diff --git a/docs/3-Create/Deploy/ier.mdx b/docs/3-Create/Deploy/ier.mdx index b595100a..2f3e40d6 100644 --- a/docs/3-Create/Deploy/ier.mdx +++ b/docs/3-Create/Deploy/ier.mdx @@ -18,6 +18,64 @@ kubectl create secret generic ibm-ier-secret \ --from-literal=keystorePassword="p@ssw0rd" \ --from-literal=ltpaPassword="p@ssw0rd" ``` + +### Create the config map `fncmdeploy-tm-custom-env` + +This step is required when deploying IER to the cluster. Task Manager pods require the `TM_JOB_URL` env variable to point to the location of the IER plugin. + +`fncmdeploy-tm-custom-env.yaml` +```tsx +kind: ConfigMap +apiVersion: v1 +metadata: + name: fncmdeploy-tm-custom-env + labels: + app: fncmdeploy-tm-custom-env +data: + TM_JOB_URL: "https://fncmdeploy-ier-svc:9443/EnterpriseRecordsPlugin/IERApplicationPlugin.jar" +``` +In our case, the TM_JOB_URL referenced [here](https://www.ibm.com/docs/en/enterprise-records/5.2.1?topic=in-configuring-content-navigator-task-manager-enterprise-records#frmco011__1) +needs to point to the internal service URL, not the external URL as it does not exist. + +This is also a custom env variable for Task Manager that we will enable in the CR below. + +Apply it to the cluster +```bash +kubectl apply -f fncmdeploy-tm-custom-env.yaml +``` + +### Update the CR for Task Manager + +In the filenet CR you used to deploy the cluster, make the following changes and additions: + +Under the Task Manager application block in the CR add the `custom_configmap` to point to the config map we just created. Also make sure the `security_roles_to_group_mapping` are set to `cpadmins` and `cpusers` as these are the groups that exist in LDAP. + +```tsx + // highlight-start + custom_configmap: + - name: fncmdeploy-tm-custom-env + is_env: true + // highlight-end + # - name: + # volume_path: # optional + + ## All users/groups belong to one of three roles (Admin, User, or Auditor) that are specific to Task Manager. + ## Each role takes a list of users/groups (e.g., groups: [taskAdmins, taskAdmins2]). Refer to Knowledge Center documentation for details. + security_roles_to_group_mapping: + task_admins: + // highlight-next-line + groups: [cpadmins] + users: [] + task_users: + // highlight-next-line + groups: [cpusers] + users: [] + task_auditors: + // highlight-next-line + groups: [cpadmins] + users: [] +``` + ### Updating CR for IER deployment In the filenet CR you used to deploy the cluster, make the following changes and additions: @@ -28,7 +86,7 @@ In the filenet CR you used to deploy the cluster, make the following changes and cmis: false css: false es: false - tm: false + tm: true ban: true // highlight-start ier: true @@ -87,6 +145,41 @@ After the `navigator_configuration` entry in the CR, add the following section failure_threshold: 6 ``` +### Uploading config jars to the Task Manager pod + +Before we apply the modified CR, let's prepare the Task Manager pod. + +The following files are required for the Task Manager pod: +- [`Jace.jar`](/deployment_files/IER_config/Jace.jar) +- [`pe.jar`](/deployment_files/IER_config/pe.jar) +- [`peResources.jar`](/deployment_files/IER_config/peResources.jar) +- [`TM-Liberty.xml`](/deployment_files/IER_config/TM-Liberty.xml) + +The above files and how to get them are referenced [here](https://www.ibm.com/docs/en/enterprise-records/5.2.1?topic=in-configuring-content-navigator-task-manager-enterprise-records#frmco011__1), but we've included them in our repo. + +Retrieve the name of your existing Task Manager pod + +```tsx +kubectl get pods | grep tm-deploy +//highlight-next-line +fncmdeploy-tm-deploy-9db6b7f7f-6zzjb 1/1 Running 0 5d20h +``` + +Push the jars downloaded above to the `configDropins/overrides` directory on the Task Manager pod. + +```tsx +kubectl cp Jace.jar fncmdeploy-tm-deploy-9db6b7f7f-6zzjb:configDropins/overrides +kubectl cp pe.jar fncmdeploy-tm-deploy-9db6b7f7f-6zzjb:configDropins/overrides +kubectl cp peResources.jar fncmdeploy-tm-deploy-9db6b7f7f-6zzjb:configDropins/overrides +``` + +Push up the `TM-Liberty.xml` file to `configDropins/overrides` +```tsx +kubectl cp TM-Liberty.xml fncmdeploy-tm-deploy-9db6b7f7f-6zzjb:configDropins/overrides +``` + + + ### Apply the CR ```bash @@ -110,8 +203,8 @@ fncmdeploy-navigator-deploy-58b9c95c4-k9gx7 1/1 Running 0 157m fncmdeploy-tm-deploy-7d4fd64759-x28qw 1/1 Running 0 6d6h ibm-fncm-operator-748884b478-qkd4f 1/1 Running 0 4d2h postgres-759fd876ff-d5fxd 1/1 Running 0 6d9h - ``` + ## IER Configuration Please make sure below object stores are created and required configurations are in place @@ -367,4 +460,4 @@ Scale the navigator deployment down and up. If your replicas are more that 1, sc ```tsx kubectl scale deploy fncmdeploy-navigator-deploy --replicas=0 kubectl scale deploy fncmdeploy-navigator-deploy --replicas=1 -``` +``` \ No newline at end of file diff --git a/docs/3-Create/Deploy/operator.mdx b/docs/3-Create/Deploy/operator.mdx index 1208df00..362882c4 100644 --- a/docs/3-Create/Deploy/operator.mdx +++ b/docs/3-Create/Deploy/operator.mdx @@ -135,6 +135,7 @@ kubectl create secret generic ibm-ban-secret \ --from-literal=jMailPassword="{xor}GDoxNiosbg==" ``` +### Create the `ldap-bind-secret` Create a secret in the filenet namespace for the ldap-bind secret `ldap_secrets.yaml` @@ -708,13 +709,13 @@ spec: license: accept security_roles_to_group_mapping: task_admins: - groups: [taskAdmins] + groups: [cpadmin] users: [] task_users: - groups: [taskUsers] + groups: [cpusers] users: [] task_auditors: - groups: [taskAuditors] + groups: [cpadmin] users: [] monitor_enabled: false logging_enabled: false diff --git a/docs/3-Create/Deploy/postgres.mdx b/docs/3-Create/Deploy/postgres.mdx index 09ae02e7..24fb37bc 100644 --- a/docs/3-Create/Deploy/postgres.mdx +++ b/docs/3-Create/Deploy/postgres.mdx @@ -208,7 +208,7 @@ For this deployment, we will be creating the following databases: - `gcddb` - `icndb` -And one single object store for now +Initial Object Store database - `osdb` @@ -252,9 +252,75 @@ CREATE TABLESPACE osdb_tbs OWNER ceuser LOCATION '/pgsqldata/osdb'; GRANT CREATE ON TABLESPACE osdb_tbs TO ceuser; ``` +## IER Databases and Object Stores + +For IER support, we will be creating the following databases: +- `fposdb` - File Plan Object Store +- `rosdb` - Record Object Store + +In this instance we will also be creating two extra table spaces for `rosdb` for the indexarea and workflows. + +### Create the tablespace directories + +Retrieve the postgres pod id with this command: +```tsx +kubectl get pods | grep postgres + +// highlight-next-line +postgres-759fd876ff-d5fxd 1/1 Running 0 6d10h +``` +Connect to the postgres pod and create the tablespace directories for `fposdb` and `rosdb`. This will also include the paths for the indexarea and workflows for `rosdb`. + +```tsx +kubectl exec -it postgres-759fd876ff-d5fxd -- mkdir /pgsqldata/fposdb /pgsqldata/rosdb /pgsqldata/rosdbwf /pgsqldata/rosdbidx +kubectl exec -it postgres-759fd876ff-d5fxd -- chmod 700 /pgsqldata/fposdb /pgsqldata/rosdb /pgsqldata/rosdbwf /pgsqldata/rosdbidx +``` + +### Create the IER object store databases + +Connect to `defaultdb`. Our password will be `p@ssw0rd`. + +```tsx +kubectl exec -it postgres-759fd876ff-d5fxd -- psql -h localhost -U admin --password -p 5432 defaultdb +``` + +Create the databases. Each `\connect` statement will require the `p@ssw0rd` password. + +```tsx +CREATE DATABASE fposdb OWNER ceuser TEMPLATE template0 ENCODING UTF8; +GRANT ALL ON DATABASE fposdb TO ceuser; +REVOKE CONNECT ON DATABASE fposdb FROM public; + +// highlight-next-line +\connect fposdb +CREATE TABLESPACE fposdb_tbs OWNER ceuser LOCATION '/pgsqldata/fposdb'; +GRANT CREATE ON TABLESPACE fposdb_tbs TO ceuser; + +CREATE DATABASE rosdb OWNER ceuser TEMPLATE template0 ENCODING UTF8; +GRANT ALL ON DATABASE rosdb TO ceuser; +REVOKE CONNECT ON DATABASE rosdb FROM public; + +// highlight-next-line +\connect rosdb +CREATE TABLESPACE rosdb_tbs OWNER ceuser LOCATION '/pgsqldata/rosdb'; +GRANT CREATE ON TABLESPACE rosdb_tbs TO ceuser; +``` + +We will also now create the tablespaces in `rosdb` for the index area and workflows + +```tsx +// highlight-start +CREATE TABLESPACE rosdbwf_tbs OWNER ceuser LOCATION '/pgsqldata/rosdbwf'; +CREATE TABLESPACE rosdbidx_tbs OWNER ceuser LOCATION '/pgsqldata/rosdbidx'; +GRANT CREATE ON TABLESPACE rosdbwf_tbs TO ceuser; +GRANT CREATE ON TABLESPACE rosdbidx_tbs TO ceuser; +// highlight-end + +``` + ## Appendix -### Adding Object Store Databases +### Adding Other Object Store Databases :::note This presumes you already have completed the above steps @@ -266,10 +332,6 @@ Extra object stores - `os2db` - `os3db` -FilePlan Object Store and Record Object Store for IER -- `fposdb` -- `rosb` - #### Creating the tablespace directories in postgres pod Determine the name of your postgres pod by first making sure we're in the right namespace: @@ -285,8 +347,8 @@ postgres-759fd876ff-d5fxd 1/1 Running 0 7d22h Now create the tablespace folders on the pod. These will be living in the PVC storage: ```tsx -kubectl exec -it postgres-759fd876ff-d5fxd -- mkdir /pgsqldata/fposdb /pgsqldata/rosdb /pgsqldata/os2db /pgsqldata/os3db -kubectl exec -it postgres-759fd876ff-d5fxd -- chmod 700 /pgsqldata/fposdb /pgsqldata/rosdb /pgsqldata/os2db /pgsqldata/os3db +kubectl exec -it postgres-759fd876ff-d5fxd -- mkdir /pgsqldata/os2db /pgsqldata/os3db +kubectl exec -it postgres-759fd876ff-d5fxd -- chmod 700 /pgsqldata/os2db /pgsqldata/os3db ``` #### Create the databases @@ -296,6 +358,7 @@ Connect to `defaultdb`. Our password will be `p@ssw0rd`. ```tsx kubectl exec -it postgres-759fd876ff-d5fxd -- psql -h localhost -U admin --password -p 5432 defaultdb ``` +Now create the databases Create each database listed above. When you run the `\connect` command, it will query you for the password. It will still be `p@ssw0rd`. @@ -319,23 +382,4 @@ REVOKE CONNECT ON DATABASE os3db FROM public; \connect os3db CREATE TABLESPACE os3db_tbs OWNER ceuser LOCATION '/pgsqldata/os3db'; GRANT CREATE ON TABLESPACE os3db_tbs TO ceuser; - -CREATE DATABASE fposdb OWNER ceuser TEMPLATE template0 ENCODING UTF8; -GRANT ALL ON DATABASE fposdb TO ceuser; -REVOKE CONNECT ON DATABASE fposdb FROM public; - -// highlight-next-line -\connect fposdb -CREATE TABLESPACE fposdb_tbs OWNER ceuser LOCATION '/pgsqldata/fposdb'; -GRANT CREATE ON TABLESPACE fposdb_tbs TO ceuser; - -CREATE DATABASE rosdb OWNER ceuser TEMPLATE template0 ENCODING UTF8; -GRANT ALL ON DATABASE rosdb TO ceuser; -REVOKE CONNECT ON DATABASE rosdb FROM public; - -// highlight-next-line -\connect rosdb -CREATE TABLESPACE rosdb_tbs OWNER ceuser LOCATION '/pgsqldata/rosdb'; -GRANT CREATE ON TABLESPACE rosdb_tbs TO ceuser; - -``` \ No newline at end of file +``` diff --git a/static/deployment_files/IER_config/Common.zip b/static/deployment_files/IER_config/Common.zip new file mode 100644 index 00000000..edc130df Binary files /dev/null and b/static/deployment_files/IER_config/Common.zip differ diff --git a/static/deployment_files/IER_config/Jace.jar b/static/deployment_files/IER_config/Jace.jar new file mode 100644 index 00000000..728462ea Binary files /dev/null and b/static/deployment_files/IER_config/Jace.jar differ diff --git a/static/deployment_files/IER_config/TM-Liberty.xml b/static/deployment_files/IER_config/TM-Liberty.xml new file mode 100644 index 00000000..f8c1d77c --- /dev/null +++ b/static/deployment_files/IER_config/TM-Liberty.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/static/deployment_files/IER_config/pe.jar b/static/deployment_files/IER_config/pe.jar new file mode 100644 index 00000000..792b852e Binary files /dev/null and b/static/deployment_files/IER_config/pe.jar differ diff --git a/static/deployment_files/IER_config/peResources.jar b/static/deployment_files/IER_config/peResources.jar new file mode 100644 index 00000000..6c6cf41a Binary files /dev/null and b/static/deployment_files/IER_config/peResources.jar differ diff --git a/static/deployment_files/ibm_fncm_cr_production-5.5.11.yaml b/static/deployment_files/ibm_fncm_cr_production-5.5.11.yaml index 260bd214..dcbf4e48 100644 --- a/static/deployment_files/ibm_fncm_cr_production-5.5.11.yaml +++ b/static/deployment_files/ibm_fncm_cr_production-5.5.11.yaml @@ -42,7 +42,7 @@ spec: cmis: false css: false es: false - tm: false + tm: true ban: true ier: true @@ -1334,23 +1334,23 @@ spec: ## The volume_path is optional for a configmap that holds files as its data and if it's not specified, ## then the files will be mounted to the overrides directory. If the configmap data holds environment variables ## then is_env is required and set it to true. - #custom_configmap: + custom_configmap: + - name: fncmdeploy-tm-custom-env + is_env: true # - name: # volume_path: # optional - # - name: - # is_env: # required if the configmap holds environment variables. ## All users/groups belong to one of three roles (Admin, User, or Auditor) that are specific to Task Manager. ## Each role takes a list of users/groups (e.g., groups: [taskAdmins, taskAdmins2]). Refer to Knowledge Center documentation for details. security_roles_to_group_mapping: task_admins: - groups: [taskAdmins] + groups: [cpadmins] users: [] task_users: - groups: [taskUsers] + groups: [cpusers] users: [] task_auditors: - groups: [taskAuditors] + groups: [cpadmins] users: [] ## Enable/disable monitoring where metrics can be sent to Graphite or scraped by Prometheus