Creating a Basic UIM Cloud Native Instance

4 Creating a Basic UIM Cloud Native Instance

This chapter describes how to create a basic UIM cloud native instance in your cloud environment using the operational scripts and the base UIM configuration provided in the UIM cloud native toolkit. You can create a UIM instance quickly in order to become familiar with the process, explore the configuration, and structure your own project. This procedure is intended to validate that you are able to create a basic UIM instance in your environment. For information on creating your own project with custom configuration, see "Creating Your Own UIM Cloud Native Instance".

Before you can create a UIM instance, you must do the following:

Download and extract the UIM cloud native toolkit archive file
Clone the WebLogic Kubernetes Operator (WKO) GIT repository. This is required to be performed on each host that installs and runs the toolkit scripts when a Kubernetes cluster is shared by multiple hosts.
Install the WKO and Traefik container images. These tasks are required to be performed for each cluster that has shared resources.

Installing the UIM Cloud Native Artifacts and the Toolkit

Build container images for the following using the UIM cloud native Image Builder:

UIM core application
UIM database installer

You must create a private Docker repository for these images, ensuring that all nodes in the cluster have access to the repository. See "About Container Image Management" for more information.

Download the UIM cloud native toolkit archive and do the following:

On Oracle Linux: Where Kubernetes is hosted on Oracle Linux, download and extract the tar archive to each host that has connectivity to the Kubernetes cluster.
On OKE: For an environment where Kubernetes is running in OKE, extract the contents of the tar archive on each OKE client host. The OKE client host is the bastion host/s that is set up to communicate with the OKE cluster.

Set the variable for the installation directory by running the following command, where uim_cntk_path is the installation directory of the UIM cloud native toolkit:

$ mkdir uim-cntk-path
$ tar -xvf uim-cntk.tar.gz --directory uim-cntk-path
$ export UIM_CNTK=uim_cntk_path

Installing WebLogic Kubernetes Operator (WKO) and Ingress Controller

In a shared environment, multiple developers may create UIM instances in the same cluster, using a shared WebLogic Kubernetes Operator.

Note:

There can be multiple operators in a Kubernetes cluster, and in that case, you must ensure that the namespaces managed by these operators do not overlap. A namespace can be managed by one operator.

For each cluster in your environment, you download and install the following:

WebLogic Kubernetes Operator (WKO) application deployment
Traefik Ingress Controller deployment

Before installing the WKO image and the Traefik image, do the following tasks:

Remove the instances of the WKO and Traefik that you installed to validate your cloud environment.
Ensure that you have cleaned up the environment. See "Validating Your Cloud Environment" for instructions on cleaning up.
Ensure that there are no WebLogic Server Operator artifacts in the environment.

Installing the WebLogic Kubernetes Operator Container Image

UIM cloud native package does not provide scripts to install or remove the WebLogic Kubernetes operator. See WKO Documentation for Installing and uninstalling Weblogic Operator.

See UIM Compatibility Matrix for WKO recommended version.

For example, to download and install the WKO version:

See https://github.com/oracle/weblogic-kubernetes-operator/releases/.
Choose a namespace for the operator and set the WLSKO_NS environment variable to the Kubernetes namespace in which WKO will be deployed.

Note:

Oracle recommends you use --version=<version> while installing. See UIM Compatibility Matrix for the corresponding WKO version.

Oracle recommends you set the label to the same as namespace using --set "domainNamespaceLabelSelector=<namespace>=enabled" instead of the default label "weblogic-operator=enabled" as having multiple operators installed with the same label is not recommended.
After successful installation of WKO, validate that the operator is installed by running the following command:
```
kubectl get pods -n $WLSKO_NS
```

If you are using a version older than 3.1.0, the operator is supported to specify the namespaces that can be managed only through a list. Currently, the operator supports a list of namespaces, a label selector, or a regular expression matching namespace names.

Note:

If you are upgrading from UIM CN 7.5.1 and an older version of the WebLogic Operator, see "Upgrading the UIM Cloud Native Environment" for more information.

Installing the Ingress Controller

You can use any Ingress Controller that conforms to the standard Kubernetes ingress API and that supports annotations required for UIM. See "Working with Ingress, Ingress Controller, and External Load Balancer" for more information.

Note:

Oracle does not certify individual Ingress Controllers to confirm this generic compatibility.

WebLogic Kubernetes Operator describes the installation and the usage of the NGINX Ingress controller. See https://github.com/oracle/weblogic-kubernetes-operator/blob/release/4.1/kubernetes/samples/charts/nginx/README.md for more information.

Installing the Traefik Ingress Controller as Alternate (Deprecated)

While UIM cloud native supports using Traefik as Ingress Controller, Oracle recommends to use an Ingress Controller that supports the generic Kubernetes ingress API. See "Installing the Ingress Controller" for more information.

To leverage the UIM cloud native samples that integrate with Traefik, the Kubernetes environment must have the Traefik ingress controller installed and configured.

If you are working in an environment where the Kubernetes cluster is shared, confirm whether Traefik has already been installed and configured for UIM cloud native. If Traefik is already installed and configured, set your TRAEFIK_NS environment variable to the appropriate namespace.

The instance of Traefik that you installed to validate your cloud environment must be removed as it does not leverage the UIM cloud native samples. Ensure that you have removed this installation in addition to purging the Helm release. Check that any roles and rolebindings created by Traefik are removed. There could be a clusterrole and clusterrolebinding called "traefik-operator". There could also be a role and rolebinding called "traefik-operator" in the $TRAEFIK_NS namespace. Delete all of these before you set up Traefik.

To download and install the Traefik container image:

Ensure that Docker in your Kubernetes cluster can pull images from Docker Hub. See UIM Compatibility Matrix for the required and supported versions of the Traefik image.
Run the following command to create a namespace ensuring that it does not already exist:

Note:
You might want to add the traefik namespace to the environment setup like .bashrc.
```
kubectl get namespaces
export TRAEFIK_NS=traefik   
kubectl create namespace $TRAEFIK_NS
```
Run the following commands to install Traefik using the $UIM_CNTK/samples/charts/traefik/values.yaml file in the samples:
Note:
- Set kubernetes.namespaces and the chart version specifically using command line.
- For details about the required chart version of Traefik, see UIM Compatibility Matrix. The following is a sample to install Traefik chart of version 15.1.0.
- $UIM_CNTK/samples/charts/traefik/values.yaml that is used to install Traefik has an argument "--serversTransport.insecureSkipVerify=true" to skip verification of self-signed certificates. This argument should be enabled to trust self-signed certificates. Uncomment the argument to disable the verification of these certificates between Traefik and the back-end server.
```
helm repo add traefik https://helm.traefik.io/traefik
helm install traefik-operator traefik/traefik \
--namespace $TRAEFIK_NS \
--version 15.1.0 \
--values $UIM_CNTK/samples/charts/traefik/values.yaml \
--set "providers.kubernetesCRD.namespaces={$TRAEFIK_NS}" \
--set "providers.kubernetesIngress.namespaces={$TRAEFIK_NS}"
```

After the installation, Traefik monitors the namespaces listed in its kubernetes.namespaces field for Ingress objects. The scripts in the toolkit manage this namespace list as part of creating and tearing down UIM cloud native projects.

When the values.yaml Traefik sample in the UIM cloud native toolkit is used as is, Traefik is exposed to the network outside of the Kubernetes cluster through port 30305. To use a different port, edit the YAML file before installing Traefik. Traefik metrics are also available for Prometheus to scrape from the standard annotations.

Traefik function can be viewed using the Traefik dashboard. Create the Traefik dashboard by running the instructions provided in the $UIM_CNTK/samples/charts/traefik/traefik-dashboard.yaml file. To access this dashboard, the URL is: http://traefik.uim.org. This is if you use the values.yaml file provided with the UIM cloud native toolkit; it is possible to change the hostname as well as the port to your desired values.

Creating a Basic UIM Instance

This section describes how to create a basic UIM instance. In this section, while creating a basic instance, the project name is considered as "sr" and instance name is considered as "quick".

Setting Environment Variables

UIM cloud native relies on access to certain environment variables to run seamlessly. Ensure the following variables are set in your environment:

Path to your private specification repository
Traefik namespace

To set the environment variables:

Create a directory that serves as your specification repository, by running the following command, where spec_repo_path is the path to your private specification repository:

Note:
The scripts in the toolkit support multiple directories being supplied to the -s parameter in a colon separated list (path/one:path/two:path/three). For simplicity, the toolkit works with a single directory.
```
$ export SPEC_PATH=spec_repo_path/quickstart
```
Set the TRAEFIK_NS variable for Traefik namespace as follows:
```
$ export TRAEFIK_NS=Treafik Namespace
```
Set the TRAEFIK_CHART_VERSION variable for Traefik helm chart version. Refer UIM Compatibility Matrix for appropriate version. The following is a sample for Traefik chart version 15.1.0.
```
$ export TRAEFIK_CHART_VERSION=15.1.0
```

Registering the Namespace

After you set the environment variables, register the namespace. If you are working with wlsko as the targetNamespace, then RegisterNamespace script offers an additional -l option that enables you to include the label selector used during the operator installation.

If a label selector is not added while installing the operator:

By default the weblogic-enabled=true label is added to your $WLSKO_NS namespace so that the operator can monitor it.

If a label selector is added while installing the operator:

Ensure that you include the same label using the -l option, as follows.

To register the namespace for wlsko, run the following command:

#if you have defined labelselector while installing operator Example: wlsko=enabled
 $UIM_CNTK/scripts/register-namespace.sh -p <project> -t targets -l <label-Selector>
#For example, $UIM_CNTK/scripts/register-namespace.sh -p sr -t wlsko -l wlsko=enabled
 
#if LabelSelector is not used while installing WKO then
$UIM_CNTK/scripts/register-namespace.sh -p sr -t targets
#For example, $UIM_CNTK/scripts/register-namespace.sh -p sr -t wlsko

To register the namespace for traefik:

$UIM_CNTK/scripts/register-namespace.sh -p <project> -t targets
# For example, $UIM_CNTK/scripts/register-namespace.sh -p sr -t traefik

'wlsko' and 'traefik' are the names of the targets for namespace registration. The script utilizes WLSKO_NS and TRAEFIK_NS to locate these targets. If you are not using Traefik, there is no need to specify the "traefik" target.

Note:

wlsko and traefik are the names of the targets for registering the namespace. The script uses WLSKO_NS and TRAEFIK_NS to locate these targets.
The traefik target must be provided only if you are using Traefik.
For Generic IngressController, the registration of namespace is not required. To select the ingress controller, you need to provide the ingressClassName value under the ingress.className field in the project.yaml file.
For more information about ingressClassName, see https://kubernetes.io/docs/concepts/services-networking/ingress/.

Creating Secrets

You must store sensitive data and credential information in the form of Kubernetes Secrets that the scripts and Helm charts in the toolkit consume. Managing secrets is out of the scope of the toolkit and must be implemented while adhering to your organization's corporate policies. Additionally, UIM cloud native does not establish password policies.

Note:

The passwords and other input data such as RCU schema prefix length that you provide must adhere to the policies specified by the appropriate component.

As a pre-requisite to use the toolkit for either installing the UIM database or creating a UIM instance, you must create secrets to access the following:

UIM database
RCU DB
OPSS
Operator artifacts for the instance
WebLogic Server Admin (credentials used while creating the domain)

The toolkit provides sample scripts for this purpose. However, they are not pipeline-friendly. The scripts should be used for creating an instance manually and quickly, but not for any automated process for creating instances. The scripts also illustrate both the naming of the secret and the layout of the data within the secret that UIM cloud native requires. You must create secrets prior to running the install-uimdb.sh or create-instance.sh scripts.

Run the following script to create the required secrets:

$UIM_CNTK/scripts/manage-instance-credentials.sh -p sr -i quick create wlsadmin,opssWP,wlsRTE,rcudb,uimdb

where:

uimdb specifies the connectivity details and the credentials for connecting to the UIM PDB (UIM schema). This is consumed by the UIM DB installer and UIM runtime.

Note:
The uimdb secrets contain PDB sysdba user and uim main schema user. The names of these must be unique.
rcudb specifies the connectivity details and the credentials for connecting to the UIM PDB (RCU schema). This is consumed by the UIM database installer and UIM and Fusion MiddleWare runtime.
wlsadmin is the credential for the intended user that will be created with administrative access to the WebLogic domain.
opssWP is the password for encrypting and decrypting the ewallet contents.
wlsRTE is the password used to encrypt the operator artifacts for this instance. The merged domain model and the domain ZIP are available in the operator config map and are encoded using this password.

Verify that the following secrets are created:

sr-quick-database-credentials
sr-quick-embedded-ldap-credentials
sr-quick-weblogic-credentials
sr-quick-rcudb-credentials
sr-quick-opss-wallet-password-secret
sr-quick-runtime-encryption-secret

Additionally, the secret opssWF is created by the installation process and does not follow the same guidelines. It is therefore not a pre-requisite for creating a new instance. In scenarios where a database is being re-used for a different UIM instance, then this becomes a pre-requisite secret. For more details, see "Reusing the Database State".

Creating Secrets for LDAP System Users

To create secrets for LDAP system users:

Create a user information file, for example: ldap_users.txt, with the list of users and groups as follows:

uim:uimadminuser:secret:uim-users
uim:uimcmwsuser:secret:Administrators,Cartridge_Management_WebService
uim:uimmetricsuser:secret:uim-metrics-users

Run the following command to create the required secrets for embedded LDAP system users:

$UIM_CNTK/samples/credentials/manage-uim-credentials.sh -p sr -i quick -c create -f "location to ldap_users.txt"

Assembling the Specifications

To assemble the specifications:

Copy the instance specification to your $SPEC_PATH and rename:
```
cp $UIM_CNTK/samples/instance.yaml $SPEC_PATH/sr-quick.yaml
```
Copy the project specification to your $SPEC_PATH and rename:
```
cp $UIM_CNTK/samples/project.yaml $SPEC_PATH/sr.yaml
```
You edit these files as per the instructions described in the sections that follow.

Installing the UIM and RCU Schemas

This procedure configures an empty PDB. Depending on the database strategy for your team, you may have already performed this procedure as described in "Planning Your Cloud Native Environment". Before continuing, confirm whether the PDB being used for creating the UIM instance has been cloned from a Master PDB that includes the schema installation. If the PDB already has the schema installed, skip this procedure and proceed to the Creating UIM Users and Groups topic.

After the PDB is created, it is configured with the UIM schema, the RCU schema, and the cluster leasing table.

To install the UIM and RCU schemas:

Note:

YAML formatting is case-sensitive. While the next step uses vi editor for editing, if you are not familiar with editing YAML files, use a YAML editor to ensure that you do not make any syntax errors while editing. Follow the indentation guidelines for YAML, as incorrect spacing can lead to errors.

Edit the project specification file and update the DB installer image to point to the location of your image as shown below:

Note:
Before changing the default values provided in the specification file, confirm that they align with the values used during PDB creation. For example, the default tablespace name should match the value used when PDB is created.
```
dbinstaller:
  image:  DB_installer_image_in_your_repo
```
If your environment requires a password to download the container images from your repository, create a Kubernetes secret with the Docker pull credentials. See the "Kubernetes documentation" for details. Refer the secret name in the project specification.
```
# The image pull access credentials for the "docker login" into Docker repository, as a Kubernetes secret.
# Uncomment and set if required.
# imagePullSecret: ""
```
Run the following script to start the UIM DB installer, which instantiates a Kubernetes Pod resource. The pod resource lives until the DB installation operation completes.
```
#(UIM Schema)
$UIM_CNTK/scripts/install-uimdb.sh -p project -i instance -s $SPEC_PATH -c 1 
## once finished
#(RCU Schema)
$UIM_CNTK/scripts/install-uimdb.sh -p project -i instance -s $SPEC_PATH -c 2 
```
You can invoke the script with -h to see the available options.
Check the console to see if the DB installer is installed successfully.
If the installation failed, run the following command to review the error message in the log:
```
kubectl logs -n sr sr-quick-dbinstaller
```
Clean up the failed pod by running the following command:
```
helm uninstall sr-quick-dbinstaller -n sr
```
Go back to step 4 and run the script again to install the UIM DB installer.

Generating Encrypted WebLogic Administrator's Password

To generate encrypted WebLogic administrator's password:

Run the following command to start the UIM DB installer, which initiates a Kubernetes Pod resource. The pod resource is available until the DB installation completes.
```
$UIM_CNTK/scripts/install-uimdb.sh -p sr -i quick -s $SPEC_PATH -c 8
```
Note:
To see further options available, use -h command.
Check the WebLogic console for successful DB installation. If the installation failed, run the following command to view the error message from the log:
```
kubectl logs -n sr sr-quick-dbinstaller
```
Clean up the failed pod using the following command:
```
helm uninstall sr-quick-dbinstaller -n sr
```

Verify the new secret that is created as follows:

kubectl get secrets -n sr | grep encrypted
sr-quick-weblogic-encrypted-credentials Opaque 1 5m32s

Configuring the Project Specification

The project specification is a Helm override file that contains values that are scoped to a project. The values specified in the specification are shared by all the instances of a project, unless they are overridden in an instance specification. Review the content about Helm chart layering in "Overview of the UIM Cloud Native Deployment".

To configure the project specification:

Edit the project specification to provide the image in your repository (name and tag) by running the following command:
```
vi $SPEC_PATH/sr.yaml
 
**  edit the image to reflect the UIM image name and location in your docker repository
 
image: uim_image_in_your_repository
```
If your environment requires a password to download the container images from your repository, create a Kubernetes secret with the Docker pull credentials. See the "Kubernetes documentation" for details. Refer the secret name in the project specification.
```
# The image pull access credentials for the "docker login" into Docker repository, as a Kubernetes secret.
# uncomment and set if required.
#imagePullSecret: ""
```
For your DNS resolution mechanism, change the default load balancer domain name as needed:
```
loadBalancerDomainName: "uim.org"
```

Configuring the Instance Specification

The instance specification is a Helm override file that contains values that are specific to a single instance. These values feed into the WDT model developed for the UIM WebLogic domain.

To configure the instance specification:

Edit the sr-quick.yaml file to specify the database details to enable MultiDataSource and Server Affinity:

db:
  datasourcesPrimary:
    port: 1521
    rcuPort: 1521
    # Below boolean is to enable server affinity, by default it is false.
    serverAffinityEnabled: false
    # Below boolean is to enable RAC DB Setup, by default it is false.
    multiDataSourceEnabled: false
    # If using RAC,enable multiDataSourceEnabled and provide list of SCAN hostname/IP addresses
    # If not using RAC, comment it out "#uimScans:"
    #uimScans:
    #  - scan1-ip
    #  - scan2-ip
    #
    # If using RAC, provide either a list of VIP hostname/IP addresses
    # or a list of INSTANCE_NAMES
    # If not using RAC, comment these out "#uimVips:" and "#uimInstances:"
    #
    #uimVips:
    #  - vip1-ip
    #  - vip2-ip
    # --- OR ---
    #uimInstances:
    #  - instance-1
    #  - instance-2
    # By default rcu and uim schema are colocated, if we have different rcu schema and different uim then below RAC details are to be provided.
    # If not provided it will not be considered as RAC.
    rcuUimSchemaCoLocated: true
    # RCU db information
    # If using RAC, provide list of SCAN hostname/IP addresses
    # If not using RAC, comment it out "#rcuScans:"
    #rcuScans:
    #  - scan1-ip
    #  - scan2-ip
    #
    # If using RAC, provide either a list of VIP hostname/IP addresses
    # or a list of INSTANCE_NAMES
    # If not using RAC, comment these out "#rcuVips:" and "#rcuInstances:"
    #
    #rcuVips:
    #  - vip1-ip
    #  - vip2-ip
    # --- OR ---
    #rcuInstances:
    #  - instance-1
    #  - instance-2

Assuming that oci-lb-service-traefik is the service created as part of the Oracle Cloud Infrastructure Load Balancer setup, run the following command to find the IP address of the Oracle Cloud Infrastructure LBaaS:
```
kubectl get svc -n traefik oci-lb-service-traefik --output=jsonpath="{..status.loadBalancer.ingress[0].ip}"
```
Because an external load balancer is not required to be configured for the basic UIM instance, change the value of loadBalancerPort to the default Traefik NodePort of 30305 if you are not using Oracle Cloud Infrastructure LBaaS:
```
loadBalancerPort: 30305
```
If you use Oracle Cloud Infrastructure LBaaS, or any other external load balancer, set loadBalancerPort to 80, and uncomment and update the value for loadBalancerIP appropriately:
```
loadBalancerPort: load_balancer_port
#loadBalancerIP: IP_address_of_the_load_balancer
```
Note:
If OAUTH is enabled, setting loadBalancerIP is mandatory.

Creating an Ingress

An ingress establishes connectivity to the UIM instances.

To create an Ingress, run the following command:

$UIM_CNTK/scripts/create-ingress.sh -p sr -i quick -s $SPEC_PATH
Project Namespace : sr
Instance Fullname : sr-quick
LB_HOST           : quick.sr.uim.org
Ingress Controller: TRAEFIK
External LB IP    : 192.0.0.8
 
NAME: sr-quick-ingress
LAST DEPLOYED: Wed Jul  1 10:20:27 2020
NAMESPACE: sr
STATUS: deployed
REVISION: 1
TEST SUITE: None
 
Ingress created successfully...

Creating a UIM Instance

This procedure describes how to create a UIM instance in your environment using the scripts that are provided with the toolkit.

To create a UIM instance:

Run the following command:
```
$UIM_CNTK/scripts/create-instance.sh -p sr -i quick -s $SPEC_PATH
```
The create-instance.sh script uses the Helm chart located in the charts/uim directory to create and deploy the domain custom resource and the domain config map for your instance. If the scripts fails, see the Troubleshooting Issues section at the end of this topic, before you make additional attempts.

The instance creation process creates the opssWF secret, which is required for access to the RCU DB. It is possible to handle the wallet manually if needed. To do so, pass -w to the create-instance.sh script, which creates the wallet file at a location you choose. You can then use this wallet file to create a secret by using the manage instance credentials script.

Validate the important input details such as Image name and tag, specification files used (Values Applied), hostname, and port for ingress routing:

$UIM_CNTK/scripts/create-instance.sh -p sr -i quick -s $SPEC_PATH
Calling helm lint==> Linting /scratch/sthatipa/cloudlab/uim-cntk/scripts/../charts/uim
[INFO] Chart.yaml: icon is recommended
1 chart(s) linted, 0 chart(s) failed
Project Namespace : sr
Instance Fullname : sr-quick
LB_HOST : quick.sr.uim.org 
LB_PORT : 30305 
Image : uim-cn-base:7.5.1.0.1
Shape : dev
Values  Applied : -f /scratch/sthatipa/cloudlab/uim-cntk/scripts/../charts/uim/values.yaml -f
      /scratch/sthatipa/cloudlab/uim-cntk/scripts/../charts/uim/shapes/dev.yaml   -f
      /scratch/sthatipa/uim/spec/sr.yaml -f  /scratch/sthatipa/uim/spec/sr-quick.yaml 
Output wallet : n/a

After the script finishes running, the log shows the following:

NAME             READY   STATUS              RESTARTS   AGE
sr-quick-admin   1/1     Running             0          2m12s
sr-quick-ms1     0/1     ContainerCreating   0          1s
 
Provide opss wallet File for 'sr-quick' ...
For example : '/path-to-uim-cntk/sr-quick.ewallet'
opss wallet File:
secret/sr-quick-opss-walletfile-secret created
 
Instance 'sr/sr-quick' admin server is now running.
Creation of instance 'sr/sr-quick' has completed successfully.

The create-instance.sh script also provides some useful commands and configuration to inspect the instance and access it for use.

Note:

While creating an instance on new RCU Schema, provide -w option to save OPSS eWallet data of instance. By default, this data is pushed into the opssWF secret automatically.

If you query the status of the pods, the READY state of the managed servers may display 0/1 for several minutes while the UIM application is starting.
When the READY state shows 1/1, your UIM instance is up and running. You can validate the instance by deploying UIM base cartridges and creating Custom Object instance in the UIM Home page.

The base hostname required to access this instance using HTTP is quick.sr.uim.org. See "Planning Your Cloud Native Environment" for details about hostname resolution.

The create-instance script prints out the following valuable information that you can use while working with your UIM domain:

The T3 URL: http://t3.quick.sr.uim.org This is required for external client applications such as JMS and WLST.
The URL for access to the WebLogic UI, which is provided through the ingress controller at host: http://admin.quick.sr.uim.org:30305/console.
The URL for access to the UIM UIs, which is provided through the ingress controller that requires the host to be specified as: http://quick.sr.uim.org:30305/Inventory/Login.jsp.

Assigning Roles

To access UIM Home page, you need to assign roles. You can use EM console for role assignments.

To assign roles:

Create uim-user-roles.txt as follows:
```
uimdev:uimuser
cmwsdev:uimuser
```

Run the following command to assign the roles:

$UIM_CNTK/samples/credentials/assign-role.sh -p sr  -i quick  -f uim-user-roles.txt

Validating the UIM Instance

After creating an instance, you can validate it by checking the domain configuration and the client UIs.

Run the following command to display the domain configuration details of the UIM instance that you have created:

kubectl describe domain sr-quick -n sr

The command displays the domain configuration information.

To verify the client UIs:

Log into the WebLogic console using the URL specified in the output of the create-instance script: http://admin.quick.sr.uim.org:30305/console

You can use the console to verify the configuration that has been applied and to see that the UIM application is in an active state.
Log into the UIM Task Web client user interface with the UIM administrator login credentials created as part of "Creating Secrets" using the URL (http://quick.sr.uim.org:30305/Inventory/Login.jsp) specified in the output of the create-instance script.

Note:

After a UIM instance is created, it may take a few minutes for the UIM user interface to become active.

Scaling the UIM Application Cluster

Now that your UIM instance is up and running, you can explore the ability to dynamically scale the application cluster.

To scale the UIM application cluster, edit the configuration:

In the instance specification, change the value for clusterSize manually. This change would ultimately be performed by an automated CI/CD pipeline.
```
vi $SPEC_PATH/sr-quick.yaml

# Change the cluster size to a value not larger than 18

#cluster size
clusterSize: 2
```
Note:
You can watch the Kubernetes pods in your namespace shrink or grow in real-time. To watch the pods shrink or grow, in a separate terminal window, run the following command:
```
kubectl get pods -n sr --watch
```
Upgrade the deployed Helm release:
```
$UIM_CNTK/scripts/upgrade-instance.sh -p sr -i quick -s $SPEC_PATH 
```
This pushes the new configuration to the deployed Helm release so the operator can take the necessary steps.

The WebLogic operator monitors changes to clusterSize and results in the operator spinning up or tearing down managed servers to align with the requested cluster size.

Deleting and Recreating Your UIM Instance

Deleting Your UIM Instance

To delete your UIM instance, run the following command:

$UIM_CNTK/scripts/delete-instance.sh -p sr -i quick

Re-creating Your UIM Instance

When you delete a UIM instance, the database state for that instance still remains unaffected. You can re-create a UIM instance with the same project and the instance names, pointing to the same database.

Note:

Ensure that you use the same specifications that you used for creating the instance and that the following secrets have not been deleted:

uimdb
rcudb
opssWF
opssWP
wlsRTE

To re-create a UIM instance, run the following command:

$UIM_CNTK/scripts/create-instance.sh -p sr -i quick -s $SPEC_PATH

Note:

After re-creating an instance, client applications such as SoapUI and HermesJMS may need to be restarted to avoid using expired cache information.

Cleaning Up the Environment

To clean up the environment:

Delete the instance:

$UIM_CNTK/scripts/delete-instance.sh -p sr -i quick

Delete the ingress:

$UIM_CNTK/scripts/delete-ingress.sh -p sr -i quick

Delete the namespace, which in turn deletes the Kubernetes namespace and the secrets:
```
$UIM_CNTK/scripts/unregister-namespace.sh -p sr -d -t targets
```
Note:
wlsko and traefik are the names of the targets for registration of the namespace. The script uses WLSKO_NS and TRAEFIK_NS to find these targets. Do not provide the "traefik" target if you are not using Traefik.
To unregister a namespace without deleting the namespace and secrets - wlsko:
- If the domainNamespaceLabelSelector is not added, run the follwoing command for operator to stop monitoring your namespace:
```
$UIM_CNTK/scripts/unregister-namespace.sh -p <project> -t wlsko 
        #For example,
        $UIM_CNTK/scripts/unregister-namespace.sh -p sr -t wlsko
```
- If you have added domainNamespaceLabelSelector value during operator installation example wko412=enabled use the following command for unregistering:
```
$UIM_CNTK/scripts/unregister-namespace.sh -p <project> -t wlsko -l label
        #For example,
        $UIM_CNTK/scripts/unregister-namespace.sh -p sr -t wlsko -l wlsko412
```
Drop the PDB.

Troubleshooting Issues with the Scripts

This section provides information about troubleshooting some issues that you may come across when running the scripts.

If you experience issues when running the scripts, do the following:

Check the operator logs to find out the details about the issue:

kubectl get pods -n $WLSKO_NS
# get the operator pod name to be used in the next command
kubectl logs -n $WLSKO_NS operator_pod

Check the "Status" section of the domain to see if there is useful information:
```
kubectl describe domain -n sr sr-quick 
```

"Timeout" Issue

In the logs, you may sometimes see the word "timeout" when the create-instance script fails. When you run the create-instance script, it may take a long time to pull the image, if you are doing it for the first time. In such a scenario, the script may fail and display the text "timeout" in the log.

To resolve this issue, try increasing the podStartupDeadlineSeconds parameter. The podStartupDeadlineSeconds parameter is a configurable parameter exposed in the instance specification that can be increased if required. Start with a very high timeout value and then monitor the average time it takes, because it depends on the speed with which the images are downloaded and how busy your cluster is. Once you have a good idea of the average time, you can reduce the timeout value accordingly to something that considers both the average time and some buffer.

# Modify the timeout value to start introspector pod. Mainly
# when using against slow DB or pulling image first time.
podStartupDeadlineSeconds: 800

After adjusting the parameter, clean up the failed instance and re-create the instance.

Cleanup Failed Instance

When a create-instance script fails, you must clean up the instance before making another attempt at instance creation.

Note:

Do not retry running the create-instance script or the upgrade-instance script immediately to fix any errors, as they would return errors. The upgrade-instance script may work but re-running it does not complete the operation.

To clean up the failed instance:

Delete the instance:

$UIM_CNTK/scripts/delete-instance.sh -p sr -i quick

Delete and recreate the RCU schema:

$UIM_CNTK/scripts/install-uimdb.sh -p project -i instance -s $SPEC_PATH -c 5
$UIM_CNTK/scripts/install-uimdb.sh -p project -i instance -s $SPEC_PATH -c 2

Recreating an Instance

If you face issues when creating an instance, do not try to re-run the create-instance.sh script as this will fail. Instead, perform the cleanup activities and then run the following command:

$UIM_CNTK/scripts/create-instance.sh -p sr -i quick -s $SPEC_PATH

Next Steps

A basic UIM cloud native instance should now be running in your environment. This process exposed you to some of the base functionality and concepts that are new to UIM cloud native. You can continue in your sandbox environment learning about more UIM cloud native capabilities by following the learning path.

If, however, your first priority is to understand details on infrastructure setup and structuring of UIM instances for your organization, then you should follow the infrastructure path.

To follow the infrastructure path, proceed to "Planning Infrastructure".

To follow the learning path, proceed to "Creating Your Own UIM Cloud Native Instance".