7.2.6 WDT OAMドメインのデプロイ
Oracle Access Management (OAM) domain.yamlを変更し、作成されたビルド・イメージを使用してOAMドメインをデプロイする必要があります。
OAM domain.yamlの変更
$WORKDIR/yaml/domain.yamlを編集し、前に生成されたイメージ名で%DOMAIN_CREATION_IMAGE%を更新します:ノート:
%DOMAIN_CREATION_IMAGE%は、<REPOSITORY>:<TAG>という形式になります。
例:domain: # Domain | DomainAndRCU createIfNotExists: DomainAndRCU # Image containing WDT installer and Model files. domainCreationImages: - image: '%DOMAIN_CREATION_IMAGE%' domainType: OAMdomain: # Domain | DomainAndRCU createIfNotExists: DomainAndRCU # Image containing WDT installer and Model files. domainCreationImages: - image: 'container-registry.example.com/mytenancy/idm:oam-aux-generic-v1' domainType: OAM- Oracle Container RegistryからOAM製品コンテナ・イメージをプルし、次にプライベート・レジストリからドメイン・イメージをプルする場合、まずプライベート・レジストリのシークレット(
privatecred)を作成する必要があります。例:
次に、kubectl create secret docker-registry "privatecred" --docker-server=container-registry.example.com \ --docker-username="user@example.com" \ --docker-password=password --docker-email=user@example.com \ --namespace=oamnsdomain.yamlのimagePullSecretsに両方のシークレットを指定します。例:... spec: # The WebLogic Domain Home domainHome: /u01/oracle/user_projects/domains/accessdomain # The domain home source type # Set to PersistentVolume for domain-in-pv, Image for domain-in-image, or FromModel for model-in-image domainHomeSourceType: PersistentVolume # The WebLogic Server image that the Operator uses to start the domain image: "container-registry.oracle.com/middleware/oam_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD>" # imagePullPolicy defaults to "Always" if image version is :latest imagePullPolicy: IfNotPresent imagePullSecrets: - name: orclcred - name: privatecred # Identify which Secret contains the WebLogic Admin credentials ...domain.yamlの構成パラメータの詳細は、ドメイン・リソースに関する項を参照してください。
次に、サンプルの
domain.yamlを示します:# Copyright (c) 2024, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# This is an example of how to define an OAM Domain. For details about the fields in domain specification, refer https://oracle.github.io/weblogic-kubernetes-operator/managing-domains/domain-resource/
#
apiVersion: "weblogic.oracle/v9"
kind: Domain
metadata:
name: accessdomain
namespace: oamns
labels:
weblogic.domainUID: accessdomain
spec:
# The WebLogic Domain Home
domainHome: /u01/oracle/user_projects/domains/accessdomain
# The domain home source type
# Set to PersistentVolume for domain-in-pv, Image for domain-in-image, or FromModel for model-in-image
domainHomeSourceType: PersistentVolume
# The WebLogic Server image that the Operator uses to start the domain
image: "container-registry.oracle.com/middleware/oam_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD>"
# imagePullPolicy defaults to "Always" if image version is :latest
imagePullPolicy: IfNotPresent
# Add additional secret name if you are using a different registry for domain creation image.
# Identify which Secret contains the credentials for pulling an image
imagePullSecrets:
- name: orclcred
- name: privatecred
# Identify which Secret contains the WebLogic Admin credentials
webLogicCredentialsSecret:
name: accessdomain-weblogic-credentials
# Whether to include the server out file into the pod's stdout, default is true
includeServerOutInPodLog: true
# Whether to enable log home
logHomeEnabled: true
# Whether to write HTTP access log file to log home
httpAccessLogInLogHome: true
# The in-pod location for domain log, server logs, server out, introspector out, and Node Manager log files
logHome: /u01/oracle/user_projects/domains/logs/accessdomain
# An (optional) in-pod location for data storage of default and custom file stores.
# If not specified or the value is either not set or empty (e.g. dataHome: "") then the
# data storage directories are determined from the WebLogic domain home configuration.
dataHome: ""
# serverStartPolicy legal values are "Never, "IfNeeded", or "AdminOnly"
# This determines which WebLogic Servers the Operator will start up when it discovers this Domain
# - "Never" will not start any server in the domain
# - "AdminOnly" will start up only the administration server (no managed servers will be started)
# - "IfNeeded" will start all non-clustered servers, including the administration server and clustered servers up to the replica count
serverStartPolicy: IfNeeded
serverPod:
initContainers:
#DO NOT CHANGE THE NAME OF THIS INIT CONTAINER
- name: compat-connector-init
# OAM Product image, same as spec.image mentioned above
image: "container-registry.oracle.com/middleware/oam_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD>"
imagePullPolicy: IfNotPresent
command: [ "/bin/bash", "-c", "mkdir -p /u01/oracle/user_projects/domains/wdt-logs"]
volumeMounts:
- mountPath: /u01/oracle/user_projects
name: weblogic-domain-storage-volume
# a mandatory list of environment variable to be set on the servers
env:
- name: JAVA_OPTIONS
value: -Dweblogic.StdoutDebugEnabled=false
- name: USER_MEM_ARGS
value: "-Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx1024m "
- name: WLSDEPLOY_LOG_DIRECTORY
value: "/u01/oracle/user_projects/domains/wdt-logs"
- name: WLSDEPLOY_PROPERTIES
value: "-Dwdt.config.disable.rcu.drop.schema=true"
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: accessdomain-domain-pvc
volumeMounts:
- mountPath: /u01/oracle/user_projects
name: weblogic-domain-storage-volume
# adminServer is used to configure the desired behavior for starting the administration server.
adminServer:
# adminService:
# channels:
# The Admin Server's NodePort
# - channelName: default
# nodePort: 30701
# Uncomment to export the T3Channel as a service
# - channelName: T3Channel
serverPod:
# an (optional) list of environment variable to be set on the admin servers
env:
- name: USER_MEM_ARGS
value: "-Djava.security.egd=file:/dev/./urandom -Xms512m -Xmx1024m "
- name: CLASSPATH
value: "/u01/oracle/wlserver/server/lib/weblogic.jar"
configuration:
secrets: [ accessdomain-rcu-credentials ]
initializeDomainOnPV:
persistentVolume:
metadata:
name: accessdomain-domain-pv
spec:
storageClassName: accessdomain-domain-storage-class
capacity:
# Total storage allocated to the persistent storage.
storage: 10Gi
# Reclaim policy of the persistent storage
# # The valid values are: 'Retain', 'Delete', and 'Recycle'
persistentVolumeReclaimPolicy: Retain
# Persistent volume type for the persistent storage.
# # The value must be 'hostPath' or 'nfs'.
# # If using 'nfs', server must be specified.
nfs:
server: mynfserver
# hostPath:
path: "/nfs_volumes/oam/accessdomainpv"
persistentVolumeClaim:
metadata:
name: accessdomain-domain-pvc
spec:
storageClassName: accessdomain-domain-storage-class
resources:
requests:
storage: 10Gi
volumeName: accessdomain-domain-pv
domain:
# Domain | DomainAndRCU
createIfNotExists: DomainAndRCU
# Image containing WDT installer and Model files.
domainCreationImages:
- image: 'container-registry.example.com/mytenancy/idm:oam-aux-generic-v1'
domainType: OAM
# References to Cluster resources that describe the lifecycle options for all
# the Managed Server members of a WebLogic cluster, including Java
# options, environment variables, additional Pod content, and the ability to
# explicitly start, stop, or restart cluster members. The Cluster resource
# must describe a cluster that already exists in the WebLogic domain
# configuration.
clusters:
- name: accessdomain-oam-cluster
- name: accessdomain-policy-cluster
# The number of managed servers to start for unlisted clusters
# replicas: 1
---
# This is an example of how to define a Cluster resource.
apiVersion: weblogic.oracle/v1
kind: Cluster
metadata:
name: accessdomain-oam-cluster
namespace: oamns
spec:
clusterName: oam_cluster
serverService:
precreateService: true
replicas: 1
serverPod:
serverPod:
env:
- name: USER_MEM_ARGS
value: "-XX:+UseContainerSupport -Djava.security.egd=file:/dev/./urandom -Xms8192m -Xmx8192m "
resources:
limits:
cpu: "2"
memory: "8Gi"
requests:
cpu: "1000m"
memory: "4Gi"
---
# This is an example of how to define a Cluster resource.
apiVersion: weblogic.oracle/v1
kind: Cluster
metadata:
name: accessdomain-policy-cluster
namespace: oamns
spec:
clusterName: policy_cluster
serverService:
precreateService: true
replicas: 1
オプションのWDTモデルConfigMap
必要に応じて、Kubernetes ConfigMapに、追加のWDTモデルおよびWDT変数ファイルをdomainCreationImagesの補足(オーバーライド)として指定できます。
output/weblogic-domains/accessdomain/domain.yamlの例: domain:
...
domainCreationImages:
...
domainCreationConfigMap: mymodel-domain-configmapdomainCreationConfigMap内のファイルには、ファイル拡張子.yaml、.propertiesまたは.zipが必要です。
ConfigMapを作成するには、次のコマンドを実行します:
cd $WORKDIR/kubernetes/create-access-domain/domain-home-on-pv/wdt-utils./create-configmap.sh -n oamns -d accessdomain -c mymodel-domain-configmap -f wdt_models/mymodel.yaml追加構成の使用方法の詳細は、オプションのWDTモデルConfigMapに関する項を参照してください。
OAMドメインのデプロイ
domain.yamlを使用してOAMドメインをデプロイします:
- 次のコマンドを実行して、OAMドメイン・リソースを作成します:
次のステップがWebLogic Kubernetes Operatorによって実行されます:kubectl create -f $WORKDIR/yaml/domain.yaml- イントロスペクタ・ジョブを実行します。
- イントロスペクション・ジョブは、RCUスキーマを作成します。
- イントロスペクタ・ジョブ・ポッドは、ドメイン作成イメージで提供されるモデルを使用してPVにドメインを作成します。
- イントロスペクタ・ジョブ・ポッドは、WDTを介してドメインが正常に作成された後にOAMオフライン構成アクションを実行します。
- 管理サーバー、OAM管理対象サーバー(
oam_server1)およびOAMポリシー管理対象サーバー(oam_policy_mgr1)を起動します。
ドメインの作成が実行されている間、次のコマンドを実行して進行状況をモニターできます:domain.weblogic.oracle/accessdomain created cluster.weblogic.oracle/accessdomain-oam-cluster created cluster.weblogic.oracle/accessdomain-policy-cluster createdkubectl get pods -n <domain_namespace> -w例:ノート:
-wフラグを使用すると、変更時にポッドのステータスを監視できます。
次を実行して、ポッドの最新のログを確認することもできます:kubectl get pods -n oamns -wkubectl logs -f <pod> -n oamnsノート:
WDT固有のログは、<persistent_volume>/domains/wdt-logsにあります。 - すべてが開始されると、管理サーバーとOAMサーバーが実行されていることがわかります:
障害が発生した場合は、「既知の問題」の「WDTモデルを使用したドメイン作成の失敗」に従ってください。NAME READY STATUS RESTARTS AGE accessdomain-adminserver 1/1 Running 0 11m accessdomain-oam-policy-mgr1 1/1 Running 0 3m53s accessdomain-oam-server1 1/1 Running 0 3m53s