5 Installing STAP

Learn about the process of installing Oracle Communications Solution Test Automation Platform (STAP) on your system.

Topics in this document:

Downloading the STAP CNTK

Before setting up the STAP CNTK, ensure you meet the following prerequisites:

  • If you are using OAuth, create an application for STAP within Oracle Identity Cloud Service.
  • Provision a Network File System (NFS) that is accessible from the cluster.
  • Install the necessary SSL certificates.
  • Create a cluster running Kubernetes with Helm installed.

To set up the CNTK:

  1. Create a namespace by running the following command: 
    kubectl create ns namespace_name
  2. Apply the image repository secret by running the following command: 
    kubectl apply -f file_name

    where file_name is the YAML containing the secret to access your image repository

  3. Download the Oracle STAP software pack from the Oracle software delivery Web site, located at:
    http://edelivery.oracle.com
  4. Download the CNTK by running the following command: 
    curl oc-stap-1.25.1.x.zip
    where:
    • x is the latest patch set
  5. Unzip the CNTK by running the following command: 
    unzip oc-stap-1.25.1.x.zip
  6. Unzip the DE and microservices by running the following command:
    cd oc-stap-1.25.1.x 
unzip DE.zip ui.zip tds.zip tes.zip

Setting up the Microservice Images

Note:

Follow the steps below for each STAP microservice respectively.
  1. Navigate to the image.tar folder for the STAP microservice, within its zip file in the STAP Cloud Native Toolkit.
  2. Load the image by running the following command: 
    podman load -i image.tar
  3. Tag the image by running the following command: 
    podman tag image_name:tag repo_dest
    where
    • image_name is the title of the microservice image
    • repo_dest is your microservice image repository
  4. Log in to your image repository and push the image to the repository by running the following command: 
    podman push repo_dest

Installing STAP Microservices

Learn about installing the different microservices of STAP.

Topics in this section:

Installing TDS

To install TDS, perform the following steps:

  1. Navigate to the TDS Helm chart.
  2. Copy the values.yaml file and rename it to override-values.yaml.
  3. Update the override-values.yaml file with the values listed in Table 5-1:

    Table 5-1 TDS Helm Chart YAML Override Values

    Key Description
    image.imageRepository Contains the image repository.
    image.imageName Contains the image name.
    image.imageTag Contains the associated image tag.
    image.imagePullSecret Contains the secret name to pull the image.
    image.imagePullPolicy Contains the image pull policy. These are Always, IfNotPresent, and Never.
    tdaasDB.host Refers to the TDS database host name that runs in the container.
    tdaasDB.port Refers to the port where the TDS database runs in the container.
    tdaasDB.username Contains the TDS database username.
    service.port Refers to the port exposed by the Kubernetes service inside the cluster.
    tdaas.port Refers to the port where TDS runs in the container.
    tdaas.externalport Any external port not in use.
    tdaas.host Refers to TDS's host name.
    taasUI.host Refers to the UI's host name.
    nfs.path Contains the NFS path.
    nfs.server Refers to the NFS server IP. It should be accessible from the cluster.
    storageClassName Refers to the storageclassname of the PV.
    pv.storage Refers to the storage.
    pv.mountPath Refers to the mountPath to persist the database.
    pv.volumeName Refers to the volume name of the PV to mount in pod.
    pvc.storage Refers to the storage to claim from PV.
    idcs.idcsUri Refers to the IDCS configured URI (If you are using OAuth authentication type).
    idcs.idcsClientId Refers to the IDCS configured clientID (If you are using OAuth authentication type).
    idcs.idcsOidcAudience Refers to the IDCS OIDC audience (If you are using OAuth authentication type).

    The format for it is idcs-url:443.

    ssl.enabled Select true if SSL is enabled, else false.
    ssl.secretName Use the same secret name that you will use in Step 4.
    securityType Select the authentication type.
    logLevel Select the log level.
    mail.host Refers to the host name of the mail server (use only for basic authentication).
    mail.port Refers to the mail server port.
    mail.from Refers to the mail from configuration.
    mail.auth Refers to the authentication enabled details.
    mail.username Contains the user name.
    mail.startTLS Refers to the TLS enabled configuration.
    mail.sslProtocol Refers to the SSL protocol to be used to send mails.
  4. If SSL is enabled, create a certificate secret by running the following command:
    kubectl create secret generic cert-secret --from-file=ssl cert file -n namespace

    Note:

    This ensures transport layer security over communication to the microservices.
  5. Run the tdaas-secret.sh script under STAP CNTK tds/scripts and pass relevant options to create TDS-secret.
    where:
    • Namespace: Mandatory
    • Keystore Password: Optional (If SSL is enabled, enter the value)
    • IDCS_CLIENT_ID: Optional (If using OAuth authentication type, enter the value)
    • IDCS_CLIENT_SECRET: Optional (If using OAuth authentication type, enter the value)
    • BASIC_PASSWORD: Optional (If using Basic Authorization, enter the value)
    • DB_PASSWORD: Mandatory
    • SMTP_PASSWORD: Optional (For Basic Authorization only)
  6. Install the Helm chart by running the following command:
    helm install chart_name path_to_chart_dir --values override-values.yaml -n namespace
  7. Verify the deployment by running the following command:
    kubectl get all -n namespace
  8. Perform a sanity check. For more information, see "Verifying a Successful Deployment".

Installing TES

To install TES, perform the following steps:

  1. Navigate to the TES Helm chart.
  2. Copy the values.yaml file and rename the file to override-values.yaml.
  3. Update the override-values.yaml file with the values listed in Table 5-2.

    Table 5-2 TES Helm Chart Override Values YAML Values

    Key Description
    image.imageRepository Contains the image repository.
    image.imageName Contains the image name.
    image.imageTag Contains the associated image tag.
    image.imagePullSecret Contains the secret name to pull the image.
    image.imagePullPolicy Contains the policy.
    tls.enabled Set to false to disable OAuth.
    tls.secretName The file containing TLS secrets for secure communication.
    tls.trustKeystoreResourcePath Path to the TLS trust keystore file used for secure communication.

    Note: Do not change this path.

    tdaas.url TDS URL.
    tdaas.port TDS port.
    tdaas.username TDS user name.
    tes.host TES hostname.
    tes.port Container port where TES is to be run.
    taasUI.host UI hostname.
    cors.enabled cors enabled option.
    cors.allowOrigin N/A
    service.port Port exposed by the Kubernetes Service inside the cluster.
    idcs.idcsUri IDCS configured URI (applicable only if the authorization is OAuth).
    idcs.idcsClientId IDCS configured Client ID (applicable only if the authorization is OAuth).
    idcs.idcsOidcAudience IDCS OIDC audience (applicable only if the authorization is OAuth).

    The format for it is idcs-url:443.

    ssl.enabled Select this as true if the SSL is enabled, otherwise false.
    ssl.secretName Secret name used to set up the secret containing the TLS cert.

    Note: Use the same secret name that you used in Step 4.

    ssl.useCustomTruststore If mounting custom trust store, select true. When true, ensure the secret truststore-secret is created before installing the chart.
    securityType Select the authentication type.
    attributeData.home Path in the pv attributeData folder path.

    Note: Copy the attribute data to the PV to run attributeData scenario.

    adapters.home The path to the PV adapters folder.
    adapters.config.home The path to the config/adapters folder.

    Note: Copy the adapters folder to the PV to configure them.

    globalContext.home The path to the PV globalContent folder.

    Note: Copy the global.ctx file to the PV to use global context, and edit global variables.

    uiActions.home The path to the Persistent Volume UI actions folder.
    plugins.home The path to the Persistent Volume plugins folder.
    env.proxy Select true if proxy is to be set in pod.
    env.http_proxy Contains the HTTP proxy to be set in pod.
    env.https_proxy Contains the HTTP proxy to be set in pod.
    env.no_proxy Contains the no proxy to be set in pod.
  4. If SSL is enabled, create a certificate secret:
    kubectl create secret generic cert-secret --from-file=cert file -n namespace
  5. Create a secret to import the trust store by running the following command:
    kubectl create secret generic truststore-secret --from-file=jks file-n namespace
  6. Run the tes-secret.sh script and pass relevant options to create TES-secret
    where:
    • Namespace: Mandatory
    • Keystore Password: Optional (If SSL is enabled, enter the value)
    • IDCS_CLIENT_ID: Optional (If using OAuth authentication type, enter the value)
    • IDCS_CLIENT_SECRET: Optional (If using OAuth authentication type, enter the value)
    • BASIC_PASSWORD: Optional (If using Basic Authorization, enter the value)
    This contains the IDCS credentials, TLS passkey, and the DB password.
  7. Install the Helm chart by running the following command:
    helm install chart_name path_to_chart_dir --values override-values.yaml -n namespace
  8. Verify the deployment by running the following command:
    kubectl get all -n namespace
  9. Perform a sanity check. For more information, see "Verifying a Successful Deployment".

Note:

For your first login to the UI, the credentials will be the following:

User: tesuser/admin

Password: As entered in the TDS secret script.

You can use either tesuser or admin as the user name for your first log in.

Note:

Ensure that you mount the NFS on the VM from which the publish will be initiated. The mount path on the VM is: /data/config/attributeConfig.

Installing the UI

To install STAP UI, perform the following steps:

  1. Navigate to the UI Helm Chart located in oc-stap-1.25.1.x/ui/scripts.

  2. Apply the ocir-secret.yaml file with the namespace updated: 

    kubectl apply -f file_name
  3. Run the ui-secret.sh script to generate the ui-secrets file, noting the mandatory and optional fields:
    • Namespace: Mandatory
    • Keystore Password: Optional (If SSL is enabled, enter the value)
    • IDCS_CLIENT_SECRET: Optional (If using OAuth authentication type, enter the value)
    • BASIC_PASSWORD: Optional (If using Basic Authorization, enter the value)
  4. Update the override-values.yaml file with the values listed in Table 5-3:

    Table 5-3 STAP UI Helm Chart Override Values YAML Values

    Key Description
    image.imageRepository Contains the image repository.
    image.imageName Contains the image name.
    image.imageTag Contains the associated image tag.
    image.imagePullSecret Contains the secret name to pull the image.
    image.imagePullPolicy Contains the policy.
    service.port Port where UI is accessible within container.
    tdaas.host Host name of TDS.
    tdaas.url TDS URL at which the service is accessible.
    tdaas.redirect TDS URL or an alternative URL at which the service is accessible.

    Follow either of these formats:

    • http://ui:host:uiport/tdaas
    • https://ui:host:uiport/tdaas
    To access the UI microservice locally after deployment, set the localhost:

    https://localhost:UI_PORT/tdaas
    tdaas.port Port where TDS is running in cluster.
    ui.host Name of the UI service.
    ui.port Port where UI is running in cluster.
    ui.path Path where the UI project directory is present in the container: /usr/share/test/ui.
    ui.externalPort Any external port not in use.
    ui.enable.reroute If enable.reroute=false, TES and TDS urls are set as cookies to below configured values, and API calls from UI are directly transferred to TES and TDS without coming to this server.
    frontendUri.host HOST IP of the UI Service.

    To access the UI service locally after deployment, set frontendUri.host to localhost. Additionally, set tes.redirect and tdaas.redirect as mentioned in this table.

    oauth.authurl The authorization server URL for initiating authentication. Update only when authentication type is OAuth.
    oauth.redirectUrl The URL where users are redirected after authentication. Update only when authentication type is OAuth.
    oauth.postLogoutUrl The URL users are redirected to after logging out. Update only when authentication type is OAuth.
    oauth.clientId The unique identifier for the OAuth client application. Update only when authentication type is OAuth.
    oauth.scope The permissions requested for OAuth authentication. Update only when authentication type is OAuth.
    oauth.login_url The endpoint for initiating user login. Update only when authentication type is OAuth.
    oauth.websocket_url The WebSocket endpoint for real-time communication. Update only when authentication type is OAuth.
    tls.enabled Set to false, to disable OAuth.
    tls.secretName The file containing TLS secrets for secure communication.
    tls.trustKeystoreResourcePath Path to the TLS trust keystore file used for secure communication.

    Note: Do not change this path.

    tes.host Host name of TES.
    tes.url TES URL at which the service is accessible.
    tes.redirect TES URL or an alternative URL at which the service is accessible. Follow either of these format:
    • http://ui:host:uiport/tes
    • https://ui:host:uiport/tes
    To access the UI microservice locally after deployment, set the localhost:

    https://localhost:UI_PORT/tes
    tes.port Port where TES is running in container.
    security.type BASIC/OAUTH
  5. Install the Helm chart by running the following command:
    helm install chart_name path_to_chart_dir --values override-values.yaml -n namespace
  6. Verify the deployment by running the following command:
    kubectl get all -n namespace
  7. Perform a sanity check. For more information, see "Verifying a Successful Deployment".

Note:

For your first login to the UI, the credentials will be the following:

User: tesuser/admin

Password: As entered in the TDS secret script. You can use either tesuser or admin as the user name for your first log in.

Oracle recommends that you change the password after the first log in to a strong, more suitable password.

Configuring JVM Heap Size to Avoid “Out of Memory" Error Messages

To prevent “Out of Memory” error messages in the log file after installation, it is recommended to configure the heap size for the Java Virtual Machine (JVM) before running your application.

By default, the JVM may use limited heap memory, which can lead to memory allocation errors when handling larger workloads. Setting the initial and maximum heap size allows the JVM to manage memory more efficiently, avoiding unexpected failures or periodic performance slowdowns due to dynamic heap resizing.

You can specify the minimum and maximum heap size by including the following options:

-Xms specifies the initial heap size

-Xmx specifies the maximum heap size

For example:

-Xms1g -Xmx2g

where 1g and 2g indicate the initial and maximum heap sizes (in gigabytes) respectively. Adjust these values according to your system’s available resources and expected workload.

It is recommended to define heap size options using the JAVA_TOOL_OPTIONS environment variable, which is recognized automatically by the JVM at startup. To do so, use these commands for your deployment environment:

If you're using Linux:
export JAVA_TOOL_OPTIONS="-Xms1g -Xmx2g"
If you're using Windows:
set JAVA_TOOL_OPTIONS=-Xms1g -Xmx2g
To set it in your Dockerfile:
ENV JAVA_TOOL_OPTIONS="-Xms1g -Xmx2g"
Alternatively, you can update your startup scripts in the STAP DE to include the heap size options directly:
java -Xms1g -Xmx2g -XX:-PrintWarnings -XshowSettings:vm -jar "%STAP_HOME%"/lib/STAP-1.25.1.1-DE.jar %*
where:
  • 1g and 2g indicate the initial and maximum heap sizes (in gigabytes) respectively
  • -PrintWarnings enables or disables JVM warnings
  • -XshowSettings:vm is the JVM memory configuration during startup
  • %STAP_HOME%"/lib/STAP-1.25.1.1-DE.jar is the STAP DE jar file