Configure Genesys Web Services and Applications

Deploy Genesys Authentication

The common Authentication Service must be deployed first.

Secret Configuration for Pulling Image

You might already have you secret created.

One of the way to do it is by using the following command:

oc create secret docker-registry <credential-name> --docker-server=<docker repo> --docker-username=<username> --docker-password=<password> --docker-email=<emailid>

You have to execute the following command to map the secret to the default service account:

oc secrets link default <credential-name> --for=pull

Check the Cluster

Run the following command to get the version of the cluster:

oc get clusterversion

Create a New Project

Use the following command to create a new project:

oc new -project gws 

Enable Security Context

Use the following command to enable the security context to the default service account:

oc adm policy add-scc-to-user genesys-restricted -z default -n gws

Download GWS Helm Charts

Download the GWS helm charts from JFrog using your credentials.

Create Two API Clients

Create two API clients on Genesys Authentication using the following procedure:

curl --location --request POST '<gauth-url>/auth/v3/ops/clients' \
--header 'Content-Type: application/json' \
--user ops:ops \ ---------------------------- Cloud ops credentials (<username:password>) from values_gauth.yaml. The default value is ops:ops
--data-raw '{"data": {
 "name": "external_api_client", ----------------- <Client Name>
 "clientType": "CONFIDENTIAL",
 "refreshTokenExpirationTimeout": 43200,
 "client_id": "external_api_client", ----------------- <Client ID>
 "client_secret": "", --------------------------<Client Password>
 "authorities": ["ROLE_INTERNAL_CLIENT"],
 "scope": ["*"],
 "authorizedGrantTypes": ["client_credentials", "authorization_code", "refresh_token", "password"],
 "redirectURIs": ["https://gauth.<yourcluster.com>","https://wwe.<yourcluster.com>","https://gws.<yourcluster.com>","https://prov.<yourcluster.com>"], -----> should add gws/prov external URLS here
  "accessTokenExpirationTimeout": 43200,
  "contactCenterIds": [
  "*" ------------------ <CCID or *>
 ]     
 }
}' 
Result:
"status": {
  "code": 0
 },
 "data": {
  "clientType": "CONFIDENTIAL",
  "scope": [
   "*"
  ],
 "internalClient": false,
  "authorizedGrantTypes": [
   "refresh_token",
   "client_credentials",
   "password",
   "authorization_code",
   "urn:ietf:params:oauth:grant-type:token-exchange",
   "urn:ietf:params:oauth:grant-type:jwt-bearer"
  ],
  "authorities": [
   "ROLE_INTERNAL_CLIENT"
  ], 
  "redirectURIs": [
   "https://gauth.<yourcluster.com>",
   "https://gws.<yourcluster.com>",
   "https://prov.<yourcluster.com>",         
   ],
  "contactCenterIds": [
   "9350e2fc-a1dd-4c65-8d40-1f75a2e080dd"
  ],
  "accessTokenExpirationTimeout": 43200,
  "refreshTokenExpirationTimeout": 43200,
  "createdAt": 1619796576236,
  "name": "external_api_client",
  "client_id": "external_api_client",
  "client_secret": "secret",
  "encrypted_client_secret": "A34BOmXDedZwbTKrwmd4eA=="
 }
}  

1. API Client for gws

• name: gws-app-workspace (Note: Name should not be changed)
• client_Id: gws-app-workspace (Note: Client ID should not be changed)
• client_secret: <Your password> - default password is 'secret'

Record the 'encrypted_client_secret' as it is used to create your secret.

2. API Client for provisioning (Agent-setup)

• name: gws-app-provisioning (Note: Name should not be changed)
• client_Id: gws-app-provisioning (Note: Client ID should not be changed)
• client_secret: <secret>

Record the 'encrypted_client_secret' as it is used to create your secret.

Create Secrets

Add the following lines to the value override file to have Helm create secrets during deployment:

secrets:
 gws-consul-token: <token-from consul>
 gws-postgres-username: <gws postgres DB username>
 gws-postgres-password: <gws postgres DB password>
 ops-user: <ops user>
 ops-pass-encr: <ops password>
 agentsetup-postgres-username: <prov postgres username>
 agentsetup-postgres-password: <prov postgres password>
 gws-app-workspace-encrypted: <secret(encrypted) for gws-app-workspace client>
 gws-app-provisioning-encrypted: <secret(encrypted) for gws-app-provisioning client>

Update Parameters in values.yaml

In the values.yaml file provided by Genesys, update following parameters:

Image repo details:
 REGISTRY: <docker-repo>
Postgres:
 POSTGRES_ADDR: Postgres service DB URL
 POSTGRES_DB: Postgres DB name for gws service
 POSTGRES_USER: Postgres user to access gws DB
 POSTGRES_PASS: Postgres Password
Redis:
 REDIS_ADDR: Address of the Redis cluster
 REDIS_PORT: Redis Port
elastic:
 ELASTICSEARCH_ADDR: Elastic search service master address
 ELASTICSEARCH_PORT: Port of ES service
Authentication service configurations:
 Add/update below variables in env section of all services under 'gwsServices'
  GWS_SERVICE_AUTH_URL: http://gauth-auth.gauth.svc.cluster.local.:80 // Genesys Authentication variable - pointes to internal auth service URL from gauth namesapce, Example: http://gauth-auth.gauth.svc.cluster.local.:80
  GWS_SERVICE_ENV_URL: http://gauth-environment.gauth.svc.cluster.local.:80 // Environment variable pointes to internal environment service URL from gauth namesapce, Example: http://gauth-environment.gauth.svc.cluster.local.:80
  GWS_WORKSPACE_SERVICES_ENV: http://gauth-environment.gauth.svc.cluster.local.:80 // Environment variable - pointes to internal environment service URL from gauth namesapce, Example: http://gauth-environment.gauth.svc.cluster.local.:80
  GWS_WORKSPACE_SERVICES_AUTH: http://gauth-auth.gauth.svc.cluster.local.:80 // Genesys Authentication variable - should be pointed to internal auth service URL from gauth namesapce, Example: http://gauth-auth.gauth.svc.cluster.local.:80
  GWS_WORKSPACE_SERVICES_AUTH_FOR_REDIRECT: https://gauth.<yourclusterdomain>.com //Genesys Authentication redirect variable - pointes to external https ingress URL from gauth namesapce, Example: https://gauth.apps.<yourclusterdomain>.com

Update the Value Overrides for Agent Setup

Agent Setup is part of the GWS deployment. It needs to be configured before the GWS deployment.

From the gws-services helm charts, update the following lines in the value overrides under the gwsServices > appProvisioning > context > env section before installing GWS:

• GWS_SERVICE_AUTH_URL: Auth internal service URI from gauth namespace (for example, http://gauth-auth.gauth.svc.cluster.local.:80)
• GWS_SERVICE_ENV_URL: Environment internal service URI from gauth namespace (for example, http://gauth-environment.gauth.svc.cluster.local.:80)
• GWS_SERVICE_CONF_URL: gws internal service URI from gws namespace (for example, http://gws-service-proxy.gws.svc.cluster.local:80)
• GWS_PROVISIONING_SERVICES_AUTH_FOR_REDIRECT : External https ingress URLS from gauth service(ex: https://gauth.<yourclusterdomain.com>)
• GWS_PROVISIONING_OBJECTCACHE_POSTGRES_USER: <Postgres DB user for provisioning service>
• GWS_PROVISIONING_OBJECTCACHE_POSTGRES_PASSWORD:  <Postgres DB password for provisioning service>
• GWS_PROVISIONING_OBJECTCACHE_POSTGRES_HOST:  <Postgres DB host for provisioning>
• GWS_PROVISIONING_OBJECTCACHE_POSTGRES_PORT:  <Postgres DB Port for provisioning >

Create or Update versions.yaml

Create/update the versions.yaml file with the latest docker versions:

• gws-app-provisioning: 9.0.000.94
• gws-app-workspace: 9.0.000.89
• gws-platform-configuration: 9.0.000.77
• gws-platform-datacollector: 9.0.000.49
• gws-platform-ixn: 9.0.000.42
• gws-platform-ocs: 9.0.000.45
• gws-platform-setting: 9.0.000.52
• gws-platform-statistics: 9.0.000.60
• gws-platform-voice: 9.0.000.65
• gws-system-nginx: 9.0.000.16
• gws-ui-crmworkspace: 9.0.000.63
• gws-ui-provisioning: 9.0.000.84
• gws-ui-workspace: 9.0.000.82
• gws-platform-ucs: 9.0.000.46
• gws-platform-chat: 9.0.000.47