Configuring a remote server
You can configure a remote on-container Workflow Server so users can debug an instance on a production or test environment to ensure it runs correctly in that environment.
Procedure
-
Exchange the certificate of your Workflow Server and Workflow Authoring
environment.
Extract the IBM Cloud Pak® for Automation operator root CA certificate of the Workflow Authoring delivery and copy it to your Workflow Server container-located server. For instructions, see Exporting the operator root CA key and importing it into an external service.For example, suppose its location is /root/YourPCorWC.certCopy. On the Business Automation Workflow runtime environment, run the following oc command to create a secret:
> oc create secret generic baw-tls-secret --from-file=tls.crt=/root/YourPCorWC.certCopy
Extract the Cloud Pak for Automation operator root CA certificate of Workflow Server delivery and copy it to your Workflow Authoring container-located server. For instructions, see Exporting the operator root CA key and importing it into an external service.
For example, suppose its location is /root/YourPSorWS.certCopy. On the Business Automation Workflow authoring environment, run the following oc command to create a secret:
> oc create secret generic baw-tls-secret --from-file=tls.crt=/root/YourPSorWS.certCopy
-
Add this secret to the trust list section of the Business Automation Workflow custom resource (CR) file, for
example
You can do this for all features, as shown in Importing the certificate of an external service.baw_configuration: - name: instance1 tls: tls_trust_list: [baw-tls-secret]
-
Set up the content security policy (CSP) by adding your Workflow Server address to your Workflow
Authoring CR:
workflow_authoring_configuration: federated_portal: # Content security policy additional origins for federate on container BAW systems, e.g ["on-container-baw1","on-container-baw2"] content_security_policy_additional_origins: [on container Workflow Server host name:on container Workflow Server port]
- Apply the CR changes by running oc apply -f <customResourceFileName>.
- Add users to the Debug user group. For more information, see the steps to add members to a group in Managing access to the Workflow repository.