Fix Readme
Abstract
The following document is for IBM Cloud Pak for Business Automation 21.0.3 IF007. It includes the CASE package download, installation information, and the list of APARs that are resolved in this interim fix.
Content
Readme file for: | IBM Cloud Pak® for Business Automation |
---|---|
Product Release: | 21.0.3 |
Update Name: | 21.0.3 IF007 |
Fix ID: | 21.0.3-WS-CP4BA-IF007 |
Publication Date: | 31 March 2022 |
Last modified date: | 28 April 2022 |
Contents
Components impacted
Before installation
Installing the interim fix
Performing the necessary tasks after installation
Uninstalling
List of fixes
Known Limitations
Document change history
Prerequisites and supersedes
- Supersedes all prior interim fixes for CP4BA 21.0.3.
Components impacted
- General
- Cloud Pak for Business Automation Operator
- Automation Document Processing
- Automation Decision Services
- Business Automation Application
- Business Automation Insights
- Business Automation Navigator
- Business Automation Studio
- Business Automation Workflow including Automation Workstream Services
- Enterprise Records
- FileNet Content Manager
- Operational Decision Management
- User Management Service
- Workflow Process Service
Before installation
- Ensure you take regular backups of any databases associated with the environment.
- Ensure your operators are in a healthy state before upgrading.
If one or more operators are failing, then it can prevent the system from completing an upgrade.
It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:oc get icp4acluster -o yaml oc get AutomationUIConfig -o yaml oc get Cartridge -o yaml oc get AutomationBase -o yaml oc get CartridgeRequirements -o yaml
- Required when you are using Business Automation Insights
If Business Automation Insights is deployed, prune the Business Automation Insights deployment and jobs before you apply the updated custom resource YAML file.
$ oc delete Deployment,Job -l \ > 'app.kubernetes.io/name=ibm-business-automation-insights'
Tip: For Flink event processing to resume from its previous state, make sure that savepoints are created before the upgrade and specified in the updated CR. For more information see, Restarting from a checkpoint or savepoint
Installing the interim fix
- CP4BA – 21.0.3-IF007
- IAF Core – 1.3.5
- IAF Base – 1.3.5
- IBM Foundational Services (IBM Common Services) – 3.16.3
-
Scenario 1: You are using a starter installation.Actions: Starter environments do not support upgrades. Although you can use the interim fix content, install a new starter environment and use the CASE package from this interim fix.
- Scenario 2: Your installation is version 21.0.2.x or earlier.
Actions: If you are using a version before 21.0.3, then you must upgrade first. To upgrade your environment, follow the Upgrading automation containers instructions.- If attempting to upgrade using script ONLY (upgradeOperator.sh) from 21.0.2.x > 21.0.3.7 (and subsequent IFixes after), its a MUST to upgrade to 21.0.3 GA before moving on to IF007 (or any future iFixes). This is due to the change using the pinned operator catalog. It is NOT an issue if you use the Operator Hub UI and upgrade the channel
- When you perform the upgrade, you can substitute the CASE package from this interim fix for the 21.0.3 CASE package while you follow the instructions. For air gap, you can use the case save command in step 1 of scenario 4.
Note: If you are using versions prior to 21.0.2 then you must incrementally upgrade and follow the instructions for each version between your source version and 21.0.3
- Scenario 3: Your installation is online and 21.0.3.x
Actions: Once these steps are completed, the operators will be upgraded based on the versions from the catalog sources.- Apply the catalog sources to pin the above mentioned versions for IBM Automation Foundation , IBM Foundational Services with Cloudpak for Business Automation.
Before applying the catalog sources make sure installed operators are up to date under ibm-common-services, CP4BA namespace and the installPlan set to automatic. - You can apply the catalog sources below from a command line by creating a YAML file (e.g., cp4ba_catalog_sources.yaml) with the catalog sources below and performing "oc apply -f cp4ba_catalog_sources.yaml" or you can apply the catalog sources via the OCP console
Note: you can only apply one catalog source at a time via the OCP console.
Note: The DB2, IBM Business Team Service, and Postgres catalog sources are dependent components of CP4BA.# CP4BA 21.0.3 IF007 catalog apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-cp4a-operator-catalog namespace: openshift-marketplace spec: displayName: ibm-cp4a-operator publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:2deeaa0c2fa161a5c895b8394c9761e8ff0ad00ad26af28dacba859551e0c84e updateStrategy: registryPoll: interval: 45m --- # IBM Automation Foundation Base 1.3.5 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-cp-automation-foundation-catalog namespace: openshift-marketplace spec: displayName: IBM Automation Foundation Operators publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-cp-automation-foundation-catalog@sha256:65abac89b909cc2b045944263de0ccd41bee7521f7958b0ef82ff725ca710cdc updateStrategy: registryPoll: interval: 45m --- # IBM Automation Foundation Core 1.3.5 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-automation-foundation-core-catalog namespace: openshift-marketplace spec: displayName: IBM Automation Foundation Core Operators publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-automation-foundation-core-catalog@sha256:15e3e6e834edd33d9b6ce8f8a98839c5b92a4d110087cb843108c96c578e9b1f updateStrategy: registryPoll: interval: 45m --- # IBM Cloud Foundational Services 3.16.3 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: annotations: bedrock_catalogsource_priority: '1' name: opencloud-operators namespace: openshift-marketplace spec: displayName: IBMCS Operators publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-common-service-catalog@sha256:b2f1eb67e1f42c80cf9c22e4faadbcb3b0fbc3c54d181cc68e5812e6e432e72f updateStrategy: registryPoll: interval: 45m --- # IBM DB2 Operator Catalog 4.0.9 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: annotations: bedrock_catalogsource_priority: '1' name: ibm-db2uoperator-catalog namespace: openshift-marketplace spec: sourceType: grpc image: icr.io/cpopen/ibm-db2uoperator-catalog@sha256:99f725098b801474ff77e880ca235023452116e4b005e49de613496a1917f719 displayName: IBM Db2U Catalog publisher: IBM updateStrategy: registryPoll: interval: 45m --- # IBM Business Teams Service version 3.16.1 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: annotations: bedrock_catalogsource_priority: '1' name: bts-operator namespace: openshift-marketplace spec: displayName: BTS Operator publisher: IBM sourceType: grpc image: quay.io/opencloudio/ibm-bts-operator-catalog@sha256:4e2390d2acc704033d2f09885d5df05ce4a60e936c49f0ef6e9ccd481e8440c4 updateStrategy: registryPoll: interval: 45m --- # Cloud Native PostgresSQL 4.0.7 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: annotations: bedrock_catalogsource_priority: '1' name: cloud-native-postgresql-catalog namespace: openshift-marketplace spec: displayName: Cloud Native Postgresql Catalog publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-cpd-cloud-native-postgresql-operator-catalog@sha256:9ebba325a897fa1604e65a47cb12cf172ed59db3a872cc37b1a01e04d29e5ece updateStrategy: registryPoll: interval: 45m
-
Update the existing subscriptions of CP4BA, IAF, and Common Services to change from IBM Operator Catalog to the individual catalogs applied above.
- Find the update_subscription.sh script from the extracted CASE package under "../ibm-cp-automation/inventory/cp4aOperatorSdk/files/deploy/crs/cert-kubernetes/scripts"
- Login to your OCP cluster as a cluster administrator
- Execute the update_subscription.sh -n <your cp4ba namespace>
Note: At this point the environment will be updated to use the new "pinned" catalogs. Your environment will no longer auto-update the operators when new versions are released.
- If you have any subscriptions set to manual, then you will need to approve any pending operator updates.
It is not recommended to set subscriptions to manual as it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions would be set to automatic.
- Apply the catalog sources to pin the above mentioned versions for IBM Automation Foundation , IBM Foundational Services with Cloudpak for Business Automation.
- Scenario 4: If you are not using "pinned" catalog and your installation is version 21.0.3-IFxxxx (where xxxx is the latest iFix of 21.0.3). Your 21.0.3 installation has the latest iFix or this iFix because you are using the IBM Operator Catalog. Now you want to upgrade the installation to 22.0.1 and want to switch to use "pinned" catalogs.
-
Update the existing subscriptions of CP4BA, IAF, and Common Services to change from IBM Operator Catalog to the individual catalogs applied above.
- Find the update_subscription.sh script from the extracted CASE package under "../ibm-cp-automation/inventory/cp4aOperatorSdk/files/deploy/crs/cert-kubernetes/scripts"
- Login to your OCP cluster as a cluster administrator
- Execute the update_subscription.sh -n <your cp4ba namespace>
Note: At this point the environment will be updated to use the new "pinned" catalogs. Your environment will no longer auto-update the operators when new versions are released.
- If you have any subscriptions set to manual, then you will need to approve any pending operator updates.
It is not recommended to set subscriptions to manual as it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions would be set to automatic. - Once the subscriptions are updated and operators restarted follow the steps from Upgrading operators that are pinned.
-
Scenario 5: Your installation is air gap and 21.0.3.x
Actions:-
Save this specific set of case packages
cloudctl case save --case docker://icr.io/cpopen/ibm-cp-automation-case-cache@sha256:5e62a20a5a75bf74c2a63f23283fd95d99f8bfdbff8cbe33ab50f968e7ba8fb8 --outputdir /tmp/cp4ba-if007
- Once the above command completed all the Case archive and inventory are saved under -> /tmp/cp4ba-if007
- Setup the environment variables for CASE.
- export CASE_NAME=ibm-cp-automation
- export OFFLINEDIR=/tmp/cp4ba-if007
- export CASE_VERSION=3.2.7
- export CASE_INVENTORY_SETUP=cp4aOperatorSetup
- export CASE_ARCHIVE=${CASE_NAME}-${CASE_VERSION}.tgz
- export CASE_LOCAL_PATH=${OFFLINEDIR}/${CASE_ARCHIVE}
-
Mirror images to trigger the operator upgrades.
Mirror the entitled registry images to the local registry by completing the same steps used during install. For more information about this, see Mirroring images to the private registry.
Make sure to use the CASE image outputdir (/tmp/cp4ba-if007) from step 1. -
If you have any subscriptions set to manual, then you will need to approve any pending operator updates.It is not recommended to set subscriptions to manual as it can make the the upgrade more error prone if some of the many operator updates are not approved. By default all subscriptions would be set to automatic.
-
Performing the necessary tasks after installation
- Update Kafka certificates when you are using Business Automation Insights
If you are using Business Automation Insights and upgrading from an IBM Automation Foundation version before 1.3, the operator will fail to become ready after the upgrade and kafka/zookeeper pods show SSL errors. To resolve the issue, follow the "To renew the leaf certificates for Kafka" instructions in Changes to CA certificate and key does not automatically rotate Kafka leaf certificates. - Review the installation
It is recommended that you review the CR yaml status section and operator logs after the upgrade to ensure there are no failures preventing your pods from upgrading.
oc get icp4acluster -o yaml > CP4BAconfig.yaml oc logs deployment/ibm-cp4a-operator -c operator > operator.log
If you are interested in verifying the expected image digest for a particular image, then you can review theibm-cp-automation\inventory\cp4aOperatorSdk\resources.yaml
file in the CASE package. This file has a listing of the images managed by the CP4BA operator and their expected digest for this particular interim fix level. - Required when you are using Workflow Process Service OCP deployment
If you used any individual image tag settings in your WfPSRuntime CR, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. - Required when you are using Workflow Process Service Docker Compose Edition
- Follow the step 2 of section "3. Running your environment" in Installing Workflow Process Service to log in to the entitled registry with your entitlement key.
- Back up your database backup, docker-compose.yml and folder for docker volumes “production_workflow_runtime_data” and “production_workflow_runtime_logs”.
- (Optional) Push the images to your docker registry. Log in to your docker registry, and push the docker images into your docker registry by using the following commands:
docker login <server> docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-server:<tag> \ <server>/workflow-ps-server:<tag> docker tag cp.icr.io/cp/cp4a/workflow-ps/workflow-ps-authoring:<tag> \ <server>/workflow-ps-authoring:<tag> docker push <server>/workflow-ps-server:<tag> docker push <server>/workflow-ps-authoring:<tag>
- Run
docker-compose down
command to stop the Workflow Process Server container. - Update the image url's tags in docker-compose.yml.
<server>/workflow-ps-server:<tag> <server>/workflow-ps-authoring:<tag>
Where <tag> is the corresponding tag matching this interim fix's tag in the form of <release>-IFxxx, for example, 21.0.3-IF007. - Run
docker-compose up
command to start the Workflow Process Server container
For more detail on Workflow Process Service refer to Installing Workflow Process Service .Troubleshooting: If you are using a Docker Desktop version 4.3.0 or greater, you might get an out of memory error when you start the server. For more details and possible resolution to this issue, and other troubleshooting guidance, refer to Troubleshooting Workflow Process Service on Podman or Troubleshooting Workflow Process Service on Docker. - Required when you are using Operational Decision Manager
You must update your Rule Designer:
- Open Eclipse
- Open menu Help > Check for Updates
- select IBM Operational Decision Manager for Developers v8.11.x - Rule Designer
- Proceed with installation.
Uninstalling
List of Fixes
Column title | Column description |
APAR | The defect number |
Title | A short description of the defect |
Sec. | A mark indicates a defect related to security |
Cont. | A mark indicates a defect specific to the Cloud Pak integration of the component |
B.I. | A mark indicates the fix has a business impact. Details are found in the title column or the APAR document |
- General
- Cloud Pak for Business Automation Operator
- Automation Document Processing
- Automation Decision Services
- Business Automation Application
- Business Automation Insights
- Business Automation Navigator
- Business Automation Studio
- Business Automation Workflow including Automation Workstream Services
- Enterprise Records
- FileNet Content Manager
- Operational Decision Management
- User Management Service
- Workflow Process Service
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A |
Cloud Pak for Business Automation delivers container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly.
This interim fix includes fixes for these libraries to address:
CVE-2021-41092,CVE-2021-4104,CVE-2022-23302,CVE-2022-23305,CVE-2022-25173,CVE-2022-25176,CVE-2022-25180,PRISMA-2021-0041,CVE-2020-29562,CVE-2021-34798,CVE-2021-39275,CVE-2021-22924,CVE-2021-22946,CVE-2021-22947,CVE-2020-11080,CVE-2017-7189,CVE-2017-7272,CVE-2021-21707,CVE-2019-13115,CVE-2019-17498,CVE-2016-1585,CVE-2021-43519,CVE-2021-44790,CVE-2019-20454,CVE-2021-22898,CVE-2019-17571,CVE-2022-23307,CVE-2020-26160,CVE-2020-1953,CVE-2021-42392,CVE-2022-0538,CVE-2021-27568,CVE-2021-43859
Previous interim fixes will have included fixes which are also addressed with this interim fix. Consult the Related links section for readmes of previous interim fixes, at the bottom of this document.
|
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64744 | REMOVE UNNECESSARY OPENID CONNECT FILES FROM FILENET CONTENT MANAGER AND BUSINESS AUTOMATION NAVIGATOR ROLES | |||
JR64769 | IBM FILENET CONTENT MANAGER CONTAINER FAILS TO DEPLOY |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64700 | ADP IFIX UPGRADE RELOADS DEFAULT ONTOLOGY WITH STARTER DEPLOYMENT | X | X | |
JR64720 | COMMUNICATION ISSUE BETWEEN FACADE AND NODEJS IN BACKEND DUE TO LARGE HEADER SIZE | X | X | |
JR64733 | CANNOT REDEPLOY A PROJECT AFTER AN ADP PROJECT DEPLOYMENT FAILURE | X | X | |
JR64751 | SYSTEMT EXTRACTOR DOES NOT UPDATE WHEN NEW ADP VERSION IS DEPLOYED TO RUNTIME | X | X | |
JR64735 | DOCUMENT UPLOADS FAIL IN CONTENT DESIGNER WITH A 500 INTERNAL SERVER ERROR |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A | N/A |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64327 | SECURITY APAR - MULTIPLE SECURITY VULNERABILITIES IN JAVASCRIPT LIBRARIES | X | ||
JR64608 | EXPOSED AUTOMATION SERVICE IS NOT LISTED IN A NEW WORKFLOW PROJECT | |||
JR64616 | PROJECT CONVERSION TAB IS MISSING IN PROCESS DESIGNER FOR WORKFLOW APPS IMPORTED INTO IBM BUSINESS AUTOMATION STUDIO | |||
JR64717 | BUSINESS AUTOMATION WORKFLOW SCIM CALLS FAIL DUE TO INCORRECTLY ENCODED WHITESPACE |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64327 | SECURITY APAR - MULTIPLE SECURITY VULNERABILITIES IN JAVASCRIPT LIBRARIES | |||
JR64569 | TYPE MISMATCH ERROR MIGHT OCCUR IF A SOAP FAULT IS CAUGHT BY AN ERROR CATCH EVENT | |||
JR64711 | COACH EDITOR FAILS TO OPEN COACH | |||
JR64750 | BUSINESS AUTOMATION INSIGHTS EMITTER, MACHINE LEARNING SERVER & PROCESS FEDERATION SERVER NOT WORKING FOR STARTER PATTERN | |||
JR64642 | GROUP SYNCHRONIZATION FAILS DURING SERVER STARTUP IF DEPRECATED GROUPS EXIST | |||
JR64671 | IF YOU ARE USING FRENCH LOCALE SETTING IN THE BROWSER, YOU CAN'T OPEN A SOLUTION THAT WAS CLOSED IMPROPERLY | |||
JR64717 | BUSINESS AUTOMATION WORKFLOW SCIM CALLS FAIL DUE TO INCORRECTLY ENCODED WHITESPACE | X | ||
JR64656 | TRANSACTION ROLLBACK WHEN REMOVING AN USER FROM THE PROJECT AREA ON BAW SERVER. | |||
JR64699 | EXPANDABLE ROW IS NOT UPDATING PROPERLY WHEN USING TABLE FILTERING | |||
JR64822 | YOU CAN'T EXPORT SNAPSHOTS OF APPLICATIONS WITH CASE MANAGEMENT FEATURES ENABLED FROM BUSINESS AUTOMATION STUDIO |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
N/A
|
N/A
|
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
See FileNet Content Manager Release Fix List APARs for IBM Cloud Pak for Business Automation technote |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
RS03796 | DECISION ENGINE MIGRATION ISSUE WITH RULE.PACKAGE.NAME | X | ||
RS03864 | LOCAL RULE VARIABLES MAY HAVE ALWAYS THE SAME VALUE IN DE | X | ||
RS03866 | SOME RULEFLOW TASKS MAY NEVER EXECUTE IN DECISION ENGINE | X | ||
RS03869 | THE COMPARISON VIEW BETWEEN SIMULATION REPORTS THAT USE CUSTOM KPI IS NOT DISPLAYING CUSTOM DATA | X | ||
RS03873 | RESTORING A BASELINE OR SNAPSHOT MAY CREATE A NEW VERSION OF A RULE WITH A WRONG VERSION NUMBER | X | ||
RS03875 | BUSINESS CONSOLE BRANCH MERGE DETECTS NON EXISTING CHANGES | X | ||
RS03878 | RENAME THE PERMISSION OPTION "CUSTOM (DEFINED IN THE ENTERPRISE CONSOLE)" IN THE BUSINESS CONSOLE IN VERSION 8.11 | X | ||
RS03879 | BUSINESS CONSOLE REPORT DOES NOT FILL DOCUMENTATION VALUE | X | ||
RS03881 | USING DECISION ENGINE, PRIMITIVE NUMERIC EXPRESSIONS ARE BOXED TO JAVA.LANG.DOUBLE WHEN JAVA.LANG.NUMBER IS EXPECTED | X | ||
RS03891 | THE OWNER OF A RELEASE MAY FAIL TO CLOSE IT | X | ||
RS03905 | DECISION CENTER ORACLE TRIGGER DEFINITION BREAKS REPOSITORY CREATION | X |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64617 | UMS TEAMS CANNOT BE SUCCESSFULLY MIGRATED FROM ORACLE TO BTS IF UMS IS CONFIGURED TO USE ORACLE USE SERVICE NAME | X | ||
JR64717 | BUSINESS AUTOMATION WORKFLOW SCIM CALLS FAIL DUE TO INCORRECTLY ENCODED WHITESPACE | X | ||
JR64159 | OPENSHIFT AUTHENTICATION OPTION DOES NOT WORK WITH CLOUD PAK FOR BUSINESS AUTOMATION | X |
APAR | Title | Sec. | Cont. | B.I. |
---|---|---|---|---|
JR64642 | GROUP SYNCHRONIZATION FAILS DURING SERVER STARTUP IF DEPRECATED GROUPS EXIST | |||
JR64569 | TYPE MISMATCH ERROR MIGHT OCCUR IF A SOAP FAULT IS CAUGHT BY AN ERROR CATCH EVENT | |||
JR64717 | BUSINESS AUTOMATION WORKFLOW SCIM CALLS FAIL DUE TO INCORRECTLY ENCODED WHITESPACE | |||
JR64756 | WORKFLOW PROCESS SERVICE PERSISTENCE DOES NOT WORK WITH DOCKER-COMPOSE VERSION 2.2.2 |
Known Limitations
Document change history
Related Information
[Supersedes 21.0.3-IF006] Readme for Cloud Pak for Business Automation 21.0.3 I…
[Supersedes 21.0.3-IF005] Readme for Cloud Pak for Business Automation 21.0.3 I…
[Supersedes 21.0.3-IF004] Readme for Cloud Pak for Business Automation 21.0.3 I…
[Supersedes 21.0.3-IF003] Readme for Cloud Pak for Business Automation 21.0.3 I…
[Supersedes 21.0.3-IF002] Readme for Cloud Pak for Business Automation 21.0.3 I…
Was this topic helpful?
Document Information
Modified date:
01 April 2024
UID
ibm16565033