Option 2: Deploying the custom resource you created with the deployment script

To install the deployment, you must apply the custom resource to the operator.

Before you begin

Make sure that you followed the instructions to prepare your environment for all of the capabilities you want to install, and you have access to all of the container images. For more information, see Getting access to images from the public IBM Entitled Registry.

Warning: If your target cluster is ROKS classic and the worker nodes rebooted, then you must synchronize the time on each of the worker nodes before you deploy the CP4BA custom resource. To synchronize the times on the worker nodes, run the following command from a connected client:
oc get no -l node-role.kubernetes.io/worker --no-headers -o name | xargs -I {} --  oc debug {} -- chroot /host sh -c 'systemctl restart chronyd'

Procedure

  1. Check that all the capabilities that you want to install are configured. If you selected CP4BA capabilities, the custom resource file is named ibm_cp4a_cr_final.yaml. If you selected "FileNet Content Manager" without any other capabilities, the custom resource file is named ibm_content_cr_final.yaml. The custom resource in this case sets the Kind parameter to Content instead of ICP4ACluster. 
    cat generated-cr/<custom-resource-file>.yaml
  2. Use the OpenShift CLI to deploy the configured capabilities and apply the custom resource. For CP4BA capabilities, the use custom resource file ibm_cp4a_cr_final.yaml. For FileNet Content Manager without any other capabilities, use the custom resource file ibm_content_cr_final.yaml. 
    oc apply -f generated-cr/<custom-resource-file>.yaml

Results

The operator reconciliation loop can take some time. You must verify that the automation containers are running.

  1. You can open the operator log to view the progress. Using the OpenShift CLI:
    oc logs <operator pod name> -c operator -n <project-name>

    Get the full syntax by entering the help command.

    oc logs --help
  2. Monitor the status of your pods from the command line. Using the OpenShift CLI:
    oc get pods -w
  3. When all of the pods are "Running", you can access the status of your services with the following OCP CLI command.
    oc status

Refer to the Troubleshooting to access the operator logs.

What to do next

When all of the containers are running, you can access the services.

  1. Go to the cert-kubernetes directory on your local machine. 
    cd cert-kubernetes

    For more information about downloading cert-kubernetes, see Option 1: Preparing your cluster for an online deployment.

  2. Log in to the cluster with the non-administrator user. Using the OpenShift CLI:
    oc login
  3. Look for the status field of each capability by running an oc get command.
    oc get ICP4ACluster <instance_name> -o=jsonpath='{.status.components.<component_id>}'
    Note: If you selected "FileNet Content Manager" with no other capabilities, then the Kind parameter is set to Content instead of ICP4ACluster. 
    oc get Content <instance_name> -o=jsonpath='{.status.components.<component_id>}'
    Where the <component_id> can be any of the following ids: 
    status:
  components:
    ae-icp4adeploy-workspace-aae
    viewone
    gitgatewayService
    css
    adsMongo
    contentDesignerRepoAPI
    adsLtpaCreation
    adsCredentialsService
    workflow-authoring
    graphql
    adsRrRegistration
    adsRuntimeService
    ae-icp4adeploy-pbk
    app-engine
    contentProjectDeploymentService
    contentDesignerService
    adsGitService
    cmis
    adsParsingService
    bastudio
    ier
    adsRestApi
    adsBuildService
    navigator
    baw
    odm
    cpe
    iccsap
    tm
    adsFront
    adsRunService
    prereq
    adsRuntimeBaiRegistration
    resource-registry
    pfs
    adsDownloadService
    ca
    baml
    extshare
  4. Get the access information by running either of the following commands:
    oc get cm <instance_name>-cp4ba-access-info -o=jsonpath='{.data.<component_id>-access-info}'
    oc describe icp4acluster <instance_name> -n <namespace>
    Note: If you selected "FileNet Content Manager" with no other capabilities, then the Kind parameter is set to Content instead of ICP4ACluster. 
    oc describe Content <instance_name> -n <namespace>
    Note: The bastudio-access-info section provides access information for the Cloud Pak dashboard (Zen UI) and Business Automation Studio, which is installed by several patterns. The included URLs and credentials can be used to access the applications designers of the installed components.

Business Automation Studio uses the IBM Cloud Pak Platform UI (Zen UI) to provide a role-based user interface for all Cloud Pak capabilities. Capabilities are dynamically available in the UI based on the role of the user that logs in. The URL for the Admin Hub is included in the cp4ba-access-info ConfigMap.

Log in to the Admin Hub to configure your LDAP with the Identity and Access Management (IAM) service. You have two authentication types that you can log in with: OpenShift authentication and IBM provided credentials (admin only). Use your kubeadmin username and credentials to log in with OpenShift authentication. On ROKS, you must use IBM provided credentials. The default username for these credentials is "admin". You can get the default username by running the following command in the namespace used for the CP4BA deployment:

oc -n <namespace> get secret platform-auth-idp-credentials \
   -o jsonpath='{.data.admin_username}' | base64 -d && echo

You get the password by running the following command: 

oc -n <namespace> get secret platform-auth-idp-credentials \
   -o jsonpath='{.data.admin_password}' | base64 -d && echo

You can change the default password at any time. For more information, see Changing the cluster administrator password.

After you created a deployment, the operator automatically connects your LDAP to IAM. The users and groups you defined in your LDAP are now available via IAM.

At this point, you must associate your users and groups to Zen roles to be able to use them in all of the applications. IBM Automation has four roles that are defined: Automation Administrator, Automation Analyst, Automation Developer, and Automation Operator. For more information, see Roles and permissions.

Log in to the Common Web UI to get the IBM Cloud Pak console route and admin's password. Use the Platform UI (Zen) to create a group for your CP4BA Developers, and add your LDAP users and groups to this group. You then need to assign the Zen group with the Automation Developer role.

For more information about adding users, see Completing post-installation tasks for Business Automation Studio.

Note: If you included multiple capabilities from FileNet Content Manager (FNCM), Automation Document Processing (ADP), and Business Automation Application (BAA) in your CP4BA deployment, then use the Navigator for CP4BA heading in the cp4ba-access-info ConfigMap and the custom resource status fields to find the route URL for Business Automation Navigator.
Tip: Run the post-installation script on your cluster to further validate your deployment. For more information, see Recommended: Validating your production deployment.

Some capabilities need you to follow post-deployment steps. For more information, see Completing post-installation tasks.