IBM Support

Readme for Cloud Pak for Business Automation 22.0.2 IF004

Fix Readme


Abstract

The following document is for IBM Cloud Pak for Business Automation 22.0.2 IF004. It includes the CASE package download, installation information, and the list of APARs/Known Issues that are resolved in this interim fix.

Content

Readme file for: IBM Cloud Pak® for Business Automation
Product Release: 22.0.2
Update Name: 22.0.2 IF004
Fix ID: 22.0.2-WS-CP4BA-IF004
Publication Date: 26 April 2023

Before installation
  1. Ensure you take regular backups of any databases associated with the environment.
  2. Ensure your operators are in a healthy state, before upgrading.
    If one or more operators are failing, then it can prevent the system from completing an upgrade.
    It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist: 
    oc get icp4acluster -o yaml
oc get content -o yaml
oc get AutomationUIConfig -o yaml 
oc get Cartridge -o yaml 
oc get AutomationBase -o yaml 
oc get CartridgeRequirements -o yaml
  3. Required when you are using Business Automation Insights
    If Business Automation Insights is deployed, prune the Business Automation Insights deployment, and jobs,  before you apply the updated custom resource YAML file.
    $ oc delete Deployment,Job -l \
> 'app.kubernetes.io/name=ibm-business-automation-insights'
    Tip: For Flink event processing to resume from its previous state, make sure that savepoints are created before the upgrade and specified in the updated CR. For more information see Restarting from a checkpoint or savepoint.
  4. Cloud Pak Foundational Services (CPFS) Channel upgrade
    If your CPFS subscriptions associated with the Cloud Pak are not at the expected channel for this iFix, then you must upgrade that first. For more details on cluster-scoped and namespace-scoped CPFS instances, see System requirements.
    1. Log in to the cluster as an administrator by using the oc login command.
    2. Download the upgrade_common_services.sh script to your local machine.
    3. Execute the upgrade_common_services script to change the related subscriptions to the needed channel.
      • If you want to upgrade all CPFS instances in the cluster then execute this command where -c v3.23 provides the needed channel: 
        ./upgrade_common_services.sh -a -c v3.23
        Note: If you are using cluster-scoped CPFS, then you must upgrade all CPFS instances. This can impact other Cloud Pak installations in the cluster and you should ensure they support the same version.
      • If you want to only upgrade specific namespace-scoped CPFS instances, then you will need to make use of the various command arguments to meet your needs.
        • Use -cloudpaksNS to list all Cloud Pak namespaces you want to upgrade.
          Note: If multiple Cloud Pak instances are sharing a CPFS instance, they all must be upgraded at the same time.
        • Use -controlNS to specific the location of the control namespace.
          Note: The control namespace version needs to be equal to the highest version of CPFS in the cluster.
        • Use -csNS to list all CPFS namespaces you want to upgrade.
          Note: This list can overlap with the cloudpak list.
        For example, if you want to upgrade a namespace-scoped CPFS instance with the Cloud Pak and CPFS sharing the cp4ba namespace and the control namespace set to cp4ba-c to version v3.23, run the following command: 
        ./upgrade_common_services.sh -cloudpaksNS cp4ba -csNS cp4ba -controlNS cp4ba-c -c v3.23

Installing the interim fix

This interim fix contains the following version of Cloud Pak for Business Automation,  IBM Automation Foundation (IAF), and Cloud Pak Foundational Services (CPFS):
  • Cloud Pak for Business Automation – 22.0.2-IF004
  • IBM Automation Foundation – 1.3.13
  • Cloud Pak Foundational Services – 3.23.2
Note:  This interim fix only supports the Automation Foundation and Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Cloud Pak for Business Automation using the catalog sources in this readme document (the same catalog sources are also in the referenced CASE package).  If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Automation Foundation  and Cloud Pak Foundational Services versions, listed above, with other Cloud Paks' specifications.
Important interim fix details:
  • Case Package: ibm-cp-automation-4.1.4.tgz
  • Case Package mirror file (IBM-Pak steps): cp4ba-case-to-be-mirrored-22.0.2-IF004.txt
  • Case Save command (cloudctl steps): 
    cloudctl case save --case docker://icr.io/cpopen/ibm-cp-automation-case-cache@sha256:bcad2f61e569c903d2cd4d25a2f292acc8fc95342b79b55b0d47271c1968a5bb --outputdir ${OFFLINEDIR}
  • Cloud Pak Foundational Services channel: v3.23
The CASE package content is used to help facilitate installation and upgrade operation. See the various instructions for more specific details.
Cloud Pak for Business Automation 22.0.2 interim fixes are released to the v22.2 operator channel. Once the operators are upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
Depending on the current setup and state of your existing environment, there are various upgrade actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.
  • Scenario 1: You are using a Starter deployment
    Actions: Starter deployments do not support upgrades. Although you can use this interim fix content to perform a Starter deployment.  To deploy a Starter deployment using the content of this interim fix, please see install a new Starter environment and use the CASE package from this interim fix.
    Note: If you have existing Cloud Pak Foundational Services instances in the cluster then you should review the channel upgrade info in Before Installation.
  • Scenario 2: You are installing a Production deployment
    Actions: You can use this interim fix content to perform a Production deployment.  To deploy a Production deployment using the content of this interim fix, please see install a new Production environment and use the CASE package from this interim fix.
    Note: If you have existing Cloud Pak Foundational Services instances in the cluster then you should review the channel upgrade info in Before Installation.
  • Scenario 3: Your installed version is prior to 22.0.2.
    Actions: Follow the upgrade instructions while using the case package details from this iFix.
    Warning: If you are using Business Automation Applications, you must upgrade from 22.0.1-IF006 due to DT174377. Upgrading from an earlier release could result in corrupted business applications.  
    Important: When upgrading Cloud Pak Foundational Services, be sure to upgrade to the needed channel for the iFix as documented in the upgrade instructions.
    Note: If you are upgrading from a version prior to 22.0.1, then you will need to perform incremental upgrades from each prior version.
  • Scenario 4:  You already have a Production deployment installed 22.0.2 GA or 22.0.2 + any interim fix and now you want to install another Production deployment using this interim fix on the same Openshift cluster.
    Actions: 
    Perform the following steps and then the upgrade of operators and deployments will start.
    Note: If your Cloud Pak Foundational Services instance is at an earlier release review the channel upgrade info in Before Installation.
    1. Apply the catalog sources to pin to the specified versions for IBM Automation Foundation, Cloud Pak Foundational Services and Cloud Pak for Business Automation. ( Note: Make sure to follow the steps to update Cloud Pak Foundational Services in Before Installation.)
      If you download and unzip the case package mentioned above, the needed catalogSource yaml file is located here: 
      ibm-cp-automation\inventory\cp4aOperatorSdk\files\deploy\crs\cert-k8s-22.0.2\cert-kubernetes\descriptors\op-olm\catalog_source.yaml
      Execute oc apply -f catalog_source.yaml or you can apply the catalog sources using the OCP console.
      Note: You can apply only one catalog source at a time using the OCP console.

      Alternatively you can create the catalog_source.yaml file with the following text.   
      # CP4BA 22.0.2 IF004 catalog
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-cp4a-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: ibm-cp4a-operator
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:10b492aa0a18bc73f7c3a54b5609204b3f50cbb0e3e445117e0f7941eaf9d4db
  updateStrategy:
    registryPoll:
      interval: 45m
---
# IBM Automation Foundation Base 1.3.13
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-cp-automation-foundation-catalog
  namespace: openshift-marketplace
spec:
  displayName: IBM Automation Foundation Operators
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-cp-automation-foundation-catalog@sha256:1753b1cabf6cdc6d295d8da096ce3f769b6487fdbef5802de63dccbfa7d9a43b
  updateStrategy:
    registryPoll:
      interval: 45m
---
# IBM Automation Foundation Core 1.3.13
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: ibm-automation-foundation-core-catalog
  namespace: openshift-marketplace
spec:
  displayName: IBM Automation Foundation Core Operators
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-automation-foundation-core-catalog@sha256:8bd0b52526de4a2adf6b299237f3d295a710e7d0ff538a319226c614ceae618b
  updateStrategy:
    registryPoll:
      interval: 45m
---
# IBM Cloud Foundational Services 3.23.2
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  annotations:
    bedrock_catalogsource_priority: '1'
  name: opencloud-operators
  namespace: openshift-marketplace
spec:
  displayName: IBMCS Operators
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-common-service-catalog@sha256:6b32fdacd80de2e4a38536557316a2346a0117d810127fc6b19cd72fe6c20bb9
  updateStrategy:
    registryPoll:
      interval: 45m
  priority: 100
---
# IBM Business Teams Service version 3.25.0
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  annotations:
    bedrock_catalogsource_priority: '1'
  name: bts-operator
  namespace: openshift-marketplace
spec:
  displayName: BTS Operator
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-bts-operator-catalog@sha256:569331b67df832ab15735550b542ddb1f8391a7bace2ad110d770d833900bd01
  updateStrategy:
    registryPoll:
      interval: 45m
---
# Cloud Native PostgresSQL 4.11.0
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  annotations:
    bedrock_catalogsource_priority: '1'
  name: cloud-native-postgresql-catalog
  namespace: openshift-marketplace
spec:
  displayName: Cloud Native Postgresql Catalog
  publisher: IBM
  sourceType: grpc
  image: icr.io/cpopen/ibm-cpd-cloud-native-postgresql-operator-catalog@sha256:642aba4b78bcadd8f1d5e1f9d05d8484e2934d914a5b6d67435f3e98082d7592
  updateStrategy:
    registryPoll:
      interval: 45m
  priority: 100
    2. If you have any subscriptions set to manual, then you need to approve any pending InstallPlans.
      Note:  It is not recommended to set subscriptions to manual, this makes the upgrade more error prone.  By default all subscriptions are set to automatic.
    3. Follow the steps to perform validation of your Production deployment
  • Scenario 5:  Your installation is 22.0.2 GA or 22.0.2 + any interim fix and using IBM-Pak Plugin airgap instructions
    Actions: 
    Perform the following steps and then the upgrade of operators and deployments will start.
    Note: If your Cloud Pak Foundational Services instance is at an earlier release review the channel upgrade info in Before Installation.
    1. Get the case package mirror file, cp4ba-case-to-be-mirrored-22.0.2-IF004.txt, for interim fix and you must rename the file to cp4ba-case-to-be-mirrored-22.0.2-IF004.yaml. Then execute this command to download the case files: 
      oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-22.0.2-IF004.yaml
      The (absolute path to file) needs to be a path starting from "/". For example, "/opt"
      For more information, see Downloading the CASE files.
    2. Follow the instructions for either mirroring option in Mirroring images to the private registry.
      Important: You must set export CASE_VERSION=4.1.4 that is the version for this iFix.
    3. Update the catalog with the new version by running the install-catalog action. 
      oc ibm-pak launch $CASE_NAME \
--version $CASE_VERSION \
--action install-catalog \
--inventory $CASE_INVENTORY_SETUP \
--namespace $NAMESPACE \
--args  "--registry $TARGET_REGISTRY --recursive --inputDir ~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION"
    4. If you have any subscriptions set to manual, then you need to approve any pending InstallPlans.
      Note: It is not recommended to set subscriptions to manual, this makes the upgrade more error prone . By default all subscriptions are set to automatic.
    5. Follow the steps to perform validation of your Production deployment
  • Scenario 6:  Your installation is 22.0.2 GA or 22.0.2 + any interim fix and using cloudctl(deprecated) airgap instructions
    Actions: 
    Perform the following steps and then the upgrade of operators and deployments will start.
    Note: If your Cloud Pak Foundational Services instance is at an earlier release review the channel upgrade info in Before Installation.
    1. Set up the environment variables for CASE 
      export CASE_NAME=ibm-cp-automation 
export OFFLINEDIR=/opt/cp4ba2202-if004
export CASE_VERSION=4.1.4
export CASE_INVENTORY_SETUP=cp4aOperatorSetup 
export CASE_ARCHIVE=${CASE_NAME}-${CASE_VERSION}.tgz 
export CASE_LOCAL_PATH=${OFFLINEDIR}/${CASE_ARCHIVE}
      Note: The values are specific to the interim fix, however, you can choose a different empty directory for the OFFLINEDIR if you need to put the files somewhere else.
    2. Save this specific set of case packages 
      cloudctl case save --case docker://icr.io/cpopen/ibm-cp-automation-case-cache@sha256:bcad2f61e569c903d2cd4d25a2f292acc8fc95342b79b55b0d47271c1968a5bb --outputdir ${OFFLINEDIR}
      Once the command completes, all the Case archive and inventory are saved under OFFLINEDIR.
    3. Mirror the entitled registry images to the local registry by completing the same steps used during installation. For more information about mirroring, see Mirroring images to the private registry.
      Make sure to use the CASE image OFFLINEDIR (/opt/cp4ba2202-if004) from step 1.
    4. Update the catalog with the new version by running the install-catalog action. 
      cloudctl case launch \
--case ${OFFLINEDIR}/${CASE_ARCHIVE} \
--inventory ${CASE_INVENTORY_SETUP} \
--action install-catalog \
--namespace ${NAMESPACE} \
--args "--registry ${LOCAL_REGISTRY} --inputDir ${OFFLINEDIR} --recursive"
    5. If you have any subscriptions set to manual, then you need to approve any pending InstallPlans.
      Note: It is not recommended to set subscriptions to manual, this makes the upgrade more error prone . By default all subscriptions are set to automatic.
    6. Follow the steps to perform validation of your Production deployment

Performing the necessary tasks after installation

  1. Remove any image settings in CRs
    If you used any individual image tag settings in your CRs, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. This doesn't apply to starter installation as it requires a new install.
  2. Review the installation
    It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
    oc get icp4acluster -o yaml > CP4BAconfig.yaml
oc logs deployment/ibm-cp4a-operator -c operator > operator.log
    If you are interested in verifying the expected image digest for a particular image, then you can review the ibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level.
  3. Required when you are using Workflow Process Service Docker Compose Edition
    1. Follow the step 2 of section "3. Running your environment" in Installing Workflow Process Service to log in to the entitled registry with your entitlement key.
    2. Back up your database backup, docker-compose.yml and folder for docker volumes “production_workflow_runtime_data” and “production_workflow_runtime_logs”.
    3. (Optional) Push the images to your docker registry. Log in to your docker registry, and push the docker images into your docker registry by using the following commands: 
      docker login <server>
docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-server:<tag> \
 <server>/workflow-ps-server:<tag>
docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-authoring:<tag> \
 <server>/workflow-ps-authoring:<tag>
docker push <server>/workflow-ps-server:<tag>
docker push <server>/workflow-ps-authoring:<tag>
      Where <server> is the host of the docker image registry that you want to use to pull the images. For example, myregistry.local:5000 or localhost:8080 for a self-hosted registry. Also, replace <tag> with the corresponding tag matching this interim fix's tag in the form of <release>-IFxxx, for example, 22.0.2-IF001.
    4. Run docker-compose down command to stop the Workflow Process Server container.
    5. Update the image url's tags in docker-compose.yml. 
      <server>/workflow-ps-server:<tag>
<server>/workflow-ps-authoring:<tag>
      Where <tag> is the corresponding tag matching this interim fix's tag in the form of <release>-IFxxx, for example, 22.0.2-IF001.
    6. Run docker-compose up command to start the Workflow Process Server container
    For more detail on Workflow Process Service, refer to Installing Workflow Process Service .
    Troubleshooting: If you are using a Docker Desktop version 4.3.0 or greater, you might get an out of memory error when you start the server. For more details and possible resolution to this issue, and other troubleshooting guidance, refer to Troubleshooting Workflow Process Service.
  4. Required when you are using Operational Decision Manager
    You must update your Rule Designer:
    • Open Eclipse 
    • Open menu Help > Check for Updates
    • Select IBM Operational Decision Manager for Developers v8.11.x - Rule Designer
    • Proceed with installation.

Uninstalling

There is no procedure to uninstall the interim fix.

List of Fixes

APARs/Known Issues fixed by this interim fix are listed in the following tables.
The columns are defined as follows: 
Column title Column description
APAR/Known Issue The defect number
Title A short description of the defect
Sec. A mark indicates a defect related to security
Cont. A mark indicates a defect specific to the Cloud Pak integration of the component
B.I. A mark indicates the fix has a business impact. Details are found in the title column or the APAR/Known Issue document
General
Known Issue Title Sec. Cont. B.I.
N/A
Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
 
This interim fix includes fixes for these libraries to address: 
CVE-2022-25881, CVE-2023-25661, CVE-2023-25690, CVE-2023-0767, CVE-2023-0842, CVE-2023-27898, RHSA-2023:1569, RHSA-2023:1405, CVE-2023-27898, CVE-2023-27900, CVE-2023-27901, CVE-2023-27899, CVE-2023-27904, CVE-2023-27903, CVE-2023-27902, CVE-2022-4378, CVE-2023-0266, CVE-2023-0386, CVE-2022-4269, CVE-2023-0842, RHSA-2023:1140
Previous interim fixes have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.

Back to top

Cloud Pak for Business Automation Operator
Known Issue Title Sec. Cont. B.I.
N/A N/A

Back to top

Automation Document Processing
Known Issue Title Sec. Cont. B.I.
DT204134 Cannot upload TIF files in Content Designer X X
DT211432 Unable to import large projects X X
DT212161 Zooming in on viewer zooms entire screen on the Extraction Teach Model screen X X

Back to top

Automation Decision Services
Known Issue Title Sec. Cont. B.I.
N/A N/A

Back to top

Known Issue Title Sec. Cont. B.I.
N/A N/A

Back to top

Business Automation Insights
Known Issue Title Sec. Cont. B.I.
N/A N/A

Back to top

Business Automation Navigator
Business Automation Studio
Known Issue Title Sec. Cont. B.I.
JR64624 YOU GET BPMCSRFTOKEN ERROR WHEN YOU TRY TO DELETE ASSETS IN THE PROJECT CONVERSION TAB IN THE PROCESS DESIGNER
DT197974 SECURITY VULNERABILITY IN COMMONS-FILEUPLOAD AFFECTS IBM BUSINESS AUTOMATION WORKFLOW AND CLOUD PAK FOR BUSINESS AUTOMATION
DT208487 SEARCHING FOR USERS IN BAW FAILS WHEN IAM IS CONFIGURED WITHOUT LDAP (OKTA, AZURE AD)

Back to top

Business Automation Workflow including Automation Workstream Services
Known Issue Title Sec. Cont. B.I.
DT197974 SECURITY VULNERABILITY IN COMMONS-FILEUPLOAD AFFECTS IBM BUSINESS AUTOMATION WORKFLOW AND CLOUD PAK FOR BUSINESS AUTOMATION X
DT208579  SECURITY - CVE-2022-1471 - CASE HISTORY EMITTER IS AFFECTED BY SNAKEYAML VULNERABILITY X
DT208782 SECURITY APAR - CVE-2022-1471 REPORTED FOR SNAKEYAML IN BPMEVENTEMITTER X
DT209212 SECURITY APAR - CVE-2023-20861 IN BPM/LOMBARDI/LIB/SPRING-EXPRESSIONS.JAR X
DT208139 IBM Process Federation Server indexers not reprocessing tasks and instances updates after a communication exception with Elasticsearch
DT209774 NO TIMEZONE SETTING CAN BE CONFIGURED FOR THE PROCESS FEDERATION SERVER PODS AND THE ELASTICSEARCH-STATEFULSET PODS.
DT208487 SEARCHING FOR USERS IN BAW FAILS WHEN IAM IS CONFIGURED WITHOUT LDAP (OKTA, AZURE AD)
DT209447 BUTTONS IN CASE FOLDER TREE VIEW DOESN'T WORK CORRECTLY WHEN MORE THAN ONE CASE FOLDER TREE VIEW IN THE SAME CLIENT-SIDE HUMAN SERVICE

Back to top

Enterprise Records
Known Issue Title Sec. Cont. B.I.
N/A
N/A

Back to top

FileNet Content Manager
Operational Decision Management
Known Issue Title Sec. Cont. B.I.
DT197770 TEST REPORTS CREATED IN 8.9 ARE NO LONGER DISPLAYED AFTER MIGRATING TO 8.10
DT197802 ODM DC TIMEOUTS WHEN DELETING SOME BASELINES OR RELEASES ON LARGE DC REPOSITORIES
DT197938 DESCRIPTION LOST AFTER MOVING ARTIFACT TO ANOTHER FOLDER
DT202899 RULE DEFINITION BECOMING EMPTY IN DECISION CENTER
DT209334 RULE DESIGNER GENERATES RULESETS FOR ALL RULE PACKAGES, INCLUDING EMPTY RULE PACKAGES GREATLY IMPACTING ENGINE PERFORMANCE
DT209400 WITHOUT EXTRACTOR, RULESET DOES NOT INCLUDE INACTIVE RULES
RS03882 DECISION MODEL: COPY PASTE IN DECISION TABLE LEADS TO ADDITIONAL ROWS BEING CREATED

Back to top

User Management Service
Known Issue Title Sec. Cont. B.I.
N/A N/A

Back to top

Workflow Process Service
Known Issue Title Sec. Cont. B.I.
DT208782 SECURITY APAR - CVE-2022-1471 REPORTED FOR SNAKEYAML IN BPMEVENTEMITTER X
DT209212 SECURITY APAR - CVE-2023-20861 IN BPM/LOMBARDI/LIB/SPRING-EXPRESSIONS.JAR X
DT208487 SEARCHING FOR USERS IN BAW FAILS WHEN IAM IS CONFIGURED WITHOUT LDAP (OKTA, AZURE AD)
DT211275 IBM Workflow Process Service cannot be federated if IBM Process Federation Server uses an external Elasticsearch

Back to top

Known Limitations

Document change history

  • 26 April 2023: Initial publish.

    • [{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"ARM Category":[{"code":"a8m0z0000001gWWAAY","label":"Other-\u003ECloudPak4Automation Platform"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"22.0.2"}]

    Document Information

    Modified date:
    07 November 2023

    UID

    ibm16984191

    Page Feedback