Installing the capabilities in the Red Hat OpenShift console
If you want to select the capabilities to install and use only the default values, then it is easier to do that in the Form View of the Cloud Pak for Business Automation operator.
Before you begin
- Log in to your OCP or ROKS cluster as a cluster administrator.
To allow a non-administrator user to install the Cloud Pak capabilities, see the What to do next section in Installing the IBM catalogs.
- If you used the
All namespaces
option to install the Cloud Pak operator, switch to the project that you created for your CP4BA deployment. - In the Installed Operators view, verify the status of the IBM Cloud Pak for Business Automation operator installation reads succeeded, and verify the deployment by checking that all the pods are running.
Procedure
What to do next
- Checking the cartridge status
- When the status is
Conditions: Ready
,PrereqReady
,Running
, then make sure that theicp4ba
cartridge in IBM Automation foundation Core is also ready. For more information about IBM Automation foundation, see What is IBM Automation foundation?Note: Asmall
IBM Automation foundation deployment is used. For more information about the sizing for foundational services, see Deployment profiles.To view the status of theicp4ba
cartridge in the Red Hat OpenShift Admin console, proceed as follows.- Click .
- Click the Cartridge tab, click icp4ba, and then scroll to the Conditions section.
- Accessing the capability services
A ConfigMap is created in the namespace to provide the cluster-specific details to access the services and applications. Components that are successfully deployed have URLs in the ConfigMap. If any components failed, the URLs and credentials are not included. The ConfigMap name is prefixed with the deployment name (default is
icp4adeploy
). You can find the ConfigMap containing the routes information by clicking and then searching for the string "cp4ba-access-info
".The contents of the ConfigMap depends on the components that are included. Each component has one or more URLs, and if needed a username and password.
<component1> URL: <RouteUrlToAccessComponent1> <component1> Credentials: <UserName>/<Password> (optional) <component2> URL: <RouteUrlToAccessComponent2> <component2> Credentials: <UserName>/<Password> (optional)
Note: Thebastudio-access-info
section provides access information for the Cloud Pak dashboard (Zen UI) and Business Automation Studio, which is installed by several patterns including Business Automation Workflow. The included URLs and credentials can be used to access the applications designers of the installed components.You can also click the YAML tab in the CP4BA deployment (
icp4adeploy
) to view the endpointsuri
of the installed capabilities.After you have the routes and admin user information, check whether you need to do the following tasks.
Tip: If you want or need to update values in a starter deployment that you made in the Form View, you must edit the deployment in the YAML View. You can edittrue
orfalse
values in the Form View, but the other parameters need to be done in the YAML View. You can access the custom resource from the YAML tab, or by clicking .- Logging in to the IBM Cloud Pak Platform UI (Zen UI)
- Business Automation
Studio uses the Zen UI to
provide a role-based user interface for all Cloud Pak capabilities. Capabilities are dynamically
available in the UI based on the role of the user that logs in. You can find the URL for the Zen UI
by clicking and looking for the name cpd, or by running the following
command.
oc get route | grep "^cpd"
Three authentication types are displayed in the login page: Enterprise LDAP, Red Hat OpenShift authentication, and IBM provided credentials (admin only). Click Enterprise LDAP and enter the
cp4admin
user and the password in thecp4ba-access-info
ConfigMap. Thecp4admin
user has access to Business Automation Studio features. You can get the details for the IBM-providedadmin
user by getting the contents of the platform-auth-idp-credentials secret.Note: If you used a dedicated foundational services instance (the default from 22.0.1-IF002) then the namespace is the CP4BA deployment namespace. If you used a shared foundational services instance then the namespace is ibm-common-services.oc -n <namespace> get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d
You must use the IBM provided credentials (admin only) option to log in with the internal
admin
user.When logged in, you can add users to the Automation Developer role to enable users and user groups to access Business Automation Studio and work with business applications and business automations.
If you want to add more users, you need to log in with the Zen UI administrator. The kubeadmin user in the Red Hat OpenShift authentication and the IBM-provided
admin
user have the Zen UI administrator role. When logged in, you can add users to the Automation Developer role to enable users and user groups to access Business Automation Studio and work with business applications and business automations. For more information about adding users, see Completing post-deployment tasks for Business Automation Studio. For more information about the Automation Developer role, see Roles and permissions.Note: If you included multiple capabilities from IBM FileNet Content Manager (FNCM), Automation Document Processing (ADP), and Business Automation Application (BAA) in your CP4BA deployment, then use the Navigator for CP4BA heading in the cp4ba-access-info ConfigMap and the custom resource status fields to find the route URL for IBM Business Automation Navigator.If you included IBM FileNet Content Manager (FNCM) without the other capabilities, then use the Navigator for FNCM heading in the cp4ba-access-info ConfigMap and the custom resource status fields to find the route URL for IBM Business Automation Navigator.
- Using the LDAP user registry
- The LDAP server comes with a set of predefined users and groups to use with your starter
environment. Changes to the user repository are not persisted after a pod restart.
- To provide a user for Task Manager, the following LDAP users and groups are created by the deployment.
- In the OCP console, select the project in which you deployed the Cloud Pak, and then click .
- User names:
cp4admin
,user1
,user2
, up to and includinguser10
. - Group names:
TaskAdmins
,TaskUsers
, andTaskAuditors
.
The
cp4admin
user is assigned toTaskAdmins
. The LDAP usersuser1
-user5
are assigned toTaskUsers
, and the usersuser6
-user10
are assigned toTaskAuditors
. - To modify an existing user's password:Note: Do not change the password of the
cp4admin
user after the Content Platform Engine (CPE) is initialized. Changing the password of the Domain admin user needs extra steps. For more information, see Update System User credentials.- In the Red Hat OpenShift console, go to
icp4adeploy-openldap-customldif
secret.
, and
select the - Click .
- Change the password for a specified user and click Save.
- Go to openldap pod. , search for the
- In the overflow menu for the pod, click Delete Pod to restart it.
- In the Red Hat OpenShift console, go to
- To add a user:
- In the Red Hat OpenShift console, go to
icp4adeploy-openldap-customldif
secret.
, and
select the - Click .
- Copy and paste the attributes from an existing user, take out the unnecessary attributes, put
the information for the new user, and click Save. The following example is
for the user,
newuser
:dn: uid=newuser,dc=example,dc=org uid: newuser cn: newuser sn: newuser userPassword: <password> objectClass: top objectClass: posixAccount objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: person uidNumber: 14583345 gidNumber: 1456456 homeDirectory: /home/newuser/ mail: newuser@example.org
The
uidNumber
must be a unique and different number from the existing uidNumbers. - Go to openldap pod. , search for the
- In the overflow menu for the pod, click Delete Pod to restart it.
- Sign in to the Common Web UI by following the steps in Accessing your cluster by using the console.
- Follow the steps in Managing console access to add the user to the Cloud Pak Platform UI (Zen).
- In the Red Hat OpenShift console, go to
- To provide a user for Task Manager, the following LDAP users and groups are created by the deployment.
- Creating storage policy and associate the Advanced Storage Area that was created during the deployment
-
- Create a storage policy and associate the storage policy with the existing advanced storage area. See Storage policies for more information.
- Assign the newly created storage policy to existing document class.
- Enabling GraphQL integrated development environments for FileNet Content Manager
- The GraphQL integrated development environment (IDE) is not enabled by default because of a
security risk. If you want to include this capability in your starter environment, add the parameter
to enable the IDE.
- Click YAML to go into the YAML view. , then click
- Add the following parameter to the
file:
graphql: graphql_production_setting: enable_graph_iql: true
- Apply the updated custom resource YAML file.
In the next reconciliation loop, the operator picks up the change and includes GraphQL with your deployment.
- Importing sample data for IBM Business Automation Insights
- If you selected Business Automation Insights as an optional component, you can test and explore the component by importing sample data. For more information, see https://github.com/icp4a/bai-data-samples
- Enabling Business Automation Insights for FileNet Content Manager
- If you selected Business Automation Insights as an optional
component and included the Content event emitter in your deployment, you must update the deployment
to add the Kafka certificate to the trusted certificate list.
- Create a secret with your Kafka certificate, for
example:
oc create secret generic eventstreamsecret --from-file=tls.crt=eventstream.crt
- Find the generated YAML file in the directory where you ran the deployment script. For example, generated-cr/ibm_cp4a_cr_final.yaml.
- Update the
trusted_certificate_list
parameter to include the secret that you created.shared_configuration: trusted_certificate_list: ['eventstreamsecret']
If other certificates are in the list, use a comma to separate your new entry.
- Apply the updated custom resource YAML file.
- Create a secret with your Kafka certificate, for
example:
- Sample data for Automation Document Processing
- If you installed the Document Processing pattern, sample data is
loaded so you can use the Document Processing components.Important: The starter deployment provides one project database for the Automation Document Processing capability. Therefore, you can create only one Document Processing project.
- Verifying the creation of the CDD repository for Content Designer
- If you installed IBM FileNet Content Manager,
use the Gitea pod terminal from the Red Hat OpenShift console to run the following command:
/ # ls -l /data/git/repositories/content-designer/
- If the output shows cdd.git, then the content-designer
directory exists and the Git repository is created
successfully.
drwxr-xr-x 7 git git 147 May 5 15:58 cdd.git
- If the output does not show the CDD repository, go to the operator logs to understand why the deployment failed.
- If the output shows cdd.git, then the content-designer
directory exists and the Git repository is created
successfully.