From 42c4f49960eb11e4067a3720553a5263bbf5e201 Mon Sep 17 00:00:00 2001 From: Michael Rhys <64252429+mdr2@users.noreply.github.com> Date: Tue, 1 Mar 2022 07:24:52 +0000 Subject: [PATCH] Fix in OIM MAA (#95) --- .../common/functions.sh | 52 ++++++++-------- .../common/oam_functions.sh | 4 +- .../common/oig_functions.sh | 2 +- .../common/oiri_functions.sh | 2 +- .../common/oud_functions.sh | 60 ++++++++++++++++++- .../OracleIdentityManagement/provision_oud.sh | 11 +++- .../OracleIdentityManagement/start_here.sh | 27 +++++---- .../templates/oud/override_oud.yaml | 8 +-- 8 files changed, 117 insertions(+), 49 deletions(-) diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh index fafe5e946..a9cf727ae 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example of common functions and procedures used by the provisioning and deletion scripts @@ -749,48 +749,48 @@ create_schemas () printf "$RCUPWD\n" >> /tmp/pwd.txt print_msg "Creating $SCHEMA_TYPE Schemas" - printf "#!/bin/bash\n" > /tmp/create_schema.sh - printf "/u01/oracle/oracle_common/bin/rcu -silent -createRepository -databaseType ORACLE " >> /tmp/create_schema.sh - printf " -connectString $DB_HOST:$DB_PORT/$DB_SERVICE " >> /tmp/create_schema.sh - printf " -dbUser sys -dbRole sysdba -useSamePasswordForAllSchemaUsers true -selectDependentsForComponents true " >> /tmp/create_schema.sh - printf " -schemaPrefix $RCU_PREFIX" >> /tmp/create_schema.sh + printf "#!/bin/bash\n" > $WORKDIR/create_schema.sh + printf "/u01/oracle/oracle_common/bin/rcu -silent -createRepository -databaseType ORACLE " >> $WORKDIR/create_schema.sh + printf " -connectString $DB_HOST:$DB_PORT/$DB_SERVICE " >> $WORKDIR/create_schema.sh + printf " -dbUser sys -dbRole sysdba -useSamePasswordForAllSchemaUsers true -selectDependentsForComponents true " >> $WORKDIR/create_schema.sh + printf " -schemaPrefix $RCU_PREFIX" >> $WORKDIR/create_schema.sh if [ "$SCHEMA_TYPE" = "OIG" ] then - printf "$OIG_SCHEMAS" >> /tmp/create_schema.sh + printf "$OIG_SCHEMAS" >> $WORKDIR/create_schema.sh elif [ "$SCHEMA_TYPE" = "OAM" ] then - printf "$OAM_SCHEMAS" >> /tmp/create_schema.sh + printf "$OAM_SCHEMAS" >> $WORKDIR/create_schema.sh else printf "\nInvalid Schema Type: $SCHEMA_TYPE \n" exit 1 fi - printf " -f < /tmp/pwd.txt \n" >> /tmp/create_schema.sh - printf " exit \n" >> /tmp/create_schema.sh + printf " -f < /tmp/pwd.txt \n" >> $WORKDIR/create_schema.sh + printf " exit \n" >> $WORKDIR/create_schema.sh kubectl cp /tmp/pwd.txt $NAMESPACE/helper:/tmp - kubectl cp /tmp/create_schema.sh $NAMESPACE/helper:/tmp + kubectl cp $WORKDIR/create_schema.sh $NAMESPACE/helper:/tmp kubectl exec -n $NAMESPACE -ti helper -- /bin/bash < /tmp/create_schema.sh > $LOGDIR/create_schemas.log 2>&1 print_status $? $LOGDIR/create_schemas.log if [ "$SCHEMA_TYPE" = "OIG" ] then printf "\t\t\tPatching OIM Schema - " - printf "/u01/oracle/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/bin/ant " >> /tmp/patch_schema.sh - printf " -f /u01/oracle/idm/server/setup/deploy-files/automation.xml " >> /tmp/patch_schema.sh - printf " run-patched-sql-files " >> /tmp/patch_schema.sh - printf " -logger org.apache.tools.ant.NoBannerLogger " >> /tmp/patch_schema.sh - printf " -logfile /tmp/patch_oim_wls.log " >> /tmp/patch_schema.sh - printf " -DoperationsDB.host=$DB_HOST" >> /tmp/patch_schema.sh - printf " -DoperationsDB.port=$DB_PORT " >> /tmp/patch_schema.sh - printf " -DoperationsDB.serviceName=$DB_SERVICE " >> /tmp/patch_schema.sh - printf " -DoperationsDB.user=${RCU_PREFIX}_OIM " >> /tmp/patch_schema.sh - printf " -DOIM.DBPassword=$RCUPWD " >> /tmp/patch_schema.sh - printf " -Dojdbc=/u01/oracle/oracle_common/modules/oracle.jdbc/ojdbc8.jar \n" >> /tmp/patch_schema.sh - printf "exit \n" >> /tmp/patch_schema.sh - - - kubectl cp /tmp/create_schema.sh $NAMESPACE/helper:/tmp + printf "/u01/oracle/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/bin/ant " >> $WORKDIR/patch_schema.sh + printf " -f /u01/oracle/idm/server/setup/deploy-files/automation.xml " >> $WORKDIR/patch_schema.sh + printf " run-patched-sql-files " >> $WORKDIR/patch_schema.sh + printf " -logger org.apache.tools.ant.NoBannerLogger " >> $WORKDIR/patch_schema.sh + printf " -logfile /tmp/patch_oim_wls.log " >> $WORKDIR/patch_schema.sh + printf " -DoperationsDB.host=$DB_HOST" >> $WORKDIR/patch_schema.sh + printf " -DoperationsDB.port=$DB_PORT " >> $WORKDIR/patch_schema.sh + printf " -DoperationsDB.serviceName=$DB_SERVICE " >> $WORKDIR/patch_schema.sh + printf " -DoperationsDB.user=${RCU_PREFIX}_OIM " >> $WORKDIR/patch_schema.sh + printf " -DOIM.DBPassword=$RCUPWD " >> $WORKDIR/patch_schema.sh + printf " -Dojdbc=/u01/oracle/oracle_common/modules/oracle.jdbc/ojdbc8.jar \n" >> $WORKDIR/patch_schema.sh + printf "exit \n" >> $WORKDIR/patch_schema.sh + + + kubectl cp $WORKDIR/patch_schema.sh $NAMESPACE/helper:/tmp kubectl exec -n $NAMESPACE -ti helper -- /bin/bash < /tmp/patch_schema.sh > $LOGDIR/patch_schema.log 2>&1 kubectl cp $NAMESPACE/helper:/tmp/patch_oim_wls.log $LOGDIR/patch_oim_wls.log > /dev/null grep -q "BUILD SUCCESSFUL" $LOGDIR/patch_oim_wls.log diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh index 948ecab35..ccc6c9929 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh @@ -1,4 +1,4 @@ -# Copyright (c) 2021, Oracle and/or its affiliates. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example of procedures used to configure OAM @@ -435,7 +435,7 @@ run_idmConfigTool() printf "\t\t\tChecking Log File - " copy_from_k8 $PV_MOUNT/workdir/configoam.log $WORKDIR/logs/configoam.log $OAMNS $OAM_DOMAIN_NAME - grep -q SEVERE $WORKDIR/logs/configoam.log | grep -v simple + grep SEVERE $WORKDIR/logs/configoam.log | grep -v simple > /dev/null if [ $? = 0 ] then echo "Failed - Check logifle $WORKDIR/logs/configoam.log" diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh index 387871856..bdc33c82a 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh @@ -1,4 +1,4 @@ -# Copyright (c) 2021, Oracle and/or its affiliates. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example of functions and procedures to provision and Configure Oracle Identity Governance diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oiri_functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oiri_functions.sh index ab974b833..8a45691a0 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oiri_functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oiri_functions.sh @@ -1,4 +1,4 @@ -# Copyright (c) 2021, Oracle and/or its affiliates. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example of functions and procedures to provision and Configure Oracle Identity Role Intelligence diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oud_functions.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oud_functions.sh index 45217e05d..7bdc5871d 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oud_functions.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oud_functions.sh @@ -1,4 +1,4 @@ -# Copyright (c) 2021, Oracle and/or its affiliates. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. # # This is an example of the checks that can be performed before Provisioning Identity Management @@ -161,6 +161,63 @@ create_oud_nodeport() print_time STEP "Create OUD Nodeport services" $ST $ET >> $LOGDIR/timings.log } +# Check Validate OUD Dataload was successful +# +validate_oud() +{ + ST=`date +%s` + print_msg "Validating OUD" + echo "Validating OUD" > $LOGDIR/validate_oud.log + echo "--------------" >> $LOGDIR/validate_oud.log + echo "" >> $LOGDIR/validate_oud.log + FAIL=0 + + printf "\n\t\t\tChecking for Import Errors - " + grep -q ERROR $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log + if [ $? = 0 ] + then + echo "Import Errors Found check logfile $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log" + echo "Import Errors Found check logfile $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log" >> $LOGDIR/validate_oud.log + FAIL=1 + else + echo "No Errors" + echo "No Import Errors discovered" >> $LOGDIR/validate_oud.log + fi + printf "\t\t\tChecking for Rejects - " + if [ -s $OUD_LOCAL_SHARE/rejects.ldif ] + then + echo "Rejects found check File: $OUD_LOCAL_SHARE/rejects.ldif" + echo "Rejects found check File: $OUD_LOCAL_SHARE/rejects.ldif" >> $LOGDIR/validate_oud.log + FAIL=1 + else + echo "No Rejects found" + echo "No Reject Errors discovered" >> $LOGDIR/validate_oud.log + fi + printf "\t\t\tChecking for Skipped Records - " + if [ -s $OUD_LOCAL_SHARE/skip.ldif ] + then + echo "Skipped Records found check File: $OUD_LOCAL_SHARE/skip.ldif" + echo "Skipped Records found check File: $OUD_LOCAL_SHARE/skip.ldif" >> $LOGDIR/validate_oud.log + FAIL=1 + else + echo "No Skipped Records found" + echo "No Skipped Records discovered" >> $LOGDIR/validate_oud.log + fi + + + if [ "$FAIL" = "1" ] + then + printf "\n\t\t\tOUD Vaildation Failed\n" + exit 1 + else + printf "\n\t\t\tOUD Vaildation Succeeded\n" + fi + + + + ET=`date +%s` + print_time STEP "Validating OUD" $ST $ET >> $LOGDIR/timings.log +} create_ingress() { ST=`date +%s` @@ -179,6 +236,7 @@ create_ingress() ET=`date +%s` print_time STEP "Creating Ingress" $ST $ET >> $LOGDIR/timings.log } + # Create a Helm override file to deploy OUDSM # create_oudsm_override() diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oud.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oud.sh index 257f4ad03..807dea202 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oud.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oud.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example of deploying Oracle Unified Directory, configuring it for use with Oracle Access Manager @@ -127,6 +127,15 @@ then update_progress fi +# Valiate OUD +# +new_step +if [ $STEPNO -gt $PROGRESS ] +then + validate_oud + update_progress +fi + # Setup Ingress if required Otherwise create NodePort Services # if [ "$USE_INGRESS" = "true" ] diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/start_here.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/start_here.sh index 3f3eb6dea..b3c5ffbe1 100755 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/start_here.sh +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/start_here.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 2021, Oracle and/or its affiliates. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example script to populate the responsefile @@ -392,6 +392,7 @@ then if [ ! "$ANS" = "" ] then global_replace_value $OLD_SEARCHBASE $ANS $RSPFILE + OUD_SEARCHBASE=$ANS OUD_REGION=`echo $ANS | cut -f1 -d, | cut -f2 -d=` replace_value OUD_REGION $OUD_REGION $RSPFILE OAM_COOKIE_DOMAIN=`echo $OUD_SEARCHBASE | sed 's/dc=/./g;s/,//g'` @@ -509,8 +510,8 @@ fi if [ "$INSTALL_OUDSM" = "true" ] then echo - echo "OUDSM Paramters" - echo "---------------" + echo "OUDSM Parameters" + echo "----------------" echo echo -n "Enter OUDSM Image Name [$OUDSM_IMAGE]:" read ANS @@ -580,8 +581,8 @@ fi if [ "$INSTALL_OAM" = "true" ] || [ "$INSTALL_OIG" = "true" ] then echo - echo "WebLogic Operator Paramters" - echo "---------------------------" + echo "WebLogic Operator Parameters" + echo "----------------------------" echo if [ "$GET_NS" = "true" ] @@ -611,8 +612,8 @@ fi if [ "$INSTALL_OAM" = "true" ] then echo - echo "Oracle Access Manager Paramters" - echo "-------------------------------" + echo "Oracle Access Manager Parameters" + echo "--------------------------------" echo echo -n "Enter OAM Image Name [$OAM_IMAGE]:" @@ -870,8 +871,8 @@ fi if [ "$INSTALL_OIG" = "true" ] then echo - echo "Oracle Identity Governance Paramters" - echo "------------------------------------" + echo "Oracle Identity Governance Parameters" + echo "-------------------------------------" echo echo -n "Enter OIG Image Name [$OIG_IMAGE]:" @@ -1214,8 +1215,8 @@ fi if [ "$INSTALL_OIRI" = "true" ] then echo - echo "Oracle Identity Role Intelligence Paramters" - echo "-------------------------------------------" + echo "Oracle Identity Role Intelligence Parameters" + echo "--------------------------------------------" echo echo -n "Enter OIRI Image Name [$OIRI_IMAGE]:" @@ -1545,8 +1546,8 @@ then fi fi echo -echo "Oracle HTTP Server Paramters" -echo "----------------------------" +echo "Oracle HTTP Server Parameters" +echo "-----------------------------" echo echo -n "Enter OHS1 Hostname [$OHS_HOST1]:" diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/override_oud.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/override_oud.yaml index eb4acb2cb..5b1362108 100644 --- a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/override_oud.yaml +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/override_oud.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2021, Oracle and/or its affiliates. +# Copyright (c) 2021, 2022, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # This is an example of a helm override file to deploy OUD @@ -54,7 +54,7 @@ baseOUD: - name: restartAfterSchemaConfig value: "true" - name: importLdif_1 - value: --append --replaceExisting --includeBranch dc=us,dc=oracle,dc=com --backendID userRoot --ldifFile /u01/oracle/config-input/base.ldif --rejectFile /u01/oracle/config-input/rejects.ldif --skipFile /u01/oracle/config-input/skip.ldif + value: --append --replaceExisting --includeBranch ${baseDN} --backendID userRoot --ldifFile /u01/oracle/config-input/base.ldif --rejectFile /u01/oracle/config-input/rejects.ldif --skipFile /u01/oracle/config-input/skip.ldif - name: serverTuning value: -Xms1024m -Xmx2048m -d64 -XX:+UseCompressedOops -server -Xmn1g -XX:MaxTenuringThreshold=1 -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=60 - name: dsconfig_1 @@ -64,9 +64,9 @@ baseOUD: - name: dsconfig_3 value: set-access-control-handler-prop --add global-aci:"(target=\"ldap:///cn=changelog\")(targetattr=\"*\")(version 3.0; acl \"External changelog access\"; allow (read,search,compare,add,write,delete,export) groupdn=\"ldap:///cn=,cn=groups,${baseDN}\";)" - name: dsconfig_4 - value: set-access-control-handler-prop --add global-aci:"(targetcontrol=\"1.3.6.1.4.1.26027.1.5.4 || 1.3.6.1.4.1.26027.2.3.4\")(version 3.0; acl \" control access\"; allow(read) groupdn=\"ldap:///cn=,cn=groups,dc=us,dc=oracle,dc=com\";)" + value: set-access-control-handler-prop --add global-aci:"(targetcontrol=\"1.3.6.1.4.1.26027.1.5.4 || 1.3.6.1.4.1.26027.2.3.4\")(version 3.0; acl \" control access\"; allow(read) groupdn=\"ldap:///cn=,cn=groups,${baseDN}\";)" - name: dsconfig_5 - value: set-access-control-handler-prop --add global-aci:"(target=\"ldap:///\")(targetscope=\"base\")(targetattr=\"lastExternalChangelogCookie\")(version 3.0; acl \"User-Visible lastExternalChangelog\"; allow (read,search,compare) groupdn=\"ldap:///cn=,cn=groups,dc=us,dc=oracle,dc=com\";)" + value: set-access-control-handler-prop --add global-aci:"(target=\"ldap:///\")(targetscope=\"base\")(targetattr=\"lastExternalChangelogCookie\")(version 3.0; acl \"User-Visible lastExternalChangelog\"; allow (read,search,compare) groupdn=\"ldap:///cn=,cn=groups,${baseDN}\";)" - name: dsconfig_6 value: set-access-control-handler-prop --remove global-aci:"(targetcontrol=\"1.3.6.1.1.12 || 1.3.6.1.1.13.1 || 1.3.6.1.1.13.2 || 1.2.840.113556.1.4.319 || 1.2.826.0.1.3344810.2.3 || 2.16.840.1.113730.3.4.18 || 2.16.840.1.113730.3.4.9 || 1.2.840.113556.1.4.473 || 1.3.6.1.4.1.42.2.27.9.5.9\") (version 3.0; acl \"Authenticated users control access\"; allow(read) userdn=\"ldap:///all\";)" - name: dsconfig_7