diff --git a/automation-roles/20-prepare/download-cp-dependencies/tasks/download-cp4ba-dependencies.yml b/automation-roles/20-prepare/download-cp-dependencies/tasks/download-cp4ba-dependencies.yml
index cc98a056c..73b314ff7 100644
--- a/automation-roles/20-prepare/download-cp-dependencies/tasks/download-cp4ba-dependencies.yml
+++ b/automation-roles/20-prepare/download-cp-dependencies/tasks/download-cp4ba-dependencies.yml
@@ -1,6 +1 @@
----
-- include_role:
- name: java-download
-
-- include_role:
- name: helm-download
\ No newline at end of file
+---
\ No newline at end of file
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml
index d9729621a..56ecc83d2 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml
@@ -14,23 +14,51 @@
common_namespace_name: "{{ akhq_project_name }}"
common_output_directory: "{{ akhq_output_directory }}"
-- name: Import trusted CA from SSL certificate
- community.general.java_cert:
- cert_url: "iaf-system-kafka-bootstrap-{{ akhq_cp4ba_project_name }}.{{ apps_endpoint_domain }}"
- keystore_path: "{{ akhq_output_directory }}/truststore.jks"
- keystore_pass: "{{ akhq_universal_password }}"
- keystore_create: true
+- name: Create a pod with OpenJDK runtime image
+ kubernetes.core.k8s:
state: present
- cert_alias: iaf-ca
+ definition:
+ apiVersion: v1
+ kind: Pod
+ metadata:
+ name: akhq-keytool
+ namespace: "{{ akhq_project_name }}"
+ spec:
+ containers:
+ - name: openjdk-container
+ image: ubi9/openjdk-17-runtime:1.21-1
+ command: ["/bin/sh", "-c", "sleep 3600"]
+ wait: true
-- name: Load jks data
- ansible.builtin.slurp:
- src: "{{ akhq_output_directory }}/truststore.jks"
- register: slurped_jks_data
+- name: Fetch certificate, create JKS, and encode as Base64
+ kubernetes.core.k8s_exec:
+ namespace: "{{ akhq_project_name }}"
+ pod: akhq-keytool
+ container: openjdk-container
+ command: |
+ /bin/bash -c '
+ keytool -printcert -rfc -sslserver iaf-system-kafka-bootstrap-{{ akhq_cp4ba_project_name }}.{{ apps_endpoint_domain }}:443 > /tmp/cert.pem
+ keytool -importcert \
+ -file /tmp/cert.pem \
+ -alias iaf-ca \
+ -keystore /tmp/truststore.jks \
+ -storepass {{ akhq_universal_password }} \
+ -noprompt \
+ -trustcacerts
+ base64 -w 0 /tmp/truststore.jks
+ '
+ register: base64_result
- name: Decode data and store as fact
ansible.builtin.set_fact:
- _jks: "{{ slurped_jks_data.content }}"
+ _jks: "{{ base64_result.stdout }}"
+
+- name: Cleanup pod after execution
+ kubernetes.core.k8s:
+ state: absent
+ kind: Pod
+ name: akhq-keytool
+ namespace: "{{ akhq_project_name }}"
- name: Get OCP Apps Endpoint
ansible.builtin.include_role:
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2
index a5185a5a7..16275fe36 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2
@@ -26,7 +26,7 @@ spec:
memory: 512Mi
limits:
cpu: 500m
- memory: 1536Mi
+ memory: 4096Mi
startupProbe:
tcpSocket:
port: 8080
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/nexus-upload.yml b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/nexus-upload.yml
index 754b5b77c..b5e4ac631 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/nexus-upload.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/nexus-upload.yml
@@ -17,27 +17,6 @@
vars:
common_output_to_var: "apps_endpoint_domain"
-# TODO from ansible 2.10+ but line endings of jar files are changed and CP4BA components cannot use these modified jars.
-# - name: Upload to Nexus
-# ansible.builtin.uri:
-# url: "https://nexus.{{ apps_endpoint_domain }}/service/rest/v1/components?repository=raw-hosted"
-# method: POST
-# body_format: form-multipart
-# body:
-# raw.directory: cp4ba
-# raw.asset1:
-# content: "{{ lookup('file', common_file_folder_path+'/'+common_file_name) }}"
-# filename: "{{ common_file_name }}"
-# raw.asset1.filename: "{{ common_file_name }}"
-# validate_certs: false
-# status_code:
-# - 204
-# user: "{{ lc_principal_admin_user }}"
-# password: "{{ lc_principal_admin_password }}"
-# force_basic_auth: true
-# register: nexus_upload_result
-# ignore_errors: true
-
- name: Upload to Nexus
ansible.builtin.command: |
curl -kX 'POST' \
@@ -51,6 +30,7 @@
-s -o /dev/null -w "%{http_code}"
register: import_curl_result
changed_when: true
+ # noqa: command-instead-of-module
- name: Restart and reupload
when: import_curl_result.stdout != "204"
@@ -79,24 +59,6 @@
common_retries: 80
common_delay: 15
- # TODO from ansible 2.10+ but line endings of jar files are changed and CP4BA components cannot use these modified jars.
- # - name: Upload to Nexus
- # ansible.builtin.uri:
- # url: "https://nexus.{{ apps_endpoint_domain }}/service/rest/v1/components?repository=raw-hosted"
- # method: POST
- # body_format: form-multipart
- # body:
- # raw.directory: cp4ba
- # raw.asset1:
- # content: "{{ lookup('file', common_file_folder_path+'/'+common_file_name) }}"
- # filename: "{{ common_file_name }}"
- # raw.asset1.filename: "{{ common_file_name }}"
- # validate_certs: false
- # status_code: 204
- # user: "{{ lc_principal_admin_user }}"
- # password: "{{ lc_principal_admin_password }}"
- # force_basic_auth: true
-
- name: Upload to Nexus
ansible.builtin.command: |
curl -kX 'POST' \
@@ -111,3 +73,4 @@
register: import_curl_result
failed_when: import_curl_result.stdout != "204"
changed_when: true
+ # noqa: command-instead-of-module
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/remove-postgresql-tablespace.yml b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/remove-postgresql-tablespace.yml
index f8821e7f7..659787adc 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/remove-postgresql-tablespace.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/remove-postgresql-tablespace.yml
@@ -1,6 +1,6 @@
# Example of the functionality call
#
-# - name: Remove PostgreSQL tablespace
+# - name: Remove PostgreSQL tablespace and folder
# ansible.builtin.include_role:
# name: common
# tasks_from: remove-postgresql-tablespace
@@ -24,7 +24,7 @@
command: >
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
- DROP TABLESPACE IF EXISTS {{ common_postgresql_tablespace_name }}_tbs;
+ DROP TABLESPACE IF EXISTS {{ common_postgresql_tablespace_name }};
EOF"
register: command_status
when: postgresql_pod.resources | length != 0
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/wait-crd.yml b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/wait-crd.yml
index 6815d122f..17d7de556 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/wait-crd.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/wait-crd.yml
@@ -14,7 +14,7 @@
name: "{{ common_crd_name }}"
register: common_crd
retries: 20
- delay: 2
+ delay: 20
until: common_crd.resources and ('True' in common_crd | json_query(condition_query) | unique )
vars:
condition_query: "resources[0].status.conditions[?type == 'Established'].status"
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml
index 757b426d3..5dc88d4c9 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml
@@ -33,7 +33,7 @@
- name: PostgreSQL config variable
ansible.builtin.set_fact:
- postgresql_enabled: "{{ true if _current_cp4ba_cluster.cp4ba.enabled or urrent_cp4ba_cluster.pm.enabled else false }}"
+ postgresql_enabled: "{{ true if _current_cp4ba_cluster.cp4ba.enabled or _current_cp4ba_cluster.pm.enabled else false }}"
- name: Openldap config variable
ansible.builtin.set_fact:
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-cluster/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-cluster/tasks/install.yml
index bc285fec1..955957fb5 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-cluster/tasks/install.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-cluster/tasks/install.yml
@@ -98,15 +98,15 @@
when: _current_cp4ba_cluster.cp4ba.enabled and _current_cp4ba_cluster.cp4ba.patterns.foundation.optional_components.bai and
_current_cp4ba_cluster.akhq_enabled
-# - name: Install MSSQL
-# ansible.builtin.include_role:
-# name: mssql
-# when: mssql_enabled
-
-# - name: Install RPA
-# ansible.builtin.include_role:
-# name: rpa
-# when: _current_cp4ba_cluster.rpa.enabled
+- name: Install MSSQL
+ ansible.builtin.include_role:
+ name: mssql
+ when: mssql_enabled
+
+- name: Install RPA
+ ansible.builtin.include_role:
+ name: rpa
+ when: _current_cp4ba_cluster.rpa.enabled
- name: Install PM
ansible.builtin.include_role:
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml
index 5c317ebe2..23afbb14e 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml
@@ -4,19 +4,23 @@ cp4ba_dir_name: cp4ba
## Should not be changed in particular guide version.
## Version of the Subscription channel as defined on
## https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=cluster-setting-up-in-openshift-console
-cp4ba_operator_channel: v24.0
+cp4ba_operator_channel: v24.1
## Should not be changed in particular guide version.
## Version of cert-kubernetes folder from Cloud Pak CASE archive e.g. 21.0.1
-cp4ba_cert_k8s_branch: 24.0.0-IF002
+cp4ba_cert_k8s_branch: 24.0.1
cp4ba_storage_class_name: ""
cp4ba_block_storage_class_name: ""
## Should not be changed in particular guide version.
## Version of Cloud Pak e.g. 20.0.2.1, 20.0.3
-cp4ba_version: 24.0.0
+cp4ba_version: 24.0.1
## Version in CPFS catalog CatalogSource
-cpfs_cs_version: v4-6-5
+cpfs_cs_version: v4-9-0
## Version in BTS catalog CatalogSource
-cpfs_bts_version: v3-34-0
+cpfs_bts_version: v3-35-1
+## Version in Zen catalog CatalogSource
+cpfs_zen_version: 6-0-4
+## Version in IAM catalog CatalogSource
+cpfs_iam_version: 4-8-0
## Name of the CP4BA instance in cr.yaml at path metadata.name
cp4ba_cr_meta_name: icp4adeploy
## Name of OCP CP4BA project
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml
index 1a250ea18..e7284e63f 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml
@@ -14,7 +14,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/aeos
+ command: mkdir -p /bitnami/postgresql/tablespaces/aeos_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -26,16 +26,13 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user aeos
- CREATE ROLE aeos WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER aeos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database aeos
- create database aeos owner aeos template template0 encoding UTF8;
- revoke connect on database aeos from public;
- grant all privileges on database aeos to aeos;
- grant connect, temp, create on database aeos to aeos;
+ -- create tablespace for aeos
+ CREATE TABLESPACE aeos_tbs OWNER aeos LOCATION '/bitnami/postgresql/tablespaces/aeos_tbs';
- -- please modify location follow your requirement
- create tablespace aeos_tbs owner aeos location '/bitnami/postgresql/tablespaces/aeos';
- grant create on tablespace aeos_tbs to aeos;
+ -- create database aeos
+ CREATE DATABASE aeos OWNER aeos TEMPLATE template0 ENCODING UTF8 TABLESPACE aeos_tbs;
+ REVOKE CONNECT ON DATABASE aeos FROM PUBLIC;
EOF"
register: command_status
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml
index 3209fa4fc..70c7512c6 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml
@@ -16,13 +16,11 @@
command: >
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
- -- create a new user
- create user aaedb with password '{{ cp4ba_postgresql_universal_password }}';
+ -- create user aaedb
+ CREATE USER aaedb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database aaedb
- create database aaedb owner aaedb;
-
- -- The following grant is used for databases
- grant all privileges on database aaedb to aaedb;
+ -- create database aaedb -- default template tablespace
+ CREATE DATABASE aaedb OWNER aaedb TEMPLATE template0 ENCODING UTF8;
+ REVOKE CONNECT ON DATABASE aaedb FROM PUBLIC;
EOF"
register: command_status
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml
index cc1454eb8..a4888c644 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml
@@ -15,12 +15,11 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user adpbase
- CREATE ROLE adpbase WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER adpbase WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database adpbase
- create database adpbase owner adpbase template template0 encoding UTF8;
- revoke connect on database adpbase from public;
- grant all privileges on database adpbase to adpbase;
+ -- create database adpbase -- default template tablespace
+ CREATE DATABASE adpbase OWNER adpbase TEMPLATE template0 ENCODING UTF8;
+ REVOKE CONNECT ON DATABASE adpbase FROM PUBLIC;
EOF"
register: command_status
@@ -32,12 +31,11 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user {{ item }}
- CREATE ROLE {{ item }} WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER {{ item }} WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database {{ item }}
- create database {{ item }} owner {{ item }} template template0 encoding UTF8;
- revoke connect on database {{ item }} from public;
- grant all privileges on database {{ item }} to {{ item }};
+ -- create database {{ item }} -- default template tablespace
+ CREATE DATABASE {{ item }} OWNER {{ item }} TEMPLATE template0 ENCODING UTF8;
+ REVOKE CONNECT ON DATABASE {{ item }} FROM PUBLIC;
EOF"
register: command_status
with_items:
@@ -48,23 +46,6 @@
- proj5
- proj6
-- name: ADP proj2 DB
- kubernetes.core.k8s_exec:
- namespace: "{{ cp4ba_postgresql_project }}"
- pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: >
- bash -c "
- psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
- -- create user proj2
- CREATE ROLE proj2 WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
-
- -- create database proj2
- create database proj2 owner proj2 template template0 encoding UTF8;
- revoke connect on database proj2 from public;
- grant all privileges on database proj2 to proj2;
- EOF"
- register: command_status
-
# Based on https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=scripts-creating-databases-document-processing
# DEVOS Based on
# https://www.ibm.com/docs/en/filenet-p8-platform/latest?topic=vtpiicd-creating-postgresql-database-table-spaces-content-platform-engine-object-store
@@ -72,7 +53,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/devos1
+ command: mkdir -p /bitnami/postgresql/tablespaces/devos1_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -84,17 +65,14 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user devos1
- CREATE ROLE devos1 WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER devos1 WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database devos1
- create database devos1 owner devos1 template template0 encoding UTF8;
- revoke connect on database devos1 from public;
- grant all privileges on database devos1 to devos1;
- grant connect, temp, create on database devos1 to devos1;
+ -- create tablespace for devos1
+ CREATE TABLESPACE devos1_tbs OWNER devos1 LOCATION '/bitnami/postgresql/tablespaces/devos1_tbs';
- -- please modify location follow your requirement
- create tablespace devos1_tbs owner devos1 location '/bitnami/postgresql/tablespaces/devos1';
- grant create on tablespace devos1_tbs to devos1;
+ -- create database devos1
+ CREATE DATABASE devos1 OWNER devos1 TEMPLATE template0 ENCODING UTF8 TABLESPACE devos1_tbs;
+ REVOKE CONNECT ON DATABASE devos1 FROM PUBLIC;
EOF"
register: command_status
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml
index d6f24fac4..4a90a8d7a 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml
@@ -14,7 +14,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/icndb
+ command: mkdir -p /bitnami/postgresql/tablespaces/icndb_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -26,16 +26,13 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user icndb
- CREATE ROLE icndb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER icndb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database icndb
- create database icndb owner icndb template template0 encoding UTF8 ;
- revoke connect on database icndb from public;
- grant all privileges on database icndb to icndb;
- grant connect, temp, create on database icndb to icndb;
+ -- create tablespace for icndb
+ CREATE TABLESPACE icndb_tbs OWNER icndb LOCATION '/bitnami/postgresql/tablespaces/icndb_tbs';
- -- please modify location follow your requirement
- create tablespace icndb_tbs owner icndb location '/bitnami/postgresql/tablespaces/icndb';
- grant create on tablespace icndb_tbs to icndb;
+ -- create database icndb
+ CREATE DATABASE icndb OWNER icndb TEMPLATE template0 ENCODING UTF8 TABLESPACE icndb_tbs;
+ REVOKE CONNECT ON DATABASE icndb FROM PUBLIC;
EOF"
register: command_status
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml
index dade9ffae..b1ddad594 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml
@@ -15,14 +15,12 @@
command: >
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
- -- create a new user
- create user appdb with password '{{ cp4ba_postgresql_universal_password }}';
+ -- create user appdb
+ CREATE USER appdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database appdb
- create database appdb owner appdb;
-
- -- The following grant is used for databases
- grant all privileges on database appdb to appdb;
+ -- create database appdb -- default template tablespace
+ CREATE DATABASE appdb OWNER appdb TEMPLATE template0 ENCODING UTF8;
+ REVOKE CONNECT ON DATABASE appdb FROM PUBLIC;
EOF"
register: command_status
@@ -34,16 +32,16 @@
command: >
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
- -- create the user
- CREATE ROLE basdb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ -- create user basdb
+ CREATE USER basdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create the database:
- CREATE DATABASE basdb WITH OWNER basdb ENCODING 'UTF8';
- GRANT ALL ON DATABASE basdb to basdb;
+ -- create database basdb -- default template tablespace
+ CREATE DATABASE basdb OWNER basdb TEMPLATE template0 ENCODING UTF8;
+ REVOKE CONNECT ON DATABASE basdb FROM PUBLIC;
-- Connect to your database and create schema
\c basdb;
SET ROLE basdb;
- CREATE SCHEMA IF NOT EXISTS basdb AUTHORIZATION basdb;
+ CREATE SCHEMA IF NOT EXISTS basdb;
EOF"
register: command_status
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml
index b0cc2bc7d..70f29c5c9 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml
@@ -13,7 +13,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/bawdocs
+ command: mkdir -p /bitnami/postgresql/tablespaces/bawdocs_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -25,17 +25,14 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user bawdocs
- CREATE ROLE bawdocs WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER bawdocs WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+
+ -- create tablespace for bawdocs
+ CREATE TABLESPACE bawdocs_tbs OWNER bawdocs LOCATION '/bitnami/postgresql/tablespaces/bawdocs_tbs';
-- create database bawdocs
- create database bawdocs owner bawdocs template template0 encoding UTF8 ;
- revoke connect on database bawdocs from public;
- grant all privileges on database bawdocs to bawdocs;
- grant connect, temp, create on database bawdocs to bawdocs;
-
- -- please modify location follow your requirement
- create tablespace bawdocs_tbs owner bawdocs location '/bitnami/postgresql/tablespaces/bawdocs';
- grant create on tablespace bawdocs_tbs to bawdocs;
+ CREATE DATABASE bawdocs OWNER bawdocs TEMPLATE template0 ENCODING UTF8 TABLESPACE bawdocs_tbs;
+ REVOKE CONNECT ON DATABASE bawdocs FROM PUBLIC;
EOF"
register: command_status
@@ -45,7 +42,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/bawtos
+ command: mkdir -p /bitnami/postgresql/tablespaces/bawtos_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -57,17 +54,14 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user bawtos
- CREATE ROLE bawtos WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER bawtos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+
+ -- create tablespace for bawtos
+ CREATE TABLESPACE bawtos_tbs OWNER bawtos LOCATION '/bitnami/postgresql/tablespaces/bawtos_tbs';
-- create database bawtos
- create database bawtos owner bawtos template template0 encoding UTF8 ;
- revoke connect on database bawtos from public;
- grant all privileges on database bawtos to bawtos;
- grant connect, temp, create on database bawtos to bawtos;
-
- -- please modify location follow your requirement
- create tablespace bawtos_tbs owner bawtos location '/bitnami/postgresql/tablespaces/bawtos';
- grant create on tablespace bawtos_tbs to bawtos;
+ CREATE DATABASE bawtos OWNER bawtos TEMPLATE template0 ENCODING UTF8 TABLESPACE bawtos_tbs;
+ REVOKE CONNECT ON DATABASE bawtos FROM PUBLIC;
EOF"
register: command_status
@@ -77,7 +71,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/bawdos
+ command: mkdir -p /bitnami/postgresql/tablespaces/bawdos_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -89,17 +83,14 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user bawdos
- CREATE ROLE bawdos WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER bawdos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+
+ -- create tablespace for bawdos
+ CREATE TABLESPACE bawdos_tbs OWNER bawdos LOCATION '/bitnami/postgresql/tablespaces/bawdos_tbs';
-- create database bawdos
- create database bawdos owner bawdos template template0 encoding UTF8 ;
- revoke connect on database bawdos from public;
- grant all privileges on database bawdos to bawdos;
- grant connect, temp, create on database bawdos to bawdos;
-
- -- please modify location follow your requirement
- create tablespace bawdos_tbs owner bawdos location '/bitnami/postgresql/tablespaces/bawdos';
- grant create on tablespace bawdos_tbs to bawdos;
+ CREATE DATABASE bawdos OWNER bawdos TEMPLATE template0 ENCODING UTF8 TABLESPACE bawdos_tbs;
+ REVOKE CONNECT ON DATABASE bawdos FROM PUBLIC;
EOF"
register: command_status
@@ -110,7 +101,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/chdb
+ command: mkdir -p /bitnami/postgresql/tablespaces/chdb_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -122,17 +113,14 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user chdb
- CREATE ROLE chdb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER chdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+
+ -- create tablespace for chdb
+ CREATE TABLESPACE chdb_tbs OWNER chdb LOCATION '/bitnami/postgresql/tablespaces/chdb_tbs';
-- create database chdb
- create database chdb owner chdb template template0 encoding UTF8 ;
- revoke connect on database chdb from public;
- grant all privileges on database chdb to chdb;
- grant connect, temp, create on database chdb to chdb;
-
- -- please modify location follow your requirement
- create tablespace chdb_tbs owner chdb location '/bitnami/postgresql/tablespaces/chdb';
- grant create on tablespace chdb_tbs to chdb;
+ CREATE DATABASE chdb OWNER chdb TEMPLATE template0 ENCODING UTF8 TABLESPACE chdb_tbs;
+ REVOKE CONNECT ON DATABASE chdb FROM PUBLIC;
EOF"
register: command_status
@@ -141,7 +129,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/bawexternal
+ command: mkdir -p /bitnami/postgresql/tablespaces/bawexternal_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -152,17 +140,15 @@
command: >
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-
-- create user bawexternal
CREATE USER bawexternal WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
-- create tablespace for bawexternal
- CREATE TABLESPACE bawexternal_tbs OWNER bawexternal LOCATION '/bitnami/postgresql/tablespaces/bawexternal';
+ CREATE TABLESPACE bawexternal_tbs OWNER bawexternal LOCATION '/bitnami/postgresql/tablespaces/bawexternal_tbs';
-- create database bawexternal
CREATE DATABASE bawexternal OWNER bawexternal TEMPLATE template0 ENCODING UTF8 TABLESPACE bawexternal_tbs;
- REVOKE CONNECT ON DATABASE bawexternal FROM public;
-
+ REVOKE CONNECT ON DATABASE bawexternal FROM PUBLIC;
EOF"
register: command_status
@@ -173,7 +159,6 @@
command: >
bash -c "
psql postgresql://bawexternal:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-
-- add test table
CREATE TABLE IF NOT EXISTS public.user_db
(
@@ -187,7 +172,7 @@
-- add test data
INSERT INTO public.user_db(username, first_name, last_name)
- VALUES
+ VALUES
('jdoe0','John','Doe'),
('hrobbey1','Hurleigh','Robbey'),
('nhankins2','Nicola','Hankins'),
@@ -195,6 +180,5 @@
('shalbert4','Silvia','Halbert'),
('lrowena5','Linn','Rowena')
ON CONFLICT (username) DO NOTHING;
-
EOF"
register: command_status
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml
index 605d0c166..6c51e4293 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml
@@ -13,7 +13,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/gcddb
+ command: mkdir -p /bitnami/postgresql/tablespaces/gcddb_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -25,17 +25,14 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user gcddb
- CREATE ROLE gcddb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER gcddb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database gcddb
- create database gcddb owner gcddb template template0 encoding UTF8 ;
- revoke connect on database gcddb from public;
- grant all privileges on database gcddb to gcddb;
- grant connect, temp, create on database gcddb to gcddb;
+ -- create tablespace for gcddb
+ CREATE TABLESPACE gcddb_tbs OWNER gcddb LOCATION '/bitnami/postgresql/tablespaces/gcddb_tbs';
- -- please modify location follow your requirement
- create tablespace gcddb_tbs owner gcddb location '/bitnami/postgresql/tablespaces/gcddb';
- grant create on tablespace gcddb_tbs to gcddb;
+ -- create database gcddb
+ CREATE DATABASE gcddb OWNER gcddb TEMPLATE template0 ENCODING UTF8 TABLESPACE gcddb_tbs;
+ REVOKE CONNECT ON DATABASE gcddb FROM PUBLIC;
EOF"
register: command_status
@@ -45,7 +42,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/os1db
+ command: mkdir -p /bitnami/postgresql/tablespaces/os1db_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -57,16 +54,13 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user os1db
- CREATE ROLE os1db WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER os1db WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database os1db
- create database os1db owner os1db template template0 encoding UTF8 ;
- revoke connect on database os1db from public;
- grant all privileges on database os1db to os1db;
- grant connect, temp, create on database os1db to os1db;
+ -- create tablespace for os1db
+ CREATE TABLESPACE os1db_tbs OWNER os1db LOCATION '/bitnami/postgresql/tablespaces/os1db_tbs';
- -- please modify location follow your requirement
- create tablespace os1db_tbs owner os1db location '/bitnami/postgresql/tablespaces/os1db';
- grant create on tablespace os1db_tbs to os1db;
+ -- create database os1db
+ CREATE DATABASE os1db OWNER os1db TEMPLATE template0 ENCODING UTF8 TABLESPACE os1db_tbs;
+ REVOKE CONNECT ON DATABASE os1db FROM PUBLIC;
EOF"
register: command_status
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml
index 82cc8adeb..b042a01cd 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml
@@ -12,7 +12,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/fpos
+ command: mkdir -p /bitnami/postgresql/tablespaces/fpos_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -24,17 +24,14 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user fpos
- CREATE ROLE fpos WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER fpos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database fpos
- create database fpos owner fpos template template0 encoding UTF8 ;
- revoke connect on database fpos from public;
- grant all privileges on database fpos to fpos;
- grant connect, temp, create on database fpos to fpos;
+ -- create tablespace for fpos
+ CREATE TABLESPACE fpos_tbs OWNER fpos LOCATION '/bitnami/postgresql/tablespaces/fpos_tbs';
- -- please modify location follow your requirement
- create tablespace fpos_tbs owner fpos location '/bitnami/postgresql/tablespaces/fpos';
- grant create on tablespace fpos_tbs to fpos;
+ -- create database fpos
+ CREATE DATABASE fpos OWNER fpos TEMPLATE template0 ENCODING UTF8 TABLESPACE fpos_tbs;
+ REVOKE CONNECT ON DATABASE fpos FROM PUBLIC;
EOF"
register: command_status
@@ -43,7 +40,7 @@
kubernetes.core.k8s_exec:
namespace: "{{ cp4ba_postgresql_project }}"
pod: "{{ postgresql_pod.resources[0].metadata.name }}"
- command: mkdir -p /bitnami/postgresql/tablespaces/ros
+ command: mkdir -p /bitnami/postgresql/tablespaces/ros_tbs
register: command_status
failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*')
@@ -55,16 +52,13 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user ros
- CREATE ROLE ros WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER ros WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database ros
- create database ros owner ros template template0 encoding UTF8 ;
- revoke connect on database ros from public;
- grant all privileges on database ros to ros;
- grant connect, temp, create on database ros to ros;
+ -- create tablespace for ros
+ CREATE TABLESPACE ros_tbs OWNER ros LOCATION '/bitnami/postgresql/tablespaces/ros_tbs';
- -- please modify location follow your requirement
- create tablespace ros_tbs owner ros location '/bitnami/postgresql/tablespaces/ros';
- grant create on tablespace ros_tbs to ros;
+ -- create database ros
+ CREATE DATABASE ros OWNER ros TEMPLATE template0 ENCODING UTF8 TABLESPACE ros_tbs;
+ REVOKE CONNECT ON DATABASE ros FROM PUBLIC;
EOF"
register: command_status
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml
index 3e18729db..39a74c345 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml
@@ -18,12 +18,10 @@
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
-- create user odmdb
- CREATE ROLE odmdb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}';
+ CREATE USER odmdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}';
- -- create database odmdb
- create database odmdb owner odmdb template template0 encoding UTF8 ;
- revoke connect on database odmdb from public;
- grant all privileges on database odmdb to odmdb;
- grant connect, temp, create on database odmdb to odmdb;
+ -- create database odmdb -- default template tablespace
+ CREATE DATABASE odmdb OWNER odmdb TEMPLATE template0 ENCODING UTF8;
+ REVOKE CONNECT ON DATABASE odmdb FROM PUBLIC;
EOF"
register: command_status
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ads-maven-plugins.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ads-maven-plugins.yml
index 4c0ca47de..f8c1fa3ab 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ads-maven-plugins.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ads-maven-plugins.yml
@@ -56,29 +56,6 @@
dest: "{{ cp4ba_output_directory }}/{{ plugin_file_name }}"
mode: u+rwx
- # TODO from ansible 2.10+ but line endings of jar files are changed and CP4BA components cannot use these modified jars.
- # - name: Upload plugin to Nexus
- # ansible.builtin.uri:
- # url: "https://nexus.{{ apps_endpoint_domain }}/service/rest/v1/components?repository=maven-releases"
- # method: POST
- # body_format: form-multipart
- # body:
- # maven2.asset1:
- # content: "{{ lookup('file', cp4ba_output_directory+'/'+item.value.path) }}"
- # filename: "{{ item.value.path }}"
- # maven2.groupId: "{{ item.value.maven_coordinates.groupId }}"
- # maven2.artifactId: "{{ item.value.maven_coordinates.artifactId }}"
- # maven2.version: "{{ item.value.maven_coordinates.version }}"
- # maven2.asset1.extension: "{{ item.value.maven_coordinates.packaging }}"
- # validate_certs: false
- # status_code: 200
- # user: "{{ lc_principal_admin_user }}"
- # password: "{{ lc_principal_admin_password }}"
- # force_basic_auth: true
- # register: response
- # vars:
- # jar_name: "{{ ads_maven_plugins_response.json | json_query('resources.annotations_maven_plugin.path') }}"
-
- name: Upload plugin to Nexus
ansible.builtin.command: |
curl -kX 'POST' \
@@ -95,3 +72,4 @@
register: ads_curl_result
changed_when: true
failed_when: ads_curl_result.stdout != "204"
+ # noqa: command-instead-of-module
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/baml.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/baml.yml
index 1c4d49806..50da5509e 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/baml.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/baml.yml
@@ -52,7 +52,7 @@
system_id: "{{ bpm_systems_response | json_query(system_type_query) | first | json_query('systemID') }}"
username: "{{ lc_principal_admin_user }}"
password: "{{ lc_principal_admin_password }}"
- url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/bawaut"
+ url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/bas"
- name: Add the Workforce Insights Secret
kubernetes.core.k8s:
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut-fncm-subscription.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut-fncm-subscription.yml
new file mode 100644
index 000000000..bcf5201ff
--- /dev/null
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut-fncm-subscription.yml
@@ -0,0 +1,319 @@
+- name: Get OCP Apps domain
+ ansible.builtin.include_role:
+ name: common
+ tasks_from: apps-endpoint
+ vars:
+ common_output_to_var: "apps_endpoint_domain"
+
+- name: Get IAM token
+ ansible.builtin.include_role:
+ name: common
+ tasks_from: iam-token-user
+ vars:
+ common_cpfs_project: "{{ cp4ba_project_name }}"
+ common_user: "{{ lc_principal_admin_user }}"
+ common_password: "{{ lc_principal_admin_password }}"
+ common_output_to_var: "iam_token"
+
+- name: Get Zen token
+ ansible.builtin.include_role:
+ name: common
+ tasks_from: zen-token
+ vars:
+ common_iam_token: "{{ iam_token }}"
+ common_user: "{{ lc_principal_admin_user }}"
+ common_namespace_name: "{{ cp4ba_project_name }}"
+ common_output_to_var: "zen_token"
+
+- name: Search for existing baw-server.properties document
+ ansible.builtin.uri:
+ url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql"
+ method: POST
+ headers:
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: json
+ body:
+ {
+ query: "{
+ documents(
+ repositoryIdentifier:\"BAWTOS\"
+ from:\"Document d WITH INCLUDESUBCLASSES\"
+ where:\"d.[DocumentTitle] = 'baw-server.properties'\"
+ orderBy:\"DocumentTitle\"
+ pageSize:20
+ )
+ {
+ documents {
+ id
+ }
+ }
+ }"
+ }
+ validate_certs: false
+ return_content: true
+ status_code:
+ - 200
+ register: baw_properties_graphql_response
+ failed_when: "'errors' in baw_properties_graphql_response.content"
+
+- name: Setup BAW FNCM integration
+ when: baw_properties_graphql_response.json.data.documents.documents | length == 0
+ block:
+ - name: Copy needed jar files
+ kubernetes.core.k8s_cp:
+ namespace: "{{ cp4ba_project_name }}"
+ pod: "{{ cp4ba_cr_meta_name }}-bastudio-deployment-0"
+ remote_path: "/opt/ibm/wlp/ibmProcessServer/lib/BPM/{{ item }}"
+ local_path: "{{ cp4ba_output_directory }}/{{ item.split('/')[-1] }}"
+ no_preserve: true
+ state: from_pod
+ with_items:
+ - EventHandlers/ECM/FileNet/filenet-bpm-event-handler-51.jar
+ - Lombardi/lib/commons-codec.jar
+ - Lombardi/lib/commons-httpclient.jar
+
+ - name: Prepare yaml file for baw-server.properties
+ ansible.builtin.template:
+ src: bawaut/baw-server.properties.j2
+ dest: "{{ cp4ba_output_directory }}/baw-server.properties"
+ mode: u+rwx
+
+ - name: Add baw-server.properties
+ ansible.builtin.uri:
+ url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql"
+ method: POST
+ headers:
+ Content-Type: application/json
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: form-multipart
+ body:
+ graphql: |
+ {"query":"mutation ($contvar:String){
+ createDocument(
+ repositoryIdentifier:\"BAWTOS\"
+ documentProperties: {
+ name: \"baw-server.properties\"
+ contentElements:{
+ replace: [{type: CONTENT_TRANSFER contentType: \"text/plain\" subContentTransfer: {content:$contvar} }]
+ }
+ } checkinAction: {}
+ ) { id name } }", "variables":{"contvar":null} }"
+ contvar:
+ content: "{{ lookup('file', cp4ba_output_directory + '/baw-server.properties') }}"
+ filename: baw-server.properties
+ mime_type: text/plain
+ validate_certs: false
+ return_content: true
+ status_code:
+ - 200
+ register: graphql_response
+ failed_when: "'errors' in graphql_response.content"
+
+ - name: Set baw-server.properties ID
+ ansible.builtin.set_fact:
+ properties_id: "{{ graphql_response.json.data.createDocument.id }}"
+
+ - name: Create CodeModules folder
+ ansible.builtin.uri:
+ url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql"
+ method: POST
+ headers:
+ Content-Type: application/json
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: json
+ body:
+ query: |
+ mutation CreateCodeModulesFolder {createFolder(repositoryIdentifier:
+ "BAWTOS", folderProperties: {name: "CodeModules", parent: {identifier: "/"} }) {id} }
+ validate_certs: false
+ status_code:
+ - 200
+ register: folder_response
+ failed_when: (folder_response.json | json_query('errors') | default([], true) | length > 1) and
+ (folder_response.json | json_query('errors[0].extensions.serverErrorMessage')
+ is not match('A uniqueness requirement has been violated. The value for property FolderName of class Folder is not unique.'))
+
+ - name: Add Code Module
+ ansible.builtin.command: |
+ curl -ks --location 'https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql' \
+ --header 'Authorization: Bearer {{ zen_token }}' \
+ --form graphql='{
+ "query":"
+ mutation ($contvar1:String $contvar2:String $contvar3:String) {
+ createDocument(
+ repositoryIdentifier:\"BAWTOS\"
+ fileInFolderIdentifier: \"/CodeModules\"
+ classIdentifier:\"CodeModule\"
+ documentProperties: {
+ name: \"BPM Event Action Code Module\"
+ contentElements:{
+ replace: [
+ {type: CONTENT_TRANSFER contentType: \"application/java-archive\" subContentTransfer: {content:$contvar1} },
+ {type: CONTENT_TRANSFER contentType: \"application/java-archive\" subContentTransfer: {content:$contvar2} },
+ {type: CONTENT_TRANSFER contentType: \"application/java-archive\" subContentTransfer: {content:$contvar3} },
+ ]
+ }
+ } checkinAction: {}
+ ) { id name }
+ }
+ ",
+ "variables":{"contvar":null} }' \
+ --form contvar1=@{{ cp4ba_output_directory }}/filenet-bpm-event-handler-51.jar \
+ --form contvar2=@{{ cp4ba_output_directory }}/commons-codec.jar \
+ --form contvar3=@{{ cp4ba_output_directory }}/commons-httpclient.jar
+ register: curl_output
+ failed_when: curl_output.rc != 0 or (curl_output.stdout | from_json | default({}) == {})
+ changed_when: false
+ # noqa: command-instead-of-module
+
+ - name: Parse JSON response
+ ansible.builtin.set_fact:
+ response_json: "{{ curl_output.stdout | from_json }}"
+
+ - name: Set Code Module ID
+ ansible.builtin.set_fact:
+ code_module_id: "{{ response_json.data.createDocument.id }}"
+
+ - name: Create Event Action
+ ansible.builtin.uri:
+ url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql"
+ method: POST
+ headers:
+ Content-Type: application/json
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: json
+ body:
+ {
+ query: "mutation {
+ changeObject(
+ repositoryIdentifier:\"BAWTOS\"
+ properties:[
+ {DisplayName:\"BPM Event Action\"}
+ {DescriptiveText:\"BPM Event Action\"}
+ {ProgID:\"com.ibm.bpm.integration.filenet.BPMEventHandler\"}
+ {IsEnabled: true}
+ ]
+ objectProperties:[
+ {
+ identifier:\"CodeModule\"
+ objectReferenceValue:{
+ identifier:\"{{ code_module_id }}\"
+ }
+ }
+ ]
+ actions:[
+ {
+ type:CREATE
+ subCreateAction:{
+ classId:\"EventAction\"
+ }
+ }
+ ]
+ ) {
+ className
+ properties(includes:[\"Id\"]) {
+ id
+ value
+ }
+ }
+ }"
+ }
+ validate_certs: false
+ return_content: true
+ status_code:
+ - 200
+ register: graphql_response
+ failed_when: "'errors' in graphql_response.content"
+
+ - name: Set Event Action ID
+ ansible.builtin.set_fact:
+ event_action_id: "{{ graphql_response.json.data.changeObject.properties[0].value }}"
+
+ - name: Get Document Class Description
+ ansible.builtin.uri:
+ url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql"
+ method: POST
+ headers:
+ Content-Type: application/json
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: json
+ body:
+ {
+ query: "{
+ classDescription (repositoryIdentifier: \"BAWTOS\" identifier: \"Document\") {
+ id
+ }
+ }"
+ }
+ validate_certs: false
+ return_content: true
+ status_code:
+ - 200
+ register: graphql_response
+ failed_when: "'errors' in graphql_response.content"
+
+ - name: Set Document Class Description ID
+ ansible.builtin.set_fact:
+ document_class_id: "{{ graphql_response.json.data.classDescription.id }}"
+
+ - name: Debug
+ ansible.builtin.debug:
+ msg: "{{ graphql_response }}"
+
+ - name: Create Subscription
+ ansible.builtin.uri:
+ url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql"
+ method: POST
+ headers:
+ Content-Type: application/json
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: json
+ body:
+ {
+ query: "mutation {
+ changeObject(
+ repositoryIdentifier: \"BAWTOS\"
+ properties: [
+ {DisplayName: \"BPM Subscription\"},
+ {IncludeSubclassesRequested: true},
+ {IsEnabled: true},
+ {IsSynchronous: false},
+ {UserString: \"{{ properties_id }}\"}
+ ]
+ objectProperties: [
+ {
+ identifier: \"EventAction\", objectReferenceValue: {
+ identifier: \"{{ event_action_id }}\"
+ }
+ },
+ {
+ identifier: \"SubscriptionTarget\", objectReferenceValue: {
+ classIdentifier: \"ClassDefinition\", identifier: \"{{ document_class_id }}\"
+ }
+ },
+ {
+ identifier: \"SubscribedEvents\", dependentObjectListValue: {
+ replace: [
+ {objectProperties: [
+ {identifier: \"EventClass\", objectReferenceValue: {identifier: \"CreationEvent\"}}
+ ]}
+ ]
+ }
+ }
+ ]
+ actions: [{type: CREATE, subCreateAction: {classId: \"ClassSubscription\"}}]
+ ) {
+ className
+ properties(includes: [\"Id\"]) {
+ id
+ value
+ }
+ }
+ }"
+ }
+ validate_certs: false
+ return_content: true
+ status_code:
+ - 200
+ register: graphql_response
+ failed_when: "'errors' in graphql_response.content"
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml
index f705eb0cd..03c43c14c 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml
@@ -47,6 +47,43 @@
- 200
with_items: "{{ lc_general_groups + lc_admin_groups }}"
+- name: Setup FNCM Subscription for ECM Content event
+ ansible.builtin.include_tasks: bawaut-fncm-subscription.yml
+
+# Without enabling this on domain level, Case History and BAW Timeline doesn't work.
+- name: Prepare java file for Case History Enablement
+ ansible.builtin.template:
+ src: bawaut/EnableCaseHistory.java.j2
+ dest: "{{ cp4ba_output_directory }}/EnableCaseHistory.java"
+ mode: u+rwx
+
+- name: Get CPE pods
+ kubernetes.core.k8s_info:
+ api_version: v1
+ kind: Pod
+ namespace: "{{ cp4ba_project_name }}"
+ label_selectors:
+ - "app={{ cp4ba_cr_meta_name }}-cpe-deploy"
+ register: pods
+
+- name: Get CPE pod name
+ ansible.builtin.set_fact:
+ cpe_pod_name: "{{ pods.resources[0].metadata.name }}"
+
+- name: Copy java file to CPE pod
+ kubernetes.core.k8s_cp:
+ namespace: "{{ cp4ba_project_name }}"
+ pod: "{{ cpe_pod_name }}"
+ remote_path: "/tmp/EnableCaseHistory.java"
+ local_path: "{{ cp4ba_output_directory }}/EnableCaseHistory.java"
+ no_preserve: true
+ state: to_pod
+
+- name: Execute EnableCaseHistory.java
+ kubernetes.core.k8s_exec:
+ namespace: "{{ cp4ba_project_name }}"
+ pod: "{{ cpe_pod_name }}"
+ command: java -classpath /opt/ibm/wlp/usr/servers/defaultServer/jaceLib/Jace.jar /tmp/EnableCaseHistory.java
- name: Set usage entry
ansible.builtin.include_role:
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml
index 6961d06b7..b96e4dc77 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml
@@ -5,6 +5,73 @@
vars:
common_output_to_var: "apps_endpoint_domain"
+- name: Get IAM token
+ ansible.builtin.include_role:
+ name: common
+ tasks_from: iam-token-user
+ vars:
+ common_cpfs_project: "{{ cp4ba_project_name }}"
+ common_user: "{{ lc_principal_admin_user }}"
+ common_password: "{{ lc_principal_admin_password }}"
+ common_output_to_var: "iam_token"
+
+- name: Get Zen token
+ ansible.builtin.include_role:
+ name: common
+ tasks_from: zen-token
+ vars:
+ common_iam_token: "{{ iam_token }}"
+ common_user: "{{ lc_principal_admin_user }}"
+ common_namespace_name: "{{ cp4ba_project_name }}"
+ common_output_to_var: "zen_token"
+
+- name: Build OS list
+ ansible.builtin.set_fact:
+ os_list: ["OS1"]
+
+- name: Add BAWTOS to OS list
+ ansible.builtin.set_fact:
+ os_list: "{{ os_list + ['BAWTOS'] }}"
+ when: _current_cp4ba_cluster.cp4ba.patterns.workflow.enabled and _current_cp4ba_cluster.cp4ba.patterns.workflow.optional_components.baw_authoring
+
+- name: Add DEVOS1 to OS list
+ ansible.builtin.set_fact:
+ os_list: "{{ os_list + ['DEVOS1'] }}"
+ when: _current_cp4ba_cluster.cp4ba.patterns.document_processing.enabled
+
+- name: Enable DYNAMIC CBR Summary for Simple Search
+ ansible.builtin.uri:
+ url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql"
+ method: POST
+ headers:
+ Content-Type: application/json
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: json
+ body:
+ {
+ query: "mutation {
+ changeObject(
+ classIdentifier:\"ObjectStore\"
+ identifier:\"{{ item }}\"
+ properties:[{CBRSummaryType:2}]
+ actions:[
+ {
+ type:UPDATE
+ }
+ ]
+ ){
+ className
+ }
+ }"
+ }
+ validate_certs: false
+ return_content: true
+ status_code:
+ - 200
+ register: graphql_response
+ failed_when: "'errors' in graphql_response.content"
+ with_items: "{{ os_list }}"
+
- name: Set usage entry
ansible.builtin.include_role:
name: usage
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ier.yml
index 13dcba20c..a1a17acf8 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ier.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ier.yml
@@ -1,171 +1,171 @@
-- name: Get OCP Apps domain
- ansible.builtin.include_role:
- name: common
- tasks_from: apps-endpoint
- vars:
- common_output_to_var: "apps_endpoint_domain"
+# - name: Get OCP Apps domain
+# ansible.builtin.include_role:
+# name: common
+# tasks_from: apps-endpoint
+# vars:
+# common_output_to_var: "apps_endpoint_domain"
-- name: Create a directory for IER config
- ansible.builtin.file:
- path: "{{ cp4ba_output_directory }}/ierconfig"
- state: directory
- mode: u+rwx
+# - name: Create a directory for IER config
+# ansible.builtin.file:
+# path: "{{ cp4ba_output_directory }}/ierconfig"
+# state: directory
+# mode: u+rwx
-- name: Extract IER config
- ansible.builtin.unarchive:
- src: "files/ier/ierconfig.tgz"
- dest: "{{ cp4ba_output_directory }}/ierconfig"
+# - name: Extract IER config
+# ansible.builtin.unarchive:
+# src: "files/ier/ierconfig.tgz"
+# dest: "{{ cp4ba_output_directory }}/ierconfig"
-- name: Template ierconfig/configure/configuration/config.ini
- ansible.builtin.template:
- src: "{{ cp4ba_output_directory }}/ierconfig/configure/configuration/config.ini"
- dest: "{{ cp4ba_output_directory }}/ierconfig/configure/configuration/config.ini"
- mode: u+rwx
+# - name: Template ierconfig/configure/configuration/config.ini
+# ansible.builtin.template:
+# src: "{{ cp4ba_output_directory }}/ierconfig/configure/configuration/config.ini"
+# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/configuration/config.ini"
+# mode: u+rwx
-- name: Template ierconfig/configure/profiles/configureWorkflows.xml
- ansible.builtin.template:
- src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/configureWorkflows.xml"
- dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/configureWorkflows.xml"
- mode: u+rwx
+# - name: Template ierconfig/configure/profiles/configureWorkflows.xml
+# ansible.builtin.template:
+# src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/configureWorkflows.xml"
+# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/configureWorkflows.xml"
+# mode: u+rwx
-- name: Template ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml
- ansible.builtin.template:
- src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml"
- dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml"
- mode: u+rwx
+# - name: Template ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml
+# ansible.builtin.template:
+# src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml"
+# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml"
+# mode: u+rwx
-- name: Template ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml
- ansible.builtin.template:
- src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml"
- dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml"
- mode: u+rwx
+# - name: Template ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml
+# ansible.builtin.template:
+# src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml"
+# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml"
+# mode: u+rwx
-- name: Import trusted CA from SSL certificate
- community.general.java_cert:
- cert_url: "cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}"
- keystore_path: "{{ cp4ba_output_directory }}/ierconfig/configure/truststore.jks"
- keystore_pass: "{{ lc_principal_admin_password }}"
- keystore_create: true
- state: present
- cert_alias: cpd-cert
+# - name: Import trusted CA from SSL certificate
+# community.general.java_cert:
+# cert_url: "cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}"
+# keystore_path: "{{ cp4ba_output_directory }}/ierconfig/configure/truststore.jks"
+# keystore_pass: "{{ lc_principal_admin_password }}"
+# keystore_create: true
+# state: present
+# cert_alias: cpd-cert
-- name: Template ierconfig/configure/configmgr_cl.ini
- ansible.builtin.template:
- src: "{{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl.ini"
- dest: "{{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl.ini"
- mode: u+rwx
+# - name: Template ierconfig/configure/configmgr_cl.ini
+# ansible.builtin.template:
+# src: "{{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl.ini"
+# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl.ini"
+# mode: u+rwx
-- name: Template ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh
- ansible.builtin.template:
- src: "{{ cp4ba_output_directory }}/ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh"
- dest: "{{ cp4ba_output_directory }}/ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh"
- mode: u+rwx
+# - name: Template ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh
+# ansible.builtin.template:
+# src: "{{ cp4ba_output_directory }}/ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh"
+# dest: "{{ cp4ba_output_directory }}/ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh"
+# mode: u+rwx
-- name: Get IAM token
- ansible.builtin.include_role:
- name: common
- tasks_from: iam-token-user
- vars:
- common_cpfs_project: "{{ cp4ba_project_name }}"
- common_user: "{{ lc_principal_admin_user }}"
- common_password: "{{ lc_principal_admin_password }}"
- common_output_to_var: "iam_token"
+# - name: Get IAM token
+# ansible.builtin.include_role:
+# name: common
+# tasks_from: iam-token-user
+# vars:
+# common_cpfs_project: "{{ cp4ba_project_name }}"
+# common_user: "{{ lc_principal_admin_user }}"
+# common_password: "{{ lc_principal_admin_password }}"
+# common_output_to_var: "iam_token"
-- name: Get Zen token
- ansible.builtin.include_role:
- name: common
- tasks_from: zen-token
- vars:
- common_iam_token: "{{ iam_token }}"
- common_user: "{{ lc_principal_admin_user }}"
- common_namespace_name: "{{ cp4ba_project_name }}"
- common_output_to_var: "zen_token"
+# - name: Get Zen token
+# ansible.builtin.include_role:
+# name: common
+# tasks_from: zen-token
+# vars:
+# common_iam_token: "{{ iam_token }}"
+# common_user: "{{ lc_principal_admin_user }}"
+# common_namespace_name: "{{ cp4ba_project_name }}"
+# common_output_to_var: "zen_token"
-- name: Create CodeModules folder
- ansible.builtin.uri:
- url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql"
- method: POST
- headers:
- Content-Type: application/json
- Authorization: "Bearer {{ zen_token }}"
- body_format: json
- body:
- query: |
- mutation CreateCodeModulesFolder {createFolder(repositoryIdentifier:
- "FPOS", folderProperties: {name: "CodeModules", parent: {identifier: "/"} }) {id} }
- validate_certs: false
- status_code:
- - 200
- register: folder_response
- failed_when: ( folder_response.json | json_query('errors') | default([], true) | length > 1 ) and
- ( folder_response.json | json_query('errors[0].extensions.serverErrorMessage')
- is not match('A uniqueness requirement has been violated. The value for property FolderName of class Folder is not unique.') )
+# - name: Create CodeModules folder
+# ansible.builtin.uri:
+# url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql"
+# method: POST
+# headers:
+# Content-Type: application/json
+# Authorization: "Bearer {{ zen_token }}"
+# body_format: json
+# body:
+# query: |
+# mutation CreateCodeModulesFolder {createFolder(repositoryIdentifier:
+# "FPOS", folderProperties: {name: "CodeModules", parent: {identifier: "/"} }) {id} }
+# validate_certs: false
+# status_code:
+# - 200
+# register: folder_response
+# failed_when: ( folder_response.json | json_query('errors') | default([], true) | length > 1 ) and
+# ( folder_response.json | json_query('errors[0].extensions.serverErrorMessage')
+# is not match('A uniqueness requirement has been violated. The value for property FolderName of class Folder is not unique.') )
-- name: Execute task createMarkingSetsAndAddOns
- ansible.builtin.shell: |
- {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task createMarkingSetsAndAddOns
- register: ier_configmgr_output
- changed_when: true
- failed_when: ier_configmgr_output.rc != 0
+# - name: Execute task createMarkingSetsAndAddOns
+# ansible.builtin.shell: |
+# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task createMarkingSetsAndAddOns
+# register: ier_configmgr_output
+# changed_when: true
+# failed_when: ier_configmgr_output.rc != 0
-- name: Execute task configureFPOS
- ansible.builtin.shell: |
- {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureFPOS
- register: ier_configmgr_output
- changed_when: true
- failed_when: ier_configmgr_output.rc != 0 and
- (ier_configmgr_output.stdout is not search('.*The current object store is already configured to the latest version.*'))
- retries: 10
- delay: 120
- until: ier_configmgr_output.rc != 0 and
- (ier_configmgr_output.stdout is search('.*The current object store is already configured to the latest version.*'))
+# - name: Execute task configureFPOS
+# ansible.builtin.shell: |
+# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureFPOS
+# register: ier_configmgr_output
+# changed_when: true
+# failed_when: ier_configmgr_output.rc != 0 and
+# (ier_configmgr_output.stdout is not search('.*The current object store is already configured to the latest version.*'))
+# retries: 10
+# delay: 120
+# until: ier_configmgr_output.rc != 0 and
+# (ier_configmgr_output.stdout is search('.*The current object store is already configured to the latest version.*'))
-- name: Execute task configureROS
- ansible.builtin.shell: |
- {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureROS
- register: ier_configmgr_output
- changed_when: true
- failed_when: ier_configmgr_output.rc != 0
- retries: 10
- delay: 120
- until: ier_configmgr_output.rc == 0
+# - name: Execute task configureROS
+# ansible.builtin.shell: |
+# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureROS
+# register: ier_configmgr_output
+# changed_when: true
+# failed_when: ier_configmgr_output.rc != 0
+# retries: 10
+# delay: 120
+# until: ier_configmgr_output.rc == 0
-- name: Execute task configureWorkflows
- ansible.builtin.shell: |
- {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureWorkflows
- register: ier_configmgr_output
- changed_when: true
- failed_when: ier_configmgr_output.rc != 0 and
- (ier_configmgr_output.stdout is not search('.*workflow component queues were configured with FileNet P8 Component Manager.*'))
+# - name: Execute task configureWorkflows
+# ansible.builtin.shell: |
+# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureWorkflows
+# register: ier_configmgr_output
+# changed_when: true
+# failed_when: ier_configmgr_output.rc != 0 and
+# (ier_configmgr_output.stdout is not search('.*workflow component queues were configured with FileNet P8 Component Manager.*'))
-- name: Execute task transferWorkflows
- ansible.builtin.shell: |
- {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task transferWorkflows
- register: ier_configmgr_output
- changed_when: true
- failed_when: ier_configmgr_output.rc != 0
+# - name: Execute task transferWorkflows
+# ansible.builtin.shell: |
+# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task transferWorkflows
+# register: ier_configmgr_output
+# changed_when: true
+# failed_when: ier_configmgr_output.rc != 0
-- name: Navigator Logon
- ansible.builtin.uri:
- url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/icn/navigator/jaxrs/logon"
- method: POST
- body: "desktop=admin"
- force_basic_auth: true
- status_code: 200
- headers:
- Authorization: "Bearer {{ zen_token }}"
- auth-token-realm: InternalIamRealm
- Content-Type: "application/x-www-form-urlencoded"
- validate_certs: false
- timeout: 60
- return_content: true
- register: login
+# - name: Navigator Logon
+# ansible.builtin.uri:
+# url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/icn/navigator/jaxrs/logon"
+# method: POST
+# body: "desktop=admin"
+# force_basic_auth: true
+# status_code: 200
+# headers:
+# Authorization: "Bearer {{ zen_token }}"
+# auth-token-realm: InternalIamRealm
+# Content-Type: "application/x-www-form-urlencoded"
+# validate_certs: false
+# timeout: 60
+# return_content: true
+# register: login
-- name: ICN session
- ansible.builtin.set_fact:
- content: "{{ login.content[4:] }}"
- login_jsession: "{{ login.cookies['icn-JSESSIONID'] }}"
- cookie_jsessionid_name: icn-JSESSIONID
+# - name: ICN session
+# ansible.builtin.set_fact:
+# content: "{{ login.content[4:] }}"
+# login_jsession: "{{ login.cookies['icn-JSESSIONID'] }}"
+# cookie_jsessionid_name: icn-JSESSIONID
# - name: Get list of plugins installed
# ansible.builtin.uri:
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/operator.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/operator.yml
index 2c050401a..c0948ec49 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/operator.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/operator.yml
@@ -47,6 +47,13 @@
oc rsync -n {{ cp4ba_project_name }} `oc get pod -n {{ cp4ba_project_name }} --no-headers -l name=icp4a-foundation-operator |\
awk '{print $1}'`:/opt/ansible/roles foundation-ansible-roles
+ # Insights Engine
+
+ mkdir insights-engine-ansible-roles
+
+ oc rsync -n {{ cp4ba_project_name }} `oc get pod -n {{ cp4ba_project_name }} --no-headers -l name=ibm-insights-engine-operator |\
+ awk '{print $1}'`:/opt/ansible/roles insights-engine-ansible-roles
+
```
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/predeploy.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/predeploy.yml
index 38ff77b08..36a0c7d1a 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/predeploy.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/predeploy.yml
@@ -36,8 +36,8 @@
- ibm-cs-opensearch-catalog
- ibm-cs-install-catalog-{{ cpfs_cs_version }}
- bts-operator-{{ cpfs_bts_version }}
- - ibm-iam-operator-catalog
- - ibm-zen-operator-catalog
+ - ibm-iam-operator-catalog-{{ cpfs_iam_version }}
+ - ibm-zen-operator-catalog-{{ cpfs_zen_version }}
- ibm-events-operator-catalog
- cloud-native-postgresql-catalog
- ibm-fncm-operator-catalog
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/remove.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/remove.yml
index cf1451ad5..ce6fffe12 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/remove.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/remove.yml
@@ -325,7 +325,7 @@
- proj5
- proj6
-- name: Remove PostgreSQL tablespaces
+- name: Remove PostgreSQL tablespace and folder
ansible.builtin.include_role:
name: common
tasks_from: remove-postgresql-tablespace
@@ -333,18 +333,18 @@
common_postgresql_tablespace_name: "{{ item }}"
common_postgresql_project: "{{ cp4ba_postgresql_project }}"
with_items:
- - aeos
- - devos1
- - icndb
- - bawdocs
- - bawtos
- - bawdos
- - chdb
- - bawexternal
- - gcddb
- - os1db
- - fpos
- - ros
+ - aeos_tbs
+ - devos1_tbs
+ - icndb_tbs
+ - bawdocs_tbs
+ - bawtos_tbs
+ - bawdos_tbs
+ - chdb_tbs
+ - bawexternal_tbs
+ - gcddb_tbs
+ - os1db_tbs
+ - fpos_tbs
+ - ros_tbs
- name: Remove PostgreSQL users
ansible.builtin.include_role:
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/adp/cr.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/adp/cr.yaml.j2
index 4007b7c96..2c0a6c7dc 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/adp/cr.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/adp/cr.yaml.j2
@@ -38,7 +38,7 @@ spec:
viewone:
auto_scaling:
enabled: false
- # TODO temporary workaround for viewone pod to startup, last sen in 24.0.0 GA
+ # TODO temporary workaround for viewone pod to startup, last seen in 24.0.0 GA
viewone_production_setting:
jvm_initial_heap_percentage: 20
jvm_max_heap_percentage: 33
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bai/workforce-insights-config-secret.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bai/workforce-insights-config-secret.yaml.j2
index a558ae62a..d15cb4fec 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bai/workforce-insights-config-secret.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bai/workforce-insights-config-secret.yaml.j2
@@ -6,6 +6,6 @@ metadata:
stringData:
workforce-insights-configuration.yml: |-
- bpmSystemId: {{ system_id }}
- url: {{ url}}
+ url: {{ url }}
username: {{ username }}
password: {{ password }}
\ No newline at end of file
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bas/cr.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bas/cr.yaml.j2
index 227edc5c3..33e36bf30 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bas/cr.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bas/cr.yaml.j2
@@ -6,6 +6,8 @@ spec:
type: postgresql
name: basdb
port: "5432"
+ audit_log:
+ enable: true
playback_server:
admin_user: "{{ lc_principal_admin_user }}"
database:
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/EnableCaseHistory.java.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/EnableCaseHistory.java.j2
new file mode 100644
index 000000000..924b18af3
--- /dev/null
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/EnableCaseHistory.java.j2
@@ -0,0 +1,32 @@
+import com.filenet.api.admin.CmProcessEngineConfiguration;
+import com.filenet.api.collection.SubsystemConfigurationList;
+import com.filenet.api.constants.RefreshMode;
+import com.filenet.api.core.Connection;
+import com.filenet.api.core.Domain;
+import com.filenet.api.core.Factory;
+import com.filenet.api.util.UserContext;
+
+import javax.security.auth.Subject;
+
+public class EnableCaseHistory {
+
+ public static void main(String[] args) throws Exception {
+ Connection connection = Factory.Connection.getConnection("http://localhost:9080/wsi/FNCEWS40MTOM");
+ Subject subject = UserContext.createSubject(connection, "{{ lc_principal_admin_user }}", "{{ lc_principal_admin_password }}", "FileNetP8WSI");
+ UserContext.get().pushSubject(subject);
+ try {
+ Domain domain = Factory.Domain.fetchInstance(connection, null, null);
+ SubsystemConfigurationList subsystemConfigurations = domain.get_SubsystemConfigurations();
+ for (Object subsystemConfig : subsystemConfigurations) {
+ if (subsystemConfig instanceof CmProcessEngineConfiguration) {
+ ((CmProcessEngineConfiguration) subsystemConfig).set_HistoryExporterEnabled(true);
+ domain.save(RefreshMode.REFRESH);
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ } finally {
+ UserContext.get().popSubject();
+ }
+ }
+}
\ No newline at end of file
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/baw-server.properties.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/baw-server.properties.j2
new file mode 100644
index 000000000..4bf5ee6b9
--- /dev/null
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/baw-server.properties.j2
@@ -0,0 +1,4 @@
+bpm.server.username=cpadmin
+bpm.server.password={{ cp4ba_universal_password }}
+bpm.server.uri=https\://{{ cp4ba_cr_meta_name }}-bastudio-service.{{ cp4ba_project_name }}.svc.cluster.local\:9443
+bpm.server.contextRoot=/bas/rest/bpm/wle/
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2
index d6060385e..79e7d6457 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2
@@ -35,5 +35,9 @@ stringData:
+
+
+
+
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-lombardi-custom-xml-secret.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-lombardi-custom-xml-secret.yaml.j2
index 9bcc49de4..338833510 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-lombardi-custom-xml-secret.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-lombardi-custom-xml-secret.yaml.j2
@@ -59,6 +59,11 @@ stringData:
ppt
pptx
- true
+ true
+
+ 00000000-1111-2222-3333-444444444444
+ https://us-south.ml.cloud.ibm.com
+ watsonx.ai_auth_alias
+
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/cr.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/cr.yaml.j2
index df48dea7f..fff029364 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/cr.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/cr.yaml.j2
@@ -64,6 +64,7 @@ spec:
business_event:
enable: true
enable_task_api: true
+ enable_task_record: true
subscription:
- {
"app_name": "*",
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2
index ae4d6ed07..f90ed382f 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2
@@ -1,4 +1,5 @@
# CP4BA catalog https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cp-automation
+# CP4BA Git Repo https://github.com/icp4a/cert-kubernetes
# IBM CS Flink Operator Catalog https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cs-flink
# IBM CS Elastic Operator Catalog https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cs-elastic
# IBM Cloud Foundational Services https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cp-common-services
@@ -16,7 +17,7 @@
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
###############################################################################
-# CP4BA 24.0.0-IF002 catalog
+# CP4BA 24.0.1 catalog
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
@@ -26,12 +27,12 @@ spec:
displayName: ibm-cp4a-operator
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:990fc0915a570ef165074015aae4483ed458600f373840a3e7efe751faa9ac13
+ image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:80e5f2c149a622f74af25bfb9e9d3411ccaf136b914982d6e348b1c8b89bec5a
updateStrategy:
registryPoll:
interval: 45m
---
-# IBM CS Flink Operator Catalog 1.18.3 (2.0.3)
+# IBM CS Flink Operator Catalog 1.18.4 (2.0.4)
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
@@ -42,7 +43,7 @@ spec:
publisher: IBM
sourceType: grpc
image: >-
- icr.io/cpopen/ibm-opencontent-flink-operator-catalog@sha256:05b9d6b24d142bc2e9cde8bed4c8db45233cb7eaa5b37fec0daa25906c16daa3
+ icr.io/cpopen/ibm-opencontent-flink-operator-catalog@sha256:b1e6182101793348aaf45b77160848b09674033a2b6c910d14d3049a711bbdd7
updateStrategy:
registryPoll:
interval: 45m
@@ -64,11 +65,11 @@ spec:
interval: 45m
priority: 100
---
-# IBM Cloud Foundational Services 4.6.5
+# IBM Cloud Foundational Services 4.9.0
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
- name: ibm-cs-install-catalog-v4-6-5
+ name: ibm-cs-install-catalog-v4-9-0
namespace: "{{ cp4ba_project_name }}"
annotations:
bedrock_catalogsource_priority: '1'
@@ -76,34 +77,34 @@ spec:
displayName: IBM CS Install Operators
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-cs-install-catalog@sha256:e57569666cae5035f188d72665366759609e4d8b17bb3bad011b299bd17353ce
+ image: icr.io/cpopen/ibm-cs-install-catalog@sha256:6dec61b65e1414fadce180ce9e9aeba82dd2e393085cb3cadc1a6e271cefe50a
updateStrategy:
registryPoll:
interval: 45m
priority: 100
---
-# IBM Business Teams Service version 3.34.0
+# IBM Business Teams Service version 3.35.1
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
- name: bts-operator-v3-34-0
+ name: bts-operator-v3-35-1
namespace: "{{ cp4ba_project_name }}"
annotations:
bedrock_catalogsource_priority: '1'
spec:
- displayName: BTS Operator
+ displayName: BTS Operator-3.35.1
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-bts-operator-catalog@sha256:437a91f9e0cc224c32fb3d574dbe56efe5d1211f2338746e8a7e192034beae8f
+ image: icr.io/cpopen/ibm-bts-operator-catalog@sha256:c803538b0ff68d76f5c85a21fed3c3a680acbf12c6150d39f2c3072e89de04b1
updateStrategy:
registryPoll:
interval: 45m
---
-# IBM CS IM Operator Catalog 4.5.4
+# IBM CS IM Operator Catalog 4.8.0
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
- name: ibm-iam-operator-catalog
+ name: ibm-iam-operator-catalog-4-8-0
namespace: "{{ cp4ba_project_name }}"
annotations:
bedrock_catalogsource_priority: '1'
@@ -111,17 +112,17 @@ spec:
displayName: IBM IAM Operator Catalog
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-iam-operator-catalog@sha256:f7e9ac318d31a64c7d2921e8702c2e444532c733e0eae31343514802f5d1ebf5
+ image: icr.io/cpopen/ibm-iam-operator-catalog@sha256:28685c8ebc72df046e883ca37c379ea11b4e6e14c9dd7c8da2c91b3cf1b57816
updateStrategy:
registryPoll:
interval: 45m
priority: 100
---
-# IBM Zen Operator Catalog 5.1.7
+# IBM Zen Operator Catalog 6.0.4+20240916.202115.96
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
- name: ibm-zen-operator-catalog
+ name: ibm-zen-operator-catalog-6-0-4
namespace: "{{ cp4ba_project_name }}"
annotations:
bedrock_catalogsource_priority: '1'
@@ -129,7 +130,7 @@ spec:
displayName: IBM Zen Operator Catalog
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-zen-operator-catalog@sha256:c4d8a4af7a16e3d10d90ea8298249d9880c7042384fcea373531cd1bf9616e7d
+ image: icr.io/cpopen/ibm-zen-operator-catalog@sha256:9ce549fe51c21f584ad1e37fb09f0931018b48e4081af43bdff85d8dedfa8d65
updateStrategy:
registryPoll:
interval: 45m
@@ -153,7 +154,7 @@ spec:
interval: 45m
priority: 100
---
-# Cloud Native PostgresSQL 1.18.12 (4.25.0)
+# Cloud Native PostgresSQL Version 1.22.5 (CASE 4.29.0+20240829.203322.1920)(Postgresql Version 14.13)
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
@@ -165,13 +166,13 @@ spec:
displayName: Cloud Native Postgresql Catalog
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-cpd-cloud-native-postgresql-operator-catalog@sha256:0b46a3ec66622dd4a96d96243602a21d7a29cd854f67a876ad745ec524337a1f
+ image: icr.io/cpopen/ibm-cpd-cloud-native-postgresql-operator-catalog@sha256:d6b5e43f3b5c4e4198ed6ddfd4577eebea644df9d2fe2bac33600764b5cda631
updateStrategy:
registryPoll:
interval: 45m
priority: 100
---
-# IBM FileNet Content Manager Standalone catalog.
+# IBM FileNet Content Manager Standalone catalog for 5.6.0-IF001.
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
@@ -181,7 +182,7 @@ spec:
displayName: ibm-fncm-operator
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-fncm-catalog@sha256:8305209803f534779d1df2666a6b953272d6f4cbd65821839b2ba2311f303ea6
+ image: icr.io/cpopen/ibm-fncm-catalog@sha256:d87f78ab8f97116a5d3d5bb46caedc3f0256ed74a5af97b0d8d6548cebe28bc3
updateStrategy:
registryPoll:
interval: 45m
\ No newline at end of file
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/postdeploy.md.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/postdeploy.md.j2
index 9c527c843..f1eafff2e 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/postdeploy.md.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/postdeploy.md.j2
@@ -8,6 +8,7 @@ The following list specifies when you need to perform particular post-deployment
- [IBM Content Navigator Edit Service](#ibm-content-navigator-edit-service) - When you want to use Edit Service feature.
- [IBM Content Navigator for Microsoft Office](#ibm-content-navigator-for-microsoft-office) - When you want to use NMO feature.
- [Business Automation Studio (BAS) (foundation pattern)](#business-automation-studio-bas-foundation-pattern)
+ - [Enable generative AI](#enable-generative-ai) - When you want to use Gen AI features.
- [Deploy toolkits and configurators](#deploy-toolkits-and-configurators) - When you want to call ODM from Business Application using Automation Services.
- [Business Automation Insights (BAI) (foundation pattern)](#business-automation-insights-bai-foundation-pattern)
- [Configure Workforce insights](#configure-workforce-insights) - When you want to use Workforce Insights.
@@ -74,6 +75,20 @@ Login with Enterprise LDAP with {{ lc_principal_admin_user }} / {{ lc_principal_
Based on https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=cpbaf-business-automation-studio
+### Enable generative AI
+
+Based on https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=customizing-enabling-generative-ai
+
+Both secrets are already created for you with stubs.
+
+Perform the following tasks form the OpenSHift console.
+
+In Project {{ cp4ba_project_name }}, in Secret wfs-liberty-custom-xml-secret, search for *authData* and modify user and password with your real credentials
+
+In Project {{ cp4ba_project_name }}, in Secret wfs-lombardi-custom-xml-secret, search for *gen-ai-disabled* XML tag and modify its opening and ending name to only *gen-ai*. Also modify *project-id* and *provider-url* values with your real once.
+
+In Project {{ cp4ba_project_name }}, in Pods, search for *icp4adeploy-bastudio-deployment-0* and delete the pod to restart BAS.
+
### Deploy toolkits and configurators
Based on https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=reference-downloadable-toolkits
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cpfs/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/cpfs/tasks/install.yml
index 78f971c03..807de3edd 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cpfs/tasks/install.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cpfs/tasks/install.yml
@@ -161,8 +161,8 @@
name: instance
namespace: ibm-licensing
register: licensing
- retries: 10
- delay: 15
+ retries: 15
+ delay: 25
until: licensing.resources | length == 1
- name: Set licensing license accept
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cpfs/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cpfs/templates/catalogsource.yaml.j2
index c1f258e62..7bbd99551 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/cpfs/templates/catalogsource.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/cpfs/templates/catalogsource.yaml.j2
@@ -4,31 +4,31 @@
# IBM License Service Reporter https://github.com/IBM/cloud-pak/tree/afa5f33d3728fd03b87a5481fc223d5c50cf9015/repo/case/ibm-license-service-reporter-bundle
---
-# IBM Certificate Manager 4.2.7
+# IBM Certificate Manager 4.2.8
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: ibm-cert-manager-catalog
namespace: ibm-cert-manager
spec:
- displayName: ibm-cert-manager-4.2.7
+ displayName: ibm-cert-manager-4.2.8
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-cert-manager-operator-catalog@sha256:4dcf4ace4b5f166f83b31063f7e6404dbf78d8e98a9d4fcf52fedf576a55ca6c
+ image: icr.io/cpopen/ibm-cert-manager-operator-catalog@sha256:6268cedf6759cf544560d9f652974c14f293858c53bf747b145b4522d39701bb
updateStrategy:
registryPoll:
interval: 45m
---
-# IBM License Manager 4.2.7
+# IBM License Manager 4.2.8
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: ibm-licensing-catalog
namespace: ibm-licensing
spec:
- displayName: ibm-licensing-4.2.7
+ displayName: ibm-licensing-4.2.8
publisher: IBM
- image: icr.io/cpopen/ibm-licensing-catalog@sha256:e14ef29968ffd911602f2e5be776480d1bbf0fa09de22415a3bedbabcf58860c
+ image: icr.io/cpopen/ibm-licensing-catalog@sha256:a4c1121894a0fadd0f62415fdfe381bd92ac8afb9314539c8770c88c006ebd42
sourceType: grpc
updateStrategy:
registryPoll:
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/mssql/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/mssql/defaults/main.yml
index 3db4c39c2..5b9bef32d 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/mssql/defaults/main.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/mssql/defaults/main.yml
@@ -5,4 +5,4 @@ mssql_project_name: ""
mssql_universal_password: ""
mssql_storage_class_name: ""
# From https://mcr.microsoft.com/v2/mssql/rhel/server/tags/list
-mssql_image: mcr.microsoft.com/mssql/rhel/server:2022-CU13-rhel-9.1
+mssql_image: mcr.microsoft.com/mssql/rhel/server:2022-CU16-rhel-9.1
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/mssql/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/mssql/tasks/install.yml
index 205d75c08..e075887e7 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/mssql/tasks/install.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/mssql/tasks/install.yml
@@ -63,7 +63,7 @@
```bash
- /opt/mssql-tools/bin/sqlcmd -S 127.0.0.1 -U sa -P {{ mssql_universal_password }}
+ /opt/mssql-tools18/bin/sqlcmd -No -S 127.0.0.1 -U sa -P {{ mssql_universal_password }}
```
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2
index 99930d154..354b66777 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2
@@ -25,10 +25,10 @@ spec:
resources:
requests:
cpu: 100m
- memory: 1024Mi
+ memory: 2048Mi
limits:
cpu: 1000m
- memory: 2048Mi
+ memory: 6144Mi
startupProbe:
tcpSocket:
port: 1433
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml
index b2e3b806d..c01a06b6d 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml
@@ -3,7 +3,7 @@ pm_base_dir: "{{ generic_directory }}"
pm_dir_name: pm
pm_project_name: ""
pm_operator_channel: v3.0
-pm_version: 1.15.0_IF002
+pm_version: 2.0.0
pm_storage_class_name: ""
pm_universal_password: ""
pm_postgresql_project: ""
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml
index f6b4ccded..32c2da259 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml
@@ -14,14 +14,12 @@
command: >
bash -c "
psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF
- -- create a new user
- create user pm with password '{{ pm_postgresql_password }}';
+ -- create user pm
+ CREATE USER pm WITH PASSWORD '{{ pm_postgresql_password }}';
- -- create database aaedb
- create database pm owner pm;
-
- -- The following grant is used for databases
- grant all privileges on database pm to pm;
+ -- create database pm -- default template tablespace
+ CREATE DATABASE pm OWNER pm TEMPLATE template0 ENCODING UTF8;
+ REVOKE CONNECT ON DATABASE pm FROM PUBLIC;
EOF"
register: command_status
@@ -167,7 +165,8 @@
wait_timeout: 15
# Based on validate successful deployment by following https://www.ibm.com/docs/en/cloud-paks/1.0?topic=platform-how-validate-successful-installation
-- name: Wait for ProcessMining to be Ready
+# TODO waiting only for UIReady as Ready status is currently broken
+- name: Wait for ProcessMining to be UIReady
ansible.builtin.include_role:
name: common
tasks_from: wait-resource-condition
@@ -176,10 +175,24 @@
common_resource_kind: ProcessMining
common_resource_name: processmining
common_resource_namespace: "{{ pm_project_name }}"
- common_condition_name: Ready
+ common_condition_name: UIReady
common_retries: 30
common_delay: 120
+# TODO waiting only for pods ready as Ready status is currently broken START
+- name: Query for IPM pods and wait for them
+ kubernetes.core.k8s_info:
+ api_version: v1
+ kind: Pod
+ namespace: "{{ pm_project_name }}"
+ label_selectors:
+ - app.kubernetes.io/instance=processmining
+ register: pods
+ until: pods.resources | json_query('[?status.containerStatuses[0].ready == `true`].metadata.name') | length >= 10
+ retries: 30
+ delay: 30
+# TODO waiting only for pods ready as Ready status is currently broken END
+
- name: Get OCP Apps domain
ansible.builtin.include_role:
name: common
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2
index 8c91b3a29..2aef611b5 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2
@@ -1,4 +1,4 @@
-# case 3.3.3 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-process-mining
+# case 3.4.0 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-process-mining
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
@@ -8,7 +8,7 @@ spec:
displayName: IBM ProcessMining Operators
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/processmining-operator-catalog@sha256:2931c457bbb1f5232557a24d2d8e759000921a97785ee28dbbbd6e2560fc558e
+ image: icr.io/cpopen/processmining-operator-catalog@sha256:3f921a21aab1d011e61fbdda50edc504486f3eee353bec568208f478909dfd17
updateStrategy:
registryPoll:
interval: 45m
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/defaults/main.yml
index eb08945fb..b8f04fd8b 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/defaults/main.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/defaults/main.yml
@@ -1,9 +1,9 @@
rpa_action: install
rpa_base_dir: "{{ generic_directory }}"
rpa_dir_name: rpa
-rpa_operator_channel: v2.1
-rpa_mq_operator_channel: v3.2-sc2
-rpa_version: 2.1.0
+rpa_operator_channel: v2.2
+rpa_mq_operator_channel: v3.3
+rpa_version: 2.2.0
rpa_project_name: cp4ba
rpa_storage_class_name: ""
rpa_universal_password: ""
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml
index a42d34ca8..580434946 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml
@@ -33,7 +33,7 @@
until: ('READY' in catalogsource | json_query('resources[*].status.connectionState.lastObservedState') | unique)
with_items:
- ibm-robotic-process-automation-catalog
- - ibm-cloud-databases-redis-operator-catalog
+ - ibm-redis-cp-operator-catalog
- ibmmq-operator-catalogsource
- name: Prepare yaml file for the MQ Operator Subscription
@@ -58,28 +58,6 @@
common_namespace_name: "{{ rpa_project_name }}"
common_label_selector_stub: ibm-mq
-
-# TODO hotfix to enable RPA to progress last seen CP4BA 24.0.1 + RPA 2.0.0 START
-- name: Scale deployment down to zero replicas
- kubernetes.core.k8s_scale:
- api_version: apps/v1
- kind: Deployment
- name: ibm-cp4a-operator
- namespace: "{{ rpa_project_name }}"
- replicas: 0
-
-- name: Patch ZenService
- kubernetes.core.k8s_json_patch:
- api_version: zen.cpd.ibm.com/v1
- kind: ZenService
- name: iaf-zen-cpdservice
- namespace: "{{ rpa_project_name }}"
- patch:
- - op: replace
- path: /spec/zenCustomRoute/route_reencrypt
- value: 'true'
-# TODO hotfix to enable RPA to progress last seen CP4BA 24.0.1 + RPA 2.0.0 END
-
- name: Prepare yaml file for the Operator Subscription
ansible.builtin.template:
src: subscription.yaml.j2
@@ -125,7 +103,7 @@
namespace: "{{ rpa_mssql_project }}"
pod: "{{ pods.resources[0].metadata.name }}"
command: >
- /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "{{ rpa_universal_password }}" -Q
+ /opt/mssql-tools18/bin/sqlcmd -No -S localhost -U SA -P "{{ rpa_universal_password }}" -Q
"create database [automation];
create database [knowledge];
create database [wordnet];
@@ -206,7 +184,7 @@
name: common
tasks_from: iam-token-user
vars:
- common_cpfs_project: "{{ cp4ba_project_name }}"
+ common_cpfs_project: "{{ rpa_project_name }}"
common_user: "{{ lc_principal_admin_user }}"
common_password: "{{ lc_principal_admin_password }}"
common_output_to_var: "iam_token"
@@ -221,6 +199,75 @@
common_namespace_name: "{{ rpa_project_name }}"
common_output_to_var: "zen_token"
+- name: Get groups
+ ansible.builtin.uri:
+ url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/usermgmt/v2/groups"
+ method: GET
+ headers:
+ Authorization: "Bearer {{ zen_token }}"
+ validate_certs: false
+ status_code: 200
+ register: groups_response
+
+- name: Add all RPA roles to group {{ item }}
+ ansible.builtin.uri:
+ url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/usermgmt/v2/groups/{{ groups_response.json | json_query(condition_query) | first }}"
+ method: PATCH
+ headers:
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: json
+ body:
+ add_role_identifiers:
+ - rpa-automation-user
+ validate_certs: false
+ status_code:
+ - 200
+ - 500
+ vars:
+ condition_query: "results[?name == '{{ item }}'].group_id"
+ register: group_response
+ failed_when: group_response.status == 500 and group_response.json | json_query('exception') is not search('.*duplicate key value*')
+ with_items: "{{ lc_admin_groups }}"
+
+# Needed as group related permissions are updated only after first real login via browser
+- name: Add all RPA roles to default admin user and cpadminservice
+ ansible.builtin.uri:
+ url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/usermgmt/v1/user/{{ item }}?add_roles=true"
+ method: PUT
+ headers:
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: json
+ body:
+ username: "{{ item }}"
+ user_roles:
+ - rpa-automation-user
+ validate_certs: false
+ status_code:
+ - 200
+ with_items:
+ - cpadminservice
+ - "{{ lc_principal_admin_user }}"
+
+- name: Add RPA regular roles to group {{ item }}
+ ansible.builtin.uri:
+ url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/usermgmt/v2/groups/{{ groups_response.json | json_query(condition_query) | first }}"
+ method: PATCH
+ headers:
+ Authorization: "Bearer {{ zen_token }}"
+ body_format: json
+ body:
+ add_role_identifiers:
+ - rpa-automation-user
+ validate_certs: false
+ status_code:
+ - 200
+ - 500
+ vars:
+ condition_query: "results[?name == '{{ item }}'].group_id"
+ register: group_response
+ failed_when: group_response.status == 500 and group_response.json | json_query('exception') is not search('.*duplicate key value*')
+ with_items: "{{ lc_general_groups }}"
+
- name: Get RPA zen login token
ansible.builtin.uri:
url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/rpa/api/zen-token-login"
@@ -251,6 +298,7 @@
--data-urlencode 'grant_type=password'
register: rpa_token_response
changed_when: false
+ # noqa: command-instead-of-module
- name: Set rpa_token
ansible.builtin.set_fact:
@@ -293,10 +341,10 @@
validate_certs: false
return_content: true
status_code:
- - 200
+ - 201
- 400
register: team_response
- failed_when: team_response.status != 200 and team_response.content is not search('already exists in tenant')
+ failed_when: team_response.status != 201 and team_response.content is not search('already exists in tenant')
- name: Get teams
ansible.builtin.uri:
@@ -389,23 +437,12 @@
# Endpoints
- - UI: https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/rpa/ui
+ - UI: https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/rpa/ui
- - API: https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/rpa/api/v1.2/en/configuration
+ - API: https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/rpa/api/v1.2/en/configuration
# Credentials
- {{ lc_principal_admin_user }} / {{ lc_principal_admin_password }}
"
-
-
-# TODO hotfix to enable RPA to progress last seen CP4BA 24.0.1 + RPA 2.0.0 START
-- name: Scale deployment up to one replicas
- kubernetes.core.k8s_scale:
- api_version: apps/v1
- kind: Deployment
- name: ibm-cp4a-operator
- namespace: "{{ rpa_project_name }}"
- replicas: 1
-# TODO hotfix to enable RPA to progress last seen CP4BA 24.0.1 + RPA 2.0.0 END
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/remove.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/remove.yml
index 0181a392c..40dc5aa30 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/remove.yml
+++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/remove.yml
@@ -64,7 +64,7 @@
namespace: "{{ rpa_mssql_project }}"
pod: "{{ pods.resources[0].metadata.name }}"
command: >
- /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "{{ rpa_universal_password }}" -Q
+ /opt/mssql-tools18/bin/sqlcmd -No -S localhost -U SA -P "{{ rpa_universal_password }}" -Q
"ALTER DATABASE [automation] SET SINGLE_USER WITH ROLLBACK IMMEDIATE;
drop database [automation];
ALTER DATABASE [knowledge] SET SINGLE_USER WITH ROLLBACK IMMEDIATE;
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2
index 514ec0986..12288f3e2 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2
@@ -1,4 +1,4 @@
-# case 2.1.0 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-robotic-process-automation
+# case 2.2.0 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-robotic-process-automation
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
@@ -8,12 +8,12 @@ spec:
displayName: IBM Robotic Process Automation Catalog
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-rpa-operator-catalog@sha256:b138bdd6219e377a7aa0b52525605dbb04a9a854b28e444ebf65c1640da15673
+ image: icr.io/cpopen/ibm-rpa-operator-catalog@sha256:5c74b2b61997fdfb63201a2be068e8ff04d858adeccd8c72325b2c520d3fe513
updateStrategy:
registryPoll:
interval: 45m
---
-# case 1.2.1 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-redis-cp
+# case 1.2.3 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-redis-cp
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
@@ -23,12 +23,12 @@ spec:
displayName: IBM Redis CP Catalog
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-redis-cp-operator-catalog@sha256:6c0471ce54d5111e88c68395ab2a1b68c5304890523ecb76b297180f7697ce40
+ image: icr.io/cpopen/ibm-redis-cp-operator-catalog@sha256:415dc3b76406e8b2a23d2344682d686107e71662845f236f48212a7795414e6a
updateStrategy:
registryPoll:
interval: 45m
---
-# case 3.2.5 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-mq
+# case 3.3.0 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-mq
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
@@ -38,7 +38,7 @@ spec:
displayName: IBM MQ
publisher: IBM
sourceType: grpc
- image: icr.io/cpopen/ibm-mq-operator-catalog@sha256:9be58e171b7dec6012cc4a8f9d65793bd6eb02e01a58486817d740d932879892
+ image: icr.io/cpopen/ibm-mq-operator-catalog@sha256:4d8cfc8a6abc2f6c47a7bacae629f1d2bf525f3dabeaeb8310846c111d23ce60
updateStrategy:
registryPoll:
interval: 45m
diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2
index c3886c708..787a4e714 100644
--- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2
+++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2
@@ -32,30 +32,13 @@ spec:
archive:
size: 11Gi
class: "{{ rpa_storage_class_name }}"
-# template:
-# pod:
-# spec:
-# containers:
-# - name: rpa-server
-# readinessProbe:
-# initialDelaySeconds: 300
-# livenessProbe:
-# initialDelaySeconds: 300
ui:
replicas: 1
ocr:
replicas: 1
antivirus:
replicas: 1
-# template:
-# pod:
-# spec:
-# containers:
-# - name: clam-av-api
-# readinessProbe:
-# initialDelaySeconds: 300
-# livenessProbe:
-# initialDelaySeconds: 300
+ autoUpdateEnabled: true
audit:
forwardingEnabled: false
nlp:
diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md
index 04ee3c04d..87058c57e 100644
--- a/docs/src/30-reference/configuration/cp4ba.md
+++ b/docs/src/30-reference/configuration/cp4ba.md
@@ -1,9 +1,8 @@
# Cloud Pak for Business Automation
-Contains CP4BA version 23.0.2 iFix 3.
-RPA and Process Mining are currently not deployed due to discrepancy in Cloud Pak Foundational Services version.
-Contains IPM version 1.14.4.
-~~Contains RPA version 23.0.15.~~
+Contains CP4BA version 24.0.1.
+Contains IPM version 2.0.0.
+Contains RPA version 23.0.19.
- [Disclaimer ✋](#disclaimer-)
- [Documentation base 📝](#documentation-base-)
@@ -92,7 +91,7 @@ CP4BA capabilities are in purple color.
More info for CP4BA capabilities is available in official docs at https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest.
-More specifically in overview of patterns at https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=deployment-capabilities-production-deployments.
+More specifically in overview of patterns at https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=deployment-capability-patterns-production-deployments.
Pink color is used for CPFS dedicated capabilities.
@@ -148,13 +147,18 @@ For your convenience the following post-deployment setup tasks have been automat
- ODM - Roles assigned to users and groups. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.0?topic=access-managing-user-permissions
- ADP - Organization in Git created. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.1?topic=processing-setting-up-remote-git-organization
- ADP - Default project data loaded. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.1?topic=processing-loading-default-sample-data
-- ADP - Git connection and CDD repo creation done. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=processing-setting-up-remote-git-organization
+- ADP - Git connection and CDD repo creation done. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=processing-setting-up-remote-git-organization
- ADP - More project DBs created (6 in total - accommodates 3 ADP projects). https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.0?topic=processing-creating-additional-project-databases
- IER - Task Manager pod has TM_JOB_URL parameter set.
- IER - Task manager set up with CPE JARs required by IER.
- Task manager - Enabled in Navigator.
+- FNCM - Enabled search result highlighting for Simple Search for FNCM (OS1), BAW (BAWTOS) and ADP (DEVOS1) objectstores.
- BAW - tw_admins enhanced with LDAP admin groups.
- BAW - tw_authors enhanced with LDAP user and admin groups.
+- BAW - Created FileNet Subscription for ECM Content event in BAWTOS Object Store. https://www.ibm.com/docs/en/baw/24.x?topic=events-using-event-handler-filenet-content-manager
+- BAW - Enable Case History on FNCM Domain level as a prerequisite for Timeline Visualizer. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=widgets-timeline-visualizer
+- BAW - Added stub configurations for watsonx.ai integration. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=customizing-enabling-generative-ai
+- BAW - Enabled Process Admin audit log. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=customizing-enabling-audit-log
- BAI - extra flink task manager added for custom event processing.
- RPA - Bot Developer permission added to administrative user.
- IPM - Task mining related permissions added to admin user.