1. Deploying Siebel CRM Containers on Kubernetes using Siebel Cloud Manager
  2. Enabling the Solution

Enabling the Solution

The Observability Monitoring feature can be enabled to monitor Siebel CRM environments deployed by SCM on Oracle Kubernetes Engine on OCI. This feature exposes APIs for easy enabling/disabling. Various aspects of the Observability feature like Monitoring, Logging Analytics, Alerts, OCI Logging Analytics, Oracle OpenSearch, and so on can be individually turned on/off.

To enable only Monitoring during a Siebel CRM deployment, section like this to be appended in Siebel CRM deployment payload. For example:

API: POST on /scm/api/v1.0/environment

{
   <Siebel deployment payload>
   "observability": {
      "siebel_monitoring": true,
      "oci_config": {
         "oci_config_path": "/home/opc/siebel/oci-config/config1",
         "oci_private_api_key_path": "/home/opc/siebel/oci-config/mykey.pem",
         "oci_config_profile_name": "DEFAULT"
         },
   "monitoring_mt_export_path": {
      "mount_target_private_ip": "10.0.255.YY",
      "export_path": "/devXX-monitoring"
         }
   }
}

For more details on the payload elements, see the "observability" parameters in Payload Parameters for Siebel CRM Deployment.

When monitoring is enabled during Siebel deployment, the monitoring_mt_export_path parameter needs to be provided only when BYOR choice (Use existing resources) was selected during SCM installation.

To enable monitoring for a pre-existing Siebel CRM deployment done by SCM, the following sample can be used:

API: POST on /scm/api/v1.0/environment/<ENV_ID>/observability

{
   "observability": {
      "siebel_monitoring": true,
      "oci_config": {
         "oci_config_path": "/home/opc/siebel/oci-config/config1",
         "oci_private_api_key_path": "/home/opc/siebel/oci-config/mykey.pem",
         "oci_config_profile_name": "DEFAULT"
      },
   "monitoring_mt_export_path": {
      "mount_target_private_ip": "10.0.255.YY",
      "export_path": "/devXX-monitoring"
       }
   }
}

The monitoring_mt_export_path parameter is required when monitoring is enabled for a pre-existing Siebel CRM deployment done by SCM.

It returns a RUN_ID upon success.

For more details on the payload elements, see the "observability" parameters in Payload Parameters for Siebel CRM Deployment.

The status of the enabled features can be checked with GET for specific RUN_IDs, or you can get a broader response with an upper level URI ending in the term "observability".

/scm/api/v1.0/environment/<ENV_ID>/observability/<RUN_ID>
/scm/api/v1.0/environment/<ENV_ID>/observability/

Re-runs can be done with PUT API with RUN_ID at the end. Note that reruns are idempotent.

/scm/api/v1.0/environment/<ENV_ID>/observability/<RUN_ID>

To use the Siebel CRM Observability – Monitoring solution, Siebel Cloud Manager version needs to be updated to CM_24.6.0 or later using commands like following. Refer to the appropriate section for details on update process. Though SCM needs to be updated, Siebel CRM version need not be updated always for using this feature, as limited backward compatibility for Siebel CRM versions below 24.6 is supported. 

ssh opc@<CM_IP>
bash start_cmserver.sh CM_24.6.0

To run observability workloads with a custom non-root user ID and group ID, include a security_context section under the observability section in the deployment payload, in addition to the configuration required to enable monitoring.

{
   "observability":{
   "security_context": {
      "run_as_user": <uid>,
      "run_as_group": <gid>,
      "fs_group": <fs_group_id>
      }
   }
}

For more details on the payload elements, see the "observability" parameters in Payload Parameters for Siebel CRM Deployment.

Note: On OpenShift, run_as_user must be within the range specified by the openshift.io/sa.scc.uid-range namespace annotation. The fs_group value must be the first ID in the range specified by the openshift.io/sa.scc.supplemental-groups namespace annotation. To view these namespace annotations, run:
oc get namespace <siebel_namespace> -o jsonpath='{"openshift.io/sa.scc.uid-range\t"}{.metadata.annotations.openshift\.io/sa\.scc\.uid-range}{"\n"}{"openshift.io/sa.scc.supplemental-groups\t"}{.metadata.annotations.openshift\.io/sa\.scc\.supplemental-groups}{"\n"}'

In the above example:

  • Use a value from the uid-range annotation for run_as_user.
  • Use the first ID from the supplemental-groups annotation for fs_group.
Note: If you specify observability.security_context and use local storage for the Prometheus persistent volume, update the ownership of the local storage directory on the Kubernetes worker node before enabling observability. For more information, see Observability: Local Storage Prerequisite for Custom Non-Root User ID Security.

To enable Alerting along with Monitoring, deployment payload to contain section like the following in addition to the section for enabling monitoring:

{
   "observability": {
   ......
   "send_alerts": "true",
   "alertmanager_email_config": {
      "smtp_host": "smtp.us-ashburn-1.oraclecloud.com",
      "smtp_port": "587",
      "smtp_from_email": "no-reply@oraclesiebel.com",
      "smtp_auth_username": "ocid1.user.oc1.......",
      "smtp_auth_password_vault_ocid": "ocid1.vaultsecret.oc1.uk-london-1.....",
      "to_email": "test1@oracle.com,test2@oracle.com "
      }
   }
}

For more details on the payload elements, see the "observability" parameters in Payload Parameters for Siebel CRM Deployment.

Therefore, to enable monitoring functionality along with alerting in Siebel CRM Observability, a payload like the following can be used (for a non-BYO use case) along with Siebel CRM deployment payload:

{
   <other Siebel CRM deployment payload elements>
   "observability": {  
      "siebel_monitoring": true,
      "oci_config": {
         "oci_config_path": "/home/opc/siebel/oci-config/config1",
         "oci_private_api_key_path": "/home/opc/siebel/oci-config/mykey.pem",
         "oci_config_profile_name": "DEFAULT"
         }
      "send_alerts": "true",
      "alertmanager_email_config": {
         "smtp_host": "smtp.us-ashburn-1.oraclecloud.com", 
         "smtp_port": "587", 
         "smtp_from_email": "no-reply@oraclesiebel.com",
         "smtp_auth_username": "ocid1.vaultsecret.oc1.uk-london-1.....",
         "smtp_auth_password_vault_ocid": "ocid1.vaultsecret.oc1.uk-london-1.....",
         "to_email": "test1@oracle.com,test2@oracle.com"
         } 
   }
}

Observability: Local Storage Prerequisite for Custom Non-Root User ID Security

If you specify security_context under the observability section and use local storage for the Prometheus persistent volume, update the ownership of the local storage directory on the Kubernetes worker node before enabling observability.

Run the following command on the worker node that hosts the local storage directory:

chown <run_as_user>:<fs_group> <local_storage_directory_path>

In this command:

  • <run_as_user> is the value configured for observability.security_context.run_as_user in the deployment payload.
  • <fs_group> is the value configured for observability.security_context.fs_group in the deployment payload.
  • <local_storage_directory_path> is the path to the local storage directory used by the Prometheus persistent volume.