Creating the RCU Schemas

7.1.1 Creating the RCU Schemas

In this section you create the Repository Creation Utility (RCU) schemas in the Oracle Database.

Note:

Before following the steps below, make sure that the Oracle Database and Listener are up and running, and you can connect to the database via SQL*Plus or other client tool.

Run the following command to create a helper pod to run RCU:

If using Oracle Container Registry or your own container registry for the Oracle Identity Governance (OIG) container image:

kubectl run --image=<image_name-from-registry>:<tag> \
--image-pull-policy="IfNotPresent" \
--overrides='{"apiVersion": "v1", "spec":{"imagePullSecrets": [{"name": "orclcred"}]}}' \
helper -n <domain_namespace> \
-- sleep infinity

For example:

kubectl run --image=container-registry.oracle.com/middleware/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD> \
--image-pull-policy="IfNotPresent" \
--overrides='{"apiVersion": "v1","spec":{"imagePullSecrets": [{"name": "orclcred"}]}}' \
helper -n oigns \
-- sleep infinity

If you are not using a container registry and have loaded the image on each of the worker nodes, run the following command:

kubectl run helper --image <image>:<tag> -n oigns -- sleep infinity

For example:

kubectl run helper --image oracle/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD> -n oigns --sleep infinity

The output will look similar to the following:

pod/helper created

Run the following command to check the pod is running:
```
kubectl get pods -n <domain_namespace>
```
For example:
```
kubectl get pods -n oigns
```
The output will look similar to the following:
```
NAME     READY   STATUS    RESTARTS   AGE
helper   1/1     Running   0          3m
```
Note:
If you are pulling the image from a container registry it may take several minutes before the pod has a READY status of 1\1. While the pod is starting you can check the status of the pod, by running the following command:
```
kubectl describe pod helper -n oigns
```
Run the following command to start a bash shell in the helper pod:
```
kubectl exec -it helper -n <domain_namespace> -- /bin/bash
```
For example:
```
kubectl exec -it helper -n oigns -- /bin/bash
```
This will take you into a bash shell in the running helper pod:
```
[oracle@helper ~]$
```
In the helper bash shell run the following commands to set the environment:
```
export DB_HOST=<db_host.domain>
```
```
export DB_PORT=<db_port>
```
```
export DB_SERVICE=<service_name>
```
```
export RCUPREFIX=<rcu_schema_prefix>
```
```
export RCU_SCHEMA_PWD=<rcu_schema_pwd>
```
```
echo -e <db_pwd>"\n"<rcu_schema_pwd> > /tmp/pwd.txt
```
```
cat /tmp/pwd.txt
```
Where:
- <db_host.domain> is the database server hostname.
- <db_port> is the database listener port.
- <service_name> is the database service name.
- <rcu_schema_prefix> is the RCU schema prefix you want to set.
- <db_pwd> is the SYS password for the database.
- <rcu_schema_pwd> is the password you want to set for the <rcu_schema_prefix>.
For example:
```
export DB_HOST=mydatabasehost.example.com
```
```
export DB_PORT=1521
```
```
export DB_SERVICE=orcl.example.com
```
```
export RCUPREFIX=OIGK8S
```
```
export RCU_SCHEMA_PWD=<password>
```
```
echo -e <password>"\n"<password> > /tmp/pwd.txt
```
```
cat /tmp/pwd.txt
```
Ensure the cat /tmp/pwd.txt command shows the correct passwords.

In the helper bash shell, run the following command to create the RCU schemas in the database:

/u01/oracle/oracle_common/bin/rcu -silent -createRepository -databaseType ORACLE \
-connectString $DB_HOST:$DB_PORT/$DB_SERVICE \
-dbUser sys -dbRole sysdba -useSamePasswordForAllSchemaUsers true \
-selectDependentsForComponents true -schemaPrefix $RCUPREFIX -component OIM -component MDS -component SOAINFRA -component OPSS \
-f < /tmp/pwd.txt

The output will look similar to the following:

RCU Logfile: /tmp/RCU<DATE>/logs/rcu.log

Processing command line ....
Repository Creation Utility - Checking Prerequisites
Checking Global Prerequisites


Repository Creation Utility - Checking Prerequisites
Checking Component Prerequisites
Repository Creation Utility - Creating Tablespaces
Validating and Creating Tablespaces
Create tablespaces in the repository database
Repository Creation Utility - Create
Repository Create in progress.
        Percent Complete: 10
Executing pre create operations
        Percent Complete: 25
        Percent Complete: 25
        Percent Complete: 26
        Percent Complete: 27
        Percent Complete: 28
        Percent Complete: 28
        Percent Complete: 29
        Percent Complete: 29
Creating Common Infrastructure Services(STB)
        Percent Complete: 36
        Percent Complete: 36
        Percent Complete: 44
        Percent Complete: 44
        Percent Complete: 44
Creating Audit Services Append(IAU_APPEND)
        Percent Complete: 51
        Percent Complete: 51
        Percent Complete: 59
        Percent Complete: 59
        Percent Complete: 59
Creating Audit Services Viewer(IAU_VIEWER)
        Percent Complete: 66
        Percent Complete: 66
        Percent Complete: 67
        Percent Complete: 67
        Percent Complete: 68
        Percent Complete: 68
Creating Metadata Services(MDS)
        Percent Complete: 76
        Percent Complete: 76
        Percent Complete: 76
        Percent Complete: 77
        Percent Complete: 77
        Percent Complete: 78
        Percent Complete: 78
        Percent Complete: 78
Creating Weblogic Services(WLS)
        Percent Complete: 82
        Percent Complete: 82
        Percent Complete: 83
        Percent Complete: 84
        Percent Complete: 86
        Percent Complete: 88
        Percent Complete: 88
        Percent Complete: 88
Creating User Messaging Service(UCSUMS)
        Percent Complete: 92
        Percent Complete: 92
        Percent Complete: 95
        Percent Complete: 95
        Percent Complete: 100
Creating Audit Services(IAU)
Creating Oracle Platform Security Services(OPSS)
Creating SOA Infrastructure(SOAINFRA)
Creating Oracle Identity Manager(OIM)
Executing post create operations

Repository Creation Utility: Create - Completion Summary

Database details:
-----------------------------
Host Name                                    : mydatabasehost.example.com
Port                                         : 1521
Service Name                                 : ORCL.EXAMPLE.COM
Connected As                                 : sys
Prefix for (prefixable) Schema Owners        : OIGK8S
RCU Logfile                                  : /tmp/RCU<DATE>/logs/rcu.log

Component schemas created:
-----------------------------
Component                                    Status         Logfile

Common Infrastructure Services               Success        /tmp/RCU<DATE>/logs/stb.log
Oracle Platform Security Services            Success        /tmp/RCU<DATE>/logs/opss.log
SOA Infrastructure                           Success        /tmp/RCU<DATE>/logs/soainfra.log
Oracle Identity Manager                      Success        /tmp/RCU<DATE>/logs/oim.log
User Messaging Service                       Success        /tmp/RCU<DATE>/logs/ucsums.log
Audit Services                               Success        /tmp/RCU<DATE>/logs/iau.log
Audit Services Append                        Success        /tmp/RCU<DATE>/logs/iau_append.log
Audit Services Viewer                        Success        /tmp/RCU<DATE>/logs/iau_viewer.log
Metadata Services                            Success        /tmp/RCU<DATE>/logs/mds.log
WebLogic Services                            Success        /tmp/RCU<DATE>/logs/wls.log

Repository Creation Utility - Create : Operation Completed
[oracle@helper oracle]$

Run the following command inside the helper pod to patch schemas in the database:

Note:

This command should only be run when using July OIG Patch Set Update (PSU) and Critical Patch Update (CPU) or later.

/u01/oracle/oracle_common/modules/thirdparty/org.apache.ant/apache-ant/bin/ant \
-f /u01/oracle/idm/server/setup/deploy-files/automation.xml \
run-patched-sql-files \
-logger org.apache.tools.ant.NoBannerLogger \
-logfile /u01/oracle/idm/server/bin/patch_oim_wls.log \
-DoperationsDB.host=$DB_HOST \
-DoperationsDB.port=$DB_PORT \
-DoperationsDB.serviceName=$DB_SERVICE \
-DoperationsDB.user=$RCUPREFIX_OIM \
-DOIM.DBPassword=$RCU_SCHEMA_PWD \
-Dojdbc=/u01/oracle/oracle_common/modules/oracle.jdbc/ojdbc11.jar

The output will look similar to the following:

Buildfile: /u01/oracle/idm/server/setup/deploy-files/automation.xml

Verify the database was patched successfully by viewing the patch_oim_wls.log:

cat /u01/oracle/idm/server/bin/patch_oim_wls.log

The output should look similar to below:

...
run-patched-sql-files:
      [sql] Executing resource: /u01/oracle/idm/server/db/oim/oracle/StoredProcedures/Recon/OIM_SP_ReconBlkAccountChglog.sql
      [sql] Executing resource: /u01/oracle/idm/server/db/oim/oracle/Upgrade/oim14cBP/list/oim14c_dml_pty_insert_self_assignment_allowed.sql
      [sql] Executing resource: /u01/oracle/idm/server/db/oim/oracle/StoredProcedures/API/oim_role_mgmt_pkg_body.sql
      [sql] Executing resource: /u01/oracle/idm/server/db/oim/oracle/StoredProcedures/API/oim_usr_mgmt_pkg_body.sql
      [sql] Executing resource: /u01/oracle/idm/server/db/oim/oracle/StoredProcedures/DBDiagnostics/oim_db_diagnostics_pkg_body.sql
      [sql] 5 of 5 SQL statements executed successfully
BUILD SUCCESSFUL
Total time: 1 second

Exit the helper bash shell by issuing the command exit.