Option 2: Deploying the custom resource you created with the deployment script
To install the deployment, you must apply the custom resource to the operator.
Before you begin
Make sure that you followed the instructions to prepare your environment for all of the capabilities you want to install, and you have access to all of the container images. For more information, see Getting access to images from the public IBM Entitled Registry.
oc get no -l node-role.kubernetes.io/worker --no-headers -o name | xargs -I {} -- oc debug {} -- chroot /host sh -c 'systemctl restart chronyd'
Procedure
Results
The operator reconciliation loop can take some time. You must verify that the automation containers are running.
- You can open the operator log to view the progress. Using the OpenShift
CLI:
oc logs <operator pod name> -c operator -n <project-name>
Get the full syntax by entering the
help
command.oc logs --help
- Monitor the status of your pods from the command line. Using the OpenShift
CLI:
oc get pods -w
- When all of the pods are "Running", you can access the status of your services with the
following OCP CLI command.
oc status
Refer to the Troubleshooting to access the operator logs.
What to do next
When all of the containers are running, you can access the services.
- Go to the
cert-kubernetes
directory on your local machine.cd cert-kubernetes
For more information about downloading cert-kubernetes, see Option 1: Preparing your cluster for an online deployment.
- Log in to the cluster with the non-administrator user. Using the OpenShift
CLI:
oc login
- Look for the status field of each capability by running an
oc get
command.oc get ICP4ACluster <instance_name> -o=jsonpath='{.status.components.<component_id>}'
Note: If you selected "FileNet Content Manager" with no other capabilities, then theKind
parameter is set toContent
instead ofICP4ACluster
.oc get Content <instance_name> -o=jsonpath='{.status.components.<component_id>}'
Where the <component_id> can be any of the following ids:status: components: ae-icp4adeploy-workspace-aae viewone gitgatewayService css adsMongo contentDesignerRepoAPI adsLtpaCreation adsCredentialsService workflow-authoring graphql adsRrRegistration adsRuntimeService ae-icp4adeploy-pbk app-engine contentProjectDeploymentService contentDesignerService adsGitService cmis adsParsingService bastudio ier adsRestApi adsBuildService navigator baw odm cpe iccsap tm adsFront adsRunService prereq adsRuntimeBaiRegistration resource-registry pfs adsDownloadService ca baml extshare
- Get the access information by running either of the following
commands:
oc get cm <instance_name>-cp4ba-access-info -o=jsonpath='{.data.<component_id>-access-info}'
oc describe icp4acluster <instance_name> -n <namespace>
Note: If you selected "FileNet Content Manager" with no other capabilities, then theKind
parameter is set toContent
instead ofICP4ACluster
.oc describe Content <instance_name> -n <namespace>
Note: Thebastudio-access-info
section provides access information for the Cloud Pak dashboard (Zen UI) and Business Automation Studio, which is installed by several patterns. The included URLs and credentials can be used to access the applications designers of the installed components.
Business Automation Studio uses the IBM Cloud Pak Platform UI (Zen UI) to provide a role-based user interface for all Cloud Pak capabilities. Capabilities are dynamically available in the UI based on the role of the user that logs in. The URL for the Admin Hub is included in the cp4ba-access-info ConfigMap.
Log in to the Admin Hub to configure your LDAP with the Identity and Access Management (IAM) service. You have two authentication types that you can log in with: OpenShift authentication and IBM provided credentials (admin only). Use your kubeadmin username and credentials to log in with OpenShift authentication. On ROKS, you must use IBM provided credentials. The default username for these credentials is "admin". You can get the default username by running the following command in the namespace used for the CP4BA deployment:
oc -n <namespace> get secret platform-auth-idp-credentials \
-o jsonpath='{.data.admin_username}' | base64 -d && echo
You get the password by running the following command:
oc -n <namespace> get secret platform-auth-idp-credentials \
-o jsonpath='{.data.admin_password}' | base64 -d && echo
You can change the default password at any time. For more information, see Changing the cluster administrator password.
After you created a deployment, the operator automatically connects your LDAP to IAM. The users and groups you defined in your LDAP are now available via IAM.
At this point, you must associate your users and groups to Zen roles to be able to use them in all of the applications. IBM Automation has four roles that are defined: Automation Administrator, Automation Analyst, Automation Developer, and Automation Operator. For more information, see Roles and permissions.
Log in to the Common Web UI to get the IBM Cloud Pak console route and admin's password. Use the Platform UI (Zen) to create a group for your CP4BA Developers, and add your LDAP users and groups to this group. You then need to assign the Zen group with the Automation Developer role.
For more information about adding users, see Completing post-installation tasks for Business Automation Studio.
Some capabilities need you to follow post-deployment steps. For more information, see Completing post-installation tasks.