Create and configure a PostgreSQL instance

1. On AWS dashboard -> RDS -> Create database, choose PostgreSQL, input master password. Select database version.
2. Modify DB instance class and storage as your requirement.
3. Click Create database.
4. On AWS dashboard -> RDS -> Parameter groups -> Create parameter group, create a parameter group. Select Parameter group family according to the postgresql instance version you created in previous steps. Input Group name and description. Click Create.
5. Click the parameter group you just created, and modify some parameter values according to knowledge center document https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/21.0.x?topic=crd-creating-required-databases-in-postgresql. Save the change.
6. On AWS dashboard -> RDS -> Databases, click the postgresql instance you created in previous steps, click Modify.
7. Modify DB parameter group to the parameter group you created in previous steps.

Create Database

1. Connect to the PostgreSQL instance you created. postgres is the username to connect to your PostgreSQL instance, you may change it according to your environment.

psql --host=YourPostgreSQLInstanceEndpoint --port=5432 --username=postgres --password

2. You can use psql to run commands to create database according to knowledge center document https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/21.0.x?topic=crd-creating-required-databases-in-postgresql.

Prepare a OCP project and an EC2 instance

1. Create a project on AWS ROSA console.
2. Prepare an EC2 instance to connect to the AWS ROSA cluster.
3. On AWS ROSA console, click ? -> Command Line Tools, follow the guide to configure oc command on your EC2 instance.
4. On AWS ROSA console, click ? -> Command Line Tools -> Copy Login Command -> Display Token, copy the command "oc login --token=***", and run it on your EC2 instance to connect to your AWS ROSA environment.
5. Configure kubectl on your EC2 instance. You may install kubectl on Linux according to https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-kubectl-on-linux

Install below SW on your OCP proxy node

yum install -y podman
yum install -y docker
yum install -y jq
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y python3-pip
yum install -y python3
yum install -y sshpass
pip3 install ansible
yum install -y git
yum install -y zip

Prepare and install IBM Business Automation Workflow V21.0.2 on containers

Run shell scripts to do the deployment:

1. Get cert kubernetes git source repo files. The repo may change, please use the corresponding repo according to the release you use. Extract the package, and then extract the contents from the .tar file in the ibm-cs-bawautomation/inventory/cp4aOperatorSdk/files/deploy/crs folder. Use the tar -xvzf command to extract it to the cert-kubernetes directory directory.

https://github.com/IBM/cloud-pak/blob/master/repo/case/ibm-cs-bawautomation-2.1.6.tgz

2. Run the cluster setup script from where you downloaded the GitHub repository, and follow the prompts in the command window.

$ cd scripts/
./cp4a-clusteradmin-setup.sh baw

3. If the script runs without error, you will see the following operator installed on your namespace.

IBM Automation Foundation Core
IBM Automation Foundation
IBM Cloud Platform Common Services
IBM Cloud Pak for Business Automation

5. Copy postgresql JDBC driver to operator pod.

1. Get operator pod name by command below.

[root@ip-10-0-15-242 jdbc]#  oc get pod | grep ibm-cp4a-operator
ibm-cp4a-operator-68c78858f9-llzww                                1/1     Running   0          4d16h

2. On your EC2 instance, create a directory named postgresql and copy your postgresql JDBC driver file in it.
3. On your EC2 instance, run following commands.

sudo chgrp -R 0 postgresql/
sudo chmod -Rf g=u /postgresql/
sudo chmod -R 777 postgresql/

4. Copy the JDBC driver directoery to operator pod. You may need to run the command for two times.

oc cp postgresql/ ibm-cp4a-operator-68c78858f9-llzww:/opt/ansible/share/jdbc

5. Login to ibm-cp4a-operator-68c78858f9-llzww pod, make sure there is postgresql/ directory under /opt/ansible/share/jdbc, and postgresql jdbc driver file is in /opt/ansible/share/jdbc/postgresql.

7. Then run the user script to generate the CR yaml file or use your own CR yaml file for deployment

cd scripts
./cp4a-deployment.sh baw

8. You will get the custom resource file ibm_cp4a_cr_final.yaml generated by the user script.

1. Update the value of each parameter marked <Required> according to your environment.
2. For Db2 or PostgreSQL, you can set all dc_os_label to os.
3. For Oracle, please set dc_os_label of AEOS to aeos, dc_os_label of DOCS to docs, dc_os_label of DOS to dos and dc_os_label of TOS to tos, the value should match with the oracle secret settings.

9. Deploy BAW enterprise pattern by applying the custom resource file, for example:

    $ oc apply -f ibm_cp4a_cr_final.yaml

10. Check if all pods are deployed successfully.

IAM LDAP configuration

Operator will automatically deploy IAM for you, but you need to manually configure the LDAP for IAM. You may need to add your ldap info to IAM manually once you make sure IAM has been deployed successfully by operator or wait till all deployments done:

1. Check if IAM is ready by running oc get cm -n kube-public ibm-common-services-status -o yaml|grep " iamstatus:" and cmd oc get po -n ibm-common-services

2. Accessing the IAM console. Use the following command to get the URL to access the IBM Cloud Platform Common Services console:

   oc get route -n ibm-common-services cp-console -o jsonpath=‘{.spec.host}’

   Following is a sample output: ***.com

   Based on the example output, your console URL would be https://***.com:443.

3. Console username and password

   The default username to access the console is admin. You can get the default username by running the following command:

   oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_username}' | base64 -d && echo

   You can get the password for the default username by running the following command:

   oc -n ibm-common-services get secret platform-auth-idp-credentials -o jsonpath='{.data.admin_password}' | base64 -d

4. Login IAM UI console with admin internal account first.

5. Create connection to add your ldap on IAM UI. In user management. Select identity provider, then select create connection and then add the LDAP in this page. Save it.

Verify environment

1. You can use "oc get route" to get the host of all services.

2. Then you may access your environment using the host and verify it. For example, you can access process portal by https://bawServerHost/ProcessPortal/