflow Server container-located server. For instructions, see Exporting the operator root CA key and importing it into an external service.
    For example, suppose its location is /root/YourPCorWC.certCopy. On the Business Automation Workflow runtime environment, run the following oc command to create a secret: 
    > oc create secret generic baw-tls-secret --from-file=tls.crt=/root/YourPCorWC.certCopy

    Extract the Cloud Pak for Automation operator root CA certificate of Workflow Server delivery and copy it to your Workflow Authoring container-located server. For instructions, see Exporting the operator root CA key and importing it into an external service.

    For example, suppose its location is /root/YourPSorWS.certCopy. On the Business Automation Workflow authoring environment, run the following oc command to create a secret:

    > oc create secret generic baw-tls-secret --from-file=tls.crt=/root/YourPSorWS.certCopy
  2. Add this secret to the trust list section of the Business Automation Workflow custom resource (CR) file, for example 
      baw_configuration:
  - name: instance1
    tls:
      tls_trust_list: [baw-tls-secret]
    You can do this for all features, as shown in Importing the certificate of an external service.
  3. Set up the content security policy (CSP) by adding your Workflow Server address to your Workflow Authoring CR: 
      workflow_authoring_configuration:
    federated_portal:
      # Content security policy additional origins for federate on container BAW systems, e.g ["on-container-baw1","on-container-baw2"]
      content_security_policy_additional_origins: [on container Workflow Server host name:on container Workflow Server port]
  4. Apply the CR changes by running oc apply -f <customResourceFileName>.
  5. Add users to the Debug user group. For more information, see the steps to add members to a group in Managing access to the Workflow repository.