Optional: Customizing Workflow Server to connect to Workflow Authoring
You can configure a remote on-container Workflow Server so users can debug an instance on a production or test environment to ensure it runs correctly in that environment.
Procedure
-
Exchange the certificate of your Workflow Server and Workflow Authoring
environment.
Extract the IBM Cloud Pak® for Business Automation operator root CA certificate of the Workflow Authoring delivery and copy it to your Workflow Server container-located server. For instructions, see Exporting the operator root CA key and importing it into an external service.For example, suppose its location is /root/YourPCorWC.certCopy. On the Business Automation Workflow runtime environment, run the following oc command to create a secret:
oc create secret generic baw-pc-tls-secret --from-file=tls.crt=/root/YourPCorWC.certCopy
Extract the Cloud Pak for Business Automation operator root CA certificate of Workflow Server delivery and copy it to your Workflow Authoring container-located server. For instructions, see Exporting the operator root CA key and importing it into an external service.
For example, suppose its location is /root/YourPSorWS.certCopy. On the Business Automation Workflow authoring environment, run the following oc command to create a secret:
oc create secret generic baw-ps-tls-secret --from-file=tls.crt=/root/YourPSorWS.certCopy
- Create a new secret that will hold the username and password of the IBM Workflow Center administrator.
- On the Business Automation Workflow runtime environment,
create a new secret called ibm-baw-wc-secret in the
adminSecrets4operator-ctnrs.yaml file. You add the following content into
adminSecrets4operator-ctnrs.yaml file. This secret will contain the credentials
of an administrator for Workflow Center, for
example
apiVersion: v1 kind: Secret metadata: name: ibm-baw-wc-secret type: Opaque stringData: username: <workflow_authoring_admin_user> password: <workflow_authoring_admin_user_password>
<workflow_authoring_admin_user>
is the admin user of Workflow Authoring. You can get this specification from theworkflow_authoring_configuration.admin_user
Workflow Authoring configuration. - Apply the adminSecrets4operator-ctnrs.yaml file to the runtime environment:
oc apply -f ./adminSecrets4operator-ctnrs.yaml
- On the Business Automation Workflow runtime environment,
create a new secret called ibm-baw-wc-secret in the
adminSecrets4operator-ctnrs.yaml file. You add the following content into
adminSecrets4operator-ctnrs.yaml file. This secret will contain the credentials
of an administrator for Workflow Center, for
example
-
Add the root CA certificate of the Workflow Authoring created in the step 1 to the trust list
section of the Business Automation Workflow custom resource
(CR) file and update the following parameters in the workflow_center section of the Business Automation Workflow CR YAML, for example
You can do this for all features, as shown in Importing the certificate of an external service.baw_configuration: - name: instance1 tls: tls_trust_list: [baw-pc-tls-secret] workflow_center: url: "https://bawaut.<namespace>.9.x.x.x.nip.io/ProcessCenter" secret_name: "ibm-baw-wc-secret" heartbeat_interval: 30
-
Add the root CA certificate of the Workflow Server created in the step 1 to the
trust list section of the Business Automation Workflow CR
file:
workflow_authoring_configuration: tls: tls_trust_list: [baw-ps-tls-secret] federated_portal: # Content security policy additional origins for federate on container BAW systems, for example ["on-container-baw1","on-container-baw2"] content_security_policy_additional_origins: [on container Workflow Server host name:on container Workflow Server port] host name:on container Workflow Server port]
- Apply the CR changes by running oc apply -f <customResourceFileName>.
- Add users to the Debug user group. For more information, see the steps to add members to a group in Managing access to the Workflow repository.
What to do next
To customize Workflow Server to connect to the Workflow Authoring container, see step 3 and step 4 of Optional: Customizing Workflow Server to connect to Workflow Center on premises.