BPM, Workflow, and Case

 View Only

Install Workflow Authoring Production Deployment with Oracle SSL for 21.0.3, 22.0.1 and later release

By PING MEI posted Thu July 07, 2022 01:51 AM

  

Install Workflow Authoring Production Deployment with Oracle SSL for 21.0.3, 22.0.1 and later release

The topic is about how to install workflow authoring production pattern with oracle ssl, the example is for 21.0.3, 22.0.1 and later release, it is based on zen enabled by default.  For other releases, there are some difference for the script and CR file.

1. Download the cert-kubernetes repository from CASE package URL https://github.com/IBM/cloud-pak/tree/master/repo/case, for example,ibm-cp-automation-3.2.9.tgz for 21.0.3-IF009,  ibm-cp-automation-4.0.0.tgz for 22.0.1

2. Extract the package by running the following command
tar -xvzf ibm-cp-automation-4.0.0.tgz
cd ibm-cp-automation/inventory/cp4aOperatorSdk/files/deploy/crs
tar -xvzf cert-k8s-22.0.1.tar

3.Prepare storage

Dynamic storage must be supported on the cluster. The deployment script on a private OpenShift Container Platform (OCP) cluster needs a storage class name that the installer can use.

Example for setting up dynamic NFS storage by following https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner


4.Prepare a non-admin user

You can refer to https://docs.openshift.com/container-platform/4.10/authentication/identity_providers/configuring-htpasswd-identity-provider.html

5. Create the database by following db script to create the database, it includes bastudio, application engine playback server, application engine, workflow authoring, navigator, gcd, docs, dos, tos, ae data persistence, case history emitter (Note: you can update database username and password according to your requirement)

Get the database creation script from https://community.ibm.com/community/user/automation/viewdocument/workflow-authoring-oracle-database?CommunityKey=1139d952-28b2-454e-a7a4-5faebf6f465a, then download the script 'workflow_authoring_oracle_creating.txt'. Because of limitation of blog, after downloading the script, you can change the file from workflow_authoring_oracle_creating.txt to workflow_authoring_oracle_creating.sql

Login your database and run the command “@workflow_authoring_oracle_creating.sql;” to create the database.

And we also provide the script to delete the database that you create, running "@dropUser_oracle.sql;" if needed. You can get the database dropping script from https://community.ibm.com/community/user/automation/viewdocument/workflow-authoring-oracle-database?CommunityKey=1139d952-28b2-454e-a7a4-5faebf6f465a, then download the script 'dropdatabase_oracle.txt'.  Because of limitation of blog, after downloading the script, you can change the file from dropdatabase_oracle.txt to dropdatabase_oracle.sql


6. Create the required database secrets, it includes bastudio, application engine playback server, application engine, workflow authoring, fncm, navigator and ldap secrets. Get the secret script from https://community.ibm.com/community/user/automation/viewdocument/workflow-authoring-oracle-database?CommunityKey=1139d952-28b2-454e-a7a4-5faebf6f465a, then download the script 'create_secret_oracle.yaml'. You can run the command 'oc apply -f create_secret_oracle.yaml'.


7. Create the secret to connect to your database server by SSL

1) Export your certificate by running the following command on your local or remote database server, the example is for the command on Linux

orapki wallet export -wallet <the-path-to-your-wallet-file> -pwd <your-wallet-file-password> -dn "CN=`hostname`" -cert /tmp/<your-certificate-name>.crt

2) Copy your certificate exported in the previous step to your cluster, and create the secret for your database server by running the following command on your cluster

kubectl create secret generic <your-secret-name> --from-file=tls.crt=<your-certificate-name>.crt

3)For application engine and application engine playback server, you also need to create one more secret for database Server Wallet SSO

a. Get the wallet SSO file cwallet.sso on your local or remote database server. You can find it in the wallet install directory on your database server.
b. Copy this wallet SSO file to any directory of your cluster, and create a secret by running the following command on your cluster:

kubectl create secret generic <your-oracle-sso-secret-name> --from-file=cwallet.sso=<your-oracle-sso-wallet-file-path>/cwallet.sso

8. Run the admin script to install the Cloud Pak capabilities with the Cloud Pak operators

1) Go to cert-kubernetes project that you download in the step 1

2) Run the admin script

cd scripts

 ./cp4a-clusteradmin-setup.sh

3) Monitor the operator pod until it shows a STATUS of "Running"

oc get pvc,csv,pod -w

 
9. If you are installing 21.0.3, copy the oracle JDBC driver to the persistent volume. For 22.0.1 and later release, you can skip this step, the default JDBC driver will be used.
a. Download the oracle JDBC driver file and put them according to the following directories. The mounted directory must contain a jdbc subdirectory, which in turn holds subdirectories with the required JDBC driver files. Add the following structure to the mounted directory (which in this case is called /mnt/dba/data):

/mnt/dba/data

  /jdbc

    /oracle

      /ojdbc8.jar

    /oracle_node

      /…

      /…


b. Besides the JDBC driver files, ODPI-C applications with Oracle Instant Client are also required to connect to the database for Application Engine and Application Engine playback server. You can download Oracle Instant Client Zip from https://www.oracle.com/database/technologies/instant-client.html according to your operating system.  Unzip the file and copy the extracted files to the mounted directory as shown in the previous example /oracle_node

c. Get the running operator pod by using the command 'oc get pod|grep ibm-cp4a-operator|grep Running'

d. Copy JDBC drivers by running the command 'oc cp /mnt/dba/data/jdbc ${operator_podname}:/opt/ansible/share'

10. Generate the custom resource with the deployment script, then you can input all the required parameters according to your requirement

cd scripts

./cp4a-deployment.sh

The following CR is an example for reference, you can get the example CR file from https://community.ibm.com/community/user/automation/viewdocument/workflow-authoring-oracle-database?CommunityKey=1139d952-28b2-454e-a7a4-5faebf6f465a

21.0.3 - downloading the file 'ibm_cp4a_cr_final_21.0.3_authoring_oracle_ssl.yaml'
22.0.1 - downloading the file 'ibm_cp4a_cr_final_22.0.1_authoring_oracel_ssl.yaml'

11.Deploy the custom resource you created with the deployment script

oc apply -f ibm_cp4a_cr_final_22.0.1_authoring_oracel_ssl.yaml


12.Verify the installation

1) Monitor the pod until it shows a STATUS of "Running"

oc pod -w

2) Check the status field for all capabilities by running the following command

oc get ICP4ACluster icp4adeploy -o yaml

For example:

status:

  components:

    ae-icp4adeploy-pbk:

      adminSecret: playback-server-admin-secret

      reconcile: Finished

      service: Ready

    ae-icp4adeploy-workspace-aae:

      adminSecret: icp4adeploy-workspace-aae-app-engine-admin-secret

      reconcile: Finished

      service: Ready

    app-engine:

      instance_count: "1"

    bai:

      bai_deploy_status: Ready

      conditions:

        lastTransitionTime: "2022-07-04T01:44:47Z"

        message: BAI installaion done

        reason: BAI-Deployment

        status: "True"

        type: Ready

      insightsEngine: Ready

    baml:

      bamlDeployStatus: Ready

      bamlServiceStatus: Ready

    bastudio:

      adminSecret: icp4adeploy-bas-admin-secret

      reconcile: Finished

      service: Ready

    pfs:

      pfsDeployment: Ready

      pfsService: Ready

      pfsZenIntegration: Ready

    workflow-authoring:

      adminSecret: icp4adeploy-workflow-authoring-baw-admin-secret

      reconcile: Finished

      service: Ready

3) Get the access information by running the following commands:

oc describe configmaps icp4adeploy-cp4ba-access-info




0 comments
58 views

Permalink