7.2.6 WDT OIGドメインのデプロイ
Oracle Identity Governance (OIG) domain.yamlを変更し、作成されたビルド・イメージを使用してOIGドメインをデプロイする必要があります。
OIG domain.yamlの変更
$WORKDIR/yaml/domain.yamlを編集し、前に生成されたイメージ名で%DOMAIN_CREATION_IMAGE%を更新します:ノート:
%DOMAIN_CREATION_IMAGE%は、<REPOSITORY>:<TAG>という形式になります。
例:domain: # Domain | DomainAndRCU createIfNotExists: DomainAndRCU # Image containing WDT installer and Model files. domainCreationImages: - image: '%DOMAIN_CREATION_IMAGE%' domainType: OIGdomain: # Domain | DomainAndRCU createIfNotExists: DomainAndRCU # Image containing WDT installer and Model files. domainCreationImages: - image: 'container-registry.example.com/mytenancy/idm:oig-aux-generic-v1' domainType: OIG- Oracle Container RegistryからOIG製品コンテナ・イメージをプルし、次にプライベート・レジストリからドメイン・イメージをプルする場合、まずプライベート・レジストリのシークレット(
privatecred)を作成する必要があります。例:
次に、kubectl create secret docker-registry "privatecred" --docker-server=container-registry.example.com \ --docker-username="user@example.com" \ --docker-password=password --docker-email=user@example.com \ --namespace=oignsdomain.yamlのimagePullSecretsに両方のシークレットを指定します。例:... spec: # The WebLogic Domain Home domainHome: /u01/oracle/user_projects/domains/governancedomain # The domain home source type # Set to PersistentVolume for domain-in-pv, Image for domain-in-image, or FromModel for model-in-image domainHomeSourceType: PersistentVolume # The WebLogic Server image that the Operator uses to start the domain image: "container-registry.oracle.com/middleware/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD>" # imagePullPolicy defaults to "Always" if image version is :latest imagePullPolicy: IfNotPresent imagePullSecrets: - name: orclcred - name: privatecred # Identify which Secret contains the WebLogic Admin credentials ...domain.yamlの構成パラメータの詳細は、ドメイン・リソースに関する項を参照してください。
次に、サンプルの
domain.yamlを示します: # Copyright (c) 2024, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# This is an example of how to define an OIG Domain. For details about the fields in domain specification, refer https://oracle.github.io/weblogic-kubernetes-operator/managing-domains/domain-resource/
#
apiVersion: "weblogic.oracle/v9"
kind: Domain
metadata:
name: governancedomain
namespace: oigns
labels:
weblogic.domainUID: governancedomain
spec:
# The WebLogic Domain Home
domainHome: /u01/oracle/user_projects/domains/governancedomain
# The domain home source type
# Set to PersistentVolume for domain-in-pv, Image for domain-in-image, or FromModel for model-in-image
domainHomeSourceType: PersistentVolume
# The WebLogic Server image that the Operator uses to start the domain
image: "container-registry.oracle.com/middleware/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD>"
# imagePullPolicy defaults to "Always" if image version is :latest
imagePullPolicy: IfNotPresent
# Add additional secret name if you are using a different registry for domain creation image.
# Identify which Secret contains the credentials for pulling an image
imagePullSecrets:
- name: orclcred
- name: privatecred
# Identify which Secret contains the WebLogic Admin credentials
webLogicCredentialsSecret:
name: governancedomain-weblogic-credentials
# Whether to include the server out file into the pod's stdout, default is true
includeServerOutInPodLog: true
# Whether to enable log home
logHomeEnabled: true
# Whether to write HTTP access log file to log home
httpAccessLogInLogHome: true
# The in-pod location for domain log, server logs, server out, introspector out, and Node Manager log files
logHome: /u01/oracle/user_projects/domains/logs/governancedomain
# An (optional) in-pod location for data storage of default and custom file stores.
# If not specified or the value is either not set or empty (e.g. dataHome: "") then the
# data storage directories are determined from the WebLogic domain home configuration.
dataHome: ""
# serverStartPolicy legal values are "Never, "IfNeeded", or "AdminOnly"
# This determines which WebLogic Servers the Operator will start up when it discovers this Domain
# - "Never" will not start any server in the domain
# - "AdminOnly" will start up only the administration server (no managed servers will be started)
# - "IfNeeded" will start all non-clustered servers, including the administration server and clustered servers up to the replica count
serverStartPolicy: IfNeeded
serverPod:
initContainers:
#DO NOT CHANGE THE NAME OF THIS INIT CONTAINER
- name: compat-connector-init
# OIG Product image, same as spec.image mentioned above
image: "container-registry.oracle.com/middleware/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD>"
imagePullPolicy: IfNotPresent
command: [ "/bin/bash", "-c", "mkdir -p /u01/oracle/user_projects/domains/ConnectorDefaultDirectory", "mkdir -p /u01/oracle/user_projects/domains/wdt-logs"]
volumeMounts:
- mountPath: /u01/oracle/user_projects
name: weblogic-domain-storage-volume
# a mandatory list of environment variable to be set on the servers
env:
- name: JAVA_OPTIONS
value: -Dweblogic.StdoutDebugEnabled=false
- name: USER_MEM_ARGS
value: "-Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx1024m "
- name: WLSDEPLOY_LOG_DIRECTORY
value: "/u01/oracle/user_projects/domains/wdt-logs"
- name: FRONTENDHOST
value: example.com
- name: FRONTENDPORT
value: "14000"
- name: WLSDEPLOY_PROPERTIES
value: "-Dwdt.config.disable.rcu.drop.schema=true"
envFrom:
- secretRef:
name: governancedomain-rcu-credentials
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: governancedomain-domain-pvc
volumeMounts:
- mountPath: /u01/oracle/user_projects
name: weblogic-domain-storage-volume
# adminServer is used to configure the desired behavior for starting the administration server.
adminServer:
# adminService:
# channels:
# The Admin Server's NodePort
# - channelName: default
# nodePort: 30701
# Uncomment to export the T3Channel as a service
# - channelName: T3Channel
serverPod:
# an (optional) list of environment variable to be set on the admin servers
env:
- name: USER_MEM_ARGS
value: "-Djava.security.egd=file:/dev/./urandom -Xms512m -Xmx1024m "
configuration:
secrets: [ governancedomain-rcu-credentials ]
initializeDomainOnPV:
persistentVolume:
metadata:
name: governancedomain-domain-pv
spec:
storageClassName: governancedomain-domain-storage-class
capacity:
# Total storage allocated to the persistent storage.
storage: 10Gi
# Reclaim policy of the persistent storage
# # The valid values are: 'Retain', 'Delete', and 'Recycle'
persistentVolumeReclaimPolicy: Retain
# Persistent volume type for the persistent storage.
# # The value must be 'hostPath' or 'nfs'.
# # If using 'nfs', server must be specified.
nfs:
server: mynfsserver
# hostPath:
path: "/scratch/shared/governancedomain"
persistentVolumeClaim:
metadata:
name: governancedomain-domain-pvc
spec:
storageClassName: governancedomain-domain-storage-class
resources:
requests:
storage: 10Gi
volumeName: governancedomain-domain-pv
domain:
# Domain | DomainAndRCU
createIfNotExists: DomainAndRCU
# Image containing WDT installer and Model files.
domainCreationImages:
- image: 'container-registry.example.com/mytenancy/idm:oig-aux-generic-v1'
domainType: OIG
# References to Cluster resources that describe the lifecycle options for all
# the Managed Server members of a WebLogic cluster, including Java
# options, environment variables, additional Pod content, and the ability to
# explicitly start, stop, or restart cluster members. The Cluster resource
# must describe a cluster that already exists in the WebLogic domain
# configuration.
clusters:
- name: governancedomain-oim-cluster
- name: governancedomain-soa-cluster
# The number of managed servers to start for unlisted clusters
# replicas: 1
---
# This is an example of how to define a Cluster resource.
apiVersion: weblogic.oracle/v1
kind: Cluster
metadata:
name: governancedomain-oim-cluster
namespace: oigns
spec:
clusterName: oim_cluster
serverService:
precreateService: true
replicas: 0
serverPod:
env:
- name: USER_MEM_ARGS
value: "-Djava.security.egd=file:/dev/./urandom -Xms8192m -Xmx8192m "
resources:
limits:
cpu: "2"
memory: "8Gi"
requests:
cpu: "1000m"
memory: "4Gi"
---
# This is an example of how to define a Cluster resource.
apiVersion: weblogic.oracle/v1
kind: Cluster
metadata:
name: governancedomain-soa-cluster
namespace: oigns
spec:
clusterName: soa_cluster
serverService:
precreateService: true
replicas: 1
serverPod:
env:
- name: USER_MEM_ARGS
value: "-Xms8192m -Xmx8192m "
resources:
limits:
cpu: "1"
memory: "10Gi"
requests:
cpu: "1000m"
memory: "4Gi"
オプションのWDTモデルConfigMap
必要に応じて、Kubernetes ConfigMapに、追加のWDTモデルおよびWDT変数ファイルをdomainCreationImagesの補足(オーバーライド)として指定できます。
output/weblogic-domains/governancedomain/domain.yamlの例: domain:
...
domainCreationImages:
...
domainCreationConfigMap: mymodel-domain-configmapdomainCreationConfigMap内のファイルには、ファイル拡張子.yaml、.propertiesまたは.zipが必要です。
ConfigMapを作成するには、次のコマンドを実行します:
cd $WORKDIR/kubernetes/create-oim-domain/domain-home-on-pv/wdt-utils./create-configmap.sh -n oigns -d governancedomain -c mymodel-domain-configmap -f wdt_models/mymodel.yaml追加構成の使用方法の詳細は、オプションのWDTモデルConfigMapに関する項を参照してください。
OIGドメインのデプロイ
domain.yamlを使用してOIGドメインをデプロイします:
- 次のコマンドを実行して、OIGドメイン・リソースを作成します:
次のステップがWebLogic Kubernetes Operatorによって実行されます:kubectl create -f $WORKDIR/yaml/domain.yaml- イントロスペクタ・ジョブを実行します。
- イントロスペクション・ジョブは、RCUスキーマを作成します。
- イントロスペクタ・ジョブ・ポッドは、ドメイン作成イメージで提供されるモデルを使用してPVにドメインを作成します。
- イントロスペクタ・ジョブ・ポッドは、WDTを介してドメインが正常に作成された後にOIGオフライン構成アクションを実行します。
- 管理サーバーおよびSOA管理対象サーバー(
soa_server1)を起動します。
ドメインの作成が実行されている間、次のコマンドを実行して進行状況をモニターできます:domain.weblogic.oracle/governancedomain created cluster.weblogic.oracle/governancedomain-oim-cluster created cluster.weblogic.oracle/governancedomain-soa-cluster createdkubectl get pods -n <domain_namespace> -wノート:
-wフラグを使用すると、変更時にポッドのステータスを監視できます。例:
次を実行して、ポッドの最新のログを確認することもできます:kubectl get pods -n oigns -wkubectl logs -f <pod> -n oignsノート:
WDT固有のログは、<persistent_volume>/domains/wdt-logsにあります。 - すべてが開始されると、管理サーバーとSOAサーバーが実行されていることがわかります:
NAME READY STATUS RESTARTS AGE governancedomain-adminserver 1/1 Running 0 13m governancedomain-soa-server1 1/1 Running 0 10mノート:
クラスタの速度によっては、すべてのポッドがREADY 1/1状態になるまで25分ほどかかる場合があります。障害が発生した場合は、「既知の問題」の「WDTモデルを使用したドメイン作成の失敗」に従ってください。
- 次のコマンドを実行して、OIMサーバーを起動します:
例:kubectl patch cluster -n <domain_namespace> <domainUID>-oim-cluster --type=merge -p '{"spec":{"replicas":1}}'
出力は次のようになります:kubectl patch cluster -n oigns governancedomain-oim-cluster --type=merge -p '{"spec":{"replicas":1}}'cluster.weblogic.oracle/governancedomain-oim-cluster patched - 次のコマンドを実行して、OIMサーバーのステータスを表示します:
例:kubectl get pods -n <domain_namespace> -w
OIMサーバーが実行されると、出力は次のようになります:kubectl get pods -n oigns -wNAME READY STATUS RESTARTS AGE governancedomain-adminserver 1/1 Running 0 16m governancedomain-soa-server1 1/1 Running 0 13m governancedomain-oim-server1 1/1 Running 0 5m22s
障害が発生した場合は、「既知の問題」の「WDTモデルを使用したドメイン作成の失敗」に従ってください。