Prerequisites

Before starting deployment ensure that the following are in place:

• A control server A computer on a network used to access and manage devices. For Ansible purposes, a control server runs Linux/Unix and has Ansible installed. is available that runs Unix, is connected to the network In the context of CMP, the infrastructure on which usage of registered customers will be measured – this could be a mobile phone network, broadband network or other non-telecommunications network. and has Ansible 9.2.x with Ansible Core 2.16.x, and python3.12-jmespath, and a version of the unzip utility installed.

  Note:

  If different Ansible and Ansible Core versions (higher or lower) are already installed on the control server they should be removed before installing the version above. If not readily available from the systems standard repositories, the correct Ansible version can be installed from an MDS Global hosted repository as follows:

  1. Remove any Ansible package exclusion in place by editing /etc/dnf/dnf.conf and removing any line stating exclude=ansible*

  2. Add the relevant MDS Global repository: sudo dnf config-manager --add-repo https://<username>:<password>@vault.mdsglobal.dev/repository/repos/cmp-prereq.repo replacing username and password with the repository credentials supplied by MDS Global for CMP Converged Monetisation Platform. The MDS Global product that supports customer care and billing for digital service providers. installation

  3. Edit /etc/yum/repos.d/cmp-prereq.repo to replace <username> and <password> with the repository credentials supplied by MDS Global for CMP installation

  4. Install Ansible with Ansible Core and the Python jmespath: sudo dnf install ansible python3.12-jmespath

  5. Exclude updates for ansible packages by editing /etc/dnf/dnf.conf" and adding the following line exclude=ansible*

• The control server is locked to the above Ansible version so that is not inadvertently updated by Linux A well-known widely used open source operating system. package updates (i.e. add a line with exclude=ansible* at the end of the /etc/dnf/dnf.conf file on the server).

• Red Hat Enterprise Linux is installed and updated on each target host.

  For more information, see Third Party Software Versions in the CMP Technical Architecture Guide.

• The time on all servers being used is synchronised and set up using Network Time Protocol.
• The timezone on all the servers is set to the timezone in which users expect to schedule activities and to be used to trigger processing of events. This is usually the local timezone of the location where CMP is being used.
• The intended target hosts and the control server are connected to a network.
• Each intended target host can be accessed by their external hostname which is also known to the host in question; that is, the name that will be used in the Inventory Configuration Tool for the installation, by the end users and support staff to access the target hosts from outside of the CMP stack. You can achieve this by:
  • Adding the respective hostname/IP address pairs to the DNS server.
  • Adding the respective hostname/IP address pairs to the local hosts file on the control server and all target hosts.
• The target servers can communicate with one another over the ports required for the intra stack communications (see the table in Network Communication). If there are firewalls between the target servers other than the default Linux firewall (firewalld), the communications described in the intra stack communications table must be allowed.

  It is essential that on each host the external hostname resolves to the local IP address of the server that the server itself understands is its own address, and not to an external address which is routed to the server.

• The control server can communicate with the target host via SSH.
• The user A person with the capability to log in to the CMP GUI software, such as a customer service advisor or agent. account In the Cloud Monetisation Platform, a billing entity that can be used to manage payments on one or more subscriptions or payments for services. An account can hold details such as payments or invoices. that will be used by Ansible is created on each target host. This account must have:

  • Either password access or the client public key added to list of the authorised keys for the user in question, allowing key-based authentication for the user.

    Ensure that you can log into the target hosts over SSH from the control server with the password or the private key prior to starting deployment.

    Ensure that the corresponding server keys are added to the known_hosts file on the control server.

  • sudo A program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser. access without a password.

• The customer In the context of the Cloud Monetisation Platform, an individual or organisation who has signed an agreement to take goods and services from a service provider. A customer receives a bill associated with one or more subscriptions, and can be a single end user or a large company with many subscriptions assigned to one agreement. has requested access to the MDS Global repository. The request must include the public IP addresses (IP address range) of the control server and the target hosts. MDS Global will whitelist the provided address(-es), allowing connectivity to the repository and will provide set of credentials that must be used both to download the installation scripts and to enter in the inventory file.

  For more information on the inventory file, see Prepare the Inventory File.

• For Production systems it is recommended to create separate filesystems for the database instance otherwise the database tablespace files will be stored in the “root” Linux filesystem. By default, the following locations are used to store the database data:

  • /pg_wal
  • /pg_logs
  • /pg_temp
  • /var/lib/pgsql
  • /pg_data/mdscmp/pg_index_data
  • /pg_data/mdscmp/pg_small_data
  • /pg_data/mdscmp/pg_large_data
  • /pg_data/mdscmp/pg_archive_data
  • /pg_archivelogs

  The last two filesystems above are ideally suited to slower storage devices and do not need the cost associated with fast disk / SSD.

  RedHat administration knowledge is needed to perform the creation of filesystems.
  PostgreSQL Database Administration knowledge is needed to correctly configure, manage and maintain the database for a production system.

• The required SSL certificates have been generated.

  For more information, see SSL Certificates.

• Any security certificates required to explicitly trust a system that will be connected to from the CMP product itself, a customer specific adapter deployed with CMP, or any other process running on the server are installed in a subdirectory of the default systemwide trust store and not in the Java A widely used object-oriented programming language that is designed for use in the distributed environment of the internet. It is the most popular programming language for Android smartphone applications trust store, as the content of the Java trust store can be deleted as part of the CMP installation process.

  See Shared System Certificate Storage for more.

• For Red Hat Linux installations only:
  • The target hosts are either registered with Red Hat, which allows management of the YUM repositories via Subscription A billing entity that incurs a charge. Examples include a network attached device whose usage you want to measure and charge for, or a monthly software subscription Manager, with an active attached subscription for the YUM repositories required for each host.
  • OR, the target system has access to the hosted YUM repositories with JBoss An open-source, cross-platform Java application server developed by JBoss, a division of Red Hat Inc. JBoss AS is an open-source implementation of Java 2 Enterprise Edition (J2EE) that is used for implementing Java applications and other web-based applications and software. JBoss is an open source alternative to commercial offerings from IBM WebSphere and SAP NetWeaver. and JBoss Web Server RPM packages, in the supported versions as per Third Party Software Versions in the CMP Technical Architecture Guide: 

    • All target hosts require access to the Red Hat Enterprise Linux Server product subscription.

    • JBoss target hosts also require access to the Red Hat Enterprise Application Platform product subscription.

    • JBoss Web Server target hosts also require access to a product subscription for JBoss Web Server.

      See the note below:

Important

The deployment process relies on access to the RedHat YUM repositories (for example, jb-eap-7.2-for-rhel-7-server-rpms/jws-5-for-rhel-7-server-rpms) or their equivalents.
Access to the JBoss Enterprise Application Platform repository is only required on the server that hosts JBoss and related application components (jboss Ansible inventory group In the Customer Manager Platform hierarchy, the highest level of the structure. The group level can be used to group corporates. Groups can hold financial information. of hosts). Similarly, access to the jws repository is only required on the server that hosts JBoss Web Server and related application components (jws Ansible inventory group of hosts). Corresponding subscriptions must be active on the servers belonging to the respective Ansible inventory group.

All target hosts require access to the ‘Red Hat Enterprise Linux Server’ product subscription or equivalent hosted YUM repository.

Related Topics