Before You Begin
This tutorial shows you how to create and configure Oracle Identity Governance (OIG) 12.2.1.4.0 Docker containers.
Background
Docker is a platform that enables users to build, package, ship and run distributed applications. Docker users package up their applications, and any dependent libraries or files, into a Docker image.
Docker images are portable artifacts that can be distributed across Linux environments. Images that have been distributed can be used to instantiate containers where applications can run in isolation from other applications running in other containers on the same host operating system.
You can deploy OIG images in the following ways:
1. Download a prebuilt OIG image from Oracle Container Registry by navigating to Middleware >oig_cpu. This image is prebuilt by Oracle and includes Oracle Identity Governance 12.2.1.4.0, the latest Patch Set Update (PSU) and other fixes released with the Critical Patch Update (CPU) program
2. Build your own OIG image using the WebLogic Image Tool or by using the dockerfile, scripts and base images from Oracle Container Registry (OCR). You can also build your own image by using only the dockerfile and scripts. For more information about the various ways in which you can build your own container image, see Building the OIG Image.
Before following this tutorial, the OIG image must be installed in the Docker images repository using one of these methods. Instructions for all these methods are found in the links referenced above.
The OIG image is designed to be used for the following OIG containers:
- Weblogic Administration Server (
AdminServer
) - SOA Managed Server (
soa_server1
) - OIG Managed Server (
oim_server1
)
What Do You Need?
- An OIG container image installed in the Docker images repository
- A basic understanding of Docker
- Docker-compose 1.25.4 or higher
- A running Oracle Database. The database must be a supported version for OIG as outlined in Oracle Fusion Middleware 12c certifications and must meet the requirements as outlined in About Database Requirements for an Oracle Fusion Middleware Installation. For test purposes only, you can use a Database Docker Container from Oracle Container Registry. If you choose to use a database Docker image it must be installed on the same machine where you intend to run OIG.
Validate the OIG Image
In this section you validate the OIG image is installed in the Docker images repository.
- Run the following command to make sure the OIG image is installed in the Docker images repository:
The output will look similar to the following:$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Make note of the the OIG image name as this is used in the
oigOIG_IMAGE
variable in the next section. In this example the image name isoig:12.2.1.4.0
Clone the FMW Repository and Set Variables
In this section you clone the FMW repository from GitHub.
Make a work directory to place the OIG Docker files:
$ mkdir <work directory>
- Download the OIG Docker files from the FMW Repository by running the following command:
$ cd <work directory>
$ git clone https://github.com/oracle/docker-images Navigate to the following directory:
$ cd <work directory>/docker-images/OracleIdentityGovernance
- The
setenv.sh
file contains the environment variables that are passed to the YAML scripts used to create the container. Edit thesetenv.sh
file and update the values of these environment variables with values specific to your own environment:
Environment Variable Description Default Value Example DC_USERHOME Docker Host directory where all domain data is kept. /scratch/${USER}
/docker/OIG/u01/app/docker/OIG DC_DB_VERSION Container DB version*
* This only needs to be set when using a DB Docker container for testing.
19.3.0.0-ee 19.3.0.0-ee http_proxy HTTP Proxy details if you have an internal
proxy.http://proxy.example..com https_proxy HTTPS Proxy details if you have an internal
proxy.http://proxy.example..com no_proxy localhost,127.0.0.1,.example.com,/var/run/docker.sock DC_HOSTNAME Docker hostname hostname -f mydockerhost.example.com DC_ORCL_PORT DB Port 1521 1521 DC_ORCL_OEM_PORT DB OEM Port 5500 5500 DC_ORCL_SID Oracle DB Service Name oimdb oimdb DC_ORCL_PDB Oracle Pluggable DB Service Name oimpdb oimpdb DC_ORCL_SYSPWD DB SYS password <password> DC_ORCL_HOST DB Hostname ${DC_HOSTNAME} mydbhost.example.com DC_ORCL_DBDATA DB Data File Location*
* This only needs to be set when using a DB Docker container for testing.
${DC_USERHOME}/dbdata /u01/app/docker
/OIG/dbdataDC_ADMIN_PWD WLS Admin Server password <password> OIG_IMAGE OIG Docker Image Tag oig:latest oig:12.2.1.4.0 DC_RCU_SCHPWD RCU password <password> DC_RCU_OIMPFX RCU OIM Prefix OIM03 MYOIG DC_DDIR_OIM OIG Domain directory ${DC_USERHOME}/oimdomain /u01/app/docker
/OIG/oigdomain
Note: TheDC_USERHOME
variable must be set to a directory to which the user running the containers has full access (777). The other variables can use the default values, or be amended to a value to meet your specific requirements.
Note: If you are using an external database and are using Service Name rather than SID for your connection details then please update the<work directory>/docker-images/OracleIdentityGovernance/samples/externalDB/docker-compose.yaml
and set theCONNECTION_STRING
parameter using the format
${DC_ORCL_HOST}:${DC_ORCL_PORT}/<DB_Service_Name>
An examplesetenv.sh
will look as follows:
... #=============================================== # MUST: Customize this to your local env #=============================================== # # Directory where all domains/db data etc are # kept. Directories will be created here export DC_USERHOME=/u01/app/docker/OIG # Registry names where requisite standard images # can be found export DC_REGISTRY_OIG="localhost" export DC_REGISTRY_DB="localhost" # Proxy Environment export http_proxy=http://proxy.example.com:80 export https_proxy=http://proxy.example.com:80 export no_proxy="" #=============================================== exportComposeEnv() { # export DC_HOSTNAME=`hostname -f` # # Used by Docker Compose from the env # Oracle DB Parameters # export DC_ORCL_PORT=1521 export DC_ORCL_OEM_PORT=5500 export DC_ORCL_SID=oimdb export DC_ORCL_PDB=oimpdb export DC_ORCL_SYSPWD=<password> export DC_ORCL_HOST=${DC_HOSTNAME} # export DC_ORCL_DBDATA=/u01/app/docker/OIG/dbdata # # AdminServer Password # export DC_ADMIN_PWD=<password> export OIG_IMAGE=oig:12.2.1.4.0 # # RCU Common password for all schemas + Prefix Names # export DC_RCU_SCHPWD=<password> export DC_RCU_OIMPFX=MYOIG
#
# Domain directories for the various domain types
#
export DC_DDIR_OIM=/u01/app/docker/OIG/oimdomain }
#=============================================== createDirs() { mkdir -p ${DC_DDIR_OIM} chmod 777 ${DC_DDIR_OIM} mkdir -p ${DC_ORCL_DBDATA} chmod 777 ${DC_ORCL_DBDATA} } #=============================================== #== MAIN starts here #=============================================== # echo "INFO: Setting up OIM Docker Environment..." exportComposeEnv createDirs echo "INFO: Environment variables" env | grep -e "DC_" | sort - Execute the
setenv.sh
script to set the variables:
The output will look similar to the following:$ cd
<work directory>/docker-images/OracleIdentityGovernance
$ . ./setenv.sh
INFO: Setting up OIM Docker Environment...
INFO: Environment variables
DC_ADMIN_PWD=<password>
DC_DDIR_OIM=/u01/app/docker/OIG/oigdomain
DC_HOSTNAME=host.example.com
DC_ORCL_DBDATA=/u01/app/docker/OIG/dbdata
DC_ORCL_HOST=host.example.com
DC_ORCL_OEM_PORT=5500
DC_ORCL_PDB=oimpdb
DC_ORCL_PORT=1521
DC_ORCL_SID=oimdb
DC_ORCL_SYSPWD=<password>
DC_RCU_OIMPFX=OIGRH
DC_RCU_SCHPWD=<password>
DC_REGISTRY_DB=localhost
DC_REGISTRY_OIG=localhost
DC_USERHOME=/u01/app/docker/OIG
$
Start the Database Docker Container
Note: This section should only be followed if using a Database Docker container for testing purposes. If using an external database move to the next section.
- Tag your database Docker image with
localhost/oracle/database:{$DC_DB_VERSION}
. For example, if using a 19.3.0.0 database thedocker tag
command is:docker tag container-registry.oracle.com/database/enterprise:19.3.0.0 localhost/oracle/database:19.3.0.0-ee
- Navigate to the
samples/containerizedDB
directory:$ cd
<work directory>/docker-images/OracleIdentityGovernance
/samples/containerizedDB
- Run the following command to start the container database:
The output will look similar to the following:$ docker-compose up -d oimdb
Creating oimadmin ... done
- Run the following command to make sure the container is starting:
The output should look similar to the following:$ docker ps
RunCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 092862688dae localhost/oracle/database:19.3.0.0-ee "/bin/sh -c '/bin/ba…" About a minute ago Up About a minute (health: starting) 0.0.0.0:1521->1521/tcp, 0.0.0.0:5500->5500/tcp oimdb
docker ps
again until the status says healthy:
Note: It may take around 15 minutes for the database to start. While the container is in (health: starting) status, you can check the log using the following command:CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 092862688dae localhost/oracle/database:19.3.0.0-ee "/bin/sh -c '/bin/ba…" 15 minutes ago Up 5 minutes (healthy) 0.0.0.0:1521->1521/tcp, 0.0.0.0:5500->5500/tcp oimdb
Once the database is started you should see something similar to:$ docker logs -f oimdb
########################
DATABASE IS READY TO USE!
######################### - The database is created with the password specified earlier for the environment variable DC_ORCL_SYSPWD.
Create and Run the OIG WebLogic AdminServer Container
In this section you create and run the OIG WebLogic AdminServer Container.
- Navigate to the
<work directory>/docker-images/OracleIdentityGovernance
/samples/containerizedDB
if using a container database or to<work directory>/docker-images/OracleIdentityGovernance
/samples/externalDB/
if using an external database. - Run the
docker-compose
command to create the AdminServer container:$ docker-compose up -d oimadmin
The output will look similar to the following:Starting oimadmin ... done
- Run the following command to make sure the container is starting:
The output should look similar to the following:$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAME 3e875049b602 oracle/oig:12.2.1.4.0 "/bin/bash -c 'sleep…" 6 seconds ago Up 5 seconds (health: starting) 0.0.0.0:7001->7001/tcp oimadmin
- Run the following command to tail the log and check the status of the container creation:
Once you see the following, the AdminServer is started:$ docker logs -f oimadmin
If the creation fails and you see the following error in the logs:INFO: Starting the Admin Server... INFO: Logs = /u01/oracle/user_projects/domains/base_domain/logs/as.log
INFO: Admin server is running INFO: Admin server running, ready to start managed server
edit theProcessing command line .... Invalid SID or Service name. Enter valid SID or Service name. ERROR - RCU-6090 Connection step validation failed. CAUSE - RCU-6090 Skipping main operation: failed to connect to database because database details were missing or invalid. ACTION - RCU-6090 Provide correct database details and try again. ERROR: RCU Loading Failed. Check the RCU logs
<work directory>/docker-images/OracleIdentityGovernance
/samples/containerizedDB/docker-compose.yaml
and changeCONNECTION_STRING=${DC_ORCL_HOST}:${DC_ORCL_PORT}/${DC_ORCL_PDB}
toCONNECTION_STRING=oimdb:${DC_ORCL_PORT}/${DC_ORCL_PDB}.
Then execute thedocker compose
command again.
Create and Run the SOA Managed Server Container
In this section you create and run the SOA Managed Server Container.
- Run the
docker-compose
command to create the SOA Managed Server container:$ docker-compose up -d soams
The output will look similar to the following:oimadmin is up-to-date
Creating soams ... done - Run the following command to make sure the container is starting:
The output should look similar to the following:$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8d97016d3a64 oig:12.2.1.4.0 "/bin/bash -c /u01/o…" 17 seconds ago Up 15 seconds (health: starting) 0.0.0.0:8001-8003->8001-8003/tcp soams 3e875049b602 oig:12.2.1.4.0 "/bin/bash -c 'sleep…" 17 hours ago Up 19 minutes 0.0.0.0:7001->7001/tcp oimadmin
- Run the following command to tail the log and check the status of the container creation:
Once you see the following, the SOA Managed Server is started:$ docker logs -f soams
INFO: Waiting for the Managed Server to accept requests...
SOA Platform is running and accepting requests. Start up took 183753 ms, partition=DOMAIN
INFO: Managed Server is running
INFO: Managed server has been started
Create and Run the OIM Managed Server Container
In this section you create and run the OIM Managed Server Container.
- Run the
docker-compose
command to create the OIM Managed Server container:$ docker-compose up -d oimms
The output will look similar to the following:oimadmin is up-to-date
Creating oimms ... done - Run the following command to make sure the container is starting:
The output should look similar to the following:$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ea224afeaa98 oig:12.2.1.4.0 "/bin/bash -c /u01/o…" About a minute ago Up 58 seconds (health: starting) 0.0.0.0:14000-14002->14000-14002/tcp oimms 8d97016d3a64 oig:12.2.1.4.0 "/bin/bash -c /u01/o…" About an hour ago Up About an hour 0.0.0.0:8001-8003->8001-8003/tcp soams 3e875049b602 oig:12.2.1.4.0 "/bin/bash -c 'sleep…" 18 hours ago Up About an hour 0.0.0.0:7001->7001/tcp oimadmin
- Run the following command to tail the log and check the status of the container creation:
Once you see the following, the OIM Managed Server is started:$ docker logs -f oimms
INFO: Starting the managed server oim_server1 INFO: Waiting for the Managed Server to accept requests...
INFO: Managed Server is running INFO: Managed server has been started INFO: Running SOA Mbean INFO: OIM SOA Integration Mbean executed successfully.
Validating the OIG Services
In this section you validate that OIG is running and functioning.
- Launch a browser and access the following URL's for the container. Login with weblogic/<password>
Console or Page URL Login Details WebLogic Administration Console http://<hostname>:7001/console
weblogic/<password> Oracle Enterprise Manager Console http://<hostname>:7001/em
weblogic/<password> Oracle SOA Platform http://<hostname>:8001/soa-infra
weblogic/<password> Oracle Identity Self Service Console http://<hostname>:14000/identity
xelsysadm/<password> Oracle Identity System Administration Console http://<hostname>:14000/sysadmin
xelsysadm/<password>
Note: Do not use WebLogic Administration Console or Oracle Enterprise Manager Console to stop and start the AdminServer, SOA and OIG Managed Servers. Use the commands in section Stopping and Starting Servers.
Stopping and Starting Servers
In this section you learn how to stop and start the OIG AdminServer, SOA Managed Server, OIG Managed Server. You also learn how to stop the database if using a container database.
- Execute the
setenv.sh
script to set the variables:
$ cd
<work directory>/docker-images/OracleIdentityGovernance
$ . ./setenv.sh - Navigate to the
<work directory>/docker-images/OracleIdentityGovernance
/samples/containerizedDB
if using a container database or to<work directory>/docker-images/OracleIdentityGovernance
/samples/externalDB/
if using an external database. - To stop the servers run the following commands:
If using a container database, stop the database with the following command:$ docker-compose stop oimms
$ docker-compose stop soams
$ docker-compose stop oimadmin
$ docker-compose stop oimdb
- If using a container database, restart the database using the following command:
Run the following command to tail the log and check the status of the database startup:$
docker-compose start oimdb
Make sure the database is started before continuing.$ docker logs -f oimdb
- Run the following commands to start the OIG AdminServer and check its status:
Make sure the OIG Admin Server is started before continuing.$
docker-compose start oimadmin$ docker logs -f oimadmin
- Run the following commands to start the SOA Managed Server and check its status:
Make sure the SOA Managed Server is started before continuing.$
docker-compose start soams$ docker logs -f soam
s
- Run the following commands to start the OIG Managed Server and check its status:
$
docker-compose start oimms$ docker logs -f oimms
Removing an OIG Docker Setup
If you need to remove an OIG Docker setup perform the following steps:
- Run the following command to stop the OIG containers:
Note: If using a database Docker container then add$ docker stop
oimms
soams oimadminoimdb
to the end of the command. - Remove the OIG containers using the following command:
Note: If using a database Docker container then add$ docker rm
oimms
soams oimadminoimdb
to the end of the command. - Remove all the directories from the
$DC_USERHOME
directory (fromsetenv.sh
), for example:
If using an external database and want to create a new environment, make sure you use a different$ sudo rm -rf
/u01/app/docker/OIG
/*DC_RCU_OIMPFX
in thesetenv.sh
.
Want to Learn More?
Feedback
To provide feedback on this tutorial, please contact Identity Management User Assistance.