Starting and Stopping OIG using kubectl
Before You Begin
This tutorial shows you how to perform basic operations with kubectl to stop and start the Oracle Identity Governance (OIG) Managed Servers and AdminServer on Oracle Cloud Infrastructure (OCI).
Background
When OIG is deployed in OCI via OCI MarketPlace, it is deployed in a Kubernetes (K8S) cluster using the Oracle Kubernetes Engine (OKE).
Whilst WebLogic Console and Oracle Enterprise Manager Console can be used for normal monitoring and administration operations, it cannot be used to stop and start the OIG AdminServer, OIG Managed Servers or SOA Managed Server. The lifecycle of the OIG WebLogic Servers in K8S is managed using the Oracle WebLogic Server Kubernetes Operator and all start and stop operations must be performed using kubectl commands.
What Do You Need?
- To have completed the tutorial Deploying Oracle Identity Governance on Oracle Cloud Infrastructure
- An SSH connection to the bastion host
- The external IP address of the load balancer service
View the OIG Servers using kubectl
The default OIG deployment using OCI MarketPlace starts the AdminServer (AdminServer), one OIG Managed Server (oim_server1), and one SOA Managed Server (soa_server1).
The deployment also creates, but doesn't start, four extra OIG Managed Servers (oim-server2 - oig-server5) and three more SOA Managed Servers (soa_server2 - soa_server4).
All these servers are visible in the WebLogic Server Console (http://<external-ip>/console) by navigating to Domain Structure > OIGcluster > Environment > Servers.
To view the running servers using kubectl, perform the following:
- Connect to the bastion host using the
cluster.keyfile:
$ ssh -i cluster.key opc@<bastion_ip> - On the bastion host, run the following command to view the pods associated with the OIG servers:
The output should look similar to the following:$ kubectl get pods -n oigcluster
Here you can see the pods that are currently running (NAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 46m oigcluster-create-fmw-infra-sample-domain-job-s9vqm 0/1 Completed 0 68m oigcluster-oim-server1 1/1 Running 0 35m oigcluster-soa-server1 1/1 Running 0 41moigcluster-adminserver,oigcluster-oim-server1,oigcluster-soa-server1). TheREADYstatus1/1indicates the associated servers are also up and running.
Starting OIG Managed Servers
The number of OIG Managed Servers running is dependent on the replicas parameter configured for the cluster. To start more OIG Managed Servers perform the following steps:
- Run the following
kubectlcommand to edit theoigcluster:
Note: This opens an edit session for the domain where parameters can be changed using standard$ kubectl edit domain oigcluster -n oigclustervicommands. - In the edit session search for
"clusterName: oim_cluster"and look for thereplicasparameter. By default thereplicasparameter is set to "1" hence one OIG Managed Server is started (oim_server1):- clusterName: oim_cluster replicas: 1 serverPod: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: weblogic.clusterName operator: In values: - $(CLUSTER_NAME) topologyKey: kubernetes.io/hostname weight: 100 - To start more OIG Managed Servers, increase the
replicasvalue as desired. In the example below, two more managed servers will be started by settingreplicasto "3":- clusterName: oim_cluster replicas: 3 serverPod: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: weblogic.clusterName operator: In values: - $(CLUSTER_NAME) topologyKey: kubernetes.io/hostname weight: 100
Note: If scaling up and starting more servers, ensure you have a high powered compute with enough RAM and CPU in order to prevent problems with pod restart. - Save the file and exit (
:wq!).
The output will look similar to the following:domain.weblogic.oracle/oigcluster edited - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n oigcluster
Two new podsNAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 49m oigcluster-create-fmw-infra-sample-domain-job-s9vqm 0/1 Completed 0 71m oigcluster-oim-server1 1/1 Running 0 38m oigcluster-oim-server2 0/1 Running 0 19s oigcluster-oim-server3 0/1 Running 0 19s oigcluster-soa-server1 1/1 Running 0 44m(oigcluster-oim-server2andoigcluster-oim-server3)are started, but currently have aREADYstatus of0/1. This meansoim_server2andoim_server3are not currently running but are in the process of starting. The servers will take several minutes to start so keep executing the command untilREADYshows1/1:
Note: To check what is happening during server startup whenNAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 76m oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-oim-server1 1/1 Running 0 66m oigcluster-oim-server2 1/1 Running 0 27m oigcluster-oim-server3 1/1 Running 0 27m oigcluster-soa-server1 1/1 Running 0 71mREADYis0/1, run the following command to view the log of the pod that is starting:kubectl logsoigcluster-oim-server3-n oigcluster - To start more SOA Managed servers, run the following
kubectlcommand to edit theoigcluster:$ kubectl edit domain oigcluster -n oigcluster - Search for
"clusterName: soa_cluster"and look for thereplicasparameter. By default thereplicasparameter is set to "1" hence one SOA Managed server is started (soa_server1):- clusterName: soa_cluster replicas: 1 serverPod: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: weblogic.clusterName operator: In values: - $(CLUSTER_NAME) topologyKey: kubernetes.io/hostname weight: 100 - To start more SOA Managed Servers, increase the
replicasvalue as desired. In the example below, one more SOA Managed server will be started by settingreplicasto "2":- clusterName: soa_cluster replicas: 2 serverPod: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: weblogic.clusterName operator: In values: - $(CLUSTER_NAME) topologyKey: kubernetes.io/hostname weight: 100 - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n oigcluster
A new podNAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 76m oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-oim-server1 1/1 Running 0 66m oigcluster-oim-server2 1/1 Running 0 27m oigcluster-oim-server3 1/1 Running 0 27m oigcluster-soa-server1 1/1 Running 0 71m
oigcluster-soa-server2 0/1 Running 0 2m3s(oigcluster-soa-server2)is started, but currently has aREADYstatus of0/1. The server will take several minutes to start so keep executing the command untilREADYshows1/1:NAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 76m oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-oim-server1 1/1 Running 0 66m oigcluster-oim-server2 1/1 Running 0 29m oigcluster-oim-server3 1/1 Running 0 29m oigcluster-soa-server1 1/1 Running 0 71m
oigcluster-soa-server2 1/1 Running 0 4m50s
Stopping OIG Managed Servers
As mentioned in the previous section, the number of OIG Managed Servers running is dependent on the replicas parameter configured for the cluster. To stop one or more OIG Managed Servers, perform the following:
- Run the following
kubectlcommand to edit theOIGcluster:$ kubectl edit domain oigcluster -n oigcluster - In the edit session search for
"clusterName: oim_cluster"and look for thereplicasparameter. Assuming thereplicasparameter was increased in the previous section, the current value is set to "3" hence three OIG Managed Servers are started (oim_server1- oim_server3):- clusterName: oim_cluster replicas: 3 serverPod: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: weblogic.clusterName operator: In values: - $(CLUSTER_NAME) topologyKey: kubernetes.io/hostname weight: 100 - To stop OIG Managed Servers, decrease the
replicasvalue as desired. In the example below, we will stop two managed servers by settingreplicasto "1":- clusterName: oim_cluster replicas: 1 serverPod: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: weblogic.clusterName operator: In values: - $(CLUSTER_NAME) topologyKey: kubernetes.io/hostname weight: 100 - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n oigcluster
Two pods now have aNAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 76m oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-oim-server1 1/1 Running 0 66m oigcluster-oim-server2 1/1 Terminating 0 29m oigcluster-oim-server3 1/1 Terminating 0 29m oigcluster-soa-server1 1/1 Running 0 71m
oigcluster-soa-server2 1/1 Running 0 4m50sSTATUSofTerminating(oigcluster-oim-server2andoigcluster-oim-server3). The servers will take a minute or two to stop, so keep executing the command until the pods have disappeared:NAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 76m oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-oim-server1 1/1 Running 0 66m oigcluster-soa-server1 1/1 Running 0 71m
oigcluster-soa-server2 1/1 Running 0 4m50s - To stop SOA Managed Servers run the following
kubectlcommand to edit theoigcluster:$ kubectl edit domain oigcluster -n oigcluster - In the edit session search for
"clusterName: soa_cluster"and look for thereplicasparameter. Assuming thereplicasparameter was increased in the previous section, the current value is set to "2"hence two SOA Managed Servers are started (soa_server1andsoa_server2):- clusterName: soa_cluster replicas: 2 serverPod: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: weblogic.clusterName operator: In values: - $(CLUSTER_NAME) topologyKey: kubernetes.io/hostname weight: 100 - To stop SOA Managed Servers, decrease the
replicasvalue as desired. In the example below, we will stop one managed server by settingreplicasto "1":- clusterName: soa_cluster replicas: 1 serverPod: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: weblogic.clusterName operator: In values: - $(CLUSTER_NAME) topologyKey: kubernetes.io/hostname weight: 100 - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n oigcluster
One pod now has aNAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 76m oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-oim-server1 1/1 Running 0 66m oigcluster-soa-server1 1/1 Running 0 71m
oigcluster-soa-server2 1/1 Terminating 0 4m50sSTATUSofTerminating(oigcluster-soa-server2). The server will take a minute or two to stop, so keep executing the command until the pod has disappeared:NAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 76m oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-oim-server1 1/1 Running 0 66m oigcluster-soa-server1 1/1 Running 0 71m
Stopping and Starting the AdminServer and Managed Servers
In this section you stop the AdminServer and all the OIG Managed Servers in one operation. After stopping the pods, you then start the pods back up again with a single operation.
Note: At present it is not possible to stop and start the AdminServer on it's own.
- Run the following
kubectlcommand to edit theOIGcluster:$ kubectl edit domain oigcluster -n oigcluster - In the edit session search for
"serverStartPolicy: IF_NEEDED":...
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: oigcluster-oim-pvc
serverService:
annotations: {}
labels: {}
serverStartPolicy: IF_NEEDED
webLogicCredentialsSecret:
name: oigcluster-domain-credentials
status:
... - Change
"serverStartPolicy: IF_NEEDED"to "NEVER" as follows:...
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: oigcluster-oim-pvc
serverService:
annotations: {}
labels: {}
serverStartPolicy: NEVER
webLogicCredentialsSecret:
name: oigcluster-domain-credentials
status:
... - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n oigcluster
The AdminServer pods and Managed Server pods will move to aNAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Terminating 0 76m oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-oim-server1 1/1 Running 0 66m oigcluster-soa-server1 1/1 Running 0 71mSTATUSofTerminating. After a few minutes, run the command again and the pods should have disappeared:NAME READY STATUS RESTARTS AGE oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m - To start the AdminServer and Managed Servers up again, run the following
kubectlcommand to edit theOIGcluster:$ kubectl edit domain oigcluster -n oigcluster - In the edit session search for
"serverStartPolicy: NEVER":...
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: oigcluster-oim-pvc
serverService:
annotations: {}
labels: {}
serverStartPolicy: NEVER
webLogicCredentialsSecret:
name: oigcluster-domain-credentials
status:
... - Change
"serverStartPolicy: NEVER"to "IF_NEEDED" as follows:...
volumes:
- name: weblogic-domain-storage-volume
persistentVolumeClaim:
claimName: OIGcluster-domain-pvc
serverService:
annotations: {}
labels: {}
serverStartPolicy:IF_NEEDED
webLogicCredentialsSecret:
name: OIGcluster-domain-credentials
status:
... - Save the file and exit (
:wq!). - Run the following
kubectlcommand to view the pods:
The output will look similar to the following:kubectl get pods -n oigcluster
AnNAME READY STATUS RESTARTS AGE oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-introspect-domain-job-4sv7z 1/1 Running 0 11soigcluster-introspect-domain-jobpod will start. This job will create and start the AdminServer, followed by the OIG Managed Servers pods. This process will take several minutes, so keep executing the command until all the pods are running withREADYstatus1/1:NAME READY STATUS RESTARTS AGE oigcluster-adminserver 1/1 Running 0 76m oigcluster-create-fmw-infra-sample-domain-job-zfzll 0/1 Completed 0 99m oigcluster-oim-server1 1/1 Running 0 66m oigcluster-soa-server1 1/1 Running 0 71m
Want to Learn More?
Feedback
To provide feedback on this tutorial, please contact Identity Management User Assistance.