5 Installing STAP

Learn about the process of installing Oracle Communications Solution Test Automation Platform (STAP) on your system.

Topics in this document:

Downloading the STAP CNTK

Before setting up the STAP CNTK, ensure you meet the following prerequisites:

  • If you are using OAuth, create an application for STAP within Oracle Identity Cloud Service.
  • Provision a Network File System (NFS) that is accessible from the cluster.
  • Install the necessary SSL certificates.
  • Create a cluster running Kubernetes with Helm installed.

To set up the CNTK:

  1. Create a namespace by running the following command: 
    kubectl create ns namespace_name
  2. Apply the Client Secret by running the following command: 
    kubectl apply -f file_name

    where file_name is the YAML containing the secret to access your image repository

  3. Download the CNTK by running the following command: 
    curl cntk_link cntk_zip
    where:
    • cntk_link is the link to download STAP CNTK
    • cntk_zip is the title of the CNTK zip file
  4. Unzip the CNTK by running the following command: 
    unzip cntkzip

Setting up the Microservice Images

Note:

Follow the steps below for each STAP microservice respectively.
  1. Navigate to the image.tar folder for the STAP microservice, within its zip file in the STAP Cloud Native Toolkit.
  2. Load the image by running the following command: 
    podman load -i imagetar
  3. Tag the image by running the following command: 
    podman tag image_name:image_id repo_dest

    where repo_dest is your microservice image repository

  4. Push the image to your repository by running the following command: 
    podman push repo_dest

Installing STAP Microservices

Learn about installing the different microservices of STAP.

Topics in this section:

Installing TDS

To install TDS, perform the following steps:

  1. Navigate to the TDS Helm chart.
  2. Copy the values.yaml file and rename it to override-values.yaml.
  3. Update the override-values.yaml file with the values listed in Table 5-1:

    Table 5-1 TDS Helm Chart YAML Override Values

    Key Description
    image.imageRepository Contains the image repository.
    image.imageName Contains the image name.
    image.imageTag Contains the associated image tag.
    image.imagePullSecret Contains the secret name to pull the image.
    image.imagePullPolicy Contains the image pull policy. These are Always, IfNotPresent, and Never.
    tdaasDB.host Refers to the TDS database host name that runs in the container.
    tdaasDB.port Refers to the port where the TDS database runs in the container.
    tdaasDB.username Contains the TDS database username.
    service.port Refers to the port exposed by the Kubernetes service inside the cluster.
    tdaas.port Refers to the port where TDS runs in the container.
    tdaas.externalport Any external port not in use.
    tdaas.host Refers to TDS's host name.
    taasUI.host Refers to the UI's host name.
    nfs.path Contains the NFS path.
    nfs.server Refers to the NFS server IP. It should be accessible from the cluster.
    storageClassName Refers to the storageclassname of the PV.
    pv.storage Refers to the storage.
    pv.mountPath Refers to the mountPath to persist the database.
    pv.volumeName Refers to the volume name of the PV to mount in pod.
    pvc.storage Refers to the storage to claim from PV.
    idcs.idcsUri Refers to the IDCS configured URI (If you are using OAuth authentication type).
    idcs.idcsClientId Refers to the IDCS configured clientID (If you are using OAuth authentication type).
    idcs.idcsOidcAudience Refers to the IDCS OIDC audience (If you are using OAuth authentication type).

    The format for it is idcs-url:443.

    ssl.enabled Select true if SSL is enabled, else false.
    ssl.secretName Use the same secret name that you will use in Step 4.
    securityType Select the authentication type.
    logLevel Select the log level.
    mail.host Refers to the host name of the mail server (use only for basic authentication).
    mail.port Refers to the mail server port.
    mail.from Refers to the mail from configuration.
    mail.auth Refers to the authentication enabled details.
    mail.username Contains the user name.
    mail.startTLS Refers to the TLS enabled configuration.
    mail.sslProtocol Refers to the SSL protocol to be used to send mails.
  4. If SSL is enabled, create a certificate secret by running the following command:
    kubectl create secret generic cert-secret --from-file=ssl cert file -n namespace

    Note:

    This ensures transport layer security over communication to the microservices.
  5. Run the tdaas-secret.sh script under STAP CNTK tds/scripts and pass relevant options to create TDS-secret.
    where:
    • Namespace: Mandatory
    • Keystore Password: Optional (If SSL is enabled, enter the value)
    • IDCS_CLIENT_ID: Optional (If using OAuth authentication type, enter the value)
    • IDCS_CLIENT_SECRET: Optional (If using OAuth authentication type, enter the value)
    • BASIC_PASSWORD: Optional (If using Basic Authorization, enter the value)
    • DB_PASSWORD: Mandatory
    • SMTP_PASSWORD: Optional (For Basic Authorization only)
  6. Install the Helm chart by running the following command:
    helm install chart_name path_to_chart_dir --values override-values.yaml -n namespace
  7. Verify the deployment by running the following command:
    kubectl get all -n namespace
  8. Perform a sanity check. For more information, see "Verifying a Successful Deployment".

Installing TES

To install TES, perform the following steps:

  1. Navigate to the TES Helm chart.
  2. Copy the values.yaml file and rename the file to override-values.yaml.
  3. Update the override-values.yaml file with the values listed in Table 5-2.

    Table 5-2 TES Helm Chart Override Values YAML Values

    Key Description
    image.imageRepository Contains the image repository.
    image.imageName Contains the image name.
    image.imageTag Contains the associated image tag.
    image.imagePullSecret Contains the secret name to pull the image.
    image.imagePullPolicy Contains the policy.
    tls.enabled Set to false to disable OAuth.
    tls.secretName The file containing TLS secrets for secure communication.
    tls.trustKeystoreResourcePath Path to the TLS trust keystore file used for secure communication.

    Note: Do not change this path.

    tdaas.url TDS URL.
    tdaas.port TDS port.
    tdaas.username TDS user name.
    tes.host TES hostname.
    tes.port Container port where TES is to be run.
    taasUI.host UI hostname.
    cors.enabled cors enabled option.
    cors.allowOrigin N/A
    service.port Port exposed by the Kubernetes Service inside the cluster.
    idcs.idcsUri IDCS configured URI (applicable only if the authorization is OAuth).
    idcs.idcsClientId IDCS configured Client ID (applicable only if the authorization is OAuth).
    idcs.idcsOidcAudience IDCS OIDC audience (applicable only if the authorization is OAuth).

    The format for it is idcs-url:443.

    ssl.enabled Select this as true if the SSL is enabled, otherwise false.
    ssl.secretName Secret name used to set up the secret containing the TLS cert.

    Note: Use the same secret name that you used in Step 4.

    ssl.useCustomTruststore If mounting custom trust store, select true. When true, ensure the secret truststore-secret is created before installing the chart.
    securityType Select the authentication type.
    attributeData.home Path in the pv attributeData folder path.

    Note: Copy the attribute data to the PV to run attributeData scenario.

    env.proxy select true if proxy is to be set in pod
    env.http_proxy Contains the http proxy to be set in pod
    env.https_proxy Contains the https proxy to be set in pod
    env.no_proxy Contains the no proxy to be set in pod
  4. If SSL is enabled, create a certificate secret:
    kubectl create secret generic cert-secret --from-file=cert file -n namespace
  5. Create a secret to import the trust store by running the following command:
    kubectl create secret generic truststore-secret --from-file=jks file-n namespace
  6. Run the tes-secret.sh script and pass relevant options to create TES-secret
    where:
    • Namespace: Mandatory
    • Keystore Password: Optional (If SSL is enabled, enter the value)
    • IDCS_CLIENT_ID: Optional (If using OAuth authentication type, enter the value)
    • IDCS_CLIENT_SECRET: Optional (If using OAuth authentication type, enter the value)
    • BASIC_PASSWORD: Optional (If using Basic Authorization, enter the value)
    This contains the IDCS credentials, TLS passkey, and the DB password.
  7. Install the Helm chart by running the following command:
    helm install chart_name path_to_chart_dir --values override-values.yaml -n namespace
  8. Verify the deployment by running the following command:
    kubectl get all -n namespace
  9. Perform a sanity check. For more information, see "Verifying a Successful Deployment".

Note:

For your first login to the UI, the credentials will be the following:

User: tesuser/admin

Password: As entered in the TDS secret script.

You can use either tesuser or admin as the user name for your first log in.

Note:

Ensure that you mount the NFS on the VM from which the publish will be initiated. The mount path on the VM is: /data/config/attributeConfig.

Installing the UI

To install STAP UI, perform the following steps:

  1. Navigate to the UI Helm Chart.

  2. Apply the ocir-secret.yaml file with the namespace updated: 

    kubectl apply -f file_name
  3. Run the ui-secret.sh script to generate the ui-secrets file, noting the mandatory and optional fields:
    • Namespace: Mandatory
    • Keystore Password: Optional (If SSL is enabled, enter the value)
    • IDCS_CLIENT_SECRET: Optional (If using OAuth authentication type, enter the value)
    • BASIC_PASSWORD: Optional (If using Basic Authorization, enter the value)
  4. Update the override-values.yaml file with the values listed in Table 5-3:

    Table 5-3 STAP UI Helm Chart Override Values YAML Values

    Key Description
    image.imageRepository Contains the image repository.
    image.imageName Contains the image name.
    image.imageTag Contains the associated image tag.
    image.imagePullSecret Contains the secret name to pull the image.
    image.imagePullPolicy Contains the policy.
    service.port Port where UI is accessible within container.
    tdaas.host Host name of TDS.
    tdaas.url TDS URL at which the service is accessible.
    tdaas.redirect TDS URL or an alternative URL at which the service is accessible.

    Follow either of these formats:

    • http://ui:host:uiport/tdaas
    • https://ui:host:uiport/tdaas
    To access the UI microservice locally after deployment, set the localhost:

    https://localhost:UI_PORT/tdaas
    tdaas.port Port where TDS is running in cluster.
    ui.host Name of the UI service.
    ui.port Port where UI is running in cluster.
    ui.path Path where the UI project directory is present in the container.
    ui.externalPort Any external port not in use.
    ui.enable.reroute If enable.reroute=false, TES and TDS urls are set as cookies to below configured values, and API calls from UI are directly transferred to TES and TDS without coming to this server.
    frontendUri.host HOST IP of the UI Service.

    To access the UI service locally after deployment, set frontendUri.host to localhost. Additionally, set tes.redirect and tdaas.redirect as mentioned in this table.

    oauth.authurl The authorization server URL for initiating authentication. Update only when authentication type is OAuth.
    oauth.redirectUrl The URL where users are redirected after authentication. Update only when authentication type is OAuth.
    oauth.postLogoutUrl The URL users are redirected to after logging out. Update only when authentication type is OAuth.
    oauth.clientId The unique identifier for the OAuth client application. Update only when authentication type is OAuth.
    oauth.scope The permissions requested for OAuth authentication. Update only when authentication type is OAuth.
    oauth.login_url The endpoint for initiating user login. Update only when authentication type is OAuth.
    oauth.websocket_url The WebSocket endpoint for real-time communication. Update only when authentication type is OAuth.
    tls.enabled Set to false, to disable OAuth.
    tls.secretName The file containing TLS secrets for secure communication.
    tls.trustKeystoreResourcePath Path to the TLS trust keystore file used for secure communication.

    Note: Do not change this path.

    tes.host Host name of TES.
    tes.url TES URL at which the service is accessible.
    tes.redirect TES URL or an alternative URL at which the service is accessible. Follow either of these format:
    • http://ui:host:uiport/tes
    • https://ui:host:uiport/tes
    To access the UI microservice locally after deployment, set the localhost:

    https://localhost:UI_PORT/tes
    tes.port Port where TES is running in container.
    security.type BASIC/OAUTH
  5. Install the Helm chart by running the following command:
    helm install chart_name path_to_chart_dir --values override-values.yaml -n namespace
  6. Verify the deployment by running the following command:
    kubectl get all -n namespace
  7. Perform a sanity check. For more information, see "Verifying a Successful Deployment".

Note:

For your first login to the UI, the credentials will be the following:

User: tesuser/admin

Password: As entered in the TDS secret script. You can use either tesuser or admin as the user name for your first log in.

Oracle recommends that you change the password after the first log in to a strong, more suitable password.