7 Configuring BRM Server, PDC, and PCC Services

Learn how to configure the Oracle Communications Billing and Revenue Management (BRM) server, Pricing Design Center (PDC), and Pipeline Configuration Center (PCC) in your cloud native environment.

Topics in this document:

• About Configuring BRM Cloud Native Services

• Creating Secrets for Docker Registry Authorization

• Configuring Global Values

• Specifying the BRM Services to Deploy

• Configuring the BRM Server

• Configuring BRM for a Multischema Database

• Configuring Pricing Design Center

• Configuring Pipeline Configuration Center

About Configuring BRM Cloud Native Services

You configure and deploy BRM cloud native services, such as BRM, PDC, and PCC, by using the BRM Helm chart (oc-cn-helm-chart). YAML descriptors in the oc-cn-helm-chart/templates directory use the oc-cn-helm-chart/values.yaml file for most of the values. The values.yaml file itself includes comments that describe each key. You can override the values by creating an override-values.yaml file.

Oracle recommends that you read the values.yaml file at least once to become familiar with all of the options available.

Creating Secrets for Docker Registry Authorization

You can automatically pull images from your private container registry by creating an ImagePullSecrets, which contains a list of authorization tokens (or Secrets) for accessing a private container registry. You then add references to the ImagePullSecrets in your BRM Helm chart's override-values.yaml file. This allows pods to submit the Secret to the private container registry whenever they want to pull images.

Automatically pulling images from a private container registry involves these high-level steps:

1. Create a Secret outside of the Helm chart by entering this command:

   kubectl create secret docker-registry SecretName --docker-server=RegistryServer --docker-username=UserName --docker-password=Password -n NameSpace

   where:

   • SecretName is the name of your Kubernetes Secret

   • RegistryServer is your private container registry's FQDN (repoHost:repoPort)

   • UserName and Password are your private container registry's user name and password

   • NameSpace is the namespace you will use for installing BRM Helm charts

   For example:

   kubectl create secret docker-registry cgbu-docker-registry --docker-server=mydockerimages.com:2660/ --docker-username=xyz --docker-password=password -n oms

2. Add the imagePullSecrets key to your override-values.yaml file for oc-cn-helm-chart:

   imagePullSecrets: 
       -name "SecretName1"
       -name "SecretName2"

3. Add the ocbrm.imageRepository key to your override-values.yaml file:

   imageRepository: "RegistryServer"

4. Deploy oc-cn-helm-chart.

Configuring Global Values

Table 7-1 lists the keys that apply to all BRM components. To set or change the values, add them to your override_values.yaml file for oc-cn-helm-chart.

Table 7-1 Global Keys in Values.yaml File

Key	Description
imageRepository	The registry server where you have pushed images. Typically, in the format “RepoHost:RepoPort/”. The value is added as a prefix to all image names when you install or upgrade Helm charts. This key is empty by default.
imagePullSecrets	The name of the Secret that contains credentials for accessing images from your private image server. This is added to each pod to give it permission to pull the image from your private registry server. See "Creating Secrets for Docker Registry Authorization" for more information. This key is empty by default.
uniPass	Use this key to apply a uniform password to all BRM cloud native services, including: Database Schemas BRM Root Login Oracle Wallets WebLogic User To override this password for a specific service, specify a different password in the service's key. Note: Use this key for test or demonstration systems only.
db.*	The details for connecting to a shared database. The keys in this section take precedence over other database connection keys. Add these keys only if your system uses a shared database: sslMode: The type of SSL connection required for connecting to the database: TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity. ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default. NO: SSL authentication is not required. host: The host name or IP address of the database server. port: The port number of the database server. user: The user name of the database administrator. password: The password of the database system administrator. serviceName: The service name that identifies the database. role: The role assigned to the DBA user. walletPassword: The password for accessing the certificates from the TrustStore and KeyStore. This is required if sslMode is set to ONE_WAY or TWO_WAY. walletType: The type of file specified as the TrustStore or KeyStore for SSL connections: SSO or pkcs12.
security.java.overrideSecurityProperties	Whether to override the default Java security property (true) or no (false). The default is true.
monitoring.prometheus.jmx_exporter.enable	Whether to enable the JMX exporter for Prometheus (true) or not (false). The default is false. See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide for more information.
monitoring.prometheus.operator.*	The details for monitoring BRM cloud native services using Prometheus: enable: Whether to use Prometheus Operator (true) or standalone Prometheus (false). The default is false. namespace: The namespace in which Prometheus Operator is deployed. The default is prometheus. release: The release name for Prometheus Operator. The default is prometheus. See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide for more information.

Specifying the BRM Services to Deploy

Some BRM cloud native services are enabled by default, while others are disabled. Ensure that your override-values.yaml file is set up to deploy the services that you want to include in your BRM cloud native environment.

BRM Cloud Native Services Enabled by Default

Table 7-2 lists the BRM cloud native services that are deployed by default. To exclude them from your deployment, set the keys to false in your override-values.yaml file for oc-cn-helm-chart.

Table 7-2 BRM Services Enabled By Default

BRM Service	override-values.yaml Key
Batch Pipeline	ocbrm.batchpipe.isEnabled
BRM REST Services Manager	ocrsm.rsm.isEnabled
Connection Manager	ocbrm.cm.isEnabled
Oracle Data Manager	ocbrm.dm_oracle.isEnabled
Pipeline Configuration Center	ocpcc.pcc.isEnabled
Pricing Design Center	ocpdc.isEnabled
Rated Event Loader	ocbrm.rel_daemon.isEnabled
Realtime Pipeline	ocbrm.realtimepipe.isEnabled

BRM Cloud Native Services Disabled By Default

Table 7-3 lists the BRM cloud native services that are not deployed by default. To include them in your BRM cloud native deployment, set the keys to true in your override-values.yaml file for oc-cn-helm-chart.

Table 7-3 BRM Services Disabled By Default

BRM Service	override-values.yaml Key
Batch Controller	ocbrm.batch_controller.isEnabled
BRM Apps Jobs	ocbrm.brm_apps.job.isEnabled
Email Data Manager	ocbrm.dm_email.isEnabled
Enterprise Application Integration Data Manager	ocbrm.dm_eai.isEnabled
Invoicing Formatter	ocbrm.formatter.isEnabled
Invoicing Data Manager	ocbrm.dm_invoice.isEnabled
Kafka Data Manager	ocbrm.dm_kafka.isEnabled
LDAP Data Manager	ocbrm.dm_ldap.isEnabled
Paymentech Data Manager	ocbrm.dm_fusa.isEnabled
PDC REST Services Manager	ocpdcrsm.isEnabled
Provisioning Data Manager	ocbrm.dm_prov_telco.isEnabled
RE Loader Daemon Job	ocbrm.rel_daemon.job.isEnabled
RE Loader Manager Job	ocbrm.rel_manager.job.isEnabled
Rated Event Manager	ocbrm.rem.isEnabled
Roaming Pipeline	ocbrm.roampipe.isEnabled
Vertex Data Manager	ocbrm.dm_vertex.isEnabled
Webhook	webhook.isEnabled
Web Services Manager with WebLogic	ocbrm.wsm.deployment.weblogic.isEnabled
Web Services Manager with TomCat	ocbrm.wsm.deployment.tomcat.isEnabled

Configuring the BRM Server

To configure the BRM server to run in your cloud native environment, you override the BRM server-specific keys in the values.yaml file for oc-cn-helm-chart. Table 7-4 lists the keys that directly impact BRM Server pods. Add these keys to your override-values.yaml file with the same path hierarchy.

Note:

You can optionally deploy a simple demonstration version of BRM cloud native by using the sample override_values.yaml file that is packaged with oc-cn-helm-chart. This sample override file contains the bare minimum keys that you need to update to create a simple BRM cloud native system with the following services enabled by default: Account Synchronization DM, Batch Pipeline, CM, Oracle DM, RE Loader, Realtime Pipeline, Billing Care, Billing Care REST API, Business Operations Center, and PDC.

Table 7-4 BRM Server Keys

Key	Path in values.yaml File	Description
isAmt	ocbrm	Whether account migration is enabled in your BRM database (true) or not (false). The default is false.
isIPV6Enabled	ocbrm	Whether IPV6 is enabled in your Kubernetes environment (true) or not (false). The default is false.
ece_deployed	ocbrm	Whether ECE is going to be deployed in your BRM cloud native environment (true) or not (false). The default is true.
pdc_deployed	ocbrm	Whether PDC is going to be deployed: true: Configuration data is not loaded into the BRM database. Only mandatory configuration records are loaded into the BRM database for starting the realtime pipeline pod. For the batch pipeline and roaming pipeline pods, you must load the required configuration data using PDC before deploying the pods. false: Configuration data is loaded into the BRM database during deployment. This is the default.
use_oracle_brm_images	ocbrm	Whether to use the default BRM images (true) or not (false). Set this to false if you are building custom images. The default is true.
existing_rootkey_wallet	ocbrm	Whether you are deploying with an existing database or using an existing root key wallet: true: You are deploying with an existing database or are using an existing root key wallet. false: You are deploying with a new database and are using a new root key wallet. This is the default. When set to false, the BRM Helm chart runs lds-config-job to load default strings into BRM during the deployment process. Manually delete lds-config-job after BRM is deployed successfully. See "Rotating the BRM Root Key" in BRM Cloud Native System Administrator's Guide for more information.
is_upgrade	ocbrm	Whether to upgrade the Helm chart (true) or not (false). See "Upgrading Your BRM Cloud Native Services".
isSSLEnabled	ocbrm	For SSL-enabled deployment required in Infranet.properties.
cmSSLTermination	ocbrm	Whether to make the CM the SSL endpoint for the BRM cloud native deployment. true: The CM is the SSL endpoint. In this case, TLS can be enabled only between BRM client applications and the CM. TLS is disabled between CM and all downstream components such as DMs and EMs. Communication between external clients and the CM will still be encrypted by TLS 1.2. This setting can increase performance, because it eliminates the overhead needed to handle TLS before processing the PCP packets. When set to true, also set the isSSLEnabled key to true. false: SSL is enabled across all components, from client to CM to DMs and EMs. This is the default.
customSSLWallet	ocbrm	Whether to use a custom TLS certificate for the CM: true: A custom TLS certificate is used for the CM. When set to true, also set the cmSSLTermination key to true and move the Oracle wallet (brm_custom_wallet) containing the custom TLS certificate to the top level of the Helm chart. false: The default TLS certificate is used for the CM. This is the default. See "Using a Custom TLS Certificate" in BRM Cloud Native System Administrator's Guide.
EnableSecurityContext	ocbrm	Whether to enable a security context in the cluster (true) or not (false). The default is false.
root_key_rotate	ocbrm	Whether to rotate the BRM root key (true) or not (false). The default is false. See "Rotating the BRM Root Key" in BRM Cloud Native System Administrator's Guide.
brm_root_pass	ocbrm	The root password. See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.
rotate_password	ocbrm	Whether to rotate the BRM root password: true: The BRM root password is replaced with the one specified in the new_brm_root_password key. false: The BRM root password is not changed. This is the default. See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.
new_brm_root_password	ocbrm	The new BRM root password. Use this key only when ocbrm.rotate_password is set to true. See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.
rotate_brm_role_passwords	ocbrm	Whether to rotate the BRM role passwords. The default is false. See "Rotating BRM Role Passwords" in BRM Cloud Native System Administrator's Guide.
brm_role_pass.*	ocbrm	The passwords for each BRM role. The roles grant users the permission to access different BRM components, such as Customer Center or Pipeline Configuration Center (PCC). Note: You must set all of these passwords when the unipass key is not set. You set passwords for the following roles: acct_recv.0.0.0.1: Accounts receivable bc_client.0.0.0.1: Billing Care bill_inv_pymt_sub.0.0.0.1: Invoice payments billing.0.0.0.1: Billing boc_client.0.0.0.1: Business Operations Center collections.0.0.0.1: Collections crypt_utils.0.0.0.1: Encryption utilities cust_center.0.0.0.1: Customer Center cust_mgnt.0.0.0.1: Customer management invoicing.0.0.0.1: Invoicing java_client.0.0.0.1: Java clients load_utils.0.0.0.1: Load utilities payments.0.0.0.1: Payments pcc_client.0.0.0.1: PCC rerating.0.0.0.1: Rerating rsm.0.0.0.1: BRM REST Services Manager super_user.0.0.0.1: Super User ui_client.0.0.0.1: All GUI clients ece.0.0.0.1: ECE The passwords in this key must match the passwords in oc-cn-init-db-helm-chart. See "Rotating BRM Role Passwords" in BRM Cloud Native System Administrator's Guide.
wallet.*	ocbrm	Specify the passwords for these wallets: client: The password for the client wallet. server: The password for the server wallet. root: The password for the root wallet. You must generate Secrets for these keys.
deployment.*	ocbrm.cm	enable_publish: Whether to publish events (1) or not (0). The default is 0. enable_prefs_enrichment: Whether to enrich notifications with subscriber preferences (true) or not (false). The default is false. prefs_enabled_publisher_list: The list of publishers with enrichment enabled. The default is 0.0.9.6. prefs_phone_no_location: Where to retrieve the phone numbers for subscribers. The default is 0. provisioning_enabled: Whether to enable provisioning of service orders (true) or not (false). The default is false. simulate_agent: Whether to publish service orders (0) or not (1). The default is 1.
enable	ocbrm.cm.custom_files	Whether to expose the oc-cn-helm-chart/cm_custom_files directory as a ConfigMap (true) or not (false). The default is false. See "Exposing Directories as ConfigMaps" in BRM Cloud Native System Administrator's Guide.
perflib_enabled	ocbrm.component.deployment	Whether to enable monitoring of the BRM service using the performance library (Perlib), where component is cm or dm_oracle. true: PerfLib is enabled for the specified component. The PerfLib container will expose the metrics for the specified component, which can be scraped by Prometheus. false: PerfLib is disabled for the specified component. This is the default. See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide.
isEnabled	ocbrm.dm_kafka	Whether to enable the Kafka DM (true) or not (false). The default is false. For more information about integrating BRM cloud native with a Kafka Server, see "Integrating with Kafka Servers" in BRM Cloud Native System Administrator's Guide.
deployment.*	ocbrm.dm_kafka	The details for configuring the Kafka DM. kafka_bootstrap_server_list: Set this to a comma-separated list of addresses for the Kafka brokers in this format: hostname1:port1, hostname2:port2. poolSize: Set this to the number of threads that can run in the JS server to accept requests from the CM. Enter a number from 1 through 2000. The default is 64. topicName: Set this to the name of the default Kafka topic. The default name is BRM. topicFormat: Set this to the format of the payload that is published to the default Kafka topic: XML or JSON. topicStyle: The style of XML payloads: ShortName, CamelCase, NewShortName, or OC3CNotification. isSecurityEnabled: Whether to enable SSL between Kafka DM and Kafka Server (true) or not (false). trustStorePassword: The TrustStore password in Base64 format. Required only if SSL is enabled. keyStorePassword: The KeyStore password in Base64 format. Required only if SSL is enabled. keyPassword: The password of a key in the KeyStore in Base64 format. Required only if SSL is enabled. password: The password in Base64 format. Required only if SSL is enabled. For more information about integrating BRM cloud native with a Kafka Server, see "Integrating with Kafka Servers" in BRM Cloud Native System Administrator's Guide.
smtpServer	ocbrm.dm_email.deployment	Set this to your SMTP server name, such as ocbrm.us.example.com.
create	ocbrm.storage_class	Whether to create a Kubernetes StorageClass (true) or not (false).
virtual_time.*	ocbrm	The details for configuring the pin_virtual_time utility. enabled: Set this to true to enable pin_virtual_time. sync_pvt_time: Set this to the number of seconds between each synchronization of pin_virtual_time with all pods. The default is 0 seconds.
db.*	ocbrm	The details for connecting to the BRM database: host: The host name or IP address of the database server. port: The port number of the database server. service: The service name that identifies the database. sslMode: The type of SSL connection required for connecting to the database: TWO_WAY, ONE_WAY, or NO. walletPassword: The password for accessing the certificates from the TrustStore and KeyStore. This is required if sslMode is set to ONE_WAY or TWO_WAY. walletType: The type of file specified as the TrustStore or KeyStore for SSL connections: SSO or pkcs12. The default is SSO. enable_partition: Whether partitioning is enabled at the database level (Yes) or disabled (No). The default is Yes. storage_model: The size of the BRM database tablespaces: Test: Less than 700 MB. Small: Less than 1.5 GB. Medium: Less than 30 GB. Large: Greater than 30 GB. schemauser: The user name of the primary BRM schema. The default is pin. schemapass: The password for the BRM schema. schematablespace: The name of the tablespace for the primary BRM schema. This field is case-sensitive. The default is pin. indextablespace: The name of the index tablespace for the primary BRM schema. This field is case-sensitive. The default is pinx. nls_lang: The language, territory, and character set. Set this to American_America.AL32UTF8. You must use American_America as the language and territory, regardless of your locale. pipelineschemauser: The BRM pipeline schema user name, which should be pre-created with all of the required grants. pipelineschemapass: The BRM pipeline schema password. You must generate a Secret. Add this key to your override-values.yaml file with the same path hierarchy. pipelineschematablespace: The name of the tablespace for the BRM pipeline schema. This field is case-sensitive. pipelinesindextablespace: The name of the index tablespace for the BRM pipeline schema. This field is case-sensitive. skipPrimary: Whether to deploy the primary schema (false) or skip the deployment of the primary schema (true). Set it to true only if you are adding a schema to an existing BRM multischema system. The default is false. Ensure these values match the ocbrm.db.* keys from oc-cn-init-db-helm-chart. See Table 6-1 for more information.
secondaryN.*	ocbrm.db.multiSchemas	The details for connecting to your secondary database schemas, where N is 1 for the first secondary schema, 2 for the next secondary schema, and so on. Add this block only if your BRM database contains multiple schemas. This section will be commented out by default: multiSchemas: secondary1: deploy: host: localhost port: 1521 service: pindb schemauser: schemapass: schematablespace: indextablespace: See "Configuring BRM for a Multischema Database".
mountOptions	ocbrm.storage_class	Set this to the version of the external provisioner.
provisioner	ocbrm.dynamic_provisioner	Set this to the name of the external provisioner.
enabled	ocbrm.cmt	Set this to true to run the Conversion Manager pin_cmt utility.
config_jobs.*	ocbrm	The details for running a configurator job, which allows you to run BRM load utilities on demand without entering into a pod. run_apps: Set to true to enable a configurator job. isMultiSchema: Specifies whether to run the commands in the loadme.sh script on the secondary schemas. restart_count: Increment this count by 1 to restart the CM. script_name: The name of the script that contains the load utilities you want to run. The default is loadme.sh. See "Running Load Utilities through Configurator Jobs" in BRM Cloud Native System Administrator's Guide.
brm_apps.job.*	ocbrm	The details for running a brm-apps job, which allows you to run BRM applications and utilities on demand without entering into a pod. isEnabled: Set to true to enable a brm-apps job. script_name: The name of the script that contains the utilities and applications you want to run. The default is loadme.sh. configmap_path: The path to the ConfigMap file. See "Running Applications and Utilities through BRM-Apps Jobs" in BRM Cloud Native System Administrator's Guide.
brm_apps.deployment.isEnabled	ocbrm	Whether to enable the brm-apps pod.
utilityName.*	ocbrm.brm_apps.deployment	The configuration details for running BRM utilities and applications, such as pin_billd, pin_export_price, and pin_rerate. For example, you can configure performance parameters for multithreaded applications (MTA). See "Configuring MTA Performance Parameters" in BRM Cloud Native System Administrator's Guide.

Configuring BRM for a Multischema Database

Using a BRM multischema database lets you distribute customer accounts among several database schemas, providing increased storage capacity, higher performance, and easier maintenance. For more information, see "A BRM Multischema Production System" in BRM Installation Guide.

To configure your BRM cloud native environment to connect to a multischema database, do this:

1. Ensure that you deployed a multischema database in your BRM cloud native environment. See "Deploying BRM with a New Database Schema".

2. Using SQL*Plus, grant each database schema the privilege to insert and update tables on the other schemas:

   1. Connect to the BRM database with SQL*Plus as sysdba:

      sqlplus system@databaseAlias as sysdba 
      Enter password: password

      where:

      • databaseAlias is the Oracle system database alias.

      • password is the Oracle system database user password.

   2. From the primary database schema, enter the following:

      SQL> GRANT INSERT ANY TABLE TO SecondarySchema; 
      SQL> GRANT UPDATE ANY TABLE TO SecondarySchema;

      where SecondarySchema is the name of the secondary schema.

   3. From each secondary database schema, enter the following:

      SQL> GRANT INSERT ANY TABLE TO PrimarySchema; 
      SQL> GRANT UPDATE ANY TABLE TO PrimarySchema;

      where PrimarySchema is the name of the primary schema.

3. Connect the BRM server to each secondary schema:

   1. Open your override-values.yaml file for oc-cn-helm-chart.

   2. Enable account migration by setting the ocbrm.isAmt key to true.

   3. Set the ocbrm.db.skipPrimary key to false.

   4. For each secondary schema in your system, add a ocbrm.db.multiSchemas.secondaryN block, where N is 1 for the first secondary schema, 2 for the next secondary schema, and so on.

   5. In each ocbrm.db.multiSchemas.secondaryN block, set the following keys:

      • deploy: Set this to true.

      • host: Set this to the hostname of the secondary schema. This key is optional.

      • port: Set this to the port number for the secondary schema. This key is optional.

      • service: Set this to the service name for the secondary schema. This key is optional.

      • schemauser: Set this to the schema user name.

      • schemapass: Set this to the schema password.

      • schematablespace: Set this to the name of the schema tablespace, such as pin01.

      • indextablespace: Set this to the name of the index tablespace, such as pinx01.

   6. Deploy oc-cn-helm-chart by running this command from the helmcharts directory:

      helm install BrmReleaseName oc-cn-helm-chart --namespace BrmNameSpace --values OverrideValuesFile

      where:

      • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance. It must be different from the one used for oc-cn-init-db-helm-chart.

      • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

      • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.

      The BRM Helm chart deploys new dm-oracle, amt, and rel-dameon pods, Rated Event (RE) Loader PVCs, services, ConfigMaps, and secrets. It also updates their corresponding schema entries in the primary CM and Oracle DM and deploys multiple containers for the batch-wireless-pipe pod.

4. Set each database schema's status and priority. BRM cloud native assigns accounts to an open schema with the highest priority.

   1. Open the configmap_pin_conf_testnap.yaml file.

   2. Under the config_dist.conf section, add the following entries for each secondary schema in your database:

      DB_NO = "schema_number" ;             # database config. block
      PRIORITY = priority ;
      MAX_ACCOUNT_SIZE = 100000 ;
      STATUS = "status" ;
      SCHEMA_NAME = "schema_name" ;

   3. Set the STATUS and PRIORITY entries for each primary and secondary schema:

      DB_NO = "0.0.0.1" ;             # Primary schema configuration block
      PRIORITY = priority;
      MAX_ACCOUNT_SIZE = 100000 ;
      STATUS = "status" ;
      SCHEMA_NAME = "schema_name" ;
        
      DB_NO = "0.0.0.2" ;             # Secondary schema configuration block
      PRIORITY = priority;
      MAX_ACCOUNT_SIZE = 50000 ;
      STATUS = "status" ;
      SCHEMA_NAME = "schema_name" ;

      where:

      • priority is a number representing the schema's priority, with the highest number having the most priority. For example, 5 indicates a greater priority than a value of 1. For more information, see "Modifying Database Schema Priorities" in BRM Cloud Native System Administrator's Guide.

      • status specifies whether the schema is open, closed, or unavailable. For more information, see "Modifying Database Schema Status" in BRM Cloud Native System Administrator's Guide.

   4. Set up the configurator job to run the load_config_dist utility by adding the following lines to the oc-cn-helm-chart/config_scripts/loadme.sh script:

      #!/bin/sh
       
      #cp /oms/config_dist.conf /oms/sys/test/config_dist.conf
      cd /oms/sys/test ; load_config_dist
      exit 0;

   5. In the override-values.yaml file for oc-cn-helm-chart, set this key:

      ocbrm.config_jobs.run_apps: Set this to true.

   6. Run the helm upgrade command to update the Helm release:

      helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace

      The distribution information is loaded into the primary schema.

   7. Update these keys in the override-values.yaml file for oc-cn-helm-chart:

      • ocbrm.config_jobs.restart_count: Increment the existing value by 1.

      • ocbrm.config_jobs.run_apps: Set this to false.

   8. Update the Helm release again:

      helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace

      The CM is restarted.

5. Configure the account-router Pipeline Manager to route CDRs to pipelines based on the database schema POID. To do so, edit the ConfigMap file configmap_acc_router_reg.yaml.

   Based on the configuration, the account router Pipeline Manager does the following:

   • Moves input files to the data PVC directory. The input file names have a prefix of router and a suffix of .edr.

   • Moves the rated output files to the input of the Rating pipeline.

   • Replicates the Rating pipeline based on the multischema entry. The Range function is used to replicate the rating pipeline.

   • Moves the output files from the Rating pipeline to the outputcdr PVC directory.

Your BRM cloud native environment is connected to your BRM multischema database. To manage your multischema environment, see "Managing a BRM Cloud Native Multischema System" in BRM Cloud Native System Administrator's Guide.

Configuring Pricing Design Center

Pricing Design Center (PDC) is a Web-based client application that you use to create and manage the product offerings that you sell to your customers. A product offering represents the services available to your customers and the price of those services. For more information about PDC, see Pricing Design Center Online Help.

You can optionally deploy a simple demonstration version of Pricing Design Center cloud native by using the sample PDC_OverrideValues.yaml file provided with oc-cn-helm-chart. This simple demonstration version has both SSL and ECE enabled, uploads a sample JKS certificate file, loads sample RUMs and balance elements, and starts the BRM-to-PDC synchronization process with SyncPDC.

To configure PDC to run in your BRM cloud native environment:

1. Override the PDC-specific keys in the values.yaml file for oc-cn-helm-chart. See "Adding PDC Keys for oc-cn-helm-chart".

2. Override the PDC-specific keys in the values.yaml file for oc-cn-op-job-helm-chart. See "Adding PDC Keys for oc-cn-op-job-helm-chart".

3. Set up SAML for SSO in PDC. See "Setting Up SSO for PDC Cloud Native".

After you deploy PDC in your cloud native environment, you can access the PDC GUI at one of the following URLs:

• http://kubernetesHost:pdcPort/pdc

  where:

  • kubernetesHost is the host name of the machine on which Kubernetes is deployed.

  • pdcPort is the PDC service node port.

• http://LoadBalancerHost:pdcNodePort/pdc

  where:

  • LoadBalancerHost is the host name of the machine on which the load balancer is deployed.

  • pdcNodePort is the number assigned to the PDC node port.

Adding PDC Keys for oc-cn-helm-chart

Table 7-5 describes the most common PDC keys that you need to override. Add these keys to your override-values.yaml file for oc-cn-helm-chart with the same path hierarchy.

For information about all PDC-specific keys, see the descriptions in the oc-cn-helm-chart/values.yaml file.

Caution:

Keys with the path ocpdc.secretValue hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64. See "Secrets" in Kubernetes Concepts.

Table 7-5 Pricing Design Center Keys for oc-cn-helm-chart

Key	Path in values.yaml	Description
isEnabled	ocpdc	Whether to enable and deploy PDC: true: Enables PDC and deploys the PDC application. This is the default. false: Disables the PDC application.
lang	ocpdc	The Linux system locale. The default is en_US.UTF-8.
tz	ocpdc	The Linux time zone. The default is UTC.
pdcBrmVolHostPath	ocpdc	The host path for RRE, Import-Export, BRE, or SyncPDC. To use a dynamic provisioner, leave it empty. The default is empty. Note: Provide the required permissions to the volume path by following the guidelines in "Persistent Volume Storage Locations" in the WebLogic Kubernetes Operator documentation.
storageSize	ocpdc	The size of the storage path for pdcBrmHostPath.
enableSecurityContext	ocpdc	Whether to enable PDC pod-level security attributes and common container settings. The default is false.
deployment.*	ocpdc	The details for deploying the PDC image: imageName: The name of the PDC image. The default is oracle/pdc. imageTag: The tag name for the PDC image. The default is 15.0.x.0.0. imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.
fmw.*	ocpdc.deployment	The details for pulling WebLogic images for PDC from a container registry: imageRepository: The name of the container registry from which to pull the WebLogic image. The default is container-registry.oracle.com/. imageName: The name of the container repository from which to pull the WebLogic image. The default is middleware/fmw-infrastructure_cpu. imageTag: The tag name for the WebLogic image. The default is 12.2.1.4-jdk8-ol8. See "Pulling WebLogic Images for PDC, Billing Care, Billing Care REST API, and Business Operations Center" for more information.
nodeSelector	ocpdc	The name of the node on which to run the following PDC pods: pdc RRE BRE SyncPDC Import-Export Set this key if you want to constrain the PDC pods to run only on the node you specify. For more information, see "nodeSelector" in the Kubernetes documentation. Note: To override the rules for a specific PDC pod, specify a different value for the pod's nodeSelector key. For example, set the ocpdc.configEnv.transformation.syncPDC.nodeSelector key to apply rules specifically to the SyncPDC pod.
affinity	ocpdc	The rules for running the following PDC pods on specific nodes: pdc RRE BRE SyncPDC Import-Export Set this key if you want to constrain the PDC pod to run only on the nodes that meet your criteria. For more information about this key, see "Node Affinity" in the Kubernetes documentation. Note: To override the rules for a specific PDC pod, specify a different value for the pod's affinity key. For example, set the ocpdc.configEnv.transformation.importExport.affinity key to apply rules specifically to the Import-Export pod.
domainUID	ocpdc.wop	The name of this PDC WebLogic Server domain.
isVPAEnabled	ocpdc.wop	(Release 15.0.1 or later) Whether to enable resource limits for the PDC domain pod. The default is false.
isVPAEnabled	ocpdc.configEnv	Whether to enable Vertical Pod autoscaling for the RRE, BRE, SyncPDC, and JobIE pods. The default is false.
dbHostName	ocpdc.configEnv	The host name of the PDC and cross-reference database. The value must match that of oc-cn-op-job-helm-chart.
dbPort	ocpdc.configEnv	The port for the PDC and cross-reference database. The value must match that of oc-cn-op-job-helm-chart.
dbService	ocpdc.configEnv	The service name for the PDC and cross-reference database. The value must match that of oc-cn-op-job-helm-chart.
dbSSLMode	ocpdc.configEnv	The type of SSL connection required for connecting to the cross-reference database: TWO_WAY: Two-way SSL authentication is required. ONE_WAY: One-way SSL authentication is required. NO: SSL authentication is not required. This is the default. Note: This value must match that of the dbSSLMode key for oc-cn-op-job-helm-chart.
Realtime rating engine and batch rating engine log file rotation	ocpdc.configEnv.transformation	The settings for rotating RRE and BRE log files: logLevel: The logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING. logFileSize: The maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file. The default is 500000. logFileCount: The maximum number of log files to retain for the application. The default is 10. persistTransactionLogs: Whether to persist log files in the database after they are closed. Possible values are all, disabled, and failed. The default is failed. See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.
MEM_ARGS	ocpdc.configEnv.transformation	The memory argument, surrounded by quotes. For example: "-Xms1024m -Xmx2048m -XX:CompileThreshold=8000".
persistOutFiles	ocpdc.configEnv.transformation	Whether to persist the output files generated by the transformation engine: enabled: Keeps the output and payload files in the out directory. This is not recommended. disabled: Removes the output and payload files from the out directory. This is the default.
upgrade	ocpdc.configEnv.transformation	Whether to upgrade from a previous release to PDC 15.0.
nodeSelector	ocpdc.configEnv.transformation	The name of the node on which to run the RRE and BRE pods.
affinity	ocpdc.configEnv.transformation	The rules for running the RRE and BRE pods on specific nodes.
BE	ocpdc.configEnv.seedData	Whether to load sample balance elements into the PDC database when PDC is deployed: true: Loads the sample balance elements. false: Does not load the sample balance elements. This is the default. Note: If balance element data already exists in the PDC database, it is not overwritten.
RUM	ocpdc.configEnv.seedData	Whether to load sample RUMs into the PDC database when PDC is deployed: true: Loads the sample RUMs. false: Does not load the sample RUMs. This is the default. Note: If RUM data already exists in the PDC database, it is not overwritten.
IE_Operation.*	ocpdc.configEnv.importExport	The operation for the ImportExportPricing utility to perform: Empty value: No operation is performed. This is the default. export: The utility exports data from the PDC database into an XML file. import: The utility imports data from the XML file into the PDC database. publish: The utility publishes components from PDC to the batch rating engine, real-time rating engine, or ECE. keep: The utility retains the latest version of successfully promoted PDC components. deleteprofile: The utility deletes pricing profiles from PDC. type: The utility displays the pricing or setup components available in PDC. When you deploy PDC, ensure that this key has an empty value. Before doing a Helm upgrade to run ImportExportPricing, delete the pdc-import-export-job Kubernetes job. Don't include the hyphen (-) prefix with the value. For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide.
IE_Component.*	ocpdc.configEnv.importExport	The type of components and objects to import or export using the ImportExportPricing utility: config: Imports or exports setup components, such as tax codes, business profiles, and general ledger IDs. pricing: Imports or exports pricing components, such as events, charges, and chargeshares. metadata: Imports or exports the event, service, account, and profile attribute specifications. profile: Imports or exports pricing profile data. customfields: Imports or exports custom fields. brmobject: Exports BRM-mastered configuration objects such as services, events, and G/L IDs. all: Imports or exports all objects and components. Don't include the hyphen (-) prefix with the value. For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide.
IE_File_OR_Dir_Name	ocpdc.configEnv.importExport	The name of the XML file or ImportExport directory that contains the list of components and objects to import into the PDC database. This XML file is used by the ImportExportPricing utility. If importing or deleting components, copy the XML file to the HostPath specified in pdcIEHostPath or in pdc-ie-pvc. Set the file's or directory's ownership and permissions to chown 1000:0 and chmod 755.
extraCmdLineArgs	ocpdc.configEnv.importExport	The extra command-line arguments for the ImportExportPricing utility, apart from operation, component, and file name. The value must be surrounded by quotes. For example, "-n ObjectName". See "ImportExportPricing" in PDC Creating Product Offerings for more information.
ImportExport Log Rotation	ocpdc.configEnv.importExport	The settings for rotating ImportExport log files: logLevel: Sets the logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING. logSize: Sets the maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file. logCount: Specifies the maximum number of log files to retain for the application. persistIELogs: Specifies whether to persist log files in the database after they are closed. Possible values are all, disabled, and failed. See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.
nodeSelector affinity	ocpdc.configEnv.importExport	The rules for deploying the Import-Export pod on specific nodes.
upgradeFromPS2	ocpdc.configEnv.syncPDC	Whether to upgrade SyncPDC during the PDC upgrade process. Set this to true only if you are upgrading from Patch Set 2 to Patch Set 4. The default is false. See "Upgrading Your PDC Cloud Native Services" for more information.
skipBREMigration	ocpdc.configEnv.syncPDC	Skips the synchronization of pipeline configuration data. The default is false. This key is ignored when ECE is enabled in a PDC system.
syncPDCStartAt	ocpdc.configEnv.syncPDC	The scheduled time for running the SyncPDC utility. This key is set at deployment time only. Valid values include: startAt: The utility runs at the time the job was submitted. "HH:MM": The utility runs at the specified time, where HH is an hour between 0 and 23, and MM is the minutes between 0 and 59. For example, enter "12:00" to schedule the utility to run at noon. For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide.
syncPDCInterval	ocpdc.configEnv.syncPDC	The scheduled frequency for running the SyncPDC utility. This key is set at deployment time only. Enter a value in the format "N:U", where N is a valid number and U is one of these units: D (Daily), H (Hourly), or M (Minute). For example, enter "2:D" to run the utility every other day. Note: A value of "24:H" is not the same as "1:D" due to daylight savings time (DST).
enrichmentFileName	ocpdc.configEnv.syncPDC	Set this to ECEEventEnrichmentSpec.xml. Store the enrichment file in the path specified in pdcBrmHostPath. This is applicable at both PDC deployment time and individual SyncPDC runtime.
runSyncPDC	ocpdc.configEnv.syncPDC	Whether to create the SyncPDC pod: true: Creates the SyncPDC pod and starts the BRM-to-PDC synchronization process. This is the default. false: Deletes the SyncPDC pod and stops the synchronization process.
SyncPDC Log Rotation	ocpdc.configEnv.syncPDC	The settings for rotating SyncPDC log files: logLevel: Sets the logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING. logFileSize: Sets the maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file. The default is 20000. logFileCount: Specifies the maximum number of log files to retain for the application. The default is 10. See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.
nodeSelector affinity	ocpdc.configEnv.syncPDC	The rules for deploying the SyncPDC pod on specific nodes.
operator.*	ocpdc.configEnv.monitoring.prometheus	The details for monitoring PDC cloud native services using Prometheus: isEnabled: Whether to enable monitoring of PDC by using Prometheus and Grafana. namespace: The namespace in which Prometheus Operator is deployed. The default is prometheus. For more information, see "Monitoring PDC in a Cloud Native Environment" in BRM Cloud Native System Administrator's Guide.
walletPassword	ocpdc.secretValue	The passwords for the PDC application wallet and PDC BRM integration wallet.

Adding PDC Keys for oc-cn-op-job-helm-chart

You must create an override-values.yaml for oc-cn-op-job-helm-chart and then add the PDC-specific keys in Table 7-6.

For information about all PDC-specific keys, see the descriptions in the oc-cn-op-job-helm-chart/values.yaml file.

Caution:

Keys with the path ocpdc.secretValue hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 7-6 Pricing Design Center Keys for oc-cn-op-job-helm-chart

Key	Path in values.yaml	Description
isEnabled	ocpdc	Whether to enable PDC jobs: true: Enables PDC jobs. This is the default. false: Disables PDC jobs.
isClean	ocpdc	Whether to clean old PDC deployment and instance logs: true: Removes all existing PDC deployment and instance logs. This is the default. false: Keeps all existing PDC logs.
lang	ocpdc	The Linux system locale. The default is en_US.UTF-8.
tz	ocpdc	The Linux time zone. The default is UTC.
pdcAppVolHostPath	ocpdc	The host path for pdc-domain. To use a dynamic provisioner, leave it empty. The default is empty. Note: For a dynamic provisioner, ensure that oc-cn-helm-chart is deployed and that the storage class is reused. Note: Provide the required permissions to the volume path by following the guidelines in "Persistent Volume Storage Locations" in the WebLogic Kubernetes Operator documentation.
storageSize	ocpdc	The size of the storage path for pdcHostPath.
enableSecurityContext	ocpdc	Whether to enable PDC pod-level security attributes and common container settings. The default is false.
deployment.*	ocpdc	The details for deploying the PDC image: imageName: The name of the PDC image. The default is oracle/pdc. imageTag: The tag name for the PDC image. The default is 15.0.0.0.0. imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.
fmw.*	ocpdc.deployment	The details for pulling WebLogic images for PDC from a container registry: imageRepository: The name of the container registry from which to pull the WebLogic image. The default is container-registry.oracle.com/. imageName: The name of the container repository from which to pull the WebLogic image. The default is middleware/fmw-infrastructure_cpu. imageTag: The tag name for the WebLogic image. The default is 12.2.1.4-jdk8-ol8. See "Pulling WebLogic Images for PDC, Billing Care, Billing Care REST API, and Business Operations Center" for more information.
nodeSelector	ocpdc	The rules for scheduling a PDC job pod on a particular node using nodeSelector or affinity. pdc-domain-job: Set this key to constrain the PDC pods to run only on the node you specify. For more information, see "nodeSelector" in the Kubernetes documentation. Note: To override the rules for a specific PDC pod, specify a different value for the pod's nodeSelector key. For example, set the ocpdc.configEnv.transformation.syncPDC.nodeSelector key to apply rules specifically to the SyncPDC pod.
affinity	ocpdc	The rules for scheduling a PDC job pod on a particular node using nodeSelector or affinity. pdc-domain-job: Set this key if you want to constrain the PDC pod to run only on nodes that meet your criteria. For more information, see "Node Affinity" in the Kubernetes documentation. Note: To override the rules for a specific PDC pod, specify a different value for the pod's affinity key. For example, set the ocpdc.configEnv.transformation.importExport.affinity key to apply rules specifically to the PDC Import Export pod.
domainUID	ocpdc.wop	The name of this PDC WebLogic Server domain.
includeServerOutInPodLog	ocpdc.wop	Whether to include the server out file in the pod's stdout log: true: The server out file is included. This is the default. false: The server out file is excluded.
jtaTimeoutSeconds	ocpdc.wop	The maximum amount of time, in seconds, an active transaction is allowed to be in the first phase of a two-phase commit transaction. The default is 10000. If the time expires, the transaction is automatically rolled back.
jtaAbandonTimeoutSeconds	ocpdc.wop	The maximum amount of time, in seconds, a transaction manager continues to attempt completing the second phase of a two-phase commit transaction. The default is 10000.
stuckThreadMaxTime	ocpdc.wop	The number of seconds a thread must be continually working before the server considers the thread to be stuck. The default is 20000.
idlePeriodsUntilTimeout	ocpdc.wop	The number of idle periods until the peer is considered to be unreachable. The default is 40.
dataSourceXaTxnTimeout	ocpdc.wop	The number of seconds until the data source transaction times out. The default is 0. When set to 0, the WebLogic Server Transaction Manager passes the global WebLogic Server transaction timeout in seconds in the method.
pdcAppSesTimeOut	ocpdc.wop	The PDC application (pricingui.ear) session time out, in seconds. The default is 36000.
pdcAppSesInvInterTimeOut	ocpdc.wop	The PDC application (pricingui.ear) session invalid interval time out, in seconds. The default is 3000.
maxMessageSize	ocpdc.wop	(Release 15.0.1 or later) The maximum number of bytes allowed in messages that are received over supported protocols. The default is 10000000.
isVPAEnabled	ocpdc.wop	(Release 15.0.1 or later) Whether to enable resource limits for the PDC domain job pod. The default file is present in oc-cn-op-job-helm-chart/pdc/vpa_values.yaml. For more information, see "Using Resource Limits in PDC Domain Pods" in BRM Cloud Native System Administrator's Guide.
users	ocpdc.wop	(Release 15.0.1 or later) The users to add to the PDC domain. Add the following sub-fields for each: name: The name of the user. description: A brief description of the user. password: The Base64-encoded password for the user. groups: The list of groups that the user belongs to. The available PDC groups are PricingAnalyst, PricingDesignAdmin, and PricingReviewer. For more information, see "Creating PDC Users" in BRM Cloud Native System Administrator's Guide.
exposePorts	ocpdc.configEnv	Exposes the SSL HTTPS port, the HTTP port, or both: yes: Exposes the SSL HTTPS port only. no: Exposes the HTTP port only. all: Exposes both the HTTP port and the SSL HTTPS port. This is the default.
t3ChannelPort	ocpdc.configEnv	The port number for the t3 channel. The default is 30799. Use this key if PDC needs to use the t3 protocol to communicate with an external system, such as Elastic Charging Engine (ECE). Set this to a Kubernetes port number from 30000 through 32767 that is not in use. This key is mandatory.
t3ChannelAddress	ocpdc.configEnv	The IP address for the primary node or load balancer. This key is optional.
t3sChannelPort	ocpdc.configEnv	The port number for the t3s channel. The default is 30800. Use this key if PDC needs to use the t3s protocol to communicate with an external system such as ECE. Set this to a Kubernetes port number from 30000 through 32767 that is not in use. This key is mandatory.
t3sChannelAddress	ocpdc.configEnv	If SSL is enabled in the WebLogic domain, set this to the IP address for the primary node or load balancer. This key is optional.
USER_MEM_ARGS	ocpdc.configEnv	The custom memory arguments for WebLogic Admin Server.
USER_JAVA_OPTIONS	ocpdc.configEnv	The custom Java options for WebLogic Admin Server.
tlsVersions	ocpdc.configEnv	(Release 15.0.1 or later) The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.
pdcAppLogLevel pdcAppLogFileSize pdcAppLogFileCount	ocpdc.configEnv	The settings for rotating Pricing Server log and tracing log files: pdcAppLogLevel: Sets the logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING. pdcAppLogFileSize: Sets the maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file. pdcAppLogFileCount: Specifies the maximum number of log files to retain for the application. See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.
rcuJdbcURL	ocpdc.configEnv	The connection string for connecting to a database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS. Use the format "host:port/service".
rcuPrefix	ocpdc.configEnv	The prefix for the PDC domain RCU schema. For example, if the prefix is XYZ and the schema name is STB, the PDC domain RCU schema name will be XYZ_STB.
rcuRecreate	ocpdc.configEnv	Whether to re-create the PDC domain. true: If the PDC domain is present, the RCU drops and re-creates the domain. This is the default. false: The PDC domain is left alone.
isCustomWLSPython	ocpdc.configEnv	Whether to run your custom WebLogic Python files: true: Run your custom WebLogic Python files located in oc-cn-op-job-chart/pdc/customWLSPython. false: Do not run a custom WebLogic Python file. Set each file's ownership and permissions to chown 1000:0 and chmod 777.
honorOMF	ocpdc.configEnv	Whether the RDS database honors the Oracle-Managed Files (OMF) naming format: true: OMF format is used. false: OMF format is not used. This is the default.
keyStoreType	ocpdc.configEnv	The SSL KeyStore type for the PDC domain. The default is JKS.
keyStoreAlias	ocpdc.configEnv	The alias name for the PDC domain SSL KeyStore. The default is WeblogicPDCTestAlias.
keyStoreIdentityFileName	ocpdc.configEnv	The name of the PDC domain SSL KeyStore Identity file. The default is defaultserver.jks. The defaultserver.jks file is created during PDC deployment if it does not already exist.
keyStoreTrustFileName	ocpdc.configEnv	The name of the PDC domain SSL TrustStore file. The default is defaultclient.jks. The defaultclient.jks file is created during PDC deployment if it does not already exist.
isSSOEnabled	ocpdc.configEnv	Set to true to configure and use SAML 2.0 SSO service. The default is false.
samlAsserterName	ocpdc.configEnv	The name of the SAML Asserter. It should be the same as OEM or IDCS. The default is pdcSAML2IdentityAsserter.
ssoPublishedSiteURL	ocpdc.configEnv	The base URL used to construct endpoint URLs, typically, the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.
ssoDefaultURL	ocpdc.configEnv	The URL to which unsolicited authentication responses are sent if they do not contain an accompanying target URL.
ssoLogoutURL	ocpdc.configEnv	The URL where users are redirected after they log out from the application (OEM or IDCS log out).
dbHostName	ocpdc.configEnv	The host name of the PDC and cross-reference database.
dbPort	ocpdc.configEnv	The port for the PDC and cross-reference database.
dbService	ocpdc.configEnv	The service name for the PDC and cross-reference database.
dbSysDBAUser	ocpdc.configEnv	The SYS, System, or Sys DBA user for the PDC and cross-reference database. If this key is not configured, PDC assumes that pdcSchemaUserName and crossRefSchemaUserName are already present on the database with the required permissions.
dbSysDBARole	ocpdc.configEnv	The role of the PDC and cross-reference database SYS, System, or Sys DBA user.
dbSSLMode	ocpdc.configEnv	The type of SSL connection required for connecting to the database: TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity. ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. NO: SSL authentication is not required. This is the default. If set to ONE_WAY or TWO_WAY, place the database wallet in the oc-cn-helm-chart/pdc/pdc_db_wallet directory. Create the directory structure if it is not present and do not change the directory name.
dbWalletType	ocpdc.configEnv	The type of file specified as the TrustStore for SSL connections: SSO or pkcs12. SSO is the recommended value.
crossRefSchemaPDCTableSpace	ocpdc.configEnv	The name of the PDC tablespace for the transformation cross-reference schema. This field is case-sensitive.
crossRefSchemaTempTableSpace	ocpdc.configEnv	The name of the temporary tablespace for the transformation cross-reference schema. This field is case-sensitive.
crossRefSchemaUserName	ocpdc.configEnv	The cross-reference database schema user name.
pdcSchemaPDCTableSpace	ocpdc.configEnv	The tablespace name of the PDC schema. This field is case-sensitive.
pdcSchemaTempTableSpace	ocpdc.configEnv	The tablespace name of the temporary schema. This field is case-sensitive.
pdcSchemaUserName	ocpdc.configEnv	The PDC database schema user name.
rcuWalletSchemaUserName	ocpdc.configEnv	The RCU wallet schema user name. The default schema user name is PDCRCUWALLET. Note: The OPSS wallet file created for the RCU schema is stored in the RCU_WALLET_DETAILS table during the first run. If the wallet file is available for the given RCU prefix, it is reused in subsequent runs and the RCU schema is not re-created. If the OPSS wallet file is present in oc-cn-op-job-helm-chart/pdc/opss_wallet, it takes precedence.
pdcAdminUser	ocpdc.configEnv	The PDC admin user name, which includes the Pricing Design Admin role.
supportECE	ocpdc.configEnv	The charging engine to use: Elastic Charging Engine (true) or the real-time and batch rating engine (false). The default is true.
adminPassword	ocpdc.secretValue	The password for the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations.
rcuSchemaPassword	ocpdc.secretValue	The password for the Oracle Fusion Middleware product schemas that will be created by RCU and used by OPSS.
keyStoreIdentityKeyPass	ocpdc.secretValue	The password for the PDC domain SSL identity key.
keyStoreIdentityStorePass	ocpdc.secretValue	The password for the PDC domain SSL identity store.
keyStoreTrustStorePass	ocpdc.secretValue	The password for the PDC domain SSL TrustStore.
dbPassword	ocpdc.secretValue	The Sys or System user password for the PDC and Cross Reference schema.
pdcSchemaPassword	ocpdc.secretValue	The password for the PDC database schema user.
crossRefSchemaPassword	ocpdc.secretValue	The password for the transformation cross-reference database schema user.
rcuWalletSchemaPassword	ocpdc.secretValue	The password for the PDC RCU OPSS wallet schema.
dbWalletPassword	ocpdc.secretValue	The password for the database SSL wallet. This key is required if dbWalletType is set to pkcs12.
walletPassword	ocpdc.secretValue	The passwords for the PDC application wallet and PDC BRM integration wallet.
pdcAdminUserPassword	ocpdc.secretValue	The password for the PDC admin user, which includes the Pricing Design Admin role.

Setting Up SSO for PDC Cloud Native

SSO allows users to log in to applications using a single user name and password combination. You set up SSO for PDC cloud native services by using SAML 2.0.

To set up SSO for PDC:

1. Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.

   For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.

2. Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/pdc/idp directory.

3. Configure the KeyStores needed by SAML 2.0:

   1. Generate Identity and Trust KeyStores.

   2. Move your KeyStore files, such as identity.p12 and trust.p12, to the oc-cn-op-job-helm-chart/pdc/pdc_keystore directory.

4. In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:

   • ocpdc.configEnv.isSSOEnabled: Set this to true.

   • ocpdc.configEnv.keyStoreAlias: Set this to the private key alias of the KeyStore.

   • ocpdc.configEnv.keyStoreType: Set this to the file type of the SSL Identity and Trust KeyStore, which is either PKCS12 or JKS. The default is PKCS12.

   • ocpdc.configEnv.keyStoreIdentityFileName: Set this to the name of the Identity KeyStore file.

   • ocpdc.configEnv.keyStoreTrustFileName: Set this to the name of the Trust KeyStore file.

   • ocpdc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is pdcSAML2IdentityAsserter.

   • ocpdc.configEnv.ssoPublishedSiteURL: Set this to the base URL used to construct endpoint URLs. This is typically the load balancer host and port where the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

   • ocpdc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

   • ocpdc.secretValue.keyStoreIdentityStorePass: Set this to the StorePass for the Identity KeyStore.

   • ocpdc.secretValue.keyStoreIdentityKeyPass: Set this to the KeyPass for the Identity KeyStore.

   • ocpdc.secretValue.keyStoreTrustStorePass: Set this to the StorePass for the Trust KeyStore.

5. Configure your load balancer's rules to send responses to the PDC WebLogic domain with /saml2 appended to the URL path.

   Note:

   Add this rule to your existing load balancer rules for routing responses to PDC (/pdc), the load balancer host name, and so on.

   See "Installing an Ingress Controller".

6. Deploy your PDC cloud native services by following the instructions in "Deploying BRM Cloud Native Services".

7. After PDC is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your PDC domain specified in the ocpdc.wop.domainUID key.

   The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to PDC.

8. Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.

   For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.

Configuring Pipeline Configuration Center

To configure Pipeline Configuration Center (PCC) to run in your BRM cloud native environment:

1. Override the PCC-specific keys in the values.yaml file for oc-cn-op-job-helm-chart. See "Adding Pipeline Configuration Center Keys for oc-cn-op-job-helm-chart".

2. Override the PCC-specific keys in the values.yaml file for oc-cn-helm-chart. See "Adding Pipeline Configuration Center Keys for oc-cn-helm-chart".

3. Set up volume mounts. See "About PCC Volume Mounts".

4. Create a WebLogic domain and install the PCC application. See "Creating a WebLogic Domain and Installing the PCC Application".

5. Set up SAML for SSO in PCC. See "Setting Up SSO for PCC".

6. Set up local users and groups for PCC. See "Setting Up Local Users and Groups for PCC".

7. Start and stop your WebLogic servers. See "Starting and Stopping WebLogic Servers".

8. Enable SSL in PCC. See "Configuring SSL in PCC".

Adding Pipeline Configuration Center Keys for oc-cn-op-job-helm-chart

Table 7-7 lists the keys that directly impact PCC deployment. Add these keys to your override-values.yaml file for oc-cn-op-job-helm-chart.

Table 7-7 PCC Keys for oc-cn-op-job-helm-chart

Key	Paths in values.yaml File	Description
isEnabled	ocpcc.pcc	Whether to deploy, configure, and start PCC services: false: Does not create the Kubernetes resources for using PCC. true: Creates the Kubernetes resources for using PCC. This is the default.
imageName	ocpcc.pcc.deployment.app	The name of the PCC image, such as oracle/pcc
imageTag	ocpcc.pcc.deployment.app	The tag associated with the image. This is generally the patch set number prefixed with a colon (:). For example, :15.0.1.0.0
dbSSLMode	ocpcc.pcc.configEnv	The type of connection required to connect to the database: TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity. ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default. NO: SSL authentication is not required.
dbWalletType	ocpcc.pcc.configEnv	The type of TrustStore and KeyStore file that is used for the SSL connection: SSOor PKCS12.
rcuJdbcURL	ocpcc.pcc.configEnv	The connection string for connecting to the database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS.
rcuDBARole	ocpcc.pcc.configEnv	The role of the database administrator user.
rcuArgs	ocpcc.pcc.configEnv	The additional arguments for creating the RCU.
ldapHost	ocpcc.pcc.configEnv	The host name or IP address of the LDAP Server (for example, OUD) where users and groups will be configured for access to PCC.
ldapPort	ocpcc.pcc.configEnv	The port number on which the LDAP server is listening.
ldapGroupBase	ocpcc.pcc.configEnv	The LDAP base DN that contains groups.
ldapUserBase	ocpcc.pcc.configEnv	The LDAP base DN that contains users.
keystoreAlias	ocpcc.pcc.configEnv	The private key alias of the KeyStore.
keystoreType	ocpcc.pcc.configEnv	The file type of the SSL Identity and TrustStore, which is either PKCS12or JKS. The default is PKCS12.
keystoreIdentityFileName	ocpcc.pcc.configEnv	The file name of the Identity KeyStore.
keystoreTrustFileName	ocpcc.pcc.configEnv	The file name of the Trust KeyStore.
isSSOEnabled	ocpcc.pcc.configEnv	Whether to enable single sign-on (SSO) for PCC cloud native services through SAML 2.0: true: SSO is enabled for PCC cloud native services. false: SSO is disabled. This is the default.
samlAsserterName	ocpcc.pcc.configEnv	The name of the SAML Asserter. The default is samlPCCAsserter.
ssoPublishedSiteURL	ocpcc.pcc.configEnv	The base URL that is used to construct endpoint URLs. This is typically the Load Balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.
ssoDefaultURL	ocpcc.pcc.configEnv	The URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.
reloadVersion	ocpcc.pcc.configEnv	Update this value with any value different from the current value to force a restart of the deployer.
adminPassword	ocpcc.pcc.secretVal	The password of the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations.
ldapPassword	ocpcc.pcc.secretVal	The password of the LDAP Server admin user.
rcuSysDBAPassword	ocpcc.pcc.secretVal	The password for the rcuJdbcURL database administrator.
rcuSchemaPassword	ocpcc.pcc.secretVal	The passwords for the schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS.
dbWalletPassword	ocpcc.pcc.secretVal	The password for accessing the certificates from the TrustStore and KeyStore.
keystoreIdentityPassword	ocpcc.pcc.secretVal	The StorePass for the Identity KeyStore.
keystoreKeyPassword	ocpcc.pcc.secretVal	The KeyPass for the Identity KeyStore.
keystoreTrustPassword	ocpcc.pcc.secretVal	The StorePass for the Trust KeyStore.
domainUID	ocpcc.pcc.wop	The name of the domain. The default is pcc-domain.
adminChannelPort	ocpcc.pcc.wop	The NodePort where the admin-server's HTTP service will be accessible.
serverStartPolicy	ocpcc.pcc.wop	The WebLogic servers that the Operator starts when it discovers the domain: NEVER: Does not start any server in the domain. ADMIN_ONLY: Starts only the administration server (no managed servers will be started). IF_NEEDED: Starts the administration server and clustered servers up to the replica count.
nodeSelector	ocpcc.pcc	The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.
affinity	ocpcc.pcc	The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

Adding Pipeline Configuration Center Keys for oc-cn-helm-chart

Table 7-8 lists the keys that directly impact PCC deployment. Add these keys to your override-values.yaml file for oc-cn-helm-chart.

Table 7-8 Pipeline Configuration Center Keys

Key	Path in Values.yaml File	Description
appLogLevel	ocpcc	The logging level at which application logs must be captured in log files: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, and ALL.
isEnabled	ocpcc.pcc	Whether to deploy, configure, and start PCC services: false: Does not create the Kubernetes resources for using PCC. true: Creates the Kubernetes resources for using PCC. This is the default.
imageName	ocpcc.pcc.deployment.app	The name of the PCC image, such as oracle/pcc.
imageTag	ocpcc.pcc.deployment.app	The tag associated with the image. This is generally the patch set number, prefixed with a colon (:). For example, :15.0.1.0.0
keystoreAlias	ocpcc.pcc.configEnv	The private key alias of the KeyStore.
dbSSLMode	ocpcc.pcc.configEnv	The type of connection required to connect to the database: TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each other’s identity. ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default. NO: SSL authentication is not required.
dbWalletType	ocpcc.pcc.configEnv	The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.
tlsVersions	ocpcc.pcc.configEnv	(Release 15.0.1 or later) The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.
login	ocpcc.pcc.infranet.user	The username of the service that has permission to access BRM.
serviceType	ocpcc.pcc.infranet.user	The POID type of the service that has permission to access BRM.
serviceID	ocpcc.pcc.infranet.user	The POID ID of the service that has permission to access BRM.
minSize	ocpcc.pcc.infranet.connectionpool	The minimum size of the connection pool.
maxSize	ocpcc.pcc.infranet.connectionpool	The maximum size of the connection pool.
loglevel	ocpcc.pcc.infranet	The log level for the infranet properties.
addOnProperties	ocpcc.pcc.infranet	Empty by default, you can use this key to specify custom infranet properties.
domainUID	ocpcc.pcc.wop	The name of the domain. The default is pcc-domain.
adminChannelPort	ocpcc.pcc.wop	The NodePort where the admin-server's HTTP service will be accessible.
serverStartPolicy	ocpcc.pcc.wop	The WebLogic servers that the Operator starts when it discovers the domain: NEVER: Does not start any server in the domain. ADMIN_ONLY: Starts only the administration server (no managed servers will be started). IF_NEEDED: Starts the administration server and clustered servers up to the replica count.
isEnabled	ocpcc.pcc.monitoring	Whether to enable monitoring of PCC.
nodeSelector	ocpcc.pcc	The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.
affinity	ocpcc.pcc	The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

Table 7-9 lists the secret keys that directly impact PCC deployment. These keys hold sensitive data and must be handled carefully with controlled access to the file containing its values. See "Secrets" in Kubernetes Concepts.

Add these secret keys to your override-values.yaml file, and encode all of their values in Base64.

Note:

• You can encode strings in Linux by using this command:

  echo -n 'string' | base64

• You can decode strings in Linux by using this command:

  echo 'encoded_string' | base64 --decode

Table 7-9 Pipeline Configuration Center Secret Keys

Key	Description
ocpcc.pcc.secretVal.adminPassword	The WebLogic Server administrative password encoded in Base64.
ocpcc.pcc.secretVal.walletPassword	The PCC wallet password encoded in Base64.
ocpcc.pcc.secretVal.rcuSysDBAPassword	The Database Administrator password encoded in Base64.
ocpcc.pcc.secretVal.rcuSchemaPassword	The password for schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS. The value must be Base64-encoded.
ocpcc.pcc.secretVal.keystoreIdentityPassword	The KeyPass of Identity Keystore, which is used for setting up the SSL-enabled domain. The value must be Base64-encoded.
ocpcc.pcc.secretVal.keystoreKeyPassword	The StorePass of Identity Keystore, which is used for setting up the SSL-enabled domain. This value must be Base64-encoded.
ocpcc.pcc.secretVal.keystoreTrustPassword	The StorePass of the Trust Keystore, which is used for setting up the SSL-enabled domain. This value must be Base64-encoded.
ocpcc.pcc.secretVal.pccUserPassword	The PCC user password encoded in Base64.

About PCC Volume Mounts

The PCC container requires Kubernetes volume mounts for sharing the domain and application file system between the WebLogic Cluster servers. There is one volume for the domain. By default, these are created dynamically, using the provisioner defined in BRM, in the storage-class key in oc-cn-op-job-helm-chart.

To change the volume type or provider, modify the following keys in the override-values.yaml file for oc-cn-op-job-helm-chart.

• ocpcc.pcc.volume.domain.createOption for the domain file system for PCC.

Creating a WebLogic Domain and Installing the PCC Application

The WebLogic domain is created by a Kubernetes Deployment when oc-cn-op-job-helm-chart is installed. The same job also installs the PCC application and deploys the application EAR file onto the WebLogic Cluster.

The oc-cn-op-job-helm-chart chart also:

• Creates a Kubernetes ConfigMap and Secrets, which are used throughout the life-cycle of the WebLogic domain.

• Initializes the PersistentVolumeClaim for the domain and application file system as well as third-party libraries.

Note:

The override-values.yaml file that you use for this chart must include BRM override values.

After you install oc-cn-op-job-helm-chart, wait until the Kubernetes deployment has reached the 1/1 Running status. Then, you can install or upgrade oc-cn-helm-chart for PCC services.

After the deployment is running, don't delete the chart. Its resources will be used for starting and stopping the servers through oc-cn-helm-chart.

Setting Up SSO for PCC

SSO allows users to log in to applications using a single user name and password combination. You set up SSO for PCC cloud native services by using SAML 2.0.

To set up SSO for PCC:

1. Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.

   For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.

2. Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/pcc/idp directory.

3. Configure the KeyStores needed by SAML 2.0:

   1. Generate identity and trust KeyStores.

   2. Move your KeyStore files, such as identity.p12 and trust.p12, to the oc-cn-op-job-helm-chart/pcc/keystore directory.

4. In your override-values.yaml file for oc-cn-helm-chart, set the isSSOEnabled key to true.

5. In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:

   • ocpcc.pcc.configEnv.isSSOEnabled: Set this to true.

   • ocpcc.pcc.configEnv.keystoreAlias: Set this to the private key alias of the KeyStore.

   • ocpcc.pcc.configEnv.keystoreType: Set this to the file type of the SSL Identity and Trust store, which is either PKCS12 or JKS. The default is PKCS12.

   • ocpcc.pcc.configEnv.keystoreIdentityFileName: Set this to the name of the Identity KeyStore file.

   • ocpcc.pcc.configEnv.keystoreTrustFileName: Set this to the name of the Trust KeyStore file.

   • ocpcc.pcc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is samlPCCAsserter.

   • ocpcc.pcc.configEnv.ssoPublishedSiteURL: Set this to the base URL that is used to construct endpoint URLs. This is typically the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

   • ocpcc.pcc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

   • ocpcc.pcc.secretVal.keystoreIdentityPassword: Set this to the StorePass for the Identity KeyStore.

   • ocpcc.pcc.secretVal.keystoreKeyPassword: Set this to the KeyPass for the Identity KeyStore.

   • ocpcc.pcc.secretVal.keystoreTrustPassword: Set this to the StorePass for the Trust KeyStore.

6. Configure your load balancer's rules to send responses to the PCC WebLogic domain with /saml2 appended to the URL path.

   Note:

   Add this rule to your existing load balancer rules for routing responses to PCC (/pcc), the load balancer host name, and so on.

   See "Installing an Ingress Controller".

7. Deploy your PCC cloud native services by following the instructions in "Deploying BRM Cloud Native Services".

8. After PCC is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your PCC domain specified in the ocpcc.pcc.wop.domainUID key.

   The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to PCC.

9. Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.

   For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.

Setting Up Local Users and Groups for PCC

You have the option to customize the values for oc-cn-op-job-helm-chart to create users and groups locally in Oracle WebLogic Server. This would be especially useful for test environments where you might not have Identity Providers or LDAPs available. The groups for the admin user for WebLogic Server cannot be modified using this procedure.

Any passwords must be encoded using Base64. You can leave the password blank, but then the user will not be able to log in to the application directly.

To set up local users and groups for PCC, define the keys under ocpcc.pcc.wlsUserGroups in the override-values.yaml file for oc-cn-op-job-helm-chart.

A group has to be the Config Admin to access the PCC UI. Only a user associated with the Config Admin group has full access to the PCC user interface. For example:

Add users and groups to domain's DefaultAuthenticator (local)
        wlsUserGroups:
            groups:
            - name: Config Admin
              description: PCC Admin
            # Each element for this takes "name", "description", "password" (base64 encoded) and list of "groups" that he is part of, like:
            # - name:
            # description:
            # password:
            # groups:
            # - "Regular CSR"
            users:
            - name: pccuser
              description: pccuser
              password: QzFnMmIzdTQj
              groups:
              - "Config Admin"

Starting and Stopping WebLogic Servers

When you install oc-cn-op-job-helm-chart, the default configuration sets up a WebLogic Cluster with five Managed Servers. When you install or upgrade oc-cn-helm-chart for the PCC service, two of the Managed Servers and one Admin Server are started.

By modifying the override-values.yaml file for oc-cn-helm-chart, you can control:

• The total number of Managed Servers and the initial server start up by using the totalManagedServers and initialServerCount keys.

• Whether the servers are started or stopped by using the serverStartPolicy key. To start the Admin Servers and the Managed Servers in a Cluster, set the key to IF_NEEDED. To stop all servers, set the key to NEVER.

Note:

The keys in the override-values.yaml file should be the same as the ones used in oc-cn-op-job-helm-chart for keys that are common in both charts.

After you modify the override-values.yaml file, update the Helm release for the changes to take effect:

helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace

where:

• BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance.

• BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

• OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.

Configuring SSL in PCC

To access PCC over the HTTPS port, SSL must be enabled in the WebLogic domain where PCC is deployed. The BRM cloud native deployment package takes care of the configuration necessary to equip the WebLogic domain with SSL access.

To complete the configuration for SSL setup:

1. Copy PKCS12 files with valid certificates to the oc-cn-op-job-helm-chart/pcc/keystore directory:

   • identity.p12: Provides the certificate to identify the server.

   • trust.p12: Establishes trust for the certificate.

   If your KeyStore files have different file names or file types, such as JKS, override the keyStoreIdentityFileName, keyStoreTrustFileName, and keyStoreType keys in the override-values.yaml file for oc-cn-helm-chart.

   The keystoreAlias key is also mandatory along with keyStoreIdentityFileName, keystoreTrustFileName to enable SSL.