Oracle by Example brandingCreating Oracle Identity Governance Docker Containers

section 0Before You Begin

This tutorial shows you how to create and configure Oracle Identity Governance (OIG) 12.2.1.4.0 Docker containers.

Background

Docker is a platform that enables users to build, package, ship and run distributed applications. Docker users package up their applications, and any dependent libraries or files, into a Docker image.

Docker images are portable artifacts that can be distributed across Linux environments. Images that have been distributed can be used to instantiate containers where applications can run in isolation from other applications running in other containers on the same host operating system.

You can deploy OIG images in the following ways:

1. Download a prebuilt OIG image from Oracle Container Registry by navigating to Middleware >oig_cpu. This image is prebuilt by Oracle and includes Oracle Identity Governance 12.2.1.4.0, the latest Patch Set Update (PSU) and other fixes released with the Critical Patch Update (CPU) program

2. Build your own OIG image using the WebLogic Image Tool or by using the dockerfile, scripts and base images from Oracle Container Registry (OCR). You can also build your own image by using only the dockerfile and scripts. For more information about the various ways in which you can build your own container image, see Building the OIG Image.

Before following this tutorial, the OIG image must be installed in the Docker images repository using one of these methods. Instructions for all these methods are found in the links referenced above.

The OIG image is designed to be used for the following OIG containers:

  • Weblogic Administration Server (AdminServer)
  • SOA Managed Server (soa_server1)
  • OIG Managed Server (oim_server1)

What Do You Need?


section 1Validate the OIG Image

In this section you validate the OIG image is installed in the Docker images repository.

  1. Run the following command to make sure the OIG image is installed in the Docker images repository:
    $ docker images
    The output will look similar to the following:
    REPOSITORY    TAG            IMAGE ID         CREATED       SIZE 
    oig 12.2.1.4.0 b7073c584105 2 days ago 7.88GB
    Make note of the the OIG image name as this is used in the OIG_IMAGE variable in the next section. In this example the image name is oig:12.2.1.4.0

section 2Clone the FMW Repository and Set Variables

In this section you clone the FMW repository from GitHub.

  1. Make a work directory to place the OIG Docker files:

    $ mkdir <work directory>
  2. Download the OIG Docker files from the FMW Repository by running the following command:
    $ cd <work directory>
    $ git clone https://github.com/oracle/docker-images
  3. Navigate to the following directory:
    $ cd <work directory>/docker-images/OracleIdentityGovernance
  4. The setenv.sh file contains the environment variables that are passed to the YAML scripts used to create the container. Edit the setenv.sh file and update the values of these environment variables with values specific to your own environment:

    Environment Variable Description Default Value Example
    DC_USERHOME Docker Host directory where all domain data is kept. /scratch/${USER}
    /docker/OIG
    /u01/app/docker/OIG
    DC_DB_VERSION

    Container DB version*

    * This only needs to be set when using a DB Docker container for testing.

    19.3.0.0-ee 19.3.0.0-ee
    http_proxy HTTP Proxy details if you have an internal
    proxy.
      http://proxy.example..com
    https_proxy HTTPS Proxy details if you have an internal
    proxy.
      http://proxy.example..com
    no_proxy     localhost,127.0.0.1,.example.com,/var/run/docker.sock
    DC_HOSTNAME Docker hostname hostname -f mydockerhost.example.com
    DC_ORCL_PORT DB Port 1521 1521
    DC_ORCL_OEM_PORT DB OEM Port 5500 5500
    DC_ORCL_SID Oracle DB Service Name oimdb oimdb
    DC_ORCL_PDB Oracle Pluggable DB Service Name oimpdb oimpdb
    DC_ORCL_SYSPWD DB SYS password   <password>
    DC_ORCL_HOST DB Hostname ${DC_HOSTNAME} mydbhost.example.com
    DC_ORCL_DBDATA

    DB Data File Location*

    * This only needs to be set when using a DB Docker container for testing.

    ${DC_USERHOME}/dbdata /u01/app/docker
    /OIG/dbdata
    DC_ADMIN_PWD WLS Admin Server password   <password>
    OIG_IMAGE OIG Docker Image Tag oig:latest oig:12.2.1.4.0
    DC_RCU_SCHPWD RCU password   <password>
    DC_RCU_OIMPFX RCU OIM Prefix OIM03 MYOIG
    DC_DDIR_OIM OIG Domain directory ${DC_USERHOME}/oimdomain /u01/app/docker
    /OIG/oigdomain

    Note: The DC_USERHOME variable must be set to a directory to which the user running the containers has full access (777). The other variables can use the default values, or be amended to a value to meet your specific requirements.

    Note: If you are using an external database and are using Service Name rather than SID for your connection details then please update the <work directory>/docker-images/OracleIdentityGovernance/samples/externalDB/docker-compose.yaml
    and set the CONNECTION_STRING parameter using the format
    ${DC_ORCL_HOST}:${DC_ORCL_PORT}/<DB_Service_Name>

    An example setenv.sh will look as follows:

    ...
    #===============================================
    # MUST: Customize this to your local env
    #===============================================
    #
    # Directory where all domains/db data etc are
    # kept. Directories will be created here
    export DC_USERHOME=/u01/app/docker/OIG
    
    # Registry names where requisite standard images
    # can be found
    export DC_REGISTRY_OIG="localhost"
    export DC_REGISTRY_DB="localhost"
    
    # Proxy Environment
    export http_proxy=http://proxy.example.com:80
    export https_proxy=http://proxy.example.com:80
    export no_proxy=""
    
    #===============================================
    exportComposeEnv() {
      #
      export DC_HOSTNAME=`hostname -f`
      #
      # Used by Docker Compose from the env
      # Oracle DB Parameters
      #
      export DC_ORCL_PORT=1521
      export DC_ORCL_OEM_PORT=5500
      export DC_ORCL_SID=oimdb
      export DC_ORCL_PDB=oimpdb
      export DC_ORCL_SYSPWD=<password>
      export DC_ORCL_HOST=${DC_HOSTNAME}
      #
      export DC_ORCL_DBDATA=/u01/app/docker/OIG/dbdata
      #
      # AdminServer Password
      #
      export DC_ADMIN_PWD=<password>
      export OIG_IMAGE=oig:12.2.1.4.0
      #
      # RCU Common password for all schemas + Prefix Names
      #
      export DC_RCU_SCHPWD=<password>
      export DC_RCU_OIMPFX=MYOIG
    #
    # Domain directories for the various domain types
    #
    export DC_DDIR_OIM=/u01/app/docker/OIG/oimdomain }
    #=============================================== createDirs() { mkdir -p ${DC_DDIR_OIM} chmod 777 ${DC_DDIR_OIM} mkdir -p ${DC_ORCL_DBDATA} chmod 777 ${DC_ORCL_DBDATA} } #=============================================== #== MAIN starts here #=============================================== # echo "INFO: Setting up OIM Docker Environment..." exportComposeEnv createDirs echo "INFO: Environment variables" env | grep -e "DC_" | sort
  5. Execute the setenv.sh script to set the variables:

    $ cd <work directory>/docker-images/OracleIdentityGovernance
    $ . ./setenv.sh
    The output will look similar to the following:
    INFO: Setting up OIM Docker Environment...
    INFO: Environment variables
    DC_ADMIN_PWD=<password>
    DC_DDIR_OIM=/u01/app/docker/OIG/oigdomain
    DC_HOSTNAME=host.example.com
    DC_ORCL_DBDATA=/u01/app/docker/OIG/dbdata
    DC_ORCL_HOST=host.example.com
    DC_ORCL_OEM_PORT=5500
    DC_ORCL_PDB=oimpdb
    DC_ORCL_PORT=1521
    DC_ORCL_SID=oimdb
    DC_ORCL_SYSPWD=<password>
    DC_RCU_OIMPFX=OIGRH
    DC_RCU_SCHPWD=<password>
    DC_REGISTRY_DB=localhost
    DC_REGISTRY_OIG=localhost
    DC_USERHOME=/u01/app/docker/OIG
    $


section 3Start the Database Docker Container

Note: This section should only be followed if using a Database Docker container for testing purposes. If using an external database move to the next section.

  1. Tag your database Docker image with localhost/oracle/database:{$DC_DB_VERSION}. For example, if using a 19.3.0.0 database the docker tag command is:
    docker tag container-registry.oracle.com/database/enterprise:19.3.0.0 localhost/oracle/database:19.3.0.0-ee
  2. Navigate to the samples/containerizedDB directory:
    $ cd <work directory>/docker-images/OracleIdentityGovernance/samples/containerizedDB
  3. Run the following command to start the container database:
    $ docker-compose up -d oimdb
    The output will look similar to the following:
    Creating oimadmin ... done
  4. Run the following command to make sure the container is starting:
    $ docker ps
    The output should look similar to the following:
    CONTAINER ID        IMAGE                                   COMMAND                  CREATED              STATUS                                 PORTS                                            NAMES
    092862688dae        localhost/oracle/database:19.3.0.0-ee   "/bin/sh -c '/bin/ba…"   About a minute ago   Up About a minute (health: starting)   0.0.0.0:1521->1521/tcp, 0.0.0.0:5500->5500/tcp   oimdb
    Run docker ps again until the status says healthy:
    CONTAINER ID        IMAGE                                   COMMAND                  CREATED             STATUS                   PORTS                                            NAMES
    092862688dae        localhost/oracle/database:19.3.0.0-ee   "/bin/sh -c '/bin/ba…"   15 minutes ago       Up 5 minutes (healthy)   0.0.0.0:1521->1521/tcp, 0.0.0.0:5500->5500/tcp   oimdb
    Note: It may take around 15 minutes for the database to start. While the container is in (health: starting) status, you can check the log using the following command:

    $ docker logs -f oimdb
    Once the database is started you should see something similar to:

    ########################
    DATABASE IS READY TO USE!
    #########################
  5. The database is created with the password specified earlier for the environment variable DC_ORCL_SYSPWD.


section 4Create and Run the OIG WebLogic AdminServer Container

In this section you create and run the OIG WebLogic AdminServer Container.

  1. Navigate to the <work directory>/docker-images/OracleIdentityGovernance/samples/containerizedDB if using a container database or to <work directory>/docker-images/OracleIdentityGovernance/samples/externalDB/if using an external database.
  2. Run the docker-compose command to create the AdminServer container:
    $ docker-compose up -d oimadmin
    The output will look similar to the following:
    Starting oimadmin ... done
  3. Run the following command to make sure the container is starting:
    $ docker ps
    The output should look similar to the following:
    CONTAINER ID   IMAGE                   COMMAND                  CREATED         STATUS                           PORTS                   NAME
    3e875049b602   oracle/oig:12.2.1.4.0   "/bin/bash -c 'sleep…"   6 seconds ago   Up 5 seconds (health: starting)  0.0.0.0:7001->7001/tcp  oimadmin
  4. Run the following command to tail the log and check the status of the container creation:
    $ docker logs -f oimadmin
    Once you see the following, the AdminServer is started:
    INFO: Starting the Admin Server...
    INFO: Logs = /u01/oracle/user_projects/domains/base_domain/logs/as.log
        
    INFO: Admin server is running
    INFO: Admin server running, ready to start managed server
    If the creation fails and you see the following error in the logs:
    Processing command line ....
    Invalid SID or Service name.
    Enter valid SID or Service name.
    
    ERROR - RCU-6090 Connection step validation failed.
    CAUSE - RCU-6090 Skipping main operation: failed to connect to database because database details were missing or invalid.
    ACTION - RCU-6090 Provide correct database details and try again.
    ERROR: RCU Loading Failed. Check the RCU logs
    edit the <work directory>/docker-images/OracleIdentityGovernance/samples/containerizedDB/docker-compose.yaml and change CONNECTION_STRING=${DC_ORCL_HOST}:${DC_ORCL_PORT}/${DC_ORCL_PDB} to CONNECTION_STRING=oimdb:${DC_ORCL_PORT}/${DC_ORCL_PDB}. Then execute the docker compose command again.

section 5Create and Run the SOA Managed Server Container

In this section you create and run the SOA Managed Server Container.

  1. Run the docker-compose command to create the SOA Managed Server container:
    $ docker-compose up -d soams
    The output will look similar to the following:
    oimadmin is up-to-date
    Creating soams ... done
  2. Run the following command to make sure the container is starting:
    $ docker ps
    The output should look similar to the following:
    CONTAINER ID    IMAGE           COMMAND                  CREATED          STATUS                            PORTS                             NAMES
    8d97016d3a64    oig:12.2.1.4.0  "/bin/bash -c /u01/o…"   17 seconds ago   Up 15 seconds (health: starting)  0.0.0.0:8001-8003->8001-8003/tcp  soams
    3e875049b602    oig:12.2.1.4.0  "/bin/bash -c 'sleep…"   17 hours ago     Up 19 minutes                     0.0.0.0:7001->7001/tcp            oimadmin
  3. Run the following command to tail the log and check the status of the container creation:
    $ docker logs -f soams
    Once you see the following, the SOA Managed Server is started:
    INFO: Waiting for the Managed Server to accept requests...
    SOA Platform is running and accepting requests. Start up took 183753 ms, partition=DOMAIN
    INFO: Managed Server is running
    INFO: Managed server has been started

section 6Create and Run the OIM Managed Server Container

In this section you create and run the OIM Managed Server Container.

  1. Run the docker-compose command to create the OIM Managed Server container:
    $ docker-compose up -d oimms
    The output will look similar to the following:
    oimadmin is up-to-date
    Creating oimms ... done
  2. Run the following command to make sure the container is starting:
    $ docker ps
    The output should look similar to the following:
    CONTAINER ID    IMAGE              COMMAND                  CREATED              STATUS                               PORTS                                 NAMES
    ea224afeaa98    oig:12.2.1.4.0    "/bin/bash -c /u01/o…"   About a minute ago   Up 58 seconds (health: starting)      0.0.0.0:14000-14002->14000-14002/tcp   oimms
    8d97016d3a64    oig:12.2.1.4.0    "/bin/bash -c /u01/o…"   About an hour ago    Up About an hour                      0.0.0.0:8001-8003->8001-8003/tcp       soams
    3e875049b602    oig:12.2.1.4.0    "/bin/bash -c 'sleep…"   18 hours ago         Up About an hour                      0.0.0.0:7001->7001/tcp                 oimadmin
  3. Run the following command to tail the log and check the status of the container creation:
    $ docker logs -f oimms
    Once you see the following, the OIM Managed Server is started:
    INFO: Starting the managed server oim_server1
    INFO: Waiting for the Managed Server to accept requests...
        
    INFO: Managed Server is running
    INFO: Managed server has been started
    INFO: Running SOA Mbean
    INFO: OIM SOA Integration Mbean executed successfully.

section 7Validating the OIG Services

In this section you validate that OIG is running and functioning.

  1. Launch a browser and access the following URL's for the container. Login with weblogic/<password>
    Console or Page URL Login Details
    WebLogic Administration Console http://<hostname>:7001/console weblogic/<password>
    Oracle Enterprise Manager Console http://<hostname>:7001/em weblogic/<password>
    Oracle SOA Platform http://<hostname>:8001/soa-infra weblogic/<password>
    Oracle Identity Self Service Console http://<hostname>:14000/identity xelsysadm/<password>
    Oracle Identity System Administration Console http://<hostname>:14000/sysadmin xelsysadm/<password>

    Note: Do not use WebLogic Administration Console or Oracle Enterprise Manager Console to stop and start the AdminServer, SOA and OIG Managed Servers. Use the commands in section Stopping and Starting Servers.

section 8Stopping and Starting Servers

In this section you learn how to stop and start the OIG AdminServer, SOA Managed Server, OIG Managed Server. You also learn how to stop the database if using a container database.

  1. Execute the setenv.sh script to set the variables:

    $ cd <work directory>/docker-images/OracleIdentityGovernance
    $ . ./setenv.sh
  2. Navigate to the <work directory>/docker-images/OracleIdentityGovernance/samples/containerizedDB if using a container database or to <work directory>/docker-images/OracleIdentityGovernance/samples/externalDB/if using an external database.
  3. To stop the servers run the following commands:
    $ docker-compose stop oimms
    $ docker-compose stop soams
    $ docker-compose stop oimadmin
    If using a container database, stop the database with the following command:
    $ docker-compose stop oimdb                        
  4. If using a container database, restart the database using the following command:
    $ docker-compose start oimdb
    Run the following command to tail the log and check the status of the database startup:
    $ docker logs -f oimdb
    Make sure the database is started before continuing.
  5. Run the following commands to start the OIG AdminServer and check its status:
    $ docker-compose start oimadmin
    $ docker logs -f oimadmin
    Make sure the OIG Admin Server is started before continuing.
  6. Run the following commands to start the SOA Managed Server and check its status:
    $ docker-compose start soams
    $ docker logs -f soams
    Make sure the SOA Managed Server is started before continuing.
  7. Run the following commands to start the OIG Managed Server and check its status:
    $ docker-compose start oimms
    $ docker logs -f oimms

section 9Removing an OIG Docker Setup

If you need to remove an OIG Docker setup perform the following steps:

  1. Run the following command to stop the OIG containers:
    $ docker stop oimms soams oimadmin
    Note: If using a database Docker container then add oimdb to the end of the command.
  2. Remove the OIG containers using the following command:
    $ docker rm oimms soams oimadmin
    Note: If using a database Docker container then add oimdb to the end of the command.
  3. Remove all the directories from the $DC_USERHOME directory (from setenv.sh), for example:
    $ sudo rm -rf /u01/app/docker/OIG/*
    If using an external database and want to create a new environment, make sure you use a different DC_RCU_OIMPFX in the setenv.sh.

more informationWant to Learn More?

Oracle Identity Governance


feedbackFeedback

To provide feedback on this tutorial, please contact Identity Management User Assistance.