Configure BDS
Contents
Learn how to configure Billing Data Service (BDS).
Override Helm chart values
You can override values in the Helm charts to configure Private Edition. For more information about overriding Helm chart values, see the "suite-level" documentation about how to override Helm chart values: Overriding Helm chart values
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings in the values.yaml file, so that no user or group IDs are specified. For more details, see the Configure security section.
This page provides an overview of configuration; detailed steps appear on the Provision BDS and Deploy BDS pages.
The following table lists values you can override for BDS:
Parameter | Description | Default value | Valid values | Notes | ||
---|---|---|---|---|---|---|
tenantName | Name of Tenant | "" | lower case string | |||
podLabels.app | Label | bus | string | |||
podLabels.name | Labels | bds | string | |||
nameSpace | Namespace where BDS is deployed | bds | string | Leave blank if not used | ||
bdsApp.deployment.job.schedule | Cronjob schedule | "0 3,15 * * *" | Cronjob schedule format | |||
bdsApp.image.registry | Image registry name | {} | string | |||
bdsApp.image.repository | Image repository name | cloudbilling/ | string | |||
bdsApp.image.tag | Image tag | "" | string | |||
bdsApp.image.pullPolicy | Image pull Policy | IfNotPresent | Policy | |||
bdsApp.image.pullSecrets.name | Secrets for docker registry | "" | string | Leave blank if not used | ||
bdsApp.container.env.pgValue | Prometheus Push Gateway URL. Set to empty string if Push Gateway is not available. | "http://prometheus-pushgateway.monitoring.svc.cluster.local:9091/metrics" | URL | |||
bdsApp.container.env.modeValue | BDS mode type | MULTICLOUD | string | change to MULTICLOUD_PE | ||
bdsApp.volumes.pvc.claim | PVC used to mount file share | {} | string | |||
bdsApp.config.name | Name of the config map | bds-config | string | |||
bdsApp.gvars.name | Name of the config map | bds-config | string | |||
bdsApp.secrets.gvp.secretName | GVP shared secret name | shared-secret-gvp | string or null | Leave blank if not used | ||
bdsApp.secrets.gvp.volumes.ProviderClassName | Populate if CSI is used | "" | Leave blank if not used | |||
bdsApp.secrets.gvp.volumes.driver | Populate if CSI is used | "" | Leave blank if not used | |||
bdsApp.secrets.gim.secretName | GIM shared secret name | shared-gim-db-t | string or null | Leave blank if not used | ||
bdsApp.secrets.gim.volumes.tenantID | Tenant ID is used as part of secret name | "" | string | |||
bdsApp.secrets.gim.volumes.ProviderClassName | Populate if CSI is used | "" | string or null | Leave blank if not used | ||
bdsApp.secrets.gim.volumes.driver | Populate if CSI is used | "" | string or null | Leave blank if not used | ||
bdsApp.secrets.consul.secretName | Consul shared secret name | shared-consul-consul-bds-token | string or null | Leave blank if not used | ||
bdsApp.secrets.consul.volumes.ProviderClassName | Populate if CSI is used | "" | string or null | Leave blank if not used | ||
bdsApp.secrets.consul.volumes.driver | Populate if CSI is used | "" | string or null | Leave blank if not used | ||
bdsApp.secrets.gws.secretName | GWS shared secret name | "" | string or null | Leave blank if not used | ||
bdsApp.secrets.gws.mount.name | GWS secret mount name | "" | string or null | Mandatory if GWS shared secret used | ||
bdsApp.secrets.manual.secretName | Manual secrets | "" | string | Mandatory | ||
bdsApp.resources.limits.cpu | Maximum CPU count | 2 | integer | |||
bdsApp.resources.limits.memory | Maximum Memory volume | 4Gi | ||||
bdsApp.resources.requests.cpu | Guaranteed amount of CPU | 0.25 | percent / 100 | |||
bdsApp.resources.requests.memory | Guaranteed amount of memory | 1Gi | ||||
bdsApp.priorityClassName | "" | Leave blank if not used | ||||
bdsApp.nodeSelector | "" | Leave blank if not used | ||||
bdsApp.monitoring.enabled | Turn on/off monitoring | "false" | "false" / "true" | |||
bdsApp.secrets.gim.mounts.name | Name of the volume mount for GIM secrets, if stored as volume. | shared-secret-gim | string | Must be set to "" or null if manual secrets are used. | ||
bdsApp.secrets.gvp.mounts.name | Name of the volume mount for GVP secrets, if stored as volume. | shared-secret-gvp | string | Must be set to "" or null if manual secrets are used. | ||
bdsApp.secrets.consul.mounts.name | Name of the volume mount for Consul secrets, if stored as volume. | shared-secret-consul | string | Must be set to "" or null if manual secrets are used. | ||
BDS_OVERRIDE_CFG_FILE | The full path and file name of the configuration file. Genesys recommends that you always store the configuration file in a folder that is mapped to the deployment host folder. | /genesys/etc/config.json | string | |||
BDS_OVERRIDE_ORA_CFG_FILE | The full path and file name of the Oracle Net Services profile configuration file (sqlnet.ora). | string or null | If null, BDS uses the default connection property to connect to the Oracle database. If sqlnet.ora exists, then the default path is /genesys/data/sqlnet.ora | |||
BDS_OVERRIDE_OVERWRITE | Allows or denies overwriting of files that were previously generated in the SFTP folder. | False | False/True | |||
BDS_OVERRIDE_VERIFY_SFTP_FILE | Verifies whether the SFTP folder contains any output files. | False | False/True | |||
BDS_OVERRIDE_RAISE_ERROR_DC_ALIASES | configure how BDS handles scenarios where BDS uses a location's dc_aliases list to process a metric, and the list includes a dataset containing a value that is not defined in any tenant location.
|
False | False/True | |||
BDS_OVERRIDE_TMP_FOLDER | A folder where BDS temporarily stores intermediate processing results within the Docker container. | /tmp | string | |||
BDS_OVERRIDE_LOG_LEVEL | This value controls how BDS filters information placed in the log file. Valid values: CRITICAL, ERROR, WARNING, INFO, and DEBUG. Genesys recommends that you set the log level to DEBUG, at least initially, to facilitate initial setup and troubleshooting. | DEBUG | string | |||
BDS_OVERRIDE_SHOW_EXECUTION_PLAN | Enable or disable whether the execution plan of a statement can be printed in the execution plan directory. | False | False/True | |||
BDS_OVERRIDE_EXECUTION_PLAN_DIR | A folder where BDS prints the execution plan of a statement within the Docker container. | /genesys/log/execution_plan | string | |||
BDS_OVERRIDE_CRYPTO_KEY_PATH | The folder where BDS stores the encryption tokens and keys used to decrypt and encrypt passwords. | /genesys/etc/crypto/key | string | |||
BDS_OVERRIDE_LOCAL_DIR_FOR_TOKENS | A folder to manage the encryption key tokens within the Docker container. | /genesys/etc/tokens | string | |||
BDS_OVERRIDE_LOCAL_DIR_PRESHARED_KEY | A folder to manage the preshared keys within the Docker container. | /genesys/etc/preshared_keys | string | |||
BDS_OVERRIDE_DETAILED_REPORT_DIR | A folder where BDS generates the detailed reports such as Concurrent seats report, Named usage report, and GVP reports within the Docker container. | /genesys/data/reports | string | |||
BDS_OVERRIDE_DB_REQUEST_TIMEOUT | Configure the timeout period (in hours) for database connections and requests. Applicable only to PostgreSQL and FreeTDS connections to their databases. | 7200 | integer | |||
BDS_OVERRIDE_ANONYMIZER_SALT | Anonymizes the extracted data that contains Personally Identifiable Information (PII) such as name, email ID, and so on, by applying the salt-hashing algorithm. In cryptography, salt is random data that is used as another input to a one-way function that hashes data, a password or passphrase. You can either create random data by yourself or use the same value as given in the example. Note: Genesys doesn't recommend modifying the random data once it's configured and deployed. | e6858808-9af7-11ec-b909-0242ac120002 | integer | |||
BDS_OVERRIDE_MAX_THREADS | Specify the maximum number of threads that can run in a single cronjob activity. | 0 | integer | The default value 0 implies single thread. | ||
BDS_OVERRIDE_MULTICLOUD_EXTRACT_IVR_FILTER | When enabled, extracts records based on ivr_usage_profiles. | False | False/True | |||
DR_location (use with caution) | Specify the disaster location in this variable. Warning: Include this variable in the values.yaml file only during emergency or disaster situation in the affected location. Ensure that you remove this variable from the values.yaml file when situations return to normalcy. | Not applicable |
NOTE: Do not override values other than the parameters mentioned in the preceding table; doing so could cause deployment to fail.
Configure Kubernetes
Configs Layout
Tenant configuration is stored in ConfigMap. Contains BDS configurations files:
data:
config-<tenant_name>.json: {}
Layout of Secrets:
Shared Secrets:
Create secrets manually using the instructions in Create Secrets.
Genesys Info Mart — Example of GIM configuration section:
"gimdb": {
"db_type": "postgre",
"driver_name": "PostgreSQL",
"server": "BDS_CFG_GLOBALS_GIM_DB_HOST_PLACEHOLDER",
"port": 5432,
"database": "BDS_CFG_GLOBALS_GIM_DB_NAME_PLACEHOLDER",
"username": "BDS_CFG_GLOBALS_GIM_DB_USR_PLACEHOLDER",
"password": "BDS_CFG_GLOBALS_GIM_DB_PSW_PLACEHOLDER"
}
Install the following PLACEHOLDERs with values as secrets:
BDS_CFG_GLOBALS_GIM_DB_USR_PLACEHOLDER
BDS_CFG_GLOBALS_GIM_DB_PSW_PLACEHOLDER
BDS_CFG_GLOBALS_GIM_DB_HOST_PLACEHOLDER
BDS_CFG_GLOBALS_GIM_DB_NAME_PLACEHOLDER
GVP — Example of GVP configuration section :
"gvp": {
"gvp_primary_rs_name": "GVP",
"db_type": "sql_server",
"driver_name": "FreeTDS",
"server": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_HOST_PLACEHOLDER",
"port": 1433,
"database": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_NAME_PLACEHOLDER",
"username": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_USR_PLACEHOLDER",
"password": "BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_PSW_PLACEHOLDER"
}
Install the following PLACEHOLDERs with values as secrets:
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_USR_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_PSW_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_HOST_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_PL_WESTUS2_NAME_PLACEHOLDER
Consul — Example of Consul configuration section :
"consul": {
"token": "BDS_CFG_CONSUL_TOKEN_PLACEHOLDER",
"url_api": "BDS_CFG_CONSUL_URL_API_PLACEHOLDER"
}
For example: https://consul.genesys.svc.cluster.local:8501/v1/kv
Install the following PLACEHOLDERs with values as secrets:
BDS_CFG_CONSUL_TOKEN_PLACEHOLDER
Manual secrets:
Secrets created manually. Values pulled from shared key-vault or added manually.
Assigned to POD as environment variables.
GWS
Client ID and Secret to access AUTH service.
Values assigned manually.
BDS_CFG_BDS_DEV_GWS_CLIENTID_PLACEHOLDER
BDS_CFG_BDS_DEV_GWS_CLIENT_SECRET_PLACEHOLDER
Configuration example:
"gws": {
"host": "BDS_CFG_GWS_HOST_PLACEHOLDER",
"auth_host": "BDS_CFG_GWS_AUTH_HOST_PLACEHOLDER",
"grant_type": "client_credentials",
"client_id": "BDS_CFG_GLOBALS_GWS_USR_PLACEHOLDER",
"client_secret": "BDS_CFG_GLOBALS_GWS_PSW_PLACEHOLDER"
}
SFTP
BDS automatically uploads the resulting output files at the end of job runs, to the SFTP server. You can configure the SFTP server details in the loader_sftp
section.
An example SFTP configuration section is as follows. In the example, the values for hostname and hostkey corresponds to the Genesys SFTP server. You can use the same values to configure the Genesys SFTP server for uploading BDS files.
"loader_sftp": {
"hostname": "BDS_CFG_SFTP_HOST_PLACEHOLDER",
"hostkey": "ssh-rsa SHA256:gT7Aa37+yTnd6mwv6Nl01E44u2o2TYxlL/iPgA2T2wc",
"path": "BDS_CFG_SFTP_PATH_PLACEHOLDER",
"username": "BDS_CFG_LEGACY_GLOBALS_SFTP_USR_PLACEHOLDER",
"password": "BDS_CFG_LEGACY_GLOBALS_SFTP_PSW_PLACEHOLDER"
}
GVP
Manually obtained GVP secrets to get BD DB access from secondary region (used if secondary region exists).
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_USR_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_PSW_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_HOST_PLACEHOLDER
BDS_CFG_GLOBALS_GVP_DB_WESTUS2_NAME_PLACEHOLDER
Configure security
Example of SFTP configuration section:
"loader_sftp": {
"hostname": "BDS_CFG_SFTP_HOST_PLACEHOLDER",
"hostkey": "ssh-rsa SHA256:gT7Aa37+yTnd6mwv6Nl01E44u2o2TYxlL/iPgA2T2wc",
"path": "BDS_CFG_SFTP_PATH_PLACEHOLDER",
"username": "BDS_CFG_LEGACY_GLOBALS_SFTP_USR_PLACEHOLDER",
"password": "BDS_CFG_LEGACY_GLOBALS_SFTP_PSW_PLACEHOLDER"
}
Pod security policy:
By default, BDS defines a user/group for running the process in the POD, as follows:
securityContext:
# Containers should run as genesys user and cannot use elevated permissions
runAsNonRoot: true
runAsUser: 500
runAsGroup: 500
fsGroup: 500
If you want to use arbitrary UIDs in your OpenShift deployment, you must override the securityContext settings as shown in the following code, so that you do not define any specific IDs.
securityContext:
runAsNonRoot: true
runAsGroup: null
runAsUser: null
fsGroup: null