SCP Installation

2 SCP Installation

This chapter explains the installation procedure of SCP.

Prerequisites

Following are the prerequisites to install and configure the SCP:

SCP Software

Following minimum software versions must be installed before deploying the SCP:

Table 2-1 SCP Software

Software	Version
Kubernetes	v1.15.3
HELM	v2.14.3

Note:

If case any of the above software is not installed in the CNE, then install the specified software items before proceeding.

Additional software that needs to be deployed as per the requirement of the services:

Table 2-2 Additional Softwares

Software	Chart Version	Notes
elasticsearch	5.5.4	Needed for Logging Area
elastic-curator	5.5.4	Needed for Logging Area
elastic-exporter	1.0.2	Needed for Logging Area
logs	2.0.7	Needed for Logging Area
kibana	6.7.0	Needed for Logging Area
grafana	6.1.6	Needed for Metrics Area
prometheus	9.1.2	Needed for Metrics Area
prometheus-node-exporter	0.17.0	Needed for Metrics Area
metallb	0.7.3	Needed for External IP
metrics-server	0.3.1	Needed for Metric Server
tracer	0.8.3	Needed for Tracing Area

Network access

The Kubernetes cluster hosts must have network access to:

Local docker image repository where the SCP images are available
Local helm repository where the SCP helm charts are available
Service FQDN of SCP must be discoverable from outside of the cluster (that is, publicly exposed so that ingress messages to SCP can come from outside of Kubernetes).

Note:

All the kubectl and helm related commands used in this guide need to be executed on a system depending on the infrastructure/deployment. It could be a client machine such as a VM, server, local desktop, and so on.

Client machine requirements

There are some requirements for the laptop/desktop where the deployment commands need to be executed:

It should have network access to the helm repository and docker image repository.
Helm repository must be configured on the client.
It should have network access to the Kubernetes cluster.
It should have necessary environment settings to run the kubectl commands. The environment should have privileges to create a namespace in the Kubernetes cluster.
It should have the helm client installed with the push plugin. The environment should be configured so that the helm install command deploys the software in the Kubernetes cluster.

SCP Images

Following are the SCP images:

Table 2-3 SCP Images

Microservices	Image
SCP-Worker	scp-worker
SCPC-Pilot	scpc-pilot
SCPC-Soothsayer	soothsayer-configuration
	soothsayer-notification
	soothsayer-subscription
	soothsayer-audit
SCP-Apps	scp-db-app

Installation Sequence

This section provides information on prerequsites and installation procedure of SCP.

Refer to the following chapters in the OCCNE 1.4 Installation Guide for more information on how to configure docker registry and NFs on OCCNE:

For docker registry, refer to Docker Image Registry Configuration chapter
For executing the below commands on Bastion Host, refer to Bastion Host Installation chapter

Installation Tasks

This section describes the tasks that the user needs to follow for installing SCP.

Downloading SCP package

Following is the porcedure to download the release package from MOS:

Login to MOS using the appropriate login credentials.
Select Product & Updates tab.
In Patch Search console select Product or Family (Advanced) tab.
Enter Oracle Communications Cloud Native Core - 5G in Product field and select the product from the Product drop-down.
Select Oracle Communications Cloud Native Core Security Commnication Proxy <release_number> in Release field.
Click Search. The Patch Advanced Search Results list appears.
Select the required patch from the list. The Patch Details window appears.
Click on Download. File Download window appears.
Click on the <p********_<release_number>_Tekelec>.zip file.
Click on the zip file to download the network function patch to the system where network function must be installed.

Install SCP

Unzip the release package file to the system where you want to install the network function. You can find the SCP package as follows:
ReleaseName-pkg-Releasenumber.tgz
where:
ReleaseName is a name which is used to track this installation instance.

Releasenumber is the release number.
For example, ocscp-pkg-1.6.0.0.0.tgz
Untar the OCSCP package file to get OCSCP docker image tar file:
```
tar -xvzf ReleaseName-pkg-Releasenumber.tgz
```
Load the ocscp-images-<release_number>.tar file into the Docker system:
```
docker load --input /IMAGE_PATH/ocscp-images-<release_number>.tar
```
Verify that the image is loaded correctly by entering this command:
```
docker images 
```

Execute the following commands to push the docker images to docker registry:

docker tag <image-name>:<image-tag> <docker-repo>/ <image-name>:<image-tag>

docker push <docker-repo>/<image-name>:<image-tag>

Untar the helm files:
```
tar -xvf <<nfname>-pkg-<marketing-release-number>>.tgz
```
The directory consists of following:
1. SCP Docker Images File: tarball contains images of SCP
  ocscp-images-1.6.0.tar
2. Helm File: tarball contains Helm charts and templates
  ocscp-1.6.0.tgz
3. Readme txt: Contains cksum and md5sum of the tarballs
  Readme.txt
Create DB user and database:
1. Login to mysql server
2. Execute create database <scp_dbname>; command
  
  E.g. " create database ocscpdb; "
3. Create scp user: Execute command "CREATE USER '<username>'@'%' IDENTIFIED BY '<password>';"
4. Grant database access to scp user created: Execute command "GRANT SELECT, INSERT, CREATE, ALTER, DROP, LOCK TABLES, CREATE TEMPORARY TABLES, DELETE, UPDATE, EXECUTE, INDEX ON <scp dbname>.* TO '<scp user>'@'%';"
  Note: User must use <scp dbname> provided on mysql server in helm chart during scp deployment.
  Example:
```
CREATE DATABASE ocscpdb;
CREATE USER 'scpuser'@'%' IDENTIFIED BY 'scppass';
GRANT SELECT, INSERT, CREATE, ALTER, DROP, LOCK TABLES, CREATE TEMPORARY TABLES, DELETE, UPDATE, EXECUTE, INDEX ON ocscpdb.* TO 'scpuser'@'%';
```
5. Execute the following command to create secrets
```
kubectl create secret generic <secretName> --from-literal=DB_USERNAME=<userName> --from-literal=DB_PASSWORD=<password> --from-literal=DB_NAME=<dbName> -n <SCPNamespace>
```
  Example:
```
kubectl create secret generic cred --from-literal=DB_USERNAME='root' --from-literal=DB_PASSWORD='lLn94uba5p' --from-literal=DB_NAME='ocscpdb' -n scpsvc
```
Create the customize ocscp-custom-values-1.6.0.yaml file with the required input parameters. To customize the file, refer to Customizing SCP chapter.
Go to the extracted SCP package as explained in:
```
cd ocscp-<release_number>
```
Install SCP by executing the following command:
helm install <helm-repo> -f <custom_values.yaml> --name <deployment_name> --namespace <namespace_name> --version <helm_version>
Example:
```
helm install ocscp-helm-repo/ocscp -f <custom values.yaml> --name ocscp --namespace scpsvc --version <helm version>
```
Execute the following command to check the status:
helm status <helm-release>

For example: helm status <deployment_name>
Check if all the services are deployed and running:
kubectl -n <namespace_name> get services
Check if all the pods are up and running:
kubectl -n <namespace_name> get pods

Note: Worker and pilot status must be Running and Ready must be n/n. scpc-soothsayer status must be Running and Ready must be n/n, where n is number of containers in the pod and sds service must be up.

Configure NRF Details

NRF details must be defined during SCP installation using the SCP YAML file. User needs to update the NRF details in SCP YAML file.

Note:

User can configure a primary NRF and an optional secondary NRF (NRFs must have backend DB Synced).

An IPV4 address needs to be configured in case the NRF is outside the Kubernates cluster. If the NRF is inside the Kubernates cluster, the user can configure FQDN as well. If both IPV4 address and FQDN are provided then IPV4 Address will take precedence over FQDN.

Note:

The user needs to configure (or remove) apiPrefix parameter based on the APIPrefix supported (or not Supported) by NRF.

Note:

The user needs to update the FQDN, ipv4Address and Port of NRF to point to NRF's FQDN/IP and Port. The Primary NRF profile must be always set to higher (i.e. 0), both (primary and secondary) must not be set to same priority.

Configure SCP as HTTP Proxy

Consumer NFs are required to set http_proxy/HTTP_PROXY to scp-worker's <FQDN or IPV4 address>:<PORT of SCP-Worker> for consumer NFs to route messages towards SCP.

Note:

Execute these commands from where SCP worker and FQDN can be accessed.

Table 2-4 Configure SCP as HTTP Proxy

Step # Procedure Description

Step #	Procedure	Description
1	Test successful deployment of SCP	To test that SCP deployed successfully and is able to receive a message as a proxy, route it to the appropriate producer, use the below curl command: `$ curl -v -X GET --url 'http://<FQDN:PORT of SCP-Worker>/nnrf-nfm/v1/subscriptions/' --header 'Host:<FQDN:PORT of NRF>'`
2	Fetch the current subscription list	The curl command fetches the current subscription list (as a client) from NRF by sending the request to NRF via SCP. Example: `$ curl -v -X GET --url 'http://scp-worker.scpsvc:8000/nnrf-nfm/v1/subscriptions/' --header 'Host:ocnrf-ambassador.nrfsvc:80'`

Test successful deployment of SCP

To test that SCP deployed successfully and is able to receive a message as a proxy, route it to the appropriate producer, use the below curl command:

$ curl -v -X GET --url 'http://<FQDN:PORT of SCP-Worker>/nnrf-nfm/v1/subscriptions/' --header 'Host:<FQDN:PORT of NRF>'

Fetch the current subscription list

The curl command fetches the current subscription list (as a client) from NRF by sending the request to NRF via SCP.

Example:

$ curl -v -X GET --url 'http://scp-worker.scpsvc:8000/nnrf-nfm/v1/subscriptions/' --header 'Host:ocnrf-ambassador.nrfsvc:80'