Skip to content

Commit

Permalink
Fix in OIM MAA (#95)
Browse files Browse the repository at this point in the history
  • Loading branch information
mdr2 authored Mar 1, 2022
1 parent 93ac657 commit 42c4f49
Show file tree
Hide file tree
Showing 8 changed files with 117 additions and 49 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/bash
# Copyright (c) 2021, Oracle and/or its affiliates.
# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# This is an example of common functions and procedures used by the provisioning and deletion scripts
Expand Down Expand Up @@ -749,48 +749,48 @@ create_schemas ()
printf "$RCUPWD\n" >> /tmp/pwd.txt
print_msg "Creating $SCHEMA_TYPE Schemas"

printf "#!/bin/bash\n" > /tmp/create_schema.sh
printf "/u01/oracle/oracle_common/bin/rcu -silent -createRepository -databaseType ORACLE " >> /tmp/create_schema.sh
printf " -connectString $DB_HOST:$DB_PORT/$DB_SERVICE " >> /tmp/create_schema.sh
printf " -dbUser sys -dbRole sysdba -useSamePasswordForAllSchemaUsers true -selectDependentsForComponents true " >> /tmp/create_schema.sh
printf " -schemaPrefix $RCU_PREFIX" >> /tmp/create_schema.sh
printf "#!/bin/bash\n" > $WORKDIR/create_schema.sh
printf "/u01/oracle/oracle_common/bin/rcu -silent -createRepository -databaseType ORACLE " >> $WORKDIR/create_schema.sh
printf " -connectString $DB_HOST:$DB_PORT/$DB_SERVICE " >> $WORKDIR/create_schema.sh
printf " -dbUser sys -dbRole sysdba -useSamePasswordForAllSchemaUsers true -selectDependentsForComponents true " >> $WORKDIR/create_schema.sh
printf " -schemaPrefix $RCU_PREFIX" >> $WORKDIR/create_schema.sh

if [ "$SCHEMA_TYPE" = "OIG" ]
then
printf "$OIG_SCHEMAS" >> /tmp/create_schema.sh
printf "$OIG_SCHEMAS" >> $WORKDIR/create_schema.sh
elif [ "$SCHEMA_TYPE" = "OAM" ]
then
printf "$OAM_SCHEMAS" >> /tmp/create_schema.sh
printf "$OAM_SCHEMAS" >> $WORKDIR/create_schema.sh
else
printf "\nInvalid Schema Type: $SCHEMA_TYPE \n"
exit 1
fi

printf " -f < /tmp/pwd.txt \n" >> /tmp/create_schema.sh
printf " exit \n" >> /tmp/create_schema.sh
printf " -f < /tmp/pwd.txt \n" >> $WORKDIR/create_schema.sh
printf " exit \n" >> $WORKDIR/create_schema.sh

kubectl cp /tmp/pwd.txt $NAMESPACE/helper:/tmp
kubectl cp /tmp/create_schema.sh $NAMESPACE/helper:/tmp
kubectl cp $WORKDIR/create_schema.sh $NAMESPACE/helper:/tmp
kubectl exec -n $NAMESPACE -ti helper -- /bin/bash < /tmp/create_schema.sh > $LOGDIR/create_schemas.log 2>&1
print_status $? $LOGDIR/create_schemas.log
if [ "$SCHEMA_TYPE" = "OIG" ]
then
printf "\t\t\tPatching OIM Schema - "
printf "/u01/oracle/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/bin/ant " >> /tmp/patch_schema.sh
printf " -f /u01/oracle/idm/server/setup/deploy-files/automation.xml " >> /tmp/patch_schema.sh
printf " run-patched-sql-files " >> /tmp/patch_schema.sh
printf " -logger org.apache.tools.ant.NoBannerLogger " >> /tmp/patch_schema.sh
printf " -logfile /tmp/patch_oim_wls.log " >> /tmp/patch_schema.sh
printf " -DoperationsDB.host=$DB_HOST" >> /tmp/patch_schema.sh
printf " -DoperationsDB.port=$DB_PORT " >> /tmp/patch_schema.sh
printf " -DoperationsDB.serviceName=$DB_SERVICE " >> /tmp/patch_schema.sh
printf " -DoperationsDB.user=${RCU_PREFIX}_OIM " >> /tmp/patch_schema.sh
printf " -DOIM.DBPassword=$RCUPWD " >> /tmp/patch_schema.sh
printf " -Dojdbc=/u01/oracle/oracle_common/modules/oracle.jdbc/ojdbc8.jar \n" >> /tmp/patch_schema.sh
printf "exit \n" >> /tmp/patch_schema.sh


kubectl cp /tmp/create_schema.sh $NAMESPACE/helper:/tmp
printf "/u01/oracle/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/bin/ant " >> $WORKDIR/patch_schema.sh
printf " -f /u01/oracle/idm/server/setup/deploy-files/automation.xml " >> $WORKDIR/patch_schema.sh
printf " run-patched-sql-files " >> $WORKDIR/patch_schema.sh
printf " -logger org.apache.tools.ant.NoBannerLogger " >> $WORKDIR/patch_schema.sh
printf " -logfile /tmp/patch_oim_wls.log " >> $WORKDIR/patch_schema.sh
printf " -DoperationsDB.host=$DB_HOST" >> $WORKDIR/patch_schema.sh
printf " -DoperationsDB.port=$DB_PORT " >> $WORKDIR/patch_schema.sh
printf " -DoperationsDB.serviceName=$DB_SERVICE " >> $WORKDIR/patch_schema.sh
printf " -DoperationsDB.user=${RCU_PREFIX}_OIM " >> $WORKDIR/patch_schema.sh
printf " -DOIM.DBPassword=$RCUPWD " >> $WORKDIR/patch_schema.sh
printf " -Dojdbc=/u01/oracle/oracle_common/modules/oracle.jdbc/ojdbc8.jar \n" >> $WORKDIR/patch_schema.sh
printf "exit \n" >> $WORKDIR/patch_schema.sh


kubectl cp $WORKDIR/patch_schema.sh $NAMESPACE/helper:/tmp
kubectl exec -n $NAMESPACE -ti helper -- /bin/bash < /tmp/patch_schema.sh > $LOGDIR/patch_schema.log 2>&1
kubectl cp $NAMESPACE/helper:/tmp/patch_oim_wls.log $LOGDIR/patch_oim_wls.log > /dev/null
grep -q "BUILD SUCCESSFUL" $LOGDIR/patch_oim_wls.log
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2021, Oracle and/or its affiliates.
# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# This is an example of procedures used to configure OAM
Expand Down Expand Up @@ -435,7 +435,7 @@ run_idmConfigTool()
printf "\t\t\tChecking Log File - "
copy_from_k8 $PV_MOUNT/workdir/configoam.log $WORKDIR/logs/configoam.log $OAMNS $OAM_DOMAIN_NAME

grep -q SEVERE $WORKDIR/logs/configoam.log | grep -v simple
grep SEVERE $WORKDIR/logs/configoam.log | grep -v simple > /dev/null
if [ $? = 0 ]
then
echo "Failed - Check logifle $WORKDIR/logs/configoam.log"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2021, Oracle and/or its affiliates.
# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# This is an example of functions and procedures to provision and Configure Oracle Identity Governance
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2021, Oracle and/or its affiliates.
# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# This is an example of functions and procedures to provision and Configure Oracle Identity Role Intelligence
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2021, Oracle and/or its affiliates.
# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
#
# This is an example of the checks that can be performed before Provisioning Identity Management
Expand Down Expand Up @@ -161,6 +161,63 @@ create_oud_nodeport()
print_time STEP "Create OUD Nodeport services" $ST $ET >> $LOGDIR/timings.log
}

# Check Validate OUD Dataload was successful
#
validate_oud()
{
ST=`date +%s`
print_msg "Validating OUD"
echo "Validating OUD" > $LOGDIR/validate_oud.log
echo "--------------" >> $LOGDIR/validate_oud.log
echo "" >> $LOGDIR/validate_oud.log
FAIL=0

printf "\n\t\t\tChecking for Import Errors - "
grep -q ERROR $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log
if [ $? = 0 ]
then
echo "Import Errors Found check logfile $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log"
echo "Import Errors Found check logfile $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log" >> $LOGDIR/validate_oud.log
FAIL=1
else
echo "No Errors"
echo "No Import Errors discovered" >> $LOGDIR/validate_oud.log
fi
printf "\t\t\tChecking for Rejects - "
if [ -s $OUD_LOCAL_SHARE/rejects.ldif ]
then
echo "Rejects found check File: $OUD_LOCAL_SHARE/rejects.ldif"
echo "Rejects found check File: $OUD_LOCAL_SHARE/rejects.ldif" >> $LOGDIR/validate_oud.log
FAIL=1
else
echo "No Rejects found"
echo "No Reject Errors discovered" >> $LOGDIR/validate_oud.log
fi
printf "\t\t\tChecking for Skipped Records - "
if [ -s $OUD_LOCAL_SHARE/skip.ldif ]
then
echo "Skipped Records found check File: $OUD_LOCAL_SHARE/skip.ldif"
echo "Skipped Records found check File: $OUD_LOCAL_SHARE/skip.ldif" >> $LOGDIR/validate_oud.log
FAIL=1
else
echo "No Skipped Records found"
echo "No Skipped Records discovered" >> $LOGDIR/validate_oud.log
fi


if [ "$FAIL" = "1" ]
then
printf "\n\t\t\tOUD Vaildation Failed\n"
exit 1
else
printf "\n\t\t\tOUD Vaildation Succeeded\n"
fi



ET=`date +%s`
print_time STEP "Validating OUD" $ST $ET >> $LOGDIR/timings.log
}
create_ingress()
{
ST=`date +%s`
Expand All @@ -179,6 +236,7 @@ create_ingress()
ET=`date +%s`
print_time STEP "Creating Ingress" $ST $ET >> $LOGDIR/timings.log
}

# Create a Helm override file to deploy OUDSM
#
create_oudsm_override()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/bash
# Copyright (c) 2021, Oracle and/or its affiliates.
# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# This is an example of deploying Oracle Unified Directory, configuring it for use with Oracle Access Manager
Expand Down Expand Up @@ -127,6 +127,15 @@ then
update_progress
fi

# Valiate OUD
#
new_step
if [ $STEPNO -gt $PROGRESS ]
then
validate_oud
update_progress
fi

# Setup Ingress if required Otherwise create NodePort Services
#
if [ "$USE_INGRESS" = "true" ]
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/bash
# Copyright (c) 2021, Oracle and/or its affiliates.
# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# This is an example script to populate the responsefile
Expand Down Expand Up @@ -392,6 +392,7 @@ then
if [ ! "$ANS" = "" ]
then
global_replace_value $OLD_SEARCHBASE $ANS $RSPFILE
OUD_SEARCHBASE=$ANS
OUD_REGION=`echo $ANS | cut -f1 -d, | cut -f2 -d=`
replace_value OUD_REGION $OUD_REGION $RSPFILE
OAM_COOKIE_DOMAIN=`echo $OUD_SEARCHBASE | sed 's/dc=/./g;s/,//g'`
Expand Down Expand Up @@ -509,8 +510,8 @@ fi
if [ "$INSTALL_OUDSM" = "true" ]
then
echo
echo "OUDSM Paramters"
echo "---------------"
echo "OUDSM Parameters"
echo "----------------"
echo
echo -n "Enter OUDSM Image Name [$OUDSM_IMAGE]:"
read ANS
Expand Down Expand Up @@ -580,8 +581,8 @@ fi
if [ "$INSTALL_OAM" = "true" ] || [ "$INSTALL_OIG" = "true" ]
then
echo
echo "WebLogic Operator Paramters"
echo "---------------------------"
echo "WebLogic Operator Parameters"
echo "----------------------------"
echo

if [ "$GET_NS" = "true" ]
Expand Down Expand Up @@ -611,8 +612,8 @@ fi
if [ "$INSTALL_OAM" = "true" ]
then
echo
echo "Oracle Access Manager Paramters"
echo "-------------------------------"
echo "Oracle Access Manager Parameters"
echo "--------------------------------"
echo

echo -n "Enter OAM Image Name [$OAM_IMAGE]:"
Expand Down Expand Up @@ -870,8 +871,8 @@ fi
if [ "$INSTALL_OIG" = "true" ]
then
echo
echo "Oracle Identity Governance Paramters"
echo "------------------------------------"
echo "Oracle Identity Governance Parameters"
echo "-------------------------------------"
echo

echo -n "Enter OIG Image Name [$OIG_IMAGE]:"
Expand Down Expand Up @@ -1214,8 +1215,8 @@ fi
if [ "$INSTALL_OIRI" = "true" ]
then
echo
echo "Oracle Identity Role Intelligence Paramters"
echo "-------------------------------------------"
echo "Oracle Identity Role Intelligence Parameters"
echo "--------------------------------------------"
echo

echo -n "Enter OIRI Image Name [$OIRI_IMAGE]:"
Expand Down Expand Up @@ -1545,8 +1546,8 @@ then
fi
fi
echo
echo "Oracle HTTP Server Paramters"
echo "----------------------------"
echo "Oracle HTTP Server Parameters"
echo "-----------------------------"
echo

echo -n "Enter OHS1 Hostname [$OHS_HOST1]:"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2021, Oracle and/or its affiliates.
# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
#
# This is an example of a helm override file to deploy OUD
Expand Down Expand Up @@ -54,7 +54,7 @@ baseOUD:
- name: restartAfterSchemaConfig
value: "true"
- name: importLdif_1
value: --append --replaceExisting --includeBranch dc=us,dc=oracle,dc=com --backendID userRoot --ldifFile /u01/oracle/config-input/base.ldif --rejectFile /u01/oracle/config-input/rejects.ldif --skipFile /u01/oracle/config-input/skip.ldif
value: --append --replaceExisting --includeBranch ${baseDN} --backendID userRoot --ldifFile /u01/oracle/config-input/base.ldif --rejectFile /u01/oracle/config-input/rejects.ldif --skipFile /u01/oracle/config-input/skip.ldif
- name: serverTuning
value: -Xms1024m -Xmx2048m -d64 -XX:+UseCompressedOops -server -Xmn1g -XX:MaxTenuringThreshold=1 -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=60
- name: dsconfig_1
Expand All @@ -64,9 +64,9 @@ baseOUD:
- name: dsconfig_3
value: set-access-control-handler-prop --add global-aci:"(target=\"ldap:///cn=changelog\")(targetattr=\"*\")(version 3.0; acl \"External changelog access\"; allow (read,search,compare,add,write,delete,export) groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,${baseDN}\";)"
- name: dsconfig_4
value: set-access-control-handler-prop --add global-aci:"(targetcontrol=\"1.3.6.1.4.1.26027.1.5.4 || 1.3.6.1.4.1.26027.2.3.4\")(version 3.0; acl \"<OUD_OIGADMIN_GRP> control access\"; allow(read) groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,dc=us,dc=oracle,dc=com\";)"
value: set-access-control-handler-prop --add global-aci:"(targetcontrol=\"1.3.6.1.4.1.26027.1.5.4 || 1.3.6.1.4.1.26027.2.3.4\")(version 3.0; acl \"<OUD_OIGADMIN_GRP> control access\"; allow(read) groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,${baseDN}\";)"
- name: dsconfig_5
value: set-access-control-handler-prop --add global-aci:"(target=\"ldap:///\")(targetscope=\"base\")(targetattr=\"lastExternalChangelogCookie\")(version 3.0; acl \"User-Visible lastExternalChangelog\"; allow (read,search,compare) groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,dc=us,dc=oracle,dc=com\";)"
value: set-access-control-handler-prop --add global-aci:"(target=\"ldap:///\")(targetscope=\"base\")(targetattr=\"lastExternalChangelogCookie\")(version 3.0; acl \"User-Visible lastExternalChangelog\"; allow (read,search,compare) groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,${baseDN}\";)"
- name: dsconfig_6
value: set-access-control-handler-prop --remove global-aci:"(targetcontrol=\"1.3.6.1.1.12 || 1.3.6.1.1.13.1 || 1.3.6.1.1.13.2 || 1.2.840.113556.1.4.319 || 1.2.826.0.1.3344810.2.3 || 2.16.840.1.113730.3.4.18 || 2.16.840.1.113730.3.4.9 || 1.2.840.113556.1.4.473 || 1.3.6.1.4.1.42.2.27.9.5.9\") (version 3.0; acl \"Authenticated users control access\"; allow(read) userdn=\"ldap:///all\";)"
- name: dsconfig_7
Expand Down

0 comments on commit 42c4f49

Please sign in to comment.