Skip to content

Commit 4951ad8

Browse files
rdas0405rdas0405
authored
Merge pull request #202 from manjunathdhegde-2910/master_IDM_Automation_5.0
IDM_Automation_5.0
2 parents 8e4a71a + a782a3c commit 4951ad8

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+2410
-1150
lines changed

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/README.md

Lines changed: 73 additions & 4 deletions
Large diffs are not rendered by default.

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh

Lines changed: 209 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
#!/bin/bash
2-
# Copyright (c) 2021, 2023, Oracle and/or its affiliates.
2+
# Copyright (c) 2021, 2024, Oracle and/or its affiliates.
33
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
44
#
55
# This is an example of common functions and procedures used by the provisioning and deletion scripts
@@ -184,6 +184,10 @@ install_operator()
184184
cd $WORKDIR/samples
185185
CMD="helm install weblogic-kubernetes-operator charts/weblogic-operator --namespace $OPERNS --set image=$OPER_IMAGE:$OPER_VER --set serviceAccount=$OPER_ACT "
186186
CMD="$CMD --set \"enableClusterRoleBinding=true\" --set \"javaLoggingLevel=FINE\" --set \"domainNamespaceSelectionStrategy=LabelSelector\" --set \"domainNamespaceLabelSelector=weblogic-operator\=enabled\" "
187+
if [ "$OPER_ENABLE_SECRET" = "true" ]
188+
then
189+
CMD="$CMD --set \"imagePullSecrets[0].name=regcred\" "
190+
fi
187191
if [ "$USE_ELK" = "true" ]
188192
then
189193
ELK_PROTO=$(echo $ELK_HOST | cut -f1 -d:)
@@ -271,6 +275,21 @@ delete_crd()
271275
fi
272276
}
273277

278+
#
279+
# Get Kubernetes Version
280+
#
281+
get_k8_ver()
282+
{
283+
kubectl version --short >/dev/null 2>&1
284+
if [ $? -eq 0 ]
285+
then
286+
KVER=$(kubectl version --short=true 2>/dev/null | grep Server | cut -f2 -d: | cut -f1 -d + | sed 's/ v//' | cut -f 1-3 -d.)
287+
else
288+
KVER=$(kubectl version 2>/dev/null | grep Server | cut -f2 -d: | cut -f1 -d + | sed 's/ v//' | cut -f 1-3 -d.)
289+
fi
290+
291+
echo $KVER
292+
}
274293
#
275294
# Get Kubernetes NodePort Port
276295
#
@@ -359,7 +378,7 @@ copy_to_k8()
359378
namespace=$3
360379
domain_name=$4
361380

362-
kubectl cp $filename $namespace/$domain_name-adminserver:$PV_MOUNT/$destination
381+
kubectl -c weblogic-server cp $filename $namespace/$domain_name-adminserver:$PV_MOUNT/$destination
363382
if [ $? -gt 0 ]
364383
then
365384
echo "Failed to copy $filename."
@@ -434,6 +453,28 @@ create_domain_secret()
434453
print_time STEP "Create Domain Secret" $ST $ET >> $LOGDIR/timings.log
435454
}
436455

456+
create_domain_secret_wdt()
457+
{
458+
namespace=$1
459+
domain_name=$2
460+
wlsuser=$3
461+
wlspwd=$4
462+
463+
ST=$(date +%s)
464+
print_msg "Creating a Kubernetes Domain Secret"
465+
if [ "$domain_name" = "$OIG_DOMAIN_NAME" ]
466+
then
467+
cd $WORKDIR/samples/create-oim-domain/domain-home-on-pv/wdt-utils
468+
else
469+
cd $WORKDIR/samples/create-access-domain/domain-home-on-pv/wdt-utils
470+
fi
471+
./create-secret.sh -l "username=$wlsuser" -l "password=$wlspwd" -n $namespace -d $domain_name -s $domain_name-weblogic-credentials > $LOGDIR/domain_secret.log 2>&1
472+
473+
print_status $? $LOGDIR/domain_secret.log
474+
ET=$(date +%s)
475+
476+
print_time STEP "Create Domain Secret" $ST $ET >> $LOGDIR/timings.log
477+
}
437478
create_rcu_secret()
438479
{
439480
namespace=$1
@@ -453,6 +494,32 @@ create_rcu_secret()
453494
print_time STEP "Create RCU Secret" $ST $ET >> $LOGDIR/timings.log
454495
}
455496

497+
create_rcu_secret_wdt()
498+
{
499+
namespace=$1
500+
domain_name=$2
501+
rcuprefix=$3
502+
rcupwd=$4
503+
syspwd=$5
504+
dbhost=$6
505+
dbport=$7
506+
dbservice=$8
507+
508+
ST=$(date +%s)
509+
print_msg "Creating a Kubernetes RCU Secret"
510+
if [ "$domain_name" = "$OIG_DOMAIN_NAME" ]
511+
then
512+
cd $WORKDIR/samples/create-oim-domain/domain-home-on-pv/wdt-utils
513+
else
514+
cd $WORKDIR/samples/create-access-domain/domain-home-on-pv/wdt-utils
515+
fi
516+
./create-secret.sh -l "rcu_prefix=$rcuprefix" -l "rcu_schema_password=$rcupwd" -l "db_host=$dbhost" -l "db_port=$dbport" -l "db_service=$dbservice" -l "dba_user=sys" -l "dba_password=$syspwd" -n $namespace -d $domain_name -s $domain_name-rcu-credentials > $LOGDIR/rcu_secret.log 2>&1
517+
518+
print_status $? $LOGDIR/rcu_secret.log
519+
ET=$(date +%s)
520+
521+
print_time STEP "Create RCU Secret" $ST $ET >> $LOGDIR/timings.log
522+
}
456523
# Create a working directory inside the Kubernetes container
457524
#
458525
create_workdir()
@@ -462,11 +529,11 @@ create_workdir()
462529

463530
ST=$(date +%s)
464531
print_msg "Creating Work directory inside container"
465-
kubectl exec -n $namespace -ti $domain_name-adminserver -- mkdir -p $K8_WORKDIR
532+
kubectl exec -n $namespace -ti $domain_name-adminserver -c weblogic-server -- mkdir -p $K8_WORKDIR
466533
print_status $?
467534

468535
printf "\t\t\tCreating Keystores directory inside container - "
469-
kubectl exec -n $namespace -ti $domain_name-adminserver -- mkdir -p $PV_MOUNT/keystores
536+
kubectl exec -n $namespace -ti $domain_name-adminserver -c weblogic-server -- mkdir -p $PV_MOUNT/keystores
470537
print_status $?
471538
ET=$(date +%s)
472539

@@ -481,7 +548,7 @@ run_command_k8()
481548
domain_name=$2
482549
command=$3
483550

484-
kubectl exec -n $namespace -ti $domain_name-adminserver -- $command
551+
kubectl exec -n $namespace -ti $domain_name-adminserver -c weblogic-server -- $command
485552
}
486553

487554
# Execute a command inside the Kubernetes container
@@ -493,7 +560,7 @@ run_wlst_command()
493560
command=$3
494561

495562
WLSRETCODE=0
496-
kubectl exec -n $namespace -ti $domain_name-adminserver -- /u01/oracle/oracle_common/common/bin/wlst.sh $command
563+
kubectl exec -n $namespace -ti $domain_name-adminserver -c weblogic-server -- /u01/oracle/oracle_common/common/bin/wlst.sh $command
497564
if [ $? -gt 0 ]
498565
then
499566
echo "Failed to Execute wlst command: $command"
@@ -526,6 +593,7 @@ download_samples()
526593
print_time STEP "Download IDM Samples" $ST $ET >> $LOGDIR/timings.log
527594
}
528595

596+
529597
# Copy Samples to Working Directory
530598
#
531599
copy_samples()
@@ -573,6 +641,19 @@ download_maa_samples()
573641
print_time STEP "Download MAA Samples" $ST $ET >> $LOGDIR/timings.log
574642
}
575643

644+
# Generate the files required to Build the Domain Creation Image
645+
#
646+
generate_wdt_model_files()
647+
{
648+
print_msg "Generating WDT Model Files"
649+
650+
cd $WORKDIR/samples/create-*-domain/domain-home-on-pv/wdt-utils/generate_models_utils
651+
./generate_wdt_models.sh -i $WORKDIR/create-domain-wdt.yaml -o $WORKDIR >$LOGDIR/generate_wdt_models.log 2>&1
652+
print_status $? $LOGDIR/generate_wdt_models.log
653+
ET=`date +%s`
654+
print_time STEP "Generate WDT Model Files" $ST $ET >> $LOGDIR/timings.log
655+
}
656+
576657
# Create helper pod
577658
#
578659
create_helper_pod ()
@@ -586,7 +667,7 @@ create_helper_pod ()
586667
if [ "$?" = "0" ]
587668
then
588669
echo "Already Created"
589-
check_running $NS helper
670+
check_running $NS helper 5
590671
else
591672
if [ "$USE_REGISTRY" = "true" ]
592673
then
@@ -596,7 +677,7 @@ create_helper_pod ()
596677
kubectl run helper --image $IMAGE -n $NS -- sleep infinity > $LOGDIR/helper.log 2>&1
597678
print_status $? $LOGDIR/helper.log
598679
fi
599-
check_running $NS helper
680+
check_running $NS helper 20
600681
fi
601682
ET=$(date +%s)
602683
print_time STEP "Create Helper Pod" $ST $ET >> $LOGDIR/timings.log
@@ -607,7 +688,7 @@ create_helper_pod ()
607688
remove_helper_pod()
608689
{
609690
NS=$1
610-
kubectl -n $NS delete pod,svc helper
691+
kubectl -n $NS delete pod helper --force 2> /dev/null
611692
echo "Helper Pod Deleted:"
612693
}
613694

@@ -1133,15 +1214,25 @@ check_running()
11331214
NAMESPACE=$1
11341215
SERVER_NAME=$2
11351216
DELAY=$3
1136-
1137-
printf "\t\t\tChecking $SERVER_NAME "
1217+
STEP=$4
1218+
if ! [[ $DELAY =~ ^[0-9]+$ ]]
1219+
then
1220+
STEP=$DELAY
1221+
unset DELAY
1222+
fi
1223+
if [ "$STEP" = "true" ]
1224+
then
1225+
print_msg "Checking $SERVER_NAME"
1226+
else
1227+
printf "\t\t\tChecking $SERVER_NAME "
1228+
fi
1229+
11381230
if [ "$SERVER_NAME" = "adminserver" ]
11391231
then
11401232
sleep ${DELAY:=120}
11411233
else
11421234
sleep ${DELAY:=120}
11431235
fi
1144-
11451236
X=0
11461237
RETRIES=1
11471238
MAX_RETRIES=50
@@ -1190,17 +1281,6 @@ check_running()
11901281
exit 1
11911282
fi
11921283

1193-
if [ "$SERVER_NAME" = "oim-server1" ]
1194-
then
1195-
kubectl logs -n $OIGNS ${OIG_DOMAIN_NAME}-oim-server1 | grep -q "BootStrap configuration Failed"
1196-
if [ $? = 0 ]
1197-
then
1198-
echo "BootStrap configuration Failed - check kubectl logs -n $OIGNS ${OIG_DOMAIN_NAME}-oim-server1"
1199-
exit 1
1200-
fi
1201-
fi
1202-
1203-
12041284
if [ ! "$RUNNING" = "0" ]
12051285
then
12061286
X=$MAX_RETRIES
@@ -1223,6 +1303,71 @@ check_running()
12231303
fi
12241304
}
12251305

1306+
# Check introspector
1307+
#
1308+
check_introspector()
1309+
{
1310+
NAMESPACE=$1
1311+
1312+
ST=$(date +%s)
1313+
print_msg "Waiting for Introspector to complete"
1314+
1315+
POD_RUNNING=true
1316+
while [ "$POD_RUNNING" = "true" ]
1317+
do
1318+
POD=$(kubectl -n $NAMESPACE get pods -o wide --no-headers=true --ignore-not-found | grep introspect | head -1 )
1319+
1320+
if [ "$POD" = "" ]
1321+
then
1322+
POD_RUNNING=false
1323+
else
1324+
PODSTATUS=$(echo $POD | awk '{ print $3 }')
1325+
if [ "$PODSTATUS" = "CrashLoopBackOff" ] || [ "$PODSTATUS" = "Pending" ] || [ "$PODSTATUS" = "Init:CrashLoopBackOff" ] || [ "$PODSTATUS" = "Init:Pending" ]
1326+
then
1327+
echo $POD > $LOGDIR/check_introspector.log 2>&1
1328+
POD_NAME=$(echo $POD | cut -f1 -d ' ')
1329+
kubectl describe pod -n $NAMESPACE $POD_NAME >> $LOGDIR/check_introspector.log 2>&1
1330+
kubectl logs -n $NAMESPACE $POD_NAME >> $LOGDIR/check_introspector.log 2>&1
1331+
echo "Pod introspector has failed - Pod Status: $PODSTATUS - Check Logfile: $LOGDIR/check_introspector.log"
1332+
exit 1
1333+
fi
1334+
fi
1335+
echo -e ".\c"
1336+
sleep 60
1337+
done
1338+
1339+
if [ "$POD_RUNNING" = "false" ]
1340+
then
1341+
echo " Completed."
1342+
fi
1343+
ET=`date +%s`
1344+
print_time STEP "Waiting for Introspector" $ST $ET >> $LOGDIR/timings.log
1345+
}
1346+
1347+
# Check domain created successfully
1348+
#
1349+
check_domain_ok()
1350+
{
1351+
NAMESPACE=$1
1352+
DOMAIN_NAME=$2
1353+
1354+
ST=$(date +%s)
1355+
print_msg "Check Domain created without error"
1356+
1357+
kubectl describe domain -n $NAMESPACE $DOMAIN_NAME > $LOGDIR/domain_status.log
1358+
grep -q SEVERE $LOGDIR/domain_status.log
1359+
if [ $? -eq 0 ]
1360+
then
1361+
echo "Failed - Check Logfile: $LOGDIR/domain_status.log"
1362+
exit 1
1363+
else
1364+
echo "Success"
1365+
fi
1366+
1367+
ET=`date +%s`
1368+
print_time STEP "Check Domain Created without Error" $ST $ET >> $LOGDIR/timings.log
1369+
}
1370+
12261371
# Check whether a Kubernetes pod has shutdown
12271372
#
12281373
check_stopped()
@@ -1238,7 +1383,7 @@ check_stopped()
12381383
while [ $X -lt $RETRIES ]
12391384
do
12401385

1241-
POD=$(kubectl --namespace $NAMESPACE get pod | grep $SERVER_NAME)
1386+
POD=$(kubectl --ignore-not-found=true --namespace $NAMESPACE get pod | grep $SERVER_NAME)
12421387
PODSTATUS=$(echo $POD | awk '{ print $3 }')
12431388
RUNNING=$(echo $POD | awk '{ print $2 }')
12441389
if [ "$POD" = "" ]
@@ -1379,6 +1524,7 @@ get_lbr_certificate()
13791524

13801525
print_msg "Obtaining Load Balancer Certificate $LBRHOST:$LBRPORT"
13811526
ST=$(date +%s)
1527+
13821528
openssl s_client -connect ${LBRHOST}:${LBRPORT} -showcerts </dev/null 2>/dev/null|openssl x509 -outform PEM > $WORKDIR/${LBRHOST}.pem 2>$LOGDIR/lbr_cert.log
13831529
print_status $? $LOGDIR/lbr_cert.log
13841530

@@ -2499,3 +2645,42 @@ copy_files_to_dr()
24992645
ET=$(date +%s)
25002646
print_time STEP "Copying OHS Configuration to $DR_HOST" $ST $ET >> $LOGDIR/timings.log
25012647
}
2648+
2649+
# Check health-check is not being blocked
2650+
#
2651+
check_healthcheck_ok()
2652+
{
2653+
ST=$(date +%s)
2654+
print_msg "Checking Health-check is not blocked"
2655+
2656+
printf "\n\t\t\t$OHS_HOST1 - "
2657+
blocked_ip=$( $SSH ${OHS_USER}@$OHS_HOST1 grep health-check.html $OHS_DOMAIN/servers/ohs?/logs/access_log | grep 403 | awk '{ print $1 }' | tail -1 )
2658+
if [ "$blocked_ip" = "" ]
2659+
then
2660+
echo "Success"
2661+
else
2662+
printf "Blocked by IP Address: $blocked_ip - Fixing - "
2663+
$SSH ${OHS_USER}@$OHS_HOST1 -C sed -i \"/ require host/a "\\ require ip $blocked_ip"\" $OHS_DOMAIN/config/fmwconfig/components/OHS/ohs?/webgate.conf
2664+
print_status $?
2665+
printf "\t\t\tRestarting OHS $OHS_HOST1 - "
2666+
$SSH ${OHS_USER}@$OHS_HOST1 "$OHS_DOMAIN/bin/restartComponent.sh $OHS1_NAME" > $LOGDIR/restart_$OHS_HOST1.log 2>&1
2667+
print_status $? $LOGDIR/restart_$OHS_HOST1.log
2668+
fi
2669+
2670+
if [ ! "$OHS_HOST2" = "" ]
2671+
then
2672+
printf "\n\t\t\t$OHS_HOST2 - "
2673+
blocked_ip=$( $SSH ${OHS_USER}@$OHS_HOST2 grep health-check.html $OHS_DOMAIN/servers/ohs?/logs/access_log | grep 403 | awk '{ print $1 }' | tail -1 )
2674+
if [ "$blocked_ip" = "" ]
2675+
then
2676+
echo "Success"
2677+
else
2678+
printf "Blocked by IP Address: $blocked_ip - Fixing - "
2679+
$SSH ${OHS_USER}@$OHS_HOST2 -C sed -i \"/ require host/a "\\ require ip $blocked_ip"\" $OHS_DOMAIN/config/fmwconfig/components/OHS/ohs?/webgate.conf
2680+
print_status $?
2681+
printf "\t\t\tRestarting OHS $OHS_HOST2 - "
2682+
$SSH ${OHS_USER}@$OHS_HOST2 "$OHS_DOMAIN/bin/restartComponent.sh $OHS2_NAME" > $LOGDIR/restart_$OHS_HOST2.log 2>&1
2683+
print_status $? $LOGDIR/restart_$OHS_HOST2.log
2684+
fi
2685+
fi
2686+
}

0 commit comments

Comments
 (0)