Starting and Stopping OAM using kubectl
Before You Begin
This tutorial shows you how to perform basic operations with kubectl to stop and start the Oracle Access Management (OAM) Managed Servers and AdminServer on Oracle Cloud Infrastructure (OCI).
Background
When OAM is deployed in OCI via OCI MarketPlace, it is deployed in a Kubernetes (K8S) cluster using the Oracle Kubernetes Engine (OKE).
Whilst WebLogic Console and Oracle Enterprise Manager Console can be used for normal monitoring and administration operations, it cannot be used to stop and start the OAM AdminServer or OAM Managed Servers. The lifecycle of the OAM WebLogic Servers in K8S is managed using the Oracle WebLogic Server Kubernetes Operator and all start and stop operations must be performed using kubectl commands.
What Do You Need?
- To have completed the tutorial Deploying Oracle Access Management on Oracle Cloud Infrastructure (and optionally Validating a Basic SSO Flow using WebGate)
- An SSH connection to the bastion host
- The external IP address of the load balancer
View the OAM Servers using kubectl
The default OAM deployment using OCI MarketPlace starts the AdminServer (AdminServer), two OAM Managed Servers (oam_server1 and oam_server2) and one OAM Policy Manager server (oam_policy_mgr1).
The deployment also creates, but doesn't start, two extra OAM Managed Servers (oam-server3 and oam-server4) and four more OAM Policy Manager servers (oam_policy_mgr2 - oam_policy_mgr5).
All these servers are visible in the WebLogic Server Console (https://<external-ip>/console) by navigating to Domain Structure > oamcluster > Environment > Servers.
To view the running servers using kubectl, perform the following:
- Connect to the bastion host using the
cluster.keyfile:
$ ssh -i cluster.key opc@<bastion_ip> - On the bastion host, run the following command to view the pods associated with the OAM servers:
The output should look similar to the following:$ kubectl get pods -n accessns
Here you can see the pods that are currently running (NAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h rcu 1/1 Running 0 16hoamcluster-adminserver,oamcluster-oam-server1,oamcluster-oam-server2,oamcluster-oam-policy-mgr1). TheREADYstatus1/1indicates the associated OAM servers are also up and running.
Starting OAM Managed Servers
The number of OAM Managed Servers running is dependent on the replicas parameter configured for the cluster. To start more OAM Managed Servers perform the following steps:
- Run the following
kubectlcommand to edit theoamcluster:
Note: This opens an edit session for the domain where parameters can be changed using standard$ kubectl edit domain oamcluster -n accessnsvicommands. - In the edit session search for
"clusterName: oam_cluster"and look for thereplicasparameter. By default thereplicasparameter is set to "2" hence two OAM Managed Servers are started (oam_server1andoam_server2):clusters:
- clusterName: oam_cluster
clusterService:
annotations: {}
labels: {}
replicas: 2
serverPod:
annotations: {}
containerSecurityContext: {}
containers: [] - To start more OAM Managed Servers, increase the
replicasvalue as desired. In the example below, two more managed server will be started by settingreplicasto "4":clusters:
- clusterName: oam_cluster
clusterService:
annotations: {}
labels: {}
replicas: 4
serverPod:
annotations: {}
containerSecurityContext: {}
containers: []
Note: If scaling up and starting more servers, ensure you have a high powered compute with enough RAM and CPU in order to prevent problems with pod restart. - Save the file and exit (
:wq!).
The output will look similar to the following:domain.weblogic.oracle/oamcluster edited - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n accessns
Two new podsNAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h oamcluster-oam-server3 0/1 Running 0 2m3s oamcluster-oam-server4 0/1 Running 0 2m3s rcu 1/1 Running 0 16h(oamcluster-oam-server3andoamcluster-oam-server4)are started, but currently have aREADYstatus of0/1. This meansoam_server3andoam_server4are not currently running but are in the process of starting. The servers will take several minutes to start so keep executing the command untilREADYshows1/1:
Note: To check what is happening during server startup whenNAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h oamcluster-oam-server3 1/1 Running 0 3m43s oamcluster-oam-server4 1/1 Running 0 3m43s rcu1/1 Running 0 16hREADYis0/1, run the following command to view the log of the pod that is starting:kubectl logs oamcluster-oam-server3 -n accessns - To start more OAM Policy Manager servers, run the following
kubectlcommand to edit theoamcluster:$ kubectl edit domain oamcluster -n accessns - Search for
"clusterName: policy_cluster"and look for thereplicasparameter. By default thereplicasparameter is set to "1" hence one OAM Policy Manager server is started (oam_policy_mgr1):clusters: - clusterName: policy_cluster clusterService: annotations: {} labels: {} replicas: 1 serverPod: annotations: {} containerSecurityContext: {} containers: [] - To start more OAM Policy Manager Servers, increase the
replicasvalue as desired. In the example below, one more policy manager server will be started by settingreplicasto "2":clusters:
- clusterName: policy_cluster
clusterService:
annotations: {}
labels: {}
replicas: 2
serverPod:
annotations: {}
containerSecurityContext: {}
containers: [] - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n accessns
A new podNAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-policy-mgr2 0/1 Running 0 10s oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h oamcluster-oam-server3 1/1 Running 0 5m57s oamcluster-oam-server4 1/1 Running 0 5m57s rcu 1/1 Running 0 16h(oamcluster-oam-policy-mgr2)is started, but currently has aREADYstatus of0/1. The server will take several minutes to start so keep executing the command untilREADYshows1/1:NAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-policy-mgr2 1/1 Running 0 2m7s oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h oamcluster-oam-server3 1/1 Running 0 7m54s oamcluster-oam-server4 1/1 Running 0 7m54s rcu 1/1 Running 0 16h
Stopping OAM Managed Servers
As mentioned in the previous section, the number of OAM Managed Servers running is dependent on the replicas parameter configured for the cluster. To stop one or more OAM Managed Servers, perform the following:
- Run the following
kubectlcommand to edit theoamcluster:$ kubectl edit domain oamcluster -n accessns - In the edit session search for
"clusterName: oam_cluster"and look for thereplicasparameter. Assuming thereplicasparameter was increased in the previous section, the current value is set to "4" hence four OAM Managed Servers are started (oam_server1- oam_server4):clusters:
- clusterName: oam_cluster
clusterService:
annotations: {}
labels: {}
replicas: 4
serverPod:
annotations: {}
containerSecurityContext: {}
containers: [] - To stop OAM Managed Servers, decrease the
replicasvalue as desired. In the example below, we will stop two managed servers by settingreplicasto "2":clusters:
- clusterName: oam_cluster
clusterService:
annotations: {}
labels: {}
replicas: 2
serverPod:
annotations: {}
containerSecurityContext: {}
containers: [] - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n accessns
Two pods now have aNAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-policy-mgr2 1/1 Running 0 5m13s oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h oamcluster-oam-server3 1/1 Terminating 0 11m oamcluster-oam-server4 1/1 Terminating 0 11m rcu 1/1 Running 0 16hSTATUSofTerminating(oamcluster-oam-server3andoamcluster-oam-server4). The servers will take a minute or two to stop, so keep executing the command until the pods have disappeared:NAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-policy-mgr2 1/1 Running 0 6m4s oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h rcu 1/1 Running 0 16h - To stop OAM Policy Manager servers run the following
kubectlcommand to edit theoamcluster:$ kubectl edit domain oamcluster -n accessns - In the edit session search for
"clusterName: policy_cluster"and look for thereplicasparameter. Assuming thereplicasparameter was increased in the previous section, the current value is set to "2"hence two OAM Policy Manager servers are started (oam_policy_mgr1andoam_policy_mgr2):clusters: - clusterName: policy_cluster clusterService: annotations: {} labels: {} replicas: 2 serverPod: annotations: {} containerSecurityContext: {} containers: [] - To stop OAM Policy Manager Servers, decrease the
replicasvalue as desired. In the example below, we will stop one managed server by settingreplicasto "1":clusters:
- clusterName: policy_cluster
clusterService:
annotations: {}
labels: {}
replicas: 1
serverPod:
annotations: {}
containerSecurityContext: {}
containers: [] - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n accessns
One pod now has aNAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-policy-mgr2 1/1 Terminating 0 8m oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h rcu 1/1 Running 0 16hSTATUSofTerminating(oamcluster-oam-policy-mgr2). The server will take a minute or two to stop, so keep executing the command until the pod has disappeared:NAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h rcu 1/1 Running 0 16h
Stopping and Starting the AdminServer and Managed Servers
In this section you stop the AdminServer and all the OAM Managed Servers in one operation. After stopping the pods, you then start the pods back up again with a single operation.
Note: At present it is not possible to stop and start the AdminServer on it's own.
- Run the following
kubectlcommand to edit theoamcluster:$ kubectl edit domain oamcluster -n accessns - In the edit session search for
"serverStartPolicy: IF_NEEDED":...
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: oamcluster-domain-pvc
serverService:
annotations: {}
labels: {}
serverStartPolicy: IF_NEEDED
webLogicCredentialsSecret:
name: oamcluster-domain-credentials
status:
... - Change
"serverStartPolicy: IF_NEEDED"to "NEVER" as follows:...
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: oamcluster-domain-pvc
serverService:
annotations: {}
labels: {}
serverStartPolicy: NEVER
webLogicCredentialsSecret:
name: oamcluster-domain-credentials
status:
... - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n accessns
The AdminServer pods and Managed Server pods will move to aNAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Terminating 0 16h oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 16h oamcluster-oam-server1 1/1 Running 0 16h oamcluster-oam-server2 1/1 Running 0 16h rcu 1/1 Running 0 16hSTATUSofTerminating. After a few minutes, run the command again and the pods should have disappeared:NAME READY STATUS RESTARTS AGE oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h rcu 1/1 Running 0 16h - To start the AdminServer and Managed Servers up again, run the following
kubectlcommand to edit theoamcluster:$ kubectl edit domain oamcluster -n accessns - In the edit session search for
"serverStartPolicy: NEVER":...
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: oamcluster-domain-pvc
serverService:
annotations: {}
labels: {}
serverStartPolicy: NEVER
webLogicCredentialsSecret:
name: oamcluster-domain-credentials
status:
... - Change
"serverStartPolicy: NEVER"to "IF_NEEDED" as follows:...
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: oamcluster-domain-pvc
serverService:
annotations: {}
labels: {}
serverStartPolicy:IF_NEEDED
webLogicCredentialsSecret:
name: oamcluster-domain-credentials
status:
... - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n accessns
AnNAME READY STATUS RESTARTS AGE oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-introspect-domain-job-4sv7z 1/1 Running 0 11s rcu 1/1 Running 0 16hoamcluster-introspect-domain-jobpod will start. This job will create and start the AdminServer, followed by the OAM Managed Servers pods. This process will take several minutes, so keep executing the command until all the pods are running withREADYstatus1/1:NAME READY STATUS RESTARTS AGE oamcluster-adminserver 1/1 Running 0 7m4s oamcluster-create-fmw-infra-sample-domain-job-x8cvm 0/1 Completed 0 16h oamcluster-oam-policy-mgr1 1/1 Running 0 4m18s oamcluster-oam-server1 1/1 Running 0 4m18s oamcluster-oam-server2 1/1 Running 0 4m18s rcu 1/1 Running 0 16h
Want to Learn More?
Feedback
To provide feedback on this tutorial, please contact Identity Management User Assistance.