Before You Begin

This tutorial shows you how to create and configure Oracle Internet Directory (OID) 12.2.1.4.0 Docker containers.

Background

Docker is a platform that enables users to build, package, ship and run distributed applications. Docker users package up their applications, and any dependent libraries or files, into a Docker image.

Docker images are portable artifacts that can be distributed across many environments. Images that have been distributed can be used to instantiate containers where applications can run in isolation from other applications running in other containers on the same host operating system.

What Do You Need?

• An OID Docker image loaded into the Docker repository
• A basic understanding of Docker
• An understanding of OID and its deployment options.
• A running Oracle Database. The database must be a supported version for OID as outlined in Oracle Fusion Middleware 12c certifications.

Validate the OID Image

In this section you validate that the Oracle Internet Directory image is installed in the docker images repository.

$ docker images | grep oid

The output will look similar to the following:

REPOSITORY TAG IMAGE ID CREATED SIZE
oracle/oid 12.2.1.4.0 ef7252c9221c 23 hours ago 6.94GB

Set Database Parameters

Ensure your OID database has the following parameters set.

• processes
• open_cursors
• transactions

If not set, run the following SQL commands to set the values.

SQL> alter system set processes=500 scope=spfile;
SQL> alter system set open_cursors=500 scope=spfile;
SQL> alter system set transactions=500 scope=spfile;
SQL> shutdown IMMEDIATE
SQL> startup force

Create a Bridged Network

Create a bridged network so the OID Docker container(s) can communicate with each other.

To create a docker network, run the following command:

$ docker network create -d bridge OIDNet

The output will look similar to the following:

f18ca45a95c8ae1b6885fcc1b489a1a1a76bcdd292272276c2960335734c8d39

Create and Run the OID Docker Container

In this section you create and run the OID container.

When the container is created the following operations are performed:

• Execution of the Repository Creation Utility
• Creation of the OID Domain with DOMAIN_ROOT as /u01/oracle/user_projects
• Startup of the Administration Server and NodeManager
• Creation and startup of the OID LDAP server
• Mapping of a directory from the host, for example /scratch/user_projects, to the container at /u01/oracle/user_projects.

1. Create an environment file /scratch/oid.env which contains the following variables:

   DOMAIN_NAME=oid_domain
   ADMIN_USER=weblogic
   ADMIN_PASSWORD=<password>
   ADMIN_LISTEN_HOST=oidhost1
   ADMIN_LISTEN_PORT=7001
   INSTANCE_NAME=oid1
   INSTANCE_HOST=oidhost1
   CONNECTION_STRING=oiddb.example.com:1521/oid.example.com
   RCUPREFIX=OID01
   DB_USER=sys
   DB_PASSWORD=<password>
   DB_SCHEMA_PASSWORD=<password>
   REALM_DN=dc=oid,dc=example,dc=com
   ORCL_ADMIN_PASSWORD=<password>
   INSTANCE_TYPE=PRIMARY
   SSL_WALLET_PASSWORD=<password>

   where:
   a) DOMAIN_NAME is the name of the WebLogic domain to be created
   b) ADMIN_USER and ADMIN_PASSWORD are the weblogic user/pwd for the WebLogic console
   c) ADMIN_LISTEN_HOST is the hostname for the container. Note: it is recommended to make this the same name as the container name passed in the --name parameter in the docker run command below
   d) ADMIN_LISTEN_PORT is the port number for the WebLogic Administration Server to listen on
   e) INSTANCE_NAME is the instance name for the OID LDAP Server instance
   f) INSTANCE_HOST is the host name for the OID LDAP Server instance
   g) CONNECTION_STRING is the <host>:<port>/<service_name> of the running database
   h) RCUPREFIX is the prefix name to give the schemas built by RCU
   i) DB_USER and DB_PASSWORD are the user/pwd of the running database
   j) DB_SCHEMA_PASSWORD is the password you want to set for the RCU schemas
   k) REALM_DN is the distinguished name of the domain you want to assign to the OID LDAP Server instance
   l) ORCL_ADMIN_PASSWORD is the password of the cn=orcladmin OID Admin user
   m) INSTANCE_TYPE is the OID LDAP Server instance type
   n) SSL_WALLET_PASSWORD is the password for the OID SSL Wallet
2. Run the following command to create and start the OID Server container oidhost1, and create the OID Domain.

   $ docker run -d \
   -p 7001:7001 \
   -p 3060:3060 \
   --name oidhost1 \
   --hostname oidhost1 \
   --network=OIDNet \
   --env-file /scratch/oid.env \
   --volume /scratch/oidpv:/u01/oracle/user_projects oracle/oid:12.2.1.4.0

   In the above example:
   a) -d starts the container detached as a background process
   b) --name is the name given to the docker container once started. For ease of give this name the same value as passed in the ADMIN_LISTEN_HOST variable
   c) --volume maps the /scratch/oidpv directory on the host environment to the /u01/oracle/user_projects directory in the container.
   d) --env-file is the path to the oid.env file created earlier
   e) oracle/oid:12.2.1.4.0 is the name of the OID image name.
   f) --network is the name of the network bridge we created earlier

   The output will look similar to the following:

   7e735093a9503dc6586e00f31c9846cf59b92fb5299875f4eb650053f0a1fb01

   Note: In the above example the environment variables are passed with the --env-file parameter which points a file containing the environment variables. Alternatively, you can to pass the environment variables on the command line as follows:

   $ docker run -d --network=OIDNet \
   -p 7001:7001 \
   --name=oidhost1 \
   --env CONNECTION_STRING=oiddb.example.com:1521/oid.example.com \
   --env ADMIN_LISTEN_HOST=oidhost1 \
   --env ADMIN_LISTEN_PORT=7001 \
   --env DOMAIN_NAME=oid_domain \
   --env ADMIN_USER=weblogic
   --env ADMIN_PASSWORD=<password> \
   --env RCUPREFIX=OID01
   --env DB_USER=sys \
   --env DB_PASSWORD=<password> \
   --env DB_SCHEMA_PASSWORD=<password> \
   --env REALM_DN=dc=oid,dc=example,dc=com \
   --env ORCL_ADMIN_PASSWORD=<password> \
   --env INSTANCE_TYPE=PRIMARY \
   --env SSL_WALLET_PASSWORD=<password> \
   -v /scratch/oidpv/:/u01/oracle/user_projects oracle/oid:12.2.1.4.0

3. Validate the container is running by issuing the following command:

   $ docker ps | grep oidhost1

   The output should look similar to the following:

   CONTAINER ID IMAGE                 COMMAND                CREATED      STATUS                PORTS                                          NAMES
   aadf95fa0d10 oracle/oid:12.2.1.4.0 "sh -c ${SCRIPT_DIR}…" 20 hours ago Up 20 hours (healthy) 0.0.0.0:3060->3060/tcp, 0.0.0.0:7001->7001/tcp oidhost1

4. Run the docker logs command to see the status of the server creation:

   $ docker logs oidhost1

   The creation of the OID Domain and the OID LDAP Server will take several minutes. Run the above command until you see the following output to confirm completion.

   NLS_LANG not set in environment
   Setting NLS_LANG to AMERICAN_AMERICA.AL32UTF8
   oidctl:oidmon is up and running on oidhost1
   oidctl:Waiting for oidmon to start OIDLDAPD (instance=1)
   oidctl:Waiting for oidmon to start OIDLDAPD (instance=1)
   Failed for 0 time/times....
   SSL Setup completed successfully
   

   Note: If after a while the oidhost1 container disappears then it's likely the container failed to start. If so run "docker ps -a". This should show the status of all the containers started, stopped, or exited. You can then run "docker logs oidhost1" to view the log to try and work out what went wrong. Most problems are caused by typo's in the docker run command, or incorrect setting of environment variables.
   

Validating the OID Services

In this section you validate that Oracle Internet Directory is running and functioning.

1. Find the the relevant IP Addresses for the OID Docker container using the following command:

   $ docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' < name of docker containers separated by space >

   For example:

   $ docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' oidhost1

   The output will look similar to the following:

   /oidhost1 - 172.19.0.3

2. Launch a browser on the Docker host Linux server. Edit the browsers' network proxy preferences and add the ip addresses from above to the No proxy for section.
3. Access the following URL's using the relevant ip address for the container.
   

   Console or Page	URL	Login
   WebLogic Administration Console	http://<oidhost1_ip>:7001/console	weblogic/<password>
   Oracle Directory Services Manager	http://<oidhost1_ip>:7001/odsm	cn=orcladmin/<password>

   
   Alternatively services can be accessed through:
   
   a) localhost only from the docker host itself with http://localhost:7001/<uri>

b) From outside the docker host if container ports were mapped to the host ports (through -p parameter for docker run. For example http://<hostname>:<ADMIN_LISTEN_PORT>/<uri>

   

Removing an OID Docker Container

If you need to remove an Oracle Internet Directory Docker container perform the following steps:

1. Stop the OID container using the following command:

   $ docker stop <containername>

   For example:

   $ docker stop oidhost1

2. Remove the OID container using the following command:

   $ docker rm <containername>

   For example:

   $ docker rm oidhost1

Want to Learn More?

• Oracle Internet Directory

Feedback

To provide feedback on this tutorial, please contact Identity Management User Assistance.