1. Service Communication Proxy (SCP) Cloud Native Installation Guide
  2. SCP Installation

3 SCP Installation

This chapter explains the installation procedure of SCP.

Prerequisites

Following are the prerequisites to install and configure the SCP:

SCP Software

Following minimum software versions must be installed before deploying the SCP:

Table 3-1 SCP Software

Software Version
Kubernetes v1.15.3
HELM v2.14.3

Note:

If case any of the above software is not installed in the CNE, then install the specified software items before proceeding.

Additional software that needs to be deployed as per the requirement of the services:

Software Chart Version Notes
elasticsearch 5.5.4 Needed for Logging Area
elastic-curator 5.5.4 Needed for Logging Area
elastic-exporter 1.0.2 Needed for Logging Area
logs 2.0.7 Needed for Logging Area
kibana 6.7.0 Needed for Logging Area
grafana 6.1.6 Needed for Metrics Area
prometheus 9.1.2 Needed for Metrics Area
prometheus-node-exporter 0.17.0 Needed for Metrics Area
metallb 0.7.3 Needed for External IP
metrics-server 0.3.1 Needed for Metric Server
tracer 0.8.3 Needed for Tracing Area

Network access

The Kubernetes cluster hosts must have network access to:

  • Local docker image repository where the SCP images are available
  • Local helm repository where the SCP helm charts are available
  • Service FQDN of SCP must be discoverable from outside of the cluster (that is, publicly exposed so that ingress messages to SCP can come from outside of Kubernetes).

Note:

All the kubectl and helm related commands used in this guide need to be executed on a system depending on the infrastructure/deployment. It could be a client machine such as a VM, server, local desktop, and so on.

Client machine requirements

There are some requirements for the laptop/desktop where the deployment commands need to be executed:
  • It should have network access to the helm repository and docker image repository.
  • Helm repository must be configured on the client.
  • It should have network access to the Kubernetes cluster.
  • It should have necessary environment settings to run the kubectl commands. The environment should have privileges to create a namespace in the Kubernetes cluster.
  • It should have the helm client installed with the push plugin. The environment should be configured so that the helm install command deploys the software in the Kubernetes cluster.

SCP Images

Following are the SCP images:

Table 3-2 SCP Images

Microservices Image
SCP-Worker scp-worker
SCPC-Pilot scpc-pilot
SCPC-Soothsayer soothsayer-configuration
soothsayer-notification
soothsayer-subscription
soothsayer-audit
SCP-Apps scp-db-app

Installation Preparation

The following procedure describes the steps to download the SCP Images and Helm files from Oracle Software Delivery Cloud.

Refer to the following chapters in the OCCNE 1.4 Installation Guide for more information on how to configure docker registry and NFs on OCCNE:
  • For docker registry, refer to Docker Image Registry Configuration chapter
  • For executing the below commands on Bastion Host, refer to Bastion Host Installation chapter

Table 3-3 Download Images and Helm files

Step # Procedure Description

1

img/icon.png 		Download the SCP package file

Customers are required to download the SCP package file from the Oracle Software Delivery Cloud (OSDC) to the customer specific local repository. The package is named as follows: 

<nfname>-pkg-<marketing-release-number>.tgz

For example: ocscp-pkg-1.5.3.0.0.tgz

Note: Move the package from local repository to the docker repository in the Bastion host of OCCNE.

2

img/icon.png 		Untar the SCP Package File

Untar the SCP package: 

tar -xvf <<nfname>-pkg-<marketing-release-number>>.tgz
The directory consists of following:
  • Helm File: tarball contains SCP Helm charts and templates

    ocscp-1.5.3.tgz

  • SCP Docker Images File: tarball contains images of SCP

    ocscp-images-1.5.3.tar

  • Helm File: tarball contains Ingress Gateway Helm charts and templates

    ocscp-ingress-gateway-1.7.2.tgz

  • Ingress Gateway Docker Images File: tarball contains images of Ingress Gateway

    ocscp-ingress-gateway-images-1.7.2.tar

  • Readme txt: Contains cksum and md5sum of the tarballs

    Readme.txt

3

img/icon.png 		Check the checksums Check the checksums of tarballs mentioned in Readme.txt. Refer to Readme.txt for the commands and checksum details.

4

img/icon.png 		Load the tarball to system

Execute the following command to load the tar file: 

docker load --input <image_file_name>.tar

Example: 

docker load --input ocscp-images-1.5.3.tar
docker load --input ocscp-ingress-gateway-images-1.7.2.tar
Note: ocscp-ingress-gateway-images-1.7.2.tar image must be loaded, if SCP is deployed with Ingress gateway.

5

img/icon.png 		Push docker files to Docker registry (recommended step) Execute the following command to push the docker files to docker registry: 
docker tag <image-name>:<image-tag> <docker-repo>/<image-name>:<image-tag>
docker push <docker_repo>/<image_name>:<image-tag>

6

img/icon.png 		Check if all the images are loaded Execute the following command to check: 
docker images

7

img/icon.png 		Untar Helm Files Execute the following command to push the helm files to helm repository: 
tar -xvzf ocscp-1.5.3.tgz
helm push <image_name>.tgz <helm_repo>
Note: ocscp-ingress-gateway-1.7.2.tgz file must be pushed, if SCP is deployed with Ingress gateway.

8

img/icon.png 		Download Service Communication Proxy (SCP) Custom Template The Service Communication Proxy (SCP) Custom Template is available at the OHC. Customer can download this template and customize it as per the requirement. The ocscp_values.yaml template consists of:
  • ocscp_values.yaml: customer value file having SCP deployment time configurations.
  • scpAlertrules.yaml: contains sample alerts, which can be further modified by user based on the need
  • ScpMetricDashboard.json: sample Grafanna dashboard to be used by user. It can be modified based on the requirement.

Configure NRF Details

NRF details must be defined during SCP installation using the SCP YAML file. User needs to update the NRF details in SCP YAML file.

Note:

User can configure a primary NRF and an optional secondary NRF (NRFs must have backend DB Synced).

An IPV4 address needs to be configured in case the NRF is outside the Kubernates cluster. If the NRF is inside the Kubernates cluster, the user can configure FQDN as well. If both IPV4 address and FQDN are provided then IPV4 Address will take precedence over FQDN.

Refer to OCSCP YAML File for NRF details.

Note:

The user needs to configure (or remove) apiPrefix parameter based on the APIPrefix supported (or not Supported) by NRF. Refer to SCP Configuration Parameters for more information on NRF parameters.

Note:

The user needs to update the FQDN, ipv4Address and Port of NRF to point to NRF's FQDN/IP and Port. The Primary NRF profile must be always set to higher (i.e. 0), both (primary and secondary) must not be set to same priority.

SCP Deployment

This procedure describes the steps to deploy SCP on CNE. The below steps need to be executed from a server, which has access to Kubectl and helm commands.

Table 3-4 SCP Deployment

Step # Procedure Description

1

img/icon.png 		Search helm chart Execute the following command to check the version of the helm chart installation.

helm search <deployment_name>

2

img/icon.png 		Prepare custom_values.yaml file

Prepare a custom_values.yaml file with the required parameter information. Refer to SCP Configuration Parameters for more information on parameters. Refer to OCSCP YAML File for sample YAML file. You can also download sample ocscp_values.yaml file from OHC, refer to Table 3-3 for more information.

Note:
  • The user needs to update the "domain" in the custom_values.yaml file per the name of cluster (default value of domain is "svc.cluster.local"). If the cluster name is XYZ then domain must be svc.XYZ.
  • The user needs to update the "clusterDomain" in the custom_values.yaml file per the name of cluster (default value of domain is "cluster.local"). If the cluster name is XYZ then domain must be XYZ.

Update the parameters mentioned in SCP with Ingress Gateway Configuration Parameters, if ingress gateway is deployed with SCP.

3

img/icon.png 		Create DB user and database
  1. Login to mysql server
  2. Execute create database <scp_dbname>; command

    E.g. " create database ocscpdb; "

  3. Create scp user: Execute command "CREATE USER '<username>'@'%' IDENTIFIED BY '<password>';"
  4. Grant database access to scp user created: Execute command "GRANT SELECT, INSERT, CREATE, ALTER, DROP, LOCK TABLES, CREATE TEMPORARY TABLES, DELETE, UPDATE, EXECUTE, INDEX ON <scp dbname>.* TO '<scp user>'@'%';"

    Note: User must use <scp dbname> provided on mysql server in helm chart during scp deployment.

    Example: 
    CREATE DATABASE ocscpdb;
CREATE USER 'scpuser'@'%' IDENTIFIED BY 'scppass';
GRANT SELECT, INSERT, CREATE, ALTER, DROP, LOCK TABLES, CREATE TEMPORARY TABLES, DELETE, UPDATE, EXECUTE, INDEX ON ocscpdb.* TO 'scpuser'@'%';
  5. Execute the following command to create secrets 
    kubectl create secret generic <secretName> --from-literal=DB_USERNAME=<userName> --from-literal=DB_PASSWORD=<password> --from-literal=DB_NAME=<dbName> -n <SCPNamespace>
    Example: 
    kubectl create secret generic cred --from-literal=DB_USERNAME='root' --from-literal=DB_PASSWORD='lLn94uba5p' --from-literal=DB_NAME='ocscpdb' -n scpsvc

4

img/icon.png 		Deploy Ingress GW (optional) Execute the following command to install ingress gateway, if ingress gateway is deployed with SCP:
helm install <ocscp-ingress-gateway-releasenumber.tgz> --name <release_name> --namespace <namespace_name>
      -f <ocscp_ingress_gateway_values_releasenumber.yaml>

Example:

helm install ocscp-ingress-gateway-1.7.2.tgz --name <release_name> --namespace <namespace_name>
      -f ocscp_ingress_gateway_values_1.7.2.yaml

5

img/icon.png 		Deploy SCP using HELM tgz Execute the following command to install SCP:

helm install -f <custom values.yaml> --name ocscp --namespace <namespace> <chartpath>./<chart>.tgz

Where:

helm-repo: repository name where the helm images, charts are stored

custom_values: helm configuration file, which needs to be updated based on the docker registry

deployment_name and namespace_name: depends on customer configuration

6

img/icon.png 		Check repo status Execute helm status <deployment_name> to check the deployment status.

7

img/icon.png 		Check svc status Check if all the services are deployed and running:

kubectl -n <namespace_name> get services

8

img/icon.png 		Check pod status Check if all the pods are up and running:

kubectl -n <namespace_name> get pods

Note: Worker and pilot status must be Running and Ready must be n/n. scpc-soothsayer status must be Running and Ready must be n/n, where n is number of containers in the pod and sds service must be up.

Configure SCP as HTTP Proxy

Consumer NFs are required to set http_proxy/HTTP_PROXY to scp-worker's <FQDN or IPV4 address>:<PORT of SCP-Worker> for consumer NFs to route messages towards SCP.

Note:

Execute these commands from where SCP worker and FQDN can be accessed.

Table 3-5 Configure SCP as HTTP Proxy

Step # Procedure Description

1

img/icon.png 		Test successful deployment of SCP To test that SCP deployed successfully and is able to receive a message as a proxy, route it to the appropriate producer, use the below curl command: 
$ curl -v -X GET --url 'http://<FQDN:PORT of SCP-Worker>/nnrf-nfm/v1/subscriptions/' --header 'Host:<FQDN:PORT of NRF>'

2

img/icon.png 		Fetch the current subscription list

The curl command fetches the current subscription list (as a client) from NRF by sending the request to NRF via SCP.

Example: 

$ curl -v -X GET --url 'http://scp-worker.scpsvc:8000/nnrf-nfm/v1/subscriptions/' --header 'Host:ocnrf-ambassador.nrfsvc:80'

SCP Uninstall

SCP can be uninstalled as follows. The steps below need to be executed from a server that has access to Kubectl and helm commands.

Table 3-6 SCP Uninstall

Step # Procedure Description

1

img/icon.png 		Uninstall SCP

Execute the following command to uninstall SCP: 

$ helm delete <SCP_deployment_namespace> --purge

2

img/icon.png 		Remove SCP custom resources definitions

Execute the following command to remove SCP custom resources definitions: 

$ kubectl get crds -o name | grep <SCP_deployment_namespace>.oracle.io | xargs kubectl delete

Example: $ kubectl get crds -o name | grep scp.oracle.io | xargs kubectl delete

3

img/icon.png 		Delete namespace

Execute the following command to delete the namespace: 

kubectl delete namespace <SCP_deployment_namespace>

Note: Deleting the namespace deletes all the other Kubernates objects in that namespace.

4

img/icon.png 		DB Cleanup
  1. Login to mysql client on SQL NODE with scp user and password 
    mysql -h <IP_adress of SQL Node> -uscpuser -pscppass
  2. Change to scp db and drop NF_RULE_PROFILES and TOPOLOGY_SOURCE_INFO 
    mysql> use ocscpdb;
mysql> drop table NF_RULE_PROFILES;
mysql> drop table TOPOLOGY_SOURCE_INFO;
  3. Optionally, AMF and SMF subscriber data tables should be dropped if SDS app was enabled and old subscriber data need to be purged before new installation. 
    mysql> drop table SubscriberAmfBindingPei;
mysql> drop table SubscriberAmfBindingGpsi;
mysql> drop table SubscriberAmfBindingData;
mysql> drop table SubscriberSmfBindingData;