The orchestrator is a standalone Pega environment that
allows modeling and execution of continuous integration and continuous delivery (CI/CD)
pipelines.
Before you begin: Install the PegaDevOpsFoundation and PegaDeploymentManager
applications.
Perform the following steps to set up and configure the
orchestrator.
Note: Pega Cloud DevOps environments already include
both PegaDevOpsFoundation and PegaDeploymentManager.
- Log in to the orchestrator environment as an administrator and enable the
DMReleaseAdmin operator ID and specify its password.
- Log in to the orchestration server as an administrator.
- In the header of Dev Studio click , and then click
DMReleaseAdmin.
- On the Edit Operator ID rule form, click the
Security tab.
- Clear the Disable Operator check box.
- Click Save.
- Click Update password.
- In the Change Operator ID Password dialog box,
enter a password, reenter it to confirm it, and then click
Submit.
This authentication profile connects to candidate environments and executes
tasks. Note the password for future use when setting up candidates.
- Enable the DMAgentUser operator ID and specify its password.
- Log in to the orchestration server as an administrator.
- From the Dev Studio header, click , and then click DMAgentUser.
- On the Edit Operator ID rule form, click the
Security tab.
- Clear the Disable Operator check box.
- Click Save.
- Click Update password.
- In the Change Operator ID Password dialog box,
enter a password, reenter it to confirm it, and then click
Submit.
- Log out of the orchestration server.
- Modify the DMAppAdmin authentication profile to use the new password. The
orchestration server uses this authentication profile to communicate with
candidate systems so that it can run tasks in the pipeline.
- Log in to the orchestration server with the DMAppAdmin user name and
the password that you specified.
- From the Dev Studio header, click .
- Click DMAppAdmin.
- On the Edit Authentication Profile rule form,
click Set password.
- In the Password dialog box, enter the password,
and then click Submit.
- Save the rule form.
Generate client secret on the orchestrator
The client secret is a dynamic hexadecimal string that establishes communication
between Deployment Manager services. You should not share this information
publicly.
To generate the client secret from within Deployment Manager:
- Navigate to .
- Click on Generate client secret.
- Download the client secret by clicking Download client
secret.
Note: It is important to download the client secret as you must update this
information in the authentication profile of candidate environments. Once you
navigate away from this page or after you update the authentication profiles on
the orchestrator, you must regenerate the client secret.
- Click Update authentication profiles to automatically
populate the Client secret, Access token
endpoint, and Revoke token endpoint on
the orchestrator system. If the Update authentication
profile button does not work, you must perform the following
manual steps on the orchestrator:
- Navigate to .
- Open DeploymentManagerClient client registration
by selecting , and click Regenerate client
secret to regenerate the client secret.
- Click the View and download button to view the
client secret and download the client secret information.
- Save the DeploymentManagerClient rule.
- Update the Client secret, Access
token endpoint, and Revoke token
endpoint with the information for the
DMStudioUser and
DMAgentUser authentication profiles.
For additional configuration options, see the following optional steps:
- Create additional operators by giving them the
PegaDeploymentManager:Administrators access group. For more information
about user roles and privileges, see .
- To receive email notifications for deployments, configure email accounts
on the orchestration server. For more information, see Configuring email accounts on the orchestration server.
- Configure Jenkins so that it can communicate with the orchestration
server. For more information, see Configuring Jenkins in 5.5.x.
- Configure a separate authentication profile for each environment if you
do not wish to use a single authentication profile.