1. Deploying Siebel CRM Containers on Kubernetes using Siebel Cloud Manager
  2. Installing SCM on OpenShift

Installing SCM on OpenShift

This section describes the steps for installing SCM on OpenShift using Siebel Installer for SCM. It includes the following steps:

Downloading and Running Siebel Installer for SCM

You must download Siebel Installer for SCM from MOS and run the installer to lay down the SCM image, images of SCM dependencies, and SCM Helm chart that are required for installing SCM on OpenShift. For more information, see Downloading and Running Siebel Installer for SCM.

Before Installing SCM on OpenShift

You must perform the following preinstallation tasks:

  • Ensure you have access to the OpenShift cluster through command line.
  • Ensure that the SCM container image, images of SCM dependencies, and Helm chart are available in the user's container registry.
  • Update the securityContext section in the SCM Helm chart values.yaml file as follows:
    securityContext:
    runAsUser: <uid>
    runAsGroup: 0
    fsGroup: <fs_group_id>

    In the above example:

    • <uid> is the user ID allowed for the SCM namespace.
    • <fs_group_id> is the supplemental group ID allowed for the SCM namespace.
    Note: On OpenShift, runAsUser must be within the range specified by the openshift.io/sa.scc.uid-range namespace annotation. The fsGroup value must be the first ID in the range specified by the openshift.io/sa.scc.supplemental-groups namespace annotation. You can view these namespace annotations, as follows:
    oc get namespace <scm_namespace> -o jsonpath='{"openshift.io/sa.scc.uid-range\t"}{.metadata.annotations.openshift\.io/sa\.scc\.uid-range}{"\n"}{"openshift.io/sa.scc.supplemental-groups\t"}{.metadata.annotations.openshift\.io/sa\.scc\.supplemental-groups}{"\n"}'

    You must also create a base directory in the SCM mount path. The name of the directory must match the SCM namespace name in uppercase. You must assign ownership to the user ID specified in securityContext.runAsUser, and assign group ownership to 0, as follows.

    sudo mount -t nfs -o nfsvers=3,nosuid,resvport -o nolock <mount target ip>:/<export path> <path on your host to mount>
cd <path on your host to mount>
sudo mkdir <SCM_NAMESPACE>
sudo chown -R <uid>:0 <SCM_NAMESPACE>
sudo chmod -R g+rwx <SCM_NAMESPACE>
  • Assign elevated privileges to the service account in the SCM namespace by applying the following SCCs:
    Note: This task applies only if you do not configure the securityContext section in the SCM Helm chart values.yaml file.
    oc adm policy add-scc-to-user privileged -z scm-service-account -n <scm_namespace>
oc adm policy add-scc-to-user nonroot-v2 -z scm-service-account -n <scm_namespace>

    In the above example, <scm-namespace> is the name of the SCM namespace you created for SCM installation.

    Note: When you configure the securityContext section in the SCM Helm chart values.yaml file, you must not apply SCCs. In this configuration, SCM runs by using the restricted-v2 SCC assigned by OpenShift.

Installing SCM using Helm

You can install SCM on OpenShift using Helm. For more information, see Installing SCM using Helm.

Optionally, you can validate the SCM instance after the installation is complete. For example:

https://<CM_Instance_IP>:<Port>/scm/api/v1.0/ping

If you encounter issues accessing SCM, such as connection refused or timeout errors, review the ingress network policies in the SCM namespace and update them as needed.