7 Configuring BRM Server and PDC Services

Learn how to configure the Oracle Communications Billing and Revenue Management (BRM) server and Pricing Design Center (PDC) in your cloud native environment.

Topics in this document:

About Configuring BRM Cloud Native Services

You configure and deploy BRM cloud native services, such as BRM, PDC, and PCC, by using the BRM Helm chart (oc-cn-helm-chart). YAML descriptors in the oc-cn-helm-chart/templates directory use the oc-cn-helm-chart/values.yaml file for most of the values. The values.yaml file itself includes comments that describe each key. You can override the values by creating an override-values.yaml file.

Oracle recommends that you read the values.yaml file at least once to become familiar with all of the options available.

Creating Secrets for Docker Registry Authorization

You can automatically pull images from your private container registry by creating an ImagePullSecrets, which contains a list of authorization tokens (or Secrets) for accessing a private container registry. You then add references to the ImagePullSecrets in your BRM Helm chart's override-values.yaml file. This allows pods to submit the Secret to the private container registry whenever they want to pull images.

Automatically pulling images from a private container registry involves these high-level steps:

  1. Create a Secret outside of the Helm chart by entering this command:

    kubectl create secret docker-registry SecretName --docker-server=RegistryServer --docker-username=UserName --docker-password=Password --namespace NameSpace

    where:

    • SecretName is the name of your Kubernetes Secret

    • RegistryServer is your private container registry's FQDN (repoHost:repoPort)

    • UserName and Password are your private container registry's user name and password

    • NameSpace is the namespace you will use for installing BRM Helm charts

    For example:

    kubectl create secret docker-registry cgbu-docker-registry --docker-server=mydockerimages.com:2660/ --docker-username=xyz --docker-password=password --namespace oms

  2. Add the imagePullSecrets key to your override-values.yaml file for oc-cn-helm-chart: 

    imagePullSecrets: 
    -name "SecretName1"
    -name "SecretName2"

  3. Add the ocbrm.imageRepository key to your override-values.yaml file: 

    imageRepository: "RegistryServer"

  4. Deploy oc-cn-helm-chart.

Managing Wallet and KeyStore Certificates

You can create wallet and KeyStore certificates for your BRM cloud native deployment in one of these ways:

  • Pre-create all KeyStore certificates and wallets as Secrets in the Kubernetes cluster before you deploy BRM cloud native. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide for more information.

  • Have the BRM cloud native installer create the Kubernetes Secrets for you. In this case, you store the wallet files and KeyStore certificates in the cloud native Helm charts. During the Helm install or upgrade process, the KeyStores are created as Kubernetes Secrets, which eventually end up as Secrets in the Kubernetes cluster.

Configuring Global Values

Table 7-1 lists the keys that apply to all BRM components. To set or change the values, add them to your override_values.yaml file for oc-cn-helm-chart.

Table 7-1 Global Keys in Values.yaml File

Key Description

imageRepository

The registry server where you have pushed images. Typically, in the format “RepoHost:RepoPort/”.

The value is added as a prefix to all image names when you install or upgrade Helm charts.

This key is empty by default.

imagePullSecrets

The name of the Secret that contains credentials for accessing images from your private image server.

This is added to each pod to give it permission to pull the image from your private registry server. See "Creating Secrets for Docker Registry Authorization" for more information.

This key is empty by default.

uniPass

Use this key to apply a uniform password to all BRM cloud native services, including:

  • Database Schemas
  • BRM Root Login

  • BRM Role Passwords

  • Oracle Wallets
  • WebLogic User

To override this password for a specific service, specify a different password in the service's key.

Note: Use this key for test or demonstration systems only.

db.*

The details for connecting to a shared database. The keys in this section take precedence over other database connection keys.

Add these keys only if your system uses a shared database:

  • sslMode: The type of SSL connection required for connecting to the database:

    • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.
    • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.
    • NO: SSL authentication is not required.

  • extDBSSLWalletSecret: The name of the Secret containing the SSL database wallet. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

  • host: The host name or IP address of the database server.

  • port: The port number of the database server.

  • user: The user name of the database administrator.

  • password: The password of the database system administrator.

  • serviceName: The service name that identifies the database.

  • role: The role assigned to the DBA user.

  • walletPassword: The password for accessing the certificates from the TrustStore and KeyStore. This is required if sslMode is set to ONE_WAY or TWO_WAY.

  • walletType: The type of file specified as the TrustStore or KeyStore for SSL connections: SSO or pkcs12.

security.*

The details for setting security in BRM cloud native:

  • tlsVersions: The list of TLS versions supported. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.

  • java.overrideSecurityProperties: Whether to override the default Java security property (true) or not (false). The default is true.

monitoring.prometheus.jmx_exporter.enable

Whether to enable the JMX exporter for Prometheus (true) or not (false). The default is false.

See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide for more information.

monitoring.prometheus.operator.*

The details for monitoring BRM cloud native services using Prometheus:

  • enable: Whether to use Prometheus Operator (true) or standalone Prometheus (false). The default is false.

  • namespace: The namespace in which Prometheus Operator is deployed. The default is prometheus.

  • release: The release name for Prometheus Operator. The default is prometheus.

See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide for more information.

Specifying the BRM Services to Deploy

Some BRM cloud native services are enabled by default, while others are disabled. Ensure that your override-values.yaml file is set up to deploy the services that you want to include in your BRM cloud native environment.

BRM Cloud Native Services Enabled by Default

Table 7-2 lists the BRM cloud native services that are deployed by default. To exclude them from your deployment, set the keys to false in your override-values.yaml file for oc-cn-helm-chart.

Table 7-2 BRM Services Enabled By Default

BRM Service override-values.yaml Key

Batch Pipeline

 ocbrm.batchpipe.isEnabled

Billing Care

ocbc.bc.isEnabled

Billing Care REST API

ocbc.bcws.isEnabled

Business Operations Center

ocboc.boc.isEnabled

BRM REST Services Manager

ocrsm.rsm.isEnabled

Connection Manager

ocbrm.cm.isEnabled

Oracle Data Manager

ocbrm.dm_oracle.isEnabled

Pipeline Configuration Center

ocpcc.pcc.isEnabled

Pricing Design Center

ocpdc.isEnabled

Rated Event (RE) Loader Daemon

ocbrm.rel_daemon.isEnabled

Realtime Pipeline

ocbrm.realtimepipe.isEnabled

BRM Cloud Native Services Disabled By Default

Table 7-3 lists the BRM cloud native services that are not deployed by default. To include them in your BRM cloud native deployment, set the keys to true in your override-values.yaml file for oc-cn-helm-chart.

Table 7-3 BRM Services Disabled By Default

BRM Service override-values.yaml Key

Batch Controller

ocbrm.batch_controller.isEnabled

Billing Care REST API SDK

ocbc.bcws.sdk.isEnabled

Billing Care SDK

ocbc.bc.sdk.isEnabled
BRM Apps Jobs

ocbrm.brm_apps.job.isEnabled

BRM SDK

ocbrm.brm_sdk.isEnabled

Email Data Manager

ocbrm.dm_email.isEnabled

Enterprise Application Integration (EAI) Data Manager

ocbrm.dm_eai.isEnabled

Invoicing Formatter

ocbrm.formatter.isEnabled

Invoicing Data Manager

ocbrm.dm_invoice.isEnabled

Kafka Data Manager

ocbrm.dm_kafka.isEnabled

LDAP Data Manager

ocbrm.dm_ldap.isEnabled

Paymentech Data Manager

ocbrm.dm_fusa.isEnabled

PDC REST Services Manager

ocpdcrsm.isEnabled

Provisioning Data Manager

ocbrm.dm_prov_telco.isEnabled
RE Loader Daemon Job

ocbrm.rel_daemon.job.isEnabled

RE Loader Manager Job

ocbrm.rel_manager.job.isEnabled

Rated Event Manager

ocbrm.rem.isEnabled

Roaming Pipeline

ocbrm.roampipe.isEnabled

Vertex Data Manager

ocbrm.dm_vertex.isEnabled

Webhook

webhook.isEnabled
Web Services Manager Standalone

ocbrm.wsm.soap.isEnabled

Web Services Manager with WebLogic

ocbrm.wsm.deployment.weblogic.isEnabled

Web Services Manager with TomCat

ocbrm.wsm.deployment.tomcat.isEnabled

Configuring the BRM Server

To configure the BRM server to run in your cloud native environment, you override the BRM server-specific keys in the values.yaml file for oc-cn-helm-chart. Table 7-4 lists the keys that directly impact BRM Server pods. Add these keys to your override-values.yaml file with the same path hierarchy.

Note:

You can optionally deploy a simple demonstration version of BRM cloud native by using the sample override_values.yaml file that is packaged with oc-cn-helm-chart. This sample override file contains the bare minimum keys that you need to update to create a simple BRM cloud native system with the following services enabled by default: Account Synchronization DM, Batch Pipeline, CM, Oracle DM, RE Loader, Realtime Pipeline, Billing Care, Billing Care REST API, Business Operations Center, and PDC.

Table 7-4 BRM Server Keys

Key Path in values.yaml File Description

isAmt

ocbrm

Whether account migration is enabled in your BRM database (true) or not (false). The default is false.

isIPV6Enabled

ocbrm

Whether IPV6 is enabled in your Kubernetes environment (true) or not (false). The default is false.

ece_deployed

ocbrm

Whether ECE is going to be deployed in your BRM cloud native environment (true) or not (false). The default is true.

pdc_deployed

ocbrm

Whether PDC is going to be deployed:

  • true: Configuration data is not loaded into the BRM database. Only mandatory configuration records are loaded into the BRM database for starting the realtime pipeline pod.

    For the batch pipeline and roaming pipeline pods, you must load the required configuration data using PDC before deploying the pods.

  • false: Configuration data is loaded into the BRM database during deployment. This is the default.

use_oracle_brm_images

ocbrm

Whether to use the default BRM images (true) or not (false). Set this to false if you are building custom images. The default is true.

existing_rootkey_wallet

ocbrm

Whether you are deploying with an existing database or using an existing root key wallet:

  • true: You are deploying with an existing database or are using an existing root key wallet.

  • false: You are deploying with a new database and are using a new root key wallet. This is the default.

    When set to false, the BRM Helm chart runs lds-config-job to load default strings into BRM during the deployment process. Manually delete lds-config-job after BRM is deployed successfully.

See "Rotating the BRM Root Key" in BRM Cloud Native System Administrator's Guide for more information.

extExistingRootKeyWalletSecret

ocbrm

The name of the Kubernetes Secret containing the existing root key wallet for BRM Server.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

is_upgrade

ocbrm

Whether to upgrade the Helm chart (true) or not (false).

See "Upgrading Your BRM Cloud Native Services".

isSSLEnabled

ocbrm

For SSL-enabled deployment required in Infranet.properties.

cmSSLTermination

ocbrm

Whether to make the CM the SSL endpoint for the BRM cloud native deployment:

  • true: The CM is the SSL endpoint. In this case, TLS can be enabled only between BRM client applications and the CM. TLS is disabled between CM and all downstream components such as DMs and EMs. Communication between external clients and the CM will still be encrypted by TLS 1.2. This setting can increase performance, because it eliminates the overhead needed to handle TLS before processing the PCP packets.

    When set to true, also set the isSSLEnabled key to true.

  • false: SSL is enabled across all components, from client to CM to DMs and EMs. This is the default.

customSSLWallet

ocbrm

Whether to use a custom TLS certificate for the CM:

  • true: A custom TLS certificate is used for the CM.

    When set to true, also set the cmSSLTermination key to true and move the Oracle wallet (brm_custom_wallet) containing the custom TLS certificate to the top level of the Helm chart.

  • false: The default TLS certificate is used for the CM. This is the default.

See "Using a Custom TLS Certificate" in BRM Cloud Native System Administrator's Guide.

extCustomSSLWalletSecret

ocbrm

The name of the Kubernetes Secret containing the custom TLS certificate wallet for BRM Server.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

EnableSecurityContext

ocbrm

Whether to enable a security context in the cluster (true) or not (false). The default is false.

root_key_rotate

ocbrm

Whether to rotate the BRM root key (true) or not (false). The default is false.

See "Rotating the BRM Root Key" in BRM Cloud Native System Administrator's Guide.

brm_root_pass

ocbrm

The root password.

See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.

rotate_password

ocbrm

Whether to rotate the BRM root password:

  • true: The BRM root password is replaced with the one specified in the new_brm_root_password key.

  • false: The BRM root password is not changed. This is the default.

See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.

new_brm_root_password

ocbrm

The new BRM root password. Use this key only when ocbrm.rotate_password is set to true.

See "Rotating the BRM Root Password" in BRM Cloud Native System Administrator's Guide.

rotate_brm_role_passwords

ocbrm

 Whether to rotate the BRM role passwords. The default is false.

See "Rotating BRM Role Passwords" in BRM Cloud Native System Administrator's Guide.

brm_role_pass.*

ocbrm

The passwords for each BRM role. The roles grant users the permission to access different BRM components, such as Customer Center or Pipeline Configuration Center (PCC).

Note: You must set all of these passwords when the unipass key is not set.

You set passwords for the following roles:

  • acct_recv.0.0.0.1: Accounts receivable
  • bc_client.0.0.0.1: Billing Care
  • bill_inv_pymt_sub.0.0.0.1: Invoice payments
  • billing.0.0.0.1: Billing
  • boc_client.0.0.0.1: Business Operations Center
  • collections.0.0.0.1: Collections
  • crypt_utils.0.0.0.1: Encryption utilities
  • cust_center.0.0.0.1: Customer Center
  • cust_mgnt.0.0.0.1: Customer management
  • invoicing.0.0.0.1: Invoicing
  • java_client.0.0.0.1: Java clients
  • load_utils.0.0.0.1: Load utilities
  • payments.0.0.0.1: Payments
  • pcc_client.0.0.0.1: PCC
  • rerating.0.0.0.1: Rerating
  • rsm.0.0.0.1: BRM REST Services Manager
  • super_user.0.0.0.1: Super User
  • ui_client.0.0.0.1: All GUI clients
  • ece.0.0.0.1: ECE

The passwords in this key must match the passwords in oc-cn-init-db-helm-chart.

See "Rotating BRM Role Passwords" in BRM Cloud Native System Administrator's Guide.

wallet.*

ocbrm

Specify the passwords for these wallets:

  • client: The password for the client wallet.

  • server: The password for the server wallet.

  • root: The password for the root wallet.

You must generate Secrets for these keys.

cm.*

ocbrm

The details for deploying the cm pod:

  • isEnabled: Whether to enable the CM. The default is true.

  • deployment.replicaCount: The number of replicas to create of the cm pod. The default is 1.

  • deployment.imageName: The name of the cm image.

  • deployment.imageTag: The tag name for the cm image.

  • deployment.enable_publish: Whether to publish events (1) or not (0). The default is 0.

  • deployment.enable_prefs_enrichment: Whether to enrich notifications with subscriber preferences (true) or not (false). The default is false.

  • deployment.prefs_enabled_publisher_list: The list of publishers with enrichment enabled. The default is 0.0.9.6.

  • deployment.prefs_phone_no_location: Where to retrieve the phone numbers for subscribers. The default is 0.

  • deployment.provisioning_enabled: Whether to enable provisioning of service orders (true) or not (false). The default is false.

  • deployment.simulate_agent: Whether to publish service orders (0) or not (1). The default is 1.

  • deployment.perflib_enabled: Whether to enable monitoring of the cm service using the performance library (Perlib). The default is false.

    See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide.

  • service.type: The service type. The default is ClusterIP.

  • service.serviceFqdn: Set this to the CM's TLS certificate Subject Alternative Name, such as dns:node1.brm.com.

  • custom_files.enable: Whether to expose the oc-cn-helm-chart/cm_custom_files directory as a ConfigMap (true) or not (false). The default is false. The default is false.

    See "Exposing Directories as ConfigMaps" in BRM Cloud Native System Administrator's Guide.

  • custom_files.extCustomFilesCM: The name of the ConfigMap for the external CM custom files.

  • resources.*: The minimum and maximum CPU and memory resources for the cm pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

  • hpaValues.*: The details for scaling up or down the number of pod replicas in your deployment based on the pod's CPU or memory utilization. By default, the Horizontal Pod Autoscaler is disabled. See "Setting Up Autoscaling of BRM Pods" in BRM Cloud Native System Administrator's Guide.

volume.storage

ocbrm.custom_job_files

The storage size of the volume. The default is 50Mi.

eai_js

ocbrm

The details for deploying the EAI Java Server.

  • deployment.*: The details for deploying the EAI Java Server pod.

  • extPayloadCM: The name of the ConfigMap for the external payload files.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

dm_oracle.*

ocbrm

The details for deploying the dm-oracle pod:

  • isEnabled: Whether to enable the Oracle DM. The default is true.

  • deployment: The details for deploying the dm-oracle pod.

  • config.totalFrontEnds: The total number of front end processes. The default is 4.

  • config.totalBackEnds: The total number of back end processes. The default is 4.

  • config.connectionsPerFrontEnd: The number of connections for each front end process. The default is 16.

  • config.totalTransBackEnds: The total number of back end transactions. The default is 4.

  • config.dmSequenceCacheSize: The number of POIDs to cache when each instance of an Oracle DM is started.

  • config.maxStatementCache: The maximum size of the statement cache.

  • config.sharedMemoryBigSize: The size of the DM shared memory for "big" shared memory structures, such as those used for large searches.

  • config.sharedMemorySegmentSize: The size of the DM shared memory segment.

  • secondaryConfig.*: The configuration for the secondary Oracle DM.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

  • hpaValues.*: The details for scaling up or down the number of pod replicas in your deployment based on the pod's CPU or memory utilization. See "Setting Up Autoscaling of BRM Pods" in BRM Cloud Native System Administrator's Guide.

dm_kafka.*

ocmbrm

The details for configuring the Kafka DM:

  • isEnabled: Whether to enable the Kafka DM (true) or not (false). The default is false.

  • kafkaAsyncMode: Whether to use asynchronous mode, which logs business events that failed to publish (true) or synchronous mode, which returns errors for business events that failed to publish (false). The default is false.

  • maxBlock: The maximum block size. The default is 3000.

  • extKafkaKeystoreSecret: The name of the Kubernetes Secret containing the KeyStore certificate files for Kafka DM.

    See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

  • deployment.imageName: The name of the dm_kafka image. The default is dm_kafka.

  • deployment.imageTag: The tag name for the dm_kafka image.

  • deployment.replicaCount: The number of replicas to create of the dm_kafka pod. The default is 1.

  • deployment.jvmOpts: The Java options to configure, such as heap memory and JVM configurations.

  • deployment.kafka_bootstrap_server_list: Set this to a comma-separated list of addresses for the Kafka brokers in this format: hostname1:port1, hostname2:port2.

  • deployment.poolSize: Set this to the number of threads that can run in the JS server to accept requests from the CM. Enter a number from 1 through 2000. The default is 64.

  • deployment.topicName: Set this to the name of the default Kafka topic. The default name is BRMTopic.

  • deployment.topicFormat: Set this to the format of the payload that is published to the default Kafka topic: XML or JSON. The default is XML.

  • deployment.topicStyle: The style of XML payloads: ShortName, CamelCase, NewShortName, or OC3CNotification. The default is CamelCase.

  • deployment.isSecurityEnabled: Whether to enable SSL between Kafka DM and Kafka Server (true) or not (false). The default is false.

  • deployment.trustStorePassword: The TrustStore password in Base64 format. Required only if SSL is enabled.

  • deployment.keyStorePassword: The KeyStore password in Base64 format. Required only if SSL is enabled.

  • deployment.keyPassword: The password of a key in the KeyStore in Base64 format. Required only if SSL is enabled.

  • deployment.password: The password in Base64 format. Required only if SSL is enabled.

  • volume.storage: The storage size of the volume.

  • volume.createOption: By default, the Kafka DM uses dynamic volumes. To use a static volume instead, add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

  • hpaValues.*: The details for scaling up or down the number of pod replicas in your deployment based on the pod's CPU or memory utilization. See "Setting Up Autoscaling of BRM Pods" in BRM Cloud Native System Administrator's Guide.

For more information about integrating BRM cloud native with a Kafka Server, see "Integrating with Kafka Servers" in BRM Cloud Native System Administrator's Guide.

dm_email.*

ocbrm

The details for configuring the Email DM:

  • isEnabled: Whether to enable the email DM. The default is false.

  • deployment.*: The details for deploying the dm-email pod.

  • config.totalFrontEnds: The total number of front end processes. The default is 4.

  • config.totalBackEnds: The total number of back end processes. The default is 4.

  • config.connectionsPerFrontEnd: The number of connections for each front end process. The default is 16.

  • config.totalTransBackEnds: The total number of back end transactions. The default is 4.

  • config.dmSequenceCacheSize: The number of POIDs to cache when each instance of an Email DM is started.

  • config.maxStatementCache: The maximum size of the statement cache.

  • config.sharedMemoryBigSize: The size of the DM shared memory for "big" shared memory structures, such as those used for large searches.

  • config.sharedMemorySegmentSize: The size of the DM shared memory segment.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

dm_invoice.*

ocbrm

The details for configuring the Email DM:

  • isEnabled: Whether to enable the Invoice DM. The default is false.

  • deployment.*: The details for deploying the dm-invoice pod.

  • config.totalFrontEnds: The total number of front end processes. The default is 2.

  • config.totalBackEnds: The total number of back end processes. The default is 6.

  • config.connectionsPerFrontEnd: The number of connections for each front end process. The default is 16.

  • config.totalTransBackEnds: The total number of back end transactions. The default is 4.

  • config.dmSequenceCacheSize: The number of POIDs to cache when each instance of an Email DM is started.

  • config.maxStatementCache: The maximum size of the statement cache.

  • config.sharedMemoryBigSize: The size of the DM shared memory for "big" shared memory structures, such as those used for large searches.

  • config.sharedMemorySegmentSize: The size of the DM shared memory segment.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

dm_prov_telco.*

ocbrm

The details for configuring Provisioning DM:

  • isEnabled: Whether to enable the Provisioning DM. The default is false.

  • deployment.*: The details for deploying the Provisioning DM.

  • volume.storage: The storage size of the volume.

  • volume.createOption: By default, the dm-prov-telco pod uses dynamic volumes. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

smtpServer

ocbrm.dm_email.deployment

Set this to your SMTP server name, such as ocbrm.us.example.com.

create

ocbrm.storage_class

Whether to create a Kubernetes StorageClass (true) or not (false).

virtual_time.*

ocbrm

The details for configuring the pin_virtual_time utility:

  • enabled: Set this to true to enable pin_virtual_time.

  • sync_pvt_time: Set this to the number of seconds between each synchronization of pin_virtual_time with all pods. The default is 0 seconds.

  • volume.storage: The storage size of the volume.

  • volume.createOption: By default, the virtual-time pod uses dynamic volumes. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

db.*

ocbrm

The details for connecting to the BRM database:

  • host: The host name or IP address of the database server.

  • port: The port number of the database server.

  • service: The service name that identifies the database.

  • sslMode: The type of SSL connection required for connecting to the database: TWO_WAY, ONE_WAY, or NO.

  • extDBSSLWalletSecret: The name of the Kubernetes Secret containing the SSL database wallet.

    See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

  • walletPassword: The password for accessing the certificates from the TrustStore and KeyStore. This is required if sslMode is set to ONE_WAY or TWO_WAY.

  • walletType: The type of file specified as the TrustStore or KeyStore for SSL connections: SSO or pkcs12. The default is SSO.

  • enable_partition: Whether partitioning is enabled at the database level (Yes) or disabled (No). The default is Yes.

  • storage_model: The size of the BRM database tablespaces:

    • Test: Less than 700 MB.
    • Small: Less than 1.5 GB.
    • Medium: Less than 30 GB.
    • Large: Greater than 30 GB.

  • schemauser: The user name of the primary BRM schema. The default is pin.

  • schemapass: The password for the BRM schema.

  • schematablespace: The name of the tablespace for the primary BRM schema. This field is case-sensitive. The default is pin.

  • indextablespace: The name of the index tablespace for the primary BRM schema. This field is case-sensitive. The default is pinx.

  • nls_lang: The language, territory, and character set. Set this to American_America.AL32UTF8. You must use American_America as the language and territory, regardless of your locale.

  • pipelineschemauser: The BRM pipeline schema user name, which should be pre-created with all of the required grants.

  • pipelineschemapass: The BRM pipeline schema password. You must generate a Secret. Add this key to your override-values.yaml file with the same path hierarchy.

  • pipelineschematablespace: The name of the tablespace for the BRM pipeline schema. This field is case-sensitive.

  • pipelinesindextablespace: The name of the index tablespace for the BRM pipeline schema. This field is case-sensitive.

  • skipPrimary: Whether to deploy the primary schema (false) or skip the deployment of the primary schema (true). Set it to true only if you are adding a schema to an existing BRM multischema system. The default is false.

Ensure these values match the ocbrm.db.* keys from oc-cn-init-db-helm-chart. See Table 6-1 for more information.

secondaryN.*

ocbrm.db.multiSchemas

The details for connecting to your secondary database schemas, where N is 1 for the first secondary schema, 2 for the next secondary schema, and so on.

Add this block only if your BRM database contains multiple schemas. This section will be commented out by default:

multiSchemas: 
   secondary: 
      deploy:
      host: localhost 
      port: 1521 
      service: pindb 
      schemauser: 
      schemapass: 
      schematablespace: 
      indextablespace:

See "Configuring BRM for a Multischema Database".

mountOptions

ocbrm.storage_class

Set this to the version of the external provisioner.

provisioner

ocbrm.dynamic_provisioner

Set this to the name of the external provisioner.

dm_fusa.*

ocbrm

The details for configuring the Paymentech DM:

  • isEnabled: Whether to enable the Paymentech DM. The default is false.

  • deployment.*: The details for deploying the Paymentech DM.

  • volume.storage: The storage size of the volume.

  • volume.createOption: By default, the dm-fusa pod uses dynamic volumes. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

realtimepipe.*

ocbrm

The details for configuring the Realtime Pipeline:

  • isEnabled: Whether to enable the Realtime Pipeline (true) or not (false). The default is true.

  • deployment.replicaCount: The number of replicas to create of the realtimepipe pod. The default is 1.

  • deployment.rtp_num_thread: The number of threads in the realtime pipeline. The default is 8.

  • deployment.rtp_num_pipe: The number of realtime pipelines. The default is 2.

  • deployment.discount_trace: Whether to generate a discount trace file. The default is true.

  • deployment.SemaphoreEnable: Whether to check for and process semaphore files, which allow you to configure and control Pipeline Manager during runtime. The default is true.

    For more information, see "Using Semaphore Files to Control Pipeline Manager" in BRM Pipeline Manager Administration Guide.

  • volume.storage: The storage size of the volume.

  • volume.createOption: By default, the realtimepipe pod uses dynamic volumes. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

batch_controller.*

ocbrm

The details for configuring the Batch Controller:

  • isEnabled: Whether to enable the BRM Controller. The default is false.

  • deployment.*: The details for deploying the Batch Controller.

  • volume.directory.createOption: By default, all of the pipelines in the batch-controller pod uses dynamic volumes. To use a static volume instead, you must add the createOption key under the directory key, where directory is input, archive, and reject. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

rel_daemon.*

ocbrm

The details for configuring the Rated Event (RE) Loader daemon:

  • isEnabled: Whether to enable the RE Loader daemon. The default is true.

  • job.isEnabled: Whether to run the RE Loader daemon job. The default is false.

  • deployment.*: The details for deploying the RE Loader daemon.

  • volume.directory.createOption: By default, all of the directories in the rel-daemon pod use dynamic volumes. To use static volumes instead, you must add the createOption key under the directory key, where directory is reject, archive, and input. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

rem.*

ocbrm

The details for configuring the rated-event-manager pod.

Note: If ocbrm.db.sslMode is enabled (ONE_WAY or TWO_WAY), you must specify the server certificate's distinguished name (DN) in the oc-cn-helm-chart/templates/configmap_rem_properties.yaml file's rated_event_manager.jdbc_pool.sslServerCertDN key.

  • logging.*: The details for logging information about the rated-event-manager pod.

  • isEnabled: Whether to deploy the rated-event-manager pod. The default is false.

  • deployment.*: The details for deploying the rated-event-manager pod, such as its image name, its image tag, and the Kafka topic to use for rated events.

  • volume.directory.createOption: By default, all of the directories in this pod use dynamic volumes. To use a static volume instead, you must add the createOption key under the directory key, where directory is input, reject, archive, and data. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

  • volume.directory.storage: The storage size of the volume.

  • nodeSelector: The rules for deploying the rated-event-manager pod on specific nodes.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

  • hpaValues.*: The details for scaling up or down the number of pod replicas in your deployment based on the pod's CPU or memory utilization. By default, the Horizontal Pod Autoscaler is disabled. See "Setting Up Autoscaling of BRM Pods" in BRM Cloud Native System Administrator's Guide.

batchpipe.*

ocbrm

The details for configuring the batch pipeline.

  • isEnabled: Whether to enable the batch pipeline. The default is true.

  • deployment.*: The details for deploying the batch pipeline.
  • volume.output.storage: The storage size of the volume.

  • volume.directory.createOption: By default, all of the directories in the batchpipe pod use dynamic volumes. To use a static volume instead, you must add the createOption key under the directory key, where directory is data, output, reject, and log. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

roampipe.*

ocbrm

The details for configuring the roaming pipeline:

  • isEnabled: Whether to enable the roaming pipeline. The default is false.

  • deployment.*: The details for deploying the roaming pipeline.

  • volume.directory.createOption: By default, all of the pipelines in the roampipe pod use dynamic volumes. To use a static volume instead, you must add the createOption key under the directory key, where directory is output and reject. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

cmt.*

ocbrm

The details for configuring and running pin_cmt.

  • enabled: Set this to true to run the Conversion Manager pin_cmt utility. The default is false.

  • volume.storage: The storage size of the volume.

  • volume.createOption: By default, the cmt pod uses dynamic volumes. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

config_jobs.*

ocbrm

The details for running a configurator job, which allows you to run BRM load utilities on demand without entering into a pod:

  • deployment.*: The details for deploying the configurator job.

  • run_apps: Set to true to enable a configurator job. The default is false.

  • isMultiSchema: Specifies whether to run the commands in the loadme.sh script on the secondary schemas. The default is false.

  • restart_count: Increment this count by 1 to restart the CM.

  • script_name: The name of the script that contains the load utilities you want to run. The default is loadme.sh.

  • configmap_path: The directory in which ConfigMaps are stored. The default is /oms/load.

  • extCustomScriptsCM: The name of the ConfigMap containing custom scripts to run.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

See "Running Load Utilities through Configurator Jobs" in BRM Cloud Native System Administrator's Guide.

brm_apps.*

ocbrm

The details for running a brm-apps job, which allows you to run BRM applications and utilities on demand without entering into a pod:

  • job.isEnabled: Set to true to enable a brm-apps job.

  • isMultiSchema: Specifies whether to run the commands in the loadme.sh script on the secondary schemas. The default is false.

  • job.configmap_path: The path to the ConfigMap file.

  • job.script_name: The name of the script that contains the utilities and applications you want to run. The default is loadme.sh.

  • extCustomScriptsCM: The name of the ConfigMap containing custom scripts to run.

  • deployment.utilityName.*: The configuration details for running BRM utilities and applications, such as pin_billd, pin_export_price, and pin_rerate.

See "Running Applications and Utilities through BRM-Apps Jobs" in BRM Cloud Native System Administrator's Guide.

wsm.soap.*

ocbrm

Details about the standalone Web Services Manager service.

  • isEnabled: Whether to enable SOAP-based Web Services Manager services. The default is false.

  • deployment.*: The details for deploying the brm-wsm pod.

  • service.type.*: The service type. The default is ClusterIP.

  • service.resources.*: The minimum and maximum CPU and memory resources that brm-wsm can use. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

  • configEnv.port: The HTTP port where Web Services Manager is exposed. The default is 8080.

  • configEnv.httpsPort: The HTTPS port where Web Services Manager is exposed. The default is 8443.

  • configEnv.inputValidationEnabled: Whether to validate the input XML payload. The default is true.

  • configEnv.soapInputValidationReportOnly: Whether the validation errors in the input XML payload are logged to the console (true) or sent back as a fault only (false). The default is false.

  • configEnv.outputValidationEnabled: Whether to validate the output XML payload. The default is true.

  • configEnv.soapOutputValidationReportOnly: Whether the validation errors in the output XML payload are logged to the console (true) or sent back as a fault only (false). The default is false.

  • configEnv.logLevel: The logging level. The default is INFO.

  • configEnv.tlsEnabled: Whether to enable TLS encryption for Web Services Manager. The default is false.

  • configEnv.externalSecretName: The name of the Kubernetes Secret containing the passwords for standalone Web Services Manager. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

  • configEnv.clientAuth: Whether OAuth 2.0 tokens in client requests are required (REQUIRED), optional (OPTIONAL), or not required (NONE).

  • configEnv.jvmOpts: The Java options to configure, such as heap memory and JVM configurations.

  • configEnv.keyStoreFileName: The file name of the KeyStore.

  • configEnv.keyStoreAlias: The private key alias of the KeyStore.

  • configEnv.trustStoreFileName: The file name of the TrustStore.

  • configEnv.isOauthEnabled: Whether OAuth 2.0 is enabled in the standalone version of Web Services Manager. The default is false.

  • configEnv.oauthCertificateName: The name of the OAuth certificate file.

  • configEnv.outputDateFormat: The format for the prefix UNIX time stamp of the output XML payload file.

  • configEnv.outputPrefixUnixTimestamp: Whether to add a UNIX time stamp prefix to the output XML payload file name. The default is false.

  • configEnv.inputDateFormat: The format for the prefix UNIX time stamp of the input XML payload file.

  • configEnv.inputPrefixUnixTimestamp: Whether to add a UNIX time stamp prefix to the input XML payload file name. The default is false.

  • configEnv.outputNamespacePrefixSoap: The prefix to add to SOAP XML elements in the response. The default is S.

  • configEnv.outputNamespacePrefixPayload: The prefix to add to the payload XML elements in the response. The default is brm.

  • configEnv.tracing.*: The details for tracing the BRM-WSM service. See "Using Metrics and Tracing (Standalone only)" in BRM Web Services Manager.

  • secrets.*: The name of the Secrets containing the KeyStore and TrustStore passwords.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

For more information about Web Services Manager, see "Using Web Services" in BRM Web Services Manager.

wsm.deployment.weblogic.*

ocbrm

Details about Web Services Manager on WebLogic Server.

  • isEnabled: Whether to deploy Web Services Manager on WebLogic Server. The default is false.

  • imageName: The image name for Web Services Manager deployed on WebLogic Server.

  • initImageName: The name of the init image.

  • imageTag: The tag name for the Web Services Manager image.

  • username: The user name for accessing Web Services Manager.

  • password: The password for the user.

  • replicaCount: The number of replicas to create of the pod. The default is 1.

  • adminServerNodePort: The NodePort where the admin-server's HTTP service will be accessible. By default, this key is blank.

    Note: Set this key only if you want the brmdomain-admin-server-ext service to deploy as NodePort.

  • log_enabled: Whether to create log files. The default is false.

  • minPoolSize: The minimum number of connections the connection pool can create. The default is 1.

  • maxPoolSize: The maximum number of connections the connection pool can create. The default is 8.

  • poolTimeout: The maximum amount of time in milliseconds that a connection request is queued. The default is 30000.

  • jvmOpts: The Java options to configure, such as heap memory and JVM configurations.

  • userMemArgs: The memory arguments.

  • serverStartPolicy: The WebLogic servers that the Operator starts when it discovers the domain: NEVER, ADMIN_ONLY, and IF_NEEDED.

  • monitoring.*: The details for collecting metrics for Web Services Manager deployed on WebLogic Server. See "Monitoring BRM Cloud Native Services" in BRM Cloud Native System Administrator's Guide.

  • idp.*: The details about the Identity Provider (IdP) managing OAuth 2.0 tokens for authenticating clients to access BRM Web Services.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

For more information about Web Services Manager, see "Using Web Services" in BRM Web Services Manager.

wsm.deployment.tomcat.*

ocbrm

Details about Web Services Manager on Tomcat.

  • isEnabled: Whether to deploy Web Services Manager on Tomcat. The default is false.

  • replicaCount: The number of replicas to create of the pod. The default is 1.

  • imageName: The image name for Web Services Manager deployed on Tomcat.

  • imageTag: The tag name for the Web Services Manager image.

  • port: The port number for Web Services Manager. The default is 8080.

  • nodePort: The NodePort where the admin-server's HTTP service is accessible. The default is 30080. This key applies only if service.type set to NodePort.

  • log_enabled: Whether to create log files. The default is true.

  • minPoolSize: The minimum number of connections the connection pool can create. The default is 1.

  • maxPoolSize: The maximum number of connections the connection pool can create. The default is 8.

  • poolTimeout: The maximum amount of time in milliseconds that a connection request is queued. The default is 30000.

  • basicAuth: Whether an OAuth 2.0 authentication token is required. The default is false.

  • walletPassword: The passwords for the Web Services Manager wallet.

  • extBasicConfigCM: The name of the external ConfigMap containing the basic configuration files.

  • service.type: The service type. The default is ClusterIP.

    resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

For more information about Web Services Manager, see "Using Web Services" in BRM Web Services Manager.

brm_sdk.*

ocbrm

The details for the brm-sdk pod:

  • isEnabled: Whether to enable the BRM SDK. The default is false.

  • extCustomScriptsCM: The name of the external ConfigMap containing your custom scripts.

  • deployment.*: The details for deploying the BRM SDK.

  • volume.storage: The storage size of the volume.

  • volume.createOption: By default, the brm-sdk pod uses dynamic volume provisioning. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

  • resources.*: The minimum and maximum CPU and memory resources for the pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

Configuring BRM for a Multischema Database

Using a BRM multischema database lets you distribute customer accounts among several database schemas, providing increased storage capacity, higher performance, and easier maintenance. For more information, see "A BRM Multischema Production System" in BRM Installation Guide.

To configure your BRM cloud native environment to connect to a multischema database, do this:

  1. Ensure that you deployed a multischema database in your BRM cloud native environment. See "Deploying BRM with a New Database Schema".

  2. Using SQL*Plus, grant each database schema the privilege to insert and update tables on the other schemas:

    1. Connect to the BRM database with SQL*Plus as sysdba: 

      sqlplus system@databaseAlias as sysdba 
Enter password: password

      where:

      • databaseAlias is the Oracle system database alias.

      • password is the Oracle system database user password.

    2. From the primary database schema, enter the following:

      SQL> GRANT INSERT ANY TABLE TO SecondarySchema; 
SQL> GRANT UPDATE ANY TABLE TO SecondarySchema;

      where SecondarySchema is the name of the secondary schema.

    3. From each secondary database schema, enter the following:

      SQL> GRANT INSERT ANY TABLE TO PrimarySchema; 
SQL> GRANT UPDATE ANY TABLE TO PrimarySchema;

      where PrimarySchema is the name of the primary schema.

  3. Connect the BRM server to each secondary schema:

    1. Open your override-values.yaml file for oc-cn-helm-chart.

    2. Enable account migration by setting the ocbrm.isAmt key to true.

    3. Set the ocbrm.db.skipPrimary key to false.

    4. For each secondary schema in your system, add a ocbrm.db.multiSchemas.secondaryN block, where N is 1 for the first secondary schema, 2 for the next secondary schema, and so on.

    5. In each ocbrm.db.multiSchemas.secondaryN block, set the following keys:

      • deploy: Set this to true.

      • host: Set this to the hostname of the secondary schema. This key is optional.

      • port: Set this to the port number for the secondary schema. This key is optional.

      • service: Set this to the service name for the secondary schema. This key is optional.

      • schemauser: Set this to the schema user name.

      • schemapass: Set this to the schema password.

      • schematablespace: Set this to the name of the schema tablespace, such as pin01.

      • indextablespace: Set this to the name of the index tablespace, such as pinx01.

    6. Deploy oc-cn-helm-chart by running this command from the helmcharts directory: 

      helm install BrmReleaseName oc-cn-helm-chart --namespace BrmNameSpace --values OverrideValuesFile

      where:

      • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance. It must be different from the one used for oc-cn-init-db-helm-chart.

      • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

      • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.

      The BRM Helm chart deploys new dm-oracle, amt, and rel-dameon pods, Rated Event (RE) Loader PVCs, services, ConfigMaps, and secrets. It also updates their corresponding schema entries in the primary CM and Oracle DM and deploys multiple containers for the batch-wireless-pipe pod.

  4. Set each database schema's status and priority. BRM cloud native assigns accounts to an open schema with the highest priority.

    1. Open the configmap_pin_conf_testnap.yaml file.

    2. Under the config_dist.conf section, add the following entries for each secondary schema in your database: 

      DB_NO = "schema_number" ;             # database config. block
PRIORITY = priority ;
MAX_ACCOUNT_SIZE = 100000 ;
STATUS = "status" ;
SCHEMA_NAME = "schema_name" ;

    3. Set the STATUS and PRIORITY entries for each primary and secondary schema: 

      DB_NO = "0.0.0.1" ;             # Primary schema configuration block
PRIORITY = priority;
MAX_ACCOUNT_SIZE = 100000 ;
STATUS = "status" ;
SCHEMA_NAME = "schema_name" ;
  
DB_NO = "0.0.0.2" ;             # Secondary schema configuration block
PRIORITY = priority;
MAX_ACCOUNT_SIZE = 50000 ;
STATUS = "status" ;
SCHEMA_NAME = "schema_name" ;

      where:

      • priority is a number representing the schema's priority, with the highest number having the most priority. For example, 5 indicates a greater priority than a value of 1. For more information, see "Modifying Database Schema Priorities" in BRM Cloud Native System Administrator's Guide.

      • status specifies whether the schema is open, closed, or unavailable. For more information, see "Modifying Database Schema Status" in BRM Cloud Native System Administrator's Guide.

    4. Set up the configurator job to run the load_config_dist utility by adding the following lines to the oc-cn-helm-chart/config_scripts/loadme.sh script: 

      #!/bin/sh
 
#cp /oms/config_dist.conf /oms/sys/test/config_dist.conf
cd /oms/sys/test ; load_config_dist
exit 0;

    5. In the override-values.yaml file for oc-cn-helm-chart, set this key:

      ocbrm.config_jobs.run_apps: Set this to true.

    6. Run the helm upgrade command to update the Helm release: 

      helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

      The distribution information is loaded into the primary schema.

    7. Update these keys in the override-values.yaml file for oc-cn-helm-chart:

      • ocbrm.config_jobs.restart_count: Increment the existing value by 1.

      • ocbrm.config_jobs.run_apps: Set this to false.

    8. Update the Helm release again:

      helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

      The CM pod is bounced back.

  5. Configure the account-router Pipeline Manager to route CDRs to pipelines based on the database schema POID. To do so, edit the ConfigMap file configmap_acc_router_reg.yaml.

    Based on the configuration, the account router Pipeline Manager does the following:

    • Moves input files to the data PVC directory. The input file names have a prefix of router and a suffix of .edr.

    • Moves the rated output files to the input of the Rating pipeline.

    • Replicates the Rating pipeline based on the multischema entry. The Range function is used to replicate the rating pipeline.

    • Moves the output files from the Rating pipeline to the outputcdr PVC directory.

Your BRM cloud native environment is connected to your BRM multischema database. To manage your multischema environment, see "Managing a BRM Cloud Native Multischema System" in BRM Cloud Native System Administrator's Guide.

Configuring Pricing Design Center

Pricing Design Center (PDC) is a Web-based client application that you use to create and manage the product offerings that you sell to your customers. A product offering represents the services available to your customers and the price of those services. For more information about PDC, see Pricing Design Center Online Help.

You can optionally deploy a simple demonstration version of Pricing Design Center cloud native by using the sample PDC_OverrideValues.yaml file provided with oc-cn-helm-chart. This simple demonstration version has both SSL and ECE enabled, uploads a sample JKS certificate file, loads sample RUMs and balance elements, and starts the BRM-to-PDC synchronization process with SyncPDC.

To configure PDC to run in your BRM cloud native environment:

  1. Override the PDC-specific keys in the values.yaml file for oc-cn-helm-chart. See "Adding PDC Keys for oc-cn-helm-chart".

  2. Override the PDC-specific keys in the values.yaml file for oc-cn-op-job-helm-chart. See "Adding PDC Keys for oc-cn-op-job-helm-chart".

  3. Set up SAML for SSO in PDC. See "Setting Up SSO for PDC Cloud Native".

After you deploy PDC in your cloud native environment, you can access the PDC GUI at one of the following URLs:

  • http://kubernetesHost:pdcPort/pdc

    where:

    • kubernetesHost is the host name of the machine on which Kubernetes is deployed.

    • pdcPort is the PDC service node port. 

  • http://LoadBalancerHost:pdcNodePort/pdc

    where:

    • LoadBalancerHost is the host name of the machine on which the load balancer is deployed.

    • pdcNodePort is the number assigned to the PDC node port.

Adding PDC Keys for oc-cn-helm-chart

Table 7-5 describes the most common PDC keys that you need to override. Add these keys to your override-values.yaml file for oc-cn-helm-chart with the same path hierarchy.

For information about all PDC-specific keys, see the descriptions in the oc-cn-helm-chart/values.yaml file.

Caution:

Keys with the path ocpdc.secretValue hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64. See "Secrets" in Kubernetes Concepts.

Table 7-5 Pricing Design Center Keys for oc-cn-helm-chart

Key Path in values.yaml Description

isEnabled

ocpdc

Whether to enable and deploy PDC:

  • true: Enables PDC and deploys the PDC application. This is the default.
  • false: Disables the PDC application.

lang

ocpdc

The Linux system locale. The default is en_US.UTF-8.

tz

 ocpdc

The Linux time zone. The default is UTC.

volume.createOption.*

ocpdc

By default, PDC uses dynamic volume provisioning. To use a static volume instead, add the createOption keys under the volume section. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

Note: Ensure you provide the required permissions to the volume path by following the guidelines in "Persistent Volume Storage Locations" in the WebLogic Kubernetes Operator documentation.

storageSize

ocpdc

The storage size for the pdc-brm-pv or pdc-brm-pvc, such as 10Gi.

enableSecurityContext

ocpdc

Whether to enable PDC pod-level security attributes and common container settings. The default is true.

deployment.*

ocpdc

The details for deploying the PDC image:

  • imageName: The name of the PDC image. The default is oracle/pdc.

  • imageTag: The tag name for the PDC image. The default is :15.1.0.0.0.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

deployment.fmw.*

ocpdc.deployment

The details for pulling WebLogic images for PDC from a container registry:

  • imageRepository: The name of the container registry from which to pull the WebLogic image. The default is container-registry.oracle.com/.

  • imageName: The name of the container repository from which to pull the WebLogic image. The default is middleware/fmw-infrastructure.

  • imageTag: The tag name for the WebLogic image.

See "Pulling WebLogic Images for PDC, Billing Care, Billing Care REST API, and Business Operations Center" for more information.

nodeSelector

ocpdc

The name of the node on which to run the following PDC pods:

  • pdc
  • RRE
  • BRE
  • SyncPDC
  • Import-Export

Set this key if you want to constrain the PDC pods to run only on the node you specify.

For more information, see "nodeSelector" in the Kubernetes documentation.

Note: To override the rules for a specific PDC pod, specify a different value for the pod's nodeSelector key. For example, set the ocpdc.configEnv.transformation.syncPDC.nodeSelector key to apply rules specifically to the SyncPDC pod.

affinity

ocpdc

The rules for running the following PDC pods on specific nodes:

  • pdc
  • RRE
  • BRE
  • SyncPDC
  • Import-Export

Set this key if you want to constrain the PDC pod to run only on the nodes that meet your criteria.

For more information about this key, see "Node Affinity" in the Kubernetes documentation.

Note: To override the rules for a specific PDC pod, specify a different value for the pod's affinity key. For example, set the ocpdc.configEnv.transformation.importExport.affinity key to apply rules specifically to the Import-Export pod.

domainUID

ocpdc.wop

The name of the PDC WebLogic Server domain. The default is pdc-domain.

resources.*

ocpdc

The minimum and maximum CPU and memory resources for the PDC domain admin-server pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

configEnv.*

ocpdc

The configuration details for PDC.

  • name: The name of the PDC ConfigMap. The default is pdc-configmap-env.

  • upgrade: Set to true to upgrade PDC.

  • dbHostName: The host name of the PDC and cross-reference database. The value must match that of oc-cn-op-job-helm-chart.

  • dbPort: The port for the PDC and cross-reference database. The value must match that of oc-cn-op-job-helm-chart.

  • dbService: The service name for the PDC and cross-reference database. The value must match that of oc-cn-op-job-helm-chart.

  • dbSSLMode: The type of SSL connection required for connecting to the cross-reference database: two-way SSL authentication is required (TWO_WAY), one-way SSL authentication is required (ONE_WAY), or SSL authentication is not required (NO). The default is NO.

extOPSSWallet

extPDCKeystoreSecret

extPDCDBSSLWalletSecret

ocpdc.configEnv

The names of the Kubernetes Secrets containing the custom SSL database wallet for PDC, the custom OPSS wallet for PDC, and custom KeyStore certificate file for PDC. This value must match the one for the oc-cn-op-job-helm-chart.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

transformation.*

ocpdc.configEnv

The details for the transformation.

  • logLevel: The logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING.

  • logFileSize: The maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file. The default is 500000. See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.

  • logFileCount: The maximum number of log files to retain for the application. The default is 10.

  • persistTransactionLogs: Whether to persist log files in the database after they are closed. Possible values are all, disabled, and failed. The default is failed, which specifies to persist only failed transaction logs.

  • MEM_ARGS: The memory argument, surrounded by quotes. For example: "-Xms1024m -Xmx2048m -XX:CompileThreshold=8000".

  • persistOutFiles: Whether to keep the output and payload files generated by the transformation engine in the out directory (enabled) or remove the files from the out directory (disabled). The default is disabled.

  • resources.*: The minimum and maximum CPU and memory resources for the RRE and BRE pods. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

  • nodeSelector: The name of the node on which to run the RRE and BRE pods.

  • affinity: The rules for running the RRE and BRE pods on specific nodes.

seedData.*

ocpdc.configEnv

The details for deploying seed data.

Note: If balance element and RUM data already exist in the PDC database, they are not overwritten.

  • BE: Whether to load sample balance elements into the PDC database when PDC is deployed (true) or not (false). The default is false.

    Note: If balance element data already exists in the PDC database, it is not overwritten.

  • RUM: Whether to load sample RUMs into the PDC database when PDC is deployed (true) or not (false). The default is false.

importExport.*

ocpdc.configEnv

The default for running the ImportExportPricing utility in PDC cloud native. For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide.

  • IE_Operation.*: The operation for the ImportExportPricing utility to perform. When you deploy PDC, ensure that this key has an empty value.

    • Empty value: No operation is performed. This is the default.
    • export: The utility exports data from the PDC database into an XML file.
    • import: The utility imports data from the XML file into the PDC database.
    • publish: The utility publishes components from PDC to the batch rating engine, real-time rating engine, or ECE.
    • keep: The utility retains the latest version of successfully promoted PDC components.
    • deleteprofile: The utility deletes pricing profiles from PDC.
    • type: The utility displays the pricing or setup components available in PDC.

  • IE_Component.*: The type of components and objects to import or export using the ImportExportPricing utility. Don't include the hyphen (-) prefix with the value.

    • config: Imports or exports setup components, such as tax codes, business profiles, and general ledger IDs.
    • pricing: Imports or exports pricing components, such as events, charges, and chargeshares.
    • metadata: Imports or exports the event, service, account, and profile attribute specifications.
    • profile: Imports or exports pricing profile data.
    • customfields: Imports or exports custom fields.
    • brmobject: Exports BRM configuration objects such as services, events, and G/L IDs.
    • all: Imports or exports all objects and components.

  • IE_File_OR_Dir_Name: The name of the XML file or ImportExport directory that contains the list of components and objects to import into the PDC database. This XML file is used by the ImportExportPricing utility. If importing or deleting components, copy the XML file to the HostPath specified in pdcBRMHostPath or to pdc-brm-pvc.

    Set the file's or directory's ownership and permissions to chown runAsUser:0 and chmod 777.

  • extraCmdLineArgs: The extra command-line arguments for the ImportExportPricing utility, apart from operation, component, and file name. The value must be surrounded by quotes. For example, "-n ObjectName".

  • logLevel: Sets the logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING.

  • logSize: Sets the maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file.

  • logCount: Specifies the maximum number of log files to retain for the application. See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.

  • persistIELogs: Specifies whether to persist log files in the database after they are closed. Possible values are all, disabled, and failed. The default is failed.

  • resources.*: The minimum and maximum CPU and memory resources for the Import-Export pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

  • nodeSelector: The rules for deploying the Import-Export pod on specific nodes.

  • affinity: The rules for deploying the Import-Export pod on specific nodes.

syncPDC.*

ocpdc.configEnv

The details for running the SyncPDC utility in PDC cloud native. For more information, see "Running PDC Applications" in BRM Cloud Native System Administrator's Guide.

  • upgradeFromPS2: Set this to true to upgrade from 12.0 Patch Set 2 to 12.0 Patch Set 4 or higher.

  • logLevel: Sets the logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING.

  • logFileSize: Sets the maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file. The default is 20000.

  • logFileCount: Specifies the maximum number of log files to retain for the application. The default is 10. See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.

  • MEM_ARGS: The memory argument.

  • skipBREMigration: Skips the synchronization of pipeline configuration data. The default is false. This key is ignored when ECE is enabled in a PDC system.

  • syncPDCStartAt: The scheduled time for running the SyncPDC utility. This key is set at deployment time only. Valid values include: startAt and "HH:MM". The default is 23:59.

  • syncPDCInterval: The scheduled frequency for running the SyncPDC utility. This key is set at deployment time only. The default is 1:0.

  • enrichmentFileName: Set this to ECEEventEnrichmentSpec.xml. Store the enrichment file in the path specified in pdcBrmHostPath. This is applicable at both PDC deployment time and individual SyncPDC runtime.

  • runSyncPDC: Whether to create the SyncPDC pod and start the BRM-to-PDC synchronization process (true) or delete the SyncPDC pod and stop the synchronization process (false). The default is true.

  • resources.*: The minimum and maximum CPU and memory resources for the SyncPDC pod. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

  • nodeSelector: The rules for deploying the SyncPDC pod on specific nodes.

  • affinity: The rules for deploying the SyncPDC pod on specific nodes.

monitoring.*

ocpdc.configEnv

The details for monitoring PDC and collecting WebLogic metrics. By default, monitoring is disabled.

For more information, see "Monitoring PDC in a Cloud Native Environment" in BRM Cloud Native System Administrator's Guide.

secretValue.*

ocpdc

The passwords for PDC.

  • name: The name of the Secret key. The default is pdc-secret-env.

  • walletPassword: The passwords for the PDC application wallet and PDC BRM integration wallet.

Adding PDC Keys for oc-cn-op-job-helm-chart

You must create an override-values.yaml for oc-cn-op-job-helm-chart and then add the PDC-specific keys in Table 7-6.

For information about all PDC-specific keys, see the descriptions in the oc-cn-op-job-helm-chart/values.yaml file.

Caution:

Keys with the path ocpdc.secretValue hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 7-6 Pricing Design Center Keys for oc-cn-op-job-helm-chart

Key Path in values.yaml Description

isEnabled

ocpdc

Whether to enable PDC jobs:

  • true: Enables PDC jobs. This is the default.
  • false: Disables PDC jobs.

isClean

ocpdc

Whether to clean old PDC deployment and instance logs:

  • true: Removes all existing PDC deployment and instance logs. This is the default.
  • false: Keeps all existing PDC logs.

lang

ocpdc

The Linux system locale. The default is en_US.UTF-8.

tz

ocpdc

The Linux time zone. The default is UTC.

volume.domain.createOption.*

ocpdc

By default, PDC uses dynamic volume provisioning. To use a static volume instead, add the createOption keys under the volume section. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

Note: Ensure you provide the required permissions to the volume path by following the guidelines in "Persistent Volume Storage Locations" in the WebLogic Kubernetes Operator documentation.

storageSize

ocpdc

The storage size for the pdc-brm-pv or pdc-brm-pv, such as 10Gi.

enableSecurityContext

ocpdc

Whether to enable PDC pod-level security attributes and common container settings. The default is true.

deployment.*

ocpdc

The details for deploying the PDC image:

  • imageName: The name of the PDC image. The default is oracle/pdc.

  • imageTag: The tag name for the PDC image. The default is :15.1.0.0.0.

  • imagePullPolicy: When to pull images: only when one is not present locally (IfNotPresent) or always (Always). The default is IfNotPresent.

deployment.fmw.*

ocpdc

The details for pulling WebLogic images for PDC from a container registry:

  • imageRepository: The name of the container registry from which to pull the WebLogic image. The default is container-registry.oracle.com/.

  • imageName: The name of the container repository from which to pull the WebLogic image. The default is middleware/fmw-infrastructure.

  • imageTag: The tag name for the WebLogic image.

See "Pulling WebLogic Images for PDC, Billing Care, Billing Care REST API, and Business Operations Center" for more information.

nodeSelector

ocpdc

The rules for scheduling a PDC job pod on a particular node using nodeSelector or affinity.

pdc-domain-job: Set this key to constrain the PDC pods to run only on the node you specify. For more information, see "nodeSelector" in the Kubernetes documentation.

Note: To override the rules for a specific PDC pod, specify a different value for the pod's nodeSelector key. For example, set the ocpdc.configEnv.transformation.syncPDC.nodeSelector key to apply rules specifically to the SyncPDC pod.

affinity

ocpdc

The rules for scheduling a PDC job pod on a particular node using nodeSelector or affinity.

pdc-domain-job: Set this key if you want to constrain the PDC pod to run only on nodes that meet your criteria. For more information, see "Node Affinity" in the Kubernetes documentation.

Note: To override the rules for a specific PDC pod, specify a different value for the pod's affinity key. For example, set the ocpdc.configEnv.transformation.importExport.affinity key to apply rules specifically to the PDC Import Export pod.

wop.*

  

The details for deploying the WebLogic Operator.

  • domainUID: The name of this PDC WebLogic Server domain.

  • includeServerOutInPodLog: Whether to include the server out file in the pod's stdout log (true) or not (false). The default is true.

  • jtaTimeoutSeconds: The maximum amount of time, in seconds, an active transaction is allowed to be in the first phase of a two-phase commit transaction. The default is 10000. If the time expires, the transaction is automatically rolled back.

  • jtaAbandonTimeoutSeconds: The maximum amount of time, in seconds, a transaction manager continues to attempt completing the second phase of a two-phase commit transaction. The default is 10000.

  • stuckThreadMaxTime: The number of seconds a thread must be continually working before the server considers the thread to be stuck. The default is 20000.

  • idlePeriodsUntilTimeout: The number of idle periods until the peer is considered to be unreachable. The default is 40.

  • dataSourceXaTxnTimeout: The number of seconds until the data source transaction times out. The default is 0.

    When set to 0, the WebLogic Server Transaction Manager passes the global WebLogic Server transaction timeout in seconds in the method.

  • pdcAppSesTimeOut: The PDC application (pricingui.ear) session time out, in seconds. The default is 36000.

  • pdcAppSesInvInterTimeOut: The PDC application (pricingui.ear) session invalid interval time out, in seconds. The default is 3000.

  • maxMessageSize: The maximum number of bytes allowed in messages that are received over supported protocols. The default is 10000000.

  • users.*: The users to add to the PDC domain. For more information, see "Creating PDC Users" in BRM Cloud Native System Administrator's Guide.

resources.*

  

The minimum and maximum CPU and memory resources for the PDC domain job. See "Setting Minimum and Maximum CPU and Memory Values" in BRM Cloud Native System Administrator's Guide.

PDC Ports  

The details about the PDC ports to use.

  • exposePorts: Exposes the SSL HTTPS port only (yes), the HTTP port only (no), or both (all). The default is all.

  • t3ChannelPort: The port number for the t3 channel. The default is 30799.

    Use this key if PDC needs to use the t3 protocol to communicate with an external system, such as Elastic Charging Engine (ECE). Set this to a Kubernetes port number from 30000 through 32767 that is not in use.

  • t3ChannelAddress: The IP address for the primary node or load balancer.

  • t3sChannelPort: The port number for the t3s channel. The default is 30800.

    Use this key if PDC needs to use the t3s protocol to communicate with an external system such as ECE. Set this to a Kubernetes port number from 30000 through 32767 that is not in use.

  • t3sChannelAddress: If SSL is enabled in the WebLogic domain, set this to the IP address for the primary node or load balancer.

Java Settings

ocpdc.configEnv

The Java security settings.

  • USER_MEM_ARGS: The custom memory arguments for WebLogic Admin Server.

  • USER_JAVA_OPTIONS: The custom Java options for WebLogic Admin Server.

  • javaSecurityFileName: The name of the Java security file listing the ciphers to disable. Place the file in the pdc/java_security directory.

tlsVersions

ocpdc.configEnv

The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.

Log File Rotation

ocpdc.configEnv

The settings for rotating Pricing Server log and tracing log files:

  • pdcAppLogLevel: Sets the logging level, which can be SEVERE, WARNING, INFO, CONFIG, FINE, FINER, or FINEST. The default is WARNING.

  • pdcAppLogFileSize: Sets the maximum file size, in bytes, of the log files. After the log file meets the maximum, PDC closes the log file and creates a new log file.

  • pdcAppLogFileCount: Specifies the maximum number of log files to retain for the application.

See "Rotating PDC Log Files" in BRM Cloud Native System Administrator's Guide for more information.

RCU Schema

ocpdc.configEnv

The details about the RCU schema.

  • rcuJdbcURL: The connection string for connecting to a database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS. Use the format "host:port/service".

  • rcuPrefix: The prefix for the PDC domain RCU schema. For example, if the prefix is XYZ and the schema name is STB, the PDC domain RCU schema name will be XYZ_STB.

  • rcuRecreate: Whether to re-create the PDC domain if present (true) or not (false).

isCustomWLSPython

ocpdc.configEnv

Whether to run your custom WebLogic Python files:

  • true: Run your custom WebLogic Python files located in oc-cn-op-job-chart/pdc/customWLSPython.

  • false: Do not run a custom WebLogic Python file.

Set each file's ownership and permissions to chown 1000:0 and chmod 777.

addOPSSWallet

ocpdc.configEnv

Whether you added the OPSS wallet to the Helm chart.

  • true: The OPSS wallet is added to the Helm chart. If set to true, you must copy the OPSS wallet file from pdc-app-pvc/stores/opss_wallet/ to oc-cn-op-job-helm-chart/pdc/opss_wallet.

  • false: The OPSS wallet was not added to the Helm chart. This is the default.

Note: The OPSS wallet file will not be available in pdc-app-pvc/stores/opss_wallet the first time you run oc-cn-op-job-helm-chart or create a new RCU prefix.

extOPSSWallet

ocpdc.configEnv

The name of the external Kubernetes Secret containing the custom OPSS wallet file for PDC.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

honorOMF

ocpdc.configEnv

Whether the RDS database honors the Oracle-Managed Files (OMF) naming format:

  • true: OMF format is used.

  • false: OMF format is not used. This is the default.

keyStoreType

ocpdc.configEnv

The SSL KeyStore type for the PDC domain. The default is JKS.

keyStoreAlias

ocpdc.configEnv

The alias name for the PDC domain SSL KeyStore. The default is WeblogicPDCTestAlias.

keyStoreIdentityFileName

ocpdc.configEnv

The name of the PDC domain SSL KeyStore Identity file. The default is defaultserver.jks.

The defaultserver.jks file is created during PDC deployment if it does not already exist.

keyStoreTrustFileName

ocpdc.configEnv

The name of the PDC domain SSL TrustStore file. The default is defaultclient.jks.

The defaultclient.jks file is created during PDC deployment if it does not already exist.

extPDCKeystoreSecret

ocpdc.configEnv

The name of the external Kubernetes Secret containing the custom KeyStore certificate file for PDC.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

isSSOEnabled

ocpdc.configEnv

Set to true to configure and use SAML 2.0 SSO service. The default is false.

extMetadataCM

ocpdc.configEnv

The name of the external ConfigMap containing the IDP metadata file.

samlAsserterName

ocpdc.configEnv

The name of the SAML Asserter. It should be the same as OEM or IDCS. The default is pdcSAML2IdentityAsserter.

ssoPublishedSiteURL

ocpdc.configEnv

The base URL used to construct endpoint URLs, typically, the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

ssoDefaultURL

ocpdc.configEnv

The URL to which unsolicited authentication responses are sent if they do not contain an accompanying target URL.

ssoLogoutURL

ocpdc.configEnv

The URL where users are redirected after they log out from the application (OEM or IDCS log out).

Database Details

ocpdc.configEnv

The details for

  • dbHostName: The host name of the PDC and cross-reference database.

  • dbPort: The port for the PDC and cross-reference database.

  • dbService: The service name for the PDC and cross-reference database.

  • dbSysDBAUser: The SYS, System, or Sys DBA user for the PDC and cross-reference database. If this key is not configured, PDC assumes that pdcSchemaUserName and crossRefSchemaUserName are already present in the database with the required permissions.

  • dbSysDBARole: The role of the PDC and cross-reference database SYS, System, or Sys DBA user.

  • dbSSLMode: The type of SSL connection required for connecting to the database: TWO_WAY, ONE_WAY, or NO.

  • dbWalletType: The type of file specified as the TrustStore for SSL connections: SSO or pkcs12. The default is SSO.

    If set to ONE_WAY or TWO_WAY, place the database wallet in the oc-cn-helm-chart/pdc/pdc_db_wallet directory. Create the directory structure if it is not present and do not change the directory name.

  • extPDCDBSSLWalletSecret: The name of the Kubernetes Secret containing the custom SSL database wallet file for PDC. See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

Database Schema

ocpdc.configEnv

The details about the PDC database schema.

  • crossRefSchemaPDCTableSpace: The name of the PDC tablespace for the transformation cross-reference schema. This field is case-sensitive.

  • crossRefSchemaTempTableSpace: The name of the temporary tablespace for the transformation cross-reference schema. This field is case-sensitive.

  • crossRefSchemaUserName: The cross-reference database schema user name.

  • pdcSchemaPDCTableSpace: The tablespace name of the PDC schema. This field is case-sensitive.

  • pdcSchemaTempTableSpace: The tablespace name of the temporary schema. This field is case-sensitive.

  • pdcSchemaUserName: The PDC database schema user name.

  • rcuWalletSchemaUserName: The RCU wallet schema user name. The default schema user name is PDCRCUWALLET.

    Note: The OPSS wallet file created for the RCU schema is stored in the RCU_WALLET_DETAILS table during the first run. If the wallet file is available for the given RCU prefix, it is reused in subsequent runs and the RCU schema is not re-created. If the OPSS wallet file is present in oc-cn-op-job-helm-chart/pdc/opss_wallet, it takes precedence.

pdcAdminUser

ocpdc.configEnv

The PDC admin user name, which includes the Pricing Design Admin role. The default is cnepdcadminuser.

supportECE

ocpdc.configEnv

The charging engine to use: Elastic Charging Engine (true) or the real-time and batch rating engine (false). The default is true.

Upgrade

ocpdc.configEnv

The details for upgrading PDC.

  • deployAndUpgradeSite2: Set to true for zero-downtime upgrades (ZDU). The default is false.

  • upgrade: Set to true to upgrade from a previous version to a 15.x Patch Set or to deploy a 15.x interim patch. The default is false.

secretValue.*

ocpdc

The credentials for accessing the system.

  • adminPassword: The password for the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations.

  • rcuSchemaPassword: The password for the Oracle Fusion Middleware product schemas that will be created by RCU and used by OPSS.

  • keyStoreIdentityKeyPass: The password for the PDC domain SSL Identity key.

  • keyStoreIdentityStorePass: The password for the PDC domain SSL identity store.

  • keyStoreTrustStorePass: The password for the PDC domain SSL TrustStore.

  • dbPassword: The Sys or System user password for the PDC and Cross Reference schema.

  • pdcSchemaPassword: The password for the PDC database schema user.

  • crossRefSchemaPassword: The password for the transformation cross-reference database schema user.

  • rcuWalletSchemaPassword: The password for the PDC RCU OPSS wallet schema.

  • dbWalletPassword: The password for the database SSL wallet. This key is required if dbWalletType is set to pkcs12.

  • walletPassword: The passwords for the PDC application wallet and PDC BRM integration wallet.

  • pdcAdminUserPassword: The password for the PDC admin user, which includes the Pricing Design Admin role.

service.*

ocpdc

The pdc-service service's details.

  • name: The name of the service: pdc-service.

  • type: The service type. The default is ClusterIP.

Setting Up SSO for PDC Cloud Native

SSO allows users to log in to applications using a single user name and password combination. You set up SSO for PDC cloud native services by using SAML 2.0.

To set up SSO for PDC:

  1. Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.

    For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.

  2. Add the metadata XML file to your BRM cloud native deployment by doing one of the following:

    • Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/pdc/idp directory.

    • Pre-create the IDP metadata ConfigMap for PDC and set the ocpdc.configEnv.extMetadataCM key in your override-values.yaml file for oc-cn-op-job-helm-chart.

  3. Configure the KeyStores needed by SAML by doing one of the following:

    • Generate the Identity and Trust KeyStores and then move your files under the oc-cn-op-job-helm-chart/pdc/pdc_keystore directory.

    • Pre-create the Kubernetes Secret for the Identity and Trust KeyStore files and set the ocpdc.configEnv.extKeystoreSecret key in your override-values.yaml file for both oc-cn-op-job-helm-chart and oc-cn-helm-chart.

      For more information, see "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator's Guide.

  4. In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:

    • ocpdc.configEnv.isSSOEnabled: Set this to true.

    • ocpdc.configEnv.keyStoreAlias: Set this to the private key alias of the KeyStore.

    • ocpdc.configEnv.keyStoreType: Set this to the file type of the SSL Identity and Trust KeyStore. The only supported value is JKS.

    • ocpdc.configEnv.keyStoreIdentityFileName: Set this to the name of the Identity KeyStore file.

    • ocpdc.configEnv.keyStoreTrustFileName: Set this to the name of the Trust KeyStore file.

    • ocpdc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is pdcSAML2IdentityAsserter.

    • ocpdc.configEnv.ssoPublishedSiteURL: Set this to the base URL used to construct endpoint URLs. This is typically the load balancer host and port where the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

    • ocpdc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

    • ocpdc.secretValue.keyStoreIdentityStorePass: Set this to the StorePass for the Identity KeyStore.

    • ocpdc.secretValue.keyStoreIdentityKeyPass: Set this to the KeyPass for the Identity KeyStore.

    • ocpdc.secretValue.keyStoreTrustStorePass: Set this to the StorePass for the Trust KeyStore.

  5. Configure your load balancer's rules to send responses to the PDC WebLogic domain with /saml2 appended to the URL path.

    Note:

    Add this rule to your existing load balancer rules for routing responses to PDC (/pdc), the load balancer host name, and so on.

    See "Installing an Ingress Controller".

  6. Deploy your PDC cloud native services by following the instructions in "Deploying BRM Cloud Native Services".

  7. After PDC is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your PDC domain specified in the ocpdc.wop.domainUID key.

    The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to PDC.

  8. Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.

    For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.

Configuring Pipeline Configuration Center

To configure Pipeline Configuration Center (PCC) to run in your BRM cloud native environment:

  1. Override the PCC-specific keys in the values.yaml file for oc-cn-op-job-helm-chart. See "Adding Pipeline Configuration Center Keys for oc-cn-op-job-helm-chart".

  2. Override the PCC-specific keys in the values.yaml file for oc-cn-helm-chart. See "Adding Pipeline Configuration Center Keys for oc-cn-helm-chart".

  3. Set up volume mounts. See "About PCC Volume Mounts".

  4. Create a WebLogic domain and install the PCC application. See "Creating a WebLogic Domain and Installing the PCC Application".

  5. Set up SAML for SSO in PCC. See "Setting Up SSO for Pipeline Configuration Center".

  6. Set up local users and groups for PCC. See "Setting Up Local Users and Groups for PCC".

  7. Start and stop your WebLogic servers. See "Starting and Stopping WebLogic Servers".

  8. Enable SSL in PCC. See "Configuring SSL in PCC".

Adding Pipeline Configuration Center Keys for oc-cn-op-job-helm-chart

Table 7-7 lists the keys that directly impact PCC deployment. Add these keys to your override-values.yaml file for oc-cn-op-job-helm-chart.

Table 7-7 PCC Keys for oc-cn-op-job-helm-chart

Key Paths in values.yaml File Description
isEnabled ocpcc.pcc

Whether to deploy, configure, and start PCC services:

  • false: Does not create the Kubernetes resources for using PCC.

  • true: Creates the Kubernetes resources for using PCC. This is the default.

imageName

ocpcc.pcc.deployment.app

The name of the PCC image, such as oracle/pcc

imageTag

ocpcc.pcc.deployment.app

The tag associated with the image. This is generally the patch set number prefixed with a colon (:). For example, :15.1.0.0.0

dbSSLMode

ocpcc.pcc.configEnv

The type of connection required to connect to the database:

  • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.

  • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.

  • NO: SSL authentication is not required.

dbWalletType

ocpcc.pcc.configEnv

The type of TrustStore and KeyStore file that is used for the SSL connection: SSOor PKCS12.

rcuJdbcURL

ocpcc.pcc.configEnv

The connection string for connecting to the database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS.

rcuDBARole

ocpcc.pcc.configEnv

The role of the database administrator user.

rcuArgs

ocpcc.pcc.configEnv

The additional arguments for creating the RCU.

ldapHost

ocpcc.pcc.configEnv

The host name or IP address of the LDAP Server (for example, OUD) where users and groups will be configured for access to PCC.

ldapPort

ocpcc.pcc.configEnv

The port number on which the LDAP server is listening.

ldapGroupBase

ocpcc.pcc.configEnv

The LDAP base DN that contains groups.

ldapUserBase

ocpcc.pcc.configEnv

The LDAP base DN that contains users.

extDBSSLWalletSecret

extKeystoreSecret

ocpcc.pcc.configEnv

The names of the pre-created Kubernetes Secrets for the Pipeline Configuration Center KeyStore certificates and wallets.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

keystoreAlias

ocpcc.pcc.configEnv

The private key alias of the KeyStore.

keystoreType

ocpcc.pcc.configEnv

The file type of the SSL Identity and TrustStore, which is either PKCS12or JKS. The default is PKCS12.

keystoreIdentityFileName

ocpcc.pcc.configEnv

The file name of the Identity KeyStore.

keystoreTrustFileName

ocpcc.pcc.configEnv

The file name of the Trust KeyStore.

isSSOEnabled

ocpcc.pcc.configEnv
Whether to enable single sign-on (SSO) for PCC cloud native services through SAML 2.0:

  • true: SSO is enabled for PCC cloud native services.

  • false: SSO is disabled. This is the default.

samlAsserterName

ocpcc.pcc.configEnv

The name of the SAML Asserter. The default is samlPCCAsserter.

ssoPublishedSiteURL

ocpcc.pcc.configEnv

The base URL that is used to construct endpoint URLs. This is typically the Load Balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

ssoDefaultURL

ocpcc.pcc.configEnv

The URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

reloadVersion

ocpcc.pcc.configEnv

Update this value with any value different from the current value to force a restart of the deployer.

adminPassword

ocpcc.pcc.secretVal

The password of the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations.

ldapPassword

ocpcc.pcc.secretVal

The password of the LDAP Server admin user.

rcuSysDBAPassword

ocpcc.pcc.secretVal

The password for the rcuJdbcURL database administrator.

rcuSchemaPassword

ocpcc.pcc.secretVal

The passwords for the schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS.

dbWalletPassword

ocpcc.pcc.secretVal

The password for accessing the certificates from the TrustStore and KeyStore.

keystoreIdentityPassword

ocpcc.pcc.secretVal

The StorePass for the Identity KeyStore.

keystoreKeyPassword

ocpcc.pcc.secretVal

The KeyPass for the Identity KeyStore.

keystoreTrustPassword

ocpcc.pcc.secretVal

The StorePass for the Trust KeyStore.

domainUID

ocpcc.pcc.wop

The name of the domain. The default is pcc-domain.

adminChannelPort

ocpcc.pcc.wop

The NodePort where the admin-server's HTTP service is accessible.

serverStartPolicy

ocpcc.pcc.wop
The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.

  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).

  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count.

volume.*

ocpcc.pcc

Details about the PVC for the pcc pod:

  • storage: The storage size of the volume.

  • createOption: By default, the pcc pod uses dynamic volume provisioning. To use a static volume instead, you must add the createOption key. See "Using Static Volumes" in BRM Cloud Native System Administrator's Guide.

nodeSelector

ocpcc.pcc

The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.

affinity

ocpcc.pcc

The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

Adding Pipeline Configuration Center Keys for oc-cn-helm-chart

Table 7-8 lists the keys that directly impact PCC deployment. Add these keys to your override-values.yaml file for oc-cn-helm-chart.

Table 7-8 Pipeline Configuration Center Keys

Key Path in Values.yaml File Description

appLogLevel

ocpcc

The logging level at which application logs must be captured in log files: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, and ALL.

isEnabled

ocpcc.pcc

Whether to deploy, configure, and start PCC services:

  • false: Does not create the Kubernetes resources for using PCC.

  • true: Creates the Kubernetes resources for using PCC. This is the default.

imageName

ocpcc.pcc.deployment.app

The name of the PCC image, such as oracle/pcc.

imageTag

ocpcc.pcc.deployment.app

The tag associated with the image. This is generally the patch set number, prefixed with a colon (:). For example, :15.1.0.0.0

keystoreAlias

ocpcc.pcc.configEnv

The private key alias of the KeyStore.

dbSSLMode

ocpcc.pcc.configEnv
The type of connection required to connect to the database:

  • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each other’s identity.

  • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.

  • NO: SSL authentication is not required.

dbWalletType

ocpcc.pcc.configEnv

The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.

extDBSSLWalletSecret

extKeystoreSecret

ocpcc.pcc.configEnv

The names of the pre-created Kubernetes Secrets for the Pipeline Configuration Center KeyStore certificates and wallets.

See "About Using External Kubernetes Secrets" in BRM Cloud Native System Administrator’s Guide.

tlsVersions

ocpcc.pcc.configEnv

The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.

login

ocpcc.pcc.infranet.user

The username of the service that has permission to access BRM.

serviceType

ocpcc.pcc.infranet.user

The POID type of the service that has permission to access BRM.

serviceID

ocpcc.pcc.infranet.user

The POID ID of the service that has permission to access BRM.

minSize

ocpcc.pcc.infranet.connectionpool

The minimum size of the connection pool.

maxSize

ocpcc.pcc.infranet.connectionpool

The maximum size of the connection pool.

loglevel

ocpcc.pcc.infranet

The log level for the infranet properties.

addOnProperties

ocpcc.pcc.infranet

Empty by default, you can use this key to specify custom infranet properties.

domainUID

ocpcc.pcc.wop

The name of the domain. The default is pcc-domain.

adminChannelPort

ocpcc.pcc.wop

The NodePort where the admin-server's HTTP service will be accessible. The default is blank.

Note: Set this key only if you want the pcc-domain-admin-server-ext service to deploy as NodePort.

serverStartPolicy

ocpcc.pcc.wop
The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.

  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).

  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count.

isEnabled

ocpcc.pcc.monitoring

Whether to enable monitoring of PCC.

nodeSelector

ocpcc.pcc

The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.

affinity

ocpcc.pcc

The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

Table 7-9 lists the secret keys that directly impact PCC deployment. These keys hold sensitive data and must be handled carefully with controlled access to the file containing its values. See "Secrets" in Kubernetes Concepts.

Add these secret keys to your override-values.yaml file, and encode all of their values in Base64.

Note:

  • You can encode strings in Linux by using this command:

    echo -n 'string' | base64

  • You can decode strings in Linux by using this command:

    echo 'encoded_string' | base64 --decode

Table 7-9 Pipeline Configuration Center Secret Keys

Key Description

ocpcc.pcc.secretVal.adminPassword

The WebLogic Server administrative password encoded in Base64.

ocpcc.pcc.secretVal.walletPassword

The PCC wallet password encoded in Base64.

ocpcc.pcc.secretVal.rcuSysDBAPassword

The Database Administrator password encoded in Base64.

ocpcc.pcc.secretVal.rcuSchemaPassword

The password for schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS. The value must be Base64-encoded.

ocpcc.pcc.secretVal.keystoreIdentityPassword

The KeyPass of Identity Keystore, which is used for setting up the SSL-enabled domain. The value must be Base64-encoded.

ocpcc.pcc.secretVal.keystoreKeyPassword

The StorePass of Identity Keystore, which is used for setting up the SSL-enabled domain. This value must be Base64-encoded.

ocpcc.pcc.secretVal.keystoreTrustPassword

The StorePass of the Trust Keystore, which is used for setting up the SSL-enabled domain. This value must be Base64-encoded.

ocpcc.pcc.secretVal.pccUserPassword

The PCC user password encoded in Base64.

About PCC Volume Mounts

The PCC container requires Kubernetes volume mounts for sharing the domain and application file system between the WebLogic Cluster servers. There is one volume for the domain. By default, these are created dynamically, using the provisioner defined in BRM, in the storage-class key in oc-cn-op-job-helm-chart.

To change the volume type or provider, modify the following keys in the override-values.yaml file for oc-cn-op-job-helm-chart.

  • ocpcc.pcc.volume.domain.createOption for the domain file system for PCC.

Creating a WebLogic Domain and Installing the PCC Application

The WebLogic domain is created by a Kubernetes Deployment when oc-cn-op-job-helm-chart is installed. The same job also installs the PCC application and deploys the application EAR file onto the WebLogic Cluster.

The oc-cn-op-job-helm-chart chart also:

  • Creates a Kubernetes ConfigMap and Secrets, which are used throughout the life-cycle of the WebLogic domain.

  • Initializes the PersistentVolumeClaim for the domain and application file system as well as third-party libraries.

Note:

The override-values.yaml file that you use for this chart must include BRM override values.

After you install oc-cn-op-job-helm-chart, wait until the Kubernetes deployment has reached the 1/1 Running status. Then, you can install or upgrade oc-cn-helm-chart for PCC services.

After the deployment is running, don't delete the chart. Its resources will be used for starting and stopping the servers through oc-cn-helm-chart.

Setting Up SSO for Pipeline Configuration Center

SSO allows users to log in to applications using a single user name and password combination. You set up SSO for Pipeline Configuration Center cloud native services by using SAML 2.0.

To set up SSO for Pipeline Configuration Center:

  1. Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.

    For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.

  2. Add the metadata XML file to your BRM cloud native deployment by doing one of the following:

    • Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/pcc/idp directory.

    • Pre-create the IDP metadata ConfigMap for Pipeline Configuration Center and set the ocpcc.pcc.configEnv.extMetadataCM key in your override-values.yaml file for oc-cn-op-job-helm-chart.

      For more information, see "Managing Wallet and KeyStore Certificates" in BRM Cloud Native System Administrator's Guide.

  3. Configure the KeyStores needed by SAML by doing one of the following:

    • Generate the Identity and Trust KeyStores and then move your files, such as identity.p12 and trust.p12, under the oc-cn-op-job-helm-chart/pcc/keystore directory.

    • Pre-create the Kubernetes Secret for the Identity and Trust KeyStores and set the ocpcc.pcc.configEnv.extKeystoreSecret key in your override-values.yaml file for both oc-cn-op-job-helm-chart and oc-cn-helm-chart.

      For more information, see "Managing Wallet and KeyStore Certificates" in BRM Cloud Native System Administrator's Guide.

  4. In your override-values.yaml file for oc-cn-helm-chart, set the isSSOEnabled key to true.

  5. In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:

    • ocpcc.pcc.configEnv.isSSOEnabled: Set this to true.

    • ocpcc.pcc.configEnv.keystoreAlias: Set this to the private key alias of the KeyStore.

    • ocpcc.pcc.configEnv.keystoreType: Set this to the file type of the SSL Identity and Trust store, which is either PKCS12 or JKS. The default is PKCS12.

    • ocpcc.pcc.configEnv.keystoreIdentityFileName: Set this to the name of the Identity KeyStore file.

    • ocpcc.pcc.configEnv.keystoreTrustFileName: Set this to the name of the Trust KeyStore file.

    • ocpcc.pcc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is samlPCCAsserter.

    • ocpcc.pcc.configEnv.ssoPublishedSiteURL: Set this to the base URL that is used to construct endpoint URLs. This is typically the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

    • ocpcc.pcc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

    • ocpcc.pcc.secretVal.keystoreIdentityPassword: Set this to the StorePass for the Identity KeyStore.

    • ocpcc.pcc.secretVal.keystoreKeyPassword: Set this to the KeyPass for the Identity KeyStore.

    • ocpcc.pcc.secretVal.keystoreTrustPassword: Set this to the StorePass for the Trust KeyStore.

  6. Configure your load balancer's rules to send responses to the Pipeline Configuration Center WebLogic domain with /saml2 appended to the URL path.

    Note:

    Add this rule to your existing load balancer rules for routing responses to Pipeline Configuration Center (/pcc), the load balancer host name, and so on.

    See "Installing an Ingress Controller".

  7. Deploy your Pipeline Configuration Center cloud native services by following the instructions in "Deploying BRM Cloud Native Services".

  8. After Pipeline Configuration Center is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your Pipeline Configuration Center domain specified in the ocpcc.pcc.wop.domainUID key.

    The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to Pipeline Configuration Center.

  9. Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.

    For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.

Setting Up Local Users and Groups for PCC

You have the option to customize the values for oc-cn-op-job-helm-chart to create users and groups locally in Oracle WebLogic Server. This would be especially useful for test environments where you might not have Identity Providers or LDAPs available. The groups for the admin user for WebLogic Server cannot be modified using this procedure.

Any passwords must be encoded using Base64. You can leave the password blank, but then the user will not be able to log in to the application directly.

To set up local users and groups for PCC, define the keys under ocpcc.pcc.wlsUserGroups in the override-values.yaml file for oc-cn-op-job-helm-chart.

A group has to be the Config Admin to access the PCC UI. Only a user associated with the Config Admin group has full access to the PCC user interface. For example:

Add users and groups to domain's DefaultAuthenticator (local)
        wlsUserGroups:
            groups:
            - name: Config Admin
              description: PCC Admin
            # Each element for this takes "name", "description", "password" (base64 encoded) and list of "groups" that he is part of, like:
            # - name:
            # description:
            # password:
            # groups:
            # - "Regular CSR"
            users:
            - name: pccuser
              description: pccuser
              password: QzFnMmIzdTQj
              groups:
              - "Config Admin"

Starting and Stopping WebLogic Servers

When you install oc-cn-op-job-helm-chart, the default configuration sets up a WebLogic Cluster with five Managed Servers. When you install or upgrade oc-cn-helm-chart for the PCC service, two of the Managed Servers and one Admin Server are started.

By modifying the override-values.yaml file for oc-cn-helm-chart, you can control:

  • The total number of Managed Servers and the initial server start up by using the totalManagedServers and initialServerCount keys.

  • Whether the servers are started or stopped by using the serverStartPolicy key. To start the Admin Servers and the Managed Servers in a Cluster, set the key to IF_NEEDED. To stop all servers, set the key to NEVER.

Note:

The keys in the override-values.yaml file should be the same as the ones used in oc-cn-op-job-helm-chart for keys that are common in both charts.

After you modify the override-values.yaml file, update the Helm release for the changes to take effect: 

helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile --namespace BrmNameSpace

where:

  • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance.

  • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

  • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.

Configuring SSL in PCC

To access PCC over the HTTPS port, SSL must be enabled in the WebLogic domain where PCC is deployed. The BRM cloud native deployment package takes care of the configuration necessary to equip the WebLogic domain with SSL access.

To complete the configuration for SSL setup:

  1. Copy PKCS12 files with valid certificates to the oc-cn-op-job-helm-chart/pcc/keystore directory:

    • identity.p12: Provides the certificate to identify the server.

    • trust.p12: Establishes trust for the certificate.

    If your KeyStore files have different file names or file types, such as JKS, override the keyStoreIdentityFileName, keyStoreTrustFileName, and keyStoreType keys in the override-values.yaml file for oc-cn-helm-chart.

    The keystoreAlias key is also mandatory along with keyStoreIdentityFileName, keystoreTrustFileName to enable SSL.