Updating containers when using default certificates
Updating the container configuration parameters when using default certificates.
Before you begin:
Modify the certificates as explained in the following procedure:
- Access the server container.
- Open the localopts file and check the certificates path in
the following
section:
SSL key ="/home/wauser/wadata/FTAcert/TWSClient.key" SSL certificate ="/home/wauser/wadata/FTAcert/TWSClient.cer" SSL key pwd ="/home/wauser/wadata/FTAcert/password.sth" SSL CA certificate ="/home/wauser/wadata/FTAcert/TWSTrustCertificates.cer" SSL random seed ="/home/wauser/wadata/FTAcert/TWS.rnd"
- Exit the server container.
- Copy all the certificates in a local directory by launching the following
command:
docker cp
. - Rename the certificates as
follows:
tls.key tls.crt tls.sth ca.crt tls.rnd
- Ensure that in the docker compose.yaml file you have the following parameters
for server, console, and agent
components:
whereSSL_PASSWORD= default SSL_KEY_FOLDER= <cert_directory>
<cert_directory> is the path of the directory where you saved the certificates.
- Modify the volume
<path_on_host_containing_certs>:/opt/wautils/certs
with the path of the directory that contains your certificates at the place of
<path_on_host_containing_certs>
.
About this task:
To change the container configuration parameters or to obtain the latest version of a container, an update is required.
Complete the following procedure to update a Docker container:
- Contact your HCL sales representative for the login details required to access the HCL Entitled Registry
- Run the following command to log into the HCL Entitled
Registry:
The console image is named hclcr.io/wa/hcl-workload-automation-console:<release_name>docker login -u <your_username> -p <your_entitled_key> hclcr.io
- Run the following command to log into the HCL Entitled Registry:
docker login -u <your_username> -p <your_entitled_key> hclcr.io
- Manually update the compose file by modifying the image name if docker-compose does not reference the version to which you want to update.
- Launch the "
docker-compose up -d
" command.
Note:
- Launching the "
docker-compose up -d
" command, the container is restarted and the database schema is automatically updated. If you are planning to update both the HCL Workload Automation server MDM and BKM, ensure that you run the command for one component at a time. To avoid database conflicts, start the second component only when the first component has completed successfully. - In a Docker environment, if your server component uses a timezone different
from the default timezone, then to avoid problems with the FINAL job stream,
you must update MAKEPLAN within the
DOCOMMAND, specifying the
timezone parameter and value. For example, if you
are using the America/Los Angeles timezone, then it must be specified as
follows:
$JOBS WA_WA-SERVER_XA#MAKEPLAN DOCOMMAND "TODAY_DATE=`${UNISONHOME}/bin/datecalc today pic YYYYMMDD`; ${UNISONHOME}/MakePlan -to `${UNISONHOME}/bin/datecalc ${TODAY_DATE}070 0 + 1 day + 2 hours pic MM/DD/YYYY^HHTT` timezone America/Los_Angeles" STREAMLOGON wauser DESCRIPTION "Added by composer." TASKTYPE OTHER SUCCOUTPUTCOND CONDSUCC "(RC=0) OR (RC=4)" RECOVERY STOP
Only the following parameters can be modified with the update:
- DB_TYPE
- DB_HOSTNAME
- DB_PORT
- DB_NAME
- DB_TS_NAME
- DB_TS_PATH
- DB_LOG_TS_NAME
- DB_LOG_TS_PATH
- DB_PLAN_TS_NAME
- DB_PLAN_TS_PATH
- DB_TEMP_TS_NAME
- DB_SBSPACE
- DB_USER
- DB_ADMIN_USER
- DB_SSL_CONNECTION
- WA_PASSWORD
- DB_ADMIN_PASSWORD
- DB_PASSWORD
- SSL_KEY_FOLDER
- SSL_PASSWORD
Note: If your environment
is at Version 9.5 Fix Pack 4 or later, and you want to upgrade to Version 10.1 or later
enabling SSL on the dynamic domain manager
at the same time, perform the steps listed in Upgrading your dynamic domain manager in SSL mode.