Configuring the Dynamic Workload Console to connect to an HCL Universal Orchestrator engine

You can connect an on-premises Dynamic Workload Console V10.2.3 or later to an HCL Universal Orchestrator engine by performing the steps described in this topic. There are three different procedures:
Connecting an already installed Dynamic Workload Console to an HCL Universal Orchestrator engine
  1. From the directory in which the Dynamic Workload Console is installed, browse to the configDropins/templates folder, copy the jwtsso.xml file and paste it into the configDropins/overrides directory without changing any parameter.
  2. Create a file named unoca.crt in a directory of the virtual machine that hosts the Dynamic Workload Console.
  3. From the secret that has been deployed by HCL Universal Orchestrator, extract the ca.crt file and paste it into the unoca.crt file.
  4. Import the certificate by running the following command:
    keytool -importcert -file unoca.crt -alias uno -keystore /<dwc_data>/usr/servers/dwcServer/resources/security/TWSServerTrustFile.p12
  5. Export the server certificate from the Dynamic Workload Console by running the following command:
    keytool -export -keystore /<dwc_data>/usr/servers/dwcServer/resources/security/TWSServerKeyFile.p12 -alias server -file tls_dwc.pem -rfc
    Note: Check the extracted certificate and verify that no ^Ms is present in the file. If any ^Ms is present, remove it by running the following command:
    sed ‘s/\r//’ tls_dwc.pem > tws_dwc_clear.crt
  6. Copy the extracted certificate and create a secret in the namespace that hosts the HCL Universal Orchestrator deployment.
  7. In the values.yaml file of HCL Universal Orchestrator, add the name of the secret that you created in the previous step within the following parameter:
    global.dwcconsole.certSecretName
  8. Define an access control list for every user that must be authorized to connect to an HCL Universal Orchestrator engine.
  9. Run the helm upgrade command with the same parameters used during the installation of HCL Universal Orchestrator:
      helm upgrade <uno_release_name> <repo_name>/hcl-uno-chart -f values.yaml -n <uno_namespace>
Connecting to an HCL Universal Orchestrator engine during the installation of the Dynamic Workload Console
  1. Create a file named unoca.crt in a directory of the virtual machine that is designated to host the Dynamic Workload Console.
  2. Copy the unoca.crt file into the additionalCAs folder. For more information about the additionalCAs folder, see SSL configuration options.
  3. Run the dwcinst command.
  4. From the directory in which the Dynamic Workload Console is installed, browse to the configDropins/templates folder, copy the jwtsso.xml file and paste it into the configDropins/overrides directory without changing any parameter.
  5. From the secret that has been deployed by HCL Universal Orchestrator, extract the ca.crt file and paste it into the unoca.crt file.
  6. Import the certificate by running the following command:
    keytool -importcert -file unoca.crt -alias uno -keystore /<dwc_data>/usr/servers/dwcServer/resources/security/TWSServerTrustFile.p12
  7. Export the server certificate from the Dynamic Workload Console by running the following command:
    keytool -export -keystore /<dwc_data>/usr/servers/dwcServer/resources/security/TWSServerKeyFile.p12 -alias server -file tls_dwc.pem -rfc
    Note: Check the extracted certificate and verify that no ^Ms is present in the file. If any ^Ms is present, remove it by running the following command:
    sed ‘s/\r//’ tls_dwc.pem > tws_dwc_clear.crt
  8. Copy the extracted certificate and create a secret in the namespace that hosts the HCL Universal Orchestrator deployment.
  9. In the values.yaml file of HCL Universal Orchestrator, add the name of the secret that you created in the previous step within the following parameter:
    global.dwcconsole.certSecretName
  10. Define an access control list for every user that must be authorized to connect to an HCL Universal Orchestrator engine.
  11. Run the helm upgrade command with the same parameters used during the installation of HCL Universal Orchestrator:
      helm upgrade <uno_release_name> <repo_name>/hcl-uno-chart -f values.yaml -n <uno_namespace>
Connecting a Dynamic Workload Console deployed on Kubernetes to an HCL Universal Orchestrator engine
  1. From the secret that has been deployed by HCL Universal Orchestrator, copy the ca.crt file.
  2. Load the third-party certificate by following the procedure described here.
  3. Upgrade the Dynamic Workload Console by running the helm upgrade command.
  4. From the directory in which the Dynamic Workload Console is installed, browse to the configDropins/templates folder, copy the jwtsso.xml file and paste it into the configDropins/overrides directory without changing any parameter.
  5. Copy the ca.crt file generated during the deployment of the Dynamic Workload Console, and use the file to create a new secret into the HCL Universal Orchestrator namespace.
  6. Copy the name of the secret created in the previous step into the following section of the values.yaml file of HCL Universal Orchestrator:
    global.dwcconsole.certSecretName
  7. Define an access control list for every user that must be authorized to connect to an HCL Universal Orchestrator engine.
  8. Run the helm upgrade command with the same parameters used during the installation of HCL Universal Orchestrator:
      helm upgrade <uno_release_name> <repo_name>/hcl-uno-chart -f values.yaml -n <uno_namespace>