IBM Support

Readme for Cloud Pak for Business Automation 22.0.1 IF004

Fix Readme


Abstract

The following document is for IBM Cloud Pak for Business Automation 22.0.1 IF004. It includes the CASE package download, installation information, and the list of APARs that are resolved in this interim fix.

Content

Readme file for: IBM Cloud Pak® for Business Automation
Product Release: 22.0.1
Update Name: 22.0.1 IF004
Fix ID: 22.0.1-WS-CP4BA-IF004
Publication Date: 27 October 2022

Before installation
  1. Ensure you take regular backups of any databases associated with the environment.
  2. Ensure your operators are in a healthy state, before upgrading.
    If one or more operators are failing, then it can prevent the system from completing an upgrade.
    It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist: 
    oc get icp4acluster -o yaml
oc get AutomationUIConfig -o yaml 
oc get Cartridge -o yaml 
oc get AutomationBase -o yaml 
oc get CartridgeRequirements -o yaml
  3. Required when you are using Business Automation Insights
    If Business Automation Insights is deployed, prune the Business Automation Insights deployment, and jobs,  before you apply the updated custom resource YAML file.
    $ oc delete Deployment,Job -l \
> 'app.kubernetes.io/name=ibm-business-automation-insights'
    Tip: For Flink event processing to resume from its previous state, make sure that savepoints are created before the upgrade and specified in the updated CR. For more information see Restarting from a checkpoint or savepoint

Installing the interim fix

Important: If you used any individual image tag settings in your CP4BA CR, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings for a production installation when you upgrade.
Breaking change(s):
  1.  In this interim fix, the URLs for Content Management Interoperability Services (CMIS) have changed (i.e., "cmis" context root was introduced):
    • The previous CPD route for CMIS has changed
      • from:  https://cpd-<cp4ba-namespace>.xxxx.xxxx.xxxx/openfncmis_wlp 
      • to:  https://cpd-<cp4ba-namespace>.xxxx.xxxx.xxxx/cmis/openfncmis_wlp
    • The previous Openshift route for CMIS has changed
      • from:  https://cmis-<cp4ba-namespace>.xxxx.xxxx.xxxx/openfncmis_wlp 
      • to:  https://cmis-<cp4ba-namespace>.xxxx.xxxx.xxxx/cmis/openfncmis_wlp
The CASE package associated with this interim fix is ibm-cp-automation-4.0.4.tgz.  Download the CASE package to wherever you are planning to perform the online installation or upgrade of this interim fix (for example, the infrastructure node of your OCP cluster) and extract the CASE package into a directory. For offline/Airgap installation or upgrade follow below mentioned Scenario 7.
Cloud Pak for Business Automation 22.0.1 interim fixes are released to the v22.1 operator channel. Once the operator is upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
If your environment has access to IBM entitled registry and has an automatic v22.1 channel subscription then production installations are upgraded automatically. This upgrade generally occurs when the interim fix is released or when images are mirrored for air gap setup.

Starting with 21.0.3-IF007 interim fix, we "pin" the version of Cloud Pak for Business Automation along with all its dependencies including IBM Automation Foundation and IBM Cloud Pak Foundational Services.  In other words, the automatic updates will be turned off and you will need to perform the steps listed to upgrade your environments in the future. 
This interim fix contains the following version of Cloud Pak for Business Automation,  IBM Automation Foundation (IAF), and Cloud Pak Foundational Services (CPFS):
  • Cloud Pak for Business Automation – 22.0.1-IF004
  • IBM Automation Foundation – 1.3.11
  • Cloud Pak Foundational Services – 3.21.0
Note:  This interim fix only supports the Automation Foundation and Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Cloud Pak for Business Automation using the catalog sources in this readme document (the same catalog sources are also in the referenced CASE package).  If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Automation Foundation  and Cloud Pak Foundational Services versions, listed above, with other Cloud Paks' specifications.
Depending on the current setup and state of your existing environment, there are various upgrade actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.
  • Scenario 1: You are deploying a Starter deployment
    Actions: Starter deployments do not support upgrades. Although you can use this interim fix content to perform a Starter deployment.  To deploy a Starter deployment using the content of this interim fix, please see install a new Starter environment and use the CASE package from this interim fix.
  • Scenario 2: You are deploying a Production deployment
    Actions: You can use this interim fix content to perform a Production deployment.  To deploy a Production deployment using the content of this interim fix, please see install a new Production environment and use the CASE package from this interim fix.
  • Scenario 3: You already have a Production deployment installed with 22.0.1 GA or 22.0.1 + any interim fix prior to this one, and now you want to install another Production deployment using this interim fix on the same Openshift cluster.
    Actions: If you have existing production deployment with 22.0.1 GA or 22.0.1 + any interim fix prior to this one and you want to install another production deployment of this interim fix using pinned catalogs, then you must first upgrade existing Cloud Pak Foundational Services to version 3.21.0 before you install another production deployment with this interim fix. You also needs to be aware that when applying the catalog sources from this interim fix on the Openshift cluster, the existing production deployment of CP4BA will also be updated to this interim fix.
    • Refer to the Cloud Pak Foundational Services upgrade section in the What's new in 22.0.1.  Make sure that you upgrade the Cloud Pak Foundational Services to 3.21.0 before you apply the catalog sources from Scenario 6.
      1. Log in to the cluster as an administrator by using the oc login command.
      2. Download the upgrade_common_services.sh script to your local machine.
      3. Run the script with the all namespaces flag and channel version to the command:
        • ./upgrade_common_services.sh -a -c v3.21
  • Scenario 4: Your installation is version 21.0.3-IFxxx and you're not using pinned catalog
    Actions: If you are using 21.0.3-IFxxx and not pinned catalogs, then your deployment is automatically updated to the latest interim fix of 21.0.3 in the v21.3 channel. To change this behavior , please follow Upgrading operators that are not pinned instructions.
  • Scenario 5: Your installation is version 21.0.3-IFxxx and you're using pinned catalog (note that pinned catalog was available with 21.0.3-IF007 or later)
    Actions: If your installation is 21.0.3-IFxxx and using pinned catalogs, then you must upgrade the operators for all of the Cloud Pak operators to 22.0.1-IF004. You can use the OpenShift console or the command line, please follow Upgrading operators that are pinned instructions.
  • Scenario 6:  Your installation is online and 22.0.1 GA or 22.0.1 + any interim fix.
    Actions:  If you are using version 22.0.1 GA or 22.0.1 + any interim fix, then you must first upgrade existing Cloud Pak Foundational Services to version 3.21.0 before you install another production deployment with this interim fix.
    • Refer to the Cloud Pak Foundational Services upgrade section in the What's new in 22.0.1.  Make sure that you upgrade the Cloud Pak Foundational Services to 3.21.0 before you apply the catalog sources below.
      1. Log in to the cluster as an administrator by using the oc login command.
      2. Download the upgrade_common_services.sh script to your local machine.
      3. Run the script with the all namespaces flag and channel version to the command:
        • ./upgrade_common_services.sh -a -c v3.21
    • You need to apply below updated catalog sources and does not require to execute update_subscription.sh script to change the subscription. 
      1. Apply the catalog sources to pin to the specified versions for IBM Automation Foundation, IBM Foundational Services with Cloud Pak for Business Automation.
        You can apply the catalog sources below from a command line by creating a YAML file (for example, cp4ba_catalog_sources.yaml) with the catalog sources below and performing "oc apply -f cp4ba_catalog_sources.yaml", or you can apply the catalog sources using the OCP console
        Note: you can apply only one catalog source at a time using the OCP console. 
        Note:  The DB2, IBM Business Team Service, and Postgres catalog sources are dependent components of Cloud Pak for Business Automation. 
        # CP4BA 22.0.1 IF004 catalog
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-cp4a-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: ibm-cp4a-operator
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:de014bde43e0f6f20c1e3771a32534308b8bc8f39f918fa97471d0d2955f202c
  updateStrategy:
    registryPoll:
      interval: 45m
---
# IBM Automation Foundation Base 1.3.11
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-cp-automation-foundation-catalog
  namespace: openshift-marketplace
spec:
  displayName: IBM Automation Foundation Operators
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-cp-automation-foundation-catalog@sha256:50f66cab9a8284869dcaa1cde4c6765458203fd32962f2ccee606dfd4b5e2b52
  updateStrategy:
    registryPoll:
      interval: 45m
---
# IBM Automation Foundation Core 1.3.11
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-automation-foundation-core-catalog
  namespace: openshift-marketplace
spec:
  displayName: IBM Automation Foundation Core Operators
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-automation-foundation-core-catalog@sha256:1d79c6b93a4f2dfcfb37c71b704036d7573e88307e93642bc86360b558a8fe2b
  updateStrategy:
    registryPoll:
      interval: 45m
---
# IBM Cloud Foundational Services 3.21.0
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  annotations:
    bedrock_catalogsource_priority: '1'
  name: opencloud-operators
  namespace: openshift-marketplace
spec:
  displayName: IBMCS Operators
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-common-service-catalog@sha256:da04da86e347a9ecfdd0fadbf4a6f25057bac15377d2e9dd6a83227ebc545ab1
  updateStrategy:
    registryPoll:
      interval: 45m
  priority: 100
---
# IBM Business Teams Service version 3.21.0
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  annotations:
    bedrock_catalogsource_priority: '1'
  name: bts-operator
  namespace: openshift-marketplace
spec:
  displayName: BTS Operator
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-bts-operator-catalog@sha256:cb3ffd2e55496079cb930bac1d7bd5d7d8408b65e2b19ab85bf6d4dafa88a42e
  updateStrategy:
    registryPoll:
      interval: 45m
---
# Cloud Native PostgresSQL 4.7.0
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  annotations:
    bedrock_catalogsource_priority: '1'
  name: cloud-native-postgresql-catalog
  namespace: openshift-marketplace
spec:
  displayName: Cloud Native Postgresql Catalog
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-cpd-cloud-native-postgresql-operator-catalog@sha256:7095e3e919fabea5a27fd21c2ba949ea0bf4a2f44010f1ce01a51830ec61e0bd
  updateStrategy:
    registryPoll:
      interval: 45m
  priority: 100
      2. Update the existing subscriptions of Cloud Pak for Business Automation, Automation Foundation, and Cloud Pak Foundational Services to change from IBM Operator Catalog to the individual catalogs applied above.
        1. Find the update_subscription.sh script from the extracted CASE package under "../ibm-cp-automation/inventory/cp4aOperatorSdk/files/deploy/crs/cert-kubernetes/scripts" Note, at the root of the CASE package is a nested archive that needs to be extracted as well.
        2. Log in to your OCP cluster as a cluster administrator
        3. Execute the update_subscription.sh -n <your cp4ba namespace>
          Note, at this point, the environment will be updated to use the new "pinned" catalogs. Your environment will no longer auto-update the operators when new versions are released.
      3. If you have any subscriptions set to manual, then you need to approve any pending operator updates.
        If some of the many operator updates are not approved, it is not recommended to set subscriptions to manual, this makes the upgrade more error prone . By default all subscriptions are set to automatic.
  • Scenario 7:  Your installation is air gap and 22.0.1 GA or 22.0.1 + any interim fix
    Actions:  If you are using version 22.0.1 GA or 22.0.1 + any interim fix, then you must first upgrade existing Cloud Pak Foundational Services to version 3.21.0 before you install another production deployment with this interim fix.
    • Refer to the Cloud Pak Foundational Services upgrade section in the What's new in 22.0.1.  Make sure that you upgrade the Cloud Pak Foundational Services to 3.21.0 before you apply the catalog sources from Scenario 6.
      1. Log in to the cluster as an administrator by using the oc login command.
      2. Download the upgrade_common_services.sh script to your local machine.
      3. Run the script with the all namespaces flag and channel version to the command:
        • ./upgrade_common_services.sh -a -c v3.21
    • Follow the steps below on the bastion host where you previously deployed 22.0.1:
      1. Set up the environment variables for CASE. 
          • export CASE_NAME=ibm-cp-automation 
          • export OFFLINEDIR=/opt/cp4ba2201-if004
          • export CASE_VERSION=4.0.4
          • export CASE_INVENTORY_SETUP=cp4aOperatorSetup 
          • export CASE_ARCHIVE=${CASE_NAME}-${CASE_VERSION}.tgz 
          • export CASE_LOCAL_PATH=${OFFLINEDIR}/${CASE_ARCHIVE}

            Note: The values are specific to the interim fix, however, you can choose a different empty directory for the OFFLINEDIR if you need to put the files somewhere else.
        2. Save this specific set of case packages
          cloudctl case save --case docker://icr.io/cpopen/ibm-cp-automation-case-cache@sha256:d29f70dc677848b83fe0555462a000fd9c1e452a064bd0d66304990c60f591f9 --outputdir ${OFFLINEDIR}
          Once the command completes, all the Case archive and inventory are saved under /opt/cp4ba2201-if004.
        3. Mirror the entitled registry images to the local registry by completing the same steps used during installation. For more information about mirroring, see Mirroring images to the private registry.
          Make sure to use the CASE image OFFLINEDIR (/opt/cp4ba2201-if004 from step 1.
        4. Update the catalog with the new version by running the install-catalog action. 
          cloudctl case launch \
--case ${OFFLINEDIR}/${CASE_ARCHIVE} \
--inventory ${CASE_INVENTORY_SETUP} \
--action install-catalog \
--namespace ${NAMESPACE} \
--args "--registry ${LOCAL_REGISTRY} --inputDir ${OFFLINEDIR} --recursive"
        5. If you have any subscriptions set to manual, then you need to approve any pending operator updates.
          If some of the many operator updates are not approved, it is not recommended to set subscriptions to manual as it can make the upgrade more error prone. By default all subscriptions would be set to automatic.

Performing the necessary tasks after installation

  1. Update Kafka certificates when you are using Business Automation Insights
    If you are using Business Automation Insights and upgrading from an IBM Automation Foundation version before 1.3, the operator will fail to become ready after the upgrade, and kafka/zookeeper pods show SSL errors. To resolve the issue, follow the "To renew the leaf certificates for Kafka" instructions in Changes to CA certificate and key does not automatically rotate Kafka leaf certificates.
  2. Review the installation
    It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
    oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
    If you are interested in verifying the expected image digest for a particular image, then you can review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.
  3. Required when you are using Workflow Process Service OCP deployment
    If you used any individual image tag settings in your WfPSRuntime CR, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade.
  4. Required when you are using Workflow Process Service Docker Compose Edition
    1. Follow the step 2 of section "3. Running your environment" in Installing Workflow Process Service to log in to the entitled registry with your entitlement key.
    2. Back up your database backup, docker-compose.yml and folder for docker volumes “production_workflow_runtime_data” and “production_workflow_runtime_logs”.
    3. (Optional) Push the images to your docker registry. Log in to your docker registry, and push the docker images into your docker registry by using the following commands: 
      docker login <server>
docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-server:<tag> \
 <server>/workflow-ps-server:<tag>
docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-authoring:<tag> \
 <server>/workflow-ps-authoring:<tag>
docker push <server>/workflow-ps-server:<tag>
docker push <server>/workflow-ps-authoring:<tag>
      Where <server> is the host of the docker image registry that you want to use to pull the images. For example, myregistry.local:5000 or localhost:8080 for a self-hosted registry. Also, replace <tag> with the corresponding tag matching this interim fix's tag in the form of <release>-IFxxx, for example, 22.0.1-IF004.
    4. Run docker-compose down command to stop the Workflow Process Server container.
    5. Update the image url's tags in docker-compose.yml. 
      <server>/workflow-ps-server:<tag>
<server>/workflow-ps-authoring:<tag>
      Where <tag> is the corresponding tag matching this interim fix's tag in the form of <release>-IFxxx, for example, 22.0.1-IF004.
    6. Run docker-compose up command to start the Workflow Process Server container
    For more detail on Workflow Process Service, refer to Installing Workflow Process Service .
    Troubleshooting: If you are using a Docker Desktop version 4.3.0 or greater, you might get an out of memory error when you start the server. For more details and possible resolution to this issue, and other troubleshooting guidance, refer to Troubleshooting Workflow Process Service.
  5. Required when you are using Operational Decision Manager
    • You must update your Rule Designer:
      • Open Eclipse 
      • Open menu Help > Check for Updates
      • Select IBM Operational Decision Manager for Developers v8.11.x - Rule Designer
      • Proceed with installation.
  6. Required when using Workforce Insights
    • You must update the Update Workforce Insights configuration:
      •  Set the Workforce Insights pod count, the default value is 2
      • Set Intelligent Task Prioritization pod count, the default value is 2baml-config
      • For more details, see Configuring Workforce Insights

Uninstalling

There is no procedure to uninstall the interim fix.

List of Fixes

APARs fixed by this interim fix are listed in the following tables.
The columns are defined as follows: 
Column title Column description
APAR The defect number
Title A short description of the defect
Sec. A mark indicates a defect related to security
Cont. A mark indicates a defect specific to the Cloud Pak integration of the component
B.I. A mark indicates the fix has a business impact. Details are found in the title column or the APAR document
General
APAR Title Sec. Cont. B.I.
N/A
Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
 
This interim fix includes fixes for these libraries to address: 
CVE-2017-18640, CVE-2019-16866, CVE-2019-25033, CVE-2021-21290, CVE-2022-1941, CVE-2022-29210, CVE-2022-30698, CVE-2022-30699, CVE-2022-3204, CVE-2022-32190, CVE-2022-35938, CVE-2022-36087, CVE-2022-36109, CVE-2022-38177, CVE-2022-38178, RHSA-2022:6463
 
Previous interim fixes have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.

Back to top

Cloud Pak for Business Automation Operator
APAR Title Sec. Cont. B.I.
N/A N/A

Back to top

Automation Document Processing
Known Issue Title Sec. Cont. B.I.
DT148886 Extraction training fails X X
DT161051 Document uploads intermittently fail with client or service error X X

Back to top

Automation Decision Services
APAR Title Sec. Cont. B.I.
N/A N/A

Back to top

APAR Title Sec. Cont. B.I.
N/A N/A

Back to top

Business Automation Insights
APAR Title Sec. Cont. B.I.
N/A N/A

Back to top

Business Automation Navigator
Business Automation Studio
APAR Title Sec. Cont. B.I.
DT160106 PROVIDE A NEW APIS TO MIGRATE DATA FROM IBM BUSINESS AUTOMATION STUDIO DB TO SINGLE MERGED BUSINESS AUTOMATON WORKFLOW DB

Back to top

Business Automation Workflow including Automation Workstream Services
APAR Title Sec. Cont. B.I.
DT160695 SECURITY APAR - CVE-2022-34917 IN KAFKA-CLIENTS MAY AFFECT BAI EVENT EMITTERS X
DT145527 PROCESS WORK ITEM DOES NOT APPEAR IN AN IN-BASKET AFTER THE NEW ACTIVITY HAS BEEN UPDATED PRIOR TO COMMIT OR DEPLOYMENT
DT160624 YOU ARE UNABLE TO PREVIEW A CASE DOCUMENT WITH DAEJA VIEWER IN CLIENT-SIDE HUMAN SERVICE
DT168882 DOC - REST INTERFACE TOPIC SHOULDN'T REFER TO IBM BUSINESS MONITOR
JR65102 YOU CAN'T UPLOAD A DOCUMENT OF TYPE IBM_BPM_DOCUMENT WHEN USER_NAME_ATTRIBUTE IN CP4BA IS CONFIGURED WITH EMAILADDRESS OR UID

Back to top

Enterprise Records
APAR Title Sec. Cont. B.I.
N/A
N/A

Back to top

FileNet Content Manager
Operational Decision Management
APAR Title Sec. Cont. B.I.
DT160480 DE PERFORMANCE ISSUE DUE TO BAL INCORRECTLY GENERATING UPDATE STATEMENTS

Back to top

User Management Service
APAR Title Sec. Cont. B.I.
N/A N/A

Back to top

Workflow Process Service
APAR Title Sec. Cont. B.I.
DT160695 SECURITY APAR - CVE-2022-34917 IN KAFKA-CLIENTS MAY AFFECT BAI EVENT EMITTERS X

Back to top

Known Limitations

Document change history

  • 27 October 2022: Initial publish.

    • [{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"Other-\u003ECloudPak4Automation Platform"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"22.0.1"}]

    Document Information

    Modified date:
    22 November 2022

    UID

    ibm16827605

    Page Feedback