diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/README.md b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/README.md index b9a259102..e6fbc8ee8 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/README.md +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/README.md @@ -2,7 +2,13 @@ A number of sample scripts have been developed which allow you to deploy Oracle Identity and Access Management on Kubernetes. These scripts are provided as samples for you to use to develop your own applications. -You must ensure that you are using the April 2021 or later release of Identity and Access Management for this utility to work. +You must ensure that you are using the July 2022 or later release of Identity and Access Management for this utility to work. + +The scripts can be run from any host which has access to your Kubernetes cluster. + +If you wish the scripts to automatically copy files to your Oracle HTTP Servers then you must have passwordless ssh set up from the deployment host to each of your webhosts. + +If you are deploying Oracle Advanced Authentication then you must have passwordless ssh set up from the deployment host to one of your database nodes. In addition for the duration of the deployment your OAA database service must only be running on this database host. ## Obtaining the Scripts @@ -25,6 +31,8 @@ Move these template scripts to your working directory. For example: ``` cp -R kubernetes/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/* /workdir/scripts ``` + +If you are provisioning Oracle Identity Governance you must also Download the Oracle connector Bundle for OUD and extract it to a location which is accessible by the provisioning scripts. For example, /workdir/connectors/OID-12.2.1.3.0. The connector directory name must start with OID-12.2.1. ## Scope This section lists the actions that the scripts perform as part of the deployment process. It also lists the tasks the scripts do not perform. @@ -35,7 +43,8 @@ The scripts will deploy Oracle Unified Directory (OUD), Oracle Access Manager (O The scripts perform the following actions: -* Create an Ingress controller as described in [Creating the Ingress Controller](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-ingress-controller.html). +* Create an Ingress controller as described in [Creating the Ingress Controller](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-ingress-controller.html). +* Create an Elastic Search deployment as described in [Installing the Monitoring and Visualization Software](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-monitoring-and-visualisation-software.html#GUID-25AB6AAF-50CD-4E5B-9C39-91C2B0487348). * Create any number of OUD instances as described in [Configuring Oracle Unified Directory](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-unified-directory.html). * Extend OUD with OAM object classes as described in [Creating the Schema Extensions File](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-unified-directory.html#GUID-C064336F-E112-4F8A-AF32-3CC9E9D363DC). * Seed the directory with users and groups required by Oracle Identity and Access Management as described in [Creating the Seeding File](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-unified-directory.html#GUID-71732A8A-6353-41EF-AA58-CDE65D95B17A). @@ -65,7 +74,8 @@ The scripts perform the following actions: * Configure SSO integration in the Governance domain [Configuring SSO Integration in the Governance Domain](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-identity-governance.html#GUID-323F65C5-3BE9-4D64-AE87-96E589F8B2B7). * Enable OAM Notifications as described in [Enabling OAM Notifications](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-identity-governance.html#GUID-010C785C-0F08-44DE-9D96-4A88F28E202C). * Update the Match Attribute as described in [Updating the Value of MatchLDAPAttribute in oam-config.xml](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-identity-governance.html#GUID-76DA4F90-F680-435A-A7D4-C257A7D366B3). -* Update the TAP Endpoint as described in [Updating the TapEndpoint URL](https://docs-uat.us.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-identity-governance.html#GUID-68065DA4-E2D3-479C-8A2B-AD19EDE290B7). +* Update the TAP Endpoint as described in [Updating the TapEndpoint URL](https://docs-uat.us.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-identity-governance.html#GUID-68065DA4-E2D3-479C-8A2B-AD19EDE290B7). +* Copy the WebGate artifacts to Oracle HTTP Server, if desired. * Run Reconciliation Jobs as described in [Running the Reconciliation Jobs](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-identity-governance.html#GUID-B44989D1-1E86-4EF3-BCBD-A490113E4BB8). * Configure Oracle Unified Messaging with Email/SMS server details as described in [Managing the Notification Service](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-identity-governance.html#GUID-89B15DCA-B712-4415-BAC2-E42728CA22BA). * Enable Design Console access as described in [Enabling Design Console Access](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-identity-governance.html#GUID-4F460034-1129-41FD-B8BC-5F78742C3D24). @@ -83,24 +93,26 @@ The scripts perform the following actions: * Create OAA Test User as described in [Creating a Test User](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-advanced-authentication-oaa.html#GUID-10B461F2-C309-4273-936A-35387EF7332C). * Integrate OAA with Unified Messaging Service as described in [Configuring Email/SMS Servers](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-advanced-authentication-oaa.html#GUID-2020B622-4AAB-485E-8965-1BF071B32B48). * Integrate OAA with OAM as described in [Integrating Oracle Advanced Authentication with Oracle Access Manager](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-advanced-authentication-oaa.html#GUID-D4FE27D2-6441-4C27-B720-79396A898C8F). +* Optionally Send OUD, OUDSM, OAM and OIG logfiles to Elastic Search ### What the Scripts Will Not Do While the scripts perform the majority of the deployment, they do not perform the following tasks: * Deploy Container Runtime Environment, Kubernetes, or Helm. -* Install a database or Oracle HTTP Server. +* Install a database or Oracle HTTP Server. +* Deploy Oracle Webgate. * Configure load balancer. * Download the container images for these products. -* Copy the WebGate artifacts to Oracle HTTP Server. * Tune the WebLogic Server. * Configure OAM One Time Pin (OTP) forgotten password functionality * Configure OIM workflow notifications to be sent by email. * Set up OIM challenge questions. * Provision Business Intelligence Publisher (BIP). -* Set up the links to the Oracle BI Publisher environment. However, the scripts will not deploy reports into the environment. +* Set up the links to the Oracle BI Publisher environment. However, the scripts will deploy reports into the environment. * Enable BI certification reports in OIG as described in [Enable Certification Reports](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-and-configuring-oracle-identity-governance.html#GUID-7DBE7D6E-3F62-45F9-8063-398128D6B462). - +* Send Oracle HTTP Server log files to Elastic Search. +* Send Oracle Database Audit log files to Elastic Search. ## Key Concepts of the Scripts @@ -119,15 +131,15 @@ Before you get started, you should edit the `common/functions.sh` file and set t ## Creating a Response File -A sample response file is created for you in the `responsefile` directory. You can edit this file either directly or by running the shell script `start_here.sh` in the script's home directory. +Sample response and password files are created for you in the `responsefile` directory. You can edit these files either directly or by running the shell script `start_here.sh` in the script's home directory. For example ``` -./start\_here.sh +./start_here.sh ``` -You can run the above script as many times as you like on the same file. Pressing the Enter key on any response retains the existing value in the file and creates `idm.rsp` in the `responsefile` directory. +You can run the above script as many times as you like on the same file. Pressing the Enter key on any response retains the existing value in the file and creates `idm.rsp` and `.idmpwds`in the `responsefile` directory. > Note: > * The file consists of key/value pairs. There should be no spaces between the name of the key and its value. For example: @@ -140,7 +152,7 @@ Run the `prereqchecks.sh` script, which exists in the script's home directory, t The script performs several checks such as (but not limited to) the following: -* Ensures that the Docker images are available on each node. +* Ensures that the Container images are available on each node. * Checks that the NFS file shares have been created. * Ensures that the Load balancers are reachable. @@ -151,7 +163,8 @@ There are a number of provisioning scripts located in the script directory: | **File** | **Purpose** | | --- | --- | |provision.sh | Umbrella script that invokes each of the scripts (which can be invoked manually) mentioned in the following rows.| -|provision_ingress.sh| Deploys an Ingress controller. +|provision_ingress.sh| Deploys an Ingress controller. | +|provision_elk.sh| Deploys Elastic Search and Kibana. | |provision_oud.sh | Deploys Oracle Unified Directory. | |provision_oudsm.sh | Deploys Oracle Unified Directory Services Manager. | |provision_operator.sh| Deploys WebLogic Operator.| @@ -179,7 +192,7 @@ You should also keep any override files that are generated. ## After Installation/Configuration As part of running the scripts, a number of working files are created in the `WORKDIR` directory prior to copying to the persistent volume in `/u01/user_projects/workdir`. Many of these files contain passwords required for the setup. You should archive these files after completing the deployment. -The response file also has passwords which should be protected. +The responsfile uses a hidden file in the responsefile directory to store passwords. ## Oracle HTTP Server Configuration Files @@ -201,7 +214,8 @@ These parameters determine which products the deployment scripts attempt to depl | **Parameter** | **Sample Value** | **Comments** | | --- | --- | --- | -| **INSTALL\_INGRESS** | `true` | Set to `true` to configure an Ingress controller. +| **INSTALL\_INGRESS** | `true` | Set to `true` to configure an Ingress controller. | +| **INSTALL\_ELK** | `false` | Set to `true` to deploy and configure an Elastic Search and Kibana. | | **INSTALL\_OUDSM** | `true` | Set to `true` to configure OUDSM. | | **INSTALL\_OUD** | `true` | Set to `true` to configure OUD. | | **INSTALL\_WLSOPER** | `true` | Set to `true` to deploy Oracle WebLogic Operator. | @@ -279,7 +293,7 @@ These generic parameters apply to all deployments. | **Parameter** | **Sample Value** | **Comments** | | --- | --- | --- | |**PVSERVER** | `nfsserver.example.com` | The name or IP address of the NFS server used for persistent volumes. **Note**: If you use a name, then the name must be resolvable inside the Kubernetes cluster. If it is not resolvable, you can add it by updating CoreDNS. See [Adding Individual Host Entries to CoreDNS](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/preparing-premises-enterprise-deployment.html#GUID-CC0AE601-6D0A-4000-A8CE-F83D2E1F836E). -|**IAM\_PVS** | `/export/IAMPVS` | The IAMPV mount path in the NFS.| +|**IAM\_PVS** | `/export/IAMPVS` | The export path on the NFS where persistent volumes are located.| |**PV\_MOUNT** | `/u01/oracle/user_projects` | The path to mount the PV inside the Kubernetes container. Oracle recommends you to not change this value.| ### Ingress Parameters @@ -294,7 +308,33 @@ These parameters determine how the Ingress controller is deployed. |**INGRESS\_SSL** |`false`| Set to `true` if you want to configure the Ingress controller for SSL.| |**INGRESS\_DOMAIN** |`example.com`| Used when creating self-signed certificates for the Ingress controller.| |**INGRESS\_REPLICAS** |`2`| The number of Ingress controller replicas to start with. This value should be a minimum of two for high availability.| + +### Elastic Search Parameters +These parameters determine how to send log files to Elastic Search. + +| **Parameter** | **Sample Value** | **Comments** | +| --- | --- | --- | +|**USE\_ELK** |`false`| Set to `true` if you wish to send logfiles to Elastic Search| +|**ELKNS** |`elkns`| The Kubernetes namespace used to hold the Elastic Search objects.| +|**ELK\_VER** |`8.3.1`| The version of Elastic Search/Logstash to use.| +|**ELK\_HOST** |`https://elasticsearch-es-http..svc:9200`| The address of the elastic search server to send log files to. If you are using ELK inside a Kubernetes cluster then specify the address as in the example. If you are using an Elastic Search outside of the Kubernetes cluster then specify the external address. The host name specified must be resolvable inside the Kubernetes cluster.| +|**ELK\_SHARE** | `/export/IAMPVS/elkpv` | Mount point on NFS where ELK persistent volume is exported.| +|**ELK\_STORAGE** | `nfs-client` | The storage class to use for Elastic Search Stateful Sets.| + +### Oracle HTTP Server Parameters +These parameters are specific to OHS. These parameters are used to construct the Oracle HTTP Server configuration files. +| **Parameter** | **Sample Value** | **Comments** | +| --- | --- | --- | +|**OHS\_HOST1** |`webhost1.example.com`| The fully qualified name of the host running the first Oracle HTTP Server| +|**OHS\_HOST2** |`webhost2.example.com`| The fully qualified name of the host running the second Oracle HTTP Server, leave blank if you do not have a second Oracle HTTP Server.| +|**OHS\_PORT** |`7777`| The port your Oracle HTTP Servers listen on.| +|**OHS\_ORACLE\_HOME** |`/u02/private/oracle/products/ohs`| The location of your OHS binaries| +|**OHS\_DOMAIN** |`/u02/private/oracle/config/domains/ohsDomain`| The location of your OHS domain| +|**OHS1\_NAME** |`ohs1`| The component name of your first OHS instance| +|**OHS2\_NAME** |`ohs1`| The component name of your second OHS instance| +|**UPDATE\_OHS** |`true`| Set this to true if you wish the scripts to automatically copy the generated OHS configuration files. Once copied the Oracle HTTP server will be restarted.| +|**COPY_WG_FILES** |`true`| Set this to true if you wish the scripts to automatically copy the generated Webgate Artifacts to your OHS Server. Note: You must first have deployed your Webgate.| ### OUD Parameters These parameters are specific to OUD. When deploying OUD, you also require the generic LDAP parameters. @@ -302,8 +342,8 @@ These parameters are specific to OUD. When deploying OUD, you also require the g | **Parameter** | **Sample Value** | **Comments** | | --- | --- | --- | |**OUDNS** | `oudns` | The Kubernetes namespace used to hold the OUD objects.| -|**OUD\_SHARE** | `/export/IAMPVS/OUDPV` | Mount point on NFS where OUD persistent volume will be mounted.| -|**OUD\_CONFIG\_SHARE** | `/export/IAMPVS/OUDCONFIGPV`| The mount point on NFS where OUD Configuration persistent volume will be mounted.| +|**OUD\_SHARE** | `$IAM_PVS/oudpv` | Mount point on NFS where OUD persistent volume is exported.| +|**OUD\_CONFIG\_SHARE** | `$IAM_PVS/oudconfigpv`| The mount point on NFS where OUD Configuration persistent volume is exported.| |**OUD\_LOCAL\_SHARE** | `/nfs_volumes/oudconfigpv` | The local directory where **OUD\_CONFIG\_SHARE** is mounted. Used to hold seed files.| |**OUD\_LOCAL\_PVSHARE** | `/nfs_volumes/oudpv`| The local directory where **OUD_SHARE** is mounted. Used for deletion.| |**OUD\_POD\_PREFIX** | `edg`| The prefix used for the OUD pods.| @@ -320,7 +360,7 @@ List of parameters used to determine how Oracle Directory Services Manager will | --- | --- | --- | |**OUDSM\_USER** | `weblogic` | The name of the administration user you want to use for the WebLogic domain that is created when you install OUDSM.| |**OUDSM\_PWD** | *``* | The password you want to use for **OUDSM_USER**.| -|**OUDSM\_SHARE** | `/export/IAMPVS/OUDSMPV` | The mount path inside of the NFS for use as the OUDSM persistent volume.| +|**OUDSM\_SHARE** | `$IAM_PVS/OUDSMPV` | The mount point on NFS where OUDSM persistent volume is exported.| |**OUDSM\_LOCAL\_SHARE** | `/nfs_volumes/oudsmpv` | The local directory where **OUDSM\_SHARE** is mounted. It is used by the deletion procedure.| |**OUDSM\_INGRESS\_HOST** | `oudsm.example.com` | Used when you are using an Ingress controller. This name must resolve in DNS and point to one of the Kubernetes worker nodes or to the network load balancer entry for the Kubernetes workers.| @@ -373,7 +413,7 @@ These parameters determine how OAM is deployed and configured. | **Parameter** | **Sample Value** | **Comments** | | --- | --- | --- | |**OAMNS** | `oamns` | The Kubernetes namespace used to hold the OAM objects.| -|**OAM\_SHARE** | `/export/IAMPVS/OAMPV` | The mount path inside of the NFS for use as the OAM persistent volume.| +|**OAM\_SHARE** | `$IAM_PVS/oampv` | The mount point on NFS where OAM persistent volume is exported.| |**OAMNS** | `oamns` | The Kubernetes namespace used to hold the OAM objects.| |**OAM\_LOCAL\_SHARE** | `/nfs_volumes/oampv` | The local directory where **OAM_SHARE** is mounted. It is used by the deletion procedure.| |**OAM\_SERVER\_COUNT** | `5` | The number of OAM servers to configure. This value should be more than you expect to use.| @@ -405,7 +445,7 @@ These parameters determine how OIG is provisioned and configured. | --- | --- | --- | |**OIGNS** | `oigns` | The Kubernetes namespace used to hold the OIG objects.| |**CONNECTOR\_DIR** | `/workdir/OIG/connectors/` | The location on the file system where you have downloaded and extracted the OUD connector bundle.| -|**OIG\_SHARE** | `/export/IAMPVS/OIGPV` |The mount path inside of the NFS for use as the OIG persistent volume.| +|**OIG\_SHARE** | `$IAM_PVS/oigpv` | The mount point on NFS where OIG persistent volume is exported.| |**OIG\_LOCAL\_SHARE** | `/local_volumes/oigpv` |The local directory where **OIG\_SHARE** is mounted. It is used by the deletion procedure.| |**OIG\_SERVER\_COUNT** | `5` | The number of OIM/SOA servers to configure. This value should be more than you expect to use.| |**OIG\_SERVER\_INITIAL** | `2` | The number of OIM/SOA Managed Servers you want to start for normal running. You will need at least two servers for high availability.| @@ -454,13 +494,13 @@ These parameters determine how OIRI is provisioned and configured. |**OIRI\_REPLICAS** | `noreplies@example.com` | The number of OIRI servers to start the deployment.| |**OIRI\_UI\_REPLICAS** | `2` | The number of OIRI UI Servers to start the deployment.| |**OIRI\_SPARK\_REPLICAS** | `2` | The number of OIRI UI servers to start the deployment.| -|**OIRI\_SHARE** |`/export/IAMPVS/oiripv`| The mount path inside of your NFS for use as your OIRI persistent volume.| +|**OIRI\_SHARE** |`$IAM_PVS/oiripv`| The mount point on NFS where OIRI persistent volume is exported.| |**OIRI\_LOCAL\_SHARE** |`/nfs_volumes/oiripv`| The local directory where **OIRI\_SHARE** is mounted. It is used by the deletion procedure.| |**OIRI\_SHARE\_SIZE** |`10Gi`| The size of the OIRI persistent volume.| -|**OIRI\_DING\_SHARE** |`/export/IAMPVS/dingpv`| The mount path inside of the NFS for use as the OIRI DING persistent volume.| +|**OIRI\_DING\_SHARE** |`$IAM_PVS/dingpv`| The mount point on NFS where OIRI DING persistent volume is exported.| |**OIRI\_DING\_LOCAL\_SHARE** |`/nfs_volumes/dingpv`| The local directory where **OIRI\_DING\_SHARE** is mounted. It is used by the deletion procedure.| |**OIRI\_DING\_SHARE\_SIZE** |`10Gi`| The size of the OIRI DING persistent volume.| -|**OIRI\_WORK\_SHARE** |`/export/IAMPVS/workpv`| The mount path inside of the NFS for use as the OIRI work persistent volume.| +|**OIRI\_WORK\_SHARE** |`$IAM_PVS/workpv`| The mount point on NFS where OIRI work persistent volume is exported.| |**OIRI\_DB\_SCAN** |`dbscan.example.com`| The database SCAN address of the grid infrastructure.| |**OIRI\_DB\_LISTENER** |`1521`| The database listener port.| |**OIRI\_DB\_SERVICE** |`edgoiri.example.com`| The database service which connects to the database you want to use for storing the OIRI schemas.| @@ -479,18 +519,6 @@ These parameters determine how OIRI is provisioned and configured. |**OIRI\_LOAD\_DATA** |`true`| Set to `true` if you want to load data from the OIG database.| -### OCI Vault Parameters - -| **Parameter** | **Sample Value** | **Comments** | -| --- | --- | --- | -|**OAA\_OCI\_OPER** | - | To obtain this value, encode the value of the API key that you downloaded at the time of creating the vault. See [Creating a Vault](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/preparing-oracle-cloud-infrastructure-enterprise-deployment.html).| -|**OAA\_OCI\_TENANT** |-| To obtain this value, log in to the OCI console, navigate to **Profile** and click **Tenancy**. Use the **OCID** value.| -|**OAA\_OCI\_USER** |-| To obtain this value, log in to the OCI console, navigate to **Profile** and click **Username**. Use the **OCID** value. | -|**OAA\_OCI\_FP** |-| To obtain this value, log in to the OCI console, navigate to **Profiles**, select **User Settings**, and then click **API Keys**. Use the value of the fingerprint for the API Key you created earlier. See [Creating a Vault](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/preparing-oracle-cloud-infrastructure-enterprise-deployment.html).| -|**OAA\_OCI\_COMPARTMENT** |-| To obtain this value, log in to the OCI console, navigate to **Identity and Security** and click **Compartments**. Select the compartment in which you created the vault and use the **OCID** value.| -|**OAA\_OCI\_VAULT_ID** |-| To obtain this value, log in to the OCI console, navigate to **Identity and Security** and select **Vault**. Select the vault you created earlier. See [Creating a Vault](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/preparing-oracle-cloud-infrastructure-enterprise-deployment.html). Use the **OCID** value.| -|**OAA\_OCI\_KEY** |-| To obtain this value, log in to the OCI console, navigate to **Identity and Security**, select **Vault**, and then click the vault you created earlier. See [Creating a Vault](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/preparing-oracle-cloud-infrastructure-enterprise-deployment.html). Click the key you created earlier. For example, `vaultkey`. Use the **OCID** value.| - ### OAA Parameters These parameters determine how OAA is provisioned and configured. @@ -503,14 +531,13 @@ These parameters determine how OAA is provisioned and configured. |**OAA\_DOMAIN** |`OAADomain`| The name of the OAM OAuth domain you want to create.| |**OAA\_VAULT\_TYPE** |`file|oci`| The type of vault to use: file system or OCI.| |**OAA\_CREATE\_OHS** |`true`| Set to `false` if you are installing OAA standalone front ended by Ingress. | -|**OAA\_CONFIG\_SHARE** |`/export/IAMPVS/oaaconfigpv`| The NFS volume mount point where config data resides.| -|**OAA\_CRED\_SHARE** |`/export/IAMPVS/oaacredpv`| The NFS volume mount point where credentials are stored.| -|**OAA\_LOG\_SHARE** |`/export/IAMPVS/oaalogpv`| The NFS volume mount point where log files are stored.| +|**OAA\_CONFIG\_SHARE** |`$IAM_PVS/oaaconfigpv`| The mount point on NFS where OAA config persistent volume is exported..| +|**OAA\_CRED\_SHARE** |`$IAM_PVS/oaacredpv`| The mount point on NFS where OAA credentials persistent volume is exported..| +|**OAA\_LOG\_SHARE** |`$IAM_PVS/oaalogpv`| The mount point on NFS where OAA logfiles persistent volume is exported..| |**OAA\_LOCAL\_CONFIG\_SHARE** |`/nfs_volumes/oaaconfigpv`| The local directory where **OAA\_CONFIG\_SHARE** is mounted. It is used by the deletion procedure. | |**OAA\_LOCAL\_CRED\_SHARE** |`/nfs_volumes/oaacredpv`| The local directory where **OAA\_CRED\_SHARE** is mounted. It is used by the deletion procedure.| |**OAA\_LOCAL\_LOG_SHARE** |`/nfs_volumes/oaalogpv`| The local directory where **OAA\_LOG\_SHARE** is mounted. It is used by the deletion procedure. | -|**OAA\_VAULT\_SHARE** |`/export/IAMPVS/oaavaultpv`| If using a file system vault, this is the NFS volume mount where the vault files will be stored.| -|**OAA\_LOCAL\_VAULT\_SHARE** |`/nfs_volumes/oaavaultpv`| The local directory where **OAA\_VAULT\_SHARE** is mounted. It is used by the deletion procedure. | + |**OAA\_DB\_SCAN** |`dbscan.example.com`| The database SCAN address of the grid infrastructure.| |**OAA\_DB\_LISTENER** |`1521`| The database listener port.| |**OAA\_DB\_SERVICE** |`edgoaa.example.com`| The database service which connects to the database you want to use for storing the OAA schemas.| @@ -522,7 +549,7 @@ These parameters determine how OAA is provisioned and configured. |**OAA\_DB\_HOME** |`/u01/app/oracle/product/19.0.0.0/dbhome_1 `| The database home directory on the database server.| |**OAA\_DB\_SID** |`iamdb11`| The SID of the database on the database server.| -#### OAA Users/Groups +#### OAA Users/Groups/Passwords | **Users/Groups** | **Example** | **Description** | | --- | --- | --- | @@ -535,8 +562,28 @@ These parameters determine how OAA is provisioned and configured. |**OAA\_API\_PWD** |`oaapassword`| The password to be used for OAA API interactions.| |**OAA\_POLICY\_PWD** |`oaapassword`| The password to be used for OAA policy interactions.| |**OAA\_FACT\_PWD** |`oaapassword`| The password to be used for OAA keystores for factor interactions.| -|**OAA\_VAULT\_PWD** |`oaapassword`| The password to use for file-based vault.| + +#### OAA Filesystem Vault Parameters + +| **Parameter** | **Sample Value** | **Comments** | +| --- | --- | --- | +|**OAA\_VAULT\_SHARE** |`$IAM_PVS/oaavaultpv`| The mount point on NFS where OAA file vault persistent volume is exported.| +|**OAA\_LOCAL\_VAULT\_SHARE** |`/nfs_volumes/oaavaultpv`| The local directory where **OAA\_VAULT\_SHARE** is mounted. It is used by the deletion procedure. | +|**OAA\_VAULT\_PWD** |`oaapassword`| The password to use for file-based vault.| + + +#### OAA OCI Vault Parameters + +| **Parameter** | **Sample Value** | **Comments** | +| --- | --- | --- | +|**OAA\_OCI\_OPER** | - | To obtain this value, encode the value of the API key that you downloaded at the time of creating the vault. See [Creating a Vault](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/preparing-oracle-cloud-infrastructure-enterprise-deployment.html).| +|**OAA\_OCI\_TENANT** |-| To obtain this value, log in to the OCI console, navigate to **Profile** and click **Tenancy**. Use the **OCID** value.| +|**OAA\_OCI\_USER** |-| To obtain this value, log in to the OCI console, navigate to **Profile** and click **Username**. Use the **OCID** value. | +|**OAA\_OCI\_FP** |-| To obtain this value, log in to the OCI console, navigate to **Profiles**, select **User Settings**, and then click **API Keys**. Use the value of the fingerprint for the API Key you created earlier. See [Creating a Vault](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/preparing-oracle-cloud-infrastructure-enterprise-deployment.html).| +|**OAA\_OCI\_COMPARTMENT** |-| To obtain this value, log in to the OCI console, navigate to **Identity and Security** and click **Compartments**. Select the compartment in which you created the vault and use the **OCID** value.| +|**OAA\_OCI\_VAULT_ID** |-| To obtain this value, log in to the OCI console, navigate to **Identity and Security** and select **Vault**. Select the vault you created earlier. See [Creating a Vault](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/preparing-oracle-cloud-infrastructure-enterprise-deployment.html). Use the **OCID** value.| +|**OAA\_OCI\_KEY** |-| To obtain this value, log in to the OCI console, navigate to **Identity and Security**, select **Vault**, and then click the vault you created earlier. See [Creating a Vault](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/preparing-oracle-cloud-infrastructure-enterprise-deployment.html). Click the key you created earlier. For example, `vaultkey`. Use the **OCID** value.| #### Ingress Parameters @@ -608,6 +655,8 @@ In some cases, you can specify your own ports. The scripts allow you to override | **Parameter** | **Sample Value** | **Comments** | | --- | --- | --- | +|**ELK\_KIBANA\_K8** |`31800`| The port to use for Kibana requests.

**Note**: This value must be within the Kubernetes service port range.| +|**ELK\_K8** |`31920`| The port to use for Elastic Search requests.

**Note**: This value must be within the Kubernetes service port range.| |**OUD\_LDAP\_K8** |`31389`| The port to use for OUD LDAP requests.

**Note**: This value must be within the Kubernetes service port range.| |**OUD\_LDAPS\_K8** |`31636`| The port to use for OUD LDAPS requests.

**Note**: This value must be within the Kubernetes service port range.| |**OUDSM\_SERVICE\_PORT** |`30901`| The port to use for OUDSM requests.

**Note**: This value must be within the Kubernetes service port range.| @@ -631,10 +680,12 @@ For reference purposes this section includes the name and function of all the ob | **Name** | **Location** | **Function** | | --- | --- | --- | -| **idm.rsp** | responsefile | Contains details of the target environment. Needs to be updated for each deployment. | +| **idm.rsp** | responsefile | Contains details of passwords used in the target environment. Needs to be updated for each deployment. | +| **.idmpwds** | responsefile | Contains details of the target environment. Needs to be updated for each deployment. | | **start\_here.sh** | | Populates the responsefile. | | **prereqchecks.sh** | | Checks the environment prior to provisioning. | -| **provision\_ingress.sh** | | Installs/configures the Ingress controller.| +| **provision\_ingress.sh** | | Installs/configures the Ingress controller.| +| **provision\_elk.sh** | | Installs/configures Elastic Search and Kibana.| | **provision.sh** | | Provisions everything | | **provision\_oud.sh** | | Installs/configures OUD. | | **provision\_oudsm.sh** | | Installs/configures OUDSM. | diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh index 3d6b93bba..55e7e0048 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh @@ -15,8 +15,10 @@ SCRIPTDIR=/home/opc/scripts RSPFILE=$SCRIPTDIR/responsefile/idm.rsp +PWDFILE=$SCRIPTDIR/responsefile/.idmpwds +. $PWDFILE . $RSPFILE -export SAMPLES_DIR=`echo $SAMPLES_REP | awk -F "/" '{print $NF}' | sed 's/.git//'` +export SAMPLES_DIR=`echo $SAMPLES_REP | awk -F "/" '{print $NF}' | sed 's/.git.*//'` SSH="ssh -q" @@ -140,13 +142,36 @@ install_operator() ST=`date +%s` print_msg "Installing Operator" + + ELK_PROTO=`echo $ELK_HOST | cut -f1 -d:` + ELK_HN=`echo $ELK_HOST | cut -f2 -d: | sed 's/\/\///'` + ELK_PORT=`echo $ELK_HOST | cut -f3 -d:` + cd $WORKDIR/samples + echo helm install weblogic-kubernetes-operator charts/weblogic-operator --namespace $OPERNS --set image=$OPER_IMAGE:$OPER_VER --set serviceAccount=$OPER_ACT \ + --set "enableClusterRoleBinding=true" \ + --set "javaLoggingLevel=FINE" \ + --set "domainNamespaceSelectionStrategy=LabelSelector" \ + --set "domainNamespaceLabelSelector=weblogic-operator\=enabled" \ + --set "elkIntegrationEnabled=$USE_ELK" \ + --set "elasticSearchHost=$ELK_PROTO://$ELK_HN" \ + --set "elasticSearchPort=$ELK_PORT" \ + --set "logStashImage=docker.elastic.co/logstash/logstash:$ELK_VER" \ + --set "createLogStashConfigMap=true" \ + --wait > $LOGDIR/install_oper.log + helm install weblogic-kubernetes-operator charts/weblogic-operator --namespace $OPERNS --set image=$OPER_IMAGE:$OPER_VER --set serviceAccount=$OPER_ACT \ --set "enableClusterRoleBinding=true" \ --set "javaLoggingLevel=FINE" \ --set "domainNamespaceSelectionStrategy=LabelSelector" \ --set "domainNamespaceLabelSelector=weblogic-operator\=enabled" \ - --wait > $LOGDIR/install_oper.log 2>&1 + --set "elkIntegrationEnabled=$USE_ELK" \ + --set "elasticSearchHost=$ELK_PROTO://$ELK_HN" \ + --set "elasticSearchPort=$ELK_PORT" \ + --set "logStashImage=docker.elastic.co/logstash/logstash:$ELK_VER" \ + --set "createLogStashConfigMap=true" \ + --wait >> $LOGDIR/install_oper.log 2>&1 + print_status $? $LOGDIR/install_oper.log ET=`date +%s` print_time STEP "Install Operator" $ST $ET >> $LOGDIR/timings.log @@ -261,7 +286,7 @@ create_service_account() kubectl create serviceaccount -n $nsp $actname >$LOGDIR/create_svc.log 2>&1 if [ $? -gt 0 ] then - grep AlreadyExists -q $LOGDIR/create_svc.log + grep "already exists" -q $LOGDIR/create_svc.log if [ $? = 0 ] then echo "Already Exists" @@ -672,6 +697,7 @@ function decode_pwd() echo $decoded_pwd } + #Replace a value in a file # replace_value() @@ -680,7 +706,6 @@ replace_value() val=$2 filename=$3 - #echo $val | sed 's/\//\\\//g' newval=$(echo $val | sed 's/\//\\\//g') sed -i 's/'$name'=.*/'$name'='"$newval"'/' $filename if [ "$?" = "1" ] @@ -709,6 +734,21 @@ replace_value2() } +#Replace a value in password file +# +replace_password() +{ + name=$1 + val=$2 + filename=$3 + + newval=$(echo $val | sed 's/\//\\\//g') + sed -i 's/'$name'=.*/'$name'='"\"$newval\""'/' $filename + if [ "$?" = "1" ] + then + echo "Error Modifying File: $filename" + fi +} global_replace_value() { val1=$1 @@ -742,7 +782,59 @@ update_variable() fi } -#Get the path and name of a docker image file +# Check Password format +# TYP=UC - Must contain a Uppercase and a Number +# TYP=UCS - Must contain a Uppercase and a Number and Symbol +# TYP=NS - Must not contain a symbol +# +function check_password () +{ +TYP=$1 +password=$2 + +LEN=$(echo ${#password}) + +RETCODE=0 + + if [ $LEN -lt 8 ]; then + + echo "$password is smaller than 8 characters" + RETCODE=1 + fi + + if [[ ! $password =~ [0-9] ]] + then + if [ "$TYP" = "UN" ] + then + echo "Password must contain a number" + RETCODE=1 + fi + fi + + if [[ ! $password =~ [A-Z] ]] && [ "$TYP" = "NS" ] + then + if [ "$TYP" = "UN" ] + then + echo "Password must contain an Uppercase Letter" + RETCODE=1 + fi + fi + + if [[ $password =~ ^[[:alnum:]]+$ ]] && [ "$TYP" = "UNS" ] + then + echo "Password Must contain a Special Character" + RETCODE=1 + fi + + if [[ ! $password =~ ^[[:alnum:]]+$ ]] && [ "$TYP" = "NS" ] + then + echo "Password Must Not contain a Special Character" + RETCODE=1 + fi + return $RETCODE +} + +#Get the path and name of a image file # function get_image_file() { @@ -903,10 +995,10 @@ check_running() while [ "$X" = "0" ] do - POD=`kubectl --namespace $NAMESPACE get pod -o wide | grep $SERVER_NAME | head -1 ` + POD=`kubectl -n $NAMESPACE get pods -o wide | grep $SERVER_NAME | head -1 ` if [ "$POD" = "" ] then - JOB_STATUS=`kubectl --namespace $NAMESPACE get pod -o wide | grep infra-domain-job | awk '{ print $3 }'` + JOB_STATUS=`kubectl -n $NAMESPACE get pod -o wide | grep infra-domain-job | awk '{ print $3 }'` if [ "$JOB_STATUS" = "Error" ] then echo "Domain Creation has an Error" @@ -916,7 +1008,7 @@ check_running() exit 1 fi PODSTATUS=`echo $POD | awk '{ print $3 }'` - RUNNING=`echo $POD | awk '{ print $2 }'` + RUNNING=`echo $POD | awk '{ print $2 }' | cut -f1 -d/` NODE=`echo $POD | awk '{ print $7 }'` if [ "$PODSTATUS" = "Error" ] @@ -941,7 +1033,7 @@ check_running() X=3 fi fi - if [ "$RUNNING" = "1/1" ] + if [ ! "$RUNNING" = "0" ] then echo " Running" X=1 @@ -983,6 +1075,33 @@ check_stopped() done } +# Check an LDAP User exists +# +check_ldap_user() +{ + userid=$1 + + ST=`date +%s` + print_msg "Checking User $userid exists in LDAP" + + LDAP_CMD="/u01/oracle/user_projects/${OUD_POD_PREFIX}-oud-ds-rs-0/OUD/bin/ldapsearch -h ${OUD_POD_PREFIX}-oud-ds-rs-lbr-ldap.${OUDNS}.svc.cluster.local -p 1389 -D" + LDAP_CMD="$LDAP_CMD ${LDAP_ADMIN_USER} -w ${LDAP_ADMIN_PWD} -b cn=${LDAP_SYSTEMIDS},${LDAP_SEARCHBASE} uid=${userid} " + + USER=`kubectl exec -n $OUDNS -ti ${OUD_POD_PREFIX}-oud-ds-rs-0 -c oud-ds-rs -- $LDAP_CMD | grep uid` + + if [ "$USER" = "" ] + then + echo "User Does not exist - Fix LDAP before continuing" + exit 1 + else + echo " Exists " + fi + + ET=`date +%s` + + print_time STEP "Start $DOMAIN_NAME Domain" $ST $ET >> $LOGDIR/timings.log +} + # Start a WebLogic Domain # start_domain() @@ -1201,4 +1320,278 @@ function check_lbr() fi } +# Change Kibana ELK Host +# +update_kibana_host() +{ + namespace=$1 + confmap=$2 + + ST=`date +%s` + print_msg "Updating Logstash Host" + kubectl get cm $confmap -n $namespace -o yaml | sed '/kind:/,$d' > $WORKDIR/kibana_cm.yaml + sed -i "s/hosts.*/hosts => [\"$ELK_HOST\"]/" $WORKDIR/kibana_cm.yaml + + echo kubectl patch cm $confmap -n $namespace --patch-file $WORKDIR/kibana_cm.yaml > $LOGDIR/update_kibana_host.log + kubectl patch cm $confmap -n $namespace --patch-file $WORKDIR/kibana_cm.yaml >> $LOGDIR/update_kibana_host.log + print_status $? $LOGDIR/update_kibana_host.log + + ET=`date +%s` + print_time STEP "Update logstash host" $ST $ET >> $LOGDIR/timings.log +} + +# Create cert Configmap +# +create_cert_cm() +{ + namespace=$1 + ST=`date +%s` + print_msg "Creating Logstash Certificate configmap" + certfile=$LOCAL_WORKDIR/ELK/ca.crt + + if [ ! -f $certfile ] + then + echo "Certificate File does not exist." + exit 1 + fi + + kubectl create configmap elk-cert --from-file=$certfile -n $namespace > $LOGDIR/logstash_cert.log 2>&1 + print_status $? $LOGDIR/logstash_cert.log + + ET=`date +%s` + print_time STEP "Creating Logstash Certificate Configmap" $ST $ET >> $LOGDIR/timings.log +} + +# Create Logstash Pod +# +create_logstash() +{ + namespace=$1 + + ST=`date +%s` + print_msg "Deploy Logstash into $namespace" + + cp $TEMPLATE_DIR/logstash.yaml $WORKDIR + + if [ "$namespace" = "$OAMNS" ] + then + PVC=${OAM_DOMAIN_NAME}-domain-pv + MP=`kubectl describe domains $OAM_DOMAIN_NAME -n $OAMNS | grep "Mount Path" | sed 's/Mount Path: //'` + update_variable "" $OAM_DOMAIN_NAME $WORKDIR/logstash.yaml + update_variable "" "$MP" $WORKDIR/logstash.yaml + elif [ "$namespace" = "$OIGNS" ] + then + PVC=${OIM_DOMAIN_NAME}-domain-pv + MP=`kubectl describe domains $OIG_DOMAIN_NAME -n $OIGNS | grep "Mount Path" | sed 's/Mount Path: //'` + update_variable "" $OIG_DOMAIN_NAME $WORKDIR/logstash.yaml + update_variable "" "$MP" $WORKDIR/logstash.yaml + elif [ "$namespace" = "$OIRINS" ] + then + update_variable "" $OIRI_DING_SHARE $WORKDIR/logstash.yaml + update_variable "" $PVSERVER $WORKDIR/logstash.yaml + elif [ "$namespace" = "$OUDNS" ] + then + update_variable "" $OUD_POD_PREFIX $WORKDIR/logstash.yaml + fi + + update_variable "" $namespace $WORKDIR/logstash.yaml + update_variable "" $ELK_VER $WORKDIR/logstash.yaml + + kubectl create -f $WORKDIR/logstash.yaml > $LOGDIR/logstash.log 2>&1 + print_status $? $LOGDIR/logstash.log + + ET=`date +%s` + print_time STEP "Update logstash host" $ST $ET >> $LOGDIR/timings.log +} + +# Deploy Elastic Search Operator +# +install_elk_operator() +{ + + ST=`date +%s` + print_msg "Deploy Elastic Search Operator" + + printf "\n\t\t\tAdd Helm Repository - " + helm repo add elastic https://helm.elastic.co > $LOGDIR/operator.log 2>&1 + print_status $? $LOGDIR/operator.log + + printf "\t\t\tUpdate Helm Repository - " + helm repo update >> $LOGDIR/operator.log 2>&1 + print_status $? $LOGDIR/operator.log + + printf "\t\t\tInstall Operator - " + + helm install elastic-operator elastic/eck-operator -n $ELKNS --create-namespace >> $LOGDIR/operator.log 2>&1 + print_status $? $LOGDIR/operator.log + + check_running $ELKNS elastic-operator + + ET=`date +%s` + print_time STEP "Deploy Elastic Search Operator" $ST $ET >> $LOGDIR/timings.log +} + +# Deploy Elastic Search and Kibana +# +deploy_elk() +{ + + ST=`date +%s` + print_msg "Create Elastic Search Cluster " + + cp $TEMPLATE_DIR/elk_cluster.yaml $WORKDIR + filename=$WORKDIR/elk_cluster.yaml + + update_variable "" $ELKNS $filename + update_variable "" $ELK_VER $filename + update_variable "" $ELK_STORAGE $filename + + kubectl create -f $filename > $LOGDIR/elk.log 2>&1 + print_status $? $LOGDIR/elk.log + + ET=`date +%s` + print_time STEP "Create Elastic Search cluster" $ST $ET >> $LOGDIR/timings.log +} + +deploy_kibana() +{ + + ST=`date +%s` + print_msg "Create Kibana" + + cp $TEMPLATE_DIR/kibana.yaml $WORKDIR + filename=$WORKDIR/kibana.yaml + + update_variable "" $ELKNS $filename + update_variable "" $ELK_VER $filename + + kubectl create -f $filename > $LOGDIR/kibana.log 2>&1 + print_status $? $LOGDIR/kibana.log + + ET=`date +%s` + print_time STEP "Create Kibana" $ST $ET >> $LOGDIR/timings.log +} + +create_elk_nodeport() +{ + + ST=`date +%s` + print_msg "Create Node Port Services" + + printf "\n\t\t\tKibana NodePort Service - " + cp $TEMPLATE_DIR/kibana_nodeport.yaml $WORKDIR + filename=$WORKDIR/kibana_nodeport.yaml + + update_variable "" $ELKNS $filename + update_variable "" $ELK_KIBANA_K8 $filename + + kubectl create -f $filename > $LOGDIR/kibana_nodeport.log 2>&1 + print_status $? $LOGDIR/kibana_nodeport.log + + printf "\t\t\tELK NodePort Service - " + cp $TEMPLATE_DIR/elk_nodeport.yaml $WORKDIR + filename=$WORKDIR/elk_nodeport.yaml + + update_variable "" $ELKNS $filename + update_variable "" $ELK_K8 $filename + + kubectl create -f $filename > $LOGDIR/elk_nodeport.log 2>&1 + print_status $? $LOGDIR/elk_nodeport.log + + ET=`date +%s` + print_time STEP "Create NodePort Services" $ST $ET >> $LOGDIR/timings.log +} + +update_elk_password() +{ + + ST=`date +%s` + print_msg "Obtain Elastic Search Password" + + ELK_PWD=`kubectl get secret elasticsearch-es-elastic-user -n $ELKNS -o go-template='{{.data.elastic | base64decode}}'` + replace_password ELK_PWD $ELK_PWD $PWDFILE + if [ "$ELK_PWD" = "" ] + then + echo "Failed to execute:kubectl get secret elasticsearch-es-elastic-user -n $ELKNS -o go-template='{{.data.elastic | base64decode}}'" > $LOGDIR/elk_pwd.log + echo "Failed - See logfile $LOGDIR/elk_pwd.log" + exit 1 + else + echo "Success" + fi + + + ET=`date +%s` + print_time STEP "Obtain ELK Password" $ST $ET >> $LOGDIR/timings.log +} + +get_elk_cert() +{ + + ST=`date +%s` + print_msg "Obtain Elastic Search Certificate" + + kubectl cp $ELKNS/elasticsearch-es-default-0:/usr/share/elasticsearch/config/http-certs/..data/ca.crt $WORKDIR/ca.crt > $LOGDIR/elk_cert.log + print_status $? $LOGDIR/elk_cert.log + + ET=`date +%s` + + print_time STEP "Obtain ELK certificate" $ST $ET >> $LOGDIR/timings.log +} + +create_elk_role() +{ + + print_msg "Creating Elastic Search Role" + ST=`date +%s` + + ROLE_NAME=logstash_writer + + ADMINURL=https://$K8_WORKER_HOST1:$ELK_K8 + + REST_API="'$ADMINURL/_security/role/$ROLE_NAME'" + + USER=`encode_pwd elastic:${ELK_PWD}` + + PUT_CURL_COMMAND="curl --location -k --request PUT " + CONTENT_TYPE="-H 'Content-Type: application/json' -H 'Authorization: Basic $USER'" + PAYLOAD="-d '{\"cluster\": [\"manage_index_templates\", \"monitor\", \"manage_ilm\"],\"indices\": [ {\"names\": [ \"logs*\" ]," + PAYLOAD=$PAYLOAD"\"privileges\": [\"write\",\"create\",\"create_index\",\"manage\",\"manage_ilm\"] } " + PAYLOAD=$PAYLOAD" ] }'" + + echo "$PUT_CURL_COMMAND $REST_API $CONTENT_TYPE $PAYLOAD" > $LOGDIR/elk_role.log 2>&1 + eval "$PUT_CURL_COMMAND $REST_API $CONTENT_TYPE $PAYLOAD" >> $LOGDIR/elk_role.log 2>&1 + grep -q "\"created\":true" $LOGDIR/elk_role.log + print_status $? $LOGDIR/elk_role.log 2>&1 + + ET=`date +%s` + print_time STEP "Create Elastic Search Role" $ST $ET >> $LOGDIR/timings.log +} + +create_elk_user() +{ + + print_msg "Creating Elastic Search User" + ST=`date +%s` + + USER_NAME=logstash_internal + + ADMINURL=https://$K8_WORKER_HOST1:$ELK_K8 + + REST_API="'$ADMINURL/_security/user/$USER_NAME'" + + USER=`encode_pwd elastic:${ELK_PWD}` + + PUT_CURL_COMMAND="curl --location -k --request PUT " + CONTENT_TYPE="-H 'Content-Type: application/json' -H 'Authorization: Basic $USER'" + PAYLOAD="-d '{\"password\": \"$ELK_USER_PWD\", \"roles\" : [ \"logstash_writer\"],\"full_name\" : \"Internal Logstash User\"" + PAYLOAD=$PAYLOAD" }'" + + echo "$PUT_CURL_COMMAND $REST_API $CONTENT_TYPE $PAYLOAD" > $LOGDIR/elk_user.log 2>&1 + eval "$PUT_CURL_COMMAND $REST_API $CONTENT_TYPE $PAYLOAD" >> $LOGDIR/elk_user.log 2>&1 + grep -q "\"created\":true" $LOGDIR/elk_user.log + print_status $? $LOGDIR/elk_user.log 2>&1 + + ET=`date +%s` + print_time STEP "Create Elastic Search User" $ST $ET >> $LOGDIR/timings.log +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oaa_functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oaa_functions.sh index 63091d9a2..91f433bc6 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oaa_functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oaa_functions.sh @@ -491,9 +491,9 @@ create_ldap_entries() update_variable "" $LDAP_ADMIN_USER $shfile update_variable "" $LDAP_ADMIN_PWD $shfile - kubectl cp $filename $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input - kubectl cp $shfile $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input - kubectl exec -ti -n $OUDNS $OUD_POD_PREFIX-oud-ds-rs-0 -- /u01/oracle/config-input/oud_add_users.sh > $LOGDIR/create_ldap.log 2>&1 + kubectl cp $filename $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input > $LOGDIR/create_ldap.log 2>&1 + kubectl cp $shfile $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input >> $LOGDIR/create_ldap.log 2>&1 + kubectl exec -ti -n $OUDNS $OUD_POD_PREFIX-oud-ds-rs-0 -c oud-ds-rs -- /u01/oracle/config-input/oud_add_users.sh >> $LOGDIR/create_ldap.log 2>&1 fi if [ $? -gt 0 ] @@ -576,8 +576,8 @@ add_existing_users() update_variable "" $OAA_ADMIN_USER $shfile update_variable "" $OAA_USER_GROUP $shfile - kubectl cp $shfile $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input - kubectl exec -ti -n $OUDNS $OUD_POD_PREFIX-oud-ds-rs-0 -- /u01/oracle/config-input/oud_add_existing_users.sh > $LOGDIR/add_existing_users.log 2>&1 + kubectl cp $shfile $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input > $LOGDIR/add_existing_users.log 2>&1 + kubectl exec -ti -n $OUDNS $OUD_POD_PREFIX-oud-ds-rs-0 -c oud-ds-rs -- /u01/oracle/config-input/oud_add_existing_users.sh >> $LOGDIR/add_existing_users.log 2>&1 fi if [ $? -gt 0 ] @@ -767,6 +767,32 @@ create_ohs_wallet() ET=`date +%s` print_time STEP "Create OHS Wallet" $ST $ET >> $LOGDIR/timings.log } + +# Deploy Coherence +# +deploy_coherence() +{ + print_msg "Deploy Coherence" + ST=`date +%s` + + printf "\n\t\t\tAdd Coherence Repository - " + helm repo add coherence https://oracle.github.io/coherence-operator/charts > $LOGDIR/deploy_coherence.log 2>&1 + print_status $? $LOGDIR/deploy_coherence.log + + printf "\t\t\tUpdate Helm Repository - " + helm repo update >> $LOGDIR/deploy_coherence.log 2>&1 + print_status $? $LOGDIR/deploy_coherence.log + + + printf "\t\t\tInstall Coherence - " + helm install -n $OAACONS coherence-operator coherence/coherence-operator >> $LOGDIR/deploy_coherence.log 2>&1 + print_status $? $LOGDIR/deploy_coherence.log + + + ET=`date +%s` + print_time STEP "Deploy Coherence" $ST $ET >> $LOGDIR/timings.log +} + # Deploy OAA # deploy_oaa() @@ -1259,9 +1285,9 @@ create_test_user() update_variable "" $LDAP_ADMIN_USER $shfile update_variable "" $LDAP_ADMIN_PWD $shfile - kubectl cp $filename $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input - kubectl cp $shfile $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input - kubectl exec -ti -n $OUDNS $OUD_POD_PREFIX-oud-ds-rs-0 -- /u01/oracle/config-input/oud_test_user.sh > $LOGDIR/create_test_user.log 2>&1 + kubectl cp $filename $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input > $LOGDIR/create_test_user.log 2>&1 + kubectl cp $shfile $OUDNS/$OUD_POD_PREFIX-oud-ds-rs-0:/u01/oracle/config-input >> $LOGDIR/create_test_user.log 2>&1 + kubectl exec -ti -n $OUDNS $OUD_POD_PREFIX-oud-ds-rs-0 -c oud-ds-rs -- /u01/oracle/config-input/oud_test_user.sh >> $LOGDIR/create_test_user.log 2>&1 fi if [ $? -gt 0 ] diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh index 5e3089260..0e401cd04 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh @@ -497,6 +497,7 @@ run_idmConfigTool() if [ $? = 0 ] then echo "Failed - Check logifle $WORKDIR/logs/configoam.log" + echo "SEVERE Error Message Detected." >> $WORKDIR/logs/configoam.log exit 1 else echo "Success" @@ -687,11 +688,11 @@ create_oam_ohs_config() print_msg "Creating OHS Config Files" OHS_PATH=$LOCAL_WORKDIR/OHS - if [ ! -d $OHS_PATH/OHS/$OHS_HOST1 ] + if [ ! -d $OHS_PATH/$OHS_HOST1 ] then mkdir -p $OHS_PATH/$OHS_HOST1 fi - if [ ! -d $OHS_PATH/OHS/$OHS_HOST2 ] + if [ ! -d $OHS_PATH/$OHS_HOST2 ] then mkdir -p $OHS_PATH/$OHS_HOST2 fi @@ -728,35 +729,12 @@ create_oam_ohs_config() fi fi - if [ ! "$OHS_HOST2" = "" ] + if [ ! "$OHS_HOST2" = "" ] then - cp $TEMPLATE_DIR/iadadmin_vh.conf $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - cp $TEMPLATE_DIR/login_vh.conf $OHS_PATH/$OHS_HOST2/login_vh.conf - update_variable "" $OHS_HOST2 $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $OHS_PORT $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $OAM_ADMIN_LBR_HOST $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $OAM_ADMIN_LBR_PORT $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $K8_WORKER_HOST1 $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $K8_WORKER_HOST2 $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $OHS_HOST2 $OHS_PATH/$OHS_HOST2/login_vh.conf - update_variable "" $OHS_PORT $OHS_PATH/$OHS_HOST2/login_vh.conf - update_variable "" $OAM_LOGIN_LBR_PROTOCOL $OHS_PATH/$OHS_HOST2/login_vh.conf - update_variable "" $OAM_LOGIN_LBR_HOST $OHS_PATH/$OHS_HOST2/login_vh.conf - update_variable "" $OAM_LOGIN_LBR_PORT $OHS_PATH/$OHS_HOST2/login_vh.conf - update_variable "" $K8_WORKER_HOST1 $OHS_PATH/$OHS_HOST2/login_vh.conf - update_variable "" $K8_WORKER_HOST2 $OHS_PATH/$OHS_HOST2/login_vh.conf - if [ "$USE_INGRESS" = "true" ] - then - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/login_vh.conf - else - update_variable "" $OAM_ADMIN_K8 $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $OAM_POLICY_K8 $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $OAM_OAM_K8 $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf - update_variable "" $OAM_OAM_K8 $OHS_PATH/$OHS_HOST2/login_vh.conf - fi + cp $OHS_PATH/$OHS_HOST1/iadadmin_vh.conf $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf + cp $OHS_PATH/$OHS_HOST1/login_vh.conf $OHS_PATH/$OHS_HOST2/login_vh.conf + sed -i "s/$OHS_HOST1/$OHS_HOST2/" $OHS_PATH/$OHS_HOST2/login_vh.conf + sed -i "s/$OHS_HOST1/$OHS_HOST2/" $OHS_PATH/$OHS_HOST2/iadadmin_vh.conf fi print_status $? @@ -780,3 +758,32 @@ copy_wg_files() ET=`date +%s` print_time STEP "Copy Webgate Artifacts to $LOCAL_WORKDIR/OHS/webgate" $ST $ET >> $LOGDIR/timings.log } + +# Create logstash configmap +# +create_logstash_cm() +{ + ST=`date +%s` + print_msg "Creating logstash Config Map" + cp $TEMPLATE_DIR/logstash_cm.yaml $WORKDIR + + update_variable "" $OAMNS $WORKDIR/logstash_cm.yaml + update_variable "" $ELK_HOST $WORKDIR/logstash_cm.yaml + update_variable "" $ELK_USER_PWD $WORKDIR/logstash_cm.yaml + + kubectl create -f $WORKDIR/logstash_cm.yaml >$LOGDIR/logstash_cm.log 2>&1 + if [ $? = 0 ] + then + echo "Success" + else + grep -q "AlreadyExists" $LOGDIR/logstash_cm.log + if [ $? = 0 ] + then + echo "Already Exists" + else + print_status 1 $LOGDIR/logstash_cm.log + fi + fi + ET=`date +%s` + print_time STEP "Create Logstash Config Map" $ST $ET >> $LOGDIR/timings.log +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh index 0eb84e491..5a342d808 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh @@ -256,6 +256,14 @@ copy_connector() ST=`date +%s` print_msg "Installing Connector into Container" + printf "\n\t\t\tCheck Connector Exists - " + if [ -d $CONNECTOR_DIR/OID-12.2.1* ] + then + echo "Success" + else + echo " Connector Bundle not found. Please download and stage before continuing" + exit 1 + fi kubectl exec -ti $OIG_DOMAIN_NAME-oim-server1 -n $OIGNS -- mkdir -p /u01/oracle/user_projects/domains/ConnectorDefaultDirectory if ! [ "$?" = "0" ] @@ -264,6 +272,7 @@ copy_connector() exit 1 fi + printf "\n\t\t\tCopy Connector to container - " kubectl cp $CONNECTOR_DIR/OID-12.2* $OIGNS/$OIG_DOMAIN_NAME-adminserver:/u01/oracle/user_projects/domains/ConnectorDefaultDirectory print_status $? @@ -542,8 +551,8 @@ generate_parameter_files() run_command_k8 $OIGNS $OIG_DOMAIN_NAME "chmod 750 /u01/oracle/idm/server/ssointg/bin/OIGOAMIntegration.sh" run_command_k8 $OIGNS $OIG_DOMAIN_NAME "chmod 750 /u01/oracle/idm/server/ssointg/bin/_OIGOAMIntegration.sh" run_command_k8 $OIGNS $OIG_DOMAIN_NAME "chmod 750 $PV_MOUNT/workdir/get_passphrase.sh" - run_command_k8 $OIGNS $OIG_DOMAIN_NAME "$PV_MOUNT/workdir/get_passphrase.sh" - print_status $? + run_command_k8 $OIGNS $OIG_DOMAIN_NAME "$PV_MOUNT/workdir/get_passphrase.sh" >> $LOGDIR/get_passphrase.log 2>&1 + print_status $? $LOGDIR/get_passphrase.log printf "\t\t\tEdit Integration File - " fi @@ -856,7 +865,7 @@ create_oig_ohs_config() then mkdir -p $OHS_PATH/$OHS_HOST1 fi - if ! [ -d $OHS_PATH/OHS/$OHS_HOST2 ] + if ! [ -d $OHS_PATH/$OHS_HOST2 ] then mkdir -p $OHS_PATH/$OHS_HOST2 fi @@ -909,50 +918,14 @@ create_oig_ohs_config() fi - if [ ! "$OHS_HOST2" = "" ] + if [ ! "$OHS_HOST2" = "" ] then - cp $TEMPLATE_DIR/igdadmin_vh.conf $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - cp $TEMPLATE_DIR/prov_vh.conf $OHS_PATH/$OHS_HOST2/prov_vh.conf - cp $TEMPLATE_DIR/igdinternal_vh.conf $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $OHS_HOST2 $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - update_variable "" $OHS_PORT $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - update_variable "" $OIG_ADMIN_LBR_HOST $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - update_variable "" $OIG_ADMIN_LBR_PORT $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - update_variable "" $K8_WORKER_HOST1 $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - update_variable "" $K8_WORKER_HOST2 $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - - update_variable "" $OHS_HOST2 $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $OHS_PORT $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $OIG_LBR_PROTOCOL $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $OIG_LBR_HOST $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $OIG_LBR_PORT $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $K8_WORKER_HOST1 $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $K8_WORKER_HOST2 $OHS_PATH/$OHS_HOST2/prov_vh.conf - - update_variable "" $OHS_HOST2 $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $OHS_PORT $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $OIG_LBR_INT_PROTOCOL $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $OIG_LBR_INT_HOST $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $OIG_LBR_INT_PORT $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $K8_WORKER_HOST1 $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $K8_WORKER_HOST2 $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - - if [ "$USE_INGRESS" = "true" ] - then - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $INGRESS_HTTP_PORT $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - else - update_variable "" $OIG_OIM_PORT_K8 $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - update_variable "" $OIG_OIM_PORT_K8 $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $OIG_SOA_PORT_K8 $OHS_PATH/$OHS_HOST2/prov_vh.conf - update_variable "" $OIG_OIM_PORT_K8 $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $OIG_SOA_PORT_K8 $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf - update_variable "" $OIG_ADMIN_K8 $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf - fi + cp $OHS_PATH/$OHS_HOST1/igdadmin_vh.conf $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf + cp $OHS_PATH/$OHS_HOST1/prov_vh.conf $OHS_PATH/$OHS_HOST2/prov_vh.conf + cp $OHS_PATH/$OHS_HOST1/igdinternal_vh.conf $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf + sed -i "s/$OHS_HOST1/$OHS_HOST2/" $OHS_PATH/$OHS_HOST2/igdadmin_vh.conf + sed -i "s/$OHS_HOST1/$OHS_HOST2/" $OHS_PATH/$OHS_HOST2/prov_vh.conf + sed -i "s/$OHS_HOST1/$OHS_HOST2/" $OHS_PATH/$OHS_HOST2/igdinternal_vh.conf fi print_status $? @@ -960,3 +933,32 @@ create_oig_ohs_config() ET=`date +%s` print_time STEP "Creating OHS config" $ST $ET >> $LOGDIR/timings.log } + +# Create logstash configmap +# +create_logstash_cm() +{ + ST=`date +%s` + print_msg "Creating logstash Config Map" + cp $TEMPLATE_DIR/logstash_cm.yaml $WORKDIR + + update_variable "" $OIGNS $WORKDIR/logstash_cm.yaml + update_variable "" $ELK_HOST $WORKDIR/logstash_cm.yaml + update_variable "" $ELK_USER_PWD $WORKDIR/logstash_cm.yaml + + kubectl create -f $WORKDIR/logstash_cm.yaml >$LOGDIR/logstash_cm.log 2>&1 + if [ $? = 0 ] + then + echo "Success" + else + grep -q "AlreadyExists" $LOGDIR/logstash_cm.log + if [ $? = 0 ] + then + echo "Already Exists" + else + print_status 1 $LOGDIR/logstash_cm.log + fi + fi + ET=`date +%s` + print_time STEP "Create Logstash Config Map" $ST $ET >> $LOGDIR/timings.log +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oiri_functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oiri_functions.sh index 7bcddde76..9acbb5727 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oiri_functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oiri_functions.sh @@ -652,3 +652,31 @@ create_ohs_entries() ET=`date +%s` print_time STEP "Create OHS Entries" $ST $ET >> $LOGDIR/timings.log } + +# Create logstash configmap +# +create_logstash_cm() +{ + ST=`date +%s` + print_msg "Creating logstash Config Map" + cp $TEMPLATE_DIR/logstash_cm.yaml $WORKDIR + + update_variable "" $OIRINS $WORKDIR/logstash_cm.yaml + update_variable "" $ELK_HOST $WORKDIR/logstash_cm.yaml + + kubectl create -f $WORKDIR/logstash_cm.yaml >$LOGDIR/logstash_cm.log 2>&1 + if [ $? = 0 ] + then + echo "Success" + else + grep -q "AlreadyExists" $LOGDIR/logstash_cm.log + if [ $? = 0 ] + then + echo "Already Exists" + else + print_status 1 $LOGDIR/logstash_cm.log + fi + fi + ET=`date +%s` + print_time STEP "Create Logstash Config Map" $ST $ET >> $LOGDIR/timings.log +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oud_functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oud_functions.sh index e5856110a..8b43ac072 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oud_functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oud_functions.sh @@ -1,5 +1,5 @@ # Copyright (c) 2021, 2022, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example of the checks that can be performed before Provisioning Identity Management # to reduce the likelihood of provisioning failing. @@ -14,7 +14,7 @@ edit_seedfile() { ST=`date +%s` print_msg "Creating Seedfile" - cp $TEMPLATES_DIR/base.ldif $WORKDIR + cp $TEMPLATE_DIR/base.ldif $WORKDIR SEEDFILE=$WORKDIR/base.ldif @@ -49,7 +49,7 @@ create_override() { ST=`date +%s` print_msg "Creating Helm Override file" - cp $TEMPLATES_DIR/override_oud.yaml $WORKDIR + cp $TEMPLATE_DIR/override_oud.yaml $WORKDIR OVERRIDE_FILE=$WORKDIR/override_oud.yaml update_variable "" $LDAP_SEARCHBASE $OVERRIDE_FILE update_variable "" $LDAP_ADMIN_USER $OVERRIDE_FILE @@ -62,6 +62,7 @@ create_override() update_variable "" $OUD_IMAGE $OVERRIDE_FILE update_variable "" $OUD_VER $OVERRIDE_FILE update_variable "" $USE_INGRESS $OVERRIDE_FILE + update_variable "" $OUDSM_INGRESS_HOST $OVERRIDE_FILE KUBERNETES_VER=`kubectl version --short=true | grep Server | cut -f2 -d: | cut -f1 -d + | sed 's/ v//' | cut -f 1-3 -d.` @@ -74,13 +75,44 @@ create_override() print_time STEP "Create Helm Override File" $ST $ET >> $LOGDIR/timings.log } +# Create a logstash Configmap +# +update_logstash() +{ + ST=`date +%s` + print_msg "Updating Logstash to point to $ELK_HOST" + printf "\n\t\t\tCreating config map yaml - " + cp $TEMPLATE_DIR/logstash_cm.yaml $WORKDIR + FILENAME=$WORKDIR/logstash_cm.yaml + update_variable "" $OUDNS $FILENAME + update_variable "" $OUD_POD_PREFIX $FILENAME + update_variable "" $ELK_HOST $FILENAME + update_variable "" $ELK_USER_PWD $FILENAME + echo "Success" + + printf "\t\t\tDeleting existing config map - " + kubectl delete cm -n $OUDNS ${OUD_POD_PREFIX}-oud-ds-rs-logstash-configmap > $LOGDIR/logstash.log 2>&1 + print_status $? $LOGDIR/logstash.log + printf "\t\t\tCreating new config map - " + kubectl create -f $FILENAME >> $LOGDIR/logstash.log 2>&1 + print_status $? $LOGDIR/logstash.log + + LOGPOD=`kubectl get pod -n $OUDNS -o wide | grep oud-ds-rs-kibana | awk '{ print $1 }'` + printf "\t\t\tRestarting Pod $LOGPOD - " + kubectl delete pod -n $OUDNS $LOGPOD > $LOGDIR/restart_kibana.log 2>&1 + print_status $? $LOGDIR/restart_kibana.log + + ET=`date +%s` + print_time STEP "Updating Logstash to use central ELK" $ST $ET >> $LOGDIR/timings.log +} + # Create a Nginx override file # create_nginx_override() { ST=`date +%s` print_msg "Creating NGINX Override file" - cp $TEMPLATES_DIR/oud_nginx.yaml $WORKDIR + cp $TEMPLATE_DIR/oud_nginx.yaml $WORKDIR OVERRIDE_FILE=$WORKDIR/oud_nginx.yaml update_variable "" $OUDNS $OVERRIDE_FILE update_variable "" $OUD_POD_PREFIX $OVERRIDE_FILE @@ -99,13 +131,13 @@ copy_files_to_share() { ST=`date +%s` print_msg "Copy files to local share" - cp $SEEDFILE $OUD_LOCAL_SHARE - cp $TEMPLATES_DIR/99-user.ldif $OUD_LOCAL_SHARE - chmod 777 $OUD_LOCAL_SHARE/*.ldif + cp $SEEDFILE $OUD_LOCAL_CONFIG_SHARE + cp $TEMPLATE_DIR/99-user.ldif $OUD_LOCAL_CONFIG_SHARE + chmod 777 $OUD_LOCAL_CONFIG_SHARE/*.ldif print_status $? printf "\t\t\tCopy Helm Files to Local Share - " - cp -r $WORKDIR/samples/kubernetes/helm/* $OUD_LOCAL_SHARE + cp -r $WORKDIR/samples/kubernetes/helm/* $OUD_LOCAL_CONFIG_SHARE print_status $? ET=`date +%s` @@ -120,7 +152,7 @@ create_oud() ST=`date +%s` print_msg "Use Helm to create OUD" - rm -f $OUD_LOCAL_SHARE/rejects.ldif $OUD_LOCAL_SHARE/skip.ldif 2> /dev/null > /dev/null + rm -f $OUD_LOCAL_CONFIG_SHARE/rejects.ldif $OUD_LOCAL_CONFIG_SHARE/skip.ldif 2> /dev/null > /dev/null cd $WORKDIR/samples/kubernetes/helm/ helm install --namespace $OUDNS --values $WORKDIR/override_oud.yaml $OUD_POD_PREFIX oud-ds-rs > $LOGDIR/create_oud.log 2>&1 print_status $? $LOGDIR/create_oud.log @@ -156,7 +188,7 @@ create_oud_nodeport() { ST=`date +%s` print_msg "Create OUD Nodeport Services" - cp $TEMPLATES_DIR/oud_nodeport.yaml $WORKDIR + cp $TEMPLATE_DIR/oud_nodeport.yaml $WORKDIR update_variable "" $OUDNS $WORKDIR/oud_nodeport.yaml update_variable "" $OUD_POD_PREFIX $WORKDIR/oud_nodeport.yaml update_variable "" $OUD_LDAP_K8 $WORKDIR/oud_nodeport.yaml @@ -180,32 +212,44 @@ validate_oud() echo "" >> $LOGDIR/validate_oud.log FAIL=0 - printf "\n\t\t\tChecking for Import Errors - " - grep -q ERROR $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log + printf "\n\t\t\tChecking for Creation Errors - " + grep -q SEVERE_ERROR $LOGDIR/${OUD_POD_PREFIX}-oud-ds-rs-0.log if [ $? = 0 ] then - echo "Import Errors Found check logfile $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log" - echo "Import Errors Found check logfile $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log" >> $LOGDIR/validate_oud.log + echo "SEVERE Errors Found check logfile $LOGDIR/${OUD_POD_PREFIX}-oud-ds-rs-0.log" + echo "SEVERE Errors Found check logfile $LOGDIR/${OUD_POD_PREFIX}-oud-ds-rs-0.log" >> $LOGDIR/validate_oud.log + FAIL=1 + else + echo "No Errors" + echo "No Creation Errors discovered" >> $LOGDIR/validate_oud.log + fi + + printf "\t\t\tChecking for Import Errors - " + grep -q ERROR $OUD_LOCAL_SHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log + if [ $? = 0 ] + then + echo "Import Errors Found check logfile $OUD_LOCAL_SHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log" + echo "Import Errors Found check logfile $OUD_LOCAL_SHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log" >> $LOGDIR/validate_oud.log FAIL=1 else echo "No Errors" echo "No Import Errors discovered" >> $LOGDIR/validate_oud.log fi printf "\t\t\tChecking for Rejects - " - if [ -s $OUD_LOCAL_SHARE/rejects.ldif ] + if [ -s $OUD_LOCAL_CONFIG_SHARE/rejects.ldif ] then - echo "Rejects found check File: $OUD_LOCAL_SHARE/rejects.ldif" - echo "Rejects found check File: $OUD_LOCAL_SHARE/rejects.ldif" >> $LOGDIR/validate_oud.log + echo "Rejects found check File: $OUD_LOCAL_CONFIG_SHARE/rejects.ldif" + echo "Rejects found check File: $OUD_LOCAL_CONFIG_SHARE/rejects.ldif" >> $LOGDIR/validate_oud.log FAIL=1 else echo "No Rejects found" echo "No Reject Errors discovered" >> $LOGDIR/validate_oud.log fi printf "\t\t\tChecking for Skipped Records - " - if [ -s $OUD_LOCAL_SHARE/skip.ldif ] + if [ -s $OUD_LOCAL_CONFIG_SHARE/skip.ldif ] then - echo "Skipped Records found check File: $OUD_LOCAL_SHARE/skip.ldif" - echo "Skipped Records found check File: $OUD_LOCAL_SHARE/skip.ldif" >> $LOGDIR/validate_oud.log + echo "Skipped Records found check File: $OUD_LOCAL_CONFIG_SHARE/skip.ldif" + echo "Skipped Records found check File: $OUD_LOCAL_CONFIG_SHARE/skip.ldif" >> $LOGDIR/validate_oud.log FAIL=1 else echo "No Skipped Records found" @@ -215,14 +259,13 @@ validate_oud() if [ "$FAIL" = "1" ] then - printf "\n\t\t\tOUD Vaildation Failed\n" + printf "\t\t\tOUD Validation Failed\n" exit 1 else - printf "\n\t\t\tOUD Vaildation Succeeded\n" + printf "\t\t\tOUD Validation Succeeded\n" fi - ET=`date +%s` print_time STEP "Validating OUD" $ST $ET >> $LOGDIR/timings.log } @@ -244,6 +287,7 @@ create_oudsm_override() update_variable "" $OUDSM_IMAGE $WORKDIR/override_oudsm.yaml update_variable "" $OUDSM_VER $WORKDIR/override_oudsm.yaml update_variable "" $USE_INGRESS $WORKDIR/override_oudsm.yaml + update_variable "" $PVSERVER $WORKDIR/override_oudsm.yaml update_variable "" $OUDSM_INGRESS_HOST $WORKDIR/override_oudsm.yaml echo "Success" @@ -340,17 +384,77 @@ create_oudsm_ohs_entries() OHSHOST1FILES=$LOCAL_WORKDIR/OHS/$OHS_HOST1 OHSHOST2FILES=$LOCAL_WORKDIR/OHS/$OHS_HOST2 + echo "$CONFFILE Created" + if [ -d $OHSHOST1FILES ] then - printf "Copying to $OHSHOST1FILES" + printf "\t\t\tCopying to $OHSHOST1FILES - " cp $CONFFILE $OHSHOST1FILES + print_status $? fi if [ -d $OHSHOST2FILES ] then - printf "Copying to $OHSHOST2FILES" + printf "\t\t\tCopying to $OHSHOST2FILES - " cp $CONFFILE $OHSHOST2FILES + print_status $? fi - echo "$CONFFILE Created" ET=`date +%s` print_time STEP "Create OHS Entries" $ST $ET >> $LOGDIR/timings.log } + +# Create logstash configmap +# +create_oud_logstash_cm() +{ + ST=`date +%s` + print_msg "Creating logstash Config Map" + + cp $TEMPLATE_DIR/logstash_cm.yaml $WORKDIR + + update_variable "" $OUDNS $WORKDIR/logstash_cm.yaml + update_variable "" $ELK_HOST $WORKDIR/logstash_cm.yaml + update_variable "" $ELK_USER_PWD $WORKDIR/logstash_cm.yaml + + kubectl create -f $WORKDIR/logstash_cm.yaml >$LOGDIR/logstash_cm.log 2>&1 + if [ $? = 0 ] + then + echo "Success" + else + grep -q "AlreadyExists" $LOGDIR/logstash_cm.log + if [ $? = 0 ] + then + echo "Already Exists" + else + print_status 1 $LOGDIR/logstash_cm.log + fi + fi + ET=`date +%s` + print_time STEP "Create Logstash Config Map" $ST $ET >> $LOGDIR/timings.log +} + +create_oudsm_logstash_cm() +{ + ST=`date +%s` + print_msg "Creating logstash Config Map" + cp $TEMPLATE_DIR/logstash_cm.yaml $WORKDIR + + update_variable "" $OUDNS $WORKDIR/logstash_cm.yaml + update_variable "" $ELK_HOST $WORKDIR/logstash_cm.yaml + update_variable "" $ELK_USER_PWD $WORKDIR/logstash_cm.yaml + + kubectl create -f $WORKDIR/logstash_cm.yaml >$LOGDIR/logstash_cm.log 2>&1 + if [ $? = 0 ] + then + echo "Success" + else + grep -q "AlreadyExists" $LOGDIR/logstash_cm.log + if [ $? = 0 ] + then + echo "Already Exists" + else + print_status 1 $LOGDIR/logstash_cm.log + fi + fi + ET=`date +%s` + print_time STEP "Create Logstash Config Map" $ST $ET >> $LOGDIR/timings.log +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/prereqchecks.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/prereqchecks.sh index 9d8851d97..57d3517c2 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/prereqchecks.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/prereqchecks.sh @@ -20,30 +20,33 @@ echo "* Performing Pre-requisite checks *" echo "* *" echo "***********************************" echo +FAIL=0 +WARN=0 echo "Performing General Checks" echo "-------------------------" if [ "$INSTALL_OUD" = "true" ] && [ "$INSTALL_OID" = "true" ] then echo "Install OUD or OID but not both." - exit 1 + FAIL=$((FAIL+1)) fi if [ "$INSTALL_OAM" = "true" ] && [ ! "$INSTALL_WLSOPER" = "true" ] then echo "Install OAM requires Installation of the WebLogic Operator" - exit 1 + FAIL=$((FAIL+1)) fi if [ "$INSTALL_OIG" = "true" ] && [ ! "$INSTALL_WLSOPER" = "true" ] then echo "Install OAM requires Installation of the WebLogic Operator" - exit 1 + FAIL=$((FAIL+1)) fi if [ "USE_INGRESS" = "true" ] && [ ! "$INSTALL_INGRESS" = "true" ] then echo "You have requested Ingress but are not Installing it - WARNING" + WARN=$((WARN+1)) fi if [ ! "$USE_REGISTRY" = "true" ] @@ -54,13 +57,20 @@ then echo "Success" else echo "Directory Does not exist" - exit 1 + FAIL=$((FAIL+1)) fi else REG=`echo $REGISTRY | cut -f1 -d \/` echo -n "Checking Container Registry $REG is reachable : " nc -z $REG 443 - print_status $? + + if [ "$?" = "0" ] + then + echo "Success" + else + echo "Failed" + FAIL=$((FAIL+1)) + fi fi echo -n "Checking Local Working Directory : " @@ -75,7 +85,7 @@ else echo ".. Success" else echo ".. Failed" - exit 1 + FAIL=$((FAIL+1)) fi fi @@ -96,7 +106,7 @@ then check_image_exists $OUD_IMAGE $OUD_VER if [ $? -gt 0 ] then - RETCODE=1 + FAIL=$((FAIL+1)) fi fi if [ "$INSTALL_OUDSM" = "true" ] @@ -104,7 +114,7 @@ then check_image_exists $OUDSM_IMAGE $OUDSM_VER if [ $? -gt 0 ] then - RETCODE=1 + FAIL=$((FAIL+1)) fi fi if [ "$INSTALL_OAM" = "true" ] @@ -112,7 +122,7 @@ then check_image_exists $OAM_IMAGE $OAM_VER if [ $? -gt 0 ] then - RETCODE=1 + FAIL=$((FAIL+1)) fi fi @@ -121,7 +131,7 @@ then check_image_exists $OIG_IMAGE $OIG_VER if [ $? -gt 0 ] then - RETCODE=1 + FAIL=$((FAIL+1)) fi fi @@ -130,8 +140,8 @@ then check_image_exists $OPER_IMAGE $OPER_VER if [ $? -gt 0 ] then - RETCODE=1 - fi + FAIL=$((FAIL+1)) + fi fi @@ -140,22 +150,22 @@ then check_image_exists $OIRI_IMAGE $OIRI_VER if [ $? -gt 0 ] then - RETCODE=1 + FAIL=$((FAIL+1)) fi check_image_exists $OIRI_CLI_IMAGE $OIRICLI_VER if [ $? -gt 0 ] then - RETCODE=1 + FAIL=$((FAIL+1)) fi check_image_exists $OIRI_UI_IMAGE $OIRIUI_VER if [ $? -gt 0 ] then - RETCODE=1 + FAIL=$((FAIL+1)) fi check_image_exists $OIRI_DING_IMAGE $OIRIDING_VER if [ $? -gt 0 ] then - RETCODE=1 + FAIL=$((FAIL+1)) fi fi @@ -164,16 +174,10 @@ then check_image_exists $OAA_MGT_IMAGE $OAAMGT_VER if [ $? -gt 0 ] then - RETCODE=1 + FAIL=$((FAIL+1)) fi fi - if [ $RETCODE = 1 ] - then - echo - echo "Load images on each worker node or enable CREATE_REGCRED" - exit 1 - fi fi # Check Load Balancers are set up @@ -188,12 +192,12 @@ then if ! check_lbr $OAM_LOGIN_LBR_HOST $OAM_LOGIN_LBR_PORT then echo "Setup $OAM_LOGIN_LBR_HOST:$OAM_LOGIN_LBR_HOST Before continuing." - RETCODE=1 + FAIL=$((FAIL+1)) fi if ! check_lbr $OAM_ADMIN_LBR_HOST $OAM_ADMIN_LBR_PORT then echo "Setup $OAM_ADMIN_LBR_HOST:$OAM_ADMIN_LBR_HOST Before continuing." - RETCODE=1 + FAIL=$((FAIL+1)) fi fi @@ -202,17 +206,18 @@ then if ! check_lbr $OIG_LBR_HOST $OIG_LBR_PORT then echo "Setup $OIG_LBR_HOST:$OIG_LBR_HOST Before continuing." - RETCODE=1 + FAIL=$((FAIL+1)) fi if ! check_lbr $OIG_ADMIN_LBR_HOST $OIG_ADMIN_LBR_PORT then echo "Setup $OIG_ADMIN_LBR_HOST:$OIG_ADMIN_LBR_HOST Before continuing." - RETCODE=1 + FAIL=$((FAIL+1)) fi + if ! check_lbr $OIG_LBR_INT_HOST $OIG_LBR_INT_PORT then echo "Setup $OIG_LBR_INT_HOST:$OIG_LBR_INT_PORT Before continuing. It is OK to ignore this one if running on a deployment host" - RETCODE=1 + WARN=$((WARN+1)) fi fi @@ -226,28 +231,52 @@ if [ "$INSTALL_OAM" = "true" ] then echo -n "Checking OAM Database : " nc -z $OAM_DB_SCAN $OAM_DB_LISTENER - print_status $? + if [ $? = 0 ] + then + echo "Success" + else + echo "Failed" + FAIL=$((FAIL+1)) + fi fi if [ "$INSTALL_OIG" = "true" ] then echo -n "Checking OIG Database : " nc -z $OIG_DB_SCAN $OIG_DB_LISTENER - print_status $? + if [ $? = 0 ] + then + echo "Success" + else + echo "Failed" + FAIL=$((FAIL+1)) + fi fi if [ "$INSTALL_OIRI" = "true" ] then echo -n "Checking OIRI Database : " nc -z $OIRI_DB_SCAN $OIRI_DB_LISTENER - print_status $? + if [ $? = 0 ] + then + echo "Success" + else + echo "Failed" + FAIL=$((FAIL+1)) + fi fi if [ "$INSTALL_OAA" = "true" ] then echo -n "Checking OAA Database : " nc -z $OAA_DB_SCAN $OAA_DB_LISTENER - print_status $? + if [ $? = 0 ] + then + echo "Success" + else + echo "Failed" + FAIL=$((FAIL+1)) + fi fi @@ -259,43 +288,160 @@ echo "------------------------------------------------" if [ "$INSTALL_OUD" = "true" ] then echo -n "Checking local OUD config dir exists : " - if [ -d $OUD_LOCAL_SHARE ] + if [ -d $OUD_LOCAL_CONFIG_SHARE ] then echo "Success" else echo -n "Directory Does not exist - Creating" - mkdir -p $OUD_LOCAL_SHARE + mkdir -p $OUD_LOCAL_CONFIG_SHARE if [ $? = 0 ] then echo ".. Success" else echo ".. Failed" - exit 1 + FAIL=$((FAIL+1)) fi fi echo -n "Checking local OUD config dir is mounted : " - df -k | grep -q $OUD_LOCAL_SHARE + df -k | grep -q $OUD_LOCAL_CONFIG_SHARE if [ $? = 0 ] then echo "Success" else echo "Fail" echo "The OUD config directory must be mounted locally so configuration files can be copied to it." - exit 1 + FAIL=$((FAIL+1)) fi echo -n "Checking local OUD config dir is writeable : " - if [ -w "$OUD_LOCAL_SHARE" ] + if [ -w "$OUD_LOCAL_CONFIG_SHARE" ] then echo "Success" else echo "Failed" echo "The OUD config directory must be writeable locally so configuration files can be copied to it." - exit 1 + FAIL=$((FAIL+1)) + fi + + echo -n "Checking LDAP User Password Format : " + if check_password "UN" $LDAP_USER_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) fi fi - +# OUDSM CHECKS +echo "" +echo "Checking Oracle Unified Directory " +echo "----------------------------------" +echo +if [ "$INSTALL_OUDSM" = "true" ] +then + echo -n "Checking local OUDSM dir exists : " + if [ -d $OUDSM_LOCAL_SHARE ] + then + echo "Success" + else + echo -n "Directory Does not exist - Creating" + mkdir -p $OUDSM_LOCAL_SHARE + if [ $? = 0 ] + then + echo ".. Success" + else + echo ".. Failed" + FAIL=$((FAIL+1)) + fi + fi + + echo -n "Checking local OUDSM dir is mounted : " + df -k | grep -q $OUDSM_LOCAL_SHARE + if [ $? = 0 ] + then + echo "Success" + else + echo "Warning" + echo "The OUDSM directory must be mounted locally to run delete_oudsm" + FAIL=$((FAIL+1)) + fi + + echo -n "Checking local OUDSM dir is writeable : " + if [ -w "$OUDSM_LOCAL_SHARE" ] + then + echo "Success" + else + echo "Failed" + echo "The OUDSM config directory must be writeable. " + FAIL=$((FAIL+1)) + fi + echo -n "Checking OUDSM Admin Password Format : " + if check_password "UN" $OUDSM_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi +fi + +# OAM CHECKS +echo "" +echo "Checking Oracle Access Manager" +echo "------------------------------" +echo +if [ "$INSTALL_OAM" = "true" ] +then + echo -n "Checking local OAM dir exists : " + if [ -d $OAM_LOCAL_SHARE ] + then + echo "Success" + else + echo -n "Directory Does not exist - Creating" + mkdir -p $OAM_LOCAL_SHARE + if [ $? = 0 ] + then + echo ".. Success" + else + echo ".. Failed" + WARN=$((WARN+1)) + fi + fi + + echo -n "Checking local OAM dir is mounted : " + df -k | grep -q $OAM_LOCAL_SHARE + if [ $? = 0 ] + then + echo "Success" + else + echo "Warning" + echo "The OAM directory must be mounted locally to run delete_oam" + WARN=$((WARN+1)) + fi + + echo -n "Checking local OAM dir is writeable : " + if [ -w "$OAM_LOCAL_SHARE" ] + then + echo "Success" + else + echo "Failed" + echo "The OAM config directory must be writeable. " + WARN=$((WARN+1)) + fi + echo -n "Checking OAM Schema Password Format : " + if check_password "UNS" $OAM_SCHEMA_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + echo -n "Checking OAM WebLogic Password Format : " + if check_password "UN" $OAM_WEBLOGIC_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi +fi # OIG CHECKS echo "" @@ -312,9 +458,59 @@ then echo "Success" else echo " Connector Bundle not found. Please download and stage before continuing" - exit 1 + FAIL=$((FAIL+1)) fi fi + echo -n "Checking local OIG dir exists : " + if [ -d $OIG_LOCAL_SHARE ] + then + echo "Success" + else + echo -n "Directory Does not exist - Creating" + mkdir -p $OIG_LOCAL_SHARE + if [ $? = 0 ] + then + echo ".. Success" + else + echo ".. Failed" + WARN=$((WARN+1)) + fi + fi + + echo -n "Checking local OIG dir is mounted : " + df -k | grep -q $OIG_LOCAL_SHARE + if [ $? = 0 ] + then + echo "Success" + else + echo "Warning" + echo "The OIG directory must be mounted locally to run delete_oig" + WARN=$((WARN+1)) + fi + + echo -n "Checking local OIG dir is writeable : " + if [ -w "$OIG_LOCAL_SHARE" ] + then + echo "Success" + else + echo "Failed" + echo "The OIG config directory must be writeable. " + WARN=$((WARN+1)) + fi + echo -n "Checking OIG Schema Password Format : " + if check_password "UNS" $OIG_SCHEMA_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + echo -n "Checking OIG WebLogic Password Format : " + if check_password "UN" $OIG_WEBLOGIC_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi fi # OIRI CHECKS @@ -333,31 +529,31 @@ then mkdir -p $OIRI_LOCAL_SHARE if [ $? = 0 ] then - echo ".. Success" + echo ".. Success" else - echo ".. Failed" - exit 1 + echo ".. Failed" + FAIL=$((FAIL+1)) fi fi echo -n "Checking local OIRI config dir is mounted : " df -k | grep -q $OIRI_LOCAL_SHARE if [ $? = 0 ] then - echo "Success" + echo "Success" else - echo "Fail" - echo "The OIRI config directory must be mounted Locally" - exit 1 + echo "Fail" + echo "The OIRI config directory must be mounted Locally" + FAIL=$((FAIL+1)) fi echo -n "Checking local OIRI config dir is writeable : " if [ -w "$OIRI_LOCAL_SHARE" ] then - echo "Success" + echo "Success" else - echo "Failed" - echo "The OIRI config directory must be writeable " - exit 1 + echo "Failed" + echo "The OIRI config directory must be writeable " + FAIL=$((FAIL+1)) fi echo -n "Checking local OIRI Ding dir exists : " @@ -372,28 +568,61 @@ then echo ".. Success" else echo ".. Failed" - exit 1 + FAIL=$((FAIL+1)) fi fi + echo -n "Checking local OIRI Ding dir is mounted : " df -k | grep -q $OIRI_DING_LOCAL_SHARE if [ $? = 0 ] then echo "Success" else - echo "Fail" - echo "The OIRI config directory must be mounted Locally" - exit 1 + echo "Fail" + echo "The OIRI config directory must be mounted Locally" + FAIL=$((FAIL+1)) fi echo -n "Checking local OIRI ding dir is writeable : " if [ -w "$OIRI_DING_LOCAL_SHARE" ] then - echo "Success" + echo "Success" else - echo "Failed" - echo "The OIRI config directory must be writeable " - exit 1 + echo "Failed" + echo "The OIRI config directory must be writeable " + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OIRI Schema Password Format : " + if check_password "UNS" $OIRI_SCHEMA_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OIRI Keystore Password Format : " + if check_password "UN" $OIRI_KEYSTORE_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OIRI Engineer Password Format : " + if check_password "UN" $OIRI_ENG_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OIRI Service Password Format : " + if check_password "UN" $OIRI_SERVICE_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) fi fi @@ -417,7 +646,7 @@ then echo ".. Success" else echo ".. Failed" - exit 1 + FAIL=$((FAIL+1)) fi fi echo -n "Checking local OAA config dir is mounted : " @@ -428,7 +657,7 @@ then else echo "Fail" echo "The OAA config directory must be mounted Locally" - exit 1 + FAIL=$((FAIL+1)) fi echo -n "Checking local OAA config dir is writeable : " @@ -438,7 +667,7 @@ then else echo "Failed" echo "The OAA config directory must be writeable " - exit 1 + FAIL=$((FAIL+1)) fi echo -n "Checking local OAA Credential Store dir exists : " @@ -453,7 +682,7 @@ then echo ".. Success" else echo ".. Failed" - exit 1 + FAIL=$((FAIL+1)) fi fi echo -n "Checking local OAA Credential dir is mounted : " @@ -464,7 +693,7 @@ then else echo "Fail" echo "The OAA Credential directory must be mounted Locally" - exit 1 + FAIL=$((FAIL+1)) fi echo -n "Checking local OAA Credential dir is writeable : " @@ -472,9 +701,9 @@ then then echo "Success" else - echo "Failed" - echo "The OAA Credential directory must be writeable " - exit 1 + echo "Failed" + echo "The OAA Credential directory must be writeable " + FAIL=$((FAIL+1)) fi echo -n "Checking local OAA Log dir exists : " @@ -489,9 +718,10 @@ then echo ".. Success" else echo ".. Failed" - exit 1 + FAIL=$((FAIL+1)) fi fi + echo -n "Checking local OAA Log dir is mounted : " df -k | grep -q $OAA_LOCAL_LOG_SHARE if [ $? = 0 ] @@ -500,7 +730,7 @@ then else echo "Fail" echo "The OAA Log directory must be mounted Locally" - exit 1 + FAIL=$((FAIL+1)) fi echo -n "Checking local OAA Log dir is writeable : " @@ -510,7 +740,7 @@ then else echo "Failed" echo "The OAA Log directory must be writeable " - exit 1 + FAIL=$((FAIL+1)) fi if [ "$OAA_VAULT_TYPE" = "file" ] @@ -527,7 +757,7 @@ then echo ".. Success" else echo ".. Failed" - exit 1 + FAIL=$((FAIL+1)) fi fi echo -n "Checking local OAA Vault dir is mounted : " @@ -538,7 +768,7 @@ then else echo "Fail" echo "The OAA Vault directory must be mounted Locally" - exit 1 + FAIL=$((FAIL+1)) fi echo -n "Checking local OAA Vault dir is writeable : " @@ -548,8 +778,106 @@ then else echo "Failed" echo "The OAA Vault directory must be writeable " - exit 1 + FAIL=$((FAIL+1)) fi fi + + echo -n "Checking OAA Schema Password Format : " + if check_password "UNS" $OAA_SCHEMA_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OAA User Password Format : " + if check_password "UN" $OAA_USER_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OAA Admin Password Format : " + if check_password "UN" $OAA_ADMIN_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OAA Keystore Password Format : " + if check_password "UN" $OAA_KEYSTORE_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OAA OAuth Password Format : " + if check_password "NS" $OAA_OAUTH_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OAA API Password Format : " + if check_password "UN" $OAA_API_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OAA Policy Password Format : " + if check_password "UN" $OAA_POLICY_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OAA API Password Format : " + if check_password "UN" $OAA_API_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OAA Factor Password Format : " + if check_password "UN" $OAA_FACT_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi + + echo -n "Checking OAA Vault Password Format : " + if check_password "UN" $OAA_VAULT_PWD + then + echo "Success" + else + FAIL=$((FAIL+1)) + fi fi + +echo +echo "Summary" +echo "--------------------" +echo +if [ $FAIL = 0 ] +then + echo "All checks Passed" +else + echo "$FAIL checks Failed" + exit 1 +fi + +if [ $WARN -gt 0 ] +then + echo "$WARN Warnings found." + exit 2 +fi diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision.sh index cdc54a0d8..5ac2141a1 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision.sh @@ -16,7 +16,34 @@ # . ./responsefile/idm.rsp -./prereqchecks.sh + +if [ ! "$1" = "-ignorePrereqs" ] +then + ./prereqchecks.sh +fi + + +if [ $? -gt 0 ] +then + echo "Pre-req checks Failed - Resolve issues before continuing or restart with -ignorePrereqs" + exit 1 +fi + +echo "" +if [ "$INSTALL_ELK" = "true" ] +then + if [ -f $LOCAL_WORKDIR/elk_installed ] + then + echo "Elastic Search Already Installed." + else + ./provision_elk.sh + if [ $? -gt 0 ] || [ ! -f $LOCAL_WORKDIR/elk_installed ] + then + echo "Provisioning Elastic Search Failed" + exit 1 + fi + fi +fi echo "" if [ "$INSTALL_INGRESS" = "true" ] diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_elk.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_elk.sh new file mode 100755 index 000000000..93b5f1568 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_elk.sh @@ -0,0 +1,134 @@ +#!/bin/bash +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example of deploying the Oracle WebLogic Operator +# +# Dependencies: ./common/functions.sh +# ./responsefile/idm.rsp +# +# Usage: provision_elk.sh +# +. common/functions.sh +. $RSPFILE +TEMPLATE_DIR=$SCRIPTDIR/templates/elk + + +WORKDIR=$LOCAL_WORKDIR/ELK +LOGDIR=$WORKDIR/logs + + +if [ "$INSTALL_ELK" != "true" ] +then + echo "You have not requested Elastic Search/Kibana installation" + exit 1 +fi + +echo +echo -n "Provisioning Elastic Search on " +date +"%a %d %b %Y %T" +echo "--------------------------------------------------------" +echo + +START_TIME=`date +%s` +create_local_workdir +create_logdir + +echo -n "Provisioning Elastic Search on " >> $LOGDIR/timings.log +date >> $LOGDIR/timings.log +echo "-------------------------------------------------------" >> $LOGDIR/timings.log + +PROGRESS=$(get_progress) + + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + create_namespace $ELKNS + update_progress +fi + +# Create a Container Registry Secret if requested +# +new_step +if [ $STEPNO -gt $PROGRESS ] && [ "$CREATE_REGSECRET" = "true" ] +then + create_registry_secret "https://index.docker.io/v1/" $DH_USER $DH_PWD $ELKNS dockercred + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + install_elk_operator + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + deploy_elk + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + check_running $ELKNS elasticsearch-es-default-0 30 + check_running $ELKNS elasticsearch-es-default-1 10 + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + deploy_kibana + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + check_running $ELKNS kibana 10 + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + create_elk_nodeport + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + update_elk_password + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + get_elk_cert + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + create_elk_role + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + create_elk_user + update_progress +fi + +touch $LOCAL_WORKDIR/elk_installed +exit + +# diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oaa.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oaa.sh index cece6e0b9..553bb957b 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oaa.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oaa.sh @@ -121,6 +121,13 @@ then update_progress fi +new_step +if [ $STEPNO -gt $PROGRESS ] && [ "$CREATE_REGSECRET" = "true" ] +then + create_registry_secret "https://index.docker.io/v1/" $DH_USER $DH_PWD $OAANS dockercred + update_progress +fi + # Create a Management Container # new_step @@ -253,6 +260,15 @@ then fi fi +# Deploy Coherence +# +new_step +if [ $STEPNO -gt $PROGRESS ] +then + deploy_coherence + update_progress +fi + # Deploy OAA # new_step diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oam.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oam.sh index 3d8b05ec7..1d1703ade 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oam.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oam.sh @@ -102,6 +102,20 @@ then update_progress fi +new_step +if [ $STEPNO -gt $PROGRESS ] && [ "$CREATE_REGSECRET" = "true" ] +then + create_registry_secret "https://index.docker.io/v1/" $DH_USER $DH_PWD $OAMNS dockercred + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + check_ldap_user $LDAP_OAMLDAP_USER + update_progress +fi + new_step if [ $STEPNO -gt $PROGRESS ] then @@ -376,6 +390,31 @@ then fi fi +if [ "$USE_ELK" = "true" ] +then + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_cert_cm $OAMNS + update_progress + fi + + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_logstash_cm + update_progress + fi + + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_logstash $OAMNS + update_progress + fi + +fi + FINISH_TIME=`date +%s` print_time TOTAL "Create OAM" $START_TIME $FINISH_TIME >> $LOGDIR/timings.log diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oig.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oig.sh index c8be8f4a7..69885e413 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oig.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oig.sh @@ -100,6 +100,20 @@ then update_progress fi +new_step +if [ $STEPNO -gt $PROGRESS ] && [ "$CREATE_REGSECRET" = "true" ] +then + create_registry_secret "https://index.docker.io/v1/" $DH_USER $DH_PWD $OIGNS dockercred + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then + check_ldap_user $LDAP_OIGLDAP_USER + update_progress +fi + new_step if [ $STEPNO -gt $PROGRESS ] then @@ -418,6 +432,16 @@ then run_recon_jobs update_progress fi + + # Assign WSM Roles + # + new_step + if [ $STEPNO -gt $PROGRESS ] + then + assign_wsmroles + update_progress + fi + fi # Update SOA URLS @@ -429,14 +453,6 @@ then update_progress fi -# Assign WSM Roles -# -new_step -if [ $STEPNO -gt $PROGRESS ] -then - assign_wsmroles - update_progress -fi if [ "$OIG_ENABLE_T3" = "true" ] || [ "$OIG_ENABLE_T3" = "TRUE" ] then @@ -536,6 +552,30 @@ then update_progress fi +if [ "$USE_ELK" = "true" ] +then + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_cert_cm $OIGNS + update_progress + fi + + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_logstash_cm + update_progress + fi + + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_logstash $OIGNS + update_progress + fi + +fi FINISH_TIME=`date +%s` print_time TOTAL "Create OIG" $START_TIME $FINISH_TIME >> $LOGDIR/timings.log cat $LOGDIR/timings.log diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oiri.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oiri.sh index cd11e580b..029f9787d 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oiri.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oiri.sh @@ -88,6 +88,19 @@ then update_progress fi +new_step +if [ $STEPNO -gt $PROGRESS ] && [ "$CREATE_REGSECRET" = "true" ] +then + create_registry_secret "https://index.docker.io/v1/" $DH_USER $DH_PWD $OIRINS dockercred + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] && [ "$CREATE_REGSECRET" = "true" ] +then + create_registry_secret "https://index.docker.io/v1/" $DH_USER $DH_PWD $DINGNS dockercred + update_progress +fi # Create a local container for oiri-cli # new_step @@ -212,6 +225,12 @@ new_step if [ $STEPNO -gt $PROGRESS ] then deploy_oiri + update_progress +fi + +new_step +if [ $STEPNO -gt $PROGRESS ] +then check_running $OIRINS oiri-ui check_running $DINGNS spark-history-server update_progress @@ -228,6 +247,17 @@ then update_progress fi fi +# Create NodePort Services +# +if [ "$USE_INGRESS" = "false" ] +then + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_oiri_nodeport + update_progress + fi +fi # Create a container for using ding-cli @@ -306,6 +336,7 @@ then fi fi + FINISH_TIME=`date +%s` print_time TOTAL "Create OIRI" $START_TIME $FINISH_TIME >> $LOGDIR/timings.log diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_operator.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_operator.sh index ee807c96a..8dbb9f54e 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_operator.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_operator.sh @@ -13,8 +13,8 @@ . $RSPFILE -WORKDIR=$LOCAL_WORKDIR -LOGDIR=$WORKDIR/OPER/logs +WORKDIR=$LOCAL_WORKDIR/OPER +LOGDIR=$WORKDIR/logs OPER_DIR=OracleAccessManagement if [ "$INSTALL_OAM" != "true" ] && [ "$INSTALL_OAM" != "TRUE" ] && [ "$INSTALL_OIG" != "true" ] && [ "$INSTALL_OIG" != "TRUE" ] @@ -46,11 +46,11 @@ echo "----------------------------------------------------" >> $LOGDIR/timings.l STEPNO=1 PROGRESS=$(get_progress) - new_step if [ $STEPNO -gt $PROGRESS ] then - download_samples $LOCAL_WORKDIR + download_samples + update_progress fi @@ -77,6 +77,7 @@ fi # Create a Container Registry Secret if requested # +new_step if [ $STEPNO -gt $PROGRESS ] then if [ "$CREATE_REGSECRET" = "true" ] @@ -104,8 +105,7 @@ fi new_step if [ $STEPNO -gt $PROGRESS ] then - print_msg "Check Operator is Running\n" - check_running $OPERNS weblogic-operator + check_running $OPERNS weblogic-operator 10 update_progress fi diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oud.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oud.sh index 3ce85d21b..98618f8b2 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oud.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oud.sh @@ -16,7 +16,7 @@ . common/functions.sh . common/oud_functions.sh -TEMPLATES_DIR=$SCRIPTDIR/templates/oud +TEMPLATE_DIR=$SCRIPTDIR/templates/oud START_TIME=`date +%s` WORKDIR=$LOCAL_WORKDIR/OUD @@ -155,6 +155,31 @@ then fi fi + +if [ "$USE_ELK" = "true" ] +then + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_cert_cm $OUDNS + update_progress + fi + + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_oud_logstash_cm + update_progress + fi + + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_logstash $OUDNS + update_progress + fi + +fi FINISH_TIME=`date +%s` print_time TOTAL "Create OUD" $START_TIME $FINISH_TIME >> $LOGDIR/timings.log diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oudsm.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oudsm.sh index e2a12760f..d041b7a5e 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oudsm.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oudsm.sh @@ -95,13 +95,16 @@ fi # Create NodePort for OUDSM # new_step -if [ $STEPNO -gt $PROGRESS ] && [ "$USE_INGRESS" = "false" ] +if [ $STEPNO -gt $PROGRESS ] then - create_oudsm_nodeport - update_progress -else - update_progress - create_oudsm_ingress + if [ "$USE_INGRESS" = "false" ] + then + create_oudsm_nodeport + update_progress + else + create_oudsm_ingress + update_progress + fi fi # Create OUDSM OHS Entries @@ -113,6 +116,23 @@ then update_progress fi +if [ "$USE_ELK" = "true" ] +then + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_oudsm_logstash_cm + update_progress + fi + + new_step + if [ $STEPNO -gt $PROGRESS ] + then + create_logstash $OUDNS + update_progress + fi + +fi FINISH_TIME=`date +%s` print_time TOTAL "Create OUDSM" $START_TIME $FINISH_TIME >> $LOGDIR/timings.log touch $LOCAL_WORKDIR/oudsm_installed diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/responsefile/.idmpwds b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/responsefile/.idmpwds new file mode 100644 index 000000000..63df9544f --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/responsefile/.idmpwds @@ -0,0 +1,65 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example of a file containing setup passwords for IDM +# + +# Registry Passwords +# +REG_PWD=registrypwd +GIT_TOKEN=gittoken +DH_USER=myuser +DH_PWD=dockerpwd + +# log/Monitor Passwords +# +REG_PWD=elkpwd +ELK_USER_PWD="Mypassword1" + +# LDAP Passwords +# +LDAP_USER_PWD="Mypassword1" +LDAP_ADMIN_PWD="mypassword1" + +# OUDSM Passwords +# +OUDSM_PWD="Mypassword1" + +# OAM Passwords +# +OAM_DB_SYS_PWD=My_Sys_pwd_000 +OAM_SCHEMA_PWD="My_Schema_pwd_000#" +OAM_WEBLOGIC_PWD="Mypassword1" +OAM_OAMADMIN_PWD=$LDAP_USER_PWD + +# OIG Passwords +# +OIG_DB_SYS_PWD="My_Sys_pwd_000" +OIG_SCHEMA_PWD="My_Schema_pwd_000#" +OIG_WEBLOGIC_PWD="Mypassword1" +OIG_BI_USER_PWD="Mypassword1#" +OIG_EMAIL_PWD="password#" + +# OIRI Passwords +# +OIRI_DB_SYS_PWD="My_Sys_pwd_000" +OIRI_SCHEMA_PWD="My_Schema_pwd_000" +OIRI_KEYSTORE_PWD="Keyst0re_pwd00#" +OIRI_ENG_PWD="Mypassword1" +OIRI_SERVICE_PWD="Mypassword1" + +# OAA Passwords +# +OAA_DB_SYS_PWD="My_Sys_pwd_000" +OAA_SCHEMA_PWD="My_Schema_pwd_000#" +OAA_USER_PWD=$LDAP_USER_PWD + +OAA_ADMIN_PWD=$LDAP_USER_PWD +OAA_KEYSTORE_PWD=$OAA_ADMIN_PWD +OAA_OAUTH_PWD=$OAA_ADMIN_PWD +OAA_API_PWD=$OAA_ADMIN_PWD +OAA_POLICY_PWD=$OAA_ADMIN_PWD +OAA_FACT_PWD=$OAA_ADMIN_PWD +OAA_VAULT_PWD=$OAA_ADMIN_PWD +OAA_EMAIL_PWD=$OIG_WEBLOGIC_PWD +OAA_SMS_PWD=$OIG_WEBLOGIC_PWD diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/responsefile/idm.rsp b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/responsefile/idm.rsp index 896a91b80..54f0ed03b 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/responsefile/idm.rsp +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/responsefile/idm.rsp @@ -1,5 +1,5 @@ -# Copyright (c) 2021, 2022, Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example of a responsefile for IDM Provisioning on Kubernetes # @@ -19,12 +19,14 @@ INSTALL_OAM=true INSTALL_OIG=true INSTALL_OIRI=true INSTALL_OAA=true +INSTALL_ELK=false # Control Parameters # USE_REGISTRY=true USE_INGRESS=true +USE_ELK=false IMAGE_TYPE=crio @@ -61,20 +63,18 @@ SSL_STATE=California # REGISTRY=iad.ocir.io/mytenancy/idm REG_USER=mytenancy/oracleidentitycloudservice/myname@example.com -REG_PWD=registrypwd CREATE_REGSECRET=true # GitHub # GIT_USER=gituser -GIT_TOKEN=gittoken +#GIT_TOKEN=gittoken CREATE_GITSECRET=true # DockerHub # DH_USER=myuser -DH_PWD=dockerpwd ############################################################################################ # IMAGE Parameters # @@ -95,7 +95,7 @@ OAA_MGT_IMAGE=$REGISTRY/oaa-mgmt # Image Versions # -OUD_VER=latest +OUD_VER=statefulset2 OUDSM_VER=12.2.1.4-jdk8-ol7-220119.2054 OAM_VER=latest OIG_VER=latest @@ -106,9 +106,21 @@ OIRIDING_VER=12.2.1.4.220429 OAAMGT_VER=12.2.1.4.1_20220419 OAA_VER=12.2.1.4.1_20220419 -OPER_VER=3.3.0 +OPER_VER=3.4.1 +############################################################################################ +# Elastic Search (ELK) / Kabana Parameters # +############################################################################################ +# Leave blank if you are not using a centralised ELK deployment + +ELKNS=elkns +ELK_HOST=https://elasticsearch-es-http.$ELKNS.svc:9200 +ELK_VER=8.3.1 +ELK_SHARE=/exports/IAMPVS/elk_data +ELK_STORAGE=nfs-client +ELK_KIBANA_K8=31800 +ELK_K8=31920 ############################################################################################ # INGRESS Parameters # @@ -140,10 +152,11 @@ PV_MOUNT=/u01/oracle/user_projects # GENERIC LDAP Parameters # ############################################################################################ # +LDAP_ADMIN_USER=cn=oudadmin LDAP_SEARCHBASE=dc=example,dc=com -LDAP_GROUP_SEARCHBASE=cn=Groups,dc=example,dc=com -LDAP_USER_SEARCHBASE=cn=Users,dc=example,dc=com -LDAP_RESERVE_SEARCHBASE=cn=Reserve,dc=example,dc=com +LDAP_GROUP_SEARCHBASE=cn=Groups,$LDAP_SEARCHBASE +LDAP_USER_SEARCHBASE=cn=Users,$LDAP_SEARCHBASE +LDAP_RESERVE_SEARCHBASE=cn=Reserve,$LDAP_SEARCHBASE LDAP_SYSTEMIDS=systemids LDAP_OAMADMIN_USER=oamadmin LDAP_OIGADMIN_GRP=OIMAdministrators @@ -153,25 +166,22 @@ LDAP_OAMLDAP_USER=oamLDAP LDAP_OIGLDAP_USER=oimLDAP LDAP_WLSADMIN_USER=weblogic_iam LDAP_XELSYSADM_USER=xelsysadm -LDAP_USER_PWD=Mypassword1 ############################################################################################ # OUD Parameters # ############################################################################################ # OUDNS=oudns -OUD_SHARE=/exports/IAMPVS/oudpv -OUD_CONFIG_SHARE=/exports/IAMPVS/oudconfigpv -OUD_LOCAL_SHARE=/nfs_volumes/oudconfigpv -OUD_LOCAL_PVSHARE=/nfs_volumes/oudpv -LDAP_ADMIN_USER=cn=oudadmin -LDAP_ADMIN_PWD=mypassword1 +OUD_SHARE=$IAM_PVS/oudpv +OUD_CONFIG_SHARE=$IAM_PVS/oudconfigpv +OUD_LOCAL_CONFIG_SHARE=/nfs_volumes/oudconfigpv +OUD_LOCAL_SHARE=/nfs_volumes/oudpv OUD_POD_PREFIX=edg OUD_CREATE_NODEPORT=true OUD_PWD_EXPIRY=2024-01-02 OUD_REGION=example -OUD_REPLICAS=1 +OUD_REPLICAS=2 OUD_HTTP_K8=30080 OUD_HTTPS_K8=30443 @@ -184,8 +194,7 @@ OUD_LDAPS_K8=31636 ############################################################################################ # OUDSM_USER=weblogic -OUDSM_PWD=Mypassword1 -OUDSM_SHARE=/exports/IAMPVS/oudsmpv +OUDSM_SHARE=$IAM_PVS/oudsmpv OUDSM_LOCAL_SHARE=/nfs_volumes/oudsmpv OUDSM_INGRESS_HOST=oudsm.example.com @@ -204,7 +213,7 @@ OPER_ACT=operadmin ############################################################################################ # OAMNS=oamns -OAM_SHARE=/exports/IAMPVS/oampv +OAM_SHARE=$IAM_PVS/oampv OAM_LOCAL_SHARE=/nfs_volumes/oampv OAM_SERVER_COUNT=5 OAM_SERVER_INITIAL=2 @@ -212,10 +221,7 @@ OAM_DB_SCAN=db-scan.example.com OAM_DB_LISTENER=1521 OAM_DB_SERVICE=edgiad.example.com OAM_RCU_PREFIX=IAD -OAM_DB_SYS_PWD=My_Sys_pwd_000 -OAM_SCHEMA_PWD=My_Schema_pwd_000 OAM_WEBLOGIC_USER=weblogic -OAM_WEBLOGIC_PWD=Mypassword1 OAM_DOMAIN_NAME=accessdomain OAM_LOGIN_LBR_HOST=login.example.com OAM_LOGIN_LBR_PORT=443 @@ -228,7 +234,6 @@ OAM_OAP_HOST=worker1 OAM_OIG_INTEG=true OAM_OAMADMIN_USER=$LDAP_OAMADMIN_USER -OAM_OAMADMIN_PWD=$LDAP_USER_PWD OAMSERVER_JAVA_PARAMS="-Xms2048m -Xmx8192m " @@ -247,7 +252,7 @@ OAM_OAP_SERVICE_PORT=30540 # OIGNS=oigns CONNECTOR_DIR=/home/opc/scripts/connectors -OIG_SHARE=/exports/IAMPVS/oigpv +OIG_SHARE=$IAM_PVS/oigpv OIG_LOCAL_SHARE=/nfs_volumes/oigpv OIG_SERVER_COUNT=5 OIG_SERVER_INITIAL=2 @@ -256,10 +261,7 @@ OIG_DB_SCAN=db-scan.example.com OIG_DB_LISTENER=1521 OIG_DB_SERVICE=edgigd.example.com OIG_RCU_PREFIX=IGD -OIG_DB_SYS_PWD=My_Sys_pwd_000 -OIG_SCHEMA_PWD=My_Schema_pwd_000 OIG_WEBLOGIC_USER=weblogic -OIG_WEBLOGIC_PWD=Mypassword1 OIG_ADMIN_LBR_HOST=igdadmin.example.com OIG_ADMIN_LBR_PORT=80 OIG_LBR_HOST=prov.example.com @@ -274,13 +276,11 @@ OIG_BI_HOST=bi.example.com OIG_BI_PORT=443 OIG_BI_PROTOCOL=https OIG_BI_USER=idm_report -OIG_BI_USER_PWD=Mypassword1 OIG_EMAIL_CREATE=true OIG_EMAIL_SERVER=smtp.example.com OIG_EMAIL_PORT=25 OIG_EMAIL_SECURITY=None OIG_EMAIL_ADDRESS=myname@example.com -OIG_EMAIL_PWD=password OIG_EMAIL_FROM_ADDRESS=fromaddress@example.com OIG_EMAIL_REPLY_ADDRESS=noreplies@example.com @@ -319,13 +319,13 @@ DINGNS=dingns # NFS Parameters # -OIRI_SHARE=/exports/IAMPVS/oiripv +OIRI_SHARE=$IAM_PVS/oiripv OIRI_LOCAL_SHARE=/nfs_volumes/oiripv OIRI_SHARE_SIZE=10Gi -OIRI_DING_SHARE=/exports/IAMPVS/dingpv +OIRI_DING_SHARE=$IAM_PVS/dingpv OIRI_DING_LOCAL_SHARE=/nfs_volumes/dingpv OIRI_DING_SHARE_SIZE=10Gi -OIRI_WORK_SHARE=/exports/IAMPVS/workpv +OIRI_WORK_SHARE=$IAM_PVS/workpv # DB Parameters # @@ -333,8 +333,6 @@ OIRI_DB_SCAN=db-scan.example.com OIRI_DB_LISTENER=1521 OIRI_DB_SERVICE=edgoiri.example.com OIRI_RCU_PREFIX=ORI -OIRI_DB_SYS_PWD=My_Sys_pwd_000 -OIRI_SCHEMA_PWD=My_Schema_pwd_000 # Ingress Parameters # @@ -343,12 +341,9 @@ OIRI_INGRESS_HOST=$OIG_ADMIN_LBR_HOST # User Parameters # -OIRI_KEYSTORE_PWD=Keyst0re_pwd00 OIRI_ENG_GROUP=OrclOIRIRoleEngineer OIRI_ENG_USER=oiri -OIRI_ENG_PWD=Mypassword1 OIRI_SERVICE_USER=oirisvc -OIRI_SERVICE_PWD=Mypassword1 # OIG Parameters # @@ -377,10 +372,10 @@ OAA_DOMAIN=OAADomain # NFS Parameters # -OAA_CONFIG_SHARE=/exports/IAMPVS/oaaconfigpv -OAA_CRED_SHARE=/exports/IAMPVS/oaacredpv -OAA_LOG_SHARE=/exports/IAMPVS/oaalogpv -OAA_VAULT_SHARE=/exports/IAMPVS/oaavaultpv +OAA_CONFIG_SHARE=$IAM_PVS/oaaconfigpv +OAA_CRED_SHARE=$IAM_PVS/oaacredpv +OAA_LOG_SHARE=$IAM_PVS/oaalogpv +OAA_VAULT_SHARE=$IAM_PVS/oaavaultpv OAA_LOCAL_CONFIG_SHARE=/nfs_volumes/oaaconfigpv OAA_LOCAL_CRED_SHARE=/nfs_volumes/oaacredpv OAA_LOCAL_LOG_SHARE=/nfs_volumes/oaalogpv @@ -396,8 +391,6 @@ OAA_DB_SCAN=db-scan.example.com OAA_DB_LISTENER=1521 OAA_DB_SERVICE=edgoaa.example.com OAA_RCU_PREFIX=OAA -OAA_DB_SYS_PWD=My_Sys_pwd_000 -OAA_SCHEMA_PWD=My_Schema_pwd_000 OAA_DB_HOST=dbhost1.example.com OAA_DB_USER=oracle OAA_DB_HOME=/u01/app/oracle/product/19.0.0.0/dbhome_1 @@ -408,20 +401,10 @@ OAA_DB_SID=iamdb1 OAA_ADMIN_GROUP=OAA-Admin-Role OAA_USER_GROUP=OAA-App-User OAA_ADMIN_USER=oaaadmin -OAA_USER_PWD=$LDAP_USER_PWD -# Passwords -# -OAA_ADMIN_PWD=$LDAP_USER_PWD -OAA_KEYSTORE_PWD=$OAA_ADMIN_PWD -OAA_OAUTH_PWD=$OAA_ADMIN_PWD -OAA_API_PWD=$OAA_ADMIN_PWD -OAA_POLICY_PWD=$OAA_ADMIN_PWD -OAA_FACT_PWD=$OAA_ADMIN_PWD # File Vault # -OAA_VAULT_PWD=$OAA_ADMIN_PWD # OCI Vault # @@ -450,13 +433,11 @@ OAA_USER_POSTCODE=oaauser # OAA_EMAIL_SERVER=http://$OIG_DOMAIN_NAME-cluster-soa-cluster.$OIGNS.svc.cluster.local:8001/ucs/messaging/webservice OAA_EMAIL_USER=$OIG_WEBLOGIC_USER -OAA_EMAIL_PWD=$OIG_WEBLOGIC_PWD # SMS Server # OAA_SMS_SERVER=$OAA_EMAIL_SERVER OAA_SMS_USER=$OIG_WEBLOGIC_USER -OAA_SMS_PWD=$OIG_WEBLOGIC_PWD # Number of Container Instances # diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/start_here.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/start_here.sh index 89c91e343..4b810f0cf 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/start_here.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/start_here.sh @@ -11,16 +11,15 @@ # Usage: start_here.sh # RSPFILE=responsefile/idm.rsp +PWDFILE=responsefile/.idmpwds . $RSPFILE +. $PWDFILE + . common/functions.sh echo "Checking Pre-requisites" echo "-----------------------" -echo " " -echo " NOTE: PASSWORDS CONTAINING RESERVED CHARACTERS MUST BE ESCAPED" -echo " " - echo -n "Have you downloaded and staged the container images (y/n) :" read ANS if ! check_yes $ANS @@ -110,7 +109,7 @@ then exit else echo - replace_value REG_PWD $ANS $RSPFILE + replace_password REG_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -501,7 +500,7 @@ then exit else echo - replace_value DH_PWD $ANS $RSPFILE + replace_password DH_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -522,12 +521,12 @@ then replace_value OUD_SHARE $ANS $RSPFILE fi - echo -n "Enter OUD PV local Mount Point [$OUD_LOCAL_PVSHARE]:" + echo -n "Enter OUD PV local Mount Point [$OUD_LOCAL_SHARE]:" read ANS if [ ! "$ANS" = "" ] then - replace_value OUD_LOCAL_PVSHARE $ANS $RSPFILE + replace_value OUD_LOCAL_SHARE $ANS $RSPFILE fi echo -n "Enter OUD Config PV Local Mount Point [$OUD_CONFIG_SHARE]:" @@ -538,12 +537,12 @@ then replace_value OUD_CONFIG_SHARE $ANS $RSPFILE fi - echo -n "Enter OUD Config Share Local Mount Point [$OUD_LOCAL_SHARE]:" + echo -n "Enter OUD Config Share Local Mount Point [$OUD_LOCAL_CONFIG_SHARE]:" read ANS if [ ! "$ANS" = "" ] then - replace_value OUD_LOCAL_SHARE $ANS $RSPFILE + replace_value OUD_LOCAL_CONFIG_SHARE $ANS $RSPFILE fi if [ "$GET_NS" = "true" ] @@ -582,7 +581,7 @@ then exit else echo - replace_value LDAP_ADMIN_PWD $ANS $RSPFILE + replace_password LDAP_ADMIN_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -703,7 +702,12 @@ then exit else echo - replace_value LDAP_USER_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password LDAP_USER_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -810,7 +814,12 @@ then exit else echo - replace_value OUDSM_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OUDSM_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -990,7 +999,7 @@ then exit else echo - replace_value OAM_DB_SYS_PWD $ANS $RSPFILE + replace_password OAM_DB_SYS_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -1018,7 +1027,12 @@ then exit else echo - replace_value OAM_SCHEMA_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OAM_SCHEMA_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -1096,7 +1110,12 @@ then exit else echo - replace_value OAM_WEBLOGIC_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OAM_WEBLOGIC_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -1215,7 +1234,12 @@ then exit else echo - replace_value OIG_DB_SYS_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OIG_DB_SYS_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -1243,7 +1267,12 @@ then exit else echo - replace_value OIG_SCHEMA_PWD $ANS $RSPFILE + if check_password "UNS" $ANS + then + replace_password OIG_SCHEMA_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -1378,7 +1407,12 @@ then exit else echo - replace_value OIG_WEBLOGIC_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OIG_WEBLOGIC_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -1442,7 +1476,7 @@ then exit else echo - replace_value OIG_BI_USER_PWD $ANS $RSPFILE + replace_password OIG_BI_USER_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -1647,7 +1681,12 @@ then exit else echo - replace_value OIRI_DB_SYS_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OIRI_DB_SYS_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -1675,7 +1714,12 @@ then exit else echo - replace_value OIRI_SCHEMA_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OIRI_SCHEMA_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -1695,7 +1739,7 @@ then exit else echo - replace_value OIRI_KEYSTORE_PWD $ANS $RSPFILE + replace_password OIRI_KEYSTORE_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -1726,7 +1770,7 @@ then exit else echo - replace_value OIRI_SERVICE_PWD $ANS $RSPFILE + replace_password OIRI_SERVICE_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -1757,7 +1801,7 @@ then exit else echo - replace_value OIRI_ENG_PWD $ANS $RSPFILE + replace_password OIRI_ENG_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -1981,7 +2025,7 @@ then exit else echo - replace_value OAA_VAULT_PWD $ANS $RSPFILE + replace_password OAA_VAULT_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -2086,7 +2130,12 @@ then exit else echo - replace_value OAA_DB_SYS_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OAA_DB_SYS_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -2114,7 +2163,12 @@ then exit else echo - replace_value OAA_SCHEMA_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OAA_SCHEMA_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -2134,7 +2188,7 @@ then exit else echo - replace_value OAA_KEYSTORE_PWD $ANS $RSPFILE + replace_password OAA_KEYSTORE_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" @@ -2165,7 +2219,37 @@ then exit else echo - replace_value OAA_ADMIN_PWD $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OAA_ADMIN_PWD $ANS $PWDFILE + else + echo "Password not set" + fi + fi + else + echo "Leaving value as previously defined" + fi + + echo -n "Enter Password for OAM_OAUTH account: " + read -s ANS + + if [ ! "$ANS" = "" ] + then + echo + echo -n "Confirm Password :" + read -s ACHECK + if [ ! "$ANS" = "$ACHECK" ] + then + echo "Passwords do not match!" + exit + else + echo + if check_password "NS" $ANS + then + replace_password OAA_OAUTH_PWD $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -2209,7 +2293,12 @@ then exit else echo - replace_value OAA_USER $ANS $RSPFILE + if check_password "UN" $ANS + then + replace_password OAA_USER $ANS $PWDFILE + else + echo "Password not set" + fi fi else echo "Leaving value as previously defined" @@ -2264,8 +2353,8 @@ then exit else echo - replace_value OAA_EMAIL_PWD $ANS $RSPFILE - replace_value OAA_SMS_PWD $ANS $RSPFILE + replace_password OAA_EMAIL_PWD $ANS $PWDFILE + replace_password OAA_SMS_PWD $ANS $PWDFILE fi else echo "Leaving value as previously defined" diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/elk_cluster.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/elk_cluster.yaml new file mode 100644 index 000000000..8a21e933f --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/elk_cluster.yaml @@ -0,0 +1,27 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example file to create an elastic search cluster +# +apiVersion: elasticsearch.k8s.elastic.co/v1 +kind: Elasticsearch +metadata: + name: elasticsearch + namespace: +spec: + version: + nodeSets: + - name: default + count: 2 + config: + node.store.allow_mmap: false + volumeClaimTemplates: + - metadata: + name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path. + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/elk_nodeport.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/elk_nodeport.yaml new file mode 100644 index 000000000..1b366aa07 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/elk_nodeport.yaml @@ -0,0 +1,20 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# Example of creating an NodePort service for elastic search +# +kind: Service +apiVersion: v1 +metadata: + name: elk-nodeport + namespace: +spec: + type: NodePort + selector: + common.k8s.elastic.co/type: elasticsearch + elasticsearch.k8s.elastic.co/cluster-name: elasticsearch + ports: + - targetPort: 9200 + port: 9200 + nodePort: + protocol: TCP diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/kibana.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/kibana.yaml new file mode 100644 index 000000000..b402c5b67 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/kibana.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# Example of creating a Kibana deployment +# +apiVersion: kibana.k8s.elastic.co/v1 +kind: Kibana +metadata: + name: kibana + namespace: +spec: + version: + count: 1 + elasticsearchRef: + name: elasticsearch diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/kibana_nodeport.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/kibana_nodeport.yaml new file mode 100644 index 000000000..83888618f --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/elk/kibana_nodeport.yaml @@ -0,0 +1,20 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# Example of creating a node port service for Kibana +# +kind: Service +apiVersion: v1 +metadata: + name: kibana-nodeport + namespace: +spec: + type: NodePort + selector: + common.k8s.elastic.co/type: kibana + kibana.k8s.elastic.co/name: kibana + ports: + - targetPort: 5601 + port: 5601 + nodePort: + protocol: TCP diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oaa/ohs_login.conf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oaa/ohs_login.conf index 4aa49a421..ec1550931 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oaa/ohs_login.conf +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oaa/ohs_login.conf @@ -111,7 +111,7 @@ WebLogicCluster :,: - + WLSRequest ON WLProxySSL ON WLProxySSLPassThrough ON diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/logstash.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/logstash.yaml new file mode 100644 index 000000000..0e7766c79 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/logstash.yaml @@ -0,0 +1,59 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example of a file to deploy logstash +# +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oam-logstash + namespace: +spec: + selector: + matchLabels: + k8s-app: logstash + template: # create pods using pod definition in this template + metadata: + labels: + k8s-app: logstash + spec: + imagePullSecrets: + - name: dockercred + containers: + - command: + - logstash + image: logstash: + imagePullPolicy: IfNotPresent + name: oam-logstash + ports: + - containerPort: 5044 + name: logstash + volumeMounts: + - mountPath: + name: weblogic-domain-storage-volume + - name: shared-logs + mountPath: /shared-logs + - mountPath: /usr/share/logstash/pipeline/ + name: oam-logstash-pipeline + - mountPath: /usr/share/logstash/config/certs + name: elk-cert + volumes: + - configMap: + defaultMode: 420 + items: + - key: logstash-config.conf + path: logstash-config.conf + name: oam-logstash-configmap + name: oam-logstash-pipeline + - configMap: + defaultMode: 420 + items: + - key: ca.crt + path: elk.crt + name: elk-cert + name: elk-cert + - name: weblogic-domain-storage-volume + persistentVolumeClaim: + claimName: -domain-pvc + - name: shared-logs + emptyDir: {} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/logstash_cm.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/logstash_cm.yaml new file mode 100644 index 000000000..a5bdba658 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/logstash_cm.yaml @@ -0,0 +1,72 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example of creating a config map for logstash. +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: oam-logstash-configmap + namespace: +data: + logstash-config.conf: | + input { + file { + path => "/u01/oracle/user_projects/domains/logs/accessdomain/AdminServer*.log" + tags => "Adminserver_log" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/logs/accessdomain/oam_policy_mgr*.log" + tags => "Policymanager_log" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/logs/accessdomain/oam_server*.log" + tags => "Oamserver_log" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/accessdomain/servers/AdminServer/logs/AdminServer-diagnostic.log" + tags => "Adminserver_diagnostic" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/accessdomain/servers/**/logs/oam_policy_mgr*-diagnostic.log" + tags => "Policy_diagnostic" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/accessdomain/servers/**/logs/oam_server*-diagnostic.log" + tags => "Oamserver_diagnostic" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/accessdomain/servers/**/logs/access*.log" + tags => "Access_logs" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/accessdomain/servers/AdminServer/logs/auditlogs/OAM/audit.log" + tags => "Audit_logs" + start_position => beginning + } + } + filter { + grok { + match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:servername}> <%{DATA:timer}> <<%{DATA:kernel}>> <> <%{DATA:uuid}> <%{NUMBER:timestamp}> <%{DATA:misc}> <%{DATA:log_number}> <%{DATA:log_message}>" ] + } + if "_grokparsefailure" in [tags] { + mutate { + remove_tag => [ "_grokparsefailure" ] + } + } + } + output { + elasticsearch { + hosts => [""] + cacert => '/usr/share/logstash/config/certs/elk.crt' + user => "logstash_internal" + password => "" + } + } diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/oam_ingress.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/oam_ingress.yaml index 11e9ee4ef..14755b0ee 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/oam_ingress.yaml +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/oam_ingress.yaml @@ -1,5 +1,8 @@ # Copyright (c) 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This file creates the ingress rules for OAM +# apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -158,7 +161,7 @@ spec: name: -cluster-oam-cluster port: number: 14100 - path: /oamservices/rest/auth + path: /oam/services/rest/auth pathType: Prefix - backend: service: diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/oam_oud_ingress.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/oam_oud_ingress.yaml index df7bf9c05..f1f5d5448 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/oam_oud_ingress.yaml +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/oam_oud_ingress.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# apiVersion: networking.k8s.io/v1 kind: Ingress metadata: diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/resource_list.txt b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/resource_list.txt index f55a7d40f..5011098d0 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/resource_list.txt +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oam/resource_list.txt @@ -17,9 +17,9 @@ /admin-ui/**:EXCLUDED:: /oaa-policy/**:EXCLUDED:: /policy/**:EXCLUDED:: -/fido/v1/**:EXCLUDED:: +/fido/**:EXCLUDED:: /oaa/**:EXCLUDED:: -/oaa-kba-factor/runtime/**:EXCLUDED:: +/oaa-kba/**:EXCLUDED:: /oaa-email-factor/**:EXCLUDED:: /oaa-sms-factor/**:EXCLUDED:: /oaa-totp-factor/**:EXCLUDED:: diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/design-console-ingress.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/design-console-ingress.yaml index 0526fcd72..f900d0143 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/design-console-ingress.yaml +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/design-console-ingress.yaml @@ -1,5 +1,8 @@ # Copyright (c) 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This file enables design console access in Ingress +# # Load balancer type. Supported values are: NGINX type: NGINX diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/get_passphrase.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/get_passphrase.sh index 0ed3ffeb0..db40c4312 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/get_passphrase.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/get_passphrase.sh @@ -1,10 +1,15 @@ #!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example script to add the Global Passphrase to OIGOAMIntegration.sh property files # PP=`/u01/oracle/oracle_common/common/bin/wlst.sh /u01/oracle/user_projects/workdir/get_passphrase.py | sed '1,13d;15,$d'` +if [ "$PP" = "" ] +then + echo "Failed to get Global Passphrase" + exit 1 +fi echo s/#SSO_KEYSTORE_JKS_PASSWORD:.*/SSO_KEYSTORE_JKS_PASSWORD: $PP/ >> /u01/oracle/user_projects/workdir/oamoig.sedfile echo s/#SSO_GLOBAL_PASSPHRASE:.*/SSO_GLOBAL_PASSPHRASE: $PP/ >> /u01/oracle/user_projects/workdir/oamoig.sedfile diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/igdadmin_vh.conf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/igdadmin_vh.conf index 60f9432ce..46e82abb8 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/igdadmin_vh.conf +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/igdadmin_vh.conf @@ -57,14 +57,6 @@ WebLogicCluster :,: -# xlWebApp - Legacy 9.x webapp (struts based) - - WLCookieName oimjsessionid - WLSRequest ON - DynamicServerList OFF - WebLogicCluster :,: - - # OIM self service console WLCookieName oimjsessionid @@ -80,14 +72,6 @@ WebLogicCluster :,: -# Nexaweb WebApp - used for workflow designer and DM - - WLCookieName oimjsessionid - WLSRequest ON - DynamicServerList OFF - WebLogicCluster :,: - - WLCookieName oimjsessionid WLSRequest ON diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/logstash.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/logstash.yaml new file mode 100644 index 000000000..282ac7514 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/logstash.yaml @@ -0,0 +1,59 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example file to deploy logstash +# +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oig-logstash + namespace: +spec: + selector: + matchLabels: + k8s-app: logstash + template: # create pods using pod definition in this template + metadata: + labels: + k8s-app: logstash + spec: + imagePullSecrets: + - name: dockercred + containers: + - command: + - logstash + image: logstash: + imagePullPolicy: IfNotPresent + name: oig-logstash + ports: + - containerPort: 5044 + name: logstash + volumeMounts: + - mountPath: + name: weblogic-domain-storage-volume + - name: shared-logs + mountPath: /shared-logs + - mountPath: /usr/share/logstash/pipeline/ + name: oig-logstash-pipeline + - mountPath: /usr/share/logstash/config/certs + name: elk-cert + volumes: + - configMap: + defaultMode: 420 + items: + - key: logstash-config.conf + path: logstash-config.conf + name: oig-logstash-configmap + name: oig-logstash-pipeline + - configMap: + defaultMode: 420 + items: + - key: ca.crt + path: elk.crt + name: elk-cert + name: elk-cert + - name: weblogic-domain-storage-volume + persistentVolumeClaim: + claimName: -domain-pvc + - name: shared-logs + emptyDir: {} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/logstash_cm.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/logstash_cm.yaml new file mode 100644 index 000000000..911b79090 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/logstash_cm.yaml @@ -0,0 +1,67 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example file to create a config map for logstash +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: oig-logstash-configmap + namespace: +data: + logstash-config.conf: | + input { + file { + path => "/u01/oracle/user_projects/domains/logs/governancedomain/AdminServer*.log" + tags => "Adminserver_log" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/logs/governancedomain/soa_server*.log" + tags => "soaserver_log" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/logs/governancedomain/oim_server*.log" + tags => "Oimserver_log" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/governancedomain/servers/AdminServer/logs/AdminServer-diagnostic.log" + tags => "Adminserver_diagnostic" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/governancedomain/servers/**/logs/soa_server*-diagnostic.log" + tags => "Soa_diagnostic" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/governancedomain/servers/**/logs/oim_server*-diagnostic.log" + tags => "Oimserver_diagnostic" + start_position => beginning + } + file { + path => "/u01/oracle/user_projects/domains/governancedomain/servers/**/logs/access*.log" + tags => "Access_logs" + start_position => beginning + } + } + filter { + grok { + match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:servername}> <%{DATA:timer}> <<%{DATA:kernel}>> <> <%{DATA:uuid}> <%{NUMBER:timestamp}> <%{DATA:misc}> <%{DATA:log_number}> <%{DATA:log_message}>" ] + } + if "_grokparsefailure" in [tags] { + mutate { + remove_tag => [ "_grokparsefailure" ] + } + } + } + output { + elasticsearch { + hosts => [""] + cacert => '/usr/share/logstash/config/certs/elk.crt' + user => "logstash_internal" + password => "" + } + } diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/oig_ingress.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/oig_ingress.yaml index ce6e4c2f9..4e8a25489 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/oig_ingress.yaml +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/oig_ingress.yaml @@ -1,5 +1,8 @@ # Copyright (c) 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example file to create ingress rules for OIG +# apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -38,7 +41,7 @@ spec: service: name: -adminserver port: - number: 14000 + number: path: /em pathType: Prefix - backend: @@ -83,13 +86,6 @@ spec: number: 14000 path: /identity pathType: Prefix - - backend: - service: - name: -cluster-oim-cluster - port: - number: 14000 - path: /xlWebApp - pathType: Prefix - backend: service: name: -cluster-oim-cluster @@ -145,13 +141,6 @@ spec: number: 14000 path: /identity pathType: Prefix - - backend: - service: - name: -cluster-oim-cluster - port: - number: 14000 - path: /xlWebApp - pathType: Prefix - backend: service: name: -cluster-oim-cluster diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/prov_vh.conf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/prov_vh.conf index f010e6e1b..3c73e3af2 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/prov_vh.conf +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oig/prov_vh.conf @@ -21,16 +21,6 @@ WLProxySSLPassThrough ON - # xlWebApp - Legacy 9.x webapp (struts based) - - WLSRequest ON - WLCookieName oimjsessionid - DynamicServerList OFF - WebLogicCluster :,: - WLProxySSL ON - WLProxySSLPassThrough ON - - WLSRequest ON WLCookieName oimjsessionid diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oiri/logstash.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oiri/logstash.yaml new file mode 100644 index 000000000..c8626dafd --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oiri/logstash.yaml @@ -0,0 +1,54 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oiri-logstash + namespace: +spec: + selector: + matchLabels: + k8s-app: logstash + template: # create pods using pod definition in this template + metadata: + labels: + k8s-app: logstash + spec: + imagePullSecrets: + - name: dockercred + containers: + - command: + - logstash + image: logstash: + imagePullPolicy: IfNotPresent + name: oiri-logstash + ports: + - containerPort: 5044 + name: logstash + volumeMounts: + - name: shared-logs + mountPath: /shared-logs + - mountPath: /usr/share/logstash/pipeline/ + name: oiri-logstash-pipeline + - name: oiripv + mountPath: /app/oiri + - name: dingpv + mountPath: /app + volumes: + - configMap: + defaultMode: 420 + items: + - key: logstash-config.conf + path: logstash-config.conf + name: oiri-logstash-configmap + name: oiri-logstash-pipeline + - name: oiripv + persistentVolumeClaim: + claimName: oiri-pvc + - name: dingpv + nfs: + server: + path: + - name: shared-logs + emptyDir: {} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oiri/logstash_cm.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oiri/logstash_cm.yaml new file mode 100644 index 000000000..6306b29bf --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oiri/logstash_cm.yaml @@ -0,0 +1,61 @@ +# +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: oiri-logstash-configmap + namespace: +data: + logstash-config.conf: | + input { + file { + path => "/app/oiri/data/logs/*.log" + type => "oiri-logs" + start_position => beginning + sincedb_path => "/dev/null" + } + file { + path => "/app/data/logs/*.log" + type => "ding-logs" + start_position => beginning + sincedb_path => "/dev/null" + } + file { + path => "/app/data/logs/*driver.log" + type => "driver-logs" + start_position => beginning + sincedb_path => "/dev/null" + } + } + filter { + if [type] == "oiri-logs" { + grok { + match => [ "<%{DATA:log_timestamp}> <%{WORD:class}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:hostserver}> %{GREEDYDATA:message}" ] + } + } + if [type] == "driver-logs" { + grok { + match => [ "<%{DATESTAMP:log_timestamp}> <%{WORD:level}> %{GREEDYDATA:message}" ] + } + } + if [type] == "ding-logs" { + grok { + match => [ "<%{DATA:log_timestamp}> <%{WORD:class}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:hostserver}> %{GREEDYDATA:message}" ] + } + } + if "_grokparsefailure" in [tags] { + mutate { + remove_tag => [ "_grokparsefailure" ] + } + } + } + output { + elasticsearch { + hosts => [""] + } + } diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/logstash.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/logstash.yaml new file mode 100644 index 000000000..3a6a3bedc --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/logstash.yaml @@ -0,0 +1,59 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example file to deploy logstash +# +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oud-logstash + namespace: +spec: + selector: + matchLabels: + k8s-app: logstash + template: # create pods using pod definition in this template + metadata: + labels: + k8s-app: logstash + spec: + imagePullSecrets: + - name: dockercred + containers: + - command: + - logstash + image: logstash: + imagePullPolicy: IfNotPresent + name: oud-logstash + ports: + - containerPort: 5044 + name: logstash + volumeMounts: + - mountPath: /u01/oracle/user_projects + name: oud-storage-volume + - name: shared-logs + mountPath: /shared-logs + - mountPath: /usr/share/logstash/pipeline/ + name: oud-logstash-pipeline + - mountPath: /usr/share/logstash/config/certs + name: elk-cert + volumes: + - configMap: + defaultMode: 420 + items: + - key: logstash-config.conf + path: logstash-config.conf + name: oud-logstash-configmap + name: oud-logstash-pipeline + - configMap: + defaultMode: 420 + items: + - key: ca.crt + path: elk.crt + name: elk-cert + name: elk-cert + - name: oud-storage-volume + persistentVolumeClaim: + claimName: -oud-ds-rs-pvc + - name: shared-logs + emptyDir: {} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/logstash_cm.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/logstash_cm.yaml new file mode 100644 index 000000000..58e5c3ff1 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/logstash_cm.yaml @@ -0,0 +1,53 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# +# This is and example file to create a config map for logstash +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: oud-logstash-configmap + namespace: +data: + logstash-config.conf: | + input { + file { + path => "/u01/oracle/user_projects/oud-ds-rs-*/logs/*.log" + type => "setup-logs" + start_position => beginning + sincedb_path => "/dev/null" + } + file { + path => "/u01/oracle/user_projects/oud-ds-rs-*/OUD/logs/*.log" + type => "access-logs" + start_position => beginning + sincedb_path => "/dev/null" + } + } + filter { + if [type] == "setup-logs" { + grok { + match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:servername}> <%{DATA:timer}> <<%{DATA:kernel}>> <> <%{DATA:uuid}> <%{NUMBER:timestamp}> <%{DATA:misc}> <%{DATA:log_number}> <%{DATA:log_message}>" ] + } + } + if [type] == "access-logs" { + grok { + match => [ "message", "\[%{TIMESTAMP_ISO8601:timestamp}\] \[%{DATA:component}\] \[%{LOGLEVEL:loglevel}\] \[%{DATA:misc}\] \[%{DATA:logtype}\] \[%{DATA:host}\] \[%{DATA:nwaddr}\] %{GREEDYDATA:message}" ] + } + } + if "_grokparsefailure" in [tags] { + mutate { + remove_tag => [ "_grokparsefailure" ] + } + } + } + output { + elasticsearch { + hosts => [""] + cacert => '/usr/share/logstash/config/certs/elk.crt' + user => "logstash_internal" + password => "" + } + } diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/override_oud.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/override_oud.yaml index 3063f5f54..ab55c247e 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/override_oud.yaml +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/override_oud.yaml @@ -50,24 +50,18 @@ ingress: type: nginx tlsEnabled: false +elk: + enabled: false + imagePullSecrets: + - name: dockercred + + + cronJob: kubectlImage: repository: bitnami/kubectl tag: pullPolicy: IfNotPresent - helmImage: - repository: alpine/helm - tag: - pullPolicy: IfNotPresent - - cronPersistence: - enabled: true - type: networkstorage - networkstorage: - nfs: - server: - path: - imagePullSecrets: - name: dockercred diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/logstash.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/logstash.yaml new file mode 100644 index 000000000..91877d89a --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/logstash.yaml @@ -0,0 +1,57 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oudsm-logstash + namespace: +spec: + selector: + matchLabels: + k8s-app: logstash + template: # create pods using pod definition in this template + metadata: + labels: + k8s-app: logstash + spec: + imagePullSecrets: + - name: dockercred + containers: + - command: + - logstash + image: logstash: + imagePullPolicy: IfNotPresent + name: oudsm-logstash + ports: + - containerPort: 5044 + name: logstash + volumeMounts: + - mountPath: /u01/oracle/user_projects + name: oudsm-storage-volume + - name: shared-logs + mountPath: /shared-logs + - mountPath: /usr/share/logstash/pipeline/ + name: oudsm-logstash-pipeline + - mountPath: /usr/share/logstash/config/certs + name: elk-cert + volumes: + - configMap: + defaultMode: 420 + items: + - key: logstash-config.conf + path: logstash-config.conf + name: oudsm-logstash-configmap + name: oudsm-logstash-pipeline + - configMap: + defaultMode: 420 + items: + - key: ca.crt + path: elk.crt + name: elk-cert + name: elk-cert + - name: oudsm-storage-volume + persistentVolumeClaim: + claimName: oudsm-pvc + - name: shared-logs + emptyDir: {} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/logstash_cm.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/logstash_cm.yaml new file mode 100644 index 000000000..c6c1d6de3 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/logstash_cm.yaml @@ -0,0 +1,43 @@ +# Source: oud-ds-rs/templates/elk_logstash-configMap.yaml +# +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: oudsm-logstash-configmap + namespace: +data: + logstash-config.conf: | + input { + file { + path => "/u01/oracle/user_projects/domains/oudsmdomain-1/servers/AdminServer/logs/*.log" + type => "setup-logs" + start_position => beginning + sincedb_path => "/dev/null" + } + } + filter { + if [type] == "setup-logs" { + grok { + match => [ "message", "<%{DATA:log_timestamp}> <%{WORD:log_level}> <%{WORD:thread}> <%{HOSTNAME:hostname}> <%{HOSTNAME:hostserver}> %{GREEDYDATA:message}" ] + } + } + if "_grokparsefailure" in [tags] { + mutate { + remove_tag => [ "_grokparsefailure" ] + } + } + } + output { + elasticsearch { + hosts => [""] + cacert => '/usr/share/logstash/config/certs/elk.crt' + user => "logstash_internal" + password => "" + } + } diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/override_oudsm.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/override_oudsm.yaml index da36a5f9e..22a981a67 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/override_oudsm.yaml +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oudsm/override_oudsm.yaml @@ -29,6 +29,17 @@ replicaCount: 1 elk: enabled: false + imagePullSecrets: + - name: dockercred + + +#elkVolume: + #enabled: true + #type: networkstorage + #networkstorage: + #nfs: + #server: + #path: ingress: enabled: false diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_all.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_all.sh index ab05830ff..f483b0e70 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_all.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_all.sh @@ -55,3 +55,8 @@ if [ "$INSTALL_INGRESS" = "true" ] || [ "$INSTALL_INGRESS" = "TRUE" ] then $MYDIR/delete_ingress.sh fi + +if [ "$INSTALL_ELK" = "true" ] || [ "$INSTALL_ELK" = "TRUE" ] +then + $MYDIR/delete_elk.sh +fi diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_elk.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_elk.sh new file mode 100755 index 000000000..6d5eccf7d --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_elk.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example of a script which will delete an OUD deployment +# +# Dependencies: ../common/functions.sh +# ../responsefile/idm.rsp +# +# Usage: delete_elk.sh +# +MYDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +. $MYDIR/../common/functions.sh +. $RSPFILE + +WORKDIR=$LOCAL_WORKDIR/ELK + +mkdir $LOCAL_WORKDIR/deleteLogs > /dev/null 2>&1 + +LOG=$LOCAL_WORKDIR/deleteLogs/delete_elk_`date +%F_%T`.log + +START_TIME=`date +%s` + +ST=`date +%s` + +echo "Deleting ELK and Kibana Controller" +echo "---------------------------------" +echo +echo Log of Delete Session can be found at: $LOG +echo + + +echo "Delete Kibana" +kubectl delete service -n $ELKNS kibana-nodeport >> $LOG 2>&1 +kubectl delete service -n $ELKNS elk-nodeport >> $LOG 2>&1 +kubectl delete kibana -n $ELKNS kibana + +echo "Delete ELK Cluster" +kubectl delete elasticsearch -n $ELKNS elasticsearch >> $LOG 2>&1 + +echo "Delete Elastic Search Operator" +helm uninstall -n $ELKNS elastic-operator >> $LOG 2>&1 + +echo "Delete Namespace $ELKNS" + +kubectl delete namespace $ELKNS >> $LOG 2>&1 + +rm -rf $WORKDIR/logs $LOCAL_WORKDIR/elk_installed +FINISH_TIME=`date +%s` +print_time TOTAL "Delete ELK " $START_TIME $FINISH_TIME diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oam.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oam.sh index 31fd5b727..c231193d5 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oam.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oam.sh @@ -47,6 +47,16 @@ else kubectl delete service -n $OAMNS $OAM_DOMAIN_NAME-oap >> $LOG 2>&1 fi +ELK_DEP=`kubectl get deployment -n $OAMNS | grep logstash | awk '{ print $1 }'` +if [ ! "$ELK_DEP" = "" ] +then + echo "Deleting Logstash" + kubectl delete deployment -n $OAMNS oam-logstash >> $LOG 2>&1 + echo "Deleting Logstash configmap" + kubectl delete cm -n $OAMNS oam-logstash-configmap >> $LOG 2>&1 + kubectl delete cm -n $OAMNS elk-cert >> $LOG 2>&1 +fi + echo "Deleting OAM Domain" kubectl delete domain $OAM_DOMAIN_NAME -n $OAMNS >> $LOG 2>&1 echo "Deleting Config Map" @@ -92,8 +102,14 @@ print_time STEP "Drop Schemas" $ST $ET ST=`date +%s` echo "Deleting Volumes" +echo " Deleting $OAM_LOCAL_SHARE/*">> $LOG 2>&1 rm -rf $OAM_LOCAL_SHARE/>> $LOG 2>&1 -rm -rf $WORKDIR/* $LOCAL_WORKDIR/OHS/*/login_vh.conf $LOCAL_WORKDIR/OHS/*/iadadmin_vh.conf $LOCAL_WORKDIR/oam_installed>> $LOG 2>&1 +echo " Deleting $WORKDIR/*">> $LOG 2>&1 +rm -rf $WORKDIR/* +echo " Deleting $LOCAL_WORKDIR/OHS ">> $LOG 2>&1 +rm -rf $LOCAL_WORKDIR/OHS/*/login_vh.conf $LOCAL_WORKDIR/OHS/*/iadadmin_vh.conf $LOCAL_WORKDIR/oam_installed>> $LOG 2>&1 +echo " Deleting Complete">> $LOG 2>&1 + ET=`date +%s` print_time STEP "Delete Volume" $ST $ET diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oig.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oig.sh index 781d9897c..334e75dbe 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oig.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oig.sh @@ -56,6 +56,16 @@ then kubectl delete service -n $OIGNS $OIG_DOMAIN_NAME-oim-t3-nodeport >> $LOG 2>&1 fi +ELK_DEP=`kubectl get deployment -n $OIGNS | grep logstash | awk '{ print $1 }'` +if [ ! "$ELK_DEP" = "" ] +then + echo "Deleting Logstash" + kubectl delete deployment -n $OIGNS oig-logstash >> $LOG 2>&1 + echo "Deleting Logstash configmap" + kubectl delete cm -n $OIGNS oig-logstash-configmap >> $LOG 2>&1 + kubectl delete cm -n $OIGNS elk-cert >> $LOG 2>&1 +fi + echo "Delete OIG Domain" kubectl delete domain $OIG_DOMAIN_NAME -n $OIGNS >> $LOG 2>&1 @@ -106,9 +116,13 @@ ST=`date +%s` echo "Deleting Volumes" # Delete the files in the persistent volumes +echo "Deleting $OIG_LOCAL_SHARE/*" >> $LOG 2>&1 rm -rf $OIG_LOCAL_SHARE/* >> $LOG 2>&1 +echo "Deleting $WORKDIR/*" >> $LOG 2>&1 rm -rf $WORKDIR/* >> $LOG 2>&1 -rm -rf $WORKDIR/* $LOCAL_WORKDIR/OHS/*/prov_vh.conf $LOCAL_WORKDIR/OHS/*/igd*_vh.conf $LOCAL_WORKDIR/oig_installed>> $LOG 2>&1 +echo "Deleting $LOCAL_WORKDIR/OHS/" >> $LOG 2>&1 +rm -rf $LOCAL_WORKDIR/OHS/*/prov_vh.conf $LOCAL_WORKDIR/OHS/*/igd*_vh.conf $LOCAL_WORKDIR/oig_installed>> $LOG 2>&1 +echo "Delete Complete" >> $LOG 2>&1 ET=`date +%s` print_time STEP "Delete Volume" $ST $ET diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oiri.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oiri.sh index 438f2f8ef..846603da5 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oiri.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oiri.sh @@ -33,6 +33,14 @@ echo echo Log of Delete Session can be found at: $LOG echo +if [ "$USE_ELK" = "true" ] +then + echo "Deleting Logstash" + kubectl delete deployment -n $OIRINS oiri-logstash >> $LOG 2>&1 + echo "Deleting Logstash configmap" + kubectl delete cm -n $OIRINS oiri-logstash-configmap >> $LOG 2>&1 +fi + echo "Deleting OIRI Application" oiri_cli "helm delete oiri" > $LOG 2>&1 diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oud.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oud.sh index e8cfde437..c8db19b1f 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oud.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oud.sh @@ -43,6 +43,15 @@ then helm uninstall -n $OUDINGNS $OUD_POD_PREFIX-nginx >> $LOG 2>&1 fi +if [ "$USE_ELK" = "true" ] +then + echo "Deleting Logstash" + kubectl delete deployment -n $OUDNS oud-logstash >> $LOG 2>&1 + echo "Deleting Logstash configmap" + kubectl delete cm -n $OUDNS oud-logstash-configmap >> $LOG 2>&1 + kubectl delete cm -n $OUDNS elk-cert >> $LOG 2>&1 +fi + echo "Delete OUD Application" helm uninstall -n $OUDNS $OUD_POD_PREFIX >> $LOG 2>&1 @@ -56,7 +65,8 @@ kubectl delete namespace $OUDNS echo "Delete Volumes" rm -rf $LOCAL_WORKDIR/OUD $LOCAL_WORKDIR/oud_installed -rm -rf $OUD_LOCAL_PVSHARE/* +rm -rf $OUD_LOCAL_SHARE/* + FINISH_TIME=`date +%s` print_time TOTAL "Delete OUD " $START_TIME $FINISH_TIME diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oudsm.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oudsm.sh index 7fcfc7f3b..b19195b15 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oudsm.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/utils/delete_oudsm.sh @@ -37,11 +37,23 @@ else kubectl delete ingress -n $OUDNS oudsm-ingress >> $LOG 2>&1 fi +if [ "$USE_ELK" = "true" ] +then + echo "Deleting Logstash" + kubectl delete deployment -n $OUDNS oudsm-logstash >> $LOG 2>&1 + echo "Deleting Logstash configmap" + kubectl delete cm -n $OUDNS oudsm-logstash-configmap >> $LOG 2>&1 +fi + echo "Delete OUDSM Application" helm uninstall -n $OUDNS oudsm >> $LOG 2>&1 -echo "Check Server Stopped" -check_stopped $OUDNS oudsm-1 >> $LOG 2>&1 +check_stopped $OUDNS oudsm-1 + +if [ "$USE_ELK" = "true" ] +then + check_stopped $OUDNS oudsm-es-cluster-0 +fi echo "Delete Volumes" rm -rf $OUDSM_LOCAL_SHARE/* $LOCAL_WORKDIR/OUDSM/* $LOCAL_WORKDIR/oudsm_installed>> $LOG 2>&1