diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/.gitignore b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/.gitignore new file mode 100755 index 000000000..8e0755c51 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/.gitignore @@ -0,0 +1,11 @@ +.terraform +terraform.tfstate +terraform.tfstate.backup +TF_VARS.sh +*.tfvars +*.pem +*.p12 +cluster_admin_oci_config.txt +.terraform.tfstate.lock.info +fromtf.auto.yaml +.terraform.lock.hcl diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/LICENSE b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/LICENSE new file mode 100755 index 000000000..21c0d2760 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/LICENSE @@ -0,0 +1,26 @@ +Copyright (c) 2022, Oracle and/or its affiliates. +Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this +software, associated documentation and/or data (collectively the "Software"), free of charge and under any and +all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor +hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or +(ii) the Larger Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software +(each a “Larger Work” to which the Software is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create derivative works of, display, +perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have +sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must +be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF +CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/README.md b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/README.md new file mode 100755 index 000000000..720f020e6 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/README.md @@ -0,0 +1,416 @@ +# Terraform scripts for Deploying Oracle WebCenter Sites on Kubernetes + +#### Disclaimer + +This deployment of Oracle WebCenter Sites makes use of the Terraform scripts and Oracle WebCenter Sites Helm Chart based on the [fmw-kubernetes](https://github.com/oracle/fmw-kubernetes) release. + +#### Caveats + +Although this release follows the same flow as the [fmw-kubernetes](https://github.com/oracle/fmw-kubernetes) release, only the Traefik ingress controller is currently supported. + +#### Contents + +* [Prerequisites](#prerequisites) +* [Installation](#installation) +* [Access the Deployment](#access-the-deployment) +* [Deploying with Sub-domain and SSL](#deploying-with-sub-domain-and-ssl) +* [Configure WebCenter Sites](#configure-webcenter-sites) + + +### Prerequisites + +This terraform deployment requires the prior installation of the following: + +- **terraform >= 0.14** + + [tfswitch](https://tfswitch.warrensbox.com/Install/) can be used for flexibility of working with multiple versions of terraform, but it is only available on Linux and Mac OS X, for Windows or if you prefer to install the base software, see [https://learn.hashicorp.com/tutorials/terraform/install-cli](https://learn.hashicorp.com/tutorials/terraform/install-cli) for basic installation instructions. + +- **kubectl >= 1.18.10 (the Kubernetes cli)** + + See [https://kubernetes.io/docs/tasks/tools/install-kubectl/](https://kubernetes.io/docs/tasks/tools/install-kubectl/) for installation instructions, although kubectl is usually installed as part of Docker Desktop, so if you use Docker it is likely already installed. + +- **helm >= 3.5.4** + + Helm is a kubernetes deployment package manager. The OCI Service Broker is packaged in a Helm chart, and so is the etcd cluster deployment. + See [https://helm.sh/docs/intro/install/](https://helm.sh/docs/intro/install/) to install helm locally. + +- **OCI Command Line Interface (CLI)** + + See [https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm) for a quick starting guide. Make sure you upload your **public key** in your OCI account and note the fingerprint information. + + The OCI CLI is used to configure the access to the OKE cluster locally only, so this deployment could be modified to only use `kubectl` if this is intended for a remote setup, but configuring the CLI helps in several tasks. + +- **Follow this document to set up OCI Terraform** + [https://docs.oracle.com/en-us/iaas/developer-tutorials/tutorials/tf-provider/01-summary.htm](https://docs.oracle.com/en-us/iaas/developer-tutorials/tutorials/tf-provider/01-summary.htm) + + +### Installation + +#### 1. Get the repository + +* Download the Terraform scripts to deploy WebCenter Sites from this [repository](https://github.com/oracle/fmw-kubernetes.git). + + ```bash + $ git clone https://github.com/oracle/fmw-kubernetes.git + ``` + +* You can now use the deployment scripts from `fmw-kubernetes/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites` to set up the WebCenter Sites domain as further described in this document. This will be your home directory to run the terraform scripts. + + ```bash + $ cd fmw-kubernetes/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites + ``` + +#### 2. Update terraform.tfvars file + +Create a `terraform.tfvars` file from the `terraform.tfvars.template` file and populate the following mandatory information: + +``` +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +tenancy_ocid = "ocid1.tenancy.oc1..." +compartment_ocid = "ocid1.compartment.oc1..." +region = "us-ashburn-1" + +## Things to provision +# VCN, OKE cluster, node_pool(s) +# if false, the template assumes the cluster is provisioned and that kubectl has access to the cluster. +provision_cluster = true + +# File Storage and mount point export +provision_filesystem = true +provision_mount_target = true +provision_export = true + +# Database (DBaaS on OCI) +# If false, a database jdbc_connection URL needs to be provided, and the database needs to be reachable from this VCN +provision_database = true + +# Autonomous Database (User can use DBAAS or Autonomous DB. Turn this on if provision_adb is false) +provision_adb = false +# possible values (OLTP) +adb_database_db_workload = "OLTP" +adb_password = "Oradoc_db12W#_" + +# WebLogic Operator +provision_weblogic_operator = true +# Ingress controller +provision_traefik = true +provision_secrets = true +#This will deploy the site in environment +provision_sites = true + +## File storage details +# If the VCN is not provided by this template, the following variables must be provided +fss_subnet_id = null +# If the cluster and VCN are not provided by this template, +fss_source_cidr = "0.0.0.0/0" +# File Storage mount target Availability Domain index +ad_number = 2 + +#if using existing file system. exportset and filesystem must belong to same ad. +#filesystem_ocid = "" +#if using existing mount target. +#mount_target_ocid = "" +#mount_target_ip = "" + +## Credentials +# Input your Container registry login credentials +# this is the registry where sites images is going to be looked at +container_registry = "phx.ocir.io" +container_registry_username = "devcec/WCSitesUser" +container_registry_email = "" +container_registry_password = "MNOPabcd:>123xyZ" +container_registry_image = "oracle/wcsites:12.2.1.4" + +# Create WCSites domain Admin Console credentials +sites_domain_admin_username = "weblogic" +# Password must contain 1 Upper, 1 number and be at least 8 characters long +sites_domain_admin_password = "Welcome1" + +# Create Database credentials +# Password must be 9 to 30 characters and contain at least 2 uppercase, 2 lowercase, 2 special, and 2 numeric characters. +# The special characters must be _, #, or -. +db_sys_password = "Oradoc_db12W#x_" + +# Create RCU Schema credentials +# rcu_prefix must be less than or equals to 5 characters +rcu_prefix = "WCS1" +rcu_username = "WCS1" +# Password must be 9 to 30 characters and contain at least 2 uppercase, 2 lowercase, 2 special, and 2 numeric characters. +# The special characters must be _, #, or -. +rcu_password = "Oradoc_db12W#x_" +# If connecting to an external DB, specify the jdbc_connection_url +# !!! You will need to adjust the security list on your database VCN/subnet to authorize access from the OKE cluster nodes, +# which may require VCN peering (not provided here) +jdbc_connection_url = null + +# Database information max 8 charachtor allowed for db system +database_name = "sitesdb" +database_unique_name = "sitesdb" + +# Kubernetes namespaces (no need to change) +#sites_kubernetes_namespace = "wcsites-ns" +#weblogic_operator_namespace = "operator-ns" +#ingress_controller_namespace = "traefik" + +# Domain name +sites_dns_name ="" + +# VCN config +vcn_cidr = "10.0.0.0/16" + +# SSH key to access database and Kubernetes nodes +ssh_authorized_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtmEF/NbYdBMiF1XjTPgY6M4Nw8RI9AezkXKk7eJ7YylJH8AAApBb0aw7ERgEza3cTkQVK74MH6Rz9nvi7BdoMB/HWv/Ap/StsqFP2oC3BNi+ljVzXreNtVv1G1JqiRbKzjLNtyHw02wtuTKeoXwaex/ElcAObLdqbuxTgw1M1pw+XnSdnBazqAU6otVpnlgkGNiZDE1yvk7t5tL85tZj8dhrIBGEbHu0/lPA/d15PqgAi5bAIO/E0Dt2vh5hJJMjtM0BWf7PyhMgkOeTszERRHuteBroFbZyzxTvJZiUmL16SMcvLnDt3jL4gIzUkOqBIA9haFyo0poGBC8cYECiB vk" + +# Cluster config +oke_cluster = { + name = "OKE_Cluster" + k8s_version = "v1.20.8" + pods_cidr = "10.1.0.0/16" + services_cidr = "10.2.0.0/16" + cluster_options_add_ons_is_kubernetes_dashboard_enabled = true + cluster_options_add_ons_is_tiller_enabled = true +} + +# defaults to 1 pool, feel free to add more if needed. +node_pools = [ + { + pool_name = "pool1" + node_shape = "VM.Standard2.4" + node_count = 2 + node_labels = { + "pool_name" = "pool1" + } + } +] + +# Optional parameter, requires a vault and key to be created in the account. +secrets_encryption_key_ocid = null +``` + +* Update tenancy_ocid, compartment_ocid, region as per your Oracle Cloud Infrastructure account. +* Update ssh_authorized_key with your SSH public key. This key used to access database and Kubernetes nodes. +* If you don't want to create a new database on the Oracle Database Service and want to use an existing database, keep variable provision_database as false and specify the jdbc_connection_url value in the terraform.tfvars config file. +`Example : jdbc_connection_url = ":/."` +* If you wish to encrypt Kubernetes secrets at rest, you can provision a vault and key and reference this key OCID as secrets_encryption_key_ocid to use in the kubernetes cluster. + +#### 3. Push WCSites Image to OCIR + +- **Create Oracle Cloud Infrastructure Registry** + + - Under `Solutions and Platform`, go to `Developer Services` and click `Container Registry`. + - Click on `Create repository`. + - Enter Repository name and Access type to create a repository. + + ![README](images/wcs-1.PNG) + +- **Push wcsites docker image to OCIR** + + - Download latest sites docker image from [here](https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=33579457). + - Unzip the downloaded zip file. + + ```bash + $ unzip p33579457_122140_Linux-x86-64.zip + ``` + + Load the image archive using the docker load command. + + ```bash + $ docker load < wcsites-20210422.tar.gz + ``` + +- **Create an "Auth token" which will be used as docker password to push/pull images from OCIR** + + - Login to OCI Console, navigate to Profile, User Settings, Auth Tokens, click on Generate Tokens button. + - Enter Description and then click Generate Tokens. + - Token will get generated. + - Copy the generated token. `NOTE: It will only be displayed one time, so you need to copy it to a secure place for further use.` + +- **Docker login** + + Do a docker login on any OCI node where you need to push/pull images : + ``` + docker login .ocir.io + Username: /oracleidentitycloudservice/ + Password: + ``` + + example : + + ```bash + $ docker login phx.ocir.io + Username: axcmmdmzqtqb/oracleidentitycloudservice/ + Password: + ``` + +- **Push an image** + ``` + docker tag .ocir.io//: + docker push .ocir.io//: + ``` + example : + + ```bash + $ docker tag oracle/wcsites:12.2.1.4 phx.ocir.io/axcmmdmzqtqb/oracle/wcsites:12.2.1.4 + $ docker push phx.ocir.io/axcmmdmzqtqb/oracle/wcsites:12.2.1.4 + ``` + +- **Update Container registry details in terraform.tfvars** + + Input your Container registry login credentials in terraform.tfvars file. Update below variables in terraform.tfvars. + + ``` + container_registry - + container_registry_username - + container_registry_email - + container_registry_password - + container_registry_image - + ``` + +#### 4. Deploying with Sub Domain + +If you want to deploy with sub-domain then update sites_dns_name variable in terraform.tfvars +`sites_dns_name =""` + +#### 5. Deployment Options + +By default, the template will deploy the following infrastrucutre resources: + +* A Virtual Cloud Network (VCN). +* Subnets for the Kubernetes Load Balancers (public subnet) and nodes (private subnet). +* A Kubernetes cluster on the Oracle Kubernetes Engine service. +* A database on the Oracle Database Service. +* A file storage Network File Server (NFS) and mount point export path. +* Security lists to allow proper communication. + +On the Kubernetes cluster provisioned, the template also create or deploy: + +* Namespaces for the different components. +* The secrets containing the credentials required. +* The required WebLogic Operator Helm chart. +* The required ingress controller (using Traefik). + +#### 6. Deploy the Infrastructure + +* Use the following commands: + + ```bash + $ terraform init + $ terraform plan + $ terraform apply + ``` + + and answer Yes at the prompt to deploy the stack. + + +### Access the Deployment + +* Get the public IP of the load balancer created by the ingress controller + + ```bash + $ kubectl get services -n traefik + ``` + + This should output something like: + + ```bash + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE + traefik LoadBalancer 10.2.13.1 132.226.115.178 9000:31473/TCP,30305:30305/TCP,30443:30443/TCP 7d19h + ``` + + - If it is still pending, wait a few more minutes before checking again. + - Get the EXTERNAL-IP value for the load balancer. + +* Make sure the WebCenter Sites domain servers are running: + You can check running pods with: + + ```bash + $ kubectl get pods -n wcsites-ns + ``` + You should see: + + ```bash + NAME READY STATUS RESTARTS AGE + wcsitesinfra-adminserver 1/1 Running 0 7d19h + wcsitesinfra-create-fmw-infra-sample-domain-job-4gdn4 0/1 Completed 0 7d19h + wcsitesinfra-wcsites-server1 1/1 Running 0 7d18h + ``` + + Make sure the STATUS is RUNNING and that READY is 1/1 for pods above before checking the URL. + +* With the public IP gathered earlier, browse to `http://PUBLIC_IP:30305/console` to get to the WebLogic console. + +* You can log into the console with the `sites_domain_admin_username` and `sites_domain_admin_password` you specified in the `terraform.tfvars` file. + + +### Deploying with Sub-domain and SSL + +If you are deploying WCSites with Sub-domain and SSL then follow below steps else move to Configure WebCenter Sites directly. +- Map the loadbalancer EXTERNAL-IP with the sub-domain. +- Get SSL certificates from your DNS provider. +- That includes 3 files : + * SSL Certificate + * CA Certificate + * Private Key + +Login to OCI console and go to the Load Balancer created be terraform script in your compartment. + +* Go to `Certificates`, Certificate Resource - `Load Balancer Managed Certificate`. +* Click on `add Certificate`. Give a name and add all 3 files. +* Click on `Listeners`. +* Add a new Listener "TCP-443". +* Port - 443 (select SSL checkbox). +* Add certificate here. +* Backend Set - TCP-30305. +* Click on `Save Changes` to save. + +![README](images/wcs-2.PNG) + +- Configure WebCenter Sites by hitting url : `http://PUBLIC_IP:30305/sites/sitesconfigsetup` +- Update hostname as sub-domain name, port as 443 and secure connection as yes. + +![README](images/wcs-3.PNG) + +![README](images/wcs-4.PNG) + + +### Configure WebCenter Sites + +* Configure WebCenter Sites by hitting url : `http://PUBLIC_IP:30305/sites/sitesconfigsetup` + - When installing, select sample sites to be installed and enter the required passwords. + - Do not change the sites-config location. If you change the location, installation will fail. + +* After the configuration is complete, edit the domain, and restart the Managed Server. +To stop Managed Servers: + + ```bash + $ kubectl patch domain wcsitesinfra -n wcsites-ns --type='json' -p='[{"op": "replace", "path": "/spec/clusters/0/replicas", "value": 0 }]' + ``` + + To start all configured Managed Servers: + + ```bash + $ kubectl patch domain wcsitesinfra -n wcsites-ns --type='json' -p='[{"op": "replace", "path": "/spec/clusters/0/replicas", "value": 3 }]' + ``` + +* You can check running pods with: + + ```bash + $ kubectl get pods -n wcsites-ns + ``` + + You should see: + + ```bash + NAME READY STATUS RESTARTS AGE + wcsitesinfra-adminserver 1/1 Running 0 7d19h + wcsitesinfra-create-fmw-infra-sample-domain-job-4gdn4 0/1 Completed 0 7d19h + wcsitesinfra-wcsites-server1 1/1 Running 0 7d18h + wcsitesinfra-wcsites-server2 1/1 Running 0 11m + wcsitesinfra-wcsites-server3 1/1 Running 0 11m + ``` + +* Access WebCenter Sites by hitting url : `http://PUBLIC_IP:30305/sites/` + + Incase of Sub-domain with SSL : `https://SUB-DOMAIN/sites/` diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/access_k8s_dashboard.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/access_k8s_dashboard.sh new file mode 100755 index 000000000..2bbcab4e8 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/access_k8s_dashboard.sh @@ -0,0 +1,12 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +echo "Use the token described below to connect" +kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep oke-admin | awk '{print $1}') + +echo "Running k8s proxy..." +kubectl proxy & + +echo "Opening browser..." +sleep 3 +open 'http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login' diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/.helmignore b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/Chart.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/Chart.yaml new file mode 100755 index 000000000..182cac502 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/Chart.yaml @@ -0,0 +1,26 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +apiVersion: v2 +name: wc-sites +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.0.0 diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/LICENSE.txt b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/LICENSE.txt new file mode 100755 index 000000000..837b39bb8 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/LICENSE.txt @@ -0,0 +1,35 @@ +Copyright (c) 2022, Oracle and/or its affiliates. + +The Universal Permissive License (UPL), Version 1.0 + +Subject to the condition set forth below, permission is hereby granted to any +person obtaining a copy of this software, associated documentation and/or data +(collectively the "Software"), free of charge and under any and all copyright +rights in the Software, and any and all patent rights owned or freely +licensable by each licensor hereunder covering either (i) the unmodified +Software as contributed to or provided by such licensor, or (ii) the Larger +Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if +one is included with the Software (each a "Larger Work" to which the Software +is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create +derivative works of, display, perform, and distribute the Software and make, +use, sell, offer for sale, import, export, have made, and have sold the +Software and the Larger Work(s), and to sublicense the foregoing rights on +either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at +a minimum a reference to the UPL must be included in all copies or +substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/create-domain-job.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/create-domain-job.sh new file mode 100755 index 000000000..8596d9cbf --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/create-domain-job.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# + +function exitIfError { + if [ "$1" != "0" ]; then + echo "$2" + exit $1 + fi +} + +# Include common utility functions +source ${CREATE_DOMAIN_SCRIPT_DIR}/utility.sh + +export CUSTOM_MANAGED_BASE_NAME=${CUSTOM_MANAGED_BASE_NAME,,} +export CUSTOM_ADMIN_NAME=${CUSTOM_ADMIN_NAME,,} + +# Verify the script to create the domain exists +script=${CREATE_DOMAIN_SCRIPT_DIR}/createSitesDomain.sh + +checkCreateDomainScript $script + +# Execute the script to create the domain +source $script +exitIfError $? "ERROR: $script failed." + +# Verify the script to create the domain exists +script=${CREATE_DOMAIN_SCRIPT_DIR}/create-domain-script.sh + +checkCreateDomainScript $script +checkDomainSecret +prepareDomainHomeDir + +# Execute the script to create the domain +source $script +exitIfError $? "ERROR: $script failed." + +echo "Copying ${CREATE_DOMAIN_SCRIPT_DIR}/server-config-update.sh to PV ${DOMAIN_HOME_DIR}" +cp ${CREATE_DOMAIN_SCRIPT_DIR}/server-config-update.sh ${DOMAIN_HOME_DIR} +chmod +x ${DOMAIN_HOME_DIR}/server-config-update.sh + +echo "Copying ${CREATE_DOMAIN_SCRIPT_DIR}/unicast.py to PV ${DOMAIN_HOME_DIR}" +cp ${CREATE_DOMAIN_SCRIPT_DIR}/unicast.py ${DOMAIN_HOME_DIR} +chmod +x ${DOMAIN_HOME_DIR}/unicast.py + +echo "replacing tokens in ${DOMAIN_HOME_DIR}/server-config-update.sh" +sed -i -e "s:%LOAD_BALANCER_HOSTNAME%:${LB_HOST}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh +sed -i -e "s:%LOAD_BALANCER_PORTNUMBER%:${LB_PORT}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh +sed -i -e "s:%LOAD_BALANCER_PROTOCOL%:${LB_PROTOCOL}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh + +sed -i -e "s:%SITES_SAMPLES%:${SITES_SAMPLES}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh + +sed -i -e "s:%SITES_CACHE_PORTS%:${SITES_CACHE_PORTS}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh + +sed -i -e "s:%MANAGED_SERVER_PORT%:${MANAGED_SERVER_PORT}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh + +sed -i -e "s:%SITES_ADMIN_USERNAME%:${SITES_ADMIN_USERNAME}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh +sed -i -e "s:%SITES_ADMIN_PASSWORD%:${SITES_ADMIN_PASSWORD}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh +sed -i -e "s:%SITES_APP_USERNAME%:${SITES_APP_USERNAME}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh +sed -i -e "s:%SITES_APP_PASSWORD%:${SITES_APP_PASSWORD}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh +sed -i -e "s:%SITES_SS_USERNAME%:${SITES_SS_USERNAME}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh +sed -i -e "s:%SITES_SS_PASSWORD%:${SITES_SS_PASSWORD}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh +sed -i -e "s:%DOMAIN_HOME%:${DOMAIN_HOME_DIR}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh +sed -i -e "s:%DOMAIN_ROOT_DIR%:${DOMAIN_ROOT_DIR}:g" ${DOMAIN_HOME_DIR}/server-config-update.sh + + +# DON'T REMOVE THIS +# This script has to contain this log message. +# It is used to determine if the job is really completed. +echo "Successfully Completed" diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/create-domain-script.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/create-domain-script.sh new file mode 100755 index 000000000..df5cf2403 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/create-domain-script.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl + +export DOMAIN_HOME=${DOMAIN_HOME_DIR} + +echo wlst.sh -skipWLSModuleScanning ${CREATE_DOMAIN_SCRIPT_DIR}/createSitesDomain.py -oh ${ORACLE_HOME} -jh ${JAVA_HOME} -parent ${DOMAIN_HOME}/.. -name ${CUSTOM_DOMAIN_NAME} -user `cat /weblogic-operator/secrets/username` -password `cat /weblogic-operator/secrets/password` -rcuDb ${CUSTOM_CONNECTION_STRING} -rcuPrefix ${CUSTOM_RCUPREFIX} -rcuSchemaPwd `cat /weblogic-operator/rcu-secrets/password` -adminListenPort ${CUSTOM_ADMIN_LISTEN_PORT} -adminName ${CUSTOM_ADMIN_NAME} -managedNameBase ${CUSTOM_MANAGED_BASE_NAME} -managedServerPort ${CUSTOM_MANAGEDSERVER_PORT} -prodMode ${CUSTOM_PRODUCTION_MODE} -managedServerCount ${CUSTOM_MANAGED_SERVER_COUNT} -clusterName ${CUSTOM_CLUSTER_NAME} -exposeAdminT3Channel ${EXPOSE_T3_CHANNEL_PREFIX} -t3ChannelPublicAddress ${T3_PUBLIC_ADDRESS} -t3ChannelPort ${T3_CHANNEL_PORT} -domainType wcsites -machineName wcsites_machine + +# Create the domain +wlst.sh -skipWLSModuleScanning \ + ${CREATE_DOMAIN_SCRIPT_DIR}/createSitesDomain.py \ + -oh ${ORACLE_HOME} \ + -jh ${JAVA_HOME} \ + -parent ${DOMAIN_HOME}/.. \ + -name ${CUSTOM_DOMAIN_NAME} \ + -user `cat /weblogic-operator/secrets/username` \ + -password `cat /weblogic-operator/secrets/password` \ + -rcuDb ${CUSTOM_CONNECTION_STRING} \ + -rcuPrefix ${CUSTOM_RCUPREFIX} \ + -rcuSchemaPwd `cat /weblogic-operator/rcu-secrets/password` \ + -adminListenPort ${CUSTOM_ADMIN_LISTEN_PORT} \ + -adminName ${CUSTOM_ADMIN_NAME} \ + -managedNameBase ${CUSTOM_MANAGED_BASE_NAME} \ + -managedServerPort ${CUSTOM_MANAGEDSERVER_PORT} \ + -prodMode ${CUSTOM_PRODUCTION_MODE} \ + -managedServerCount ${CUSTOM_MANAGED_SERVER_COUNT} \ + -clusterName ${CUSTOM_CLUSTER_NAME} \ + -exposeAdminT3Channel ${EXPOSE_T3_CHANNEL_PREFIX} \ + -t3ChannelPublicAddress ${T3_PUBLIC_ADDRESS} \ + -t3ChannelPort ${T3_CHANNEL_PORT} \ + -domainType wcsites \ + -machineName wcsites_machine diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/createSitesDomain.py b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/createSitesDomain.py new file mode 100755 index 000000000..2694b54f6 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/createSitesDomain.py @@ -0,0 +1,434 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl + +import os +import sys + +import com.oracle.cie.domain.script.jython.WLSTException as WLSTException + +class WCSITES12214Provisioner: + + MACHINES = { + 'wcsites_machine' : { + 'NMType': 'SSL', + 'ListenAddress': 'localhost', + 'ListenPort': 5658 + } + } + + MANAGED_SERVERS = [] + + JRF_12214_TEMPLATES = { + 'baseTemplate' : '@@ORACLE_HOME@@/wlserver/common/templates/wls/wls.jar', + 'extensionTemplates' : [ + '@@ORACLE_HOME@@/oracle_common/common/templates/wls/oracle.jrf_template.jar', + '@@ORACLE_HOME@@/em/common/templates/wls/oracle.em_wls_template.jar' + ], + 'serverGroupsToTarget' : [ 'JRF-MAN-SVR' ] + } + + WCSITES_12214_TEMPLATES = { + 'extensionTemplates' : [ + '@@ORACLE_HOME@@/wcsites/common/templates/wls/oracle.wcsites.examples.template.jar' + ], + 'serverGroupsToTarget' : [ 'WCSITES-MGD-SVR' ] + } + + def __init__(self, oracleHome, javaHome, domainParentDir, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName): + self.oracleHome = self.validateDirectory(oracleHome) + self.javaHome = self.validateDirectory(javaHome) + self.domainParentDir = self.validateDirectory(domainParentDir, create=True) + return + + def createWCSitesDomain(self, domainName, user, password, db, dbPrefix, dbPassword, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName, domainType, exposeAdminT3Channel=None, t3ChannelPublicAddress=None, t3ChannelPort=None): + domainHome = self.createBaseDomain(domainName, user, password, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName, domainType) + + if domainType == "wcsites": + self.extendWcsitesDomain(domainHome, db, dbPrefix, dbPassword, exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort) + + def createManagedServers(self, ms_count, managedNameBase, ms_port, cluster_name, ms_servers): + # Create managed servers + for index in range(0, ms_count): + cd('/') + msIndex = index+1 + cd('/') + name = '%s%s' % (managedNameBase, msIndex) + create(name, 'Server') + cd('/Servers/%s/' % name ) + print('managed server name is %s' % name); + set('ListenPort', ms_port) + set('NumOfRetriesBeforeMSIMode', 0) + set('RetryIntervalBeforeMSIMode', 1) + set('Cluster', cluster_name) + set('Machine', machineName) + ms_servers.append(name) + print ms_servers + return ms_servers + + def createBaseDomain(self, domainName, user, password, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName, domainType): + baseTemplate = self.replaceTokens(self.JRF_12214_TEMPLATES['baseTemplate']) + + readTemplate(baseTemplate) + setOption('DomainName', domainName) + setOption('JavaHome', self.javaHome) + if (prodMode == 'true'): + setOption('ServerStartMode', 'prod') + else: + setOption('ServerStartMode', 'dev') + set('Name', domainName) + + admin_port = int(adminListenPort) + ms_port = int(managedServerPort) + ms_count = int(managedCount) + + # Create Admin Server + # ======================= + print 'Creating Admin Server...' + cd('/Servers/AdminServer') + #set('ListenAddress', '%s-%s' % (domain_uid, admin_server_name_svc)) + set('ListenPort', admin_port) + set('Name', adminName) + + # Define the user password for weblogic + # ===================================== + cd('/Security/' + domainName + '/User/weblogic') + set('Name', user) + set('Password', password) + + # Create a cluster + # ====================== + print 'Creating cluster...' + cd('/') + cl=create(clusterName, 'Cluster') + + # Create Node Manager + # ======================= + print 'Creating Node Managers...' + for machine in self.MACHINES: + cd('/') + create(machine, 'Machine') + cd('Machine/' + machine) + create(machine, 'NodeManager') + cd('NodeManager/' + machine) + for param in self.MACHINES[machine]: + set(param, self.MACHINES[machine][param]) + + # Create managed servers + self.MANAGED_SERVERS = self.createManagedServers(ms_count, managedNameBase, ms_port, clusterName, self.MANAGED_SERVERS) + + setOption('OverwriteDomain', 'true') + domainHome = self.domainParentDir + '/' + domainName + print 'Will create Base domain at ' + domainHome + + print 'Writing base domain...' + writeDomain(domainHome) + closeTemplate() + print 'Base domain created at ' + domainHome + return domainHome + + def readAndApplyJRFTemplates(self, domainHome, db, dbPrefix, dbPassword, exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort): + print 'Extending domain at ' + domainHome + print 'Database ' + db + readDomain(domainHome) + setOption('AppDir', self.domainParentDir + '/applications') + + print 'ExposeAdminT3Channel %s with %s:%s ' % (exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort) + if 'true' == exposeAdminT3Channel: + self.enable_admin_channel(t3ChannelPublicAddress, t3ChannelPort) + + self.applyJRFTemplates() + print 'Extension Templates added' + return + + def applyJRFTemplates(self): + print 'Applying JRF templates...' + for extensionTemplate in self.JRF_12214_TEMPLATES['extensionTemplates']: + addTemplate(self.replaceTokens(extensionTemplate)) + return + + def applyWCSITESTemplates(self): + print 'Applying WCSITES templates...' + for extensionTemplate in self.WCSITES_12214_TEMPLATES['extensionTemplates']: + addTemplate(self.replaceTokens(extensionTemplate)) + return + + def targetWCSITESServers(self,serverGroupsToTarget): + print 'Targeting Server Groups...' + cd('/') + for managedName in self.MANAGED_SERVERS: + setServerGroups(managedName, serverGroupsToTarget) + print "Set CoherenceClusterSystemResource to defaultCoherenceCluster for server:" + managedName + cd('/Servers/' + managedName) + set('CoherenceClusterSystemResource', 'defaultCoherenceCluster') + return + + def targetWCSITESCluster(self): + print 'Targeting Cluster ...' + cd('/') + print "Set CoherenceClusterSystemResource to defaultCoherenceCluster for cluster:" + clusterName + cd('/Cluster/' + clusterName) + set('CoherenceClusterSystemResource', 'defaultCoherenceCluster') + return + + def extendWcsitesDomain(self, domainHome, db, dbPrefix, dbPassword, exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort): + self.readAndApplyJRFTemplates(domainHome, db, dbPrefix, dbPassword, exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort) + self.applyWCSITESTemplates() + + print 'Extension Templates added' + + if 'wcsites_server1' not in self.MANAGED_SERVERS: + print 'INFO: deleting wcsites_server1' + cd('/') + delete('wcsites_server1','Server') + print 'INFO: deleted wcsites_server1' + + self.configureJDBCTemplates(db,dbPrefix,dbPassword) + + print 'Targeting Server Groups...' + serverGroupsToTarget = list(self.JRF_12214_TEMPLATES['serverGroupsToTarget']) + serverGroupsToTarget.extend(self.WCSITES_12214_TEMPLATES['serverGroupsToTarget']) + + cd('/') + self.targetWCSITESServers(serverGroupsToTarget) + + cd('/') + self.targetWCSITESCluster() + + print "Set WLS clusters as target of defaultCoherenceCluster:[" + clusterName + "]" + cd('/CoherenceClusterSystemResource/defaultCoherenceCluster') + set('Target', clusterName) + + print 'Preparing to update domain...' + updateDomain() + print 'Domain updated successfully' + closeDomain() + return + + def configureJDBCTemplates(self,db,dbPrefix,dbPassword): + print 'Configuring the Service Table DataSource...' + #fmwDb = db + fmwDb = 'jdbc:oracle:thin:@' + db + driverName = 'oracle.jdbc.OracleDriver' + print "fmwDb..." + fmwDb + + cd('/JdbcSystemResource/opss-data-source/JdbcResource/opss-data-source/JdbcDriverParams/NO_NAME_0') + set('DriverName', driverName) + set('URL', fmwDb) + set('PasswordEncrypted', dbPassword) + + user = dbPrefix + '_OPSS' + cd('Properties/NO_NAME_0/Property/user') + set('Value', user) + + print "Set user..." + user + + cd('/JdbcSystemResource/opss-audit-DBDS/JdbcResource/opss-audit-DBDS/JdbcDriverParams/NO_NAME_0') + set('DriverName', driverName) + set('URL', fmwDb) + set('PasswordEncrypted', dbPassword) + + user = dbPrefix + '_IAU_APPEND' + cd('Properties/NO_NAME_0/Property/user') + set('Value', user) + + print "Set user..." + user + + cd('/JdbcSystemResource/opss-audit-viewDS/JdbcResource/opss-audit-viewDS/JdbcDriverParams/NO_NAME_0') + set('DriverName', driverName) + set('URL', fmwDb) + set('PasswordEncrypted', dbPassword) + + user = dbPrefix + '_IAU_VIEWER' + cd('Properties/NO_NAME_0/Property/user') + set('Value', user) + + print "Set user..." + user + + cd('/JdbcSystemResource/LocalSvcTblDataSource/JdbcResource/LocalSvcTblDataSource/JdbcDriverParams/NO_NAME_0') + set('DriverName', driverName) + set('URL', fmwDb) + set('PasswordEncrypted', dbPassword) + + user = dbPrefix + '_STB' + cd('Properties/NO_NAME_0/Property/user') + set('Value', user) + + print "Set user..." + user + + cd('/JdbcSystemResource/wcsitesDS/JdbcResource/wcsitesDS/JdbcDriverParams/NO_NAME_0') + set('DriverName', driverName) + set('URL', fmwDb) + set('PasswordEncrypted', dbPassword) + + user = dbPrefix + '_WCSITES' + cd('Properties/NO_NAME_0/Property/user') + set('Value', user) + + print "Set user..." + user + + print 'Getting Database Defaults...' + getDatabaseDefaults() + return + ########################################################################### + # Helper Methods # + ########################################################################### + + def validateDirectory(self, dirName, create=False): + directory = os.path.realpath(dirName) + if not os.path.exists(directory): + if create: + os.makedirs(directory) + else: + message = 'Directory ' + directory + ' does not exist' + raise WLSTException(message) + elif not os.path.isdir(directory): + message = 'Directory ' + directory + ' is not a directory' + raise WLSTException(message) + return self.fixupPath(directory) + + + def fixupPath(self, path): + result = path + if path is not None: + result = path.replace('\\', '/') + return result + + + def replaceTokens(self, path): + result = path + if path is not None: + result = path.replace('@@ORACLE_HOME@@', oracleHome) + return result + + def enable_admin_channel(self, admin_channel_address, admin_channel_port): + if admin_channel_address == None or admin_channel_port == 'None': + return + cd('/') + admin_server_name = get('AdminServerName') + print('setting admin server t3channel for ' + admin_server_name) + cd('/Servers/' + admin_server_name) + create('T3Channel', 'NetworkAccessPoint') + cd('/Servers/' + admin_server_name + '/NetworkAccessPoint/T3Channel') + set('ListenPort', int(admin_channel_port)) + set('PublicPort', int(admin_channel_port)) + set('PublicAddress', admin_channel_address) + +############################# +# Entry point to the script # +############################# + +def usage(): + print sys.argv[0] + ' -oh -jh -parent -name ' + \ + '-user -password ' + \ + '-rcuDb -rcuPrefix -rcuSchemaPwd ' \ + '-adminListenPort -adminName ' \ + '-managedNameBase -managedServerPort -prodMode ' \ + '-managedServerCount -clusterName ' \ + '-domainType ' \ + '-exposeAdminT3Channel -t3ChannelPublicAddress
' \ + '-t3ChannelPort -machineName ' + sys.exit(0) + +# Uncomment for Debug only +#print str(sys.argv[0]) + " called with the following sys.argv array:" +#for index, arg in enumerate(sys.argv): +# print "sys.argv[" + str(index) + "] = " + str(sys.argv[index]) + +if len(sys.argv) < 18: + usage() +#oracleHome will be passed by command line parameter -oh. +oracleHome = None +#javaHome will be passed by command line parameter -jh. +javaHome = None +#domainParentDir will be passed by command line parameter -parent. +domainParentDir = None +#domainUser is hard-coded to weblogic. You can change to other name of your choice. Command line paramter -user. +domainUser = 'weblogic' +#domainPassword will be passed by Command line parameter -password. +domainPassword = None +#rcuDb will be passed by command line parameter -rcuDb. +rcuDb = None +#change rcuSchemaPrefix to your infra schema prefix. Command line parameter -rcuPrefix. +rcuSchemaPrefix = 'WCS1' +#change rcuSchemaPassword to your infra schema password. Command line parameter -rcuSchemaPwd. +rcuSchemaPassword = None +exposeAdminT3Channel = None +t3ChannelPort = None +t3ChannelPublicAddress = None +machineName = None + +i = 1 +while i < len(sys.argv): + if sys.argv[i] == '-oh': + oracleHome = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-jh': + javaHome = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-parent': + domainParentDir = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-name': + domainName = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-user': + domainUser = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-password': + domainPassword = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-rcuDb': + rcuDb = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-rcuPrefix': + rcuSchemaPrefix = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-rcuSchemaPwd': + rcuSchemaPassword = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-adminListenPort': + adminListenPort = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-adminName': + adminName = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-managedNameBase': + managedNameBase = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-managedServerPort': + managedServerPort = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-prodMode': + prodMode = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-managedServerCount': + managedCount = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-clusterName': + clusterName = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-t3ChannelPublicAddress': + t3ChannelPublicAddress = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-t3ChannelPort': + t3ChannelPort = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-exposeAdminT3Channel': + exposeAdminT3Channel = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-domainType': + domainType = sys.argv[i + 1] + i += 2 + elif sys.argv[i] == '-machineName': + machineName = sys.argv[i + 1] + i += 2 + else: + print 'Unexpected argument switch at position ' + str(i) + ': ' + str(sys.argv[i]) + usage() + sys.exit(1) + + +provisioner = WCSITES12214Provisioner(oracleHome, javaHome, domainParentDir, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName) +provisioner.createWCSitesDomain(domainName, domainUser, domainPassword, rcuDb, rcuSchemaPrefix, rcuSchemaPassword, adminListenPort, adminName, managedNameBase, managedServerPort, prodMode, managedCount, clusterName, domainType, exposeAdminT3Channel, t3ChannelPublicAddress, t3ChannelPort) diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/createSitesDomain.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/createSitesDomain.sh new file mode 100755 index 000000000..c7c038151 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/createSitesDomain.sh @@ -0,0 +1,177 @@ +#!/bin/bash +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# +# Description: This script is used to create WCSites Domain. +# + +########### SIGINT handler ############ +function _int() { + echo "Stopping container." + echo "SIGINT received, shutting down Admin Server!" + $DOMAIN_HOME/bin/stopWebLogic.sh + exit; +} + +########### SIGTERM handler ############ +function _term() { + echo "Stopping container." + echo "SIGTERM received, shutting down Admin Server!" + $DOMAIN_HOME/bin/stopWebLogic.sh + exit; +} + +########### SIGKILL handler ############ +function _kill() { + echo "SIGKILL received, shutting down the server!" + kill -9 $childPID +} + +#######Random Password Generation######## +function rand_pwd(){ + while true; do + s=$(cat /dev/urandom | tr -dc "A-Za-z0-9" | fold -w 8 | head -n 1) + if [[ ${#s} -ge 8 && "$s" == *[A-Z]* && "$s" == *[a-z]* && "$s" == *[0-9]* ]] + then + break + else + echo "Password does not Match the criteria, re-generating..." >&2 + fi + done + echo "${s}" +} + +########### updateListenAddress ############ +updateListenAddress() { + mkdir -p ${DOMAIN_HOME}/logs + + export thehost=`hostname -I` + echo "INFO: Updating the listen address - ${thehost} ${ADMIN_HOST}" + cmd="/u01/oracle/oracle_common/common/bin/wlst.sh -skipWLSModuleScanning /u01/oracle/dockertools/updListenAddress.py $vol_name ${thehost} AdminServer ${ADMIN_HOST}" +} + +INSTALL_START=$(date '+%s') + +# Set SIGINT handler +trap _int SIGINT + +# Set SIGTERM handler +trap _term SIGTERM + +# Set SIGKILL handler +trap _kill SIGKILL + +#Check on required parameters +PARAMS=true + +DB_SCHEMA_PASSWORD_AUTOGENERATED=false +ADMIN_PASSWORD_AUTOGENERATED=false +SITES_ADMIN_PASSWORD_AUTOGENERATED=false +SITES_APP_PASSWORD_AUTOGENERATED=false +SITES_SS_PASSWORD_AUTOGENERATED=false + +DB_CONNECTSTRING=$CUSTOM_CONNECTION_STRING +DB_USER=`cat /weblogic-operator/rcu-secrets/sys_username` +DB_PASSWORD=`cat /weblogic-operator/rcu-secrets/sys_password` +DB_SCHEMA_PASSWORD=`cat /weblogic-operator/rcu-secrets/password` +RCU_PREFIX=$CUSTOM_RCUPREFIX + + +# These values can be parameterized later on. Hardcoding for now. +export DOCKER_HOST=$LB_HOST + +#Database Parameters +export DB_USER=$DB_USER +export DB_PASSWORD=$DB_PASSWORD +export DB_CONNECTSTRING=$DB_CONNECTSTRING + +#Installer Parameters +export RCU_PREFIX=$RCU_PREFIX +export SAMPLES=$SAMPLES +export DOMAIN_NAME=$DOMAIN_NAME +export SITES_SERVER_NAME=$SITES_SERVER_NAME +export ADMIN_USERNAME=$ADMIN_USERNAME +export ADMIN_PORT=7001 +export WCSITES_MANAGED_PORT=7002 +export ADMIN_SSL_PORT=9001 +export WCSITES_SSL_PORT=9002 +WORK_DIR=/u01/wcs-wls-docker-install/work + +#Hostname Parameters +export WCSITES_ADMIN_HOSTNAME=$(sed -r 's/\./\\\./g' <<< $(hostname -I)) + +#-------------------------------------------------------------------------------------------- +cd /u01/wcs-wls-docker-install + +sed -i 's,^\(script.rcu.prefix=\).*,\1'$RCU_PREFIX',' bootstrap.properties +sed -i 's,^\(script.java.path=\).*,\1'$JAVA_HOME',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.hostname=\).*,\1'$WCSITES_ADMIN_HOSTNAME',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.portnumber=\).*,\1'$WCSITES_MANAGED_PORT',' bootstrap.properties +sed -i 's,^\(script.db.user=\).*,\1'$DB_USER',' bootstrap.properties +sed -i 's,^\(script.db.password=\).*,\1'$DB_PASSWORD',' bootstrap.properties +sed -i 's,^\(script.db.schema.password=\).*,\1'$DB_SCHEMA_PASSWORD',' bootstrap.properties +sed -i 's,^\(script.db.connectstring=\).*,\1'$DB_CONNECTSTRING',' bootstrap.properties +sed -i 's,^\(script.oracle.home=\).*,\1'$ORACLE_HOME',' bootstrap.properties +sed -i 's,^\(script.work.dir=\).*,\1'$WORK_DIR',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.examples.avisports=\).*,\1'$SAMPLES',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.examples.fsii=\).*,\1'$SAMPLES',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.examples.Samples=\).*,\1'$SAMPLES',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.examples.blogs=\).*,\1'$SAMPLES',' bootstrap.properties +sed -i 's,^\(script.wcsites.binaries.install.with.examples=\).*,\1'$SAMPLES',' bootstrap.properties +sed -i 's,^\(script.oracle.domain=\).*,\1'$DOMAIN_NAME',' bootstrap.properties +sed -i 's,^\(script.server.name=\).*,\1'$SITES_SERVER_NAME',' bootstrap.properties +sed -i 's,^\(script.admin.server.username=\).*,\1'$ADMIN_USERNAME',' bootstrap.properties +sed -i 's,^\(script.admin.server.password=\).*,\1'$ADMIN_PASSWORD',' bootstrap.properties +sed -i 's,^\(script.admin.server.port=\).*,\1'$ADMIN_PORT',' bootstrap.properties +sed -i 's,^\(script.admin.server.ssl.port=\).*,\1'$ADMIN_SSL_PORT',' bootstrap.properties +sed -i 's,^\(script.sites.server.ssl.port=\).*,\1'$WCSITES_SSL_PORT',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.system.admin.user=\).*,\1'$SITES_ADMIN_USERNAME',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.system.admin.password=\).*,\1'$SITES_ADMIN_PASSWORD',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.app.user=\).*,\1'$SITES_APP_USERNAME',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.app.password=\).*,\1'$SITES_APP_PASSWORD',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.satellite.user=\).*,\1'$SITES_SS_USERNAME',' bootstrap.properties +sed -i 's,^\(script.oracle.wcsites.satellite.password=\).*,\1'$SITES_SS_PASSWORD',' bootstrap.properties + +sed -i 's,^\(script.run.configwizard=\).*,\1'false',' bootstrap.properties +sed -i 's,^\(script.run.sitesconfig=\).*,\1'false',' bootstrap.properties + +#-------------------------------------------------------------------------------------------- +#RCU +#Groovy files are responsible for exexuting RCU + ConfigWizard +#Source files for the same are located at ./OracleWebCenterSites/dockerfiles/12.2.1.4/wcs-wls-docker-install/src/ +java -jar wcs-wls-docker-install.jar + +#-------------------------------------------------------------------------------------------- + +if [ -e $WORK_DIR/WCSites_RCU_$RCU_PREFIX.suc ] +then + echo "" + echo "Sites RCU Phase completed successfull!!!" +else + echo "" + echo "Sites RCU Phase failed. Please check logs for details" + exit +fi + +# +# Export Domain Home/Root +#========================= +export DOMAIN_NAME=$DOMAIN_NAME +export DOMAIN_ROOT=$DOMAIN_ROOT_DIR +export DOMAIN_HOME="${DOMAIN_ROOT}/${DOMAIN_NAME}" + +echo "" +if [ $DB_SCHEMA_PASSWORD_AUTOGENERATED == "true" ]; then + echo " ----> Oracle Database Schema Credential: Password: $DB_SCHEMA_PASSWORD" +fi + + + +INSTALL_END=$(date '+%s') +INSTALL_ELAPSED=`expr $INSTALL_END - $INSTALL_START` + +echo "Sites Installation completed in $INSTALL_ELAPSED seconds." +echo "---------------------------------------------------------" +echo "" diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/drop-rcu-schema.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/drop-rcu-schema.sh new file mode 100755 index 000000000..00c4a19cb --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/drop-rcu-schema.sh @@ -0,0 +1,27 @@ +#!/bin/bash +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# + +# Drop the RCU schema based on schemaPreifix and Database URL + +DB_CONNECTSTRING=$CUSTOM_CONNECTION_STRING +DB_USER=`cat /weblogic-operator/rcu-secrets/sys_username` +DB_PASSWORD=`cat /weblogic-operator/rcu-secrets/sys_password` +DB_SCHEMA_PASSWORD=`cat /weblogic-operator/rcu-secrets/password` +RCU_PREFIX=$CUSTOM_RCUPREFIX +rcuType=fmw +SITES_DOMAIN_HOME=$DOMAIN_HOME_DIR +SITES_DOMAIN_LOGS=$DOMAIN_LOGS_DIR +echo "Cleaning direcotry ${SITES_DOMAIN_HOME}" +rm -rf ${SITES_DOMAIN_HOME} +echo "Cleaning direcotry ${SITES_DOMAIN_LOGS}" +rm -rf ${SITES_DOMAIN_LOGS} + +echo "${DB_PASSWORD}" > pwd.txt +echo "${DB_SCHEMA_PASSWORD}" >> pwd.txt + +echo "dropping RCU schema with following parameters ${DB_CONNECTSTRING} ${RCU_PREFIX} ${rcuType} ${DB_PASSWORD}" +source ${CREATE_DOMAIN_SCRIPT_DIR}/dropRepository.sh ${DB_CONNECTSTRING} ${RCU_PREFIX} ${rcuType} ${DB_PASSWORD} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/dropRepository.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/dropRepository.sh new file mode 100755 index 000000000..2360e1678 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/dropRepository.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl + +/u01/oracle/wlserver/server/bin/setWLSEnv.sh + +echo "Check if the DB Service is ready to accept request " +connectString=${1:-db.db.oke.oraclevcn.com:1521/pdb.db.oke.oraclevcn.com} +schemaPrefix=${2:-WCS1} +rcuType=${3:-fmw} +sysPassword=${4:-Oradoc_db1} + +echo "DB Connection String [$connectString] schemaPrefix [${schemaPrefix}] rcuType[${rcuType}]" + +max=20 +counter=0 +while [ $counter -le ${max} ] +do + java utils.dbping ORACLE_THIN "sys as sysdba" ${sysPassword} ${connectString} > dbping.err 2>&1 + [[ $? == 0 ]] && break; + ((counter++)) + echo "[$counter/${max}] Retrying the DB Connection ..." + sleep 10 +done + +if [ $counter -gt ${max} ]; then + echo "[ERROR] Oracle DB Service is not ready after [${max}] iterations ..." + #exit -1 +else + java utils.dbping ORACLE_THIN "sys as sysdba" ${sysPassword} ${connectString} +fi + +case $rcuType in + fmw) + extComponents="" + extVariables="" + echo "Dropping RCU Schema for FMW Domain ..." + ;; + * ) + echo "[ERROR] Unknown RCU Schema Type [$rcuType]" + echo "Supported values: fmw(default)" + exit -1 + ;; +esac + +echo "Extra RCU Schema Component(s) Choosen[${extComponents}]" +echo "Extra RCU Schema Variable(s) Choosen[${extVariables}]" + +/u01/oracle/oracle_common/bin/rcu -silent -dropRepository \ + -databaseType ORACLE -connectString ${connectString} \ + -dbUser sys -dbRole sysdba \ + -selectDependentsForComponents true \ + -schemaPrefix ${schemaPrefix} ${extComponents} ${extVariables} \ + -component WCSITES -component IAU -component IAU_APPEND -component IAU_VIEWER \ + -component OPSS -component WLS -component WLS_RUNTIME -component STB < /u01/oracle/pwd.txt diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/read-domain-secret.py b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/read-domain-secret.py new file mode 100755 index 000000000..e9a4a7f6a --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/read-domain-secret.py @@ -0,0 +1,17 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# + +# Read username secret +file = open('/weblogic-operator/secrets/username', 'r') +admin_username = file.read() +file.close() + +# Read password secret +file = open('/weblogic-operator/secrets/password', 'r') +admin_password = file.read() +file.close() + + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/server-config-update.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/server-config-update.sh new file mode 100755 index 000000000..d1237f302 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/server-config-update.sh @@ -0,0 +1,184 @@ +#!/bin/bash +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl + +echo "Executing sample script to update the server configuration" + +echo "Printing env" +env + +sleep 10 +LB_PROTOCOL="%LOAD_BALANCER_PROTOCOL%" +LB_HOST="%LOAD_BALANCER_HOSTNAME%" +LB_PORT="%LOAD_BALANCER_PORTNUMBER%" +SITES_ADMIN_USERNAME="%SITES_ADMIN_USERNAME%" +SITES_ADMIN_PASSWORD="%SITES_ADMIN_PASSWORD%" +SITES_APP_USERNAME="%SITES_APP_USERNAME%" +SITES_APP_PASSWORD="%SITES_APP_PASSWORD%" +SITES_SS_USERNAME="%SITES_SS_USERNAME%" +SITES_SS_PASSWORD="%SITES_SS_PASSWORD%" +SITES_SAMPLES="%SITES_SAMPLES%" +SITES_CACHE_PORTS="%SITES_CACHE_PORTS%" +MANAGED_SERVER_PORT="%MANAGED_SERVER_PORT%" + +echo ADMIN_SERVER_NAME : ${ADMIN_SERVER_NAME} +echo DOMAIN_UID : ${DOMAIN_UID} +echo LB_PROTOCOL : ${LB_PROTOCOL} +echo LB_HOST : ${LB_HOST} +echo LB_PORT : ${LB_PORT} +echo HOSTNAME : ${HOSTNAME} +SERVER_NAME="${HOSTNAME/$DOMAIN_UID-/}" +echo SERVER_NAME : ${SERVER_NAME} + +echo "Final SERVER_NAME=${SERVER_NAME}" +echo SERVER_NAME : ${SERVER_NAME} + +echo MANAGED_SERVER_PORT: ${MANAGED_SERVER_PORT} + +SER_HOST_NAME=$(echo ${SERVER_NAME} | tr '_' '- ') +echo SER_HOST_NAME : ${SER_HOST_NAME} +CONTEXTPATH="sites" + +if [[ $SERVER_NAME == *?[0-9] ]];then + echo "Input ends with number" +else + echo "Input does not end with number " +fi + +DOMAIN_HOME="%DOMAIN_HOME%" +DOMAIN_ROOT_DIR="%DOMAIN_ROOT_DIR%" +SITES_SHARED=${DOMAIN_ROOT_DIR}/shared +echo DOMAIN_HOME : ${DOMAIN_HOME} + +# This check skips the servers for which the configuration was already updated. + + if [ ${SERVER_NAME,,} != ${ADMIN_SERVER_NAME,,} ] && [ ! -f "${DOMAIN_HOME}/config/fmwconfig/servers/${SERVER_NAME}/config/updated.txt" ]; then + # Logic to update the config file goes here + + if [ ! -f "${DOMAIN_HOME}/config/fmwconfig/wcsconfig/updated.txt" ]; then + echo "--------------------------------------------" + echo "Updating the configuration at: ${DOMAIN_HOME}/config/fmwconfig/wcsconfig" + + SHARED=${DOMAIN_HOME}/config/fmwconfig/wcsconfig + NODECONFIG=${DOMAIN_HOME}/config/fmwconfig/servers/${SERVER_NAME}/config + + + cd ${SHARED} + + sed -i 's,^\(oracle.wcsites.node.config=\).*,\1'${NODECONFIG}',' wcs_properties_bootstrap.ini + + sed -i 's,^\(oracle.wcsites.hostname=\).*,\1'${LB_HOST}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.portnumber=\).*,\1'${LB_PORT}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.cas.hostname=\).*,\1'${LB_HOST}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.cas.portnumber=\).*,\1'${LB_PORT}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.cas.hostnameActual=\).*,\1'${LB_HOST}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.cas.hostnameLocal=\).*,\1'${LB_HOST}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.cas.portnumberLocal=\).*,\1'${LB_PORT}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.system.admin.user=\).*,\1'${SITES_ADMIN_USERNAME}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.system.admin.password=\).*,\1'${SITES_ADMIN_PASSWORD}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.app.user=\).*,\1'${SITES_APP_USERNAME}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.app.password=\).*,\1'${SITES_APP_PASSWORD}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.satellite.user=\).*,\1'${SITES_SS_USERNAME}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.satellite.password=\).*,\1'${SITES_SS_PASSWORD}',' wcs_properties_bootstrap.ini + + sed -i 's,^\(oracle.wcsites.database.type=\).*,\1'Oracle',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.database.datasource=\).*,\1'wcsitesDS',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.examples=\).*,\1'true',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.examples.fsii=\).*,\1'${SITES_SAMPLES}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.examples.avisports=\).*,\1'${SITES_SAMPLES}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.examples.Samples=\).*,\1'${SITES_SAMPLES}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.bootstrap.status=\).*,\1'never_done',' wcs_properties_bootstrap.ini + + sed -i 's,^\(oracle.wcsites.contextpath=\).*,\1'/${CONTEXTPATH}/',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.shared=\).*,\1'${SITES_SHARED}',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.appserver.type=\).*,\1'wls92',' wcs_properties_bootstrap.ini + sed -i 's,^\(oracle.wcsites.protocol=\).*,\1'${LB_PROTOCOL}',' wcs_properties_bootstrap.ini + + + touch ${DOMAIN_HOME}/config/fmwconfig/wcsconfig/updated.txt + echo "Updated the configuration at: ${DOMAIN_HOME}/config/fmwconfig/wcsconfig" + echo "--------------------------------------------" + fi + + echo "--------------------------------------------" ${SERVER_NAME} "--------------------------------------------" + echo "Updating the configuration at: ${DOMAIN_HOME}/config/fmwconfig/servers/${SERVER_NAME}/config" + cp ${DOMAIN_HOME}/config/fmwconfig/wcsconfig/wcs_properties.json ${SITES_SHARED}/ + + replaceString="127.0.0.1" + + # Print the values + replaceWith=${DOMAIN_UID}-${SER_HOST_NAME} + location=${DOMAIN_HOME}/config/fmwconfig/servers/${SERVER_NAME}/config/ + + echo replacing for ${SERVER_NAME} "timeToLive=0 to timeToLive=1" + grep -rl timeToLive=0 ${location} + grep -rl timeToLive=0 ${location} | xargs sed -i "s/timeToLive=0/timeToLive=1/g" + + echo replacing for ${SERVER_NAME} "ip_ttl=0 to ip_ttl=1" + grep -rl ip_ttl=\"0\" ${location} + grep -rl ip_ttl=\"0\" ${location} | xargs sed -i "s/ip_ttl=\"0\"/ip_ttl=\"1\"/g" + + echo replacing for ${SERVER_NAME} ${location}host.properties + sed -i "s/@unique_id@/${replaceWith}/g" ${location}host.properties + + echo replacing for ${SERVER_NAME} ${location}deployerConfigContext.xml + sed -i "s/@CSConnectPrefix@/${LB_PROTOCOL}/g" ${location}deployerConfigContext.xml + sed -i "s/@hostname@/${LB_HOST}/g" ${location}deployerConfigContext.xml + sed -i "s/@portnumber@/${LB_PORT}/g" ${location}deployerConfigContext.xml + sed -i "s/@context-path@/${CONTEXTPATH}/g" ${location}deployerConfigContext.xml + + echo replacing for ${SERVER_NAME} ${location}cas.properties + sed -i "s/@CSConnectPrefix@/${LB_PROTOCOL}/g" ${location}cas.properties + sed -i "s/@hostname@/${replaceWith}/g" ${location}cas.properties + sed -i "s/@portnumber@/${MANAGED_SERVER_PORT}/g" ${location}cas.properties + + echo replacing for ${SERVER_NAME} ${location}customBeans.xml + sed -i "s/@CSConnectPrefix@/${LB_PROTOCOL}/g" ${location}customBeans.xml + sed -i "s/@hostname@/${LB_HOST}/g" ${location}customBeans.xml + sed -i "s/@portnumber@/${LB_PORT}/g" ${location}customBeans.xml + sed -i "s/@context-path@/${CONTEXTPATH}/g" ${location}customBeans.xml + + echo "--------------------------------------------" + + if [ -z "$SITES_CACHE_PORTS" ] + then + echo "\$SITES_CACHE_PORTS is empty" + else + echo "\$SITES_CACHE_PORTS is NOT empty" + python ${DOMAIN_HOME}/unicast.py ${DOMAIN_HOME} ${HOSTNAME::-1} ${SERVER_NAME} ${SITES_CACHE_PORTS} + fi + + + echo "--------------------------------------------" + + rm ${DOMAIN_HOME}/config/fmwconfig/servers/${SERVER_NAME}/config/wcs_properties.json + rm ${DOMAIN_HOME}/config/fmwconfig/servers/${SERVER_NAME}/config/wcs_properties_bootstrap.ini + + touch ${DOMAIN_HOME}/config/fmwconfig/servers/${SERVER_NAME}/config/updated.txt + + + + else + # Case where the configuration of the server was already updated or not required to udpate. + echo "Not updating configuration of the server ${SERVER_NAME}." + fi + +echo "--------------------------------------------" +echo "checking the availability of custom extend.sites.webapp-lib.war" + +CUSTOM_EXTEND_LIB=${DOMAIN_ROOT_DIR}/sites-home/extend.sites.webapp-lib.war +EXTEND_LIB=/u01/oracle/wcsites/webcentersites/sites-home/extend.sites.webapp-lib.war + +if [ -f "$CUSTOM_EXTEND_LIB" ]; then + EXTEND_LIB=$(echo $EXTEND_LIB | sed 's_/_\\/_g') + CUSTOM_EXTEND_LIB=$(echo $CUSTOM_EXTEND_LIB | sed 's_/_\\/_g') + echo "replacing $EXTEND_LIB with custom $CUSTOM_EXTEND_LIB in config.xml" + sed -i "s/${EXTEND_LIB}/${CUSTOM_EXTEND_LIB}/g" ${DOMAIN_HOME}/config/config.xml +else + EXTEND_LIB=$(echo $EXTEND_LIB | sed 's_/_\\/_g') + CUSTOM_EXTEND_LIB=$(echo $CUSTOM_EXTEND_LIB | sed 's_/_\\/_g') + echo "reverting custom $CUSTOM_EXTEND_LIB to $EXTEND_LIB in config.xml" + sed -i "s/${CUSTOM_EXTEND_LIB}/${EXTEND_LIB}/g" ${DOMAIN_HOME}/config/config.xml +fi diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/_helpers.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/_helpers.tpl new file mode 100755 index 000000000..787cd3d01 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/_helpers.tpl @@ -0,0 +1,77 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +{{/* +Expand the name of the chart. +*/}} +{{- define "wc-sites.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "wc-sites.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "wc-sites.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "wc-sites.labels" -}} +helm.sh/chart: {{ include "wc-sites.chart" . }} +{{ include "wc-sites.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "wc-sites.selectorLabels" -}} +app.kubernetes.io/name: {{ include "wc-sites.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "wc-sites.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "wc-sites.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Build the database URL +*/}} +{{- define "wc-sites.databaseUrl" -}} +{{- if (.Values.oracledb.url) }} +{{- .Values.oracledb.url }} +{{- else }} +{{- .Release.Name }}-oracledb.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.oracledb.service.port }}/{{ .Values.oracledb.pdb }}.{{ .Values.oracledb.domain }} +{{- end }} +{{- end }} + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/db.Secret.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/db.Secret.yaml new file mode 100755 index 000000000..2f9d23f34 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/db.Secret.yaml @@ -0,0 +1,16 @@ +{{ if not .Values.oracledb.credentials.secretName }} +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + labels: + weblogic.domainName: {{ .Values.domain.domainName }} + weblogic.domainUID: {{ .Values.domain.domainName }} + name: {{ .Values.domain.domainName }}-db-credentials +data: + username: {{ .Values.oracledb.credentials.username | b64enc | quote }} + password: {{ .Values.oracledb.credentials.password | b64enc | quote }} +{{ end }} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.Domain.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.Domain.yaml new file mode 100755 index 000000000..0b191cfb3 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.Domain.yaml @@ -0,0 +1,162 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +# +# This is an example of how to define a Domain resource. +# +apiVersion: "weblogic.oracle/v8" +kind: Domain +metadata: + name: {{ .Values.domain.domainName }} + namespace: {{ .Values.domain.namespace }} + labels: + weblogic.domainUID: {{ .Values.domain.domainName }} +spec: + managedServers: + {{- if gt (.Values.domain.wcsCluster.managedServers.count | int) 0}} + - serverName: wcsites-server1 + serverStartPolicy: "IF_NEEDED" + {{- end }} + {{- if gt (.Values.domain.wcsCluster.managedServers.count | int) 1}} + - serverName: wcsites-server2 + serverStartPolicy: "IF_NEEDED" + {{- end }} + {{- if gt (.Values.domain.wcsCluster.managedServers.count | int) 2}} + - serverName: wcsites-server3 + serverStartPolicy: "IF_NEEDED" + {{- end }} + + # The WebLogic Domain Home + domainHome: {{ .Values.domain.rootDir }}/domains/{{ .Values.domain.domainName }} + + # The domain home source type + # Set to PersistentVolume for domain-in-pv + domainHomeSourceType: PersistentVolume + + # The WebLogic Server Docker image that the Operator uses to start the domain + {{- if .Values.image.name }} + image: "{{ .Values.image.name }}" + {{- else }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + {{- end }} + + # imagePullPolicy defaults to "Always" if image version is :latest + imagePullPolicy: "IfNotPresent" + + # Identify which Secret contains the credentials for pulling an image + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + + # Identify which Secret contains the WebLogic Admin credentials (note that there is an example of + # how to create that Secret at the end of this file) + webLogicCredentialsSecret: + name: {{ .Values.domain.domainName }}-domain-credentials + + configuration: + introspectorJobActiveDeadlineSeconds: 300 + + # Whether to include the server out file into the pod's stdout, default is true + includeServerOutInPodLog: {{ .Values.domain.includeServerOutInPodLog }} + + # Whether to enable log home + logHomeEnabled: {{ .Values.domain.logHomeEnabled }} + + # Whether to write HTTP access log file to log home + httpAccessLogInLogHome: {{ .Values.domain.httpAccessLogInLogHome }} + + # The in-pod location for domain log, server logs, server out, and Node Manager log files + logHome: {{ .Values.domain.rootDir }}/logs/{{ .Values.domain.domainName }} + # An (optional) in-pod location for data storage of default and custom file stores. + # If not specified or the value is either not set or empty (e.g. dataHome: "") then the + # data storage directories are determined from the WebLogic domain home configuration. + dataHome: "" + + + # serverStartPolicy legal values are "NEVER", "IF_NEEDED", or "ADMIN_ONLY" + # This determines which WebLogic Servers the Operator will start up when it discovers this Domain + # - "NEVER" will not start any server in the domain + # - "ADMIN_ONLY" will start up only the administration server (no managed servers will be started) + # - "IF_NEEDED" will start all non-clustered servers, including the administration server and clustered servers up to the replica count + serverStartPolicy: "IF_NEEDED" + + serverPod: + initContainers: + - name: server-config-update + {{- if .Values.image.name }} + image: "{{ .Values.image.name }}" + {{- else }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + {{- end }} + env: + - name: DOMAIN_UID + value: {{ .Values.domain.domainName }} + - name: ADMIN_SERVER_NAME + value: "{{ .Values.domain.admin.name }}" + command: ['bash', '-c', '{{ .Values.domain.rootDir }}/domains/{{ .Values.domain.domainName }}/server-config-update.sh'] + volumeMounts: + - name: weblogic-domain-storage-volume + mountPath: {{ .Values.domain.rootDir }} + + # an (optional) list of environment variable to be set on the servers + env: + - name: JAVA_OPTIONS + value: "{{ .Values.domain.javaOptions }}" + - name: USER_MEM_ARGS + value: "-Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx1024m " + resources: + requests: + memory: "12G" + cpu: "1000m" + limits: + memory: "16G" + cpu: "2000m" + volumes: + - name: weblogic-domain-storage-volume + persistentVolumeClaim: + claimName: {{ .Values.domain.domainName }}-domain-pvc + volumeMounts: + - mountPath: {{ .Values.domain.rootDir }} + name: weblogic-domain-storage-volume + + # adminServer is used to configure the desired behavior for starting the administration server. + adminServer: + # serverStartState legal values are "RUNNING" or "ADMIN" + # "RUNNING" means the listed server will be started up to "RUNNING" mode + # "ADMIN" means the listed server will be start up to "ADMIN" mode + serverStartState: "RUNNING" + + # clusters is used to configure the desired behavior for starting member servers of a cluster. + # If you use this entry, then the rules will be applied to ALL servers that are members of the named clusters. + clusters: + - clusterName: {{ .Values.domain.wcsCluster.name }} + clusterService: + annotations: + traefik.ingress.kubernetes.io/affinity: "true" + traefik.ingress.kubernetes.io/session-cookie-name: sticky + serverStartState: "RUNNING" + serverPod: + # Instructs Kubernetes scheduler to prefer nodes for new cluster members where there are not + # already members of the same cluster. + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "weblogic.clusterName" + operator: In + values: + - $(CLUSTER_NAME) + topologyKey: "kubernetes.io/hostname" + replicas: 1 + # The number of managed servers to start for unlisted clusters + # replicas: 1 + + # Istio + # configuration: + # istio: + # enabled: + # readinessPort: + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.PersistentVolume.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.PersistentVolume.yaml new file mode 100755 index 000000000..6b52caec6 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.PersistentVolume.yaml @@ -0,0 +1,26 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Values.domain.domainName }}-domain-pv + labels: + weblogic.domainUID: {{ .Values.domain.domainName }} +spec: + storageClassName: {{ .Values.domain.domainName }}-domain-storage-class + capacity: + storage: {{ .Values.domain.storage.capacity }} + accessModes: + - ReadWriteMany + # Valid values are Retain, Delete or Recycle + persistentVolumeReclaimPolicy: Retain + {{- if eq .Values.domain.storage.type "nfs"}} + nfs: + server: {{ .Values.domain.storage.nfs.server }} + path: {{ .Values.domain.storage.path }} + {{- end }} + {{- if eq .Values.domain.storage.type "hostpath" }} + hostPath: + path: {{ .Values.domain.storage.path }} + {{- end }} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.PersistentVolumeClaim.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.PersistentVolumeClaim.yaml new file mode 100755 index 000000000..a12c04c95 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.PersistentVolumeClaim.yaml @@ -0,0 +1,16 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.domain.domainName }}-domain-pvc + labels: + weblogic.domainUID: {{ .Values.domain.domainName }} +spec: + storageClassName: {{ .Values.domain.domainName }}-domain-storage-class + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.domain.storage.capacity }} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.Secret.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.Secret.yaml new file mode 100755 index 000000000..afebb6479 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.Secret.yaml @@ -0,0 +1,16 @@ +{{ if not .Values.domain.credentials.secretName }} +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + labels: + weblogic.domainName: {{ .Values.domain.domainName }} + weblogic.domainUID: {{ .Values.domain.domainName }} + name: {{ .Values.domain.domainName }}-domain-credentials +data: + username: {{ .Values.domain.credentials.username | b64enc | quote }} + password: {{ .Values.domain.credentials.password | b64enc | quote }} +{{ end }} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.create.ConfigMap.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.create.ConfigMap.yaml new file mode 100755 index 000000000..a01b19a21 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.create.ConfigMap.yaml @@ -0,0 +1,17 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.domain.domainName }}-create-fmw-infra-sample-domain-job-cm + labels: + weblogic.domainName: {{ .Values.domain.domainName }} + weblogic.domainUID: {{ .Values.domain.domainName }} + +data: + {{- $files := .Files }} + {{- range tuple "create-domain-job.sh" "createSitesDomain.sh" "drop-rcu-schema.sh" "dropRepository.sh" "read-domain-secret.py" "server-config-update.sh" "createSitesDomain.py" "create-domain-script.sh" "utility.sh" "unicast.py" }} + {{ . }}: |- +{{ $files.Get . | indent 8 }} + {{- end }} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.create.Job.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.create.Job.yaml new file mode 100755 index 000000000..18ed1fabe --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.create.Job.yaml @@ -0,0 +1,175 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Values.domain.domainName }}-create-fmw-infra-sample-domain-job + namespace: {{ .Values.domain.namespace }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + labels: + weblogic.resourceVersion: domain-v2 + weblogic.domainUID: {{ .Values.domain.domainName }} + weblogic.domainName: {{ .Values.domain.domainName }} + app: {{ .Values.domain.domainName }}-create-fmw-infra-sample-domain-job + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + restartPolicy: Never + {{- if eq .Values.domain.storage.type "nfs" }} + initContainers: + - name: fix-pvc-owner + {{- if .Values.image.name }} + image: "{{ .Values.image.name }}" + {{- else }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + {{- end }} + command: ["sh", "-c", "chown 1000:0 /u01/oracle/user_projects/. && find /u01/oracle/user_projects/. -maxdepth 1 ! -name '.snapshot' ! -name '.' -print0 | xargs -r -0 chown -R 1000:0"] + volumeMounts: + - name: fmw-infra-sample-domain-storage-volume + mountPath: {{ .Values.domain.rootDir }} + securityContext: + runAsUser: 0 + runAsGroup: 0 + {{- end }} + containers: + - name: create-fmw-infra-sample-domain-job + {{- if .Values.image.name }} + image: "{{ .Values.image.name }}" + {{- else }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + {{- end }} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 7001 + volumeMounts: + - mountPath: {{ .Values.domain.scriptDir }} + name: create-fmw-infra-sample-domain-job-cm-volume + - mountPath: {{ .Values.domain.rootDir }} + name: fmw-infra-sample-domain-storage-volume + - mountPath: /weblogic-operator/secrets + name: fmw-infra-credentials-volume + - mountPath: /weblogic-operator/rcu-secrets + name: rcu-credentials-volume + command: ["/bin/sh"] + args: ["{{ .Values.domain.scriptDir }}/create-domain-job.sh"] + env: + - name: DOMAIN_UID + value: "{{ .Values.domain.domainName }}" + - name: ADMIN_SERVER_NAME_SVC + value: "{{ .Values.domain.admin.name }}" + - name: T3_CHANNEL_PORT + value: "{{ or .Values.domain.t3Channel.port 30012 }}" + - name: T3_PUBLIC_ADDRESS + value: "{{ or .Values.domain.t3Channel.publicIp "0.0.0.0" }}" + - name: MANAGED_SERVER_NAME_BASE_SVC + value: "wcsites-server" + - name: CREATE_DOMAIN_SCRIPT_DIR + value: "{{ .Values.domain.scriptDir }}" + - name: DOMAIN_ROOT_DIR + value: "{{ .Values.domain.rootDir }}" + - name: DOMAIN_HOME_DIR + value: "{{ .Values.domain.rootDir }}/domains/{{ .Values.domain.domainName }}" + - name: DOMAIN_LOGS_DIR + value: "{{ .Values.domain.rootDir }}/logs/{{ .Values.domain.domainName }}" + - name: CUSTOM_DOMAIN_NAME + value: "{{ .Values.domain.domainName }}" + - name: CUSTOM_ADMIN_LISTEN_PORT + value: "{{ .Values.domain.admin.listenPort }}" + - name: CUSTOM_ADMIN_NAME + value: "{{ .Values.domain.admin.name }}" + - name: CUSTOM_ADMIN_HOST + value: "%CUSTOM_ADMIN_HOST%" + - name: CUSTOM_MANAGEDSERVER_PORT + value: "{{ .Values.domain.wcsCluster.managedServers.listenPort }}" + - name: CUSTOM_MANAGED_BASE_NAME + value: "{{ .Values.domain.wcsCluster.managedServers.name }}" + - name: CUSTOM_MANAGED_SERVER_COUNT + value: "{{ .Values.domain.wcsCluster.managedServers.count }}" + - name: CUSTOM_CLUSTER_NAME + value: "{{ .Values.domain.wcsCluster.name }}" + - name: CUSTOM_RCUPREFIX + value: "{{ .Values.domain.rcuSchema.prefix }}" + - name: CUSTOM_PRODUCTION_MODE + value: "true" + - name: CUSTOM_CONNECTION_STRING + value: "{{ .Values.oracledb.url }}" + - name: EXPOSE_T3_CHANNEL_PREFIX + value: "false" + - name: DOMAIN_NAME + value: "{{ .Values.domain.domainName }}" + - name: ADMIN_SERVER_NAME + value: "{{ .Values.domain.admin.name }}" + - name: ADMIN_PORT + value: "{{ .Values.domain.admin.listenPort }}" + - name: CLUSTER_NAME + value: "{{ .Values.domain.wcsCluster.name }}" + - name: MANAGED_SERVER_NAME_BASE + value: "{{ .Values.domain.wcsCluster.managedServers.name }}" + - name: CONFIGURED_MANAGED_SERVER_COUNT + value: "{{ .Values.domain.wcsCluster.managedServers.count }}" + - name: MANAGED_SERVER_PORT + value: "{{ .Values.domain.wcsCluster.managedServers.listenPort }}" + - name: PRODUCTION_MODE_ENABLED + value: "true" + - name: LB_HOST + value: "{{ .Values.ingress.hostname }}" + - name: LB_PORT + value: "{{ .Values.ingress.port }}" + - name: LB_PROTOCOL + value: "{{ .Values.ingress.scheme }}" + - name: SITES_CACHE_PORTS + value: "50000" + - name: SITES_SAMPLES + value: "false" + - name: SITES_ADMIN_USERNAME + value: ContentServer + - name: SITES_ADMIN_PASSWORD + value: password + - name: SITES_APP_USERNAME + value: fwadmin + - name: SITES_APP_PASSWORD + value: xceladmin + - name: SITES_SS_USERNAME + value: SatelliteServer + - name: SITES_SS_PASSWORD + value: password + - name: ADMIN_USERNAME + valueFrom: + secretKeyRef: + name: wcsitesinfra-domain-credentials + key: username + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: wcsitesinfra-domain-credentials + key: password + - name: MANAGED_SERVER + value: "wcsites-server" + - name: DOMAIN_TYPE + value: {{ .Values.domain.type }} + volumes: + - name: create-fmw-infra-sample-domain-job-cm-volume + configMap: + name: {{ .Values.domain.domainName }}-create-fmw-infra-sample-domain-job-cm + - name: fmw-infra-sample-domain-storage-volume + persistentVolumeClaim: + claimName: {{ .Values.domain.domainName }}-domain-pvc + - name: fmw-infra-credentials-volume + secret: + secretName: {{ .Values.domain.domainName }}-domain-credentials + - name: rcu-credentials-volume + secret: + secretName: {{ .Values.domain.domainName }}-rcu-credentials + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.delete.Job.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.delete.Job.yaml new file mode 100755 index 000000000..09ccc2214 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/domain.delete.Job.yaml @@ -0,0 +1,71 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Values.domain.domainName }}-delete-fmw-infra-sample-domain-job + namespace: {{ .Values.domain.namespace }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "5" + #"helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded +spec: + template: + metadata: + labels: + weblogic.resourceVersion: domain-v2 + weblogic.domainUID: {{ .Values.domain.domainName }} + weblogic.domainName: {{ .Values.domain.domainName }} + app: {{ .Values.domain.domainName }}-delete-fmw-infra-sample-domain-job + spec: + restartPolicy: Never + containers: + - name: delete-fmw-infra-sample-domain-job + {{- if .Values.image.name }} + image: "{{ .Values.image.name }}" + {{- else }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + {{- end }} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 7001 + volumeMounts: + - mountPath: {{ .Values.domain.scriptDir }} + name: create-fmw-infra-sample-domain-job-cm-volume + - mountPath: {{ .Values.domain.rootDir }} + name: fmw-infra-sample-domain-storage-volume + - mountPath: /weblogic-operator/rcu-secrets + name: rcu-credentials-volume + command: ["/bin/sh"] + args: ["{{ .Values.domain.scriptDir }}/drop-rcu-schema.sh"] + env: + - name: DOMAIN_HOME_DIR + value: {{ .Values.domain.rootDir }}/domains/{{ .Values.domain.domainName }} + - name: DOMAIN_LOGS_DIR + value: {{ .Values.domain.rootDir }}/logs/{{ .Values.domain.domainName }} + - name: CUSTOM_RCUPREFIX + value: "{{ .Values.domain.rcuSchema.prefix }}" + - name: CUSTOM_CONNECTION_STRING + value: "{{ .Values.oracledb.url }}" + - name: CREATE_DOMAIN_SCRIPT_DIR + value: "{{ .Values.domain.scriptDir }}" + + volumes: + - name: create-fmw-infra-sample-domain-job-cm-volume + configMap: + name: {{ .Values.domain.domainName }}-create-fmw-infra-sample-domain-job-cm + - name: fmw-infra-sample-domain-storage-volume + persistentVolumeClaim: + claimName: {{ .Values.domain.domainName }}-domain-pvc + - name: rcu-credentials-volume + secret: + secretName: {{ .Values.domain.domainName }}-rcu-credentials + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/rcu.Secret.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/rcu.Secret.yaml new file mode 100755 index 000000000..f99a2fe51 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/rcu.Secret.yaml @@ -0,0 +1,16 @@ +{{ if not .Values.domain.rcuSchema.credentials.secretName }} +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + labels: + weblogic.domainName: {{ .Values.domain.domainName }} + weblogic.domainUID: {{ .Values.domain.domainName }} + name: {{ .Values.domain.domainName }}-rcu-credentials +data: + username: {{ .Values.domain.rcuSchema.credentials.username | b64enc | quote }} + password: {{ .Values.domain.rcuSchema.credentials.password | b64enc | quote }} +{{ end }} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/serviceaccount.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/serviceaccount.yaml new file mode 100755 index 000000000..f2dec763a --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create -}} +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "wc-sites.serviceAccountName" . }} + labels: + {{- include "wc-sites.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/traefik.Ingress.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/traefik.Ingress.yaml new file mode 100755 index 000000000..3b81e4d69 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/traefik.Ingress.yaml @@ -0,0 +1,48 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. + +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ .Values.domain.domainName }}-traefik + labels: + weblogic.resourceVersion: domain-v2 + annotations: + kubernetes.io/ingress.class: traefik +{{- if .Values.ingress.tls }} + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.middlewares: wcsites-ns-wls-proxy-ssl@kubernetescrd +{{- end }} +spec: + rules: + - host: '' + http: + paths: + - path: /console + backend: + serviceName: '{{ .Values.domain.domainName }}-{{ .Values.domain.admin.name | lower | replace "_" "-" }}' + servicePort: {{ .Values.domain.admin.listenPort }} + - path: /em + backend: + serviceName: '{{ .Values.domain.domainName }}-{{ .Values.domain.admin.name | lower | replace "_" "-" }}' + servicePort: {{ .Values.domain.admin.listenPort }} + - path: /weblogic/ready + backend: + serviceName: '{{ .Values.domain.domainName }}-{{ .Values.domain.admin.name | lower | replace "_" "-" }}' + servicePort: {{ .Values.domain.admin.listenPort }} + - path: /sites + backend: + serviceName: '{{ .Values.domain.domainName }}-cluster-{{ .Values.domain.wcsCluster.name | lower | replace "_" "-" }}' + servicePort: {{ .Values.domain.wcsCluster.managedServers.listenPort }} + - path: /cas + backend: + serviceName: '{{ .Values.domain.domainName }}-cluster-{{ .Values.domain.wcsCluster.name | lower | replace "_" "-" }}' + servicePort: {{ .Values.domain.wcsCluster.managedServers.listenPort }} +{{- if .Values.ingress.tls }} + tls: + - hosts: + - '{{ .Values.ingress.dnsname }}' + secretName: {{ .Values.domain.domainName }}-tls-cert +{{- end }} + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/wcs.services.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/wcs.services.yaml new file mode 100755 index 000000000..87d2e4c76 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/templates/wcs.services.yaml @@ -0,0 +1,193 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl + +apiVersion: v1 +kind: Service +metadata: + name: wcsitesinfra-wcsites-server1-np + namespace: wcsites-ns +spec: + type: NodePort + ports: + - name: defaultnp + port: 8001 + protocol: TCP + selector: + weblogic.domainUID: wcsitesinfra + weblogic.serverName: wcsites-server1 +--- +apiVersion: v1 +kind: Service +metadata: + name: wcsitesinfra-wcsites-server1-svc + namespace: wcsites-ns +spec: + clusterIP: None + ports: + - name: ticket-cache + port: 50000 + protocol: TCP + targetPort: 50000 + - name: ticket-cache1 + port: 50001 + protocol: TCP + targetPort: 50001 + - name: mcast-linked-cache + port: 50002 + protocol: TCP + targetPort: 50002 + - name: mcast-linked-cache1 + port: 50003 + protocol: TCP + targetPort: 50003 + - name: mcast-cs-cache + port: 50004 + protocol: TCP + targetPort: 50004 + - name: mcast-cs-cache1 + port: 50005 + protocol: TCP + targetPort: 50005 + - name: mcast-cas-cache + port: 50006 + protocol: TCP + targetPort: 50006 + - name: mcast-cas-cache1 + port: 50007 + protocol: TCP + targetPort: 50007 + - name: mcast-ss-cache + port: 50008 + protocol: TCP + targetPort: 50008 + - name: mcast-ss-cache1 + port: 50009 + protocol: TCP + targetPort: 50009 + publishNotReadyAddresses: true + selector: + weblogic.createdByOperator: "true" + weblogic.domainUID: wcsitesinfra + weblogic.serverName: wcsites-server1 + sessionAffinity: None + type: ClusterIP +status: + loadBalancer: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: wcsitesinfra-wcsites-server2-svc + namespace: wcsites-ns +spec: + clusterIP: None + ports: + - name: ticket-cache + port: 50000 + protocol: TCP + targetPort: 50000 + - name: ticket-cache1 + port: 50001 + protocol: TCP + targetPort: 50001 + - name: mcast-linked-cache + port: 50002 + protocol: TCP + targetPort: 50002 + - name: mcast-linked-cache1 + port: 50003 + protocol: TCP + targetPort: 50003 + - name: mcast-cs-cache + port: 50004 + protocol: TCP + targetPort: 50004 + - name: mcast-cs-cache1 + port: 50005 + protocol: TCP + targetPort: 50005 + - name: mcast-cas-cache + port: 50006 + protocol: TCP + targetPort: 50006 + - name: mcast-cas-cache1 + port: 50007 + protocol: TCP + targetPort: 50007 + - name: mcast-ss-cache + port: 50008 + protocol: TCP + targetPort: 50008 + - name: mcast-ss-cache1 + port: 50009 + protocol: TCP + targetPort: 50009 + publishNotReadyAddresses: true + selector: + weblogic.createdByOperator: "true" + weblogic.domainUID: wcsitesinfra + weblogic.serverName: wcsites-server2 + sessionAffinity: None + type: ClusterIP +status: + loadBalancer: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: wcsitesinfra-wcsites-server3-svc + namespace: wcsites-ns +spec: + clusterIP: None + ports: + - name: ticket-cache + port: 50000 + protocol: TCP + targetPort: 50000 + - name: ticket-cache1 + port: 50001 + protocol: TCP + targetPort: 50001 + - name: mcast-linked-cache + port: 50002 + protocol: TCP + targetPort: 50002 + - name: mcast-linked-cache1 + port: 50003 + protocol: TCP + targetPort: 50003 + - name: mcast-cs-cache + port: 50004 + protocol: TCP + targetPort: 50004 + - name: mcast-cs-cache1 + port: 50005 + protocol: TCP + targetPort: 50005 + - name: mcast-cas-cache + port: 50006 + protocol: TCP + targetPort: 50006 + - name: mcast-cas-cache1 + port: 50007 + protocol: TCP + targetPort: 50007 + - name: mcast-ss-cache + port: 50008 + protocol: TCP + targetPort: 50008 + - name: mcast-ss-cache1 + port: 50009 + protocol: TCP + targetPort: 50009 + publishNotReadyAddresses: true + selector: + weblogic.createdByOperator: "true" + weblogic.domainUID: wcsitesinfra + weblogic.serverName: wcsites-server3 + sessionAffinity: None + type: ClusterIP +status: + loadBalancer: {} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/unicast.py b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/unicast.py new file mode 100755 index 000000000..e7ee6d842 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/unicast.py @@ -0,0 +1,120 @@ +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl + +import xml.dom.minidom +import re +import sys + +def getManagedServerCount(domainHome): +# use the parse() function to load and parse an XML file + doc = xml.dom.minidom.parse(domainHome + "/config/config.xml") + servers = doc.getElementsByTagName("server") + print "Total Configured Managed Servers: %d " % (servers.length - 1) + return servers.length - 1; + + +# Method to uncomment and comment the required tag and save back +def replaceXml(domainHome, ms_server): + f = open(domainHome + "/config/fmwconfig/servers/" + ms_server + "/config/ticket-cache.xml","r+w") + filecontent = f.read() + #Uncomment the one to be used + filecontent = re.sub ( r'','cas_tgt" />', filecontent,1) + #Comment the one not used + filecontent = re.sub ( r'','propertySeparator="," -->', filecontent,1) + f.seek(0) + f.write(filecontent) + f.write("\n\n\n") + f.close() + +# Method to replace the properties +def replaceRmiUrlsInCache(domainHome, prefix, n, ms_server, excludedServerNumber, filename, port): + doc = xml.dom.minidom.parse(domainHome + "/config/fmwconfig/servers/" + ms_server + "/config/" + filename) + abc = doc.getElementsByTagName("cacheManagerPeerProviderFactory") + processString = "peerDiscovery=manual,rmiUrls=//localhost:/notifier" + + for element in abc: + element.setAttribute("properties", processString) + + for x in range (1,n-1): + processString = processString + "|//localhost:/notifier" + + # We should have got the properties attribute now tokenized with localhost and 41001. Exclude 1 add the rest + for i in range (1,n+1): + if i <> int(excludedServerNumber): + processString = re.sub ( r'localhost',prefix + str(i), processString,1) + processString = re.sub ( r'',str(port), processString,1) + + element.setAttribute("properties", processString) + print(processString) + ghi = doc.getElementsByTagName("cacheManagerPeerListenerFactory") + for element in ghi: + processString = element.getAttribute("properties") + processString = "hostName="+prefix+ str(excludedServerNumber) +",port=" + str(port) +",remoteObjectPort=" + str(int(port)+1) + ",socketTimeoutMillis=12000" + element.setAttribute("properties", processString) + myfile = open(domainHome + "/config/fmwconfig/servers/" + ms_server + "/config/" + filename , "w") + myfile.write(doc.toxml()) + myfile.close() + print("Updated " + filename) + +# Method to replace the properties +def replaceRmiUrls(domainHome, prefix, n, ms_server, excludedServerNumber, port): + doc = xml.dom.minidom.parse(domainHome + "/config/fmwconfig/servers/" + ms_server + "/config/ticket-cache.xml") + abc = doc.getElementsByTagName("cacheManagerPeerProviderFactory") + processString = "" + + for element in abc: + processString = element.getAttribute("properties") + + for x in range (1,n-1): + processString = processString + "|//localhost:41001/cas_st|//localhost:41001/cas_tgt" + + # We should have got the properties attribute now tokenized with localhost and 41001. Exclude 1 add the rest + for i in range (1,n+1): + if i <> int(excludedServerNumber): + processString = re.sub ( r'localhost',prefix + str(i), processString,1) + processString = re.sub ( r'41001',str(port), processString,1) + processString = re.sub ( r'localhost',prefix + str(i), processString,1) + processString = re.sub ( r'41001',str(port), processString,1) + + element.setAttribute("properties", processString) + print(processString) + ghi = doc.getElementsByTagName("cacheManagerPeerListenerFactory") + for element in ghi: + processString = element.getAttribute("properties") + processString = "hostName=" + prefix + str(excludedServerNumber) + ",port=" + str(port) + ",remoteObjectPort=" + str(int(port)+1) + ",socketTimeoutMillis=12000" + element.setAttribute("properties", processString) + myfile = open(domainHome + "/config/fmwconfig/servers/" + ms_server + "/config/ticket-cache.xml", "w") + myfile.write(doc.toxml()) + myfile.close() + print("Updated " + "ticket-cache.xml") + +def main(): + # count the arguments + arguments = len(sys.argv) - 1 + print ("The script is called with %i arguments" % (arguments)) + domainHome = sys.argv[1] + serverPrefix = sys.argv[2] + ms_server = sys.argv[3] + port = sys.argv[4] + excludedServerNumber = ms_server[-1] + print("Host prefix set to " + serverPrefix) + print("Managed Server set to - " + ms_server) + print("Excluded Server Number set to - " + excludedServerNumber) + print("Starting port set to - " + port) + replaceXml(domainHome, ms_server) + servercount = getManagedServerCount(domainHome) + replaceRmiUrls(domainHome, serverPrefix, servercount, ms_server, excludedServerNumber, port) + replaceRmiUrlsInCache(domainHome, serverPrefix, servercount, ms_server, excludedServerNumber, "linked-cache.xml", int(port) + 2) + replaceRmiUrlsInCache(domainHome, serverPrefix, servercount, ms_server, excludedServerNumber, "cs-cache.xml", int(port) + 4) + replaceRmiUrlsInCache(domainHome, serverPrefix, servercount, ms_server, excludedServerNumber, "cas-cache.xml", int(port) + 6 ) + replaceRmiUrlsInCache(domainHome, serverPrefix, servercount, ms_server, excludedServerNumber, "ss-cache.xml", int(port) + 8 ) + + +if __name__ == "__main__": + # calling main function + main() + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/utility.sh b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/utility.sh new file mode 100755 index 000000000..da91525f1 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/utility.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# Copyright (c) 2022, Oracle and/or its affiliates. +# +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl + +# +# Report an error and fail the job +# $1 - text of error +function fail { + echo ERROR: $1 + exit 1 +} + +# +# Create a folder +# $1 - path of folder to create +function createFolder { + mkdir -m 777 -p $1 + if [ ! -d $1 ]; then + fail "Unable to create folder $1" + fi +} + +function checkCreateDomainScript { + if [ -f $1 ]; then + echo The domain will be created using the script $1 + else + fail "Could not locate the domain creation script ${1}" + fi +} + +function checkDomainSecret { + + # Validate the domain secrets exist before proceeding. + if [ ! -f /weblogic-operator/secrets/username ]; then + fail "The domain secret /weblogic-operator/secrets/username was not found" + fi + if [ ! -f /weblogic-operator/secrets/password ]; then + fail "The domain secret /weblogic-operator/secrets/password was not found" + fi +} + +function prepareDomainHomeDir { + # Do not proceed if the domain already exists + local domainFolder=${DOMAIN_HOME_DIR} + if [ -d ${domainFolder} ]; then + fail "The create domain job will not overwrite an existing domain. The domain folder ${domainFolder} already exists" + fi + + # Create the base folders + createFolder ${DOMAIN_ROOT_DIR}/domains + createFolder ${DOMAIN_LOGS_DIR} + createFolder ${DOMAIN_ROOT_DIR}/applications + createFolder ${DOMAIN_ROOT_DIR}/stores + createFolder ${DOMAIN_ROOT_DIR}/shared + createFolder ${DOMAIN_ROOT_DIR}/sites-home +} + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/values.schema.json b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/values.schema.json new file mode 100755 index 000000000..e23109a8d --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/values.schema.json @@ -0,0 +1,439 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "required": [ + "kubernetesVersion", + "image", + "imagePullSecrets", + "domain", + "oracledb", + "ingress" + ], + "definitions": { + "cluster": { + "type": "object", + "required": [ + "name", + "managedServers" + ], + "properties": { + "name": { + "type": "string", + "pattern": "^[a-z-_]{1,25}$" + }, + "managedServers": { + "type": "object", + "required": [ + "count", + "name", + "listenPort" + ], + "properties": { + "count": { + "type": "integer", + "minimum": 0 + }, + "name": { + "type": "string", + "pattern": "^[a-z-_]{1,25}$" + }, + "listentPort": { + "type": "integer", + "minimum": 1024, + "maximum": 65535 + }, + "sslListenPort": { + "type": "integer", + "minimum": 1024, + "maximum": 65535 + } + } + } + } + }, + "ip": { + "type": "string", + "pattern": "^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$" + } + }, + "properties": { + "kubernetesVersion": { + "type": "string", + "enum": ["1.20", "1.19"] + }, + "image": { + "type": "object", + "required": [ + "repository", + "pullPolicy" + ], + "properties": { + "repository": { + "type": "string", + "pattern": "^[a-z0-9-_./]+$" + }, + "pullPolicy": { + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "domain": { + "type": "object", + "required": [ + "enabled", + "type", + "domainName", + "productionMode", + "rootDir", + "scriptDir", + "credentials", + "t3Channel", + "sslEnabled", + "persistenceStore", + "logHomeEnabled", + "logHome", + "includeServerOutInPodLog", + "httpAccessLogInLogHome", + "serverStartPolicy", + "javaOptions", + "maxManagedServerCount", + "admin", + "wcsCluster", + "storage", + "rcuSchema" + ], + "properties": { + "enabled": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": ["sitestype","wcsites"] + }, + "domainName": { + "type": "string", + "pattern": "^[a-zA-Z0-9-_]+$", + "maxLength": 99 + }, + "productionMode": { + "type": "boolean" + }, + "rootDir": { + "type": "string", + "pattern": "^/([a-zA-z0-9-_]+/*)+$" + }, + "scriptDir": { + "type": "string", + "pattern": "^/([a-zA-z0-9-_]+/*)+$" + }, + "credentials": { + "type": [ + "object" + ], + "anyOf": [ + { "required": [ + "secretName" + ], + "properties": { + "secretName": { + "type": ["string"] + } + } + }, + { "required": [ + "username", + "password" + ], + "properties": { + "secretName": { + "type": "null" + }, + "username": { + "type": ["string"], + "pattern": "^[a-zA-Z0-9]+$" + }, + "password": { + "type": ["string"], + "pattern": "^[a-zA-Z0-9.]{8,}$", + "description": "The domain password must contain at least 1 uppercase and 1 number and be at least 8 characters long." + } + }, + "dependencies": { + "username": { "required": ["password"] } + } + } + ] + }, + "t3Channel": { + "type": "object", + "required": [ + "exposed" + ], + "properties": { + "exposed": { + "type": "boolean" + } + }, + "oneOf": [ + { + "properties": { + "exposed": { "const": true }, + "port": { + "type": "integer", + "minimum": 30000, + "maximum": 35635 + }, + "publicIp": { + "$ref": "#/definitions/ip" + } + }, + "required": ["publicIp", "port"] + }, + { + "properties": { + "exposed": { "const": false } + } + } + ] + }, + "sslEnabled": { + "type": "boolean" + }, + "persistenceStore": { + "type": [ + "string", + "null" + ], + "enum": ["jdbc", ""] + }, + "logHomeEnabled": { + "type": "boolean" + }, + "logHome": { + "type": [ + "string", + "null" + ], + "pattern": "^/([a-zA-z0-9-_]+/*)+$" + }, + "includeServerOutInPodLog": { + "type": [ + "boolean", + "null" + ] + }, + "httpAccessLogInLogHome": { + "type": [ + "boolean", + "null" + ] + }, + "serverStartPolicy": { + "type": "string", + "enum": ["NEVER", "ADMIN_ONLY", "IF_NEEDED"] + }, + "javaOptions": { + "type": "string", + "pattern": "^(-D[a-zA-Z0-9.]+=.*|)" + }, + "maxManagedServerCount": { + "type": "integer", + "minimum": 1, + "maximum": 20 + }, + "admin": { + "type": "object", + "required": [ + "name", + "listenPort", + "exposeNodePort" + ], + "properties": { + "name": { + "type": "string", + "pattern": "^[a-zA-Z0-9-_]+$" + }, + "listenPort": { + "type": "integer", + "minimum": 1024, + "maximum": 65535 + }, + "sslListenPort": { + "type": "integer", + "minimum": 1024, + "maximum": 65535 + }, + "exposeNodePort": { + "type": "boolean" + }, + "nodePort": { + "type": "integer", + "minimum": 30000, + "maximum": 65535 + } + }, + "dependencies": { + "exposedNodePort": { "required": ["nodePort"] } + } + }, + "wcsCluster": { + "$ref": "#/definitions/cluster" + }, + "storage": { + "type": "object", + "required": [ + "capacity", + "reclaimPolicy", + "type", + "path" + ], + "properties": { + "capacity": { + "type": "string", + "pattern": "^[1-9][0-9]*(M|G)i$" + }, + "reclaimPolicy": { + "type": "string", + "enum": ["Retain", "Delete", "Recycle"] + }, + "type": { + "type": "string", + "enum": ["nfs", "hostpath"] + }, + "path": { + "type": "string", + "pattern": "^/[a-zA-Z0-9/-_]+$" + }, + "nfs": { + "type": "object", + "required": [ + "server" + ], + "properties": { + "server": { + "$ref": "#/definitions/ip" + } + } + } + } + }, + "rcuSchema": { + "type": "object", + "required": [ + "prefix", + "profileType", + "credentials" + ], + "properties": { + "prefix": { + "type": "string", + "maxLength": 5 + }, + "profileType": { + "type": "string", + "enum": ["SMALL", "MED", "LARGE"] + }, + "credentials": { + "type": [ + "object" + ], + "anyOf": [ + { "required": + [ "secretName" ], + "properties": { + "secretName": { + "type": ["string"] + } + } + }, + { "required": + [ "username", "password" ], + "properties": { + "secretName": { + "type": "null" + }, + "username": { + "type": ["string"], + "pattern": "^[a-zA-Z0-9]+$" + }, + "password": { + "type": ["string"], + "pattern": "^[a-zA-Z0-9-_#]{9,30}$", + "description": "The domain password must contain at least 2 uppercase, 2 lowercase, 2 numbers, and 2 special and be at least 9 to 30 characters long." + } + }, + "dependencies": { + "username": { "required": ["password"] } + } + } + ] + } + } + } + } + }, + "oracledb": { + "type": "object", + "required": [ + "provision" + ], + "properties": { + "provision": { + "type": "boolean" + }, + "url": { + "type": ["string", "null"], + "pattern": "^[a-zA-Z0-9-_.]+:[1-9][0-9]{2,4}/[a-zA-Z0-9-_.]+$" + }, + "cdb": { + "type": "string" + }, + "pdb": { + "type": "string" + }, + "domain": { + "type": "string" + }, + "credentials": { + "type": [ + "object" + ], + "anyOf": [ + { "required": + [ "secretName" ], + "properties": { + "secretName": { + "type": ["string"] + } + } + }, + { "required": + [ "username", "password" ], + "properties": { + "secretName": { + "type": "null" + }, + "username": { + "type": ["string"], + "enum": ["SYS","ADMIN"] + }, + "password": { + "type": ["string"], + "pattern": "^[a-zA-Z0-9-_#]{9,30}$", + "description": "The domain password must contain at least 2 uppercase, 2 lowercase, 2 numbers, and 2 special and be at least 9 to 30 characters long." + } + }, + "dependencies": { + "username": { "required": ["password"] } + } + } + ] + } + } + } + } +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/values.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/values.yaml new file mode 100755 index 000000000..1587a9e82 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/charts/wc-sites/values.yaml @@ -0,0 +1,147 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# Default values for wcsites. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +nameOverride: "" +fullnameOverride: "" + +kubernetesVersion: "1.20" + +image: + repository: "oracle/wcsites" + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "12.2.1.4" + name: "oracle/wcsites:12.2.1.4" +# List of secrets to use to pull images from private registry +imagePullSecrets: + -name: image-secret + +# Service Account for this specific deployment +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + +securityContext: {} + +domain: + # Set this flag to false to remove the domain before tear-down (default true) + enabled: true + # supported types: sites + type: wcsites + + # domainName should have no space, _ or - it is same domainUUID + domainName: wcsitesinfra + namespace: wcsites-ns + productionMode: true + + rootDir: /u01/oracle/user_projects + scriptDir: /u01/weblogic + + # Weblogic user credentials for the domain + # Either provide username and password, + # or provide the name of a secret containing username and password key/value pairs + credentials: + secretName: + username: weblogic + password: Welcome1 + + t3Channel: + exposed: false + port: 30012 + publicIp: "0.0.0.0" + + sslEnabled: false + + # 'jdbc' for persistence in database, otherwise null + persistenceStore: jdbc + + # Logs + logHomeEnabled: true + logHome: /u01/oracle/user_projects/domains/logs + includeServerOutInPodLog: true + httpAccessLogInLogHome: true + + # serverStartPolicy legal values are "NEVER", "IF_NEEDED", or "ADMIN_ONLY" + # This determines which WebLogic Servers the Operator will start up when it discovers this Domain + # - "NEVER" will not start any server in the domain + # - "ADMIN_ONLY" will start up only the administration server (no managed servers will be started) + # - "IF_NEEDED" will start all non-clustered servers, including the administration server and clustered servers up to the replica count + serverStartPolicy: IF_NEEDED + javaOptions: "-Dweblogic.StdoutDebugEnabled=false" + maxManagedServerCount: 5 + + admin: + name: AdminServer + listenPort: 7001 + sslListenPort: 7002 + exposeNodePort: false + nodePort: 30701 + + wcsCluster: + name: wcsites_cluster + managedServers: + count: 3 + name: wcsites-server + listenPort: 8001 + sslListenPort: 8002 + + storage: + capacity: 10Gi + # The valid values are: 'Retain', 'Delete', and 'Recycle' + reclaimPolicy: Retain + # valid types are nfs or hostpath + type: nfs + path: /scratch/K8SVolume/WCSites + nfs: + server: 10.0.10.190 + + rcuSchema: + prefix: WCS + # profileType: supported values: SMALL(default), MED, LARGE + profileType: SMALL + credentials: + # provide either the secretName of the secret containing 'username' and 'password' + # or provide 'username' and 'password' values + # If a secret is specified it takes precedence over the plaintext entries + secretName: + username: "WCS1" + password: "Oradoc_db12W#-" + +oracledb: + # select enabled: true if the database should be provisioned + provision: false + url: db.db.oke.oraclevcn.com:1521/pdb.db.oke.oraclevcn.com + # If url is not provided, deploy the DB and use the following params: + # name of the Container DB + cdb: cdb + # name of the Pluggable DB + pdb: pdb + # domain + domain: k8s + credentials: + # provide either the secretName of the secret containing 'username' and 'password' + # or provide 'username' and 'password' values + secretName: + username: SYS + password: "Oradoc_db12W#-" + +ingress: + type: traefik + tls: false + hostname: "" + dnsname: "" + port: 30305 + scheme: http diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/datasources.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/datasources.tf new file mode 100755 index 000000000..1c741b176 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/datasources.tf @@ -0,0 +1,6 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +data "oci_identity_tenancy" "tenancy" { + tenancy_id = var.tenancy_ocid +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-1.PNG b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-1.PNG new file mode 100755 index 000000000..1bef0c8ff Binary files /dev/null and b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-1.PNG differ diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-2.PNG b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-2.PNG new file mode 100755 index 000000000..35bdb769b Binary files /dev/null and b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-2.PNG differ diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-3.PNG b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-3.PNG new file mode 100755 index 000000000..0b1f21152 Binary files /dev/null and b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-3.PNG differ diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-4.PNG b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-4.PNG new file mode 100755 index 000000000..ff4515e1a Binary files /dev/null and b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/images/wcs-4.PNG differ diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/locals.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/locals.tf new file mode 100755 index 000000000..0aeab8eb4 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/locals.tf @@ -0,0 +1,6 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +locals { + cluster_name = "${var.deployment_name}-cluster" +} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/main.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/main.tf new file mode 100755 index 000000000..2b3eccc47 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/main.tf @@ -0,0 +1,81 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +module "vcn" { + source = "./modules/vcn" + compartment_ocid = var.compartment_ocid + vcn_cidr = var.vcn_cidr + oke_cluster = var.oke_cluster + provision_database = var.provision_database +} + +# provision autonomous database +module "oci-adb" { + source = "./modules/oci-adb" + provision_adb = var.provision_adb + compartment_ocid = var.compartment_ocid + adb_password = var.adb_password + adb_database_db_workload = var.adb_database_db_workload + use_existing_vcn = true + vcn_id = module.vcn.vcn_id + adb_subnet_id = module.vcn.database_subnet_id +} + +# provision database system +module "database" { + source = "./modules/database" + provision_database = var.provision_database + compartment_ocid = var.compartment_ocid + database_name = var.database_name + database_unique_name = var.database_unique_name + db_version = var.db_version + pdb_name = var.pdb_name + admin_password = var.db_sys_password + db_system_shape = var.db_system_shape + db_system_cpu_core_count = var.db_system_cpu_core_count + ssh_public_keys = [var.ssh_authorized_key] + subnet_id = module.vcn.database_subnet_id + db_system_license_model = var.db_system_license_model + db_system_db_system_options_storage_management = var.db_system_db_system_options_storage_management +} + +module "cluster" { + source = "./modules/k8s" + provision_cluster = var.provision_cluster + cluster_name = local.cluster_name + tenancy_ocid = var.tenancy_ocid + compartment_ocid = var.compartment_ocid + vcn_id = module.vcn.vcn_id + oke_cluster = var.oke_cluster + cluster_lb_subnet_ids = [module.vcn.cluster_lb_subnet_id] + secrets_encryption_key_ocid = var.secrets_encryption_key_ocid +} + +module "node_pools" { + source = "./modules/node_pool" + provision_node_pool = var.provision_cluster + compartment_ocid = var.compartment_ocid + cluster_id = module.cluster.cluster.id + kubernetes_version = var.oke_cluster.k8s_version + ssh_authorized_key = var.ssh_authorized_key + node_pools = var.node_pools + nodes_subnet_id = module.vcn.cluster_nodes_subnet_id +} + + + +module "fss" { + source = "./modules/fss" + provision_filesystem = var.provision_filesystem + provision_mount_target = var.provision_mount_target + provision_export = var.provision_export + compartment_ocid = var.compartment_ocid + subnet_id = var.fss_subnet_id == null ? module.vcn.cluster_nodes_subnet_id : var.fss_subnet_id + ad_number = var.ad_number + encryption_key_id = var.secrets_encryption_key_ocid + mount_path = var.mount_path + source_cidr = var.provision_cluster == true ? module.vcn.cluster_nodes_subnet_cidr : var.fss_source_cidr + filesystem_ocid = var.filesystem_ocid + mount_target_ocid = var.mount_target_ocid + server_ip = var.mount_target_ip +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/datasources.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/datasources.tf new file mode 100755 index 000000000..26d96469b --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/datasources.tf @@ -0,0 +1,6 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +data "oci_identity_availability_domains" "ads" { + compartment_id = var.compartment_ocid +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/inputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/inputs.tf new file mode 100755 index 000000000..9db756855 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/inputs.tf @@ -0,0 +1,35 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "provision_database" {} +variable "compartment_ocid" {} +variable "database_name" {} +variable "database_unique_name" {} +variable "db_version" {} +variable "pdb_name" { + default = "pdb" +} +variable "admin_username" { + default = "SYS" +} +variable "admin_password" {} +variable "db_system_shape" { + default = "VM.Standard2.1" +} +variable "db_system_cpu_core_count" { + default = 1 +} +variable "db_system_data_storage_size_in_gb" { + default = 256 +} +variable "db_system_database_edition" { + default = "ENTERPRISE_EDITION" +} +variable "ssh_public_keys" {} +variable "subnet_id" {} +variable "db_system_license_model" { + default = "LICENSE_INCLUDED" +} +variable "db_system_db_system_options_storage_management" { + default = "LVM" +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/main.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/main.tf new file mode 100755 index 000000000..44d087ee9 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/main.tf @@ -0,0 +1,42 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +resource "oci_database_db_system" "db_system" { + count = var.provision_database ? 1 : 0 + + #Required + availability_domain = data.oci_identity_availability_domains.ads.availability_domains.0.name + compartment_id = var.compartment_ocid + db_home { + #Required + database { + #Required + admin_password = var.admin_password + + #Optional + db_name = var.database_name + db_workload = "OLTP" + pdb_name = var.pdb_name + } + + #Optional + db_version = var.db_version + display_name = var.database_name + } + hostname = "db" + shape = var.db_system_shape + ssh_public_keys = var.ssh_public_keys + subnet_id = var.subnet_id + + #Optional + cpu_core_count = var.db_system_cpu_core_count + data_storage_size_in_gb = var.db_system_data_storage_size_in_gb + database_edition = var.db_system_database_edition + db_system_options { + + #Optional + storage_management = var.db_system_db_system_options_storage_management + } + license_model = var.db_system_license_model + node_count = 1 +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/outputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/outputs.tf new file mode 100755 index 000000000..e20f39ec2 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/database/outputs.tf @@ -0,0 +1,6 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +output "jdbc_connection_url" { + value = var.provision_database ? "${oci_database_db_system.db_system.0.hostname}.${oci_database_db_system.db_system.0.domain}:1521/${var.pdb_name}.${oci_database_db_system.db_system.0.domain}" : "" +} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/datasource.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/datasource.tf new file mode 100755 index 000000000..42297297a --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/datasource.tf @@ -0,0 +1,13 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +data "oci_identity_availability_domain" "ad" { + compartment_id = var.compartment_ocid + ad_number = var.ad_number +} + +# Get the Private IP of the mount target +data "oci_core_private_ip" "private_ip" { + #Required + private_ip_id = var.provision_mount_target ? oci_file_storage_mount_target.mount_target.0.private_ip_ids[0] : "na" +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/inputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/inputs.tf new file mode 100755 index 000000000..8d5a42184 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/inputs.tf @@ -0,0 +1,19 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "subnet_id" {} +variable "compartment_ocid" {} +variable "ad_number" { + default = 2 +} +variable "encryption_key_id" { + default = null +} +variable "mount_path" {} +variable "source_cidr" {} +variable "provision_filesystem" {} +variable "provision_mount_target" {} +variable "provision_export" {} +variable "filesystem_ocid" {} +variable "mount_target_ocid" {} +variable "server_ip" {} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/main.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/main.tf new file mode 100755 index 000000000..1cdc4a0ff --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/main.tf @@ -0,0 +1,57 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +resource "oci_file_storage_file_system" "fss" { + count = var.provision_filesystem ? 1 : 0 + + #Required + availability_domain = data.oci_identity_availability_domain.ad.name + compartment_id = var.compartment_ocid + + #Optional + display_name = "Oracle WebCenter Sites File System" + kms_key_id = var.encryption_key_id +} + +resource "oci_file_storage_mount_target" "mount_target" { + count = var.provision_mount_target ? 1 : 0 + + #Required + availability_domain = data.oci_identity_availability_domain.ad.name + compartment_id = var.compartment_ocid + subnet_id = var.subnet_id + + #Optional + display_name = "Oracle WebCenter Sites Mount Target" +} + +resource "oci_file_storage_export_set" "export_set" { + count = var.provision_export ? 1 : 0 + + #Required + mount_target_id = var.provision_mount_target ? oci_file_storage_mount_target.mount_target.0.id : var.mount_target_ocid + + #Optional + display_name = "Oracle WebCenter Sites Export Set" +} + +resource "oci_file_storage_export" "export" { + #Required + count = var.provision_export ? 1 : 0 + export_set_id = oci_file_storage_export_set.export_set.0.id + file_system_id = var.provision_filesystem ? oci_file_storage_file_system.fss.0.id : var.filesystem_ocid + path = var.mount_path + + #Optional + export_options { + #Required + source = var.source_cidr + + #Optional + access = "READ_WRITE" + anonymous_gid = null + anonymous_uid = null + identity_squash = "NONE" + require_privileged_source_port = false + } +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/outputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/outputs.tf new file mode 100755 index 000000000..98e3a7b03 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/fss/outputs.tf @@ -0,0 +1,12 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# File Storage Server IP address +output "server_ip" { + value = var.provision_mount_target ? data.oci_core_private_ip.private_ip.ip_address : var.server_ip +} + +output "path" { + value = length(oci_file_storage_export.export) > 0 ? oci_file_storage_export.export[0].path : null +} + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/inputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/inputs.tf new file mode 100755 index 000000000..6897e7164 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/inputs.tf @@ -0,0 +1,28 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "tenancy_ocid" {} +variable "compartment_ocid" {} +variable "vcn_id" {} +variable "cluster_name" {} + +variable "provision_cluster" {} + +variable "oke_cluster" { + default = { + k8s_version = "v1.20.8" + pods_cidr = "10.1.0.0/16" + services_cidr = "10.2.0.0/16" + } +} +variable "cluster_lb_subnet_ids" {} + +variable "cluster_options_add_ons_is_kubernetes_dashboard_enabled" { + default = true +} +variable "cluster_options_add_ons_is_tiller_enabled" { + default = true +} +variable "secrets_encryption_key_ocid" { + default = null +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/kube_config.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/kube_config.tf new file mode 100755 index 000000000..1efca602f --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/kube_config.tf @@ -0,0 +1,23 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "cluster_kube_config_expiration" { + default = 2592000 +} + +variable "cluster_kube_config_token_version" { + default = "2.0.0" +} + +data "oci_containerengine_cluster_kube_config" "cluster_kube_config" { + #Required + cluster_id = oci_containerengine_cluster.cluster[0].id + + #Optional + expiration = var.cluster_kube_config_expiration + token_version = var.cluster_kube_config_token_version +} + +output "kube_config" { + value = data.oci_containerengine_cluster_kube_config.cluster_kube_config.content +} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/main.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/main.tf new file mode 100755 index 000000000..6b371db64 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/main.tf @@ -0,0 +1,57 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# Cluster dynamic group needed for nodes to apply the key access policy if it was defined. +resource "oci_identity_dynamic_group" "cluster_dynamic_group" { + count = var.secrets_encryption_key_ocid == null ? 0 : 1 + #Required + compartment_id = var.tenancy_ocid + description = "OKE Clusters" + matching_rule = "ALL {resource.type = 'cluster', resource.compartment.id = '${var.compartment_ocid}'}" + name = "oke_${md5(var.compartment_ocid)}" +} + +# Cluster dynamic group policy needed for nodes to access the encryption key if it was defined +resource "oci_identity_policy" "k8s_secrets_policy" { + count = var.secrets_encryption_key_ocid == null ? 0 : 1 + depends_on = [oci_identity_dynamic_group.cluster_dynamic_group] + #Required + compartment_id = var.tenancy_ocid + description = "OKE Secrets encryption policies" + name = "OKE_Secrets" + statements = [ + "Allow dynamic-group oke_${md5(var.compartment_ocid)} to use keys in tenancy where target.key.id = '${var.secrets_encryption_key_ocid}'", + "Allow service oke to use keys in tenancy where target.key.id = '${var.secrets_encryption_key_ocid}'" + ] +} + + +resource "oci_containerengine_cluster" "cluster" { + count = var.provision_cluster ? 1 : 0 + + depends_on = [oci_identity_policy.k8s_secrets_policy] + #Required + compartment_id = var.compartment_ocid + kubernetes_version = var.oke_cluster["k8s_version"] + name = var.cluster_name + vcn_id = var.vcn_id + kms_key_id = var.secrets_encryption_key_ocid + + #Optional + options { + service_lb_subnet_ids = var.cluster_lb_subnet_ids + + #Optional + add_ons { + #Optional + is_kubernetes_dashboard_enabled = var.cluster_options_add_ons_is_kubernetes_dashboard_enabled + is_tiller_enabled = var.cluster_options_add_ons_is_tiller_enabled + } + + kubernetes_network_config { + #Optional + pods_cidr = var.oke_cluster["pods_cidr"] + services_cidr = var.oke_cluster["services_cidr"] + } + } +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/outputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/outputs.tf new file mode 100755 index 000000000..814cdb015 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/k8s/outputs.tf @@ -0,0 +1,10 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +output "cluster" { + value = var.provision_cluster ? { + id = oci_containerengine_cluster.cluster[0].id + kubernetes_version = oci_containerengine_cluster.cluster[0].kubernetes_version + name = oci_containerengine_cluster.cluster[0].name + } : {} +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/node_pool/datasources.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/node_pool/datasources.tf new file mode 100755 index 000000000..836dc5a76 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/node_pool/datasources.tf @@ -0,0 +1,27 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +data "oci_containerengine_node_pool_option" "node_pool_options" { + node_pool_option_id = var.cluster_id +} + +data "oci_core_images" "compatible_images" { + count = length(var.node_pools) + compartment_id = var.compartment_ocid + shape = var.node_pools[count.index].node_shape + state = "AVAILABLE" + sort_by = "TIMECREATED" + sort_order = "DESC" +} + +data "oci_identity_availability_domains" "ads" { + compartment_id = var.compartment_ocid +} + +locals { + node_pool_images = [for i in data.oci_core_images.compatible_images[*].images[*].id : [for x in data.oci_containerengine_node_pool_option.node_pool_options.sources : x if contains(i, x.image_id)]] +} + +output "images" { + value = data.oci_core_images.compatible_images[*].images[*].id +} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/node_pool/inputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/node_pool/inputs.tf new file mode 100755 index 000000000..3a8e567e1 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/node_pool/inputs.tf @@ -0,0 +1,10 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "compartment_ocid" {} +variable "cluster_id" {} +variable "ssh_authorized_key" {} +variable "kubernetes_version" {} +variable "node_pools" {} +variable "nodes_subnet_id" {} +variable "provision_node_pool" {} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/node_pool/main.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/node_pool/main.tf new file mode 100755 index 000000000..92e8d3103 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/node_pool/main.tf @@ -0,0 +1,49 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +resource "oci_containerengine_node_pool" "node_pool" { + count = var.provision_node_pool ? length(var.node_pools) : 0 + + #Required + cluster_id = var.cluster_id + compartment_id = var.compartment_ocid + kubernetes_version = var.kubernetes_version + name = var.node_pools[count.index]["pool_name"] + node_shape = var.node_pools[count.index]["node_shape"] + + #Optional + dynamic "initial_node_labels" { + for_each = var.node_pools[count.index]["node_labels"] + content { + key = initial_node_labels.key + value = initial_node_labels.value + } + } + + node_source_details { + #Required + image_id = local.node_pool_images[count.index].0.image_id + source_type = local.node_pool_images[count.index].0.source_type + } + + node_config_details { + dynamic "placement_configs" { + for_each = [for ad in data.oci_identity_availability_domains.ads.availability_domains : { + name = ad.name + }] + content { + subnet_id = var.nodes_subnet_id + availability_domain = placement_configs.value.name + } + } + size = var.node_pools[count.index]["node_count"] + } + ssh_public_key = var.ssh_authorized_key + + provisioner "local-exec" { + command = "sleep 5" + when = destroy + } +} + + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/LICENSE b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/LICENSE new file mode 100755 index 000000000..8eefc2202 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2022, Oracle and/or its affiliates. + +Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +Subject to the condition set forth below, permission is hereby granted to any person obtaining a copy of this +software, associated documentation and/or data (collectively the "Software"), free of charge and under any and +all copyright rights in the Software, and any and all patent rights owned or freely licensable by each licensor +hereunder covering either (i) the unmodified Software as contributed to or provided by such licensor, or +(ii) the Larger Works (as defined below), to deal in both + +(a) the Software, and +(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if one is included with the Software +(each a “Larger Work” to which the Software is contributed by such licensors), + +without restriction, including without limitation the rights to copy, create derivative works of, display, +perform, and distribute the Software and make, use, sell, offer for sale, import, export, have made, and have +sold the Software and the Larger Work(s), and to sublicense the foregoing rights on either these or other terms. + +This license is subject to the following condition: +The above copyright notice and either this complete permission notice or at a minimum a reference to the UPL must +be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO +THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF +CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +IN THE SOFTWARE. diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/README.md b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/README.md new file mode 100755 index 000000000..31d23afe6 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/README.md @@ -0,0 +1,68 @@ +# oci-adb + +These is Terraform module that deploys [Autonomous Database (ADB)](https://docs.oracle.com/en-us/iaas/Content/Database/Concepts/adboverview.htm) on [Oracle Cloud Infrastructure (OCI)](https://cloud.oracle.com/en_US/cloud-infrastructure). + +## About +Oracle Cloud Infrastructure's Autonomous Database is a fully managed, preconfigured database environment with four workload types available, which are: Autonomous Transaction Processing, Autonomous Data Warehouse, Oracle APEX Application Development, and Autonomous JSON Database. + +## Prerequisites +1. Download and install Terraform (v1.0 or later) +2. Download and install the OCI Terraform Provider (v4.4.0 or later) +3. Export OCI credentials. (this refer to the https://github.com/oracle/terraform-provider-oci ) + + +## What's a Module? +A Module is a canonical, reusable, best-practices definition for how to run a single piece of infrastructure, such as a database or server cluster. Each Module is created using Terraform, and includes automated tests, examples, and documentation. It is maintained both by the open source community and companies that provide commercial support. +Instead of figuring out the details of how to run a piece of infrastructure from scratch, you can reuse existing code that has been proven in production. And instead of maintaining all that infrastructure code yourself, you can leverage the work of the Module community to pick up infrastructure improvements through a version number bump. + +## How to use this Module +This Module has the following folder structure: +* [root](): This folder contains a root module. +* [examples](examples): This folder contains examples of how to use the module: + - [Fully Private ADB + network deployed by module](examples/adb-fully-private-no-existing-network): This is an example of how to use the oci-adb module to deploy Autonomous Transation Processing Database (ATP) with Private Endpoint support with network cloud infrastrucutre elements deployed within the body of the module. + - [Fully Private ADB + custom network injected into module](examples/adb-fully-private-use-existing-network): This is an example of how to use the oci-adb module to deploy Autonomous Data Warehouse Database (ADW) with Private Endpoint support but network cloud infrastrucutre elements will be injected into the module. + - [Fully Public ADB](examples/adb-fully-public): This is an example of how to use the oci-adb module to deploy Autonomous JSON Database (AJD) without Private Endpoint support (exposed to the public Internet). + +To deploy OKE using this Module with minimal effort use this: + +```hcl +module "oci-adb" { + source = "github.com/oci-quickstart/oci-adb" + compartment_ocid = var.compartment_ocid + adb_password = var.adb_password + adb_database_db_workload = var.adb_database_db_workload + use_existing_vcn = true + vcn = var.vcn_id + adb_subnet_id = var.adb_subnet_id +} + +``` + +Argument | Description +--- | --- +compartment_ocid | Compartment's OCID where OKE will be created +use_existing_vcn | If you want to inject already exisitng VCN then you need to set the value to TRUE. +vcn_cidr | If use_existing_vcn is set to FALSE then you can define VCN CIDR block and then it will used to create VCN within the module. +vcn_id | If use_existing_vcn is set to TRUE then you can pass VCN OCID and module will use it to create Private Endpoint for ADB. +node_subnet_id | If use_existing_vcn is set to TRUE then you can pass Subnet OCID and module will use it to nest ADB with Private Endpoint. +adb_subnet_cidr | If use_existing_vcn is set to FALSE then you can define ADB Subnet CIDR block and then it will used to nest ADB with Private Endpoint. +adb_nsg_id | If use_existing_vcn is set to TRUE then you can pass Network Security Group OCID and module will use it to nest ADB with Private Endpoint. +adb_free_tier | If you want to use Free Tier then you need to set the value to TRUE. +adb_private_endpoint | If you want to use Autonomous Database Private Endpoint then you need to set the value to TRUE (default value). +whitelisted_ips | If adb_private_endpoint is set to FALSE then you can define whitelisted IP Addresses in the Internet to access publicly exposed Autonomous Database. +is_data_guard_enabled | Enanle or disable ADB Data Guard +is_auto_scaling_enabled | Enable or disable ADB Autoscaling. +adb_private_endpoint_label | If adb_private_endpoint is set to TRUE then you can define Private Endpoint Label. +adb_database_cpu_core_count | Define how many OCPUs shoule be used by Autonomous Database +adb_database_data_storage_size_in_tbs | Define in terabytes what will be the size of Autonomous Database +adb_database_display_name | Define the database display name of your Autonomous Database +adb_database_db_name | Define the database name of your Autonomous Database +adb_database_db_version | Define the version of your Autonomous Database +adb_db_workload | Define the workload type of your Autonomous Database: {OLTP, DW, AJD, APEX} +adb_database_license_model | Define the license model for your Autonomous Database: {LICENSE_INCLUDED, BRING_YOUR_OWN_LICENSE} +adb_data_safe_status | Define the status of DataSafe for your Autonomous Database +adb_database_defined_tags_value | Define values for the defined tags associated with your Autonomous Database +adb_database_freeform_tags | Define values for the freeform tags associated with your Autonomous Database +adb_tde_wallet_zip_file | Define TDE wallet zip file name of your Autonomous Database + + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/adb.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/adb.tf new file mode 100755 index 000000000..9903f6ff7 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/adb.tf @@ -0,0 +1,49 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +locals { + adb_nsg_id = (!var.use_existing_vcn && var.adb_private_endpoint) ? oci_core_network_security_group.adb_nsg[0].id : var.adb_nsg_id + adb_subnet_id = (!var.use_existing_vcn && var.adb_private_endpoint) ? oci_core_subnet.adb_subnet[0].id : var.adb_subnet_id +} + +resource "oci_database_autonomous_database" "adb_database" { + count = var.provision_adb ? 1 : 0 + admin_password = var.adb_password + compartment_id = var.compartment_ocid + cpu_core_count = var.adb_database_cpu_core_count + data_storage_size_in_tbs = var.adb_database_data_storage_size_in_tbs + db_name = var.adb_database_db_name + db_version = var.adb_database_db_version + data_safe_status = var.adb_data_safe_status + db_workload = var.adb_database_db_workload + display_name = var.adb_database_display_name + freeform_tags = var.adb_database_freeform_tags + license_model = var.adb_database_license_model + is_free_tier = var.adb_free_tier + is_data_guard_enabled = var.is_data_guard_enabled + is_auto_scaling_enabled = var.is_auto_scaling_enabled + #is_access_control_enabled = var.adb_private_endpoint ? false : true + whitelisted_ips = var.adb_private_endpoint ? null : var.whitelisted_ips + nsg_ids = var.adb_private_endpoint ? [local.adb_nsg_id] : null + private_endpoint_label = var.adb_private_endpoint ? var.adb_private_endpoint_label : null + subnet_id = var.adb_private_endpoint ? local.adb_subnet_id : null + defined_tags = var.defined_tags + lifecycle { + ignore_changes = [defined_tags["Oracle-Tags.CreatedBy"], defined_tags["Oracle-Tags.CreatedOn"]] + } +} + +resource "random_password" "wallet_password" { + count = var.provision_adb ? 1 : 0 + length = var.adb_wallet_password_length + special = var.adb_wallet_password_specials + min_numeric = var.adb_wallet_password_min_numeric + override_special = var.adb_wallet_password_override_special +} + +resource "oci_database_autonomous_database_wallet" "adb_database_wallet" { + count = var.provision_adb ? 1 : 0 + autonomous_database_id = oci_database_autonomous_database.adb_database[0].id + password = random_password.wallet_password[0].result + base64_encode_content = "true" +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/datasources.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/datasources.tf new file mode 100755 index 000000000..119a37418 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/datasources.tf @@ -0,0 +1,11 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +data "oci_core_services" "AllOCIServices" { + count = (!var.use_existing_vcn && var.adb_private_endpoint) ? 1 : 0 + filter { + name = "name" + values = ["All .* Services In Oracle Services Network"] + regex = true + } +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/network.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/network.tf new file mode 100755 index 000000000..ce483e562 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/network.tf @@ -0,0 +1,98 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +resource "oci_core_vcn" "adb_vcn" { + count = (!var.use_existing_vcn && var.adb_private_endpoint) ? 1 : 0 + cidr_block = var.vcn_cidr + compartment_id = var.compartment_ocid + display_name = "adb_vcn" + dns_label = "adbvcn" + defined_tags = var.defined_tags +} + +resource "oci_core_service_gateway" "adb_sg" { + count = (!var.use_existing_vcn && var.adb_private_endpoint) ? 1 : 0 + compartment_id = var.compartment_ocid + display_name = "adb_sg" + vcn_id = oci_core_vcn.adb_vcn[0].id + services { + service_id = lookup(data.oci_core_services.AllOCIServices[0].services[0], "id") + } + defined_tags = var.defined_tags +} + +resource "oci_core_nat_gateway" "adb_natgw" { + count = (!var.use_existing_vcn && var.adb_private_endpoint) ? 1 : 0 + compartment_id = var.compartment_ocid + display_name = "adb_natgw" + vcn_id = oci_core_vcn.adb_vcn[0].id + defined_tags = var.defined_tags +} + +resource "oci_core_route_table" "adb_rt_via_natgw_and_sg" { + count = (!var.use_existing_vcn && var.adb_private_endpoint) ? 1 : 0 + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.adb_vcn[0].id + display_name = "adb_rt_via_natgw" + defined_tags = var.defined_tags + + route_rules { + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + network_entity_id = oci_core_nat_gateway.adb_natgw[0].id + } + + route_rules { + destination = lookup(data.oci_core_services.AllOCIServices[0].services[0], "cidr_block") + destination_type = "SERVICE_CIDR_BLOCK" + network_entity_id = oci_core_service_gateway.adb_sg[0].id + } +} + +resource "oci_core_network_security_group" "adb_nsg" { + count = (!var.use_existing_vcn && var.adb_private_endpoint) ? 1 : 0 + compartment_id = var.compartment_ocid + display_name = "adb_nsg" + vcn_id = oci_core_vcn.adb_vcn[0].id + defined_tags = var.defined_tags +} + +resource "oci_core_network_security_group_security_rule" "adb_nsg_egress_group_sec_rule" { + count = (!var.use_existing_vcn && var.adb_private_endpoint) ? 1 : 0 + network_security_group_id = oci_core_network_security_group.adb_nsg[0].id + direction = "EGRESS" + protocol = "6" + destination = var.vcn_cidr + destination_type = "CIDR_BLOCK" +} + +resource "oci_core_network_security_group_security_rule" "adb_nsg_ingress_group_sec_rule" { + count = (!var.use_existing_vcn && var.adb_private_endpoint) ? 1 : 0 + network_security_group_id = oci_core_network_security_group.adb_nsg[0].id + direction = "INGRESS" + protocol = "6" + source = var.vcn_cidr + source_type = "CIDR_BLOCK" + tcp_options { + destination_port_range { + max = 1522 + min = 1522 + } + } +} + +resource "oci_core_subnet" "adb_subnet" { + count = (!var.use_existing_vcn && var.adb_private_endpoint) ? 1 : 0 + cidr_block = var.adb_subnet_cidr + compartment_id = var.compartment_ocid + vcn_id = oci_core_vcn.adb_vcn[0].id + display_name = "adb_subnet" + dns_label = "adbnet" + security_list_ids = [oci_core_vcn.adb_vcn[0].default_security_list_id] + route_table_id = oci_core_route_table.adb_rt_via_natgw_and_sg[0].id + prohibit_public_ip_on_vnic = true + defined_tags = var.defined_tags +} + + + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/outputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/outputs.tf new file mode 100755 index 000000000..2fc138e80 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/outputs.tf @@ -0,0 +1,14 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +output "adb_database" { + value = { + adb_database_id = var.provision_adb ? oci_database_autonomous_database.adb_database[0].id : "" + connection_urls = var.provision_adb ? oci_database_autonomous_database.adb_database[0].connection_urls : "" + adb_wallet_content = var.provision_adb ? oci_database_autonomous_database_wallet.adb_database_wallet[0].content : "" + adb_nsg_id = (!var.use_existing_vcn && var.adb_private_endpoint) ? oci_core_network_security_group.adb_nsg[0].id : var.adb_nsg_id + } +} + + + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/variables.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/variables.tf new file mode 100755 index 000000000..c51677a84 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/oci-adb/variables.tf @@ -0,0 +1,124 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "compartment_ocid" { + default = "" +} + +variable "provision_adb" {} + +variable "adb_password" {} + +variable "use_existing_vcn" { + default = true +} + +variable "vcn_cidr" { + default = "10.0.0.0/16" +} + +variable "vcn_id" { + default = "" +} + +variable "adb_subnet_cidr" { + default = "10.0.1.0/24" +} + +variable "adb_subnet_id" { + default = "" +} + +variable "adb_nsg_id" { + default = "" +} + +variable "adb_free_tier" { + default = false +} + +variable "adb_private_endpoint" { + default = true +} + +variable "adb_database_cpu_core_count" { + default = 1 +} + +variable "adb_database_data_storage_size_in_tbs" { + default = 1 +} + +variable "adb_database_db_name" { + default = "ociadb" +} + +variable "adb_database_db_version" { + default = "19c" +} + +variable "adb_database_db_workload" { + default = "OLTP" +} + +variable "adb_data_safe_status" { + default = "NOT_REGISTERED" +} + +variable "adb_database_defined_tags_value" { + default = "" +} + +variable "adb_database_display_name" { + default = "ADB" +} + +variable "adb_database_freeform_tags" { + default = { + "Owner" = "ADB" + } +} + +variable "adb_database_license_model" { + default = "LICENSE_INCLUDED" +} + +variable "adb_tde_wallet_zip_file" { + default = "tde_wallet_adb1.zip" +} + +variable "adb_private_endpoint_label" { + default = "adbprivendpoint" +} + +variable "whitelisted_ips" { + default = [""] +} + +variable "is_data_guard_enabled" { + default = false +} + +variable "is_auto_scaling_enabled" { + default = false +} + +variable "adb_wallet_password_specials" { + default = true +} + +variable "adb_wallet_password_length" { + default = 16 +} + +variable "adb_wallet_password_min_numeric" { + default = 2 +} + +variable "adb_wallet_password_override_special" { + default = "" +} + +variable "defined_tags" { + default = {} +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/datasources.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/datasources.tf new file mode 100755 index 000000000..bbce22297 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/datasources.tf @@ -0,0 +1,8 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# Get list of availability domains + +data "oci_identity_availability_domains" "ads" { + compartment_id = var.compartment_ocid +} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/inputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/inputs.tf new file mode 100755 index 000000000..f190b4512 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/inputs.tf @@ -0,0 +1,12 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# Variables passed into vcn module + +variable "compartment_ocid" {} + +variable "vcn_cidr" { + default = "10.0.0.0/16" +} +variable "oke_cluster" {} +variable "provision_database" {} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/main.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/main.tf new file mode 100755 index 000000000..463b7f91c --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/main.tf @@ -0,0 +1,329 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# Create VCN + +resource "oci_core_virtual_network" "vcn" { + cidr_block = var.vcn_cidr + compartment_id = var.compartment_ocid + display_name = "oke-vcn" + dns_label = "oke" +} + +# Create internet gateway to allow public internet traffic from load balancer subnet + +resource "oci_core_internet_gateway" "igw" { + compartment_id = var.compartment_ocid + display_name = "internet-gateway" + vcn_id = oci_core_virtual_network.vcn.id +} + +resource "oci_core_nat_gateway" "natgw" { + compartment_id = var.compartment_ocid + display_name = "nat-gateway" + vcn_id = oci_core_virtual_network.vcn.id +} + +# Create route table to connect public subnet to internet gateway + +resource "oci_core_route_table" "public_rt" { + compartment_id = var.compartment_ocid + vcn_id = oci_core_virtual_network.vcn.id + display_name = "public-subnet-rt-table" + route_rules { + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + network_entity_id = oci_core_internet_gateway.igw.id + } +} + +# Create private subnert Route table to connect to NAT gateway + +resource "oci_core_route_table" "private_rt" { + compartment_id = var.compartment_ocid + vcn_id = oci_core_virtual_network.vcn.id + display_name = "private-subnet-rt-table" + route_rules { + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + network_entity_id = oci_core_nat_gateway.natgw.id + } +} + +# Create security list for public subnet for the load balancers + +resource "oci_core_security_list" "lb_sl" { + compartment_id = var.compartment_ocid + display_name = "lb-security-list" + vcn_id = oci_core_virtual_network.vcn.id + + egress_security_rules { + destination = "0.0.0.0/0" + protocol = "6" + stateless = true + } + + ingress_security_rules { + + protocol = "6" + source = "0.0.0.0/0" + stateless = true + } +} + +# Create securty list for the nodes private subnet + +resource "oci_core_security_list" "node_sl" { + compartment_id = var.compartment_ocid + display_name = "nodes-security-list" + vcn_id = oci_core_virtual_network.vcn.id + + # tcp to anywhere + egress_security_rules { + destination = "0.0.0.0/0" + protocol = "6" + stateless = false + } + + # any traffic to cluster Pods subnet + egress_security_rules { + protocol = "all" + destination = cidrsubnet(var.vcn_cidr, 8, 10) + stateless = true + } + + # any traffic to cluster Services subnet + egress_security_rules { + protocol = "all" + destination = cidrsubnet(var.vcn_cidr, 8, 20) + stateless = true + } + + # all traffic from cluster Pods subnet + ingress_security_rules { + protocol = "all" + source = cidrsubnet(var.vcn_cidr, 8, 10) + stateless = true + } + + # all traffic from cluster Services subnet + ingress_security_rules { + protocol = "all" + source = cidrsubnet(var.vcn_cidr, 8, 20) + stateless = true + } + + # SSH traffic to nodes subnet + ingress_security_rules { + protocol = "6" + source = "0.0.0.0/0" + stateless = false + tcp_options { + max = 22 + min = 22 + } + } + + # DNS traffic from anywhere + ingress_security_rules { + protocol = "17" + source = "0.0.0.0/0" + stateless = false + udp_options { + max = 53 + min = 53 + } + } + + ingress_security_rules { + + protocol = "6" + source = "0.0.0.0/0" + stateless = false + tcp_options { + min = 30000 + max = 32767 + } + } + + ingress_security_rules { + + protocol = 1 + source = "0.0.0.0/0" + stateless = false + + icmp_options { + type = 3 + code = 4 + } + } + + # File Storage ports + # TCP 111 + ingress_security_rules { + + protocol = "6" + source = var.vcn_cidr + stateless = false + tcp_options { + min = 111 + max = 111 + } + } + + # TCP 2048-50 + ingress_security_rules { + + protocol = "6" + source = var.vcn_cidr + stateless = false + tcp_options { + min = 2048 + max = 2050 + } + } + + + # UDP 111 + ingress_security_rules { + + protocol = "17" + source = var.vcn_cidr + stateless = false + udp_options { + min = 111 + max = 111 + } + } + + # UDP 2048 + ingress_security_rules { + + protocol = "17" + source = var.vcn_cidr + stateless = false + udp_options { + min = 2048 + max = 2048 + } + } + + # UDP 111 + egress_security_rules { + + protocol = "17" + destination = var.vcn_cidr + stateless = false + udp_options { + min = 111 + max = 111 + } + } + + # TCP 2048-2050 + egress_security_rules { + + protocol = "6" + destination = var.vcn_cidr + stateless = false + tcp_options { + min = 2048 + max = 2050 + } + } + + # TCP 111 + egress_security_rules { + + protocol = "6" + destination = var.vcn_cidr + stateless = false + tcp_options { + min = 111 + max = 111 + } + } + +} + +# Create securty list for the database subnet + +resource "oci_core_security_list" "database_sl" { + count = var.provision_database ? 1 : 0 + compartment_id = var.compartment_ocid + display_name = "database-security-list" + vcn_id = oci_core_virtual_network.vcn.id + + # TCP traffic from cluster Pods subnet + ingress_security_rules { + protocol = "6" + source = cidrsubnet(var.vcn_cidr, 8, 10) + stateless = false + tcp_options { + max = 1521 + min = 1521 + } + } +} + +# Create regional subnets in vcn + +resource "oci_core_subnet" "cluster_lb_subnet" { + cidr_block = cidrsubnet(var.vcn_cidr, 8, 20) + display_name = "lb-public-subnet" + compartment_id = var.compartment_ocid + vcn_id = oci_core_virtual_network.vcn.id + dhcp_options_id = oci_core_virtual_network.vcn.default_dhcp_options_id + route_table_id = oci_core_route_table.public_rt.id + security_list_ids = [oci_core_security_list.lb_sl.id] + dns_label = "lb" + + provisioner "local-exec" { + command = "sleep 5" + } + provisioner "local-exec" { + when = destroy + command = "sleep 5" + } +} + +resource "oci_core_subnet" "cluster_nodes_subnet" { + cidr_block = cidrsubnet(var.vcn_cidr, 8, 10) + display_name = "nodes-private-subnet" + compartment_id = var.compartment_ocid + vcn_id = oci_core_virtual_network.vcn.id + dhcp_options_id = oci_core_virtual_network.vcn.default_dhcp_options_id + route_table_id = oci_core_route_table.private_rt.id + security_list_ids = [oci_core_security_list.node_sl.id] + prohibit_public_ip_on_vnic = true + dns_label = "nodes" + + provisioner "local-exec" { + command = "sleep 5" + } + provisioner "local-exec" { + when = destroy + command = "sleep 5" + } +} + +resource "oci_core_subnet" "database_subnet" { + count = var.provision_database ? 1 : 0 + cidr_block = cidrsubnet(var.vcn_cidr, 8, 30) + display_name = "db-private-subnet" + compartment_id = var.compartment_ocid + vcn_id = oci_core_virtual_network.vcn.id + dhcp_options_id = oci_core_virtual_network.vcn.default_dhcp_options_id + route_table_id = oci_core_route_table.private_rt.id + security_list_ids = [oci_core_security_list.database_sl.0.id] + prohibit_public_ip_on_vnic = true + dns_label = "db" + + provisioner "local-exec" { + command = "sleep 5" + } + provisioner "local-exec" { + when = destroy + command = "sleep 5" + } +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/outputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/outputs.tf new file mode 100755 index 000000000..1399efd42 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/modules/vcn/outputs.tf @@ -0,0 +1,25 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# Output variables from created vcn + +output "vcn_id" { + value = oci_core_virtual_network.vcn.id +} + +output "cluster_lb_subnet_id" { + value = oci_core_subnet.cluster_lb_subnet.id +} + +output "cluster_nodes_subnet_id" { + value = oci_core_subnet.cluster_nodes_subnet.id +} + +output "cluster_nodes_subnet_cidr" { + value = oci_core_subnet.cluster_nodes_subnet.cidr_block +} + +output "database_subnet_id" { + value = var.provision_database ? oci_core_subnet.database_subnet.0.id : "" +} + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/outputs.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/outputs.tf new file mode 100755 index 000000000..fe6a3de0e --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/outputs.tf @@ -0,0 +1,40 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +output "kube_config" { + value = module.cluster.kube_config +} + +# output "images" { +# value = module.node_pools.images +# } + +output "jdbc_connection_url" { + value = module.database.jdbc_connection_url +} + +output "nfs_server_ip" { + value = module.fss.server_ip +} + +output "nfs_path" { + value = module.fss.path +} + + +resource "local_file" "helm_values" { + filename = "./fromtf.auto.yaml" + content = templatefile("./templates/helm.values.tpl", { + sites_domain_name = var.sites_domain_name + sites_domain_type = var.sites_domain_type + sites_domain_secret = "${var.sites_domain_name}-domain-credentials" + rcu_prefix = var.rcu_prefix + rcu_secret = "${var.sites_domain_name}-rcu-credentials" + db_secret = "${var.sites_domain_name}-db-credentials" + jdbc_connection_url = var.jdbc_connection_url != null ? var.jdbc_connection_url : module.database.jdbc_connection_url + nfs_server_ip = module.fss.server_ip + path = module.fss.path + sites_dns_name = var.sites_dns_name + container_registry_image = var.container_registry_image + }) +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/provider.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/provider.tf new file mode 100755 index 000000000..174aa4b34 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/provider.tf @@ -0,0 +1,17 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +terraform { + required_version = ">= 0.14.0" + required_providers { + oci = { + version = ">= 4.27.0" + } + } +} + +provider "oci" { + region = var.region + disable_auto_retries = "true" + config_file_profile = "DEFAULT" +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/provisioners.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/provisioners.tf new file mode 100755 index 000000000..a97259fa9 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/provisioners.tf @@ -0,0 +1,341 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +# Configure the cluster with kube-config + +resource "null_resource" "cluster_kube_config" { + + count = var.provision_cluster ? 1 : 0 + + depends_on = [module.node_pools, module.cluster] + + provisioner "local-exec" { + command = templatefile("./templates/cluster-kube-config.tpl", + { + cluster_id = module.cluster.cluster.id + region = var.region + }) + } + provisioner "local-exec" { + when = destroy + command = "kubectl delete all --all --force" + on_failure = continue + } +} + +# Create the cluster-admin user to use with the kubernetes dashboard + +resource "null_resource" "oke_admin_service_account" { + count = var.provision_cluster && var.oke_cluster["cluster_options_add_ons_is_kubernetes_dashboard_enabled"] ? 1 : 0 + + depends_on = [null_resource.cluster_kube_config] + + provisioner "local-exec" { + command = "kubectl create -f ./templates/oke-admin.ServiceAccount.yaml" + } + provisioner "local-exec" { + when = destroy + command = "kubectl delete ServiceAccount oke-admin -n kube-system" + on_failure = continue + } +} + +# Create the namespace for the WebLogic Operator + +resource "null_resource" "create_wls_operator_namespace" { + count = var.provision_weblogic_operator ? 1 : 0 + + depends_on = [null_resource.cluster_kube_config] + + triggers = { + weblogic_operator_namespace = var.weblogic_operator_namespace + } + + provisioner "local-exec" { + command = "kubectl create namespace ${var.weblogic_operator_namespace}" + } + provisioner "local-exec" { + when = destroy + command = "kubectl delete all -n ${self.triggers.weblogic_operator_namespace} --force && kubectl delete namespace ${self.triggers.weblogic_operator_namespace}" + on_failure = continue + } +} + +# Create the namespace for the Sites deployment +resource "null_resource" "create_sites_namespace" { + depends_on = [null_resource.cluster_kube_config] + + triggers = { + sites_kubernetes_namespace = var.sites_kubernetes_namespace + } + + provisioner "local-exec" { + command = "kubectl create namespace ${var.sites_kubernetes_namespace}" + } + provisioner "local-exec" { + when = destroy + command = "kubectl delete all -n ${self.triggers.sites_kubernetes_namespace} --force && kubectl delete namespace ${self.triggers.sites_kubernetes_namespace}" + on_failure = continue + } +} + +# Create the user secret to use to pull docker images from Oracle Container Registry + +resource "null_resource" "docker_registry" { + + depends_on = [null_resource.cluster_kube_config, null_resource.create_sites_namespace] + + triggers = { + sites_kubernetes_namespace = var.sites_kubernetes_namespace + } + + provisioner "local-exec" { + command = templatefile("./templates/docker-registry-secret.tpl", + { + username = var.container_registry_username + email = var.container_registry_email + password = var.container_registry_password + namespace = var.sites_kubernetes_namespace + repository = var.container_registry + }) + } + provisioner "local-exec" { + when = destroy + command = "kubectl delete secret image-secret -n ${self.triggers.sites_kubernetes_namespace}" + on_failure = continue + } +} + +# Create the namespace for the Traefik deployment +resource "null_resource" "create_traefik_namespace" { + + count = var.provision_traefik ? 1 : 0 + + depends_on = [null_resource.cluster_kube_config] + + triggers = { + ingress_namespace = var.ingress_controller_namespace + } + + provisioner "local-exec" { + command = "if [[ ! $(kubectl get ns ${var.ingress_controller_namespace}) ]]; then kubectl create namespace ${var.ingress_controller_namespace}; fi" + } + provisioner "local-exec" { + when = destroy + command = "kubectl delete namespace ${self.triggers.ingress_namespace}" + on_failure = continue + } +} + +# Deploy the Kubernetes Operator helm chart + +resource "null_resource" "deploy_wls_operator" { + + count = var.provision_weblogic_operator ? 1 : 0 + + depends_on = [null_resource.create_wls_operator_namespace, null_resource.create_sites_namespace] + + triggers = { + weblogic_operator_namespace = var.weblogic_operator_namespace + sites_namespace = var.sites_kubernetes_namespace + } + + provisioner "local-exec" { + command = templatefile("./templates/deploy-weblogic-operator.tpl", { + weblogic_operator_namespace = var.weblogic_operator_namespace + sites_namespace = var.sites_kubernetes_namespace + }) + } + provisioner "local-exec" { + when = destroy + command = "helm delete weblogic-operator --namespace ${self.triggers.weblogic_operator_namespace} && kubectl delete crds domains.weblogic.oracle" + on_failure = continue + } +} + +# Deploy the Traefik helm chart + +resource "null_resource" "deploy_traefik" { + count = var.provision_traefik ? 1 : 0 + + depends_on = [null_resource.create_traefik_namespace, null_resource.create_sites_namespace] + + triggers = { + ingress_namespace = var.ingress_controller_namespace + sites_namespace = var.sites_kubernetes_namespace + } + + provisioner "local-exec" { + command = templatefile("./templates/deploy-traefik.tpl", { + ingress_namespace = var.ingress_controller_namespace + sites_namespace = var.sites_kubernetes_namespace + }) + } + provisioner "local-exec" { + when = destroy + command = "helm delete traefik --namespace ${self.triggers.ingress_namespace}" + on_failure = continue + } +} + +# Update ingress hostname in fromtf.auto.yaml + +resource "null_resource" "get_ingress_hostname" { + count = var.provision_traefik ? 1 : 0 + + depends_on = [null_resource.create_traefik_namespace, null_resource.create_sites_namespace, null_resource.deploy_traefik] + + triggers = { + ingress_namespace = var.ingress_controller_namespace + } + + provisioner "local-exec" { + command = templatefile("./templates/ingress-hostname.tpl", { + ingress_namespace = var.ingress_controller_namespace + }) + } +} + +# Create secrets +resource "null_resource" "create_sites_domain_secret" { + count = var.provision_secrets ? 1 : 0 + + depends_on = [null_resource.create_sites_namespace] + + triggers = { + name = "${var.sites_domain_name}-domain-credentials" + namespace = var.sites_kubernetes_namespace + username = var.sites_domain_admin_username + password = var.sites_domain_admin_password + } + + provisioner "local-exec" { + command = templatefile("./templates/create_secret.tpl", { + name = "${var.sites_domain_name}-domain-credentials" + namespace = var.sites_kubernetes_namespace + username = var.sites_domain_admin_username + password = var.sites_domain_admin_password + }) + } + provisioner "local-exec" { + when = destroy + command = "kubectl delete secret ${self.triggers.name} --namespace ${self.triggers.namespace}" + on_failure = continue + } +} + +resource "null_resource" "create_rcu_secret" { + count = var.provision_secrets ? 1 : 0 + + depends_on = [null_resource.create_sites_namespace] + + triggers = { + name = "${var.sites_domain_name}-rcu-credentials" + namespace = var.sites_kubernetes_namespace + username = var.provision_adb ? var.adb_username : var.rcu_username + password = var.provision_adb ? var.adb_password : var.rcu_password + sys_username = var.provision_adb ? var.adb_username : var.db_sys_username + sys_password = var.provision_adb ? var.adb_password : var.db_sys_password + domainUID = var.sites_domain_name + } + + provisioner "local-exec" { + command = templatefile("./templates/create-rcu-credentials.tpl", { + name = "${var.sites_domain_name}-rcu-credentials" + namespace = var.sites_kubernetes_namespace + username = var.provision_adb ? var.adb_username : var.rcu_username + password = var.provision_adb ? var.adb_password : var.rcu_password + sys_username = var.provision_adb ? var.adb_username : var.db_sys_username + sys_password = var.provision_adb ? var.adb_password : var.db_sys_password + domainUID = var.sites_domain_name + }) + } + provisioner "local-exec" { + when = destroy + command = "kubectl delete secret ${self.triggers.name} --namespace ${self.triggers.namespace}" + on_failure = continue + } +} + +resource "null_resource" "create_db_secret" { + count = var.provision_secrets ? 1 : 0 + + depends_on = [null_resource.create_sites_namespace] + + triggers = { + name = "${var.sites_domain_name}-db-credentials" + namespace = var.sites_kubernetes_namespace + username = var.provision_adb ? var.adb_username : "SYS" + password = var.provision_adb ? var.adb_password : var.db_sys_password + } + + provisioner "local-exec" { + command = templatefile("./templates/create_secret.tpl", { + name = "${var.sites_domain_name}-db-credentials" + namespace = var.sites_kubernetes_namespace + username = var.provision_adb ? var.adb_username : "SYS" + password = var.provision_adb ? var.adb_password : var.db_sys_password + }) + } + provisioner "local-exec" { + when = destroy + command = "kubectl delete secret ${self.triggers.name} --namespace ${self.triggers.namespace}" + on_failure = continue + } +} + + +# Deploy the Sites Suite helm chart +resource "null_resource" "deploy_sites" { + count = var.provision_sites ? 1 : 0 + + depends_on = [ + null_resource.deploy_wls_operator, + null_resource.deploy_traefik, + null_resource.get_ingress_hostname, + module.database, + null_resource.docker_registry, + null_resource.create_db_secret, + null_resource.create_rcu_secret, + null_resource.create_sites_domain_secret, + local_file.helm_values + ] + + triggers = { + sites_domain_name = var.sites_domain_name + sites_domain_type = var.sites_domain_type + sites_namespace = var.sites_kubernetes_namespace + sites_domain_secret = "${var.sites_domain_name}-domain-credentials" + rcu_prefix = var.rcu_prefix + rcu_secret = "${var.sites_domain_name}-rcu-credentials" + db_secret = "${var.sites_domain_name}-db-credentials" + jdbc_connection_url = var.jdbc_connection_url != null ? var.jdbc_connection_url : var.provision_adb ? module.oci-adb.connection_urls : module.database.jdbc_connection_url + # db_sys_password = var.db_sys_password + nfs_server_ip = var.mount_target_ip !=null ? var.mount_target_ip : module.fss.server_ip + path = module.fss.path + } + + provisioner "local-exec" { + command = templatefile("./templates/deploy-sites.tpl", { + sites_domain_name = var.sites_domain_name + sites_domain_type = var.sites_domain_type + sites_namespace = var.sites_kubernetes_namespace + sites_domain_secret = "${var.sites_domain_name}-domain-credentials" + rcu_prefix = var.rcu_prefix + rcu_secret = "${var.sites_domain_name}-rcu-credentials" + db_secret = "${var.sites_domain_name}-db-credentials" + jdbc_connection_url = var.jdbc_connection_url != null ? var.jdbc_connection_url : var.provision_adb ? module.oci-adb.connection_urls : module.database.jdbc_connection_url + # db_sys_password = var.db_sys_password + nfs_server_ip = module.fss.server_ip + path = module.fss.path + }) + } + provisioner "local-exec" { + when = destroy + command = templatefile("./templates/undeploy-sites.tpl", { + sites_domain_name = self.triggers.sites_domain_name + sites_namespace = self.triggers.sites_namespace + }) + on_failure = continue + } +} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/cluster-kube-config.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/cluster-kube-config.tpl new file mode 100755 index 000000000..021ea8fcf --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/cluster-kube-config.tpl @@ -0,0 +1,5 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +mkdir -p $HOME/.kube/ +oci ce cluster create-kubeconfig --cluster-id ${cluster_id} --file $HOME/.kube/config --region ${region} --token-version 2.0.0 diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create-domain-credentials.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create-domain-credentials.tpl new file mode 100755 index 000000000..1c3a7631e --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create-domain-credentials.tpl @@ -0,0 +1,12 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +if [[ ! $(kubectl get secret ${name} -n ${namespace}) ]]; then + kubectl create secret generic ${name} -n ${namespace} \ + --from-literal=username=${username} \ + --from-literal=password='${password}' + + kubectl label secret ${name} -n ${namespace} \ + weblogic.domainUID=${domainUID} \ + weblogic.domainName=${domainName} +fi diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create-rcu-credentials.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create-rcu-credentials.tpl new file mode 100755 index 000000000..da31b24a6 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create-rcu-credentials.tpl @@ -0,0 +1,13 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +if [[ ! $(kubectl get secret ${name} -n ${namespace}) ]]; then + kubectl create secret generic ${name} -n ${namespace} \ + --from-literal=username=${username} \ + --from-literal=password='${password}' \ + --from-literal=sys_username=${sys_username} \ + --from-literal=sys_password='${sys_password}' +fi +if [[ $(kubectl get secret ${name} -n ${namespace}) ]]; then + kubectl label secret ${name} -n ${namespace} weblogic.domainUID=${domainUID} weblogic.domainName=${domainUID} +fi \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create_namespace.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create_namespace.tpl new file mode 100755 index 000000000..2624031f2 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create_namespace.tpl @@ -0,0 +1,6 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +if [[ ! $(kubectl get ns ${namespace}) ]]; then + kubectl create namespace ${namespace}; +fi \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create_secret.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create_secret.tpl new file mode 100755 index 000000000..98c6f3f9c --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/create_secret.tpl @@ -0,0 +1,8 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +if [[ ! $(kubectl get secret ${name} -n ${namespace}) ]]; then + kubectl create secret generic ${name} -n ${namespace} \ + --from-literal=username=${username} \ + --from-literal=password='${password}' +fi \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/delete_namespace.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/delete_namespace.tpl new file mode 100755 index 000000000..c97250d7f --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/delete_namespace.tpl @@ -0,0 +1,4 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +kubectl delete namespace ${namespace} --ignore-not-found=true \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/deploy-sites.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/deploy-sites.tpl new file mode 100755 index 000000000..6600b03e1 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/deploy-sites.tpl @@ -0,0 +1,12 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + + +helm install ${sites_domain_name} ./charts/wc-sites \ + -f fromtf.auto.yaml \ + --namespace ${sites_namespace} \ + --version 0.1.0 \ + --wait \ + --timeout 600s || exit 1 + +echo "Sites Domain is installed, please wait for all pods to be READY" diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/deploy-traefik.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/deploy-traefik.tpl new file mode 100755 index 000000000..c43dad984 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/deploy-traefik.tpl @@ -0,0 +1,20 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +CHART_VERSION=2.2.8 + +helm repo add traefik https://helm.traefik.io/traefik + +helm install traefik \ +traefik/traefik \ +--namespace ${ingress_namespace} \ +--set image.tag=2.2.8 \ +--set ports.traefik.expose=true \ +--set ports.web.exposedPort=30305 \ +--set ports.web.nodePort=30305 \ +--set ports.websecure.exposedPort=30443 \ +--set ports.websecure.nodePort=30443 \ +--set "kubernetes.namespaces={${ingress_namespace},${sites_namespace}}" \ +--wait + +echo "Traefik is installed and running" diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/deploy-weblogic-operator.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/deploy-weblogic-operator.tpl new file mode 100755 index 000000000..aebe55f42 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/deploy-weblogic-operator.tpl @@ -0,0 +1,32 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +if [[ ! $(kubectl get serviceaccount weblogic-operator -n ${weblogic_operator_namespace}) ]]; then + kubectl create serviceaccount -n ${weblogic_operator_namespace} weblogic-operator; +fi + +# wait for at least 1 node to be ready + +while [[ $(for i in $(kubectl get nodes -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}'); do if [[ "$i" == "True" ]]; then echo $i; fi; done | wc -l | tr -d " ") -lt 1 ]]; do + echo "waiting for at least 1 node to be ready..." && sleep 1; +done + +CHART_VERSION=3.1.4 + +helm repo add weblogic-operator https://oracle.github.io/weblogic-kubernetes-operator/charts --force-update + +helm install weblogic-operator weblogic-operator/weblogic-operator \ + --version $CHART_VERSION \ + --namespace ${weblogic_operator_namespace} \ + --set image=ghcr.io/oracle/weblogic-kubernetes-operator:$CHART_VERSION \ + --set serviceAccount=weblogic-operator \ + --set "domainNamespaces={${sites_namespace}}" \ + --wait \ + --timeout 600s || exit 1 + +while [[ ! $(kubectl get customresourcedefinition domains.weblogic.oracle -n ${weblogic_operator_namespace}) ]]; do + echo "Waiting for CRD to be created"; + sleep 1; +done + +echo "WebLogic Operator is installed and running" diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/docker-registry-secret.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/docker-registry-secret.tpl new file mode 100755 index 000000000..89331e8f8 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/docker-registry-secret.tpl @@ -0,0 +1,6 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl +if [[ ! $(kubectl get secret image-secret -n ${namespace}) ]]; then + kubectl create secret docker-registry image-secret -n ${namespace} --docker-server='${repository}' --docker-username='${username}' --docker-password='${password}' +fi + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/helm.values.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/helm.values.tpl new file mode 100755 index 000000000..029f1ad34 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/helm.values.tpl @@ -0,0 +1,34 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +imagePullSecrets: + - name: image-secret + +image: + name: ${container_registry_image} + +oracledb: + provision: false + credentials: + secretName: ${db_secret} + url: ${jdbc_connection_url} + +domain: + domainName: ${sites_domain_name} + type: ${sites_domain_type} + credentials: + secretName: ${sites_domain_secret} + rcuSchema: + prefix: ${rcu_prefix} + credentials: + secretName: ${rcu_secret} + storage: + path: ${path} + nfs: + server: ${nfs_server_ip} + +ingress: + type: traefik + tls: false + hostname: "" + dnsname: ${sites_dns_name} \ No newline at end of file diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/ingress-hostname.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/ingress-hostname.tpl new file mode 100755 index 000000000..62505b683 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/ingress-hostname.tpl @@ -0,0 +1,12 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +value=$(kubectl get svc traefik -n ${ingress_namespace} -o jsonpath="{.status.loadBalancer.ingress[*].ip}") +hostname=' hostname: "'$value'"' +echo "$hostname" + +line=$(grep -n 'hostname:' ./fromtf.auto.yaml | cut -d ':' -f1) + +sed -i "$line s/.*/$hostname/" ./fromtf.auto.yaml +echo "updated ingress hostname on fromtf.auto.yaml file" + diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/oke-admin.ServiceAccount.yaml b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/oke-admin.ServiceAccount.yaml new file mode 100755 index 000000000..dbaa95f24 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/oke-admin.ServiceAccount.yaml @@ -0,0 +1,21 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: oke-admin + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: oke-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: oke-admin + namespace: kube-system diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/undeploy-sites.tpl b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/undeploy-sites.tpl new file mode 100755 index 000000000..dd668039c --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/templates/undeploy-sites.tpl @@ -0,0 +1,9 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +helm upgrade ${sites_domain_name} ./charts/wc-sites -n ${sites_namespace} \ + --reuse-values \ + --set domain.enabled=false \ + --wait + +helm delete ${sites_domain_name} -n ${sites_namespace} diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/terraform.tfvars.template b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/terraform.tfvars.template new file mode 100755 index 000000000..f345db0a6 --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/terraform.tfvars.template @@ -0,0 +1,122 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +tenancy_ocid = "ocid1.tenancy.oc1..." +compartment_ocid = "ocid1.compartment.oc1..." +region = "us-ashburn-1" + +## Things to provision +# VCN, OKE cluster, node_pool(s) +# if false, the template assumes the cluster is provisioned and that kubectl has access to the cluster. +provision_cluster = true + +# File Storage and mount point export +provision_filesystem = true +provision_mount_target = true +provision_export = true + +# Database (DBaaS on OCI) +# If false, a database jdbc_connection URL needs to be provided, and the database needs to be reachable from this VCN +provision_database = true + +# Autonomous Database (User can use DBAAS or Autonomous DB. Turn this on if provision_adb is false) +provision_adb = false +# possible values (OLTP) +adb_database_db_workload = "OLTP" +adb_password = "Oradoc_db12W#_" + +# WebLogic Operator +provision_weblogic_operator = true +# Ingress controller +provision_traefik = true +provision_secrets = true +#This will deploy the site in environment +provision_sites = true + +## File storage details +# If the VCN is not provided by this template, the following variables must be provided +fss_subnet_id = null +# If the cluster and VCN are not provided by this template, +fss_source_cidr = "0.0.0.0/0" +# File Storage mount target Availability Domain index +ad_number = 2 + +#if using existing file system. exportset and filesystem must belong to same ad. +#filesystem_ocid = "" +#if using existing mount target. +#mount_target_ocid = "" +#mount_target_ip = "" + +## Credentials +# Input your Container registry login credentials +# this is the registry where sites images is going to be looked at +container_registry = "phx.ocir.io" +container_registry_username = "devcec/WCSitesUser" +container_registry_email = "" +container_registry_password = "MNOPabcd:>123xyZ" +container_registry_image = "oracle/wcsites:12.2.1.4" + +# Create WCSites domain Admin Console credentials +sites_domain_admin_username = "weblogic" +# Password must contain 1 Upper, 1 number and be at least 8 characters long +sites_domain_admin_password = "Welcome1" + +# Create Database credentials +# Password must be 9 to 30 characters and contain at least 2 uppercase, 2 lowercase, 2 special, and 2 numeric characters. +# The special characters must be _, #, or -. +db_sys_password = "Oradoc_db12W#x_" + +# Create RCU Schema credentials +# rcu_prefix must be less than or equals to 5 characters +rcu_prefix = "WCS1" +rcu_username = "WCS1" +# Password must be 9 to 30 characters and contain at least 2 uppercase, 2 lowercase, 2 special, and 2 numeric characters. +# The special characters must be _, #, or -. +rcu_password = "Oradoc_db12W#x_" +# If connecting to an external DB, specify the jdbc_connection_url +# !!! You will need to adjust the security list on your database VCN/subnet to authorize access from the OKE cluster nodes, +# which may require VCN peering (not provided here) +jdbc_connection_url = null + +# Database information max 8 charachtor allowed for db system +database_name = "sitesdb" +database_unique_name = "sitesdb" + +# Kubernetes namespaces (no need to change) +#sites_kubernetes_namespace = "wcsites-ns" +#weblogic_operator_namespace = "operator-ns" +#ingress_controller_namespace = "traefik" + +# Domain name +sites_dns_name ="" + +# VCN config +vcn_cidr = "10.0.0.0/16" + +# SSH key to access database and Kubernetes nodes +ssh_authorized_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtmEF/NbYdBMiF1XjTPgY6M4Nw8RI9AezkXKk7eJ7YylJH8AAApBb0aw7ERgEza3cTkQVK74MH6Rz9nvi7BdoMB/HWv/Ap/StsqFP2oC3BNi+ljVzXreNtVv1G1JqiRbKzjLNtyHw02wtuTKeoXwaex/ElcAObLdqbuxTgw1M1pw+XnSdnBazqAU6otVpnlgkGNiZDE1yvk7t5tL85tZj8dhrIBGEbHu0/lPA/d15PqgAi5bAIO/E0Dt2vh5hJJMjtM0BWf7PyhMgkOeTszERRHuteBroFbZyzxTvJZiUmL16SMcvLnDt3jL4gIzUkOqBIA9haFyo0poGBC8cYECiB vk" + +# Cluster config +oke_cluster = { + name = "OKE_Cluster" + k8s_version = "v1.20.8" + pods_cidr = "10.1.0.0/16" + services_cidr = "10.2.0.0/16" + cluster_options_add_ons_is_kubernetes_dashboard_enabled = true + cluster_options_add_ons_is_tiller_enabled = true +} + +# defaults to 1 pool, feel free to add more if needed. +node_pools = [ + { + pool_name = "pool1" + node_shape = "VM.Standard2.4" + node_count = 2 + node_labels = { + "pool_name" = "pool1" + } + } +] + +# Optional parameter, requires a vault and key to be created in the account. +secrets_encryption_key_ocid = null diff --git a/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/variables.tf b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/variables.tf new file mode 100755 index 000000000..a5348cb9e --- /dev/null +++ b/FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleWebCenterSites/variables.tf @@ -0,0 +1,209 @@ +## Copyright (c) 2022, Oracle and/or its affiliates. +## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl + +variable "tenancy_ocid" {} +variable "compartment_ocid" {} +variable "region" {} +variable "ssh_authorized_key" {} + +## General inputs + +variable "deployment_name" { + default = "sites-k8s" +} + + +## Selector to define what to provision +variable "provision_cluster" { + default = true +} +variable "provision_filesystem" { + default = true +} +variable "provision_mount_target" { + default = true +} +variable "provision_export" { + default = true +} +variable "provision_database" { + default = true +} +variable "provision_weblogic_operator" { + default = true +} +variable "provision_traefik" { + default = true +} +variable "provision_secrets" { + default = true +} +variable "provision_sites" { + default = true +} + + +## File Storage details +# If file storage is provisioned by this template but the VCN is not, the subnet ocid is required. +variable "fss_subnet_id" { + default = null +} +# If the cluster is not provisioned by this template, the fss_source_cidr must be specified. +variable "fss_source_cidr" { + default = "0.0.0.0/0" +} +variable "ad_number" { + default = 2 +} + +variable "mount_path" { + default = "/scratch/K8SVolume/WCSites" +} +variable "mount_target_ip" { + default = null +} + +variable "filesystem_ocid" { + default = null +} + +variable "mount_target_ocid" { + default = null +} + +## Kubernetes Namespaces to use +variable "sites_kubernetes_namespace" { + default = "wcsites-ns" +} +variable "weblogic_operator_namespace" { + default = "operator-ns" +} +variable "ingress_controller_namespace" { + default = "traefik" +} + +## Credentials for Oracle Container Registry +variable "container_registry_email" {} +variable "container_registry_password" {} +variable "container_registry_username" {} +variable "container_registry" {} +variable "container_registry_image" {} + + +## Sites domain details + +variable "sites_domain_name" { + type = string + default = "wcsitesinfra" +} +variable "sites_domain_type" { + type = string + default = "wcsites" +} + +variable "sites_domain_admin_username" {} +variable "sites_domain_admin_password" { + type = string + sensitive = true +} +## Schema Database details +variable "jdbc_connection_url" { + # if provisioned by this template, this should be null, otherwise provide for externally provisioned database + default = null +} + +variable "db_sys_password" { + type = string + sensitive = true +} + +variable "db_sys_username" { + type = string + default = "sys" +} + +variable "rcu_prefix" { + default = "Sites" +} +variable "rcu_username" { + default = "sys" +} +variable "rcu_password" { + type = string + sensitive = true +} +## Autonomous database related variables +variable "provision_adb" { + default = false +} + +variable "adb_database_db_workload" { + default = "OLTP" +} + +variable "adb_password" {} +variable "adb_username" { + default = "Admin" +} + +## Database provisioning details +variable "database_name" {} +variable "database_unique_name" {} +variable "db_version" { + default = "19.0.0.0" +} +variable "pdb_name" { + default = "pdb" +} +variable "db_system_shape" { + default = "VM.Standard2.1" +} +variable "db_system_cpu_core_count" { + default = 1 +} +variable "db_system_license_model" { + default = "LICENSE_INCLUDED" +} +variable "db_system_db_system_options_storage_management" { + default = "LVM" +} + +## Domain name +variable "sites_dns_name" { + type = string + default = null +} + +## VCN details +variable "vcn_cidr" { + default = "10.0.0.0/16" +} + +## OKE cluster details +variable "oke_cluster" { + default = { + k8s_version = "v1.20.8" + pods_cidr = "10.1.0.0/16" + services_cidr = "10.2.0.0/16" + cluster_options_add_ons_is_kubernetes_dashboard_enabled = true + cluster_options_add_ons_is_tiller_enabled = true + } +} + +variable "node_pools" { + default = [ + { + pool_name = "pool1" + node_shape = "VM.Standard2.4" + node_count = 3 + node_labels = { + "pool_name" = "pool1" + } + } + ] +} + +## Optional KMS Key for encrypting File system and Kubernetes secrets at rest +variable "secrets_encryption_key_ocid" { + default = null +}