Identity Governance

This is very resource intensive and will require at least 12GB RAM. I've managed to get it running with 8GB but were edging the VM with 92% RAM usage.

Download everything needed.

## Oracle Identity Governance (OIG)
kiot :: ~/oracle » docker pull container-registry.oracle.com/middleware/oig:14.1.2.1.0-jdk17-ol8-250315
kiot :: ~/oracle » docker tag container-registry.oracle.com/middleware/oig:14.1.2.1.0-jdk17-ol8-250315 localhost/oracle/oig:14.1.2.1.0

## Oracle 19c DB
kiot :: ~/oracle » docker pull container-registry.oracle.com/database/enterprise:19.3.0.0
kiot :: ~/oracle » docker tag container-registry.oracle.com/database/enterprise:19.3.0.0 localhost/oracle/database:19.3.0.0-ee

## Docker files
# kdev :: ~/oracle » git clone https://github.com/oracle/docker-images
kiot :: ~/oracle » git clone https://github.com/0xPThree/WebLogic

Configuration

Due to setup issues (probably related to insufficient RAM) I have rebuilt the setenv.sh and docker-compose.yaml files to a format that makes more sense to me. See below for full code.

You can most likely use the default sample files from Oracles repo (docker-images/OracleIdentityGovernance/setenv.sh, and docker-images/OracleIdentityGovernance/samples/containerizedDB/docker-compose.yaml) to achieve the same result.

With my configuration you must add kiot.dev.local 172.30.0.1 and oimdb.dev.local 172.30.0.2 to /etc/hosts.

kiot :: ~/oracle » cat setenv.sh 
#!/bin/sh

# ==========================================================
# Docker Network Configuration
# ==========================================================
NETWORK_NAME="containerizeddb_default"
NETWORK_SUBNET="172.30.0.0/24"
NETWORK_GATEWAY="172.30.0.1"     # The host gateway for containers

# Create network only if it does NOT already exist
if ! docker network inspect "${NETWORK_NAME}" >/dev/null 2>&1; then
  docker network create \
    --subnet "${NETWORK_SUBNET}" \
    --gateway "${NETWORK_GATEWAY}" \
    "${NETWORK_NAME}"
fi

# ==========================================================
# Registry & Database Image Configuration
# ==========================================================
export DC_REGISTRY_OIG="localhost"
export DC_REGISTRY_DB="localhost"
export DC_DB_VERSION="19.3.0.0-ee"

export no_proxy="localhost,127.0.0.1,.dev.local,/var/run/docker.sock"

# ==========================================================
# Export Docker Compose Environment Variables
# ==========================================================
exportComposeEnv() {

  # Host identity
  export DC_HOSTNAME="kiot.dev.local"
  export DC_HOST_GATEWAY="${NETWORK_GATEWAY}"

  # Oracle Database
  export DC_DB_IP="172.30.0.2"
  export DC_DB_HOST="oimdb.dev.local"
  export DC_DB_PORT=1521
  export DC_DB_OEM_PORT=5500
  export DC_DB_SID="oimdb"
  export DC_DB_PDB="oimpdb"
  export DC_DB_SYSPWD="Passw0rd123"
  export DC_DB_DBDATA="/u01/app/docker/OIG/dbdata"

  # Oracle Identity Governance / WebLogic
  export DC_WLS_ADMIN_PASSWORD="Passw0rd123"
  export OIG_IMAGE="localhost/oracle/oig:14.1.2.1.0"

  # RCU
  export DC_RCU_SCHPWD="Passw0rd123"
  export DC_RCU_OIMPFX="OIM03"

  # Domain Home
  export DC_DOMAIN_HOME="/u01/app/docker/OIG/domain"
}

# ==========================================================
# Directory Handling
# ==========================================================
ensure_dir() {
  if [ ! -d "$1" ]; then
    mkdir -p "$1"
    chmod 777 "$1"
  fi
}

createDirs() {
  ensure_dir "${DC_DOMAIN_HOME}"
  ensure_dir "${DC_DOMAIN_HOME}/domains"
  ensure_dir "${DC_DOMAIN_HOME}/domains/ConnectorDefaultDirectory"
  ensure_dir "${DC_DB_DBDATA}"
}

# ==========================================================
# Main
# ==========================================================
echo "INFO: Setting up OIG Docker Environment..."
exportComposeEnv
createDirs

echo "INFO: Environment variables:"
env | grep -e "^DC_" | sort

kiot :: ~/oracle » cat docker-compose.yaml
x-common: &default-common
  ulimits:
    nofile:
      soft: 65536
      hard: 65536
    nproc:
      soft: 16384
      hard: 16384
  extra_hosts:
    - "${DC_HOSTNAME}:${DC_HOST_GATEWAY}"
    - "${DC_DB_HOST}:${DC_DB_IP}"

services:
  # ========================================================
  # Oracle Database Container
  # ========================================================
  oimdb:
    <<: *default-common
    image: ${DC_REGISTRY_DB}/oracle/database:${DC_DB_VERSION}
    container_name: oimdb
    ports:
      - "${DC_DB_PORT}:1521"
      - "${DC_DB_OEM_PORT}:5500"
    environment:
      - ORACLE_SID=${DC_DB_SID}
      - ORACLE_PDB=${DC_DB_PDB}
      - ORACLE_PWD=${DC_DB_SYSPWD}
    volumes:
      - ${DC_DB_DBDATA}:/opt/oracle/oradata

  # ========================================================
  # OIG Admin Server (creates domain)
  # ========================================================
  oimadmin:
    <<: *default-common
    image: ${OIG_IMAGE}
    container_name: oimadmin
    hostname: oimadmin
    command: /bin/bash -c "sleep 5s; /u01/oracle/dockertools/createDomainAndStart.sh"
    ports:
      - "7001:7001"
    environment:
      - ADMIN_HOST=${DC_HOSTNAME}
      - ADMIN_PASSWORD=${DC_WLS_ADMIN_PASSWORD}
      - CONNECTION_STRING=${DC_DB_HOST}:${DC_DB_PORT}/${DC_DB_PDB}
      - DB_PASSWORD=${DC_DB_SYSPWD}
      - DB_SCHEMA_PASSWORD=${DC_RCU_SCHPWD}
      - RCUPREFIX=${DC_RCU_OIMPFX}
    volumes:
      - ${DC_DOMAIN_HOME}:/u01/oracle/user_projects

  # ========================================================
  # SOA Managed Server
  # ========================================================
  soams:
    <<: *default-common
    image: ${OIG_IMAGE}
    container_name: soams
    hostname: soams
    depends_on:
      - oimadmin
    command: /bin/bash -c "/u01/oracle/dockertools/startMS.sh"
    ports:
      - "8001:8001"
      - "8002:8002"
      - "8003:8003"
    environment:
      - ADMIN_HOST=${DC_HOSTNAME}
      - ADMIN_PORT=7001
      - ADMIN_PASSWORD=${DC_WLS_ADMIN_PASSWORD}
      - MANAGED_SERVER=soa_server1
      - MS_HOST=${DC_HOSTNAME}
    volumes:
      - ${DC_DOMAIN_HOME}:/u01/oracle/user_projects

  # ========================================================
  # OIG Managed Server
  # ========================================================
  oimms:
    <<: *default-common
    image: ${OIG_IMAGE}
    container_name: oimms
    hostname: oimms
    depends_on:
      - oimadmin
    command: /bin/bash -c "/u01/oracle/dockertools/startMS.sh"
    ports:
      - "14000:14000"
      - "14001:14001"
      - "14002:14002"
    environment:
      - ADMIN_HOST=${DC_HOSTNAME}
      - ADMIN_PORT=7001
      - ADMIN_PASSWORD=${DC_WLS_ADMIN_PASSWORD}
      - MANAGED_SERVER=oim_server1
      - MS_HOST=${DC_HOSTNAME}
    volumes:
      - ${DC_DOMAIN_HOME}:/u01/oracle/user_projects

# ==========================================================
# Docker Network (externally created in setenv.sh)
# ==========================================================
networks:
  default:
    external: true
    name: containerizeddb_default

Start environment

The environment is very sensitive and must be started in correct order as the containers are dependant of each other. Either tweak the docker-compose.yml to wait, or start the containers manually and observe the status using docker logs -f <container-name>. Starting the containers will take several minutes.

Important: You must use the same terminal window as the one where you set the variables.

## 
kiot :: ~/oracle » . ./setenv.sh
06c3d0a46fa32a1a328369bc964a2f3a19dd5a52000478071553914e9b355c6e
INFO: Setting up OIG Docker Environment...
INFO: Environment variables:
DC_DB_DBDATA=/u01/app/docker/OIG/dbdata
DC_DB_HOST=oimdb.dev.local
DC_DB_IP=172.30.0.2
DC_DB_OEM_PORT=5500
DC_DB_PDB=oimpdb
DC_DB_PORT=1521
DC_DB_SID=oimdb
DC_DB_SYSPWD=Passw0rd123
DC_DB_VERSION=19.3.0.0-ee
DC_DOMAIN_HOME=/u01/app/docker/OIG/domain
DC_HOST_GATEWAY=172.30.0.1
DC_HOSTNAME=kiot.dev.local
DC_RCU_OIMPFX=OIM03
DC_RCU_SCHPWD=Passw0rd123
DC_REGISTRY_DB=localhost
DC_REGISTRY_OIG=localhost
DC_WLS_ADMIN_PASSWORD=Passw0rd123

## Database (oimdb) - takes up to 15 minutes to start
kiot :: ~/oracle » docker compose up -d oimdb
[+] Running 1/1
 ✔ Container oimdb  Started 

kiot :: ~ » docker logs -f oimdb                      
... snip ...
#########################
DATABASE IS READY TO USE!
#########################

kiot :: ~/oracle » docker container ls          
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS                            PORTS                                                                                                                                                                        NAMES
f0f8e76f3b34   localhost/oracle/database:19.3.0.0-ee   "/bin/bash -c 'exec …"   13 minutes ago   Up 13 minutes (healthy)           0.0.0.0:1521->1521/tcp, :::1521->1521/tcp, 0.0.0.0:5500->5500/tcp, :::5500->5500/tcp                                                                                         oimdb

------------
## WebLogic AdminServer (oimadmin)
kiot :: ~/oracle » docker compose up -d oimadmin
[+] Running 1/1
 ✔ Container oimadmin  Started

kiot :: ~ » docker logs -f oimadmin
... snip ...
INFO: Admin server is running
INFO: Admin server running, ready to start managed server

kiot :: ~/oracle » docker container ls          
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS                            PORTS                                                                                                                                                                        NAMES
643dd974a5d9   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c 'sleep…"   2 minutes ago    Up 2 minutes (health: starting)   0.0.0.0:7001->7001/tcp, :::7001->7001/tcp                                                                                                                                    oimadmin
f0f8e76f3b34   localhost/oracle/database:19.3.0.0-ee   "/bin/bash -c 'exec …"   13 minutes ago   Up 13 minutes (healthy)           0.0.0.0:1521->1521/tcp, :::1521->1521/tcp, 0.0.0.0:5500->5500/tcp, :::5500->5500/tcp                                                                                         oimdb

------------
## SOA Managed Server
kiot :: ~/oracle » docker compose up -d soams   
[+] Running 2/2
 ✔ Container oimadmin  Running
 ✔ Container soams     Started 
 
kiot :: ~ » docker logs -f soams   
INFO: Updating the listen address - 172.30.0.4  kiot.dev.local for server soa_server1
/u01/oracle/oracle_common/common/bin/wlst.sh -skipWLSModuleScanning /u01/oracle/dockertools/updateListenAddressMS.py 172.30.0.4 soa_server1 kiot.dev.local kiot.dev.local 7001 weblogic Passw0rd123
... snip ...
INFO: Managed Server is running
INFO: Managed server has been started

kiot :: ~/oracle » docker container ls       
CONTAINER ID   IMAGE                                   COMMAND                  CREATED              STATUS                        PORTS                                                                                                                                                                        NAMES
f8d8f100c6ff   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c /u01/o…"   About a minute ago   Up About a minute (healthy)   0.0.0.0:8001-8003->8001-8003/tcp, :::8001-8003->8001-8003/tcp                                                                                                                soams
643dd974a5d9   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c 'sleep…"   6 minutes ago        Up 6 minutes (healthy)        0.0.0.0:7001->7001/tcp, :::7001->7001/tcp                                                                                                                                    oimadmin
f0f8e76f3b34   localhost/oracle/database:19.3.0.0-ee   "/bin/bash -c 'exec …"   17 minutes ago       Up 17 minutes (healthy)       0.0.0.0:1521->1521/tcp, :::1521->1521/tcp, 0.0.0.0:5500->5500/tcp, :::5500->5500/tcp                                                                                         oimdb

------------
## OIM Managed Server
kiot :: ~/oracle » docker compose up -d oimms   
[+] Running 2/2
 ✔ Container oimadmin  Running
 ✔ Container oimms     Started

kiot :: ~ » docker logs -f oimms   
INFO: Updating the listen address - 172.30.0.5  kiot.dev.local for server oim_server1
/u01/oracle/oracle_common/common/bin/wlst.sh -skipWLSModuleScanning /u01/oracle/dockertools/updateListenAddressMS.py 172.30.0.5 oim_server1 kiot.dev.local kiot.dev.local 7001 weblogic Passw0rd123
... snip ...
INFO: Managed Server is running
INFO: Managed server has been started
INFO: Running SOA Mbean
INFO: OIM SOA Integration Mbean executed successfully.

kiot :: ~/oracle » docker container ls       
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS                    PORTS                                                                                                                                                                        NAMES
0aad0da7d88c   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c /u01/o…"   2 minutes ago    Up 2 minutes (healthy)    0.0.0.0:14000-14002->14000-14002/tcp, :::14000-14002->14000-14002/tcp                                                                                                        oimms
f8d8f100c6ff   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c /u01/o…"   4 minutes ago    Up 4 minutes (healthy)    0.0.0.0:8001-8003->8001-8003/tcp, :::8001-8003->8001-8003/tcp                                                                                                                soams
643dd974a5d9   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c 'sleep…"   8 minutes ago    Up 8 minutes (healthy)    0.0.0.0:7001->7001/tcp, :::7001->7001/tcp                                                                                                                                    oimadmin
f0f8e76f3b34   localhost/oracle/database:19.3.0.0-ee   "/bin/bash -c 'exec …"   20 minutes ago   Up 20 minutes (healthy)   0.0.0.0:1521->1521/tcp, :::1521->1521/tcp, 0.0.0.0:5500->5500/tcp, :::5500->5500/tcp                                                                                         oimdb

Access environment

The login credentials are set in setenv.sh (weblogic:Passw0rd123 ) these will work for all services except Oracle Identity System Administration Console, which use xelsysadm:Passw0rd123.

Service

URL

WebLogic Administration Console

http://kiot.dev.local:7001/console

Oracle Enterprise Manager Console

http://kiot.dev.local:7001/em

Oracle SOA Platform

http://kiot.dev.local:8001/soa-infra

Oracle Identity Self Service Console

http://kiot.dev.local:14000/identity

Oracle Identity System Administration Console

http://kiot.dev.local:14000/sysadmin

Troubleshooting

Container out of memory

If you get an error similar to:

INFO: CONNECTION_STRING = oimdb:1521/oimpdb
INFO: RCUPREFIX         = OIM03
INFO: DB_PASSWORD       = password
library initialization failed - unable to allocate file descriptor table - out of memory/u01/oracle/dockertools/createDomainAndStart.sh: line 170:    25 Aborted                 (core dumped) java -cp /$vol_name/oracle/dockertools/:/$vol_name/oracle/oracle_common/modules/oracle.jdbc/ojdbc8.jar DBUtils $jdbc_url sys $DB_PASSWORD file /$vol_name/oracle/dockertools/xaview.sql
library initialization failed - unable to allocate file descriptor table - out of memory/u01/oracle/oracle_common/bin/rcu_internal.sh: line 285:    46 Aborted                 (core dumped) $JAVA_HOME/bin/java -DRCU_HOME=$RCU_HOME -DSQLPLUS_HOME=$SQLPLUS_HOME -DORACLE_HOME=$OH $RCU_ENV_VARS -DLAUNCH_MODE=$LAUNCH_MODE -mx128m -DLD_LIBRARY_PATH=$LD_LIBRARY_PATH ${RCU_JAVA_OPTIONS} -classpath $CLASSPATH oracle.sysman.assistants.rcu.Rcu $ARGUMENTS

Solve it by configuring ulimits to your container. Either do this globally, or locally, in the docker-compose.yml file. I think it's easiest to do it globally and apply to all containers like so:

kdev :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » cat docker-compose.yaml         
x-ulimits: &default-ulimits
  ulimits:
    nofile:
      soft: 65536
      hard: 65536
    nproc:
      soft: 16384
      hard: 16384

services:
  oimdb:
    <<: *default-ulimits
    ... snip ...

  oimadmin:
    <<: *default-ulimits
    ... snip ...

  soams:
    <<: *default-ulimits
    ... snip ...

  oimms:
    <<: *default-ulimits
    ... snip ...

Domain Configuration failed

kiot :: ~/oracle » docker logs -f oimadmin
... snip ...
sys.argv[19] = -hostname
sys.argv[20] = kiot.localdomain
Error: set() failed. Do dumpStack() to see details.
Error: runCmd() failed. Do dumpStack() to see details.
Traceback (most recent call last):
  File "/u01/oracle/dockertools/createOIMDomain.py", line 433, in <module>
    provisioner.createOimDomain(domainName, domainUser, domainPassword, rcuDb, rcuSchemaPrefix, rcuSchemaPassword,domainType, hostName)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 63, in createOimDomain
    domainHome = self.createBaseDomain(name, user, password, domainType)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 76, in createBaseDomain
    set('Password', password)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 79, in set
    command("set", attrName,value)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 19, in command
    return WLS.runCmd(name, args)
	at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:69)
	at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:3145)
	at com.oracle.cie.domain.script.jython.WLScriptContext.runCmd(WLScriptContext.java:747)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.jython.WLSTException
Problem invoking WLST - Traceback (most recent call last):
  File "/u01/oracle/dockertools/createOIMDomain.py", line 433, in <module>
    provisioner.createOimDomain(domainName, domainUser, domainPassword, rcuDb, rcuSchemaPrefix, rcuSchemaPassword,domainType, hostName)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 63, in createOimDomain
    domainHome = self.createBaseDomain(name, user, password, domainType)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 76, in createBaseDomain
    set('Password', password)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 79, in set
    command("set", attrName,value)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 19, in command
    return WLS.runCmd(name, args)
	at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:69)
	at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:3145)
	at com.oracle.cie.domain.script.jython.WLScriptContext.runCmd(WLScriptContext.java:747)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.jython.WLSTException

ERROR: Domain Configuration failed. Please check the logs

The issue is likely due to password requirements are not being met. Change password in the setenv.sh file to something longer and/or more complex. For dev installations I use Passw0rd123 which suffice.

kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » . ../../setenv.sh
INFO: Setting up OIM Docker Environment...
INFO: Environment variables
DC_ADMIN_PWD=Passw0rd123
DC_DB_VERSION=19.3.0.0-ee
DC_DDIR_OIM=/home/void/oracle/docker/oimdomain
DC_HOSTNAME=kiot.localdomain
DC_ORCL_DBDATA=/home/void/oracle/docker/dbdata
DC_ORCL_HOST=oimdb
DC_ORCL_OEM_PORT=5500
DC_ORCL_PDB=oimpdb
DC_ORCL_PORT=1521
DC_ORCL_SID=oimdb
DC_ORCL_SYSPWD=Passw0rd123
DC_RCU_OIMPFX=OIM03
DC_RCU_SCHPWD=Passw0rd123
DC_REGISTRY_DB=localhost
DC_REGISTRY_OIG=localhost
DC_USERHOME=/home/void/oracle/docker

Stuck at startup

If your SOA or IOM container get stuck at startup and the logs don't get past:

INFO: Starting the managed server oim_server1
INFO: Waiting for the Managed Server to accept requests...

It may be that you don't meet the hardware requirements. I had my last container, OIM, stuck at this stage until I noticed that the RAM was maxed out. Increasing the RAM from 8 to 16 GB solved it and I was able to start all four containers.

Resources

Creating Oracle Identity Governance Docker Containersdocs.oracle.com

Last updated 2 months ago

hashtagConfiguration

hashtagStart environment

hashtagAccess environment

hashtagTroubleshooting

hashtagContainer out of memory

hashtagDomain Configuration failed

hashtagStuck at startup

hashtagResources

Configuration

Start environment

Access environment

Troubleshooting

Container out of memory

Domain Configuration failed

Stuck at startup

Resources