IBM Enterprise Records

Deploy IER

If IBM Enterprise Records is required, you should have already staged the image per the previous instructions in Staging.

Create the `ibm-ier-secret`

If deploying IER, create the following

kubectl create secret generic ibm-ier-secret \
--from-literal=appLoginUsername="cpadmin" \
--from-literal=appLoginPassword="Password" \
--from-literal=keystorePassword="p@ssw0rd" \
--from-literal=ltpaPassword="p@ssw0rd"

Create the config map `fncmdeploy-tm-custom-env`

This step is required when deploying IER to the cluster. Task Manager pods require the TM_JOB_URL env variable to point to the location of the IER plugin.

fncmdeploy-tm-custom-env.yaml
kind: ConfigMap
apiVersion: v1
metadata:
  name: fncmdeploy-tm-custom-env
  labels:
    app: fncmdeploy-tm-custom-env
data:
  TM_JOB_URL: "https://fncmdeploy-ier-svc:9443/EnterpriseRecordsPlugin/IERApplicationPlugin.jar"

In our case, the TM_JOB_URL referenced here needs to point to the internal service URL, not the external URL as it does not exist.

This is also a custom env variable for Task Manager that we will enable in the CR below.

Apply it to the cluster

kubectl apply -f fncmdeploy-tm-custom-env.yaml

Update the CR for Task Manager

In the filenet CR you used to deploy the cluster, make the following changes and additions:

Under the Task Manager application block in the CR add the custom_configmap to point to the config map we just created. Also make sure the security_roles_to_group_mapping are set to cpadmins and cpusers as these are the groups that exist in LDAP.

        custom_configmap:
         - name: fncmdeploy-tm-custom-env
           is_env: true
        # - name: <name of configmap>
        #   volume_path:  # optional

        ## All users/groups belong to one of three roles (Admin, User, or Auditor) that are specific to Task Manager.
        ## Each role takes a list of users/groups (e.g., groups: [taskAdmins, taskAdmins2]).  Refer to Knowledge Center documentation for details.
        security_roles_to_group_mapping:
          task_admins:
            groups: [cpadmins]
            users: []
          task_users:
            groups: [cpusers]
            users: []
          task_auditors:
            groups: [cpadmins]
            users: []

Updating CR for IER deployment

In the filenet CR you used to deploy the cluster, make the following changes and additions:

  content_optional_components:
    cpe: true
    graphql: true
    cmis: false
    css: false
    es: false
    tm: true
    ban: true
    ier: true

After the navigator_configuration entry in the CR, add the following section

  ier_configuration:
    arch:
      amd64: "3 - Most preferred"
    replica_count: 2
    ier_ext_tls_secret_name:
    ier_auth_ca_secret_name:
    image:
      # This should point to whatever repo you staged the image in. Leave this as default if using IBM's registry
      repository: cp.icr.io/cp/cp4a/ier/ier
      tag: ga-5218-ier-if005
      pull_policy: IfNotPresent
      # This NEEDS to be set to the correct secret name. Make sure it's the one you created above.
    ier_secret_name: ibm-ier-secret
    log:
      format: json
    resources:
      requests:
        cpu: 500m
        memory: 512Mi
      limits:
        cpu: 1
        memory: 1024Mi
    auto_scaling:
      enabled: false
      max_replicas: 3
      min_replicas: 1
      target_cpu_utilization_percentage: 80
    ier_production_setting:
      license: accept
    collectd_enable_plugin_write_graphite: false
    run_as_user: 
    datavolume:
      existing_pvc_for_ier_instance: ""
    probe:
      readiness:
        initial_delay_seconds: 120
        period_seconds: 5
        timeout_seconds: 10
        failure_threshold: 6
      liveness:
        initial_delay_seconds: 600
        period_seconds: 5
        timeout_seconds: 5
        failure_threshold: 6

Uploading config jars to the Task Manager pod

Before we apply the modified CR, let's prepare the Task Manager pod.

The following files are required for the Task Manager pod:

The above files and how to get them are referenced here, but we've included them in our repo.

Retrieve the name of your existing Task Manager pod

kubectl get pods | grep tm-deploy
fncmdeploy-tm-deploy-9db6b7f7f-6zzjb          1/1     Running   0          5d20h

Push the jars downloaded above to the configDropins/overrides directory on the Task Manager pod.

kubectl cp Jace.jar fncmdeploy-tm-deploy-9db6b7f7f-6zzjb:configDropins/overrides
kubectl cp pe.jar fncmdeploy-tm-deploy-9db6b7f7f-6zzjb:configDropins/overrides
kubectl cp peResources.jar fncmdeploy-tm-deploy-9db6b7f7f-6zzjb:configDropins/overrides

Push up the TM-Liberty.xml file to configDropins/overrides

kubectl cp TM-Liberty.xml fncmdeploy-tm-deploy-9db6b7f7f-6zzjb:configDropins/overrides

Apply the CR

kubectl apply -f ibm_fncm_cr_production.yaml

Wait for about five minutes or so and then check to see if the pod has spun up.

kubectl get pods
NAME                                          READY   STATUS    RESTARTS   AGE
fncmdeploy-cmis-deploy-654774fd5f-5xtnr       1/1     Running   0          6d6h
fncmdeploy-cpe-deploy-7d7dbffc94-n86tt        1/1     Running   0          3d9h
fncmdeploy-css-deploy-1-66bbd484b-qzrl9       1/1     Running   0          6d7h
fncmdeploy-es-deploy-58f9659b8b-klmjh         1/1     Running   0          6d6h
fncmdeploy-graphql-deploy-775766b99d-cx899    1/1     Running   0          6d6h
fncmdeploy-ier-deploy-6f7465cd5d-sxp9d        1/1     Running   0          7h55m
fncmdeploy-navigator-deploy-58b9c95c4-k9gx7   1/1     Running   0          157m
fncmdeploy-tm-deploy-7d4fd64759-x28qw         1/1     Running   0          6d6h
ibm-fncm-operator-748884b478-qkd4f            1/1     Running   0          4d2h
postgres-759fd876ff-d5fxd                     1/1     Running   0          6d9h

IER Configuration

IBM Enterprise Records (IER) works in conjunction with FileNet Content Manager to provide the foundation for an enterprise compliance platform. Below diagram is a presentation how the content in FileNet Content Manager and the record objects work together.

Design

On the left side is a folder in FileNet Content Manager that is in a record-enabled FileNet object store. On the right side is a special object store that contains the record objects. This is called a File Plan Object Store.

Create the following objects stores and configure them as mentioned. These are the prerequisite for IER Functaionality to work correctly.

ROS - Object Store

Configure connection points for ROS. Below is a screenshot for reference

ROS

FPOS - Object Store

Validate the FPOS object store is created:

FPOS

In the acce console create a CodeModules folder:

CodeModule

IER Task Manager Setup Configuration

Configuring Task Manager for IER in ICN - In the systems content navigator administration interface go to the settings node:

TMSetting

Scroll down in the general tab under settings to Task Manager configuration and fill in the following:

Enable the task manager service
Enter the task manager url
- This is the URL uing which other applications can comunicate with TM
- e.g. - http or https ://ServerName:Portnumber/taskManagerWeb/api/V1.
  - ServerName =
    - ServiceName if the IER pod is in the same namespace
    - ServiceName.Namespace if the IER pod is in another namespace
Specify the log diretcory

TMConfig

Add the TM_JOB_URL environment variable to the Task Manager deployment: Task Manager in Container

IER Configuration on ICN

AddPlugin

Add JAR file path and hit load. It will look like this:

ICNPLUGIN

Save and Close. Edit the added plugin and scroll down. You will see the file plan repository like this and select Connect and then Click on the FPOS:

ICNFILEPLANREPO

Create a desktop IER and select repository FPOS.

Navigate to Repository Tab (General -> Authentication -> Repository) and add FPOS and ROS like it is shown below: ICNREPO

Login to IER desk top and navigate to administration. IER desk top will be visible under desktops and FPOS repository would be visible under Repositories

IER desk top will have the options shown below:

IERDESKTOP

Create a custom menu - Copy Document Context Menu and add the IER option as shown below: CUSTOMMENU Add the menu to the desktop where IER functionality is exceted. Below is the image where you can add the custom menu created on above step: CUSTOMMENU1

Profile Creation

Prerequsites :

1.File Plan Object Store is created

2.Record Object Store is created

3.Connection Point for IER is created

To start Configuration Manager use below commands . ier_install_path is the location where IBM Enterprise Record is installed.

Windows
macOS/Linux

ier_install_path\configure\configmgr.exe

./ier_install_path/configure/configmgr

Follow below steps for profile creation . Do a Save and Run Task for each of those.

Create a profile:

Createprofile

Create Marking Sets and Add-ons:

Markingset

Configure File Plan Object Store:

ConfigFPOS

Configure Record Object Store:

ConfigROS

Configure Workflows:

Configworkflows

Transfer Workflows:

Transferworkflows

Configure Content Engine Sweep:

Contentengsweep

Upon Successful Completion the tasks would show like this in task view:

Taskcomplete

Appendix

Applying fix for IER

info

As of 23.0.x release of CP4BA, the following bug was introduced into IBM FileNet Content Manager:

When trying to access the IBM Enterprise Records desktop, an error message says that you cannot connect to the web client. The log also shows that an exception was thrown "java.lang.NoClassDefFoundError: org.apache.xerces.xni.parser.XMLEntityResolver".

Cause: After moving to Java 11, IERApplicationPlugin.jar is unable to resolve the path to XercesImpl.jar in the ICN container.

Tracked in this link

The following instructions handle addressing this missing jar file.

We have included the required files here.

Keep in mind that future releases of CP4BA and FileNet may not require this fix to be applied. This is currently only applicable to 23.0.1.

Determine the navigator pod with the following command:

kubectl get pods
NAME                                          READY   STATUS    RESTARTS   AGE
fncmdeploy-cmis-deploy-654774fd5f-5xtnr       1/1     Running   0          12d
fncmdeploy-cpe-deploy-7d7dbffc94-n86tt        1/1     Running   0          9d
fncmdeploy-css-deploy-1-66bbd484b-qzrl9       1/1     Running   0          12d
fncmdeploy-es-deploy-58f9659b8b-klmjh         1/1     Running   0          12d
fncmdeploy-graphql-deploy-775766b99d-cx899    1/1     Running   0          12d
fncmdeploy-ier-deploy-6f7465cd5d-sxp9d        1/1     Running   0          6d8h
fncmdeploy-navigator-deploy-58b9c95c4-kt6jc   1/1     Running   0          3d9h
fncmdeploy-tm-deploy-7d4fd64759-x28qw         1/1     Running   0          12d
ibm-fncm-operator-748884b478-qkd4f            1/1     Running   0          10d
postgres-759fd876ff-d5fxd                     1/1     Running   0          12d

Create the ier-jars subdirectory on the navigator pod:

kubectl exec -it fncmdeploy-navigator-deploy-58b9c95c4-kt6jc -- mkdir configDropins/overrides/ier-jars

Upload the ier-library.xml and the xercesImpl-2.12.2.jar to that subdirectory on the navigator pod.

kubectl cp ier-library.xml fncmdeploy-navigator-deploy-58b9c95c4-kt6jc:configDropins/overrides/
kubectl cp xercesImpl-2.12.2.jar fncmdeploy-navigator-deploy-58b9c95c4-kt6jc:configDropins/overrides/ier-jars/xercesImpl.jar

Scale the navigator deployment down and up. If your replicas are more that 1, scale appropriately.

kubectl scale deploy fncmdeploy-navigator-deploy --replicas=0
kubectl scale deploy fncmdeploy-navigator-deploy --replicas=1

Deploy IER​

Create the ibm-ier-secret​

Create the config map fncmdeploy-tm-custom-env​

Update the CR for Task Manager​

Updating CR for IER deployment​

Uploading config jars to the Task Manager pod​

Apply the CR​

IER Configuration​

Profile Creation​

Appendix​

Applying fix for IER​