Docker container for Oracle Unified Directory based on an Oracle Linux container.
Shell Python
Switch branches/tags
Nothing to show
Latest commit e875a35 Jan 22, 2018

README.md

Oracle Unified Directory on Docker

Docker build files to facilitate installation, configuration, and environment setup for Docker DevOps users. For more information about Oracle Unified Directory please see the Oracle Unified Directory 12.2.1.3.0 Online Documentation.

Docker Images Content

This project offers Dockerfiles to build Docker images for:

  • Standalone Oracle Unified Directory 12.2.1.3.0 to setup and run Oracle Unified Directory.
  • Collocated Oracle Unified Directory 12.2.1.3.9 and Oracle Fusion Middleware Infrastructure 12.2.1.3.0 to setup and run an Oracle Unified Directory Server Manager (OUDSM).

Docker Images Content

The resulting Docker images are based on the official Oracle Linux slim image (oraclelinux). They have been extended with the following Linux packages and configuration:

  • Upgrade of all installed packages to the latest release (yum upgrade)
  • Install the following additional packages including there dependencies:
    • hostname Utility to set/show the host name or domain name
    • which Displays where a particular program in your path is located
    • unzip A utility for unpacking zip files
    • tar A GNU file archiving program
    • gzip A file compression and packaging utility compatible with PKZIP
    • procps-ng System and process monitoring utilities
  • Operating system user oracle (uid 1000)
  • Dedicated groups for user oracle, oinstall (gid 1000), osdba (gid 1010), osoper (gid 1020), osbackupdba (gid 1030), oskmdba (gid 1040), osdgdba (gid 1050)
  • OUD Base environment developed by ORAdba
  • Oracle OFA Directories see below
  • Install Oracle Server JRE 8 update 152
  • Install Oracle Fusion Middleware Infrastructure 12c 12.2.1.3.0 (only the collocated image)
  • Install Oracle Unified Directory 12c 12.2.1.3.0 (standalone or collocated)

Environment Variable and Directories

The following environment variable have been used for the installation. In particular it is possible to modify the variables ORACLE_ROOT, ORACLE_DATA and ORACLE_BASE via build-arg during image build to have a different directory structure. All other parameters are only relevant for the creation of the container. They may be modify via docker run environment variables.

Environment variable Value / Directories Modifiable Comment
ORACLE_ROOT /u00 docker build Root directory for all the Oracle software
ORACLE_BASE $ORACLE_ROOT/app/oracle docker build Oracle base directory
n/a $ORACLE_BASE/product no Oracle product base directory
ORACLE_HOME_NAME fmw12.2.1.3.0 no Name of the Oracle Home, used to create to PATH to ORACLE_HOME eg. $ORACLE_BASE/product/$ORACLE_HOME_NAME
ORACLE_DATA /u01 docker build Root directory for the persistent data eg. OUD instances, OUDSM domain etc. A docker volumes must be defined for /u01
INSTANCE_BASE $ORACLE_DATA/instances no Base directory for OUD instances
OUD_INSTANCE oud_docker docker run Default name for OUD instance
OUD_INSTANCE_HOME ${INSTANCE_BASE}/${OUD_INSTANCE} docker run
CREATE_INSTANCE TRUE docker run Flag to create OUD instance on first start of the container
OUD_PROXY FALSE docker run Flag to create proxy instance. Not yet implemented.
OUD_INSTANCE_INIT $ORACLE_DATA/scripts docker run Directory for the instance configuration scripts
LDAP_PORT 1389 docker run Default LDAP port for the OUD instance
LDAPS_PORT 1636 docker run Default LDAPS port for the OUD instance
REP_PORT 8989 docker run Default replication port for the OUD instance
ADMIN_PORT 4444 or 7001 docker run Default admin port for the OUD instance (4444) or the OUDSM domain (7001)
ADMIN_SSLPORT 7002 docker run Default admin SSL port for the OUDSM domain
ADMIN_USER cn=Directory Manager or weblogic docker run Default admin user for OUD instance or OUDSM domain
ADMIN_PASSWORD n/a docker run No default password. Password will be autogenerated when not defined.
BASEDN dc=postgasse,dc=org docker run Default directory base DN
SAMPLE_DATA TRUE docker run Flag to load sample data. Not yet implemented.
DOMAIN_BASE $ORACLE_DATA/domains no Base directory for OUDSM domain
DOMAIN_NAME oudsm_domain docker run Default name for OUDSM domain
DOMAIN_HOME ${DOMAIN_BASE}/${DOMAIN_NAME} docker run Default OUDSM domain home directory
CREATE_DOMAIN TRUE docker run Flag to create OUDSM domain on first start of the container
ETC_BASE $ORACLE_DATA/etc no Oracle etc directory with configuration files
LOG_BASE $ORACLE_DATA/log no Oracle log directory with log files
DOWNLOAD /tmp/download no Temporary download directory, will be removed after build
DOCKER_BIN /opt/docker/bin no Docker build and setup scripts
JAVA_DIR /usr/java no Base directory for java home location
JAVA_HOME $JAVA_DIR/jdk1.8.0_152 no Java home directory

In general it does not make sense to change all possible variables. Although BASEDN and ADMIN_PASSWORD are good candidates for customization.

Scripts to Build and Setup

The following scripts are used either during Docker image build or while setting up and starting the container.

Script Purpose
buildDockerImage.sh Build helper script for docker OUD and OUDSM images
check_OUD_Instance.sh Check the status of the OUD instance for Docker HEALTHCHECK
config_OUD_Instance.sh Configure OUD instance using custom scripts
create_OUDSM.py Phyton script to create OUDSM Domain
create_OUDSM_Domain.sh Script to create the OUDSM domain
create_OUD_Instance.sh Script to create the OUD instance
setup_java.sh Setup script for OS update and Java installation when creating Docker images
setup_oud.sh Setup script for OUD standalone installation when creating Docker images
setup_oudbase.sh Setup script for the Oracle environment when creating Docker images
setup_oudsm.sh Setup script for OUD collocated installation when creating Docker images
start_OUDSM_Domain.sh Script to start the OUD instance
start_OUD_Instance.sh Script to start the OUDSM domain

Installation and Build

The Docker images have to be build manually based on oehrlis/docker-oud from GitHub. To assist in building the images, you can use the buildDockerImage.sh script. See below for instructions and usage. The buildDockerImage.sh script is just a utility shell script to setup the docker build command and is an easy way for beginners to get started. Expert users are welcome to directly call docker build with their prefered set of parameters.

Usage of buildDockerImage.sh:

buildDockerImage.sh [-hv] [-t <TYPE>] [-o <DOCKER_BUILD_OPTION>]
-h                        Usage (this message)
-v                        Enable verbose mode
-t <TYPE>                 OUD image and installation type to build. Possible types are:
                          OUD   : Standalone Oracle Unified Directory Server
                          OUDSM : Collocated Oracle Unified Directory Server.
                          Default is type is OUD.
-o <DOCKER_BUILD_OPTION>  Passes on Docker build option

Logfile : buildDockerImage.log

Due to license restrictions from Oracle, the Docker images can not provided on a public Docker repository (see OTN Developer License Terms). The required Software has to be downloaded prior image build. Alternatively it is possible to specify MOS credentials in scripts/.netrc or via build arguments. Using MOS download during image build will lead into smaller images, since the software will not be part of an intermediate intermediate container.

Obtaining Product Distributions

The Oracle Software required to setup an Oracle Unified Directory Docker image is basically not public available. It is subject to Oracle's license terms. For this reason a valid license is required (eg. OTN Developer License Terms). In addition, Oracle's license terms and conditions must be accepted before downloading.

The following software is required for the Oracle Unified Directory Docker image:

  • Oracle Java Development Kit (JDK) 1.8 (1.8u152) (OUD and OUDSM image)
  • Oracle Unified Directory 12.2.1.3.0 (OUD and OUDSM image)
  • Oracle Fusion Middleware Infrastructure 12.2.1.3.0 (just OUDSM image)

The software can either be downloaded from My Oracle Support (MOS), Oracle Technology Network (OTN) or Oracle Software Delivery Cloud (OSDC). The follwing steps will refere to the MOS software download to simplify the build process.

Manual Download Software

Simplest method to build the OUD or OUDSM image is to manually download the required software. However this will lead to bigger docker images, since the software is copied during build, which temporary blow up the container file-system. But its more safe because you do not have to store any MOS credentials.

The corresponding links and checksum can be found in *.download files in the softwarefolder. Alternatively the Oracle Support Download Links:

Copy all files to the software folder.

cp p26595894_180152_Linux-x86-64.zip docker-oud/software
cp p26270957_122130_Generic.zip docker-oud/software
cp p26269885_122130_Generic.zip docker-oud/software

Build the docker image either by using docker build or buildDockerImage.sh.

docker build -t oehrlis/oud -f Dockerfile.oud .
docker build -t oehrlis/oudsm -f Dockerfile.oudsm .

scripts/buildDockerImage.sh -v -t OUD
scripts/buildDockerImage.sh -v -t OUDSM

Automatic download with .netrc

The advantage of an automatic software download during build is the reduced image size. No additional image layers are created for the software and the final docker image is about 3GB smaller. But the setup script (setup_oud.sh) requires the MOS credentials to download the software with curl. Curl does read the credentials from the .netrc file in scripts folder. The .netrc file will be copied to /opt/docker/bin/.netrc, but it will be removed at the end of the build.

Create a .netrc file with the credentials for login.oracle.com.

echo "machine login.oracle.com login <MOS_USER> password <MOS_PASSWORD>" >docker-oud/scripts/.netrc

Build the docker image either by using docker build or buildDockerImage.sh.

    docker build -t oehrlis/oud -f Dockerfile.oud .
    docker build -t oehrlis/oudsm -f Dockerfile.oudsm .

    scripts/buildDockerImage.sh -v -t OUD
    scripts/buildDockerImage.sh -v -t OUDSM

Automatic download with Build Arguments

This method is similar to the automatic download with .netrc file. Instead of manually creating a .netrc file it will created based on build parameters. Also with this method the .netrc file is deleted at the end.

Build the docker image with MOS credentials as arguments.

    docker build --build-arg MOS_USER=<MOS_USER> \
      --build-arg MOS_PASSWORD=<MOS_PASSWORD> \
      -t oehrlis/oud -f Dockerfile.oud .

    scripts/buildDockerImage.sh -v -t OUD \
      -o "--build-arg MOS_PASSWORD=<MOS_PASSWORD> --build-arg MOS_USER=<MOS_USER>"

Running the Docker Images

Setup an Oracle Unified Directory Container

Creating a OUD container is straight forward with docker run command. The script start_OUD_Instance.sh will make sure, that a new OUD instance is created, when the container is started the first time. The instance is created using predefined values. (see below). If an OUD instance already exists, the script simply starts it.

The creation of the OUD instance can be influenced by the following environment variables. You only have to set them with option -e when executing "docker run":

  • ADMIN_PASSWORD OUD admin password (default autogenerated)
  • ADMIN_PORT OUD admin port (default 4444)
  • ADMIN_USER OUD admin user name (default cn=Directory Manager)
  • BASEDN Directory base DN (default dc=postgasse,dc=org)
  • CREATE_DOMAIN Flag to create OUDS instance on first startup (default TRUE)
  • LDAPS_PORT SSL LDAP port (default 1636)
  • LDAP_PORT Regular LDAP port (default 1389)
  • OUD_INSTANCE OUD instance name (default oud_docker)
  • OUD_INSTANCE_HOME OUD home path (default /u01/instances/oud_docker)
  • OUD_INSTANCE_INIT default folder for OUD instance init scripts. These scripts are used to modify and adjust the new OUD instance.
  • OUD_PROXY Flag to create proxy instance (default FALSE) Not yet implemented.
  • REP_PORT OUD replication port (default 8989)
  • SAMPLE_DATA Flag to load sample data (default TRUE) Not yet implemented.

Run your Oracle Unified Directory Docker image use the docker run command as follows:

docker run --name oud <container name> \
--hostname <container hostname> \
-p 1389:1389 -p 1636:1636 -p 4444:4444 \
-e OUD_INSTANCE=<your oud instance name> \
--volume [<host mount point>:]/u01 \
--volume [<host mount point>:]/u01/scripts \
oehrlis/oud

Parameters:
--name:           The name of the container (default: auto generated)
-p:               The port mapping of the host port to the container port.
                  for ports are exposed: 1389 (LDAP), 1636 (LDAPS), 4444 (Admin Port), 8989 (Replication Port)
-e OUD_INSTANCE: The Oracle Database SYS, SYSTEM and PDB_ADMIN password (default: auto generated)
-e <Variables>   Other environment variable according "Environment Variable and Directories"
-v /u01
              The data volume to use for the OUD instance.
              Has to be writable by the Unix "oracle" (uid: 1000) user inside the container!
              If omitted the OUD instance will not be persisted over container recreation.
-v /u01/app/oracle/scripts | /docker-entrypoint-initdb.d
              Optional: A volume with custom scripts to be run after OUD instance setup.
              For further details see the "Running scripts after setup" section below.

There are four ports that are exposed in this image:

  • 1389 which is the regular LDAP port to connect to the OUD instance.
  • 1636 which is the SSL LDAP port to connect to the OUD instance.
  • 4444 which is the admin port to connect and configure the OUD instance using dsconfig.
  • 8989 which is the replication port of the OUD instance.

On the first startup of the container a random password will be generated for the OUD instance if not provided. You can find this password in the output line: If you need to find the passwords at a later time, grep for "password" in the Docker logs generated during the startup of the container. To look at the Docker Container logs run:

docker logs --details oud|grep -i password

Running Bash in a Docker container

Access your OUD container via bash. docker exec -u oracle -it oud bash --login

Running dsconfig in a Docker container

Execute dsconfig within the OUD container.

docker exec -u oracle -it oud dsconfig

Running scripts after setup

The OUD Docker image can be configured to run scripts after setup. Currently sh, ldif and conf extensions are supported. For post-setup scripts just create a folder scripts/setup in generic volume /u01, mount a dedicated volume /u01/scripts/setup or extend the image to include scripts in this directory. The location is also represented under the symbolic link /docker-entrypoint-initdb.d. This is done to provide synergy with other Docker images. The user is free to decide whether he wants to put his setup scripts under /u01/scripts/setup or /docker-entrypoint-initdb.d.

After the OUD instance is setup the scripts in those folders will be executed against the instance in the container. LDIF files (ldif) will be loaded using ldapmodify as cn=Directory Manager (ADMIN_USER). CONF files (conf) are interpreted as dsconfig batch files and will be executed accordingly. Shell scripts will be executed as the current user (oracle). To ensure proper order it is recommended to prefix your scripts with a number. For example 01_instance.conf, 02_schema_extention.ldif, etc.

Setup an Oracle Unified Directory Server Manager Container

Creating a OUDSM container is straight forward with docker run command. The script start_OUDSM_Domain.sh will make sure, that a new OUDSM domain is created, when the container is started the first time. The instance is created using predefined values. (see below). If an OUDSM domain already exists, the script simply starts it.

The creation of the OUDSM domain can be influenced by the following environment variables. You only have to set them with option -e when executing "docker run":

  • ADMIN_PASSWORD Weblogic admin password (default autogenerated)
  • ADMIN_PORT OUDSM admin port (default 7001)
  • ADMIN_SSLPORT OUDSM SSL admin port (default 7002)
  • ADMIN_USER Weblogic admin user name (default weblogic)
  • CREATE_DOMAIN Flag to create OUDS instance on first startup (default TRUE)
  • DOMAIN_HOME Domain home path (default /u01/domains/oudsm_domain)
  • DOMAIN_NAME OUDSM weblogic domain name (default oudsm_domain)

Run your Oracle Unified Directory Docker image use the docker run command as follows:

docker run --name oudsm <container name> \
--hostname <container hostname> \
-p 7001:7001 -p 7002:7002 \
-e <Variables>=<values> \
--volume [<host mount point>:]/u01 \
oehrlis/oudsm

Parameters:
--name:           The name of the container (default: auto generated)
-p:               The port mapping of the host port to the container port.
                  for ports are exposed: 7001 (WLS Console), 7002 (WLS Console SSL)
-e <Variables>    Other environment variable according "Environment Variable and Directories"
-v /u01
              The data volume to use for the OUD instance.
              Has to be writable by the Unix "oracle" (uid: 1000) user inside the container!
              If omitted the OUD instance will not be persisted over container recreation.

There are two ports that are exposed in this image:

  • 7001 which is the regular LDAP port to connect to the OUD instance.
  • 7002 which is the SSL LDAP port to connect to the OUD instance.

On the first startup of the container a random password will be generated for the OUDSM domain if not provided. You can find this password in the output line: If you need to find the passwords at a later time, grep for "password" in the Docker logs generated during the startup of the container. To look at the Docker Container logs run:

docker logs --details oudsm|grep -i password

Frequently asked questions

Please see FAQ.md for frequently asked questions.

Issues

Please file your bug reports, enhancement requests, questions and other support requests within Github's issue tracker:

License

docker-oud is licensed under the Apache License, Version 2.0. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.

To download and run Oracle Unifified Directory, regardless whether inside or outside a Docker container, you must download the binaries from the Oracle website and accept the license indicated at that page. See OTN Developer License Terms and Oracle Database Licensing Information User Manual