From 57d7142eb7820c0fc24283ecd21fa84656552b40 Mon Sep 17 00:00:00 2001 From: Pierre DANIEL <43950165+P-147@users.noreply.github.com> Date: Sat, 9 Nov 2024 00:34:03 +0100 Subject: [PATCH 01/45] remove redundant adp database proj2 creation proj2 database is already created in previous ansible task `ADP proj DBs` Signed-off-by: Pierre DANIEL <43950165+P-147@users.noreply.github.com> --- .../cp4ba/cp4ba-core/tasks/db/adp.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml index cc1454eb8..1177a697b 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml @@ -48,23 +48,6 @@ - proj5 - proj6 -- name: ADP proj2 DB - kubernetes.core.k8s_exec: - namespace: "{{ cp4ba_postgresql_project }}" - pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: > - bash -c " - psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF - -- create user proj2 - CREATE ROLE proj2 WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - - -- create database proj2 - create database proj2 owner proj2 template template0 encoding UTF8; - revoke connect on database proj2 from public; - grant all privileges on database proj2 to proj2; - EOF" - register: command_status - # Based on https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=scripts-creating-databases-document-processing # DEVOS Based on # https://www.ibm.com/docs/en/filenet-p8-platform/latest?topic=vtpiicd-creating-postgresql-database-table-spaces-content-platform-engine-object-store From 972a60aa9a0ad838ee2eeffcf3da12569e127e7f Mon Sep 17 00:00:00 2001 From: Pierre DANIEL <43950165+P-147@users.noreply.github.com> Date: Sat, 9 Nov 2024 00:49:11 +0100 Subject: [PATCH 02/45] simplify pg user creation Replace `CREATE ROLE` syntax with its equivalent USER syntax with clearer intent. Signed-off-by: Pierre DANIEL <43950165+P-147@users.noreply.github.com> --- .../cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml | 2 +- .../cp4ba/cp4ba-core/tasks/db/aae.yml | 4 ++-- .../cp4ba/cp4ba-core/tasks/db/adp.yml | 6 +++--- .../cp4ba/cp4ba-core/tasks/db/ban.yml | 2 +- .../cp4ba/cp4ba-core/tasks/db/bas.yml | 8 ++++---- .../cp4ba/cp4ba-core/tasks/db/bawaut.yml | 8 ++++---- .../cp4ba/cp4ba-core/tasks/db/fncm.yml | 4 ++-- .../cp4ba/cp4ba-core/tasks/db/ier.yml | 4 ++-- .../cp4ba/cp4ba-core/tasks/db/odm.yml | 2 +- .../50-install-cloud-pak/cp4ba/pm/tasks/install.yml | 6 +++--- 10 files changed, 23 insertions(+), 23 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml index 1a250ea18..ffc9d2674 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml @@ -26,7 +26,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user aeos - CREATE ROLE aeos WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER aeos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database aeos create database aeos owner aeos template template0 encoding UTF8; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml index 3209fa4fc..c53c055d8 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml @@ -16,8 +16,8 @@ command: > bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF - -- create a new user - create user aaedb with password '{{ cp4ba_postgresql_universal_password }}'; + -- create user aaedb + CREATE USER aaedb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database aaedb create database aaedb owner aaedb; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml index 1177a697b..9ea2cb6df 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml @@ -15,7 +15,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user adpbase - CREATE ROLE adpbase WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER adpbase WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database adpbase create database adpbase owner adpbase template template0 encoding UTF8; @@ -32,7 +32,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user {{ item }} - CREATE ROLE {{ item }} WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER {{ item }} WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database {{ item }} create database {{ item }} owner {{ item }} template template0 encoding UTF8; @@ -67,7 +67,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user devos1 - CREATE ROLE devos1 WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER devos1 WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database devos1 create database devos1 owner devos1 template template0 encoding UTF8; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml index d6f24fac4..155dc40a6 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml @@ -26,7 +26,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user icndb - CREATE ROLE icndb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER icndb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database icndb create database icndb owner icndb template template0 encoding UTF8 ; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml index dade9ffae..d3875f1da 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml @@ -15,8 +15,8 @@ command: > bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF - -- create a new user - create user appdb with password '{{ cp4ba_postgresql_universal_password }}'; + -- create user appdb + CREATE USER appdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database appdb create database appdb owner appdb; @@ -34,8 +34,8 @@ command: > bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF - -- create the user - CREATE ROLE basdb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + -- create user basdb + CREATE USER basdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create the database: CREATE DATABASE basdb WITH OWNER basdb ENCODING 'UTF8'; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml index b0cc2bc7d..1e6230b3a 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml @@ -25,7 +25,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user bawdocs - CREATE ROLE bawdocs WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER bawdocs WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database bawdocs create database bawdocs owner bawdocs template template0 encoding UTF8 ; @@ -57,7 +57,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user bawtos - CREATE ROLE bawtos WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER bawtos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database bawtos create database bawtos owner bawtos template template0 encoding UTF8 ; @@ -89,7 +89,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user bawdos - CREATE ROLE bawdos WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER bawdos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database bawdos create database bawdos owner bawdos template template0 encoding UTF8 ; @@ -122,7 +122,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user chdb - CREATE ROLE chdb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER chdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database chdb create database chdb owner chdb template template0 encoding UTF8 ; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml index 605d0c166..a56eb4514 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml @@ -25,7 +25,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user gcddb - CREATE ROLE gcddb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER gcddb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database gcddb create database gcddb owner gcddb template template0 encoding UTF8 ; @@ -57,7 +57,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user os1db - CREATE ROLE os1db WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER os1db WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database os1db create database os1db owner os1db template template0 encoding UTF8 ; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml index 82cc8adeb..ef91d959d 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml @@ -24,7 +24,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user fpos - CREATE ROLE fpos WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER fpos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database fpos create database fpos owner fpos template template0 encoding UTF8 ; @@ -55,7 +55,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user ros - CREATE ROLE ros WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER ros WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database ros create database ros owner ros template template0 encoding UTF8 ; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml index 3e18729db..ea77c2756 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml @@ -18,7 +18,7 @@ bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF -- create user odmdb - CREATE ROLE odmdb WITH INHERIT LOGIN ENCRYPTED PASSWORD '{{ cp4ba_postgresql_universal_password }}'; + CREATE USER odmdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create database odmdb create database odmdb owner odmdb template template0 encoding UTF8 ; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml index f6b4ccded..3208ce710 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml @@ -14,10 +14,10 @@ command: > bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF - -- create a new user - create user pm with password '{{ pm_postgresql_password }}'; + -- create user pm + CREATE USER pm WITH PASSWORD '{{ pm_postgresql_password }}'; - -- create database aaedb + -- create database pm create database pm owner pm; -- The following grant is used for databases From b1c47daee2f2105df4842f47b1e43646ac312d97 Mon Sep 17 00:00:00 2001 From: Pierre DANIEL <43950165+P-147@users.noreply.github.com> Date: Sat, 9 Nov 2024 01:13:36 +0100 Subject: [PATCH 03/45] remove unnecessary permission grants Remove some unnecessary commands like `GRANT ...` for database/tablespace OWNERs, as they already have those permissions. Signed-off-by: Pierre DANIEL <43950165+P-147@users.noreply.github.com> --- .../cp4ba-core/tasks/db/aae-data-persistence.yml | 3 --- .../cp4ba/cp4ba-core/tasks/db/aae.yml | 3 --- .../cp4ba/cp4ba-core/tasks/db/adp.yml | 5 ----- .../cp4ba/cp4ba-core/tasks/db/ban.yml | 3 --- .../cp4ba/cp4ba-core/tasks/db/bas.yml | 4 ---- .../cp4ba/cp4ba-core/tasks/db/bawaut.yml | 12 ------------ .../cp4ba/cp4ba-core/tasks/db/fncm.yml | 6 ------ .../cp4ba/cp4ba-core/tasks/db/ier.yml | 6 ------ .../cp4ba/cp4ba-core/tasks/db/odm.yml | 2 -- .../50-install-cloud-pak/cp4ba/pm/tasks/install.yml | 3 --- 10 files changed, 47 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml index ffc9d2674..a24f65d64 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml @@ -31,11 +31,8 @@ -- create database aeos create database aeos owner aeos template template0 encoding UTF8; revoke connect on database aeos from public; - grant all privileges on database aeos to aeos; - grant connect, temp, create on database aeos to aeos; -- please modify location follow your requirement create tablespace aeos_tbs owner aeos location '/bitnami/postgresql/tablespaces/aeos'; - grant create on tablespace aeos_tbs to aeos; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml index c53c055d8..c018d612b 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml @@ -21,8 +21,5 @@ -- create database aaedb create database aaedb owner aaedb; - - -- The following grant is used for databases - grant all privileges on database aaedb to aaedb; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml index 9ea2cb6df..9ec68f107 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml @@ -20,7 +20,6 @@ -- create database adpbase create database adpbase owner adpbase template template0 encoding UTF8; revoke connect on database adpbase from public; - grant all privileges on database adpbase to adpbase; EOF" register: command_status @@ -37,7 +36,6 @@ -- create database {{ item }} create database {{ item }} owner {{ item }} template template0 encoding UTF8; revoke connect on database {{ item }} from public; - grant all privileges on database {{ item }} to {{ item }}; EOF" register: command_status with_items: @@ -72,12 +70,9 @@ -- create database devos1 create database devos1 owner devos1 template template0 encoding UTF8; revoke connect on database devos1 from public; - grant all privileges on database devos1 to devos1; - grant connect, temp, create on database devos1 to devos1; -- please modify location follow your requirement create tablespace devos1_tbs owner devos1 location '/bitnami/postgresql/tablespaces/devos1'; - grant create on tablespace devos1_tbs to devos1; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml index 155dc40a6..0403977cd 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml @@ -31,11 +31,8 @@ -- create database icndb create database icndb owner icndb template template0 encoding UTF8 ; revoke connect on database icndb from public; - grant all privileges on database icndb to icndb; - grant connect, temp, create on database icndb to icndb; -- please modify location follow your requirement create tablespace icndb_tbs owner icndb location '/bitnami/postgresql/tablespaces/icndb'; - grant create on tablespace icndb_tbs to icndb; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml index d3875f1da..61a6aad8d 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml @@ -20,9 +20,6 @@ -- create database appdb create database appdb owner appdb; - - -- The following grant is used for databases - grant all privileges on database appdb to appdb; EOF" register: command_status @@ -39,7 +36,6 @@ -- create the database: CREATE DATABASE basdb WITH OWNER basdb ENCODING 'UTF8'; - GRANT ALL ON DATABASE basdb to basdb; -- Connect to your database and create schema \c basdb; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml index 1e6230b3a..e0abb2b23 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml @@ -30,12 +30,9 @@ -- create database bawdocs create database bawdocs owner bawdocs template template0 encoding UTF8 ; revoke connect on database bawdocs from public; - grant all privileges on database bawdocs to bawdocs; - grant connect, temp, create on database bawdocs to bawdocs; -- please modify location follow your requirement create tablespace bawdocs_tbs owner bawdocs location '/bitnami/postgresql/tablespaces/bawdocs'; - grant create on tablespace bawdocs_tbs to bawdocs; EOF" register: command_status @@ -62,12 +59,9 @@ -- create database bawtos create database bawtos owner bawtos template template0 encoding UTF8 ; revoke connect on database bawtos from public; - grant all privileges on database bawtos to bawtos; - grant connect, temp, create on database bawtos to bawtos; -- please modify location follow your requirement create tablespace bawtos_tbs owner bawtos location '/bitnami/postgresql/tablespaces/bawtos'; - grant create on tablespace bawtos_tbs to bawtos; EOF" register: command_status @@ -94,12 +88,9 @@ -- create database bawdos create database bawdos owner bawdos template template0 encoding UTF8 ; revoke connect on database bawdos from public; - grant all privileges on database bawdos to bawdos; - grant connect, temp, create on database bawdos to bawdos; -- please modify location follow your requirement create tablespace bawdos_tbs owner bawdos location '/bitnami/postgresql/tablespaces/bawdos'; - grant create on tablespace bawdos_tbs to bawdos; EOF" register: command_status @@ -127,12 +118,9 @@ -- create database chdb create database chdb owner chdb template template0 encoding UTF8 ; revoke connect on database chdb from public; - grant all privileges on database chdb to chdb; - grant connect, temp, create on database chdb to chdb; -- please modify location follow your requirement create tablespace chdb_tbs owner chdb location '/bitnami/postgresql/tablespaces/chdb'; - grant create on tablespace chdb_tbs to chdb; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml index a56eb4514..ac0056343 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml @@ -30,12 +30,9 @@ -- create database gcddb create database gcddb owner gcddb template template0 encoding UTF8 ; revoke connect on database gcddb from public; - grant all privileges on database gcddb to gcddb; - grant connect, temp, create on database gcddb to gcddb; -- please modify location follow your requirement create tablespace gcddb_tbs owner gcddb location '/bitnami/postgresql/tablespaces/gcddb'; - grant create on tablespace gcddb_tbs to gcddb; EOF" register: command_status @@ -62,11 +59,8 @@ -- create database os1db create database os1db owner os1db template template0 encoding UTF8 ; revoke connect on database os1db from public; - grant all privileges on database os1db to os1db; - grant connect, temp, create on database os1db to os1db; -- please modify location follow your requirement create tablespace os1db_tbs owner os1db location '/bitnami/postgresql/tablespaces/os1db'; - grant create on tablespace os1db_tbs to os1db; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml index ef91d959d..141e9204c 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml @@ -29,12 +29,9 @@ -- create database fpos create database fpos owner fpos template template0 encoding UTF8 ; revoke connect on database fpos from public; - grant all privileges on database fpos to fpos; - grant connect, temp, create on database fpos to fpos; -- please modify location follow your requirement create tablespace fpos_tbs owner fpos location '/bitnami/postgresql/tablespaces/fpos'; - grant create on tablespace fpos_tbs to fpos; EOF" register: command_status @@ -60,11 +57,8 @@ -- create database ros create database ros owner ros template template0 encoding UTF8 ; revoke connect on database ros from public; - grant all privileges on database ros to ros; - grant connect, temp, create on database ros to ros; -- please modify location follow your requirement create tablespace ros_tbs owner ros location '/bitnami/postgresql/tablespaces/ros'; - grant create on tablespace ros_tbs to ros; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml index ea77c2756..70d8ed597 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml @@ -23,7 +23,5 @@ -- create database odmdb create database odmdb owner odmdb template template0 encoding UTF8 ; revoke connect on database odmdb from public; - grant all privileges on database odmdb to odmdb; - grant connect, temp, create on database odmdb to odmdb; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml index 3208ce710..da4c0cb9a 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml @@ -19,9 +19,6 @@ -- create database pm create database pm owner pm; - - -- The following grant is used for databases - grant all privileges on database pm to pm; EOF" register: command_status From f992230ab54a80c7b59e2a23a94660723c559dd3 Mon Sep 17 00:00:00 2001 From: Pierre DANIEL <43950165+P-147@users.noreply.github.com> Date: Wed, 13 Nov 2024 01:06:32 +0100 Subject: [PATCH 04/45] fix usage of tablespaces and databases Some `CREATE TABLESPACE` commands are declared after and/or forgotten in the `CREATE DATABASE` command. Databases that didn't already declare a tablespace will continue to use the default tablespace `pg_default` Signed-off-by: Pierre DANIEL <43950165+P-147@users.noreply.github.com> --- .../tasks/db/aae-data-persistence.yml | 9 ++--- .../cp4ba/cp4ba-core/tasks/db/adp.yml | 9 ++--- .../cp4ba/cp4ba-core/tasks/db/ban.yml | 10 ++--- .../cp4ba/cp4ba-core/tasks/db/bawaut.yml | 38 +++++++++---------- .../cp4ba/cp4ba-core/tasks/db/fncm.yml | 18 ++++----- .../cp4ba/cp4ba-core/tasks/db/ier.yml | 19 +++++----- 6 files changed, 47 insertions(+), 56 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml index a24f65d64..ef18a47d9 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml @@ -28,11 +28,10 @@ -- create user aeos CREATE USER aeos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database aeos - create database aeos owner aeos template template0 encoding UTF8; - revoke connect on database aeos from public; + -- create tablespace for aeos + CREATE TABLESPACE aeos_tbs OWNER aeos LOCATION '/bitnami/postgresql/tablespaces/aeos'; - -- please modify location follow your requirement - create tablespace aeos_tbs owner aeos location '/bitnami/postgresql/tablespaces/aeos'; + -- create database aeos + CREATE DATABASE aeos OWNER aeos TEMPLATE template0 ENCODING UTF8 TABLESPACE aeos_tbs; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml index 9ec68f107..dece91e77 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml @@ -67,12 +67,11 @@ -- create user devos1 CREATE USER devos1 WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database devos1 - create database devos1 owner devos1 template template0 encoding UTF8; - revoke connect on database devos1 from public; + -- create tablespace for devos1 + CREATE TABLESPACE devos1_tbs OWNER devos1 LOCATION '/bitnami/postgresql/tablespaces/devos1'; - -- please modify location follow your requirement - create tablespace devos1_tbs owner devos1 location '/bitnami/postgresql/tablespaces/devos1'; + -- create database devos1 + CREATE DATABASE devos1 OWNER devos1 TEMPLATE template0 ENCODING UTF8 TABLESPACE devos1_tbs; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml index 0403977cd..e631974a0 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml @@ -28,11 +28,11 @@ -- create user icndb CREATE USER icndb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database icndb - create database icndb owner icndb template template0 encoding UTF8 ; - revoke connect on database icndb from public; - -- please modify location follow your requirement - create tablespace icndb_tbs owner icndb location '/bitnami/postgresql/tablespaces/icndb'; + -- create tablespace for icndb + CREATE TABLESPACE icndb_tbs OWNER icndb LOCATION '/bitnami/postgresql/tablespaces/icndb'; + + -- create database icndb + CREATE DATABASE icndb OWNER icndb TEMPLATE template0 ENCODING UTF8 TABLESPACE icndb_tbs; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml index e0abb2b23..9084c8e52 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml @@ -27,12 +27,11 @@ -- create user bawdocs CREATE USER bawdocs WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database bawdocs - create database bawdocs owner bawdocs template template0 encoding UTF8 ; - revoke connect on database bawdocs from public; + -- create tablespace for bawdocs + CREATE TABLESPACE bawdocs_tbs OWNER bawdocs LOCATION '/bitnami/postgresql/tablespaces/bawdocs'; - -- please modify location follow your requirement - create tablespace bawdocs_tbs owner bawdocs location '/bitnami/postgresql/tablespaces/bawdocs'; + -- create database bawdocs + CREATE DATABASE bawdocs OWNER bawdocs TEMPLATE template0 ENCODING UTF8 TABLESPACE bawdocs_tbs; EOF" register: command_status @@ -56,12 +55,11 @@ -- create user bawtos CREATE USER bawtos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database bawtos - create database bawtos owner bawtos template template0 encoding UTF8 ; - revoke connect on database bawtos from public; + -- create tablespace for bawtos + CREATE TABLESPACE bawtos_tbs OWNER bawtos LOCATION '/bitnami/postgresql/tablespaces/bawtos'; - -- please modify location follow your requirement - create tablespace bawtos_tbs owner bawtos location '/bitnami/postgresql/tablespaces/bawtos'; + -- create database bawtos + CREATE DATABASE bawtos OWNER bawtos TEMPLATE template0 ENCODING UTF8 TABLESPACE bawtos_tbs; EOF" register: command_status @@ -85,12 +83,11 @@ -- create user bawdos CREATE USER bawdos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database bawdos - create database bawdos owner bawdos template template0 encoding UTF8 ; - revoke connect on database bawdos from public; + -- create tablespace for bawdos + CREATE TABLESPACE bawdos_tbs OWNER bawdos LOCATION '/bitnami/postgresql/tablespaces/bawdos'; - -- please modify location follow your requirement - create tablespace bawdos_tbs owner bawdos location '/bitnami/postgresql/tablespaces/bawdos'; + -- create database bawdos + CREATE DATABASE bawdos OWNER bawdos TEMPLATE template0 ENCODING UTF8 TABLESPACE bawdos_tbs; EOF" register: command_status @@ -115,12 +112,11 @@ -- create user chdb CREATE USER chdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database chdb - create database chdb owner chdb template template0 encoding UTF8 ; - revoke connect on database chdb from public; + -- create tablespace for chdb + CREATE TABLESPACE chdb_tbs OWNER chdb LOCATION '/bitnami/postgresql/tablespaces/chdb'; - -- please modify location follow your requirement - create tablespace chdb_tbs owner chdb location '/bitnami/postgresql/tablespaces/chdb'; + -- create database chdb + CREATE DATABASE chdb OWNER chdb TEMPLATE template0 ENCODING UTF8 TABLESPACE chdb_tbs; EOF" register: command_status @@ -149,7 +145,7 @@ -- create database bawexternal CREATE DATABASE bawexternal OWNER bawexternal TEMPLATE template0 ENCODING UTF8 TABLESPACE bawexternal_tbs; - REVOKE CONNECT ON DATABASE bawexternal FROM public; + REVOKE CONNECT ON DATABASE bawexternal FROM PUBLIC; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml index ac0056343..c8cad706e 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml @@ -27,12 +27,11 @@ -- create user gcddb CREATE USER gcddb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database gcddb - create database gcddb owner gcddb template template0 encoding UTF8 ; - revoke connect on database gcddb from public; + -- create tablespace for gcddb + CREATE TABLESPACE gcddb_tbs OWNER gcddb LOCATION '/bitnami/postgresql/tablespaces/gcddb'; - -- please modify location follow your requirement - create tablespace gcddb_tbs owner gcddb location '/bitnami/postgresql/tablespaces/gcddb'; + -- create database gcddb + CREATE DATABASE gcddb OWNER gcddb TEMPLATE template0 ENCODING UTF8 TABLESPACE gcddb_tbs; EOF" register: command_status @@ -56,11 +55,10 @@ -- create user os1db CREATE USER os1db WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database os1db - create database os1db owner os1db template template0 encoding UTF8 ; - revoke connect on database os1db from public; + -- create tablespace for os1db + CREATE TABLESPACE os1db_tbs OWNER os1db LOCATION '/bitnami/postgresql/tablespaces/os1db'; - -- please modify location follow your requirement - create tablespace os1db_tbs owner os1db location '/bitnami/postgresql/tablespaces/os1db'; + -- create database os1db + CREATE DATABASE os1db OWNER os1db TEMPLATE template0 ENCODING UTF8 TABLESPACE os1db_tbs; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml index 141e9204c..4f95978f3 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml @@ -26,12 +26,12 @@ -- create user fpos CREATE USER fpos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database fpos - create database fpos owner fpos template template0 encoding UTF8 ; - revoke connect on database fpos from public; - -- please modify location follow your requirement - create tablespace fpos_tbs owner fpos location '/bitnami/postgresql/tablespaces/fpos'; + -- create tablespace for fpos + CREATE TABLESPACE fpos_tbs OWNER fpos LOCATION '/bitnami/postgresql/tablespaces/fpos'; + + -- create database fpos + CREATE DATABASE fpos OWNER fpos TEMPLATE template0 ENCODING UTF8 TABLESPACE fpos_tbs; EOF" register: command_status @@ -54,11 +54,10 @@ -- create user ros CREATE USER ros WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database ros - create database ros owner ros template template0 encoding UTF8 ; - revoke connect on database ros from public; + -- create tablespace for ros + CREATE TABLESPACE ros_tbs OWNER ros LOCATION '/bitnami/postgresql/tablespaces/ros'; - -- please modify location follow your requirement - create tablespace ros_tbs owner ros location '/bitnami/postgresql/tablespaces/ros'; + -- create database ros + CREATE DATABASE ros OWNER ros TEMPLATE template0 ENCODING UTF8 TABLESPACE ros_tbs; EOF" register: command_status From 8d706c2fbcdccfcabe005ccf6c2a16f5849bc095 Mon Sep 17 00:00:00 2001 From: Pierre DANIEL <43950165+P-147@users.noreply.github.com> Date: Wed, 13 Nov 2024 01:15:47 +0100 Subject: [PATCH 05/45] normalize other database creation commands Fix other `CREATE DATABASE` commands using the `pg_default` tablespace Signed-off-by: Pierre DANIEL <43950165+P-147@users.noreply.github.com> --- .../cp4ba/cp4ba-core/tasks/db/aae.yml | 4 ++-- .../cp4ba/cp4ba-core/tasks/db/adp.yml | 8 ++++---- .../cp4ba/cp4ba-core/tasks/db/bas.yml | 8 ++++---- .../cp4ba/cp4ba-core/tasks/db/bawaut.yml | 1 - .../cp4ba/cp4ba-core/tasks/db/odm.yml | 4 ++-- .../50-install-cloud-pak/cp4ba/pm/tasks/install.yml | 4 ++-- 6 files changed, 14 insertions(+), 15 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml index c018d612b..be2e3366c 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml @@ -19,7 +19,7 @@ -- create user aaedb CREATE USER aaedb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database aaedb - create database aaedb owner aaedb; + -- create database aaedb -- default template tablespace + CREATE DATABASE aaedb OWNER aaedb TEMPLATE template0 ENCODING UTF8; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml index dece91e77..fb4deaf60 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml @@ -17,8 +17,8 @@ -- create user adpbase CREATE USER adpbase WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database adpbase - create database adpbase owner adpbase template template0 encoding UTF8; + -- create database adpbase -- default template tablespace + CREATE DATABASE adpbase OWNER adpbase TEMPLATE template0 ENCODING UTF8; revoke connect on database adpbase from public; EOF" register: command_status @@ -33,8 +33,8 @@ -- create user {{ item }} CREATE USER {{ item }} WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database {{ item }} - create database {{ item }} owner {{ item }} template template0 encoding UTF8; + -- create database {{ item }} -- default template tablespace + CREATE DATABASE {{ item }} OWNER {{ item }} TEMPLATE template0 ENCODING UTF8; revoke connect on database {{ item }} from public; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml index 61a6aad8d..18049bc01 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml @@ -18,8 +18,8 @@ -- create user appdb CREATE USER appdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database appdb - create database appdb owner appdb; + -- create database appdb -- default template tablespace + CREATE DATABASE appdb OWNER appdb TEMPLATE template0 ENCODING UTF8; EOF" register: command_status @@ -34,8 +34,8 @@ -- create user basdb CREATE USER basdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create the database: - CREATE DATABASE basdb WITH OWNER basdb ENCODING 'UTF8'; + -- create database basdb -- default template tablespace + CREATE DATABASE basdb OWNER basdb TEMPLATE template0 ENCODING UTF8; -- Connect to your database and create schema \c basdb; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml index 9084c8e52..0cddf405a 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml @@ -146,7 +146,6 @@ -- create database bawexternal CREATE DATABASE bawexternal OWNER bawexternal TEMPLATE template0 ENCODING UTF8 TABLESPACE bawexternal_tbs; REVOKE CONNECT ON DATABASE bawexternal FROM PUBLIC; - EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml index 70d8ed597..a486cde60 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml @@ -20,8 +20,8 @@ -- create user odmdb CREATE USER odmdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create database odmdb - create database odmdb owner odmdb template template0 encoding UTF8 ; + -- create database odmdb -- default template tablespace + CREATE DATABASE odmdb OWNER odmdb TEMPLATE template0 ENCODING UTF8; revoke connect on database odmdb from public; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml index da4c0cb9a..224dd8603 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml @@ -17,8 +17,8 @@ -- create user pm CREATE USER pm WITH PASSWORD '{{ pm_postgresql_password }}'; - -- create database pm - create database pm owner pm; + -- create database pm -- default template tablespace + CREATE DATABASE pm OWNER pm TEMPLATE template0 ENCODING UTF8; EOF" register: command_status From bf4b9dc4b612888747d5a95bc3c4ed02729ca1fc Mon Sep 17 00:00:00 2001 From: Pierre DANIEL <43950165+P-147@users.noreply.github.com> Date: Wed, 13 Nov 2024 01:20:54 +0100 Subject: [PATCH 06/45] remove unnecessary authorization for schema Remove the `AUTHORIZATION` as the schema is already owned by the basdb `USER` creating it. Signed-off-by: Pierre DANIEL <43950165+P-147@users.noreply.github.com> --- .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml index 18049bc01..fcc391328 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml @@ -40,6 +40,6 @@ -- Connect to your database and create schema \c basdb; SET ROLE basdb; - CREATE SCHEMA IF NOT EXISTS basdb AUTHORIZATION basdb; + CREATE SCHEMA IF NOT EXISTS basdb; EOF" register: command_status From 10edbf72b7157a4daeb3db69ab93f5db93b95a9f Mon Sep 17 00:00:00 2001 From: Pierre DANIEL <43950165+P-147@users.noreply.github.com> Date: Wed, 13 Nov 2024 01:19:28 +0100 Subject: [PATCH 07/45] revoke connect rights for public users on all dbs Remove `CONNECT` priviledges for all `PUBLIC` accounts on databases. This prevents any `USER`s outside the db ower and database superuser to use the db. Signed-off-by: Pierre DANIEL <43950165+P-147@users.noreply.github.com> --- .../cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml | 1 + .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml | 1 + .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml | 5 +++-- .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml | 1 + .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml | 2 ++ .../cp4ba/cp4ba-core/tasks/db/bawaut.yml | 4 ++++ .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml | 2 ++ .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml | 2 ++ .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml | 2 +- .../50-install-cloud-pak/cp4ba/pm/tasks/install.yml | 1 + 10 files changed, 18 insertions(+), 3 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml index ef18a47d9..cd1c14297 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml @@ -33,5 +33,6 @@ -- create database aeos CREATE DATABASE aeos OWNER aeos TEMPLATE template0 ENCODING UTF8 TABLESPACE aeos_tbs; + REVOKE CONNECT ON DATABASE aeos FROM PUBLIC; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml index be2e3366c..70c7512c6 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae.yml @@ -21,5 +21,6 @@ -- create database aaedb -- default template tablespace CREATE DATABASE aaedb OWNER aaedb TEMPLATE template0 ENCODING UTF8; + REVOKE CONNECT ON DATABASE aaedb FROM PUBLIC; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml index fb4deaf60..01be2bde0 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml @@ -19,7 +19,7 @@ -- create database adpbase -- default template tablespace CREATE DATABASE adpbase OWNER adpbase TEMPLATE template0 ENCODING UTF8; - revoke connect on database adpbase from public; + REVOKE CONNECT ON DATABASE adpbase FROM PUBLIC; EOF" register: command_status @@ -35,7 +35,7 @@ -- create database {{ item }} -- default template tablespace CREATE DATABASE {{ item }} OWNER {{ item }} TEMPLATE template0 ENCODING UTF8; - revoke connect on database {{ item }} from public; + REVOKE CONNECT ON DATABASE {{ item }} FROM PUBLIC; EOF" register: command_status with_items: @@ -72,6 +72,7 @@ -- create database devos1 CREATE DATABASE devos1 OWNER devos1 TEMPLATE template0 ENCODING UTF8 TABLESPACE devos1_tbs; + REVOKE CONNECT ON DATABASE devos1 FROM PUBLIC; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml index e631974a0..26e717574 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml @@ -34,5 +34,6 @@ -- create database icndb CREATE DATABASE icndb OWNER icndb TEMPLATE template0 ENCODING UTF8 TABLESPACE icndb_tbs; + REVOKE CONNECT ON DATABASE icndb FROM PUBLIC; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml index fcc391328..b1ddad594 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bas.yml @@ -20,6 +20,7 @@ -- create database appdb -- default template tablespace CREATE DATABASE appdb OWNER appdb TEMPLATE template0 ENCODING UTF8; + REVOKE CONNECT ON DATABASE appdb FROM PUBLIC; EOF" register: command_status @@ -36,6 +37,7 @@ -- create database basdb -- default template tablespace CREATE DATABASE basdb OWNER basdb TEMPLATE template0 ENCODING UTF8; + REVOKE CONNECT ON DATABASE basdb FROM PUBLIC; -- Connect to your database and create schema \c basdb; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml index 0cddf405a..36af5d77d 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml @@ -32,6 +32,7 @@ -- create database bawdocs CREATE DATABASE bawdocs OWNER bawdocs TEMPLATE template0 ENCODING UTF8 TABLESPACE bawdocs_tbs; + REVOKE CONNECT ON DATABASE bawdocs FROM PUBLIC; EOF" register: command_status @@ -60,6 +61,7 @@ -- create database bawtos CREATE DATABASE bawtos OWNER bawtos TEMPLATE template0 ENCODING UTF8 TABLESPACE bawtos_tbs; + REVOKE CONNECT ON DATABASE bawtos FROM PUBLIC; EOF" register: command_status @@ -88,6 +90,7 @@ -- create database bawdos CREATE DATABASE bawdos OWNER bawdos TEMPLATE template0 ENCODING UTF8 TABLESPACE bawdos_tbs; + REVOKE CONNECT ON DATABASE bawdos FROM PUBLIC; EOF" register: command_status @@ -117,6 +120,7 @@ -- create database chdb CREATE DATABASE chdb OWNER chdb TEMPLATE template0 ENCODING UTF8 TABLESPACE chdb_tbs; + REVOKE CONNECT ON DATABASE chdb FROM PUBLIC; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml index c8cad706e..cdc63c371 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml @@ -32,6 +32,7 @@ -- create database gcddb CREATE DATABASE gcddb OWNER gcddb TEMPLATE template0 ENCODING UTF8 TABLESPACE gcddb_tbs; + REVOKE CONNECT ON DATABASE gcddb FROM PUBLIC; EOF" register: command_status @@ -60,5 +61,6 @@ -- create database os1db CREATE DATABASE os1db OWNER os1db TEMPLATE template0 ENCODING UTF8 TABLESPACE os1db_tbs; + REVOKE CONNECT ON DATABASE os1db FROM PUBLIC; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml index 4f95978f3..bad039f6e 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml @@ -32,6 +32,7 @@ -- create database fpos CREATE DATABASE fpos OWNER fpos TEMPLATE template0 ENCODING UTF8 TABLESPACE fpos_tbs; + REVOKE CONNECT ON DATABASE fpos FROM PUBLIC; EOF" register: command_status @@ -59,5 +60,6 @@ -- create database ros CREATE DATABASE ros OWNER ros TEMPLATE template0 ENCODING UTF8 TABLESPACE ros_tbs; + REVOKE CONNECT ON DATABASE ros FROM PUBLIC; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml index a486cde60..39a74c345 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/odm.yml @@ -22,6 +22,6 @@ -- create database odmdb -- default template tablespace CREATE DATABASE odmdb OWNER odmdb TEMPLATE template0 ENCODING UTF8; - revoke connect on database odmdb from public; + REVOKE CONNECT ON DATABASE odmdb FROM PUBLIC; EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml index 224dd8603..523da4f4b 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml @@ -19,6 +19,7 @@ -- create database pm -- default template tablespace CREATE DATABASE pm OWNER pm TEMPLATE template0 ENCODING UTF8; + REVOKE CONNECT ON DATABASE pm FROM PUBLIC; EOF" register: command_status From 37a9286d28f9d187ba64c455e7e21ecb00f72d91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 28 Nov 2024 13:54:11 +0100 Subject: [PATCH 08/45] Remove java dependency, remove obsolete helm dep MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../tasks/download-cp4ba-dependencies.yml | 7 +- .../cp4ba/akhq/tasks/install.yml | 52 ++- .../cp4ba/cp4ba-core/tasks/postdeploy/ier.yml | 298 +++++++++--------- 3 files changed, 190 insertions(+), 167 deletions(-) diff --git a/automation-roles/20-prepare/download-cp-dependencies/tasks/download-cp4ba-dependencies.yml b/automation-roles/20-prepare/download-cp-dependencies/tasks/download-cp4ba-dependencies.yml index cc98a056c..73b314ff7 100644 --- a/automation-roles/20-prepare/download-cp-dependencies/tasks/download-cp4ba-dependencies.yml +++ b/automation-roles/20-prepare/download-cp-dependencies/tasks/download-cp4ba-dependencies.yml @@ -1,6 +1 @@ ---- -- include_role: - name: java-download - -- include_role: - name: helm-download \ No newline at end of file +--- \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml index d9729621a..38bfa9f57 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml @@ -14,23 +14,51 @@ common_namespace_name: "{{ akhq_project_name }}" common_output_directory: "{{ akhq_output_directory }}" -- name: Import trusted CA from SSL certificate - community.general.java_cert: - cert_url: "iaf-system-kafka-bootstrap-{{ akhq_cp4ba_project_name }}.{{ apps_endpoint_domain }}" - keystore_path: "{{ akhq_output_directory }}/truststore.jks" - keystore_pass: "{{ akhq_universal_password }}" - keystore_create: true +- name: Create a pod with OpenJDK runtime image + kubernetes.core.k8s: state: present - cert_alias: iaf-ca + definition: + apiVersion: v1 + kind: Pod + metadata: + name: akhq-keytool + namespace: "{{ akhq_project_name }}" + spec: + containers: + - name: openjdk-container + image: ubi9/openjdk-17-runtime:1.21-1 + command: ["/bin/sh", "-c", "sleep 3600"] + wait: true -- name: Load jks data - ansible.builtin.slurp: - src: "{{ akhq_output_directory }}/truststore.jks" - register: slurped_jks_data +- name: Fetch certificate, create JKS, and encode as Base64 + kubernetes.core.k8s_exec: + namespace: "{{ akhq_project_name }}" + pod: akhq-keytool + container: openjdk-container + command: | + /bin/bash -c ' + keytool -printcert -rfc -sslserver iaf-system-kafka-bootstrap.{{ akhq_cp4ba_project_name }}.{{ apps_endpoint_domain }} > /tmp/cert.pem + keytool -importcert \ + -file /tmp/cert.pem \ + -alias iaf-ca \ + -keystore /tmp/truststore.jks \ + -storepass {{ akhq_universal_password }} \ + -noprompt + -trustcacerts + base64 -w 0 /tmp/truststore.jks + ' + register: base64_result - name: Decode data and store as fact ansible.builtin.set_fact: - _jks: "{{ slurped_jks_data.content }}" + _jks: "{{ base64_result.stdout }}" + +- name: Cleanup pod after execution + kubernetes.core.k8s: + state: absent + kind: Pod + name: akhq-keytool + namespace: "{{ akhq_project_name }}" - name: Get OCP Apps Endpoint ansible.builtin.include_role: diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ier.yml index 13dcba20c..a1a17acf8 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ier.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ier.yml @@ -1,171 +1,171 @@ -- name: Get OCP Apps domain - ansible.builtin.include_role: - name: common - tasks_from: apps-endpoint - vars: - common_output_to_var: "apps_endpoint_domain" +# - name: Get OCP Apps domain +# ansible.builtin.include_role: +# name: common +# tasks_from: apps-endpoint +# vars: +# common_output_to_var: "apps_endpoint_domain" -- name: Create a directory for IER config - ansible.builtin.file: - path: "{{ cp4ba_output_directory }}/ierconfig" - state: directory - mode: u+rwx +# - name: Create a directory for IER config +# ansible.builtin.file: +# path: "{{ cp4ba_output_directory }}/ierconfig" +# state: directory +# mode: u+rwx -- name: Extract IER config - ansible.builtin.unarchive: - src: "files/ier/ierconfig.tgz" - dest: "{{ cp4ba_output_directory }}/ierconfig" +# - name: Extract IER config +# ansible.builtin.unarchive: +# src: "files/ier/ierconfig.tgz" +# dest: "{{ cp4ba_output_directory }}/ierconfig" -- name: Template ierconfig/configure/configuration/config.ini - ansible.builtin.template: - src: "{{ cp4ba_output_directory }}/ierconfig/configure/configuration/config.ini" - dest: "{{ cp4ba_output_directory }}/ierconfig/configure/configuration/config.ini" - mode: u+rwx +# - name: Template ierconfig/configure/configuration/config.ini +# ansible.builtin.template: +# src: "{{ cp4ba_output_directory }}/ierconfig/configure/configuration/config.ini" +# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/configuration/config.ini" +# mode: u+rwx -- name: Template ierconfig/configure/profiles/configureWorkflows.xml - ansible.builtin.template: - src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/configureWorkflows.xml" - dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/configureWorkflows.xml" - mode: u+rwx +# - name: Template ierconfig/configure/profiles/configureWorkflows.xml +# ansible.builtin.template: +# src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/configureWorkflows.xml" +# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/configureWorkflows.xml" +# mode: u+rwx -- name: Template ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml - ansible.builtin.template: - src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml" - dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml" - mode: u+rwx +# - name: Template ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml +# ansible.builtin.template: +# src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml" +# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/createMarkingSetsAndAddOns.xml" +# mode: u+rwx -- name: Template ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml - ansible.builtin.template: - src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml" - dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml" - mode: u+rwx +# - name: Template ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml +# ansible.builtin.template: +# src: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml" +# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/profiles/environmentObjectStoreConfiguration.xml" +# mode: u+rwx -- name: Import trusted CA from SSL certificate - community.general.java_cert: - cert_url: "cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}" - keystore_path: "{{ cp4ba_output_directory }}/ierconfig/configure/truststore.jks" - keystore_pass: "{{ lc_principal_admin_password }}" - keystore_create: true - state: present - cert_alias: cpd-cert +# - name: Import trusted CA from SSL certificate +# community.general.java_cert: +# cert_url: "cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}" +# keystore_path: "{{ cp4ba_output_directory }}/ierconfig/configure/truststore.jks" +# keystore_pass: "{{ lc_principal_admin_password }}" +# keystore_create: true +# state: present +# cert_alias: cpd-cert -- name: Template ierconfig/configure/configmgr_cl.ini - ansible.builtin.template: - src: "{{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl.ini" - dest: "{{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl.ini" - mode: u+rwx +# - name: Template ierconfig/configure/configmgr_cl.ini +# ansible.builtin.template: +# src: "{{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl.ini" +# dest: "{{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl.ini" +# mode: u+rwx -- name: Template ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh - ansible.builtin.template: - src: "{{ cp4ba_output_directory }}/ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh" - dest: "{{ cp4ba_output_directory }}/ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh" - mode: u+rwx +# - name: Template ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh +# ansible.builtin.template: +# src: "{{ cp4ba_output_directory }}/ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh" +# dest: "{{ cp4ba_output_directory }}/ierconfig/Workflow/configureRMworkflow/WorkflowTransfer.sh" +# mode: u+rwx -- name: Get IAM token - ansible.builtin.include_role: - name: common - tasks_from: iam-token-user - vars: - common_cpfs_project: "{{ cp4ba_project_name }}" - common_user: "{{ lc_principal_admin_user }}" - common_password: "{{ lc_principal_admin_password }}" - common_output_to_var: "iam_token" +# - name: Get IAM token +# ansible.builtin.include_role: +# name: common +# tasks_from: iam-token-user +# vars: +# common_cpfs_project: "{{ cp4ba_project_name }}" +# common_user: "{{ lc_principal_admin_user }}" +# common_password: "{{ lc_principal_admin_password }}" +# common_output_to_var: "iam_token" -- name: Get Zen token - ansible.builtin.include_role: - name: common - tasks_from: zen-token - vars: - common_iam_token: "{{ iam_token }}" - common_user: "{{ lc_principal_admin_user }}" - common_namespace_name: "{{ cp4ba_project_name }}" - common_output_to_var: "zen_token" +# - name: Get Zen token +# ansible.builtin.include_role: +# name: common +# tasks_from: zen-token +# vars: +# common_iam_token: "{{ iam_token }}" +# common_user: "{{ lc_principal_admin_user }}" +# common_namespace_name: "{{ cp4ba_project_name }}" +# common_output_to_var: "zen_token" -- name: Create CodeModules folder - ansible.builtin.uri: - url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql" - method: POST - headers: - Content-Type: application/json - Authorization: "Bearer {{ zen_token }}" - body_format: json - body: - query: | - mutation CreateCodeModulesFolder {createFolder(repositoryIdentifier: - "FPOS", folderProperties: {name: "CodeModules", parent: {identifier: "/"} }) {id} } - validate_certs: false - status_code: - - 200 - register: folder_response - failed_when: ( folder_response.json | json_query('errors') | default([], true) | length > 1 ) and - ( folder_response.json | json_query('errors[0].extensions.serverErrorMessage') - is not match('A uniqueness requirement has been violated. The value for property FolderName of class Folder is not unique.') ) +# - name: Create CodeModules folder +# ansible.builtin.uri: +# url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql" +# method: POST +# headers: +# Content-Type: application/json +# Authorization: "Bearer {{ zen_token }}" +# body_format: json +# body: +# query: | +# mutation CreateCodeModulesFolder {createFolder(repositoryIdentifier: +# "FPOS", folderProperties: {name: "CodeModules", parent: {identifier: "/"} }) {id} } +# validate_certs: false +# status_code: +# - 200 +# register: folder_response +# failed_when: ( folder_response.json | json_query('errors') | default([], true) | length > 1 ) and +# ( folder_response.json | json_query('errors[0].extensions.serverErrorMessage') +# is not match('A uniqueness requirement has been violated. The value for property FolderName of class Folder is not unique.') ) -- name: Execute task createMarkingSetsAndAddOns - ansible.builtin.shell: | - {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task createMarkingSetsAndAddOns - register: ier_configmgr_output - changed_when: true - failed_when: ier_configmgr_output.rc != 0 +# - name: Execute task createMarkingSetsAndAddOns +# ansible.builtin.shell: | +# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task createMarkingSetsAndAddOns +# register: ier_configmgr_output +# changed_when: true +# failed_when: ier_configmgr_output.rc != 0 -- name: Execute task configureFPOS - ansible.builtin.shell: | - {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureFPOS - register: ier_configmgr_output - changed_when: true - failed_when: ier_configmgr_output.rc != 0 and - (ier_configmgr_output.stdout is not search('.*The current object store is already configured to the latest version.*')) - retries: 10 - delay: 120 - until: ier_configmgr_output.rc != 0 and - (ier_configmgr_output.stdout is search('.*The current object store is already configured to the latest version.*')) +# - name: Execute task configureFPOS +# ansible.builtin.shell: | +# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureFPOS +# register: ier_configmgr_output +# changed_when: true +# failed_when: ier_configmgr_output.rc != 0 and +# (ier_configmgr_output.stdout is not search('.*The current object store is already configured to the latest version.*')) +# retries: 10 +# delay: 120 +# until: ier_configmgr_output.rc != 0 and +# (ier_configmgr_output.stdout is search('.*The current object store is already configured to the latest version.*')) -- name: Execute task configureROS - ansible.builtin.shell: | - {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureROS - register: ier_configmgr_output - changed_when: true - failed_when: ier_configmgr_output.rc != 0 - retries: 10 - delay: 120 - until: ier_configmgr_output.rc == 0 +# - name: Execute task configureROS +# ansible.builtin.shell: | +# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureROS +# register: ier_configmgr_output +# changed_when: true +# failed_when: ier_configmgr_output.rc != 0 +# retries: 10 +# delay: 120 +# until: ier_configmgr_output.rc == 0 -- name: Execute task configureWorkflows - ansible.builtin.shell: | - {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureWorkflows - register: ier_configmgr_output - changed_when: true - failed_when: ier_configmgr_output.rc != 0 and - (ier_configmgr_output.stdout is not search('.*workflow component queues were configured with FileNet P8 Component Manager.*')) +# - name: Execute task configureWorkflows +# ansible.builtin.shell: | +# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task configureWorkflows +# register: ier_configmgr_output +# changed_when: true +# failed_when: ier_configmgr_output.rc != 0 and +# (ier_configmgr_output.stdout is not search('.*workflow component queues were configured with FileNet P8 Component Manager.*')) -- name: Execute task transferWorkflows - ansible.builtin.shell: | - {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task transferWorkflows - register: ier_configmgr_output - changed_when: true - failed_when: ier_configmgr_output.rc != 0 +# - name: Execute task transferWorkflows +# ansible.builtin.shell: | +# {{ cp4ba_output_directory }}/ierconfig/configure/configmgr_cl execute -task transferWorkflows +# register: ier_configmgr_output +# changed_when: true +# failed_when: ier_configmgr_output.rc != 0 -- name: Navigator Logon - ansible.builtin.uri: - url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/icn/navigator/jaxrs/logon" - method: POST - body: "desktop=admin" - force_basic_auth: true - status_code: 200 - headers: - Authorization: "Bearer {{ zen_token }}" - auth-token-realm: InternalIamRealm - Content-Type: "application/x-www-form-urlencoded" - validate_certs: false - timeout: 60 - return_content: true - register: login +# - name: Navigator Logon +# ansible.builtin.uri: +# url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/icn/navigator/jaxrs/logon" +# method: POST +# body: "desktop=admin" +# force_basic_auth: true +# status_code: 200 +# headers: +# Authorization: "Bearer {{ zen_token }}" +# auth-token-realm: InternalIamRealm +# Content-Type: "application/x-www-form-urlencoded" +# validate_certs: false +# timeout: 60 +# return_content: true +# register: login -- name: ICN session - ansible.builtin.set_fact: - content: "{{ login.content[4:] }}" - login_jsession: "{{ login.cookies['icn-JSESSIONID'] }}" - cookie_jsessionid_name: icn-JSESSIONID +# - name: ICN session +# ansible.builtin.set_fact: +# content: "{{ login.content[4:] }}" +# login_jsession: "{{ login.cookies['icn-JSESSIONID'] }}" +# cookie_jsessionid_name: icn-JSESSIONID # - name: Get list of plugins installed # ansible.builtin.uri: From cf2c44941f609875a6413cc28d8cbae899a70d0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 28 Nov 2024 13:57:46 +0100 Subject: [PATCH 09/45] Add another ansible roles copy command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/cp4ba-core/tasks/postdeploy/operator.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/operator.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/operator.yml index 2c050401a..c0948ec49 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/operator.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/operator.yml @@ -47,6 +47,13 @@ oc rsync -n {{ cp4ba_project_name }} `oc get pod -n {{ cp4ba_project_name }} --no-headers -l name=icp4a-foundation-operator |\ awk '{print $1}'`:/opt/ansible/roles foundation-ansible-roles + # Insights Engine + + mkdir insights-engine-ansible-roles + + oc rsync -n {{ cp4ba_project_name }} `oc get pod -n {{ cp4ba_project_name }} --no-headers -l name=ibm-insights-engine-operator |\ + awk '{print $1}'`:/opt/ansible/roles insights-engine-ansible-roles + ``` From 06df80e299a747842794919bdb39335d658e699f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 28 Nov 2024 14:02:58 +0100 Subject: [PATCH 10/45] Add and fix required items for Workforce insights MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/cp4ba-core/tasks/postdeploy/baml.yml | 2 +- .../cp4ba/cp4ba-core/templates/bawaut/cr.yaml.j2 | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/baml.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/baml.yml index 1c4d49806..50da5509e 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/baml.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/baml.yml @@ -52,7 +52,7 @@ system_id: "{{ bpm_systems_response | json_query(system_type_query) | first | json_query('systemID') }}" username: "{{ lc_principal_admin_user }}" password: "{{ lc_principal_admin_password }}" - url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/bawaut" + url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/bas" - name: Add the Workforce Insights Secret kubernetes.core.k8s: diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/cr.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/cr.yaml.j2 index df48dea7f..fff029364 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/cr.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/cr.yaml.j2 @@ -64,6 +64,7 @@ spec: business_event: enable: true enable_task_api: true + enable_task_record: true subscription: - { "app_name": "*", From 3f95ba1fad8efbde98291ac4501e91a532ea3976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 28 Nov 2024 14:48:57 +0100 Subject: [PATCH 11/45] Enable highlight for Simple Search for BAWTOS, OS1, DEVOS1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba-core/tasks/postdeploy/fncm.yml | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml index 6961d06b7..f748dae9c 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml @@ -5,6 +5,73 @@ vars: common_output_to_var: "apps_endpoint_domain" +- name: Get IAM token + ansible.builtin.include_role: + name: common + tasks_from: iam-token-user + vars: + common_cpfs_project: "{{ cp4ba_project_name }}" + common_user: "{{ lc_principal_admin_user }}" + common_password: "{{ lc_principal_admin_password }}" + common_output_to_var: "iam_token" + +- name: Get Zen token + ansible.builtin.include_role: + name: common + tasks_from: zen-token + vars: + common_iam_token: "{{ iam_token }}" + common_user: "{{ lc_principal_admin_user }}" + common_namespace_name: "{{ cp4ba_project_name }}" + common_output_to_var: "zen_token" + +- name: Build OS list + ansible.builtin.set_fact: + os_list: ["OS1"] + +- name: Add BAWTOS to OS list + ansible.builtin.set_fact: + os_list: "{{ os_list + ['BAWTOS'] }}" + when: _current_cp4ba_cluster.cp4ba.patterns.workflow.enabled and _current_cp4ba_cluster.cp4ba.patterns.workflow.optional_components.baw_authoring + +- name: Add DEVOS1 to OS list + ansible.builtin.set_fact: + os_list: "{{ os_list + ['DEVOS1'] }}" + when: _current_cp4ba_cluster.cp4ba.patterns.document_processing.enabled + +- name: Enable DYNAMIC CBR Summary for Simple Search + ansible.builtin.uri: + url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql" + method: POST + headers: + Content-Type: application/json + Authorization: "Bearer {{ zen_token }}" + body_format: json + body: + { + query: "mutation { + changeObject( + classIdentifier:\"ObjectStore\" + identifier:\"{{ item }}\" + properties:[{CBRSummaryType:2}] + actions:[ + { + type:UPDATE + } + ] + ){ + className + } + }" + } + validate_certs: false + return_content: true + status_code: + - 200 + register: graphql_response + failed_when: "'errors' in graphql_response.content" + with_items: {{ os_list }} + - name: Set usage entry ansible.builtin.include_role: name: usage From d14c9e5468c21c71146f24d85cfbb4c8296b71ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 28 Nov 2024 14:51:21 +0100 Subject: [PATCH 12/45] Enable highlight for Simple Search for BAWTOS, OS1, DEVOS1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- docs/src/30-reference/configuration/cp4ba.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index 04ee3c04d..3bade9370 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -153,6 +153,7 @@ For your convenience the following post-deployment setup tasks have been automat - IER - Task Manager pod has TM_JOB_URL parameter set. - IER - Task manager set up with CPE JARs required by IER. - Task manager - Enabled in Navigator. +- FNCM - Enabled search result highlighting for Simple Search for FNCM (OS1), BAW (BAWTOS) and ADP (DEVOS1) objectstores. - BAW - tw_admins enhanced with LDAP admin groups. - BAW - tw_authors enhanced with LDAP user and admin groups. - BAI - extra flink task manager added for custom event processing. From b53ba040395a29bd43cedf7a5699df8c12fc92e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 28 Nov 2024 15:02:35 +0100 Subject: [PATCH 13/45] Fix docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- docs/src/30-reference/configuration/cp4ba.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index 3bade9370..4189683c9 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -1,8 +1,8 @@ # Cloud Pak for Business Automation -Contains CP4BA version 23.0.2 iFix 3. -RPA and Process Mining are currently not deployed due to discrepancy in Cloud Pak Foundational Services version. -Contains IPM version 1.14.4. +Contains CP4BA version 24.0.0-IF002. +RPA is currently not deployed due to discrepancy in Cloud Pak Foundational Services version. +Contains IPM version 1.15.0-IF002. ~~Contains RPA version 23.0.15.~~ - [Disclaimer ✋](#disclaimer-) From 05d4b4fc087a589de473ec81c5d2dcdcf7001de5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Fri, 29 Nov 2024 07:11:11 +0100 Subject: [PATCH 14/45] Add RPA back MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/cp4ba-cluster/tasks/install.yml | 18 +++++++++--------- .../cp4ba/mssql/defaults/main.yml | 2 +- .../cp4ba/rpa/defaults/main.yml | 6 +++--- .../cp4ba/rpa/templates/catalogsource.yaml.j2 | 12 ++++++------ .../templates/roboticprocessautomation.yaml.j2 | 18 ------------------ docs/src/30-reference/configuration/cp4ba.md | 3 +-- 6 files changed, 20 insertions(+), 39 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-cluster/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-cluster/tasks/install.yml index bc285fec1..955957fb5 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-cluster/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-cluster/tasks/install.yml @@ -98,15 +98,15 @@ when: _current_cp4ba_cluster.cp4ba.enabled and _current_cp4ba_cluster.cp4ba.patterns.foundation.optional_components.bai and _current_cp4ba_cluster.akhq_enabled -# - name: Install MSSQL -# ansible.builtin.include_role: -# name: mssql -# when: mssql_enabled - -# - name: Install RPA -# ansible.builtin.include_role: -# name: rpa -# when: _current_cp4ba_cluster.rpa.enabled +- name: Install MSSQL + ansible.builtin.include_role: + name: mssql + when: mssql_enabled + +- name: Install RPA + ansible.builtin.include_role: + name: rpa + when: _current_cp4ba_cluster.rpa.enabled - name: Install PM ansible.builtin.include_role: diff --git a/automation-roles/50-install-cloud-pak/cp4ba/mssql/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/mssql/defaults/main.yml index 3db4c39c2..5b9bef32d 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/mssql/defaults/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/mssql/defaults/main.yml @@ -5,4 +5,4 @@ mssql_project_name: "" mssql_universal_password: "" mssql_storage_class_name: "" # From https://mcr.microsoft.com/v2/mssql/rhel/server/tags/list -mssql_image: mcr.microsoft.com/mssql/rhel/server:2022-CU13-rhel-9.1 +mssql_image: mcr.microsoft.com/mssql/rhel/server:2022-CU16-rhel-9.1 diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/defaults/main.yml index eb08945fb..b8f04fd8b 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/defaults/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/defaults/main.yml @@ -1,9 +1,9 @@ rpa_action: install rpa_base_dir: "{{ generic_directory }}" rpa_dir_name: rpa -rpa_operator_channel: v2.1 -rpa_mq_operator_channel: v3.2-sc2 -rpa_version: 2.1.0 +rpa_operator_channel: v2.2 +rpa_mq_operator_channel: v3.3 +rpa_version: 2.2.0 rpa_project_name: cp4ba rpa_storage_class_name: "" rpa_universal_password: "" diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2 index 514ec0986..7493ca28e 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2 @@ -1,4 +1,4 @@ -# case 2.1.0 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-robotic-process-automation +# case 2.2.0 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-robotic-process-automation apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -8,12 +8,12 @@ spec: displayName: IBM Robotic Process Automation Catalog publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-rpa-operator-catalog@sha256:b138bdd6219e377a7aa0b52525605dbb04a9a854b28e444ebf65c1640da15673 + image: icr.io/cpopen/ibm-rpa-operator-catalog@sha256:5c74b2b61997fdfb63201a2be068e8ff04d858adeccd8c72325b2c520d3fe513 updateStrategy: registryPoll: interval: 45m --- -# case 1.2.1 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-redis-cp +# case 1.2.2 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-redis-cp apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -23,12 +23,12 @@ spec: displayName: IBM Redis CP Catalog publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-redis-cp-operator-catalog@sha256:6c0471ce54d5111e88c68395ab2a1b68c5304890523ecb76b297180f7697ce40 + image: icr.io/cpopen/ibm-redis-cp-operator-catalog@sha256:cd9d784af40e0524c030c43f2c869bc4027a97bf13d02e3dfa3649785dcf49c1 updateStrategy: registryPoll: interval: 45m --- -# case 3.2.5 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-mq +# case 3.3.0 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-mq apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -38,7 +38,7 @@ spec: displayName: IBM MQ publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-mq-operator-catalog@sha256:9be58e171b7dec6012cc4a8f9d65793bd6eb02e01a58486817d740d932879892 + image: icr.io/cpopen/ibm-mq-operator-catalog@sha256:4d8cfc8a6abc2f6c47a7bacae629f1d2bf525f3dabeaeb8310846c111d23ce60 updateStrategy: registryPoll: interval: 45m diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 index c3886c708..e4ca615f7 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 @@ -32,30 +32,12 @@ spec: archive: size: 11Gi class: "{{ rpa_storage_class_name }}" -# template: -# pod: -# spec: -# containers: -# - name: rpa-server -# readinessProbe: -# initialDelaySeconds: 300 -# livenessProbe: -# initialDelaySeconds: 300 ui: replicas: 1 ocr: replicas: 1 antivirus: replicas: 1 -# template: -# pod: -# spec: -# containers: -# - name: clam-av-api -# readinessProbe: -# initialDelaySeconds: 300 -# livenessProbe: -# initialDelaySeconds: 300 audit: forwardingEnabled: false nlp: diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index 4189683c9..79df9d2e1 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -1,9 +1,8 @@ # Cloud Pak for Business Automation Contains CP4BA version 24.0.0-IF002. -RPA is currently not deployed due to discrepancy in Cloud Pak Foundational Services version. Contains IPM version 1.15.0-IF002. -~~Contains RPA version 23.0.15.~~ +Contains RPA version 23.0.19. - [Disclaimer ✋](#disclaimer-) - [Documentation base 📝](#documentation-base-) From 2f5e001e6834bd28f12f1a36255417684e3837e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Fri, 29 Nov 2024 07:14:58 +0100 Subject: [PATCH 15/45] Update IPM 1.15.0-if004 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/pm/defaults/main.yml | 2 +- .../cp4ba/pm/templates/catalogsource.yaml.j2 | 4 ++-- docs/src/30-reference/configuration/cp4ba.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml index b2e3b806d..2c4f4113d 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml @@ -3,7 +3,7 @@ pm_base_dir: "{{ generic_directory }}" pm_dir_name: pm pm_project_name: "" pm_operator_channel: v3.0 -pm_version: 1.15.0_IF002 +pm_version: 1.15.0_IF004 pm_storage_class_name: "" pm_universal_password: "" pm_postgresql_project: "" diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2 index 8c91b3a29..9ee8f7395 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2 @@ -1,4 +1,4 @@ -# case 3.3.3 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-process-mining +# case 3.3.5 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-process-mining apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -8,7 +8,7 @@ spec: displayName: IBM ProcessMining Operators publisher: IBM sourceType: grpc - image: icr.io/cpopen/processmining-operator-catalog@sha256:2931c457bbb1f5232557a24d2d8e759000921a97785ee28dbbbd6e2560fc558e + image: icr.io/cpopen/processmining-operator-catalog@sha256:255a03a3e51926cbefc08a6a2c7a68c72a5512152d013870534cd2c53cb0d466 updateStrategy: registryPoll: interval: 45m diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index 79df9d2e1..c1bbd50c2 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -1,7 +1,7 @@ # Cloud Pak for Business Automation Contains CP4BA version 24.0.0-IF002. -Contains IPM version 1.15.0-IF002. +Contains IPM version 1.15.0-IF004. Contains RPA version 23.0.19. - [Disclaimer ✋](#disclaimer-) From bc47099c0f945e28a0d6e9d1d5c38546532334aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Fri, 29 Nov 2024 07:33:31 +0100 Subject: [PATCH 16/45] Update cp4ba 24.0.0-IF003 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/cp4ba-core/defaults/main.yml | 4 ++-- .../templates/catalogsource.yaml.j2 | 24 +++++++++---------- .../cpfs/templates/catalogsource.yaml.j2 | 12 +++++----- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml index 5c317ebe2..5db06418c 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml @@ -7,14 +7,14 @@ cp4ba_dir_name: cp4ba cp4ba_operator_channel: v24.0 ## Should not be changed in particular guide version. ## Version of cert-kubernetes folder from Cloud Pak CASE archive e.g. 21.0.1 -cp4ba_cert_k8s_branch: 24.0.0-IF002 +cp4ba_cert_k8s_branch: 24.0.0-IF003 cp4ba_storage_class_name: "" cp4ba_block_storage_class_name: "" ## Should not be changed in particular guide version. ## Version of Cloud Pak e.g. 20.0.2.1, 20.0.3 cp4ba_version: 24.0.0 ## Version in CPFS catalog CatalogSource -cpfs_cs_version: v4-6-5 +cpfs_cs_version: v4-6-6 ## Version in BTS catalog CatalogSource cpfs_bts_version: v3-34-0 ## Name of the CP4BA instance in cr.yaml at path metadata.name diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 index ae4d6ed07..c4cfee4c1 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 @@ -16,7 +16,7 @@ # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # ############################################################################### -# CP4BA 24.0.0-IF002 catalog +# CP4BA 24.0.0-IF003 catalog apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -26,12 +26,12 @@ spec: displayName: ibm-cp4a-operator publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:990fc0915a570ef165074015aae4483ed458600f373840a3e7efe751faa9ac13 + image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:2d00d01669ba5aba7471dcb85128b014577956b13630fc8da4e2ad3cf0c84db4 updateStrategy: registryPoll: interval: 45m --- -# IBM CS Flink Operator Catalog 1.18.3 (2.0.3) +# IBM CS Flink Operator Catalog 1.18.4 (2.0.4) apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -42,7 +42,7 @@ spec: publisher: IBM sourceType: grpc image: >- - icr.io/cpopen/ibm-opencontent-flink-operator-catalog@sha256:05b9d6b24d142bc2e9cde8bed4c8db45233cb7eaa5b37fec0daa25906c16daa3 + icr.io/cpopen/ibm-opencontent-flink-operator-catalog@sha256:b1e6182101793348aaf45b77160848b09674033a2b6c910d14d3049a711bbdd7 updateStrategy: registryPoll: interval: 45m @@ -64,11 +64,11 @@ spec: interval: 45m priority: 100 --- -# IBM Cloud Foundational Services 4.6.5 +# IBM Cloud Foundational Services 4.6.6 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: ibm-cs-install-catalog-v4-6-5 + name: ibm-cs-install-catalog-v4-6-6 namespace: "{{ cp4ba_project_name }}" annotations: bedrock_catalogsource_priority: '1' @@ -76,7 +76,7 @@ spec: displayName: IBM CS Install Operators publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-cs-install-catalog@sha256:e57569666cae5035f188d72665366759609e4d8b17bb3bad011b299bd17353ce + image: icr.io/cpopen/ibm-cs-install-catalog@sha256:f97e7cb0d476edfc16a3e983596512fd6166506cc9cfc5c833581ff23affd1b0 updateStrategy: registryPoll: interval: 45m @@ -99,7 +99,7 @@ spec: registryPoll: interval: 45m --- -# IBM CS IM Operator Catalog 4.5.4 +# IBM CS IM Operator Catalog 4.5.5 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -111,13 +111,13 @@ spec: displayName: IBM IAM Operator Catalog publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-iam-operator-catalog@sha256:f7e9ac318d31a64c7d2921e8702c2e444532c733e0eae31343514802f5d1ebf5 + image: icr.io/cpopen/ibm-iam-operator-catalog@sha256:205906d04301c85fe006143e2fc7134cd019a7fa83d3dd94fd816b929712605e updateStrategy: registryPoll: interval: 45m priority: 100 --- -# IBM Zen Operator Catalog 5.1.7 +# IBM Zen Operator Catalog 5.1.8 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -129,7 +129,7 @@ spec: displayName: IBM Zen Operator Catalog publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-zen-operator-catalog@sha256:c4d8a4af7a16e3d10d90ea8298249d9880c7042384fcea373531cd1bf9616e7d + image: icr.io/cpopen/ibm-zen-operator-catalog@sha256:d0157f7ff656b745424a4ed276ee3ee19de2507989d4c506f638adc85b440127 updateStrategy: registryPoll: interval: 45m @@ -181,7 +181,7 @@ spec: displayName: ibm-fncm-operator publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-fncm-catalog@sha256:8305209803f534779d1df2666a6b953272d6f4cbd65821839b2ba2311f303ea6 + image: icr.io/cpopen/ibm-fncm-catalog@sha256:d87f78ab8f97116a5d3d5bb46caedc3f0256ed74a5af97b0d8d6548cebe28bc3 updateStrategy: registryPoll: interval: 45m \ No newline at end of file diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cpfs/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cpfs/templates/catalogsource.yaml.j2 index c1f258e62..7bbd99551 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cpfs/templates/catalogsource.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cpfs/templates/catalogsource.yaml.j2 @@ -4,31 +4,31 @@ # IBM License Service Reporter https://github.com/IBM/cloud-pak/tree/afa5f33d3728fd03b87a5481fc223d5c50cf9015/repo/case/ibm-license-service-reporter-bundle --- -# IBM Certificate Manager 4.2.7 +# IBM Certificate Manager 4.2.8 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-cert-manager-catalog namespace: ibm-cert-manager spec: - displayName: ibm-cert-manager-4.2.7 + displayName: ibm-cert-manager-4.2.8 publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-cert-manager-operator-catalog@sha256:4dcf4ace4b5f166f83b31063f7e6404dbf78d8e98a9d4fcf52fedf576a55ca6c + image: icr.io/cpopen/ibm-cert-manager-operator-catalog@sha256:6268cedf6759cf544560d9f652974c14f293858c53bf747b145b4522d39701bb updateStrategy: registryPoll: interval: 45m --- -# IBM License Manager 4.2.7 +# IBM License Manager 4.2.8 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-licensing-catalog namespace: ibm-licensing spec: - displayName: ibm-licensing-4.2.7 + displayName: ibm-licensing-4.2.8 publisher: IBM - image: icr.io/cpopen/ibm-licensing-catalog@sha256:e14ef29968ffd911602f2e5be776480d1bbf0fa09de22415a3bedbabcf58860c + image: icr.io/cpopen/ibm-licensing-catalog@sha256:a4c1121894a0fadd0f62415fdfe381bd92ac8afb9314539c8770c88c006ebd42 sourceType: grpc updateStrategy: registryPoll: From 6cc0884e8deea668f534e08180f30c98f96ad9f1 Mon Sep 17 00:00:00 2001 From: Pierre DANIEL <43950165+P-147@users.noreply.github.com> Date: Tue, 3 Dec 2024 01:16:03 +0100 Subject: [PATCH 17/45] rename tablespaces folders and amend removal logic - Remove "_tbs" suffix from ansible tasklist `remove-postgresql-tablespace.yml` for better variable meaning `common_postgresql_tablespace_name` (and not database name) - Add "_tbs" suffix back to the "with_items" list used by the removal role to index tablespaces - To normalize tablespaces naming on filesystem and folder removal, "_tbs" suffix is also added in tablespace folder location Signed-off-by: Pierre DANIEL <43950165+P-147@users.noreply.github.com> --- .../tasks/remove-postgresql-tablespace.yml | 4 +-- .../tasks/db/aae-data-persistence.yml | 2 +- .../cp4ba/cp4ba-core/tasks/db/adp.yml | 2 +- .../cp4ba/cp4ba-core/tasks/db/ban.yml | 2 +- .../cp4ba/cp4ba-core/tasks/db/bawaut.yml | 10 +++---- .../cp4ba/cp4ba-core/tasks/db/fncm.yml | 4 +-- .../cp4ba/cp4ba-core/tasks/db/ier.yml | 4 +-- .../cp4ba/cp4ba-core/tasks/remove.yml | 26 +++++++++---------- 8 files changed, 27 insertions(+), 27 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/remove-postgresql-tablespace.yml b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/remove-postgresql-tablespace.yml index f8821e7f7..659787adc 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/remove-postgresql-tablespace.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/remove-postgresql-tablespace.yml @@ -1,6 +1,6 @@ # Example of the functionality call # -# - name: Remove PostgreSQL tablespace +# - name: Remove PostgreSQL tablespace and folder # ansible.builtin.include_role: # name: common # tasks_from: remove-postgresql-tablespace @@ -24,7 +24,7 @@ command: > bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF - DROP TABLESPACE IF EXISTS {{ common_postgresql_tablespace_name }}_tbs; + DROP TABLESPACE IF EXISTS {{ common_postgresql_tablespace_name }}; EOF" register: command_status when: postgresql_pod.resources | length != 0 diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml index cd1c14297..66ba90fc0 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml @@ -29,7 +29,7 @@ CREATE USER aeos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for aeos - CREATE TABLESPACE aeos_tbs OWNER aeos LOCATION '/bitnami/postgresql/tablespaces/aeos'; + CREATE TABLESPACE aeos_tbs OWNER aeos LOCATION '/bitnami/postgresql/tablespaces/aeos_tbs'; -- create database aeos CREATE DATABASE aeos OWNER aeos TEMPLATE template0 ENCODING UTF8 TABLESPACE aeos_tbs; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml index 01be2bde0..0acb99daa 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml @@ -68,7 +68,7 @@ CREATE USER devos1 WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for devos1 - CREATE TABLESPACE devos1_tbs OWNER devos1 LOCATION '/bitnami/postgresql/tablespaces/devos1'; + CREATE TABLESPACE devos1_tbs OWNER devos1 LOCATION '/bitnami/postgresql/tablespaces/devos1_tbs'; -- create database devos1 CREATE DATABASE devos1 OWNER devos1 TEMPLATE template0 ENCODING UTF8 TABLESPACE devos1_tbs; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml index 26e717574..2e5f02c23 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml @@ -30,7 +30,7 @@ -- create tablespace for icndb - CREATE TABLESPACE icndb_tbs OWNER icndb LOCATION '/bitnami/postgresql/tablespaces/icndb'; + CREATE TABLESPACE icndb_tbs OWNER icndb LOCATION '/bitnami/postgresql/tablespaces/icndb_tbs'; -- create database icndb CREATE DATABASE icndb OWNER icndb TEMPLATE template0 ENCODING UTF8 TABLESPACE icndb_tbs; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml index 36af5d77d..bee980224 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml @@ -28,7 +28,7 @@ CREATE USER bawdocs WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for bawdocs - CREATE TABLESPACE bawdocs_tbs OWNER bawdocs LOCATION '/bitnami/postgresql/tablespaces/bawdocs'; + CREATE TABLESPACE bawdocs_tbs OWNER bawdocs LOCATION '/bitnami/postgresql/tablespaces/bawdocs_tbs'; -- create database bawdocs CREATE DATABASE bawdocs OWNER bawdocs TEMPLATE template0 ENCODING UTF8 TABLESPACE bawdocs_tbs; @@ -57,7 +57,7 @@ CREATE USER bawtos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for bawtos - CREATE TABLESPACE bawtos_tbs OWNER bawtos LOCATION '/bitnami/postgresql/tablespaces/bawtos'; + CREATE TABLESPACE bawtos_tbs OWNER bawtos LOCATION '/bitnami/postgresql/tablespaces/bawtos_tbs'; -- create database bawtos CREATE DATABASE bawtos OWNER bawtos TEMPLATE template0 ENCODING UTF8 TABLESPACE bawtos_tbs; @@ -86,7 +86,7 @@ CREATE USER bawdos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for bawdos - CREATE TABLESPACE bawdos_tbs OWNER bawdos LOCATION '/bitnami/postgresql/tablespaces/bawdos'; + CREATE TABLESPACE bawdos_tbs OWNER bawdos LOCATION '/bitnami/postgresql/tablespaces/bawdos_tbs'; -- create database bawdos CREATE DATABASE bawdos OWNER bawdos TEMPLATE template0 ENCODING UTF8 TABLESPACE bawdos_tbs; @@ -116,7 +116,7 @@ CREATE USER chdb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for chdb - CREATE TABLESPACE chdb_tbs OWNER chdb LOCATION '/bitnami/postgresql/tablespaces/chdb'; + CREATE TABLESPACE chdb_tbs OWNER chdb LOCATION '/bitnami/postgresql/tablespaces/chdb_tbs'; -- create database chdb CREATE DATABASE chdb OWNER chdb TEMPLATE template0 ENCODING UTF8 TABLESPACE chdb_tbs; @@ -145,7 +145,7 @@ CREATE USER bawexternal WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for bawexternal - CREATE TABLESPACE bawexternal_tbs OWNER bawexternal LOCATION '/bitnami/postgresql/tablespaces/bawexternal'; + CREATE TABLESPACE bawexternal_tbs OWNER bawexternal LOCATION '/bitnami/postgresql/tablespaces/bawexternal_tbs'; -- create database bawexternal CREATE DATABASE bawexternal OWNER bawexternal TEMPLATE template0 ENCODING UTF8 TABLESPACE bawexternal_tbs; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml index cdc63c371..645a3efd3 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml @@ -28,7 +28,7 @@ CREATE USER gcddb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for gcddb - CREATE TABLESPACE gcddb_tbs OWNER gcddb LOCATION '/bitnami/postgresql/tablespaces/gcddb'; + CREATE TABLESPACE gcddb_tbs OWNER gcddb LOCATION '/bitnami/postgresql/tablespaces/gcddb_tbs'; -- create database gcddb CREATE DATABASE gcddb OWNER gcddb TEMPLATE template0 ENCODING UTF8 TABLESPACE gcddb_tbs; @@ -57,7 +57,7 @@ CREATE USER os1db WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for os1db - CREATE TABLESPACE os1db_tbs OWNER os1db LOCATION '/bitnami/postgresql/tablespaces/os1db'; + CREATE TABLESPACE os1db_tbs OWNER os1db LOCATION '/bitnami/postgresql/tablespaces/os1db_tbs'; -- create database os1db CREATE DATABASE os1db OWNER os1db TEMPLATE template0 ENCODING UTF8 TABLESPACE os1db_tbs; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml index bad039f6e..77fa4a342 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml @@ -28,7 +28,7 @@ -- create tablespace for fpos - CREATE TABLESPACE fpos_tbs OWNER fpos LOCATION '/bitnami/postgresql/tablespaces/fpos'; + CREATE TABLESPACE fpos_tbs OWNER fpos LOCATION '/bitnami/postgresql/tablespaces/fpos_tbs'; -- create database fpos CREATE DATABASE fpos OWNER fpos TEMPLATE template0 ENCODING UTF8 TABLESPACE fpos_tbs; @@ -56,7 +56,7 @@ CREATE USER ros WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; -- create tablespace for ros - CREATE TABLESPACE ros_tbs OWNER ros LOCATION '/bitnami/postgresql/tablespaces/ros'; + CREATE TABLESPACE ros_tbs OWNER ros LOCATION '/bitnami/postgresql/tablespaces/ros_tbs'; -- create database ros CREATE DATABASE ros OWNER ros TEMPLATE template0 ENCODING UTF8 TABLESPACE ros_tbs; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/remove.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/remove.yml index cf1451ad5..ce6fffe12 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/remove.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/remove.yml @@ -325,7 +325,7 @@ - proj5 - proj6 -- name: Remove PostgreSQL tablespaces +- name: Remove PostgreSQL tablespace and folder ansible.builtin.include_role: name: common tasks_from: remove-postgresql-tablespace @@ -333,18 +333,18 @@ common_postgresql_tablespace_name: "{{ item }}" common_postgresql_project: "{{ cp4ba_postgresql_project }}" with_items: - - aeos - - devos1 - - icndb - - bawdocs - - bawtos - - bawdos - - chdb - - bawexternal - - gcddb - - os1db - - fpos - - ros + - aeos_tbs + - devos1_tbs + - icndb_tbs + - bawdocs_tbs + - bawtos_tbs + - bawdos_tbs + - chdb_tbs + - bawexternal_tbs + - gcddb_tbs + - os1db_tbs + - fpos_tbs + - ros_tbs - name: Remove PostgreSQL users ansible.builtin.include_role: From d6facdd5fd8c6bb099373423443dd9931b796874 Mon Sep 17 00:00:00 2001 From: Pierre DANIEL <43950165+P-147@users.noreply.github.com> Date: Tue, 3 Dec 2024 12:03:59 +0100 Subject: [PATCH 18/45] fix forgotten "_tbs" suffix in tablespace mkdir command Fix naming in ansible task responsible for tablespace folder creation. Signed-off-by: Pierre DANIEL <43950165+P-147@users.noreply.github.com> --- .../cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml | 2 +- .../cp4ba/cp4ba-core/tasks/db/adp.yml | 2 +- .../cp4ba/cp4ba-core/tasks/db/ban.yml | 2 +- .../cp4ba/cp4ba-core/tasks/db/bawaut.yml | 10 +++++----- .../cp4ba/cp4ba-core/tasks/db/fncm.yml | 4 ++-- .../cp4ba/cp4ba-core/tasks/db/ier.yml | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml index 66ba90fc0..e7284e63f 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/aae-data-persistence.yml @@ -14,7 +14,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/aeos + command: mkdir -p /bitnami/postgresql/tablespaces/aeos_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml index 0acb99daa..a4888c644 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/adp.yml @@ -53,7 +53,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/devos1 + command: mkdir -p /bitnami/postgresql/tablespaces/devos1_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml index 2e5f02c23..f630a3e64 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml @@ -14,7 +14,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/icndb + command: mkdir -p /bitnami/postgresql/tablespaces/icndb_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml index bee980224..ade706601 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml @@ -13,7 +13,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/bawdocs + command: mkdir -p /bitnami/postgresql/tablespaces/bawdocs_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') @@ -42,7 +42,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/bawtos + command: mkdir -p /bitnami/postgresql/tablespaces/bawtos_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') @@ -71,7 +71,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/bawdos + command: mkdir -p /bitnami/postgresql/tablespaces/bawdos_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') @@ -101,7 +101,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/chdb + command: mkdir -p /bitnami/postgresql/tablespaces/chdb_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') @@ -129,7 +129,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/bawexternal + command: mkdir -p /bitnami/postgresql/tablespaces/bawexternal_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml index 645a3efd3..6c51e4293 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/fncm.yml @@ -13,7 +13,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/gcddb + command: mkdir -p /bitnami/postgresql/tablespaces/gcddb_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') @@ -42,7 +42,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/os1db + command: mkdir -p /bitnami/postgresql/tablespaces/os1db_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml index 77fa4a342..b3d43997a 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml @@ -12,7 +12,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/fpos + command: mkdir -p /bitnami/postgresql/tablespaces/fpos_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') @@ -41,7 +41,7 @@ kubernetes.core.k8s_exec: namespace: "{{ cp4ba_postgresql_project }}" pod: "{{ postgresql_pod.resources[0].metadata.name }}" - command: mkdir -p /bitnami/postgresql/tablespaces/ros + command: mkdir -p /bitnami/postgresql/tablespaces/ros_tbs register: command_status failed_when: command_status.rc != 0 and command_status.stderr is not search('.*File exists.*') From 848a611edf879a49be5f6ece0097e585a04178eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Tue, 3 Dec 2024 12:26:12 +0100 Subject: [PATCH 19/45] SQL commands cosmetics MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml | 1 - .../cp4ba/cp4ba-core/tasks/db/bawaut.yml | 5 +---- .../50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml | 1 - 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml index f630a3e64..4a90a8d7a 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ban.yml @@ -28,7 +28,6 @@ -- create user icndb CREATE USER icndb WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create tablespace for icndb CREATE TABLESPACE icndb_tbs OWNER icndb LOCATION '/bitnami/postgresql/tablespaces/icndb_tbs'; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml index ade706601..70f29c5c9 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/bawaut.yml @@ -140,7 +140,6 @@ command: > bash -c " psql postgresql://postgres:$POSTGRES_PASSWORD@localhost:5432 <<-EOF - -- create user bawexternal CREATE USER bawexternal WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; @@ -160,7 +159,6 @@ command: > bash -c " psql postgresql://bawexternal:$POSTGRES_PASSWORD@localhost:5432 <<-EOF - -- add test table CREATE TABLE IF NOT EXISTS public.user_db ( @@ -174,7 +172,7 @@ -- add test data INSERT INTO public.user_db(username, first_name, last_name) - VALUES + VALUES ('jdoe0','John','Doe'), ('hrobbey1','Hurleigh','Robbey'), ('nhankins2','Nicola','Hankins'), @@ -182,6 +180,5 @@ ('shalbert4','Silvia','Halbert'), ('lrowena5','Linn','Rowena') ON CONFLICT (username) DO NOTHING; - EOF" register: command_status diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml index b3d43997a..b042a01cd 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/db/ier.yml @@ -26,7 +26,6 @@ -- create user fpos CREATE USER fpos WITH PASSWORD '{{ cp4ba_postgresql_universal_password }}'; - -- create tablespace for fpos CREATE TABLESPACE fpos_tbs OWNER fpos LOCATION '/bitnami/postgresql/tablespaces/fpos_tbs'; From bd31ecb8b302d8ff0b5a9e1915d6a78762686233 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 5 Dec 2024 10:15:03 +0100 Subject: [PATCH 20/45] Linting fix for WFI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../tasks/postdeploy/ads-maven-plugins.yml | 24 +------------------ .../workforce-insights-config-secret.yaml.j2 | 2 +- 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ads-maven-plugins.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ads-maven-plugins.yml index 4c0ca47de..f8c1fa3ab 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ads-maven-plugins.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/ads-maven-plugins.yml @@ -56,29 +56,6 @@ dest: "{{ cp4ba_output_directory }}/{{ plugin_file_name }}" mode: u+rwx - # TODO from ansible 2.10+ but line endings of jar files are changed and CP4BA components cannot use these modified jars. - # - name: Upload plugin to Nexus - # ansible.builtin.uri: - # url: "https://nexus.{{ apps_endpoint_domain }}/service/rest/v1/components?repository=maven-releases" - # method: POST - # body_format: form-multipart - # body: - # maven2.asset1: - # content: "{{ lookup('file', cp4ba_output_directory+'/'+item.value.path) }}" - # filename: "{{ item.value.path }}" - # maven2.groupId: "{{ item.value.maven_coordinates.groupId }}" - # maven2.artifactId: "{{ item.value.maven_coordinates.artifactId }}" - # maven2.version: "{{ item.value.maven_coordinates.version }}" - # maven2.asset1.extension: "{{ item.value.maven_coordinates.packaging }}" - # validate_certs: false - # status_code: 200 - # user: "{{ lc_principal_admin_user }}" - # password: "{{ lc_principal_admin_password }}" - # force_basic_auth: true - # register: response - # vars: - # jar_name: "{{ ads_maven_plugins_response.json | json_query('resources.annotations_maven_plugin.path') }}" - - name: Upload plugin to Nexus ansible.builtin.command: | curl -kX 'POST' \ @@ -95,3 +72,4 @@ register: ads_curl_result changed_when: true failed_when: ads_curl_result.stdout != "204" + # noqa: command-instead-of-module diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bai/workforce-insights-config-secret.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bai/workforce-insights-config-secret.yaml.j2 index a558ae62a..d15cb4fec 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bai/workforce-insights-config-secret.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bai/workforce-insights-config-secret.yaml.j2 @@ -6,6 +6,6 @@ metadata: stringData: workforce-insights-configuration.yml: |- - bpmSystemId: {{ system_id }} - url: {{ url}} + url: {{ url }} username: {{ username }} password: {{ password }} \ No newline at end of file From 100512181daf4717c007bca2908023dcdb7dda49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 5 Dec 2024 14:15:41 +0100 Subject: [PATCH 21/45] Add BAW FNCM Subscription for ECM Content Event MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../postdeploy/bawaut-fncm-subscription.yml | 319 ++++++++++++++++++ .../cp4ba-core/tasks/postdeploy/bawaut.yml | 2 + .../templates/bawaut/baw-server.properties.j2 | 4 + docs/src/30-reference/configuration/cp4ba.md | 1 + 4 files changed, 326 insertions(+) create mode 100644 automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut-fncm-subscription.yml create mode 100644 automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/baw-server.properties.j2 diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut-fncm-subscription.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut-fncm-subscription.yml new file mode 100644 index 000000000..bcf5201ff --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut-fncm-subscription.yml @@ -0,0 +1,319 @@ +- name: Get OCP Apps domain + ansible.builtin.include_role: + name: common + tasks_from: apps-endpoint + vars: + common_output_to_var: "apps_endpoint_domain" + +- name: Get IAM token + ansible.builtin.include_role: + name: common + tasks_from: iam-token-user + vars: + common_cpfs_project: "{{ cp4ba_project_name }}" + common_user: "{{ lc_principal_admin_user }}" + common_password: "{{ lc_principal_admin_password }}" + common_output_to_var: "iam_token" + +- name: Get Zen token + ansible.builtin.include_role: + name: common + tasks_from: zen-token + vars: + common_iam_token: "{{ iam_token }}" + common_user: "{{ lc_principal_admin_user }}" + common_namespace_name: "{{ cp4ba_project_name }}" + common_output_to_var: "zen_token" + +- name: Search for existing baw-server.properties document + ansible.builtin.uri: + url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql" + method: POST + headers: + Authorization: "Bearer {{ zen_token }}" + body_format: json + body: + { + query: "{ + documents( + repositoryIdentifier:\"BAWTOS\" + from:\"Document d WITH INCLUDESUBCLASSES\" + where:\"d.[DocumentTitle] = 'baw-server.properties'\" + orderBy:\"DocumentTitle\" + pageSize:20 + ) + { + documents { + id + } + } + }" + } + validate_certs: false + return_content: true + status_code: + - 200 + register: baw_properties_graphql_response + failed_when: "'errors' in baw_properties_graphql_response.content" + +- name: Setup BAW FNCM integration + when: baw_properties_graphql_response.json.data.documents.documents | length == 0 + block: + - name: Copy needed jar files + kubernetes.core.k8s_cp: + namespace: "{{ cp4ba_project_name }}" + pod: "{{ cp4ba_cr_meta_name }}-bastudio-deployment-0" + remote_path: "/opt/ibm/wlp/ibmProcessServer/lib/BPM/{{ item }}" + local_path: "{{ cp4ba_output_directory }}/{{ item.split('/')[-1] }}" + no_preserve: true + state: from_pod + with_items: + - EventHandlers/ECM/FileNet/filenet-bpm-event-handler-51.jar + - Lombardi/lib/commons-codec.jar + - Lombardi/lib/commons-httpclient.jar + + - name: Prepare yaml file for baw-server.properties + ansible.builtin.template: + src: bawaut/baw-server.properties.j2 + dest: "{{ cp4ba_output_directory }}/baw-server.properties" + mode: u+rwx + + - name: Add baw-server.properties + ansible.builtin.uri: + url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql" + method: POST + headers: + Content-Type: application/json + Authorization: "Bearer {{ zen_token }}" + body_format: form-multipart + body: + graphql: | + {"query":"mutation ($contvar:String){ + createDocument( + repositoryIdentifier:\"BAWTOS\" + documentProperties: { + name: \"baw-server.properties\" + contentElements:{ + replace: [{type: CONTENT_TRANSFER contentType: \"text/plain\" subContentTransfer: {content:$contvar} }] + } + } checkinAction: {} + ) { id name } }", "variables":{"contvar":null} }" + contvar: + content: "{{ lookup('file', cp4ba_output_directory + '/baw-server.properties') }}" + filename: baw-server.properties + mime_type: text/plain + validate_certs: false + return_content: true + status_code: + - 200 + register: graphql_response + failed_when: "'errors' in graphql_response.content" + + - name: Set baw-server.properties ID + ansible.builtin.set_fact: + properties_id: "{{ graphql_response.json.data.createDocument.id }}" + + - name: Create CodeModules folder + ansible.builtin.uri: + url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql" + method: POST + headers: + Content-Type: application/json + Authorization: "Bearer {{ zen_token }}" + body_format: json + body: + query: | + mutation CreateCodeModulesFolder {createFolder(repositoryIdentifier: + "BAWTOS", folderProperties: {name: "CodeModules", parent: {identifier: "/"} }) {id} } + validate_certs: false + status_code: + - 200 + register: folder_response + failed_when: (folder_response.json | json_query('errors') | default([], true) | length > 1) and + (folder_response.json | json_query('errors[0].extensions.serverErrorMessage') + is not match('A uniqueness requirement has been violated. The value for property FolderName of class Folder is not unique.')) + + - name: Add Code Module + ansible.builtin.command: | + curl -ks --location 'https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql' \ + --header 'Authorization: Bearer {{ zen_token }}' \ + --form graphql='{ + "query":" + mutation ($contvar1:String $contvar2:String $contvar3:String) { + createDocument( + repositoryIdentifier:\"BAWTOS\" + fileInFolderIdentifier: \"/CodeModules\" + classIdentifier:\"CodeModule\" + documentProperties: { + name: \"BPM Event Action Code Module\" + contentElements:{ + replace: [ + {type: CONTENT_TRANSFER contentType: \"application/java-archive\" subContentTransfer: {content:$contvar1} }, + {type: CONTENT_TRANSFER contentType: \"application/java-archive\" subContentTransfer: {content:$contvar2} }, + {type: CONTENT_TRANSFER contentType: \"application/java-archive\" subContentTransfer: {content:$contvar3} }, + ] + } + } checkinAction: {} + ) { id name } + } + ", + "variables":{"contvar":null} }' \ + --form contvar1=@{{ cp4ba_output_directory }}/filenet-bpm-event-handler-51.jar \ + --form contvar2=@{{ cp4ba_output_directory }}/commons-codec.jar \ + --form contvar3=@{{ cp4ba_output_directory }}/commons-httpclient.jar + register: curl_output + failed_when: curl_output.rc != 0 or (curl_output.stdout | from_json | default({}) == {}) + changed_when: false + # noqa: command-instead-of-module + + - name: Parse JSON response + ansible.builtin.set_fact: + response_json: "{{ curl_output.stdout | from_json }}" + + - name: Set Code Module ID + ansible.builtin.set_fact: + code_module_id: "{{ response_json.data.createDocument.id }}" + + - name: Create Event Action + ansible.builtin.uri: + url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql" + method: POST + headers: + Content-Type: application/json + Authorization: "Bearer {{ zen_token }}" + body_format: json + body: + { + query: "mutation { + changeObject( + repositoryIdentifier:\"BAWTOS\" + properties:[ + {DisplayName:\"BPM Event Action\"} + {DescriptiveText:\"BPM Event Action\"} + {ProgID:\"com.ibm.bpm.integration.filenet.BPMEventHandler\"} + {IsEnabled: true} + ] + objectProperties:[ + { + identifier:\"CodeModule\" + objectReferenceValue:{ + identifier:\"{{ code_module_id }}\" + } + } + ] + actions:[ + { + type:CREATE + subCreateAction:{ + classId:\"EventAction\" + } + } + ] + ) { + className + properties(includes:[\"Id\"]) { + id + value + } + } + }" + } + validate_certs: false + return_content: true + status_code: + - 200 + register: graphql_response + failed_when: "'errors' in graphql_response.content" + + - name: Set Event Action ID + ansible.builtin.set_fact: + event_action_id: "{{ graphql_response.json.data.changeObject.properties[0].value }}" + + - name: Get Document Class Description + ansible.builtin.uri: + url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql" + method: POST + headers: + Content-Type: application/json + Authorization: "Bearer {{ zen_token }}" + body_format: json + body: + { + query: "{ + classDescription (repositoryIdentifier: \"BAWTOS\" identifier: \"Document\") { + id + } + }" + } + validate_certs: false + return_content: true + status_code: + - 200 + register: graphql_response + failed_when: "'errors' in graphql_response.content" + + - name: Set Document Class Description ID + ansible.builtin.set_fact: + document_class_id: "{{ graphql_response.json.data.classDescription.id }}" + + - name: Debug + ansible.builtin.debug: + msg: "{{ graphql_response }}" + + - name: Create Subscription + ansible.builtin.uri: + url: "https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/content-services-graphql/graphql" + method: POST + headers: + Content-Type: application/json + Authorization: "Bearer {{ zen_token }}" + body_format: json + body: + { + query: "mutation { + changeObject( + repositoryIdentifier: \"BAWTOS\" + properties: [ + {DisplayName: \"BPM Subscription\"}, + {IncludeSubclassesRequested: true}, + {IsEnabled: true}, + {IsSynchronous: false}, + {UserString: \"{{ properties_id }}\"} + ] + objectProperties: [ + { + identifier: \"EventAction\", objectReferenceValue: { + identifier: \"{{ event_action_id }}\" + } + }, + { + identifier: \"SubscriptionTarget\", objectReferenceValue: { + classIdentifier: \"ClassDefinition\", identifier: \"{{ document_class_id }}\" + } + }, + { + identifier: \"SubscribedEvents\", dependentObjectListValue: { + replace: [ + {objectProperties: [ + {identifier: \"EventClass\", objectReferenceValue: {identifier: \"CreationEvent\"}} + ]} + ] + } + } + ] + actions: [{type: CREATE, subCreateAction: {classId: \"ClassSubscription\"}}] + ) { + className + properties(includes: [\"Id\"]) { + id + value + } + } + }" + } + validate_certs: false + return_content: true + status_code: + - 200 + register: graphql_response + failed_when: "'errors' in graphql_response.content" diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml index f705eb0cd..2d27d8e40 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml @@ -47,6 +47,8 @@ - 200 with_items: "{{ lc_general_groups + lc_admin_groups }}" +- name: Setup FNCM Subscription for ECM Content event + ansible.builtin.include_tasks: bawaut-fncm-subscription.yml - name: Set usage entry ansible.builtin.include_role: diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/baw-server.properties.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/baw-server.properties.j2 new file mode 100644 index 000000000..4bf5ee6b9 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/baw-server.properties.j2 @@ -0,0 +1,4 @@ +bpm.server.username=cpadmin +bpm.server.password={{ cp4ba_universal_password }} +bpm.server.uri=https\://{{ cp4ba_cr_meta_name }}-bastudio-service.{{ cp4ba_project_name }}.svc.cluster.local\:9443 +bpm.server.contextRoot=/bas/rest/bpm/wle/ diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index c1bbd50c2..dc6cad227 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -155,6 +155,7 @@ For your convenience the following post-deployment setup tasks have been automat - FNCM - Enabled search result highlighting for Simple Search for FNCM (OS1), BAW (BAWTOS) and ADP (DEVOS1) objectstores. - BAW - tw_admins enhanced with LDAP admin groups. - BAW - tw_authors enhanced with LDAP user and admin groups. +- BAW - Created FileNet Subscription for ECM Content event in BAWTOS Object Store. https://www.ibm.com/docs/en/baw/latest?topic=events-using-event-handler-filenet-content-manager. - BAI - extra flink task manager added for custom event processing. - RPA - Bot Developer permission added to administrative user. - IPM - Task mining related permissions added to admin user. From bd580c3b6e8a6b7c4c83eb07d82f603d88df33df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 5 Dec 2024 15:41:41 +0100 Subject: [PATCH 22/45] Enable Case History on domain level MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba-core/tasks/postdeploy/bawaut.yml | 35 +++++++++++++++++++ .../bawaut/EnableCaseHistory.java.j2 | 32 +++++++++++++++++ docs/src/30-reference/configuration/cp4ba.md | 1 + 3 files changed, 68 insertions(+) create mode 100644 automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/EnableCaseHistory.java.j2 diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml index 2d27d8e40..03c43c14c 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/bawaut.yml @@ -50,6 +50,41 @@ - name: Setup FNCM Subscription for ECM Content event ansible.builtin.include_tasks: bawaut-fncm-subscription.yml +# Without enabling this on domain level, Case History and BAW Timeline doesn't work. +- name: Prepare java file for Case History Enablement + ansible.builtin.template: + src: bawaut/EnableCaseHistory.java.j2 + dest: "{{ cp4ba_output_directory }}/EnableCaseHistory.java" + mode: u+rwx + +- name: Get CPE pods + kubernetes.core.k8s_info: + api_version: v1 + kind: Pod + namespace: "{{ cp4ba_project_name }}" + label_selectors: + - "app={{ cp4ba_cr_meta_name }}-cpe-deploy" + register: pods + +- name: Get CPE pod name + ansible.builtin.set_fact: + cpe_pod_name: "{{ pods.resources[0].metadata.name }}" + +- name: Copy java file to CPE pod + kubernetes.core.k8s_cp: + namespace: "{{ cp4ba_project_name }}" + pod: "{{ cpe_pod_name }}" + remote_path: "/tmp/EnableCaseHistory.java" + local_path: "{{ cp4ba_output_directory }}/EnableCaseHistory.java" + no_preserve: true + state: to_pod + +- name: Execute EnableCaseHistory.java + kubernetes.core.k8s_exec: + namespace: "{{ cp4ba_project_name }}" + pod: "{{ cpe_pod_name }}" + command: java -classpath /opt/ibm/wlp/usr/servers/defaultServer/jaceLib/Jace.jar /tmp/EnableCaseHistory.java + - name: Set usage entry ansible.builtin.include_role: name: usage diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/EnableCaseHistory.java.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/EnableCaseHistory.java.j2 new file mode 100644 index 000000000..924b18af3 --- /dev/null +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/EnableCaseHistory.java.j2 @@ -0,0 +1,32 @@ +import com.filenet.api.admin.CmProcessEngineConfiguration; +import com.filenet.api.collection.SubsystemConfigurationList; +import com.filenet.api.constants.RefreshMode; +import com.filenet.api.core.Connection; +import com.filenet.api.core.Domain; +import com.filenet.api.core.Factory; +import com.filenet.api.util.UserContext; + +import javax.security.auth.Subject; + +public class EnableCaseHistory { + + public static void main(String[] args) throws Exception { + Connection connection = Factory.Connection.getConnection("http://localhost:9080/wsi/FNCEWS40MTOM"); + Subject subject = UserContext.createSubject(connection, "{{ lc_principal_admin_user }}", "{{ lc_principal_admin_password }}", "FileNetP8WSI"); + UserContext.get().pushSubject(subject); + try { + Domain domain = Factory.Domain.fetchInstance(connection, null, null); + SubsystemConfigurationList subsystemConfigurations = domain.get_SubsystemConfigurations(); + for (Object subsystemConfig : subsystemConfigurations) { + if (subsystemConfig instanceof CmProcessEngineConfiguration) { + ((CmProcessEngineConfiguration) subsystemConfig).set_HistoryExporterEnabled(true); + domain.save(RefreshMode.REFRESH); + } + } + } catch (Exception e) { + e.printStackTrace(); + } finally { + UserContext.get().popSubject(); + } + } +} \ No newline at end of file diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index dc6cad227..a722ac71d 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -156,6 +156,7 @@ For your convenience the following post-deployment setup tasks have been automat - BAW - tw_admins enhanced with LDAP admin groups. - BAW - tw_authors enhanced with LDAP user and admin groups. - BAW - Created FileNet Subscription for ECM Content event in BAWTOS Object Store. https://www.ibm.com/docs/en/baw/latest?topic=events-using-event-handler-filenet-content-manager. +- BAW - Enable Case History on FNCM Domain level as a prerequisite for Timeline Visualizer. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=widgets-timeline-visualizer - BAI - extra flink task manager added for custom event processing. - RPA - Bot Developer permission added to administrative user. - IPM - Task mining related permissions added to admin user. From 1a560839f30657c06f0070e5f1b38cb79f3ec013 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 5 Dec 2024 17:08:13 +0100 Subject: [PATCH 23/45] Polish and TODOs resolution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/common/tasks/nexus-upload.yml | 41 +------------------ .../cp4ba-core/tasks/postdeploy/fncm.yml | 2 +- .../cp4ba/cp4ba-core/templates/adp/cr.yaml.j2 | 2 +- .../cp4ba/rpa/tasks/install.yml | 33 --------------- docs/src/30-reference/configuration/cp4ba.md | 2 +- 5 files changed, 5 insertions(+), 75 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/nexus-upload.yml b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/nexus-upload.yml index 754b5b77c..b5e4ac631 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/nexus-upload.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/nexus-upload.yml @@ -17,27 +17,6 @@ vars: common_output_to_var: "apps_endpoint_domain" -# TODO from ansible 2.10+ but line endings of jar files are changed and CP4BA components cannot use these modified jars. -# - name: Upload to Nexus -# ansible.builtin.uri: -# url: "https://nexus.{{ apps_endpoint_domain }}/service/rest/v1/components?repository=raw-hosted" -# method: POST -# body_format: form-multipart -# body: -# raw.directory: cp4ba -# raw.asset1: -# content: "{{ lookup('file', common_file_folder_path+'/'+common_file_name) }}" -# filename: "{{ common_file_name }}" -# raw.asset1.filename: "{{ common_file_name }}" -# validate_certs: false -# status_code: -# - 204 -# user: "{{ lc_principal_admin_user }}" -# password: "{{ lc_principal_admin_password }}" -# force_basic_auth: true -# register: nexus_upload_result -# ignore_errors: true - - name: Upload to Nexus ansible.builtin.command: | curl -kX 'POST' \ @@ -51,6 +30,7 @@ -s -o /dev/null -w "%{http_code}" register: import_curl_result changed_when: true + # noqa: command-instead-of-module - name: Restart and reupload when: import_curl_result.stdout != "204" @@ -79,24 +59,6 @@ common_retries: 80 common_delay: 15 - # TODO from ansible 2.10+ but line endings of jar files are changed and CP4BA components cannot use these modified jars. - # - name: Upload to Nexus - # ansible.builtin.uri: - # url: "https://nexus.{{ apps_endpoint_domain }}/service/rest/v1/components?repository=raw-hosted" - # method: POST - # body_format: form-multipart - # body: - # raw.directory: cp4ba - # raw.asset1: - # content: "{{ lookup('file', common_file_folder_path+'/'+common_file_name) }}" - # filename: "{{ common_file_name }}" - # raw.asset1.filename: "{{ common_file_name }}" - # validate_certs: false - # status_code: 204 - # user: "{{ lc_principal_admin_user }}" - # password: "{{ lc_principal_admin_password }}" - # force_basic_auth: true - - name: Upload to Nexus ansible.builtin.command: | curl -kX 'POST' \ @@ -111,3 +73,4 @@ register: import_curl_result failed_when: import_curl_result.stdout != "204" changed_when: true + # noqa: command-instead-of-module diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml index f748dae9c..b96e4dc77 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/postdeploy/fncm.yml @@ -70,7 +70,7 @@ - 200 register: graphql_response failed_when: "'errors' in graphql_response.content" - with_items: {{ os_list }} + with_items: "{{ os_list }}" - name: Set usage entry ansible.builtin.include_role: diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/adp/cr.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/adp/cr.yaml.j2 index 4007b7c96..2c0a6c7dc 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/adp/cr.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/adp/cr.yaml.j2 @@ -38,7 +38,7 @@ spec: viewone: auto_scaling: enabled: false - # TODO temporary workaround for viewone pod to startup, last sen in 24.0.0 GA + # TODO temporary workaround for viewone pod to startup, last seen in 24.0.0 GA viewone_production_setting: jvm_initial_heap_percentage: 20 jvm_max_heap_percentage: 33 diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml index a42d34ca8..b6e36d035 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml @@ -58,28 +58,6 @@ common_namespace_name: "{{ rpa_project_name }}" common_label_selector_stub: ibm-mq - -# TODO hotfix to enable RPA to progress last seen CP4BA 24.0.1 + RPA 2.0.0 START -- name: Scale deployment down to zero replicas - kubernetes.core.k8s_scale: - api_version: apps/v1 - kind: Deployment - name: ibm-cp4a-operator - namespace: "{{ rpa_project_name }}" - replicas: 0 - -- name: Patch ZenService - kubernetes.core.k8s_json_patch: - api_version: zen.cpd.ibm.com/v1 - kind: ZenService - name: iaf-zen-cpdservice - namespace: "{{ rpa_project_name }}" - patch: - - op: replace - path: /spec/zenCustomRoute/route_reencrypt - value: 'true' -# TODO hotfix to enable RPA to progress last seen CP4BA 24.0.1 + RPA 2.0.0 END - - name: Prepare yaml file for the Operator Subscription ansible.builtin.template: src: subscription.yaml.j2 @@ -398,14 +376,3 @@ - {{ lc_principal_admin_user }} / {{ lc_principal_admin_password }} " - - -# TODO hotfix to enable RPA to progress last seen CP4BA 24.0.1 + RPA 2.0.0 START -- name: Scale deployment up to one replicas - kubernetes.core.k8s_scale: - api_version: apps/v1 - kind: Deployment - name: ibm-cp4a-operator - namespace: "{{ rpa_project_name }}" - replicas: 1 -# TODO hotfix to enable RPA to progress last seen CP4BA 24.0.1 + RPA 2.0.0 END diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index a722ac71d..9acf89a19 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -155,7 +155,7 @@ For your convenience the following post-deployment setup tasks have been automat - FNCM - Enabled search result highlighting for Simple Search for FNCM (OS1), BAW (BAWTOS) and ADP (DEVOS1) objectstores. - BAW - tw_admins enhanced with LDAP admin groups. - BAW - tw_authors enhanced with LDAP user and admin groups. -- BAW - Created FileNet Subscription for ECM Content event in BAWTOS Object Store. https://www.ibm.com/docs/en/baw/latest?topic=events-using-event-handler-filenet-content-manager. +- BAW - Created FileNet Subscription for ECM Content event in BAWTOS Object Store. https://www.ibm.com/docs/en/baw/latest?topic=events-using-event-handler-filenet-content-manager - BAW - Enable Case History on FNCM Domain level as a prerequisite for Timeline Visualizer. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=widgets-timeline-visualizer - BAI - extra flink task manager added for custom event processing. - RPA - Bot Developer permission added to administrative user. From d47c3fa438a64612636ced0c185204123872a094 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 5 Dec 2024 17:58:13 +0100 Subject: [PATCH 24/45] Longer waiting for IBM Licensing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/cpfs/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cpfs/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/cpfs/tasks/install.yml index 78f971c03..807de3edd 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cpfs/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cpfs/tasks/install.yml @@ -161,8 +161,8 @@ name: instance namespace: ibm-licensing register: licensing - retries: 10 - delay: 15 + retries: 15 + delay: 25 until: licensing.resources | length == 1 - name: Set licensing license accept From 9c27a51cf0f1d122d655f325f70c2c6a33775e92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Fri, 6 Dec 2024 07:17:15 +0100 Subject: [PATCH 25/45] Update and fix redis rpa MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/rpa/tasks/install.yml | 3 ++- .../cp4ba/rpa/templates/catalogsource.yaml.j2 | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml index b6e36d035..4b95796ca 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml @@ -33,7 +33,7 @@ until: ('READY' in catalogsource | json_query('resources[*].status.connectionState.lastObservedState') | unique) with_items: - ibm-robotic-process-automation-catalog - - ibm-cloud-databases-redis-operator-catalog + - ibm-redis-cp-operator-catalog - ibmmq-operator-catalogsource - name: Prepare yaml file for the MQ Operator Subscription @@ -229,6 +229,7 @@ --data-urlencode 'grant_type=password' register: rpa_token_response changed_when: false + # noqa: command-instead-of-module - name: Set rpa_token ansible.builtin.set_fact: diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2 index 7493ca28e..12288f3e2 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/catalogsource.yaml.j2 @@ -13,7 +13,7 @@ spec: registryPoll: interval: 45m --- -# case 1.2.2 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-redis-cp +# case 1.2.3 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-redis-cp apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -23,7 +23,7 @@ spec: displayName: IBM Redis CP Catalog publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-redis-cp-operator-catalog@sha256:cd9d784af40e0524c030c43f2c869bc4027a97bf13d02e3dfa3649785dcf49c1 + image: icr.io/cpopen/ibm-redis-cp-operator-catalog@sha256:415dc3b76406e8b2a23d2344682d686107e71662845f236f48212a7795414e6a updateStrategy: registryPoll: interval: 45m From 69b6cd1e0317b2e2c12ed5946753e057ebb545b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Mon, 9 Dec 2024 16:05:13 +0100 Subject: [PATCH 26/45] Fix MSSQL tooling path and Encryption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/mssql/tasks/install.yml | 2 +- .../50-install-cloud-pak/cp4ba/rpa/tasks/install.yml | 2 +- .../50-install-cloud-pak/cp4ba/rpa/tasks/remove.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/mssql/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/mssql/tasks/install.yml index 205d75c08..e075887e7 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/mssql/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/mssql/tasks/install.yml @@ -63,7 +63,7 @@ ```bash - /opt/mssql-tools/bin/sqlcmd -S 127.0.0.1 -U sa -P {{ mssql_universal_password }} + /opt/mssql-tools18/bin/sqlcmd -No -S 127.0.0.1 -U sa -P {{ mssql_universal_password }} ``` diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml index 4b95796ca..c229f4e3f 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml @@ -103,7 +103,7 @@ namespace: "{{ rpa_mssql_project }}" pod: "{{ pods.resources[0].metadata.name }}" command: > - /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "{{ rpa_universal_password }}" -Q + /opt/mssql-tools18/bin/sqlcmd -No -S localhost -U SA -P "{{ rpa_universal_password }}" -Q "create database [automation]; create database [knowledge]; create database [wordnet]; diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/remove.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/remove.yml index 0181a392c..40dc5aa30 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/remove.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/remove.yml @@ -64,7 +64,7 @@ namespace: "{{ rpa_mssql_project }}" pod: "{{ pods.resources[0].metadata.name }}" command: > - /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "{{ rpa_universal_password }}" -Q + /opt/mssql-tools18/bin/sqlcmd -No -S localhost -U SA -P "{{ rpa_universal_password }}" -Q "ALTER DATABASE [automation] SET SINGLE_USER WITH ROLLBACK IMMEDIATE; drop database [automation]; ALTER DATABASE [knowledge] SET SINGLE_USER WITH ROLLBACK IMMEDIATE; From d56af7dcc1acc71c4cd1aef08e837caf5a4bff2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Tue, 10 Dec 2024 08:19:08 +0100 Subject: [PATCH 27/45] Allow rpa AV auto update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 index e4ca615f7..787a4e714 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/templates/roboticprocessautomation.yaml.j2 @@ -38,6 +38,7 @@ spec: replicas: 1 antivirus: replicas: 1 + autoUpdateEnabled: true audit: forwardingEnabled: false nlp: From 5be4880342109bb8c49bbd2f951e59bb4fe1e234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Tue, 10 Dec 2024 18:45:16 +0100 Subject: [PATCH 28/45] More MSSQL Memory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/mssql/templates/statefulsets.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 index 99930d154..0e51f17f2 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 @@ -25,10 +25,10 @@ spec: resources: requests: cpu: 100m - memory: 1024Mi + memory: 2048Mi limits: cpu: 1000m - memory: 2048Mi + memory: 3072Mi startupProbe: tcpSocket: port: 1433 From 4f3e29db58afbb1b4d0b5f3be1ea932e1883a696 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Tue, 10 Dec 2024 19:03:15 +0100 Subject: [PATCH 29/45] More MSSQL Memory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/mssql/templates/statefulsets.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 index 0e51f17f2..42100c196 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 @@ -28,7 +28,7 @@ spec: memory: 2048Mi limits: cpu: 1000m - memory: 3072Mi + memory: 5120Mi startupProbe: tcpSocket: port: 1433 From 4ee99ba2b75a6e4f9c1d1cf1a845e7362324cce7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Tue, 10 Dec 2024 21:01:45 +0100 Subject: [PATCH 30/45] Fix HTTP code for bot developers team MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/rpa/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml index c229f4e3f..33c3b20ed 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml @@ -272,10 +272,10 @@ validate_certs: false return_content: true status_code: - - 200 + - 201 - 400 register: team_response - failed_when: team_response.status != 200 and team_response.content is not search('already exists in tenant') + failed_when: team_response.status != 201 and team_response.content is not search('already exists in tenant') - name: Get teams ansible.builtin.uri: From e2b81892306fd98a54b585028e4b59d172fb9117 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Wed, 11 Dec 2024 09:44:25 +0100 Subject: [PATCH 31/45] Add RPA roles to groups and users MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/rpa/tasks/install.yml | 75 ++++++++++++++++++- 1 file changed, 72 insertions(+), 3 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml index 33c3b20ed..580434946 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/rpa/tasks/install.yml @@ -184,7 +184,7 @@ name: common tasks_from: iam-token-user vars: - common_cpfs_project: "{{ cp4ba_project_name }}" + common_cpfs_project: "{{ rpa_project_name }}" common_user: "{{ lc_principal_admin_user }}" common_password: "{{ lc_principal_admin_password }}" common_output_to_var: "iam_token" @@ -199,6 +199,75 @@ common_namespace_name: "{{ rpa_project_name }}" common_output_to_var: "zen_token" +- name: Get groups + ansible.builtin.uri: + url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/usermgmt/v2/groups" + method: GET + headers: + Authorization: "Bearer {{ zen_token }}" + validate_certs: false + status_code: 200 + register: groups_response + +- name: Add all RPA roles to group {{ item }} + ansible.builtin.uri: + url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/usermgmt/v2/groups/{{ groups_response.json | json_query(condition_query) | first }}" + method: PATCH + headers: + Authorization: "Bearer {{ zen_token }}" + body_format: json + body: + add_role_identifiers: + - rpa-automation-user + validate_certs: false + status_code: + - 200 + - 500 + vars: + condition_query: "results[?name == '{{ item }}'].group_id" + register: group_response + failed_when: group_response.status == 500 and group_response.json | json_query('exception') is not search('.*duplicate key value*') + with_items: "{{ lc_admin_groups }}" + +# Needed as group related permissions are updated only after first real login via browser +- name: Add all RPA roles to default admin user and cpadminservice + ansible.builtin.uri: + url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/usermgmt/v1/user/{{ item }}?add_roles=true" + method: PUT + headers: + Authorization: "Bearer {{ zen_token }}" + body_format: json + body: + username: "{{ item }}" + user_roles: + - rpa-automation-user + validate_certs: false + status_code: + - 200 + with_items: + - cpadminservice + - "{{ lc_principal_admin_user }}" + +- name: Add RPA regular roles to group {{ item }} + ansible.builtin.uri: + url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/usermgmt/v2/groups/{{ groups_response.json | json_query(condition_query) | first }}" + method: PATCH + headers: + Authorization: "Bearer {{ zen_token }}" + body_format: json + body: + add_role_identifiers: + - rpa-automation-user + validate_certs: false + status_code: + - 200 + - 500 + vars: + condition_query: "results[?name == '{{ item }}'].group_id" + register: group_response + failed_when: group_response.status == 500 and group_response.json | json_query('exception') is not search('.*duplicate key value*') + with_items: "{{ lc_general_groups }}" + - name: Get RPA zen login token ansible.builtin.uri: url: "https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/rpa/api/zen-token-login" @@ -368,9 +437,9 @@ # Endpoints - - UI: https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/rpa/ui + - UI: https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/rpa/ui - - API: https://cpd-{{ cp4ba_project_name }}.{{ apps_endpoint_domain }}/rpa/api/v1.2/en/configuration + - API: https://cpd-{{ rpa_project_name }}.{{ apps_endpoint_domain }}/rpa/api/v1.2/en/configuration # Credentials From c4765eeb7cc1788b3604014e3df33f60e6f335d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Wed, 11 Dec 2024 10:47:11 +0100 Subject: [PATCH 32/45] Cerebro OOM resolve MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/cerebro/templates/deployments.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2 index a5185a5a7..cb9ecaed5 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2 @@ -26,7 +26,7 @@ spec: memory: 512Mi limits: cpu: 500m - memory: 1536Mi + memory: 2048Mi startupProbe: tcpSocket: port: 8080 From 6f46c58c529fb75ade4db9a6cf27127d18e7f238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Wed, 11 Dec 2024 12:00:20 +0100 Subject: [PATCH 33/45] Cerebro OOM resolve MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/cerebro/templates/deployments.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2 index cb9ecaed5..16275fe36 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cerebro/templates/deployments.yaml.j2 @@ -26,7 +26,7 @@ spec: memory: 512Mi limits: cpu: 500m - memory: 2048Mi + memory: 4096Mi startupProbe: tcpSocket: port: 8080 From 3dae9ba8391cf0d7b901c2cb463d6ec6d014d143 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Wed, 18 Dec 2024 10:39:39 +0100 Subject: [PATCH 34/45] cp4ba 24.0.1 and BAS AI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/cp4ba-core/defaults/main.yml | 14 ++++--- .../bawaut-liberty-custom-xml-secret.yaml.j2 | 4 ++ .../bawaut-lombardi-custom-xml-secret.yaml.j2 | 7 +++- .../templates/catalogsource.yaml.j2 | 37 ++++++++++--------- .../cp4ba-core/templates/postdeploy.md.j2 | 15 ++++++++ docs/src/30-reference/configuration/cp4ba.md | 11 +++--- 6 files changed, 59 insertions(+), 29 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml index 5db06418c..23afbb14e 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/defaults/main.yml @@ -4,19 +4,23 @@ cp4ba_dir_name: cp4ba ## Should not be changed in particular guide version. ## Version of the Subscription channel as defined on ## https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=cluster-setting-up-in-openshift-console -cp4ba_operator_channel: v24.0 +cp4ba_operator_channel: v24.1 ## Should not be changed in particular guide version. ## Version of cert-kubernetes folder from Cloud Pak CASE archive e.g. 21.0.1 -cp4ba_cert_k8s_branch: 24.0.0-IF003 +cp4ba_cert_k8s_branch: 24.0.1 cp4ba_storage_class_name: "" cp4ba_block_storage_class_name: "" ## Should not be changed in particular guide version. ## Version of Cloud Pak e.g. 20.0.2.1, 20.0.3 -cp4ba_version: 24.0.0 +cp4ba_version: 24.0.1 ## Version in CPFS catalog CatalogSource -cpfs_cs_version: v4-6-6 +cpfs_cs_version: v4-9-0 ## Version in BTS catalog CatalogSource -cpfs_bts_version: v3-34-0 +cpfs_bts_version: v3-35-1 +## Version in Zen catalog CatalogSource +cpfs_zen_version: 6-0-4 +## Version in IAM catalog CatalogSource +cpfs_iam_version: 4-8-0 ## Name of the CP4BA instance in cr.yaml at path metadata.name cp4ba_cr_meta_name: icp4adeploy ## Name of OCP CP4BA project diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 index d6060385e..53493c1d8 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 @@ -35,5 +35,9 @@ stringData: + + + + diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-lombardi-custom-xml-secret.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-lombardi-custom-xml-secret.yaml.j2 index 9bcc49de4..338833510 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-lombardi-custom-xml-secret.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-lombardi-custom-xml-secret.yaml.j2 @@ -59,6 +59,11 @@ stringData: ppt pptx - true + true + + 00000000-1111-2222-3333-444444444444 + https://us-south.ml.cloud.ibm.com + watsonx.ai_auth_alias + diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 index c4cfee4c1..d6195f848 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 @@ -1,4 +1,5 @@ # CP4BA catalog https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cp-automation +# CP4BA Git Repo https://github.com/icp4a/cert-kubernetes # IBM CS Flink Operator Catalog https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cs-flink # IBM CS Elastic Operator Catalog https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cs-elastic # IBM Cloud Foundational Services https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-cp-common-services @@ -16,7 +17,7 @@ # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # ############################################################################### -# CP4BA 24.0.0-IF003 catalog +# CP4BA 24.0.1 catalog apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -26,7 +27,7 @@ spec: displayName: ibm-cp4a-operator publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:2d00d01669ba5aba7471dcb85128b014577956b13630fc8da4e2ad3cf0c84db4 + image: icr.io/cpopen/ibm-cp-automation-catalog@sha256:80e5f2c149a622f74af25bfb9e9d3411ccaf136b914982d6e348b1c8b89bec5a updateStrategy: registryPoll: interval: 45m @@ -64,11 +65,11 @@ spec: interval: 45m priority: 100 --- -# IBM Cloud Foundational Services 4.6.6 +# IBM Cloud Foundational Services 4.9.0 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: ibm-cs-install-catalog-v4-6-6 + name: "ibm-cs-install-catalog-{{ cpfs_cs_version }}" namespace: "{{ cp4ba_project_name }}" annotations: bedrock_catalogsource_priority: '1' @@ -76,34 +77,34 @@ spec: displayName: IBM CS Install Operators publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-cs-install-catalog@sha256:f97e7cb0d476edfc16a3e983596512fd6166506cc9cfc5c833581ff23affd1b0 + image: icr.io/cpopen/ibm-cs-install-catalog@sha256:6dec61b65e1414fadce180ce9e9aeba82dd2e393085cb3cadc1a6e271cefe50a updateStrategy: registryPoll: interval: 45m priority: 100 --- -# IBM Business Teams Service version 3.34.0 +# IBM Business Teams Service version 3.35.1 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: bts-operator-v3-34-0 + name: "bts-operator-{{ cpfs_bts_version }}" namespace: "{{ cp4ba_project_name }}" annotations: bedrock_catalogsource_priority: '1' spec: - displayName: BTS Operator + displayName: BTS Operator-3.35.1 publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-bts-operator-catalog@sha256:437a91f9e0cc224c32fb3d574dbe56efe5d1211f2338746e8a7e192034beae8f + image: icr.io/cpopen/ibm-bts-operator-catalog@sha256:c803538b0ff68d76f5c85a21fed3c3a680acbf12c6150d39f2c3072e89de04b1 updateStrategy: registryPoll: interval: 45m --- -# IBM CS IM Operator Catalog 4.5.5 +# IBM CS IM Operator Catalog 4.8.0 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: ibm-iam-operator-catalog + name: "ibm-iam-operator-catalog-{{ cpfs_iam_version }}" namespace: "{{ cp4ba_project_name }}" annotations: bedrock_catalogsource_priority: '1' @@ -111,17 +112,17 @@ spec: displayName: IBM IAM Operator Catalog publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-iam-operator-catalog@sha256:205906d04301c85fe006143e2fc7134cd019a7fa83d3dd94fd816b929712605e + image: icr.io/cpopen/ibm-iam-operator-catalog@sha256:28685c8ebc72df046e883ca37c379ea11b4e6e14c9dd7c8da2c91b3cf1b57816 updateStrategy: registryPoll: interval: 45m priority: 100 --- -# IBM Zen Operator Catalog 5.1.8 +# IBM Zen Operator Catalog 6.0.4+20240916.202115.96 apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: ibm-zen-operator-catalog + name: "ibm-zen-operator-catalog-{{ cpfs_zen_version }}" namespace: "{{ cp4ba_project_name }}" annotations: bedrock_catalogsource_priority: '1' @@ -129,7 +130,7 @@ spec: displayName: IBM Zen Operator Catalog publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-zen-operator-catalog@sha256:d0157f7ff656b745424a4ed276ee3ee19de2507989d4c506f638adc85b440127 + image: icr.io/cpopen/ibm-zen-operator-catalog@sha256:9ce549fe51c21f584ad1e37fb09f0931018b48e4081af43bdff85d8dedfa8d65 updateStrategy: registryPoll: interval: 45m @@ -153,7 +154,7 @@ spec: interval: 45m priority: 100 --- -# Cloud Native PostgresSQL 1.18.12 (4.25.0) +# Cloud Native PostgresSQL Version 1.22.5 (CASE 4.29.0+20240829.203322.1920)(Postgresql Version 14.13) apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -165,13 +166,13 @@ spec: displayName: Cloud Native Postgresql Catalog publisher: IBM sourceType: grpc - image: icr.io/cpopen/ibm-cpd-cloud-native-postgresql-operator-catalog@sha256:0b46a3ec66622dd4a96d96243602a21d7a29cd854f67a876ad745ec524337a1f + image: icr.io/cpopen/ibm-cpd-cloud-native-postgresql-operator-catalog@sha256:d6b5e43f3b5c4e4198ed6ddfd4577eebea644df9d2fe2bac33600764b5cda631 updateStrategy: registryPoll: interval: 45m priority: 100 --- -# IBM FileNet Content Manager Standalone catalog. +# IBM FileNet Content Manager Standalone catalog for 5.6.0-IF001. apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/postdeploy.md.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/postdeploy.md.j2 index 9c527c843..f1eafff2e 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/postdeploy.md.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/postdeploy.md.j2 @@ -8,6 +8,7 @@ The following list specifies when you need to perform particular post-deployment - [IBM Content Navigator Edit Service](#ibm-content-navigator-edit-service) - When you want to use Edit Service feature. - [IBM Content Navigator for Microsoft Office](#ibm-content-navigator-for-microsoft-office) - When you want to use NMO feature. - [Business Automation Studio (BAS) (foundation pattern)](#business-automation-studio-bas-foundation-pattern) + - [Enable generative AI](#enable-generative-ai) - When you want to use Gen AI features. - [Deploy toolkits and configurators](#deploy-toolkits-and-configurators) - When you want to call ODM from Business Application using Automation Services. - [Business Automation Insights (BAI) (foundation pattern)](#business-automation-insights-bai-foundation-pattern) - [Configure Workforce insights](#configure-workforce-insights) - When you want to use Workforce Insights. @@ -74,6 +75,20 @@ Login with Enterprise LDAP with {{ lc_principal_admin_user }} / {{ lc_principal_ Based on https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=cpbaf-business-automation-studio +### Enable generative AI + +Based on https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=customizing-enabling-generative-ai + +Both secrets are already created for you with stubs. + +Perform the following tasks form the OpenSHift console. + +In Project {{ cp4ba_project_name }}, in Secret wfs-liberty-custom-xml-secret, search for *authData* and modify user and password with your real credentials + +In Project {{ cp4ba_project_name }}, in Secret wfs-lombardi-custom-xml-secret, search for *gen-ai-disabled* XML tag and modify its opening and ending name to only *gen-ai*. Also modify *project-id* and *provider-url* values with your real once. + +In Project {{ cp4ba_project_name }}, in Pods, search for *icp4adeploy-bastudio-deployment-0* and delete the pod to restart BAS. + ### Deploy toolkits and configurators Based on https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=reference-downloadable-toolkits diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index 9acf89a19..70d07b611 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -1,6 +1,6 @@ # Cloud Pak for Business Automation -Contains CP4BA version 24.0.0-IF002. +Contains CP4BA version 24.0.1. Contains IPM version 1.15.0-IF004. Contains RPA version 23.0.19. @@ -91,7 +91,7 @@ CP4BA capabilities are in purple color. More info for CP4BA capabilities is available in official docs at https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest. -More specifically in overview of patterns at https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=deployment-capabilities-production-deployments. +More specifically in overview of patterns at https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=deployment-capability-patterns-production-deployments. Pink color is used for CPFS dedicated capabilities. @@ -147,7 +147,7 @@ For your convenience the following post-deployment setup tasks have been automat - ODM - Roles assigned to users and groups. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.0?topic=access-managing-user-permissions - ADP - Organization in Git created. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.1?topic=processing-setting-up-remote-git-organization - ADP - Default project data loaded. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/22.0.1?topic=processing-loading-default-sample-data -- ADP - Git connection and CDD repo creation done. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=processing-setting-up-remote-git-organization +- ADP - Git connection and CDD repo creation done. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=processing-setting-up-remote-git-organization - ADP - More project DBs created (6 in total - accommodates 3 ADP projects). https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.0?topic=processing-creating-additional-project-databases - IER - Task Manager pod has TM_JOB_URL parameter set. - IER - Task manager set up with CPE JARs required by IER. @@ -155,8 +155,9 @@ For your convenience the following post-deployment setup tasks have been automat - FNCM - Enabled search result highlighting for Simple Search for FNCM (OS1), BAW (BAWTOS) and ADP (DEVOS1) objectstores. - BAW - tw_admins enhanced with LDAP admin groups. - BAW - tw_authors enhanced with LDAP user and admin groups. -- BAW - Created FileNet Subscription for ECM Content event in BAWTOS Object Store. https://www.ibm.com/docs/en/baw/latest?topic=events-using-event-handler-filenet-content-manager -- BAW - Enable Case History on FNCM Domain level as a prerequisite for Timeline Visualizer. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/latest?topic=widgets-timeline-visualizer +- BAW - Created FileNet Subscription for ECM Content event in BAWTOS Object Store. https://www.ibm.com/docs/en/baw/24.x?topic=events-using-event-handler-filenet-content-manager +- BAW - Enable Case History on FNCM Domain level as a prerequisite for Timeline Visualizer. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=widgets-timeline-visualizer +- Added stub configurations for watsonx.ai integration. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=customizing-enabling-generative-ai - BAI - extra flink task manager added for custom event processing. - RPA - Bot Developer permission added to administrative user. - IPM - Task mining related permissions added to admin user. From 4c4c4c4cb47f0c103afc594f821202a189941e8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Wed, 18 Dec 2024 10:45:29 +0100 Subject: [PATCH 35/45] IPM 2.0.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/pm/defaults/main.yml | 2 +- .../cp4ba/pm/templates/catalogsource.yaml.j2 | 4 ++-- docs/src/30-reference/configuration/cp4ba.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml index 2c4f4113d..c01a06b6d 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/defaults/main.yml @@ -3,7 +3,7 @@ pm_base_dir: "{{ generic_directory }}" pm_dir_name: pm pm_project_name: "" pm_operator_channel: v3.0 -pm_version: 1.15.0_IF004 +pm_version: 2.0.0 pm_storage_class_name: "" pm_universal_password: "" pm_postgresql_project: "" diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2 index 9ee8f7395..2aef611b5 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/templates/catalogsource.yaml.j2 @@ -1,4 +1,4 @@ -# case 3.3.5 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-process-mining +# case 3.4.0 / https://github.com/IBM/cloud-pak/tree/master/repo/case/ibm-process-mining apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: @@ -8,7 +8,7 @@ spec: displayName: IBM ProcessMining Operators publisher: IBM sourceType: grpc - image: icr.io/cpopen/processmining-operator-catalog@sha256:255a03a3e51926cbefc08a6a2c7a68c72a5512152d013870534cd2c53cb0d466 + image: icr.io/cpopen/processmining-operator-catalog@sha256:3f921a21aab1d011e61fbdda50edc504486f3eee353bec568208f478909dfd17 updateStrategy: registryPoll: interval: 45m diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index 70d07b611..c35031514 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -1,7 +1,7 @@ # Cloud Pak for Business Automation Contains CP4BA version 24.0.1. -Contains IPM version 1.15.0-IF004. +Contains IPM version 2.0.0. Contains RPA version 23.0.19. - [Disclaimer ✋](#disclaimer-) From 7c3e21aab41abbc90205d344f1ba901e228b4b1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Wed, 18 Dec 2024 11:48:52 +0100 Subject: [PATCH 36/45] Fix CP4BA CS waiting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/cp4ba-core/tasks/predeploy.yml | 4 ++-- .../cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/predeploy.yml b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/predeploy.yml index 38ff77b08..36a0c7d1a 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/predeploy.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/tasks/predeploy.yml @@ -36,8 +36,8 @@ - ibm-cs-opensearch-catalog - ibm-cs-install-catalog-{{ cpfs_cs_version }} - bts-operator-{{ cpfs_bts_version }} - - ibm-iam-operator-catalog - - ibm-zen-operator-catalog + - ibm-iam-operator-catalog-{{ cpfs_iam_version }} + - ibm-zen-operator-catalog-{{ cpfs_zen_version }} - ibm-events-operator-catalog - cloud-native-postgresql-catalog - ibm-fncm-operator-catalog diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 index d6195f848..f90ed382f 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/catalogsource.yaml.j2 @@ -69,7 +69,7 @@ spec: apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: "ibm-cs-install-catalog-{{ cpfs_cs_version }}" + name: ibm-cs-install-catalog-v4-9-0 namespace: "{{ cp4ba_project_name }}" annotations: bedrock_catalogsource_priority: '1' @@ -87,7 +87,7 @@ spec: apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: "bts-operator-{{ cpfs_bts_version }}" + name: bts-operator-v3-35-1 namespace: "{{ cp4ba_project_name }}" annotations: bedrock_catalogsource_priority: '1' @@ -104,7 +104,7 @@ spec: apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: "ibm-iam-operator-catalog-{{ cpfs_iam_version }}" + name: ibm-iam-operator-catalog-4-8-0 namespace: "{{ cp4ba_project_name }}" annotations: bedrock_catalogsource_priority: '1' @@ -122,7 +122,7 @@ spec: apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: "ibm-zen-operator-catalog-{{ cpfs_zen_version }}" + name: ibm-zen-operator-catalog-6-0-4 namespace: "{{ cp4ba_project_name }}" annotations: bedrock_catalogsource_priority: '1' From b3b5cf11113da271e0c2029fd9c9a0b9bcca6239 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Thu, 19 Dec 2024 16:22:30 +0100 Subject: [PATCH 37/45] Hotfix for IPM ready determination MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/pm/tasks/install.yml | 31 +++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml index 523da4f4b..797741684 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml @@ -165,7 +165,8 @@ wait_timeout: 15 # Based on validate successful deployment by following https://www.ibm.com/docs/en/cloud-paks/1.0?topic=platform-how-validate-successful-installation -- name: Wait for ProcessMining to be Ready +# TODO waiting only for UIReady as Ready status is currently broken +- name: Wait for ProcessMining to be UIReady ansible.builtin.include_role: name: common tasks_from: wait-resource-condition @@ -174,10 +175,36 @@ common_resource_kind: ProcessMining common_resource_name: processmining common_resource_namespace: "{{ pm_project_name }}" - common_condition_name: Ready + common_condition_name: UIReady common_retries: 30 common_delay: 120 +# TODO waiting only for pods ready as Ready status is currently broken START +- name: Initialize loop variables + set_fact: + ready_pods: [] + retries: 30 + +- name: Query and check pods in a loop + until: ready_pods | length >= 10 + retries: "{{ retries }}" + delay: 30 + tasks: + - name: Query for IPM pods with label app.kubernetes.io/instance=processmining + k8s_info: + api_version: v1 + kind: Pod + label_selectors: + - app.kubernetes.io/instance=processmining + register: pod_query + + - name: Parse pod statuses + set_fact: + ready_pods: > + {{ pod_query.resources | \ + json_query('[?status.containerStatuses[0].ready == `true`].metadata.name') }} +# TODO waiting only for pods ready as Ready status is currently broken END + - name: Get OCP Apps domain ansible.builtin.include_role: name: common From dff7d30c52814917c233aa4968b9a8a3ed1d3c9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Fri, 20 Dec 2024 08:55:13 +0100 Subject: [PATCH 38/45] Hotfix for IPM ready determination MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/pm/tasks/install.yml | 32 ++++++------------- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml index 797741684..32c2da259 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/pm/tasks/install.yml @@ -180,29 +180,17 @@ common_delay: 120 # TODO waiting only for pods ready as Ready status is currently broken START -- name: Initialize loop variables - set_fact: - ready_pods: [] - retries: 30 - -- name: Query and check pods in a loop - until: ready_pods | length >= 10 - retries: "{{ retries }}" +- name: Query for IPM pods and wait for them + kubernetes.core.k8s_info: + api_version: v1 + kind: Pod + namespace: "{{ pm_project_name }}" + label_selectors: + - app.kubernetes.io/instance=processmining + register: pods + until: pods.resources | json_query('[?status.containerStatuses[0].ready == `true`].metadata.name') | length >= 10 + retries: 30 delay: 30 - tasks: - - name: Query for IPM pods with label app.kubernetes.io/instance=processmining - k8s_info: - api_version: v1 - kind: Pod - label_selectors: - - app.kubernetes.io/instance=processmining - register: pod_query - - - name: Parse pod statuses - set_fact: - ready_pods: > - {{ pod_query.resources | \ - json_query('[?status.containerStatuses[0].ready == `true`].metadata.name') }} # TODO waiting only for pods ready as Ready status is currently broken END - name: Get OCP Apps domain From 1dd693572e9aff369ce4874286b52c3337fa54e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Fri, 20 Dec 2024 11:51:51 +0100 Subject: [PATCH 39/45] Fix BAw AI auth Alias name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 index 53493c1d8..79e7d6457 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bawaut/bawaut-liberty-custom-xml-secret.yaml.j2 @@ -37,7 +37,7 @@ stringData: - + From a9e9bf76c143f8a18445830e96063da72e2531b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Mon, 6 Jan 2025 07:07:43 +0100 Subject: [PATCH 40/45] Fix variable typo for PG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/config/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml index 757b426d3..48f5afd10 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml @@ -33,7 +33,7 @@ - name: PostgreSQL config variable ansible.builtin.set_fact: - postgresql_enabled: "{{ true if _current_cp4ba_cluster.cp4ba.enabled or urrent_cp4ba_cluster.pm.enabled else false }}" + postgresql_enabled: "{{ true if _current_cp4ba_cluster.cp4ba.enabled or current_cp4ba_cluster.pm.enabled else false }}" - name: Openldap config variable ansible.builtin.set_fact: From 049cbcb54a798bf960ec1326a6057a2d12236654 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Mon, 6 Jan 2025 08:00:47 +0100 Subject: [PATCH 41/45] Increase wait time for CRDs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/common/tasks/wait-crd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/wait-crd.yml b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/wait-crd.yml index 6815d122f..17d7de556 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/wait-crd.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/common/tasks/wait-crd.yml @@ -14,7 +14,7 @@ name: "{{ common_crd_name }}" register: common_crd retries: 20 - delay: 2 + delay: 20 until: common_crd.resources and ('True' in common_crd | json_query(condition_query) | unique ) vars: condition_query: "resources[0].status.conditions[?type == 'Established'].status" From 08b27cad48cb31bd22d92d3c10bc04fc3f5bbf18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Tue, 7 Jan 2025 09:57:16 +0100 Subject: [PATCH 42/45] Fix variable typo for PG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/config/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml b/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml index 48f5afd10..5dc88d4c9 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/config/tasks/main.yml @@ -33,7 +33,7 @@ - name: PostgreSQL config variable ansible.builtin.set_fact: - postgresql_enabled: "{{ true if _current_cp4ba_cluster.cp4ba.enabled or current_cp4ba_cluster.pm.enabled else false }}" + postgresql_enabled: "{{ true if _current_cp4ba_cluster.cp4ba.enabled or _current_cp4ba_cluster.pm.enabled else false }}" - name: Openldap config variable ansible.builtin.set_fact: From 6251a9b57eb562b003eb29f8c010982b7adcdb8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Wed, 8 Jan 2025 16:50:48 +0100 Subject: [PATCH 43/45] Fix AKHQ truststore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../50-install-cloud-pak/cp4ba/akhq/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml b/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml index 38bfa9f57..56ecc83d2 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml +++ b/automation-roles/50-install-cloud-pak/cp4ba/akhq/tasks/install.yml @@ -37,13 +37,13 @@ container: openjdk-container command: | /bin/bash -c ' - keytool -printcert -rfc -sslserver iaf-system-kafka-bootstrap.{{ akhq_cp4ba_project_name }}.{{ apps_endpoint_domain }} > /tmp/cert.pem + keytool -printcert -rfc -sslserver iaf-system-kafka-bootstrap-{{ akhq_cp4ba_project_name }}.{{ apps_endpoint_domain }}:443 > /tmp/cert.pem keytool -importcert \ -file /tmp/cert.pem \ -alias iaf-ca \ -keystore /tmp/truststore.jks \ -storepass {{ akhq_universal_password }} \ - -noprompt + -noprompt \ -trustcacerts base64 -w 0 /tmp/truststore.jks ' From 0f5d291bdad7d282ae2a11a8ce261d2ef254c4fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Wed, 8 Jan 2025 16:52:52 +0100 Subject: [PATCH 44/45] Increase MSSQL memory limit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/mssql/templates/statefulsets.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 index 42100c196..354b66777 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/mssql/templates/statefulsets.yaml.j2 @@ -28,7 +28,7 @@ spec: memory: 2048Mi limits: cpu: 1000m - memory: 5120Mi + memory: 6144Mi startupProbe: tcpSocket: port: 1433 From 411a9849c6e28fb7a8d0a46d4f51e0a056effd11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Du=C5=A1ek?= Date: Wed, 8 Jan 2025 17:00:06 +0100 Subject: [PATCH 45/45] Enable BAW PAdmin audit log MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan Dušek --- .../cp4ba/cp4ba-core/templates/bas/cr.yaml.j2 | 2 ++ docs/src/30-reference/configuration/cp4ba.md | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bas/cr.yaml.j2 b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bas/cr.yaml.j2 index 227edc5c3..33e36bf30 100644 --- a/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bas/cr.yaml.j2 +++ b/automation-roles/50-install-cloud-pak/cp4ba/cp4ba-core/templates/bas/cr.yaml.j2 @@ -6,6 +6,8 @@ spec: type: postgresql name: basdb port: "5432" + audit_log: + enable: true playback_server: admin_user: "{{ lc_principal_admin_user }}" database: diff --git a/docs/src/30-reference/configuration/cp4ba.md b/docs/src/30-reference/configuration/cp4ba.md index c35031514..87058c57e 100644 --- a/docs/src/30-reference/configuration/cp4ba.md +++ b/docs/src/30-reference/configuration/cp4ba.md @@ -157,7 +157,8 @@ For your convenience the following post-deployment setup tasks have been automat - BAW - tw_authors enhanced with LDAP user and admin groups. - BAW - Created FileNet Subscription for ECM Content event in BAWTOS Object Store. https://www.ibm.com/docs/en/baw/24.x?topic=events-using-event-handler-filenet-content-manager - BAW - Enable Case History on FNCM Domain level as a prerequisite for Timeline Visualizer. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=widgets-timeline-visualizer -- Added stub configurations for watsonx.ai integration. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=customizing-enabling-generative-ai +- BAW - Added stub configurations for watsonx.ai integration. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=customizing-enabling-generative-ai +- BAW - Enabled Process Admin audit log. https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/24.0.1?topic=customizing-enabling-audit-log - BAI - extra flink task manager added for custom event processing. - RPA - Bot Developer permission added to administrative user. - IPM - Task mining related permissions added to admin user.