- Using Oracle WebLogic Server for OKE
- Managing Resources
- Update the Repository Schema Utility Password using Secrets
Update the Repository Schema Utility Password using Secrets
If you modified the Repository Schema Utility (RCU) password, then you must update the schema password in the domain.
During initial provisioning, we create a secret named
<resource_prefix>-rcu-access
, which contains all the RCU
related information, like db_connect_String
, schema prefix, and schema
password.
Complete the following steps to update the schema password in the domain:
- Shutdown the domain.Run the following command:
kubectl edit domain -n <domain_ns> -o yaml
Sample output:kind: Domain metadata: name: domain1 spec: serverStartPolicy: "NEVER"
Change the
serverStartPolicy
value, fromIF_NEEDED
toNEVER
. See Starting and stopping servers. - If you have not changed the RCU schema password on the database, then complete this
step.
- In the administration server, run the
rcu_secret.sh
script, which is located at/u01/scripts/pipeline/helper-scripts
. This displays the existingschemaPrefix
information. - Connect to the database as
sysdba
user usingsqlplus
.connect sys/<password>@//dbhost.subnet1.vcn1.oraclevcn.com:1521/pdbName.subnet1.vcn1.oraclevcn.com as sysdba
Example:
connect sys/<password>@//sidb19-scan.admin.existingnetwork.oraclevcn.com:1521/sipdb.admin.existingnetwork.oraclevcn.com as sysdba
- Set the login attempts for the
DEFAULT
profile toUNLIMITED
and then check the limit for theDEFAULT
profile.ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS UNLIMITED; select limit from dba_profiles where profile='DEFAULT' / and resource_name='FAILED_LOGIN_ATTEMPTS'; LIMIT –------------------------------------------------------------------- UNLIMITED
- List all the dba users where username like
<schema_prefix>__%
.select username from dba_users where username like '<schema_prefix>__%';
USERNAME ------------------------------- <schema_prefix>_STB <schema_prefix>_IAU_APPEND <schema_prefix>_OPSS <schema_prefix>_WLS <schema_prefix>_IAU <schema_prefix>_WLS_RUNTIME <schema_prefix>_IAU_VIEWER <schema_prefix>_UMS <schema_prefix>_MDS
For example:
select username from dba_users where username like 'SP1601029287_%';
All user names are prefixed with
SP1601029287
as inSP1601029287_STB
. - Change the password for the following users:
alter user <schema_prefix>_STB identified by <new_password>; alter user <schema_prefix>_IAU_APPEND identified by <new_password>; alter user <schema_prefix>_OPSS identified by <new_password>; alter user <schema_prefix>_WLS identified by <new_password>; alter user <schema_prefix>_IAU identified by <new_password>; alter user <schema_prefix>_WLS_RUNTIME identified by <new_password>; alter user <schema_prefix>_IAU_VIEWER identified by <new_password>; alter user <schema_prefix>_UMS identified by <new_password>; alter user <schema_prefix>_MDS identified by <new_password>;
For example:
alter user SP1601029287_STB identified by <new_password>;
- Connect to the database for the MDS user.
connect <schema_prefix>_MDS/<password>//dbhost.example.com:1521 Connected
- List the table names in the database for the current
user.
select table_name from user_tables;
- Exit SQL.
exit
- In the administration server, run the
- Delete the existing kubernetes secret:
<resource_prefix>-rcu-access
- Run the following command to obtain the name of the secret:
kubectl get secrets -n <domain_namespace> |grep rcu-access
For example, run
kubectl get secrets -n domain10-ns |grep rcu-access
. The name of the secret obtained is<resource_prefix>-rcu-access>
- Recreate the secret with the same name. The name that you obtained in the previous
step.
The
<resource_prefix>-rcu-access
secret has certain fields other than the schema password, which also needs to be specified based on the database type. When you run thercu_secret.sh
script, located at/u01/scripts/pipeline/helper-scripts/
, it outputs all the other required fields in addition to the schema password for recreating the secret.For ATP database:[opc@wrjrf1-admin helper-scripts]$./rcu_secret.sh rcu_db_name = <atp_db_name_low> rcu_prefix = <prefix> rcu_wallet_password = <password> [opc@wrjrf1-admin helper-scripts]$kubectl create secret generic -n <domain_ns> '<resource_prefix>-rcu-access' --from-literal=rcu_db_name=<atp_db_name_low> --from-literal=rcu_prefix=<prefix> --from-literal=rcu_wallet_password=<password> --from-literal=rcu_schema_password=<new_password>
For OCI, SI, or RAC database:
[opc@wrjrf1-admin helper-scripts]$./rcu_secret.sh rcu_admin_password = <admin_password> rcu_db_conn_string = <connect_String> rcu_db_user = sys rcu_prefix = <prefix> [opc@wrjrf1-admin helper-scripts]$kubectl create secret generic -n <domain_ns> '<resource_prefix>-rcu-access' --from-literal=rcu_admin_password=<admin_password> --from-literal=rcu_db_conn_string=name-scan.subnet2ad2phx.paasdevjcsphx.oraclevcn.com:1521/db0409_pdb1.subnet2ad2phx.paasdevjcsphx.oraclevcn.com --from-literal=rcu_db_user=sys --from-literal=rcu_prefix=<prefix> --from-literal=rcu_schema_password=<new_password>
- Change the
serverStartPolicy
value, fromNEVER
toIF_NEEDED
, and then increment therestartVersion
.kind: Domain metadata: name: domain1 spec: serverStartPolicy: "IF_NEEDED" restartVersion: "3"
- Wait for the domain to start for a rolling restart. Then, verify that the datasource
mds-owsm
tests okay in the WebLogic Server administration console.