# Identity Governance

{% hint style="danger" %}
This is very resource intensive and will require at least 12GB RAM. I've managed to get it running with 8GB but were edging the VM with 92% RAM usage.
{% endhint %}

Download everything needed.

```bash
## Oracle Identity Governance (OIG)
kiot :: ~/oracle » docker pull container-registry.oracle.com/middleware/oig:14.1.2.1.0-jdk17-ol8-250315
kiot :: ~/oracle » docker tag container-registry.oracle.com/middleware/oig:14.1.2.1.0-jdk17-ol8-250315 localhost/oracle/oig:14.1.2.1.0

## Oracle 19c DB
kiot :: ~/oracle » docker pull container-registry.oracle.com/database/enterprise:19.3.0.0
kiot :: ~/oracle » docker tag container-registry.oracle.com/database/enterprise:19.3.0.0 localhost/oracle/database:19.3.0.0-ee

## Docker files
# kdev :: ~/oracle » git clone https://github.com/oracle/docker-images
kiot :: ~/oracle » git clone https://github.com/0xPThree/WebLogic
```

## Configuration

Due to setup issues (probably related to insufficient RAM) I have rebuilt the `setenv.sh` and `docker-compose.yaml` files to a format that makes more sense to me. See below for full code.

You can most likely use the default sample files from Oracles repo (`docker-images/OracleIdentityGovernance/setenv.sh`, and `docker-images/OracleIdentityGovernance/samples/containerizedDB/docker-compose.yaml`) to achieve the same result.

With my configuration you must add `kiot.dev.local 172.30.0.1` and `oimdb.dev.local 172.30.0.2` to `/etc/hosts`.

```bash
kiot :: ~/oracle » cat setenv.sh 
#!/bin/sh

# ==========================================================
# Docker Network Configuration
# ==========================================================
NETWORK_NAME="containerizeddb_default"
NETWORK_SUBNET="172.30.0.0/24"
NETWORK_GATEWAY="172.30.0.1"     # The host gateway for containers

# Create network only if it does NOT already exist
if ! docker network inspect "${NETWORK_NAME}" >/dev/null 2>&1; then
  docker network create \
    --subnet "${NETWORK_SUBNET}" \
    --gateway "${NETWORK_GATEWAY}" \
    "${NETWORK_NAME}"
fi

# ==========================================================
# Registry & Database Image Configuration
# ==========================================================
export DC_REGISTRY_OIG="localhost"
export DC_REGISTRY_DB="localhost"
export DC_DB_VERSION="19.3.0.0-ee"

export no_proxy="localhost,127.0.0.1,.dev.local,/var/run/docker.sock"

# ==========================================================
# Export Docker Compose Environment Variables
# ==========================================================
exportComposeEnv() {

  # Host identity
  export DC_HOSTNAME="kiot.dev.local"
  export DC_HOST_GATEWAY="${NETWORK_GATEWAY}"

  # Oracle Database
  export DC_DB_IP="172.30.0.2"
  export DC_DB_HOST="oimdb.dev.local"
  export DC_DB_PORT=1521
  export DC_DB_OEM_PORT=5500
  export DC_DB_SID="oimdb"
  export DC_DB_PDB="oimpdb"
  export DC_DB_SYSPWD="Passw0rd123"
  export DC_DB_DBDATA="/u01/app/docker/OIG/dbdata"

  # Oracle Identity Governance / WebLogic
  export DC_WLS_ADMIN_PASSWORD="Passw0rd123"
  export OIG_IMAGE="localhost/oracle/oig:14.1.2.1.0"

  # RCU
  export DC_RCU_SCHPWD="Passw0rd123"
  export DC_RCU_OIMPFX="OIM03"

  # Domain Home
  export DC_DOMAIN_HOME="/u01/app/docker/OIG/domain"
}

# ==========================================================
# Directory Handling
# ==========================================================
ensure_dir() {
  if [ ! -d "$1" ]; then
    mkdir -p "$1"
    chmod 777 "$1"
  fi
}

createDirs() {
  ensure_dir "${DC_DOMAIN_HOME}"
  ensure_dir "${DC_DOMAIN_HOME}/domains"
  ensure_dir "${DC_DOMAIN_HOME}/domains/ConnectorDefaultDirectory"
  ensure_dir "${DC_DB_DBDATA}"
}

# ==========================================================
# Main
# ==========================================================
echo "INFO: Setting up OIG Docker Environment..."
exportComposeEnv
createDirs

echo "INFO: Environment variables:"
env | grep -e "^DC_" | sort
```

```yaml
kiot :: ~/oracle » cat docker-compose.yaml
x-common: &default-common
  ulimits:
    nofile:
      soft: 65536
      hard: 65536
    nproc:
      soft: 16384
      hard: 16384
  extra_hosts:
    - "${DC_HOSTNAME}:${DC_HOST_GATEWAY}"
    - "${DC_DB_HOST}:${DC_DB_IP}"

services:
  # ========================================================
  # Oracle Database Container
  # ========================================================
  oimdb:
    <<: *default-common
    image: ${DC_REGISTRY_DB}/oracle/database:${DC_DB_VERSION}
    container_name: oimdb
    ports:
      - "${DC_DB_PORT}:1521"
      - "${DC_DB_OEM_PORT}:5500"
    environment:
      - ORACLE_SID=${DC_DB_SID}
      - ORACLE_PDB=${DC_DB_PDB}
      - ORACLE_PWD=${DC_DB_SYSPWD}
    volumes:
      - ${DC_DB_DBDATA}:/opt/oracle/oradata

  # ========================================================
  # OIG Admin Server (creates domain)
  # ========================================================
  oimadmin:
    <<: *default-common
    image: ${OIG_IMAGE}
    container_name: oimadmin
    hostname: oimadmin
    command: /bin/bash -c "sleep 5s; /u01/oracle/dockertools/createDomainAndStart.sh"
    ports:
      - "7001:7001"
    environment:
      - ADMIN_HOST=${DC_HOSTNAME}
      - ADMIN_PASSWORD=${DC_WLS_ADMIN_PASSWORD}
      - CONNECTION_STRING=${DC_DB_HOST}:${DC_DB_PORT}/${DC_DB_PDB}
      - DB_PASSWORD=${DC_DB_SYSPWD}
      - DB_SCHEMA_PASSWORD=${DC_RCU_SCHPWD}
      - RCUPREFIX=${DC_RCU_OIMPFX}
    volumes:
      - ${DC_DOMAIN_HOME}:/u01/oracle/user_projects

  # ========================================================
  # SOA Managed Server
  # ========================================================
  soams:
    <<: *default-common
    image: ${OIG_IMAGE}
    container_name: soams
    hostname: soams
    depends_on:
      - oimadmin
    command: /bin/bash -c "/u01/oracle/dockertools/startMS.sh"
    ports:
      - "8001:8001"
      - "8002:8002"
      - "8003:8003"
    environment:
      - ADMIN_HOST=${DC_HOSTNAME}
      - ADMIN_PORT=7001
      - ADMIN_PASSWORD=${DC_WLS_ADMIN_PASSWORD}
      - MANAGED_SERVER=soa_server1
      - MS_HOST=${DC_HOSTNAME}
    volumes:
      - ${DC_DOMAIN_HOME}:/u01/oracle/user_projects

  # ========================================================
  # OIG Managed Server
  # ========================================================
  oimms:
    <<: *default-common
    image: ${OIG_IMAGE}
    container_name: oimms
    hostname: oimms
    depends_on:
      - oimadmin
    command: /bin/bash -c "/u01/oracle/dockertools/startMS.sh"
    ports:
      - "14000:14000"
      - "14001:14001"
      - "14002:14002"
    environment:
      - ADMIN_HOST=${DC_HOSTNAME}
      - ADMIN_PORT=7001
      - ADMIN_PASSWORD=${DC_WLS_ADMIN_PASSWORD}
      - MANAGED_SERVER=oim_server1
      - MS_HOST=${DC_HOSTNAME}
    volumes:
      - ${DC_DOMAIN_HOME}:/u01/oracle/user_projects

# ==========================================================
# Docker Network (externally created in setenv.sh)
# ==========================================================
networks:
  default:
    external: true
    name: containerizeddb_default
```

***

## Start environment

The environment is very sensitive and **must be started in correct order** as the containers are dependant of each other. Either tweak the `docker-compose.yml` to wait, or start the containers manually and observe the status using `docker logs -f <container-name>`. Starting the containers will take **several minutes**.

> Important: You must use the same terminal window as the one where you set the variables.

```bash
## 
kiot :: ~/oracle » . ./setenv.sh
06c3d0a46fa32a1a328369bc964a2f3a19dd5a52000478071553914e9b355c6e
INFO: Setting up OIG Docker Environment...
INFO: Environment variables:
DC_DB_DBDATA=/u01/app/docker/OIG/dbdata
DC_DB_HOST=oimdb.dev.local
DC_DB_IP=172.30.0.2
DC_DB_OEM_PORT=5500
DC_DB_PDB=oimpdb
DC_DB_PORT=1521
DC_DB_SID=oimdb
DC_DB_SYSPWD=Passw0rd123
DC_DB_VERSION=19.3.0.0-ee
DC_DOMAIN_HOME=/u01/app/docker/OIG/domain
DC_HOST_GATEWAY=172.30.0.1
DC_HOSTNAME=kiot.dev.local
DC_RCU_OIMPFX=OIM03
DC_RCU_SCHPWD=Passw0rd123
DC_REGISTRY_DB=localhost
DC_REGISTRY_OIG=localhost
DC_WLS_ADMIN_PASSWORD=Passw0rd123

## Database (oimdb) - takes up to 15 minutes to start
kiot :: ~/oracle » docker compose up -d oimdb
[+] Running 1/1
 ✔ Container oimdb  Started 

kiot :: ~ » docker logs -f oimdb                      
... snip ...
#########################
DATABASE IS READY TO USE!
#########################

kiot :: ~/oracle » docker container ls          
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS                            PORTS                                                                                                                                                                        NAMES
f0f8e76f3b34   localhost/oracle/database:19.3.0.0-ee   "/bin/bash -c 'exec …"   13 minutes ago   Up 13 minutes (healthy)           0.0.0.0:1521->1521/tcp, :::1521->1521/tcp, 0.0.0.0:5500->5500/tcp, :::5500->5500/tcp                                                                                         oimdb

------------
## WebLogic AdminServer (oimadmin)
kiot :: ~/oracle » docker compose up -d oimadmin
[+] Running 1/1
 ✔ Container oimadmin  Started

kiot :: ~ » docker logs -f oimadmin
... snip ...
INFO: Admin server is running
INFO: Admin server running, ready to start managed server

kiot :: ~/oracle » docker container ls          
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS                            PORTS                                                                                                                                                                        NAMES
643dd974a5d9   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c 'sleep…"   2 minutes ago    Up 2 minutes (health: starting)   0.0.0.0:7001->7001/tcp, :::7001->7001/tcp                                                                                                                                    oimadmin
f0f8e76f3b34   localhost/oracle/database:19.3.0.0-ee   "/bin/bash -c 'exec …"   13 minutes ago   Up 13 minutes (healthy)           0.0.0.0:1521->1521/tcp, :::1521->1521/tcp, 0.0.0.0:5500->5500/tcp, :::5500->5500/tcp                                                                                         oimdb

------------
## SOA Managed Server
kiot :: ~/oracle » docker compose up -d soams   
[+] Running 2/2
 ✔ Container oimadmin  Running
 ✔ Container soams     Started 
 
kiot :: ~ » docker logs -f soams   
INFO: Updating the listen address - 172.30.0.4  kiot.dev.local for server soa_server1
/u01/oracle/oracle_common/common/bin/wlst.sh -skipWLSModuleScanning /u01/oracle/dockertools/updateListenAddressMS.py 172.30.0.4 soa_server1 kiot.dev.local kiot.dev.local 7001 weblogic Passw0rd123
... snip ...
INFO: Managed Server is running
INFO: Managed server has been started

kiot :: ~/oracle » docker container ls       
CONTAINER ID   IMAGE                                   COMMAND                  CREATED              STATUS                        PORTS                                                                                                                                                                        NAMES
f8d8f100c6ff   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c /u01/o…"   About a minute ago   Up About a minute (healthy)   0.0.0.0:8001-8003->8001-8003/tcp, :::8001-8003->8001-8003/tcp                                                                                                                soams
643dd974a5d9   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c 'sleep…"   6 minutes ago        Up 6 minutes (healthy)        0.0.0.0:7001->7001/tcp, :::7001->7001/tcp                                                                                                                                    oimadmin
f0f8e76f3b34   localhost/oracle/database:19.3.0.0-ee   "/bin/bash -c 'exec …"   17 minutes ago       Up 17 minutes (healthy)       0.0.0.0:1521->1521/tcp, :::1521->1521/tcp, 0.0.0.0:5500->5500/tcp, :::5500->5500/tcp                                                                                         oimdb

------------
## OIM Managed Server
kiot :: ~/oracle » docker compose up -d oimms   
[+] Running 2/2
 ✔ Container oimadmin  Running
 ✔ Container oimms     Started

kiot :: ~ » docker logs -f oimms   
INFO: Updating the listen address - 172.30.0.5  kiot.dev.local for server oim_server1
/u01/oracle/oracle_common/common/bin/wlst.sh -skipWLSModuleScanning /u01/oracle/dockertools/updateListenAddressMS.py 172.30.0.5 oim_server1 kiot.dev.local kiot.dev.local 7001 weblogic Passw0rd123
... snip ...
INFO: Managed Server is running
INFO: Managed server has been started
INFO: Running SOA Mbean
INFO: OIM SOA Integration Mbean executed successfully.

kiot :: ~/oracle » docker container ls       
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS                    PORTS                                                                                                                                                                        NAMES
0aad0da7d88c   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c /u01/o…"   2 minutes ago    Up 2 minutes (healthy)    0.0.0.0:14000-14002->14000-14002/tcp, :::14000-14002->14000-14002/tcp                                                                                                        oimms
f8d8f100c6ff   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c /u01/o…"   4 minutes ago    Up 4 minutes (healthy)    0.0.0.0:8001-8003->8001-8003/tcp, :::8001-8003->8001-8003/tcp                                                                                                                soams
643dd974a5d9   localhost/oracle/oig:14.1.2.1.0         "/bin/bash -c 'sleep…"   8 minutes ago    Up 8 minutes (healthy)    0.0.0.0:7001->7001/tcp, :::7001->7001/tcp                                                                                                                                    oimadmin
f0f8e76f3b34   localhost/oracle/database:19.3.0.0-ee   "/bin/bash -c 'exec …"   20 minutes ago   Up 20 minutes (healthy)   0.0.0.0:1521->1521/tcp, :::1521->1521/tcp, 0.0.0.0:5500->5500/tcp, :::5500->5500/tcp                                                                                         oimdb
```

## Access environment

The login credentials are set in `setenv.sh` (`weblogic:Passw0rd123` ) these will work for all services **except** *Oracle Identity System Administration Console*, which use `xelsysadm:Passw0rd123`.

<table><thead><tr><th width="289">Service</th><th>URL</th></tr></thead><tbody><tr><td>WebLogic Administration Console</td><td><code>http://kiot.dev.local:7001/console</code></td></tr><tr><td>Oracle Enterprise Manager Console</td><td><code>http://kiot.dev.local:7001/em</code></td></tr><tr><td>Oracle SOA Platform</td><td><code>http://kiot.dev.local:8001/soa-infra</code></td></tr><tr><td>Oracle Identity Self Service Console</td><td><code>http://kiot.dev.local:14000/identity</code></td></tr><tr><td>Oracle Identity System Administration Console</td><td><code>http://kiot.dev.local:14000/sysadmin</code></td></tr></tbody></table>

<figure><img src="https://2314265932-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLZ9hPT4FtAP57VrTApYv%2Fuploads%2FP1sbmCKBbLNoLnxrIF8z%2Fimage.png?alt=media&#x26;token=ff5bd2d5-651b-481b-b50f-088f75b2626f" alt=""><figcaption><p>WebLogic Administration Console (oimadmin)</p></figcaption></figure>

<figure><img src="https://2314265932-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLZ9hPT4FtAP57VrTApYv%2Fuploads%2F2ytsEanoOtN7wxWGYaVY%2Fimage.png?alt=media&#x26;token=b07d17f2-a08e-4d23-85a7-743ea7a711f2" alt=""><figcaption><p>Identity Self Service Console (oimms)</p></figcaption></figure>

***

## Troubleshooting

### Container out of memory

If you get an error similar to:

```bash
INFO: CONNECTION_STRING = oimdb:1521/oimpdb
INFO: RCUPREFIX         = OIM03
INFO: DB_PASSWORD       = password
library initialization failed - unable to allocate file descriptor table - out of memory/u01/oracle/dockertools/createDomainAndStart.sh: line 170:    25 Aborted                 (core dumped) java -cp /$vol_name/oracle/dockertools/:/$vol_name/oracle/oracle_common/modules/oracle.jdbc/ojdbc8.jar DBUtils $jdbc_url sys $DB_PASSWORD file /$vol_name/oracle/dockertools/xaview.sql
library initialization failed - unable to allocate file descriptor table - out of memory/u01/oracle/oracle_common/bin/rcu_internal.sh: line 285:    46 Aborted                 (core dumped) $JAVA_HOME/bin/java -DRCU_HOME=$RCU_HOME -DSQLPLUS_HOME=$SQLPLUS_HOME -DORACLE_HOME=$OH $RCU_ENV_VARS -DLAUNCH_MODE=$LAUNCH_MODE -mx128m -DLD_LIBRARY_PATH=$LD_LIBRARY_PATH ${RCU_JAVA_OPTIONS} -classpath $CLASSPATH oracle.sysman.assistants.rcu.Rcu $ARGUMENTS
```

Solve it by configuring `ulimits` to your container. Either do this globally, or locally, in the `docker-compose.yml` file. I think it's easiest to do it globally and apply to all containers like so:

```yml
kdev :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » cat docker-compose.yaml         
x-ulimits: &default-ulimits
  ulimits:
    nofile:
      soft: 65536
      hard: 65536
    nproc:
      soft: 16384
      hard: 16384

services:
  oimdb:
    <<: *default-ulimits
    ... snip ...

  oimadmin:
    <<: *default-ulimits
    ... snip ...

  soams:
    <<: *default-ulimits
    ... snip ...

  oimms:
    <<: *default-ulimits
    ... snip ...
```

***

### Domain Configuration failed

```bash
kiot :: ~/oracle » docker logs -f oimadmin
... snip ...
sys.argv[19] = -hostname
sys.argv[20] = kiot.localdomain
Error: set() failed. Do dumpStack() to see details.
Error: runCmd() failed. Do dumpStack() to see details.
Traceback (most recent call last):
  File "/u01/oracle/dockertools/createOIMDomain.py", line 433, in <module>
    provisioner.createOimDomain(domainName, domainUser, domainPassword, rcuDb, rcuSchemaPrefix, rcuSchemaPassword,domainType, hostName)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 63, in createOimDomain
    domainHome = self.createBaseDomain(name, user, password, domainType)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 76, in createBaseDomain
    set('Password', password)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 79, in set
    command("set", attrName,value)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 19, in command
    return WLS.runCmd(name, args)
	at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:69)
	at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:3145)
	at com.oracle.cie.domain.script.jython.WLScriptContext.runCmd(WLScriptContext.java:747)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.jython.WLSTException
Problem invoking WLST - Traceback (most recent call last):
  File "/u01/oracle/dockertools/createOIMDomain.py", line 433, in <module>
    provisioner.createOimDomain(domainName, domainUser, domainPassword, rcuDb, rcuSchemaPrefix, rcuSchemaPassword,domainType, hostName)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 63, in createOimDomain
    domainHome = self.createBaseDomain(name, user, password, domainType)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 76, in createBaseDomain
    set('Password', password)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 79, in set
    command("set", attrName,value)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 19, in command
    return WLS.runCmd(name, args)
	at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:69)
	at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:3145)
	at com.oracle.cie.domain.script.jython.WLScriptContext.runCmd(WLScriptContext.java:747)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.jython.WLSTException

ERROR: Domain Configuration failed. Please check the logs
```

The issue is likely due to password requirements are not being met. Change password in the `setenv.sh` file to something longer and/or more complex. For dev installations I use `Passw0rd123` which suffice.

```bash
kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » . ../../setenv.sh
INFO: Setting up OIM Docker Environment...
INFO: Environment variables
DC_ADMIN_PWD=Passw0rd123
DC_DB_VERSION=19.3.0.0-ee
DC_DDIR_OIM=/home/void/oracle/docker/oimdomain
DC_HOSTNAME=kiot.localdomain
DC_ORCL_DBDATA=/home/void/oracle/docker/dbdata
DC_ORCL_HOST=oimdb
DC_ORCL_OEM_PORT=5500
DC_ORCL_PDB=oimpdb
DC_ORCL_PORT=1521
DC_ORCL_SID=oimdb
DC_ORCL_SYSPWD=Passw0rd123
DC_RCU_OIMPFX=OIM03
DC_RCU_SCHPWD=Passw0rd123
DC_REGISTRY_DB=localhost
DC_REGISTRY_OIG=localhost
DC_USERHOME=/home/void/oracle/docker
```

***

### Stuck at startup

If your SOA or IOM container get stuck at startup and the logs don't get past:

```bash
INFO: Starting the managed server oim_server1
INFO: Waiting for the Managed Server to accept requests...
```

It may be that you don't meet the hardware requirements. I had my last container, OIM, stuck at this stage until I noticed that the RAM was maxed out. Increasing the RAM from 8 to 16 GB solved it and I was able to start all four containers.

***

## Resources

{% embed url="<https://docs.oracle.com/en/middleware/idm/identity-governance/12.2.1.4/tutorial-oig-docker/>" %}

{% embed url="<https://www.youtube.com/watch?v=E3mCM4FfY-4>" %}

{% embed url="<https://www.youtube.com/watch?v=eGrry1fvrdE>" %}