From a41ddb07e0b6bb156f493b189afd178cee96073f Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Thu, 27 Jul 2023 10:27:23 -0700 Subject: [PATCH 01/61] Fix the jira 13945 (#216) Fix the connection string provisioning issues 1. Created JRF instance with rac database without providing db connecting string. 2. Created JRF instance with rac database with providing db connect string. --- terraform/modules/compute/wls_compute/locals.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/modules/compute/wls_compute/locals.tf b/terraform/modules/compute/wls_compute/locals.tf index 1edb85ae..d73dd0db 100644 --- a/terraform/modules/compute/wls_compute/locals.tf +++ b/terraform/modules/compute/wls_compute/locals.tf @@ -28,6 +28,6 @@ locals { db_options = try(lookup(data.oci_database_db_systems.ocidb_db_systems[0].db_systems[0], "db_system_options", []), []) db_storage_management = try(lookup(local.db_options[0], "storage_management", "ASM"), "ASM") - is_db_deleted = local.apply_JRF ? (local.is_atp_db ? (data.oci_database_autonomous_database.atp_db[0].id == null ? true : false) : (data.oci_database_database.ocidb_database[0].id == null ? true : false)) : false + is_db_deleted = local.apply_JRF ? (local.is_atp_db ? (try(data.oci_database_autonomous_database.atp_db[0].id, null) == null ? true : false) : (try(data.oci_database_database.ocidb_database[0].id, null) == null ? true : false)) : false -} \ No newline at end of file +} From 46c4c456a10f44afd4a20aef0e61a4594858f790 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Wed, 23 Aug 2023 19:11:49 -0700 Subject: [PATCH 02/61] Fix bug Certificate on LB is reset in scaling operation (#219) Fixed bug Certificate on LB is reset in scaling operation. Test ----- Create a single VM instance with load balancer. Create a new certificate to the load balancer. Note that you can generate a keypair from any OCI compute instance with 'openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout testssl.key -x509 -days 365 -out testssl.crt' Note that you'll need to add both the certificate and private key pems that are generated to the certificate. Associate the certificate you added to the listener for the load balancer. Delete the demo certificate that was generated by the Stack from the load balancer. Edit the stack and add a node. Make sure that new certificate is assigned to the listener. Demo certificate will be recreated but not assigned to any. The certificate created and added by a customer is not reset, but will still restore the cert created by terraform if it is deleted. --- terraform/modules/lb/backends/lb_backends.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/terraform/modules/lb/backends/lb_backends.tf b/terraform/modules/lb/backends/lb_backends.tf index 232cdb31..939ae35d 100644 --- a/terraform/modules/lb/backends/lb_backends.tf +++ b/terraform/modules/lb/backends/lb_backends.tf @@ -44,6 +44,10 @@ resource "oci_load_balancer_listener" "wls_lb_listener_https" { certificate_name = oci_load_balancer_certificate.demo_certificate[count.index].certificate_name verify_peer_certificate = false } + + lifecycle { + ignore_changes = [ssl_configuration] + } } resource "oci_load_balancer_backend" "wls_lb_backend" { From c1a5cd919664b607cbd086c1b3af6dac5cbb9a4d Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Tue, 29 Aug 2023 15:28:34 -0700 Subject: [PATCH 03/61] Uptake 23.3.2 values. (#220) Uptake 23.3.2 marketplace values. --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 0d5d6ca8..24f376c2 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.1-230719124253" +tf_script_version = "23.3.2-230828162145" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "23.3.1-ol8.7-23.04.25-230719-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaq5nae6poqifz72opkiuld4bprckwnqjtd5iafto5co5od3jubswq" +listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa2gzo2p5vx6m3lhrybvvacbk2zmegxt5jcq55zlwleymdmp2xbopa" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "23.3.1-ol8.7-23.04.25-230719-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaailbgbqixdcykix2kq6gfe6zckfebcbpvcmrvj2vken53azkxafqq" +ucm_listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaasog76b3c6bpzvhliybfv54tqdf7vg3hxhflabww2jly6fmksi6pa" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 6a09e25b..c237bc76 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.1-230719124253" +tf_script_version = "23.3.2-230828162145" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "23.3.1-ol8.7-23.04.25-230719-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaailbgbqixdcykix2kq6gfe6zckfebcbpvcmrvj2vken53azkxafqq" +listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaasog76b3c6bpzvhliybfv54tqdf7vg3hxhflabww2jly6fmksi6pa" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 22972d3a..fae38efd 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.1-230719124253" +tf_script_version = "23.3.2-230828162145" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "23.3.1-ol8.7-23.04.25-230719-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaqlzjmwtm3cz3ejafzmf5fvi7jxrui7gn3odec7vb572hmbv7cuua" +listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa3idbabur4bu7bvwejkc77nqepdmm2efbul57vfgslfjsrdhgmmiq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index e8390091..607de3ed 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.1-230719124253" +tf_script_version = "23.3.2-230828162145" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "23.3.1-ol8.7-23.04.25-230719-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaau7dmjm42neorefkgt6f7q7h2lddi2x5vld43l7eqr4f5ljt5y7sq" +listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaasqf2gopuuhxxsfywp7h7s3gj3shcckkjrycfgmqm63gneezrifca" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "23.3.1-ol8.7-23.04.25-230719-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaahru54lr3cormvd5mf6ssxdp3hxm7robzbkl62757x7hhbc4hep2q" +ucm_listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaqeitdjhtc6rduioyhfhq7hb3kiappgdcoqcgug6oy4xzwkiohjia" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 09583351..32e5ec7b 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.1-230719124253" +tf_script_version = "23.3.2-230828162145" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "23.3.1-ol8.7-23.04.25-230719-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaahru54lr3cormvd5mf6ssxdp3hxm7robzbkl62757x7hhbc4hep2q" +listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaqeitdjhtc6rduioyhfhq7hb3kiappgdcoqcgug6oy4xzwkiohjia" From 4b0d953506750b41f72d027f76eee37e10d7f6b5 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Wed, 13 Sep 2023 14:21:19 -0700 Subject: [PATCH 04/61] Topic sk jcs 14015 (#222) Implement - [JCS-14015](https://jira.oraclecorp.com/jira/browse/JCS-14015) - Bug - load-balancer policy required for instance creation Created provisioning instance without load balancer and non admin user. Created provisioning instance with load balancer and non admin user. --------- Co-authored-by: Abhijit Paranjpe <109541284+abhijit-paranjpe@users.noreply.github.com> --- terraform/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/locals.tf b/terraform/locals.tf index 43e1bb71..d7502c13 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -72,7 +72,7 @@ locals { new_lb_ip = !local.add_load_balancer || local.use_existing_lb ? "" : element(coalescelist(module.load-balancer[0].wls_loadbalancer_ip_addresses, [""]), 0) new_lb_id = element(concat(module.load-balancer[*].wls_loadbalancer_id, [""]), 0) existing_lb_ip = local.use_existing_lb && local.valid_existing_lb ? local.existing_lb_object_as_list[0].ip_addresses[0] : "" - existing_lb_object_as_list = [for lb in data.oci_load_balancer_load_balancers.existing_load_balancers_data_source.load_balancers[*] : lb if lb.id == var.existing_load_balancer_id] + existing_lb_object_as_list = local.use_existing_lb ? [for lb in data.oci_load_balancer_load_balancers.existing_load_balancers_data_source.load_balancers[*] : lb if lb.id == var.existing_load_balancer_id] : [] valid_existing_lb = length(local.existing_lb_object_as_list) == 1 use_existing_lb = local.add_load_balancer && var.existing_load_balancer_id != "" lb_backendset_name = local.use_existing_lb ? var.backendset_name_for_existing_load_balancer : "${local.service_name_prefix}-lb-backendset" From 25666e2d7c911f56298ab3de9754a0073c3a5867 Mon Sep 17 00:00:00 2001 From: telake Date: Mon, 25 Sep 2023 20:14:12 -0700 Subject: [PATCH 05/61] JCS-14035 - Fail to get password expiry date when using connect string (#225) Bug - Fail to get password expiry date for OPSS user when using connect string Note that since the DB service name is not guaranteed to include the PDB name ( I proved this by using a connect string w/o the PDB name in it to successfully create a WLS for OCI instance). Therefore, the PDB name must be asked for. Also note that the validation change added will not be executed, but to limit the scope of the changes I updated the validation only and didn't try to also add in the validator. I suspect that the validation was never added in order to ensure that 11g databases, which don't have a PDB can be allowed. Tested that when setting a connect string the error occurred. After the fix, with PDB name provided, the error did not occur. --- .../modules/validators/oci_db_validators.tf | 2 +- terraform/schema.yaml | 19 +++++++------------ 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/terraform/modules/validators/oci_db_validators.tf b/terraform/modules/validators/oci_db_validators.tf index 0869e2f1..3ba8aad4 100644 --- a/terraform/modules/validators/oci_db_validators.tf +++ b/terraform/modules/validators/oci_db_validators.tf @@ -18,7 +18,7 @@ locals { missing_oci_db_compartment_id = (var.is_oci_db && !local.has_oci_db_compartment_id) missing_oci_db_database_id = (var.is_oci_db && !local.has_oci_db_database_id) - missing_oci_db_pdb_service_name = (var.is_oci_db && !local.has_oci_db_pdb_service_name) + missing_oci_db_pdb_service_name = (var.is_oci_db || var.oci_db_connection_string != "") && !local.has_oci_db_pdb_service_name missing_oci_db_vcn_id = (var.is_oci_db && var.oci_db_existing_vcn_id == "") diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 05d40b72..804f3e3e 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -50,6 +50,7 @@ groupings: - ${atp_db_password_id} - ${atp_db_level} - ${use_oci_db_connection_string} + - ${oci_db_connection_string} - ${oci_db_compartment_id} - ${oci_db_dbsystem_id} - ${oci_db_network_compartment_id} @@ -58,7 +59,6 @@ groupings: - ${oci_db_dbhome_major_version} - ${oci_db_database_id} - ${oci_db_pdb_service_name} - - ${oci_db_connection_string} - ${oci_db_user} - ${oci_db_secret_compartment_id} - ${oci_db_password_id} @@ -1853,18 +1853,13 @@ variables: - ${orm_create_mode} - ${add_JRF} - and: - - or: - - ${create_new_vcn} - - not: - - ${use_oci_db_connection_string} - - and: - - not: - - eq: - - ${oci_db_dbhome_major_version} - - "11" + - not: - eq: - - ${db_strategy} - - "Database System" + - ${oci_db_dbhome_major_version} + - "11" + - eq: + - ${db_strategy} + - "Database System" type: string required: true From b70ef3033df032fc563c5df967f6af6af1221f5f Mon Sep 17 00:00:00 2001 From: telake Date: Mon, 25 Sep 2023 20:14:24 -0700 Subject: [PATCH 06/61] JCS-13959 - validate_vcn_cidr.py always returning errors in bootstrap (#224) validate_vcn_cidr.py always returning errors in bootstrap log due to wls_vcn_cidr being empty with existing subnets. Note that this is essentially a revert to the previous commit. The checkin log for the commit states, "Use customer provided NSGs for existing subnet provisioning". Therefore, I tested with existing subnet and NSGs provided with the reversion of this line change and there were no issues. Other tests in addition to existing subnet with NSGs provided: 1. New VCN. 2. Existing VCN, new subnet 3. Existing subnet with security rules. In each case I tested with IDCS added so the call to validate_vcn_cidr.py would occur. I not only made sure the error no longer appeared, but verified that the metadata value was present and ran validate_vcn_cidr.py by hand. --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index bafff56c..16f99af5 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -615,7 +615,7 @@ module "compute" { wls_vcn_peering_route_table_attachment_id = local.assign_weblogic_public_ip ? element(flatten(concat(module.vcn-peering[*].wls_vcn_public_route_table_attachment_id, [""])), 0) : element(flatten(concat(module.vcn-peering[*].wls_vcn_private_route_table_attachment_id, [""])), 0) mount_vcn_id = var.mount_target_id != "" ? data.oci_core_subnet.mount_target_existing_subnet[0].vcn_id : "" - wls_vcn_cidr = var.wls_vcn_cidr != "" ? var.wls_vcn_cidr : element(concat(module.network-vcn.*.vcn_cidr, tolist([""])), 0) + wls_vcn_cidr = var.wls_vcn_cidr != "" ? var.wls_vcn_cidr : data.oci_core_vcn.wls_vcn[0].cidr_block wls_version = var.wls_version wls_edition = var.wls_edition allow_manual_domain_extension = var.allow_manual_domain_extension From 1fd4172fae2cf9869e9966bf7a1f26403c0632cd Mon Sep 17 00:00:00 2001 From: telake Date: Mon, 25 Sep 2023 20:15:10 -0700 Subject: [PATCH 07/61] JCS-14038 - Missing OSMS agent required dynamic-group policies (#223) Verified issue by creating stack in a compartment without dynamic group policies set and selecting OCI Policies checkbox. Clicked on Instances|Instance Details and navigate to the OS Management and saw: "No OS management information is available for this resource." After fix ran same test and OS Managment information appears. --- terraform/modules/policies/locals.tf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index f30cad62..d21ca739 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -15,6 +15,9 @@ locals { core_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use instances in compartment id ${var.compartment_id}" core_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage volumes in compartment id ${var.compartment_id}" core_policy_statement3 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage volume-attachments in compartment id ${var.compartment_id}" + # These policy statements are required to register Compute instances with the OS Management service + osms_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read instance-family in compartment id ${var.compartment_id}" + osms_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use osms-managed-instances in compartment id ${var.compartment_id}" # This policy with "inspect virtual-network-family" verb is needed to read VCN information like CIDR, etc, for VCN validation network_policy_statement1 = var.network_compartment_id != "" ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to inspect virtual-network-family in compartment id ${var.network_compartment_id}" : "" secrets_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read secret-bundles in tenancy where target.secret.id = '${var.wls_admin_password_id}'" @@ -35,7 +38,7 @@ locals { apm_domain_policy_statement = var.use_apm_service ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use apm-domains in compartment id ${var.apm_domain_compartment_id}" : "" # This policy with "use load_balancer" verb is needed to create load balancer for new vcn lb_policy_statement = var.add_load_balancer ? length(oci_identity_dynamic_group.wlsc_instance_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use load-balancers in compartment id ${var.network_compartment_id}" : "" : "" - service_statements = compact([local.core_policy_statement1, local.core_policy_statement2, local.core_policy_statement3, local.network_policy_statement1, local.secrets_policy_statement1, local.secrets_policy_statement2, + service_statements = compact([local.core_policy_statement1, local.core_policy_statement2, local.core_policy_statement3, local.osms_policy_statement1, local.osms_policy_statement2, local.network_policy_statement1, local.secrets_policy_statement1, local.secrets_policy_statement2, local.atp_policy_statement1, local.atp_policy_statement2, local.atp_policy_statement3, local.oci_db_policy_statement1, local.oci_db_policy_statement2, local.oci_db_policy_statement3, local.logging_policy, local.apm_domain_policy_statement, local.lb_policy_statement ]) From c2aabe83ffa3d5c6231dc4e69574eed40c4ef5bb Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Thu, 28 Sep 2023 07:31:22 -0700 Subject: [PATCH 08/61] Topic sk uptake mp 23.3.3 (#226) Uptake 23.3.3 release image values. --------- Co-authored-by: Abhijit Paranjpe <109541284+abhijit-paranjpe@users.noreply.github.com> --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 24f376c2..f6f759b9 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.2-230828162145" +tf_script_version = "23.3.3-230927160037" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa2gzo2p5vx6m3lhrybvvacbk2zmegxt5jcq55zlwleymdmp2xbopa" +listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaabap7xdx4ngetamhlehbfvezeuqjq6xnp6mlxhu3653z3fkjauuqa" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaasog76b3c6bpzvhliybfv54tqdf7vg3hxhflabww2jly6fmksi6pa" +ucm_listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaqpw5hpslmzsclilzx37lmd5kiknujgb5vf67sjdyo5ipekmtbdoq" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index c237bc76..50cf157b 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.2-230828162145" +tf_script_version = "23.3.3-230927160037" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaasog76b3c6bpzvhliybfv54tqdf7vg3hxhflabww2jly6fmksi6pa" +listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaqpw5hpslmzsclilzx37lmd5kiknujgb5vf67sjdyo5ipekmtbdoq" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index fae38efd..33656425 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.2-230828162145" +tf_script_version = "23.3.3-230927160037" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa3idbabur4bu7bvwejkc77nqepdmm2efbul57vfgslfjsrdhgmmiq" +listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa3gpg6zmkdleztkbimjski2ucfgdla4wyjdvgdam36j7ebbwt7kqq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 607de3ed..a7817e73 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.2-230828162145" +tf_script_version = "23.3.3-230927160037" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaasqf2gopuuhxxsfywp7h7s3gj3shcckkjrycfgmqm63gneezrifca" +listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaafvozp7qev5ebyd4a3vdwg7k3qalxo6ysi3mmyihoxu7lyo4lxuza" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaqeitdjhtc6rduioyhfhq7hb3kiappgdcoqcgug6oy4xzwkiohjia" +ucm_listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaksiktyxk7kqcw54klhfrhik3fxm2xtq5uvpu7xx7cm4ml5h7h7nq" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 32e5ec7b..c7c66145 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.2-230828162145" +tf_script_version = "23.3.3-230927160037" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "23.3.2-ol8.7-23.04.25-230828-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaqeitdjhtc6rduioyhfhq7hb3kiappgdcoqcgug6oy4xzwkiohjia" +listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaksiktyxk7kqcw54klhfrhik3fxm2xtq5uvpu7xx7cm4ml5h7h7nq" From f187ef53b371aefbf95fa6e4530e05c1dc0d5240 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Thu, 19 Oct 2023 08:46:18 -0700 Subject: [PATCH 09/61] Topic sk uptake mp 23.4.1 (#228) --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index f6f759b9..c75dd699 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.3-230927160037" +tf_script_version = "23.4.1-231018231905" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaabap7xdx4ngetamhlehbfvezeuqjq6xnp6mlxhu3653z3fkjauuqa" +listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaax4pfhhb2qhinklrkrnmjrqqbvvis72b5mod4yohz6m7yviejq7rq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaqpw5hpslmzsclilzx37lmd5kiknujgb5vf67sjdyo5ipekmtbdoq" +ucm_listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaxi4ebsy4sndydzpp6epprpbuhjz7dv3ynad5h3kaklrkrvzv6czq" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 6b9d6bf5..965b58f0 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.3-230927160037" +tf_script_version = "23.4.1-231018231905" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaqpw5hpslmzsclilzx37lmd5kiknujgb5vf67sjdyo5ipekmtbdoq" \ No newline at end of file +listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaxi4ebsy4sndydzpp6epprpbuhjz7dv3ynad5h3kaklrkrvzv6czq" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 33656425..71b4721e 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.3-230927160037" +tf_script_version = "23.4.1-231018231905" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa3gpg6zmkdleztkbimjski2ucfgdla4wyjdvgdam36j7ebbwt7kqq" +listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaazcjnpfj43scz2d6e3fxzkbcxtr3fnqeaymn2erq46jmvzhpqdzya" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index bc177e16..a947d449 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.3-230927160037" +tf_script_version = "23.4.1-231018231905" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaafvozp7qev5ebyd4a3vdwg7k3qalxo6ysi3mmyihoxu7lyo4lxuza" +listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaainafum2ncqjoyuwvfbl4vi6fnfutueuinn3g2mgvfzgquk6xqjkq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaksiktyxk7kqcw54klhfrhik3fxm2xtq5uvpu7xx7cm4ml5h7h7nq" \ No newline at end of file +ucm_listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaea6mqnsna4wnjmy7dcz32a5kolit6jvgwgvjwrrke642oeji6e7a" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index c7c66145..aefca5c0 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.3.3-230927160037" +tf_script_version = "23.4.1-231018231905" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "23.3.3-ol8.7-23.04.25-230927-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaksiktyxk7kqcw54klhfrhik3fxm2xtq5uvpu7xx7cm4ml5h7h7nq" +listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaea6mqnsna4wnjmy7dcz32a5kolit6jvgwgvjwrrke642oeji6e7a" From 58251b3f1d08b1870ce4135595fa951aca4e95d5 Mon Sep 17 00:00:00 2001 From: telake Date: Mon, 30 Oct 2023 11:00:05 -0700 Subject: [PATCH 10/61] JCS-14046 Support VM.Standard.E5.Flex shape, but not as default shape. (#230) JCS-14046 Support VM.Standard.E5.Flex shape, but not as default shape. Testing using E5.Flex shape (requires OL8.8 image): - 14.1.1.0 JDK11 with IDCS. idcs-sample-app logged into. - 12.2.1.4 JRF on ATP with IDCS (2 OCPU count). idcs-sample-app logged into. - 14.1.1.0 JDK8 with IDCS validated cloning. Testing max cpu utilization (E5.Flex allows 94 ocpu max): - Using same logic changes in this MR built stack with: -- max OCPUs for Flex5 to 1 -- max OCPUs for Flex4 to 2 -- Set 2 OCPUs for Flex 5 and ran tf plan. Confirmed validation error fired. -- Set 3 OCPUs for Flex 4 and ran tf plan. Confirmed validation error fired. This shows no regression in the logic changes. --- terraform/modules/compute/wls_compute/validators.tf | 4 ++-- terraform/schema.yaml | 7 +++++-- terraform/schema_14110.yaml | 7 +++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/terraform/modules/compute/wls_compute/validators.tf b/terraform/modules/compute/wls_compute/validators.tf index 1be55ec0..231b6292 100644 --- a/terraform/modules/compute/wls_compute/validators.tf +++ b/terraform/modules/compute/wls_compute/validators.tf @@ -7,12 +7,12 @@ locals { #Dummy map to trigger an error in case we detect a validation error. } is_std_flex_shape = var.instance_shape.instanceShape == "VM.Standard.E3.Flex" || var.instance_shape.instanceShape == "VM.Standard.E4.Flex" || var.instance_shape.instanceShape == "VM.Standard3.Flex" - invalid_ocpu_count_standard_shape = local.is_std_flex_shape ? (var.instance_shape.ocpus < 1 || var.instance_shape.ocpus > 64) : false + invalid_ocpu_count_standard_shape = local.is_std_flex_shape ? (var.instance_shape.ocpus < 1 || var.instance_shape.ocpus > 64) : var.instance_shape.instanceShape == "VM.Standard.E5.Flex" ? (var.instance_shape.ocpus < 1 || var.instance_shape.ocpus > 94) : false is_optimized_flex_shape = var.instance_shape.instanceShape == "VM.Optimized3.Flex" invalid_ocpu_count_optimized_shape = local.is_optimized_flex_shape ? (var.instance_shape.ocpus < 1 || var.instance_shape.ocpus > 18) : false #Flex shape validations - invalid_standard_flex_shape_ocpus_msg = "WLSC-ERROR: The standard flex instance shape [ VM.Standard.E3.Flex, VM.Standard.E4.Flex, VM.Standard3.Flex ] support maximum 64 ocpus." + invalid_standard_flex_shape_ocpus_msg = "WLSC-ERROR: The standard flex instance shapes [ VM.Standard.E3.Flex, VM.Standard.E4.Flex, VM.Standard3.Flex ] support maximum 64 ocpus and VM.Standard.E5.Flex supports a maximum of 94 ocpus." validate_standard_flex_shape_ocpus = local.invalid_ocpu_count_standard_shape ? local.validators_msg_map[local.invalid_standard_flex_shape_ocpus_msg] : null invalid_optimized_flex_shape_ocpus_msg = "WLSC-ERROR: The VM.Optimized3.Flex instance shape supports maximum 18 ocpus." diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 804f3e3e..697c4e47 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -394,9 +394,9 @@ variables: wls_ocpu_count: type: integer title: "OCPU Count" - description: "The number of OCPU count for instances. Only required for VM.Standard.E3.Flex, VM.Standard.E4.Flex, VM.Optimized3.Flex, and VM.Standard3.Flex Shapes. The maximum number of ocpus for VM.Standard.E3.Flex and VM.Standard.E4.Flex is 64 while VM.Optimized3.Flex shape supports maximum of 18 ocpus. When scaled-out, the changes in OCPU count will apply only to the added nodes." + description: "The number of OCPU count for instances. Only required for VM.Standard.E3.Flex, VM.Standard.E4.Flex, VM.Standard.E5.Flex, VM.Optimized3.Flex, and VM.Standard3.Flex Shapes. The maximum number of ocpus for VM.Standard.E3.Flex and VM.Standard.E4.Flex is 64, for VM.Standard.E5.Flex is 94, while VM.Optimized3.Flex shape supports 18. When scaled-out, the changes in OCPU count will apply only to the added nodes." minimum: 1 - maximum: 64 + maximum: 94 multipleOf: 1 default: 1 required: true @@ -410,6 +410,9 @@ variables: - eq: - ${instance_shape} - "VM.Standard.E4.Flex" + - eq: + - ${instance_shape} + - "VM.Standard.E5.Flex" - eq: - ${instance_shape} - "VM.Optimized3.Flex" diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index 85723255..38d64823 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -392,9 +392,9 @@ variables: wls_ocpu_count: type: integer title: "OCPU Count" - description: "The number of OCPU count for instances. Only required for VM.Standard.E3.Flex, VM.Standard.E4.Flex, VM.Optimized3.Flex, and VM.Standard3.Flex Shapes. The maximum number of ocpus for VM.Standard.E3.Flex and VM.Standard.E4.Flex is 64 while VM.Optimized3.Flex shape supports maximum of 18 ocpus. When scaled-out, the changes in OCPU count will apply only to the added nodes." + description: "The number of OCPU count for instances. Only required for VM.Standard.E3.Flex, VM.Standard.E4.Flex, VM.Standard.E5.Flex, VM.Optimized3.Flex, and VM.Standard3.Flex Shapes. The maximum number of ocpus for VM.Standard.E3.Flex and VM.Standard.E4.Flex is 64, for VM.Standard.E5.Flex is 94, while VM.Optimized3.Flex shape supports 18. When scaled-out, the changes in OCPU count will apply only to the added nodes." minimum: 1 - maximum: 64 + maximum: 94 multipleOf: 1 default: 1 required: true @@ -408,6 +408,9 @@ variables: - eq: - ${instance_shape} - "VM.Standard.E4.Flex" + - eq: + - ${instance_shape} + - "VM.Standard.E5.Flex" - eq: - ${instance_shape} - "VM.Optimized3.Flex" From 12b2a7d772293bb33f405f26f0ce8e9b5c14d522 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Fri, 1 Dec 2023 12:02:03 -0800 Subject: [PATCH 11/61] Topic sk uptake mp 23.4.3 (#231) Uptake marketplace image values into 23.4.3 reelase --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 36093308..85bd8a91 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.1-231018231905" +tf_script_version = "23.4.3-231130202436" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaax4pfhhb2qhinklrkrnmjrqqbvvis72b5mod4yohz6m7yviejq7rq" +listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaatomkczyox3g5pnw4oquxijcl7urcmp6s4ozmthj62h727ec7uevq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaxi4ebsy4sndydzpp6epprpbuhjz7dv3ynad5h3kaklrkrvzv6czq" \ No newline at end of file +ucm_listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa4zuvippliu4zusl4ssnsbwrw5sn7toaj62y4p4obsn54wkmtsuuq" \ No newline at end of file diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 10f92520..b9f6d148 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.1-231018231905" +tf_script_version = "23.4.3-231130202436" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaxi4ebsy4sndydzpp6epprpbuhjz7dv3ynad5h3kaklrkrvzv6czq" \ No newline at end of file +listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa4zuvippliu4zusl4ssnsbwrw5sn7toaj62y4p4obsn54wkmtsuuq" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 71b4721e..727e8330 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.1-231018231905" +tf_script_version = "23.4.3-231130202436" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaazcjnpfj43scz2d6e3fxzkbcxtr3fnqeaymn2erq46jmvzhpqdzya" +listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa6mhaqaxk5t7xwagusc36hnoimhkqqlihvcho2ndlx2onj67u2juq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 3c70110d..f634411b 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.1-231018231905" +tf_script_version = "23.4.3-231130202436" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaainafum2ncqjoyuwvfbl4vi6fnfutueuinn3g2mgvfzgquk6xqjkq" +listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa22tkmyuks4hfntwc3gpsdq5dnnkmlesvj6nlaxmhb6mw2jvlx2oq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaea6mqnsna4wnjmy7dcz32a5kolit6jvgwgvjwrrke642oeji6e7a" \ No newline at end of file +ucm_listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaac4hb7q5h2i7qqpsbdyhzytaigli52qyk4mtrv5eo3d3zjb6rkjkq" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 2ae14e1d..aa79e87b 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.1-231018231905" +tf_script_version = "23.4.3-231130202436" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "23.4.1-ol8.7-23.04.25-231018-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaea6mqnsna4wnjmy7dcz32a5kolit6jvgwgvjwrrke642oeji6e7a" \ No newline at end of file +listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaac4hb7q5h2i7qqpsbdyhzytaigli52qyk4mtrv5eo3d3zjb6rkjkq" \ No newline at end of file From 687f61b7684f92f66037b14a92ccddebec0619e0 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Thu, 18 Jan 2024 11:54:06 -0800 Subject: [PATCH 12/61] Uptake 24.1.1 mp values. (#233) Uptake 24.1.1 marketplace values.. --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 85bd8a91..13c74fe0 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.3-231130202436" +tf_script_version = "24.1.1-240117210740" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaatomkczyox3g5pnw4oquxijcl7urcmp6s4ozmthj62h727ec7uevq" +listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaagthrvz4ul6c5quok25hd2wtmsvyqx3preitjb63e7dxgopsez4aq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa4zuvippliu4zusl4ssnsbwrw5sn7toaj62y4p4obsn54wkmtsuuq" \ No newline at end of file +ucm_listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa4znas6youb5d3fwzxttrse22zhdfp7bc4kgqw5ecj2b4zzvmg53q" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index b9f6d148..b28f99e0 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.3-231130202436" +tf_script_version = "24.1.1-240117210740" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa4zuvippliu4zusl4ssnsbwrw5sn7toaj62y4p4obsn54wkmtsuuq" +listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa4znas6youb5d3fwzxttrse22zhdfp7bc4kgqw5ecj2b4zzvmg53q" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 727e8330..6c0c7492 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.3-231130202436" +tf_script_version = "24.1.1-240117210740" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa6mhaqaxk5t7xwagusc36hnoimhkqqlihvcho2ndlx2onj67u2juq" +listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaatl3dybgmy6l3wqyaxprl22rvctqnkn5uixjsmfc2rbpian35pvjq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index f634411b..0c6dc4f0 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.3-231130202436" +tf_script_version = "24.1.1-240117210740" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa22tkmyuks4hfntwc3gpsdq5dnnkmlesvj6nlaxmhb6mw2jvlx2oq" +listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaczn55djd6qih54sxpsn5ve7yloahczmnb7w2d7gadaagu6d44kwa" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaac4hb7q5h2i7qqpsbdyhzytaigli52qyk4mtrv5eo3d3zjb6rkjkq" +ucm_listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaai42ahqg2nzta7x5632b7vo5dwy5mf4gnxyu5qgqpaecatfsoq74a" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index aa79e87b..be40a1ab 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "23.4.3-231130202436" +tf_script_version = "24.1.1-240117210740" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "23.4.3-ol8.8-23.09.26-231130-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaac4hb7q5h2i7qqpsbdyhzytaigli52qyk4mtrv5eo3d3zjb6rkjkq" \ No newline at end of file +listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaai42ahqg2nzta7x5632b7vo5dwy5mf4gnxyu5qgqpaecatfsoq74a" From 24871e3fead8aa63bf84b3e76152badef641e379 Mon Sep 17 00:00:00 2001 From: telake Date: Wed, 21 Feb 2024 17:34:55 -0800 Subject: [PATCH 13/61] JCS-14023 Status check missing from public subnet provisioning (#238) JCS-14023 Status check missing from public subnet provisioning Verified status check now showing for public subnet, private endpoint and bastion still showing status check, and that private subnet w/o bastion still does not attempt to get status check. Verified all conditions using both ORM UI and CLI. --- terraform/modules/provisioners/provisioning.tf | 6 +++--- terraform/modules/provisioners/variables.tf | 4 +--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/terraform/modules/provisioners/provisioning.tf b/terraform/modules/provisioners/provisioning.tf index 79a3c8f7..a592b54c 100644 --- a/terraform/modules/provisioners/provisioning.tf +++ b/terraform/modules/provisioners/provisioning.tf @@ -2,7 +2,7 @@ # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. resource "null_resource" "status_check" { - count = var.is_bastion_instance_required || var.is_rms_private_endpoint_required ? var.num_vm_instances : 0 + count = var.assign_public_ip || var.is_bastion_instance_required || var.is_rms_private_endpoint_required ? var.num_vm_instances : 0 depends_on = [null_resource.dev_mode_provisioning] // Connection setup for all WLS instances @@ -121,7 +121,7 @@ resource "null_resource" "status_check" { } resource "null_resource" "print_service_info" { - count = var.is_bastion_instance_required || var.is_rms_private_endpoint_required ? var.num_vm_instances : 0 + count = var.assign_public_ip || var.is_bastion_instance_required || var.is_rms_private_endpoint_required ? var.num_vm_instances : 0 depends_on = [null_resource.status_check] // Connection setup for all WLS instances @@ -146,7 +146,7 @@ resource "null_resource" "print_service_info" { } resource "null_resource" "cleanup" { - count = var.is_bastion_instance_required || var.is_rms_private_endpoint_required ? var.num_vm_instances : 0 + count = var.assign_public_ip || var.is_bastion_instance_required || var.is_rms_private_endpoint_required ? var.num_vm_instances : 0 depends_on = [null_resource.print_service_info] diff --git a/terraform/modules/provisioners/variables.tf b/terraform/modules/provisioners/variables.tf index 004538ab..6eaeb148 100644 --- a/terraform/modules/provisioners/variables.tf +++ b/terraform/modules/provisioners/variables.tf @@ -48,11 +48,9 @@ variable "bastion_host_private_key" { default = "" } -#TODO: Check if this variable is really needed. variable "assign_public_ip" { type = bool - description = "Set to true if you want the compute instance to have a public IP in addition to the private ip. Use with caution" - default = true + description = "Set to true if the WebLogic compute instances will be created in a public subnet and should have a public IP" } variable "is_bastion_instance_required" { From 0007d5806447642259343fd0e90a1f183959eae3 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Tue, 5 Mar 2024 12:24:37 -0800 Subject: [PATCH 14/61] Uptake 24.1.2 mp values. (#242) Uptake 24.1.2 mp values.. --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 13c74fe0..c137b732 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.1-240117210740" +tf_script_version = "24.1.2-240226193100" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaagthrvz4ul6c5quok25hd2wtmsvyqx3preitjb63e7dxgopsez4aq" +listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaahermck4j7yc3jbfcfzfpvwgzhfoen74mmn5dwrmnptep5ikb43va" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa4znas6youb5d3fwzxttrse22zhdfp7bc4kgqw5ecj2b4zzvmg53q" +ucm_listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaev4aso265wkxmt566hvey4pgja4r2rd5yqnua37hcn5bo75lc77a" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 77c9ff01..9c6e8447 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.1-240117210740" +tf_script_version = "24.1.2-240226193100" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa4znas6youb5d3fwzxttrse22zhdfp7bc4kgqw5ecj2b4zzvmg53q" \ No newline at end of file +listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaev4aso265wkxmt566hvey4pgja4r2rd5yqnua37hcn5bo75lc77a" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index c39ff3df..1ab0feb3 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.1-240117210740" +tf_script_version = "24.1.2-240226193100" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaatl3dybgmy6l3wqyaxprl22rvctqnkn5uixjsmfc2rbpian35pvjq" \ No newline at end of file +listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaax3lnppqmdleamgvqnt2zg4zgze7cmrkjmx4pwnw2s55utmvaieta" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 8aedbbc1..81672a87 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.1-240117210740" +tf_script_version = "24.1.2-240226193100" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaczn55djd6qih54sxpsn5ve7yloahczmnb7w2d7gadaagu6d44kwa" +listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaalakd5qdicfbwnqljsgw4bwdqhl74nrz2t7mmnavcij5ifcpbm4nq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaai42ahqg2nzta7x5632b7vo5dwy5mf4gnxyu5qgqpaecatfsoq74a" \ No newline at end of file +ucm_listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaajf5s77j3syb42vtljjsyrnix2ycc6zdaychdaqa7gbncw5ajmelq" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 5106040a..3ccf307c 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.1-240117210740" +tf_script_version = "24.1.2-240226193100" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "24.1.1-ol8.8-23.12.13-240117-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaai42ahqg2nzta7x5632b7vo5dwy5mf4gnxyu5qgqpaecatfsoq74a" \ No newline at end of file +listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaajf5s77j3syb42vtljjsyrnix2ycc6zdaychdaqa7gbncw5ajmelq" From 2cfb830f377e7f873823e64041a4cdd6764611e3 Mon Sep 17 00:00:00 2001 From: Roberto Sanchez Herrera Date: Fri, 22 Mar 2024 09:46:51 -0600 Subject: [PATCH 15/61] JCS-14392 - Issue with volume attachments on scale-out (#245) - Make the keys of the maps of compute and volumes resources to have 2 digits at the end, to conserve the iteration order, which is lexicographical, to prevent volume attachments from being reassigned to other instances because of the iteration order in the list of compute instances Tests: - Created a non-JRF stack with new VCN, and two nodes - Scaled up the stack to 4 nodes, verified the apply job completed successfully and that all servers were added. - Scaled up the stack to 10 nodes, and verified the same points above - Scaled up the stack to 11 nodes, and made the same verifications above, and verified that the existing block volume attachments and block volumes where not affected - Scaled up the stack to 20 nodes, and made the same verifications above - Scaled up the stack to 30 nodes, and made the same verifications above - Scaled down the stack to 10 nodes. Verified that only the artifacts 29 to 10 are deleted, and the rest of the servers are still running --- terraform/modules/compute/wls_compute/wls_compute.tf | 4 ++-- terraform/modules/compute/wls_compute/wls_volume.tf | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/terraform/modules/compute/wls_compute/wls_compute.tf b/terraform/modules/compute/wls_compute/wls_compute.tf index 12f4f228..0ba1147a 100644 --- a/terraform/modules/compute/wls_compute/wls_compute.tf +++ b/terraform/modules/compute/wls_compute/wls_compute.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. module "compute-keygen" { @@ -9,7 +9,7 @@ module "wls-instances" { source = "../instance" - instance_params = { for x in range(var.num_vm_instances) : "${local.host_label}-${x}" => { + instance_params = { for x in range(var.num_vm_instances) : "${local.host_label}-${format("%02d", x)}" => { availability_domain = var.use_regional_subnet ? local.ad_names[(x + local.admin_ad_index) % length(local.ad_names)] : var.availability_domain diff --git a/terraform/modules/compute/wls_compute/wls_volume.tf b/terraform/modules/compute/wls_compute/wls_volume.tf index 1557d8c0..dc70c5f1 100644 --- a/terraform/modules/compute/wls_compute/wls_volume.tf +++ b/terraform/modules/compute/wls_compute/wls_volume.tf @@ -1,9 +1,9 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. module "middleware-volume" { source = "../volume" - bv_params = { for x in range(var.num_vm_instances) : "${var.resource_name_prefix}-mw-block-${x}" => { + bv_params = { for x in range(var.num_vm_instances) : "${var.resource_name_prefix}-mw-block-${format("%02d", x)}" => { ad = var.use_regional_subnet ? local.ad_names[(x + local.admin_ad_index) % length(local.ad_names)] : var.availability_domain compartment_id = var.compartment_id display_name = "${var.resource_name_prefix}-mw-block-${x}" @@ -18,7 +18,7 @@ module "middleware-volume" { module "data-volume" { source = "../volume" - bv_params = { for x in range(var.num_vm_instances) : "${var.resource_name_prefix}-data-block-${x}" => { + bv_params = { for x in range(var.num_vm_instances) : "${var.resource_name_prefix}-data-block-${format("%02d", x)}" => { ad = var.use_regional_subnet ? local.ad_names[(x + local.admin_ad_index) % length(local.ad_names)] : var.availability_domain compartment_id = var.compartment_id display_name = "${var.resource_name_prefix}-data-block-${x}" @@ -35,7 +35,7 @@ module "middleware_volume_attach" { bv_params = { empty = { ad = "", compartment_id = "", display_name = "", bv_size = 0, defined_tags = { def = "" }, freeform_tags = { free = "" } } } - bv_attach_params = { for x in range(var.num_vm_instances * var.num_volumes) : "${var.resource_name_prefix}-block-volume-attach-${x}" => { + bv_attach_params = { for x in range(var.num_vm_instances * var.num_volumes) : "${var.resource_name_prefix}-block-volume-attach-${format("%02d", x)}" => { display_name = "${var.resource_name_prefix}-block-volume-attach-${x}" attachment_type = "iscsi" instance_id = module.wls-instances.instance_ids[x / var.num_volumes] @@ -49,7 +49,7 @@ module "data_volume_attach" { bv_params = { empty = { ad = "", compartment_id = "", display_name = "", bv_size = 0, defined_tags = { def = "" }, freeform_tags = { free = "" } } } - bv_attach_params = { for x in range(var.num_vm_instances * var.num_volumes) : "${var.resource_name_prefix}-block-volume-attach-${x}" => { + bv_attach_params = { for x in range(var.num_vm_instances * var.num_volumes) : "${var.resource_name_prefix}-block-volume-attach-${format("%02d", x)}" => { display_name = "${var.resource_name_prefix}-block-volume-attach-${x}" attachment_type = "iscsi" instance_id = module.wls-instances.instance_ids[x / var.num_volumes] From da2aef90ef3d09edefdc4c5788b360db8783d6df Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Fri, 19 Apr 2024 17:55:55 -0700 Subject: [PATCH 16/61] Uptake mp values. (#250) Uptake marketplace image values --- terraform/images/mp_image_ee_byol.tfvars | 12 ++++++------ terraform/images/mp_image_ee_ucm.tfvars | 8 ++++---- terraform/images/mp_image_se_byol.tfvars | 8 ++++---- terraform/images/mp_image_suite_byol.tfvars | 13 ++++++------- terraform/images/mp_image_suite_ucm.tfvars | 8 ++++---- 5 files changed, 24 insertions(+), 25 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index c137b732..1af99a6f 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.2-240226193100" +tf_script_version = "24.2.1-240418031026" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaahermck4j7yc3jbfcfzfpvwgzhfoen74mmn5dwrmnptep5ikb43va" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa3nhgu74gjrbmacxnyycwdxe5iynncdnohxabzzbbqocpmlmgmkua" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaev4aso265wkxmt566hvey4pgja4r2rd5yqnua37hcn5bo75lc77a" +ucm_listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaosrtulu22bhepdnzaglcmzvovzit7qtrnl3qssltajevm32tu5bq" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 9c6e8447..56387d17 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.2-240226193100" +tf_script_version = "24.2.1-240418031026" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaev4aso265wkxmt566hvey4pgja4r2rd5yqnua37hcn5bo75lc77a" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaosrtulu22bhepdnzaglcmzvovzit7qtrnl3qssltajevm32tu5bq" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 1ab0feb3..e755f002 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.2-240226193100" +tf_script_version = "24.2.1-240418031026" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaax3lnppqmdleamgvqnt2zg4zgze7cmrkjmx4pwnw2s55utmvaieta" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaax3oeotewgn5bbggsxvr7ipyuue4unn26dvk6gmiokstt6kgd3pcq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 00ad8aed..38291e3d 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,13 +1,12 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.2-240226193100" +tf_script_version = "24.2.1-240418031026" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaalakd5qdicfbwnqljsgw4bwdqhl74nrz2t7mmnavcij5ifcpbm4nq" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaazeconf3an2b4xcfxlomzkjwq6yzayqdxnskqoglu6qi7o4kvln2q" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaajf5s77j3syb42vtljjsyrnix2ycc6zdaychdaqa7gbncw5ajmelq" ->>>>>>> development +ucm_listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaayvdvhxatqtcsm3tnq5pnnv52ivzxwyv6i5yynelcg3r46ykblk4q" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 3ccf307c..bf63644f 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.1.2-240226193100" +tf_script_version = "24.2.1-240418031026" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "24.1.2-ol8.8-23.12.13-240226-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaajf5s77j3syb42vtljjsyrnix2ycc6zdaychdaqa7gbncw5ajmelq" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaayvdvhxatqtcsm3tnq5pnnv52ivzxwyv6i5yynelcg3r46ykblk4q" From 2cb6db7737e1ea662af2c4a21ee4adce83da588b Mon Sep 17 00:00:00 2001 From: P M Darshan Date: Fri, 10 May 2024 07:19:57 +0530 Subject: [PATCH 17/61] =?UTF-8?q?Stack=20Provisioning=20to=20consider=20OC?= =?UTF-8?q?I=20Dynamic=20Group=20and=20Policies=20propaga=E2=80=A6=20(#253?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Testing shown in Orahub --------- Co-authored-by: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Co-authored-by: Abhijit Paranjpe <109541284+abhijit-paranjpe@users.noreply.github.com> Co-authored-by: telake Co-authored-by: Roberto Sanchez Herrera --- terraform/main.tf | 3 ++- terraform/modules/compute/wls_compute/variables.tf | 7 ++++++- terraform/modules/compute/wls_compute/wls_compute.tf | 1 + terraform/variables.tf | 2 +- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index 16f99af5..e6c1efff 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. ### Removing network validation script from provisioning flow temporarily. @@ -609,6 +609,7 @@ module "compute" { wls_domain_name = format("%s_domain", local.service_name_prefix) wls_server_startup_args = var.wls_server_startup_args wls_existing_vcn_id = var.wls_existing_vcn_id + create_policies = var.create_policies #The following two are for adding a dependency on the peering module wls_vcn_peering_dns_resolver_id = element(flatten(concat(module.vcn-peering[*].wls_vcn_dns_resolver_id, [""])), 0) diff --git a/terraform/modules/compute/wls_compute/variables.tf b/terraform/modules/compute/wls_compute/variables.tf index 5d6c74f3..de2b0bed 100644 --- a/terraform/modules/compute/wls_compute/variables.tf +++ b/terraform/modules/compute/wls_compute/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "tenancy_id" { @@ -16,6 +16,11 @@ variable "compartment_id" { description = "The OCID of the compartment where the compute will be created" } +variable "create_policies" { + type = bool + description = "Set to true to create OCI IAM policies and dynamic groups required by the WebLogic for OCI stack. If this is set to false, the policies and dynamic groups need to be created manually" +} + variable "availability_domain" { type = string description = "The label of the availability domain where the compute will be created" diff --git a/terraform/modules/compute/wls_compute/wls_compute.tf b/terraform/modules/compute/wls_compute/wls_compute.tf index 0ba1147a..19b3029d 100644 --- a/terraform/modules/compute/wls_compute/wls_compute.tf +++ b/terraform/modules/compute/wls_compute/wls_compute.tf @@ -67,6 +67,7 @@ module "wls-instances" { wls_subnet_cidr = local.wls_subnet_cidr wls_edition = var.wls_edition is_bastion_instance_required = var.is_bastion_instance_required + create_policies = var.create_policies user_data = data.template_cloudinit_config.config.rendered mode = var.mode diff --git a/terraform/variables.tf b/terraform/variables.tf index ca25b621..d501760f 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "tenancy_ocid" { From aa23c6c1860b4f4d7eaf0dda412fc471ef0c9fd1 Mon Sep 17 00:00:00 2001 From: C R Aniruddh Srivatsa Date: Fri, 10 May 2024 20:03:18 +0530 Subject: [PATCH 18/61] JCS-14427: Add suggested actions for 409-PolicyAlreadyExists error in ORM job log (#254) Setting up validation to raise an error if the dynamic group policy already exists with the same name as that of any service name of stack. ![policy_error](https://github.com/oracle-quickstart/oci-weblogic-server/assets/146092663/99e4c142-bf81-46f7-be24-e5624bbffd50) --- terraform/main.tf | 1 + terraform/modules/validators/policy_validators.tf | 14 ++++++++++++++ terraform/modules/validators/variables.tf | 11 ++++++++++- 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 terraform/modules/validators/policy_validators.tf diff --git a/terraform/main.tf b/terraform/main.tf index e6c1efff..ce287552 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -464,6 +464,7 @@ module "validators" { provisioned_node_count = length(data.oci_core_instances.provisioned_instances.instances.*.display_name) use_marketplace_image = var.use_marketplace_image wls_edition = var.wls_edition + tenancy_id = var.tenancy_ocid } module "fss" { diff --git a/terraform/modules/validators/policy_validators.tf b/terraform/modules/validators/policy_validators.tf new file mode 100644 index 00000000..02ea9275 --- /dev/null +++ b/terraform/modules/validators/policy_validators.tf @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +data "oci_identity_policies" "existing_policies" { + compartment_id = var.tenancy_id +} + +locals { + policy_name = var.create_policies ? "${var.service_name}-oci-policy" : "" + existing_policy_names = var.create_policies ? [for policy in data.oci_identity_policies.existing_policies.policies : policy.name] : [] + policy_already_exists = var.create_policies ? contains(local.existing_policy_names, local.policy_name) : false + policy_already_exists_msg = "WLSC-ERROR: Policy with name ${local.policy_name} already exists. Suggested Actions: It appears that another policy with the same name already exists. This could be because you have previously provisioned a stack with the same resource name prefix. If you no longer need the previous stack, please destroy and delete it so that all the resources are cleaned up or else you can provision again with a different resource name prefix. If you have already deleted the stack, delete the policy ${local.policy_name}." + validate_policy_name_is_not_already_used = var.create_policies && local.policy_already_exists ? local.validators_msg_map[local.policy_already_exists_msg] : null +} \ No newline at end of file diff --git a/terraform/modules/validators/variables.tf b/terraform/modules/validators/variables.tf index 9f09e775..0b09307f 100644 --- a/terraform/modules/validators/variables.tf +++ b/terraform/modules/validators/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024 Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "compartment_id" { @@ -533,3 +533,12 @@ variable "tf_script_version" { type = string description = "The version of the provisioning scripts located in the OCI image used to create the WebLogic compute instances" } + +variable "tenancy_id" { + type = string + description = "The OCID of the tenancy where the dynamic group and policy will be created" + validation { + condition = length(regexall("^ocid1.tenancy.*$", var.tenancy_id)) > 0 + error_message = "WLSC-ERROR: The value for tenancy_id should start with \"ocid1.tenancy.\"." + } +} \ No newline at end of file From a4222b9cc5d3fb871bb408deec1376aa4ed40099 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Mon, 13 May 2024 07:34:00 -0700 Subject: [PATCH 19/61] Uptake new image values. (#257) Uptake new 24.2.1 mp values --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 1af99a6f..434bdda4 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240418031026" +tf_script_version = "24.2.1-240510214529" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa3nhgu74gjrbmacxnyycwdxe5iynncdnohxabzzbbqocpmlmgmkua" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa44h6iv2n3mgzjej26juwoxiceb274xghl7h444nwvft2yzsfxo5a" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaosrtulu22bhepdnzaglcmzvovzit7qtrnl3qssltajevm32tu5bq" +ucm_listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaapv6ojtnwlo4kbjd57ewzqca3jyepcebrwjitva2pxo7d3b3ecnfq" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 56387d17..be08d545 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240418031026" +tf_script_version = "24.2.1-240510214529" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaosrtulu22bhepdnzaglcmzvovzit7qtrnl3qssltajevm32tu5bq" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaapv6ojtnwlo4kbjd57ewzqca3jyepcebrwjitva2pxo7d3b3ecnfq" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index e755f002..7bc95acf 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240418031026" +tf_script_version = "24.2.1-240510214529" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaax3oeotewgn5bbggsxvr7ipyuue4unn26dvk6gmiokstt6kgd3pcq" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaac6cfkwfyuzjwk7q37tn3mslfkszpnrojnb2nezwy4oy77zoan4uq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 38291e3d..4b36ec57 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240418031026" +tf_script_version = "24.2.1-240510214529" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaazeconf3an2b4xcfxlomzkjwq6yzayqdxnskqoglu6qi7o4kvln2q" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaahybonu5hsryaqvsnoj6mqhtgbrphfal7ujvezi356rxyhjbq7f3a" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaayvdvhxatqtcsm3tnq5pnnv52ivzxwyv6i5yynelcg3r46ykblk4q" +ucm_listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaor56fbh7brlzxqnjeaa3lcii5e2w5l3ghxru53scrlawqodaqnbq" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index bf63644f..496b5459 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240418031026" +tf_script_version = "24.2.1-240510214529" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240418-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaayvdvhxatqtcsm3tnq5pnnv52ivzxwyv6i5yynelcg3r46ykblk4q" +listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaor56fbh7brlzxqnjeaa3lcii5e2w5l3ghxru53scrlawqodaqnbq" From 112fc28318715426cf8927e237209916841627ea Mon Sep 17 00:00:00 2001 From: C R Aniruddh Srivatsa Date: Fri, 14 Jun 2024 19:47:36 +0530 Subject: [PATCH 20/61] JCS-14427: Add suggested actions for 409-PolicyAlreadyExists error in ORM job log revert (#266) Reverted the policy validation changes. From d59e9f02317351d8dfdbcb6e941ffebacad62189 Mon Sep 17 00:00:00 2001 From: C R Aniruddh Srivatsa Date: Fri, 14 Jun 2024 21:56:58 +0530 Subject: [PATCH 21/61] JCS-14427: Add suggested actions for 409-PolicyAlreadyExists error in ORM job log reverted (#268) Reverted the policy validation changes --- terraform/main.tf | 1 - terraform/modules/validators/policy_validators.tf | 14 -------------- terraform/modules/validators/variables.tf | 9 --------- 3 files changed, 24 deletions(-) delete mode 100644 terraform/modules/validators/policy_validators.tf diff --git a/terraform/main.tf b/terraform/main.tf index ce287552..e6c1efff 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -464,7 +464,6 @@ module "validators" { provisioned_node_count = length(data.oci_core_instances.provisioned_instances.instances.*.display_name) use_marketplace_image = var.use_marketplace_image wls_edition = var.wls_edition - tenancy_id = var.tenancy_ocid } module "fss" { diff --git a/terraform/modules/validators/policy_validators.tf b/terraform/modules/validators/policy_validators.tf deleted file mode 100644 index 02ea9275..00000000 --- a/terraform/modules/validators/policy_validators.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2024 Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. - -data "oci_identity_policies" "existing_policies" { - compartment_id = var.tenancy_id -} - -locals { - policy_name = var.create_policies ? "${var.service_name}-oci-policy" : "" - existing_policy_names = var.create_policies ? [for policy in data.oci_identity_policies.existing_policies.policies : policy.name] : [] - policy_already_exists = var.create_policies ? contains(local.existing_policy_names, local.policy_name) : false - policy_already_exists_msg = "WLSC-ERROR: Policy with name ${local.policy_name} already exists. Suggested Actions: It appears that another policy with the same name already exists. This could be because you have previously provisioned a stack with the same resource name prefix. If you no longer need the previous stack, please destroy and delete it so that all the resources are cleaned up or else you can provision again with a different resource name prefix. If you have already deleted the stack, delete the policy ${local.policy_name}." - validate_policy_name_is_not_already_used = var.create_policies && local.policy_already_exists ? local.validators_msg_map[local.policy_already_exists_msg] : null -} \ No newline at end of file diff --git a/terraform/modules/validators/variables.tf b/terraform/modules/validators/variables.tf index 0b09307f..db7c260a 100644 --- a/terraform/modules/validators/variables.tf +++ b/terraform/modules/validators/variables.tf @@ -533,12 +533,3 @@ variable "tf_script_version" { type = string description = "The version of the provisioning scripts located in the OCI image used to create the WebLogic compute instances" } - -variable "tenancy_id" { - type = string - description = "The OCID of the tenancy where the dynamic group and policy will be created" - validation { - condition = length(regexall("^ocid1.tenancy.*$", var.tenancy_id)) > 0 - error_message = "WLSC-ERROR: The value for tenancy_id should start with \"ocid1.tenancy.\"." - } -} \ No newline at end of file From 220adca334b7dd339acfcfe70865793527752751 Mon Sep 17 00:00:00 2001 From: Mahuwa Barman <106961326+Mahuwa-Barman@users.noreply.github.com> Date: Fri, 28 Jun 2024 23:09:05 +0530 Subject: [PATCH 22/61] Merge and validate secured production mode in WLS for OCI (#272) https://jira.oraclecorp.com/jira/browse/JCS-14433 --------- Co-authored-by: PM-Darshan Co-authored-by: Chintamani Bhat --- terraform/data_sources.tf | 8 +- terraform/locals.tf | 16 +- terraform/main.tf | 42 +++- .../modules/compute/wls_compute/variables.tf | 55 +++++- .../compute/wls_compute/wls_compute.tf | 15 +- .../compute/wls_compute/wls_variables.tf | 43 ++-- terraform/modules/lb/backends/lb_backends.tf | 40 +++- terraform/modules/lb/backends/variables.tf | 13 +- .../scripts/network_validation.sh | 93 ++++++++- .../modules/network/vcn-config/locals.tf | 3 +- .../network/vcn-config/nsg_security_rule.tf | 46 ++++- .../modules/network/vcn-config/variables.tf | 16 +- terraform/modules/policies/locals.tf | 19 +- terraform/modules/policies/variables.tf | 33 +++- terraform/modules/validators/validators.tf | 25 ++- terraform/modules/validators/variables.tf | 33 +++- terraform/outputs.tf | 6 +- terraform/schema.yaml | 187 ++++++++++++++++-- terraform/schema_14110.yaml | 181 +++++++++++++++-- terraform/weblogic_variables.tf | 87 ++++++-- 20 files changed, 869 insertions(+), 92 deletions(-) diff --git a/terraform/data_sources.tf b/terraform/data_sources.tf index 713a2668..1c98e3ab 100644 --- a/terraform/data_sources.tf +++ b/terraform/data_sources.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. data "oci_identity_regions" "home_region" { @@ -209,3 +209,9 @@ data "oci_core_instances" "provisioned_instances" { } } +data "oci_certificates_management_certificate_authority" "root_certificate_authority" { + count = var.configure_secure_mode && var.root_ca_id != "" ? 1 : 0 + #Required + certificate_authority_id = var.root_ca_id +} + diff --git a/terraform/locals.tf b/terraform/locals.tf index d7502c13..6169eba4 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { @@ -93,7 +93,7 @@ locals { deploy_sample_app = (var.deploy_sample_app && var.wls_edition != "SE") admin_ip_address = local.assign_weblogic_public_ip ? module.compute.instance_public_ips[0] : module.compute.instance_private_ips[0] - admin_console_app_url = format("https://%s:%s/console", local.admin_ip_address, var.wls_extern_ssl_admin_port) + admin_console_app_url = format("https://%s:%s/console", local.admin_ip_address, local.wls_extern_ssl_admin_port) sample_app_protocol = local.add_load_balancer ? "https" : "http" sample_app_url_lb_ip = local.deploy_sample_app && local.add_load_balancer ? format("%s://%s/sample-app", local.sample_app_protocol, local.lb_ip) : "" sample_app_url_wls_ip = local.deploy_sample_app ? format("https://%s:%s/sample-app", local.admin_ip_address, var.wls_ms_extern_ssl_port) : "" @@ -184,4 +184,16 @@ locals { is_rms_private_endpoint_required = var.is_rms_private_endpoint_required && var.wls_existing_vcn_id != "" && var.wls_subnet_id != "" && !local.assign_weblogic_public_ip ? true : false add_new_rms_private_endpoint = local.is_rms_private_endpoint_required && var.add_rms_private_endpoint == "Create New Resource Manager Endpoint" ? true : false add_existing_rms_private_endpoint = local.is_rms_private_endpoint_required && var.add_rms_private_endpoint == "Use Existing Resource Manager Endpoint" ? true : false + + # Secured Production Mode + preserve_boot_properties = var.configure_secure_mode ? var.preserve_boot_properties : true + wls_admin_port = var.configure_secure_mode ? var.administration_port : var.wls_admin_port + keystore_password_id = var.configure_secure_mode ? var.keystore_password_id : "" + root_ca_id = var.configure_secure_mode ? var.root_ca_id : "" + cert_compartment_id = var.cert_compartment_id == "" ? local.network_compartment_id : var.cert_compartment_id + wls_domain_configuration = var.configure_secure_mode ? "Secured Production Mode" : "Production Mode" + wls_extern_ssl_admin_port = var.configure_secure_mode ? var.administration_port : var.wls_extern_ssl_admin_port + wls_admin_user = var.configure_secure_mode ? var.wls_primary_admin_user : var.wls_admin_user + wls_secondary_admin_password_id = var.configure_secure_mode ? var.wls_secondary_admin_password_id : "" + root_ca_compartment_id = var.configure_secure_mode && var.root_ca_id != "" ? data.oci_certificates_management_certificate_authority.root_certificate_authority[0].compartment_id : "" } diff --git a/terraform/main.tf b/terraform/main.tf index e6c1efff..12460dc7 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023,2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. ### Removing network validation script from provisioning flow temporarily. @@ -63,9 +63,12 @@ module "network-vcn-config" { wls_extern_ssl_admin_port = var.wls_extern_ssl_admin_port wls_extern_admin_port = var.wls_extern_admin_port wls_expose_admin_port = var.wls_expose_admin_port + wls_admin_ssl_port = var.wls_admin_ssl_port wls_admin_port_source_cidr = var.wls_admin_port_source_cidr - wls_ms_content_port = local.add_load_balancer ? (var.is_idcs_selected ? var.idcs_cloudgate_port : var.wls_ms_extern_port) : var.wls_ms_extern_ssl_port + wls_ms_content_port = local.add_load_balancer ? (var.is_idcs_selected ? var.idcs_cloudgate_port : (var.configure_secure_mode ? var.wls_ms_extern_ssl_port : var.wls_ms_extern_port)) : var.wls_ms_extern_ssl_port assign_backend_public_ip = local.assign_weblogic_public_ip + configure_secure_mode = var.configure_secure_mode + administration_port = var.administration_port wls_subnet_cidr = local.wls_subnet_cidr wls_ms_source_cidrs = local.add_load_balancer ? [local.lb_subnet_1_subnet_cidr] : ["0.0.0.0/0"] @@ -239,6 +242,12 @@ module "policies" { fss_compartment_id = var.fss_compartment_id == "" ? var.compartment_ocid : var.fss_compartment_id mount_target_compartment_id = var.mount_target_compartment_id == "" ? var.compartment_ocid : var.mount_target_compartment_id is_rms_private_endpoint_required = local.is_rms_private_endpoint_required + instance_image_id = var.instance_image_id + configure_secure_mode = var.configure_secure_mode + keystore_password_id = local.keystore_password_id + cert_compartment_id = local.cert_compartment_id + root_ca_compartment_id = local.root_ca_compartment_id + wls_secondary_admin_password_id = local.wls_secondary_admin_password_id } module "bastion" { @@ -464,6 +473,14 @@ module "validators" { provisioned_node_count = length(data.oci_core_instances.provisioned_instances.instances.*.display_name) use_marketplace_image = var.use_marketplace_image wls_edition = var.wls_edition + + # Secured Production Mode + configure_secure_mode = var.configure_secure_mode + keystore_password_id = local.keystore_password_id + root_ca_id = local.root_ca_id + wls_secondary_admin_password_id = local.wls_secondary_admin_password_id + administration_port = var.administration_port + ms_administration_port = var.ms_administration_port } module "fss" { @@ -591,7 +608,7 @@ module "compute" { tf_script_version = var.tf_script_version use_regional_subnet = local.use_regional_subnet wls_14c_jdk_version = var.wls_14c_jdk_version - wls_admin_user = var.wls_admin_user + wls_admin_user = local.wls_admin_user wls_admin_password_id = var.wls_admin_password_id wls_admin_server_name = format("%s_adminserver", local.service_name_prefix) wls_ms_server_name = format("%s_server_", local.service_name_prefix) @@ -604,13 +621,25 @@ module "compute" { wls_machine_name = format("%s_machine_", local.service_name_prefix) wls_extern_admin_port = var.wls_extern_admin_port wls_extern_ssl_admin_port = var.wls_extern_ssl_admin_port - wls_admin_port = var.wls_admin_port + wls_admin_port = local.wls_admin_port wls_admin_ssl_port = var.wls_admin_ssl_port wls_domain_name = format("%s_domain", local.service_name_prefix) wls_server_startup_args = var.wls_server_startup_args wls_existing_vcn_id = var.wls_existing_vcn_id create_policies = var.create_policies + # Secured Production Mode + configure_secure_mode = var.configure_secure_mode + preserve_boot_properties = local.preserve_boot_properties + administration_port = var.administration_port + ms_administration_port = var.ms_administration_port + keystore_password_id = local.keystore_password_id + root_ca_id = local.root_ca_id + cert_compartment_id = local.cert_compartment_id + thread_pool_limit = var.thread_pool_limit + wls_secondary_admin_user = var.wls_secondary_admin_user + wls_secondary_admin_password_id = local.wls_secondary_admin_password_id + #The following two are for adding a dependency on the peering module wls_vcn_peering_dns_resolver_id = element(flatten(concat(module.vcn-peering[*].wls_vcn_dns_resolver_id, [""])), 0) wls_vcn_peering_route_table_attachment_id = local.assign_weblogic_public_ip ? element(flatten(concat(module.vcn-peering[*].wls_vcn_public_route_table_attachment_id, [""])), 0) : element(flatten(concat(module.vcn-peering[*].wls_vcn_private_route_table_attachment_id, [""])), 0) @@ -709,8 +738,11 @@ module "load-balancer-backends" { lb_backendset_name = local.lb_backendset_name num_vm_instances = var.wls_node_count instance_private_ips = module.compute.instance_private_ips - backend_port = var.is_idcs_selected ? var.idcs_cloudgate_port : var.wls_ms_extern_port + backend_port = var.is_idcs_selected ? var.idcs_cloudgate_port : (var.configure_secure_mode ? var.wls_ms_extern_ssl_port : var.wls_ms_extern_port) health_check_url = var.is_idcs_selected ? "/cloudgate" : "/" + + configure_secure_mode = var.configure_secure_mode + root_ca_id = local.root_ca_id } module "observability-logging" { diff --git a/terraform/modules/compute/wls_compute/variables.tf b/terraform/modules/compute/wls_compute/variables.tf index de2b0bed..bd517247 100644 --- a/terraform/modules/compute/wls_compute/variables.tf +++ b/terraform/modules/compute/wls_compute/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023,2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "tenancy_id" { @@ -293,3 +293,56 @@ variable "is_ucm_image" { type = bool description = "The metadata info to send it to instance to determine if its ucm image based instance or not" } + +# All the variables under this comment belong to Secured Production Mode +variable "configure_secure_mode" { + type = bool + description = "Set to true to configure a secure WebLogic domain" +} + +variable "preserve_boot_properties" { + type = bool + description = "Set to true to preserve the boot.properties file for administration server and managed servers" +} + +variable "administration_port" { + type = number + description = "The domain-wide administration port to configure a secure WebLogic domain" +} + +variable "ms_administration_port" { + type = number + description = "The administration port for managed servers to configure a secure WebLogic domain" +} + +variable "keystore_dir" { + type = string + description = "The directory where the pkcs12 keystores will be created in the compute instance when secured production mode is enabled." + default = "/u01/data/keystores" +} + +variable "keystore_password_id" { + type = string + description = "The OCID of the vault secret with the password for creating the keystore" +} + +variable "root_ca_id" { + type = string + description = "The OCID of the existing root certificate authority to issue the certificates" +} + +variable "cert_compartment_id" { + type = string + description = "The OCID of the compartment where the certificate will be created. Leave it blank to use the network compartment for the certificate" +} + +variable "thread_pool_limit" { + type = number + description = "Shared Capacity For Work Managers" +} + +variable "certificate_id" { + type = string + description = "The OCID of the SSL certificate to configure a secure WebLogic domain" + default = "" +} \ No newline at end of file diff --git a/terraform/modules/compute/wls_compute/wls_compute.tf b/terraform/modules/compute/wls_compute/wls_compute.tf index 19b3029d..4a0ec1c5 100644 --- a/terraform/modules/compute/wls_compute/wls_compute.tf +++ b/terraform/modules/compute/wls_compute/wls_compute.tf @@ -54,7 +54,6 @@ module "wls-instances" { wls_ms_server_name = var.wls_ms_server_name wls_admin_server_name = var.wls_admin_server_name wls_cluster_name = var.wls_cluster_name - wls_cluster_mc_port = var.wls_cluster_mc_port wls_machine_name = var.wls_machine_name wls_server_startup_args = var.wls_server_startup_args total_vm_count = var.num_vm_instances @@ -69,6 +68,20 @@ module "wls-instances" { is_bastion_instance_required = var.is_bastion_instance_required create_policies = var.create_policies + # Secured Production Mode + configure_secure_mode = var.configure_secure_mode + preserve_boot_properties = var.preserve_boot_properties + administration_port = var.administration_port + ms_administration_port = var.ms_administration_port + keystore_dir = var.keystore_dir + keystore_password_id = var.keystore_password_id + root_ca_id = var.root_ca_id + cert_compartment_id = var.cert_compartment_id + certificate_id = var.certificate_id + thread_pool_limit = var.thread_pool_limit + wls_secondary_admin_user = var.wls_secondary_admin_user + wls_secondary_admin_password_ocid = var.wls_secondary_admin_password_id + user_data = data.template_cloudinit_config.config.rendered mode = var.mode wls_version = var.wls_version diff --git a/terraform/modules/compute/wls_compute/wls_variables.tf b/terraform/modules/compute/wls_compute/wls_variables.tf index 4fab7166..777a77ea 100644 --- a/terraform/modules/compute/wls_compute/wls_variables.tf +++ b/terraform/modules/compute/wls_compute/wls_variables.tf @@ -13,7 +13,8 @@ variable "wls_edition" { variable "wls_admin_user" { type = string - description = "The name of the admin user that will be added to the WebLogic domain" + description = "Name of WebLogic administration user" + default = "weblogic" validation { condition = replace(var.wls_admin_user, "/^[a-zA-Z][a-zA-Z0-9_-]{7,127}/", "0") == "0" error_message = "WLSC-ERROR: The value for wls_admin_user should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters." @@ -137,16 +138,6 @@ variable "wls_ms_ssl_port" { } } -variable "wls_cluster_mc_port" { - type = number - description = "The managed server port on which to send heartbeats and other internal cluster traffic" - default = 5555 - validation { - condition = var.wls_cluster_mc_port > 0 - error_message = "WLSC-ERROR: The value for wls_cluster_mc_port should be greater than 0." - } -} - variable "wls_nm_port" { type = number description = "The listen port number for the node manager process on all compute instances" @@ -170,8 +161,8 @@ variable "provisioning_timeout_mins" { variable "wls_admin_server_wait_timeout_mins" { type = number - description = "Teh timeout in minutes for the administration server to enroll to node manager" - default = 30 + description = "The timeout in minutes for the administration server to enroll to node manager" + default = 10 } variable "wls_version" { @@ -228,3 +219,29 @@ variable "wls_version_to_rcu_component_list_map" { "12.2.1.4" = "MDS,WLS,STB,IAU_APPEND,IAU_VIEWER,UCSUMS,IAU,OPSS" } } + +# All variables under this comment belong to secured production mode +variable "wls_primary_admin_user" { + type = string + description = "Name of primary WebLogic administration user" + default = "wls_user" + validation { + condition = replace(var.wls_primary_admin_user, "/^[a-zA-Z][a-zA-Z0-9_-]{7,127}/", "0") == "0" && !contains(["system", "admin", "administrator", "weblogic"], var.wls_primary_admin_user) + error_message = "WLSC-ERROR: The value for wls_primary_admin_user should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + } +} + +variable "wls_secondary_admin_user" { + type = string + description = "Name of secondary WebLogic administration user" + default = "wls_user_1" + validation { + condition = replace(var.wls_secondary_admin_user, "/^[a-zA-Z][a-zA-Z0-9_-]{7,127}/", "0") == "0" && !contains(["system", "admin", "administrator", "weblogic"], var.wls_secondary_admin_user) + error_message = "WLSC-ERROR: The value for wls_secondary_admin_user should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + } +} + +variable "wls_secondary_admin_password_id" { + type = string + description = "The OCID of the vault secret with the password for secondary WebLogic administration user" +} \ No newline at end of file diff --git a/terraform/modules/lb/backends/lb_backends.tf b/terraform/modules/lb/backends/lb_backends.tf index 939ae35d..8ebb1139 100644 --- a/terraform/modules/lb/backends/lb_backends.tf +++ b/terraform/modules/lb/backends/lb_backends.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { @@ -9,7 +9,7 @@ locals { resource "oci_load_balancer_backend_set" "wls_lb_backendset" { # If using existing load balancer, use per-created backend set of existing lb - count = var.use_existing_lb ? 0 : 1 + count = var.configure_secure_mode ? 0 : var.use_existing_lb ? 0 : 1 name = var.lb_backendset_name load_balancer_id = var.load_balancer_id @@ -27,11 +27,41 @@ resource "oci_load_balancer_backend_set" "wls_lb_backendset" { lb_cookie_session_persistence_configuration {} } +resource "oci_load_balancer_backend_set" "wls_lb_backendset_secure_mode" { + # If using existing load balancer in secured production mode, use per-created backend set of existing lb + count = var.use_existing_lb ? 0 : var.configure_secure_mode ? 1 : 0 + + name = var.lb_backendset_name + load_balancer_id = var.load_balancer_id + policy = var.lb_policy + + health_checker { + port = var.backend_port + protocol = var.lb_protocol + response_body_regex = ".*" + url_path = local.health_check_url_path + return_code = var.return_code + } + + ssl_configuration { + trusted_certificate_authority_ids = [var.root_ca_id] + verify_depth = 1 + verify_peer_certificate = true + } + + # Set the session persistence to lb-session-persistence with all default values. + lb_cookie_session_persistence_configuration {} + + lifecycle { + ignore_changes = [ssl_configuration] + } +} + resource "oci_load_balancer_listener" "wls_lb_listener_https" { count = local.use_https_listener_count load_balancer_id = var.load_balancer_id name = "${var.resource_name_prefix}_https" - default_backend_set_name = var.use_existing_lb ? var.lb_backendset_name : oci_load_balancer_backend_set.wls_lb_backendset[count.index].name + default_backend_set_name = var.use_existing_lb ? var.lb_backendset_name : var.configure_secure_mode ? oci_load_balancer_backend_set.wls_lb_backendset_secure_mode[count.index].name : oci_load_balancer_backend_set.wls_lb_backendset[count.index].name port = var.lb_https_lstr_port protocol = var.lb_protocol rule_set_names = [oci_load_balancer_rule_set.SSL_headers[count.index].name] @@ -51,10 +81,10 @@ resource "oci_load_balancer_listener" "wls_lb_listener_https" { } resource "oci_load_balancer_backend" "wls_lb_backend" { - count = var.use_existing_lb || (length(oci_load_balancer_backend_set.wls_lb_backendset) > 0) ? var.num_vm_instances : 0 + count = var.use_existing_lb || (length(oci_load_balancer_backend_set.wls_lb_backendset) > 0) || (length(oci_load_balancer_backend_set.wls_lb_backendset_secure_mode) > 0) ? var.num_vm_instances : 0 load_balancer_id = var.load_balancer_id - backendset_name = var.use_existing_lb ? var.lb_backendset_name : oci_load_balancer_backend_set.wls_lb_backendset[0].name + backendset_name = var.use_existing_lb ? var.lb_backendset_name : var.configure_secure_mode ? oci_load_balancer_backend_set.wls_lb_backendset_secure_mode[0].name : oci_load_balancer_backend_set.wls_lb_backendset[0].name ip_address = var.instance_private_ips[count.index] port = var.backend_port backup = false diff --git a/terraform/modules/lb/backends/variables.tf b/terraform/modules/lb/backends/variables.tf index 4366d59b..9037155e 100644 --- a/terraform/modules/lb/backends/variables.tf +++ b/terraform/modules/lb/backends/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "instance_private_ips" { @@ -78,3 +78,14 @@ variable "resource_name_prefix" { type = string description = "Prefix used by the WebLogic for OCI instance of which this compute is part" } + +# All the variables under this comment belong to Secured Production Mode +variable "configure_secure_mode" { + type = bool + description = "Set to true to configure a secure WebLogic domain" +} + +variable "root_ca_id" { + type = string + description = "The OCID of the existing root certificate authority to issue the certificates" +} diff --git a/terraform/modules/network-validator/scripts/network_validation.sh b/terraform/modules/network-validator/scripts/network_validation.sh index 29aca75e..7a0ee496 100644 --- a/terraform/modules/network-validator/scripts/network_validation.sh +++ b/terraform/modules/network-validator/scripts/network_validation.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. # # ############################################################################ @@ -24,6 +24,7 @@ WLS_LB_PORT=7003 LB_PORT=443 ADMIN_HTTP_PORT=7001 ADMIN_HTTPS_PORT=7002 +IDCS_PORT= WLS_SUBNET_OCID="" BASTION_SUBNET_OCID="" BASTION_HOST_IP="" @@ -38,6 +39,7 @@ FSS_NSG_OCID="" LPG_OCID="" ALL_IPS="0.0.0.0/0" LB_SOURCE_CIDR="" +SECURE_MODE="false" NETWORK_VALIDATION_MSG="Fix the network validation script errors and re-run the script in the cloud shell" debug=false @@ -611,6 +613,7 @@ while [[ $1 = -?* ]]; do -w|--wlssubnet) shift; WLS_SUBNET_OCID=${1} ;; -p|--http_port) shift; ADMIN_HTTP_PORT=${1} ;; -s|--https_port) shift; ADMIN_HTTPS_PORT=${1} ;; + -c|--idcs_port) shift; IDCS_PORT=${1} ;; -d|--ocidbid) shift; OCIDB_OCID=${1} ;; -P|--ocidbport) shift; DB_PORT=${1} ;; -t|--atpdbid) shift; ATPDB_OCID=${1} ;; @@ -627,6 +630,7 @@ while [[ $1 = -?* ]]; do -o|--lbnsg) shift; LB_NSG_OCID=${1} ;; -e|--fssnsg) shift; FSS_NSG_OCID=${1} ;; -n|--bastionnsg) shift; BASTION_NSG_OCID=${1} ;; + -z|--securemode) shift; SECURE_MODE=${1} ;; --debug) debug=true;; --endopts) shift; break ;; *) "invalid option: '$1'." ; usage >&2; exit 1 ;; @@ -658,6 +662,30 @@ if ${debug}; then set -x ; fi # This way you can catch the error in case mysqldump fails in `mysqldump |gzip`, for example. set -o pipefail +# Setting the WLS LB port when IDCS is enabled +if [[ -n ${IDCS_PORT} ]] +then + WLS_LB_PORT=${IDCS_PORT} +fi + +# Convert to lowercase for case insensitive check +secure_mode=$(echo "$SECURE_MODE" | tr '[:upper:]' '[:lower:]') + +# Change the default value of ports for secured production mode +if [ "$secure_mode" = "true" ]; then + if [ "${WLS_LB_PORT}" -eq 7003 ] + then + WLS_LB_PORT=7004 + fi + + if [ "${ADMIN_HTTPS_PORT}" -eq 7002 ] + then + ADMIN_HTTPS_PORT=9002 + fi + + T3_PORT=9072 +fi + ### Validate all required params are present ### # Required for validating existing subnets @@ -802,6 +830,21 @@ then then echo "WARNING: Exposing the WebLogic administrator port [${ADMIN_HTTPS_PORT}] in the subnet [{$WLS_SUBNET_OCID}] to the internet [${ALL_IPS}] allows any user to access the WebLogic console, which is not a recommended practice. Ensure that only a specific CIDR range can access the WebLogic console. ${NETWORK_VALIDATION_MSG}" fi + + # Check if Administration Port is open for access by WLS subnet CIDR for secure mode + if [ "$secure_mode" = "true" ]; then + res=$(validate_subnet_port_access ${WLS_SUBNET_OCID} ${ADMIN_HTTPS_PORT} ${wls_subnet_cidr_block}) + if [[ $res == *"WARNING"* ]] + then + for warning in "${res[@]}"; do + echo "$warning" + done + elif [[ $res -ne 0 ]] + then + echo "ERROR: Port ${ADMIN_HTTPS_PORT} is not open for access by WLS Subnet CIDR [$wls_subnet_cidr_block] in WLS Subnet [$WLS_SUBNET_OCID]. ${NETWORK_VALIDATION_MSG}" + validation_return_code=2 + fi + fi fi ### Validation - Only when WLS Subnet OCID, Admin Server NSG & Managed Server NSG are provided ### @@ -859,6 +902,21 @@ then then echo "WARNING: Exposing the WebLogic administrator port [${ADMIN_HTTPS_PORT}] in the Admin Server NSG [{$ADMIN_SRV_NSG_OCID}] to the internet [${ALL_IPS}] allows any user to access the WebLogic console, which is not a recommended practice. Ensure that only a specific CIDR range can access the WebLogic console. ${NETWORK_VALIDATION_MSG}" fi + + # Check if Administration Port is open for access by WLS subnet CIDR in Managed Server NSG for secure mode + if [ "$secure_mode" = "true" ]; then + res=$(check_tcp_port_open_in_seclist_or_nsg $MANAGED_SRV_NSG_OCID ${ADMIN_HTTPS_PORT} "$wls_subnet_cidr_block" "nsg") + if [[ $res == *"WARNING"* ]] + then + for warning in "${res[@]}"; do + echo "$warning" + done + elif [[ $res -ne 0 ]] + then + echo "ERROR: Port ${ADMIN_HTTPS_PORT} is not open for access by WLS Subnet CIDR [$wls_subnet_cidr_block] in Managed Server NSG [$MANAGED_SRV_NSG_OCID]. ${NETWORK_VALIDATION_MSG}" + validation_return_code=2 + fi + fi fi ### Validation - Only when OCI DB OCID is provided ### @@ -1019,6 +1077,39 @@ then fi fi fi + + # In secured production mode, Check if bastion Host IP CIDR or Bastion Subnet CIDR has access to Administration Port on WLS subnet or Admin Server NSG + if [ "$secure_mode" = "true" ]; then + if [[ -z ${ADMIN_SRV_NSG_OCID} && -z ${MANAGED_SRV_NSG_OCID} ]] + then + res=$(validate_subnet_port_access ${WLS_SUBNET_OCID} ${ADMIN_HTTPS_PORT} ${bastion_cidr_block}) + if [[ $res == *"WARNING"* ]] + then + for warning in "${res[@]}"; do + echo "$warning" + done + elif [[ $res -ne 0 ]] + then + echo "ERROR: Port ${ADMIN_HTTPS_PORT} is not open for access by [$bastion_cidr_block] in WLS Subnet [$WLS_SUBNET_OCID]. ${NETWORK_VALIDATION_MSG}" + validation_return_code=2 + fi + fi + + if [[ -n ${ADMIN_SRV_NSG_OCID} && -n ${MANAGED_SRV_NSG_OCID} ]] + then + res=$(check_tcp_port_open_in_seclist_or_nsg $ADMIN_SRV_NSG_OCID ${ADMIN_HTTPS_PORT} ${bastion_cidr_block} "nsg") + if [[ $res == *"WARNING"* ]] + then + for warning in "${res[@]}"; do + echo "$warning" + done + elif [[ $res -ne 0 ]] + then + echo "ERROR: Port ${ADMIN_HTTPS_PORT} is not open for access by [$bastion_cidr_block] in Admin Server NSG [$ADMIN_SRV_NSG_OCID]. ${NETWORK_VALIDATION_MSG}" + validation_return_code=2 + fi + fi + fi fi fi diff --git a/terraform/modules/network/vcn-config/locals.tf b/terraform/modules/network/vcn-config/locals.tf index 72e19d7b..0c9e837e 100644 --- a/terraform/modules/network/vcn-config/locals.tf +++ b/terraform/modules/network/vcn-config/locals.tf @@ -1,8 +1,9 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { port_for_ingress_lb_security_rule = 443 wls_admin_port_source_cidrs = var.wls_expose_admin_port ? [var.wls_admin_port_source_cidr] : [] nat_gw_exists = length(var.existing_nat_gateway_ids) == 0 ? false : true + ssl_admin_port = var.configure_secure_mode ? var.administration_port : var.wls_extern_ssl_admin_port } diff --git a/terraform/modules/network/vcn-config/nsg_security_rule.tf b/terraform/modules/network/vcn-config/nsg_security_rule.tf index 5d9c44f1..cadaeb9c 100644 --- a/terraform/modules/network/vcn-config/nsg_security_rule.tf +++ b/terraform/modules/network/vcn-config/nsg_security_rule.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. resource "oci_core_network_security_group_security_rule" "bastion_ingress_security_rule" { @@ -61,7 +61,18 @@ resource "oci_core_network_security_group_security_rule" "wls_ingress_security_r } resource "oci_core_network_security_group_security_rule" "wls_ingress_internal_security_rule" { + count = var.configure_secure_mode ? 0 : 1 + network_security_group_id = element(var.nsg_ids["managed_nsg_id"], 0) + direction = "INGRESS" + protocol = "6" + + source = var.wls_subnet_cidr + source_type = "CIDR_BLOCK" + stateless = false +} +resource "oci_core_network_security_group_security_rule" "wls_ingress_internal_security_rule_secure_mode" { + count = var.configure_secure_mode ? 1 : 0 network_security_group_id = element(var.nsg_ids["managed_nsg_id"], 0) direction = "INGRESS" protocol = "6" @@ -69,6 +80,31 @@ resource "oci_core_network_security_group_security_rule" "wls_ingress_internal_s source = var.wls_subnet_cidr source_type = "CIDR_BLOCK" stateless = false + + tcp_options { + destination_port_range { + min = var.administration_port + max = var.administration_port + } + } +} + +resource "oci_core_network_security_group_security_rule" "wls_ingress_internal_ssl_security_rule_secure_mode" { + count = var.configure_secure_mode ? 1 : 0 + network_security_group_id = element(var.nsg_ids["managed_nsg_id"], 0) + direction = "INGRESS" + protocol = "6" + + source = var.wls_subnet_cidr + source_type = "CIDR_BLOCK" + stateless = false + + tcp_options { + destination_port_range { + min = var.wls_admin_ssl_port + max = var.wls_admin_ssl_port + } + } } resource "oci_core_network_security_group_security_rule" "wls_ingress_app_ms_security_rule" { @@ -155,8 +191,8 @@ resource "oci_core_network_security_group_security_rule" "wls_admin_bastion_ingr tcp_options { destination_port_range { - max = var.wls_extern_ssl_admin_port - min = var.wls_extern_ssl_admin_port + max = local.ssl_admin_port + min = local.ssl_admin_port } } } @@ -173,8 +209,8 @@ resource "oci_core_network_security_group_security_rule" "wls_admin_existing_bas tcp_options { destination_port_range { - max = var.wls_extern_ssl_admin_port - min = var.wls_extern_ssl_admin_port + max = local.ssl_admin_port + min = local.ssl_admin_port } } } diff --git a/terraform/modules/network/vcn-config/variables.tf b/terraform/modules/network/vcn-config/variables.tf index 8fd4290a..68abaca4 100644 --- a/terraform/modules/network/vcn-config/variables.tf +++ b/terraform/modules/network/vcn-config/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "compartment_id" { @@ -206,3 +206,17 @@ variable "add_existing_mount_target" { default = false } +variable "configure_secure_mode" { + type = bool + description = "Set to true to configure a secure WebLogic domain" +} + +variable "administration_port" { + type = number + description = "The domain-wide administration port to configure a secure WebLogic domain" +} + +variable "wls_admin_ssl_port" { + type = number + description = "The administration server port for T3s protocol" +} \ No newline at end of file diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index d21ca739..bcb12c85 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { @@ -79,6 +79,7 @@ locals { autoscaling_statement26 = var.use_autoscaling ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to manage policies in tenancy" : "" : "" autoscaling_statement27 = var.use_autoscaling ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to use tag-namespaces in tenancy" : "" : "" autoscaling_statement28 = var.use_autoscaling && var.network_compartment_id != var.compartment_id && var.is_rms_private_endpoint_required ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to manage orm-family in compartment id ${var.network_compartment_id}" : "" : "" + autoscaling_statement29 = (var.use_autoscaling && var.instance_image_id != "") ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to {INSTANCE_IMAGE_READ} in tenancy where target.image.id='${var.instance_image_id}'" : "" : "" autoscaling_atp_policy_statement = (var.atp_db.is_atp && var.use_autoscaling) ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to inspect autonomous-transaction-processing-family in compartment id ${var.atp_db.compartment_id}" : "" : "" autoscaling_db_policy_statement = (local.is_oci_db && var.use_autoscaling) ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to inspect database-family in compartment id ${var.oci_db.compartment_id}" : "" : "" autoscaling_fss_mount_target_policy_statement = (var.add_fss && var.use_autoscaling) ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to manage mount-targets in compartment id ${var.mount_target_compartment_id}" : "" : "" @@ -99,7 +100,7 @@ locals { local.autoscaling_statement18, local.autoscaling_statement19, local.autoscaling_statement20, local.autoscaling_statement21, local.autoscaling_statement22, local.autoscaling_statement23, local.autoscaling_statement24, local.autoscaling_statement25, local.autoscaling_statement26, - local.autoscaling_statement27, local.autoscaling_statement28, + local.autoscaling_statement27, local.autoscaling_statement28, local.autoscaling_statement29, local.autoscaling_logging_policy_1, local.autoscaling_logging_policy_2, local.autoscaling_logging_policy_3, local.autoscaling_atp_policy_statement, local.autoscaling_db_policy_statement, @@ -108,8 +109,20 @@ locals { local.autoscaling_fss_export_sets_policy_statement ]) + #Policies for creating wildcard certificate to configure SSL in secured production mode + secure_mode_statement1 = var.configure_secure_mode ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use certificate-authority-delegates in compartment id ${var.cert_compartment_id}" : "" + secure_mode_statement2 = var.configure_secure_mode ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage leaf-certificates in compartment id ${var.cert_compartment_id}" : "" + secure_mode_statement3 = var.configure_secure_mode ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read leaf-certificate-bundles in compartment id ${var.cert_compartment_id} where target.leaf-certificate.bundle-type = 'CERTIFICATE_CONTENT_PUBLIC_ONLY'" : "" + secure_mode_statement4 = var.configure_secure_mode ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read certificate-authorities in compartment id ${var.root_ca_compartment_id}" : "" + secure_mode_statement5 = (var.configure_secure_mode && var.use_autoscaling) ? length(oci_identity_dynamic_group.wlsc_functions_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_functions_principal_group[0].name} to read certificate-authorities in compartment id ${var.root_ca_compartment_id}" : "" : "" + + #Policy for reading keystore password secret + secure_mode_secrets_policy_statement1 = (var.configure_secure_mode && var.keystore_password_id != "" && var.wls_secondary_admin_password_id != "" && var.keystore_password_id != var.wls_admin_password_id && var.keystore_password_id != var.wls_secondary_admin_password_id) ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read secret-bundles in tenancy where target.secret.id = '${var.keystore_password_id}'" : "" + secure_mode_secrets_policy_statement2 = (var.configure_secure_mode && var.wls_secondary_admin_password_id != "" && var.wls_admin_password_id != var.wls_secondary_admin_password_id) ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read secret-bundles in tenancy where target.secret.id = '${var.wls_secondary_admin_password_id}'" : "" + secure_mode_statement = compact([local.secure_mode_statement1, local.secure_mode_statement2, local.secure_mode_statement3, local.secure_mode_statement4, local.secure_mode_statement5, local.secure_mode_secrets_policy_statement1, local.secure_mode_secrets_policy_statement2]) + #TODO: When other categories with more statements are added here, concat them with service_statements - policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.autoscaling_statements) + policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.autoscaling_statements, local.secure_mode_statement) reserved_ips_info = var.compartment_id == "" ? [{ id = var.resource_name_prefix }] : [] diff --git a/terraform/modules/policies/variables.tf b/terraform/modules/policies/variables.tf index cb332fc6..68311c2f 100644 --- a/terraform/modules/policies/variables.tf +++ b/terraform/modules/policies/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "tenancy_id" { @@ -192,3 +192,34 @@ variable "is_rms_private_endpoint_required" { type = bool description = "Set resource manager private endpoint" } + +variable "instance_image_id" { + type = string + description = "The OCID of the compute image used to create the WebLogic compute instances" + default = "" +} + +variable "configure_secure_mode" { + type = bool + description = "Set to true to configure a secure WebLogic domain" +} + +variable "keystore_password_id" { + type = string + description = "The OCID of the vault secret with the password for creating the keystore" +} + +variable "cert_compartment_id" { + type = string + description = "The OCID of the compartment where the certificate will be created. Leave it blank to use the network compartment for the certificate" +} + +variable "root_ca_compartment_id" { + type = string + description = "The OCID of the compartment where the root certificate authority exists" +} + +variable "wls_secondary_admin_password_id" { + type = string + description = "The OCID of the vault secret with the password for secondary WebLogic administration user" +} diff --git a/terraform/modules/validators/validators.tf b/terraform/modules/validators/validators.tf index d28d0c4d..e2c0e72a 100644 --- a/terraform/modules/validators/validators.tf +++ b/terraform/modules/validators/validators.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { @@ -60,4 +60,27 @@ locals { invalid_script_version = var.mode == "PROD" && var.tf_script_version == "" script_version_msg = "WLSC-ERROR: The value for tf script version cannot be empty. Please provide valid script version that matches with version on the image." validate_script_version = local.invalid_script_version ? local.validators_msg_map[local.script_version_msg] : null + + # Validations related to Secured Production Mode + missing_keystore_password_id = var.configure_secure_mode && var.keystore_password_id == "" + keystore_password_id_required_msg = "WLSC-ERROR: The value for keystore_password_id is required when enabling secured production mode." + validate_missing_keystore_password_id = local.missing_keystore_password_id ? local.validators_msg_map[local.keystore_password_id_required_msg] : null + + missing_root_ca_id = var.configure_secure_mode && var.root_ca_id == "" + root_ca_id_required_msg = "WLSC-ERROR: The value for root_ca_id is required when enabling secured production mode." + validate_missing_root_ca_id = local.missing_root_ca_id ? local.validators_msg_map[local.root_ca_id_required_msg] : null + + missing_wls_secondary_admin_password_id = var.configure_secure_mode && var.wls_secondary_admin_password_id == "" + missing_wls_secondary_admin_password_id_required_msg = "WLSC-ERROR: The value for wls_secondary_admin_password_id is required when enabling secured production mode" + invalid_wls_secondary_admin_password_id = var.configure_secure_mode && length(regexall("^ocid1.vaultsecret.", var.wls_secondary_admin_password_id)) <= 0 + invalid_wls_secondary_admin_password_id_required_msg = "WLSC-ERROR: The value for wls_secondary_admin_password_id should start with \"ocid1.vaultsecret.\"" + validate_wls_secondary_admin_password_id = local.missing_wls_secondary_admin_password_id ? local.validators_msg_map[local.missing_wls_secondary_admin_password_id_required_msg] : (local.invalid_wls_secondary_admin_password_id ? local.validators_msg_map[local.invalid_wls_secondary_admin_password_id_required_msg] : null) + + invalid_administration_ports = var.configure_secure_mode && var.administration_port == var.ms_administration_port + invalid_administration_ports_msg = "WLSC-ERROR: The value for administration_port=[${var.administration_port}] and ms_administration_port=[${var.ms_administration_port}] cannot be same." + validate_administration_ports = local.invalid_administration_ports ? local.validators_msg_map[local.invalid_administration_ports_msg] : null + + invalid_jrf_12c_secure_mode = var.configure_secure_mode && (var.is_oci_db || var.is_atp_db || trimspace(var.oci_db_connection_string) != "") + invalid_jrf_12c_secure_mode_msg = "WLSC-ERROR: JRF domain is not supported for FMW 12c version in secured production mode." + validate_jrf_12c_secure_mode = local.invalid_jrf_12c_secure_mode ? local.validators_msg_map[local.invalid_jrf_12c_secure_mode_msg] : "" } diff --git a/terraform/modules/validators/variables.tf b/terraform/modules/validators/variables.tf index db7c260a..91cd2497 100644 --- a/terraform/modules/validators/variables.tf +++ b/terraform/modules/validators/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024 Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "compartment_id" { @@ -533,3 +533,34 @@ variable "tf_script_version" { type = string description = "The version of the provisioning scripts located in the OCI image used to create the WebLogic compute instances" } + +# All variables under this comment belong to secured production mode +variable "configure_secure_mode" { + type = bool + description = "Set to true to configure a secure WebLogic domain" +} + +variable "keystore_password_id" { + type = string + description = "The OCID of the vault secret with the password for creating the keystore" +} + +variable "root_ca_id" { + type = string + description = "The OCID of the existing root certificate authority to issue the certificates" +} + +variable "wls_secondary_admin_password_id" { + type = string + description = "The OCID of the vault secret with the password for secondary WebLogic administration user" +} + +variable "administration_port" { + type = number + description = "The domain-wide administration port to configure a secure WebLogic domain" +} + +variable "ms_administration_port" { + type = number + description = "The administration port for managed servers to configure a secure WebLogic domain" +} \ No newline at end of file diff --git a/terraform/outputs.tf b/terraform/outputs.tf index 48908a34..0d9071b5 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. output "virtual_cloud_network_id" { @@ -58,6 +58,10 @@ output "weblogic_version" { ) } +output "webLogic_server_domain_configuration" { + value = local.wls_domain_configuration +} + output "weblogic_server_administration_console" { value = local.admin_console_app_url } diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 697c4e47..2944e121 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. title: Oracle WebLogic Server for Oracle Cloud Infrastructure @@ -20,6 +20,7 @@ groupings: - ${use_apm_service} - ${use_autoscaling} - ${add_fss} + - ${configure_secure_mode} - title: "Virtual Cloud Networking" variables: @@ -36,8 +37,15 @@ groupings: - title: "WebLogic Domain Configuration" variables: - ${wls_admin_user} + - ${wls_primary_admin_user} - ${wls_admin_secret_compartment_id} - ${wls_admin_password_id} + - ${wls_secondary_admin_user} + - ${wls_secondary_admin_password_id} + - ${keystore_password_id} + - ${root_ca_id} + - ${cert_compartment_id} + - ${preserve_boot_properties} - ${add_JRF} #Start of JRF fields - ${db_strategy} @@ -68,11 +76,13 @@ groupings: #End of JRF fields - ${deploy_sample_app} - ${wls_server_startup_args} + - ${thread_pool_limit} - ${configure_wls_ports} + - ${administration_port} + - ${ms_administration_port} - ${wls_nm_port} - ${wls_extern_admin_port} - ${wls_extern_ssl_admin_port} - - ${wls_cluster_mc_port} - ${wls_ms_extern_port} - ${wls_ms_extern_ssl_port} - ${allow_manual_domain_extension} @@ -470,11 +480,16 @@ variables: required: true wls_admin_user: - visible: ${orm_create_mode} + visible: + and: + - ${orm_create_mode} + - not: + - ${configure_secure_mode} type: string title: "WebLogic Server Admin User Name" - description: "The name of the administrator in the WebLogic Server domain" + description: "The name of the administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters." pattern: "^[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "weblogic" minLength: 8 maxLength: 128 required: true @@ -520,6 +535,8 @@ variables: and: - ${orm_create_mode} - ${configure_wls_ports} + - not: + - ${configure_secure_mode} type: integer default: 7001 minimum: 1024 @@ -534,6 +551,8 @@ variables: and: - ${orm_create_mode} - ${configure_wls_ports} + - not: + - ${configure_secure_mode} type: integer default: 7002 minimum: 1024 @@ -543,25 +562,13 @@ variables: description: "The administration server SSL port on which to access the administration console" required: true - wls_cluster_mc_port: - visible: - and: - - ${orm_create_mode} - - ${configure_wls_ports} - type: integer - default: 5555 - minimum: 1024 - maximum: 65535 - multipleOf: 1 - title: "WebLogic Cluster Port" - description: "The managed server port on which to send heartbeats and other internal cluster traffic (not applicable for Standard Edition)" - required: true - wls_ms_extern_port: visible: and: - ${orm_create_mode} - ${configure_wls_ports} + - not: + - ${configure_secure_mode} type: integer default: 7003 minimum: 1024 @@ -772,6 +779,144 @@ variables: title: "Existing Network Security Groups" description: "Use existing Network Security Groups (NSG) for existing subnets" + # Secured Production Mode variables + configure_secure_mode: + visible: ${orm_create_mode} + type: boolean + required: true + default: false + title: "Enable Secured Production Mode" + description: "Configure a secure domain" + + preserve_boot_properties: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: boolean + required: true + default: false + title: "Preserve the boot.properties file for administration server and managed servers" + description: "Preserve the boot.properties file for administration server and managed servers. NOTE: Leaving this unchecked (false) will result in node manager being unable to revive servers if they are killed." + + administration_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - ${configure_secure_mode} + type: integer + default: 9002 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server domain-wide Administration Port" + description: "The domain-wide administration port to configure a secure WebLogic domain" + required: true + + ms_administration_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - ${configure_secure_mode} + type: integer + default: 9004 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "Administration Port for Managed Servers" + description: "The administration port for managed servers to configure a secure WebLogic domain" + required: true + + keystore_password_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: "oci:kms:secret:id" + minLength: 1 + maxLength: 1024 + required: true + title: "Validated Secret for Keystore password" + description: "The secret that contains the keystore password. To create secrets, see Create Secrets for Passwords." + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} + + root_ca_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + pattern: ^ocid1.certificateauthority.*$ + required: true + title: "Existing Root Certificate Authority ID" + description: "The OCID of the existing root certificate authority to issue the certificates" + + cert_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + - ${create_policies} + type: oci:identity:compartment:id + required: false + title: "Certificate Compartment" + description: "The compartment where you want to create the certificate" + default: ${network_compartment_id} + + thread_pool_limit: + visible: + and: + - ${orm_create_mode} + - and: + - ${configure_secure_mode} + type: string + default: 65536 + title: "Throttle the thread pool" + description: "Shared Capacity For Work Managers" + required: true + + wls_primary_admin_user: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + title: "WebLogic Server Admin User Name" + description: "The name of the primary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "wls_user" + minLength: 8 + maxLength: 128 + required: true + + wls_secondary_admin_user: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + title: "WebLogic Server Admin User Name" + description: "The name of the secondary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "wls_user_1" + minLength: 8 + maxLength: 128 + required: true + + wls_secondary_admin_password_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: "oci:kms:secret:id" + title: "Validated Secret for WebLogic Server Admin Password" + description: "The secret that contains the administration password of the secondary administrator in the WebLogic Server domain. Use a WebLogic Administrator password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters ($ # _). For example, Ach1z0#d. To create secrets, see Create Secrets for Passwords." + required: true + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} # WLS Network Configuration wls_vcn_name: @@ -1508,7 +1653,11 @@ variables: default: true add_JRF: - visible: ${orm_create_mode} + visible: + and: + - ${orm_create_mode} + - not: + - ${configure_secure_mode} type: boolean default: false title: "Provision with JRF" diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index 38d64823..39573878 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. title: Oracle WebLogic Server for Oracle Cloud Infrastructure @@ -20,6 +20,7 @@ groupings: - ${use_apm_service} - ${use_autoscaling} - ${add_fss} + - ${configure_secure_mode} - title: "Virtual Cloud Networking" variables: @@ -36,16 +37,25 @@ groupings: - title: "WebLogic Domain Configuration" variables: - ${wls_admin_user} + - ${wls_primary_admin_user} - ${wls_admin_secret_compartment_id} - ${wls_admin_password_id} + - ${wls_secondary_admin_user} + - ${wls_secondary_admin_password_id} + - ${keystore_password_id} + - ${root_ca_id} + - ${cert_compartment_id} + - ${preserve_boot_properties} - ${wls_14c_jdk_version} - ${deploy_sample_app} - ${wls_server_startup_args} + - ${thread_pool_limit} - ${configure_wls_ports} + - ${administration_port} + - ${ms_administration_port} - ${wls_nm_port} - ${wls_extern_admin_port} - ${wls_extern_ssl_admin_port} - - ${wls_cluster_mc_port} - ${wls_ms_extern_port} - ${wls_ms_extern_ssl_port} - ${allow_manual_domain_extension} @@ -468,11 +478,16 @@ variables: required: true wls_admin_user: - visible: ${orm_create_mode} + visible: + and: + - ${orm_create_mode} + - not: + - ${configure_secure_mode} type: string title: "WebLogic Server Admin User Name" - description: "The name of the administrator in the WebLogic Server domain" + description: "The name of the administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters." pattern: "^[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "weblogic" minLength: 8 maxLength: 128 required: true @@ -529,6 +544,8 @@ variables: and: - ${orm_create_mode} - ${configure_wls_ports} + - not: + - ${configure_secure_mode} type: integer default: 7001 minimum: 1024 @@ -543,6 +560,8 @@ variables: and: - ${orm_create_mode} - ${configure_wls_ports} + - not: + - ${configure_secure_mode} type: integer default: 7002 minimum: 1024 @@ -552,25 +571,13 @@ variables: description: "The administration server SSL port on which to access the administration console" required: true - wls_cluster_mc_port: - visible: - and: - - ${orm_create_mode} - - ${configure_wls_ports} - type: integer - default: 5555 - minimum: 1024 - maximum: 65535 - multipleOf: 1 - title: "WebLogic Cluster Port" - description: "The managed server port on which to send heartbeats and other internal cluster traffic (not applicable for Standard Edition)" - required: true - wls_ms_extern_port: visible: and: - ${orm_create_mode} - ${configure_wls_ports} + - not: + - ${configure_secure_mode} type: integer default: 7003 minimum: 1024 @@ -781,6 +788,144 @@ variables: title: "Existing Network Security Groups" description: "Use existing Network Security Groups (NSG) for existing subnets" + # Secured Production Mode variables + configure_secure_mode: + visible: ${orm_create_mode} + type: boolean + required: true + default: false + title: "Enable Secured Production Mode" + description: "Configure a secure domain" + + preserve_boot_properties: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: boolean + required: true + default: false + title: "Preserve the boot.properties file for administration server and managed servers" + description: "Preserve the boot.properties file for administration server and managed servers. NOTE: Leaving this unchecked (false) will result in node manager being unable to revive servers if they are killed." + + administration_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - ${configure_secure_mode} + type: integer + default: 9002 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server domain-wide Administration Port" + description: "The domain-wide administration port to configure a secure WebLogic domain" + required: true + + ms_administration_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - ${configure_secure_mode} + type: integer + default: 9004 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "Administration Port for Managed Servers" + description: "The administration port for managed servers to configure a secure WebLogic domain" + required: true + + keystore_password_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: "oci:kms:secret:id" + minLength: 1 + maxLength: 1024 + required: true + title: "Validated Secret for Keystore password" + description: "The secret that contains the keystore password. To create secrets, see Create Secrets for Passwords." + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} + + root_ca_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + pattern: ^ocid1.certificateauthority.*$ + required: true + title: "Existing Root Certificate Authority ID" + description: "The OCID of the existing root certificate authority to issue the certificates" + + cert_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + - ${create_policies} + type: oci:identity:compartment:id + required: false + title: "Certificate Compartment" + description: "The compartment where you want to create the certificate" + default: ${network_compartment_id} + + thread_pool_limit: + visible: + and: + - ${orm_create_mode} + - and: + - ${configure_secure_mode} + type: string + default: 65536 + title: "Throttle the thread pool" + description: "Shared Capacity For Work Managers" + required: true + + wls_primary_admin_user: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + title: "WebLogic Server Admin User Name" + description: "The name of the primary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "wls_user" + minLength: 8 + maxLength: 128 + required: true + + wls_secondary_admin_user: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + title: "WebLogic Server Admin User Name" + description: "The name of the secondary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "wls_user_1" + minLength: 8 + maxLength: 128 + required: true + + wls_secondary_admin_password_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: "oci:kms:secret:id" + title: "Validated Secret for WebLogic Server Admin Password" + description: "The secret that contains the administration password of the secondary administrator in the WebLogic Server domain. Use a WebLogic Administrator password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters ($ # _). For example, Ach1z0#d. To create secrets, see Create Secrets for Passwords." + required: true + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} # WLS Network Configuration wls_vcn_name: diff --git a/terraform/weblogic_variables.tf b/terraform/weblogic_variables.tf index 44bd303a..95a60e9a 100644 --- a/terraform/weblogic_variables.tf +++ b/terraform/weblogic_variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "wls_version" { @@ -106,6 +106,7 @@ variable "wls_admin_ssl_port" { error_message = "WLSC-ERROR: The value for wls_admin_ssl_port should be greater than 0." } } + variable "wls_expose_admin_port" { type = bool description = "[WARNING] Selecting this option will expose the console to the internet if the default 0.0.0.0/0 CIDR is used. You should change the CIDR range below to allow access to a trusted IP range." @@ -165,16 +166,6 @@ variable "wls_extern_admin_port" { } } -variable "wls_cluster_mc_port" { - type = number - description = "The managed server port on which to send heartbeats and other internal cluster traffic" - default = 5555 - validation { - condition = var.wls_cluster_mc_port > 0 - error_message = "WLSC-ERROR: The value for wls_cluster_mc_port should be greater than 0." - } -} - variable "wls_nm_port" { type = number description = "The listen port number for the node manager process on all compute instances" @@ -197,3 +188,77 @@ variable "deploy_sample_app" { default = true } +# All the variables under this comment belong to Secured Production Mode +variable "configure_secure_mode" { + type = bool + description = "Set to true to configure a secure WebLogic domain" + default = false +} + +variable "preserve_boot_properties" { + type = bool + description = "Set to true to preserve the boot.properties file for administration server and managed servers" + default = "false" +} + +variable "keystore_password_id" { + type = string + description = "The OCID of the vault secret with the password for creating the keystore" + default = "" +} + +variable "root_ca_id" { + type = string + description = "The OCID of the existing root certificate authority to issue the certificates" + default = "" +} + +variable "cert_compartment_id" { + type = string + description = "The OCID of the compartment where the certificate will be created. Leave it blank to use the network compartment for the certificate" + default = "" +} + +variable "administration_port" { + type = number + description = "The domain-wide administration port to configure a secure WebLogic domain" + default = 9002 +} + +variable "ms_administration_port" { + type = number + description = "The administration port for managed servers to configure a secure WebLogic domain" + default = 9004 +} + +variable "thread_pool_limit" { + type = number + description = "Shared Capacity For Work Managers" + default = 65536 +} + +variable "wls_primary_admin_user" { + type = string + description = "Name of primary WebLogic administration user" + default = "wls_user" + validation { + condition = replace(var.wls_primary_admin_user, "/^[a-zA-Z][a-zA-Z0-9_-]{7,127}/", "0") == "0" && !contains(["system", "admin", "administrator", "weblogic"], var.wls_primary_admin_user) + error_message = "WLSC-ERROR: The value for wls_primary_admin_user should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + } +} + +variable "wls_secondary_admin_user" { + type = string + description = "Name of secondary WebLogic administration user" + default = "wls_user_1" + validation { + condition = replace(var.wls_secondary_admin_user, "/^[a-zA-Z][a-zA-Z0-9_-]{7,127}/", "0") == "0" && !contains(["system", "admin", "administrator", "weblogic"], var.wls_secondary_admin_user) + error_message = "WLSC-ERROR: The value for wls_secondary_admin_user should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + } +} + +variable "wls_secondary_admin_password_id" { + type = string + description = "The OCID of the vault secret with the password for secondary WebLogic administration user" + default = "" +} \ No newline at end of file From 74f0fe602e5852bc34f5c40df4807c0fd5a8b91c Mon Sep 17 00:00:00 2001 From: Mahuwa Barman <106961326+Mahuwa-Barman@users.noreply.github.com> Date: Tue, 2 Jul 2024 10:27:01 +0530 Subject: [PATCH 23/61] Open node manager port in managed server NSG (#273) Open node manager port in managed server NSG image **Tested 5 node provisioning in secure mode & non-secure mode. updateDomain.sh shows no error in provisioning logs** image image --- terraform/main.tf | 1 + .../network/vcn-config/nsg_security_rule.tf | 17 +++++++++++++++++ .../modules/network/vcn-config/variables.tf | 5 +++++ 3 files changed, 23 insertions(+) diff --git a/terraform/main.tf b/terraform/main.tf index 12460dc7..1c06732d 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -67,6 +67,7 @@ module "network-vcn-config" { wls_admin_port_source_cidr = var.wls_admin_port_source_cidr wls_ms_content_port = local.add_load_balancer ? (var.is_idcs_selected ? var.idcs_cloudgate_port : (var.configure_secure_mode ? var.wls_ms_extern_ssl_port : var.wls_ms_extern_port)) : var.wls_ms_extern_ssl_port assign_backend_public_ip = local.assign_weblogic_public_ip + wls_nm_port = var.wls_nm_port configure_secure_mode = var.configure_secure_mode administration_port = var.administration_port diff --git a/terraform/modules/network/vcn-config/nsg_security_rule.tf b/terraform/modules/network/vcn-config/nsg_security_rule.tf index cadaeb9c..87318654 100644 --- a/terraform/modules/network/vcn-config/nsg_security_rule.tf +++ b/terraform/modules/network/vcn-config/nsg_security_rule.tf @@ -71,6 +71,23 @@ resource "oci_core_network_security_group_security_rule" "wls_ingress_internal_s stateless = false } +resource "oci_core_network_security_group_security_rule" "wls_ingress_nm_security_rule" { + network_security_group_id = element(var.nsg_ids["managed_nsg_id"], 0) + direction = "INGRESS" + protocol = "6" + + source = var.wls_subnet_cidr + source_type = "CIDR_BLOCK" + stateless = false + + tcp_options { + destination_port_range { + min = var.wls_nm_port + max = var.wls_nm_port + } + } +} + resource "oci_core_network_security_group_security_rule" "wls_ingress_internal_security_rule_secure_mode" { count = var.configure_secure_mode ? 1 : 0 network_security_group_id = element(var.nsg_ids["managed_nsg_id"], 0) diff --git a/terraform/modules/network/vcn-config/variables.tf b/terraform/modules/network/vcn-config/variables.tf index 68abaca4..683e672c 100644 --- a/terraform/modules/network/vcn-config/variables.tf +++ b/terraform/modules/network/vcn-config/variables.tf @@ -206,6 +206,11 @@ variable "add_existing_mount_target" { default = false } +variable "wls_nm_port" { + type = number + description = "The listen port number for the node manager process on all compute instances" +} + variable "configure_secure_mode" { type = bool description = "Set to true to configure a secure WebLogic domain" From 89b827ba6a9b3c6b3a0efabecde695710e1cf3d0 Mon Sep 17 00:00:00 2001 From: Mahuwa Barman <106961326+Mahuwa-Barman@users.noreply.github.com> Date: Tue, 2 Jul 2024 19:58:19 +0530 Subject: [PATCH 24/61] Open managed server administration port in managed server nsg (#274) This PR is to open managed server administration port in managed server nsg in secure mode image --- terraform/main.tf | 1 + .../network/vcn-config/nsg_security_rule.tf | 20 ++++++++++++++++++- .../modules/network/vcn-config/variables.tf | 5 +++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 1c06732d..31daa467 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -70,6 +70,7 @@ module "network-vcn-config" { wls_nm_port = var.wls_nm_port configure_secure_mode = var.configure_secure_mode administration_port = var.administration_port + ms_administration_port = var.ms_administration_port wls_subnet_cidr = local.wls_subnet_cidr wls_ms_source_cidrs = local.add_load_balancer ? [local.lb_subnet_1_subnet_cidr] : ["0.0.0.0/0"] diff --git a/terraform/modules/network/vcn-config/nsg_security_rule.tf b/terraform/modules/network/vcn-config/nsg_security_rule.tf index 87318654..90e82f6c 100644 --- a/terraform/modules/network/vcn-config/nsg_security_rule.tf +++ b/terraform/modules/network/vcn-config/nsg_security_rule.tf @@ -88,7 +88,7 @@ resource "oci_core_network_security_group_security_rule" "wls_ingress_nm_securit } } -resource "oci_core_network_security_group_security_rule" "wls_ingress_internal_security_rule_secure_mode" { +resource "oci_core_network_security_group_security_rule" "wls_ingress_administration_port_secure_mode" { count = var.configure_secure_mode ? 1 : 0 network_security_group_id = element(var.nsg_ids["managed_nsg_id"], 0) direction = "INGRESS" @@ -106,6 +106,24 @@ resource "oci_core_network_security_group_security_rule" "wls_ingress_internal_s } } +resource "oci_core_network_security_group_security_rule" "wls_ingress_ms_administration_port_secure_mode" { + count = var.configure_secure_mode ? 1 : 0 + network_security_group_id = element(var.nsg_ids["managed_nsg_id"], 0) + direction = "INGRESS" + protocol = "6" + + source = var.wls_subnet_cidr + source_type = "CIDR_BLOCK" + stateless = false + + tcp_options { + destination_port_range { + min = var.ms_administration_port + max = var.ms_administration_port + } + } +} + resource "oci_core_network_security_group_security_rule" "wls_ingress_internal_ssl_security_rule_secure_mode" { count = var.configure_secure_mode ? 1 : 0 network_security_group_id = element(var.nsg_ids["managed_nsg_id"], 0) diff --git a/terraform/modules/network/vcn-config/variables.tf b/terraform/modules/network/vcn-config/variables.tf index 683e672c..154539e0 100644 --- a/terraform/modules/network/vcn-config/variables.tf +++ b/terraform/modules/network/vcn-config/variables.tf @@ -221,6 +221,11 @@ variable "administration_port" { description = "The domain-wide administration port to configure a secure WebLogic domain" } +variable "ms_administration_port" { + type = number + description = "The administration port for managed servers to configure a secure WebLogic domain" +} + variable "wls_admin_ssl_port" { type = number description = "The administration server port for T3s protocol" From bef0f028a1b1af057da3a6e95ceac7f338d694a7 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati Date: Tue, 2 Jul 2024 09:02:34 -0700 Subject: [PATCH 25/61] Revert "JCS-14427: Add suggested actions for 409-PolicyAlreadyExists error in ORM job log (#254)" This reverts commit aa23c6c1860b4f4d7eaf0dda412fc471ef0c9fd1. --- terraform/modules/validators/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/validators/variables.tf b/terraform/modules/validators/variables.tf index 91cd2497..ab28d854 100644 --- a/terraform/modules/validators/variables.tf +++ b/terraform/modules/validators/variables.tf @@ -563,4 +563,4 @@ variable "administration_port" { variable "ms_administration_port" { type = number description = "The administration port for managed servers to configure a secure WebLogic domain" -} \ No newline at end of file +} From 7d6840fba0be83750eeae12b6f1406fdc7c2af87 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati Date: Tue, 2 Jul 2024 22:48:09 -0700 Subject: [PATCH 26/61] Revert "JCS-14427: Add suggested actions for 409-PolicyAlreadyExists error in ORM job log (#254)" This reverts commit aa23c6c1860b4f4d7eaf0dda412fc471ef0c9fd1. --- terraform/main.tf | 1 - terraform/modules/validators/policy_validators.tf | 14 -------------- terraform/modules/validators/variables.tf | 2 +- 3 files changed, 1 insertion(+), 16 deletions(-) delete mode 100644 terraform/modules/validators/policy_validators.tf diff --git a/terraform/main.tf b/terraform/main.tf index 5c64f975..31daa467 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -483,7 +483,6 @@ module "validators" { wls_secondary_admin_password_id = local.wls_secondary_admin_password_id administration_port = var.administration_port ms_administration_port = var.ms_administration_port - tenancy_id = var.tenancy_ocid } module "fss" { diff --git a/terraform/modules/validators/policy_validators.tf b/terraform/modules/validators/policy_validators.tf deleted file mode 100644 index 02ea9275..00000000 --- a/terraform/modules/validators/policy_validators.tf +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2024 Oracle and/or its affiliates. -# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. - -data "oci_identity_policies" "existing_policies" { - compartment_id = var.tenancy_id -} - -locals { - policy_name = var.create_policies ? "${var.service_name}-oci-policy" : "" - existing_policy_names = var.create_policies ? [for policy in data.oci_identity_policies.existing_policies.policies : policy.name] : [] - policy_already_exists = var.create_policies ? contains(local.existing_policy_names, local.policy_name) : false - policy_already_exists_msg = "WLSC-ERROR: Policy with name ${local.policy_name} already exists. Suggested Actions: It appears that another policy with the same name already exists. This could be because you have previously provisioned a stack with the same resource name prefix. If you no longer need the previous stack, please destroy and delete it so that all the resources are cleaned up or else you can provision again with a different resource name prefix. If you have already deleted the stack, delete the policy ${local.policy_name}." - validate_policy_name_is_not_already_used = var.create_policies && local.policy_already_exists ? local.validators_msg_map[local.policy_already_exists_msg] : null -} \ No newline at end of file diff --git a/terraform/modules/validators/variables.tf b/terraform/modules/validators/variables.tf index ab28d854..88212826 100644 --- a/terraform/modules/validators/variables.tf +++ b/terraform/modules/validators/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "compartment_id" { From 5a7050324771181707203cc9ea34f1c189d8d99a Mon Sep 17 00:00:00 2001 From: Mahuwa Barman <106961326+Mahuwa-Barman@users.noreply.github.com> Date: Wed, 3 Jul 2024 19:49:11 +0530 Subject: [PATCH 27/61] Update title for wls secondary admin user (#278) --- terraform/schema.yaml | 2 +- terraform/schema_14110.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 2944e121..70bba341 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -898,7 +898,7 @@ variables: - ${orm_create_mode} - ${configure_secure_mode} type: string - title: "WebLogic Server Admin User Name" + title: "Additional WebLogic Server Admin User Name" description: "The name of the secondary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" default: "wls_user_1" diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index 39573878..6877e674 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -907,7 +907,7 @@ variables: - ${orm_create_mode} - ${configure_secure_mode} type: string - title: "WebLogic Server Admin User Name" + title: "Additional WebLogic Server Admin User Name" description: "The name of the secondary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" default: "wls_user_1" From 44085b3785cb9f6ea710a85a8a06455e20bda295 Mon Sep 17 00:00:00 2001 From: Adrian Padilla Duarte Date: Wed, 3 Jul 2024 08:21:26 -0600 Subject: [PATCH 28/61] Add new flag for autoscaling alarm state defaulted to true (#277) The monitoring alarm is being created as enabled only when the option "Create OCI policies" checkbox is selected. The problem seems to be in monitoring_alarms.tf line 11 because the flag "is_enabled" is associated directly to var.create_policies which doesn't make sense. This PR is to add a new variable independent to var.create_policies so when customer clear the "Create OCI policies" checkbox the alarms created for autoscaling remain enabled. This option is intentionally hidden to the customer as we don't have a use case for customers to create autoscaling with disabled alarms and these are defaulted to true. The variables are configured in case of advanced customers who may want to customize the stack can easily override those variables. Testing with OCI Checkbox enabled: - Verify new variable is not shown in ORM UI. **12.2.1.4** ![345111004-d5f0e922-7f4f-4300-8d04-ca16f03dd73c](https://github.com/oracle-quickstart/oci-weblogic-server/assets/44181317/490e30e1-a844-4ad8-9418-a98f7f7d16e5) **14.1.1** image Usually undefined variables are shown at the bottom, this image is evidence that new variable is hidden from customer and default value (true) is used. - Verify that provisioning succeed with OCI policy checkbox enabled and when autosacling is enabled alarms are enabled after provisioning ![345111695-9cd6395d-ccc1-439e-8ab7-31f498a31e0d](https://github.com/oracle-quickstart/oci-weblogic-server/assets/44181317/d43eef16-d2cf-438b-979b-30b0841d8f86) ![345111870-864383e0-e987-416b-a2c0-44251b024c1f](https://github.com/oracle-quickstart/oci-weblogic-server/assets/44181317/779cc653-aa9a-452a-9d04-38199d29730b) - Verify that provisioning succeed with OCI policy checkbox disabled and when autosacling is enabled alarms are enabled after provisioning ![345112076-4af137ca-707c-4f82-b977-7d73c0389cd9-1](https://github.com/oracle-quickstart/oci-weblogic-server/assets/44181317/a97ff757-5af2-4453-b2e0-56e4fbcaed34) ![345112160-0c45d6ef-8037-49b9-8cd0-6886ac7dd9f5](https://github.com/oracle-quickstart/oci-weblogic-server/assets/44181317/b9915eb2-979f-4cfb-a4a3-4654f52ad5f3) --------- Co-authored-by: Mahuwa-Barman --- terraform/autoscaling_variables.tf | 8 +++++++- terraform/main.tf | 2 ++ .../observability/autoscaling/monitoring_alarms.tf | 6 +++--- terraform/modules/observability/autoscaling/variables.tf | 8 +++++++- terraform/schema.yaml | 1 + terraform/schema_14110.yaml | 1 + 6 files changed, 21 insertions(+), 5 deletions(-) diff --git a/terraform/autoscaling_variables.tf b/terraform/autoscaling_variables.tf index 47e8c2f1..a7fc75d1 100644 --- a/terraform/autoscaling_variables.tf +++ b/terraform/autoscaling_variables.tf @@ -1,6 +1,12 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. +variable "enable_autoscaling_alarms" { + type = bool + description = "Indicating autoscaling alarms state" + default = true +} + variable "use_autoscaling" { type = bool description = "Indicating that autoscaling is enabled" diff --git a/terraform/main.tf b/terraform/main.tf index 31daa467..8dfce67f 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -580,6 +580,8 @@ module "observability-autoscaling" { create_policies = var.create_policies use_oci_logging = var.use_oci_logging + enable_autoscaling_alarms = var.enable_autoscaling_alarms + tags = { defined_tags = local.defined_tags freeform_tags = local.free_form_tags diff --git a/terraform/modules/observability/autoscaling/monitoring_alarms.tf b/terraform/modules/observability/autoscaling/monitoring_alarms.tf index bf31b2bd..ab3a8cb0 100644 --- a/terraform/modules/observability/autoscaling/monitoring_alarms.tf +++ b/terraform/modules/observability/autoscaling/monitoring_alarms.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. resource "oci_monitoring_alarm" "wlsc_scaleout_monitoring_alarm" { @@ -8,7 +8,7 @@ resource "oci_monitoring_alarm" "wlsc_scaleout_monitoring_alarm" { body = local.alarm_body[format("%s ScaleOut", var.wls_metric)] destinations = formatlist(oci_ons_notification_topic.wlsc_scaleout_notification_topic.id) display_name = format("%s_scaleout_monitoring_alarm", var.service_prefix_name) - is_enabled = var.create_policies + is_enabled = var.enable_autoscaling_alarms metric_compartment_id = var.metric_compartment_id namespace = var.alarm_namspace query = local.alarm_mql_map[format("%s ScaleOut", var.wls_metric)] @@ -34,7 +34,7 @@ resource "oci_monitoring_alarm" "wlsc_scalein_monitoring_alarm" { body = local.alarm_body[format("%s ScaleOut", var.wls_metric)] destinations = formatlist(oci_ons_notification_topic.wlsc_scalein_notification_topic.id) display_name = format("%s_scalein_monitoring_alarm", var.service_prefix_name) - is_enabled = var.create_policies + is_enabled = var.enable_autoscaling_alarms metric_compartment_id = var.metric_compartment_id namespace = var.alarm_namspace query = local.alarm_mql_map[format("%s ScaleIn", var.wls_metric)] diff --git a/terraform/modules/observability/autoscaling/variables.tf b/terraform/modules/observability/autoscaling/variables.tf index 5af43e5a..ddd8bda3 100644 --- a/terraform/modules/observability/autoscaling/variables.tf +++ b/terraform/modules/observability/autoscaling/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "compartment_id" { @@ -130,3 +130,9 @@ variable "use_oci_logging" { description = "Enable logging service integration for WebLogic instances" default = false } + +variable "enable_autoscaling_alarms" { + type = bool + description = "Indicating autoscaling alarms state" + default = true +} \ No newline at end of file diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 70bba341..baf751b0 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -226,6 +226,7 @@ groupings: - ${wls_expose_admin_port} - ${mount_path} - ${alarm_severity} + - ${enable_autoscaling_alarms} - ${ocir_region} - ${ucm_instance_image_id} - ${ucm_listing_id} diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index 6877e674..9c5b40cb 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -224,6 +224,7 @@ groupings: - ${oci_db_connection_string} - ${use_oci_db_connection_string} - ${alarm_severity} + - ${enable_autoscaling_alarms} - ${ocir_region} - ${ucm_instance_image_id} - ${ucm_listing_id} From 5b8587eb6be963cd383b5d46b9c80b2fe66935af Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Mon, 8 Jul 2024 20:07:32 -0700 Subject: [PATCH 29/61] Topic sk uptake mp 24.2.3 (#279) uptake new mp values Co-authored-by: Sarada Kommalapati --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 434bdda4..8464851b 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240510214529" +tf_script_version = "24.2.3-240707011339" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa44h6iv2n3mgzjej26juwoxiceb274xghl7h444nwvft2yzsfxo5a" +listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaasq3vlogcg2t7oisib2mabio6vdxdp5d4jwu5r4gauwmyomfolekq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaapv6ojtnwlo4kbjd57ewzqca3jyepcebrwjitva2pxo7d3b3ecnfq" +ucm_listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa63nrqjyfkdg3jz4tlznzfhp6fijw3tpr46bfkw62sbmjbtbgqxsq" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index be08d545..4396c65b 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240510214529" +tf_script_version = "24.2.3-240707011339" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaapv6ojtnwlo4kbjd57ewzqca3jyepcebrwjitva2pxo7d3b3ecnfq" +listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa63nrqjyfkdg3jz4tlznzfhp6fijw3tpr46bfkw62sbmjbtbgqxsq" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 7bc95acf..69a4dddb 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240510214529" +tf_script_version = "24.2.3-240707011339" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaac6cfkwfyuzjwk7q37tn3mslfkszpnrojnb2nezwy4oy77zoan4uq" +listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaanmermunglaaloxxegvf7s4c6kzw3zkmcsiohofkwdibwboaemfaq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 4b36ec57..9712deb3 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240510214529" +tf_script_version = "24.2.3-240707011339" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaahybonu5hsryaqvsnoj6mqhtgbrphfal7ujvezi356rxyhjbq7f3a" +listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaszrageu5qmeokprhmah7uawrzryx2gwovieayznk4rs2na6ibbgq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaor56fbh7brlzxqnjeaa3lcii5e2w5l3ghxru53scrlawqodaqnbq" +ucm_listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaahgwa3lpwiqrxlsue7dymzh3yblajmdpsylrlzxsiff2oln3ychgq" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 496b5459..34e6f4a9 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.1-240510214529" +tf_script_version = "24.2.3-240707011339" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "24.2.1-ol8.8-23.12.13-240510-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaor56fbh7brlzxqnjeaa3lcii5e2w5l3ghxru53scrlawqodaqnbq" +listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaahgwa3lpwiqrxlsue7dymzh3yblajmdpsylrlzxsiff2oln3ychgq" From aa5d522eaa77cc1b84f5e589e4e1f1a2c41a92ba Mon Sep 17 00:00:00 2001 From: telake Date: Mon, 15 Jul 2024 07:17:10 -0700 Subject: [PATCH 30/61] JCS-14499 - Use the latest IDCS appgateway 23.4.44 (#282) Update IDCS appgateway to 23.4.44-2310291619. This container image version in 23.4.44 changed to idcs-appgateway-docker. Tested multi-node 12.2.1.4 and 14.1.1.0 in secured production mode and non-secured production mode by accessing IDCS sample app. --- terraform/modules/compute/wls_compute/idcs_variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/modules/compute/wls_compute/idcs_variables.tf b/terraform/modules/compute/wls_compute/idcs_variables.tf index ef0c07ef..22432ac9 100644 --- a/terraform/modules/compute/wls_compute/idcs_variables.tf +++ b/terraform/modules/compute/wls_compute/idcs_variables.tf @@ -74,19 +74,19 @@ variable "idcs_cloudgate_config_file" { variable "idcs_cloudgate_docker_image_tar" { type = string description = "Path of the binary file with the container image to run IDCS cloudgate container in the WebLogic VM" - default = "/u01/zips/jcs/app_gateway_docker/21.2.2/app-gateway-docker-image.tar.gz" + default = "/u01/zips/jcs/app_gateway_docker/23.4.44/app-gateway-docker-image.tar.gz" } variable "idcs_cloudgate_docker_image_version" { type = string description = "Version of the container image to run IDCS cloudgate container in the WebLogic VM" - default = "21.2.2-2105050509" + default = "23.4.44-2310291619" } variable "idcs_cloudgate_docker_image_name" { type = string description = "Name of the container image to run IDCS cloudgate container in the WebLogic VM" - default = "idcs/idcs-appgateway" + default = "idcs-appgateway-docker" } variable "lbip" { From 403da90fcd3e31106c9f1cc49bea09215b79c2a0 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Fri, 19 Jul 2024 00:26:30 -0500 Subject: [PATCH 31/61] Topi sk uptake mp 24.3.1 (#283) Uptake 24.3.1 mp values. Co-authored-by: Sarada Kommalapati --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 8464851b..192c0bc0 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.3-240707011339" +tf_script_version = "24.3.1-240717203601" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaasq3vlogcg2t7oisib2mabio6vdxdp5d4jwu5r4gauwmyomfolekq" +listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaauga63jzbyefbqtjeboszo27r4afg7j4axp4cif5in6azshnlc6yq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa63nrqjyfkdg3jz4tlznzfhp6fijw3tpr46bfkw62sbmjbtbgqxsq" +ucm_listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaelqj7qwwrggbhlfxzpa4qhmojpnhcycwml2e2lwsksmov3dh77hq" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 4396c65b..d1ca49fc 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.3-240707011339" +tf_script_version = "24.3.1-240717203601" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa63nrqjyfkdg3jz4tlznzfhp6fijw3tpr46bfkw62sbmjbtbgqxsq" +listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaelqj7qwwrggbhlfxzpa4qhmojpnhcycwml2e2lwsksmov3dh77hq" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 69a4dddb..1483cb85 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.3-240707011339" +tf_script_version = "24.3.1-240717203601" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaanmermunglaaloxxegvf7s4c6kzw3zkmcsiohofkwdibwboaemfaq" +listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaasy6a25lbasdgoosem52sgtsxcd3ma7b7xfiuvq3jzryecoc4bhiq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 9712deb3..98a4ed75 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.3-240707011339" +tf_script_version = "24.3.1-240717203601" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaszrageu5qmeokprhmah7uawrzryx2gwovieayznk4rs2na6ibbgq" +listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaqe6spyz6djfxr37asosv2sxgsdanvft3py444szbrpffr74vvb5a" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaahgwa3lpwiqrxlsue7dymzh3yblajmdpsylrlzxsiff2oln3ychgq" +ucm_listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa72qjwyo4nzhddmi6bs62mj22zc3jk6enflqpav3bfh2ll4gongja" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 34e6f4a9..9a6298ac 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.2.3-240707011339" +tf_script_version = "24.3.1-240717203601" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "24.2.3-ol8.8-23.12.13-240707-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaahgwa3lpwiqrxlsue7dymzh3yblajmdpsylrlzxsiff2oln3ychgq" +listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa72qjwyo4nzhddmi6bs62mj22zc3jk6enflqpav3bfh2ll4gongja" From 463cf3aaebe1ba1c1944dd0b893c1cf51646cfae Mon Sep 17 00:00:00 2001 From: telake Date: Mon, 26 Aug 2024 07:09:48 -0700 Subject: [PATCH 32/61] JCS-14582 - Manage instances in dynamic group policies (#286) JCS-14582 - WLS for OCI dynamic group policy for instances does not allow volumes to be added to the instance. This causes issues for cloning scripts when volumes need to be added and removed from the instances using the OCI API. Verified by creating a WLS for OCI instance with "OCI Polcies" checkbox enabled and cloning that instance. --- terraform/modules/policies/locals.tf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index bcb12c85..67141da0 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -11,8 +11,10 @@ locals { oci_db_connection_string = trimspace(var.oci_db.oci_db_connection_string) is_oci_db = var.oci_db.is_oci_db || local.oci_db_connection_string != "" - # This policy with "use instances" verb is needed because there is code in the WebLogic for OCI compute image that updates metadata of the compute instance, when more than one VM nodes are created - core_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use instances in compartment id ${var.compartment_id}" + # This policy with "manage instances" verb is needed for 2 reasons: + # 1. "use" is needed because there is code in the WebLogic for OCI compute image that updates metadata of the compute instance, when more than one VM node is created. + # 2. "manage" is needed for cloning scenarios where volumes need to be added. + core_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage instances in compartment id ${var.compartment_id}" core_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage volumes in compartment id ${var.compartment_id}" core_policy_statement3 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage volume-attachments in compartment id ${var.compartment_id}" # These policy statements are required to register Compute instances with the OS Management service From ff82cf55004e7f6a0e0bbb950ff3b167c2e92584 Mon Sep 17 00:00:00 2001 From: telake Date: Mon, 26 Aug 2024 07:10:12 -0700 Subject: [PATCH 33/61] JCS-14565 - Default is_rms_private_endpoint_required to true (#285) Set is_rms_private_endpoint_required to true by so CLI users do not have to set this to false. Since a true value is only relevant to ORM execution the default of true was causing issues for CLI users. Verified that default value of false in terraform while ORM UI YAMLs have a default true does not cause any regressions. --- terraform/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/variables.tf b/terraform/variables.tf index d501760f..cb222542 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -123,8 +123,8 @@ variable "tf_script_version" { variable "is_rms_private_endpoint_required" { type = bool - description = "Set resource manager private endpoint. Default value is true" - default = true + description = "Set resource manager private endpoint. Default value is false" + default = false } variable "add_rms_private_endpoint" { From f9dfffd773e2a91941e55930fa95f062cc3aa640 Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Wed, 28 Aug 2024 21:33:17 -0700 Subject: [PATCH 34/61] Update 24.3.2 mp files. (#287) Uptake mp values. Co-authored-by: Sarada Kommalapati --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 192c0bc0..cc283adf 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.1-240717203601" +tf_script_version = "24.3.2-240826233830" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaauga63jzbyefbqtjeboszo27r4afg7j4axp4cif5in6azshnlc6yq" +listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaao25ncdtg7yezjprzgd56d6j7gxuen3cczemnoegs7lgaihjy5gba" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaelqj7qwwrggbhlfxzpa4qhmojpnhcycwml2e2lwsksmov3dh77hq" +ucm_listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaasbest4ysvkitc6bp27klwflg3zfbz5hb637htezsovaqivkk72qa" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index d1ca49fc..bf8349be 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.1-240717203601" +tf_script_version = "24.3.2-240826233830" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaelqj7qwwrggbhlfxzpa4qhmojpnhcycwml2e2lwsksmov3dh77hq" +listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaasbest4ysvkitc6bp27klwflg3zfbz5hb637htezsovaqivkk72qa" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 1483cb85..e7a27029 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.1-240717203601" +tf_script_version = "24.3.2-240826233830" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaasy6a25lbasdgoosem52sgtsxcd3ma7b7xfiuvq3jzryecoc4bhiq" +listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaatbgtdelzzk6fvyf4l23do34udyjejtby2tzxj7nzaswn2slznsxq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 98a4ed75..98e1c977 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.1-240717203601" +tf_script_version = "24.3.2-240826233830" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaqe6spyz6djfxr37asosv2sxgsdanvft3py444szbrpffr74vvb5a" +listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa2kfgmx6pu7qjl4pgno2x64hau4dj5lfvteimh2ibqajdlvqxjeaa" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa72qjwyo4nzhddmi6bs62mj22zc3jk6enflqpav3bfh2ll4gongja" +ucm_listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaauu7t5rihkowgsfimkdqrlyg46w24ri2bae4bgvsypbemhcewe6eq" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 9a6298ac..1bc6980e 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.1-240717203601" +tf_script_version = "24.3.2-240826233830" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "24.3.1-ol8.8-23.12.13-240717-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa72qjwyo4nzhddmi6bs62mj22zc3jk6enflqpav3bfh2ll4gongja" +listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaauu7t5rihkowgsfimkdqrlyg46w24ri2bae4bgvsypbemhcewe6eq" From 17b65b9c4edf492acf3a2753d57940da1b978769 Mon Sep 17 00:00:00 2001 From: srjanaki Date: Fri, 18 Oct 2024 10:31:48 -0700 Subject: [PATCH 35/61] uptake oct psu (#289) uptake oct psus to all 5 images --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index cc283adf..2dd598b9 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.2-240826233830" +tf_script_version = "24.4.1-241017053318" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaao25ncdtg7yezjprzgd56d6j7gxuen3cczemnoegs7lgaihjy5gba" +listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa42huy5647ywxakme23tq4m4a2pplwnjtkger2qlsdabb7og65xlq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaasbest4ysvkitc6bp27klwflg3zfbz5hb637htezsovaqivkk72qa" +ucm_listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaak2mrnmdiv2g4yc37vq6dhxiswtuuc4sn4543meowfvbntnepcpna" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index bf8349be..8f8dc3a2 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.2-240826233830" +tf_script_version = "24.4.1-241017053318" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaasbest4ysvkitc6bp27klwflg3zfbz5hb637htezsovaqivkk72qa" +listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaak2mrnmdiv2g4yc37vq6dhxiswtuuc4sn4543meowfvbntnepcpna" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index e7a27029..4b429924 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.2-240826233830" +tf_script_version = "24.4.1-241017053318" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaatbgtdelzzk6fvyf4l23do34udyjejtby2tzxj7nzaswn2slznsxq" +listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa3tpmkcjmenrphbc5jci2sjmc4fcxummfqw72xv72ci6ndbyf2qnq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 98e1c977..d32b7697 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.2-240826233830" +tf_script_version = "24.4.1-241017053318" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa2kfgmx6pu7qjl4pgno2x64hau4dj5lfvteimh2ibqajdlvqxjeaa" +listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaazqkife3vsvjc2mdnapumkehzhedip7vn3pblclu2rlhplcsu4z2a" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaauu7t5rihkowgsfimkdqrlyg46w24ri2bae4bgvsypbemhcewe6eq" +ucm_listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaruq5xvtwyn3g63kuzf2wyuwonyyxsibqf3ojmtuyphx2lu6g7gdq" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 1bc6980e..af73ecda 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.3.2-240826233830" +tf_script_version = "24.4.1-241017053318" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "24.3.2-ol8.8-23.12.13-240826-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaauu7t5rihkowgsfimkdqrlyg46w24ri2bae4bgvsypbemhcewe6eq" +listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaruq5xvtwyn3g63kuzf2wyuwonyyxsibqf3ojmtuyphx2lu6g7gdq" From 96969ff267b7c9f215350520ffa49a9cc1aec046 Mon Sep 17 00:00:00 2001 From: Chintamani Bhat Date: Fri, 6 Dec 2024 09:11:51 +0530 Subject: [PATCH 36/61] Provide an option to put all the Compute instances in the same AD (#292) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the UI show that there is an option to put all the Compute instances in the same AD. Show that the option is not selected by default. check box : **Use Same Availability Domain for all Compute Instances** ![Screenshot 2024-12-05 at 10 30 13 PM](https://github.com/user-attachments/assets/bd32f71f-81f4-4713-b710-e56a15b49e57) Show that if the option is selected in the UI that the Compute instances are all in the same AD. ![Screenshot 2024-12-02 at 5 02 04 PM](https://github.com/user-attachments/assets/bcd71402-9276-4af2-b511-72762d55da01) IDCS instance with this option selected has the IDCS sample app added correctly. ![Screenshot 2024-12-02 at 5 57 42 PM](https://github.com/user-attachments/assets/5fdaa374-974f-4b71-9cea-0d8ea564920d) Show that the backends for the load balancer are set up correctly. ![Screenshot 2024-12-02 at 6 00 48 PM](https://github.com/user-attachments/assets/614763d4-caa0-4865-b59a-48ae3f9ed5f0) Perform and scale out and show that the additional instance is added in the same AD. ![Screenshot 2024-12-02 at 5 50 36 PM](https://github.com/user-attachments/assets/9f2fdf86-e354-4fe7-b75b-e4b7c85368bc) Show that there are no issues with cloning. ![Screenshot 2024-11-29 at 11 34 23 PM](https://github.com/user-attachments/assets/188798e9-e9fa-40b7-bf41-c75fa72ed739) ![Screenshot 2024-11-29 at 11 43 21 PM](https://github.com/user-attachments/assets/d089337a-bdaf-43ae-ba63-4f9c7d6eedb0) ![Screenshot 2024-11-29 at 11 48 23 PM](https://github.com/user-attachments/assets/8c6938be-3fd8-4286-80ca-8f9f3b460ade) Show that there are no issues with autoscaling. `Apply complete! Resources: 65 added, 0 changed, 0 destroyed. Outputs: autoscaling_function_application_id = "ocid1.fnapp.oc1.iad.aaaaaaaaazznl7uei34qyfl4sxxvvyelkmd5ufm6dw6zcw7bjpcioygt7e3q" autoscaling_scalein_monitoring_alarm_id = "ocid1.alarm.oc1.iad.aaaaaaaajhkebpkshceyjvv6wcp64o5idne6clphnpqmtbjak5z5awuexqlq" autoscaling_scaleout_monitoring_alarm_id = "ocid1.alarm.oc1.iad.aaaaaaaatrkvqzy3chqsipyjfckky7z6yl7xbt27t7iqp5s442a6n4nrkpna" bastion_instance_id = "ocid1.instance.oc1.iad.anuwcljsncovviycmzj4xxabupcceaqv37c4jcx3uzjldozfhge3hpg2z34q" bastion_instance_public_ip = "158.101.110.29" fss_system_id = "" fusion_middleware_control_console = "" is_vcn_peered = false jdk_version = "JDK 8" listing_version = "21.3.1-210716051200" load_balancer_id = "ocid1.loadbalancer.oc1.iad.aaaaaaaalicohve6qymbik76b62h3x6aksdd356yy2vwjdxtw3wh5rwe67ca" load_balancer_ip = "150.136.31.236" mount_target_id = "" provisioning_status = "Asynchronous provisioning is enabled. Connect to each compute instance and confirm that the file /u01/data/domains/adauto_domain/provCompletedMarker exists. Details are found in the file /u01/logs/provisioning.log." resource_identifier_value = tolist([ "adauto-b57a7325", "ccbhat", ]) rms_private_endpoint_id = "" sample_application = "https://150.136.31.236/sample-app" sample_application_protected_by_idcs = "" ssh_command = "" ssh_command_with_dynamic_port_forwarding = "" virtual_cloud_network_cidr = "10.0.0.0/16" virtual_cloud_network_id = "ocid1.vcn.oc1.iad.amaaaaaancovviyaisnuupkdcpktyck2ygy4q2et4slpostpkrrhp7medutq" webLogic_server_domain_configuration = "Production Mode" weblogic_agent_configuration_id = "" weblogic_instances = "[\""{ Instance Id:ocid1.instance.oc1.iad.anuwcljsncovviychbkobah2k27m4efwq6wjt3h2v356xuckue3xdzajc7bq, Instance name:adauto-wls-0, Availability Domain:PEKi:US-ASHBURN-AD-2, Instance Shape:VM.Standard.E4.Flex, Private IP:10.0.2.211, Public IP: }\"",\""{ Instance Id:ocid1.instance.oc1.iad.anuwcljsncovviycif6fifncrtlfebdykgvuadfam6jjz7rvatkj63mlqs3a, Instance name:adauto-wls-1, Availability Domain:PEKi:US-ASHBURN-AD-2, Instance Shape:VM.Standard.E4.Flex, Private IP:10.0.2.157, Public IP: }\""]" weblogic_log_group_id = "" weblogic_log_id = "" weblogic_server_administration_console = "https://10.0.2.211:7002/console" weblogic_version = "12.2.1.4 Enterprise Edition (Non JRF)" ` if the option is not selected in the UI that the Compute instances are still spread across ADs (regression test). ![Screenshot 2024-12-02 at 6 16 45 PM](https://github.com/user-attachments/assets/c6aafd3d-1688-45af-808c-ec16ca510cd7) --- terraform/main.tf | 1 + terraform/modules/compute/wls_compute/variables.tf | 6 ++++++ .../modules/compute/wls_compute/wls_compute.tf | 2 +- .../modules/compute/wls_compute/wls_volume.tf | 4 ++-- terraform/network_variables.tf | 6 ++++++ terraform/schema.yaml | 14 ++++++++++++++ terraform/schema_14110.yaml | 14 ++++++++++++++ 7 files changed, 44 insertions(+), 3 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index 8dfce67f..3089b367 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -631,6 +631,7 @@ module "compute" { wls_server_startup_args = var.wls_server_startup_args wls_existing_vcn_id = var.wls_existing_vcn_id create_policies = var.create_policies + place_all_compute_in_same_ad = var.place_all_compute_in_same_ad # Secured Production Mode configure_secure_mode = var.configure_secure_mode diff --git a/terraform/modules/compute/wls_compute/variables.tf b/terraform/modules/compute/wls_compute/variables.tf index bd517247..4f0eafe4 100644 --- a/terraform/modules/compute/wls_compute/variables.tf +++ b/terraform/modules/compute/wls_compute/variables.tf @@ -26,6 +26,12 @@ variable "availability_domain" { description = "The label of the availability domain where the compute will be created" } +variable "place_all_compute_in_same_ad" { + type = bool + description = "Set to true if you want to use the same Availability Domain for all Compute instances as the WebLogic Administration Server's Compute instance. Otherwise, instances will be distributed across Availability Domains." + default = false +} + variable "instance_image_id" { type = string description = "The OCID of the image used to create the compute instance" diff --git a/terraform/modules/compute/wls_compute/wls_compute.tf b/terraform/modules/compute/wls_compute/wls_compute.tf index 4a0ec1c5..50802073 100644 --- a/terraform/modules/compute/wls_compute/wls_compute.tf +++ b/terraform/modules/compute/wls_compute/wls_compute.tf @@ -11,7 +11,7 @@ module "wls-instances" { instance_params = { for x in range(var.num_vm_instances) : "${local.host_label}-${format("%02d", x)}" => { - availability_domain = var.use_regional_subnet ? local.ad_names[(x + local.admin_ad_index) % length(local.ad_names)] : var.availability_domain + availability_domain = var.use_regional_subnet ? (var.place_all_compute_in_same_ad ? var.availability_domain : local.ad_names[(x + local.admin_ad_index) % length(local.ad_names)] ) : var.availability_domain compartment_id = var.compartment_id display_name = "${local.host_label}-${x}" diff --git a/terraform/modules/compute/wls_compute/wls_volume.tf b/terraform/modules/compute/wls_compute/wls_volume.tf index dc70c5f1..bf660adf 100644 --- a/terraform/modules/compute/wls_compute/wls_volume.tf +++ b/terraform/modules/compute/wls_compute/wls_volume.tf @@ -4,7 +4,7 @@ module "middleware-volume" { source = "../volume" bv_params = { for x in range(var.num_vm_instances) : "${var.resource_name_prefix}-mw-block-${format("%02d", x)}" => { - ad = var.use_regional_subnet ? local.ad_names[(x + local.admin_ad_index) % length(local.ad_names)] : var.availability_domain + ad = var.use_regional_subnet ? (var.place_all_compute_in_same_ad ? var.availability_domain : local.ad_names[(x + local.admin_ad_index) % length(local.ad_names)]) : var.availability_domain compartment_id = var.compartment_id display_name = "${var.resource_name_prefix}-mw-block-${x}" bv_size = var.volume_size @@ -19,7 +19,7 @@ module "middleware-volume" { module "data-volume" { source = "../volume" bv_params = { for x in range(var.num_vm_instances) : "${var.resource_name_prefix}-data-block-${format("%02d", x)}" => { - ad = var.use_regional_subnet ? local.ad_names[(x + local.admin_ad_index) % length(local.ad_names)] : var.availability_domain + ad = var.use_regional_subnet ? (var.place_all_compute_in_same_ad ? var.availability_domain : local.ad_names[(x + local.admin_ad_index) % length(local.ad_names)]) : var.availability_domain compartment_id = var.compartment_id display_name = "${var.resource_name_prefix}-data-block-${x}" bv_size = var.volume_size diff --git a/terraform/network_variables.tf b/terraform/network_variables.tf index 750cd6b9..5479a3bb 100644 --- a/terraform/network_variables.tf +++ b/terraform/network_variables.tf @@ -75,6 +75,12 @@ variable "wls_availability_domain_name" { default = "" } +variable "place_all_compute_in_same_ad" { + type = bool + description = "Set to true if you want to use the same Availability Domain for all Compute instances as the WebLogic Administration Server's Compute instance. Otherwise, instances will be distributed across Availability Domains." + default = false +} + variable "assign_weblogic_public_ip" { type = bool description = "Set to true if the WebLogic compute instances will be created in a public subnet and should have a public IP" diff --git a/terraform/schema.yaml b/terraform/schema.yaml index baf751b0..9e1f0049 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -96,6 +96,7 @@ groupings: #- ${image_mode} #- ${terms_and_conditions} - ${wls_availability_domain_name} + - ${place_all_compute_in_same_ad} - ${wls_subnet_id} - ${wls_subnet_cidr} - ${existing_admin_server_nsg_id} @@ -458,6 +459,19 @@ variables: - ${subnet_span} - "Regional Subnet" + place_all_compute_in_same_ad: + visible: + and: + - ${orm_create_mode} + - eq: + - ${subnet_span} + - "Regional Subnet" + type: boolean + required: true + default: false + title: "Use Same Availability Domain for all Compute Instances" + description: "Use the same Availability Domain for all Compute instances as that of the WebLogic Administration Server's Compute instance. If this option is not selected, the compute instances will be distributed across Availability Domains." + wls_node_count: type: integer title: "Node Count" diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index 9c5b40cb..a70cccc5 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -69,6 +69,7 @@ groupings: #- ${image_mode} #- ${terms_and_conditions} - ${wls_availability_domain_name} + - ${place_all_compute_in_same_ad} - ${wls_subnet_id} - ${wls_subnet_cidr} - ${existing_admin_server_nsg_id} @@ -456,6 +457,19 @@ variables: - ${subnet_span} - "Regional Subnet" + place_all_compute_in_same_ad: + visible: + and: + - ${orm_create_mode} + - eq: + - ${subnet_span} + - "Regional Subnet" + type: boolean + required: true + default: false + title: "Use Same Availability Domain for all Compute Instances" + description: "Use the same Availability Domain for all Compute instances as that of the WebLogic Administration Server's Compute instance. If this option is not selected, the compute instances will be distributed across Availability Domains." + wls_node_count: type: integer title: "Node Count" From ec00c90daa6794c2ec8134ea876300572a2627bb Mon Sep 17 00:00:00 2001 From: telake Date: Wed, 18 Dec 2024 20:07:45 -0800 Subject: [PATCH 37/61] Set policies for enabling WLMS plugin (#296) Set policies for enabling WLMS plugin --- terraform/modules/policies/locals.tf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index 67141da0..c6e79411 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -49,6 +49,11 @@ locals { cloning_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to inspect compartments in tenancy" cloning_policy_statement = compact([local.cloning_policy_statement1, local.cloning_policy_statement2]) + # These policy statements are required for enabling the plugin + plugin_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage instance-agent-plugins in compartment id ${var.compartment_id}" + plugin_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use wlms-managed-instance-plugins in tenancy" + plugin_policy_statement = compact([local.plugin_policy_statement1, local.plugin_policy_statement2]) + #Policies for WLS instance principal dynamic group autoscaling_statement1 = var.use_autoscaling ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use repos in tenancy" : "" autoscaling_statement2 = var.use_autoscaling ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage functions-family in compartment id ${var.compartment_id}" : "" @@ -124,7 +129,7 @@ locals { secure_mode_statement = compact([local.secure_mode_statement1, local.secure_mode_statement2, local.secure_mode_statement3, local.secure_mode_statement4, local.secure_mode_statement5, local.secure_mode_secrets_policy_statement1, local.secure_mode_secrets_policy_statement2]) #TODO: When other categories with more statements are added here, concat them with service_statements - policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.autoscaling_statements, local.secure_mode_statement) + policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.plugin_policy_statement, local.autoscaling_statements, local.secure_mode_statement) reserved_ips_info = var.compartment_id == "" ? [{ id = var.resource_name_prefix }] : [] From a7da59b3e4eca488af5d1acb8d9a6d6c87b4d2d2 Mon Sep 17 00:00:00 2001 From: srjanaki Date: Thu, 19 Dec 2024 20:35:30 -0800 Subject: [PATCH 38/61] uptake wlsoci 24.4.3 market place image values (#297) --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 26ba779d..915e5ce7 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.1-241017053318" +tf_script_version = "24.4.3-241219063253" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa42huy5647ywxakme23tq4m4a2pplwnjtkger2qlsdabb7og65xlq" +listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa3wfcdv56fwwvkvo2bmccsl2c2xwj7lnfavs4sy6q23lmxom4mcja" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaak2mrnmdiv2g4yc37vq6dhxiswtuuc4sn4543meowfvbntnepcpna" \ No newline at end of file +ucm_listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaakfkcqazhsjyswm3r6bflsk3ci6iwiqpizsqgehhjhiqypn52uobq" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index aef3c76f..0633af1a 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,9 +1,9 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.1-241017053318" +tf_script_version = "24.4.3-241219063253" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaak2mrnmdiv2g4yc37vq6dhxiswtuuc4sn4543meowfvbntnepcpna" +listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaakfkcqazhsjyswm3r6bflsk3ci6iwiqpizsqgehhjhiqypn52uobq" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index c54d7512..fcc67a28 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,9 +1,9 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.1-241017053318" +tf_script_version = "24.4.3-241219063253" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa3tpmkcjmenrphbc5jci2sjmc4fcxummfqw72xv72ci6ndbyf2qnq" +listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaachefwpa57fwzf47la6fc65ihxow6scpt7c3omacq5rbljztpm4ba" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index d32b7697..91b1c106 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.1-241017053318" +tf_script_version = "24.4.3-241219063253" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaazqkife3vsvjc2mdnapumkehzhedip7vn3pblclu2rlhplcsu4z2a" +listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa5mhs4bdlsre7vlczzcdtz2a57shlfrw4k7c3r6quhtiijosqb3hq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaruq5xvtwyn3g63kuzf2wyuwonyyxsibqf3ojmtuyphx2lu6g7gdq" +ucm_listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaqbh7qqdgsv54p7dirm3oqx2zvr7qtosvercgoicqfj2txjpudthq" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 07b07b33..ce4ef4c7 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,9 +1,9 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.1-241017053318" +tf_script_version = "24.4.3-241219063253" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "24.4.1-ol8.8-23.12.13-241017-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaruq5xvtwyn3g63kuzf2wyuwonyyxsibqf3ojmtuyphx2lu6g7gdq" +listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaqbh7qqdgsv54p7dirm3oqx2zvr7qtosvercgoicqfj2txjpudthq" From 231f50fc34b284ac3a621d4983fc76dc0287fc1c Mon Sep 17 00:00:00 2001 From: srjanaki Date: Thu, 23 Jan 2025 20:58:08 -0800 Subject: [PATCH 39/61] uptake jan25 psu (#301) PR for merging changes for 25.1.1 psu into development branch --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index d390fd85..24b3db7f 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.3-241219063253" +tf_script_version = "25.1.1-250122225215" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa3wfcdv56fwwvkvo2bmccsl2c2xwj7lnfavs4sy6q23lmxom4mcja" +listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaxmzmckfq6qajxkplzdt2ucjac5h2qrjsh6vflrgjdxb5nzilxzua" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaakfkcqazhsjyswm3r6bflsk3ci6iwiqpizsqgehhjhiqypn52uobq" \ No newline at end of file +ucm_listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaagg6ppgbdff6xxzxyv6mxar4aejbhdxxxzl7i3y6eq665mktdvx7q" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 0633af1a..3808936e 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,9 +1,9 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.3-241219063253" +tf_script_version = "25.1.1-250122225215" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaakfkcqazhsjyswm3r6bflsk3ci6iwiqpizsqgehhjhiqypn52uobq" +listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaagg6ppgbdff6xxzxyv6mxar4aejbhdxxxzl7i3y6eq665mktdvx7q" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 0faab2fd..10bac115 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.3-241219063253" +tf_script_version = "25.1.1-250122225215" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaachefwpa57fwzf47la6fc65ihxow6scpt7c3omacq5rbljztpm4ba" \ No newline at end of file +listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaawiuf52uii3weey6tikixfemyu5msovhb63x44tw4qajcdxjve5tq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 91b1c106..2d277777 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.3-241219063253" +tf_script_version = "25.1.1-250122225215" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa5mhs4bdlsre7vlczzcdtz2a57shlfrw4k7c3r6quhtiijosqb3hq" +listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa6ktrzaebul6d3qdr5zi6twm5gkdr6wlzcx4ilvlkwkbw7bgemwla" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaqbh7qqdgsv54p7dirm3oqx2zvr7qtosvercgoicqfj2txjpudthq" +ucm_listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaak3naanidaq44wv3m5bziv6fccmmem6lkyqpi4mmdsdfrzs53utwq" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index ce4ef4c7..99267033 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,9 +1,9 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "24.4.3-241219063253" +tf_script_version = "25.1.1-250122225215" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "24.4.3-ol8.8-23.12.13-241219-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaqbh7qqdgsv54p7dirm3oqx2zvr7qtosvercgoicqfj2txjpudthq" +listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaak3naanidaq44wv3m5bziv6fccmmem6lkyqpi4mmdsdfrzs53utwq" From 6da5269d46ec369ff18c57503d3653d75d7b3c45 Mon Sep 17 00:00:00 2001 From: ManviGupta-prog Date: Fri, 28 Feb 2025 20:13:24 +0530 Subject: [PATCH 40/61] Added check for egress rule to allow traffic on all ports in MS NSG --- .../scripts/network_validation.sh | 104 +++++++++++++++++- 1 file changed, 101 insertions(+), 3 deletions(-) diff --git a/terraform/modules/network-validator/scripts/network_validation.sh b/terraform/modules/network-validator/scripts/network_validation.sh index 7a0ee496..47374f12 100644 --- a/terraform/modules/network-validator/scripts/network_validation.sh +++ b/terraform/modules/network-validator/scripts/network_validation.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. # # ############################################################################ @@ -347,6 +347,54 @@ function check_udp_port_open_in_seclist_or_nsg() { echo 1 fi } +################################################### +# Checks if there is an egress rule to ensure that the network can establish outbound communication to any destination, utilizing all available protocols and ports. +# Args: +# seclist_or_nsg_ocid: OCID for the security list or nsg. +# ocid_type: Valid values: "nsg" for Network Security Group OCID, "seclist" for Security List OCID (default) +# Returns: +# 0|1 +################################################### +function check_egress_all_traffic_in_nsg_or_seclist() { + local nsg_ocid_or_sec_list=$1 + local icmp_protocol="1" + local port_is_open=false + local egress_rules_count=0 + local ocid_type=$2 + declare -A nsg_sec_list_array + + if [[ $ocid_type == "nsg" ]]; then + egress_rules=$(oci network nsg rules list --nsg-id $nsg_ocid_or_sec_list --direction EGRESS | jq -r '.data') + else + egress_rules=$(oci network security-list get --security-list-id $nsg_ocid_or_sec_list | jq -r '.data["egress-security-rules"]') + fi + egress_rules_count=$(echo $egress_rules | jq '. | length') + + if [[ $egress_rules_count -gt 0 ]]; then + for ((j = 0; j < egress_rules_count; j++)); do + egress_protocol=$(echo $egress_rules | jq -r --arg i "$j" '.[$i|tonumber].protocol') + egress_destination=$(echo $egress_rules | jq -r --arg i "$j" '.[$i|tonumber].destination') + egress_destination_type=$(echo $egress_rules | jq -r --arg i "$j" '.[$i|tonumber]."destination-type"') + + if [[ $egress_destination_type != "CIDR_BLOCK" ]]; then + nsg_sec_list_array[$j]="WARNING: Destinantion type is either NSG or Service. Skipping the validation check for ${egress_destination}." + continue + fi + + if [[ $egress_destination == "0.0.0.0/0" && ( $egress_protocol == "all" || $egress_protocol == $icmp_protocol ) ]]; then + egress_is_open=true + echo 0 + return + fi + done + fi + + if [[ ${#nsg_sec_list_array[@]} != 0 ]]; then + echo "${nsg_sec_list_array[@]}" + else + echo 1 + fi +} #################################################### @@ -391,7 +439,35 @@ function validate_subnet_port_access() { done echo $port_found_open } +#################################################### +# Validates if egress rule is present to allow all traffic on all ports in the specified subnet. +# +# Args: +# subnet: Subnet OCID +# Returns: +# 0|1 +#################################################### +function validate_egress_rule() { + local port_found_open=1 + local subnet=$1 + sec_lists=$(oci network subnet get --subnet-id ${subnet} | jq -c '.data["security-list-ids"]') + + declare -A seclists_array + + while IFS="=" read -r key value + do + seclists_array[$key]="$value" + done < <(jq -r 'to_entries|map("\(.key)=\(.value|tostring)")|.[]' <<< "$sec_lists") + # Check the ingress rules for specified destination port is open for access by source CIDR + for seclist_ocid in "${seclists_array[@]}" + do + if [[ $port_found_open -ne 0 ]]; then + port_found_open=$(check_egress_all_traffic_in_nsg_or_seclist $seclist_ocid "seclist") + fi + done + echo $port_found_open +} #################################################### # Validates if the ATP_PORT is open for the WLS subnet CIDR. # This is applicable for ATP DB with private endpoint only. @@ -779,6 +855,19 @@ fi if [[ -n ${WLS_SUBNET_OCID} && -z ${ADMIN_SRV_NSG_OCID} && -z ${MANAGED_SRV_NSG_OCID} ]] then +# Check egress rule to allow all traffic on all ports in WLS Subnet CIDR. + res=$(validate_egress_rule ${WLS_SUBNET_OCID}) + + if [[ $res == *"WARNING"* ]] + then + for warning in "${res[@]}"; do + echo "$warning" + done + elif [[ $res -ne 0 ]] + then + echo "ERROR: Missing egress rule to allow all traffic on all ports in WLS Subnet [$WLS_SUBNET_OCID]. ${NETWORK_VALIDATION_MSG}" + validation_return_code=2 + fi wls_subnet_cidr_block=$(oci network subnet get --subnet-id ${WLS_SUBNET_OCID} | jq -r '.data["cidr-block"]') # Check if SSH port is open for access by WLS subnet CIDR @@ -851,9 +940,18 @@ fi if [[ -n ${WLS_SUBNET_OCID} && -n ${ADMIN_SRV_NSG_OCID} && -n ${MANAGED_SRV_NSG_OCID} ]] then - wls_subnet_cidr_block=$(oci network subnet get --subnet-id ${WLS_SUBNET_OCID} | jq -r '.data["cidr-block"]') - + # Check egress rule to allow all traffic on all ports in Managed Server NSG. + res=$(check_egress_all_traffic_in_nsg_or_seclist ${MANAGED_SRV_NSG_OCID} "nsg") + if [[ $res == *"WARNING"* ]]; then + for warning in "${res[@]}"; do + echo "$warning" + done + elif [[ $res -ne 0 ]]; then + echo "ERROR: Missing egress rule to allow traffic on all ports in Managed Server NSG [$MANAGED_SRV_NSG_OCID]. ${NETWORK_VALIDATION_MSG}" + validation_return_code=2 + fi # Check if SSH port is open for access by WLS subnet CIDR in Admin Server NSG + wls_subnet_cidr_block=$(oci network subnet get --subnet-id ${WLS_SUBNET_OCID} | jq -r '.data["cidr-block"]') res=$(check_tcp_port_open_in_seclist_or_nsg $MANAGED_SRV_NSG_OCID "${SSH_PORT}" "$wls_subnet_cidr_block" "nsg") if [[ $res == *"WARNING"* ]] then From 0cdbe67227db6566c8a23db577209080675313c4 Mon Sep 17 00:00:00 2001 From: ManviGupta-prog Date: Mon, 3 Mar 2025 20:43:46 +0530 Subject: [PATCH 41/61] =?UTF-8?q?Added=20ingress=20rule=20to=20allow=20acc?= =?UTF-8?q?ess=20for=20Wls-Subnet=20on=20port=2022=20in=20manag=E2=80=A6?= =?UTF-8?q?=20(#299)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../network/vcn-config/nsg_security_rule.tf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/terraform/modules/network/vcn-config/nsg_security_rule.tf b/terraform/modules/network/vcn-config/nsg_security_rule.tf index 90e82f6c..7b576dda 100644 --- a/terraform/modules/network/vcn-config/nsg_security_rule.tf +++ b/terraform/modules/network/vcn-config/nsg_security_rule.tf @@ -87,6 +87,22 @@ resource "oci_core_network_security_group_security_rule" "wls_ingress_nm_securit } } } +resource "oci_core_network_security_group_security_rule" "wls_ingress_ssh_security_rule" { + network_security_group_id = element(var.nsg_ids["managed_nsg_id"], 0) + direction = "INGRESS" + protocol = "6" + + source = var.wls_subnet_cidr + source_type = "CIDR_BLOCK" + stateless = false + + tcp_options { + destination_port_range { + min = 22 + max = 22 + } + } +} resource "oci_core_network_security_group_security_rule" "wls_ingress_administration_port_secure_mode" { count = var.configure_secure_mode ? 1 : 0 From d3a56adedbf94103d03b0fd1af783291794a652a Mon Sep 17 00:00:00 2001 From: ManviGupta-prog Date: Mon, 10 Mar 2025 22:33:57 +0530 Subject: [PATCH 42/61] Added code changes for UI and terraform changes to add WLS 14.1.2. (#304) Co-authored-by: Mahuwa Barman <106961326+Mahuwa-Barman@users.noreply.github.com> --- builds/build_orm_dev.sh | 29 +- terraform/locals.tf | 12 +- terraform/main.tf | 1 + .../compute/wls_compute/wls_compute.tf | 4 +- .../compute/wls_compute/wls_variables.tf | 22 +- .../modules/validators/oci_db_validators.tf | 3 +- terraform/modules/validators/validators.tf | 11 +- terraform/modules/validators/variables.tf | 4 +- terraform/schema.yaml | 23 +- terraform/schema_14110.yaml | 25 +- terraform/schema_14120.yaml | 2699 +++++++++++++++++ terraform/weblogic_variables.tf | 17 +- 12 files changed, 2798 insertions(+), 52 deletions(-) create mode 100644 terraform/schema_14120.yaml diff --git a/builds/build_orm_dev.sh b/builds/build_orm_dev.sh index 1a7b2b28..13f23b72 100644 --- a/builds/build_orm_dev.sh +++ b/builds/build_orm_dev.sh @@ -14,9 +14,9 @@ help() { echo "Build the Oracle Resource Manager (ORM) bundles for developers to deploy in Marketplace" echo - echo "Arguments: build_orm_dev.sh -v|--version <12.2.1.4|14.1.1.0> -t|--scripts_version --all" + echo "Arguments: build_orm_dev.sh -v|--version <12.2.1.4|14.1.1.0|14.1.2.0> -t|--scripts_version --all" echo "options:" - echo "-v, --version WebLogic version. Supported values are 12.2.1.4 or 14.1.1.0. Optional when --all option is provided" + echo "-v, --version WebLogic version. Supported values are 12.2.1.4,14.1.2.0 or 14.1.1.0 Optional when --all option is provided" echo "-t, --scripts_version VM scripts version" echo "--all All bundles" echo @@ -73,7 +73,7 @@ validate() echo "WebLogic version is not provided" help exit 1 - elif [ "${WLS_VERSION}" != "12.2.1.4" ] && [ "${WLS_VERSION}" != "14.1.1.0" ]; then + elif [ "${WLS_VERSION}" != "12.2.1.4" ] && [ "${WLS_VERSION}" != "14.1.2.0" ] && [ "${WLS_VERSION}" != "14.1.1.0" ]; then echo "Please provide valid WebLogic version" help exit 1 @@ -105,7 +105,14 @@ create_14110_bundle() cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf replace_14110_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-14110.zip *; rm -Rf ${TMP_BUILD}/*) -} +} +create_14120_bundle() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_14120.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_14120_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-14120.zip *; rm -Rf ${TMP_BUILD}/*) +} #need to change it to false after RM UI fix replace_12214_variables() @@ -123,15 +130,25 @@ replace_14110_variables() sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = false' ${TMP_BUILD}/mp_variables.tf sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = \"'"$SCRIPTS_VERSION"'\"' ${TMP_BUILD}/variables.tf } +replace_14120_variables() +{ + sed -i '/variable "generate_dg_tag" {/!b;n;n;n;cdefault = false' ${TMP_BUILD}/variables.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"14.1.2.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = false' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = \"'"$SCRIPTS_VERSION"'\"' ${TMP_BUILD}/variables.tf +} if [ "${CREATE_ALL_BUNDLES}" == "true" ]; then create_12214_bundle create_14110_bundle + create_14120_bundle else if [ "${WLS_VERSION}" == "12.2.1.4" ]; then - create_12214_bundle + create_12214_bundle + elif [ "${WLS_VERSION}" == "14.1.2.0" ]; then + create_14120_bundle else - create_14110_bundle + create_14110_bundle fi fi diff --git a/terraform/locals.tf b/terraform/locals.tf index 6169eba4..ad81a90a 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -106,8 +106,14 @@ locals { async_prov_mode = !local.assign_weblogic_public_ip && !var.is_rms_private_endpoint_required && !var.is_bastion_instance_required ? "Asynchronous provisioning is enabled. Connect to each compute instance and confirm that the file /u01/data/domains/${format("%s_domain", local.service_name_prefix)}/provCompletedMarker exists. Details are found in the file /u01/logs/provisioning.log." : "" - jdk_labels = { jdk7 = "JDK 7", jdk8 = "JDK 8", jdk11 = "JDK 11" } - jdk_version = var.wls_version == "14.1.1.0" ? local.jdk_labels[var.wls_14c_jdk_version] : (var.wls_version == "11.1.1.7" ? local.jdk_labels["jdk7"] : local.jdk_labels["jdk8"]) + jdk_labels = { jdk7 = "JDK 7", jdk8 = "JDK 8", jdk11 = "JDK 11", jdk17 = "JDK 17", jdk21 = "JDK 21" } + jdk_version = lookup( + local.jdk_labels, + var.wls_version == "14.1.1.0" ? var.wls_14c_jdk_version : + var.wls_version == "14.1.2.0" ? var.wls_14120_jdk_version : + var.wls_version == "11.1.1.7" ? "jdk7" : "jdk8" +) + user_defined_tag_values = values(var.service_tags.definedTags) @@ -144,7 +150,7 @@ locals { fmw_console_app_url = local.requires_JRF ? format( "https://%s:%s/em", local.admin_ip_address, - var.wls_extern_ssl_admin_port, + local.wls_extern_ssl_admin_port, ) : "" use_apm_service = (var.use_apm_service || var.use_autoscaling) diff --git a/terraform/main.tf b/terraform/main.tf index 3089b367..6f48647a 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -612,6 +612,7 @@ module "compute" { tf_script_version = var.tf_script_version use_regional_subnet = local.use_regional_subnet wls_14c_jdk_version = var.wls_14c_jdk_version + wls_14120_jdk_version = var.wls_14120_jdk_version wls_admin_user = local.wls_admin_user wls_admin_password_id = var.wls_admin_password_id wls_admin_server_name = format("%s_adminserver", local.service_name_prefix) diff --git a/terraform/modules/compute/wls_compute/wls_compute.tf b/terraform/modules/compute/wls_compute/wls_compute.tf index 50802073..b5443aa3 100644 --- a/terraform/modules/compute/wls_compute/wls_compute.tf +++ b/terraform/modules/compute/wls_compute/wls_compute.tf @@ -67,7 +67,7 @@ module "wls-instances" { wls_edition = var.wls_edition is_bastion_instance_required = var.is_bastion_instance_required create_policies = var.create_policies - + enable_restful_management_services = var.wls_version == "14.1.2.0" ? true : false # Secured Production Mode configure_secure_mode = var.configure_secure_mode preserve_boot_properties = var.preserve_boot_properties @@ -87,7 +87,7 @@ module "wls-instances" { wls_version = var.wls_version wls_14c_jdk_version = var.wls_14c_jdk_version fmiddleware_zip = var.wls_version_to_fmw_map[var.wls_version] - jdk_zip = var.wls_version == "14.1.1.0" ? var.wls_14c_to_jdk_map[var.wls_14c_jdk_version] : var.wls_version_to_jdk_map[var.wls_version] + jdk_zip = var.wls_version == "14.1.1.0" ? var.wls_14c_to_jdk_map[var.wls_14c_jdk_version] :var.wls_version == "14.1.2.0" ? var.wls_14120_to_jdk_map[var.wls_14120_jdk_version] :var.wls_version_to_jdk_map[var.wls_version] vmscripts_path = var.vmscripts_path log_level = var.log_level mw_vol_mount_point = lookup(var.volume_map[0], "volume_mount_point") diff --git a/terraform/modules/compute/wls_compute/wls_variables.tf b/terraform/modules/compute/wls_compute/wls_variables.tf index 777a77ea..e2ebb75c 100644 --- a/terraform/modules/compute/wls_compute/wls_variables.tf +++ b/terraform/modules/compute/wls_compute/wls_variables.tf @@ -169,8 +169,8 @@ variable "wls_version" { type = string description = "The WebLogic version to be installed in this instance. Accepted values are: 12.2.1.4, 14.1.1.0" validation { - condition = contains(["12.2.1.4", "14.1.1.0"], var.wls_version) - error_message = "WLSC-ERROR: WebLogic Versions 12.2.1.4 and 14.1.1.0 are the only versions supported." + condition = contains(["12.2.1.4", "14.1.1.0", "14.1.2.0"], var.wls_version) + error_message = "WLSC-ERROR: WebLogic Versions 12.2.1.4 , 14.1.1.0 and 14.1.2.0 are the only versions supported." } } @@ -183,6 +183,14 @@ variable "wls_14c_jdk_version" { } } +variable "wls_14120_jdk_version" { + type = string + description = "JDK version to use when installing WebLogic 14.1.2.0. Ignored when WebLogic version is not 14c. Allowed values: jdk17, jdk21" + validation { + condition = var.wls_14120_jdk_version == "" || contains(["jdk17", "jdk21"], var.wls_14120_jdk_version) + error_message = "WLSC-ERROR: Only jdk17 and jdk21 are supported with WebLogic version 14.1.2.0." + } +} variable "wls_version_to_fmw_map" { type = map(string) description = "Defines the mapping between wls_version and corresponding FMW zip" @@ -190,6 +198,7 @@ variable "wls_version_to_fmw_map" { "12.2.1.3" = "/u01/zips/jcs/FMW/12.2.1.3.0/fmiddleware.zip" "12.2.1.4" = "/u01/zips/jcs/FMW/12.2.1.4.0/fmiddleware.zip" "14.1.1.0" = "/u01/zips/jcs/FMW/14.1.1.0.0/fmiddleware.zip" + "14.1.2.0" = "/u01/zips/jcs/FMW/14.1.2.0.0/fmiddleware.zip" } } @@ -211,12 +220,21 @@ variable "wls_14c_to_jdk_map" { } } +variable "wls_14120_to_jdk_map"{ + type = map(string) + description = "Defines the mapping between jdk version and corresponding JDK zip." + default = { + "jdk17" = "/u01/zips/jcs/JDK17.0/jdk.zip" + "jdk21" = "/u01/zips/jcs/JDK21.0/jdk.zip" + } +} variable "wls_version_to_rcu_component_list_map" { type = map(string) description = "Defines the mapping between wls_version version and corresponding RCU components." default = { "12.2.1.3" = "MDS,WLS,STB,IAU_APPEND,IAU_VIEWER,UCSUMS,IAU,OPSS" "12.2.1.4" = "MDS,WLS,STB,IAU_APPEND,IAU_VIEWER,UCSUMS,IAU,OPSS" + "14.1.2.0" = "MDS,WLS,STB,IAU_APPEND,IAU_VIEWER,IAU,OPSS" } } diff --git a/terraform/modules/validators/oci_db_validators.tf b/terraform/modules/validators/oci_db_validators.tf index 3ba8aad4..4877518f 100644 --- a/terraform/modules/validators/oci_db_validators.tf +++ b/terraform/modules/validators/oci_db_validators.tf @@ -58,5 +58,6 @@ locals { validate_oci_db_connect_str_use_3 = var.oci_db_connection_string != "" && var.existing_vcn_id == "" ? local.validators_msg_map[local.invalid_oci_db_connect_msg_use_3] : null invalid_oci_db_connect_msg_use_4 = "WLSC-ERROR: The value of database connection string [oci_db_connection_string] can be provided only for WebLogic 12c versions [wls_version]." - validate_oci_db_connect_str_use_4 = var.oci_db_connection_string == "" || var.wls_version == "12.2.1.4" ? null : local.validators_msg_map[local.invalid_oci_db_connect_msg_use_4] + validate_oci_db_connect_str_use_4 = var.oci_db_connection_string == "" || var.wls_version == "12.2.1.4" || var.wls_version == "14.1.2.0" ? null : local.validators_msg_map[local.invalid_oci_db_connect_msg_use_4] + } diff --git a/terraform/modules/validators/validators.tf b/terraform/modules/validators/validators.tf index e2c0e72a..80c4d627 100644 --- a/terraform/modules/validators/validators.tf +++ b/terraform/modules/validators/validators.tf @@ -12,8 +12,8 @@ locals { wls_port_list = tolist(["9071", "9072", "9073", "9074"]) reserved_wls_ports = contains(local.wls_port_list, var.wls_ms_port) || contains(local.wls_port_list, var.wls_ms_ssl_port) || contains(local.wls_port_list, var.wls_extern_admin_port) || contains(local.wls_port_list, var.wls_extern_ssl_admin_port) - is14cVersion = var.wls_version == "14.1.1.0" - invalid_14c_jrf = local.is14cVersion && (var.is_atp_db || var.is_oci_db || var.oci_db_connection_string != "") + is14110Version = var.wls_version == "14.1.1.0" + invalid_14110_jrf = local.is14110Version && (var.is_atp_db || var.is_oci_db || var.oci_db_connection_string != "") invalid_multiple_infra_dbs = ((var.is_oci_db || var.oci_db_connection_string != "") && var.is_atp_db) both_vcn_param = local.has_existing_vcn && local.has_vcn_name @@ -28,8 +28,8 @@ locals { multiple_infra_dbs_msg = "WLSC-ERROR: Both OCI and ATP database parameters are provided. Only one infra database is required." validate_invalid_multiple_infra_dbs = local.invalid_multiple_infra_dbs ? local.validators_msg_map[local.multiple_infra_dbs_msg] : null - jrf_14c_msg = "WLSC-ERROR: JRF domain is not supported for FMW 14c version" - validate_14c_jrf = local.invalid_14c_jrf ? local.validators_msg_map[local.jrf_14c_msg] : "" + jrf_14110_msg = "WLSC-ERROR: JRF domain is not supported for FMW 14.1.1.0 version" + validate_14c_jrf = local.invalid_14110_jrf ? local.validators_msg_map[local.jrf_14110_msg] : "" missing_dynamic_group_oci_logging_enabled_create_policies_unset = "WLSC-ERROR: Dynamic Group id is required when enabling integration with OCI Logging Service with create policies unset " validate_dynamic_group_oci_logging_enabled_create_policies_unset = !var.create_policies && var.use_oci_logging && var.dynamic_group_id == "" ? local.validators_msg_map[local.missing_dynamic_group_oci_logging_enabled_create_policies_unset] : null @@ -80,7 +80,8 @@ locals { invalid_administration_ports_msg = "WLSC-ERROR: The value for administration_port=[${var.administration_port}] and ms_administration_port=[${var.ms_administration_port}] cannot be same." validate_administration_ports = local.invalid_administration_ports ? local.validators_msg_map[local.invalid_administration_ports_msg] : null - invalid_jrf_12c_secure_mode = var.configure_secure_mode && (var.is_oci_db || var.is_atp_db || trimspace(var.oci_db_connection_string) != "") + is12cVersion = var.wls_version == "12.2.1.4" + invalid_jrf_12c_secure_mode = var.configure_secure_mode && local.is12cVersion && (var.is_oci_db || var.is_atp_db || trimspace(var.oci_db_connection_string) != "") invalid_jrf_12c_secure_mode_msg = "WLSC-ERROR: JRF domain is not supported for FMW 12c version in secured production mode." validate_jrf_12c_secure_mode = local.invalid_jrf_12c_secure_mode ? local.validators_msg_map[local.invalid_jrf_12c_secure_mode_msg] : "" } diff --git a/terraform/modules/validators/variables.tf b/terraform/modules/validators/variables.tf index 88212826..31d0e195 100644 --- a/terraform/modules/validators/variables.tf +++ b/terraform/modules/validators/variables.tf @@ -154,8 +154,8 @@ variable "wls_version" { type = string description = "The WebLogic version to be installed for this stack. Accepted values are: 12.2.1.4, 14.1.1.0" validation { - condition = contains(["12.2.1.4", "14.1.1.0"], var.wls_version) - error_message = "WLSC-ERROR: Allowed values for wls_version are 12.2.1.4, 14.1.1.0." + condition = contains(["12.2.1.4", "14.1.1.0","14.1.2.0"], var.wls_version) + error_message = "WLSC-ERROR: Allowed values for wls_version are 12.2.1.4, 14.1.1.0, 14.1.2.0." } } diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 9e1f0049..56d26e36 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -237,6 +237,7 @@ groupings: - ${generate_dg_tag} - ${wait_time_wls_vnc_dns_resolver} - ${wls_14c_jdk_version} + - ${wls_14120_jdk_version} - ${wls_admin_port_source_cidr} - ${wlsoci_vmscripts_zip_bundle_path} - ${tf_script_version} @@ -1115,16 +1116,14 @@ variables: is_rms_private_endpoint_required: visible: and: - - ${orm_create_mode} - - and: - - not: - - ${create_new_subnets} - - not: - - ${create_new_vcn} - - not: - - eq: - - ${subnet_type} - - "Use Public Subnet" + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - eq: + - ${subnet_type} + - "Use Public Subnet" type: boolean default: true title: "Use Resource Manager Private Endpoint" @@ -1133,7 +1132,6 @@ variables: add_rms_private_endpoint: visible: and: - - ${orm_create_mode} - ${is_rms_private_endpoint_required} - not: - ${create_new_subnets} @@ -1151,7 +1149,6 @@ variables: rms_existing_private_endpoint_id: visible: and: - - ${orm_create_mode} - ${is_rms_private_endpoint_required} - not: - ${create_new_subnets} @@ -1636,7 +1633,6 @@ variables: existing_lb_nsg_id: visible: and: - - ${orm_create_mode} - ${add_existing_nsg} - or: - ${add_load_balancer} @@ -2690,4 +2686,5 @@ variables: enum: - 12.2.1.4 - 14.1.1.0 + - 14.1.2.0 default: 12.2.1.4 diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index a70cccc5..aaab2911 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -184,6 +184,7 @@ groupings: - ${listing_resource_version} - ${wls_version} - ${log_level} + - ${wls_14120_jdk_version} #- ${instance_image_id} - ${marketplace_source_images} - ${use_regional_subnet} @@ -1123,17 +1124,15 @@ variables: is_rms_private_endpoint_required: visible: - and: - - ${orm_create_mode} - - and: - - not: - - ${create_new_subnets} - - not: - - ${create_new_vcn} - - not: - - eq: - - ${subnet_type} - - "Use Public Subnet" + and: + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - eq: + - ${subnet_type} + - "Use Public Subnet" type: boolean default: true title: "Use Resource Manager Private Endpoint" @@ -1142,7 +1141,6 @@ variables: add_rms_private_endpoint: visible: and: - - ${orm_create_mode} - ${is_rms_private_endpoint_required} - not: - ${create_new_subnets} @@ -1160,7 +1158,6 @@ variables: rms_existing_private_endpoint_id: visible: and: - - ${orm_create_mode} - ${is_rms_private_endpoint_required} - not: - ${create_new_subnets} @@ -1644,7 +1641,6 @@ variables: existing_lb_nsg_id: visible: and: - - ${orm_create_mode} - ${add_existing_nsg} - or: - ${add_load_balancer} @@ -2227,4 +2223,5 @@ variables: enum: - 12.2.1.4 - 14.1.1.0 + - 14.1.2.0 default: 12.2.1.4 diff --git a/terraform/schema_14120.yaml b/terraform/schema_14120.yaml new file mode 100644 index 00000000..24bf90b0 --- /dev/null +++ b/terraform/schema_14120.yaml @@ -0,0 +1,2699 @@ +# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +title: Oracle WebLogic Server for Oracle Cloud Infrastructure +description: Oracle WebLogic Server for Oracle Cloud Infrastructure +schemaVersion: 1.1.0 +version: "20190304" +groupings: + - title: "Stack Configuration" + variables: + - ${service_name} + - ${ssh_public_key} + - ${create_policies} + - ${create_new_vcn} + - ${is_rms_private_endpoint_required} + - ${is_bastion_instance_required} + - ${add_load_balancer} + - ${is_idcs_selected} + - ${use_oci_logging} + - ${use_apm_service} + - ${use_autoscaling} + - ${add_fss} + - ${configure_secure_mode} + + - title: "Virtual Cloud Networking" + variables: + - ${network_compartment_id} + - ${wls_existing_vcn_id} + - ${wls_vcn_name} + - ${wls_vcn_cidr} + - ${create_new_subnets} + - ${subnet_compartment_id} + - ${subnet_type} + - ${subnet_span} + - ${add_existing_nsg} + + - title: "WebLogic Domain Configuration" + variables: + - ${wls_admin_user} + - ${wls_primary_admin_user} + - ${wls_admin_secret_compartment_id} + - ${wls_admin_password_id} + - ${wls_secondary_admin_user} + - ${wls_secondary_admin_password_id} + - ${keystore_password_id} + - ${root_ca_id} + - ${cert_compartment_id} + - ${wls_14120_jdk_version} + - ${preserve_boot_properties} + - ${add_JRF} + #Start of JRF fields + - ${db_strategy} + - ${atp_db_compartment_id} + - ${atp_db_id} + - ${atp_db_uses_private_endpoint} + - ${atp_db_network_compartment_id} + - ${atp_db_existing_vcn_id} + - ${atp_db_secret_compartment_id} + - ${atp_db_password_id} + - ${atp_db_level} + - ${use_oci_db_connection_string} + - ${oci_db_connection_string} + - ${oci_db_compartment_id} + - ${oci_db_dbsystem_id} + - ${oci_db_network_compartment_id} + - ${oci_db_existing_vcn_id} + - ${oci_db_dbhome_id} + - ${oci_db_dbhome_major_version} + - ${oci_db_database_id} + - ${oci_db_pdb_service_name} + - ${oci_db_user} + - ${oci_db_secret_compartment_id} + - ${oci_db_password_id} + - ${oci_db_port} + - ${db_existing_vcn_add_secrule} + - ${db_vcn_lpg_id} + #End of JRF fields + - ${deploy_sample_app} + - ${wls_server_startup_args} + - ${thread_pool_limit} + - ${configure_wls_ports} + - ${administration_port} + - ${ms_administration_port} + - ${wls_nm_port} + - ${wls_extern_admin_port} + - ${wls_extern_ssl_admin_port} + - ${wls_ms_extern_port} + - ${wls_ms_extern_ssl_port} + - ${allow_manual_domain_extension} + + - title: "WebLogic Server Compute Instance" + variables: + - ${instance_shape} + - ${wls_ocpu_count} + - ${wls_node_count} + - ${wls_node_count_limit} + #- ${image_mode} + #- ${terms_and_conditions} + - ${wls_availability_domain_name} + - ${place_all_compute_in_same_ad} + - ${wls_subnet_id} + - ${wls_subnet_cidr} + - ${existing_admin_server_nsg_id} + - ${existing_managed_server_nsg_id} + + - title: "Resource Manager Private Endpoint" + variables: + - ${add_rms_private_endpoint} + - ${rms_existing_private_endpoint_id} + + - title: "Bastion Instance" + variables: + - ${is_bastion_with_reserved_public_ip} + - ${bastion_subnet_id} + - ${bastion_subnet_cidr} + - ${bastion_instance_shape} + - ${existing_bastion_nsg_id} + + - title: "Load Balancer" + variables: + - ${load_balancer_strategy_existing_subnet} + - ${load_balancer_strategy_new_subnet} + - ${is_lb_private} + - ${add_lb_reserved_public_ip_id} + - ${lb_reserved_public_ip_id} + - ${lb_subnet_1_id} + - ${lb_subnet_2_id} + - ${lb_subnet_1_cidr} + - ${lb_min_bandwidth} + - ${lb_max_bandwidth} + - ${existing_load_balancer_id} + - ${backendset_name_for_existing_load_balancer} + - ${existing_lb_nsg_id} + + - title: "Identity Cloud Service (IDCS) Integration" + visible: ${is_idcs_selected} + variables: + - ${idcs_host} + - ${idcs_port} + - ${idcs_tenant} + - ${idcs_client_id} + - ${idcs_secret_compartment_id} + - ${idcs_client_secret_id} + - ${idcs_cloudgate_port} + + - title: "Add File System" + visible: ${add_fss} + variables: + - ${add_existing_fss} + - ${fss_availability_domain} + - ${fss_compartment_id} + - ${existing_fss_id} + - ${add_existing_mount_target} + - ${mount_target_compartment_id} + - ${mount_target_id} + - ${mount_target_subnet_id} + - ${mount_target_subnet_cidr} + - ${existing_mount_target_nsg_id} + + - title: "OCI Logging" + variables: + - ${dynamic_group_id} + + - title: "Application Performance Monitoring" + visible: + or: + - ${use_apm_service} + - ${use_autoscaling} + variables: + - ${apm_domain_compartment_id} + - ${apm_domain_id} + - ${apm_private_data_key_name} + + - title: "Autoscaling" + visible: ${use_autoscaling} + variables: + # Metric based autoscaling + - ${wls_metric} + - ${min_threshold_percent} + - ${max_threshold_percent} + - ${min_threshold_counter} + - ${max_threshold_counter} + # Common autoscaling params + - ${ocir_user} + - ${ocir_auth_token_compartment_id} + - ${ocir_auth_token_id} + - ${notification_email} + + - title: "Tagging" + variables: + - ${create_service_tag} + - ${service_tags} + + - title: "Hidden Variables" + visible: false + variables: + - ${tenancy_ocid} + - ${region} + - ${compartment_ocid} + - ${mode} + - ${wls_subnet_name} + - ${bastion_subnet_name} + - ${lb_subnet_1_name} + - ${lb_subnet_2_name} + - ${user_id} + - ${fingerprint} + - ${private_key_path} + - ${wls_edition} + - ${use_marketplace_image} + - ${use_bastion_marketplace_image} + - ${listing_id} + - ${listing_resource_version} + - ${wls_version} + - ${log_level} + #- ${instance_image_id} + - ${marketplace_source_images} + - ${use_regional_subnet} + - ${assign_weblogic_public_ip} + - ${bastion_image_id} + - ${bastion_listing_id} + - ${bastion_listing_resource_version} + - ${existing_bastion_instance_id} + - ${bastion_ssh_private_key} + - ${wls_admin_port} + - ${wls_admin_ssl_port} + - ${wls_ms_port} + - ${wls_ms_ssl_port} + - ${wls_expose_admin_port} + - ${mount_path} + - ${alarm_severity} + - ${enable_autoscaling_alarms} + - ${ocir_region} + - ${ucm_instance_image_id} + - ${ucm_listing_id} + - ${ucm_listing_resource_version} + - ${image_mode} + - ${terms_and_conditions} + - ${generate_dg_tag} + - ${wait_time_wls_vnc_dns_resolver} + - ${wls_14c_jdk_version} + - ${wls_admin_port_source_cidr} + - ${wlsoci_vmscripts_zip_bundle_path} + - ${tf_script_version} + #- ${use_autoscaling} + +outputs: + virtual_cloud_network_id: + type: ocid + title: Virtual Cloud Network Id + is_vcn_peered: + type: link + title: Is VCN Peered + visible: false + weblogic_server_administration_console: + type: link + title: WebLogic Server Administration Console + weblogic_instances: + type: json + title: WebLogic Instances + load_balancer_id: + type: ocid + title: Load balancer Id + load_balancer_ip: + type: copyableString + title: Load Balancer IP + fusion_middleware_control_console: + type: link + title: Fusion Middleware Control Console + provisioning_status: + type: link + title: Provisioning Status + visible: false + sample_application: + type: link + title: Sample Application + sample_application_protected_by_idcs: + type: link + title: Sample Application Protected By IDCS + virtual_cloud_network_cidr: + type: link + title: Virtual Cloud Network CIDR + weblogic_version: + type: link + title: WebLogic Version + jdk_version: + type: link + title: JDK Version + rms_private_endpoint_id: + type: ocid + title: Resource Manager Private Endpoint + bastion_instance_id: + type: ocid + title: Instance Id + bastion_instance_public_ip: + type: copyableString + title: Public Ip + ssh_command: + type: copyableString + title: SSH Command + ssh_command_with_dynamic_port_forwarding: + type: copyableString + title: SSH Command with Dynamic Port Forwarding + fss_system_id: + type: ocid + title: File System Id + mount_target_id: + type: ocid + title: Mount Target Id + listing_version: + type: copyableString + title: Marketplace Listing Version + resource_identifier_value: + type: copyableString + title: Stack Resources System Tag + weblogic_agent_configuration_id: + type: ocid + title: WebLogic Log Agent Configuration Id + visible: false + weblogic_log_group_id: + type: ocid + title: WebLogic Log Group Id + weblogic_log_id: + type: ocid + title: WebLogic Log Id + autoscaling_scaleout_monitoring_alarm_id: + type: ocid + title: Autoscaling ScaleOut Monitoring Alarm Id + autoscaling_scalein_monitoring_alarm_id: + type: ocid + title: Autoscaling ScaleIn Monitoring Alarm Id + autoscaling_function_application_id: + type: ocid + title: Autoscaling Function Application Id + +outputGroups: + - title: WebLogic + outputs: + - ${weblogic_server_administration_console} + - ${sample_application} + - ${fusion_middleware_control_console} + - ${sample_application_protected_by_idcs} + - ${weblogic_version} + - ${weblogic_instances} + - ${jdk_version} + - ${rms_private_endpoint_id} + - title: Networking + outputs: + - ${virtual_cloud_network_id} + - ${load_balancer_id} + - ${virtual_cloud_network_cidr} + - ${load_balancer_ip} + - title: Bastion + outputs: + - ${bastion_instance_id} + - ${ssh_command} + - ${bastion_instance_public_ip} + - ${ssh_command_with_dynamic_port_forwarding} + - title: File Storage + outputs: + - ${fss_system_id} + - ${mount_target_id} + - title: Observability + outputs: + - ${weblogic_log_group_id} + - ${weblogic_log_id} + - ${autoscaling_scaleout_monitoring_alarm_id} + - ${autoscaling_scalein_monitoring_alarm_id} + - ${autoscaling_function_application_id} + - title: Listing + outputs: + - ${listing_version} + - ${resource_identifier_value} + +variables: + # WLS Instance Configuration + service_name: + type: string + minLength: 1 + maxLength: 16 + pattern: "^[a-zA-Z][a-zA-Z0-9]{0,15}$" + title: "Resource Name Prefix" + description: "The names of all compute and network resources will begin with this prefix. It can only contain letters or numbers and must begin with a letter." + required: true + visible: ${orm_create_mode} + + instance_image_id: + visible: ${orm_create_mode} + type: string + required: true + title: "Instance Image OCID" + pattern: ^ocid1.image.*$ + dependsOn: + compartmentId: ${compartment_ocid} + + instance_shape: + type: oci:core:instanceshape:name + #type: oci:core:instanceshapewithflex:name + title: "Compute Shape" + description: "The shape for WebLogic Server compute instances. When scaled-out, the changes to instance shape will apply only to the added nodes." + required: true + default: VM.Standard.E4.Flex + dependsOn: + compartmentId: ${compartment_ocid} + imageId: ${instance_image_id} + + # TODO: remove this when UI uses control with flex shape + wls_ocpu_count: + type: integer + title: "OCPU Count" + description: "The number of OCPU count for instances. Only required for VM.Standard.E3.Flex, VM.Standard.E4.Flex, VM.Standard.E5.Flex, VM.Optimized3.Flex, and VM.Standard3.Flex Shapes. The maximum number of ocpus for VM.Standard.E3.Flex and VM.Standard.E4.Flex is 64, for VM.Standard.E5.Flex is 94, while VM.Optimized3.Flex shape supports 18. When scaled-out, the changes in OCPU count will apply only to the added nodes." + minimum: 1 + maximum: 94 + multipleOf: 1 + default: 1 + required: true + dependsOn: + instance_shape: ${instance_shape} + visible: + or: + - eq: + - ${instance_shape} + - "VM.Standard.E3.Flex" + - eq: + - ${instance_shape} + - "VM.Standard.E4.Flex" + - eq: + - ${instance_shape} + - "VM.Standard.E5.Flex" + - eq: + - ${instance_shape} + - "VM.Optimized3.Flex" + - eq: + - ${instance_shape} + - "VM.Standard3.Flex" + + ssh_public_key: + type: oci:core:ssh:publickey + title: "SSH Public Key" + description: "Use the corresponding private key to access new WebLogic Server compute instances. The keys for existing compute instances remain unchanged." + required: true + + wls_availability_domain_name: + type: oci:identity:availabilitydomain:name + title: "WebLogic Administration Server Availability Domain" + description: "The availability domain in which to create the WebLogic administration server compute instance. If not specified, by default, the compute instance is created in availability domain 1." + required: false + dependsOn: + compartmentId: ${compartment_ocid} + visible: + and: + - ${orm_create_mode} + - or: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - and: + - not: + - ${create_new_subnets} + - eq: + - ${subnet_span} + - "Regional Subnet" + + place_all_compute_in_same_ad: + visible: + and: + - ${orm_create_mode} + - eq: + - ${subnet_span} + - "Regional Subnet" + type: boolean + required: true + default: false + title: "Use Same Availability Domain for all Compute Instances" + description: "Use the same Availability Domain for all Compute instances as that of the WebLogic Administration Server's Compute instance. If this option is not selected, the compute instances will be distributed across Availability Domains." + + wls_node_count: + type: integer + title: "Node Count" + description: "The number of WebLogic Server compute instances, and also the number of managed servers in the domain. The maximum is 8, which can be scaled out to 30 when you edit the domain." + minimum: 1 + multipleOf: 1 + default: 1 + required: true + + wls_node_count_limit: + visible: + not: + - ${orm_create_mode} + type: integer + title: "WebLogic Server Nodes Limit" + description: "The limit for the maximum number of WebLogic Server compute instances, and also the number of managed servers that can be added in the domain." + minimum: 1 + maximum: 30 + multipleOf: 1 + default: 8 + required: true + + wls_admin_user: + visible: + and: + - ${orm_create_mode} + - not: + - ${configure_secure_mode} + type: string + title: "WebLogic Server Admin User Name" + description: "The name of the administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters." + pattern: "^[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "weblogic" + minLength: 8 + maxLength: 128 + required: true + + wls_admin_secret_compartment_id: + type: oci:identity:compartment:id + title: "WebLogic Server Admin Secret Compartment" + description: "The compartment where you have the WebLogic Server administration secret" + required: true + default: ${compartment_ocid} + + wls_admin_password_id: + type: "oci:kms:secret:id" + title: "Validated Secret for WebLogic Server Admin Password" + description: "The secret that contains the administration password in the WebLogic Server domain. Use a WebLogic Administrator password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters ($ # _). For example, Ach1z0#d. To create secrets, see Create Secrets for Passwords." + required: true + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} + + wls_14120_jdk_version: + visible: ${orm_create_mode} + type: enum + title: "Java Development Kit version" + description: "Select the Java Development Kit (JDK) version" + enum: + - "jdk17" + - "jdk21" + required: true + default: "jdk17" + + configure_wls_ports: + visible: ${orm_create_mode} + type: boolean + default: false + title: "Configure Ports" + description: "Configure the ports for administration server, managed server, and cluster. If not selected, default ports will be used. See Default Ports." + + wls_nm_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + type: integer + default: 5556 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server Node Manager Port" + description: "The listen port number for the node manager process on all compute instances" + required: true + + wls_extern_admin_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - not: + - ${configure_secure_mode} + type: integer + default: 7001 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server Admin Console Port" + description: "The administration server port on which to access the administration console" + required: true + + wls_extern_ssl_admin_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - not: + - ${configure_secure_mode} + type: integer + default: 7002 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server Admin Console SSL Port" + description: "The administration server SSL port on which to access the administration console" + required: true + + wls_ms_extern_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - not: + - ${configure_secure_mode} + type: integer + default: 7003 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Managed Server External Port" + description: "The managed server port on which to send application traffic" + required: true + + wls_ms_extern_ssl_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + type: integer + default: 7004 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Managed Server External SSL Port" + description: "The managed server SSL port on which to send application traffic" + required: true + + deploy_sample_app: + visible: + and: + - ${orm_create_mode} + - not: + - eq: + - ${wls_edition} + - "SE" + type: boolean + default: true + title: "Deploy Sample Application" + description: "Deploy an application named sample-app to the WebLogic cluster (Not applicable for Standard Edition)" + + allow_manual_domain_extension: + visible: + not: + - ${orm_create_mode} + type: boolean + default: false + title: "Do Not Update Domain Configuration for Scale Out" + description: "When nodes are added to an existing stack, the domain configuration is not modified. You must manually add the managed servers to your domain configuration after updating the stack. This field applies only to editing an existing stack and not to creating a new one. NOTE: Autoscaling feature if previously enabled, will be disabled, if this option is selected." + + wls_server_startup_args: + type: string + title: "WebLogic Server Startup Arguments" + description: "Server Startup Arguments are used for providing arguments to the Java Virtual Machine for WebLogic Server instances. When scaled-out, the changes to server startup arguments will apply only to the added nodes." + required: false + + create_new_vcn: + visible: ${orm_create_mode} + type: boolean + default: false + title: "Create a Virtual Cloud Network" + description: "Create a new Virtual Cloud Network and subnets" + + create_new_subnets: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + type: boolean + default: false + title: "Create New Subnets" + description: "Create new subnets in the existing Virtual Cloud Network" + + network_compartment_id: + visible: ${orm_create_mode} + type: oci:identity:compartment:id + title: "Network Compartment" + description: "The compartment where you want to create the network resources such as Virtual Cloud Network, security lists, route tables and gateways." + required: false + default: ${compartment_ocid} + + add_fss: + visible: ${orm_create_mode} + type: boolean + default: false + title: "Add File System" + description: "Add file system" + + add_existing_mount_target: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - not: + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: boolean + default: false + title: "Add Existing Mount Target" + description: "Use the existing mount target" + + mount_target_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - or: + - ${add_existing_mount_target} + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: oci:identity:compartment:id + required: true + title: "Mount Target Compartment" + description: "The compartment where you have existing mount target" + default: ${compartment_ocid} + + add_existing_fss: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - and: + - not: + - ${create_new_vcn} + type: boolean + default: false + title: "Existing File System" + description: "Use the existing file system" + + existing_mount_target_nsg_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - ${add_existing_nsg} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - ${add_existing_mount_target} + - not: + - ${add_existing_fss} + type: oci:core:nsg:id + title: "Network Security Group for Mount Target" + description: "The pre-created NSG that is assigned to the mount target" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + subnet_compartment_id: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:identity:compartment:id + title: "Subnet Compartment" + description: "The compartment where you have subnets created" + required: true + default: ${compartment_ocid} + + subnet_type: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: enum + title: "Subnet Type" + description: "Choose between private and public subnets. Warning - If you select a public subnet, ensure to limit the CIDR range to access WebLogic administration console ports (defaults are 7001 and 7002 for http and https)." + enum: + - "Use Private Subnet" + - "Use Public Subnet" + default: "Use Private Subnet" + + subnet_span: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: enum + title: "Subnet Span" + description: "Choose between regional and AD specific subnets" + enum: + - "Regional Subnet" + - "AD Specific Subnet" + required: true + default: "Regional Subnet" + + add_existing_nsg: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: boolean + default: false + required: true + title: "Existing Network Security Groups" + description: "Use existing Network Security Groups (NSG) for existing subnets" + + # Secured Production Mode variables + configure_secure_mode: + visible: ${orm_create_mode} + type: boolean + required: true + default: true + title: "Enable Secured Production Mode" + description: "Configure a secure domain" + + preserve_boot_properties: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: boolean + required: true + default: false + title: "Preserve the boot.properties file for administration server and managed servers" + description: "Preserve the boot.properties file for administration server and managed servers. NOTE: Leaving this unchecked (false) will result in node manager being unable to revive servers if they are killed." + + administration_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - ${configure_secure_mode} + type: integer + default: 9002 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server domain-wide Administration Port" + description: "The domain-wide administration port to configure a secure WebLogic domain" + required: true + + ms_administration_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - ${configure_secure_mode} + type: integer + default: 9004 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "Administration Port for Managed Servers" + description: "The administration port for managed servers to configure a secure WebLogic domain" + required: true + + keystore_password_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: "oci:kms:secret:id" + minLength: 1 + maxLength: 1024 + required: true + title: "Validated Secret for Keystore password" + description: "The secret that contains the keystore password. To create secrets, see Create Secrets for Passwords." + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} + + root_ca_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + pattern: ^ocid1.certificateauthority.*$ + required: true + title: "Existing Root Certificate Authority ID" + description: "The OCID of the existing root certificate authority to issue the certificates" + + cert_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + - ${create_policies} + type: oci:identity:compartment:id + required: false + title: "Certificate Compartment" + description: "The compartment where you want to create the certificate" + default: ${network_compartment_id} + + thread_pool_limit: + visible: + and: + - ${orm_create_mode} + - and: + - ${configure_secure_mode} + type: string + default: 65536 + title: "Throttle the thread pool" + description: "Shared Capacity For Work Managers" + required: true + + wls_primary_admin_user: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + title: "WebLogic Server Admin User Name" + description: "The name of the primary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "wls_user" + minLength: 8 + maxLength: 128 + required: true + + wls_secondary_admin_user: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + title: "Additional WebLogic Server Admin User Name" + description: "The name of the secondary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "wls_user_1" + minLength: 8 + maxLength: 128 + required: true + + wls_secondary_admin_password_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: "oci:kms:secret:id" + title: "Validated Secret for WebLogic Server Admin Password" + description: "The secret that contains the administration password of the secondary administrator in the WebLogic Server domain. Use a WebLogic Administrator password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters ($ # _). For example, Ach1z0#d. To create secrets, see Create Secrets for Passwords." + required: true + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} + + # WLS Network Configuration + wls_vcn_name: + visible: + and: + - ${orm_create_mode} + - ${create_new_vcn} + type: string + default: '' + minLength: 1 + maxLength: 255 + pattern: "^[a-zA-Z_]\\w{0,254}$" + required: true + title: "Virtual Cloud Network Name" + description: "The name of the new Virtual Cloud Network (VCN) to create for this service" + + wls_existing_vcn_id: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + type: oci:core:vcn:id + dependsOn: + compartmentId: ${network_compartment_id} + required: true + default: '' + title: "Existing Network" + description: "An existing Virtual Cloud Network (VCN) in which to create the compute instances, network resources, and load balancers. Existing Virtual Cloud Network can be validated using the network validation script. See Validate Existing Network Setup" + + wls_vcn_cidr: + visible: + and: + - ${orm_create_mode} + - ${create_new_vcn} + type: string + default: 10.0.0.0/16 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + title: "Virtual Cloud Network CIDR" + description: "The CIDR to assign to the new Virtual Cloud Network (VCN) to create for this service" + + wls_subnet_cidr: + visible: + and: + - ${orm_create_mode} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + type: string + default: 10.0.2.0/24 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: "WebLogic Server Subnet CIDR" + description: "The CIDR of the new subnet to create for WebLogic Server compute instances. This field is required only if you want to use new subnets. The new subnet's CIDR should not overlap with any other subnet CIDRs." + + mount_target_subnet_cidr: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - not: + - ${add_existing_fss} + - not: + - ${add_existing_mount_target} + type: string + default: 10.0.5.0/24 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: "Mount Target Subnet CIDR" + description: "The CIDR of the new subnet to create for mount target. This field is required only if you want to use new subnets. The new subnet's CIDR should not overlap with any other subnet CIDRs." + + wls_subnet_id: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: + not: + - eq: + - ${subnet_type} + - "Use Private Subnet" + hidePublicSubnet: + not: + - eq: + - ${subnet_type} + - "Use Public Subnet" + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet for WebLogic Server" + description: "An existing subnet to use for WebLogic Server compute instances. This subnet must already be present in the chosen VCN." + + mount_target_subnet_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - ${add_existing_fss} + - not: + - ${add_existing_mount_target} + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: + not: + - eq: + - ${subnet_type} + - "Use Private Subnet" + hidePublicSubnet: + not: + - eq: + - ${subnet_type} + - "Use Public Subnet" + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet for Mount Target" + description: "An existing subnet to use for mount target. This subnet must already be present in the chosen VCN." + + assign_weblogic_public_ip: + visible: ${orm_create_mode} + type: boolean + default: true + title: "Assign Public IP Addresses to WebLogic Server" + description: "If not selected, the WebLogic Server compute instances are created in a new private subnet. The compute instances, admin console, and applications will not be directly accessible from clients that are external to Oracle Cloud." + + is_bastion_instance_required: + visible: + and: + - ${orm_create_mode} + - and: + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - eq: + - ${subnet_type} + - "Use Public Subnet" + type: boolean + default: false + title: "Provision Bastion Instance" + description: "Provision a bastion compute instance on a public subnet to provide access to the WebLogic Server compute instances on a private subnet. If this and resource manager private endpoint are not selected, you must check the status of domain creation on the compute instance using /u01/logs/provisioning.log file, and any failures during domain creation are reported." + + is_rms_private_endpoint_required: + visible: + and: + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - eq: + - ${subnet_type} + - "Use Public Subnet" + type: boolean + default: true + title: "Use Resource Manager Private Endpoint" + description: "Provision a resource manager private endpoint on a private subnet to check the provisioning status of the private resources. If this and bastion are not selected, you must check the status of domain creation on the compute instance using /u01/logs/provisioning.log file, and any failures during domain creation are reported." + + add_rms_private_endpoint: + visible: + and: + - ${is_rms_private_endpoint_required} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + type: enum + enum: + - "Use Existing Resource Manager Endpoint" + - "Create New Resource Manager Endpoint" + default: "Use Existing Resource Manager Endpoint" + title: "Create or Use Existing Resource Manager Endpoint" + description: "Configure a new or existing resource manager private endpoint." + required: true + + rms_existing_private_endpoint_id: + visible: + and: + - ${is_rms_private_endpoint_required} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - eq: + - ${add_rms_private_endpoint} + - "Use Existing Resource Manager Endpoint" + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + type: oci:resourcemanager:privateendpoint:id + required: true + title: "Resource Manager Private Endpoint" + description: "Resource manager private endpoint for private access." + + is_bastion_with_reserved_public_ip: + visible: + and: + - or: + - ${is_bastion_instance_required} + - ${create_new_vcn} + - ${create_new_subnets} + - or: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - and: + - not: + - ${create_new_subnets} + - eq: + - ${subnet_type} + - "Use Private Subnet" + type: boolean + default: false + title: "Assign Reserved Public IP to Bastion Instance" + description: "Provision a bastion compute instance with a reserved public IP" + + bastion_subnet_name: + type: string + default: 'bastion-subnet' + title: "Bastion Host Subnet Name" + description: "Subnet name for Bastion host" + + bastion_subnet_cidr: + visible: + and: + - ${orm_create_mode} + - or: + - ${is_bastion_instance_required} + - ${create_new_vcn} + - ${create_new_subnets} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + type: string + default: 10.0.1.0/24 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: "Bastion Host Subnet CIDR" + description: "The CIDR of the new public subnet to create for a Bastion compute instance. This field is required only if you did not assign public IP addresses to WebLogic Server. The new subnet's CIDR should not overlap with any other subnet CIDRs." + + bastion_subnet_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_bastion_instance_required} + - eq: + - ${subnet_type} + - "Use Private Subnet" + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: true + hidePublicSubnet: false + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet for Bastion Host" + description: "An existing public subnet to use for a Bastion compute instance. This subnet must already be present in the chosen VCN. This field is required only if you did not assign public IP addresses to WebLogic Server." + + bastion_instance_shape: + visible: + and: + - ${orm_create_mode} + - and: + - or: + - ${is_bastion_instance_required} + - ${create_new_vcn} + - ${create_new_subnets} + - eq: + - ${subnet_type} + - "Use Private Subnet" + type: oci:core:instanceshape:name + #type: oci:core:instanceshapewithflex:name + title: "Bastion Host Shape" + description: "The shape for bastion compute instance" + required: true + dependsOn: + compartmentId: ${compartment_ocid} + imageId: ${bastion_image_id} + + existing_bastion_nsg_id: + visible: + and: + - ${orm_create_mode} + - ${is_bastion_instance_required} + - ${add_existing_nsg} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + - not : + - eq: + - ${subnet_type} + - "Use Public Subnet" + type: oci:core:nsg:id + title: "Network Security Group for Bastion Host" + description: "The pre-created NSG that is assigned to the bastion instance" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + existing_admin_server_nsg_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${add_existing_nsg} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:core:nsg:id + title: "Network Security Group for WebLogic Administration Server Node" + description: "The pre-created NSG that is assigned to the virtual machine of the administration server node" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + existing_managed_server_nsg_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${add_existing_nsg} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:core:nsg:id + title: "Network Security Group for WebLogic Managed Server Node" + description: "The pre-created NSG that is assigned to the virtual machine of the managed server node" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + + # Load Balancer Configuration + add_load_balancer: + type: boolean + default: true + title: "Provision Load Balancer" + description: "Provision a load balancer in Oracle Cloud Infrastructure to distribute application traffic to the managed servers in the domain" + + load_balancer_strategy_new_subnet: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + type: enum + enum: + - "Create New Load Balancer" + default: "Create New Load Balancer" + title: "Create New Load Balancer" + description: "Configure a new load balancer in Oracle Cloud Infrastructure to distribute application traffic to the managed servers in the domain. Load balancer is required for metrics based autoscaling and Oracle Identity Cloud Service (IDCS)." + required: true + + load_balancer_strategy_existing_subnet: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: enum + enum: + - "Create New Load Balancer" + - "Use Existing Load Balancer" + default: "Create New Load Balancer" + title: "Create or Use Existing Load Balancer" + description: "Configure a new or existing load balancer in Oracle Cloud Infrastructure to distribute application traffic to the managed servers in the domain. Load balancer is required for metrics based autoscaling and Oracle Identity Cloud Service (IDCS)." + required: true + + existing_load_balancer_id: + visible: + and: + - and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: string + pattern: ^ocid1.loadbalancer.*$ + title: "Existing Load Balancer ID" + description: "The OCID of the existing load balancer. If you use an existing load balancer, the WebLogic Server nodes are added to the backend set of the existing load balancer." + required: true + + backendset_name_for_existing_load_balancer: + visible: + and: + - and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: string + title: "Existing Load Balancer Backend Set Name" + description: "Name of the backend set for the existing load balancer. The backend set should not have any associated backends. Ensure that you have configured a routing policy for the backend set." + required: true + + is_lb_private: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - eq: + - ${subnet_type} + - "Use Private Subnet" + - not: + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: boolean + default: false + title: "Private Load balancer" + description: "Provision a private load balancer" + + add_lb_reserved_public_ip_id: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - not: + - ${is_lb_private} + - not: + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: boolean + default: false + title: "Load Balancer with Reserved Public IP" + description: "Provision a load balancer with a reserved public IP" + + lb_reserved_public_ip_id: + visible: + and: + - ${add_lb_reserved_public_ip_id} + - not: + - ${is_lb_private} + - not: + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: string + title: "Reserved Public IP OCID for Load Balancer" + required: true + description: "The OCID of the reserved public IP address for the load balancer" + pattern: ^ocid1.publicip.*$ + + lb_subnet_1_cidr: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + type: string + default: 10.0.3.0/24 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: "Load Balancer Subnet CIDR" + description: "The CIDR of the new subnet to create for the load balancer. The new subnet's CIDR should not overlap with any other subnet CIDRs." + + lb_subnet_1_id: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: + not: + - ${is_lb_private} + hidePublicSubnet: ${is_lb_private} + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet for Load Balancer" + description: "An existing subnet to use for the load balancer. This subnet must already be present in the chosen VCN." + + lb_subnet_2_id: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - not: + - ${is_lb_private} + - and: + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - eq: + - ${subnet_span} + - "AD Specific Subnet" + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: + not: + - ${is_lb_private} + hidePublicSubnet: ${is_lb_private} + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet 2 for Load Balancer" + description: "An existing subnet to use for the second load balancer node. This field is required only if you are not using regional subnets." + + lb_min_bandwidth: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - or: + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Create New Load Balancer" + - and: + - or: + - and: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_new_subnet} + - "Create New Load Balancer" + type: integer + title: "Minimum Bandwidth for Flexible Load Balancer" + description: "Create flexible shape load balancer with minimum bandwidth. The minimum service limit is 10 Mbps." + minimum: 10 + maximum: 8000 + default: 10 + required: true + + lb_max_bandwidth: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - or: + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Create New Load Balancer" + - and: + - or: + - and: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_new_subnet} + - "Create New Load Balancer" + type: integer + title: "Maximum Bandwidth for Flexible Load Balancer" + description: "Create flexible shape load balancer with maximum bandwidth. The maximum service limit is 8000 Mbps. Check the service limits page in the Console to provide accurate service limits." + minimum: 10 + maximum: 8000 + default: 400 + required: true + + existing_lb_nsg_id: + visible: + and: + - ${add_existing_nsg} + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_new_subnet} + - "Create New Load Balancer" + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Create New Load Balancer" + type: oci:core:nsg:id + title: "Network Security Group for Load Balancer" + description: "The pre-created NSG that is assigned to the load balancer" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + create_policies: + type: boolean + title: "OCI Policies" + description: "Create policies to read Secrets from Vault and manage Autonomous Transaction Processing Database (if applicable). Deselecting this option is for Advanced users only. Before you deselect the check box, see Create Root Policies to create the required groups and relevant policies." + required: false + default: true + + add_JRF: + visible: + and: + - ${orm_create_mode} + type: boolean + default: false + title: "Provision with JRF" + description: "Deploy the Java Required Files (JRF) components and create the JRF schemas on the selected database" + + db_strategy: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + type: enum + title: "Database Strategy" + description: "Choose the database strategy for WebLogic Server" + enum: + - "Autonomous Transaction Processing Database" + - "Database System" + default: "Autonomous Transaction Processing Database" + required: true + + use_oci_db_connection_string: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - not: + - ${create_new_vcn} + - eq: + - ${db_strategy} + - "Database System" + type: boolean + title: "Use Database Connection String" + description: "Use database connection string to create a single instance datasource for JRF schemas. You cannot create an Active GridLink or a Multi Data Source using this database connection string. For the database connection string, see Configure Database Parameters and VCN Peering." + default: false + + oci_db_connection_string: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - ${use_oci_db_connection_string} + - eq: + - ${db_strategy} + - "Database System" + - not: + - ${create_new_vcn} + type: string + title: "Oracle Database Connection String" + description: "Oracle database connection string to connect to database. Example: //{scan_hostname}.{host_domain_name}:{db_port}/{pdb_or_sid}.{Host Domain Name}" + pattern: ^(\/\/) + required: true + + # ATP DB Configuration + atp_db_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + type: oci:identity:compartment:id + required: true + title: "Autonomous Database Compartment" + description: "The compartment in which the Autonomous Transaction Processing (ATP) database is found" + + atp_db_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + type: oci:database:autonomousdatabase:id + dependsOn: + compartmentId: ${atp_db_compartment_id} + required: true + title: "Autonomous Database" + description: "The Autonomous Transaction Processing (ATP) database in which to provision the schemas for a JRF-enabled WebLogic Server domain" + + atp_db_secret_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + type: oci:identity:compartment:id + title: "Autonomous Database Secret Compartment" + description: "The compartment where you have the ATP database secret" + required: true + default: ${compartment_ocid} + + atp_db_password_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + type: "oci:kms:secret:id" + dependsOn: + compartmentId: ${atp_db_secret_compartment_id} + required: true + title: "Validated Secret for Autonomous Database Admin Password" + description: "The secret that contains the administration user password in the ATP database. To create secrets, see Create Secrets for Passwords." + + atp_db_level: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + type: enum + enum: + - low + - tp + - tpurgent + default: low + title: "Autonomous Database Service Level" + description: "The service level that the WebLogic Server domain should use to connect to the autonomous database. The default is low." + + atp_db_uses_private_endpoint: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + type: boolean + default: false + title: "Database uses private endpoint" + description: "The Autonomous Transaction Processing (ATP) database uses private endpoint for network access" + + atp_db_network_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + - ${atp_db_uses_private_endpoint} + type: oci:identity:compartment:id + required: true + title: "Autonomous Database Network Compartment" + description: "The compartment in which the ATP database Virtual Cloud Network is found" + default: ${compartment_ocid} + + atp_db_existing_vcn_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + - ${atp_db_uses_private_endpoint} + type: oci:core:vcn:id + dependsOn: + compartmentId: ${atp_db_network_compartment_id} + required: true + default: '' + title: "Autonomous Database Network" + description: "An existing Virtual Cloud Network (VCN) used by ATP database with private endpoint. If the selected VCN is different from WebLogic Server VCN then local VCN peering will be setup. When using VCN peering ensure that the VCNs being peered have non-overlapping CIDR blocks." + + oci_db_network_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Database System" + - or: + - ${create_new_vcn} + - not: + - ${use_oci_db_connection_string} + type: oci:identity:compartment:id + required: true + title: "DB System Network Compartment" + description: "The compartment in which the DB System Virtual Cloud Network is found" + default: ${compartment_ocid} + + db_existing_vcn_add_secrule: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - ${create_policies} + - or: + - and: + - eq: + - ${db_strategy} + - "Database System" + - or: + - ${create_new_vcn} + - not: + - ${use_oci_db_connection_string} + - and: + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + - ${atp_db_uses_private_endpoint} + type: boolean + default: true + title: "Create Database Security List" + description: "Add a security list to the DB subnet or a security rule to the Network Security Group for ATP Database with private endpoint that allows connections from the WebLogic Server subnet" + + # OCI DB Configuration + + oci_db_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Database System" + - or: + - ${create_new_vcn} + - not: + - ${use_oci_db_connection_string} + type: oci:identity:compartment:id + required: true + title: "DB System Compartment" + description: "The compartment in which the DB System is found" + default: ${compartment_ocid} + + oci_db_existing_vcn_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Database System" + - or: + - ${create_new_vcn} + - not: + - ${use_oci_db_connection_string} + type: oci:core:vcn:id + dependsOn: + compartmentId: ${oci_db_network_compartment_id} + required: true + default: '' + title: "DB System Network" + description: "An existing Virtual Cloud Network (VCN) used by DB System. If the selected VCN is different from WebLogic Server VCN then local VCN peering will be setup. When using VCN peering ensure that the VCNs being peered have non-overlapping CIDR blocks." + + oci_db_dbsystem_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Database System" + - or: + - ${create_new_vcn} + - not: + - ${use_oci_db_connection_string} + type: oci:database:dbsystem:id + dependsOn: + compartmentId: ${oci_db_compartment_id} + required: true + title: "DB System" + description: "The Oracle Cloud Infrastructure DB System to use for this WebLogic Server domain" + + oci_db_dbhome_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Database System" + - or: + - ${create_new_vcn} + - not: + - ${use_oci_db_connection_string} + type: oci:database:dbhome:id + required: true + title: "Database home in the DB System" + description: "The database home within the DB System" + dependsOn: + compartmentId: ${oci_db_compartment_id} + dbSystemId: ${oci_db_dbsystem_id} + + oci_db_dbhome_major_version: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Database System" + - or: + - ${create_new_vcn} + - not: + - ${use_oci_db_connection_string} + type: oci:database:dbhome:dbversion + title: "Version of Database home in the DB System" + description: "The version of database home within the DB System" + dependsOn: + dbHomeId: ${oci_db_dbhome_id} + + oci_db_database_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Database System" + - or: + - ${create_new_vcn} + - not: + - ${use_oci_db_connection_string} + type: oci:database:database:id + dependsOn: + compartmentId: ${oci_db_compartment_id} + dbHomeId: ${oci_db_dbhome_id} + required: true + title: "Database in the DB System" + description: "The database within the DB System in which to provision the schemas for a JRF-enabled WebLogic Server domain" + + oci_db_pdb_service_name: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - not: + - eq: + - ${oci_db_dbhome_major_version} + - "11" + - eq: + - ${db_strategy} + - "Database System" + + type: string + required: true + title: "PDB" + description: "The name of the pluggable database (PDB) in which to provision the schemas for a JRF-enabled WebLogic Server domain. This is required for Oracle Database 12c or later." + + oci_db_user: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - eq: + - ${db_strategy} + - "Database System" + type: string + default: SYS + pattern: "^[a-zA-Z][a-zA-Z0-9]{1,49}$" + minLength: 2 + maxLength: 50 + title: "Database Administrator" + description: "The name of a database user with SYSDBA privileges" + required: true + + oci_db_port: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - and: + - eq: + - ${db_strategy} + - "Database System" + - or: + - ${create_new_vcn} + - not: + - ${use_oci_db_connection_string} + type: integer + default: 1521 + title: "Database Listener Port" + description: "The Listener Port for the Database" + required: false + + oci_db_secret_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - eq: + - ${db_strategy} + - "Database System" + type: oci:identity:compartment:id + title: "OCI DB Admin Password Secret Compartment" + description: "The compartment where you have the OCI DB administration password secret" + required: true + default: ${compartment_ocid} + + oci_db_password_id: + visible: + and: + - ${orm_create_mode} + - ${add_JRF} + - eq: + - ${db_strategy} + - "Database System" + type: "oci:kms:secret:id" + dependsOn: + compartmentId: ${oci_db_secret_compartment_id} + required: true + title: "Validated Secret for OCI DB Admin Password" + description: "The secret that contains the database administration password. To create secrets, see Create Secrets for Passwords." + + db_vcn_lpg_id: + visible: + and: + - ${add_JRF} + - or: + - and: + - eq: + - ${db_strategy} + - "Database System" + - not: + - ${use_oci_db_connection_string} + - or: + - ${create_new_vcn} + - and: + - ${create_new_subnets} + - not: + - eq: + - ${wls_existing_vcn_id} + - ${oci_db_existing_vcn_id} + - and: + - eq: + - ${db_strategy} + - "Autonomous Transaction Processing Database" + - ${atp_db_uses_private_endpoint} + - or: + - ${create_new_vcn} + - and: + - ${create_new_subnets} + - not: + - eq: + - ${wls_existing_vcn_id} + - ${atp_db_existing_vcn_id} + + type: string + title: "Local Peering Gateway in Database VCN" + pattern: ^ocid1.localpeeringgateway.*$ + required: true + description: "The OCID of the Local Peering Gateway (LPG) in the database VCN, used to peer the WebLogic VCN" + + # Tagging variables + create_service_tag: + visible: ${orm_create_mode} + type: boolean + title: "Add Tags" + default: false + description: "Add tags to the resources created by the WebLogic for OCI stack" + + service_tags: + visible: + and: + - ${orm_create_mode} + - ${create_service_tag} + type: oci:identity:tag:value + title: "Service Tagging" + required: false + + # IDCS variables + is_idcs_selected: + type: boolean + default: false + title: "Enable Authentication Using Identity Cloud Service" + description: "Authenticate WebLogic Server users against Oracle Identity Cloud Service (IDCS). If not selected, WebLogic Server uses the local identity store. If you select the check box, load balancer will be provisioned." + visible: ${orm_create_mode} + + idcs_host: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: string + minLength: 1 + maxLength: 1024 + title: "IDCS Host Domain Name" + description: "The domain name for the host that you use to access Identity Cloud Service" + required: true + default: "identity.oraclecloud.com" + + idcs_port: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: integer + default: 443 + minimum: 0 + maximum: 65535 + multipleOf: 1 + title: "IDCS Port" + description: "The port number that you use to access Identity Cloud Service" + required: true + + idcs_tenant: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: string + minLength: 1 + maxLength: 1024 + title: "IDCS Tenant" + description: "The ID of your Identity Cloud Service tenant, which typically has the format idcs-{guid}, and is part of the host name that you use to access Identity Cloud Service" + required: true + + idcs_client_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: string + minLength: 1 + maxLength: 1024 + title: "IDCS Client ID" + description: "The client ID of a confidential application in Identity Cloud Service that is used to create the necessary artifacts in Identity Cloud Service. This application needs to be configured as client, and has to be granted with access to Identity Cloud Service Admin APIs, with Identity Domain Administrator app role. See Create a Confidential Application." + required: true + + idcs_secret_compartment_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: oci:identity:compartment:id + title: "IDCS Secret Compartment" + description: "The compartment where you have the IDCS secret" + required: true + default: ${compartment_ocid} + + idcs_client_secret_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: "oci:kms:secret:id" + minLength: 1 + maxLength: 1024 + title: "Validated Secret for IDCS Client" + description: "The secret that contains the client secret of the confidential application password in IDCS, which is used to create the necessary artifacts in IDCS. To create secrets, see Create Secrets for Passwords." + required: true + dependsOn: + compartmentId: ${idcs_secret_compartment_id} + + idcs_cloudgate_port: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: integer + default: 9999 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "IDCS Redirect Port" + description: "The listen port for the Identity Cloud Service App Gateway, which authenticates requests and redirects them to WebLogic Server" + required: true + + fss_availability_domain: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - not: + - and: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + - not: + - ${add_existing_fss} + - not: + - ${add_existing_mount_target} + type: oci:identity:availabilitydomain:name + title: "File System Availability Domain" + description: "The name of the availability domain for the file system and mount target" + dependsOn: + compartmentId: ${compartment_ocid} + required: true + + fss_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: oci:identity:compartment:id + required: true + title: "Existing File System Compartment" + description: "The compartment where the file system exists" + default: ${compartment_ocid} + + mount_target_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - or: + - ${add_existing_mount_target} + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: oci:mount:target:id + title: "Existing Mount Target" + description: "The existing mount target to select from file system availability domain and mount target compartment" + dependsOn: + compartmentId: ${mount_target_compartment_id} + availabilityDomain: ${fss_availability_domain} + required: true + + existing_fss_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: string + title: "Existing File System ID" + description: "The Oracle Cloud Identifier (OCID) of your existing file system. The existing file system must be in the same availability domain as the existing mount target." + pattern: ^$|^ocid1.filesystem.*$ + required: true + + + use_oci_logging: + type: boolean + default: false + title: "Enable Exporting Logs to OCI Logging Service" + description: "Enable logging service integration for WebLogic instances" + + dynamic_group_id: + visible: + and: + - ${use_oci_logging} + - not: + - ${create_policies} + type: oci:identity:dynamicgroups:id + title: "Dynamic Group OCID for WebLogic Server Instances" + dependsOn: + compartmentId: ${tenancy_ocid} + description: "The OCID of the dynamic group that contains the WebLogic instances from which logs will be exported to OCI Logging Service." + required: true + + image_mode: + visible: + not: + - ${orm_create_mode} + type: enum + title: "Image for Scale Out" + description: "The selected image is used for scale out. A BYOL image requires a WebLogic License with valid support contract. UCM images are charged per OCPU/hour for the entitlement and WebLogic support." + required: true + enum: + - "Oracle WebLogic Server BYOL Image" + - "Oracle WebLogic Server Enterprise Edition UCM Image" + default: "Oracle WebLogic Server BYOL Image" + + terms_and_conditions: + visible: + and: + - eq: + - ${image_mode} + - "Oracle WebLogic Server Enterprise Edition UCM Image" + type: boolean + default: false + title: "Terms of use" + description: "I have reviewed and accept the Oracle terms of use" + required: true + + use_apm_service: + type: boolean + default: false + title: "Enable Application Performance Monitoring" + description: "Enable Application Performance Monitoring for WebLogic instances, which is required for automatic scaling of the stack. If you automatically scale the stack, you must not unselect the Enable Application Performance Monitoring option when editing the stack." + + apm_domain_compartment_id: + visible: + -or: + - ${use_apm_service} + - ${use_autoscaling} + type: oci:identity:compartment:id + title: "Application Performance Monitoring Domain Compartment" + description: "The compartment where you have the Application Performance Monitoring domain to be used by this WebLogic instance" + required: true + default: ${compartment_ocid} + + apm_domain_id: + visible: + -or: + - ${use_apm_service} + - ${use_autoscaling} + type: oci:apm:domain:id + title: "Application Performance Monitoring Domain" + description: "The Application Performance Monitoring domain used by this WebLogic instance" + required: true + dependsOn: + compartmentId: ${apm_domain_compartment_id} + + apm_private_data_key_name: + visible: + -or: + - ${use_apm_service} + - ${use_autoscaling} + type: string + title: "Application Performance Monitoring Private Data Key Name" + description: "The name of the private data key used by this WebLogic instance to push metrics to the Application Performance Monitoring domain" + required: true + + use_autoscaling: + visible: + and: + - ${orm_create_mode} + type: boolean + default: false + title: "Enable Autoscaling" + description: "Enable Auto Scaling of WebLogic Instances based on WebLogic Monitoring Metrics. If you select the check box, Application Performance Monitoring will be enabled." + + # Metric based autoscaling UI + wls_metric: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + type: enum + title: "WebLogic Monitoring Metrics" + description: "WebLogic monitoring metrics type" + enum: + - CPU Load + - Used Heap Percent + - Queue Length + - Stuck Threads + default: CPU Load + required: true + + min_threshold_percent: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - or: + - eq: + - ${wls_metric} + - "CPU Load" + - eq: + - ${wls_metric} + - "Used Heap Percent" + + type: integer + title: "Minimum Threshold Percent" + description: "Minimum Threshold Percent for the metric" + minimum: 0 + maximum: 100 + required: true + + max_threshold_percent: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - or: + - eq: + - ${wls_metric} + - "CPU Load" + - eq: + - ${wls_metric} + - "Used Heap Percent" + + type: integer + title: "Maximum Threshold Percent" + description: "Maximum threshold percentage for the metric" + minimum: 0 + maximum: 100 + required: true + + min_threshold_counter: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - or: + - eq: + - ${wls_metric} + - "Queue Length" + - eq: + - ${wls_metric} + - "Stuck Threads" + type: integer + title: "Minimum Threshold Counter" + description: "Minimum threshold counter for the metric" + minimum: 0 + required: true + + max_threshold_counter: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - or: + - eq: + - ${wls_metric} + - "Queue Length" + - eq: + - ${wls_metric} + - "Stuck Threads" + type: integer + title: "Maximum Threshold Counter" + description: "Maximum threshold counter for the metric" + minimum: 0 + required: true + + # Common autoscaling UI + ocir_user: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + type: string + title: "Registry User Name" + description: "The user name to access the Oracle Cloud Infrastructure Registry (OCIR) for deploying autoscaling OCI functions, which has the format {identity domain name}/{username}. If your tenancy is using Oracle Identity Cloud Service, use the format oracleidentitycloudservice/{username}." + required: true + + ocir_auth_token_compartment_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - ${config_observability} + type: oci:identity:compartment:id + title: "OCIR Auth Token Secret Compartment" + description: "The compartment where you have the OCIR auth token" + required: true + default: ${compartment_ocid} + + ocir_auth_token_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - ${config_observability} + type: "oci:kms:secret:id" + title: "Validated Secret for OCIR Auth Token" + description: "The secret that contains the OCIR auth token that you generated for the user to access the image registry" + required: true + dependsOn: + compartmentId: ${ocir_auth_token_compartment_id} + + notification_email: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + type: string + title: "Notification Email" + description: "Email address to which scaling notifications are sent" + pattern: ^$|^(?!^[.+&'_-]*@.*$)(^[_\w\d+&'-]+(\.[_\w\d+&'-]*)*@[\w\d-]+(\.[\w\d-]+)*\.(([\d]{1,3})|([\w]{2,}))$)$ + required: false + + # Hidden Variables + mount_path: + type: string + title: "Mount Path on the WebLogic Server instances" + description: "The path to mount the file system on the WebLogic Server instances" + + mode: + type: enum + title: "Terraform mode" + description: "Select Terraform mode for development or production. In development mode, local VM scripts zip is seeded on WLS VMs." + enum: + - PROD + - DEV + default: PROD + + wls_subnet_name: + type: string + default: 'wls-subnet' + title: "WebLogic Server Subnet Name" + description: "The name of the new subnet to create for WebLogic Server compute instances. This field is required only if you want to use an existing VCN." + + lb_subnet_1_name: + type: string + default: 'lb-subnet-1' + title: "Load Balancer Subnet Name" + description: "The name of the new subnet to create for the load balancer" + + lb_subnet_2_name: + type: string + default: 'lb-subnet-2' + title: "Load Balancer Subnet 2 Name" + description: "The name of the subnet to create for the second load balancer node. This field is required only if you are not using regional subnets." + + user_id: + type: string + + private_key_path: + type: string + + fingerprint: + type: string + + wls_edition: + type: string + + use_regional_subnet: + type: boolean + + use_marketplace_image: + type: boolean + default: true + + use_bastion_marketplace_image: + type: boolean + default: true + + listing_resource_version: + type: string + + listing_id: + type: string + + tf_script_version: + type: string + + # tenancy_ocid, compartment_ocid, and user_ocid are predefined variables. Do not change them. + + tenancy_ocid: + type: string + title: "Tenancy ID" + description: "The Oracle Cloud Identifier (OCID) for your tenancy" + required: true + + region: + type: oci:identity:region:name + title: "Region" + description: "The region in which to create all resources" + required: true + + log_level: + type: enum + title: "Log Level" + description: "Log level" + enum: + - DEBUG + - INFO + default: INFO + + bastion_image_id: + type: string + title: "Base Linux Instance OCID" + description: "The Oracle Cloud Identifier (OCID) for PIC image" + + bastion_listing_id: + type: string + title: "Base Linux Marketplace listing Id" + description: "The Base Linux Marketplace listing Id for PIC image" + + bastion_listing_resource_version: + type: string + title: "Base Linux Marketplace listing version" + description: "The Base Linux Marketplace listing version for PIC image" + + compartment_ocid: + type: oci:identity:compartment:id + title: "WebLogic Server Compartment" + description: "The compartment in which to create the WebLogic Server compute instances" + required: true + + wls_version: + type: enum + title: "Weblogic Server Version" + description: "The version of WebLogic Server to provision" + enum: + - 12.2.1.4 + - 14.1.1.0 + - 14.1.2.0 + default: 12.2.1.4 diff --git a/terraform/weblogic_variables.tf b/terraform/weblogic_variables.tf index 95a60e9a..d011ed94 100644 --- a/terraform/weblogic_variables.tf +++ b/terraform/weblogic_variables.tf @@ -3,11 +3,11 @@ variable "wls_version" { type = string - description = "The WebLogic version to be installed for this stack. Accepted values are: 12.2.1.4, 14.1.1.0" + description = "The WebLogic version to be installed for this stack. Accepted values are: 12.2.1.4, 14.1.1.0, 14.1.2.0" default = "12.2.1.4" validation { - condition = contains(["12.2.1.4", "14.1.1.0"], var.wls_version) - error_message = "WLSC-ERROR: Allowed values for wls_version are 12.2.1.4, 14.1.1.0." + condition = contains(["12.2.1.4", "14.1.1.0","14.1.2.0"], var.wls_version) + error_message = "WLSC-ERROR: Allowed values for wls_version are 12.2.1.4, 14.1.1.0 & 14.1.2.0." } } @@ -60,6 +60,16 @@ variable "wls_14c_jdk_version" { } } +variable "wls_14120_jdk_version" { + type = string + description = "JDK version to use when installing WebLogic 14.1.2.0 version. Ignored when WebLogic version is not 14.1.2.0. Allowed values: jdk21, jdk17" + default = "jdk17" + validation { + condition = contains(["jdk17", "jdk21"], var.wls_14120_jdk_version) + error_message = "WLSC-ERROR: Allowed values for wls_14120_jdk_version are jdk17, jdk21." + } +} + # Variable used in UI only variable "configure_wls_ports" { type = bool @@ -192,7 +202,6 @@ variable "deploy_sample_app" { variable "configure_secure_mode" { type = bool description = "Set to true to configure a secure WebLogic domain" - default = false } variable "preserve_boot_properties" { From ee97bc1715e2730de1ee4efbef2a7fd29259d7a9 Mon Sep 17 00:00:00 2001 From: telake Date: Tue, 11 Mar 2025 12:23:43 -0700 Subject: [PATCH 43/61] Split policy statements in two due to OCI 50 statement policy limit (#307) Split policy statements in two due to OCI 50 statement policy limit. --- terraform/modules/policies/locals.tf | 2 +- terraform/modules/policies/wlsc_policies.tf | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index c6e79411..4e038ad7 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -129,7 +129,7 @@ locals { secure_mode_statement = compact([local.secure_mode_statement1, local.secure_mode_statement2, local.secure_mode_statement3, local.secure_mode_statement4, local.secure_mode_statement5, local.secure_mode_secrets_policy_statement1, local.secure_mode_secrets_policy_statement2]) #TODO: When other categories with more statements are added here, concat them with service_statements - policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.plugin_policy_statement, local.autoscaling_statements, local.secure_mode_statement) + policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.plugin_policy_statement, local.secure_mode_statement) reserved_ips_info = var.compartment_id == "" ? [{ id = var.resource_name_prefix }] : [] diff --git a/terraform/modules/policies/wlsc_policies.tf b/terraform/modules/policies/wlsc_policies.tf index 5296f953..a4e6f12b 100644 --- a/terraform/modules/policies/wlsc_policies.tf +++ b/terraform/modules/policies/wlsc_policies.tf @@ -15,3 +15,19 @@ resource "oci_identity_policy" "wlsc_oci_policy" { } } + +resource "oci_identity_policy" "wlsc_oci_policy_autoscaling" { + + count = var.use_autoscaling?1:0 + + compartment_id = var.tenancy_id + description = "Autoscaling Policies required for WLS on OCI" + name = "${local.label_prefix}-oci-policy-autoscaling" + statements = local.autoscaling_statements + + defined_tags = var.tags.defined_tags + freeform_tags = var.tags.freeform_tags + lifecycle { + ignore_changes = [defined_tags, freeform_tags] + } +} \ No newline at end of file From 36767b7d260c1a5063e9fa82057bcc1c84f439fb Mon Sep 17 00:00:00 2001 From: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Date: Tue, 11 Mar 2025 21:22:30 -0700 Subject: [PATCH 44/61] Fix the mp script and uptake image values. (#308) Fix the mp script to uptake 14.1.2.0 and uptake new image values. Co-authored-by: Sarada Kommalapati --- builds/build_mp_bundles.sh | 162 +++++++++++++++++++- terraform/images/mp_image_ee_byol.tfvars | 10 +- terraform/images/mp_image_ee_ucm.tfvars | 7 +- terraform/images/mp_image_se_byol.tfvars | 6 +- terraform/images/mp_image_suite_byol.tfvars | 10 +- terraform/images/mp_image_suite_ucm.tfvars | 6 +- 6 files changed, 173 insertions(+), 28 deletions(-) diff --git a/builds/build_mp_bundles.sh b/builds/build_mp_bundles.sh index 9ad673e6..579738cd 100644 --- a/builds/build_mp_bundles.sh +++ b/builds/build_mp_bundles.sh @@ -10,10 +10,10 @@ help() { echo "Build the Oracle Resource Manager (ORM) bundles to deploy in Marketplace" echo - echo "Arguments: build_mp_bundles.sh -e|--edition -v|--version <12.2.1.4|14.1.1.0> -t|--type --all" + echo "Arguments: build_mp_bundles.sh -e|--edition -v|--version <12.2.1.4|14.1.1.0|14.1.2.0> -t|--type --all" echo "options:" echo "-e, --edition WebLogic edition. Supported values are EE, SUITE, or SE. Optional when --all option is provided" - echo "-v, --version WebLogic version. Supported values are 12.2.1.4 or 14.1.1.0. Optional when --all option is provided" + echo "-v, --version WebLogic version. Supported values are 12.2.1.4 or 14.1.1.0 or 14.1.2.0. Optional when --all option is provided" echo "-t, --type Type of bundle. Supported values are UCM or BYOL. Optional when --all option is provided" echo "--all All bundles" echo @@ -78,7 +78,7 @@ validate() echo "WebLogic version is not provided" help exit 1 - elif [ "${WLS_VERSION}" != "12.2.1.4" ] && [ "${WLS_VERSION}" != "14.1.1.0" ]; then + elif [ "${WLS_VERSION}" != "12.2.1.4" ] && [ "${WLS_VERSION}" != "14.1.1.0" ] && [ "${WLS_VERSION}" != "14.1.2.0" ]; then echo "Please provide valid WebLogic version" help exit 1 @@ -127,6 +127,13 @@ create_ucm_ee_14110() replace_ucm_ee_14110_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-ucm-mp-14110.zip *; rm -Rf ${TMP_BUILD}/*) } +create_ucm_ee_14120() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_14120.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_ucm_ee_14120_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-ucm-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) +} create_ucm_suite_12214() { cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema.yaml ${TMP_BUILD} @@ -141,6 +148,13 @@ create_ucm_suite_14110() replace_ucm_suite_14110_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-suite-ucm-mp-14110.zip *; rm -Rf ${TMP_BUILD}/*) } +create_ucm_suite_14120() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_14120.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_ucm_suite_14120_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-suite-ucm-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) +} create_byol_ee_12214() { cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema.yaml ${TMP_BUILD} @@ -155,6 +169,13 @@ create_byol_ee_14110() replace_byol_ee_14110_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-byol-mp-14110.zip *; rm -Rf ${TMP_BUILD}/*) } +create_byol_ee_14120() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_14120.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_byol_ee_14120_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-byol-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) +} create_byol_suite_12214() { cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema.yaml ${TMP_BUILD} @@ -169,6 +190,13 @@ create_byol_suite_14110() replace_byol_suite_14110_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-suite-byol-mp-14110.zip *; rm -Rf ${TMP_BUILD}/*) } +create_byol_suite_14120() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_14120.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_byol_suite_14120_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-suite-byol-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) +} create_byol_standard_12214() { cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema.yaml ${TMP_BUILD} @@ -183,6 +211,13 @@ create_byol_standard_14110() replace_byol_se_14110_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-se-byol-mp-14110.zip *; rm -Rf ${TMP_BUILD}/*) } +create_byol_standard_14120() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_14120.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_byol_se_14120_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-se-byol-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) +} replace_byol_ee_12214_variables() { @@ -225,6 +260,27 @@ replace_byol_ee_14110_variables() sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_byol_ee_14120_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_byol.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"14.1.2.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_instance_image_id" {/!b;n;n;n;cdefault = '"${ucm_instance_image_id}"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_listing_id" {/!b;n;n;n;cdefault = '"$ucm_listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_listing_resource_version" {/!b;n;n;n;cdefault = '"$ucm_listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_14120.yaml + sed -i 's/#- ${image_mode}/- ${image_mode}/' ${TMP_BUILD}/schema_14120.yaml + sed -i 's/#- ${terms_and_conditions}/- ${terms_and_conditions}/' ${TMP_BUILD}/schema_14120.yaml + sed -i ':a;$!{N;ba};s/- ${image_mode}/#- ${image_mode}/2' ${TMP_BUILD}/schema_14120.yaml + sed -i ':a;$!{N;ba};s/- ${terms_and_conditions}/#- ${terms_and_conditions}/2' ${TMP_BUILD}/schema_14120.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} replace_byol_se_12214_variables() { export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_se_byol.tfvars @@ -262,6 +318,25 @@ replace_byol_se_14110_variables() get_mp_values sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_byol_se_14120_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_se_byol.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i 's/default = "EE"/default = "SE"/' ${TMP_BUILD}/edition.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"14.1.2.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_14120.yaml + sed -i 's/#- ${use_autoscaling}/- ${use_autoscaling}/' ${TMP_BUILD}/schema_14120.yaml + sed -i ':a;$!{N;ba};s/- ${use_autoscaling}/#- ${use_autoscaling}/1' ${TMP_BUILD}/schema_14120.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_byol.tfvars + get_mp_values + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} replace_byol_suite_12214_variables() { export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_byol.tfvars @@ -305,6 +380,28 @@ replace_byol_suite_14110_variables() sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_byol_suite_14120_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_byol.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i 's/default = "EE"/default = "SUITE"/' ${TMP_BUILD}/edition.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"14.1.2.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_instance_image_id" {/!b;n;n;n;cdefault = '"${ucm_instance_image_id}"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_listing_id" {/!b;n;n;n;cdefault = '"$ucm_listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_listing_resource_version" {/!b;n;n;n;cdefault = '"$ucm_listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_14120.yaml + sed -i 's/#- ${image_mode}/- ${image_mode}/' ${TMP_BUILD}/schema_14120.yaml + sed -i 's/#- ${terms_and_conditions}/- ${terms_and_conditions}/' ${TMP_BUILD}/schema_14120.yaml + sed -i ':a;$!{N;ba};s/- ${image_mode}/#- ${image_mode}/2' ${TMP_BUILD}/schema_14120.yaml + sed -i ':a;$!{N;ba};s/- ${terms_and_conditions}/#- ${terms_and_conditions}/2' ${TMP_BUILD}/schema_14120.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} replace_ucm_suite_12214_variables() { export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_ucm.tfvars @@ -338,6 +435,23 @@ replace_ucm_suite_14110_variables() get_mp_values sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_ucm_suite_14120_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_ucm.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i 's/default = "EE"/default = "SUITE"/' ${TMP_BUILD}/edition.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"14.1.2.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_14120.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_byol.tfvars + get_mp_values + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} replace_ucm_ee_12214_variables() { export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_ucm.tfvars @@ -369,6 +483,22 @@ replace_ucm_ee_14110_variables() get_mp_values sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_ucm_ee_14120_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_ucm.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"14.1.2.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_14120.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_byol.tfvars + get_mp_values + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} get_mp_values() { @@ -384,47 +514,63 @@ get_mp_values() if [ "${CREATE_ALL_BUNDLES}" == "true" ]; then create_ucm_ee_12214 create_ucm_ee_14110 + create_ucm_ee_14120 create_ucm_suite_12214 create_ucm_suite_14110 + create_ucm_suite_14120 create_byol_ee_12214 create_byol_ee_14110 + create_byol_ee_14120 create_byol_suite_12214 create_byol_suite_14110 + create_byol_suite_14120 create_byol_standard_12214 create_byol_standard_14110 + create_byol_standard_14120 else if [ "${BUNDLE_TYPE}" == "UCM" ]; then if [ "${WLS_EDITION}" == "EE" ]; then if [ "${WLS_VERSION}" == "12.2.1.4" ]; then create_ucm_ee_12214 - else + elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_ucm_ee_14110 + else + create_ucm_ee_14120 fi + elif [ "${WLS_EDITION}" == "SUITE" ]; then if [ "${WLS_VERSION}" == "12.2.1.4" ]; then create_ucm_suite_12214 - else + elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_ucm_suite_14110 + else + create_ucm_suite_14120 fi fi else if [ "${WLS_EDITION}" == "EE" ]; then if [ "${WLS_VERSION}" == "12.2.1.4" ]; then create_byol_ee_12214 - else + elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_byol_ee_14110 + else + create_byol_ee_14120 fi elif [ "${WLS_EDITION}" == "SUITE" ]; then if [ "${WLS_VERSION}" == "12.2.1.4" ]; then create_byol_suite_12214 - else + elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_byol_suite_14110 + else + create_byol_suite_14120 fi else if [ "${WLS_VERSION}" == "12.2.1.4" ]; then create_byol_se_12214 - else + elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_byol_se_14110 + else + create_byol_se_14120 fi fi fi diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 24b3db7f..b0d8f733 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.1-250122225215" +tf_script_version = "25.1.3-250310205030" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaxmzmckfq6qajxkplzdt2ucjac5h2qrjsh6vflrgjdxb5nzilxzua" +listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa2vaqsz6evogb5jr2dhpdlbyqcnyydpcdljpi5plemo2roru6ld3a" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaagg6ppgbdff6xxzxyv6mxar4aejbhdxxxzl7i3y6eq665mktdvx7q" +ucm_listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaat4dyc73wuxeccdsegmjgdbt7v3xxtdcwo6hgbvdep5xe2mybvmva" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 3808936e..55138531 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,9 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.1-250122225215" +tf_script_version = "25.1.3-250310205030" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaagg6ppgbdff6xxzxyv6mxar4aejbhdxxxzl7i3y6eq665mktdvx7q" - +listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaat4dyc73wuxeccdsegmjgdbt7v3xxtdcwo6hgbvdep5xe2mybvmva" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 10bac115..b1493187 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.1-250122225215" +tf_script_version = "25.1.3-250310205030" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaawiuf52uii3weey6tikixfemyu5msovhb63x44tw4qajcdxjve5tq" +listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa3qzkazz7it2emgju5btaccnkro6wbz6mmbw7np3im6nky7srqsva" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 2d277777..ff327508 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.1-250122225215" +tf_script_version = "25.1.3-250310205030" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa6ktrzaebul6d3qdr5zi6twm5gkdr6wlzcx4ilvlkwkbw7bgemwla" +listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa3qzkazz7it2emgju5btaccnkro6wbz6mmbw7np3im6nky7srqsva" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaak3naanidaq44wv3m5bziv6fccmmem6lkyqpi4mmdsdfrzs53utwq" +ucm_listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaab346dek7j74rmxvm2hx2cquyncuvrxzwxyyswiqek4mwg52o4iia" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 99267033..95a8f8d4 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,9 +1,9 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.1-250122225215" +tf_script_version = "25.1.3-250310205030" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "25.1.1-ol8.8-23.12.13-250122-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaak3naanidaq44wv3m5bziv6fccmmem6lkyqpi4mmdsdfrzs53utwq" +listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaab346dek7j74rmxvm2hx2cquyncuvrxzwxyyswiqek4mwg52o4iia" From 928178fc536d59814857569e0c890bad1ba66bbf Mon Sep 17 00:00:00 2001 From: ManviGupta-prog Date: Thu, 27 Mar 2025 19:14:09 +0530 Subject: [PATCH 45/61] Topic manvigup jcs 14691 (#314) Added check for egress rule to allow traffic in all ports in Managed Server Nsg. From 252be95ac8d6d6b3bdb71c63ac6f39bf1e8c8a79 Mon Sep 17 00:00:00 2001 From: Ananya Tripathi Date: Thu, 10 Apr 2025 12:16:10 +0530 Subject: [PATCH 46/61] JCS-14708: Remove OSMS from WLS for OCI stack (#315) Ticket: [JCS- 14708](https://jira.oraclecorp.com/jira/browse/JCS-14708) Changes in the files: 1. `terraform/modules/policies/groups.tf` : Updated a comment (no functional changes). 2. `terraform/modules/policies/locals.tf` : Removed the policy related to OS Management Service Agent. Tested in both the Ashburn and Phoenix regions, and the policies were created successfully. --- terraform/modules/policies/groups.tf | 2 +- terraform/modules/policies/locals.tf | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/terraform/modules/policies/groups.tf b/terraform/modules/policies/groups.tf index 47dc9612..73c4dafa 100644 --- a/terraform/modules/policies/groups.tf +++ b/terraform/modules/policies/groups.tf @@ -3,7 +3,7 @@ resource "oci_identity_dynamic_group" "wlsc_instance_principal_group" { compartment_id = var.tenancy_id - description = "Dynamic group to allow access to resources with specific tags and allow instances to call osms services" + description = "Dynamic group to allow access to resources with specific tags and allow instances to call oracle cloud agent services" matching_rule = "ALL { ${local.compartment_rule}, ${var.dynamic_group_rule} }" name = "${local.label_prefix}-wlsc-principal-group" diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index 4e038ad7..532234a0 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -17,9 +17,7 @@ locals { core_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage instances in compartment id ${var.compartment_id}" core_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage volumes in compartment id ${var.compartment_id}" core_policy_statement3 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage volume-attachments in compartment id ${var.compartment_id}" - # These policy statements are required to register Compute instances with the OS Management service - osms_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read instance-family in compartment id ${var.compartment_id}" - osms_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use osms-managed-instances in compartment id ${var.compartment_id}" + core_policy_statement4 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read instance-family in compartment id ${var.compartment_id}" # This policy with "inspect virtual-network-family" verb is needed to read VCN information like CIDR, etc, for VCN validation network_policy_statement1 = var.network_compartment_id != "" ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to inspect virtual-network-family in compartment id ${var.network_compartment_id}" : "" secrets_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read secret-bundles in tenancy where target.secret.id = '${var.wls_admin_password_id}'" @@ -40,7 +38,7 @@ locals { apm_domain_policy_statement = var.use_apm_service ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use apm-domains in compartment id ${var.apm_domain_compartment_id}" : "" # This policy with "use load_balancer" verb is needed to create load balancer for new vcn lb_policy_statement = var.add_load_balancer ? length(oci_identity_dynamic_group.wlsc_instance_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use load-balancers in compartment id ${var.network_compartment_id}" : "" : "" - service_statements = compact([local.core_policy_statement1, local.core_policy_statement2, local.core_policy_statement3, local.osms_policy_statement1, local.osms_policy_statement2, local.network_policy_statement1, local.secrets_policy_statement1, local.secrets_policy_statement2, + service_statements = compact([local.core_policy_statement1, local.core_policy_statement2, local.core_policy_statement3, local.core_policy_statement4, local.network_policy_statement1, local.secrets_policy_statement1, local.secrets_policy_statement2, local.atp_policy_statement1, local.atp_policy_statement2, local.atp_policy_statement3, local.oci_db_policy_statement1, local.oci_db_policy_statement2, local.oci_db_policy_statement3, local.logging_policy, local.apm_domain_policy_statement, local.lb_policy_statement ]) From f73ad1283fcbcfc5d8d6175e6e107860d30f6d39 Mon Sep 17 00:00:00 2001 From: ManviGupta-prog Date: Tue, 29 Apr 2025 19:54:25 +0530 Subject: [PATCH 47/61] Added changes for enabling osmh. (#316) --- terraform/locals.tf | 8 +++ terraform/main.tf | 14 +++- .../modules/compute/instance/instance.tf | 2 +- .../wls_compute/observability_variables.tf | 8 +++ .../modules/compute/wls_compute/variables.tf | 3 +- .../compute/wls_compute/wls_compute.tf | 4 +- .../observability/osmh/create_profile.tf | 23 +++++++ .../modules/observability/osmh/datasources.tf | 6 ++ .../modules/observability/osmh/locals.tf | 18 +++++ .../modules/observability/osmh/outputs.tf | 4 ++ .../modules/observability/osmh/variables.tf | 67 +++++++++++++++++++ terraform/modules/policies/locals.tf | 7 +- terraform/modules/policies/variables.tf | 5 ++ terraform/schema.yaml | 67 +++++++++++++++++++ terraform/schema_14110.yaml | 67 +++++++++++++++++++ terraform/schema_14120.yaml | 67 +++++++++++++++++++ terraform/variables.tf | 33 +++++++++ 17 files changed, 397 insertions(+), 6 deletions(-) create mode 100644 terraform/modules/observability/osmh/create_profile.tf create mode 100644 terraform/modules/observability/osmh/datasources.tf create mode 100644 terraform/modules/observability/osmh/locals.tf create mode 100644 terraform/modules/observability/osmh/outputs.tf create mode 100644 terraform/modules/observability/osmh/variables.tf diff --git a/terraform/locals.tf b/terraform/locals.tf index ad81a90a..7ddb8551 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -190,6 +190,14 @@ locals { is_rms_private_endpoint_required = var.is_rms_private_endpoint_required && var.wls_existing_vcn_id != "" && var.wls_subnet_id != "" && !local.assign_weblogic_public_ip ? true : false add_new_rms_private_endpoint = local.is_rms_private_endpoint_required && var.add_rms_private_endpoint == "Create New Resource Manager Endpoint" ? true : false add_existing_rms_private_endpoint = local.is_rms_private_endpoint_required && var.add_rms_private_endpoint == "Use Existing Resource Manager Endpoint" ? true : false + + # OS Management Hub + enable_osmh = var.enable_osmh + select_existing_profile = var.select_existing_profile + create_profile = (local.enable_osmh && !local.select_existing_profile) ? true : false + profile_ocid = local.select_existing_profile ? var.profile_ocid : "" + profile_compartment_id = var.profile_compartment_id + profile_name = var.profile_name # Secured Production Mode preserve_boot_properties = var.configure_secure_mode ? var.preserve_boot_properties : true diff --git a/terraform/main.tf b/terraform/main.tf index 6f48647a..eefefae4 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -238,6 +238,7 @@ module "policies" { use_apm_service = local.use_apm_service apm_domain_compartment_id = local.apm_domain_compartment_id use_autoscaling = var.use_autoscaling + enable_osmh = var.enable_osmh ocir_auth_token_id = var.ocir_auth_token_id add_fss = var.add_fss add_load_balancer = local.add_load_balancer @@ -588,6 +589,13 @@ module "observability-autoscaling" { } } +module "observability-osmh"{ + source = "./modules/observability/osmh" + count = local.create_profile ? 1 : 0 + tenancy_id = var.tenancy_ocid + display_name = var.profile_name + compartment_id = local.profile_compartment_id +} module "compute" { source = "./modules/compute/wls_compute" @@ -606,8 +614,7 @@ module "compute" { wls_subnet_id = var.wls_subnet_id region = var.region ssh_public_key = var.ssh_public_key - compute_nsg_ids = local.compute_nsg_ids - + compute_nsg_ids = local.compute_nsg_ids tenancy_id = var.tenancy_ocid tf_script_version = var.tf_script_version use_regional_subnet = local.use_regional_subnet @@ -632,6 +639,7 @@ module "compute" { wls_server_startup_args = var.wls_server_startup_args wls_existing_vcn_id = var.wls_existing_vcn_id create_policies = var.create_policies + enable_osmh = var.enable_osmh place_all_compute_in_same_ad = var.place_all_compute_in_same_ad # Secured Production Mode @@ -704,6 +712,8 @@ module "compute" { log_group_id = element(concat(module.observability-common[*].log_group_id, [""]), 0) use_oci_logging = var.use_oci_logging + profile_ocid = var.profile_ocid == "" ? (element(concat(module.observability-osmh[*].profile_ocid, [""]), 0)) : var.profile_ocid + use_apm_service = local.use_apm_service apm_domain_compartment_id = local.apm_domain_compartment_id apm_domain_id = var.apm_domain_id diff --git a/terraform/modules/compute/instance/instance.tf b/terraform/modules/compute/instance/instance.tf index d65e94cd..a2702b9e 100644 --- a/terraform/modules/compute/instance/instance.tf +++ b/terraform/modules/compute/instance/instance.tf @@ -59,6 +59,6 @@ resource "oci_core_instance" "these" { } lifecycle { - ignore_changes = [metadata, shape, shape_config, source_details, defined_tags, freeform_tags] + ignore_changes = [metadata, shape, shape_config, source_details, defined_tags, freeform_tags, agent_config] } } diff --git a/terraform/modules/compute/wls_compute/observability_variables.tf b/terraform/modules/compute/wls_compute/observability_variables.tf index 108960d4..4c1242ed 100644 --- a/terraform/modules/compute/wls_compute/observability_variables.tf +++ b/terraform/modules/compute/wls_compute/observability_variables.tf @@ -88,3 +88,11 @@ variable "scaleout_notification_topic_id" { type = string description = "The OCID of the notification topic for scale out operation" } +variable "profile_ocid"{ + type = string + description = "The OCID of the created profile" +} +variable "enable_osmh"{ + type = bool + description = "Indicating that OSMH is enabled" +} diff --git a/terraform/modules/compute/wls_compute/variables.tf b/terraform/modules/compute/wls_compute/variables.tf index 4f0eafe4..47b20e5f 100644 --- a/terraform/modules/compute/wls_compute/variables.tf +++ b/terraform/modules/compute/wls_compute/variables.tf @@ -351,4 +351,5 @@ variable "certificate_id" { type = string description = "The OCID of the SSL certificate to configure a secure WebLogic domain" default = "" -} \ No newline at end of file +} + diff --git a/terraform/modules/compute/wls_compute/wls_compute.tf b/terraform/modules/compute/wls_compute/wls_compute.tf index b5443aa3..3e1e19c9 100644 --- a/terraform/modules/compute/wls_compute/wls_compute.tf +++ b/terraform/modules/compute/wls_compute/wls_compute.tf @@ -176,6 +176,9 @@ module "wls-instances" { log_group_id = var.log_group_id use_oci_logging = var.use_oci_logging + + enable_osmh = var.enable_osmh + profile_ocid = var.profile_ocid mount_ip = var.mount_ip mount_path = var.mount_path @@ -213,4 +216,3 @@ module "wls-instances" { } } } - diff --git a/terraform/modules/observability/osmh/create_profile.tf b/terraform/modules/observability/osmh/create_profile.tf new file mode 100644 index 00000000..3571c6de --- /dev/null +++ b/terraform/modules/observability/osmh/create_profile.tf @@ -0,0 +1,23 @@ +resource "oci_os_management_hub_software_source_change_availability_management" "software_source_change_availability_management" { + for_each = toset(local.filtered_sources) + + software_source_availabilities { + software_source_id = each.value + availability_at_oci = var.software_availabilty + } +} + +resource "oci_os_management_hub_profile" "create_profile" { + compartment_id = var.compartment_id + display_name = var.display_name + profile_type = var.profile_type + software_source_ids = local.filtered_sources + arch_type = var.arch_type + is_default_profile = var.is_default_profile + os_family = var.os_family + registration_type = var.registration_type + vendor_name = var.vendor_name + depends_on = [ + oci_os_management_hub_software_source_change_availability_management.software_source_change_availability_management + ] +} diff --git a/terraform/modules/observability/osmh/datasources.tf b/terraform/modules/observability/osmh/datasources.tf new file mode 100644 index 00000000..5b1585fd --- /dev/null +++ b/terraform/modules/observability/osmh/datasources.tf @@ -0,0 +1,6 @@ +data "oci_identity_tenancy" "tenancy_info" { + tenancy_id = var.tenancy_id +} +data "oci_os_management_hub_software_sources" "all_tenancy_osmh_software_sources" { + compartment_id = data.oci_identity_tenancy.tenancy_info.id +} diff --git a/terraform/modules/observability/osmh/locals.tf b/terraform/modules/observability/osmh/locals.tf new file mode 100644 index 00000000..7a8bd01e --- /dev/null +++ b/terraform/modules/observability/osmh/locals.tf @@ -0,0 +1,18 @@ +locals { + all_tenancy_osmh_software_sources = data.oci_os_management_hub_software_sources.all_tenancy_osmh_software_sources.software_source_collection[0].items + software_source_names = [ + "ol8_addons-x86_64", + "ol8_appstream-x86_64", + "ol8_baseos_latest-x86_64", + "ol8_ksplice-x86_64", + "ol8_mysql80_connectors_community-x86_64", + "ol8_mysql80_tools_community-x86_64", + "ol8_uekr7-x86_64", + "ol8_mysql80_community-x86_64" + ] + + filtered_sources = [ + for src in local.all_tenancy_osmh_software_sources : src.id + if contains(local.software_source_names, src.display_name) + ] +} diff --git a/terraform/modules/observability/osmh/outputs.tf b/terraform/modules/observability/osmh/outputs.tf new file mode 100644 index 00000000..1c4b644d --- /dev/null +++ b/terraform/modules/observability/osmh/outputs.tf @@ -0,0 +1,4 @@ +output "profile_ocid" { + value = oci_os_management_hub_profile.create_profile.id +} + diff --git a/terraform/modules/observability/osmh/variables.tf b/terraform/modules/observability/osmh/variables.tf new file mode 100644 index 00000000..74f7ea6b --- /dev/null +++ b/terraform/modules/observability/osmh/variables.tf @@ -0,0 +1,67 @@ +variable "display_name" { + description = "The display name for the profile" + type = string +} + +variable "profile_type" { + description = "The type of the profile (e.g., SOFTWARESOURCE)" + type = string + default = "SOFTWARESOURCE" +} + +variable "arch_type" { + description = "The architecture type of the profile" + type = string + default = "X86_64" +} + +variable "description" { + description = "A description for the profile" + type = string + default = "" +} + +variable "os_family" { + description = "The operating system family for the profile (e.g., LINUX, WINDOWS)" + type = string + default = "ORACLE_LINUX_8" + +} + +variable "registration_type" { + description = "The registration type for the profile" + type = string + default = "OCI_LINUX" +} + +variable "software_source_ids" { + description = "List of software source IDs associated with the profile" + type = list(string) + default = [] +} + +variable "vendor_name" { + description = "The vendor name for the profile" + type = string + default = "ORACLE" +} + +variable "compartment_id" { + description = "The OCID of the compartment where the profile will be created" + type = string +} + +variable "is_default_profile" { + description = "Indicates whether this profile is the default profile" + type = bool + default = false +} +variable "tenancy_id" { + description = "The OCID of the tenancy" + type = string +} +variable "software_availabilty" { + description = "Availability at OCI for the software sources" + type = string + default = "SELECTED" +} diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index 532234a0..c4dd4249 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -52,6 +52,11 @@ locals { plugin_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use wlms-managed-instance-plugins in tenancy" plugin_policy_statement = compact([local.plugin_policy_statement1, local.plugin_policy_statement2]) + # Policies required for enabling the OSMH plugin + osmh_policy_statement1 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in tenancy" : "" + osmh_policy_statement2 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {OSMH_MANAGED_INSTANCE_ACCESS} in tenancy where request.principal.id = target.managed-instance.id" : "" + osmh_policy_statement = compact([local.osmh_policy_statement1, local.osmh_policy_statement2]) + #Policies for WLS instance principal dynamic group autoscaling_statement1 = var.use_autoscaling ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use repos in tenancy" : "" autoscaling_statement2 = var.use_autoscaling ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage functions-family in compartment id ${var.compartment_id}" : "" @@ -127,7 +132,7 @@ locals { secure_mode_statement = compact([local.secure_mode_statement1, local.secure_mode_statement2, local.secure_mode_statement3, local.secure_mode_statement4, local.secure_mode_statement5, local.secure_mode_secrets_policy_statement1, local.secure_mode_secrets_policy_statement2]) #TODO: When other categories with more statements are added here, concat them with service_statements - policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.plugin_policy_statement, local.secure_mode_statement) + policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.plugin_policy_statement, local.secure_mode_statement, local.osmh_policy_statement) reserved_ips_info = var.compartment_id == "" ? [{ id = var.resource_name_prefix }] : [] diff --git a/terraform/modules/policies/variables.tf b/terraform/modules/policies/variables.tf index 68311c2f..ac18bc27 100644 --- a/terraform/modules/policies/variables.tf +++ b/terraform/modules/policies/variables.tf @@ -223,3 +223,8 @@ variable "wls_secondary_admin_password_id" { type = string description = "The OCID of the vault secret with the password for secondary WebLogic administration user" } +variable "enable_osmh" { + type = bool + description = "Indicating that OSMH is enabled" +} + \ No newline at end of file diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 56d26e36..896ce5ad 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -16,6 +16,7 @@ groupings: - ${is_bastion_instance_required} - ${add_load_balancer} - ${is_idcs_selected} + - ${enable_osmh} - ${use_oci_logging} - ${use_apm_service} - ${use_autoscaling} @@ -102,6 +103,13 @@ groupings: - ${existing_admin_server_nsg_id} - ${existing_managed_server_nsg_id} + - title: "OS Management Hub Profile" + variables: + - ${profile_compartment_id} + - ${profile_name} + - ${select_existing_profile} + - ${profile_ocid} + - title: "Resource Manager Private Endpoint" variables: - ${add_rms_private_endpoint} @@ -202,6 +210,7 @@ groupings: - ${lb_subnet_1_name} - ${lb_subnet_2_name} - ${user_id} + - ${create_profile} - ${fingerprint} - ${private_key_path} - ${wls_edition} @@ -495,6 +504,57 @@ variables: default: 8 required: true + select_existing_profile: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + type: boolean + required: true + default: false + title: "Select Existing Profile" + description: "Select if you want to use an existing profile for OSMH" + + profile_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - not: + - ${select_existing_profile} + type: oci:identity:compartment:id + required: false + default: ${compartment_ocid} + title: "Profile Compartment" + description: "The compartment where you want to create the profile for OMH plugin integration." + + profile_name: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - not: + - ${select_existing_profile} + type: string + minLength: 1 + maxLength: 256 + pattern: "^[a-zA-Z][a-zA-Z0-9]{0,15}$" + required: true + default : "" + title: "Profile Name" + description: "The display name of the profile that will be created. Name can't start with a number or dash, contain spaces or special characters, or be empty." + + profile_ocid: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - ${select_existing_profile} + type: string + required: true + title: "Profile OCID" + pattern: ^ocid1.osmhprofile.*$ + wls_admin_user: visible: and: @@ -1663,6 +1723,13 @@ variables: required: false default: true + enable_osmh: + type: boolean + title: "Enable OS Management Hub" + description: "Enable OSMH plugin for Management" + required: true + default: true + add_JRF: visible: and: diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index aaab2911..a93dff23 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -16,6 +16,7 @@ groupings: - ${is_bastion_instance_required} - ${add_load_balancer} - ${is_idcs_selected} + - ${enable_osmh} - ${use_oci_logging} - ${use_apm_service} - ${use_autoscaling} @@ -74,6 +75,13 @@ groupings: - ${wls_subnet_cidr} - ${existing_admin_server_nsg_id} - ${existing_managed_server_nsg_id} + + - title: "OS Management Hub Profile" + variables: + - ${profile_compartment_id} + - ${profile_name} + - ${select_existing_profile} + - ${profile_ocid} - title: "Resource Manager Private Endpoint" variables: @@ -175,6 +183,7 @@ groupings: - ${lb_subnet_1_name} - ${lb_subnet_2_name} - ${user_id} + - ${create_profile} - ${fingerprint} - ${private_key_path} - ${wls_edition} @@ -493,6 +502,57 @@ variables: default: 8 required: true + select_existing_profile: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + type: boolean + required: true + default: false + title: "Select Existing Profile" + description: "Select if you want to use an existing profile for OSMH" + + profile_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - not: + - ${select_existing_profile} + type: oci:identity:compartment:id + required: false + default: ${compartment_ocid} + title: "Profile Compartment" + description: "The compartment where you want to create the profile for OMH plugin integration." + + profile_name: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - not: + - ${select_existing_profile} + type: string + minLength: 1 + maxLength: 256 + pattern: "^[a-zA-Z][a-zA-Z0-9]{0,15}$" + required: true + default : "" + title: "Profile Name" + description: "The display name of the profile that will be created. Name can't start with a number or dash, contain spaces or special characters, or be empty." + + profile_ocid: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - ${select_existing_profile} + type: string + required: true + title: "Profile OCID" + pattern: ^ocid1.osmhprofile.*$ + wls_admin_user: visible: and: @@ -1671,6 +1731,13 @@ variables: required: false default: true + enable_osmh: + type: boolean + title: "Enable OS Management Hub" + description: "Enable OSMH plugin for Management" + required: true + default: true + # Tagging variables create_service_tag: visible: ${orm_create_mode} diff --git a/terraform/schema_14120.yaml b/terraform/schema_14120.yaml index 24bf90b0..3be46da0 100644 --- a/terraform/schema_14120.yaml +++ b/terraform/schema_14120.yaml @@ -16,6 +16,7 @@ groupings: - ${is_bastion_instance_required} - ${add_load_balancer} - ${is_idcs_selected} + - ${enable_osmh} - ${use_oci_logging} - ${use_apm_service} - ${use_autoscaling} @@ -102,6 +103,13 @@ groupings: - ${wls_subnet_cidr} - ${existing_admin_server_nsg_id} - ${existing_managed_server_nsg_id} + + - title: "OS Management Hub Profile" + variables: + - ${profile_compartment_id} + - ${profile_name} + - ${select_existing_profile} + - ${profile_ocid} - title: "Resource Manager Private Endpoint" variables: @@ -203,6 +211,7 @@ groupings: - ${lb_subnet_1_name} - ${lb_subnet_2_name} - ${user_id} + - ${create_profile} - ${fingerprint} - ${private_key_path} - ${wls_edition} @@ -495,6 +504,57 @@ variables: default: 8 required: true + select_existing_profile: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + type: boolean + required: true + default: false + title: "Select Existing Profile" + description: "Select if you want to use an existing profile for OSMH" + + profile_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - not: + - ${select_existing_profile} + type: oci:identity:compartment:id + required: false + default: ${compartment_ocid} + title: "Profile Compartment" + description: "The compartment where you want to create the profile for OMH plugin integration." + + profile_name: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - not: + - ${select_existing_profile} + type: string + minLength: 1 + maxLength: 256 + pattern: "^[a-zA-Z][a-zA-Z0-9]{0,15}$" + required: true + default : "" + title: "Profile Name" + description: "The display name of the profile that will be created. Name can't start with a number or dash, contain spaces or special characters, or be empty." + + profile_ocid: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - ${select_existing_profile} + type: string + required: true + title: "Profile OCID" + pattern: ^ocid1.osmhprofile.*$ + wls_admin_user: visible: and: @@ -1674,6 +1734,13 @@ variables: required: false default: true + enable_osmh: + type: boolean + title: "Enable OS Management Hub" + description: "Enable OSMH plugin for Management" + required: true + default: true + add_JRF: visible: and: diff --git a/terraform/variables.tf b/terraform/variables.tf index cb222542..1793919e 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -138,3 +138,36 @@ variable "rms_existing_private_endpoint_id" { description = "The OCID for the existing resource manager private endpoint" default = "" } +variable "profile_name" { + type = string + description = "The name specified by user for creating the profile" + default = "" +} + + +variable "profile_compartment_id"{ + type = string + description = "The compartment Id to create the profile" + default = "" +} + +variable "enable_osmh"{ + type = bool + description = "Indicating that OSMH is enabled" + default = true +} +variable "create_profile"{ + type = bool + description = "To check if new profile is to be created" + default = false +} +variable "select_existing_profile"{ + type = bool + description = "To check if existing profile is to be used" + default = false +} +variable "profile_ocid"{ + type = string + description = "The OCID for the existing profile" + default = "" +} From bc4701cb70267d5c145c2121208f7f4c3ff498df Mon Sep 17 00:00:00 2001 From: srjanaki Date: Fri, 2 May 2025 12:29:37 -0700 Subject: [PATCH 48/61] Topic uptake apr25psus (#317) Please review tfvars for Apr25 PSUS for publishing images to MarketPlace --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index b0d8f733..6ffa588c 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.3-250310205030" +tf_script_version = "25.2.1-250501174252" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa2vaqsz6evogb5jr2dhpdlbyqcnyydpcdljpi5plemo2roru6ld3a" +listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaajrz5nejct4fotwr32os5vstdxmqei6kmdg3pdbawmb5z45do7z3a" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaat4dyc73wuxeccdsegmjgdbt7v3xxtdcwo6hgbvdep5xe2mybvmva" +ucm_listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaoz7wfnqx73jwv7wi7ygvl6u7ibqkx5fkxtuojslub2zg3rt243ya" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index ab89d75e..fc810e8f 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.3-250310205030" +tf_script_version = "25.2.1-250501174252" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaat4dyc73wuxeccdsegmjgdbt7v3xxtdcwo6hgbvdep5xe2mybvmva" \ No newline at end of file +listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaoz7wfnqx73jwv7wi7ygvl6u7ibqkx5fkxtuojslub2zg3rt243ya" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index b1493187..b0e47649 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.3-250310205030" +tf_script_version = "25.2.1-250501174252" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa3qzkazz7it2emgju5btaccnkro6wbz6mmbw7np3im6nky7srqsva" +listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaanbgbtvim2nr2qzg2w5ojoizpbynwjxlxkwdoxlr2wh2254t5sklq" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 98b3d7a3..71fabbab 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.3-250310205030" +tf_script_version = "25.2.1-250501174252" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa3qzkazz7it2emgju5btaccnkro6wbz6mmbw7np3im6nky7srqsva" +listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaamoezz5gwft4hyerr2er6y3cy2gpqyucuyvwuwqixwmdyqonegfwa" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaab346dek7j74rmxvm2hx2cquyncuvrxzwxyyswiqek4mwg52o4iia" \ No newline at end of file +ucm_listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaphngemq3h2c3tt4wym5oofln7vhyp7cwk2jko7bsqhrxoezdccma" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 95a8f8d4..02a4ce2d 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,9 +1,9 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.1.3-250310205030" +tf_script_version = "25.2.1-250501174252" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "25.1.3-ol8.8-23.12.13-250310-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaab346dek7j74rmxvm2hx2cquyncuvrxzwxyyswiqek4mwg52o4iia" +listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaaphngemq3h2c3tt4wym5oofln7vhyp7cwk2jko7bsqhrxoezdccma" From 2b06dc7c2fc95bcefb9013cb3a129d9b9f91e556 Mon Sep 17 00:00:00 2001 From: ManviGupta-prog Date: Thu, 15 May 2025 09:43:16 +0530 Subject: [PATCH 49/61] Added change to fix positioning of exsiting profile checkbox (#319) --- terraform/schema.yaml | 2 +- terraform/schema_14110.yaml | 2 +- terraform/schema_14120.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 896ce5ad..1b753aae 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -105,9 +105,9 @@ groupings: - title: "OS Management Hub Profile" variables: + - ${select_existing_profile} - ${profile_compartment_id} - ${profile_name} - - ${select_existing_profile} - ${profile_ocid} - title: "Resource Manager Private Endpoint" diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index a93dff23..37800d7e 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -78,9 +78,9 @@ groupings: - title: "OS Management Hub Profile" variables: + - ${select_existing_profile} - ${profile_compartment_id} - ${profile_name} - - ${select_existing_profile} - ${profile_ocid} - title: "Resource Manager Private Endpoint" diff --git a/terraform/schema_14120.yaml b/terraform/schema_14120.yaml index 3be46da0..25d627bf 100644 --- a/terraform/schema_14120.yaml +++ b/terraform/schema_14120.yaml @@ -106,9 +106,9 @@ groupings: - title: "OS Management Hub Profile" variables: + - ${select_existing_profile} - ${profile_compartment_id} - ${profile_name} - - ${select_existing_profile} - ${profile_ocid} - title: "Resource Manager Private Endpoint" From 78deb0677db1b44977d28cbab71f3ad0ad4375bc Mon Sep 17 00:00:00 2001 From: ManviGupta-prog Date: Fri, 23 May 2025 09:43:46 +0530 Subject: [PATCH 50/61] Added changes for enhancement in OSMH policies. (#321) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tested with the following scenarios: - From the OCI console for the policy enhancement Screenshot 2025-05-21 at 1 42 12 PM Here, the compartments of both the stack and profile are the same; hence, only one policy is created for OSMH, avoiding duplication. This is the case where the compartments of the stack and profile are different; hence, two policies are created for accessing OSMH in both the stack and profile compartments. Screenshot 2025-05-21 at 1 44 20 PM Terraform CLI changes. If a stack is created through the Terraform CLI with the default values, OSMH will be enabled by default, since select existing profile defaults to false, a new profile will be created. If one needs to select an Existing profile, set the value to true & provide the profile OCID. If the OCID is not provided validation error will be thrown. --- terraform/locals.tf | 4 ++-- terraform/main.tf | 6 +++++- terraform/modules/observability/osmh/versions.tf | 10 ++++++++++ terraform/modules/policies/locals.tf | 9 ++++++--- terraform/modules/policies/variables.tf | 6 +++++- terraform/modules/validators/validators.tf | 3 +++ terraform/modules/validators/variables.tf | 8 ++++++++ terraform/variables.tf | 2 -- terraform/versions.tf | 2 +- 9 files changed, 40 insertions(+), 10 deletions(-) create mode 100644 terraform/modules/observability/osmh/versions.tf diff --git a/terraform/locals.tf b/terraform/locals.tf index 7ddb8551..73f66a83 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -196,8 +196,8 @@ locals { select_existing_profile = var.select_existing_profile create_profile = (local.enable_osmh && !local.select_existing_profile) ? true : false profile_ocid = local.select_existing_profile ? var.profile_ocid : "" - profile_compartment_id = var.profile_compartment_id - profile_name = var.profile_name + profile_compartment_id = var.profile_compartment_id == "" ? var.compartment_ocid : var.profile_compartment_id + profile_name = var.profile_name == "" ? format("%s_profile", local.service_name_prefix) : var.profile_name # Secured Production Mode preserve_boot_properties = var.configure_secure_mode ? var.preserve_boot_properties : true diff --git a/terraform/main.tf b/terraform/main.tf index eefefae4..cbf53b67 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -239,6 +239,7 @@ module "policies" { apm_domain_compartment_id = local.apm_domain_compartment_id use_autoscaling = var.use_autoscaling enable_osmh = var.enable_osmh + profile_compartment_id = var.profile_compartment_id ocir_auth_token_id = var.ocir_auth_token_id add_fss = var.add_fss add_load_balancer = local.add_load_balancer @@ -484,6 +485,9 @@ module "validators" { wls_secondary_admin_password_id = local.wls_secondary_admin_password_id administration_port = var.administration_port ms_administration_port = var.ms_administration_port + + profile_ocid = local.profile_ocid + select_existing_profile = local.select_existing_profile } module "fss" { @@ -593,7 +597,7 @@ module "observability-osmh"{ source = "./modules/observability/osmh" count = local.create_profile ? 1 : 0 tenancy_id = var.tenancy_ocid - display_name = var.profile_name + display_name = local.profile_name compartment_id = local.profile_compartment_id } diff --git a/terraform/modules/observability/osmh/versions.tf b/terraform/modules/observability/osmh/versions.tf new file mode 100644 index 00000000..779e92ea --- /dev/null +++ b/terraform/modules/observability/osmh/versions.tf @@ -0,0 +1,10 @@ +# Copyright (c) 2023, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +terraform { + required_providers { + oci = { + source = "oracle/oci" + } + } +} diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index c4dd4249..cc7de66f 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -53,9 +53,12 @@ locals { plugin_policy_statement = compact([local.plugin_policy_statement1, local.plugin_policy_statement2]) # Policies required for enabling the OSMH plugin - osmh_policy_statement1 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in tenancy" : "" - osmh_policy_statement2 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {OSMH_MANAGED_INSTANCE_ACCESS} in tenancy where request.principal.id = target.managed-instance.id" : "" - osmh_policy_statement = compact([local.osmh_policy_statement1, local.osmh_policy_statement2]) + osmh_policy_statement1 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in compartment id ${var.compartment_id}" : "" + osmh_policy_statement2 = var.enable_osmh? var.profile_compartment_id != var.compartment_id? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in compartment id ${var.profile_compartment_id}" : "" : "" + osmh_policy_statement3 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {OSMH_MANAGED_INSTANCE_ACCESS} in tenancy where request.principal.id = target.managed-instance.id" : "" + osmh_policy_statement4 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {MGMT_AGENT_DEPLOY_PLUGIN_CREATE, MGMT_AGENT_INSPECT, MGMT_AGENT_READ} in compartment id ${var.compartment_id}" : "" + osmh_policy_statement = compact([local.osmh_policy_statement1, local.osmh_policy_statement2, local.osmh_policy_statement3, local.osmh_policy_statement4]) + #Policies for WLS instance principal dynamic group autoscaling_statement1 = var.use_autoscaling ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use repos in tenancy" : "" diff --git a/terraform/modules/policies/variables.tf b/terraform/modules/policies/variables.tf index ac18bc27..2ea2d912 100644 --- a/terraform/modules/policies/variables.tf +++ b/terraform/modules/policies/variables.tf @@ -224,7 +224,11 @@ variable "wls_secondary_admin_password_id" { description = "The OCID of the vault secret with the password for secondary WebLogic administration user" } variable "enable_osmh" { - type = bool + type = bool description = "Indicating that OSMH is enabled" } +variable "profile_compartment_id"{ + type = string + description = "The compartment Id to create the profile" +} \ No newline at end of file diff --git a/terraform/modules/validators/validators.tf b/terraform/modules/validators/validators.tf index 80c4d627..6ce13a66 100644 --- a/terraform/modules/validators/validators.tf +++ b/terraform/modules/validators/validators.tf @@ -84,4 +84,7 @@ locals { invalid_jrf_12c_secure_mode = var.configure_secure_mode && local.is12cVersion && (var.is_oci_db || var.is_atp_db || trimspace(var.oci_db_connection_string) != "") invalid_jrf_12c_secure_mode_msg = "WLSC-ERROR: JRF domain is not supported for FMW 12c version in secured production mode." validate_jrf_12c_secure_mode = local.invalid_jrf_12c_secure_mode ? local.validators_msg_map[local.invalid_jrf_12c_secure_mode_msg] : "" + + missing_profile_id_msg = "WLSC-ERROR: The value for profile id is required if existing profile is used for OSMH" + validate_profile_id = (var.select_existing_profile && var.profile_ocid == "" ? local.validators_msg_map[local.missing_profile_id_msg] : null) } diff --git a/terraform/modules/validators/variables.tf b/terraform/modules/validators/variables.tf index 31d0e195..0acf8f60 100644 --- a/terraform/modules/validators/variables.tf +++ b/terraform/modules/validators/variables.tf @@ -564,3 +564,11 @@ variable "ms_administration_port" { type = number description = "The administration port for managed servers to configure a secure WebLogic domain" } +variable "select_existing_profile"{ + type = bool + description = "Set to true to use an existing profile" +} +variable "profile_ocid"{ + type = string + description = "The ocid of the profile used for OSMH registration." +} \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index 1793919e..f4049d51 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -143,8 +143,6 @@ variable "profile_name" { description = "The name specified by user for creating the profile" default = "" } - - variable "profile_compartment_id"{ type = string description = "The compartment Id to create the profile" diff --git a/terraform/versions.tf b/terraform/versions.tf index cc23efac..5a89c253 100644 --- a/terraform/versions.tf +++ b/terraform/versions.tf @@ -6,7 +6,7 @@ terraform { required_providers { oci = { source = "oracle/oci" - version = "4.96.0" + version = "6.34.0" } random = { version = "~>3.4.3" From 8634f2ae4eb67111afc00ec2ed62609e1a28161e Mon Sep 17 00:00:00 2001 From: Chintamani Bhat Date: Fri, 11 Jul 2025 09:26:32 +0530 Subject: [PATCH 51/61] Uptake IDCS Appgateway 25.1.03-2501230623 (#327) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Uptake IDCS Appgateway 25.1.03-2501230623 ![Screenshot 2025-07-10 at 3 24 51 PM](https://github.com/user-attachments/assets/ca74027f-80ac-46e6-ade5-825e6d4bc4b7) ![Screenshot 2025-07-10 at 3 25 19 PM](https://github.com/user-attachments/assets/5668a1c0-15f7-47f4-8200-f637d1a09141) Orahub MR : https://orahub.oci.oraclecorp.com/weblogic-cloud/wls-oci/-/merge_requests/1114 --- terraform/modules/compute/wls_compute/idcs_variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/modules/compute/wls_compute/idcs_variables.tf b/terraform/modules/compute/wls_compute/idcs_variables.tf index 22432ac9..6adb8713 100644 --- a/terraform/modules/compute/wls_compute/idcs_variables.tf +++ b/terraform/modules/compute/wls_compute/idcs_variables.tf @@ -74,19 +74,19 @@ variable "idcs_cloudgate_config_file" { variable "idcs_cloudgate_docker_image_tar" { type = string description = "Path of the binary file with the container image to run IDCS cloudgate container in the WebLogic VM" - default = "/u01/zips/jcs/app_gateway_docker/23.4.44/app-gateway-docker-image.tar.gz" + default = "/u01/zips/jcs/app_gateway_docker/25.1.03/app-gateway-docker-image.tar.gz" } variable "idcs_cloudgate_docker_image_version" { type = string description = "Version of the container image to run IDCS cloudgate container in the WebLogic VM" - default = "23.4.44-2310291619" + default = "25.1.03-2501230623" } variable "idcs_cloudgate_docker_image_name" { type = string description = "Name of the container image to run IDCS cloudgate container in the WebLogic VM" - default = "idcs-appgateway-docker" + default = "idcs-appgateway-docker_linux_x86_64" } variable "lbip" { From f4d28f3a653684b6fdbaaa1586ba9dbb59b3a830 Mon Sep 17 00:00:00 2001 From: Manvi Gupta Date: Wed, 16 Jul 2025 19:56:49 +0530 Subject: [PATCH 52/61] Added change for resolving the comment (#325) --- terraform/modules/policies/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index cc7de66f..54ca7dad 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -36,7 +36,7 @@ locals { logging_policy = var.use_oci_logging ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use logging-family in compartment id ${var.compartment_id}" : "" # This policy with "use apm-domains" verb is needed to list the data keys of the APM domain apm_domain_policy_statement = var.use_apm_service ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use apm-domains in compartment id ${var.apm_domain_compartment_id}" : "" - # This policy with "use load_balancer" verb is needed to create load balancer for new vcn + # This policy with "use load_balancer" verb is needed because there is code in the Weblogic for OCI compute image that sets the lb backend states. lb_policy_statement = var.add_load_balancer ? length(oci_identity_dynamic_group.wlsc_instance_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use load-balancers in compartment id ${var.network_compartment_id}" : "" : "" service_statements = compact([local.core_policy_statement1, local.core_policy_statement2, local.core_policy_statement3, local.core_policy_statement4, local.network_policy_statement1, local.secrets_policy_statement1, local.secrets_policy_statement2, local.atp_policy_statement1, local.atp_policy_statement2, local.atp_policy_statement3, local.oci_db_policy_statement1, local.oci_db_policy_statement2, local.oci_db_policy_statement3, local.logging_policy, From ec5f04529c6224f45c18b0e5da6c8c3ef487924d Mon Sep 17 00:00:00 2001 From: Siddharth Sahu Date: Thu, 17 Jul 2025 09:06:32 +0530 Subject: [PATCH 53/61] ER 37979056 - Set the Http Idle timeout for OCI LB (#326) The idle timeout for OCI LB is set for 300secs ![image (2)](https://github.com/user-attachments/assets/de375bf9-9059-4184-b8c4-57cf31ea2261) --------- Co-authored-by: Sarada Kommalapati <52939928+skommala@users.noreply.github.com> Co-authored-by: Abhijit Paranjpe <109541284+abhijit-paranjpe@users.noreply.github.com> Co-authored-by: telake Co-authored-by: Roberto Sanchez Herrera Co-authored-by: P M Darshan Co-authored-by: C R Aniruddh Srivatsa Co-authored-by: Mahuwa Barman <106961326+Mahuwa-Barman@users.noreply.github.com> Co-authored-by: Chintamani Bhat Co-authored-by: Sarada Kommalapati Co-authored-by: Adrian Padilla Duarte Co-authored-by: Mahuwa-Barman Co-authored-by: srjanaki Co-authored-by: ManviGupta-prog Co-authored-by: Ananya Tripathi Co-authored-by: Siddharth Sahu --- terraform/modules/lb/backends/lb_backends.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/lb/backends/lb_backends.tf b/terraform/modules/lb/backends/lb_backends.tf index 8ebb1139..5ff7bbab 100644 --- a/terraform/modules/lb/backends/lb_backends.tf +++ b/terraform/modules/lb/backends/lb_backends.tf @@ -67,7 +67,7 @@ resource "oci_load_balancer_listener" "wls_lb_listener_https" { rule_set_names = [oci_load_balancer_rule_set.SSL_headers[count.index].name] connection_configuration { - idle_timeout_in_seconds = "10" + idle_timeout_in_seconds = "300" } ssl_configuration { #Required From 06fff3bb8db6a36a0db0cdbd4483e71d80f4b991 Mon Sep 17 00:00:00 2001 From: srjanaki Date: Sun, 20 Jul 2025 19:52:09 -0700 Subject: [PATCH 54/61] uptake_jul2025_psu (#328) --- terraform/images/mp_image_ee_byol.tfvars | 10 +++++----- terraform/images/mp_image_ee_ucm.tfvars | 6 +++--- terraform/images/mp_image_se_byol.tfvars | 6 +++--- terraform/images/mp_image_suite_byol.tfvars | 10 +++++----- terraform/images/mp_image_suite_ucm.tfvars | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 40f08b2e..38836a2d 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,13 +1,13 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.2.1-250501174252" +tf_script_version = "25.3.1-250719002626" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaajrz5nejct4fotwr32os5vstdxmqei6kmdg3pdbawmb5z45do7z3a" +listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaau76znd35hrciub7wfojcgfq435bqpehv4ry4fcmom74b7l7zw4ta" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaoz7wfnqx73jwv7wi7ygvl6u7ibqkx5fkxtuojslub2zg3rt243ya" +ucm_listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaajf5gc2zhxbzbfhvnujt6k2do3rd4wfjqspuq6gmtm2qhhberjttq" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 02ab9eb9..245fed95 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,9 +1,9 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.2.1-250501174252" +tf_script_version = "25.3.1-250719002626" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaoz7wfnqx73jwv7wi7ygvl6u7ibqkx5fkxtuojslub2zg3rt243ya" +listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaajf5gc2zhxbzbfhvnujt6k2do3rd4wfjqspuq6gmtm2qhhberjttq" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 9becfd61..9a795e0f 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.2.1-250501174252" +tf_script_version = "25.3.1-250719002626" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaanbgbtvim2nr2qzg2w5ojoizpbynwjxlxkwdoxlr2wh2254t5sklq" \ No newline at end of file +listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaajzkamkicy6azk2deaudb363i7z7elwniunootc3v6755p3kfjv3a" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 71fabbab..5775a733 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.2.1-250501174252" +tf_script_version = "25.3.1-250719002626" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaamoezz5gwft4hyerr2er6y3cy2gpqyucuyvwuwqixwmdyqonegfwa" +listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" +instance_image_id = "ocid1" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaaphngemq3h2c3tt4wym5oofln7vhyp7cwk2jko7bsqhrxoezdccma" +ucm_listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa45odr7hkyw7dm7x3ho2s57iywvwahf5654njhpb7f6fvziz4w42q" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index e2631e39..259ae8fa 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ # Copyright (c) 2023,2024, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.2.1-250501174252" +tf_script_version = "25.3.1-250719002626" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "25.2.1-ol8.8-23.12.13-250501-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaaphngemq3h2c3tt4wym5oofln7vhyp7cwk2jko7bsqhrxoezdccma" +listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaa45odr7hkyw7dm7x3ho2s57iywvwahf5654njhpb7f6fvziz4w42q" From 4ac3d9ac393f638f132224446a26eb0e797cd863 Mon Sep 17 00:00:00 2001 From: Rajesh Chavan Date: Tue, 30 Sep 2025 21:51:54 +0530 Subject: [PATCH 55/61] Upgrade Terraform version to 1.5.x for WLS for OCI (#331) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upgrade Terraform version to 1.5.x for WLS for OCI. Testing done - Stack provisioning successful through ORM with Terraform version 1.5.7. Screenshot 2025-09-19 at 10 23 58 PM Screenshot 2025-09-19 at 10 24 15 PM Screenshot 2025-09-19 at 10 25 12 PM --------- Co-authored-by: Rajesh Chavan --- terraform/modules/lb/loadbalancer/outputs.tf | 4 ++-- terraform/versions.tf | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/terraform/modules/lb/loadbalancer/outputs.tf b/terraform/modules/lb/loadbalancer/outputs.tf index 88065ef2..4da491fe 100644 --- a/terraform/modules/lb/loadbalancer/outputs.tf +++ b/terraform/modules/lb/loadbalancer/outputs.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. output "wls_loadbalancer_id" { @@ -7,6 +7,6 @@ output "wls_loadbalancer_id" { } output "wls_loadbalancer_ip_addresses" { - value = oci_load_balancer_load_balancer.wls_loadbalancer.ip_addresses + value = oci_load_balancer_load_balancer.wls_loadbalancer.ip_address_details[*].ip_address description = "The list of IP addresses of the load balancer" } diff --git a/terraform/versions.tf b/terraform/versions.tf index 5a89c253..99ec211b 100644 --- a/terraform/versions.tf +++ b/terraform/versions.tf @@ -1,27 +1,27 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. terraform { - required_version = ">= 1.1.2, < 1.2.0" + required_version = "~> 1.5.7" required_providers { oci = { source = "oracle/oci" - version = "6.34.0" + version = "~> 7.17.0" } random = { - version = "~>3.4.3" + version = "~> 3.7.2" } template = { - version = "~>2.2.0" + version = "~> 2.2.0" } tls = { - version = "~>4.0.3" + version = "~> 4.1.0" } time = { - version = "~>0.9.0" + version = "~> 0.13.1" } null = { - version = "~>3.1.1" + version = "~> 3.2.4" } } } From 4867a5e11c0c32c52d76477290903940c39ce260 Mon Sep 17 00:00:00 2001 From: telake Date: Fri, 10 Oct 2025 10:26:05 -0700 Subject: [PATCH 56/61] Fix incorrect compartment placement of CA delegation (#334) policy statement for certificate-authority-delegates had target compartment improperly set to compartment for certificates instead of compartment for the certificate authorities. --- terraform/modules/policies/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index 54ca7dad..936da215 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -123,7 +123,7 @@ locals { ]) #Policies for creating wildcard certificate to configure SSL in secured production mode - secure_mode_statement1 = var.configure_secure_mode ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use certificate-authority-delegates in compartment id ${var.cert_compartment_id}" : "" + secure_mode_statement1 = var.configure_secure_mode ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use certificate-authority-delegates in compartment id ${var.root_ca_compartment_id}" : "" secure_mode_statement2 = var.configure_secure_mode ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage leaf-certificates in compartment id ${var.cert_compartment_id}" : "" secure_mode_statement3 = var.configure_secure_mode ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read leaf-certificate-bundles in compartment id ${var.cert_compartment_id} where target.leaf-certificate.bundle-type = 'CERTIFICATE_CONTENT_PUBLIC_ONLY'" : "" secure_mode_statement4 = var.configure_secure_mode ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read certificate-authorities in compartment id ${var.root_ca_compartment_id}" : "" From 2f4fd883c2374d2c46198e420039d5bc995f0b6f Mon Sep 17 00:00:00 2001 From: telake Date: Mon, 13 Oct 2025 13:10:43 -0700 Subject: [PATCH 57/61] Support WLS 15.1.1.0 (#333) Add support for WLS 15.1.1.0 --- builds/build_orm_dev.sh | 23 +- terraform/locals.tf | 3 +- terraform/main.tf | 3 +- .../compute/wls_compute/wls_compute.tf | 6 +- .../compute/wls_compute/wls_variables.tf | 27 +- terraform/modules/validators/validators.tf | 13 +- terraform/modules/validators/variables.tf | 8 +- terraform/schema.yaml | 4 +- terraform/schema_14110.yaml | 4 +- terraform/schema_14120.yaml | 4 +- terraform/schema_15110.yaml | 2296 +++++++++++++++++ terraform/weblogic_variables.tf | 18 +- 12 files changed, 2384 insertions(+), 25 deletions(-) create mode 100644 terraform/schema_15110.yaml diff --git a/builds/build_orm_dev.sh b/builds/build_orm_dev.sh index 13f23b72..25962446 100644 --- a/builds/build_orm_dev.sh +++ b/builds/build_orm_dev.sh @@ -14,9 +14,9 @@ help() { echo "Build the Oracle Resource Manager (ORM) bundles for developers to deploy in Marketplace" echo - echo "Arguments: build_orm_dev.sh -v|--version <12.2.1.4|14.1.1.0|14.1.2.0> -t|--scripts_version --all" + echo "Arguments: build_orm_dev.sh -v|--version <12.2.1.4|14.1.1.0|14.1.2.0|15.1.1.0> -t|--scripts_version --all" echo "options:" - echo "-v, --version WebLogic version. Supported values are 12.2.1.4,14.1.2.0 or 14.1.1.0 Optional when --all option is provided" + echo "-v, --version WebLogic version. Supported values are 12.2.1.4, 14.1.2.0, 15.1.1.0, or 14.1.1.0. Optional when --all option is provided" echo "-t, --scripts_version VM scripts version" echo "--all All bundles" echo @@ -73,7 +73,7 @@ validate() echo "WebLogic version is not provided" help exit 1 - elif [ "${WLS_VERSION}" != "12.2.1.4" ] && [ "${WLS_VERSION}" != "14.1.2.0" ] && [ "${WLS_VERSION}" != "14.1.1.0" ]; then + elif [ "${WLS_VERSION}" != "12.2.1.4" ] && [ "${WLS_VERSION}" != "14.1.2.0" ] && [ "${WLS_VERSION}" != "15.1.1.0" ] && [ "${WLS_VERSION}" != "14.1.1.0" ]; then echo "Please provide valid WebLogic version" help exit 1 @@ -113,6 +113,13 @@ create_14120_bundle() replace_14120_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-14120.zip *; rm -Rf ${TMP_BUILD}/*) } +create_15110_bundle() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_15110.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_15110_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-15110.zip *; rm -Rf ${TMP_BUILD}/*) +} #need to change it to false after RM UI fix replace_12214_variables() @@ -137,16 +144,26 @@ replace_14120_variables() sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = false' ${TMP_BUILD}/mp_variables.tf sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = \"'"$SCRIPTS_VERSION"'\"' ${TMP_BUILD}/variables.tf } +replace_15110_variables() +{ + sed -i '/variable "generate_dg_tag" {/!b;n;n;n;cdefault = false' ${TMP_BUILD}/variables.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"15.1.1.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = false' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = \"'"$SCRIPTS_VERSION"'\"' ${TMP_BUILD}/variables.tf +} if [ "${CREATE_ALL_BUNDLES}" == "true" ]; then create_12214_bundle create_14110_bundle create_14120_bundle + create_15110_bundle else if [ "${WLS_VERSION}" == "12.2.1.4" ]; then create_12214_bundle elif [ "${WLS_VERSION}" == "14.1.2.0" ]; then create_14120_bundle + elif [ "${WLS_VERSION}" == "15.1.1.0" ]; then + create_15110_bundle else create_14110_bundle fi diff --git a/terraform/locals.tf b/terraform/locals.tf index 2059b25c..95094262 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { @@ -111,6 +111,7 @@ locals { local.jdk_labels, var.wls_version == "14.1.1.0" ? var.wls_14c_jdk_version : var.wls_version == "14.1.2.0" ? var.wls_14120_jdk_version : + var.wls_version == "15.1.1.0" ? var.wls_15110_jdk_version : var.wls_version == "11.1.1.7" ? "jdk7" : "jdk8" ) diff --git a/terraform/main.tf b/terraform/main.tf index 93388b69..bb4e774f 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. ### Removing network validation script from provisioning flow temporarily. @@ -625,6 +625,7 @@ module "compute" { use_regional_subnet = local.use_regional_subnet wls_14c_jdk_version = var.wls_14c_jdk_version wls_14120_jdk_version = var.wls_14120_jdk_version + wls_15110_jdk_version = var.wls_15110_jdk_version wls_admin_user = local.wls_admin_user wls_admin_password_id = var.wls_admin_password_id wls_admin_server_name = format("%s_adminserver", local.service_name_prefix) diff --git a/terraform/modules/compute/wls_compute/wls_compute.tf b/terraform/modules/compute/wls_compute/wls_compute.tf index 3e1e19c9..a1eaa388 100644 --- a/terraform/modules/compute/wls_compute/wls_compute.tf +++ b/terraform/modules/compute/wls_compute/wls_compute.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. module "compute-keygen" { @@ -67,7 +67,7 @@ module "wls-instances" { wls_edition = var.wls_edition is_bastion_instance_required = var.is_bastion_instance_required create_policies = var.create_policies - enable_restful_management_services = var.wls_version == "14.1.2.0" ? true : false + enable_restful_management_services = contains(["14.1.2.0", "15.1.1.0"], var.wls_version) # Secured Production Mode configure_secure_mode = var.configure_secure_mode preserve_boot_properties = var.preserve_boot_properties @@ -87,7 +87,7 @@ module "wls-instances" { wls_version = var.wls_version wls_14c_jdk_version = var.wls_14c_jdk_version fmiddleware_zip = var.wls_version_to_fmw_map[var.wls_version] - jdk_zip = var.wls_version == "14.1.1.0" ? var.wls_14c_to_jdk_map[var.wls_14c_jdk_version] :var.wls_version == "14.1.2.0" ? var.wls_14120_to_jdk_map[var.wls_14120_jdk_version] :var.wls_version_to_jdk_map[var.wls_version] + jdk_zip = var.wls_version == "14.1.1.0" ? var.wls_14c_to_jdk_map[var.wls_14c_jdk_version] : var.wls_version == "14.1.2.0" ? var.wls_14120_to_jdk_map[var.wls_14120_jdk_version] : var.wls_version == "15.1.1.0" ? var.wls_15110_to_jdk_map[var.wls_15110_jdk_version] : var.wls_version_to_jdk_map[var.wls_version] vmscripts_path = var.vmscripts_path log_level = var.log_level mw_vol_mount_point = lookup(var.volume_map[0], "volume_mount_point") diff --git a/terraform/modules/compute/wls_compute/wls_variables.tf b/terraform/modules/compute/wls_compute/wls_variables.tf index e2ebb75c..a0445140 100644 --- a/terraform/modules/compute/wls_compute/wls_variables.tf +++ b/terraform/modules/compute/wls_compute/wls_variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "wls_edition" { @@ -169,8 +169,8 @@ variable "wls_version" { type = string description = "The WebLogic version to be installed in this instance. Accepted values are: 12.2.1.4, 14.1.1.0" validation { - condition = contains(["12.2.1.4", "14.1.1.0", "14.1.2.0"], var.wls_version) - error_message = "WLSC-ERROR: WebLogic Versions 12.2.1.4 , 14.1.1.0 and 14.1.2.0 are the only versions supported." + condition = contains(["12.2.1.4", "14.1.1.0", "14.1.2.0", "15.1.1.0"], var.wls_version) + error_message = "WLSC-ERROR: WebLogic Versions 12.2.1.4 , 14.1.1.0, 14.1.2.0, and 15.1.1.0 are the only versions supported." } } @@ -191,6 +191,16 @@ variable "wls_14120_jdk_version" { error_message = "WLSC-ERROR: Only jdk17 and jdk21 are supported with WebLogic version 14.1.2.0." } } + +variable "wls_15110_jdk_version" { + type = string + description = "JDK version to use when installing WebLogic 15.1.1.0. Ignored when WebLogic version is not 15. Allowed values: jdk17, jdk21" + validation { + condition = var.wls_15110_jdk_version == "" || contains(["jdk17", "jdk21"], var.wls_15110_jdk_version) + error_message = "WLSC-ERROR: Only jdk17 and jdk21 are supported with WebLogic version 15.1.1.0." + } +} + variable "wls_version_to_fmw_map" { type = map(string) description = "Defines the mapping between wls_version and corresponding FMW zip" @@ -199,6 +209,7 @@ variable "wls_version_to_fmw_map" { "12.2.1.4" = "/u01/zips/jcs/FMW/12.2.1.4.0/fmiddleware.zip" "14.1.1.0" = "/u01/zips/jcs/FMW/14.1.1.0.0/fmiddleware.zip" "14.1.2.0" = "/u01/zips/jcs/FMW/14.1.2.0.0/fmiddleware.zip" + "15.1.1.0" = "/u01/zips/jcs/FMW/15.1.1.0.0/fmiddleware.zip" } } @@ -228,6 +239,16 @@ variable "wls_14120_to_jdk_map"{ "jdk21" = "/u01/zips/jcs/JDK21.0/jdk.zip" } } + +variable "wls_15110_to_jdk_map"{ + type = map(string) + description = "Defines the mapping between jdk version and corresponding JDK zip." + default = { + "jdk17" = "/u01/zips/jcs/JDK17.0/jdk.zip" + "jdk21" = "/u01/zips/jcs/JDK21.0/jdk.zip" + } +} + variable "wls_version_to_rcu_component_list_map" { type = map(string) description = "Defines the mapping between wls_version version and corresponding RCU components." diff --git a/terraform/modules/validators/validators.tf b/terraform/modules/validators/validators.tf index 6ce13a66..0a0d6a76 100644 --- a/terraform/modules/validators/validators.tf +++ b/terraform/modules/validators/validators.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { @@ -14,6 +14,10 @@ locals { is14110Version = var.wls_version == "14.1.1.0" invalid_14110_jrf = local.is14110Version && (var.is_atp_db || var.is_oci_db || var.oci_db_connection_string != "") + + is15110Version = var.wls_version == "15.1.1.0" + invalid_15110_jrf = local.is15110Version && (var.is_atp_db || var.is_oci_db || var.oci_db_connection_string != "") + invalid_multiple_infra_dbs = ((var.is_oci_db || var.oci_db_connection_string != "") && var.is_atp_db) both_vcn_param = local.has_existing_vcn && local.has_vcn_name @@ -28,8 +32,11 @@ locals { multiple_infra_dbs_msg = "WLSC-ERROR: Both OCI and ATP database parameters are provided. Only one infra database is required." validate_invalid_multiple_infra_dbs = local.invalid_multiple_infra_dbs ? local.validators_msg_map[local.multiple_infra_dbs_msg] : null - jrf_14110_msg = "WLSC-ERROR: JRF domain is not supported for FMW 14.1.1.0 version" - validate_14c_jrf = local.invalid_14110_jrf ? local.validators_msg_map[local.jrf_14110_msg] : "" + jrf_14110_msg = "WLSC-ERROR: JRF domain is not supported for FMW 14.1.1.0 version" + validate_14c_jrf = local.invalid_14110_jrf ? local.validators_msg_map[local.jrf_14110_msg] : "" + + jrf_15110_msg = "WLSC-ERROR: JRF domain is not supported for 15.1.1.0 version" + validate_15110_jrf = local.invalid_15110_jrf ? local.validators_msg_map[local.jrf_15110_msg] : "" missing_dynamic_group_oci_logging_enabled_create_policies_unset = "WLSC-ERROR: Dynamic Group id is required when enabling integration with OCI Logging Service with create policies unset " validate_dynamic_group_oci_logging_enabled_create_policies_unset = !var.create_policies && var.use_oci_logging && var.dynamic_group_id == "" ? local.validators_msg_map[local.missing_dynamic_group_oci_logging_enabled_create_policies_unset] : null diff --git a/terraform/modules/validators/variables.tf b/terraform/modules/validators/variables.tf index 0acf8f60..4abb799e 100644 --- a/terraform/modules/validators/variables.tf +++ b/terraform/modules/validators/variables.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "compartment_id" { @@ -152,10 +152,10 @@ variable "lb_subnet_2_id" { variable "wls_version" { type = string - description = "The WebLogic version to be installed for this stack. Accepted values are: 12.2.1.4, 14.1.1.0" + description = "The WebLogic version to be installed for this stack. Accepted values are: 12.2.1.4, 14.1.1.0, 14.1.2.0, 15.1.1.0" validation { - condition = contains(["12.2.1.4", "14.1.1.0","14.1.2.0"], var.wls_version) - error_message = "WLSC-ERROR: Allowed values for wls_version are 12.2.1.4, 14.1.1.0, 14.1.2.0." + condition = contains(["12.2.1.4", "14.1.1.0","14.1.2.0", "15.1.1.0"], var.wls_version) + error_message = "WLSC-ERROR: Allowed values for wls_version are 12.2.1.4, 14.1.1.0, 14.1.2.0, 15.1.1.0." } } diff --git a/terraform/schema.yaml b/terraform/schema.yaml index 1b753aae..8584d943 100644 --- a/terraform/schema.yaml +++ b/terraform/schema.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. title: Oracle WebLogic Server for Oracle Cloud Infrastructure @@ -247,6 +247,7 @@ groupings: - ${wait_time_wls_vnc_dns_resolver} - ${wls_14c_jdk_version} - ${wls_14120_jdk_version} + - ${wls_15110_jdk_version} - ${wls_admin_port_source_cidr} - ${wlsoci_vmscripts_zip_bundle_path} - ${tf_script_version} @@ -2754,4 +2755,5 @@ variables: - 12.2.1.4 - 14.1.1.0 - 14.1.2.0 + - 15.1.1.0 default: 12.2.1.4 diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml index 37800d7e..418ca501 100644 --- a/terraform/schema_14110.yaml +++ b/terraform/schema_14110.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. title: Oracle WebLogic Server for Oracle Cloud Infrastructure @@ -194,6 +194,7 @@ groupings: - ${wls_version} - ${log_level} - ${wls_14120_jdk_version} + - ${wls_15110_jdk_version} #- ${instance_image_id} - ${marketplace_source_images} - ${use_regional_subnet} @@ -2291,4 +2292,5 @@ variables: - 12.2.1.4 - 14.1.1.0 - 14.1.2.0 + - 15.1.1.0 default: 12.2.1.4 diff --git a/terraform/schema_14120.yaml b/terraform/schema_14120.yaml index 25d627bf..5616c66d 100644 --- a/terraform/schema_14120.yaml +++ b/terraform/schema_14120.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. title: Oracle WebLogic Server for Oracle Cloud Infrastructure @@ -247,6 +247,7 @@ groupings: - ${generate_dg_tag} - ${wait_time_wls_vnc_dns_resolver} - ${wls_14c_jdk_version} + - ${wls_15110_jdk_version} - ${wls_admin_port_source_cidr} - ${wlsoci_vmscripts_zip_bundle_path} - ${tf_script_version} @@ -2763,4 +2764,5 @@ variables: - 12.2.1.4 - 14.1.1.0 - 14.1.2.0 + - 15.1.1.0 default: 12.2.1.4 diff --git a/terraform/schema_15110.yaml b/terraform/schema_15110.yaml new file mode 100644 index 00000000..4f63dc25 --- /dev/null +++ b/terraform/schema_15110.yaml @@ -0,0 +1,2296 @@ +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. + +title: Oracle WebLogic Server for Oracle Cloud Infrastructure +description: Oracle WebLogic Server for Oracle Cloud Infrastructure +schemaVersion: 1.1.0 +version: "20190304" +groupings: + - title: "Stack Configuration" + variables: + - ${service_name} + - ${ssh_public_key} + - ${create_policies} + - ${create_new_vcn} + - ${is_rms_private_endpoint_required} + - ${is_bastion_instance_required} + - ${add_load_balancer} + - ${is_idcs_selected} + - ${enable_osmh} + - ${use_oci_logging} + - ${use_apm_service} + - ${use_autoscaling} + - ${add_fss} + - ${configure_secure_mode} + + - title: "Virtual Cloud Networking" + variables: + - ${network_compartment_id} + - ${wls_existing_vcn_id} + - ${wls_vcn_name} + - ${wls_vcn_cidr} + - ${create_new_subnets} + - ${subnet_compartment_id} + - ${subnet_type} + - ${subnet_span} + - ${add_existing_nsg} + + - title: "WebLogic Domain Configuration" + variables: + - ${wls_admin_user} + - ${wls_primary_admin_user} + - ${wls_admin_secret_compartment_id} + - ${wls_admin_password_id} + - ${wls_secondary_admin_user} + - ${wls_secondary_admin_password_id} + - ${keystore_password_id} + - ${root_ca_id} + - ${cert_compartment_id} + - ${preserve_boot_properties} + - ${wls_15110_jdk_version} + - ${deploy_sample_app} + - ${wls_server_startup_args} + - ${thread_pool_limit} + - ${configure_wls_ports} + - ${administration_port} + - ${ms_administration_port} + - ${wls_nm_port} + - ${wls_extern_admin_port} + - ${wls_extern_ssl_admin_port} + - ${wls_ms_extern_port} + - ${wls_ms_extern_ssl_port} + - ${allow_manual_domain_extension} + + - title: "WebLogic Server Compute Instance" + variables: + - ${instance_shape} + - ${wls_ocpu_count} + - ${wls_node_count} + - ${wls_node_count_limit} + #- ${image_mode} + #- ${terms_and_conditions} + - ${wls_availability_domain_name} + - ${place_all_compute_in_same_ad} + - ${wls_subnet_id} + - ${wls_subnet_cidr} + - ${existing_admin_server_nsg_id} + - ${existing_managed_server_nsg_id} + + - title: "OS Management Hub Profile" + variables: + - ${select_existing_profile} + - ${profile_compartment_id} + - ${profile_name} + - ${profile_ocid} + + - title: "Resource Manager Private Endpoint" + variables: + - ${add_rms_private_endpoint} + - ${rms_existing_private_endpoint_id} + + - title: "Bastion Instance" + variables: + - ${is_bastion_with_reserved_public_ip} + - ${bastion_subnet_id} + - ${bastion_subnet_cidr} + - ${bastion_instance_shape} + - ${existing_bastion_nsg_id} + + - title: "Load Balancer" + variables: + - ${load_balancer_strategy_existing_subnet} + - ${load_balancer_strategy_new_subnet} + - ${is_lb_private} + - ${add_lb_reserved_public_ip_id} + - ${lb_reserved_public_ip_id} + - ${lb_subnet_1_id} + - ${lb_subnet_2_id} + - ${lb_subnet_1_cidr} + - ${lb_min_bandwidth} + - ${lb_max_bandwidth} + - ${existing_load_balancer_id} + - ${backendset_name_for_existing_load_balancer} + - ${existing_lb_nsg_id} + + - title: "Identity Cloud Service (IDCS) Integration" + visible: ${is_idcs_selected} + variables: + - ${idcs_host} + - ${idcs_port} + - ${idcs_tenant} + - ${idcs_client_id} + - ${idcs_secret_compartment_id} + - ${idcs_client_secret_id} + - ${idcs_cloudgate_port} + + - title: "Add File System" + visible: ${add_fss} + variables: + - ${add_existing_fss} + - ${fss_availability_domain} + - ${fss_compartment_id} + - ${existing_fss_id} + - ${add_existing_mount_target} + - ${mount_target_compartment_id} + - ${mount_target_id} + - ${mount_target_subnet_id} + - ${mount_target_subnet_cidr} + - ${existing_mount_target_nsg_id} + + - title: "OCI Logging" + variables: + - ${dynamic_group_id} + + - title: "Application Performance Monitoring" + visible: + or: + - ${use_apm_service} + - ${use_autoscaling} + variables: + - ${apm_domain_compartment_id} + - ${apm_domain_id} + - ${apm_private_data_key_name} + + - title: "Autoscaling" + visible: ${use_autoscaling} + variables: + # Metric based autoscaling + - ${wls_metric} + - ${min_threshold_percent} + - ${max_threshold_percent} + - ${min_threshold_counter} + - ${max_threshold_counter} + # Common autoscaling params + - ${ocir_user} + - ${ocir_auth_token_compartment_id} + - ${ocir_auth_token_id} + - ${notification_email} + + - title: "Tagging" + variables: + - ${create_service_tag} + - ${service_tags} + + - title: "Hidden Variables" + visible: false + variables: + - ${tenancy_ocid} + - ${region} + - ${compartment_ocid} + - ${mode} + - ${wls_subnet_name} + - ${bastion_subnet_name} + - ${lb_subnet_1_name} + - ${lb_subnet_2_name} + - ${user_id} + - ${create_profile} + - ${fingerprint} + - ${private_key_path} + - ${wls_edition} + - ${use_marketplace_image} + - ${use_bastion_marketplace_image} + - ${listing_id} + - ${listing_resource_version} + - ${wls_version} + - ${log_level} + - ${wls_14c_jdk_version} + - ${wls_14120_jdk_version} + #- ${instance_image_id} + - ${marketplace_source_images} + - ${use_regional_subnet} + - ${assign_weblogic_public_ip} + - ${bastion_image_id} + - ${bastion_listing_id} + - ${bastion_listing_resource_version} + - ${existing_bastion_instance_id} + - ${bastion_ssh_private_key} + - ${wls_admin_port} + - ${wls_admin_ssl_port} + - ${wls_ms_port} + - ${wls_ms_ssl_port} + - ${add_JRF} + - ${oci_db_compartment_id} + - ${oci_db_network_compartment_id} + - ${oci_db_existing_vcn_id} + - ${db_existing_vcn_add_secrule} + - ${oci_db_dbsystem_id} + - ${oci_db_dbhome_id} + - ${oci_db_dbhome_major_version} + - ${oci_db_database_id} + - ${oci_db_pdb_service_name} + - ${oci_db_user} + - ${oci_db_secret_compartment_id} + - ${oci_db_password_id} + - ${oci_db_port} + - ${atp_db_compartment_id} + - ${atp_db_id} + - ${atp_db_uses_private_endpoint} + - ${atp_db_network_compartment_id} + - ${atp_db_existing_vcn_id} + - ${atp_db_secret_compartment_id} + - ${atp_db_password_id} + - ${atp_db_level} + - ${db_strategy} + - ${wls_expose_admin_port} + - ${mount_path} + - ${oci_db_connection_string} + - ${use_oci_db_connection_string} + - ${alarm_severity} + - ${enable_autoscaling_alarms} + - ${ocir_region} + - ${ucm_instance_image_id} + - ${ucm_listing_id} + - ${ucm_listing_resource_version} + - ${image_mode} + - ${terms_and_conditions} + - ${generate_dg_tag} + - ${db_vcn_lpg_id} + - ${wait_time_wls_vnc_dns_resolver} + - ${wls_admin_port_source_cidr} + - ${wlsoci_vmscripts_zip_bundle_path} + - ${tf_script_version} + #- ${use_autoscaling} + +outputs: + virtual_cloud_network_id: + type: ocid + title: Virtual Cloud Network Id + is_vcn_peered: + type: link + title: Is VCN Peered + visible: false + weblogic_server_administration_console: + type: link + title: WebLogic Server Administration Console + weblogic_instances: + type: json + title: WebLogic Instances + load_balancer_id: + type: ocid + title: Load balancer Id + load_balancer_ip: + type: copyableString + title: Load Balancer IP + fusion_middleware_control_console: + type: link + title: Fusion Middleware Control Console + provisioning_status: + type: link + title: Provisioning Status + visible: false + sample_application: + type: link + title: Sample Application + sample_application_protected_by_idcs: + type: link + title: Sample Application Protected By IDCS + virtual_cloud_network_cidr: + type: link + title: Virtual Cloud Network CIDR + weblogic_version: + type: link + title: WebLogic Version + jdk_version: + type: link + title: JDK Version + rms_private_endpoint_id: + type: ocid + title: Resource Manager Private Endpoint + bastion_instance_id: + type: ocid + title: Instance Id + bastion_instance_public_ip: + type: copyableString + title: Public Ip + ssh_command: + type: copyableString + title: SSH Command + ssh_command_with_dynamic_port_forwarding: + type: copyableString + title: SSH Command with Dynamic Port Forwarding + fss_system_id: + type: ocid + title: File System Id + mount_target_id: + type: ocid + title: Mount Target Id + listing_version: + type: copyableString + title: Marketplace Listing Version + resource_identifier_value: + type: copyableString + title: Stack Resources System Tag + weblogic_agent_configuration_id: + type: ocid + title: WebLogic Log Agent Configuration Id + visible: false + weblogic_log_group_id: + type: ocid + title: WebLogic Log Group Id + weblogic_log_id: + type: ocid + title: WebLogic Log Id + autoscaling_scaleout_monitoring_alarm_id: + type: ocid + title: Autoscaling ScaleOut Monitoring Alarm Id + autoscaling_scalein_monitoring_alarm_id: + type: ocid + title: Autoscaling ScaleIn Monitoring Alarm Id + autoscaling_function_application_id: + type: ocid + title: Autoscaling Function Application Id + +outputGroups: + - title: WebLogic + outputs: + - ${weblogic_server_administration_console} + - ${sample_application} + - ${fusion_middleware_control_console} + - ${sample_application_protected_by_idcs} + - ${weblogic_version} + - ${weblogic_instances} + - ${jdk_version} + - ${rms_private_endpoint_id} + - title: Networking + outputs: + - ${virtual_cloud_network_id} + - ${load_balancer_id} + - ${virtual_cloud_network_cidr} + - ${load_balancer_ip} + - title: Bastion + outputs: + - ${bastion_instance_id} + - ${ssh_command} + - ${bastion_instance_public_ip} + - ${ssh_command_with_dynamic_port_forwarding} + - title: File Storage + outputs: + - ${fss_system_id} + - ${mount_target_id} + - title: Observability + outputs: + - ${weblogic_log_group_id} + - ${weblogic_log_id} + - ${autoscaling_scaleout_monitoring_alarm_id} + - ${autoscaling_scalein_monitoring_alarm_id} + - ${autoscaling_function_application_id} + - title: Listing + outputs: + - ${listing_version} + - ${resource_identifier_value} + +variables: + # WLS Instance Configuration + service_name: + type: string + minLength: 1 + maxLength: 16 + pattern: "^[a-zA-Z][a-zA-Z0-9]{0,15}$" + title: "Resource Name Prefix" + description: "The names of all compute and network resources will begin with this prefix. It can only contain letters or numbers and must begin with a letter." + required: true + visible: ${orm_create_mode} + + instance_image_id: + visible: ${orm_create_mode} + type: string + required: true + title: "Instance Image OCID" + pattern: ^ocid1.image.*$ + dependsOn: + compartmentId: ${compartment_ocid} + + instance_shape: + type: oci:core:instanceshape:name + #type: oci:core:instanceshapewithflex:name + title: "Compute Shape" + description: "The shape for WebLogic Server compute instances. When scaled-out, the changes to instance shape will apply only to the added nodes." + required: true + default: VM.Standard.E4.Flex + dependsOn: + compartmentId: ${compartment_ocid} + imageId: ${instance_image_id} + + # TODO: remove this when UI uses control with flex shape + wls_ocpu_count: + type: integer + title: "OCPU Count" + description: "The number of OCPU count for instances. Only required for VM.Standard.E3.Flex, VM.Standard.E4.Flex, VM.Standard.E5.Flex, VM.Optimized3.Flex, and VM.Standard3.Flex Shapes. The maximum number of ocpus for VM.Standard.E3.Flex and VM.Standard.E4.Flex is 64, for VM.Standard.E5.Flex is 94, while VM.Optimized3.Flex shape supports 18. When scaled-out, the changes in OCPU count will apply only to the added nodes." + minimum: 1 + maximum: 94 + multipleOf: 1 + default: 1 + required: true + dependsOn: + instance_shape: ${instance_shape} + visible: + or: + - eq: + - ${instance_shape} + - "VM.Standard.E3.Flex" + - eq: + - ${instance_shape} + - "VM.Standard.E4.Flex" + - eq: + - ${instance_shape} + - "VM.Standard.E5.Flex" + - eq: + - ${instance_shape} + - "VM.Optimized3.Flex" + - eq: + - ${instance_shape} + - "VM.Standard3.Flex" + + ssh_public_key: + type: oci:core:ssh:publickey + title: "SSH Public Key" + description: "Use the corresponding private key to access new WebLogic Server compute instances. The keys for existing compute instances remain unchanged." + required: true + + wls_availability_domain_name: + type: oci:identity:availabilitydomain:name + title: "WebLogic Administration Server Availability Domain" + description: "The availability domain in which to create the WebLogic administration server compute instance. If not specified, by default, the compute instance is created in availability domain 1." + required: false + dependsOn: + compartmentId: ${compartment_ocid} + visible: + and: + - ${orm_create_mode} + - or: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - and: + - not: + - ${create_new_subnets} + - eq: + - ${subnet_span} + - "Regional Subnet" + + place_all_compute_in_same_ad: + visible: + and: + - ${orm_create_mode} + - eq: + - ${subnet_span} + - "Regional Subnet" + type: boolean + required: true + default: false + title: "Use Same Availability Domain for all Compute Instances" + description: "Use the same Availability Domain for all Compute instances as that of the WebLogic Administration Server's Compute instance. If this option is not selected, the compute instances will be distributed across Availability Domains." + + wls_node_count: + type: integer + title: "Node Count" + description: "The number of WebLogic Server compute instances, and also the number of managed servers in the domain. The maximum is 8, which can be scaled out to 30 when you edit the domain." + minimum: 1 + multipleOf: 1 + default: 1 + required: true + + wls_node_count_limit: + visible: + not: + - ${orm_create_mode} + type: integer + title: "WebLogic Server Nodes Limit" + description: "The limit for the maximum number of WebLogic Server compute instances, and also the number of managed servers that can be added in the domain." + minimum: 1 + maximum: 30 + multipleOf: 1 + default: 8 + required: true + + select_existing_profile: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + type: boolean + required: true + default: false + title: "Select Existing Profile" + description: "Select if you want to use an existing profile for OSMH" + + profile_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - not: + - ${select_existing_profile} + type: oci:identity:compartment:id + required: false + default: ${compartment_ocid} + title: "Profile Compartment" + description: "The compartment where you want to create the profile for OMH plugin integration." + + profile_name: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - not: + - ${select_existing_profile} + type: string + minLength: 1 + maxLength: 256 + pattern: "^[a-zA-Z][a-zA-Z0-9]{0,15}$" + required: true + default : "" + title: "Profile Name" + description: "The display name of the profile that will be created. Name can't start with a number or dash, contain spaces or special characters, or be empty." + + profile_ocid: + visible: + and: + - ${orm_create_mode} + - ${enable_osmh} + - ${select_existing_profile} + type: string + required: true + title: "Profile OCID" + pattern: ^ocid1.osmhprofile.*$ + + wls_admin_user: + visible: + and: + - ${orm_create_mode} + - not: + - ${configure_secure_mode} + type: string + title: "WebLogic Server Admin User Name" + description: "The name of the administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters." + pattern: "^[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "weblogic" + minLength: 8 + maxLength: 128 + required: true + + wls_admin_secret_compartment_id: + type: oci:identity:compartment:id + title: "WebLogic Server Admin Secret Compartment" + description: "The compartment where you have the WebLogic Server administration secret" + required: true + default: ${compartment_ocid} + + wls_admin_password_id: + type: "oci:kms:secret:id" + title: "Validated Secret for WebLogic Server Admin Password" + description: "The secret that contains the administration password in the WebLogic Server domain. Use a WebLogic Administrator password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters ($ # _). For example, Ach1z0#d. To create secrets, see Create Secrets for Passwords." + required: true + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} + + wls_15110_jdk_version: + visible: ${orm_create_mode} + type: enum + title: "Java Development Kit version" + description: "Select the Java Development Kit (JDK) version" + enum: + - "jdk17" + - "jdk21" + required: true + default: "jdk17" + + configure_wls_ports: + visible: ${orm_create_mode} + type: boolean + default: false + title: "Configure Ports" + description: "Configure the ports for administration server, managed server, and cluster. If not selected, default ports will be used. See Default Ports." + + wls_nm_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + type: integer + default: 5556 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server Node Manager Port" + description: "The listen port number for the node manager process on all compute instances" + required: true + + wls_extern_admin_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - not: + - ${configure_secure_mode} + type: integer + default: 7001 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server Admin Console Port" + description: "The administration server port on which to access the administration console" + required: true + + wls_extern_ssl_admin_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - not: + - ${configure_secure_mode} + type: integer + default: 7002 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server Admin Console SSL Port" + description: "The administration server SSL port on which to access the administration console" + required: true + + wls_ms_extern_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - not: + - ${configure_secure_mode} + type: integer + default: 7003 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Managed Server External Port" + description: "The managed server port on which to send application traffic" + required: true + + wls_ms_extern_ssl_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + type: integer + default: 7004 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Managed Server External SSL Port" + description: "The managed server SSL port on which to send application traffic" + required: true + + deploy_sample_app: + visible: + and: + - ${orm_create_mode} + - not: + - eq: + - ${wls_edition} + - "SE" + type: boolean + default: true + title: "Deploy Sample Application" + description: "Deploy an application named sample-app to the WebLogic cluster (Not applicable for Standard Edition)" + + allow_manual_domain_extension: + visible: + not: + - ${orm_create_mode} + type: boolean + default: false + title: "Do Not Update Domain Configuration for Scale Out" + description: "When nodes are added to an existing stack, the domain configuration is not modified. You must manually add the managed servers to your domain configuration after updating the stack. This field applies only to editing an existing stack and not to creating a new one. NOTE: Autoscaling feature if previously enabled, will be disabled, if this option is selected." + + wls_server_startup_args: + type: string + title: "WebLogic Server Startup Arguments" + description: "Server Startup Arguments are used for providing arguments to the Java Virtual Machine for WebLogic Server instances. When scaled-out, the changes to server startup arguments will apply only to the added nodes." + required: false + + create_new_vcn: + visible: ${orm_create_mode} + type: boolean + default: false + title: "Create a Virtual Cloud Network" + description: "Create a new Virtual Cloud Network and subnets" + + create_new_subnets: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + type: boolean + default: false + title: "Create New Subnets" + description: "Create new subnets in the existing Virtual Cloud Network" + + network_compartment_id: + visible: ${orm_create_mode} + type: oci:identity:compartment:id + title: "Network Compartment" + description: "The compartment where you want to create the network resources such as Virtual Cloud Network, security lists, route tables and gateways." + required: false + default: ${compartment_ocid} + + add_fss: + visible: ${orm_create_mode} + type: boolean + default: false + title: "Add File System" + description: "Add file system" + + add_existing_mount_target: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - not: + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: boolean + default: false + title: "Add Existing Mount Target" + description: "Use the existing mount target" + + mount_target_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - or: + - ${add_existing_mount_target} + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: oci:identity:compartment:id + required: true + title: "Mount Target Compartment" + description: "The compartment where you have existing mount target" + default: ${compartment_ocid} + + add_existing_fss: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - and: + - not: + - ${create_new_vcn} + type: boolean + default: false + title: "Existing File System" + description: "Use the existing file system" + + existing_mount_target_nsg_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - ${add_existing_nsg} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - ${add_existing_mount_target} + - not: + - ${add_existing_fss} + type: oci:core:nsg:id + title: "Network Security Group for Mount Target" + description: "The pre-created NSG that is assigned to the mount target" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + subnet_compartment_id: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:identity:compartment:id + title: "Subnet Compartment" + description: "The compartment where you have subnets created" + required: true + default: ${compartment_ocid} + + subnet_type: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: enum + title: "Subnet Type" + description: "Choose between private and public subnets. Warning - If you select a public subnet, ensure to limit the CIDR range to access WebLogic administration console ports (defaults are 7001 and 7002 for http and https)." + enum: + - "Use Private Subnet" + - "Use Public Subnet" + default: "Use Private Subnet" + + subnet_span: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: enum + title: "Subnet Span" + description: "Choose between regional and AD specific subnets" + enum: + - "Regional Subnet" + - "AD Specific Subnet" + required: true + default: "Regional Subnet" + + add_existing_nsg: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: boolean + default: false + required: true + title: "Existing Network Security Groups" + description: "Use existing Network Security Groups (NSG) for existing subnets" + + # Secured Production Mode variables + configure_secure_mode: + visible: ${orm_create_mode} + type: boolean + required: true + default: true + title: "Enable Secured Production Mode" + description: "Configure a secure domain" + + preserve_boot_properties: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: boolean + required: true + default: false + title: "Preserve the boot.properties file for administration server and managed servers" + description: "Preserve the boot.properties file for administration server and managed servers. NOTE: Leaving this unchecked (false) will result in node manager being unable to revive servers if they are killed." + + administration_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - ${configure_secure_mode} + type: integer + default: 9002 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "WebLogic Server domain-wide Administration Port" + description: "The domain-wide administration port to configure a secure WebLogic domain" + required: true + + ms_administration_port: + visible: + and: + - ${orm_create_mode} + - ${configure_wls_ports} + - ${configure_secure_mode} + type: integer + default: 9004 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "Administration Port for Managed Servers" + description: "The administration port for managed servers to configure a secure WebLogic domain" + required: true + + keystore_password_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: "oci:kms:secret:id" + minLength: 1 + maxLength: 1024 + required: true + title: "Validated Secret for Keystore password" + description: "The secret that contains the keystore password. To create secrets, see Create Secrets for Passwords." + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} + + root_ca_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + pattern: ^ocid1.certificateauthority.*$ + required: true + title: "Existing Root Certificate Authority ID" + description: "The OCID of the existing root certificate authority to issue the certificates" + + cert_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + - ${create_policies} + type: oci:identity:compartment:id + required: false + title: "Certificate Compartment" + description: "The compartment where you want to create the certificate" + default: ${network_compartment_id} + + thread_pool_limit: + visible: + and: + - ${orm_create_mode} + - and: + - ${configure_secure_mode} + type: string + default: 65536 + title: "Throttle the thread pool" + description: "Shared Capacity For Work Managers" + required: true + + wls_primary_admin_user: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + title: "WebLogic Server Admin User Name" + description: "The name of the primary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "wls_user" + minLength: 8 + maxLength: 128 + required: true + + wls_secondary_admin_user: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: string + title: "Additional WebLogic Server Admin User Name" + description: "The name of the secondary administrator in the WebLogic Server domain. The value should be between 8 and 128 characters long and alphanumeric, and can contain underscore (_) and hyphen(-) special characters, and should not be system, admin, administrator, or weblogic." + pattern: "^(?!weblogic$|administrator$)[a-zA-Z][a-zA-Z0-9_-]{7,127}$" + default: "wls_user_1" + minLength: 8 + maxLength: 128 + required: true + + wls_secondary_admin_password_id: + visible: + and: + - ${orm_create_mode} + - ${configure_secure_mode} + type: "oci:kms:secret:id" + title: "Validated Secret for WebLogic Server Admin Password" + description: "The secret that contains the administration password of the secondary administrator in the WebLogic Server domain. Use a WebLogic Administrator password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters ($ # _). For example, Ach1z0#d. To create secrets, see Create Secrets for Passwords." + required: true + dependsOn: + compartmentId: ${wls_admin_secret_compartment_id} + + # WLS Network Configuration + wls_vcn_name: + visible: + and: + - ${orm_create_mode} + - ${create_new_vcn} + type: string + default: '' + minLength: 1 + maxLength: 255 + pattern: "^[a-zA-Z_]\\w{0,254}$" + required: true + title: "Virtual Cloud Network Name" + description: "The name of the new Virtual Cloud Network (VCN) to create for this service" + + wls_existing_vcn_id: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + type: oci:core:vcn:id + dependsOn: + compartmentId: ${network_compartment_id} + required: true + default: '' + title: "Existing Network" + description: "An existing Virtual Cloud Network (VCN) in which to create the compute instances, network resources, and load balancers. Existing Virtual Cloud Network can be validated using the network validation script. See Validate Existing Network Setup" + + wls_vcn_cidr: + visible: + and: + - ${orm_create_mode} + - ${create_new_vcn} + type: string + default: 10.0.0.0/16 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + title: "Virtual Cloud Network CIDR" + description: "The CIDR to assign to the new Virtual Cloud Network (VCN) to create for this service" + + wls_subnet_cidr: + visible: + and: + - ${orm_create_mode} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + type: string + default: 10.0.2.0/24 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: "WebLogic Server Subnet CIDR" + description: "The CIDR of the new subnet to create for WebLogic Server compute instances. This field is required only if you want to use new subnets. The new subnet's CIDR should not overlap with any other subnet CIDRs." + + mount_target_subnet_cidr: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - not: + - ${add_existing_fss} + - not: + - ${add_existing_mount_target} + type: string + default: 10.0.5.0/24 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: "Mount Target Subnet CIDR" + description: "The CIDR of the new subnet to create for mount target. This field is required only if you want to use new subnets. The new subnet's CIDR should not overlap with any other subnet CIDRs." + + wls_subnet_id: + visible: + and: + - ${orm_create_mode} + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: + not: + - eq: + - ${subnet_type} + - "Use Private Subnet" + hidePublicSubnet: + not: + - eq: + - ${subnet_type} + - "Use Public Subnet" + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet for WebLogic Server" + description: "An existing subnet to use for WebLogic Server compute instances. This subnet must already be present in the chosen VCN." + + mount_target_subnet_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - ${add_existing_fss} + - not: + - ${add_existing_mount_target} + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: + not: + - eq: + - ${subnet_type} + - "Use Private Subnet" + hidePublicSubnet: + not: + - eq: + - ${subnet_type} + - "Use Public Subnet" + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet for Mount Target" + description: "An existing subnet to use for mount target. This subnet must already be present in the chosen VCN." + + assign_weblogic_public_ip: + visible: ${orm_create_mode} + type: boolean + default: true + title: "Assign Public IP Addresses to WebLogic Server" + description: "If not selected, the WebLogic Server compute instances are created in a new private subnet. The compute instances, admin console, and applications will not be directly accessible from clients that are external to Oracle Cloud." + + is_bastion_instance_required: + visible: + and: + - ${orm_create_mode} + - and: + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - eq: + - ${subnet_type} + - "Use Public Subnet" + type: boolean + default: false + title: "Provision Bastion Instance" + description: "Provision a bastion compute instance on a public subnet to provide access to the WebLogic Server compute instances on a private subnet. If this and resource manager private endpoint are not selected, you must check the status of domain creation on the compute instance using /u01/logs/provisioning.log file, and any failures during domain creation are reported." + + is_rms_private_endpoint_required: + visible: + and: + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - eq: + - ${subnet_type} + - "Use Public Subnet" + type: boolean + default: true + title: "Use Resource Manager Private Endpoint" + description: "Provision a resource manager private endpoint on a private subnet to check the provisioning status of the private resources. If this and bastion are not selected, you must check the status of domain creation on the compute instance using /u01/logs/provisioning.log file, and any failures during domain creation are reported." + + add_rms_private_endpoint: + visible: + and: + - ${is_rms_private_endpoint_required} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + type: enum + enum: + - "Use Existing Resource Manager Endpoint" + - "Create New Resource Manager Endpoint" + default: "Use Existing Resource Manager Endpoint" + title: "Create or Use Existing Resource Manager Endpoint" + description: "Configure a new or existing resource manager private endpoint." + required: true + + rms_existing_private_endpoint_id: + visible: + and: + - ${is_rms_private_endpoint_required} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - eq: + - ${add_rms_private_endpoint} + - "Use Existing Resource Manager Endpoint" + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + type: oci:resourcemanager:privateendpoint:id + required: true + title: "Resource Manager Private Endpoint" + description: "Resource manager private endpoint for private access." + + is_bastion_with_reserved_public_ip: + visible: + and: + - or: + - ${is_bastion_instance_required} + - ${create_new_vcn} + - ${create_new_subnets} + - or: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - and: + - not: + - ${create_new_subnets} + - eq: + - ${subnet_type} + - "Use Private Subnet" + type: boolean + default: false + title: "Assign Reserved Public IP to Bastion Instance" + description: "Provision a bastion compute instance with a reserved public IP" + + bastion_subnet_name: + type: string + default: 'bastion-subnet' + title: "Bastion Host Subnet Name" + description: "Subnet name for Bastion host" + + bastion_subnet_cidr: + visible: + and: + - ${orm_create_mode} + - or: + - ${is_bastion_instance_required} + - ${create_new_vcn} + - ${create_new_subnets} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + type: string + default: 10.0.1.0/24 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: "Bastion Host Subnet CIDR" + description: "The CIDR of the new public subnet to create for a Bastion compute instance. This field is required only if you did not assign public IP addresses to WebLogic Server. The new subnet's CIDR should not overlap with any other subnet CIDRs." + + bastion_subnet_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_bastion_instance_required} + - eq: + - ${subnet_type} + - "Use Private Subnet" + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: true + hidePublicSubnet: false + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet for Bastion Host" + description: "An existing public subnet to use for a Bastion compute instance. This subnet must already be present in the chosen VCN. This field is required only if you did not assign public IP addresses to WebLogic Server." + + bastion_instance_shape: + visible: + and: + - ${orm_create_mode} + - and: + - or: + - ${is_bastion_instance_required} + - ${create_new_vcn} + - ${create_new_subnets} + - eq: + - ${subnet_type} + - "Use Private Subnet" + type: oci:core:instanceshape:name + #type: oci:core:instanceshapewithflex:name + title: "Bastion Host Shape" + description: "The shape for bastion compute instance" + required: true + dependsOn: + compartmentId: ${compartment_ocid} + imageId: ${bastion_image_id} + + existing_bastion_nsg_id: + visible: + and: + - ${orm_create_mode} + - ${is_bastion_instance_required} + - ${add_existing_nsg} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + - not : + - eq: + - ${subnet_type} + - "Use Public Subnet" + type: oci:core:nsg:id + title: "Network Security Group for Bastion Host" + description: "The pre-created NSG that is assigned to the bastion instance" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + existing_admin_server_nsg_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${add_existing_nsg} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:core:nsg:id + title: "Network Security Group for WebLogic Administration Server Node" + description: "The pre-created NSG that is assigned to the virtual machine of the administration server node" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + existing_managed_server_nsg_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${add_existing_nsg} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: oci:core:nsg:id + title: "Network Security Group for WebLogic Managed Server Node" + description: "The pre-created NSG that is assigned to the virtual machine of the managed server node" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + # Load Balancer Configuration + add_load_balancer: + type: boolean + default: true + title: "Provision Load Balancer" + description: "Provision a load balancer in Oracle Cloud Infrastructure to distribute application traffic to the managed servers in the domain" + + load_balancer_strategy_new_subnet: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + type: enum + enum: + - "Create New Load Balancer" + default: "Create New Load Balancer" + title: "Create New Load Balancer" + description: "Configure a new load balancer in Oracle Cloud Infrastructure to distribute application traffic to the managed servers in the domain. Load balancer is required for metrics based autoscaling and Oracle Identity Cloud Service (IDCS)." + required: true + + load_balancer_strategy_existing_subnet: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + type: enum + enum: + - "Create New Load Balancer" + - "Use Existing Load Balancer" + default: "Create New Load Balancer" + title: "Create or Use Existing Load Balancer" + description: "Configure a new or existing load balancer in Oracle Cloud Infrastructure to distribute application traffic to the managed servers in the domain. Load balancer is required for metrics based autoscaling and Oracle Identity Cloud Service (IDCS)." + required: true + + existing_load_balancer_id: + visible: + and: + - and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: string + pattern: ^ocid1.loadbalancer.*$ + title: "Existing Load Balancer ID" + description: "The OCID of the existing load balancer. If you use an existing load balancer, the WebLogic Server nodes are added to the backend set of the existing load balancer." + required: true + + backendset_name_for_existing_load_balancer: + visible: + and: + - and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: string + title: "Existing Load Balancer Backend Set Name" + description: "Name of the backend set for the existing load balancer. The backend set should not have any associated backends. Ensure that you have configured a routing policy for the backend set." + required: true + + is_lb_private: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - eq: + - ${subnet_type} + - "Use Private Subnet" + - not: + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: boolean + default: false + title: "Private Load balancer" + description: "Provision a private load balancer" + + add_lb_reserved_public_ip_id: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - not: + - ${is_lb_private} + - not: + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: boolean + default: false + title: "Load Balancer with Reserved Public IP" + description: "Provision a load balancer with a reserved public IP" + + lb_reserved_public_ip_id: + visible: + and: + - ${add_lb_reserved_public_ip_id} + - not: + - ${is_lb_private} + - not: + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: string + title: "Reserved Public IP OCID for Load Balancer" + required: true + description: "The OCID of the reserved public IP address for the load balancer" + pattern: ^ocid1.publicip.*$ + + lb_subnet_1_cidr: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + type: string + default: 10.0.3.0/24 + pattern: "^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9]).(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\/(3[0-2]|[1-2]?[0-9])$" + required: true + title: "Load Balancer Subnet CIDR" + description: "The CIDR of the new subnet to create for the load balancer. The new subnet's CIDR should not overlap with any other subnet CIDRs." + + lb_subnet_1_id: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - not: + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Use Existing Load Balancer" + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: + not: + - ${is_lb_private} + hidePublicSubnet: ${is_lb_private} + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet for Load Balancer" + description: "An existing subnet to use for the load balancer. This subnet must already be present in the chosen VCN." + + lb_subnet_2_id: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - not: + - ${is_lb_private} + - and: + - not: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - eq: + - ${subnet_span} + - "AD Specific Subnet" + type: oci:core:subnet:id + dependsOn: + vcnId: ${wls_existing_vcn_id} + compartmentId: ${subnet_compartment_id} + hidePrivateSubnet: + not: + - ${is_lb_private} + hidePublicSubnet: ${is_lb_private} + hideRegionalSubnet: + not: + - eq: + - ${subnet_span} + - "Regional Subnet" + hideAdSubnet: + not: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + default: '' + required: true + title: "Existing Subnet 2 for Load Balancer" + description: "An existing subnet to use for the second load balancer node. This field is required only if you are not using regional subnets." + + lb_min_bandwidth: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - or: + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Create New Load Balancer" + - and: + - or: + - and: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_new_subnet} + - "Create New Load Balancer" + type: integer + title: "Minimum Bandwidth for Flexible Load Balancer" + description: "Create flexible shape load balancer with minimum bandwidth. The minimum service limit is 10 Mbps." + minimum: 10 + maximum: 8000 + default: 10 + required: true + + lb_max_bandwidth: + visible: + and: + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - or: + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Create New Load Balancer" + - and: + - or: + - and: + - ${create_new_subnets} + - not: + - ${create_new_vcn} + - and: + - or: + - ${create_new_vcn} + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_new_subnet} + - "Create New Load Balancer" + type: integer + title: "Maximum Bandwidth for Flexible Load Balancer" + description: "Create flexible shape load balancer with maximum bandwidth. The maximum service limit is 8000 Mbps. Check the service limits page in the Console to provide accurate service limits." + minimum: 10 + maximum: 8000 + default: 400 + required: true + + existing_lb_nsg_id: + visible: + and: + - ${add_existing_nsg} + - or: + - ${add_load_balancer} + - ${is_idcs_selected} + - and: + - not: + - ${create_new_vcn} + - not: + - ${create_new_subnets} + - eq: + - ${load_balancer_strategy_new_subnet} + - "Create New Load Balancer" + - eq: + - ${load_balancer_strategy_existing_subnet} + - "Create New Load Balancer" + type: oci:core:nsg:id + title: "Network Security Group for Load Balancer" + description: "The pre-created NSG that is assigned to the load balancer" + required: true + dependsOn: + compartmentId: ${network_compartment_id} + vcnId: ${wls_existing_vcn_id} + + create_policies: + type: boolean + title: "OCI Policies" + description: "Create policies to read Secrets from Vault and manage Autonomous Transaction Processing Database (if applicable). Deselecting this option is for Advanced users only. Before you deselect the check box, see Create Root Policies to create the required groups and relevant policies." + required: false + default: true + + enable_osmh: + type: boolean + title: "Enable OS Management Hub" + description: "Enable OSMH plugin for Management" + required: true + default: true + + # Tagging variables + create_service_tag: + visible: ${orm_create_mode} + type: boolean + title: "Add Tags" + default: false + description: "Add tags to the resources created by the WebLogic for OCI stack" + + service_tags: + visible: + and: + - ${orm_create_mode} + - ${create_service_tag} + type: oci:identity:tag:value + title: "Service Tagging" + required: false + + # IDCS variables + is_idcs_selected: + type: boolean + default: false + title: "Enable Authentication Using Identity Cloud Service" + description: "Authenticate WebLogic Server users against Oracle Identity Cloud Service (IDCS). If not selected, WebLogic Server uses the local identity store. If you select the check box, load balancer will be provisioned." + visible: ${orm_create_mode} + + idcs_host: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: string + minLength: 1 + maxLength: 1024 + title: "IDCS Host Domain Name" + description: "The domain name for the host that you use to access Identity Cloud Service" + required: true + default: "identity.oraclecloud.com" + + idcs_port: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: integer + default: 443 + minimum: 0 + maximum: 65535 + multipleOf: 1 + title: "IDCS Port" + description: "The port number that you use to access Identity Cloud Service" + required: true + + idcs_tenant: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: string + minLength: 1 + maxLength: 1024 + title: "IDCS Tenant" + description: "The ID of your Identity Cloud Service tenant, which typically has the format idcs-{guid}, and is part of the host name that you use to access Identity Cloud Service" + required: true + + idcs_client_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: string + minLength: 1 + maxLength: 1024 + title: "IDCS Client ID" + description: "The client ID of a confidential application in Identity Cloud Service that is used to create the necessary artifacts in Identity Cloud Service. This application needs to be configured as client, and has to be granted with access to Identity Cloud Service Admin APIs, with Identity Domain Administrator app role. See Create a Confidential Application." + required: true + + idcs_secret_compartment_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: oci:identity:compartment:id + title: "IDCS Secret Compartment" + description: "The compartment where you have the IDCS secret" + required: true + default: ${compartment_ocid} + + idcs_client_secret_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: "oci:kms:secret:id" + minLength: 1 + maxLength: 1024 + title: "Validated Secret for IDCS Client" + description: "The secret that contains the client secret of the confidential application password in IDCS, which is used to create the necessary artifacts in IDCS. To create secrets, see Create Secrets for Passwords." + required: true + dependsOn: + compartmentId: ${idcs_secret_compartment_id} + + idcs_cloudgate_port: + visible: + and: + - ${orm_create_mode} + - and: + - ${is_idcs_selected} + type: integer + default: 9999 + minimum: 1024 + maximum: 65535 + multipleOf: 1 + title: "IDCS Redirect Port" + description: "The listen port for the Identity Cloud Service App Gateway, which authenticates requests and redirects them to WebLogic Server" + required: true + + fss_availability_domain: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - not: + - and: + - eq: + - ${subnet_span} + - "AD Specific Subnet" + - not: + - ${add_existing_fss} + - not: + - ${add_existing_mount_target} + type: oci:identity:availabilitydomain:name + title: "File System Availability Domain" + description: "The name of the availability domain for the file system and mount target" + dependsOn: + compartmentId: ${compartment_ocid} + required: true + + fss_compartment_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: oci:identity:compartment:id + required: true + title: "Existing File System Compartment" + description: "The compartment where the file system exists" + default: ${compartment_ocid} + + mount_target_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - or: + - ${add_existing_mount_target} + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: oci:mount:target:id + title: "Existing Mount Target" + description: "The existing mount target to select from file system availability domain and mount target compartment" + dependsOn: + compartmentId: ${mount_target_compartment_id} + availabilityDomain: ${fss_availability_domain} + required: true + + existing_fss_id: + visible: + and: + - ${orm_create_mode} + - ${add_fss} + - ${add_existing_fss} + - not: + - ${create_new_vcn} + type: string + title: "Existing File System ID" + description: "The Oracle Cloud Identifier (OCID) of your existing file system. The existing file system must be in the same availability domain as the existing mount target." + pattern: ^$|^ocid1.filesystem.*$ + required: true + + use_oci_logging: + type: boolean + default: false + title: "Enable Exporting Logs to OCI Logging Service" + description: "Enable logging service integration for WebLogic instances" + + dynamic_group_id: + visible: + and: + - ${use_oci_logging} + - not: + - ${create_policies} + type: oci:identity:dynamicgroups:id + title: "Dynamic Group OCID for WebLogic Server Instances" + dependsOn: + compartmentId: ${tenancy_ocid} + description: "The OCID of the dynamic group that contains the WebLogic instances from which logs will be exported to OCI Logging Service." + required: true + + image_mode: + visible: + not: + - ${orm_create_mode} + type: enum + title: "Image for Scale Out" + description: "The selected image is used for scale out. A BYOL image requires a WebLogic License with valid support contract. UCM images are charged per OCPU/hour for the entitlement and WebLogic support." + required: true + enum: + - "Oracle WebLogic Server BYOL Image" + - "Oracle WebLogic Server Enterprise Edition UCM Image" + default: "Oracle WebLogic Server BYOL Image" + + terms_and_conditions: + visible: + and: + - eq: + - ${image_mode} + - "Oracle WebLogic Server Enterprise Edition UCM Image" + type: boolean + default: false + title: "Terms of use" + description: "I have reviewed and accept the Oracle terms of use" + required: true + + use_apm_service: + type: boolean + default: false + title: "Enable Application Performance Monitoring" + description: "Enable Application Performance Monitoring for WebLogic instances, which is required for automatic scaling of the stack. If you automatically scale the stack, you must not unselect the Enable Application Performance Monitoring option when editing the stack." + + apm_domain_compartment_id: + visible: + -or: + - ${use_apm_service} + - ${use_autoscaling} + type: oci:identity:compartment:id + title: "Application Performance Monitoring Domain Compartment" + description: "The compartment where you have the Application Performance Monitoring domain to be used by this WebLogic instance" + required: true + default: ${compartment_ocid} + + apm_domain_id: + visible: + -or: + - ${use_apm_service} + - ${use_autoscaling} + type: oci:apm:domain:id + title: "Application Performance Monitoring Domain" + description: "The Application Performance Monitoring domain used by this WebLogic instance" + required: true + dependsOn: + compartmentId: ${apm_domain_compartment_id} + + apm_private_data_key_name: + visible: + -or: + - ${use_apm_service} + - ${use_autoscaling} + type: string + title: "Application Performance Monitoring Private Data Key Name" + description: "The name of the private data key used by this WebLogic instance to push metrics to the Application Performance Monitoring domain" + required: true + + use_autoscaling: + visible: + and: + - ${orm_create_mode} + type: boolean + default: false + title: "Enable Autoscaling" + description: "Enable Auto Scaling of WebLogic Instances based on WebLogic Monitoring Metrics. If you select the check box, Application Performance Monitoring will be enabled." + +# Metric based autoscaling UI + wls_metric: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + type: enum + title: "WebLogic Monitoring Metrics" + description: "WebLogic monitoring metrics type" + enum: + - CPU Load + - Used Heap Percent + - Queue Length + - Stuck Threads + default: CPU Load + required: true + + min_threshold_percent: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - or: + - eq: + - ${wls_metric} + - "CPU Load" + - eq: + - ${wls_metric} + - "Used Heap Percent" + + type: integer + title: "Minimum Threshold Percent" + description: "Minimum Threshold Percent for the metric" + minimum: 0 + maximum: 100 + required: true + + max_threshold_percent: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - or: + - eq: + - ${wls_metric} + - "CPU Load" + - eq: + - ${wls_metric} + - "Used Heap Percent" + + type: integer + title: "Maximum Threshold Percent" + description: "Maximum threshold percentage for the metric" + minimum: 0 + maximum: 100 + required: true + + min_threshold_counter: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - or: + - eq: + - ${wls_metric} + - "Queue Length" + - eq: + - ${wls_metric} + - "Stuck Threads" + type: integer + title: "Minimum Threshold Counter" + description: "Minimum threshold counter for the metric" + minimum: 0 + required: true + + max_threshold_counter: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - or: + - eq: + - ${wls_metric} + - "Queue Length" + - eq: + - ${wls_metric} + - "Stuck Threads" + type: integer + title: "Maximum Threshold Counter" + description: "Maximum threshold counter for the metric" + minimum: 0 + required: true + +# Common autoscaling UI + ocir_user: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + type: string + title: "Registry User Name" + description: "The user name to access the Oracle Cloud Infrastructure Registry (OCIR) for deploying autoscaling OCI functions, which has the format {identity domain name}/{username}. If your tenancy is using Oracle Identity Cloud Service, use the format oracleidentitycloudservice/{username}." + required: true + + ocir_auth_token_compartment_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - ${config_observability} + type: oci:identity:compartment:id + title: "OCIR Auth Token Secret Compartment" + description: "The compartment where you have the OCIR auth token" + required: true + default: ${compartment_ocid} + + ocir_auth_token_id: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + - and: + - ${config_observability} + type: "oci:kms:secret:id" + title: "Validated Secret for OCIR Auth Token" + description: "The secret that contains the OCIR auth token that you generated for the user to access the image registry" + required: true + dependsOn: + compartmentId: ${ocir_auth_token_compartment_id} + + notification_email: + visible: + and: + - ${orm_create_mode} + - and: + - ${use_autoscaling} + type: string + title: "Notification Email" + description: "Email address to which scaling notifications are sent" + pattern: ^$|^(?!^[.+&'_-]*@.*$)(^[_\w\d+&'-]+(\.[_\w\d+&'-]*)*@[\w\d-]+(\.[\w\d-]+)*\.(([\d]{1,3})|([\w]{2,}))$)$ + required: false + + # Hidden Variables + mount_path: + type: string + title: "Mount Path on the WebLogic Server instances" + description: "The path to mount the file system on the WebLogic Server instances" + + mode: + type: enum + title: "Terraform mode" + description: "Select Terraform mode for development or production. In development mode, local VM scripts zip is seeded on WLS VMs." + enum: + - PROD + - DEV + default: PROD + + wls_subnet_name: + type: string + default: 'wls-subnet' + title: "WebLogic Server Subnet Name" + description: "The name of the new subnet to create for WebLogic Server compute instances. This field is required only if you want to use an existing VCN." + + lb_subnet_1_name: + type: string + default: 'lb-subnet-1' + title: "Load Balancer Subnet Name" + description: "The name of the new subnet to create for the load balancer" + + lb_subnet_2_name: + type: string + default: 'lb-subnet-2' + title: "Load Balancer Subnet 2 Name" + description: "The name of the subnet to create for the second load balancer node. This field is required only if you are not using regional subnets." + + user_id: + type: string + + private_key_path: + type: string + + fingerprint: + type: string + + wls_edition: + type: string + + use_regional_subnet: + type: boolean + + use_marketplace_image: + type: boolean + default: true + + use_bastion_marketplace_image: + type: boolean + default: true + + listing_resource_version: + type: string + + listing_id: + type: string + + tf_script_version: + type: string + + # tenancy_ocid, compartment_ocid, and user_ocid are predefined variables. Do not change them. + + tenancy_ocid: + type: string + title: "Tenancy ID" + description: "The Oracle Cloud Identifier (OCID) for your tenancy" + required: true + + region: + type: oci:identity:region:name + title: "Region" + description: "The region in which to create all resources" + required: true + + log_level: + type: enum + title: "Log Level" + description: "Log level" + enum: + - DEBUG + - INFO + default: INFO + + bastion_image_id: + type: string + title: "Base Linux Instance OCID" + description: "The Oracle Cloud Identifier (OCID) for PIC image" + + bastion_listing_id: + type: string + title: "Base Linux Marketplace listing Id" + description: "The Base Linux Marketplace listing Id for PIC image" + + bastion_listing_resource_version: + type: string + title: "Base Linux Marketplace listing version" + description: "The Base Linux Marketplace listing version for PIC image" + + compartment_ocid: + type: oci:identity:compartment:id + title: "WebLogic Server Compartment" + description: "The compartment in which to create the WebLogic Server compute instances" + required: true + + wls_version: + type: enum + title: "Weblogic Server Version" + description: "The version of WebLogic Server to provision" + enum: + - 12.2.1.4 + - 14.1.1.0 + - 14.1.2.0 + - 15.1.1.0 + default: 12.2.1.4 diff --git a/terraform/weblogic_variables.tf b/terraform/weblogic_variables.tf index d011ed94..8eb24574 100644 --- a/terraform/weblogic_variables.tf +++ b/terraform/weblogic_variables.tf @@ -1,13 +1,13 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. variable "wls_version" { type = string - description = "The WebLogic version to be installed for this stack. Accepted values are: 12.2.1.4, 14.1.1.0, 14.1.2.0" + description = "The WebLogic version to be installed for this stack. Accepted values are: 12.2.1.4, 14.1.1.0, 14.1.2.0, 15.1.1.0" default = "12.2.1.4" validation { - condition = contains(["12.2.1.4", "14.1.1.0","14.1.2.0"], var.wls_version) - error_message = "WLSC-ERROR: Allowed values for wls_version are 12.2.1.4, 14.1.1.0 & 14.1.2.0." + condition = contains(["12.2.1.4", "14.1.1.0","14.1.2.0","15.1.1.0"], var.wls_version) + error_message = "WLSC-ERROR: Allowed values for wls_version are 12.2.1.4, 14.1.1.0, 14.1.2.0, 15.1.1.0." } } @@ -70,6 +70,16 @@ variable "wls_14120_jdk_version" { } } +variable "wls_15110_jdk_version" { + type = string + description = "JDK version to use when installing WebLogic 15.1.1.0 version. Ignored when WebLogic version is not 15.1.1.0. Allowed values: jdk21, jdk17" + default = "jdk17" + validation { + condition = contains(["jdk17", "jdk21"], var.wls_15110_jdk_version) + error_message = "WLSC-ERROR: Allowed values for wls_15110_jdk_version are jdk17, jdk21." + } +} + # Variable used in UI only variable "configure_wls_ports" { type = bool From af2789066217a963033cfa9d5376f55cb28a24ec Mon Sep 17 00:00:00 2001 From: telake Date: Fri, 17 Oct 2025 09:12:07 -0700 Subject: [PATCH 58/61] Adjust copyright headers Adjust copyright headers --- builds/build_orm_dev.sh | 2 +- terraform/modules/policies/locals.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/builds/build_orm_dev.sh b/builds/build_orm_dev.sh index 25962446..da23ffe5 100644 --- a/builds/build_orm_dev.sh +++ b/builds/build_orm_dev.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. ####################################################################################################### diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index 936da215..706c83e5 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -1,4 +1,4 @@ -# Copyright (c) 2023, 2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. locals { From 0b93ed0e85f2176bf220911aeed19c0e3cf14334 Mon Sep 17 00:00:00 2001 From: telake Date: Fri, 17 Oct 2025 09:36:43 -0700 Subject: [PATCH 59/61] Variable description to include all supported WLS versions (#337) Variable description to include all supported WLS versions --- terraform/modules/compute/wls_compute/wls_variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/compute/wls_compute/wls_variables.tf b/terraform/modules/compute/wls_compute/wls_variables.tf index a0445140..e6452526 100644 --- a/terraform/modules/compute/wls_compute/wls_variables.tf +++ b/terraform/modules/compute/wls_compute/wls_variables.tf @@ -167,7 +167,7 @@ variable "wls_admin_server_wait_timeout_mins" { variable "wls_version" { type = string - description = "The WebLogic version to be installed in this instance. Accepted values are: 12.2.1.4, 14.1.1.0" + description = "The WebLogic version to be installed in this instance. Accepted values are: 12.2.1.4, 14.1.1.0, 14.1.2.0, 15.1.1.0" validation { condition = contains(["12.2.1.4", "14.1.1.0", "14.1.2.0", "15.1.1.0"], var.wls_version) error_message = "WLSC-ERROR: WebLogic Versions 12.2.1.4 , 14.1.1.0, 14.1.2.0, and 15.1.1.0 are the only versions supported." From 1717369949227ba03472c51a47e0a1289e5c31f6 Mon Sep 17 00:00:00 2001 From: telake Date: Mon, 20 Oct 2025 22:07:34 -0700 Subject: [PATCH 60/61] Remove policy statement for WLMS access. (#338) Remove WLMS policy since WLMS is being deprecated. --- terraform/modules/policies/locals.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf index 706c83e5..4f642981 100644 --- a/terraform/modules/policies/locals.tf +++ b/terraform/modules/policies/locals.tf @@ -47,10 +47,9 @@ locals { cloning_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to inspect compartments in tenancy" cloning_policy_statement = compact([local.cloning_policy_statement1, local.cloning_policy_statement2]) - # These policy statements are required for enabling the plugin + # These policy statements are required for disabling the OSMS plugin plugin_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage instance-agent-plugins in compartment id ${var.compartment_id}" - plugin_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use wlms-managed-instance-plugins in tenancy" - plugin_policy_statement = compact([local.plugin_policy_statement1, local.plugin_policy_statement2]) + plugin_policy_statement = compact([local.plugin_policy_statement1]) # Policies required for enabling the OSMH plugin osmh_policy_statement1 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in compartment id ${var.compartment_id}" : "" From 20804a2f5d785fcc0d2ab20857803f32d6c36539 Mon Sep 17 00:00:00 2001 From: Rajesh Chavan Date: Tue, 28 Oct 2025 20:01:03 +0530 Subject: [PATCH 61/61] Merge release 25.4.1 changes to development (#343) Merge release 25.4.1 changes to development --------- Co-authored-by: Rajesh Chavan --- builds/build_mp_bundles.sh | 163 ++++++++++++++++++-- terraform/images/mp_image_ee_byol.tfvars | 12 +- terraform/images/mp_image_ee_ucm.tfvars | 8 +- terraform/images/mp_image_se_byol.tfvars | 8 +- terraform/images/mp_image_suite_byol.tfvars | 12 +- terraform/images/mp_image_suite_ucm.tfvars | 8 +- 6 files changed, 178 insertions(+), 33 deletions(-) diff --git a/builds/build_mp_bundles.sh b/builds/build_mp_bundles.sh index 579738cd..2fcfd70c 100644 --- a/builds/build_mp_bundles.sh +++ b/builds/build_mp_bundles.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright (c) 2023, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. ############################################################ @@ -10,10 +10,10 @@ help() { echo "Build the Oracle Resource Manager (ORM) bundles to deploy in Marketplace" echo - echo "Arguments: build_mp_bundles.sh -e|--edition -v|--version <12.2.1.4|14.1.1.0|14.1.2.0> -t|--type --all" + echo "Arguments: build_mp_bundles.sh -e|--edition -v|--version <12.2.1.4|14.1.1.0|14.1.2.0|15.1.1.0> -t|--type --all" echo "options:" echo "-e, --edition WebLogic edition. Supported values are EE, SUITE, or SE. Optional when --all option is provided" - echo "-v, --version WebLogic version. Supported values are 12.2.1.4 or 14.1.1.0 or 14.1.2.0. Optional when --all option is provided" + echo "-v, --version WebLogic version. Supported values are 12.2.1.4 or 14.1.1.0 or 14.1.2.0 or 15.1.1.0. Optional when --all option is provided" echo "-t, --type Type of bundle. Supported values are UCM or BYOL. Optional when --all option is provided" echo "--all All bundles" echo @@ -78,7 +78,7 @@ validate() echo "WebLogic version is not provided" help exit 1 - elif [ "${WLS_VERSION}" != "12.2.1.4" ] && [ "${WLS_VERSION}" != "14.1.1.0" ] && [ "${WLS_VERSION}" != "14.1.2.0" ]; then + elif [ "${WLS_VERSION}" != "12.2.1.4" ] && [ "${WLS_VERSION}" != "14.1.1.0" ] && [ "${WLS_VERSION}" != "14.1.2.0" ] && [ "${WLS_VERSION}" != "15.1.1.0" ]; then echo "Please provide valid WebLogic version" help exit 1 @@ -134,6 +134,13 @@ create_ucm_ee_14120() replace_ucm_ee_14120_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-ucm-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) } +create_ucm_ee_15110() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_15110.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_ucm_ee_15110_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-ucm-mp-15110.zip *; rm -Rf ${TMP_BUILD}/*) +} create_ucm_suite_12214() { cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema.yaml ${TMP_BUILD} @@ -155,6 +162,13 @@ create_ucm_suite_14120() replace_ucm_suite_14120_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-suite-ucm-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) } +create_ucm_suite_15110() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_15110.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_ucm_suite_15110_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-suite-ucm-mp-15110.zip *; rm -Rf ${TMP_BUILD}/*) +} create_byol_ee_12214() { cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema.yaml ${TMP_BUILD} @@ -176,6 +190,13 @@ create_byol_ee_14120() replace_byol_ee_14120_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-byol-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) } +create_byol_ee_15110() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_15110.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_byol_ee_15110_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-ee-byol-mp-15110.zip *; rm -Rf ${TMP_BUILD}/*) +} create_byol_suite_12214() { cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema.yaml ${TMP_BUILD} @@ -197,6 +218,13 @@ create_byol_suite_14120() replace_byol_suite_14120_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-suite-byol-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) } +create_byol_suite_15110() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_15110.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_byol_suite_15110_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-suite-byol-mp-15110.zip *; rm -Rf ${TMP_BUILD}/*) +} create_byol_standard_12214() { cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema.yaml ${TMP_BUILD} @@ -218,6 +246,13 @@ create_byol_standard_14120() replace_byol_se_14120_variables (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-se-byol-mp-14120.zip *; rm -Rf ${TMP_BUILD}/*) } +create_byol_standard_15110() +{ + cp -Rf ${SCRIPT_DIR}/../terraform/modules ${SCRIPT_DIR}/../terraform/*.tf ${SCRIPT_DIR}/../terraform/schema_15110.yaml ${TMP_BUILD} + cp -f ${SCRIPT_DIR}/../terraform/orm/orm_provider.tf ${TMP_BUILD}/provider.tf + replace_byol_se_15110_variables + (cd ${TMP_BUILD}; zip -r ${SCRIPT_DIR}/binaries/wlsoci-resource-manager-se-byol-mp-15110.zip *; rm -Rf ${TMP_BUILD}/*) +} replace_byol_ee_12214_variables() { @@ -281,6 +316,27 @@ replace_byol_ee_14120_variables() sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_byol_ee_15110_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_byol.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"15.1.1.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_instance_image_id" {/!b;n;n;n;cdefault = '"${ucm_instance_image_id}"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_listing_id" {/!b;n;n;n;cdefault = '"$ucm_listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_listing_resource_version" {/!b;n;n;n;cdefault = '"$ucm_listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_15110.yaml + sed -i 's/#- ${image_mode}/- ${image_mode}/' ${TMP_BUILD}/schema_15110.yaml + sed -i 's/#- ${terms_and_conditions}/- ${terms_and_conditions}/' ${TMP_BUILD}/schema_15110.yaml + sed -i ':a;$!{N;ba};s/- ${image_mode}/#- ${image_mode}/2' ${TMP_BUILD}/schema_15110.yaml + sed -i ':a;$!{N;ba};s/- ${terms_and_conditions}/#- ${terms_and_conditions}/2' ${TMP_BUILD}/schema_15110.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} replace_byol_se_12214_variables() { export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_se_byol.tfvars @@ -337,6 +393,25 @@ replace_byol_se_14120_variables() get_mp_values sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_byol_se_15110_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_se_byol.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i 's/default = "EE"/default = "SE"/' ${TMP_BUILD}/edition.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"15.1.1.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_15110.yaml + sed -i 's/#- ${use_autoscaling}/- ${use_autoscaling}/' ${TMP_BUILD}/schema_15110.yaml + sed -i ':a;$!{N;ba};s/- ${use_autoscaling}/#- ${use_autoscaling}/1' ${TMP_BUILD}/schema_15110.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_byol.tfvars + get_mp_values + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} replace_byol_suite_12214_variables() { export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_byol.tfvars @@ -402,6 +477,28 @@ replace_byol_suite_14120_variables() sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_byol_suite_15110_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_byol.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i 's/default = "EE"/default = "SUITE"/' ${TMP_BUILD}/edition.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"15.1.1.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_instance_image_id" {/!b;n;n;n;cdefault = '"${ucm_instance_image_id}"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_listing_id" {/!b;n;n;n;cdefault = '"$ucm_listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "ucm_listing_resource_version" {/!b;n;n;n;cdefault = '"$ucm_listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_15110.yaml + sed -i 's/#- ${image_mode}/- ${image_mode}/' ${TMP_BUILD}/schema_15110.yaml + sed -i 's/#- ${terms_and_conditions}/- ${terms_and_conditions}/' ${TMP_BUILD}/schema_15110.yaml + sed -i ':a;$!{N;ba};s/- ${image_mode}/#- ${image_mode}/2' ${TMP_BUILD}/schema_15110.yaml + sed -i ':a;$!{N;ba};s/- ${terms_and_conditions}/#- ${terms_and_conditions}/2' ${TMP_BUILD}/schema_15110.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} replace_ucm_suite_12214_variables() { export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_ucm.tfvars @@ -452,6 +549,23 @@ replace_ucm_suite_14120_variables() get_mp_values sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_ucm_suite_15110_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_ucm.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i 's/default = "EE"/default = "SUITE"/' ${TMP_BUILD}/edition.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"15.1.1.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_15110.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_suite_byol.tfvars + get_mp_values + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} replace_ucm_ee_12214_variables() { export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_ucm.tfvars @@ -499,6 +613,22 @@ replace_ucm_ee_14120_variables() get_mp_values sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf } +replace_ucm_ee_15110_variables() +{ + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_ucm.tfvars + get_mp_values + sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf + sed -i '/variable "wls_version" {/!b;n;n;n;cdefault = \"15.1.1.0\"' ${TMP_BUILD}/weblogic_variables.tf + sed -i '/variable "instance_image_id" {/!b;n;n;n;cdefault = '"$instance_image_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "use_marketplace_image" {/!b;n;n;n;cdefault = '"true"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_id" {/!b;n;n;n;cdefault = '"$listing_id"'' ${TMP_BUILD}/mp_variables.tf + sed -i '/variable "listing_resource_version" {/!b;n;n;n;cdefault = '"$listing_resource_version"'' ${TMP_BUILD}/mp_variables.tf + sed -i 's/#- ${instance_image_id}/- ${instance_image_id}/' ${TMP_BUILD}/schema_15110.yaml + sed -i '/main_mktpl_image/ { n; s/ocid = ""/ocid = '"${instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf + export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/images/mp_image_ee_byol.tfvars + get_mp_values + sed -i '/ucm_image/ { n; s/ocid = ""/ocid = '"${ucm_instance_image_id}"'/; }' ${TMP_BUILD}/oci_images.tf +} get_mp_values() { @@ -515,18 +645,23 @@ if [ "${CREATE_ALL_BUNDLES}" == "true" ]; then create_ucm_ee_12214 create_ucm_ee_14110 create_ucm_ee_14120 + create_ucm_ee_15110 create_ucm_suite_12214 create_ucm_suite_14110 create_ucm_suite_14120 + create_ucm_suite_15110 create_byol_ee_12214 create_byol_ee_14110 create_byol_ee_14120 + create_byol_ee_15110 create_byol_suite_12214 create_byol_suite_14110 create_byol_suite_14120 + create_byol_suite_15110 create_byol_standard_12214 create_byol_standard_14110 create_byol_standard_14120 + create_byol_standard_15110 else if [ "${BUNDLE_TYPE}" == "UCM" ]; then if [ "${WLS_EDITION}" == "EE" ]; then @@ -534,8 +669,10 @@ else create_ucm_ee_12214 elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_ucm_ee_14110 + elif [ "${WLS_VERSION}" == "14.1.2.0" ]; then + create_ucm_ee_14120 else - create_ucm_ee_14120 + create_ucm_ee_15110 fi elif [ "${WLS_EDITION}" == "SUITE" ]; then @@ -543,8 +680,10 @@ else create_ucm_suite_12214 elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_ucm_suite_14110 + elif [ "${WLS_VERSION}" == "14.1.2.0" ]; then + create_ucm_suite_14120 else - create_ucm_suite_14120 + create_ucm_suite_15110 fi fi else @@ -553,24 +692,30 @@ else create_byol_ee_12214 elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_byol_ee_14110 + elif [ "${WLS_VERSION}" == "14.1.2.0" ]; then + create_byol_ee_14120 else - create_byol_ee_14120 + create_byol_ee_15110 fi elif [ "${WLS_EDITION}" == "SUITE" ]; then if [ "${WLS_VERSION}" == "12.2.1.4" ]; then create_byol_suite_12214 elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_byol_suite_14110 + elif [ "${WLS_VERSION}" == "14.1.2.0" ]; then + create_byol_suite_14120 else - create_byol_suite_14120 + create_byol_suite_15110 fi else if [ "${WLS_VERSION}" == "12.2.1.4" ]; then create_byol_se_12214 elif [ "${WLS_VERSION}" == "14.1.1.0" ]; then create_byol_se_14110 + elif [ "${WLS_VERSION}" == "14.1.2.0" ]; then + create_byol_se_14120 else - create_byol_se_14120 + create_byol_se_15110 fi fi fi diff --git a/terraform/images/mp_image_ee_byol.tfvars b/terraform/images/mp_image_ee_byol.tfvars index 38836a2d..6f4c137c 100644 --- a/terraform/images/mp_image_ee_byol.tfvars +++ b/terraform/images/mp_image_ee_byol.tfvars @@ -1,13 +1,13 @@ -# Copyright (c) 2023,2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.3.1-250719002626" +tf_script_version = "25.4.1-251024040114" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaawd5ti5ldjzdppppi675onvo3mvjcwt64jjey7rib3beau2ngkl2q" -listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaau76znd35hrciub7wfojcgfq435bqpehv4ry4fcmom74b7l7zw4ta" +listing_resource_version = "25.4.1-ol8.8-23.12.13-251024-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaajtldbwdlrovciafil4vjkcfkp26qpnpuajyyiphnmitfuo2ix6la" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -ucm_listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaajf5gc2zhxbzbfhvnujt6k2do3rd4wfjqspuq6gmtm2qhhberjttq" +ucm_listing_resource_version = "25.4.1-ol8.8-23.12.13-251024-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaanptrtarff3qsf46hhy37j66jl7mps227t65ur2vu2msjbxoye2ba" diff --git a/terraform/images/mp_image_ee_ucm.tfvars b/terraform/images/mp_image_ee_ucm.tfvars index 245fed95..c778d1e1 100644 --- a/terraform/images/mp_image_ee_ucm.tfvars +++ b/terraform/images/mp_image_ee_ucm.tfvars @@ -1,9 +1,9 @@ -# Copyright (c) 2023,2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.3.1-250719002626" +tf_script_version = "25.4.1-251024040114" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaa653zc2e4fsem5hhwinmfgnv3xp4dmbq6c6gvf45okxf6xz3smhiq" -listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaajf5gc2zhxbzbfhvnujt6k2do3rd4wfjqspuq6gmtm2qhhberjttq" +listing_resource_version = "25.4.1-ol8.8-23.12.13-251024-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaanptrtarff3qsf46hhy37j66jl7mps227t65ur2vu2msjbxoye2ba" diff --git a/terraform/images/mp_image_se_byol.tfvars b/terraform/images/mp_image_se_byol.tfvars index 9a795e0f..e442980f 100644 --- a/terraform/images/mp_image_se_byol.tfvars +++ b/terraform/images/mp_image_se_byol.tfvars @@ -1,8 +1,8 @@ -# Copyright (c) 2023,2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.3.1-250719002626" +tf_script_version = "25.4.1-251024040114" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaalcwal6mfwjbezzqyj3waoxrvigml4n3lcn3hfday3ozetjqn25a" -listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaajzkamkicy6azk2deaudb363i7z7elwniunootc3v6755p3kfjv3a" +listing_resource_version = "25.4.1-ol8.8-23.12.13-251024-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaas47qu7iigcabaswrne454qfruzcyxcixdwqy32zj6iqx7q2kfmaa" diff --git a/terraform/images/mp_image_suite_byol.tfvars b/terraform/images/mp_image_suite_byol.tfvars index 5775a733..e087a596 100644 --- a/terraform/images/mp_image_suite_byol.tfvars +++ b/terraform/images/mp_image_suite_byol.tfvars @@ -1,12 +1,12 @@ -# Copyright (c) 2023,2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.3.1-250719002626" +tf_script_version = "25.4.1-251024040114" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaajl5w3d76x5vdc4n7oqjpsxh4jtwivclvvp6gj4em3kufju6sftga" -listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" -instance_image_id = "ocid1" +listing_resource_version = "25.4.1-ol8.8-23.12.13-251024-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaad555thklryolvtso5y7pw67kuzzhz23qwiowuczuhwiwhgtc3xrq" ucm_listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -ucm_listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" -ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaa45odr7hkyw7dm7x3ho2s57iywvwahf5654njhpb7f6fvziz4w42q" +ucm_listing_resource_version = "25.4.1-ol8.8-23.12.13-251024-1" +ucm_instance_image_id = "ocid1.image.oc1..aaaaaaaag7grvrv2xnjuiulzx4hotcdx77ljdfmgojjiiyh4vjah6ozg5mba" diff --git a/terraform/images/mp_image_suite_ucm.tfvars b/terraform/images/mp_image_suite_ucm.tfvars index 259ae8fa..ccd32452 100644 --- a/terraform/images/mp_image_suite_ucm.tfvars +++ b/terraform/images/mp_image_suite_ucm.tfvars @@ -1,8 +1,8 @@ -# Copyright (c) 2023,2024, Oracle and/or its affiliates. +# Copyright (c) 2023, 2025, Oracle and/or its affiliates. # Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl. -tf_script_version = "25.3.1-250719002626" +tf_script_version = "25.4.1-251024040114" use_marketplace_image = true listing_id = "ocid1.appcataloglisting.oc1..aaaaaaaaq2vkow7zwkxg6ky4zxsnckdlfgtgmg7i4kkyev3y6zyo72mpkgza" -listing_resource_version = "25.3.1-ol8.8-23.12.13-250719-1" -instance_image_id = "ocid1.image.oc1..aaaaaaaa45odr7hkyw7dm7x3ho2s57iywvwahf5654njhpb7f6fvziz4w42q" +listing_resource_version = "25.4.1-ol8.8-23.12.13-251024-1" +instance_image_id = "ocid1.image.oc1..aaaaaaaag7grvrv2xnjuiulzx4hotcdx77ljdfmgojjiiyh4vjah6ozg5mba"