Author : Dheeraj Kumar Krishan
Note:- Recommended to pick the CP4BA latest available CP4BA interim fix. The ifixes have the number added to the CP4BA version, for example 24.0.1-IF001.
Prerequisites for the Deployment.
-
Preparing for a deployment is completed (https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=deployment-preparing-production )
-
Optional: Preparing Custom JDBC & ICCSAP libraries is completed (https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=icfcmpd-optional-preparing-customized-versions-jdbc-drivers-iccsap-libraries)
For this blog we are going with recommended way of deployment, using script based deployment (https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=cluster-recommended-setting-up-by-running-script)
Installing a fresh production deployment by running scripts
You can install the Cloud Pak capabilities that you want by running the cluster admin script and the deployment script. The cluster admin script can be run on the command-line interface (CLI) or in silent mode.
· Setting up the cluster with the admin script
To install the Cloud Pak capabilities with the Cloud Pak operators, a cluster administrator user can run a script to set up the cluster. They can also run the script in silent mode if a set of environment variables are created before the script is run. The administrator must also provide information that they get from the script to a non-administrator user so they can run the deployment script.
Procedure
1. Log in to the target cluster as the <cluster-admin> user.
If you are not already logged in on OpenShift (OCP), then log in using the oc CLI:
oc login https://<cluster-ip>:<port> -u <cluster-admin> -p <password>
2. Download the cert-kubernetes from github. For this blog we are doing 24.0.1 Fresh production Deployment, so let us switch to 24.0.1 branch
Migrate to any folder in your infra node of OCP console and download the github repository.
3. Change the directory to the extracted cert-kubernetes/scripts folder.
cd ${PATH_TO_EXTRACTED_FILES}/cert-kubernetes/scripts
4. Run the cluster setup script and follow the prompts in the command window.
./cp4a-clusteradmin-setup.sh
a. Select the CP4BA deployment environment: Online (1) / Offline or Airgap (2). Select Online.
b. Select the platform type: OCP (2).
c. Select the deployment type production (2).
d. If you plan to enable FIPS for your Cloud Pak for Business Automation deployment, select Yes to check that the worker nodes on the cluster are FIPS enabled.
e. Accept the default Yes to install CP4BA as a private catalog
f. Select Yes if you want to install the CP4BA operators and the CP4BA deployments in separate namespaces. Select No if you do not want to install the CP4BA operators and the CP4BA deployments in separate namespaces. The default is No.
g. Enter the name for a new project or an existing project (namespace).Example – cp2401
h. Enter the non admin user which was created in prerequisites step ; In this example it is dbauser
i. Enter Yes to confirm that you have an IBM Entitlement Registry key.
j. Enter your IBM Entitled Registry key
Cluster admin script deployment starts...
The following message is displayed:
[INFO] Checking the IBM Cert-manager Operator ready or not
...
[INFO] Applying the latest IBM CP4BA Operator catalog source...
[✔] IBM CP4BA Operator catalog source Updated!
To verify, in OCP console check Installed Operators and see if all operators are succeeded.
IBM CP4BA FileNet Content Manager can be verified as 24.1.0 version
· Preparing databases and secrets for your chosen capabilities by running a script
(Reference -https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=pycc-recommended-preparing-databases-secrets-your-chosen-capabilities-by-running-script )
The cp4a-prerequisites.sh script is provided in the cert-kubernetes repository to help you prepare for an installation of Cloud Pak for Business Automation. The script generates property files for the selected capabilities in your deployment and must be run before your deployment is installed.
Procedure:
1. Make sure you are on the current project
oc project ${NAMESPACE}
2. Run ./cp4a-prerequisites.sh -m generate -n cp2401
3. Select 1 as we are deploying FileNet Content Manager
4. Press Enter and Press Enter to proceed
5. Select optional components. For this blog we will select all 6 components
6. Press Enter to proceed
7. Select LDAP type
8. Enter your dynamic storage classes for slow, medium, fast file storage (RWX).
9. Enter a block storage class name (RWO).
10. Select a deployment profile size from small, medium, or large [1 to 3]. The default is small (1).
11.Choose the database type that you want to use for the CP4BA deployment.
Note - By default, the databases are SSL enabled. You can disable SSL for a database when you edit the database property file
12. Enter alias name for database
13. Select No to restrict network (Default is Yes)
14. Select No for external certificate
15. Enter the number of object stores of a FileNet P8 domain to configure for the CP4BA deployment
16. Make sure that you are in the propertyfile folder under cp4ba-prerequisites/project/$NAMESPACE and edit the property files as indicated by the NEXT ACTIONS messages from the script. Update the (cp4ba_db_name_user.property, cp4ba_db_server.property, cp4ba_LDAP.property, cp4ba_user_profile.property
Make sure all the <Required> values in all of the property files are replaced correctly.
17. When the user property files are complete and ready, make sure that you are in the scripts folder under cert-kubernetes, and run the cp4a-prerequisites.sh script in the "generate" mode.
./cp4a-prerequisites.sh -m generate -n cp2401
18. The user needs to create the databases … If DB selected is other than Postgres EDB. They need to run the DB scripts against the database servers.
19. Navigate to cp4ba-prerequisites/project/$NAMESPACE
20. Run ./create_secret.sh
21. Navigate to scripts folder
22. Run ./cp4a-prerequisites.sh -m validate -n cp2401
Make sure everything passed. If not verify the data entered for database and LDAP and fix the same and re-run generate and validate command.
· Installing the capabilities by running the deployment script
It is possible to install all the capabilities using the scripts. For this blog we will select FNCM only and all of its components.
The script applies a custom resource (CR) file, which is deployed by the Cloud Pak operator. The deployment script prompts the user to enter values to get access to the container images and to select what is installed with the deployment.
Procedure:
1. Make sure you are on the current project
oc project ${NAMESPACE}
2. Run the deployment script from the local directory where you downloaded the cert-kubernetes repository, and follow the prompts in the command window.
cd cert-kubernetes/scripts
./cp4a-deployment.sh -n ${NAMESPACE}
The script prompts you to enter the relevant information for your evaluation deployment.
a. Press any key to continue
b. Accept the license. You must agree to the license that is displayed. Select Yes
c. As we have not deployed a CP4BA FileNet Content Manager instance, Select No
d. Select a new installation type. - Select the production deployment type.
e. Press Enter to continue
f. Select OpenShift Container Platform (OCP)
g. If your OCP is deployed on AWS or Azure - Select No.
h. Use default user, select Yes
i. Provide the URL to the ZIP file that contains the ICCSAP drivers.
j. A summary of your selection is displayed. Click "Yes" to verify that the information is correct.
k. Review the CR file to check the parameter values and make sure all required field should have a value
l. Apply the generated Content CR
Migrate to folder - /scripts/generated-cr/project/cp2401
Run the command – oc apply -f ibm_content_cr_final.yaml
The operator reconciliation loop can take some time. You must verify that the automation containers are running.
Depending on the OCP hardware capabilities, it would take couple of hours to complete the deployment
· Verification of Deployment completion
Login to OCP console and verify config maps - content-cp4ba-access-info, content-initialization-config and content-verification-config.
content-cp4ba-access-info
content-initialization-config
content-verification-config
Fresh Production Deployment is now completed !!
I would like to thank the people who helped me review and publish this blog - Binoy MV, Todd Deen, Adam Davis, Jason Kahn & Justin Wang.