Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

E Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

To setup the Oracle Identity and Access Management in a Kubernetes cluster, see Preparing the Oracle Cloud Infrastructure for an Enterprise Deployment, which contains many security lists, hosts, VCNs, and related resources that need to be created for a successful deployment. This utility consists of samples for you to automate the configuration and use the OCI command-line interface.

These scripts are provided as examples and can be customized as required.

This appendix includes the following topics:

Obtaining the Scripts
These scripts are included as part of the automation scripts. The automation scripts are available for download from GitHub.
Scope of Scripts
Learn about the actions that the scripts perform as part of the deployment process. There are also tasks that the scripts do not perform.
Key Concepts of the Scripts
To make things simple and easy to manage, the scripts include these files: a response file with details of the environment and template files you can easily modify or add as required. The scripts can be run from any host which has access to the Kubernetes cluster.
Prerequisites
Before you run the utility, ensure that you meet the necessary prerequisites.
Creating a Response File
A sample response file called "oci-oke.rsp" is created for you in the SCRIPT_DIR/oke_utils/responsefile directory. You can edit this file or copy it to another file in the same directory.
Provisioning the Environment
A script is provisioned by specifying a working directory, a log directory into which output from the script is recorded, and a command to execute the script.
Log Files
The provisioning scripts create log files for each product inside the working directory in a TEMPLATE_NAME/logs sub-directory.
Output Files
The output files are generated as part of the provisioning process.
Reference - Response File
The parameters in the response file are used to control the provisioning of the various products in the Kubernetes cluster. These parameters are divided into generic and product-specific parameters.
Components of the Deployment Scripts
For reference purposes, this section includes the file name, directory, and purpose of all the objects that make up the deployment scripts.

Obtaining the Scripts

These scripts are included as part of the automation scripts. The automation scripts are available for download from GitHub.

For more information, see Automating the Identity and Access Management Enterprise Deployment.

To obtain the scripts, use the following command:

git clone https://github.com/oracle/fmw-kubernetes.git

The scripts appear in the following directory:

fmw-kubernetes/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/oke_utils

Move these template scripts to your working directory. For example:

cp -R fmw-kubernetes/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/* /workdir/scripts

This directory will be specified as $SCRIPTDIR.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

Scope of Scripts

Learn about the actions that the scripts perform as part of the deployment process. There are also tasks that the scripts do not perform.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

What the Scripts Will do

The scripts perform the following actions:

Create a Bastion host as described in Creating a Bastion Node.
Create two compute instances for the Oracle HTTP as described in Creating Compute Instances for Oracle HTTP Servers.
Create the NFS file systems and mount points for the Kubernetes persistent volume data as described in Creating File Systems and Mount Targets.
Create a public and internal load balancer for routing requests to the OHS servers as described in Creating Load Balancers.
Create a TCP load balancer to route requests to the Kubernetes nodes as described in Creating a Network Load Balancer.
Create the RAC database used for the Identity Management product schemas as described in Creating a Database.
Create a DNS server for name resolution within the Kubernetes cluster as described in Creating a DNS Server.
Tune the RAC database.
Install the Java Server and Oracle Text database options which are required by the OIM server. See Adding Database Options.
Install the XA views into the OIM pluggable database. See Adding XA Views.
Create the pluggable databases, as configured, for the OAM, OIM, OAA, and OIRI schemas as described in Creating a PDB Using an Existing PDB as a Template.
Create the database services for the pluggable databases as described in Creating Database Services.

Parent topic: Scope of Scripts

What the Scripts Will Not Do

The scripts do not perform the following tasks:

Install monitoring software such as Grafana or Prometheus.
Install or configure the log file monitoring tools Elasticsearch and Kibana.

Parent topic: Scope of Scripts

Key Concepts of the Scripts

To make things simple and easy to manage, the scripts include these files: a response file with details of the environment and template files you can easily modify or add as required. The scripts can be run from any host which has access to the Kubernetes cluster.

Note:

Provisioning scripts are re-enterant. If something fails, you can restart the script from the point at which it failed.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

Prerequisites

Before you run the utility, ensure that you meet the necessary prerequisites.

Install and configure the OCI command-line tools. For instructions, see one of the following docs:
- 2432759.1
- OCI documentation
Ensure that the OCI command runs properly by using the following command and check if you get valid output.
```
oci iam availability-domain list
```
Create an SSH private/public key that will be used to access the OCI instances using the command:
```
ssh-keygen
```
Create a configuration response file defining the parameters desired for this installation using the delivered file, oci-oke.rsp, as an example.
You have enough quota available in your tenancy to create the various resources.
The utility gdate is available on the deployment host.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

Creating a Response File

A sample response file called "oci-oke.rsp" is created for you in the SCRIPT_DIR/oke_utils/responsefile directory. You can edit this file or copy it to another file in the same directory.

All lines above the line "All changes below this point are optional" should be carefully reviewed and set as appropriate. Some values include default values while others are installation dependent and need to be set explicitly. This file will be referred as "TEMPLATE_NAME".

Note:

The file consists of key/value pairs. There should be no spaces between the name of the key and its value. For example:
Key=value
The OCI image names change frequently. It may be out-of-date and require an update before creating any instance.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

Provisioning the Environment

A script is provisioned by specifying a working directory, a log directory into which output from the script is recorded, and a command to execute the script.

Run the provision script by using the command:

cd $SCRIPT_DIR/oke_utils
./provision_oke.sh <TEMPLATE_NAME>

Note:

The provision script runs non-interactively after asking for confirmation that the listed compartment should be used to install the OCI components. Output from the script is displayed on the screen as well as added to the provision_oci.log file.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

Log Files

The provisioning scripts create log files for each product inside the working directory in a TEMPLATE_NAME/logs sub-directory.

This directory also contains the following files:

progressfile – This file contains the last successfully executed step. If you want to restart the process at a different step, update this file.
timings.log – This file is used for informational purposes to show how much time was spent on each stage of the provisioning process.
provision_oci.log – This file is used to capture the output from the execution of the various oci commands that were run by the provision_oke.sh script. This is the main provisioning log file.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

Output Files

The output files are generated as part of the provisioning process.

Table E-1 Output Files

File Name	Directory	Content
`ca.crt`	`$WORKDIR/<TEMPLATE_NAME>/output`	The self-signed certificate authority SSL certificate.
`ca.csr`	`$WORKDIR/<TEMPLATE_NAME>/output`	The certificate authority signing request which can be helpful when needed to renew the CA certificate.
`ca.key`	`$WORKDIR/<TEMPLATE_NAME>/output`	The self-signed certificate authority SSL private key.
`ca.srl`	`$WORKDIR/<TEMPLATE_NAME>/output`	The openssl serial number used when signing the CA certificate.
`TEMPLATE_NAME.ocid`	`$WORKDIR/<TEMPLATE_NAME>/output`	A listing that includes all of the resources created by the script and their associated OCID value. This file is used when the `delete_oke.sh` script is run to know which resources to delete.
`loadbalancer.crt`	`$WORKDIR/<TEMPLATE_NAME>/output`	The self-signed SSL certificate used by the public and internal load balancers. This file is also used by the OAM WebGate for making an SSL connection to public load balancer.
`loadbalancer.key`	`$WORKDIR/<TEMPLATE_NAME>/output`	The SSL private key for the public/internal load balancer SSL certificate.
`bastion_mounts.sh`	`$WORKDIR/<TEMPLATE_NAME>/output`	A bash shell script that can be run manually to mount the NFS volumes on the Bastion host.
`webhost1_mounts.sh`	`$WORKDIR/<TEMPLATE_NAME>/output`	A bash shell script that can be run manually to mount the NFS volumes on WebHost1.
`webhost2_mounts.sh`	`$WORKDIR/<TEMPLATE_NAME>/output`	A bash shell script that can be run manually to mount the NFS volumes on WebHost2.
`db-tuning.sh`	`$WORKDIR/<TEMPLATE_NAME>/output`	A bash shell script that can be run manually to configure the database `init.ora` parameters for the selected memory size defined by the `DB_MEMORY_CONFIG` parameter.
`db-xaviews.sh`	`$WORKDIR/<TEMPLATE_NAME>/output`	A bash shell script that can be run manually to install the XA views into the OIG pluggable database.
`<TEMPLATE>_idm.rsp`	`$WORKDIR/<TEMPLATE_NAME>/output`	Generated by the script `create_idm_rsp.sh`. It is a file which can be used as the basis of a response file for the IDM Automation scripts described in Automating the Identity and Access Management Enterprise Deployment. This response file contains information gathered from the provisioning of OKE. It will be reviewed and updated as per your environment needs.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

Deleting the Environment

The delete script will read the file $WORKDIR/TEMPLATE_NAME/output/TEMPLATE_NAME.ocid to determine which resources were created by the provisioning script and make an attempt to delete them.

Run the delete script by using the command:

cd $SCRIPT_DIR/oke_utils
./delete_oke.sh <TEMPLATE_NAME>

Like the provisioning script, the delete script will first confirm that the resources should be deleted from the listed compartment and then run without further user input to delete the resources.

Parent topic: Output Files

Deleting Output Files

Table E-2 Deleting Output Files

File Name	Directory	Contents
`delete_oke.log`	`$WORKDIR/<TEMPLATE_NAME>/logs`	The output from the execution of the various `oci` commands that were run by the `delete_oke.sh` script. This is the main deletion log file.
`timings.log`	`$WORKDIR/<TEMPLATE_NAME>/logs`	This file is used for informational purposes to show the time spent on each stage of the deletion process.

Parent topic: Output Files

Reference - Response File

The parameters in the response file are used to control the provisioning of the various products in the Kubernetes cluster. These parameters are divided into generic and product-specific parameters.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster

Parameters that Must be Reviewed, Set, and Modified

Some values are default while others are installation dependent and require to be set explicitly.

Table E-3 List of Parameters

Parameter	Default Value	Comments
WORKDIR	`/home/opc/workdir/OKE`	Absolute path to the directory where you want to have the output and log files written to.
REGION	`<your-region>`	The OCI region in which you want to create all the resource. For example: `us-ashburn-1`.
COMPARTMENT_NAME	`<your-compartment-name>`	The compartment name which will hold all of the created resources.
SSH_PUB_KEYFILE	`<path-to>/id_rsa.pub`	Absolute path to the SSH public keyfile.
SSH_ID_KEYFILE	`<path-to>/id_rsa`	Absolute path to the SSH private keyfile used to connect to the Bastion host.
SSL_COUNTRY	`<country>`	The name of the country to use in the `C` portion of the SSL certificate.
SSL_STATE	`<state>`	The name of the country to use in the `ST` portion of the SSL certificate.
SSL_LOCALE	`<city>`	The name of the country to use in the `L` portion of the SSL certificate.
SSL_ORG	`<company>`	The name of the country to use in the `O` portion of the SSL certificate.
SSL_ORGUNIT	`<organization>`	The name of the country to use in the `OU` portion of the SSL certificate.
DB_PWD	`<dbpwd>`	The password for the `SYS` and `SYSTEM` users in the RAC database. Note: The password must contain two uppercase, two lowercase, two number, and two special characters and a minimum length of 10 characters.
DB_NAME	`idmdb`	The value to use for the database `DB_NAME` parameter.
DB_SUFFIX	`edg`	A suffix, which combined with the `DB_NAME` value, makes up the value for the `DB_UNIQUE_NAME` database parameter.
DB_MEMORY_CONFIG	`dev`	Which set of database tuning parameter, from Table 11-4 in the EDG, should be used for the RAC database.
CONFIGURE_DATABASE	`true`	The RAC database configuration/tuning script run automatically after the database is created. Note: If this is set to "Y" then the provisioning script will wait up to three hours for the initial RAC database to become available before proceeding.
CREATE_OAM_PDB	`true`	Indicates if the `CONFIGURE_DATABASE` is enabled when an OAM pluggable database be created.
OAM_PDB_NAME	`oampdb`	The name of the OAM pluggable database.
OAM_SERVICE_NAME	`oam_s`	The name of the OAM database service.
CREATE_OIG_PDB	`true`	Indicates if the `CONFIGURE_DATABASE` is enabled when an OIG pluggable database be created.
OIG_PDB_NAME	`oigpdb`	The name of the OIG pluggable database.
OIG_SERVICE_NAME	`oig_s`	The name of the OIG database service.
CREATE_OAA_PDB	`false`	Indicates if the`CONFIGURE_DATABASE` is enabled when an OAA pluggable database be created.
OAA_PDB_NAME	`oaapdb`	The name of the OAA pluggable database.
OAA_SERVICE_NAME	`oaa_s`	The name of the OAA database service.
CREATE_OIRI_PDB	`false`	Indicates if the `CONFIGURE_DATABASE` is enabled when an OIRI pluggable database be created.
OIRI_PDB_NAME	`oiripdb`	The name of the OIRI pluggable database.
OIRI_SERVICE_NAME	`oiri_s`	The name of the OIRI database service.
BASTION_IMAGE_NAME	`Oracle-Linux-8.7-2023.01.31-3`	The Linux image to use for the Bastion host.
WEB_IMAGE_NAME	`$BASTION_IMAGE_NAME`	The Linux image to use for the two web tiers.
OKE_NODE_POOL_IMAGE_NAME	`$BASTION_IMAGE_NAME`	The Linux image to use for the OKE nodes.
CONFIGURE_BASTION	`true`	Indicates if the Bastion host should be automatically configured with the required OS packages, OCI tools, helm, and Kubernetes configuration after the installation is complete.
HELM_VER	`3.11.1`	The version of helm to install on the Bastion node.
CONFIGURE_WEBHOSTS	`true`	Indicates if the web tiers should be automatically configured with the required OS packages and firewall settings after the installation is complete.
OHS_SOFTWARE_OWNER	`opc`	The OS user that will own the OHS configuration on the web tiers.
OHS_SOFTWARE_GROUP	`opc`	The OS group that will own the OHS configuration on the web tiers.

The rest of the parameters use the default values, and it is not required to change them. However, it may be reviewed and changed to customize the installation.

Parent topic: Reference - Response File

OCI Command-Line Interface Region

Table E-4 List of Parameters

Parameter Default Value Comments

Parameter	Default Value	Comments
OCI_CLI_REGION	`$REGION`	This value overrides the default REGION set in the `$HOME/.oci/config` file. Note: Do not change this value.

OCI_CLI_REGION

$REGION

This value overrides the default REGION set in the $HOME/.oci/config file.

Note: Do not change this value.

Parent topic: Reference - Response File

Port Numbers

Table E-5 List of Parameters

Parameter	Default Value	Comments
OAM_ADMIN_SERVICE_PORT	`30701`	The Kubernetes service port for the OAM AdminServer.
OAM_POLICY_SERVICE_PORT	`30510`	The Kubernetes service port for the OAM Policy Manager.
OAM_SERVER_SERVICE_PORT	`30410`	The Kubernetes service port for the OAM Server.
OIG_ADMIN_SERVICE_PORT	`30711`	The Kubernetes service port for the OIG AdminServer.
OIG_SERVER_SERVICE_PORT	`30140`	The Kubernetes service port for the OIM Server.
SOA_SERVER_SERICE_PORT	`30801`	The Kubernetes service port for the SOA Server.
OUDSM_SERVER_SERVICE_PORT	`30901`	The Kubernetes service port for the OUDSM Server.
INGRESS_SERVICE_PORT	`30777`	The Kubernetes service port for the Ingress Controller.
OHS_NON_SSL_PORT	`7777`	The OHS port used by the internal load balancer for internal callback requests.
PUBLIC_LBR_NON_SSL_PORT	`80`	The load balancer port used for the HTTP requests to the OAM and OIM AdminServers.
PUBLIC_LBR_SSL_PORT	`443`	The load balancer port used for the HTTPS requests to the OAM login page and the OIG provisioning server.

Parent topic: Reference - Response File

Subnet Configuration

Table E-6 List of Parameters

Parameter	Default Value	Comments
VCN_SUBNET_CIDR	`10.0.0.0/16`	The CIDR to use for the Virtual Cloud Network.
BASTION_SUBNET_CIDR	`10.0.1.0/29`	The subnet (which must be contained within the main VCN subnet) to use for the Bastion host.
WEB_SUBNET_CIDR	`10.0.2.0/28`	The subnet (which must be contained within the main VCN subnet) to use for the WebTier hosts.
LBR1_SUBNET_CIDR	`10.0.4.0/24`	The first subnet (which must be contained within the main VCN subnet) to use for the public load balancer.
LBR2_SUBNET_CIDR	`10.0.5.0/24`	The second subnet (which must be contained within the main VCN subnet) to use for the public load balancer.
DB_SUBNET_CIDR	`10.0.11.0/24`	The subnet (which must be contained within the main VCN subnet) to use for the RAC database.
OKE_NODE_SUBNET_CIDR	`10.0.10.0/24`	The subnet (which must be contained within the main VCN subnet) to use for the OKE nodes.
OKE_API_SUBNET_CIDR	`10.0.0.0/28`	The subnet (which must be contained within the main VCN subnet) to use for the OKE API endpoint.
OKE_SVCLB_SUBNET_CIDR	`10.0.20.0/24`	The subnet (which must be contained within the main VCN subnet) to use for the OKE services load balancer.

Parent topic: Reference - Response File

DNS Zone Configuration

Table E-7 List of Parameters

Parameter	Default Value	Comments
DNS_DOMAIN_NAME	`example.com`	The DNS domain name for the environment.
DNS_ZONE_TYPE	`PRIMARY`	Used to identify if the zone is primary or secondary.
DNS_SCOPE	`PRIVATE`	Used to identity if the zone is private or a global DNS zone.
DNS_INTERNAL_LBR_DNS_HOSTNAME	`loadbalancer.$DNS_DOMAIN_NAME`	The host name of the load balancer used for internal routing.

Parent topic: Reference - Response File

VCN Configuration

Table E-8 List of Parameters

Parameter	Default Value	Comments
VCN_DISPLAY_NAME	`idm-oke-vcn`	Displays the name of the virtual cloud network.
VCN_PRIVATE_ROUTE_TABLE_DISPLAY_NAME	`oke-private-rt`	Displays the name of the VCN private route table.
VCN_PUBLIC_ROUTE_TABLE_DISPLAY_NAME	`oke-public-rt`	Displays the name of the VCN public route table.
VCN_DNS_LABEL	`oke`	The DNS label for the VCN. Used in conjunction with the host name and subnet DNS label to form a FQDN for each host.
VCN_INTERNET_GATEWAY_DISPLAY_NAME	`oke-igw`	Displays the name of the VCN internet gateway.
VCN_NAT_GATEWAY_DISPLAY_NAME	`oke-nat`	Displays the name of the VCN NAT gateway.
VCN_SERVICE_GATEWAY_DISPLAY_NAME	`oke-sgw`	Displays the name of the VCN service gateway.

Parent topic: Reference - Response File

OKE Cluster Configuration

Table E-9 List of Parameters

Parameter	Default Value	Comments
OKE_CLUSTER_DISPLAY_NAME	`oke-cluster`	Displays the name of the OKE cluster.
OKE_CLUSTER_VERSION	`v1.24.1`	Version of the Kubernetes to deploy on the OKE nodes.
OKE_MOUNT_TARGET_AD	`ad1`	Displays the name of the availability domain to use for the OKE mount target. Note: This value is not the actual availability domain name but a representation of the AD to use. For example: ad1, ad2, or ad3.
OKE_PODS_CIDR	`10.244.0.0/16`	The CIDR for the OKE pods.
OKE_SERVICES_CIDR	`10.96.0.0/16`	The CIDR for the OKE load balancer services.
OKE_NETWORK_TYPE	`FLANNEL_OVERLAY`	The CNI type for the node pools of the cluster.
OKE_API_SUBNET_DISPLAY_NAME	`oke-k8sApiEndpoint-subnet`	Displays the name of the OKE API subnet.
OKE_API_DNS_LABEL	`apidns`	The DNS label for the OKE API subnet. Used in conjunction with the host name and subnet DNS label to form a FQDN for each host within the subnet.
OKE_API_SECLIST_DISPLAY_NAME	`oke-k8sApiEndpoint-seclist`	Displays the name of the OKE API security list.
OKE_NODE_SUBNET_DISPLAY_NAME	`oke-node-subnet`	Displays the name of the OKE node security list.
OKE_NODE_DNS_LABEL	`nodedns`	The DNS label for the OKE nodes. Used in conjunction with the host name and subnet DNS label to form a FQDN for each host within the subnet.
OKE_NODE_SECLIST_DISPLAY_NAME	`oke-node-seclist`	Displays the name of the OKE node security list.
OKE_SVCLB_SUBNET_DISPLAY_NAME	`oke-svclb-subnet`	Displays the name of the OKE service load balancer subnet.
OKE_SVCLBR_DNS_LABEL	`svclbdns`	The DNS label for the OKE service load balancer. Used in conjunction with the host name and subnet DNS label to form a FQDN for each host within the subnet.
OKE_SVCLBR_SECLIST_DISPLAY_NAME	`oke-svclb-seclist`	Displays the name of the service load balancer security list.
OKE_NODE_POOL_DISPLAY_NAME	`pool1`	Displays the name of the OKE node pool.
OKE_NODE_POOL_SIZE	`3`	Displays the number of nodes to add to the OKE node pool.
OKE_NODE_POOL_SHAPE	`VM.Standard.E4.Flex`	Displays which image shape to use for the OKE nodes.
OKE_NODE_POOL_SHAPE_CONFIG	`'{\\\"memoryInGBs\\\": 32.0, \\\"ocpus\\\": 2.0}'`	Shape configuration for the memory and OCPUs for the OKE nodes. Note: Entire string must be enclosed within single quotes and the parameter names must be enclosed within double quotes that are escaped with a backslash.

Parent topic: Reference - Response File

Bastion Host Configuration

Table E-10 List of Parameters

Parameter	Default Value	Comments
BASTION_PRIVATE_SECLIST_DISPLAY_NAME	`bastion-private-seclist`	Displays the name of the Bastion private security list.
BASTION_PUBLIC_SECLIST_DISPLAY_NAME	`bastion-public-seclist`	Displays the name of the Bastion public security list.
BASTION_SETUP_SECLIST_DISPLAY_NAME	`bastion-setup-seclist`	Displays the name of the Bastion setup security list.
BASTION_ROUTE_TABLE_DISPLAY_NAME	`bastion-route-table`	Displays the name of the Bastion route table.
BASTION_SUBNET_DISPLAY_NAME	`bastion-subnet`	Displays the name of the Bastion subnet.
BASTION_DNS_LABEL	`bastionsubnet`	The DNS label for the Bastion subnet. Used in conjunction with the host name and subnet DNS label to form a FQDN for each host.
BASTION_INSTANCE_DISPLAY_NAME	`idm-bastion`	Displays the name of the Bastion compute instance.
BASTION_AD	`ad1`	The name of the availability domain to use for the Bastion host. Note: This value is not the actual availability domain name but a representation of the AD to use. For example: ad1, ad2, or ad3.
BASTION_INSTANCE_SHAPE	`VM.Standard.E4.Flex`	Displays which image shape to use for the Bastion compute instance.
BASTION_SHAPE_CONFIG	`'{\"memoryInGBs\": 16.0, \"ocpus\": 1.0}'`	Shape configuration for the memory and OCPUs for the Bastion node. Note: Entire string must be enclosed within single quotes and the parameter names must be enclosed within double quotes that are escaped with a backslash.
BASTION_PUBLIC_IP	`true`	Displays should the Bastion host get assigned a public IP address or not.
BASTION_HOSTNAME	`idm-bastion`	The host name to use for the Bastion host.

Parent topic: Reference - Response File

OHS and Web Tier Configuration

Table E-11 List of Parameters

Parameter	Default Value	Comments
OHS_SECLIST_DISPLAY_NAME	`ohs-seclist`	Displays the name of the OHS security list.
WEB_PUBLIC_SECLIST_DISPLAY_NAME	`web-public-seclist`	Displays the name of the Web public security list.
WEB_ROUTE_TABLE_DISPLAY_NAME	`web-route-table`	Displays the name of the Web route table.
WEB_SUBNET_DISPLAY_NAME	`web-subnet`	Displays the name of the Web subnet.
WEB_DNS_LABEL	`websubnet`	The DNS label for the Web subnet. Used in conjunction with the host name and subnet DNS label to form a FQDN for each host.
WEB_PROHIBIT_PUBLIC_IP	`true`	Indicates if the Web subnet allows computing instances with a public IP address.
WEBHOST1_DISPLAY_NAME	`webhost1`	Displays the name of the first OHS Web host.
WEBHOST1_AD	`ad1`	Displays the name of the available domain to use for the first Web host. Note: This value is not the actual availability domain name but a representation of the AD to use. For example: ad1, ad2, or ad3.
WEBHOST1_SHAPE	`VM.Standard.E4.Flex`	Displays the image shape to use for the first Web host.
WEBHOST1_SHAPE_CONFIG	`'{\"memoryInGBs\": 16.0, \"ocpus\": 1.0}'`	Shape configuration for the memory and OCPUs for the first Web host. Note: Entire string must be enclosed within single quotes and the parameter names must be enclosed within double quotes that are escaped with a backslash.
WEBHOST1_PUBLIC_IP	`false`	Indicates if the first Web host get assigned to a public IP address.
WEBHOST1_HOSTNAME	`webhost1.$DNS_DOMAIN_NAME`	The host name of the first Web host.
WEBHOST1_HOSTNAME_LABEL	`webhost1`	The host name label for the first Web host.
WEBHOST1_PRODUCTS_PATH	`/u02/private/oracle/products`	Displays the directory on the first Web host where the OHS product should be installed.
WEBHOST1_CONFIG_PATH	`/u02/private/oracle/config`	Displays the directory on the first Web host where the OHS configuration files should be stored.
WEBHOST2_DISPLAY_NAME	`webhost2`	Displays the name of the second OHS Web host.
WEBHOST2_AD	`ad2`	Displays the name of the available domain to use for the second Web host. Note: This value is not the actual availability domain name but a representation of the AD to use. For example: ad1, ad2, or ad3.
WEBHOST2_SHAPE	`VM.Standard.E4.Flex`	Displays the image shape to use for the second Web host.
WEBHOST2_SHAPE_CONFIG	`'{\"memoryInGBs\": 16.0, \"ocpus\": 1.0}'`	Shape configuration for the memory and OCPUs for the second Web host. Note: Entire string must be enclosed within single quotes and the parameter names must be enclosed within double quotes that are escaped with a backslash.
WEBHOST2_PUBLIC_IP	`false`	Indicates if the second Web host get assigned a public IP address.
WEBHOST2_HOSTNAME	`webhost2.$DNS_DOMAIN_NAME`	The host name of the second Web host.
WEBHOST2_HOSTNAME_LABEL	`webhost2`	The host name label for the second Web host.
WEBHOST2_PRODUCTS_PATH	`/u02/private/oracle/products`	Displays the directory on the second Web host where the OHS product should be installed.
WEBHOST2_CONFIG_PATH	`/u02/private/oracle/config`	Displays the directory on the second Web host where the OHS configuration files should be stored.

Parent topic: Reference - Response File

NFS and Persistent Volume Configuration

Table E-12 List of Parameters

Parameter	Default Value	Comments
WEBHOST1_MOUNT_TARGET_DISPLAY_NAME	`webhost1-mt`	Displays the name of the mount target used by webhost1.
WEBHOST2_MOUNT_TARGET_DISPLAY_NAME	`webhost2-mt`	Displays the name of the mount target used by webhost2.
OKE_MOUNT_TARGET_DISPLAY_NAME	`oke-mt`	Displays the name of the mount target used by the OKE nodes.
PV_SECLIST_DISPLAY_NAME	`pv-seclist`	Displays the name of the persistent volume security list.
FS_WEBBINARIES1_DISPLAY_NAME	`webbinaries1`	Displays the name of the NFS file system for the OHS binaries on webhost1.
FS_WEBBINARIES1_PATH	`/exports/IAMBINARIES/webbinaries1`	Displays the path to the NFS file system where the OHS binaries are installed on webhost1.
FS_WEBBINARIES2_DISPLAY_NAME	`webbinaries2`	Displays the name of the NFS file system for the OHS binaries on webhost2.
FS_WEBBINARIES2_PATH	`/exports/IAMBINARIES/webbinaries2`	Displays the path to the NFS file system where the OHS binaries are installed on webhost2.
FS_WEBCONFIG1_DISPLAY_NAME	`webconfig1`	Displays the name of the NFS file system for the OHS configuration data on webhost1.
FS_WEBCONFIG1_PATH	`/exports/IAMCONFIG/webconfig1`	Displays the path to the NFS file system where the OHS configuration data is installed on webhost1.
FS_WEBCONFIG2_DISPLAY_NAME	`webconfig2`	Displays the name of the NFS file system for the OHS configuration data on webhost2.
FS_WEBCONFIG2_PATH	`/exports/IAMCONFIG/webconfig2`	Displays the path to the NFS file system where the OHS configuration data is installed on webhost2.
FS_OAMPV_DISPLAY_NAME	`oampv`	Displays the name of the OAM persistent volume file system.
FS_OAMPV_NFS_PATH	`/exports/IAMPVS/oampv`	Displays the path to the NFS file system for the OAM domain.
FS_OAMPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oampv`	The local mount point on the bastion host for the OAM persistent volume.
FS_OIGPV_DISPLAY_NAME	`oigpv`	Displays the name of the OIG persistent volume file system.
FS_OIGPV_NFS_PATH	`/exports/IAMPVS/oigpv`	Displays the path to the NFS file system for the OIG domain.
FS_OIGPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oigpv`	The local mount point on the bastion host for the OIG persistent volume.
FS_OUDPV_DISPLAY_NAME	`oudpv`	Displays the name of the OUD persistent volume file system.
FS_OUDPV_NFS_PATH	`/exports/IAMPVS/oudpv`	Displays the path to the NFS file system for the OUD domain.
FS_OUDPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oudpv`	The local mount point on the bastion host for the OUD persistent volume.
FS_OUDCONFIGPV_DISPLAY_NAME	`oudconfigpv`	Displays the name of the OUD configuration persistent volume file system.
FS_OUDCONFIGPV_NFS_PATH	`/exports/IAMPVS/oudconfigpv`	Displays the path to the NFS file system for the OUD configuration data.
FS_OUDCONFIGPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oudconfigpv`	The local mount point on the bastion host for the OUD configuration data.
FS_OUDSMPV_DISPLAY_NAME	`oudsmpv`	Displays the name of the OUD services manager persistent volume file system.
FS_OUDSMPV_NFS_PATH	`/exports/IAMPVS/oudsmpv`	Displays the path to the NFS file system for the OUD services manager domain.
FS_OUDSMPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oudsmpv`	The local mount point on the bastion host for the OUD services manager persistent volume.
FS_OIRIPV_DISPLAY_NAME	`oiripv`	Displays the name of the OIRI persistent volume file system.
FS_OIRIPV_NFS_PATH	`/exports/IAMPVS/oiripv`	Displays the path to the NFS file system for the OIRI domain.
FS_OIRIPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oiripv`	The local mount point on the bastion host for the OIRI persistent volume.
FS_DINGPV_DISPLAY_NAME	`dingpv`	Displays the name of the data ingestor persistent volume file system.
FS_DINGPV_NFS_PATH	`/exports/IAMPVS/dingpv`	Displays the path to the NFS file system for the OIRI ingestor data.
FS_DINGPV_LOCAL_MOUNTPOINT	`/nfs_volumes/dingpv`	The local mount point on the bastion host for the OIRI ingestor data.
FS_WORKPV_DISPLAY_NAME	`workpv`	Displays the name of the OIRI working directory volume file system.
FS_WORKPV_NFS_PATH	`/exports/IAMPVS/workpv`	Displays the path to the NFS file system for the OIRI working directory.
FS_WORKPV_LOCAL_MOUNTPOINT	`/nfs_volumes/workpv`	The local mount point on the bastion host for the OIRI working directory.
FS_OAACONFIGPV_DISPLAY_NAME	`oaaconfigpv`	Displays the name of the OAA configuration persistent volume file system.
FS_OAACONFIGPV_NFS_PATH	`/exports/IAMPVS/oaaconfigpv`	Path to the NFS file system for the OAA configuration data.
FS_OAACONFIGPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oaaconfigpv`	The local mount point on the bastion host for the OA configuration persistent volume data.
FS_OAACREDPV_DISPLAY_NAME	`oaacredpv`	Displays the name of the OAA credential store persistent volume file system.
FS_OAACREDPV_NFS_PATH	`/exports/IAMPVS/oaacredpv`	Displays the path to the NFS file system for the OAA credential store data.
FS_OAACREDPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oaacredpv`	The local mount point on the bastion host for the OAA credential store persistent volume data.
FS_OAAVAULTPV_DISPLAY_NAME	`oaavaultpv`	Displays the name of the OAA Vault persistent volume file system.
FS_OAAVAULTPV_NFS_PATH	`/exports/IAMPVS/oaavaultpv`	Displays the path to the NFS file system for the OAA Vault data.
FS_OAAVAULTPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oaavaultpv`	The local mount point on the bastion host for the OAA Vault persistent volume data.
FS_OAALOGPV_DISPLAY_NAME	`oaalogpv`	Displays the name of the OAA log file persistent volume file system.
FS_OAALOGPV_NFS_PATH	`/exports/IAMPVS/oaalogpv`	Displays the path to the NFS file system for the OAA log files.
FS_OAALOGPV_LOCAL_MOUNTPOINT	`/nfs_volumes/oaalogpv`	The local mount point on the bastion host for the OAA log files.
FS_IMAGES_DISPLAY_NAME	`images`	Displays the name of the IDM container images persistent volume file system.
FS_IMAGES_NFS_PATH	`/exports/IMAGES/images`	Displays the path to the NFS file system for the container images.
FS_IMAGES_LOCAL_MOUNTPOINT	`/images`	The local mount point on the bastion host for the container images.

Parent topic: Reference - Response File

SSL Configuration

Table E-13 List of Parameters

Parameter	Default Value	Comments
SSL_CERT_VALIDITY_DAYS	`750`	Specifies the number of days to set for the SSL certificate validity.
SSL_CERT_BITS	`2048`	Specifies the default key size in bit for the SSL certificate.
SSL_CN	`*.$DNS_DOMAIN_NAME`	Specifies the domain name to set for the SSL certificate.

Parent topic: Reference - Response File

Load Balancer Configuration

Table E-14 List of Parameters

Parameter	Default Value	Comments
LBR1_AD	`ad1`	Displays the available domain to use for the first internal load balancer. Note: This is not the actual availability domain name but a representation of the AD to use. For example: ad1, ad2, or ad3.
LBR1_DISPLAY_NAME	`lbr-subnet1`	Displays the name of the first internal load balancer.
LBR1_DNS_LABEL	`lbrsubnet1`	The DNS subnet label to use for the first internal load balancer.
LBR2_AD	`ad2`	Displays the available domain to use for the second internal load balancer. Note: This is not the actual availability domain name but a representation of the AD to use. For example: ad1, ad2, or ad3.
LBR2_DISPLAY_NAME	`lbr-subnet2`	Displays the name of the second internal load balancer.
LBR2_DNS_LABEL	`lbrsubnet2`	The DNS subnet label to use for the second internal load balancer.

Parent topic: Reference - Response File

Load Balancer Log Group Configuration

Table E-15 List of Parameters

Parameter	Default Value	Comments
LBR_LOG_GROUP_NAME	`Default_Group`	Displays the name of the log group that will hold the access and error logs for the public and internal load balancers.

Parent topic: Reference - Response File

Public Load Balancer Configuration

Table E-16 List of Parameters

Parameter	Default Value	Comments
PUBLIC_LBR_ACCESS_LOG_DISPLAY_NAME	`public_loadbalancer_access`	Displays the name of the public load balancer access log file.
PUBLIC_LBR_ERROR_LOG_DISPLAY_NAME	`public_loadbalancer_error`	Displays the name of the public load balancer error log.
PUBLIC_LBR_CERTIFICATE_NAME	`loadbalancer`	Displays the name of the SSL certificate loaded into the public load balancer.
PUBLIC_LBR_DISPLAY_NAME	`public-loadbalancer`	Displays the name of the public load balancer.
PUBLIC_LBR_PRIVATE	`false`	Indicates if the public load balancer should only be assigned an internal IP address.
PUBLIC_LBR_ROUTE_TABLE_DISPLAY_NAME	`lbr-route-table`	Displays the name of the public load balancer route table.
PUBLIC_LBR_SECLIST_DISPLAY_NAME	`public-lbr-seclist`	Displays the name of the public load balancer security list.
PUBLIC_LBR_SHAPE	`flexible`	Displays the pubic load balancer shape configuration.
PUBLIC_LBR_SHAPE_DETAILS	`'{minimumBandwidthInMbps: 10, maximumBandwidthInMbps: 100}'`	Displays the minimum and maximum bandwidth values for the public load balancer.
PUBLIC_LBR_IADADMIN_DISPLAY_NAME	`iadadmin`	Displays the name of the OAM iadadmin host name on the public load balancer.
PUBLIC_LBR_IADADMIN_HOSTNAME	`iadadmin.$DNS_DOMAIN_NAME`	The host name for the OAM iadadmin host on the public load balancer.
PUBLIC_LBR_IADADMIN_LISTENER_DISPLAY_NAME	`iadadmin`	Displays the name of the OAM iadadmin listener on the public load balancer.
PUBLIC_LBR_IGDADMIN_DISPLAY_NAME	`igdadmin`	Displays the name of the OIM igdadmin hostname on the public load balancer.
PUBLIC_LBR_IGDADMIN_HOSTNAME	`igdadmin.$DNS_DOMAIN_NAME`	The host name for the OIM igdadmin host on the public load balancer.
PUBLIC_LBR_IGDADMIN_LISTENER_DISPLAY_NAME	`igdadmin`	Displays the name of the OIM igdadmin listener on the public load balancer.
PUBLIC_LBR_LOGIN_DISPLAY_NAME	`login`	Displays the name of the OAM login host on the public load balancer.
PUBLIC_LBR_LOGIN_HOSTNAME	`login.$DNS_DOMAIN_NAME`	The host name for the OAM login host on the public load balancer.
PUBLIC_LBR_LOGIN_LISTENER_DISPLAY_NAME	`login`	Displays the name of the OAM login listener on the public load balancer.
PUBLIC_LBR_PROV_DISPLAY_NAME	`prov`	Displays the name of the OIM provisioning host on the public load balancer.
PUBLIC_LBR_PROV_HOSTNAME	`prov.$DNS_DOMAIN_NAME`	The host name for the OIM provisioning host on the public load balancer.
PUBLIC_LBR_PROV_LISTENER_DISPLAY_NAME	`prov`	Displays the name of the OIM provisioning listener on the public load balancer.
PUBLIC_LBR_OHS_SERVERS_BS_NAME	`ohs_servers`	Displays the name of the backend set pointing to the OHS servers.
PUBLIC_LBR_OHS_SERVERS_BS_POLICY	`WEIGHTED_ROUND_ROBIN`	Displays the load balancing policy for the OHS servers back end set.
PUBLIC_LBR_OHS_SERVERS_BS_PROTOCOL	`HTTP`	The protocol used by the public load balancer health checker to determine if the load balancer is accessible.
PUBLIC_LBR_OHS_SERVERS_BS_URI_PATH	`/`	The URI used by the public load balancer health checker to determine if the load balancer is accessible.

Parent topic: Reference - Response File

Internal Load Balancer Configuration

Table E-17 List of Parameters

Parameter	Default Value	Comments
INT_LBR_ACCESS_LOG_DISPLAY_NAME	`internal_loadbalancer_access`	Displays the name of the internal load balancer access log file.
INT_LBR_ERROR_LOG_DISPLAY_NAME	`internal_loadbalancer_error`	Displays the name of the internal load balancer error log.
INT_LBR_CERTIFICATE_NAME	`loadbalancer`	Displays the name of the SSL certificate loaded into the internal load balancer.
INT_LBR_PRIVATE	`true`	Indicates if the internal load balancer should only be assigned an internal IP address.
INT_LBR_SHAPE	`flexible`	Displays the internal load balancer shape configuration.
INT_LBR_SHAPE_DETAILS	`'{minimumBandwidthInMbps: 10, maximumBandwidthInMbps: 100}'`	Displays the minimum and maximum bandwidth values for the internal load balancer.
INT_LBR_DISPLAY_NAME	`internal-loadbalancer`	Displays the name of the internal load balancer.
INT_LBR_IADADMIN_DISPLAY_NAME	`$PUBLIC_LBR_IADADMIN_DISPLAY_NAME`	Displays the name of the OAM iadadmin host name on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_IADADMIN_DISPLAY_NAME`.
INT_LBR_IADADMIN_HOSTNAME	`$PUBLIC_LBR_IADADMIN_HOSTNAME`	The host name for the OAM iadadmin host on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_IADADMIN_HOSTNAME`.
INT_LBR_IADADMIN_LISTENER_DISPLAY_NAME	`$PUBLIC_LBR_IADADMIN_LISTENER_DISPLAY_NAME`	Displays the name of the OAM iadadmin listener on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_IADADMIN_LISTENER_DISPLAY_NAME`.
INT_LBR_IGDADMIN_DISPLAY_NAME	`$PUBLIC_LBR_IGDADMIN_DISPLAY_NAME`	Displays the name of the OIM igdadmin host name on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_IGDADMIN_DISPLAY_NAME`.
INT_LBR_IGDADMIN_HOSTNAME	`$PUBLIC_LBR_IGDADMIN_HOSTNAME`	The host name for the OIM igdadmin host on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_IGDADMIN_HOSTNAME`.
INT_LBR_IGDADMIN_LISTENER_DISPLAY_NAME	`$PUBLIC_LBR_IGDADMIN_LISTENER_DISPLAY_NAME`	Displays the name of the OIM igdadmin listener on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_IGDADMIN_LISTENER_DISPLAY_NAME`.
INT_LBR_IGDINTERNAL_DISPLAY_NAME	`$PUBLIC_LBR_IGDINTERNAL_DISPLAY_NAME`	Displays the name of the OIM igdinternal host name on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_IGDINTERNAL_DISPLAY_NAME`.
INT_LBR_IGDINTERNAL_HOSTNAME	`$PUBLIC_LBR_IGDINTERNAL_HOSTNAME`	The host name for the OIM igdinternal host on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_IGDINTERNAL_HOSTNAME`.
INT_LBR_IGDINTERNAL_LISTENER_DISPLAY_NAME	`$PUBLIC_LBR_IGDINTERNAL_LISTENER_DISPLAY_NAME`	Displays the name of the OIM igdinternal listener on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_IGDINTERNAL_LISTENER_DISPLAY_NAME`.
INT_LBR_LOGIN_DISPLAY_NAME	`$PUBLIC_LBR_LOGIN_DISPLAY_NAME`	Displays the name of the OAM login host on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_LOGIN_DISPLAY_NAME`.
INT_LBR_LOGIN_HOSTNAME	`$PUBLIC_LBR_LOGIN_HOSTNAME`	The host name for the OAM login host on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_LOGIN_HOSTNAME`.
INT_LBR_LOGIN_LISTENER_DISPLAY_NAME	`$PUBLIC_LBR_LOGIN_LISTENER_DISPLAY_NAME`	Displays the name of the OAM login listener on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_LOGIN_LISTENER_DISPLAY_NAME`.
INT_LBR_PROV_DISPLAY_NAME	`$PUBLIC_LBR_PROV_DISPLAY_NAME`	Displays the name of the OIM provisioning host on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_PROV_DISPLAY_NAME`.
INT_LBR_PROV_HOSTNAME	`$PUBLIC_LBR_PROV_HOSTNAME`	The host name for the OIM provisioning host on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_PROV_HOSTNAME`.
INT_LBR_PROV_LISTENER_DISPLAY_NAME	`$PUBLIC_LBR_PROV_LISTENER_DISPLAY_NAME`	Displays the name of the OIM provisioning host on the internal load balancer. Note: This must be the same name as `PUBLIC_LBR_PROV_LISTENER_DISPLAY_NAME`.
INT_LBR_OHS_SERVERS_BS_NAME	`ohs_servers`	Displays the name of the back end set pointing to the OHS servers.
INT_LBR_OHS_SERVERS_BS_POLICY	`WEIGHTED_ROUND_ROBIN`	The load balancing policy for the OHS servers back end set.
INT_LBR_OHS_SERVERS_BS_PROTOCOL	`HTTP`	The protocol used by the public load balancer health checker to determine if the load balancer is accessible.
INT_LBR_OHS_SERVERS_BS_URI_PATH	`/`	The URI used by the public load balancer health checker to determine if the load balancer is accessible.

Parent topic: Reference - Response File

Network Load Balancer Configuration

Table E-18 List of Parameters

Parameter	Default Value	Comments
K8_LBR_DISPLAY_NAME	`k8workers`	Displays the name of the Kuberentes load balancer.
K8_LBR_PRIVATE	`true`	Indicates if the Kubernetes load balancer should only be assigned an internal IP address.
K8_LBR_PRESERVE_SRC_DEST	`false`	Indicates if the requests should be sent with the entire IP header intact.
K8_LBR_K8_WORKERS_BS_NAME	`kubernetes_workers`	Displays the name of the back end set pointing to the OHS servers.
K8_LBR_K8_WORKERS_BS_POLICY	`FIVE_TUPLE`	The Kubernetes load balancer policy for the back end set.
K8_LBR_K8_WORKERS_BS_PRESERVE_SRC	`true`	Indicates if the requests should be sent with the entire IP header intact.
K8_LBR_LISTENER_DISPLAY_NAME	`k8workers`	Displays the name of the Kuberentes load balancer listener.

Parent topic: Reference - Response File

Components of the Deployment Scripts

For reference purposes, this section includes the file name, directory, and purpose of all the objects that make up the deployment scripts.

Table E-19 Components of the Deployment Scripts

File Name	Directory	Purpose
`provision_oci.sh`	`$SCRIPT_DIR/oke_utils`	The main provisioning script.
`delete_oci.sh`	`$SCRIPT_DIR/oke_utils`	Script to delete all of the resources created by the provisioning script. This script requires the following command to be available to read the list of resource OCIDs to delete. `$WORKDIR/<TEMPLATE_NAME>/output/<TEMPLATE_NAME>.ocid`
`delete_oci.sh`	`$SCRIPT_DIR/oke_utils`	Script to create a response file for the IDM EDG Automation.
`oci_create_functions.sh`	`$SCRIPT_DIR/oke_utils/common`	Helper script that contains all of the shell functions used by the `provision_oke.sh` script.
`oci_delete_functions.sh`	`$SCRIPT_DIR/oke_utils/common`	Helper script that contains all of the shell functions used by the `delete_oke.sh` script.
`oci_setup_functions.sh`	`$SCRIPT_DIR/oke_utils/common`	Helper script that contains all of the functions to setup/configure the Bastion host, WebTiers, and database.
`oci_util_functions.sh`	`$SCRIPT_DIR/oke_utils/common`	Helper script that contains all of the functions shared between the provisioning and deletion scripts.
`oci_oke.rsp`	`$SCRIPT_DIR/oke_utils/responsefile`	An example response file that is used as a starting point for end-user response files.
`oci_setup_bastion.sh`	`$SCRIPT_DIR/oke_utils/util`	Helper script that can be executed manually to configure the Bastion host. The script executes the same functions that are called when the `CONFIGURE_BASTION` parameter is enabled.
`oci_setup_webhosts.sh`	`$SCRIPT_DIR/oke_utils/util`	Helper script that can be executed manually to configure the WebTier hosts. The script executes the same functions that are called when the `CONFIGURE_WEBHOSTS` parameter is enabled.
`oci_setup_database.sh`	`$SCRIPT_DIR/oke_utils/util`	Helper script that can be executed manually to configure the RAC database. The script executes the same functions that are called when the `CONFIGURE_DATABASE` parameter is enabled.

Parent topic: Automating the OCI Infrastructure Creation for the Identity and Access Management Kubernetes Cluster