Updating containers when using default certificates

Updating the container configuration parameters when using default certificates.

Before you begin:

Modify the certificates as explained in the following procedure:
  1. Access the server container.
  2. Open the localopts file and check the certificates path in the following section:
    SSL key   ="/home/wauser/wadata/FTAcert/TWSClient.key"
    SSL certificate  ="/home/wauser/wadata/FTAcert/TWSClient.cer"
    SSL key pwd  ="/home/wauser/wadata/FTAcert/password.sth"
    SSL CA certificate  ="/home/wauser/wadata/FTAcert/TWSTrustCertificates.cer"
    SSL random seed  ="/home/wauser/wadata/FTAcert/TWS.rnd"
  3. Exit the server container.
  4. Copy all the certificates in a local directory by launching the following command: docker cp.
  5. Rename the certificates as follows:
    tls.key
    tls.crt
    tls.sth
    ca.crt
    tls.rnd
  6. Ensure that in the docker compose.yaml file you have the following parameters for server, console, and agent components:
    SSL_PASSWORD= default
    SSL_KEY_FOLDER= <cert_directory>
    where

    <cert_directory> is the path of the directory where you saved the certificates.

  7. Modify the volume <path_on_host_containing_certs>:/opt/wautils/certs with the path of the directory that contains your certificates at the place of <path_on_host_containing_certs>.

About this task:

To change the container configuration parameters or to obtain the latest version of a container, an update is required.

Complete the following procedure to update a Docker container:
  1. Contact your HCL sales representative for the login details required to access the HCL Entitled Registry
  2. Run the following command to log into the HCL Entitled Registry:
    docker login -u <your_username> -p <your_entitled_key> hclcr.io
    The console image is named hclcr.io/wa/hcl-workload-automation-console:<release_name>
  3. Run the following command to log into the HCL Entitled Registry:
    docker login -u <your_username> -p <your_entitled_key> hclcr.io
  4. Manually update the compose file by modifying the image name if docker-compose does not reference the version to which you want to update.
  5. Launch the "docker-compose up -d" command.
Note:
  • Launching the "docker-compose up -d" command, the container is restarted and the database schema is automatically updated. If you are planning to update both the HCL Workload Automation server MDM and BKM, ensure that you run the command for one component at a time. To avoid database conflicts, start the second component only when the first component has completed successfully.
  • In a Docker environment, if your server component uses a timezone different from the default timezone, then to avoid problems with the FINAL job stream, you must update MAKEPLAN within the DOCOMMAND, specifying the timezone parameter and value. For example, if you are using the America/Los Angeles timezone, then it must be specified as follows:
    $JOBS
    
    WA_WA-SERVER_XA#MAKEPLAN
    DOCOMMAND "TODAY_DATE=`${UNISONHOME}/bin/datecalc today pic YYYYMMDD`; ${UNISONHOME}/MakePlan -to `${UNISONHOME}/bin/datecalc ${TODAY_DATE}070
    0 + 1 day + 2 hours pic MM/DD/YYYY^HHTT` timezone America/Los_Angeles"
    STREAMLOGON wauser
    DESCRIPTION "Added by composer."
    TASKTYPE OTHER
    SUCCOUTPUTCOND CONDSUCC "(RC=0) OR (RC=4)"
    RECOVERY STOP
Only the following parameters can be modified with the update:
  • DB_TYPE
  • DB_HOSTNAME
  • DB_PORT
  • DB_NAME
  • DB_TS_NAME
  • DB_TS_PATH
  • DB_LOG_TS_NAME
  • DB_LOG_TS_PATH
  • DB_PLAN_TS_NAME
  • DB_PLAN_TS_PATH
  • DB_TEMP_TS_NAME
  • DB_SBSPACE
  • DB_USER
  • DB_ADMIN_USER
  • DB_SSL_CONNECTION
  • WA_PASSWORD
  • DB_ADMIN_PASSWORD
  • DB_PASSWORD
  • SSL_KEY_FOLDER
  • SSL_PASSWORD
Note: If your environment is at Version 9.5 Fix Pack 4 or later, and you want to upgrade to Version 10.1 or later enabling SSL on the dynamic domain manager at the same time, perform the steps listed in Upgrading your dynamic domain manager in SSL mode.