Before You Begin
This tutorial shows you how to create and configure Oracle Access Management (OAM) 12.2.1.4.0 Docker containers.
Background
Docker is a platform that enables users to build, package, ship and run distributed applications. Docker users package up their applications, and any dependent libraries or files, into a Docker image.
Docker images are portable artifacts that can be distributed across Linux environments. Images that have been distributed can be used to instantiate containers where applications can run in isolation from other applications running in other containers on the same host operating system.
You can deploy OAM images in the following ways:
1. Download a prebuilt OAM image from Oracle Container Registry by by navigating to Middleware > oam_cpu. This image is prebuilt by Oracle and includes Oracle Access Management 12.2.1.4.0, the latest Patch Set Update (PSU) and other fixes released with the Critical Patch Update (CPU) program.
2. Build your own OAM image using the WebLogic Image Tool or by using the dockerfile, scripts and base images from Oracle Container Registry (OCR). You can also build your own image by using only the dockerfile and scripts. For more information about the various ways in which you can build your own container image, see Building the OAM Image.
Before following this tutorial, the OAM image must be installed in the docker images repository using one of these methods. Instructions for all these methods are found in the links referenced above.
The OAM image is designed to be used for the following OAM containers:
- WebLogic Administration Server (
AdminServer
) - OAM Managed Server (
oam_server1
) - OAM Policy Manager Managed Server (
oam_policy_mgr1
)
What Do You Need?
- An OAM image installed in the docker images repository
- A basic understanding of Docker
- A running Oracle Database. The database must be a supported version for OAM as outlined in Oracle Fusion Middleware 12c certifications.
Validate the OAM Image
In this section you validate the OAM image is installed in the docker images repository.
- Run the following command to make sure the OAM image is installed in the docker images repository:
The output will look similar to the following:$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Make note of the the OAM image name as this will be used in later sections. In this example the image name is
oamoam:12.2.1.4.0
Create a Bridged Network
In this section you create a bridged network so the OAM Container(s) can communicate with each other.
- To create a docker network, run the following command:
The output will look similar to the following:$ docker network create -d bridge OamNET
eff0bf4d7752e11e735a1e570d3348592af181e76ff86e6762f57e3f62928f9f
Create and Run the OAM Administration Server Container
In this section you create and run the OAM WebLogic Administration Server container, which hosts the WebLogic and OAM Consoles.
When the container is created for the Administration Server, the following operations are performed:
- Execution of the Repository Creation Utility
- Creation of the OAM Domain with DOMAIN_ROOT as
/u01/oracle/user_projects
- Startup of the Administration Server
A directory from the host, for example /scratch/user_projects
, will be mapped to containers at /u01/oracle/user_projects
. This is the mechanism by which the domain structure is shared among the OAM Administration Server and Managed Server containers.
- Create an environment file
/scratch/oam-admin.env
which contains the following variables:
where:DOMAIN_NAME=access_domain ADMIN_USER=weblogic ADMIN_PASSWORD=<password> ADMIN_LISTEN_HOST=oamadmin ADMIN_LISTEN_PORT=7001 CONNECTION_STRING=oamdb.example.com:1521/oampdb1.example.com RCUPREFIX=OAM01 DB_USER=sys DB_PASSWORD=<password> DB_SCHEMA_PASSWORD=<password>
a)DOMAIN_NAME
is the name of the WebLogic domain to be created
b)ADMIN_USER
andADMIN_PASSWORD
are the weblogic user/pwd for the WebLogic and OAM Administration Consoles
c)ADMIN_LISTEN_HOST
is the hostname for the container. Note: it is recommended to make this the same name as the container name passed in the--name
parameter in the docker run command below
d)ADMIN_LISTEN_PORT
is the port number for the WebLogic Administration Server to listen on
e)CONNECTION_STRING
is the<host>:<port>/<service_name>
of the running database
f)RCUPREFIX
is the prefix name to give the schemas built by RCU
g)DB_USER
andDB_PASSWORD
are the user/pwd of the running database
h)DB_SCHEMA_PASSWORD
is the password you want to set for the RCU schemas - Run the following command to create and start the OAM Administration Server container:
In the above example:$ mkdir /scratch/user_projects
$ chmod 777 /scratch/user_projects
$ docker run -d -p 7001:7001 --name oamadmin --network=OamNET --env-file /scratch/oam-admin.env --volume /scratch/user_projects:/u01/oracle/user_projects oam:12.2.1.4.0
a)-d
starts the container detached as a background process
b)--name
is the name given to the docker container once started. For ease of use name this the same as passed in theADMIN_LISTEN_HOST
variable
c)--volume
maps the/scratch/user_projects
directory on the host environment to the/u01/oracle/user_projects
directory in the container.
d)--env-file
is the path to the .env file created earlier
e)oam:12.2.1.4.0
is the name of the OAM image name.
f)--network
is the name of the network bridge we created earlier
The output will look similar to the following:
Note: In the above example the environment variables are passed with the5ed71fe34a04cde9dfca08dbbe1a24d3b921f35f697f2c0881c93f5d25e1dd06
--env-file
parameter which points a file containing the environment variables. Alternatively, you can to pass the environment variables on the command line as follows:$ docker run -d --network=OamNET -p 7001:7001 --name=oamadmin \ --env CONNECTION_STRING=oamdb.example.com:1521/oampdb1.example.com --env ADMIN_LISTEN_HOST=oamadmin \ --env DOMAIN_NAME=access_domain --env ADMIN_USER=weblogic --env ADMIN_PASSWORD=<password> \ --env ADMIN_LISTEN_PORT=7001 --env RCUPREFIX=OAM1 --env DB_USER=sys \ --env DB_PASSWORD=<password> --env DB_SCHEMA_PASSWORD=<password> \ -v /scratch/user_projects/:/u01/oracle/user_projects oam:12.2.1.4.0
- Validate the container is running by issuing the following command:
The output should look similar to the following:$ docker ps
CONTAINERID IMAGE COMMAND CREATED STATUS PORTS NAMES 74653360d1fa oam:12.2.1.4.0 "sh -c ${SCRIPT_DIR}\u2026" 16 seconds ago Up 15 seconds 0.0.0.0:7001->7001/tcp oamadmin
- Run the
docker logs
command to see the status of the domain creation:
The domain creation will take several minutes. Run the above command until you see the following output confirming the OAM Administration Server is running:$ docker logs oamadmin
Note: If after a while the oamadmin container disappears then it's likely the container failed to start. If so run "INFO: Starting the Admin Server...
INFO: Logs = /u01/oracle/user_projects/domains/access_domain/logs/as.log
<Mar 4, 2020 2:34:26,180 PM GMT> <Notice> <WebLogicServer> <BEA-000360> <The server started in RUNNING mode.> INFO: Admin server is running
INFO: Admin server running, ready to start managed serverdocker ps -a
". This should show the status of all the containers started, stopped, or exited. You can then run"docker logs oamadmin
" to view the log to try and work out what went wrong. Most problems are caused by typo's in the docker run command, or incorrect setting of environment variables.
Create and Run the OAM WebLogic Managed Server Container
In this section you create and run the OAM WebLogic Managed Server Container.
- Create an environment file
/scratch/oam-ms.env
which contains the following variables:DOMAIN_NAME=access_domain
where:
ADMIN_USER=weblogic
ADMIN_PASSWORD=<password>
ADMIN_LISTEN_HOST=oamadmin
ADMIN_LISTEN_PORT=7001
MANAGEDSERVER_PORT=14100
MANAGED_SERVER_CONTAINER=true
MS_HOST=oamms
MS_NAME=oam_server1
a)DOMAIN_NAME
is the name of the WebLogic domain created previously
b)ADMIN_USER
andADMIN_PASSWORD
is the weblogic user/pwd
c)ADMIN_LISTEN_HOST
is the hostname of the OAM Administration Server container
d)ADMIN_LISTEN_PORT
is the port number of the WebLogic Administration Server
e)MANAGEDSERVER_PORT
is the port number for the OAM Managed Server
f)MANAGED_SERVER_CONTAINER
is set to true for healthcheck reasons
g)MS_HOST
is the hostname where the managed server will reside. This should be set to the the same as the--name
parameter passed in thedocker run
command below
h)MS_NAME
is the name of the OAM managed server to create - Run the following command to create and start the OAM Managed Server container:
In the above example:$ docker run -d -p 14100:14100 --network=OamNET --volumes-from oamadmin --name oamms --env-file /scratch/oam-ms.env oam:12.2.1.4.0 "/u01/oracle/dockertools/startMS.sh"
a)-d
starts the container detached as a background process
b)--name
is the name given to the docker container once started. For ease of use name this the same as passed in theMS_HOST
variable
c)--volumes-from
is the name of the OAM Administration Server container
d)--env-file
is the name of the file containing the environment variables created earlier
e)oam:12.2.1.4.0
is the OAM image name
f)--network
is the name of the network bridge we created earlier
g)/u01/oracle/dockertools/startMS.sh
is passed as a CMD todocker run
. The scriptstartMS.sh
establishes connection withADMIN_LISTEN_HOST:ADMIN_LISTEN_PORT
using credentialsADMIN_USER
andADMIN_PASSWORD
to start theMS_NAME
managed server.
The output will look similar to the following:
Note: In the above example the environment variables are passed with the7e735093a9503dc6586e00f31c9846cf59b92fb5299875f4eb650053f0a1fb01
--env-file
parameter which points a file containing the environment variables. Alternatively, you can to pass the environment variables on the command line as follows:$ docker run -d -p 14100:14100 --network=OamNET --volumes-from oamadmin --name oamms --env DOMAIN_NAME=access_domain --env ADMIN_USER=weblogic \ --env ADMIN_PASSWORD=<password> --env ADMIN_LISTEN_HOST=oamadmin --env ADMIN_LISTEN_PORT=7001 --env MANAGEDSERVER_PORT=14100 --env MANAGED_SERVER_CONTAINER=true --env MS_NAME=oam_server1 \ --env MS_HOST=oamms oam:12.2.1.4.0 "/u01/oracle/dockertools/startMS.sh"
- Validate the container is running by issuing the following command:
The output should look similar to the following:$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7e735093a950 oam:12.2.1.4.0 "/u01/oracle/dockert\u2026" 14 seconds ago Up 13 seconds 0.0.0.0:14100->14100/tcp oamms 74653360d1fa oam:12.2.1.4.0 "sh -c ${SCRIPT_DIR}\u2026" 2 hours ago Up 2 hours 0.0.0.0:7001->7001/tcp oamadmin
- Run the docker logs command to see the status of the server creation:
The OAM Managed Server creation will take several minutes. Run the above command until you see the following output to confirm the OAM Managed Server is running:$ docker logs oamms
INFO: Waiting for the Managed Server to accept requests...
Note: If after a while the oamms container disappears then it's likely the container failed to start. If so run "
<Mar 4, 2020 3:13:44,286 PM GMT> <Notice> <WebLogicServer> <BEA-000360> <The server started in RUNNING mode.>
INFO: Managed server has been starteddocker ps -a
". This should show the status of all the containers started, stopped, or exited. You can then run "docker logs oamms
" to view the log to try and work out what went wrong. Most problems are caused by typo's in the docker run command, or incorrect setting of environment variables.
Create and Run the OAM Policy Manager Container
In this section you create and run the OAM Policy Manager Container.
- Create an environment file
/scratch/oam-policy.env
which contains the following variables:
where:DOMAIN_NAME=access_domain
ADMIN_USER=weblogic
ADMIN_PASSWORD=<password>
ADMIN_LISTEN_HOST=oamadmin
ADMIN_LISTEN_PORT=7001
MANAGEDSERVER_PORT=15100
MANAGED_SERVER_CONTAINER=true
MS_NAME=oam_policy_mgr1
MS_HOST=oampolicy
a)DOMAIN_NAME
is the name of the WebLogic domain created earlier
b)ADMIN_USER
andADMIN_PASSWORD
are the weblogic user/pwd for the OAM Administration Server
c)ADMIN_LISTEN_HOST
is the hostname of the OAM Administration Server container
d)ADMIN_LISTEN_PORT
is the port number of the OAM WebLogic Administration Server
e)MANAGEDSERVER_PORT
is the port number for the OAM Policy Manager Managed Server
f)MANAGED_SERVER_CONTAINER
is set to true for healthcheck reasons
g)MS_NAME
is the name of the policy manager managed server
h)MS_HOST
is the hostname for this container. This should match the--name
parameter passed in the docker run command below - Run the following command to create and start the OAM Policy Manager container:
In the above example:$ docker run -d -p 15100:15100 --network=OamNET --env-file /scratch/oam-policy.env --volumes-from oamadmin --name oampolicy oam:12.2.1.4.0 "/u01/oracle/dockertools/startMS.sh"
a)-d
starts the container detached as a background process
b)--name
is the name given to the docker container once started. For ease of use name this the same as passed in theMS_HOST
variable
c)--volumes-from
is the name of the OAM Administration Server container
d)oam:12.2.1.4.0
is the name of the OAM image
e)--network
is the name of the network bridge we created earlier
f)/u01/oracle/dockertools/startMS.sh
- is passed as a CMD to docker run. The scriptstartMS.sh
establishes connection withADMIN_LISTEN_HOST:ADMIN_LISTEN_PORT
using credentialsADMIN_USER
andADMIN_PASSWORD
to start theMS_NAME
managed server. The output will look similar to the following:
Note: In the above example the environment variables are passed with theb673528bfc828d172759e86fcb942d5333ad80adc8a43202ddbd66428cecc81a
--env-file
parameter which points a file containing the environment variables. Alternatively, you can to pass the environment variables on the command line as follows:$ docker run -d -p 15100:15100 --network=OamNET --volumes-from oamadmin --name oampolicy --env DOMAIN_NAME=access_domain --env ADMIN_USER=weblogic --env ADMIN_PASSWORD=<password> \ --env ADMIN_LISTEN_HOST=oamadmin --env ADMIN_LISTEN_PORT=7001 --env MANAGEDSERVER_PORT=15100 --env MANAGED_SERVER_CONTAINER=true --env MS_NAME=oam_policy_mgr1 --env MS_HOST=oampolicy oam:12.2.1.4.0 "/u01/oracle/dockertools/startMS.sh"
- Validate the container is running by issuing the following command:
The output should look similar to the following:$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 307b29018f3b oam:12.2.1.4.0 "/u01/oracle/dockert\u2026" 2 minutes ago Up 2 minutes 0.0.0.0:15100->15100/tcp oampolicy 7e735093a950 oam:12.2.1.4.0 "/u01/oracle/dockert\u2026" 14 seconds ago Up 13 seconds 0.0.0.0:14100->14100/tcp oamms 74653360d1fa oam:12.2.1.4.0 "sh -c ${SCRIPT_DIR}\u2026" 2 hours ago Up 2 hours 0.0.0.0:7001->7001/tcp oamadmin
- Run the
docker logs
command to see the status of the server creation:$ docker logs oampolicy
- The OAM Managed Server creation will take several minutes. Run the above command until you see the following output to confirm the OAM Policy Manager Server is running:
INFO: Starting the managed server oam_policy_mgr1
Note: If after a while the oampolicy container disappears then it's likely the container failed to start. If so run "
INFO: Logs = /u01/oracle/user_projects/domains/access_domain/logs/oam_policy_mgr1-ms-oampolicy.log
<Mar 4, 2020 3:48:47,940 PM GMT> <Notice> <WebLogicServer> <BEA-000360> <The server started in RUNNING mode.> starteddocker ps -a
". This should show the status of all the containers started, stopped, or exited. You can then run "docker logs oampolicy
" to view the log to try and work out what went wrong. Most problems are caused by typo's in the docker run command, or incorrect setting of environment variables.
Validating the OAM Services
In this section you validate that OAM is running and functioning.
- Find the the relevant IP Addresses for each docker container using the following command:
$ docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' < name of docker containers separated by space >
For example:
$ docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' oamadmin oamms oampolicy
The output will look similar to the following:
/oamadmin - 192.168.0.3
/oamms - 192.168.0.4
/oampolicy - 192.168.0.5 - Launch a browser on the Docker host Linux server. Edit the browsers' network proxy preferences and add the ip addresses from above to the "No proxy for" section.
- Access the following URL's using the relevant ip address for the container. Login with weblogic/<password>
Console or Page URL WebLogic Administration Console http://<oamadmin_ip>:7001/console
Oracle Enterprise Manager Console http://<oamadmin_ip>:7001/em
Oracle Access Management Console http://<oamadmin_ip>:7001/oamconsole
OAM Server Logout http://<oamms_ip>:14100/oam/server/logout
Policy Manager Access http://<oampolicy_ip>:15100/access
Alternatively services can be accessed through:
a) localhost only from the docker host itself withhttp://localhost:7001/<uri>
b) From outside the docker host if container ports were mapped to the host ports (through
-p
parameter fordocker run.
For examplehttp://<hostname>:<ADMIN_LISTEN_PORT>/<uri>
Note: In order to stop and start the Administration Server and OAM Managed Servers use thedocker stop <container>
anddocker start <container>
command.
Updating OAM Containers with a New Image
In this section you start the OAM containers with a new docker image.
- Install the new image in the repository e.g
oam:12.2.1.4-new
:
$ docker images
b6de6dd37fea 1 day ago 3.32GB
REPOSITORY TAG IMAGE ID CREATED SIZE
oam
oam 12.2.1.4.0-new - Run the following commands to stop and remove the containers:
$ docker stop oampolicy
$ docker stop oamms
$ docker stop oamadmin
$ docker rm oampolicy
$ docker rm oamms
$ docker rm oamadmin - Follow sections 3-5 to start the containers but pass the the new image name e.g
oam:12.2.1.4-new
. For example for the OAM Administration Server:
As you are passing the volume parameter the OAM servers will start with your previous configuration.$ docker run -d -p 7001:7001 --name oamadmin --network=OamNET --env-file /scratch/oam-admin.env --volume /scratch/user_projects:/u01/oracle/user_projects oam:12.2.1.4.0-new
Removing an OAM Docker Setup
If you need to remove an OAM Docker setup perform the following steps:
- Run the following commands to stop the OAM containers:
$ docker stop oamadmin oamms oampolicy
- Remove the OAM containers using the following command:
$ docker rm oamadmin oamms oampolicy
- Remove all the directories from where you mapped the
--volume
parameter when creating theoamadmin
container, for example/scratch/user_projects
.
If using an external database and want to create a new environment, make sure you use choose a different$ sudo rm -rf /scratch/user_projects/*
RCUPREFIX
in theoam-admin.env
Want to Learn More?
Feedback
To provide feedback on this tutorial, please contact Identity Management User Assistance.