Optional: Customizing Workflow Server to connect to Workflow Authoring

You can configure a remote on-container Workflow Server so users can debug an instance on a production or test environment to ensure it runs correctly in that environment.

1. Exchange the certificate of your Workflow Server and Workflow Authoring environment.
   Extract the IBM Cloud Pak® for Business Automation operator root CA certificate of the Workflow Authoring delivery and copy it to your Workflow Server container-located server. For instructions, see Exporting the operator root CA key and importing it into an external service.

   For example, suppose its location is /root/YourPCorWC.certCopy. On the Business Automation Workflow runtime environment, run the following oc command to create a secret:

   oc create secret generic baw-pc-tls-secret --from-file=tls.crt=/root/YourPCorWC.certCopy

   Extract the Cloud Pak for Business Automation operator root CA certificate of Workflow Server delivery and copy it to your Workflow Authoring container-located server. For instructions, see Exporting the operator root CA key and importing it into an external service.

   For example, suppose its location is /root/YourPSorWS.certCopy. On the Business Automation Workflow authoring environment, run the following oc command to create a secret:

   oc create secret generic baw-ps-tls-secret --from-file=tls.crt=/root/YourPSorWS.certCopy

2. Create a new secret that will hold the username and password of the IBM Workflow Center administrator.
   1. On the Business Automation Workflow runtime environment, create a new secret called ibm-baw-wc-secret in the adminSecrets4operator-ctnrs.yaml file. You add the following content into adminSecrets4operator-ctnrs.yaml file. This secret will contain the credentials of an administrator for Workflow Center, for example

      apiVersion: v1
      kind: Secret
      metadata:
        name: ibm-baw-wc-secret
      type: Opaque
      stringData:
        username: <workflow_authoring_admin_user>
        password: <workflow_authoring_admin_user_password>

      <workflow_authoring_admin_user> is the admin user of Workflow Authoring. You can get this specification from the workflow_authoring_configuration.admin_user Workflow Authoring configuration.
   2. Apply the adminSecrets4operator-ctnrs.yaml file to the runtime environment:

      oc apply -f ./adminSecrets4operator-ctnrs.yaml

3. Add the root CA certificate of the Workflow Authoring created in the step 1 to the trust list section of the Business Automation Workflow custom resource (CR) file and update the following parameters in the workflow_center section of the Business Automation Workflow CR YAML, for example

     baw_configuration:
     - name: instance1
       tls:
         tls_trust_list: [baw-pc-tls-secret]
       workflow_center:
        url: "https://bawaut.<namespace>.9.x.x.x.nip.io/ProcessCenter"
        secret_name: "ibm-baw-wc-secret"
        heartbeat_interval: 30

   You can do this for all features, as shown in Importing the certificate of an external service.
4. Add the root CA certificate of the Workflow Server created in the step 1 to the trust list section of the Business Automation Workflow CR file:

     workflow_authoring_configuration:
       tls:
         tls_trust_list: [baw-ps-tls-secret]
   
       federated_portal:
         # Content security policy additional origins for federate on container BAW systems, for example ["on-container-baw1","on-container-baw2"]
         content_security_policy_additional_origins: [on container Workflow Server host name:on container Workflow Server port] host name:on container Workflow Server port]

5. Apply the CR changes by running oc apply -f <customResourceFileName>.
6. Add users to the Debug user group. For more information, see the steps to add members to a group in Managing access to the Workflow repository.