Quick Start with OKE

6 Quick Start with OKE

Follow the instructions in this section to install Transaction Manager for Microservices (MicroTx) in Oracle Container Engine for Kubernetes (OKE) and run a sample application.

The script deploys the sample applications on a single node in the Kubernetes cluster on which you have deployed MicroTx.

In the test environment, create at least one node in the Kubernetes cluster to host MicroTx. MicroTx supports Kubernetes 1.21.x or later versions.

The runme.sh script installs MicroTx, builds the Docker images, and then installs the sample application. You can also run the sample applications without automating these steps using the runme.sh script file. See Deploy Sample Applications in Transaction Manager for Microservices Developer Guide.

Set Up the Required Software
You must complete the following tasks before you begin running the sample applications in OKE.
Run XA Sample Applications
Run the XA sample application to transfer an amount from one department to another and to understand how you can use MicroTx to coordinate XA transactions. The MicroTx library files are already integrated with the sample application code.
Run Saga Sample Applications
Run the Saga sample application to book a trip and understand how you can use MicroTx to coordinate the transactions. The MicroTx library files are already integrated with the sample application code.
Run TCC Sample Applications
Run the TCC sample application to book a trip and understand how you can use MicroTx to coordinate the transactions. The MicroTx library files are already integrated with the sample application code.

6.1 Set Up the Required Software

You must complete the following tasks before you begin running the sample applications in OKE.

Run the following command to download Istio.
```
curl -sL https://istio.io/downloadIstioctl | sh -
```
When you run the runme.sh script, it installs Istio.
Add the istioctl client tool to the PATH environment variable of your local system. The following example specifies the a sample value. Provide the path based on your environment.
```
export PATH=$HOME/.istioctl/bin:$PATH
```
Install the following required software.
- npm version 7.x or later. See https://nodejs.org/en/download/.
- Maven version 3.6 or later. See https://maven.apache.org/download.cgi.
- Java JDK version 11 or later. See https://www.oracle.com/java/technologies/downloads/.
- cURL. See https://curl.se/download.html.
- jq. See https://stedolan.github.io/jq/download/.
- OpenSSL. See https://www.openssl.org/.
Install and configure Kubernetes command-line interface (Kubectl), 1.21.x or later versions, to work with your Kubernetes cluster. See https://kubernetes.io/docs/tasks/tools/.
Use Kubectl to create and manage your deployments. Kubectl uses the Kubernetes APIs to interact with the cluster.
Install the latest version of Helm 3.x on your local machine. See https://helm.sh/docs/intro/install/.
Install Oracle Cloud Infrastructure (OCI) CLI. Ensure that OCI CLI is configured to connect to the Kubernetes cluster. See https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm.
Create a Kubernetes Cluster with OKE.
1. Log in to the Oracle OCI cloud console. See https://www.oracle.com/in/cloud/sign-in.html.
2. Create a Kubernetes cluster in the OKE environment. See Quick Create Workflow to Create a Cluster in Oracle Cloud Infrastructure documentation.
3. Set up local access to the Kubernetes cluster that you have created so that you can access your OKE cluster environment from your local machine. See Setting Up Local Access to Clusters in Oracle Cloud Infrastructure documentation.
Create an access token. To create an access token using Oracle IAM and Oracle IDCS, see Use Oracle Identity Providers and Create an Access Token. If you want to use Keycloak or Microsoft AD as the identity provider, refer to their product documentation for information about setting up the identity provider and creating an access token.
Set up resource managers for the two transaction participant services to run the sample XA application. Set up Oracle Database as the resource manager. See Set Up XA-Compliant Resource Managers.
Ensure that Java Development Kit (JDK) is installed on your local system, and then run the following commands in the Bash shell to set the following environment variables.
```
export JAVA_HOME=jdk-install-dir
export PATH=$JAVA_HOME/bin:$PATH
```
The JDK contains keytool, a utility to create and manage certificates. The runme.sh script runs the keytool utility to generate a certificate to enable TLS to access MicroTx.
Ensure that you have sudo privileges to run commands in the Bash shell.

Use Oracle Identity Providers
You can use Oracle Identity Cloud Service (IDCS) or Oracle IAM as an identity provider to manage access to your application.
Create an Access Token
This topic provides details to create an access token when you use Oracle IDCS or Oracle IAM as the identity provider.

Parent topic: Quick Start with OKE

6.1.1 Use Oracle Identity Providers

You can use Oracle Identity Cloud Service (IDCS) or Oracle IAM as an identity provider to manage access to your application.

If you want to use Keycloak or Microsoft AD as the identity provider, refer to their product documentation for information about setting up the identity provider and creating an access token.

Oracle Cloud Infrastructure previously used Oracle IDCS as the identity provider. Now, Oracle Cloud Infrastructure uses Oracle IAM as the identity provider.

To identify if your Oracle Cloud Infrastructure tenancy uses Oracle IDCS or Oracle IAM:

Log in to the Oracle Cloud Infrastructure console.
Open the navigation menu and click Identity & Security.
- Under Identity, if you see Users and Groups, your tenancy has not been migrated to Oracle IAM. Your tenancy uses Oracle IDCS.
- Under Identity, if you see Domains, your tenancy has been migrated to Oracle IAM.

Based on whether your tenancy uses Oracle IDCS or Oracle IAM, you can use the relevant information to create a confidential application and activate it.

Use Oracle IAM as Identity Provider
You can use Oracle IAM as identity provider to manage access to your application.
Use Oracle IDCS as Identity Provider
You can use Oracle IDCS as identity provider to manage access to your application.

Parent topic: Set Up the Required Software

6.1.1.1 Use Oracle IAM as Identity Provider

You can use Oracle IAM as identity provider to manage access to your application.

In the Oracle Cloud Infrastructure console, add your application as a confidential application. See Adding a Confidential Application in Oracle Cloud Infrastructure documentation.
While adding a confidential application, perform the following tasks:
1. On the Configure OAuth pane, under Resource server configuration, click Skip for later.
2. On the Configure OAuth pane, click Configure this application as a client now, and then select the following options:
  - Resource owner
  - Client credentials
  - JWT assertion
  - Refresh token
  - Authorization code
  - Allow HTTP URLs: Optional. Select this option only if you want to add a redirect URL without HTTPS. If you don't select this option, only HTTPS URLs are supported.
  - Add Redirect URL: Enter the application URL where the user is redirected after authentication.
3. Skip web tier policy configuration.
The application is created.
Click Activate to activate the application.
Under General Information, note down the values for Client ID and Client secret.
Click Users, and then assign users to the application. See Assigning Users to Custom Applications in Oracle Cloud Infrastructure documentation.
Open the navigation menu and click Identity & Security. Under Identity, click Domains. Select the identity domain you want to work in.
The Domain information tab of the identity domain is displayed.
From this tab, copy the Domain URL. For example, https://idcs-a83e4de370ea4db1b8c703a0b742ce74.identity.oraclecloud.com. You'll need this information while running the Discovery URL.
Enable client access for the signing certificate. By default, access is restricted to only the signed-in users. To access this certificate in Docker, Kubernetes, and Istio, you must enable client access.
1. Select the identity domain you want to work in and click Settings and then Domain settings.
2. Turn on the switch under Access Signing Certificate to enable clients to access the tenant signing certificate without logging in to IAM.
3. Click Save to save the default settings.
4. To check if you can access the certificate without logging in, type the following link in a new browser window.
```
https://<yourtenant>.identity.oraclecloud.com/admin/v1/SigningCert/jwk
```
  Where, <yourtenant> are the details of your Oracle Cloud Infrastructure tenancy.
  
  You should be able to open the link without logging in to Oracle Cloud Infrastructure.

Parent topic: Use Oracle Identity Providers

6.1.1.2 Use Oracle IDCS as Identity Provider

You can use Oracle IDCS as identity provider to manage access to your application.

In the Oracle Cloud Infrastructure console, add your application as a confidential application. See Adding a Confidential Application in Administering Oracle Identity Cloud Service.
While adding a confidential application, perform the following tasks:
1. On the Add Confidential Application wizard's Client page, click Configure this application as a client now.
2. In the Authorization section, select the following options:
  - Resource owner
  - Client credentials
  - JWT assertion
  - Refresh token
  - Authorization code
  - Redirect URL: Enter the application URL where the user is redirected after authentication.
3. Skip the next steps. Use the default selections, and then click Finish. The application has been added in a deactivated state.
4. Record the Client ID and Client Secret that appear in the Application Added dialog box. You will need to provide this information later.
5. Click Close.
  The new application's details page is displayed.
6. At the top of the page, to the right of the application name, click Activate to activate the application.
7. In the Activate Application? dialog box, click Activate Application.
Click Users, and then assign users to the application. See Assign Applications to the User Account in Administering Oracle Identity Cloud Service.
Enable client access for the signing certificate. By default, access is restricted to only the signed-in users. To allow clients to access the tenant signing certificate and the SAML metadata without logging in to Oracle Identity Cloud Service, perform the following steps.
1. In the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Default Settings.
2. Turn on the Access Signing Certificate option.
3. Click Save to save the default settings.

Parent topic: Use Oracle Identity Providers

6.1.2 Create an Access Token

This topic provides details to create an access token when you use Oracle IDCS or Oracle IAM as the identity provider.

If you want to use Keycloak or Microsoft AD as the identity provider, refer to their product documentation for information about setting up the identity provider and creating an access token.

API calls to the service require a valid authentication token. Create an access token which you can specify in subsequent API calls to the service. In addition to the access token, you can also specify the refresh token in subsequent API calls to the service. MicroTx uses the refresh token to refresh an expired access token.

Before you begin, ensure that you have set up your identity provider and noted down the values for client ID, client secret, and the domain URL.

Launch a terminal and enter the following command.
```
echo -n "clientid:clientsecret" | base64 -w 0 
```
Where, replace clientid:clientsecret with the values in your environment. -w 0 is added for Linux to the command to remove line breaks.
The base64 encoded value of the client ID and client secret is returned. Note down this value as you will need to provide it later.

Based on your environment, you can use any base64 client to encode the clientid:clientsecret.
Copy the value that is returned. You'll have to provide this value every time you want to create an authentication token.

Get an authentication token using the base64-encoded value, as shown in the following cURL command example. Run one of the following commands based on whether you want to generate only the access token or the refresh token as well.

The following command creates the access token.

Command syntax

curl -i 
-H "Authorization:Basic {base64 encoded value of clientid:clientsecret}"
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
--request POST https://domain-url/oauth2/v1/token
-d "grant_type=password&username=username&password&scope=urn:opc:idm:__myscopes__"

Example

curl -i 
-H "Authorization:Basic ZWY1N2E1OWUyZjY..."
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
--request POST https://idcs-a83e4de370ea4db1b8c703a0b742ce74.identity.oraclecloud.com/oauth2/v1/token
-d "grant_type=password&username=acme@example.com&password&scope=urn:opc:idm:__myscopes__"

The following command creates the access token and the refresh token.

Command syntax

curl -i 
-H "Authorization:Basic {base64 encoded value of clientid:clientsecret}"
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
--request POST https://domain-url/oauth2/v1/token
-d "grant_type=password&scope=urn:opc:idm:__myscopes__+offline_access&username=username&password=password"

Example

curl -i 
-H "Authorization:Basic ZWY1N2E1OWUyZjY..."
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
--request POST https://idcs-a83e4de370ea4db1b8c703a0b742ce74.identity.oraclecloud.com/oauth2/v1/token
-d "grant_type=password&scope=urn:opc:idm:__myscopes__+offline_access&username=acme@example.com&password=password"

Copy the access_token value from the response as shown in the following example.
Example output
```
{
  "access_token":"eyJ4Lm...",
  "expires_in": 300,
  "refresh_expires_in": 1800,
  "refresh_token": "ey5Gkr...",
  "token_type": "Bearer",
  "not-before-policy": 0,
  "session_state": "c966d...",
  "scope": "profile email"
}
```
The example response has been truncated with ellipses (...) for readability.

Make sure to copy only the actual token, which is the access_token and refresh_token values between the quotation marks.
Store the authentication token and refresh tokens in environment variables, as shown in the following example for a Linux host.
```
export TOKEN="eyJ4Lm..."
export REFRESH_TOKEN="ey5Gkr..."
```
Store the authentication cookie in an environment variable, as shown in the following example for a Linux host.
```
export OTMM_COOKIE="eyJh...x_THw"
```
The example value has been truncated with ellipses (...) for readability.

After you obtain the OAuth 2.0 tokens, use the tokens in the authorization and refresh-token headers while making subsequent API calls to the service.

Parent topic: Set Up the Required Software

6.2 Run XA Sample Applications

Run the XA sample application to transfer an amount from one department to another and to understand how you can use MicroTx to coordinate XA transactions. The MicroTx library files are already integrated with the sample application code.

The sample application demonstrates how you can develop microservices that participate in XA transactions while using MicroTx to coordinate the transactions. When you run the Teller application, it withdraws money from one department and deposits it to another department by creating an XA transaction. Within the XA transaction, all actions such as withdraw and deposit either succeed, or they all are rolled back in case of a failure of any one or more actions. For details about the sample XA application, see About the Sample XA Application in Transaction Manager for Microservices Developer Guide.

Before you begin, note down the following information:

Name of the Oracle Cloud Infrastructure Registry to which you want the script to push the Docker images of the sample applications.
Details to connect to the database, such as credentials and connection string.
Complete the prerequisites and set up the required software. See Prerequisites.

To run the sample XA application using the runme.sh script file:

Enter the following commands in a bash shell to run the runme.sh script file.
```
cd installation_directory/otmm-<version>
sh runme.sh
```
Type 3 to run sample applications in the OKE environment.

The script installs and configures Istio, and then prints the URL to access the Istio ingress gateway.
You can deploy observability consoles, such as Kiali and Jaeger, to track and trace distributed transactions in MicroTx. If these consoles are already deployed in the Istio service mesh, the script skips this step.
1. Type 1 to deploy the consoles.
2. Type 1 to confirm that you want to deploy Kiali.
  Kiali is deployed, along with the prerequisites such as Prometheus, and then the Kiali dashboard is displayed in the default browser.
3. Type 1 to confirm that you want to deploy Jaeger.
  Jaeger is deployed, and then the Jaeger dashboard is displayed in the default browser.
  
  Kiali and Jaeger dashboards are displayed in the default browser only if you are running the runme.sh script file on a system with graphical user interface. If you are running the runme.sh script on a remote system and you have connected through a console or terminal, then you must set up port forwarding to view the dashboards from your system.
Provide the following information to enable the script to create a self-signed certificate. A certificate is required to create a secure connection to access MicroTx using TLS.
1. Enter the password to access the Bash shell with sudo privileges.
2. Enter the password to access the Java KeyStore.
  The script accesses the KeyStore and generates a self-signed certificate.
3. Type 1 to confirm that you trust the certificate.
4. Re-enter the password to access the Java KeyStore.
  The script adds the certificate to the KeyStore.
Specify the name of the Oracle Cloud Infrastructure Registry in the format <region-key>.ocir.io.

For example, iad.ocir.io. For information about region keys, see Regions and Availability Domains in Oracle Cloud Infrastructure documentation.
Specify the name of the repository to which you want to push the Docker image of the sample application in the format <region-key>.ocir.io/<repository_name>.

For example, iad.ocir.io/otmmrepo. The runme.sh script builds and pushes the images to the specified repository. It also prefixes the specified value to the image name as a tag.
Enter user name to access the registry.
Enter the password to access the registry.

The script loads the Docker image of MicroTx, and then installs MicroTx.
Type 1 to run the sample application that uses the XA transaction protocol.
Provide details for the Department One application to connect with its resource manager.
1. If you use Oracle Autonomous Database as the resource manager, enter the path to the Oracle Autonomous Database wallet that you have previously downloaded and extracted to your local machine. For example, installation_directory/xa/java/department-helidon/Database_Wallet.
  
  If you are using another Oracle Database, press Enter as you don't need to provide details of the wallet.
2. Enter the connection string to the data store in Oracle Database.
  - If you are using a non-autonomous Oracle Database (a database that does not use a credential wallet), use the following format to enter the connection string:
```
jdbc:oracle:thin:@<publicIP>:<portNumber>/<database unique name>.<host domain name>
```
    For example:
    jdbc:oracle:thin:@123.213.85.123:1521/CustDB_iad1vm.sub05031027070.customervcnwith.oraclevcn.com
  - If you are using Oracle Database Cloud Service with Oracle Cloud Infrastructure, see Create the Oracle Database Classic Cloud Service Connection String in Using Oracle Blockchain Platform.
  - If you are using Oracle Autonomous Transaction Processing, use the following format to enter the connection string:
```
jdbc:oracle:thin:@tcps://<host>:<port>/<service_name>?wallet_location=<wallet_dir>
```
    You can find the required details, such as host, port, and service name in the tnsnames.ora file, which is located in folder where you have extracted the wallet.
    
    For example:
```
jdbc:oracle:thin:@tcps://adb.us-phoenix-1.oraclecloud.com:7777/unique_connection_string_low.adb.oraclecloud.com?wallet_location=Database_Wallet
```
3. Enter the user name to access the Oracle Database, such as SYS.
4. Enter the password for the Oracle Database user.
The script installs and runs the Department One application.
Provide details for the Department Two application to connect with its resource manager.
1. If you use Oracle Autonomous Database as the resource manager, enter the path to the Oracle Autonomous Database wallet that you have previously downloaded and extracted to your local machine. For example, installation_directory/xa/java/department-helidon/Database_Wallet.
  
  If you are using another Oracle Database, press Enter as you don't need to provide details of the wallet.
2. Enter the connection string to the data store in Oracle Database.
  - If you are using a non-autonomous Oracle Database (a database that does not use a credential wallet), use the following format to enter the connection string:
```
jdbc:oracle:thin:@<publicIP>:<portNumber>/<database unique name>.<host domain name>
```
    For example:
    jdbc:oracle:thin:@123.213.85.123:1521/CustDB_iad1vm.sub05031027070.customervcnwith.oraclevcn.com
  - If you are using Oracle Database Cloud Service with Oracle Cloud Infrastructure, see Create the Oracle Database Classic Cloud Service Connection String in Using Oracle Blockchain Platform.
  - If you are using Oracle Autonomous Transaction Processing, use the following format to enter the connection string:
```
jdbc:oracle:thin:@tcps://<host>:<port>/<service_name>?wallet_location=<wallet_dir>
```
    You can find the required details, such as host, port, and service name in the tnsnames.ora file, which is located in folder where you have extracted the wallet.
    
    For example:
```
jdbc:oracle:thin:@tcps://adb.us-phoenix-1.oraclecloud.com:7777/unique_connection_string_low.adb.oraclecloud.com?wallet_location=Database_Wallet
```
3. Enter the user name to access the Oracle Database, such as SYS.
4. Enter the password for the Oracle Database user.
The script installs and runs the Department Two application.
Type 1 to run the Teller application to transfer an amount from Department One to Department Two by creating an XA transaction.
Enter the account number from which you want to withdraw an amount. The sample table contains the following account numbers: account1 to account5. If you do not enter an account number and press enter, the default value is account1.
The account balance is displayed.
Enter the name of the account to which you want to deposit the amount. The sample table contains the following account numbers: account1 to account5. If you do not enter an account number and press enter, the default value is account2.
The account balance is displayed.
Enter the amount that you want to transfer. For example, 300. If you do not enter an amount and press enter, the default value is 100.
The account balance of both accounts after the transaction are displayed on the screen. You can compare the earlier account balance with the current balance to ensure that the amount has been transferred.
Press any key to exit.
Type 1 to stop running all the microservices in the sample application and uninstall it.
Type 1 to uninstall MicroTx. If you want use the existing installation to run other sample applications, type 2.
Type 1 to uninstall Istio. If you want use the existing installation to run other sample applications, type 2.

What's next?

Use the Kiali dashboard to view how the MicroTx handles the flow of requests between the sample microservices.
Perform distributed tracing using Jaeger to trace the entire transaction. See Perform Distributed Tracing with Jaeger.
Run another sample application.
View the source files of the sample application.
View the log files to find more details about the transactions.
Create and run your own application using MicroTx.

Parent topic: Quick Start with OKE

6.3 Run Saga Sample Applications

Run the Saga sample application to book a trip and understand how you can use MicroTx to coordinate the transactions. The MicroTx library files are already integrated with the sample application code.

The sample application demonstrates how you can develop microservices that participate in Saga transactions while using MicroTx to coordinate the transactions. When you run the application, it makes a provisional booking by reserving a hotel room and flight ticket. Only when you provide approval to confirm the booking, the booking of the hotel room and flight ticket is confirmed. If you cancel the provisional booking, the hotel room and flight ticket that was blocked is released and the booking is canceled. By default, the hotel and flight service permits only three confirmed bookings. To enable you to test the failure scenario, the services reject any additional booking requests that are made after three confirmed bookings. This leads to the cancellation (compensation) of a provisionally booked hotel or flight within the trip and the trip is not booked. For details about the sample Saga application, see About the Sample Saga Application in Transaction Manager for Microservices Developer Guide.

To run the sample Saga application using the runme.sh script file:

Enter the following commands in a bash shell to run the runme.sh script file.
```
cd installation_directory/otmm-<version>
sh runme.sh
```
Type 3 to run sample applications in the OKE environment.

The script installs and configures Istio, and then prints the URL to access the Istio ingress gateway.
You can deploy observability consoles, such as Kiali and Jaeger, to track and trace distributed transactions in MicroTx. If these consoles are already deployed in the Istio service mesh, the script skips this step.
1. Type 1 to deploy the consoles.
2. Type 1 to confirm that you want to deploy Kiali.
  Kiali is deployed, along with the prerequisites such as Prometheus, and then the Kiali dashboard is displayed in the default browser.
3. Type 1 to confirm that you want to deploy Jaeger.
  Jaeger is deployed, and then the Jaeger dashboard is displayed in the default browser.
  
  Kiali and Jaeger dashboards are displayed in the default browser only if you are running the runme.sh script file on a system with graphical user interface. If you are running the runme.sh script on a remote system and you have connected through a console or terminal, then you must set up port forwarding to view the dashboards from your system.
Provide the following information to enable the script to create a self-signed certificate. A certificate is required to create a secure connection to access MicroTx using TLS.
1. Enter the password to access the Bash shell with sudo privileges.
2. Enter the password to access the Java KeyStore.
  The script accesses the KeyStore and generates a self-signed certificate.
3. Type 1 to confirm that you trust the certificate.
4. Re-enter the password to access the Java KeyStore.
  The script adds the certificate to the KeyStore.
Specify the name of the Oracle Cloud Infrastructure Registry in the format <region-key>.ocir.io.

For example, iad.ocir.io. For information about region keys, see Regions and Availability Domains in Oracle Cloud Infrastructure documentation.
Specify the name of the repository to which you want to push the Docker image of the sample application in the format <region-key>.ocir.io/<repository_name>.

For example, iad.ocir.io/otmmrepo. The runme.sh script builds and pushes the images to the specified repository. It also prefixes the specified value to the image name as a tag.
Enter user name to access the registry.
Enter the password to access the registry.

The script loads the Docker image of MicroTx, and then installs MicroTx.
Type 2 to run the sample application that uses the Saga transaction protocol.

The script installs the sample application.
Type 1 to confirm that you want to run the Saga sample application, and then press Enter.
The sample application provisionally books a hotel room and a flight ticket and displays the details of the provisional booking. In case of any issues, the provisional booking is not made and the status displayed is Failed Trip Booking.
Confirm or cancel the provisional booking. Type 1 to confirm a successful provisional booking or type 2 to cancel a provisional booking, and then press Enter.
If you type 1, your booking is confirmed and information about your confirmed booking is displayed.
Press any key to exit.
Type 1 to stop running all the microservices in the sample application and uninstall it.
Type 1 to uninstall MicroTx. If you want use the existing installation to run other sample applications, type 2.
Type 1 to uninstall Istio. If you want use the existing installation to run other sample applications, type 2.

What's next?

Use the Kiali dashboard to view how the MicroTx handles the flow of requests between the sample microservices.
Perform distributed tracing using Jaeger to trace the entire transaction. See Perform Distributed Tracing with Jaeger.
Run another sample application.
View the source files of the sample application.
View the log files to find more details about the transactions.
Create and run your own application using MicroTx.

Parent topic: Quick Start with OKE

6.4 Run TCC Sample Applications

Run the TCC sample application to book a trip and understand how you can use MicroTx to coordinate the transactions. The MicroTx library files are already integrated with the sample application code.

The sample TCC application implements a scenario where the travel agent microservice books a trip, flight booking service books a flight, and the hotel booking microservice books a hotel. The travel agent service accesses both the flight and hotel booking services. When a customer books a flight and a hotel, the booking is reserved until either the customer completes the payment and confirms the booking. In case of any failure, the reserved resources are canceled and the resources are returned back to the inventory. For details about the sample TCC application, see About the Sample TCC Application in Transaction Manager for Microservices Developer Guide.

To run the sample TCC application using the runme.sh script file:

Enter the following commands in a bash shell to run the runme.sh script file.
```
cd installation_directory/otmm-<version>
sh runme.sh
```
Type 3 to run sample applications in the OKE environment.

The script installs and configures Istio, and then prints the URL to access the Istio ingress gateway.
You can deploy observability consoles, such as Kiali and Jaeger, to track and trace distributed transactions in MicroTx. If these consoles are already deployed in the Istio service mesh, the script skips this step.
1. Type 1 to deploy the consoles.
2. Type 1 to confirm that you want to deploy Kiali.
  Kiali is deployed, along with the prerequisites such as Prometheus, and then the Kiali dashboard is displayed in the default browser.
3. Type 1 to confirm that you want to deploy Jaeger.
  Jaeger is deployed, and then the Jaeger dashboard is displayed in the default browser.
  
  Kiali and Jaeger dashboards are displayed in the default browser only if you are running the runme.sh script file on a system with graphical user interface. If you are running the runme.sh script on a remote system and you have connected through a console or terminal, then you must set up port forwarding to view the dashboards from your system.
Provide the following information to enable the script to create a self-signed certificate. A certificate is required to create a secure connection to access MicroTx using TLS.
1. Enter the password to access the Bash shell with sudo privileges.
2. Enter the password to access the Java KeyStore.
  The script accesses the KeyStore and generates a self-signed certificate.
3. Type 1 to confirm that you trust the certificate.
4. Re-enter the password to access the Java KeyStore.
  The script adds the certificate to the KeyStore.
Specify the name of the Oracle Cloud Infrastructure Registry in the format <region-key>.ocir.io.

For example, iad.ocir.io. For information about region keys, see Regions and Availability Domains in Oracle Cloud Infrastructure documentation.
Specify the name of the repository to which you want to push the Docker image of the sample application in the format <region-key>.ocir.io/<repository_name>.

For example, iad.ocir.io/otmmrepo. The runme.sh script builds and pushes the images to the specified repository. It also prefixes the specified value to the image name as a tag.
Enter user name to access the registry.
Enter the password to access the registry.

The script loads the Docker image of MicroTx, and then installs MicroTx.
Type 3 to run the sample application that uses the TCC transaction protocol.
Type 1 to run Java applications or type 2 to run Node.js applications.
The script installs and then runs the three sample microservices: Flight booking, Hotel booking, and Travel agent.
Type y to confirm that you want to run the TCC sample application, and then press Enter.
The sample application reserves a hotel room and a flight ticket and displays the reservation details.
Confirm or cancel the booking. Type y to confirm the booking or type n to cancel the booking, and then press Enter.

If you type y, the booking is confirmed and details about the confirmed booking are displayed.

If you type n, the Travel Agent microservice cancels the reserved resources and returns the resources back to the inventory.
Press any key to exit.
Type 1 to stop running all the microservices in the sample application and uninstall it.
Type 1 to uninstall MicroTx. If you want use the existing installation to run other sample applications, type 2.
Type 1 to uninstall Istio. If you want use the existing installation to run other sample applications, type 2.

What's next?

Use the Kiali dashboard to view how the MicroTx handles the flow of requests between the sample microservices.
Perform distributed tracing using Jaeger to trace the entire transaction. See Perform Distributed Tracing with Jaeger.
Run another sample application.
View the source files of the sample application.
View the log files to find more details about the transactions.
Create and run your own application using MicroTx.

Parent topic: Quick Start with OKE