Before You Begin

This tutorial shows you how to create and configure Oracle Identity Governance (OIG) 12.2.1.4.0 Docker containers.

Background

Docker is a platform that enables users to build, package, ship and run distributed applications. Docker users package up their applications, and any dependent libraries or files, into a Docker image.

Docker images are portable artifacts that can be distributed across Linux environments. Images that have been distributed can be used to instantiate containers where applications can run in isolation from other applications running in other containers on the same host operating system.

You can deploy OIG images in the following ways:

1. Download a prebuilt OIG image from Oracle Container Registry by navigating to Middleware >oig_cpu. This image is prebuilt by Oracle and includes Oracle Identity Governance 12.2.1.4.0, the latest Patch Set Update (PSU) and other fixes released with the Critical Patch Update (CPU) program

2. Build your own OIG image using the WebLogic Image Tool or by using the dockerfile, scripts and base images from Oracle Container Registry (OCR). You can also build your own image by using only the dockerfile and scripts. For more information about the various ways in which you can build your own container image, see Building the OIG Image.

Before following this tutorial, the OIG image must be installed in the Docker images repository using one of these methods. Instructions for all these methods are found in the links referenced above.

The OIG image is designed to be used for the following OIG containers:

• Weblogic Administration Server (AdminServer)
• SOA Managed Server (soa_server1)
• OIG Managed Server (oim_server1)

What Do You Need?

• An OIG container image installed in the Docker images repository
• A basic understanding of Docker
• Docker-compose 1.25.4 or higher
• A running Oracle Database. The database must be a supported version for OIG as outlined in Oracle Fusion Middleware 12c certifications and must meet the requirements as outlined in About Database Requirements for an Oracle Fusion Middleware Installation. For test purposes only, you can use a Database Docker Container from Oracle Container Registry. If you choose to use a database Docker image it must be installed on the same machine where you intend to run OIG.

Validate the OIG Image

In this section you validate the OIG image is installed in the Docker images repository.

1. Run the following command to make sure the OIG image is installed in the Docker images repository:
   

   $ docker images

   The output will look similar to the following:
   

   REPOSITORY    TAG            IMAGE ID         CREATED       SIZE 
   oig           12.2.1.4.0     b7073c584105     2 days ago    7.88GB

   Make note of the the OIG image name as this is used in the OIG_IMAGE variable in the next section. In this example the image name is oig:12.2.1.4.0

Clone the FMW Repository and Set Variables

In this section you clone the FMW repository from GitHub.

1. Make a work directory to place the OIG Docker files:

   $ mkdir <work directory>

2. Download the OIG Docker files from the FMW Repository by running the following command:
   

   $ cd <work directory>
   $ git clone https://github.com/oracle/docker-images

3. Navigate to the following directory:

   $ cd <work directory>/docker-images/OracleIdentityGovernance

4. The setenv.sh file contains the environment variables that are passed to the YAML scripts used to create the container. Edit the setenv.sh file and update the values of these environment variables with values specific to your own environment:
   
   

   Environment Variable	Description	Default Value	Example
   DC_USERHOME	Docker Host directory where all domain data is kept.	/scratch/${USER} /docker/OIG	/u01/app/docker/OIG
   DC_DB_VERSION	Container DB version* * This only needs to be set when using a DB Docker container for testing.	19.3.0.0-ee	19.3.0.0-ee
   http_proxy	HTTP Proxy details if you have an internal proxy.		http://proxy.example..com
   https_proxy	HTTPS Proxy details if you have an internal proxy.		http://proxy.example..com
   no_proxy			localhost,127.0.0.1,.example.com,/var/run/docker.sock
   DC_HOSTNAME	Docker hostname	hostname -f	mydockerhost.example.com
   DC_ORCL_PORT	DB Port	1521	1521
   DC_ORCL_OEM_PORT	DB OEM Port	5500	5500
   DC_ORCL_SID	Oracle DB Service Name	oimdb	oimdb
   DC_ORCL_PDB	Oracle Pluggable DB Service Name	oimpdb	oimpdb
   DC_ORCL_SYSPWD	DB SYS password		<password>
   DC_ORCL_HOST	DB Hostname	${DC_HOSTNAME}	mydbhost.example.com
   DC_ORCL_DBDATA	DB Data File Location* * This only needs to be set when using a DB Docker container for testing.	${DC_USERHOME}/dbdata	/u01/app/docker /OIG/dbdata
   DC_ADMIN_PWD	WLS Admin Server password		<password>
   OIG_IMAGE	OIG Docker Image Tag	oig:latest	oig:12.2.1.4.0
   DC_RCU_SCHPWD	RCU password		<password>
   DC_RCU_OIMPFX	RCU OIM Prefix	OIM03	MYOIG
   DC_DDIR_OIM	OIG Domain directory	${DC_USERHOME}/oimdomain	/u01/app/docker /OIG/oigdomain

   
   Note: The DC_USERHOME variable must be set to a directory to which the user running the containers has full access (777). The other variables can use the default values, or be amended to a value to meet your specific requirements.
   
   Note: If you are using an external database and are using Service Name rather than SID for your connection details then please update the <work directory>/docker-images/OracleIdentityGovernance/samples/externalDB/docker-compose.yaml
   and set the CONNECTION_STRING parameter using the format
   ${DC_ORCL_HOST}:${DC_ORCL_PORT}/<DB_Service_Name>
   
   An example setenv.sh will look as follows:
   
   

   ...
   #===============================================
   # MUST: Customize this to your local env
   #===============================================
   #
   # Directory where all domains/db data etc are
   # kept. Directories will be created here
   export DC_USERHOME=/u01/app/docker/OIG
   
   # Registry names where requisite standard images
   # can be found
   export DC_REGISTRY_OIG="localhost"
   export DC_REGISTRY_DB="localhost"
   
   # Proxy Environment
   export http_proxy=http://proxy.example.com:80
   export https_proxy=http://proxy.example.com:80
   export no_proxy=""
   
   #===============================================
   exportComposeEnv() {
     #
     export DC_HOSTNAME=`hostname -f`
     #
     # Used by Docker Compose from the env
     # Oracle DB Parameters
     #
     export DC_ORCL_PORT=1521
     export DC_ORCL_OEM_PORT=5500
     export DC_ORCL_SID=oimdb
     export DC_ORCL_PDB=oimpdb
     export DC_ORCL_SYSPWD=<password>
     export DC_ORCL_HOST=${DC_HOSTNAME}
     #
     export DC_ORCL_DBDATA=/u01/app/docker/OIG/dbdata
     #
     # AdminServer Password
     #
     export DC_ADMIN_PWD=<password>
     export OIG_IMAGE=oig:12.2.1.4.0
     #
     # RCU Common password for all schemas + Prefix Names
     #
     export DC_RCU_SCHPWD=<password>
     export DC_RCU_OIMPFX=MYOIG
     #
     # Domain directories for the various domain types
     #
     export DC_DDIR_OIM=/u01/app/docker/OIG/oimdomain
   }
   
   #===============================================
   createDirs() {
     mkdir -p  ${DC_DDIR_OIM}
     chmod 777  ${DC_DDIR_OIM}
     mkdir -p ${DC_ORCL_DBDATA}
     chmod 777 ${DC_ORCL_DBDATA}
   }
   
   #===============================================
   #== MAIN starts here
   #===============================================
   #
   echo "INFO: Setting up OIM Docker Environment..."
   exportComposeEnv
   createDirs
   echo "INFO: Environment variables"
   env | grep -e "DC_" | sort                          

5. Execute the setenv.sh script to set the variables:
   
   

   $ cd <work directory>/docker-images/OracleIdentityGovernance
   $ . ./setenv.sh           

   The output will look similar to the following:
   

   INFO: Setting up OIM Docker Environment...
   INFO: Environment variables
   DC_ADMIN_PWD=<password>
   DC_DDIR_OIM=/u01/app/docker/OIG/oigdomain
   DC_HOSTNAME=host.example.com
   DC_ORCL_DBDATA=/u01/app/docker/OIG/dbdata
   DC_ORCL_HOST=host.example.com
   DC_ORCL_OEM_PORT=5500
   DC_ORCL_PDB=oimpdb
   DC_ORCL_PORT=1521
   DC_ORCL_SID=oimdb
   DC_ORCL_SYSPWD=<password>
   DC_RCU_OIMPFX=OIGRH
   DC_RCU_SCHPWD=<password>
   DC_REGISTRY_DB=localhost
   DC_REGISTRY_OIG=localhost
   DC_USERHOME=/u01/app/docker/OIG
   $                            

Start the Database Docker Container

Note: This section should only be followed if using a Database Docker container for testing purposes. If using an external database move to the next section.

1. Tag your database Docker image with localhost/oracle/database:{$DC_DB_VERSION}. For example, if using a 19.3.0.0 database the docker tag command is:

   docker tag container-registry.oracle.com/database/enterprise:19.3.0.0 localhost/oracle/database:19.3.0.0-ee

2. Navigate to the samples/containerizedDB directory:

   $ cd <work directory>/docker-images/OracleIdentityGovernance/samples/containerizedDB

3. Run the following command to start the container database:

   $ docker-compose up -d oimdb

   The output will look similar to the following:

   Creating oimadmin ... done

4. Run the following command to make sure the container is starting:

   $ docker ps

   The output should look similar to the following:

   CONTAINER ID        IMAGE                                   COMMAND                  CREATED              STATUS                                 PORTS                                            NAMES
   092862688dae        localhost/oracle/database:19.3.0.0-ee   "/bin/sh -c '/bin/ba…"   About a minute ago   Up About a minute (health: starting)   0.0.0.0:1521->1521/tcp, 0.0.0.0:5500->5500/tcp   oimdb

   Run docker ps again until the status says healthy:

   CONTAINER ID        IMAGE                                   COMMAND                  CREATED             STATUS                   PORTS                                            NAMES
   092862688dae        localhost/oracle/database:19.3.0.0-ee   "/bin/sh -c '/bin/ba…"   15 minutes ago       Up 5 minutes (healthy)   0.0.0.0:1521->1521/tcp, 0.0.0.0:5500->5500/tcp   oimdb

   Note: It may take around 15 minutes for the database to start. While the container is in (health: starting) status, you can check the log using the following command:
   
   

   $ docker logs -f oimdb

   Once the database is started you should see something similar to:
   
   

   ########################
   DATABASE IS READY TO USE!
   ######################### 

5. The database is created with the password specified earlier for the environment variable DC_ORCL_SYSPWD.
   

Create and Run the OIG WebLogic AdminServer Container

In this section you create and run the OIG WebLogic AdminServer Container.

1. Navigate to the <work directory>/docker-images/OracleIdentityGovernance/samples/containerizedDB if using a container database or to <work directory>/docker-images/OracleIdentityGovernance/samples/externalDB/if using an external database.
2. Run the docker-compose command to create the AdminServer container:

   $ docker-compose up -d oimadmin

   The output will look similar to the following:

   Starting oimadmin ... done

3. Run the following command to make sure the container is starting:

   $ docker ps

   The output should look similar to the following:

   CONTAINER ID   IMAGE                   COMMAND                  CREATED         STATUS                           PORTS                   NAME
   3e875049b602   oracle/oig:12.2.1.4.0   "/bin/bash -c 'sleep…"   6 seconds ago   Up 5 seconds (health: starting)  0.0.0.0:7001->7001/tcp  oimadmin

4. Run the following command to tail the log and check the status of the container creation:

   $ docker logs -f oimadmin

   Once you see the following, the AdminServer is started:

   INFO: Starting the Admin Server...
   INFO: Logs = /u01/oracle/user_projects/domains/base_domain/logs/as.log
       
   INFO: Admin server is running
   INFO: Admin server running, ready to start managed server

   If the creation fails and you see the following error in the logs:

   Processing command line ....
   Invalid SID or Service name.
   Enter valid SID or Service name.
   
   ERROR - RCU-6090 Connection step validation failed.
   CAUSE - RCU-6090 Skipping main operation: failed to connect to database because database details were missing or invalid.
   ACTION - RCU-6090 Provide correct database details and try again.
   ERROR: RCU Loading Failed. Check the RCU logs

   edit the <work directory>/docker-images/OracleIdentityGovernance/samples/containerizedDB/docker-compose.yaml and change CONNECTION_STRING=${DC_ORCL_HOST}:${DC_ORCL_PORT}/${DC_ORCL_PDB} to CONNECTION_STRING=oimdb:${DC_ORCL_PORT}/${DC_ORCL_PDB}. Then execute the docker compose command again.

Create and Run the SOA Managed Server Container

In this section you create and run the SOA Managed Server Container.

1. Run the docker-compose command to create the SOA Managed Server container:

   $ docker-compose up -d soams

   The output will look similar to the following:

   oimadmin is up-to-date
   Creating soams ... done
   

2. Run the following command to make sure the container is starting:

   $ docker ps

   The output should look similar to the following:

   CONTAINER ID    IMAGE           COMMAND                  CREATED          STATUS                            PORTS                             NAMES
   8d97016d3a64    oig:12.2.1.4.0  "/bin/bash -c /u01/o…"   17 seconds ago   Up 15 seconds (health: starting)  0.0.0.0:8001-8003->8001-8003/tcp  soams
   3e875049b602    oig:12.2.1.4.0  "/bin/bash -c 'sleep…"   17 hours ago     Up 19 minutes                     0.0.0.0:7001->7001/tcp            oimadmin

3. Run the following command to tail the log and check the status of the container creation:

   $ docker logs -f soams

   Once you see the following, the SOA Managed Server is started:

   INFO: Waiting for the Managed Server to accept requests...
   SOA Platform is running and accepting requests. Start up took 183753 ms, partition=DOMAIN
   INFO: Managed Server is running
   INFO: Managed server has been started
   

Create and Run the OIM Managed Server Container

In this section you create and run the OIM Managed Server Container.

1. Run the docker-compose command to create the OIM Managed Server container:

   $ docker-compose up -d oimms

   The output will look similar to the following:

   oimadmin is up-to-date
   Creating oimms ... done
   

2. Run the following command to make sure the container is starting:

   $ docker ps

   The output should look similar to the following:

   CONTAINER ID    IMAGE              COMMAND                  CREATED              STATUS                               PORTS                                 NAMES
   ea224afeaa98    oig:12.2.1.4.0    "/bin/bash -c /u01/o…"   About a minute ago   Up 58 seconds (health: starting)      0.0.0.0:14000-14002->14000-14002/tcp   oimms
   8d97016d3a64    oig:12.2.1.4.0    "/bin/bash -c /u01/o…"   About an hour ago    Up About an hour                      0.0.0.0:8001-8003->8001-8003/tcp       soams
   3e875049b602    oig:12.2.1.4.0    "/bin/bash -c 'sleep…"   18 hours ago         Up About an hour                      0.0.0.0:7001->7001/tcp                 oimadmin

3. Run the following command to tail the log and check the status of the container creation:

   $ docker logs -f oimms

   Once you see the following, the OIM Managed Server is started:

   INFO: Starting the managed server oim_server1
   INFO: Waiting for the Managed Server to accept requests...
       
   INFO: Managed Server is running
   INFO: Managed server has been started
   INFO: Running SOA Mbean
   INFO: OIM SOA Integration Mbean executed successfully.

Validating the OIG Services

In this section you validate that OIG is running and functioning.

1. Launch a browser and access the following URL's for the container. Login with weblogic/<password>
   

   Console or Page	URL	Login Details
   WebLogic Administration Console	http://<hostname>:7001/console	weblogic/<password>
   Oracle Enterprise Manager Console	http://<hostname>:7001/em	weblogic/<password>
   Oracle SOA Platform	http://<hostname>:8001/soa-infra	weblogic/<password>
   Oracle Identity Self Service Console	http://<hostname>:14000/identity	xelsysadm/<password>
   Oracle Identity System Administration Console	http://<hostname>:14000/sysadmin	xelsysadm/<password>

   
   Note: Do not use WebLogic Administration Console or Oracle Enterprise Manager Console to stop and start the AdminServer, SOA and OIG Managed Servers. Use the commands in section Stopping and Starting Servers.
   

Stopping and Starting Servers

In this section you learn how to stop and start the OIG AdminServer, SOA Managed Server, OIG Managed Server. You also learn how to stop the database if using a container database.

1. Execute the setenv.sh script to set the variables:
   
   

   $ cd <work directory>/docker-images/OracleIdentityGovernance
   $ . ./setenv.sh         

2. Navigate to the <work directory>/docker-images/OracleIdentityGovernance/samples/containerizedDB if using a container database or to <work directory>/docker-images/OracleIdentityGovernance/samples/externalDB/if using an external database.
3. To stop the servers run the following commands:
   

   $ docker-compose stop oimms
   $ docker-compose stop soams
   $ docker-compose stop oimadmin
   

   If using a container database, stop the database with the following command:
   

   $ docker-compose stop oimdb                        

4. If using a container database, restart the database using the following command:
   

   $ docker-compose start oimdb

   Run the following command to tail the log and check the status of the database startup:

   $ docker logs -f oimdb

   Make sure the database is started before continuing.
5. Run the following commands to start the OIG AdminServer and check its status:
   

   $ docker-compose start oimadmin
   $ docker logs -f oimadmin 

   Make sure the OIG Admin Server is started before continuing.
6. Run the following commands to start the SOA Managed Server and check its status:
   

   $ docker-compose start soams
   $ docker logs -f soams 

   Make sure the SOA Managed Server is started before continuing.
   
7. Run the following commands to start the OIG Managed Server and check its status:
   

   $ docker-compose start oimms
   $ docker logs -f oimms  

Removing an OIG Docker Setup

If you need to remove an OIG Docker setup perform the following steps:

1. Run the following command to stop the OIG containers:
   

   $ docker stop oimms soams oimadmin

   Note: If using a database Docker container then add oimdb to the end of the command.
2. Remove the OIG containers using the following command:
   

   $ docker rm oimms soams oimadmin

   Note: If using a database Docker container then add oimdb to the end of the command.
3. Remove all the directories from the $DC_USERHOME directory (from setenv.sh), for example:
   

   $ sudo rm -rf /u01/app/docker/OIG/*

   If using an external database and want to create a new environment, make sure you use a different DC_RCU_OIMPFX in the setenv.sh.

Want to Learn More?

Oracle Identity Governance

Feedback

To provide feedback on this tutorial, please contact Identity Management User Assistance.