Automating the Disaster Recovery Setup

F Automating the Disaster Recovery Setup

In conjunction with the example scripts provided to automate the Identity and Access Management Enterprise deployment, example scripts have been developed to automate the disaster recovery setup. These scripts are also in the same download location as the deployment scripts. For information about automating the deployment, see Automating the Identity and Access Management Enterprise Deployment.

This appendix includes the following topics:

Disaster Recovery Utilities
There are two additional scripts provided for disaster recovery. Located in the utils directory, these are enable_dr.sh and idmdrctl.sh.
Creating the Response File
A sample response file is available for your use in the responsefile directory. You can use the disaster recovery utilities even if you created the environment using the deployment automation scripts.
Response File Reference
The parameters in the response file are used to control the provisioning of the various products in the Kubernetes cluster. These parameters are divided into generic and product-specific parameters.
Log Files
The DR scripts create log files for each product inside the working directory in a sub-directory called DR within a sub-directory called logs. For example: /workdir/OAM/DR/logs.

Disaster Recovery Utilities

There are two additional scripts provided for disaster recovery. Located in the utils directory, these are enable_dr.sh and idmdrctl.sh.

More information about these scripts:

enable_dr.sh: Used to set up disaster recovery, the script takes one argument: the name of the product for which you want to enable disaster recovery. The valid values are oud, oam, oig, oiri, and oaa. This script is run once per site, and creates the rsync job for file system replication, as well as the Kubernetes objects, if required.
idmdrctl.sh: Used to control the disaster recovery actions, it takes two arguments— -a action and -p product.
- Actions:
  - initial: Manually run the rsync job to backup or restore the persistent volume state.
  - switch: Change a sites role from standby to primary or primary to standby.
  - stop: Shut down a product.
  - start: Start up a product.
  - suspend: Suspend the rsync job for the file system replication.
  - resume: Resume the rsync job for the file system replication.
- Products:
  - oud
  - oam
  - oig
  - oiri
  - oaa

Both the scripts rely on the response file dr.rsp located in the responsefile directory. With the exception of the site role, the dr.rsp file will be identical on both the sites. Therefore, no need to switch the primary/standby values on the different sites.

Parent topic: Automating the Disaster Recovery Setup

Creating the Response File

A sample response file is available for your use in the responsefile directory. You can use the disaster recovery utilities even if you created the environment using the deployment automation scripts.

Note:

The property values between the dr.rsp and spider files overlap. Passwords are stored in a hidden file dewdrop available in the responsefile directory.

Parent topic: Automating the Disaster Recovery Setup

Response File Reference

The parameters in the response file are used to control the provisioning of the various products in the Kubernetes cluster. These parameters are divided into generic and product-specific parameters.

Parent topic: Automating the Disaster Recovery Setup

Products to Deploy

These parameters determine which products the deployment scripts attempt to deploy.

Table F-1 List of Products to Deploy

Parameter	Sample Value	Comments
DR_OUD	`true`	Set the value to `true` to configure OUD.
DR_OAM	`true`	Set the value to `true` to configure OAM.
DR_OIG	`true`	Set the value to `true` to configure OIG.
DR_OIRI	`true`	Set the value to `true` to configure OIRI.
DR_OAA	`true`	Set the value to `true` to configure OAA.

Parent topic: Response File Reference

Control Parameters

These parameters are used to specify the type of Kubernetes deployment and the names of the temporary directories you want the deployment to use, during the provisioning process.

Table F-2 List of Control Parameters in the Response File

Parameter	Sample Value	Comments
USE_REGISTRY	`false`	Set this value to `true` to pull images from a container registry.
USE_INGRESS	`false`	Set to `true` if you are using an Ingress controller.
ENV_TYPE	`OTHER`	The valid values are: `OCI` and `OTHER`. If `OCI` is selected, then OCI snapshots will be used to create the PV backups. If `OTHER` is selected, then `rsync` will be used to create the backups.
USE_MAA_SCRIPTS	`true`	If set to `true`, the MAA scripts will be used to take and restore a snapshot of the Kubernetes objects where appropriate. Set this value to `false` if you are creating the standby environment by rerunning the install scripts. The recommended value is `true` because using MAA scripts is the most efficient approach.
COPY_FILES_TO_DR	`true`	If set to `true`, then the `enable_dr.sh` script will attempt to copy the backup files to `DR_HOST`.
DR_HOST	`bastionhost`	The host on the DR system to which you want to copy the files. The `enable_dr.sh` script will attempt to copy the files to this host if `COPY_FILES_TO_DR` is set to `true`.
DR_USER	`opc`	The name of the user who copies the backup files to `DR_HOST`.

Parent topic: Response File Reference

Registry Parameters

These parameters are used to determine whether or not you are using a container registry. If you are, then it allows you to store the login credentials to the repository so that you are able to store the credentials as registry secrets in the individual product namespaces.

If you are pulling images from GitHub or Docker hub, then you can also specify the login parameters here so that you can create the appropriate Kubernetes secrets.

Table F-3 List of Registry Parameters in the Response File

Parameter	Sample Value	Comments
REGISTRY	`iad.ocir.io/mytenancy`	Set to the location of the container registry.
REG_USER	`mytenancy/oracleidentitycloudservice/email@example.com`	Set to the registry user name.
CREATE_REGSECRET	`false`	Set this value to `true` to create a registry secret for automatically pulling images.
LOCAL_WORKDIR	`/workdir`	The location where you want to create the working directory.
K8_DRDIR	`/u01/oracle/user_projects/dr_scripts`	The location inside the container where the disaster recovery script resides. This script is used to backup/restore the persistent volumes.
MAA_SAMPLES_REP	`https://github.com/oracle-samples/maa`	The GitHub location from where you can download the MAA Kubernetes snapshot tool.

Parent topic: Response File Reference

Image Parameters

These parameters are used to specify the names and versions of the container images you want to use for the deployment. These images must be available either locally or in your container registry. The names and versions must be identical to the images in the registry or the images stored locally.

These can include registry prefixes if you use a registry. Use the local/ prefix if you use the Oracle Cloud Native Environment.

Table F-4 List of Image Parameters in the Response File

Parameter	Sample Value	Comments
RSYNC_IMAGE	`$REGISTRY/alpine-rsync`	The name of the `rsync` image you created earlier. See Creating a Container with rsync.
RSYNC_VER	`latest`	The version of the `rsync` image you created.

Parent topic: Response File Reference

DR Parameters

These parameters are used to determine the type of site for disaster recovery.

Table F-5 Parameters that Determine the Type of Site for Disaster Recovery

Parameter	Sample Value	Comments
DR_TYPE	`PRIMARY` or `STANDBY`	The initial role of the site you want to create.
DRNS	`drns`	The namespace used to place the disaster recovery `rsync` job.

Parent topic: Response File Reference

NFS Parameters

Table F-6 List of Parameters

Parameter	Sample Value	Comments
DR_PRIMARY_NFS_EXPORT	`/export/IAMPVS`	The export path on the primary NFS server where the persistent volumes are located.
DR_PRIMARY_PVSERVER	`primarynfsserver.example.com`	The name or IP address of the primary NFS server used for the persistent volumes.
DR_STANDBY_NFS_EXPORT	`/export/IAMPVS`	The export path on the standby NFS server where the persistent volumes are located.
DR_STANDBY_PVSERVER	`standbynfsserver.example.com`	The name or IP address of the standby NFS server used for the persistent volumes.

Parent topic: Response File Reference

OUD Parameters

These parameters are specific to OUD. When deploying OUD, you also require the generic LDAP parameters.

Table F-7 OUD Parameters that Determine the Deployment of Oracle Unified Directory

Parameter	Sample Value	Comments
OUDNS	`oudns`	The Kubernetes namespace used to hold the OUD objects.
OUD_POD_PREFIX	`edg`	The prefix used for the OUD pods.
OUD_REPLICAS	`1`	The number of OUD replicas to create. If you require two OUD instances, set this to 1. This value is in addition to the primary instance.
OUD_PRIMARY_SHARE	`$DR_PRIMARY_NFS_EXPORT/oudpv`	The mount point on the primary NFS server where the OUD persistent volume is exported.
OUD_PRIMARY_CONFIG_SHARE	`$DR_PRIMARY_NFS_EXPORT/oudconfigpv`	The mount point on the primary NFS server where the OUD configuration persistent volume is exported.
OUD_STANDBY_SHARE	`$DR_STANDBY_NFS_EXPORT/oudpv`	The mount point on the standby NFS server where the OUD persistent volume is exported.
OUD_STANDBY_CONFIG_SHARE	`$DR_STANDBY_NFS_EXPORT/oudconfigpv`	The mount point on the standby NFS server where the OUD configuration persistent volume is exported.
OUD_LOCAL_CONFIG_SHARE	`/exports/IAMPVS/ oudconfigpv`	The NFS mount point for the OUD configuration persistent volume.
OUD_LOCAL_SHARE	`/nfs_volumes/oudconfigpv`	The local directory where OUD_LOCAL_CONFIG_SHARE is mounted. Used to hold seed files.
DR_OUD_MINS	`5`	The frequency at which the `rsync` job runs.
DR_CREATE_OUD_JOB	`true`	Determines whether or not to create an `rsync` job for OUD.

Parent topic: Response File Reference

OHS Parameters

Oracle HTTP Server (OHS) parameters are used to formulate how sample OHS configuration files are created. They also control whether you want the Oracle HTTP Server files to be propagated to the Oracle HTTP Server hosts automatically. If you choose automatic propagation, you should ensure that a passwordless SSL is possible from the deployment host to the Oracle HTTP Servers.

Table F-8 Parameters Used by Oracle HTTP Server to Create Sample OHS Configuration Files

Parameter	Sample Value	Comments
OHS_BASE	`/u02/private`	The location of the OHS base directory. The binaries and the configuration files are below this location. The Oracle inventory is also placed in this location when installing the Oracle HTTP Server.
OHS_ORACLE_HOME	`$OHS_BASE/oracle/products/ohs`	The location of the OHS binaries.
OHS_USER	`<user name>`	The name of the user you want to assign to the Node Manager if you install the Oracle HTTP Server.
OHS_HOST1	`webhost1.example.com`	The fully qualified name of the host running the first Oracle HTTP Server.
OHS1_NAME	`ohs1`	The component name of the first OHS instance (on OHS_HOST1).
OHS_HOST2	`webhost2.example.com`	The fully qualified name of the host running the second Oracle HTTP Server. Leave it blank if you do not have a second Oracle HTTP Server.
OHS2_NAME	`ohs2`	The component name of the second OHS instance (on OHS_HOST2).
OHS_DOMAIN	`$OHS_BASE/oracle/config/domains/ohsDomain`	The location of the OHS domain on OHS_HOST1 and OHS_HOST2.

Parent topic: Response File Reference

OAM Parameters

These parameters determine how Oracle Access Manager (OAM) is deployed and configured.

Table F-9 Parameters that Determine the Deployment of Oracle Access Manager

Parameter	Sample Value	Comments
OAMNS	`oamns`	The Kubernetes namespace used to hold the OAM objects.
OAM_DOMAIN_NAME	`accessdomain`	The name of the OAM domain you want to create.
OAM_PRIMARY_SHARE	`$DR_PRIMARY_NFS_EXPORT/oampv`	The mount point on the primary NFS server where the OAM persistent volume is exported.
OAM_STANDBY_SHARE	`$DR_STANDBY_NFS_EXPORT/oampv`	The mount point on the standby NFS server where the OAM persistent volume is exported.
OAM_LOCAL_SHARE	`/nfs_volumes/oampv`	The local directory where OAM_PRIMARY_SHARE is mounted.
OAM_SERVER_INITIAL	`2`	The number of OAM Managed Servers you want to start for normal running. You will need at least two servers for high availability.
OAM_PRIMARY_DB_SCAN	`primary-dbscan.example.com`	The database scan address of the primary database.
OAM_PRIMARY_DB_SERVICE	`iadedg.example.com`	The database service of the primary database.
OAM_STANDBY_DB_SCAN	`standby-dbscan.example.com`	The database scan address of the standby database.
OAM_STANDBY_DB_SERVICE	`iadedg.example.com`	The database service of the standby database.
OAM_DB_LISTENER	`1521`	The database listener port.
DR_OAM_MINS	`720`	The frequency at which the `rsync` job runs.
DR_CREATE_OAM_JOB	`true`	Determines whether or not to create an `rsync` job for OAM.

Parent topic: Response File Reference

OIG Parameters

These parameters determine how Oracle Identity Governance (OIG) is deployed and configured.

Table F-10 Parameters that Determine the Deployment of Oracle Identity Governance

Parameter	Sample Value	Comments
OIGNS	`oigns`	The Kubernetes namespace used to hold the OIG objects.
OIG_DOMAIN_NAME	`governancedomain`	The name of the OIG domain you want to create.
OIG_PRIMARY_SHARE	`$DR_PRIMARY_NFS_EXPORT/oigpv`	The mount point on the primary NFS server where the OIG persistent volume is exported.
OIG_STANDBY_SHARE	`$DR_STANDBY_NFS_EXPORT/oigpv`	The mount point on the standby NFS server where the OIG persistent volume is exported.
OIG_LOCAL_SHARE	`/nfs_volumes/oigpv`	The local directory where OIG_PRIMARY_SHARE is mounted.
OIG_SERVER_INITIAL	`2`	The number of OIG Managed Servers you want to start for normal running. You will need at least two servers for high availability.
OIG_PRIMARY_DB_SCAN	`primary-dbscan.example.com`	The database scan address of the primary database.
OIG_PRIMARY_DB_SERVICE	`igdedg.example.com`	The database service of the primary database.
OIG_STANDBY_DB_SCAN	`standby-dbscan.example.com`	The database scan address of the standby database.
OIG_STANDBY_DB_SERVICE	`igdedg.example.com`	The database service of the standby database.
OIG_DB_LISTENER	`1521`	The database listener port.
DR_OIG_MINS	`720`	The frequency at which the `rsync` job runs.
DR_CREATE_OIG_JOB	`true`	Determines whether or not to create an `rsync` job for OIG.

Parent topic: Response File Reference

OIRI Parameters

These parameters determine how Oracle Identity Role Intelligence (OIRI) is provisioned and configured.

Table F-11 Parameters that Determine the Deployment of Oracle Identity Role Intelligence

Parameter	Sample Value	Comments
OIRINS	`oirins`	The Kubernetes namespace used to hold the OIRI objects.
DINGNS	`dingns`	The Kubernetes namespace used to hold the OIRI DING objects.
OIRI_PRIMARY_SHARE	`$DR_PRIMARY_NFS_EXPORT/oiripv`	The mount point on the primary NFS server where the OIRI persistent volume is exported.
OIRI_STANDBY_SHARE	`$DR_STANDBY_NFS_EXPORT/oiripv`	The mount point on the standby NFS server where the OIRI persistent volume is exported.
OIRI_DING_PRIMARY_SHARE	`$DR_PRIMARY_NFS_EXPORT/dingpv`	The mount point on the primary NFS server where the OIRI Ding persistent volume is exported.
OIRI_DING_STANDBY_SHARE	`$DR_STANDBY_NFS_EXPORT/dingpv`	The mount point on the standby NFS server where the OIRI Ding persistent volume is exported.
OIRI_WORK_PRIMARY_SHARE	`$DR_PRIMARY_NFS_EXPORT/workpv`	The mount point on the primary NFS server where the OIRI Work persistent volume is exported.
OIRI_WORK_STANDBY_SHARE	`$DR_STANDBY_NFS_EXPORT/workpv`	The mount point on the standby NFS server where the OIRI Work persistent volume is exported.
OIRI_LOCAL_SHARE	`/nfs_volumes/oiripv`	The local directory where OIRI_PRIMARY_SHARE is mounted.
OIRI_DING_LOCAL_SHARE	`/nfs_volumes/dingpv`	The local directory where OIRI_DING_PRIMARY_SHARE is mounted.
OIRI_WORK_LOCAL_SHARE	`/nfs_volumes/workpv`	The local directory where OIRI_WORK_PRIMARY_SHARE is mounted.
OIRI_PRIMARY_DB_SCAN	`primary-dbscan.example.com`	The database scan address of the primary database.
OIRI_PRIMARY_DB_SERVICE	`oiriedg.example.com`	The database service of the primary database.
OIRI_STANDBY_DB_SCAN	`standby-dbscan.example.com`	The database scan address of the standby database.
OIRI_STANDBY_DB_SERVICE	`oiriedg.example.com`	The database service of the standby database.
OIRI_DB_LISTENER	`1521`	The database listener port.
DR_OIRI_MINS	`720`	The frequency at which the `rsync` job runs.
OIRI_PRIMARY_K8CONFIG	`primary_k8config`	The name of the Kubernetes configuration file for the primary Kubernetes cluster.
OIRI_STANDBY_K8CONFIG	`standby_k8config`	The name of the Kubernetes configuration file for the standby Kubernetes cluster.
OIRI_PRIMARY_K8CA	`primary_ca.crt`	The name of the Kubernetes certificate authority file for the primary Kubernetes cluster.
OIRI_STANDBY_K8CA	`standby_ca.crt`	The name of the Kubernetes certificate authority file for the standby Kubernetes cluster.
OIRI_PRIMARY_K8	`10.0.0.5:6443`	The host and port of the Kubernetes primary cluster (obtained from the `kubeconfig` file).
OIRI_STANDBY_K8	`10.1.0.10:6443`	The host and port of the Kubernetes standby cluster (obtained from the `kubeconfig` file).
DR_CREATE_OIRI_JOB	`true`	Determines whether or not to create an `rsync` job for OIRI.

Parent topic: Response File Reference

OAA Parameters

These parameters determine how Oracle Advanced Authentication (OAA) is provisioned and configured.

Table F-12 Parameters that Determine the Deployment of Oracle Advanced Authentication

Parameter	Sample Value	Comments
OAANS	`oaans`	The Kubernetes namespace used to hold the OAA objects.
OAA_MGT_IMAGE	`$REGISTRY/oracle/ shared/oaa-mgmt`	The OAA Management container image.
OAAMGT_VER	`12.2.1.4.1_20220419`	The version of the image you want to use.
OAA_PRIMARY_CONFIG_SHARE	`$DR_PRIMARY_NFS_EXPORT/oaaconfigpv`	The mount point on the primary NFS server where the OAA configuration persistent volume is exported.
OAA_STANDBY_CONFIG_SHARE	`$DR_STANDBY_NFS_EXPORT/oaaconfigpv`	The mount point on the standby NFS server where the OAA configuration persistent volume is exported.
OAA_PRIMARY_CRED_SHARE	`$DR_PRIMARY_NFS_EXPORT/oaacredpv`	The mount point on the primary NFS server where the OAA credential store persistent volume is exported.
OAA_STANDBY_CRED_SHARE	`$DR_STANDBY_NFS_EXPORT/oaacredpv`	The mount point on the standby NFS server where the OAA credential store persistent volume is exported.
OAA_PRIMARY_LOG_SHARE	`$DR_PRIMARY_NFS_EXPORT/oaalogpv`	The mount point on the primary NFS server where the OAA logs persistent volume is exported.
OAA_STANDBY_LOG_SHARE	`$DR_STANDBY_NFS_EXPORT/oaalogpv`	The mount point on the standby NFS server where the OAA logs persistent volume is exported.
OAA_PRIMARY_VAULT_SHARE	`$DR_PRIMARY_NFS_EXPORT/oaavaultpv`	The mount point on the primary NFS server where the OAA vault persistent volume is exported.
OAA_STANDBY_VAULT_SHARE	`$DR_STANDBY_NFS_EXPORT/oaavaultpv`	The mount point on the standby NFS server where the OAA vault persistent volume is exported.
OAA_LOCAL_CONFIG_SHARE	`/nfs_volumes/oaaconfigpv`	The local directory where OAA_PRIMARY_CONFIG_SHARE is mounted.
OAA_LOCAL_CRED_SHARE	`/nfs_volumes/oaacredpv`	The local directory where OAA_PRIMARY_CRED_SHARE is mounted.
OAA_LOCAL_LOG_SHARE	`/nfs_volumes/oaalogpv`	The local directory where OAA_PRIMARY_LOG_SHARE is mounted.
OAA_LOCAL_VAULT_SHARE	`/nfs_volumes/oaavaultpv`	The local directory where OAA_PRIMARY_VAULT_SHARE is mounted.
OAA_LOCAL_SHARE	`$OAA_LOCAL_CONFIG_SHARE`	The local directory where OAA_PRIMARY_CONFIG_SHARE is mounted. Do not change this value.
OAA_VAULT_TYPE	`file\|oci`	The type of vault to use: file system or OCI.
OAA_REPLICAS	`2`	The number of each OAA pods to start when invoked from `idmdrctl`.
OAA_PRIMARY_DB_SCAN	`primary-dbscan.example.com`	The database scan address of the primary database.
OIRI_PRIMARY_DB_SERVICE	`oaaedg.example.com`	The database service of the primary database.
OAA_STANDBY_DB_SCAN	`standby-dbscan.example.com`	The database scan address of the standby database.
OAA_STANDBY_DB_SERVICE	`oaaedg.example.com`	The database service of the standby database.
DR_OAA_MINS	`720`	The frequency at which the `rsync` job runs.
DR_CREATE_OAA_JOB	`true`	Determines whether or not to create an `rsync` job for OIRI.

Parent topic: Response File Reference

Log Files

The DR scripts create log files for each product inside the working directory in a sub-directory called DR within a sub-directory called logs. For example: /workdir/OAM/DR/logs.

This directory also contains the following files:

progressfile – This file contains the last successfully executed step. If you want to restart the process at a different step, update this file.
timings.log – This file is used for informational purposes to show how much time was spent on each stage of the disaster recovery process.

Parent topic: Automating the Disaster Recovery Setup