Installing the capabilities in the Red Hat OpenShift console

Edit online

If you want to select the capabilities to install and use only the default values, then it is easier to do that in the Form View of the Cloud Pak for Business Automation operator.

Before you begin

  1. Log in to your OCP or ROKS cluster as a cluster administrator.

    To allow a non-administrator user to install the Cloud Pak capabilities, see the What to do next section in Installing the IBM catalogs.

  2. If you used the All namespaces option to install the Cloud Pak operator, switch to the project that you created for your CP4BA deployment.
  3. In the Installed Operators view, verify the status of the IBM Cloud Pak for Business Automation operator installation reads succeeded, and verify the deployment by checking that all the pods are running.

Procedure

  1. Use the operator instance to apply a custom resource by clicking CP4BA deployment > Create Instance.
  2. In the Form View of the deployment editor, enter the values for everything that you want to include in your deployment.
    1. Enter a Name value or use the default icp4adeploy.
    2. Enter 22.0.1 as the appVersion value.
    3. Accept the License by setting the value to true.
    4. Set Deployment Type to starter.
    5. Open the Shared Configuration section and enter values for the following parameters. For more information about the shared parameters, see Shared configuration parameters.
      Table 1. Shared configuration parameters
      Shared configuration parameters Values
      Purchased CP4BA license Set to non-production.
      Platform Set to OCP or ROKS.
      root_ca_secret The default is icp4a-root-ca.
      sc_drivers_url This parameter is necessary if you want to provide IBM Content Collector for SAP Applications (ICCSA) libraries. All the files must be compressed in a single file.
      external_tls_certificate_secret Leave the value empty to sign all external routes with the root_ca_secret.
      Trusted certificate list Leave blank to generate a self-signed signer certificate.
      Purchased licenses for FNCM and BAW Leave blank.
      Storage configuration Select a file-based dynamic storage class and a block storage class from the list under Storage for starter and Block Storage Class.
    6. Select the capabilities that you want to include.
      Tip: If you do not want to include a capability, leave the value as false. For more information about the capabilities and their dependencies, see Capabilities for starter deployments.
      Restriction: Automation Document Processing does not support a cluster with a Linux on Z (s390x) architecture.
      • FileNet Content Manager
      • Business Automation Application
      • Operational Decision Manager
      • Automation Decision Services
      • Automation Document Processing
      • Automation Workflow and Automation Workstream Services
    7. Open the Optional Components section, choose whether to include, for example, Business Automation Insights and enter valid values for the parameters of the selected capabilities in the list.
      Restriction: Due to a limitation in the Form View, the repo_service_url parameter in IBM FileNet® Content Manager is still visible when IBM Automation Document Processing (ADP) runtime is set to false. You do not need to set a value for this configuration parameter if you do not want to include ADP.
      Tip: You can copy and paste parameters from the cert-kubernetes custom resource starter templates in the YAML View and edit the parameters. For more information about downloading cert-kubernetes, see Preparing for a starter deployment. You can edit the CR file in the editor, but it is best if you have the CR complete and verified before you save your changes in the editor. For example, go to http://www.yamllint.com/ to verify the contents of your file.

      For more information about the olm_ configuration parameters that enable you to switch between the Form View and the YAML View, see Business Automation configuration parameters for Operator Hub.

    8. Identify Graphics Processing Unit (GPU) enabled nodes for Document Processing, if applicable.

      If your cluster has nodes that are equipped with a GPU, identify the nodes in the YAML view.

      Click YAML View, and add the following parameter to the file, in the shared_configuration section:

      node_labels:
      gpu_enabled: true
      gpu_nodelabel_key: "<string like nvidia.com/gpu.present>"

      The value for the gpu_nodelabel_key is the unique node label key and value on the GPU node.

    9. Optional: If you plan on processing documents of type identity cards, set the global.oneconversion.enabled to true for Scene Text Recognition (STR).
  3. When you are ready, click Create.

    The page switches to the CP4BA deployment tab, where you can watch the Status.

  4. You can click the deployment name (icp4adeploy), and go to the Conditions section at the bottom of the page to see the status updates and any messages.

    You can also click the YAML tab to monitor the state of the selected capabilities.

    YAML view to monitor status

What to do next

Checking the cartridge status
When the status is Conditions: Ready, PrereqReady, Running, then make sure that the icp4ba cartridge in IBM Automation foundation Core is also ready. For more information about IBM Automation foundation, see What is IBM Automation foundation?
Note: A small IBM Automation foundation deployment is used. For more information about the sizing for foundational services, see Deployment profiles.
To view the status of the icp4ba cartridge in the Red Hat OpenShift Admin console, proceed as follows.
  1. Click Operators > Installed Operators > IBM Automation Foundation Core.
  2. Click the Cartridge tab, click icp4ba, and then scroll to the Conditions section. IAf core conditions
Accessing the capability services

A ConfigMap is created in the namespace to provide the cluster-specific details to access the services and applications. Components that are successfully deployed have URLs in the ConfigMap. If any components failed, the URLs and credentials are not included. The ConfigMap name is prefixed with the deployment name (default is icp4adeploy). You can find the ConfigMap containing the routes information by clicking Workloads > ConfigMaps and then searching for the string "cp4ba-access-info".

ConfigMaps

The contents of the ConfigMap depends on the components that are included. Each component has one or more URLs, and if needed a username and password.

<component1> URL: <RouteUrlToAccessComponent1>
<component1> Credentials: <UserName>/<Password> (optional) 
<component2> URL: <RouteUrlToAccessComponent2>
<component2> Credentials: <UserName>/<Password> (optional)
Note: The bastudio-access-info section provides access information for the Cloud Pak dashboard (Zen UI) and Business Automation Studio, which is installed by several patterns including Business Automation Workflow. The included URLs and credentials can be used to access the applications designers of the installed components.

You can also click the YAML tab in the CP4BA deployment (icp4adeploy) to view the endpoints uri of the installed capabilities.

After you have the routes and admin user information, check whether you need to do the following tasks.

Tip: If you want or need to update values in a starter deployment that you made in the Form View, you must edit the deployment in the YAML View. You can edit true or false values in the Form View, but the other parameters need to be done in the YAML View. You can access the custom resource from the YAML tab, or by clicking Actions > Edit ICP4ACluster.

YAML view

Logging in to the IBM Cloud Pak Platform UI (Zen UI)
Business Automation Studio uses the Zen UI to provide a role-based user interface for all Cloud Pak capabilities. Capabilities are dynamically available in the UI based on the role of the user that logs in. You can find the URL for the Zen UI by clicking Networking > Routes and looking for the name cpd, or by running the following command.
oc get route | grep "^cpd"

Three authentication types are displayed in the login page: Enterprise LDAP, Red Hat OpenShift authentication, and IBM provided credentials (admin only). Click Enterprise LDAP and enter the cp4admin user and the password in the cp4ba-access-info ConfigMap. The cp4admin user has access to Business Automation Studio features. You can get the details for the IBM-provided admin user by getting the contents of the platform-auth-idp-credentials secret.

Note: If you used a dedicated foundational services instance (the default from 22.0.1-IF002) then the namespace is the CP4BA deployment namespace. If you used a shared foundational services instance then the namespace is ibm-common-services.
oc -n <namespace> get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d

You must use the IBM provided credentials (admin only) option to log in with the internal admin user.

When logged in, you can add users to the Automation Developer role to enable users and user groups to access Business Automation Studio and work with business applications and business automations.

If you want to add more users, you need to log in with the Zen UI administrator. The kubeadmin user in the Red Hat OpenShift authentication and the IBM-provided admin user have the Zen UI administrator role. When logged in, you can add users to the Automation Developer role to enable users and user groups to access Business Automation Studio and work with business applications and business automations. For more information about adding users, see Completing post-deployment tasks for Business Automation Studio. For more information about the Automation Developer role, see Roles and permissions.

Note: If you included multiple capabilities from IBM FileNet Content Manager (FNCM), Automation Document Processing (ADP), and Business Automation Application (BAA) in your CP4BA deployment, then use the Navigator for CP4BA heading in the cp4ba-access-info ConfigMap and the custom resource status fields to find the route URL for IBM Business Automation Navigator.

If you included IBM FileNet Content Manager (FNCM) without the other capabilities, then use the Navigator for FNCM heading in the cp4ba-access-info ConfigMap and the custom resource status fields to find the route URL for IBM Business Automation Navigator.

Using the LDAP user registry
The LDAP server comes with a set of predefined users and groups to use with your starter environment. Changes to the user repository are not persisted after a pod restart.
  • To provide a user for Task Manager, the following LDAP users and groups are created by the deployment.
    • In the OCP console, select the project in which you deployed the Cloud Pak, and then click Workloads > Secrets > <deployment-name>-openldap-customldif > Data > Reveal Values.
    • User names: cp4admin, user1, user2, up to and including user10.
    • Group names: TaskAdmins, TaskUsers, and TaskAuditors.

    The cp4admin user is assigned to TaskAdmins. The LDAP users user1 - user5 are assigned to TaskUsers, and the users user6 - user10 are assigned to TaskAuditors.

  • To modify an existing user's password:
    Note: Do not change the password of the cp4admin user after the Content Platform Engine (CPE) is initialized. Changing the password of the Domain admin user needs extra steps. For more information, see Update System User credentials.
    1. In the Red Hat OpenShift console, go to Workloads > Secrets, and select the icp4adeploy-openldap-customldif secret.
    2. Click Actions > Edit Secret.
    3. Change the password for a specified user and click Save.
    4. Go to Workloads > Pods, search for the openldap pod.
    5. In the overflow menu for the pod, click Delete Pod to restart it.
  • To add a user:
    1. In the Red Hat OpenShift console, go to Workloads > Secrets, and select the icp4adeploy-openldap-customldif secret.
    2. Click Actions > Edit Secret.
    3. Copy and paste the attributes from an existing user, take out the unnecessary attributes, put the information for the new user, and click Save. The following example is for the user, newuser:
      dn: uid=newuser,dc=example,dc=org
uid: newuser
cn: newuser
sn: newuser
userPassword: <password>
objectClass: top
objectClass: posixAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: person
uidNumber: 14583345
gidNumber: 1456456
homeDirectory: /home/newuser/
mail: newuser@example.org

      The uidNumber must be a unique and different number from the existing uidNumbers.

    4. Go to Workloads > Pods, search for the openldap pod.
    5. In the overflow menu for the pod, click Delete Pod to restart it.
    6. Sign in to the Common Web UI by following the steps in Accessing your cluster by using the console.
    7. Follow the steps in Managing console access to add the user to the Cloud Pak Platform UI (Zen).
Creating storage policy and associate the Advanced Storage Area that was created during the deployment
  1. Create a storage policy and associate the storage policy with the existing advanced storage area. See Storage policies for more information.
  2. Assign the newly created storage policy to existing document class.
Enabling GraphQL integrated development environments for FileNet Content Manager
The GraphQL integrated development environment (IDE) is not enabled by default because of a security risk. If you want to include this capability in your starter environment, add the parameter to enable the IDE.
  1. Click Actions > Edit ICP4ACluster, then click YAML to go into the YAML view.
  2. Add the following parameter to the file:
    graphql:
      graphql_production_setting:
        enable_graph_iql: true
  3. Apply the updated custom resource YAML file.

    In the next reconciliation loop, the operator picks up the change and includes GraphQL with your deployment.

Importing sample data for IBM Business Automation Insights
If you selected Business Automation Insights as an optional component, you can test and explore the component by importing sample data. For more information, see https://github.com/icp4a/bai-data-samples
Enabling Business Automation Insights for FileNet Content Manager
If you selected Business Automation Insights as an optional component and included the Content event emitter in your deployment, you must update the deployment to add the Kafka certificate to the trusted certificate list.
  1. Create a secret with your Kafka certificate, for example:
    oc create secret generic eventstreamsecret --from-file=tls.crt=eventstream.crt
  2. Find the generated YAML file in the directory where you ran the deployment script. For example, generated-cr/ibm_cp4a_cr_final.yaml.
  3. Update the trusted_certificate_list parameter to include the secret that you created.
    shared_configuration:
      trusted_certificate_list: ['eventstreamsecret']

    If other certificates are in the list, use a comma to separate your new entry.

  4. Apply the updated custom resource YAML file.
Sample data for Automation Document Processing
If you installed the Document Processing pattern, sample data is loaded so you can use the Document Processing components.
Important: The starter deployment provides one project database for the Automation Document Processing capability. Therefore, you can create only one Document Processing project.
Verifying the creation of the CDD repository for Content Designer
If you installed IBM FileNet Content Manager, use the Gitea pod terminal from the Red Hat OpenShift console to run the following command:
/ # ls -l /data/git/repositories/content-designer/
  • If the output shows cdd.git, then the content-designer directory exists and the Git repository is created successfully.
    drwxr-xr-x 7 git git 147 May 5 15:58 cdd.git
  • If the output does not show the CDD repository, go to the operator logs to understand why the deployment failed.