1. Cloud Native Deployment Guide
  2. Configuring and Deploying BRM Cloud Native
  3. Configuring BRM Server, PDC, and PCC Services

7 Configuring BRM Server, PDC, and PCC Services

Learn how to configure the Oracle Communications Billing and Revenue Management (BRM) server, Pricing Design Center (PDC), and Pipeline Configuration Center (PCC) in your cloud native environment.

Topics in this document:

About Configuring BRM Cloud Native Services

You configure and deploy BRM cloud native services, such as BRM, PDC, and PCC, by using the BRM Helm chart (oc-cn-helm-chart). YAML descriptors in the oc-cn-helm-chart/templates directory use the oc-cn-helm-chart/values.yaml file for most of the values. The values.yaml file itself includes comments that describe each key. You can override the values by creating an override-values.yaml file.

Oracle recommends that you read the values.yaml file at least once to become familiar with all of the options available.

Creating Secrets for Docker Registry Authorization

You can automatically pull images from your private Docker registry by creating an ImagePullSecrets, which contains a list of authorization tokens (or Secrets) for accessing a private Docker registry. You then add references to the ImagePullSecrets in your BRM Helm chart's override-values.yaml file. This allows pods to submit the Secret to the private Docker registry whenever they want to pull images.

Automatically pulling images from a private Docker registry involves these high-level steps:

  1. Create a Secret outside of the Helm chart by entering this command:

    kubectl create secret docker-registry SecretName --docker-server=RegistryServer --docker-username=UserName --docker-password=Password -n NameSpace

    where:

    • SecretName is the name of your Kubernetes Secret

    • RegistryServer is your private Docker registry's FQDN (repoHost:repoPort)

    • UserName and Password are your private Docker registry's user name and password

    • NameSpace is the namespace you will use for installing BRM Helm charts

    For example:

    kubectl create secret docker-registry cgbu-docker-registry --docker-server=mydockerimages.com:2660/ --docker-username=xyz --docker-password=password -n oms

  2. Add the imagePullSecrets key to your override-values.yaml file for oc-cn-helm-chart: 

    imagePullSecrets: SecretName

  3. Add the ocbrm.imageRepository key to your override-values.yaml file: 

    imageRepository: "RegistryServer"

  4. Deploy oc-cn-helm-chart.

Configuring Global Values

Table 7-1 lists the keys that apply to all BRM components. To set or change the values, add them to your override_values.yaml file for oc-cn-helm-chart.

Table 7-1 Global Keys in Values.yaml File

Key Description

imageRepository

The registry server where you have pushed images. Typically, in the format “RepoHost:RepoPort/”.

The value is added as a prefix to all image names when you install or upgrade Helm charts.

This key is empty by default.

imagePullSecrets

The name of the Secret that contains credentials for accessing images from your private image server.

This is added to each pod to give it permission to pull the image from your private registry server. See "Creating Secrets for Docker Registry Authorization" for more information.

This key is empty by default.

uniPass

Use this key to apply a uniform password to all BRM cloud native services, including:

  • Database Schemas
  • BRM Root Login
  • Oracle Wallets
  • WebLogic User

To override this password for a specific service, specify a different password in the service's key.

Note: Use this key for test or demonstration systems only.

db.*

The details for connecting to a shared database. The keys in this section take precedence over other database connection keys.

Add these keys only if your system uses a shared database:

  • sslMode: The type of SSL connection required for connecting to the database:

    • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.
    • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.
    • NO: SSL authentication is not required.

  • host: The host name or IP address of the database server.

  • port: The port number of the database server.

  • user: The user name of the database administrator.

  • password: The password of the database system administrator.

  • serviceName: The service name that identifies the database.

  • role: The role assigned to the DBA user.

  • walletPassword: The password for accessing the certificates from the TrustStore and KeyStore. This is required if sslMode is set to ONE_WAY or TWO_WAY.

  • walletType: The type of file specified as the TrustStore or KeyStore for SSL connections: SSO or pkcs12.

Specifying the BRM Services to Deploy

Some BRM cloud native services are enabled by default, while others are disabled. Ensure that your override-values.yaml file is set up to deploy the services that you want to include in your BRM cloud native environment.

BRM Cloud Native Services Enabled by Default

Table 7-2 lists the BRM cloud native services that are deployed by default. To exclude them from your deployment, set the keys to false in your override-values.yaml file for oc-cn-helm-chart.

Table 7-2 BRM Services Enabled By Default

BRM Service override-values.yaml Key

Account Synchronization Data Manager

ocbrm.dm_ifw_sync.isEnabled

Batch Pipeline

 ocbrm.batchpipe.isEnabled

Connection Manager

ocbrm.cm.isEnabled

Oracle Data Manager

ocbrm.dm_oracle.isEnabled

Rated Event Loader

ocbrm.rel_daemon.isEnabled

Realtime Pipeline

ocbrm.realtimepipe.isEnabled

BRM Cloud Native Services Disabled By Default

Table 7-3 lists the BRM cloud native services that are not deployed by default. To include them in your BRM cloud native deployment, set the keys to true in your override-values.yaml file for oc-cn-helm-chart.

Table 7-3 BRM Services Disabled By Default

BRM Service override-values.yaml Key

Advanced Queuing Data Manager

ocbrm.dm_aq.isEnabled

Batch Controller

ocbrm.batch_controller.isEnabled
BRM Apps Jobs

ocbrm.brm_apps.job.isEnabled

BRM REST Services Manager

ocsrm.rsm.isEnabled

Email Data Manager

ocbrm.dm_email.isEnabled

Enterprise Application Integration Data Manager

ocbrm.dm_eai.isEnabled

Invoicing Formatter

ocbrm.formatter.isEnabled

Invoicing Data Manager

ocbrm.dm_invoice.isEnabled

Kafka Data Manager

ocbrm.dm_kafka.isEnabled

LDAP Data Manager

ocbrm.dm_ldap.isEnabled

Paymentech Data Manager

ocbrm.dm_fusa.isEnabled

PDC REST Services Manager

ocpdcrsm.labels.isEnabled

Provisioning Data Manager

ocbrm.dm_prov_telco.isEnabled

Roaming Pipeline

ocbrm.roampipe.isEnabled

Vertex Data Manager

ocbrm.dm_vertex.isEnabled

Web Services Manager with WebLogic

ocbrm.wsm.deployment.weblogic.isEnabled

Web Services Manager with TomCat

ocbrm.wsm.deployment.tomcat.isEnabled

Configuring the BRM Server

To configure the BRM server to run in your cloud native environment, you override the BRM server-specific keys in the values.yaml file for oc-cn-helm-chart. Table 7-4 lists the keys that directly impact BRM Server pods. Add these keys to your override-values.yaml file with the same path hierarchy.

Note:

You can optionally deploy a simple demonstration version of BRM cloud native by using the sample override_values.yaml file that is packaged with oc-cn-helm-chart. This sample override file contains the bare minimum keys that you need to update to create a simple BRM cloud native system with the following services enabled by default: Account Synchronization DM, Batch Pipeline, CM, Oracle DM, RE Loader, Realtime Pipeline, Billing Care, Billing Care REST API, Business Operations Center, and PDC.

Table 7-4 BRM Server Keys

Key Path in values.yaml File Description

prometheus

monitoring

Details for monitoring BRM cloud native services by using Prometheus:

  • jmx_exporter.enable: Whether to enable the JMX exporter for Prometheus (true) or not (false).

  • operator.enable: Whether to use Prometheus Operator (true) or standalone Prometheus (false).

  • operator.namespace: The namespace in which Prometheus Operator is deployed.

  • operator.release: The release name for Prometheus Operator.

See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide for more information.

isAmt

ocbrm

Whether account migration is enabled in your BRM database (true) or not (false).

ece_deployed

ocbrm

Whether ECE is deployed in your BRM cloud native environment (true) or not (false).

existing_rootkey_wallet

ocbrm

Whether you are deploying with an existing database or using an existing root key wallet:

  • true: You are deploying with an existing database or are using an existing root key wallet.

  • false: You are deploying with a new database and are using a new root key wallet. This is the default.

    When set to false, the BRM Helm chart runs lds-config-job to load default strings into BRM during the deployment process. Manually delete lds-config-job after BRM is deployed successfully.

See "Rotating the BRM Root Key" in BRM Cloud Native System Administrator's Guide for more information.

is_upgrade

ocbrm

Whether to upgrade the Helm chart to Patch Set 4 (true) or not (false). See "Upgrading Your BRM Cloud Native Services".

isSSLEnabled

ocbrm

For SSL-enabled deployment required in Infranet.properties.

cmSSLTermination

ocbrm

Whether to make the CM the SSL endpoint for the BRM cloud native deployment.

  • true: The CM is the SSL endpoint. In this case, TLS can be enabled only between BRM client applications and the CM. TLS is disabled between CM and all downstream components such as DMs and EMs. Communication between external clients and the CM will still be encrypted by TLS 1.2. This setting can increase performance, because it eliminates the overhead needed to handle TLS before processing the PCP packets.

    When set to true, also set the isSSLEnabled key to true.

  • false: SSL is enabled across all components, from client to CM to DMs and EMs. This is the default.

customSSLWallet

ocbrm

Whether to use a custom TLS certificate for the CM. See "Using a Custom TLS Certificate" in BRM Cloud Native System Administrator's Guide.

  • true: A custom TLS certificate is used for the CM.

    When set to true, also set the cmSSLTermination key to true and move the Oracle wallet (brm_custom_wallet) containing the custom TLS certificate to the top level of the Helm chart.

  • false: The default TLS certificate is used for the CM. This is the default.

EnableSecurityContext

ocbrm

Whether to enable a security context in the cluster (true) or not (false). The default is false.

root_key_rotate

ocbrm

Whether to rotate the BRM root key (true) or not (false). The default is false. See "Rotating the BRM Root Key" in BRM Cloud Native System Administrator's Guide.

brm_root_pass

ocbrm

Whether to rotate the BRM root password (true) or not (false). The default is false. See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.

rotate_password

ocbrm

Whether to rotate the BRM root password. See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.

  • true: The BRM root password is replaced with the one specified in the new_brm_root_password key.

  • false: The BRM root password is not changed. This is the default.

new_brm_root_password

ocbrm

The new BRM root password. Use this key only when ocbrm.rotate_password is set to true. See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.

enable_publish

ocbrm.cm.deployment

Whether to publish events (1) or not (0).

The default is 0.

provisioning_enabled

ocbrm.cm.deployment

Whether to enable the provisioning of service orders (true) or not (false).

The default is false.

simulate_agent

ocbrm.cm.deployment

Whether to publish service orders (0) or not (1).

The default is 1.

custom_files.enable

ocbrm.cm

Whether to expose the oc-cn-helm-chart/cm_custom_files directory as a ConfigMap (true) or not (false). See "Exposing Directories as ConfigMaps" in BRM Cloud Native System Administrator's Guide.

custom_files.path

ocbrm.cm

Set this to /oms/load.

perflib_enable

ocbrm.component.deployment

Whether to enable monitoring of the BRM service using the performance library (Perlib), where component is cm, dm_oracle, dm_ifw_sync, or dm_aq. See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide.

  • true: PerfLib is enabled for the specified component. The PerfLib container will expose the metrics for the specified component, which can be scraped by Prometheus.

  • false: PerfLib is disabled for the specified component. This is the default.

isEnabled

ocbrm.dm_kafka

Whether to enable the Kafka DM (true) or not (false). The default is false.

For more information about integrating BRM cloud native with a Kafka Server, see "Integrating with Kafka Servers" in BRM Cloud Native System Administrator's Guide.

deployment.*

ocbrm.dm_kafka

The details for configuring the Kafka DM.

  • kafka_bootstrap_server_list: Set this to a comma-separated list of addresses for the Kafka brokers in this format: hostname1:port1, hostname2:port2.

  • poolSize: Set this to the number of threads that can run in the JS server to accept requests from the CM. Enter a number from 1 through 2000. The default is 64.

  • topicName: Set this to the name of the default Kafka topic. The default name is BRM.

  • topicFormat: Set this to the format of the payload that is published to the default Kafka topic: XML or JSON.

  • topicStyle: The style of XML payloads: ShortName, CamelCase, NewShortName, or OC3CNotification.

  • isSecurityEnabled: Whether to enable SSL between Kafka DM and Kafka Server (true) or not (false).

  • trustStorePassword: The TrustStore password in Base64 format. Required only if SSL is enabled.

  • keyStorePassword: The KeyStore password in Base64 format. Required only if SSL is enabled.

  • keyPassword: The password of a key in the KeyStore in Base64 format. Required only if SSL is enabled.

  • password: The password in Base64 format. Required only if SSL is enabled.

For more information about integrating BRM cloud native with a Kafka Server, see "Integrating with Kafka Servers" in BRM Cloud Native System Administrator's Guide.

smtpServer

ocbrm.dm_email.deployment

Set this to your SMTP server name, such as ocbrm.us.example.com.

create

ocbrm.storage_class

Whether to create a Kubernetes StorageClass (true) or not (false).

enabled

ocbrm.virtual_time

Set this to true to enable pin_virtual_time.

sync_pvt_time

ocbrm.virtual_time

Set this to the number of seconds between each synchronization of pin_virtual_time with all pods. The default is 0 seconds.

db*

ocbrm

Set this to the same values as the ocbrm.db.* keys from oc-cn-init-db-helm-chart. See Table 6-1 for more information.

secondaryN

ocbrm.db.multiSchemas

The details for connecting to your secondary database schemas, where N is 1 for the first secondary schema, 2 for the next secondary schema, and so on.

Add this block only if your BRM database contains multiple schemas. This section will be commented out by default:

multiSchemas: 
   secondary1: 
      host: localhost 
      port: 1521 
      service: pindb 
      schemauser: 
      schemapass: 
      schematablespace: 
      indextablespace:

See "Configuring BRM for a Multischema Database".

mountOptions

ocbrm.storage_class

Set this to the version of the external provisioner.

provisioner

ocbrm.dynamic_provisioner

Set this to the name of the external provisioner.

config_jobs.*

ocbrm

The details for running a configurator job, which allows you to run BRM load utilities on demand without entering into a pod.

  • run_apps: Set to true to enable a configurator job.

  • isMultiSchema: Specifies whether to run the commands in the loadme.sh script on the secondary schemas.

  • restart_count: Increment this count by 1 to restart the CM.

  • script_name: The name of the script that contains the load utilities you want to run. The default is loadme.sh.

See "Running Load Utilities through Configurator Jobs" in BRM Cloud Native System Administrator's Guide.

brm_apps.job.*

ocbrm

The details for running a brm-apps job, which allows you to run BRM applications and utilities on demand without entering into a pod.

  • isEnabled: Set to true to enable a configurator job.

  • isMultiSchema: Specifies whether to run the pin_multidb script, which replicates configuration data from the primary schema to all secondary schemas.

  • script_name: The name of the script that contains the utilities and applications you want to run. The default is loadme.sh.

See "Running Applications and Utilities through BRM-Apps Jobs" in BRM Cloud Native System Administrator's Guide.

Configuring BRM for a Multischema Database

Using a BRM multischema database lets you distribute customer accounts among several database schemas, providing increased storage capacity, higher performance, and easier maintenance. For more information, see "A BRM Multischema Production System" in BRM Installation Guide.

To configure your BRM cloud native environment to connect to a multischema database, do this:

  1. Ensure that you deployed a multischema database in your BRM cloud native environment. See "Deploying BRM with a New Database Schema".

  2. Connect the BRM server to each secondary schema:

    1. Open your override-values.yaml file for oc-cn-helm-chart.

    2. Enable account migration by setting the ocbrm.isAmt key to true.

    3. Set the ocbrm.db.skipPrimary key to false.

    4. For each secondary schema in your system, add a ocbrm.db.multiSchemas.secondaryN block, where N is 1 for the first secondary schema, 2 for the next secondary schema, and so on.

    5. In each ocbrm.db.multiSchemas.secondaryN block, set the following keys:

      • deploy: Set this to true.

      • host: Set this to the hostname of the secondary schema. This key is optional.

      • port: Set this to the port number for the secondary schema. This key is optional.

      • service: Set this to the service name for the secondary schema. This key is optional.

      • schemauser: Set this to the schema user name.

      • schemapass: Set this to the schema password.

      • schematablespace: Set this to the name of the schema tablespace, such as pin01.

      • indextablespace: Set this to the name of the index tablespace, such as pinx01.

    6. Deploy oc-cn-helm-chart by running this command from the helmcharts directory: 

      helm install BrmReleaseName oc-cn-helm-chart --namespace BrmNameSpace --values OverrideValuesFile

      where:

      • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance. It must be different from the one used for oc-cn-init-db-helm-chart.

      • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

      • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.

      The BRM Helm chart deploys new dm-oracle, amt, and rel-dameon pods, Rated Event (RE) Loader PVCs, services, ConfigMaps, and secrets. It also updates their corresponding schema entries in the primary CM and Oracle DM, and deploys multiple containers for the batch-wireless-pipe pod.

  3. Set each database schema's status and priority. BRM cloud native assigns accounts to an open schema with the highest priority.

    1. Open the configmap_pin_conf_testnap.yaml file.

    2. Under the config_dist.conf section, add the following entries for each secondary schema in your database: 

      DB_NO = "schema_number" ;             # database config. block
PRIORITY = priority ;
MAX_ACCOUNT_SIZE = 100000 ;
STATUS = "status" ;
SCHEMA_NAME = "schema_name" ;

    3. Set the STATUS and PRIORITY entries for each primary and secondary schema: 

      DB_NO = "0.0.0.1" ;             # Primary schema configuration block
PRIORITY = priority;
MAX_ACCOUNT_SIZE = 100000 ;
STATUS = "status" ;
SCHEMA_NAME = "schema_name" ;
  
DB_NO = "0.0.0.2" ;             # Secondary schema configuration block
PRIORITY = priority;
MAX_ACCOUNT_SIZE = 50000 ;
STATUS = "status" ;
SCHEMA_NAME = "schema_name" ;

      where:

      • priority is a number representing the schema's priority, with the highest number having the most priority. For example, 5 indicates a greater priority than a value of 1. For more information, see "Modifying Database Schema Priorities" in BRM Cloud Native System Administrator's Guide.

      • status specifies whether the schema is open, closed, or unavailable. For more information, see "Modifying Database Schema Status" in BRM Cloud Native System Administrator's Guide.

    4. Set up the configurator job to run the load_config_dist utility by adding the following lines to the oc-cn-helm-chart/config_scripts/loadme.sh script: 

      #!/bin/sh
 
#cp /oms/config_dist.conf /oms/sys/test/config_dist.conf
cd /oms/sys/test ; load_config_dist
exit 0;

    5. In the override-values.yaml file for oc-cn-helm-chart, set this key:

      ocbrm.config_jobs.run_apps: Set this to true.

    6. Run the helm upgrade command to update the Helm release: 

      helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace

      The distribution information is loaded into the primary schema.

    7. Update these keys in the override-values.yaml file for oc-cn-helm-chart:

      • ocbrm.config_jobs.restart_count: Increment the existing value by 1.

      • ocbrm.config_jobs.run_apps: Set this to false.

    8. Update the Helm release again:

      helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace

      The CM is restarted.

  4. Configure the account-router Pipeline Manager to route CDRs to pipelines based on the database schema POID. To do so, edit the ConfigMap file configmap_acc_router_reg.yaml.

    Based on the configuration, the account router Pipeline Manager does the following:

    • Moves input files to the data PVC directory. The input file names have a prefix of router and a suffix of .edr.

    • Moves the rated output files to the input of the Rating pipeline.

    • Replicates the Rating pipeline based on the multischema entry. The Range function is used to replicate the rating pipeline.

    • Moves the output files from the Rating pipeline to the outputcdr PVC directory.

Your BRM cloud native environment is connected to your BRM multischema database. To manage your multischema environment, see "Managing a BRM Cloud Native Multischema System" in BRM Cloud Native System Administrator's Guide.

Configuring Pricing Design Center

Pricing Design Center (PDC) is a Web-based client application that you use to create and manage the product offerings that you sell to your customers. A product offering represents the services available to your customers and the price of those services. For more information about PDC, see Pricing Design Center Online Help.

You can optionally deploy a simple demonstration version of Pricing Design Center cloud native by using the sample PDC_OverrideValues.yaml file provided with oc-cn-helm-chart. This simple demonstration version has both SSL and ECE enabled, uploads a sample JKS certificate file, loads sample RUMs and balance elements, and starts the BRM-to-PDC synchronization process with SyncPDC.

To configure PDC to run in your BRM cloud native environment:

  1. Override the PDC-specific keys in the values.yaml file for oc-cn-helm-chart. See "Adding PDC Keys for oc-cn-helm-chart".

  2. Override the PDC-specific keys in the values.yaml file for oc-cn-op-job-helm-chart. See "Adding PDC Keys for oc-cn-op-job-helm-chart".

  3. Set up SSO for PDC. See "Setting Up SSO for PDC Cloud Native".

After you deploy PDC in your cloud native environment, you can access the PDC GUI at one of the following URLs:

  • http://kubernetesHost:pdcPort/pdc

    where:

    • kubenetesHost is the host name of the machine on which Kubernetes is deployed.

    • pdcPort is the PDC service node port. 

  • http://loadbalanceHost:pdcNodePort/pdc

    where:

    • loadbalanceHost is the host name of the machine on which the load balancer is deployed.

    • pdcNodePort is the number assigned to the PDC node port.

Adding PDC Keys for oc-cn-helm-chart

Table 7-5 describes the most common PDC keys that you need to override. Add these keys to your override-values.yaml file for oc-cn-helm-chart with the same path hierarchy.

For information about all PDC-specific keys, see the descriptions in the oc-cn-helm-chart/values.yaml file.

Caution:

Keys with the path ocpdc.secretValue hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64. See "Secrets" in Kubernetes Concepts.

Table 7-5 Pricing Design Center Keys for oc-cn-helm-chart

Key Path in values.yaml Description

isEnabled

ocpdc

Whether to enable and deploy PDC:

  • true: Enables PDC and deploys the PDC application. This is the default.
  • false: Disables the PDC application.

lang

ocpdc

The Linux system locale. The default is en_US.UTF-8.

tz

 ocpdc

The Linux time zone. The default is UTC.

pdcBrmVolHostPath

ocpdc

The host path for RRE, Import-Export, BRE, or SyncPDC. To use a dynamic provisioner, leave it empty.

The default is empty.

Note: Provide the required permissions to the volume path by following the guidelines in "Persistent Volume Storage Locations" in the WebLogic Kubernetes Operator documentation.

storageSize

ocpdc

The size of the storage path for pdcBrmHostPath.

nodeSelector

ocpdc

The name of the node on which to run the following PDC pods:

  • pdc-app
  • RRE
  • BRE
  • SyncPDC
  • Import-Export

Set this key if you want to constrain the PDC pods to run only on the node you specify.

For more information, see "nodeSelector" in the Kubernetes documentation.

Note: To override the rules for a specific PDC pod, specify a different value for the pod's nodeSelector key. For example, set the ocpdc.configEnv.transformation.syncPDC.nodeSelector key to apply rules specifically to the SyncPDC pod.

affinity

ocpdc

The rules for running the following PDC pods on specific nodes:

  • pdc-app
  • RRE
  • BRE
  • SyncPDC
  • Import-Export

Set this key if you want to constrain the PDC pod to run only on the nodes that meet your criteria.

For more information about this key, see "Node Affinity" in the Kubernetes documentation.

Note: To override the rules for a specific PDC pod, specify a different value for the pod's affinity key. For example, set the ocpdc.configEnv.transformation.importExport.affinity key to apply rules specifically to the Import-Export pod.

domainUID

ocpdc.wop

The name of this PDC WebLogic Server domain.

isVPAEnabled

ocpdc.wop

To enable Vertical Pod Autoscaling for the PDC domain pod, set this entry to true.

The default is false.

isVPAEnabled

ocpdc.configEnv

To enable Vertical Pod Autoscaling for RRE, BRE, SyncPDC, JobIE PODs, set this entry to true. The default is false.

dbHostName

ocpdc.configEnv

The host name of the PDC and cross-reference database. The value must match that of oc-cn-op-job-chart.

dbPort

ocpdc.configEnv

The port for the PDC and cross-reference database. The value must match that of oc-cn-op-job-chart.

dbService

ocpdc.configEnv

The service name for the PDC and cross-reference database. The value must match that of oc-cn-op-job-chart.

logLevel

ocpdc.configEnv.transformation

The application log level: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST.

MEM_ARGS

ocpdc.configEnv.transformation

The memory argument, surrounded by quotes. For example: "-Xms1024m -Xmx2048m -XX:CompileThreshold=8000".

persistOutFiles

ocpdc.configEnv.transformation

Whether to persist the output files generated by the transformation engine:

  • enabled: Keeps the output and payload files in the out directory. This is not recommended.
  • disabled: Removes the output and payload files from the out directory. This is the default.

isClearBRMSeedData

ocpdc.configEnv.transformation

Whether to clean the BRM seed data:

  • true: Cleans the BRM seed data. This is the default.
  • false: Retains the BRM seed data.

Note: After you deploy PDC, set isClearBRMSeedData to false and then run the helm upgrade command. This prevents user-created data in BRM using PDC from being lost when the PDC pod is restarted.

upgrade

ocpdc.configEnv.transformation

Whether to upgrade from a previous release to Patch Set 4.

Set this to true if you are upgrading from a previous version to Patch Set 4 or a Patch Set 4 interim patch. The default is false.

Note: This field is supported only by PDC 12.0.0.3.0 with Interim Patch 32174110 and later.

nodeSelector

ocpdc.configEnv.transformation

The name of the node on which to run the RRE and BRE pods.

affinity

ocpdc.configEnv.transformation

The rules for running the RRE and BRE pods on specific nodes.

BE

ocpdc.configEnv.seedData

Whether to load sample balance elements into the PDC database when PDC is deployed:

  • true: Loads the sample balance elements.
  • false: Does not load the sample balance elements. This is the default.

Note: If balance element data already exists in the PDC database, it is not overwritten.

RUM

ocpdc.configEnv.seedData

Whether to load sample RUMs into the PDC database when PDC is deployed:

  • true: Loads the sample RUMs.
  • false: Does not load the sample RUMs. This is the default.

Note: If RUM data already exists in the PDC database, it is not overwritten.

IE_Operation

ocpdc.configEnv.importExport

The operation for the ImportExportPricing utility to perform:

  • Empty value: No operation is performed. This is the default.
  • export: The utility exports data from the PDC database into an XML file.
  • import: The utility imports data from the XML file into the PDC database.
  • publish: The utility publishes components from PDC to the batch rating engine, real-time rating engine, or ECE.
  • keep: The utility retains the latest version of successfully promoted PDC components.
  • deleteprofile: The utility deletes pricing profiles from PDC.
  • type: The utility displays the pricing or setup components available in PDC.

When you deploy PDC, ensure that this key has an empty value.

Before doing a Helm upgrade to run ImportExportPricing, delete the pdc-import-export-job Kubernetes job.

Don't include the hyphen (-) prefix with the value.

For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide.

IE_Component

ocpdc.configEnv.importExport

The type of components and objects to import or export using the ImportExportPricing utility:

  • config: Imports or exports setup components, such as tax codes, business profiles, and general ledger IDs.
  • pricing: Imports or exports pricing components, such as events, charges, and chargeshares.
  • metadata: Imports or exports the event, service, account, and profile attribute specifications.
  • profile: Imports or exports pricing profile data.
  • customfields: Imports or exports custom fields.
  • brmobject: Exports BRM-mastered configuration objects such as services, events, and G/L IDs.
  • all: Imports or exports all objects and components.

Don't include the hyphen (-) prefix with the value.

For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide.

IE_File_OR_Dir_Name

ocpdc.configEnv.importExport

The name of the XML file or ImportExport directory that contains the list of components and objects to import into the PDC database. This XML file is used by the ImportExportPricing utility.

If importing or deleting components, copy the XML file to the HostPath specified in pdcIEHostPath or in pdc-ie-pvc.

Set the file's or directory's ownership and permissions to chown 1000:0 and chmod 755.

extraCmdLineArgs

ocpdc.configEnv.importExport

The extra command-line arguments for the ImportExportPricing utility, apart from operation, component, and file name.

The value must be surrounded by quotes. For example, "-n ObjectName".

See "ImportExportPricing" in PDC Creating Product Offerings for more information.

ImportExport Log Rotation

ocpdc.configEnv.importExport

The settings for rotating ImportExport log files:

  • logLevel: Sets the logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING.

  • logSize: Sets the maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file.

  • logCount: Specifies the maximum number of log files to retain for the application.

  • persistIELogs: Specifies whether to persist log files in the database after they are closed. Possible values are all, disabled, and failed.

See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.

nodeSelector

affinity

ocpdc.configEnv.importExport

The rules for deploying the Import-Export pod on specific nodes.

upgradeFromPS2

ocpdc.configEnv.syncPDC

Whether to upgrade SyncPDC during the PDC upgrade process. Set this to true only if you are upgrading from Patch Set 2 to Patch Set 4.

The default is false.

See "Upgrading Your PDC Cloud Native Services" for more information.

skipBREMigration

ocpdc.configEnv.syncPDC

Skips the synchronization of pipeline configuration data. The default is false.

This key is ignored when ECE is enabled in a PDC system.

Note: This field is supported only by PDC 12.0.0.3.0 with Interim Patch 32174110 and later.

syncPDCStartAt

ocpdc.configEnv.syncPDC

The scheduled time for running the SyncPDC utility. This key is set at deployment time only. Valid values include:

  • startAt: The utility runs at the time the job was submitted.
  • "HH:MM": The utility runs at the specified time, where HH is an hour between 0 and 23, and MM is the minutes between 0 and 59. For example, enter "12:00" to schedule the utility to run at noon.

For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide.

syncPDCInterval

ocpdc.configEnv.syncPDC

The scheduled frequency for running the SyncPDC utility. This key is set at deployment time only.

Enter a value in the format "N:U", where N is a valid number and U is one of these units: D (Daily), H (Hourly), or M (Minute).

For example, enter "2:D" to run the utility every other day.

Note: A value of "24:H" is not the same as "1:D" due to daylight savings time (DST).

enrichmentFileName

ocpdc.configEnv.syncPDC

Set this to ECEEventEnrichmentSpec.xml.

Store the enrichment file in the path specified in pdcBrmHostPath. This is applicable at both PDC deployment time and individual SyncPDC runtime.

runSyncPDC

ocpdc.configEnv.syncPDC

Whether to create the SyncPDC pod:

  • true: Creates the SyncPDC pod and starts the BRM-to-PDC synchronization process. This is the default.
  • false: Deletes the SyncPDC pod and stops the synchronization process.

SyncPDC Log Rotation

ocpdc.configEnv.syncPDC

The settings for rotating SyncPDC log files:

  • logLevel: Sets the logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING.

  • logFileSize: Sets the maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file. The default is 20000.

  • logFileCount: Specifies the maximum number of log files to retain for the application. The default is 10.

See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.

nodeSelector

affinity

ocpdc.configEnv.syncPDC

The rules for deploying the SyncPDC pod on specific nodes.

isEnabled

ocpdc.configEnv.monitoring

Whether to enable monitoring of PDC by using Prometheus and Grafana.

For more information, see "Monitoring PDC in a Cloud Native Environment" in BRM Cloud Native System Administrator's Guide.

walletPassword

ocpdc.secretValue

The passwords for the PDC application wallet and PDC BRM integration wallet.

Adding PDC Keys for oc-cn-op-job-helm-chart

You must create an override-values.yaml for oc-cn-op-job-helm-chart and then add the PDC-specific keys in Table 7-6.

For information about all PDC-specific keys, see the descriptions in the oc-cn-op-job-helm-chart/values.yaml file.

Caution:

Keys with the path ocpdc.secretValue hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 7-6 Pricing Design Center Keys for oc-cn-op-job-helm-chart

Key Path in values.yaml Description

isEnabled

ocpdc

Whether to enable PDC jobs:

  • true: Enables PDC jobs. This is the default.
  • false: Disables PDC jobs.

isClean

ocpdc

Whether to clean old PDC deployment and instance logs:

  • true: Removes all existing PDC deployment and instance logs. This is the default.
  • false: Keeps all existing PDC logs.

lang

ocpdc

The Linux system locale. The default is en_US.UTF-8.

tz

ocpdc

The Linux time zone. The default is UTC.

pdcAppVolHostPath

ocpdc

The host path for pdc-domain.

To use a dynamic provisioner, leave it empty. The default is empty.

Note: For a dynamic provisioner, ensure that oc-cn-helm-chart is deployed and that the storage class is reused.

Note: Provide the required permissions to the volume path by following the guidelines in "Persistent Volume Storage Locations" in the WebLogic Kubernetes Operator documentation.

storageSize

ocpdc

The size of the storage path for pdcHostPath.

nodeSelector

ocpdc

The rules for scheduling a PDC job pod on a particular node using nodeSelector or affinity.

pdc-domain-job: Set this key to constrain the PDC pods to run only on the node you specify. For more information, see "nodeSelector" in the Kubernetes documentation.

Note: To override the rules for a specific PDC pod, specify a different value for the pod's nodeSelector key. For example, set the ocpdc.configEnv.transformation.syncPDC.nodeSelector key to apply rules specifically to the SyncPDC pod.

affinity

ocpdc

The rules for scheduling a PDC job pod on a particular node using nodeSelector or affinity.

pdc-domain-job: Set this key if you want to constrain the PDC pod to run only on nodes that meet your criteria. For more information, see "Node Affinity" in the Kubernetes documentation.

Note: To override the rules for a specific PDC pod, specify a different value for the pod's affinity key. For example, set the ocpdc.configEnv.transformation.importExport.affinity key to apply rules specifically to the PDC Import Export pod.

domainUID

ocpdc.wop

The name of this PDC WebLogic Server domain.

includeServerOutInPodLog

ocpdc.wop

Whether to include the server out file in the pod's stdout log:

  • true: The server out file is included. This is the default.
  • false: The server out file is excluded.

jtaTimeoutSeconds

ocpdc.wop

The maximum amount of time, in seconds, an active transaction is allowed to be in the first phase of a two-phase commit transaction. The default is 10000.

If the time expires, the transaction is automatically rolled back.
jtaAbandonTimeoutSeconds

ocpdc.wop

The maximum amount of time, in seconds, a transaction manager continues to attempt completing the second phase of a two-phase commit transaction.

The default is 10000.

stuckThreadMaxTime

ocpdc.wop

The number of seconds a thread must be continually working before the server considers the thread to be stuck.

The default is 20000.

idlePeriodsUntilTimeout

ocpdc.wop

The number of idle periods until the peer is considered to be unreachable. The default is 40.

dataSourceXaTxnTimeout

ocpdc.wop

The number of seconds until the data source transaction times out. The default is 0.

When set to 0, the WebLogic Server Transaction Manager passes the global WebLogic Server transaction timeout in seconds in the method.

pdcAppSesTimeOut

ocpdc.wop

The PDC application (pricingui.ear) session time out, in seconds. The default is 36000.

pdcAppSesInvInterTimeOut

ocpdc.wop

The PDC application (pricingui.ear) session invalid interval time out, in seconds. The default is 3000.

exposePorts

ocpdc.configEnv

Exposes the SSL HTTPS port, the HTTP port, or both:

  • yes: Exposes the SSL HTTPS port only.

  • no: Exposes the HTTP port only.

  • all: Exposes both the HTTP port and the SSL HTTPS port. This is the default.

t3ChannelPort

ocpdc.configEnv

The port number for the t3 channel. The default is 30799.

Use this key if PDC needs to use the t3 protocol to communicate with an external system, such as Elastic Charging Engine (ECE). Set this to a Kubernetes port number from 30000 through 32767 that is not in use.

This key is mandatory.

t3ChannelAddress

ocpdc.configEnv

The IP address for the primary node or load balancer.

This key is optional.

t3sChannelPort

ocpdc.configEnv

The port number for the t3s channel. The default is 30800.

Use this key if PDC needs to use the t3s protocol to communicate with an external system such as ECE. Set this to a Kubernetes port number from 30000 through 32767 that is not in use.

This key is mandatory.

t3sChannelAddress

ocpdc.configEnv

If SSL is enabled in the WebLogic domain, set this to the IP address for the primary node or load balancer.

This key is optional.

USER_MEM_ARGS

ocpdc.configEnv

 The custom memory arguments for WebLogic Admin Server.

USER_JAVA_OPTIONS

ocpdc.configEnv

 The custom Java options for WebLogic Admin Server.

pdcAppLogLevel

pdcAppLogFileSize

pdcAppLogFileCount

ocpdc.configEnv

The settings for rotating Pricing Server log and tracing log files:

  • pdcAppLogLevel: Sets the logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING.

  • pdcAppLogFileSize: Sets the maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file.

  • pdcAppLogFileCount: Specifies the maximum number of log files to retain for the application.

See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.

rcuJdbcURL

ocpdc.configEnv

The connection string for connecting to a database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS. Use the format "host:port/service".

rcuPrefix

ocpdc.configEnv

The prefix for the PDC domain RCU schema.

For example, if the prefix is XYZ and the schema name is STB, the PDC domain RCU schema name will be XYZ_STB.

rcuRecreate

ocpdc.configEnv

Whether to re-create the PDC domain.

  • true: If the PDC domain is present, the RCU drops and re-creates the domain. This is the default.

  • false: The PDC domain is left alone.

isCustomWLSPython

ocpdc.configEnv

Whether to run your custom WebLogic Python files:

  • true: Run your custom WebLogic Python files located in oc-cn-op-job-chart/pdc/customWLSPython.

  • false: Do not run a custom WebLogic Python file.

Set each file's ownership and permissions to chown 1000:0 and chmod 777.

addOPSSWallet

ocpdc.configEnv

Whether to copy the OPSS wallet:

  • true: The OPSS wallet is copied from pdc-app-pvc/stores/opss_wallet/ewallet.p12 to oc-cn-op-job-helm-chart/pdc/opss_wallet.

  • false: The OPSS wallet is not copied. This is the default.

Note: The ewallet.p12 file will not be available in pdc-app-pvc/stores/opss_wallet after the first job chart run or a new RCU prefix.

honorOMF

ocpdc.configEnv

Whether the RDS database honors the Oracle-Managed Files (OMF) naming format:

  • true: OMF format is used.

  • false: OMF format is not used. This is the default.

keyStoreType

ocpdc.configEnv

The SSL KeyStore type for the PDC domain. The default is JKS.

keyStoreAlias

ocpdc.configEnv

The alias name for the PDC domain SSL KeyStore. The default is WeblogicPDCTestAlias.

keyStoreIdentityFileName

ocpdc.configEnv

The name of the PDC domain SSL KeyStore Identity file. The default is defaultserver.jks.

The defaultserver.jks file is created during PDC deployment if it does not already exist.

keyStoreTrustFileName

ocpdc.configEnv

The name of the PDC domain SSL TrustStore file. The default is defaultclient.jks.

The defaultclient.jks file is created during PDC deployment if it does not already exist.

isSSOEnabled

ocpdc.configEnv

Set to true to configure and use SAML 2.0 SSO service. The default is false.

samlAsserterName

ocpdc.configEnv

The name of the SAML Asserter. It should be the same as OEM or IDCS.

The default is pdcSAML2IdentityAsserter.

ssoPublishedSiteURL

ocpdc.configEnv

The base URL used to construct endpoint URLs, typically, the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

ssoDefaultURL

ocpdc.configEnv

The URL to which unsolicited authentication responses are sent if they do not contain an accompanying target URL.

ssoLogoutURL

ocpdc.configEnv

The URL where users are redirected after they log out from the application (OEM or IDCS log out).

dbHostName

ocpdc.configEnv

The host name of the PDC and cross-reference database.

dbPort

ocpdc.configEnv

The port for the PDC and cross-reference database.
dbService

ocpdc.configEnv

The service name for the PDC and cross-reference database.
dbSysDBAUser

ocpdc.configEnv

The SYS, System, or Sys DBA user for the PDC and cross-reference database.

If this key is not configured, PDC assumes that pdcSchemaUserName and crossRefSchemaUserName are already present on the database with the required permissions.

dbSysDBARole

ocpdc.configEnv

The role of the PDC and cross-reference database SYS, System, or Sys DBA user.

dbSSLMode

ocpdc.configEnv

The type of SSL connection required for connecting to the database:

  • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.
  • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity.
  • NO: SSL authentication is not required. This is the default.

If set to ONE_WAY or TWO_WAY, place the database wallet in the oc-cn-helm-chart/pdc/pdc_db_wallet directory. Create the directory structure if it is not present and do not change the directory name.

dbWalletType

ocpdc.configEnv

The type of file specified as the TrustStore for SSL connections: SSO or pkcs12. SSO is the recommended value.

crossRefSchemaPDCTableSpace

ocpdc.configEnv

The name of the PDC tablespace for the transformation cross-reference schema. This field is case-sensitive.

crossRefSchemaTempTableSpace

ocpdc.configEnv

The name of the temporary tablespace for the transformation cross-reference schema. This field is case-sensitive.

crossRefSchemaUserName

ocpdc.configEnv

The cross-reference database schema user name.

pdcSchemaPDCTableSpace

ocpdc.configEnv

The tablespace name of the PDC schema. This field is case-sensitive.

pdcSchemaTempTableSpace

ocpdc.configEnv

The tablespace name of the temporary schema. This field is case-sensitive.

pdcSchemaUserName

ocpdc.configEnv

The PDC database schema user name.

pdcAdminUser

ocpdc.configEnv

The PDC admin user name, which includes the Pricing Design Admin role.

adminPassword

ocpdc.secretValue

The password for the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations.

rcuSchemaPassword

ocpdc.secretValue

The password for the Oracle Fusion Middleware product schemas that will be created by RCU and used by OPSS.

keyStoreIdentityKeyPass

ocpdc.secretValue

The password for the PDC domain SSL identity key.

keyStoreIdentityStorePass

ocpdc.secretValue

The password for the PDC domain SSL identity store.

keyStoreTrustStorePass

ocpdc.secretValue

The password for the PDC domain SSL TrustStore.

pdcSchemaPassword

ocpdc.secretValue

The password for the PDC database schema user.

crossRefSchemaPassword

ocpdc.secretValue

The password for the transformation cross-reference database schema user.

dbWalletPassword

ocpdc.secretValue

The password for the database SSL wallet. This key is required if dbWalletType is set to pkcs12.

walletPassword

ocpdc.secretValue

The passwords for the PDC application wallet and PDC BRM integration wallet.

pdcAdminUserPassword

ocpdc.secretValue

The password for the PDC admin user, which includes the Pricing Design Admin role.

Setting Up SSO for PDC Cloud Native

SSO allows users to log in to applications using a single user name and password combination. You set up SSO for PDC cloud native services by using SAML 2.0.

Note:

SSO is supported only in these versions of PDC cloud native:

  • 12.0 Patch Set 5 with Interim Patch 35134293 or later

  • 12.0 Patch Set 6 with Interim Patch 36449501 or later

  • 12.0 Patch Set 8

These release versions use a WebLogic Kubernetes Operator domain home source type of Domain on Persistent Volume (PV), which supports SSO. In these releases, the oc-cn-op-job-helm-chart/values.yaml file includes new keys for supporting SSO. For information, see the comments in the values.yaml file.

The 12.0 Patch Set 7 release uses a WebLogic Kubernetes Operator domain home source type of Model in Image, which does not support SSO.

To set up SSO for PDC:

  1. Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.

    For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.

  2. Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/pdc/idp directory.

  3. Configure the KeyStores needed by SAML 2.0:

    1. Generate Identity and Trust KeyStores.

    2. Move your KeyStore files, such as identity.p12 and trust.p12, to the oc-cn-op-job-helm-chart/pdc/pdc_keystore directory.

  4. In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:

    • ocpdc.configEnv.isSSOEnabled: Set this to true.

    • ocpdc.configEnv.keyStoreAlias: Set this to the private key alias of the KeyStore.

    • ocpdc.configEnv.keyStoreType: Set this to the file type of the SSL Identity and Trust KeyStore, which is either PKCS12 or JKS. The default is PKCS12.

    • ocpdc.configEnv.keyStoreIdentityFileName: Set this to the name of the Identity KeyStore file.

    • ocpdc.configEnv.keyStoreTrustFileName: Set this to the name of the Trust KeyStore file.

    • ocpdc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is pdcSAML2IdentityAsserter.

    • ocpdc.configEnv.ssoPublishedSiteURL: Set this to the base URL used to construct endpoint URLs. This is typically the load balancer host and port where the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

    • ocpdc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

    • ocpdc.secretValue.keyStoreIdentityStorePass: Set this to the StorePass for the Identity KeyStore.

    • ocpdc.secretValue.keyStoreIdentityKeyPass: Set this to the KeyPass for the Identity KeyStore.

    • ocpdc.secretValue.keyStoreTrustStorePass: Set this to the StorePass for the Trust KeyStore.

  5. Configure your load balancer's rules to send responses to the PDC WebLogic domain with /saml2 appended to the URL path.

    Note:

    Add this rule to your existing load balancer rules for routing responses to PDC (/pdc), the load balancer host name, and so on.

    See "Installing an Ingress Controller".

  6. Deploy your PDC cloud native services by following the instructions in "Deploying BRM Cloud Native Services".

  7. After PDC is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your PDC domain specified in the ocpdc.wop.domainUID key.

    The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to PDC.

  8. Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.

    For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.

PDC Post-Deployment Steps

Some scenarios may require you to re-create the WebLogic domain between updates. To re-create the domain and allow it to access the same set of tables, the WebLogic domain needs the wallet password Secret, the OPSS wallet file, and the information for accessing the RCU database. Without the wallet file and wallet password, you cannot re-create a domain accessing the same set of tables.

To extract the OPSS wallet and the wallet password Secret from a deployed domain, do the following:

  1. After oc-cn-op-job-helm-chart deploys successfully, copy the OPSS wallet from pdc-app-pvc/stores/opss_wallet/ewallet.p12 to a safe location.

  2. Copy the ewallet.p12 file to oc-cn-op-job-helm-chart/pdc/opss_wallet.

  3. In your override-values.yaml file for oc-cn-op-job-helm-chart, set ocpdc.configEnv.addOPSSWallet to true.

  4. Run the helm upgrade command: 

    helm upgrade OpJobReleaseName oc-cn-op-job-helm-chart --namespace BrmNameSpace --values OverrideValuesFile

    where:

    • OpJobReleaseName is the release name for oc-cn-op-job-helm-chart.

    • BrmNameSpace is the name space in which BRM Kubernetes reside.

    • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the oc-cn-op-job-helm-chart/values.yaml file.

Configuring Pipeline Configuration Center

Configuring Pipeline Configuration Center (PCC) involves these high-level steps:

  1. Overriding the PCC-specific keys in the values.yaml file. See "Adding Pipeline Configuration Center Keys".

  2. After PCC is deployed, enabling SSL in the WebLogic domain. See "Enabling SSL in Your Pipeline Configuration Center Domain".

  3. Setting up your PCC log files. See "About Pipeline Configuration Center Logs".

Adding Pipeline Configuration Center Keys

Table 7-7 lists the keys that directly impact PCC deployment. Add these keys to your override-values.yaml file for oc-cn-helm-chart.

Table 7-7 Pipeline Configuration Center Keys

Key Path in Values.yaml File Description

imageName

ocpcc.pcc.deployment

The name of the PCC image, such as oracle/pcc.

imageTag

ocpcc.pcc.deployment

The tag name for the PCC image, such as 12.0.0.x.0.

httpPort

ocpcc.pcc.configEnv

The container HTTP port on which PCC will be running.

httpsPort

ocpcc.pcc.configEnv

The container HTTPS port on which PCC will be running.

isSSLEnabled

ocpcc.pcc.configEnv

Set this to true if you want to run PCC on an SSL-enabled port. Otherwise, set this to false.

keyStoreType

ocpcc.pcc.configEnv

The KeyStore type, such as PKCS12 or JKS.

keyStoreAlias

ocpcc.pcc.configEnv

The string alias used to store and retrieve the server's private key. This is used for setting up the SSL-enabled domain.

keyStoreIdentityFileName

ocpcc.pcc.configEnv

The name of your KeyStore file.

keyStoreTrustFileName

ocpcc.pcc.configEnv

The name of your TrustStore file.

adminUser

ocpcc.pcc.configEnv

The WebLogic Server domain administrator user name, which is usually weblogic.

adminPort

ocpcc.pcc.configEnv

The WebLogic Server domain administrator port.

isAdminPortEnabled

ocpcc.pcc.configEnv

Set this to true if a separate admin port needs to enabled for PCC. Otherwise, set this to false.

rcuJdbcURL

ocpcc.pcc.configEnv

The connection string for connecting to the database where schemas needed by Oracle Fusion Middleware products are created, especially OPSS. Use the format "host:port/service".

rcuSysDBAUser

ocpcc.pcc.configEnv

The database user name. The default user name for Oracle databases is SYS.

rcuPrefix

ocpcc.pcc.configEnv

The RCU prefix for the database schema name.

rcuRecreate

ocpcc.pcc.configEnv

Set this to true to drop and re-create an existing database schema. Otherwise, set this to false.

featureSets

ocpcc.pcc.configEnv

The feature set and patch set you are deploying (that is, PCC:12.0.0.x.0).

brmServicePoidId

ocpcc.pcc.configEnv

The POID for the BRM service.

brmServiceType

ocpcc.pcc.configEnv

The BRM service type (that is, /service/admin_client).

brmRootLogin

ocpcc.pcc.configEnv

The BRM root login user name.

pccUser

ocpcc.pcc.configEnv

The PCC user name to be created as part of installation.

enabled

ocpcc.pcc.metrics

Whether to expose the metrics URL for PCC (true) or not (false).

See "Monitoring Your BRM Cloud Native Deployment" in BRM Cloud Native System Administrator's Guide.

isEnabled

ocpcc.pcc.metrics.prometheus

Whether Prometheus Operator is running and metrics need to be scraped (true) or not (false).

namespace

ocpcc.pcc.metrics.prometheus

The namespace on which Prometheus Operator is running.

Table 7-8 lists the secret keys that directly impact PCC deployment. These keys hold sensitive data and must be handled carefully with controlled access to the file containing its values. See "Secrets" in Kubernetes Concepts.

Add these secret keys to your override-values.yaml file, and encode all of their values in Base64.

Note:

  • You can encode strings in Linux by using this command:

    echo -n 'string' | base64

  • You can decode strings in Linux by using this command:

    echo 'encoded_string' | base64 --decode

Table 7-8 Pipeline Configuration Center Secret Keys

Key Description

ocpcc.pcc.secretVal.adminPassword

The WebLogic Server administrative password encoded in Base64.

ocpcc.pcc.secretVal.walletPassword

The PCC wallet password encoded in Base64.

ocpcc.pcc.secretVal.rcuSysDBAPassword

The Database Administrator password encoded in Base64.

ocpcc.pcc.secretVal.rcuSchemaPassword

The password for schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS. The value must be Base64-encoded.

ocpcc.pcc.secretVal.keyStoreIdentityKeyPass

The KeyPass of Identity Keystore, which is used for setting up the SSL-enabled domain. The value must be Base64-encoded.

ocpcc.pcc.secretVal.keyStoreIdentityStorePass

The StorePass of Identity Keystore, which is used for setting up the SSL-enabled domain. This value must be Base64-encoded.

ocpcc.pcc.secretVal.keyStoreTrustStorePass

The StorePass of the Trust Keystore, which is used for setting up the SSL-enabled domain. This value must be Base64-encoded.

ocpcc.pcc.secretVal.pccUserPassword

The PCC user password encoded in Base64.

Enabling SSL in Your Pipeline Configuration Center Domain

To access PCC over the HTTPS port, SSL must be enabled in the WebLogic domain where PCC is deployed. The BRM cloud native deployment package takes care of the configuration necessary to equip the WebLogic domain with SSL access.

To complete the configuration for SSL setup:

  1. Create a keystore_pcc directory under oc-cn-helm-chart/pcc.

  2. Copy PKCS12 files with valid certificates to the oc-cn-helm-chart/pcc/keystore_pcc directory:

    • identity.p12: Provides the certificate to identify the server.

    • trust.p12: Establishes trust for the certificate.

    If your KeyStore files have different file names or file types, such as JKS, override the keyStoreIdentityFileName, keyStoreTrustFileName, and keyStoreType keys in the override-values.yaml file for oc-cn-helm-chart.

During deployment, Helm uses these KeyStore files to create a Secret, which will be mounted as a volume inside the pcc pod.

About Pipeline Configuration Center Logs

Log files for Pipeline Configuration Center are stored in the container's /u01/logs directory. This directory also contains domain logs, server logs, and RCU logs.

Because the container's /u01/logs directory has an emptyDir volume mount, the log files will be deleted when a pod is removed from a node. To retain your log files, you can either:

  • Attach a side-car application logging service, which copies the log files outside of the container for analysis.

  • Change the type of volume mount and directly persist the log files on permanent storage disk.