7 Configuring BRM Server, PDC, and PCC Services
Learn how to configure the Oracle Communications Billing and Revenue Management (BRM) server, Pricing Design Center (PDC), and Pipeline Configuration Center (PCC) in your cloud native environment.
Topics in this document:
About Configuring BRM Cloud Native Services
You configure and deploy BRM cloud native services, such as BRM, PDC, and PCC, by using the BRM Helm chart (oc-cn-helm-chart). YAML descriptors in the oc-cn-helm-chart/templates directory use the oc-cn-helm-chart/values.yaml file for most of the values. The values.yaml file itself includes comments that describe each key. You can override the values by creating an override-values.yaml file.
Oracle recommends that you read the values.yaml file at least once to become familiar with all of the options available.
Creating Secrets for Docker Registry Authorization
You can automatically pull images from your private Docker registry by creating an ImagePullSecrets, which contains a list of authorization tokens (or Secrets) for accessing a private Docker registry. You then add references to the ImagePullSecrets in your BRM Helm chart's override-values.yaml file. This allows pods to submit the Secret to the private Docker registry whenever they want to pull images.
Automatically pulling images from a private Docker registry involves these high-level steps:
-
Create a Secret outside of the Helm chart by entering this command:
kubectl create secret docker-registry SecretName --docker-server=RegistryServer --docker-username=UserName --docker-password=Password -n NameSpace
where:
-
SecretName is the name of your Kubernetes Secret
-
RegistryServer is your private Docker registry's FQDN (repoHost:repoPort)
-
UserName and Password are your private Docker registry's user name and password
-
NameSpace is the namespace you will use for installing BRM Helm charts
For example:
kubectl create secret docker-registry cgbu-docker-registry --docker-server=mydockerimages.com:2660/ --docker-username=xyz --docker-password=password -n oms
-
-
Add the imagePullSecrets key to your override-values.yaml file for oc-cn-helm-chart:
imagePullSecrets: SecretName
-
Add the ocbrm.imageRepository key to your override-values.yaml file:
imageRepository: "RegistryServer"
-
Deploy oc-cn-helm-chart.
Configuring Global Values
Table 7-1 lists the keys that apply to all BRM components. To set or change the values, add them to your override_values.yaml file for oc-cn-helm-chart.
Table 7-1 Global Keys in Values.yaml File
Key | Description |
---|---|
imageRepository |
The registry server where you have pushed images. Typically, in the format “RepoHost:RepoPort/”. The value is added as a prefix to all image names when you install or upgrade Helm charts. This key is empty by default. |
imagePullSecrets |
The name of the Secret that contains credentials for accessing images from your private image server. This is added to each pod to give it permission to pull the image from your private registry server. See "Creating Secrets for Docker Registry Authorization" for more information. This key is empty by default. |
uniPass |
Use this key to apply a uniform password to all BRM cloud native services, including:
To override this password for a specific service, specify a different password in the service's key. Note: Use this key for test or demonstration systems only. |
db.* |
The details for connecting to a shared database. The keys in this section take precedence over other database connection keys. Add these keys only if your system uses a shared database:
|
Specifying the BRM Services to Deploy
Some BRM cloud native services are enabled by default, while others are disabled. Ensure that your override-values.yaml file is set up to deploy the services that you want to include in your BRM cloud native environment.
BRM Cloud Native Services Enabled by Default
Table 7-2 lists the BRM cloud native services that are deployed by default. To exclude them from your deployment, set the keys to false in your override-values.yaml file for oc-cn-helm-chart.
Table 7-2 BRM Services Enabled By Default
BRM Service | override-values.yaml Key |
---|---|
Account Synchronization Data Manager |
ocbrm.dm_ifw_sync.isEnabled |
Batch Pipeline |
ocbrm.batchpipe.isEnabled |
Connection Manager |
ocbrm.cm.isEnabled |
Oracle Data Manager |
ocbrm.dm_oracle.isEnabled |
Rated Event Loader |
ocbrm.rel_daemon.isEnabled |
Realtime Pipeline |
ocbrm.realtimepipe.isEnabled |
BRM Cloud Native Services Disabled By Default
Table 7-3 lists the BRM cloud native services that are not deployed by default. To include them in your BRM cloud native deployment, set the keys to true in your override-values.yaml file for oc-cn-helm-chart.
Table 7-3 BRM Services Disabled By Default
BRM Service | override-values.yaml Key |
---|---|
Advanced Queuing Data Manager |
ocbrm.dm_aq.isEnabled |
Batch Controller |
ocbrm.batch_controller.isEnabled |
BRM Apps Jobs |
ocbrm.brm_apps.job.isEnabled |
BRM REST Services Manager |
ocsrm.rsm.isEnabled |
Email Data Manager |
ocbrm.dm_email.isEnabled |
Enterprise Application Integration Data Manager |
ocbrm.dm_eai.isEnabled |
Invoicing Formatter |
ocbrm.formatter.isEnabled |
Invoicing Data Manager |
ocbrm.dm_invoice.isEnabled |
Kafka Data Manager |
ocbrm.dm_kafka.isEnabled |
LDAP Data Manager |
ocbrm.dm_ldap.isEnabled |
Paymentech Data Manager |
ocbrm.dm_fusa.isEnabled |
PDC REST Services Manager |
ocpdcrsm.labels.isEnabled |
Provisioning Data Manager |
ocbrm.dm_prov_telco.isEnabled |
Roaming Pipeline |
ocbrm.roampipe.isEnabled |
Vertex Data Manager |
ocbrm.dm_vertex.isEnabled |
Web Services Manager with WebLogic |
ocbrm.wsm.deployment.weblogic.isEnabled |
Web Services Manager with TomCat |
ocbrm.wsm.deployment.tomcat.isEnabled |
Configuring the BRM Server
To configure the BRM server to run in your cloud native environment, you override the BRM server-specific keys in the values.yaml file for oc-cn-helm-chart. Table 7-4 lists the keys that directly impact BRM Server pods. Add these keys to your override-values.yaml file with the same path hierarchy.
Note:
You can optionally deploy a simple demonstration version of BRM cloud native by using the sample override_values.yaml file that is packaged with oc-cn-helm-chart. This sample override file contains the bare minimum keys that you need to update to create a simple BRM cloud native system with the following services enabled by default: Account Synchronization DM, Batch Pipeline, CM, Oracle DM, RE Loader, Realtime Pipeline, Billing Care, Billing Care REST API, Business Operations Center, and PDC.
Table 7-4 BRM Server Keys
Key | Path in values.yaml File | Description |
---|---|---|
prometheus |
monitoring |
Details for monitoring BRM cloud native services by using Prometheus:
See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide for more information. |
isAmt |
ocbrm |
Whether account migration is enabled in your BRM database (true) or not (false). |
ece_deployed |
ocbrm |
Whether ECE is deployed in your BRM cloud native environment (true) or not (false). |
existing_rootkey_wallet |
ocbrm |
Whether you are deploying with an existing database or using an existing root key wallet:
See "Rotating the BRM Root Key" in BRM Cloud Native System Administrator's Guide for more information. |
is_upgrade |
ocbrm |
Whether to upgrade the Helm chart to Patch Set 4 (true) or not (false). See "Upgrading Your BRM Cloud Native Services". |
isSSLEnabled |
ocbrm |
For SSL-enabled deployment required in Infranet.properties. |
cmSSLTermination |
ocbrm |
Whether to make the CM the SSL endpoint for the BRM cloud native deployment.
|
customSSLWallet |
ocbrm |
Whether to use a custom TLS certificate for the CM. See "Using a Custom TLS Certificate" in BRM Cloud Native System Administrator's Guide.
|
EnableSecurityContext |
ocbrm |
Whether to enable a security context in the cluster (true) or not (false). The default is false. |
root_key_rotate |
ocbrm |
Whether to rotate the BRM root key (true) or not (false). The default is false. See "Rotating the BRM Root Key" in BRM Cloud Native System Administrator's Guide. |
brm_root_pass |
ocbrm |
Whether to rotate the BRM root password (true) or not (false). The default is false. See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide. |
rotate_password |
ocbrm |
Whether to rotate the BRM root password. See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.
|
new_brm_root_password |
ocbrm |
The new BRM root password. Use this key only when ocbrm.rotate_password is set to true. See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide. |
enable_publish |
ocbrm.cm.deployment |
Whether to publish events (1) or not (0). The default is 0. |
provisioning_enabled |
ocbrm.cm.deployment |
Whether to enable the provisioning of service orders (true) or not (false). The default is false. |
simulate_agent |
ocbrm.cm.deployment |
Whether to publish service orders (0) or not (1). The default is 1. |
custom_files.enable |
ocbrm.cm |
Whether to expose the oc-cn-helm-chart/cm_custom_files directory as a ConfigMap (true) or not (false). See "Exposing Directories as ConfigMaps" in BRM Cloud Native System Administrator's Guide. |
custom_files.path |
ocbrm.cm |
Set this to /oms/load. |
perflib_enable |
ocbrm.component.deployment |
Whether to enable monitoring of the BRM service using the performance library (Perlib), where component is cm, dm_oracle, dm_ifw_sync, or dm_aq. See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide.
|
isEnabled |
ocbrm.dm_kafka |
Whether to enable the Kafka DM (true) or not (false). The default is false. For more information about integrating BRM cloud native with a Kafka Server, see "Integrating with Kafka Servers" in BRM Cloud Native System Administrator's Guide. |
deployment.* |
ocbrm.dm_kafka |
The details for configuring the Kafka DM.
For more information about integrating BRM cloud native with a Kafka Server, see "Integrating with Kafka Servers" in BRM Cloud Native System Administrator's Guide. |
smtpServer |
ocbrm.dm_email.deployment |
Set this to your SMTP server name, such as ocbrm.us.example.com. |
create |
ocbrm.storage_class |
Whether to create a Kubernetes StorageClass (true) or not (false). |
enabled |
ocbrm.virtual_time |
Set this to true to enable pin_virtual_time. |
sync_pvt_time |
ocbrm.virtual_time |
Set this to the number of seconds between each synchronization of pin_virtual_time with all pods. The default is 0 seconds. |
db* |
ocbrm |
Set this to the same values as the ocbrm.db.* keys from oc-cn-init-db-helm-chart. See Table 6-1 for more information. |
secondaryN |
ocbrm.db.multiSchemas |
The details for connecting to your secondary database schemas, where N is 1 for the first secondary schema, 2 for the next secondary schema, and so on. Add this block only if your BRM database contains multiple schemas. This section will be commented out by default:
|
mountOptions |
ocbrm.storage_class |
Set this to the version of the external provisioner. |
provisioner |
ocbrm.dynamic_provisioner |
Set this to the name of the external provisioner. |
config_jobs.* |
ocbrm |
The details for running a configurator job, which allows you to run BRM load utilities on demand without entering into a pod.
See "Running Load Utilities through Configurator Jobs" in BRM Cloud Native System Administrator's Guide. |
brm_apps.job.* |
ocbrm |
The details for running a brm-apps job, which allows you to run BRM applications and utilities on demand without entering into a pod.
See "Running Applications and Utilities through BRM-Apps Jobs" in BRM Cloud Native System Administrator's Guide. |
Configuring BRM for a Multischema Database
Using a BRM multischema database lets you distribute customer accounts among several database schemas, providing increased storage capacity, higher performance, and easier maintenance. For more information, see "A BRM Multischema Production System" in BRM Installation Guide.
To configure your BRM cloud native environment to connect to a multischema database, do this:
-
Ensure that you deployed a multischema database in your BRM cloud native environment. See "Deploying BRM with a New Database Schema".
-
Connect the BRM server to each secondary schema:
-
Open your override-values.yaml file for oc-cn-helm-chart.
-
Enable account migration by setting the ocbrm.isAmt key to true.
-
Set the ocbrm.db.skipPrimary key to false.
-
For each secondary schema in your system, add a ocbrm.db.multiSchemas.secondaryN block, where N is 1 for the first secondary schema, 2 for the next secondary schema, and so on.
-
In each ocbrm.db.multiSchemas.secondaryN block, set the following keys:
-
deploy: Set this to true.
-
host: Set this to the hostname of the secondary schema. This key is optional.
-
port: Set this to the port number for the secondary schema. This key is optional.
-
service: Set this to the service name for the secondary schema. This key is optional.
-
schemauser: Set this to the schema user name.
-
schemapass: Set this to the schema password.
-
schematablespace: Set this to the name of the schema tablespace, such as pin01.
-
indextablespace: Set this to the name of the index tablespace, such as pinx01.
-
-
Deploy oc-cn-helm-chart by running this command from the helmcharts directory:
helm install BrmReleaseName oc-cn-helm-chart --namespace BrmNameSpace --values OverrideValuesFile
where:
-
BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance. It must be different from the one used for oc-cn-init-db-helm-chart.
-
BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.
-
OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.
The BRM Helm chart deploys new dm-oracle, amt, and rel-dameon pods, Rated Event (RE) Loader PVCs, services, ConfigMaps, and secrets. It also updates their corresponding schema entries in the primary CM and Oracle DM, and deploys multiple containers for the batch-wireless-pipe pod.
-
-
-
Set each database schema's status and priority. BRM cloud native assigns accounts to an open schema with the highest priority.
-
Open the configmap_pin_conf_testnap.yaml file.
-
Under the config_dist.conf section, add the following entries for each secondary schema in your database:
DB_NO = "schema_number" ; # database config. block PRIORITY = priority ; MAX_ACCOUNT_SIZE = 100000 ; STATUS = "status" ; SCHEMA_NAME = "schema_name" ;
-
Set the STATUS and PRIORITY entries for each primary and secondary schema:
DB_NO = "0.0.0.1" ; # Primary schema configuration block PRIORITY = priority; MAX_ACCOUNT_SIZE = 100000 ; STATUS = "status" ; SCHEMA_NAME = "schema_name" ; DB_NO = "0.0.0.2" ; # Secondary schema configuration block PRIORITY = priority; MAX_ACCOUNT_SIZE = 50000 ; STATUS = "status" ; SCHEMA_NAME = "schema_name" ;
where:
-
priority is a number representing the schema's priority, with the highest number having the most priority. For example, 5 indicates a greater priority than a value of 1. For more information, see "Modifying Database Schema Priorities" in BRM Cloud Native System Administrator's Guide.
-
status specifies whether the schema is open, closed, or unavailable. For more information, see "Modifying Database Schema Status" in BRM Cloud Native System Administrator's Guide.
-
-
Set up the configurator job to run the load_config_dist utility by adding the following lines to the oc-cn-helm-chart/config_scripts/loadme.sh script:
#!/bin/sh #cp /oms/config_dist.conf /oms/sys/test/config_dist.conf cd /oms/sys/test ; load_config_dist exit 0;
-
In the override-values.yaml file for oc-cn-helm-chart, set this key:
ocbrm.config_jobs.run_apps: Set this to true.
-
Run the helm upgrade command to update the Helm release:
helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace
The distribution information is loaded into the primary schema.
-
Update these keys in the override-values.yaml file for oc-cn-helm-chart:
-
ocbrm.config_jobs.restart_count: Increment the existing value by 1.
-
ocbrm.config_jobs.run_apps: Set this to false.
-
-
Update the Helm release again:
helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace
The CM is restarted.
-
-
Configure the account-router Pipeline Manager to route CDRs to pipelines based on the database schema POID. To do so, edit the ConfigMap file configmap_acc_router_reg.yaml.
Based on the configuration, the account router Pipeline Manager does the following:
-
Moves input files to the data PVC directory. The input file names have a prefix of router and a suffix of .edr.
-
Moves the rated output files to the input of the Rating pipeline.
-
Replicates the Rating pipeline based on the multischema entry. The Range function is used to replicate the rating pipeline.
-
Moves the output files from the Rating pipeline to the outputcdr PVC directory.
-
Your BRM cloud native environment is connected to your BRM multischema database. To manage your multischema environment, see "Managing a BRM Cloud Native Multischema System" in BRM Cloud Native System Administrator's Guide.
Configuring Pricing Design Center
Pricing Design Center (PDC) is a Web-based client application that you use to create and manage the product offerings that you sell to your customers. A product offering represents the services available to your customers and the price of those services. For more information about PDC, see Pricing Design Center Online Help.
You can optionally deploy a simple demonstration version of Pricing Design Center cloud native by using the sample PDC_OverrideValues.yaml file provided with oc-cn-helm-chart. This simple demonstration version has both SSL and ECE enabled, uploads a sample JKS certificate file, loads sample RUMs and balance elements, and starts the BRM-to-PDC synchronization process with SyncPDC.
To configure PDC to run in your BRM cloud native environment:
-
Override the PDC-specific keys in the values.yaml file for oc-cn-helm-chart. See "Adding PDC Keys for oc-cn-helm-chart".
-
Override the PDC-specific keys in the values.yaml file for oc-cn-op-job-helm-chart. See "Adding PDC Keys for oc-cn-op-job-helm-chart".
-
Set up SSO for PDC. See "Setting Up SSO for PDC Cloud Native".
After you deploy PDC in your cloud native environment, you can access the PDC GUI at one of the following URLs:
-
http://kubernetesHost:pdcPort/pdc
where:
-
kubenetesHost is the host name of the machine on which Kubernetes is deployed.
-
pdcPort is the PDC service node port.
-
-
http://loadbalanceHost:pdcNodePort/pdc
where:
-
loadbalanceHost is the host name of the machine on which the load balancer is deployed.
-
pdcNodePort is the number assigned to the PDC node port.
-
Adding PDC Keys for oc-cn-helm-chart
Table 7-5 describes the most common PDC keys that you need to override. Add these keys to your override-values.yaml file for oc-cn-helm-chart with the same path hierarchy.
For information about all PDC-specific keys, see the descriptions in the oc-cn-helm-chart/values.yaml file.
Caution:
Keys with the path ocpdc.secretValue hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64. See "Secrets" in Kubernetes Concepts.
Table 7-5 Pricing Design Center Keys for oc-cn-helm-chart
Key | Path in values.yaml | Description |
---|---|---|
isEnabled |
ocpdc |
Whether to enable and deploy PDC:
|
lang |
ocpdc |
The Linux system locale. The default is en_US.UTF-8. |
tz |
ocpdc |
The Linux time zone. The default is UTC. |
pdcBrmVolHostPath |
ocpdc |
The host path for RRE, Import-Export, BRE, or SyncPDC. To use a dynamic provisioner, leave it empty. The default is empty. Note: Provide the required permissions to the volume path by following the guidelines in "Persistent Volume Storage Locations" in the WebLogic Kubernetes Operator documentation. |
storageSize |
ocpdc |
The size of the storage path for pdcBrmHostPath. |
nodeSelector |
ocpdc |
The name of the node on which to run the following PDC pods:
Set this key if you want to constrain the PDC pods to run only on the node you specify. For more information, see "nodeSelector" in the Kubernetes documentation. Note: To override the rules for a specific PDC pod, specify a different value for the pod's nodeSelector key. For example, set the ocpdc.configEnv.transformation.syncPDC.nodeSelector key to apply rules specifically to the SyncPDC pod. |
affinity |
ocpdc |
The rules for running the following PDC pods on specific nodes:
Set this key if you want to constrain the PDC pod to run only on the nodes that meet your criteria. For more information about this key, see "Node Affinity" in the Kubernetes documentation. Note: To override the rules for a specific PDC pod, specify a different value for the pod's affinity key. For example, set the ocpdc.configEnv.transformation.importExport.affinity key to apply rules specifically to the Import-Export pod. |
domainUID |
ocpdc.wop |
The name of this PDC WebLogic Server domain. |
isVPAEnabled |
ocpdc.wop |
To enable Vertical Pod Autoscaling for the PDC domain pod, set this entry to true. The default is false. |
isVPAEnabled |
ocpdc.configEnv |
To enable Vertical Pod Autoscaling for RRE, BRE, SyncPDC, JobIE PODs, set this entry to true. The default is false. |
dbHostName |
ocpdc.configEnv |
The host name of the PDC and cross-reference database. The value must match that of oc-cn-op-job-chart. |
dbPort |
ocpdc.configEnv |
The port for the PDC and cross-reference database. The value must match that of oc-cn-op-job-chart. |
dbService |
ocpdc.configEnv |
The service name for the PDC and cross-reference database. The value must match that of oc-cn-op-job-chart. |
logLevel |
ocpdc.configEnv.transformation |
The application log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. |
MEM_ARGS |
ocpdc.configEnv.transformation |
The memory argument, surrounded by quotes. For example: "-Xms1024m -Xmx2048m -XX:CompileThreshold=8000". |
persistOutFiles |
ocpdc.configEnv.transformation |
Whether to persist the output files generated by the transformation engine:
|
isClearBRMSeedData |
ocpdc.configEnv.transformation |
Whether to clean the BRM seed data:
Note: After you deploy PDC, set isClearBRMSeedData to false and then run the helm upgrade command. This prevents user-created data in BRM using PDC from being lost when the PDC pod is restarted. |
upgrade |
ocpdc.configEnv.transformation |
Whether to upgrade from a previous release to Patch Set 4. Set this to true if you are upgrading from a previous version to Patch Set 4 or a Patch Set 4 interim patch. The default is false. Note: This field is supported only by PDC 12.0.0.3.0 with Interim Patch 32174110 and later. |
nodeSelector |
ocpdc.configEnv.transformation |
The name of the node on which to run the RRE and BRE pods. |
affinity |
ocpdc.configEnv.transformation |
The rules for running the RRE and BRE pods on specific nodes. |
BE |
ocpdc.configEnv.seedData |
Whether to load sample balance elements into the PDC database when PDC is deployed:
Note: If balance element data already exists in the PDC database, it is not overwritten. |
RUM |
ocpdc.configEnv.seedData |
Whether to load sample RUMs into the PDC database when PDC is deployed:
Note: If RUM data already exists in the PDC database, it is not overwritten. |
IE_Operation |
ocpdc.configEnv.importExport |
The operation for the ImportExportPricing utility to perform:
When you deploy PDC, ensure that this key has an empty value. Before doing a Helm upgrade to run ImportExportPricing, delete the pdc-import-export-job Kubernetes job. Don't include the hyphen (-) prefix with the value. For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide. |
IE_Component |
ocpdc.configEnv.importExport |
The type of components and objects to import or export using the ImportExportPricing utility:
Don't include the hyphen (-) prefix with the value. For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide. |
IE_File_OR_Dir_Name |
ocpdc.configEnv.importExport |
The name of the XML file or ImportExport directory that contains the list of components and objects to import into the PDC database. This XML file is used by the ImportExportPricing utility. If importing or deleting components, copy the XML file to the HostPath specified in pdcIEHostPath or in pdc-ie-pvc. Set the file's or directory's ownership and permissions to chown 1000:0 and chmod 755. |
extraCmdLineArgs |
ocpdc.configEnv.importExport |
The extra command-line arguments for the ImportExportPricing utility, apart from operation, component, and file name. The value must be surrounded by quotes. For example, "-n ObjectName". See "ImportExportPricing" in PDC Creating Product Offerings for more information. |
ImportExport Log Rotation |
ocpdc.configEnv.importExport |
The settings for rotating ImportExport log files:
See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information. |
nodeSelector affinity |
ocpdc.configEnv.importExport |
The rules for deploying the Import-Export pod on specific nodes. |
upgradeFromPS2 |
ocpdc.configEnv.syncPDC |
Whether to upgrade SyncPDC during the PDC upgrade process. Set this to true only if you are upgrading from Patch Set 2 to Patch Set 4. The default is false. See "Upgrading Your PDC Cloud Native Services" for more information. |
skipBREMigration |
ocpdc.configEnv.syncPDC |
Skips the synchronization of pipeline configuration data. The default is false. This key is ignored when ECE is enabled in a PDC system. Note: This field is supported only by PDC 12.0.0.3.0 with Interim Patch 32174110 and later. |
syncPDCStartAt |
ocpdc.configEnv.syncPDC |
The scheduled time for running the SyncPDC utility. This key is set at deployment time only. Valid values include:
For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide. |
syncPDCInterval |
ocpdc.configEnv.syncPDC |
The scheduled frequency for running the SyncPDC utility. This key is set at deployment time only. Enter a value in the format "N:U", where N is a valid number and U is one of these units: D (Daily), H (Hourly), or M (Minute). For example, enter "2:D" to run the utility every other day. Note: A value of "24:H" is not the same as "1:D" due to daylight savings time (DST). |
enrichmentFileName |
ocpdc.configEnv.syncPDC |
Set this to ECEEventEnrichmentSpec.xml. Store the enrichment file in the path specified in pdcBrmHostPath. This is applicable at both PDC deployment time and individual SyncPDC runtime. |
runSyncPDC |
ocpdc.configEnv.syncPDC |
Whether to create the SyncPDC pod:
|
SyncPDC Log Rotation |
ocpdc.configEnv.syncPDC |
The settings for rotating SyncPDC log files:
See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information. |
nodeSelector affinity |
ocpdc.configEnv.syncPDC |
The rules for deploying the SyncPDC pod on specific nodes. |
isEnabled |
ocpdc.configEnv.monitoring |
Whether to enable monitoring of PDC by using Prometheus and Grafana. For more information, see "Monitoring PDC in a Cloud Native Environment" in BRM Cloud Native System Administrator's Guide. |
walletPassword |
ocpdc.secretValue |
The passwords for the PDC application wallet and PDC BRM integration wallet. |
Adding PDC Keys for oc-cn-op-job-helm-chart
You must create an override-values.yaml for oc-cn-op-job-helm-chart and then add the PDC-specific keys in Table 7-6.
For information about all PDC-specific keys, see the descriptions in the oc-cn-op-job-helm-chart/values.yaml file.
Caution:
Keys with the path ocpdc.secretValue hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.
Table 7-6 Pricing Design Center Keys for oc-cn-op-job-helm-chart
Key | Path in values.yaml | Description |
---|---|---|
isEnabled |
ocpdc |
Whether to enable PDC jobs:
|
isClean |
ocpdc |
Whether to clean old PDC deployment and instance logs:
|
lang |
ocpdc |
The Linux system locale. The default is en_US.UTF-8. |
tz |
ocpdc |
The Linux time zone. The default is UTC. |
pdcAppVolHostPath |
ocpdc |
The host path for pdc-domain. To use a dynamic provisioner, leave it empty. The default is empty. Note: For a dynamic provisioner, ensure that oc-cn-helm-chart is deployed and that the storage class is reused. Note: Provide the required permissions to the volume path by following the guidelines in "Persistent Volume Storage Locations" in the WebLogic Kubernetes Operator documentation. |
storageSize |
ocpdc |
The size of the storage path for pdcHostPath. |
nodeSelector |
ocpdc |
The rules for scheduling a PDC job pod on a particular node using nodeSelector or affinity. pdc-domain-job: Set this key to constrain the PDC pods to run only on the node you specify. For more information, see "nodeSelector" in the Kubernetes documentation. Note: To override the rules for a specific PDC pod, specify a different value for the pod's nodeSelector key. For example, set the ocpdc.configEnv.transformation.syncPDC.nodeSelector key to apply rules specifically to the SyncPDC pod. |
affinity |
ocpdc |
The rules for scheduling a PDC job pod on a particular node using nodeSelector or affinity. pdc-domain-job: Set this key if you want to constrain the PDC pod to run only on nodes that meet your criteria. For more information, see "Node Affinity" in the Kubernetes documentation. Note: To override the rules for a specific PDC pod, specify a different value for the pod's affinity key. For example, set the ocpdc.configEnv.transformation.importExport.affinity key to apply rules specifically to the PDC Import Export pod. |
domainUID |
ocpdc.wop |
The name of this PDC WebLogic Server domain. |
includeServerOutInPodLog |
ocpdc.wop |
Whether to include the server out file in the pod's stdout log:
|
jtaTimeoutSeconds |
ocpdc.wop |
The maximum amount of time, in seconds, an active transaction is allowed to be in the first phase of a two-phase commit transaction. The default is 10000. If the time expires, the transaction is automatically rolled back. |
jtaAbandonTimeoutSeconds |
ocpdc.wop |
The maximum amount of time, in seconds, a transaction manager continues to attempt completing the second phase of a two-phase commit transaction. The default is 10000. |
stuckThreadMaxTime |
ocpdc.wop |
The number of seconds a thread must be continually working before the server considers the thread to be stuck. The default is 20000. |
idlePeriodsUntilTimeout |
ocpdc.wop |
The number of idle periods until the peer is considered to be unreachable. The default is 40. |
dataSourceXaTxnTimeout |
ocpdc.wop |
The number of seconds until the data source transaction times out. The default is 0. When set to 0, the WebLogic Server Transaction Manager passes the global WebLogic Server transaction timeout in seconds in the method. |
pdcAppSesTimeOut |
ocpdc.wop |
The PDC application (pricingui.ear) session time out, in seconds. The default is 36000. |
pdcAppSesInvInterTimeOut |
ocpdc.wop |
The PDC application (pricingui.ear) session invalid interval time out, in seconds. The default is 3000. |
exposePorts |
ocpdc.configEnv |
Exposes the SSL HTTPS port, the HTTP port, or both:
|
t3ChannelPort |
ocpdc.configEnv |
The port number for the t3 channel. The default is 30799. Use this key if PDC needs to use the t3 protocol to communicate with an external system, such as Elastic Charging Engine (ECE). Set this to a Kubernetes port number from 30000 through 32767 that is not in use. This key is mandatory. |
t3ChannelAddress |
ocpdc.configEnv |
The IP address for the primary node or load balancer. This key is optional. |
t3sChannelPort |
ocpdc.configEnv |
The port number for the t3s channel. The default is 30800. Use this key if PDC needs to use the t3s protocol to communicate with an external system such as ECE. Set this to a Kubernetes port number from 30000 through 32767 that is not in use. This key is mandatory. |
t3sChannelAddress |
ocpdc.configEnv |
If SSL is enabled in the WebLogic domain, set this to the IP address for the primary node or load balancer. This key is optional. |
USER_MEM_ARGS |
ocpdc.configEnv |
The custom memory arguments for WebLogic Admin Server. |
USER_JAVA_OPTIONS |
ocpdc.configEnv |
The custom Java options for WebLogic Admin Server. |
pdcAppLogLevel pdcAppLogFileSize pdcAppLogFileCount |
ocpdc.configEnv |
The settings for rotating Pricing Server log and tracing log files:
See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information. |
rcuJdbcURL |
ocpdc.configEnv |
The connection string for connecting to a database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS. Use the format "host:port/service". |
rcuPrefix |
ocpdc.configEnv |
The prefix for the PDC domain RCU schema. For example, if the prefix is XYZ and the schema name is STB, the PDC domain RCU schema name will be XYZ_STB. |
rcuRecreate |
ocpdc.configEnv |
Whether to re-create the PDC domain.
|
isCustomWLSPython |
ocpdc.configEnv |
Whether to run your custom WebLogic Python files:
Set each file's ownership and permissions to chown 1000:0 and chmod 777. |
addOPSSWallet |
ocpdc.configEnv |
Whether to copy the OPSS wallet:
Note: The ewallet.p12 file will not be available in pdc-app-pvc/stores/opss_wallet after the first job chart run or a new RCU prefix. |
honorOMF |
ocpdc.configEnv |
Whether the RDS database honors the Oracle-Managed Files (OMF) naming format:
|
keyStoreType |
ocpdc.configEnv |
The SSL KeyStore type for the PDC domain. The default is JKS. |
keyStoreAlias |
ocpdc.configEnv |
The alias name for the PDC domain SSL KeyStore. The default is WeblogicPDCTestAlias. |
keyStoreIdentityFileName |
ocpdc.configEnv |
The name of the PDC domain SSL KeyStore Identity file. The default is defaultserver.jks. The defaultserver.jks file is created during PDC deployment if it does not already exist. |
keyStoreTrustFileName |
ocpdc.configEnv |
The name of the PDC domain SSL TrustStore file. The default is defaultclient.jks. The defaultclient.jks file is created during PDC deployment if it does not already exist. |
isSSOEnabled |
ocpdc.configEnv |
Set to true to configure and use SAML 2.0 SSO service. The default is false. |
samlAsserterName |
ocpdc.configEnv |
The name of the SAML Asserter. It should be the same as OEM or IDCS. The default is pdcSAML2IdentityAsserter. |
ssoPublishedSiteURL |
ocpdc.configEnv |
The base URL used to construct endpoint URLs, typically, the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2. |
ssoDefaultURL |
ocpdc.configEnv |
The URL to which unsolicited authentication responses are sent if they do not contain an accompanying target URL. |
ssoLogoutURL |
ocpdc.configEnv |
The URL where users are redirected after they log out from the application (OEM or IDCS log out). |
dbHostName |
ocpdc.configEnv |
The host name of the PDC and cross-reference database. |
dbPort |
ocpdc.configEnv |
The port for the PDC and cross-reference database. |
dbService |
ocpdc.configEnv |
The service name for the PDC and cross-reference database. |
dbSysDBAUser |
ocpdc.configEnv |
The SYS, System, or Sys DBA user for the PDC and cross-reference database. If this key is not configured, PDC assumes that pdcSchemaUserName and crossRefSchemaUserName are already present on the database with the required permissions. |
dbSysDBARole |
ocpdc.configEnv |
The role of the PDC and cross-reference database SYS, System, or Sys DBA user. |
dbSSLMode |
ocpdc.configEnv |
The type of SSL connection required for connecting to the database:
If set to ONE_WAY or TWO_WAY, place the database wallet in the oc-cn-helm-chart/pdc/pdc_db_wallet directory. Create the directory structure if it is not present and do not change the directory name. |
dbWalletType |
ocpdc.configEnv |
The type of file specified as the TrustStore for SSL connections: SSO or pkcs12. SSO is the recommended value. |
crossRefSchemaPDCTableSpace |
ocpdc.configEnv |
The name of the PDC tablespace for the transformation cross-reference schema. This field is case-sensitive. |
crossRefSchemaTempTableSpace |
ocpdc.configEnv |
The name of the temporary tablespace for the transformation cross-reference schema. This field is case-sensitive. |
crossRefSchemaUserName |
ocpdc.configEnv |
The cross-reference database schema user name. |
pdcSchemaPDCTableSpace |
ocpdc.configEnv |
The tablespace name of the PDC schema. This field is case-sensitive. |
pdcSchemaTempTableSpace |
ocpdc.configEnv |
The tablespace name of the temporary schema. This field is case-sensitive. |
pdcSchemaUserName |
ocpdc.configEnv |
The PDC database schema user name. |
pdcAdminUser |
ocpdc.configEnv |
The PDC admin user name, which includes the Pricing Design Admin role. |
adminPassword |
ocpdc.secretValue |
The password for the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations. |
rcuSchemaPassword |
ocpdc.secretValue |
The password for the Oracle Fusion Middleware product schemas that will be created by RCU and used by OPSS. |
keyStoreIdentityKeyPass |
ocpdc.secretValue |
The password for the PDC domain SSL identity key. |
keyStoreIdentityStorePass |
ocpdc.secretValue |
The password for the PDC domain SSL identity store. |
keyStoreTrustStorePass |
ocpdc.secretValue |
The password for the PDC domain SSL TrustStore. |
pdcSchemaPassword |
ocpdc.secretValue |
The password for the PDC database schema user. |
crossRefSchemaPassword |
ocpdc.secretValue |
The password for the transformation cross-reference database schema user. |
dbWalletPassword |
ocpdc.secretValue |
The password for the database SSL wallet. This key is required if dbWalletType is set to pkcs12. |
walletPassword |
ocpdc.secretValue |
The passwords for the PDC application wallet and PDC BRM integration wallet. |
pdcAdminUserPassword |
ocpdc.secretValue |
The password for the PDC admin user, which includes the Pricing Design Admin role. |
Setting Up SSO for PDC Cloud Native
SSO allows users to log in to applications using a single user name and password combination. You set up SSO for PDC cloud native services by using SAML 2.0.
Note:
SSO is supported only in these versions of PDC cloud native:
-
12.0 Patch Set 5 with Interim Patch 35134293 or later
-
12.0 Patch Set 6 with Interim Patch 36449501 or later
-
12.0 Patch Set 8
These release versions use a WebLogic Kubernetes Operator domain home source type of Domain on Persistent Volume (PV), which supports SSO. In these releases, the oc-cn-op-job-helm-chart/values.yaml file includes new keys for supporting SSO. For information, see the comments in the values.yaml file.
The 12.0 Patch Set 7 release uses a WebLogic Kubernetes Operator domain home source type of Model in Image, which does not support SSO.
To set up SSO for PDC:
-
Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.
For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.
-
Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/pdc/idp directory.
-
Configure the KeyStores needed by SAML 2.0:
-
Generate Identity and Trust KeyStores.
-
Move your KeyStore files, such as identity.p12 and trust.p12, to the oc-cn-op-job-helm-chart/pdc/pdc_keystore directory.
-
-
In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:
-
ocpdc.configEnv.isSSOEnabled: Set this to true.
-
ocpdc.configEnv.keyStoreAlias: Set this to the private key alias of the KeyStore.
-
ocpdc.configEnv.keyStoreType: Set this to the file type of the SSL Identity and Trust KeyStore, which is either PKCS12 or JKS. The default is PKCS12.
-
ocpdc.configEnv.keyStoreIdentityFileName: Set this to the name of the Identity KeyStore file.
-
ocpdc.configEnv.keyStoreTrustFileName: Set this to the name of the Trust KeyStore file.
-
ocpdc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is pdcSAML2IdentityAsserter.
-
ocpdc.configEnv.ssoPublishedSiteURL: Set this to the base URL used to construct endpoint URLs. This is typically the load balancer host and port where the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.
-
ocpdc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.
-
ocpdc.secretValue.keyStoreIdentityStorePass: Set this to the StorePass for the Identity KeyStore.
-
ocpdc.secretValue.keyStoreIdentityKeyPass: Set this to the KeyPass for the Identity KeyStore.
-
ocpdc.secretValue.keyStoreTrustStorePass: Set this to the StorePass for the Trust KeyStore.
-
-
Configure your load balancer's rules to send responses to the PDC WebLogic domain with /saml2 appended to the URL path.
Note:
Add this rule to your existing load balancer rules for routing responses to PDC (/pdc), the load balancer host name, and so on.
-
Deploy your PDC cloud native services by following the instructions in "Deploying BRM Cloud Native Services".
-
After PDC is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your PDC domain specified in the ocpdc.wop.domainUID key.
The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to PDC.
-
Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.
For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.
PDC Post-Deployment Steps
Some scenarios may require you to re-create the WebLogic domain between updates. To re-create the domain and allow it to access the same set of tables, the WebLogic domain needs the wallet password Secret, the OPSS wallet file, and the information for accessing the RCU database. Without the wallet file and wallet password, you cannot re-create a domain accessing the same set of tables.
To extract the OPSS wallet and the wallet password Secret from a deployed domain, do the following:
-
After oc-cn-op-job-helm-chart deploys successfully, copy the OPSS wallet from pdc-app-pvc/stores/opss_wallet/ewallet.p12 to a safe location.
-
Copy the ewallet.p12 file to oc-cn-op-job-helm-chart/pdc/opss_wallet.
-
In your override-values.yaml file for oc-cn-op-job-helm-chart, set ocpdc.configEnv.addOPSSWallet to true.
-
Run the helm upgrade command:
helm upgrade OpJobReleaseName oc-cn-op-job-helm-chart --namespace BrmNameSpace --values OverrideValuesFile
where:
-
OpJobReleaseName is the release name for oc-cn-op-job-helm-chart.
-
BrmNameSpace is the name space in which BRM Kubernetes reside.
-
OverrideValuesFile is the path to a YAML file that overrides the default configurations in the oc-cn-op-job-helm-chart/values.yaml file.
-
Configuring Pipeline Configuration Center
Configuring Pipeline Configuration Center (PCC) involves these high-level steps:
-
Overriding the PCC-specific keys in the values.yaml file. See "Adding Pipeline Configuration Center Keys".
-
After PCC is deployed, enabling SSL in the WebLogic domain. See "Enabling SSL in Your Pipeline Configuration Center Domain".
-
Setting up your PCC log files. See "About Pipeline Configuration Center Logs".
Adding Pipeline Configuration Center Keys
Table 7-7 lists the keys that directly impact PCC deployment. Add these keys to your override-values.yaml file for oc-cn-helm-chart.
Table 7-7 Pipeline Configuration Center Keys
Key | Path in Values.yaml File | Description |
---|---|---|
imageName |
ocpcc.pcc.deployment |
The name of the PCC image, such as oracle/pcc. |
imageTag |
ocpcc.pcc.deployment |
The tag name for the PCC image, such as 12.0.0.x.0. |
httpPort |
ocpcc.pcc.configEnv |
The container HTTP port on which PCC will be running. |
httpsPort |
ocpcc.pcc.configEnv |
The container HTTPS port on which PCC will be running. |
isSSLEnabled |
ocpcc.pcc.configEnv |
Set this to true if you want to run PCC on an SSL-enabled port. Otherwise, set this to false. |
keyStoreType |
ocpcc.pcc.configEnv |
The KeyStore type, such as PKCS12 or JKS. |
keyStoreAlias |
ocpcc.pcc.configEnv |
The string alias used to store and retrieve the server's private key. This is used for setting up the SSL-enabled domain. |
keyStoreIdentityFileName |
ocpcc.pcc.configEnv |
The name of your KeyStore file. |
keyStoreTrustFileName |
ocpcc.pcc.configEnv |
The name of your TrustStore file. |
adminUser |
ocpcc.pcc.configEnv |
The WebLogic Server domain administrator user name, which is usually weblogic. |
adminPort |
ocpcc.pcc.configEnv |
The WebLogic Server domain administrator port. |
isAdminPortEnabled |
ocpcc.pcc.configEnv |
Set this to true if a separate admin port needs to enabled for PCC. Otherwise, set this to false. |
rcuJdbcURL |
ocpcc.pcc.configEnv |
The connection string for connecting to the database where schemas needed by Oracle Fusion Middleware products are created, especially OPSS. Use the format "host:port/service". |
rcuSysDBAUser |
ocpcc.pcc.configEnv |
The database user name. The default user name for Oracle databases is SYS. |
rcuPrefix |
ocpcc.pcc.configEnv |
The RCU prefix for the database schema name. |
rcuRecreate |
ocpcc.pcc.configEnv |
Set this to true to drop and re-create an existing database schema. Otherwise, set this to false. |
featureSets |
ocpcc.pcc.configEnv |
The feature set and patch set you are deploying (that is, PCC:12.0.0.x.0). |
brmServicePoidId |
ocpcc.pcc.configEnv |
The POID for the BRM service. |
brmServiceType |
ocpcc.pcc.configEnv |
The BRM service type (that is, /service/admin_client). |
brmRootLogin |
ocpcc.pcc.configEnv |
The BRM root login user name. |
pccUser |
ocpcc.pcc.configEnv |
The PCC user name to be created as part of installation. |
enabled |
ocpcc.pcc.metrics |
Whether to expose the metrics URL for PCC (true) or not (false). See "Monitoring Your BRM Cloud Native Deployment" in BRM Cloud Native System Administrator's Guide. |
isEnabled |
ocpcc.pcc.metrics.prometheus |
Whether Prometheus Operator is running and metrics need to be scraped (true) or not (false). |
namespace |
ocpcc.pcc.metrics.prometheus |
The namespace on which Prometheus Operator is running. |
Table 7-8 lists the secret keys that directly impact PCC deployment. These keys hold sensitive data and must be handled carefully with controlled access to the file containing its values. See "Secrets" in Kubernetes Concepts.
Add these secret keys to your override-values.yaml file, and encode all of their values in Base64.
Note:
-
You can encode strings in Linux by using this command:
echo -n 'string' | base64
-
You can decode strings in Linux by using this command:
echo 'encoded_string' | base64 --decode
Table 7-8 Pipeline Configuration Center Secret Keys
Key | Description |
---|---|
ocpcc.pcc.secretVal.adminPassword |
The WebLogic Server administrative password encoded in Base64. |
ocpcc.pcc.secretVal.walletPassword |
The PCC wallet password encoded in Base64. |
ocpcc.pcc.secretVal.rcuSysDBAPassword |
The Database Administrator password encoded in Base64. |
ocpcc.pcc.secretVal.rcuSchemaPassword |
The password for schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS. The value must be Base64-encoded. |
ocpcc.pcc.secretVal.keyStoreIdentityKeyPass |
The KeyPass of Identity Keystore, which is used for setting up the SSL-enabled domain. The value must be Base64-encoded. |
ocpcc.pcc.secretVal.keyStoreIdentityStorePass |
The StorePass of Identity Keystore, which is used for setting up the SSL-enabled domain. This value must be Base64-encoded. |
ocpcc.pcc.secretVal.keyStoreTrustStorePass |
The StorePass of the Trust Keystore, which is used for setting up the SSL-enabled domain. This value must be Base64-encoded. |
ocpcc.pcc.secretVal.pccUserPassword |
The PCC user password encoded in Base64. |
Enabling SSL in Your Pipeline Configuration Center Domain
To access PCC over the HTTPS port, SSL must be enabled in the WebLogic domain where PCC is deployed. The BRM cloud native deployment package takes care of the configuration necessary to equip the WebLogic domain with SSL access.
To complete the configuration for SSL setup:
-
Create a keystore_pcc directory under oc-cn-helm-chart/pcc.
-
Copy PKCS12 files with valid certificates to the oc-cn-helm-chart/pcc/keystore_pcc directory:
-
identity.p12: Provides the certificate to identify the server.
-
trust.p12: Establishes trust for the certificate.
If your KeyStore files have different file names or file types, such as JKS, override the keyStoreIdentityFileName, keyStoreTrustFileName, and keyStoreType keys in the override-values.yaml file for oc-cn-helm-chart.
-
During deployment, Helm uses these KeyStore files to create a Secret, which will be mounted as a volume inside the pcc pod.
About Pipeline Configuration Center Logs
Log files for Pipeline Configuration Center are stored in the container's /u01/logs directory. This directory also contains domain logs, server logs, and RCU logs.
Because the container's /u01/logs directory has an emptyDir volume mount, the log files will be deleted when a pod is removed from a node. To retain your log files, you can either:
-
Attach a side-car application logging service, which copies the log files outside of the container for analysis.
-
Change the type of volume mount and directly persist the log files on permanent storage disk.