3 Preparing the OCI Tenancy and Deploying NFs

The following diagram represents the process for NF deployment in OCI:

Figure 3-1 Process for NF deployment in OCI

The User must perform the given procedures to deploy the NF:

1. Ensure the OCI tenancy is available.
2. Create Compartment Admin, OCI Adaptor Admin and Non-Admin User Groups. For more information, see Creating OCI User Management.
3. Create an infrastructure layer along with the components. For more information, see Creating OCI Infrastructure.
4. Deploy the OCI Adaptor. The Adaptor acts as a channel to transfer information between the CNC NF and OCI observability management. For more information, see Deploying OCI Adaptor.
5. Configure OCI Observability and Management. You can observe analytics and performance through OCI Observability and Management. For more information, see Configuring OCI Observability and Management.
6. Deploy the CNC Applications.

Prerequisites

Before installing and configuring OCI Adaptor, ensure the following:

• The user has OCI tenancy.
• The user has Tenancy Admin access.
• A Tenancy Admin or a Compartment Admin can run the terraform stack for creating infrastructure, but the stack responsible for deploying OCI Adaptor can only be executed by a Tenancy Admin.

Compute Instance

Following are the Compute Instance features and resources identified for CNC NF on OCI:

Table 3-1 Compute Instance

Features	Resources	Details
Compute instance	VM instances	CNC NF's shall support VM instances for OCI public cloud deployment. Bare Metal shall not be supported for OCI public cloud deployment.
Instance type	Regular instance	OCI supports instance features that allow instance customization for specialized workloads and security requirements. The supported instance types are Burstable instances, Shielded instances and Regular instances.
Shape type	Flexible shape	OCI supports several shapes for various computing and application requirements, such as Standard shapes, Dense-IO shapes, GPU shapes, and Flexible shapes. Flexible shapes allow choosing the number of OCPUs and the amount of RAM. NW bandwidth and count of vNICs scale proportionately with the number of OCPU's or various computing and application requirements, such as Standard shapes, Dense-IO shapes, GPU shapes, and Flexible shapes. Flexible shapes allow choosing the number of OCPUs and the amount of RAM. NW bandwidth and count of vNICs scale proportionately with the number of OCPUs.
VM shape	VM.Standard.E4.Flex (AMD)	The OCI supports a variety of shapes, as mentioned in the section Compute_Shapes, but CNC NFs on OCI are only hosted on "VM.Standard.E4.Flex". This VM shape supports up to six vNICs.
OS Image	Linux 8	OCI offers a multitude of OS images that determines the operating system and other software for an instance. The various category of images include platform images, trusted third-party images and Custom images, including bring your own image scenarios. For CNC NFs on OCI, the recommended image is Linux 8.
OCPU	32	The VM shape: VM.Standard.E4.Flex, supports a minimum of 1 OCPU and a maximum of 64 OCPUs.
RAM (GB)	256	The VM shape: VM.Standard.E4.Flex, supports a minimum of 1 GB and a maximum of 768 GB memory. Note: On OCI, for 32 OCPU's, the default RAM is 512GB.
Network Bandwidth (Gbps)	33	The VM shape: VM.Standard.E4.Flex, supports a minimum of 1 Gbps and a maximum of 40 Gbps bandwidth.
Storage	Block Volume	OCI also provides storage for compute instances with the services like Block Volume, File Storage, Object Storage and Archive Storage. Bastion compute and cnDBTier storage shall use block volume with iSCSIbased volume attachment for a superior performance.
Maintenance Action	Live migration	OCI provides multiple maintenance actions for compute instances, like Live Migration, Reboot Migration, Rebuild in Place and Manual Migration as indicated at maintenance-actions. CNC NF's shall support Live Migration, also recommended by OCI.

OCI Registry

The OCI Registry helps simplify development and production workflow. The CNC NF images are stored in the OCI public registry before deployment. CNC Helm charts refer to these images for deployment in the OKE cluster.

Pushing and Pulling Images

OCI generates an authentication token to push images to the OCIR.

For more information, see the "Pushing Images Using the Docker CLI" section in Oracle Cloud Infrastructure Documentation.

Install CNC NF

CNC Network Function (NF) needs to be installed manually following the instructions laid out in the CNC NF installation guide.

For more information, see "Installing CNC NF" section in NF specific Installation, Upgrade, and Fault Recovery Guide.

Terraform Scripts for OCI Deployment

Terraform is an Infrastructure as Code (IaC) tool that allows users to build, change, and version the cloud and on-premise resources safely and efficiently. Following are the terraform scripts (Infrastructure Automation Script) provided to automate the OCI deployment steps:

• ocociAdaptor_csar_<version>.zip

  This package is in the standard CSAR format and contains the terraform scripts to create the OCI infrastructure and deploy OCI Adaptor. It also includes OCI Adaptor images and Helm charts.

  Download package from My Oracle Support as a prerequisite.

  Users cannot upload the CSAR package directly to OCI's Resource Manager stack. Therefore, unzip the CSAR package to extract the terraform scripts and then upload the scripts to the resource manager stack. Within the scripts directory, the following terraform scripts are present:

  • ocociAdaptor_infra_create_<version>.zip

    This package contains the terraform scripts responsible for creating the infrastructure.

  • ocociAdaptor_install_<version>.zip

    This package contains the Terraform scripts, Helm charts, and Shell scripts to deploy the OCI Adaptor. Administrators can directly upload this package as the OCI's Resource Manager Stack and deploy the OCI Adaptor.

  Note:

  The package is available for download at My Oracle Support.

Installation Sequence

This chapter provides information about deploying the NFs in the OCI environment.

Creating Identity Domain

This section explains how to create the identity domain.

An identity domain is a container for managing users and roles, federating and provisioning users, secure application integration through Oracle Single Sign-On (SSO) configuration, and SAML or OAuth-based Identity Provider administration. It represents a user population in Oracle Cloud Infrastructure and its associated configurations and security settings.

Note:

You can use the default domain or create a new domain (recommended).

The following are the steps to create the identity domain:

1. Log in to the OCI Console.

   For more information, see the "Signing In to the OCI Console" section in Oracle Cloud Infrastructure Documentation.

2. Open the navigation menu and select Identity and Security. The Identity and Security page appears.
3. Under Identity, select Domains. The Domains page appears.

   Figure 3-2 Identity Domain

   
4. Click Create Domain on the right pane.
5. On the Create Domain page, assign a name to the domain and enter a description.
6. Select Free in Domain Type.
7. Enter the details of the Identity Domain Administrator and select the Compartment.
8. Click Create Domain.

Creating OCI User Management

This section describes how to create the users. User and Groups must be created manually. The users can be created and grouped together.

The Tenancy Admin is responsible for creating Compartment Admins and other users and user groups.

Note:

Now the infrastructure creation terraform can be executed by both Tenancy Admin and Compartment Admins.

To enable Compartment Admin, create infrastructure using provided terraform. Following polices needs to applied on the Compartment Admins User Groups.

• Allow group <DOMAIN_NAME>/<COMPARTMENT_ADMIN_USER_GROUP> to manage all-resources in compartment <COMPARTMENT_NAME>.
• Allow group <DOMAIN_NAME>/<COMPARTMENT_ADMIN_USER_GROUP> to manage dynamic-groups in tenancy where target.resource.domain.name=<DOMAIN_NAME>.

Creating User Groups

This section describes the steps to create the user groups.

1. Log in to the OCI Console.

   For more information, see the "Signing In to the OCI Console" section in Oracle Cloud Infrastructure Documentation.

2. Open the navigation menu and click Identity and Security. Under Identity, click Domains.
3. Select the Identity Domain that you want to work in. Change the compartment to find the required domain. Then, click Groups.
4. Click Create Group.
   

   In the Name and Description fields on the Create Group window, enter the Name and Description about the group.
   
5. To allow users to request access to this group, select User can request access.
6. To add users to the group, select the check box for each user that you want to add to the group.
7. Click Create.

The User Group is created.

Creating the User

The following are the steps to create a user account for a user in an OCI IAM identity domain:

1. Open the navigation menu and click Identity and Security. Under Identity, click Domains.
   
2. Select the Identity domain that you want to work in. Change the compartment to find the required domain. Then, click Groups.
   
3. Click Create user.
   
4. In the First name and Last name fields, enter the user’s name.
5. To sign in using email address, follow the following steps:
   1. In the Username or Email field, enter the email address for the user account.
   2. Leave the Use the email address as the username check box selected.
6. Alternatively, to sign in with the username, follow the steps below:
   1. In the Username or Email field, enter the username.
   2. Clear the Use the email address as the username check box.
      The following characters are allowed in the Username or Email field:

      1. a-z
      2. A-Z
      3. 0-9
      4. Special characters! @ # $ % ^ & * ( ) _ + = - { } [ ] | \ : " ' ; < > ? / . ,
      5. Blank spaces
   3. In the Email field, enter the email address.
7. To assign the user to a group, select the check box for each group that you want to assign to the user account.
8. Click Create.
   The user account is created.

Creating the Auth Token to be Used as Registry Password

This section describes how to create the Auth token to be used as registry password.

1. Log in to the OCI console.

   For more information, see "Signing In to the OCI Console" section in Oracle Cloud Infrastructure Documentation.

2. Click User on the top right corner.
3. Click My profile.
4. Click Auth tokens.
5. Click Generate token.

   Figure 3-3 Create Auth Token

   
6. Enter the Description.
7. Click Generate token.

The token is created.

Note:

Copy the generated token. Ensure to preserve that as that will not be displayed again.

Creating OCI Infrastructure

This section describes how to create the OCI infrastructure.

Note:

• This procedure creates one OKE Cluster, and all the necessary platform components required to run OCI Adaptor and CNC NFs.
• To create the Oracle Cloud Infrastructure (OCI), it is recommended that first-level subcompartments be created in the root compartment. The creation of OCI infrastructure at the second-level subcompartment is not supported.
• Use the terraform tool to set up the necessary infrastructure components, including the OKE Cluster, Bastion Service, Compartment,CLI Server, and Virtual Cloud Network (VCN). Run the appropriate version-specific script (ocociAdaptor_infra_create_<version>.zip).
• The terraform script does not create the Network Load Balancers (NLB), Dynamic Routing Gateways (DRG), and Remote Peering Connections (RPC). You must create the NLB, DRGs, and RPCs manually.

The following are the steps to create OCI Infrastructure:

1. Log in to the OCI Console.

   For more information, see the "Signing In to the OCI Console" section in Oracle Cloud Infrastructure Documentation.

2. Open the navigation menu and select Developer Services. The Developer Services window appears in the right pane.
3. In Developer Services, select Resource Manager.
4. Under Resource Manager, select Stacks.

   Figure 3-4 Create Stack

   
5. In the stack window, select Compartment.
6. Click Create stack on the right pane.

   Figure 3-5 Create Stack

   
7. Click the default My configuration radio button.
8. Under Stack configuration, select the .Zip file radio button and upload the ocociadaptor_infra_create_<version>.zip file.

   Figure 3-6 Stack Configuration

   
9. Enter the Name and Description and select the compartment.
10. Click Next. The Edit stack screen appears.
11. Enter the required inputs to create the infrastructure layer components and click Save and Run apply.

    The inputs required are as follows:

    1. Create Stack
       1. Name: Enter the name of the Stack.
       2. Description: Provide a description for your stack.
       3. Compartment: Specify the compartment name.
       4. Terraform (Select the latest one).

    2. Tenancy Configuration

       1. Identity Domain Name: Enter the domain name.
       2. Tenancy Home Region Identifier: Home Region Identifier of the tenancy. Eg - us-ashburn-1.

          For more information, see the "Regions and Availability Domains" section in Oracle Cloud Infrastructure Documentation.

       3. Enclosing Compartment ID: Specify the ID of the parent compartment.
       4. Compartment Name: Create a new compartment or select an existing one.
       5. Compartment tag Namespace: Enter an alphanumeric string to tag your instance.
       6. Identity Domain URL: Enter the Identity Domain URL where the dynamic groups are to be created. For more information, see the Getting Identity Domain URL.
    3. VCN Configuration
       1. VCN Name: Enter the name of your Virtual Cloud Network (VCN).
       2. CIDR Block: Provide the CIDR (Classless Inter-Domain Routing) block for your VCN.
    4. Cluster Configuration
       1. Cluster Name: Enter the name of your OKE Cluster.
       2. Kubernetes Version: Specify the version of Kubernetes you are using.
       3. Node Pool Size: Set the size of your Node Pool.
       4. Node Pool Shape: Choose the shape of your Node Pool.
       5. Node Pool Image: Select the image for your Node Pool.
       6. OCPUs: Define the number of Oracle CPUs.
       7. Memory (GB): Input the memory capacity.
       8. Node Pool Boot Volume Size: Set the boot volume size for the Node Pool.
       9. Public Key: Enter the public key.
    5. CLI Server Configuration
       1. Public Key: Enter the public key.
       2. Private Key: Enter the private key.
12. After entering the values, user needs to click next and then click save changes button.
13. Plan and apply the terraform stack and it will create the required infrastructure.

Note:

The Run apply option is provided along with saving the stack itself, but it is recommended to first execute plan on your stack and then apply it.

Note:

Important:

• To use the OKE Cluster created as a part of the OCI infrastructure and to deploy the OCI Adaptor, install the following components in the CLI Server:
  • kubectl
  • Helm
• Select the kubectl version based on the Kubernetes version installed in the OKE cluster.

Getting Identity Domain URL

This section describes how to create a user account.

The following are the steps to create a user account for a user in an Oracle Cloud Infrastructure (OCI) IAM identity domain:

1. Open the navigation menu and click Identity and Security. Under Identity, click Domains.

   Figure 3-7 Identity and Security

   
   

   

   
   
2. click on Current domain.

   Figure 3-8 Current Domain

   
   

   

   
   
3. Copy the Domain URL in the domain information tab.

   Figure 3-9 Domain URL

   
   

   

   
   

Deploying CNC Applications

CNC NF deployment on OCI is a manual process performed on the CLI Server.

• On-premise deployment
  • It refers to deploying CNC NF and its components on the customer's private data centre. The deployment components include CNC NF, cnDBTier, and CNC Console, deployed on the underlying CNE platform.
• OCI deployment
  • It refers to the deployment of CNC NF and its components on the customer's tenancy in the public cloud OCI. The deployment components include CNC NF, cnDBTier and CNC Console deployed on OCI platform.

For more information, see the "Deploying CNC Applications" section in CNC NF-specific installation guides.

Configuring OCI Observability and Management

This section describes how to configure OCI Observability and Management.

Configuring NF Metrics Dashboard on OCI

This section describes about the steps to upload the NF specific json file (Example: <NF>_oci_dashboard_<version>.json) file on OCI Logging Analytics Dashboard Service. As OCI doesn't support Grafana, OCI uses the Logging Analytics Dashboard Service for visualizing the metrics and logs.

Follow the steps below:

1. Log in to OCI Console.

   Note:

   For more information, see the "Signing In to the OCI Console" section in Oracle Cloud Infrastructure Documentation.
2. Open the navigation menu and click Observability and Management.
3. Under Logging Analytics, Click Dashboards. The Dashboards page appears.
4. Choose the Compartment in the left pane.
5. Click Import dashboards.
6. Select and upload the <NF>_oci_dashboard_<version>.json file. Customize the following three parameters of JSON file before uploading it:
   1. COMPARTMENT_ID: The OCID of the compartment.
   2. METRIC_NAMESPACE: The metrics namespace that the user provided while deploying OCI Adaptor.
   3. K8_NAMESPACE: Kubernetes namespace where SEPP is deployed.
7. Import dashboard page appears. Click Import button on the page. Users can view the imported dashboard and the metrics on the dashboard.

For more information, see the "NF specific metrics" section in NF-specific User Guides.

Configuring NF Alerts on OCI

The following procedure describes how to configure the NF alerts for OCI. OCI supports metric expressions written in MQL (Metric Query Language) and thus requires a new NF alert file to configure alerts in the OCI observability platform.

The following are the steps:

1. Run the following command to extract the NF specific alert .zip file:

   unzip <nf>_oci_alertrules_<version>.zip

   Example:

   unzip ocAdaptor_oci_alertrules_<version>.zip

   Depending on the NF, either one or both of the following folders are available in the zip file:
   • <NF>_oci
   • <NF>_oci_resources
   For example:
   • In SEPP, the following folders are available:
     • ocsepp_oci
     • ocsepp_oci_resources
   • In cnDBTier, the following folder is available:
     • ocsepp_oci

   Note:

   The zip file is available in the Scripts folder of the NF CSAR package.
2. Open the <NF>_oci folder and look for the notifications.tf file.
3. Open the notifications.tf file and update the endpoint parameter with the email ID of the user.
4. Open the <NF>_oci_resources folder, in the notifications.tf file, update the parameter endpoint with the email id of the user.
5. Log in to the OCI Console.

   For more information, see the "Signing In to the OCI Console" section in Oracle Cloud Infrastructure Documentation.

6. Open the navigation menu and select Developer Services. The Developer Services window appears in the right pane.
7. Under the Developer Services, select Resource Manager.
8. Under Resource Manager, select Stacks. The Stacks window appears.
9. Click Create stack.
10. Select the default My configuration radio button.
11. Under Stack configuration, select the folder radio button and upload the <NF>_oci folder.
12. Enter the Name and Description and select the compartment.
13. Select the latest terraform version from the Terraform version drop-down.
14. Click Next. The Edit stack screen appears.
15. Enter the required inputs to create the SEPP alerts or alarms.
16. Click Save and Run apply.
17. Verify that the alarms are created in the Alarm Definitions screen (OCI Console> Observability and Management> Monitoring>Alarm definitions) provided.

    The required inputs are:

    • Alarms Configuration
      1. Compartment name: Choose the compartment's name from the drop-down list.
      2. Metric namespace: Metric namespace that the user provided while deploying OCI Adaptor.
      3. Topic name: This is a user-configurable name. It can contain a maximum of 256 characters. Only alphanumeric characters plus hyphens (-) and underscores (_) are allowed.
      4. Message format: Keep it as ONS_OPTIMIZED (This is pre-populated).
      5. Alarm is_enabled: Keep it as True (This is pre-populated).
18. Repeat the steps 6 to 17 for uploading the <NF>_oci_resources folder. Here Metric namespace will be pre-populated.

    For more information, see the "NF specific alerts" section in NF User Guides.

Creating a Custom Dashboard on OCI

The user can create custom dashboards on OCI, such as the APM dashboard for visualizing the traces and the Logging Analytics dashboard for visualizing the logs and metrics.

For more information, see the "Create a Custom Dashboard", "Create a Query-based Widget Using Metrics" and "Create a Query-based Widget Using Traces" sections in Oracle Cloud Infrastructure Documentation.

The user can export a custom dashboard, widgets, and filters and import it to a different tenancy or region.

For more information, see the "Export and Import Dashboards" section in Oracle Cloud Infrastructure Documentation.

Note:

The following are the available sample dashboards:

• Logging Dashboard: Displays the Kubernetes Workloads, Kubernetes Cluster Summary, Kubernetes Nodes, Kubernetes Pods.
• Metric Dashboard: This is a sample Kubernetes Monitoring dashboard. It is a part of the Logging Analytics dashboard.
• APM or Tracing Dashboard: This is a sample APM or Tracing dashboard. It is part of the APM dashboard.

By default, sample dashboards for logging, tracing, and metrics are created as part of OCI Adaptor terraform scripts. The user can refer to the sample dashboards to create personalized dashboards.

The sample APM or Tracing dashboard is located as part of APM dashboards. Metric and Logging dashboards are located as part of Logging Analytics dashboards.

For more information, see the "OCI Monitoring Service" section in Oracle Communications Cloud Native Core, OCI Adaptor User Guide.

Deleting OCI Infrastructure

This section provides information about deleting the OCI infrastructure that was created for deploying the OCI Adaptor and NFs.

Prerequisite:

The user must uninstall the OCI Adaptor.

For more information, see the "Uninstalling OCI Adaptor" section in Oracle Communications Cloud Native Core, OCI Adaptor User Guide.

Deleting the OCI Infrastructure

To delete the OCI Infrastructure, perform the following procedure:

1. Log in to the OCI Console.

   For more information, see the "Signing In to the OCI Console" section in Oracle Cloud Infrastructure Documentation.

2. Open the navigation menu and select Developer Services. The Developer Services window appears in the right pane.
3. Under the Developer Services, select Resource Manager.
4. Under Resource Manager, select Stacks. The Stacks window appears.

   Figure 3-10 Developer Services

   
5. Select Compartment from the Compartment drop-down list.

   Figure 3-11 Compartment

   
6. Select the stack which was created for creating the OCI Infrastructure.

   Figure 3-12 Select Stack

   
7. Click Destroy.

   Figure 3-13 Destroy Stack

   
8. The confirmation page appears. Click Destroy to delete the OCI Infrastructure.

Note:

Deleting the OCI Infrastructure will not delete the compartment. User can delete it manually.