Identity Governance

Download everything needed.

## Oracle Identity Governance (OIG)
kdev :: ~/oracle » docker pull container-registry.oracle.com/middleware/oig:14.1.2.1.0-jdk17-ol8-250315
kdev :: ~/oracle » docker tag container-registry.oracle.com/middleware/oig:14.1.2.1.0-jdk17-ol8-250315 localhost/oracle/oig:14.1.2.1.0

## Oracle 19c DB
kdev :: ~/oracle » docker pull container-registry.oracle.com/database/enterprise:19.3.0.0
kdev :: ~/oracle » docker tag container-registry.oracle.com/database/enterprise:19.3.0.0 localhost/oracle/database:19.3.0.0-ee

## Docker files
kdev :: ~/oracle » git clone https://github.com/oracle/docker-images

Configuration

Change the environment variables, bare minimum is DC_USERHOME, OIG_IMAGE and the passwords.

kdev :: ~/oracle » cd docker-images/OracleIdentityGovernance/
kdev :: oracle/docker-images/OracleIdentityGovernance ‹main› » cat setenv.sh
#!/bin/sh
export DC_USERHOME=/home/void/oracle/docker
export DC_DOCKER_GATEWAY=$(docker network inspect containerizeddb_default --format='{{(index .IPAM.Config 0).Gateway}}')

# Registry names where requisite standard images
# can be found
export DC_REGISTRY_OIG="localhost"
export DC_REGISTRY_DB="localhost"
export DC_DB_VERSION="19.3.0.0-ee"

# Proxy Environment
export http_proxy=""
export https_proxy=""
export no_proxy=""
export http_proxy=""

#===============================================
exportComposeEnv() {
  #
  export DC_HOSTNAME=`hostname -f`
  #
  # Used by Docker Compose from the env
  # Oracle DB Parameters
  #
  export DC_ORCL_PORT=1521
  export DC_ORCL_OEM_PORT=5500
  export DC_ORCL_SID=oimdb
  export DC_ORCL_PDB=oimpdb
  export DC_ORCL_SYSPWD=Passw0rd123
  export DC_ORCL_HOST=oimdb
  #
  export DC_ORCL_DBDATA=${DC_USERHOME}/dbdata
  #
  # AdminServer Password
  #
  export DC_ADMIN_PWD=Passw0rd123
  export OIG_IMAGE=localhost/oracle/oig:14.1.2.1.0
  #
  # RCU Common password for all schemas + Prefix Names
  #
  export DC_RCU_SCHPWD=Passw0rd123
  export DC_RCU_OIMPFX=OIM03
  #
  # Domain directories for the various domain types
  #
  export DC_DDIR_OIM=${DC_USERHOME}/oimdomain
}

#===============================================
createDirs() {
  mkdir -p  ${DC_DDIR_OIM}/domains/ConnectorDefaultDirectory
  chmod 777 ${DC_DDIR_OIM}
  chmod 777 ${DC_DDIR_OIM}/domains/
  chmod 777 ${DC_DDIR_OIM}/domains/ConnectorDefaultDirectory
  mkdir -p ${DC_ORCL_DBDATA}
  chmod 777 ${DC_ORCL_DBDATA}
}

#===============================================
#== MAIN starts here
#===============================================
#
echo "INFO: Setting up OIM Docker Environment..."
exportComposeEnv
createDirs
echo "INFO: Environment variables"
env | grep -e "DC_" | sort

## Set variables
kdev :: oracle/docker-images/OracleIdentityGovernance ‹main*› » . ./setenv.sh 
INFO: Setting up OIM Docker Environment...
INFO: Environment variables
DC_ADMIN_PWD=Passw0rd123
DC_DB_VERSION=19.3.0.0-ee
DC_DDIR_OIM=/home/void/oracle/docker/oimdomain
DC_DOCKER_GATEWAY=172.21.0.1
DC_HOSTNAME=kiot.localdomain
DC_ORCL_DBDATA=/home/void/oracle/docker/dbdata
DC_ORCL_HOST=oimdb
DC_ORCL_OEM_PORT=5500
DC_ORCL_PDB=oimpdb
DC_ORCL_PORT=1521
DC_ORCL_SID=oimdb
DC_ORCL_SYSPWD=Passw0rd123
DC_RCU_OIMPFX=OIM03
DC_RCU_SCHPWD=Passw0rd123
DC_REGISTRY_DB=localhost
DC_REGISTRY_OIG=localhost
DC_USERHOME=/home/void/oracle/docker

You might need to change the docker-compose.yml file as well. I've added custom ulimits configuration.

kiot :: oracle/docker-images/OracleIdentityGovernance ‹main*› » cd samples/containerizedDB 
kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » cat docker-compose.yaml   
x-common: &default-common
  ulimits:
    nofile:
      soft: 65536
      hard: 65536
    nproc:
      soft: 16384
      hard: 16384
  extra_hosts:
    - "${DC_HOSTNAME}:${DC_DOCKER_GATEWAY}"

services:
  # Oracle DB Definition
  oimdb:
    <<: *default-common
    image: ${DC_REGISTRY_DB}/oracle/database:${DC_DB_VERSION}
    ports:
      - "${DC_ORCL_PORT}:1521"
      - "${DC_ORCL_OEM_PORT}:5500"
    environment:
      - ORACLE_SID=${DC_ORCL_SID}
      - ORACLE_PDB=${DC_ORCL_PDB}
      - ORACLE_PWD=${DC_ORCL_SYSPWD}
    container_name: oimdb
    volumes:
      - ${DC_ORCL_DBDATA}:/opt/oracle/oradata

  # OIG Admin Server
  oimadmin:
    <<: *default-common
    image: ${OIG_IMAGE}
    container_name: oimadmin
    hostname: oimadmin
    command: /bin/bash -c "sleep 5s; /u01/oracle/dockertools/createDomainAndStart.sh"
    ports:
      - "7001:7001"
    environment:
      - ADMIN_HOST=${DC_HOSTNAME}
      - ADMIN_PASSWORD=${DC_ADMIN_PWD}
      - CONNECTION_STRING=${DC_ORCL_HOST}:${DC_ORCL_PORT}/${DC_ORCL_PDB}
      - DB_PASSWORD=${DC_ORCL_SYSPWD}
      - DB_SCHEMA_PASSWORD=${DC_RCU_SCHPWD}
      - RCUPREFIX=${DC_RCU_OIMPFX}
    volumes:
      - ${DC_DDIR_OIM}:/u01/oracle/user_projects

  # SOA Managed Server
  soams:
    <<: *default-common
    image: ${OIG_IMAGE}
    container_name: soams
    hostname: soams
    depends_on:
      - "oimadmin"
    command: /bin/bash -c "/u01/oracle/dockertools/startMS.sh"
    ports:
      - "8001:8001"
      - "8002:8002"
      - "8003:8003"
    environment:
      - ADMIN_HOST=${DC_HOSTNAME}
      - ADMIN_PORT=7001
      - ADMIN_PASSWORD=${DC_ADMIN_PWD}
      - MANAGED_SERVER=soa_server1
      - MS_HOST=${DC_HOSTNAME}
    volumes:
      - ${DC_DDIR_OIM}:/u01/oracle/user_projects

  # OIG Managed Server
  oimms:
    <<: *default-common
    image: ${OIG_IMAGE}
    container_name: oimms
    hostname: oimms
    depends_on:
      - "oimadmin"
    command: /bin/bash -c "/u01/oracle/dockertools/startMS.sh"
    ports:
      - "14000:14000"
      - "14001:14001"
      - "14002:14002"
    environment:
      - ADMIN_HOST=${DC_HOSTNAME}
      - ADMIN_PORT=7001
      - ADMIN_PASSWORD=${DC_ADMIN_PWD}
      - MANAGED_SERVER=oim_server1
      - MS_HOST=${DC_HOSTNAME}
    volumes:
      - ${DC_DDIR_OIM}:/u01/oracle/user_projects

Start environment

The environment is very sensitive and must be started in correct order as the containers are dependant of each other. Either tweak the docker-compose.yml to wait, or start the containers manually and observe the status using docker logs -f <container-name>. Starting the containers will take several minutes.

Important: You must use the same terminal window as the one where you set the variables.

## Database (oimdb) - takes up to 15 minutes to start
kiot :: oracle/docker-images/OracleIdentityGovernance ‹main*› » cd samples/containerizedDB                
kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » docker compose up -d oimdb        
[+] Running 2/2
 ✔ Network containerizeddb_default  Created
 ✔ Container oimdb                  Started 

kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » docker logs -f oimdb                      
... snip ...
#########################
DATABASE IS READY TO USE!
#########################

kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » docker container ls
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS                    PORTS                                                                                  NAMES
a87d6d843445   localhost/oracle/database:19.3.0.0-ee   "/bin/bash -c 'exec …"   14 minutes ago   Up 14 minutes (healthy)   0.0.0.0:1521->1521/tcp, :::1521->1521/tcp, 0.0.0.0:5500->5500/tcp, :::5500->5500/tcp   oimdb

------------
## WebLogic AdminServer (oimadmin)
kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » docker-compose up -d oimadmin
[+] Running 1/1
 ✔ Container oimadmin  Started

kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » docker logs -f oimadmin
... snip ...
INFO: Admin server is running
INFO: Admin server running, ready to start managed server

------------
## SOA Managed Server
kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » docker compose up -d soams 
[+] Running 2/2
 ✔ Container oimadmin  Running
 ✔ Container soams     Started
 
kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » docker logs -f soams
INFO: Updating the listen address - 172.21.0.5  kiot.localdomain for server soa_server1
... snip ...
INFO: Managed Server is running
INFO: Managed server has been started

------------
## OIM Managed Server
kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » docker compose up -d oimms                                                         
[+] Running 2/2
 ✔ Container oimadmin  Running                                                                                                                            0.0s 
 ✔ Container oimms     Started


WIP: Cant get this one to run..

Troubleshooting

Container out of memory

If you get an error similar to:

INFO: CONNECTION_STRING = oimdb:1521/oimpdb
INFO: RCUPREFIX         = OIM03
INFO: DB_PASSWORD       = password
library initialization failed - unable to allocate file descriptor table - out of memory/u01/oracle/dockertools/createDomainAndStart.sh: line 170:    25 Aborted                 (core dumped) java -cp /$vol_name/oracle/dockertools/:/$vol_name/oracle/oracle_common/modules/oracle.jdbc/ojdbc8.jar DBUtils $jdbc_url sys $DB_PASSWORD file /$vol_name/oracle/dockertools/xaview.sql
library initialization failed - unable to allocate file descriptor table - out of memory/u01/oracle/oracle_common/bin/rcu_internal.sh: line 285:    46 Aborted                 (core dumped) $JAVA_HOME/bin/java -DRCU_HOME=$RCU_HOME -DSQLPLUS_HOME=$SQLPLUS_HOME -DORACLE_HOME=$OH $RCU_ENV_VARS -DLAUNCH_MODE=$LAUNCH_MODE -mx128m -DLD_LIBRARY_PATH=$LD_LIBRARY_PATH ${RCU_JAVA_OPTIONS} -classpath $CLASSPATH oracle.sysman.assistants.rcu.Rcu $ARGUMENTS

Solve it by configuring ulimits to your container. Either do this globally, or locally, in the docker-compose.yml file. I think it's easiest to do it globally and apply to all containers like so:

kdev :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » cat docker-compose.yaml         
x-ulimits: &default-ulimits
  ulimits:
    nofile:
      soft: 65536
      hard: 65536
    nproc:
      soft: 16384
      hard: 16384

services:
  oimdb:
    <<: *default-ulimits
    ... snip ...

  oimadmin:
    <<: *default-ulimits
    ... snip ...

  soams:
    <<: *default-ulimits
    ... snip ...

  oimms:
    <<: *default-ulimits
    ... snip ...

Domain Configuration failed

kiot :: ~/oracle » docker logs -f oimadmin
... snip ...
sys.argv[19] = -hostname
sys.argv[20] = kiot.localdomain
Error: set() failed. Do dumpStack() to see details.
Error: runCmd() failed. Do dumpStack() to see details.
Traceback (most recent call last):
  File "/u01/oracle/dockertools/createOIMDomain.py", line 433, in <module>
    provisioner.createOimDomain(domainName, domainUser, domainPassword, rcuDb, rcuSchemaPrefix, rcuSchemaPassword,domainType, hostName)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 63, in createOimDomain
    domainHome = self.createBaseDomain(name, user, password, domainType)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 76, in createBaseDomain
    set('Password', password)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 79, in set
    command("set", attrName,value)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 19, in command
    return WLS.runCmd(name, args)
	at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:69)
	at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:3145)
	at com.oracle.cie.domain.script.jython.WLScriptContext.runCmd(WLScriptContext.java:747)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.jython.WLSTException
Problem invoking WLST - Traceback (most recent call last):
  File "/u01/oracle/dockertools/createOIMDomain.py", line 433, in <module>
    provisioner.createOimDomain(domainName, domainUser, domainPassword, rcuDb, rcuSchemaPrefix, rcuSchemaPassword,domainType, hostName)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 63, in createOimDomain
    domainHome = self.createBaseDomain(name, user, password, domainType)
  File "/u01/oracle/dockertools/createOIMDomain.py", line 76, in createBaseDomain
    set('Password', password)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 79, in set
    command("set", attrName,value)
  File "/tmp/WLSTOfflineIni15508568619490940666.py", line 19, in command
    return WLS.runCmd(name, args)
	at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:69)
	at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:3145)
	at com.oracle.cie.domain.script.jython.WLScriptContext.runCmd(WLScriptContext.java:747)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.jython.WLSTException

ERROR: Domain Configuration failed. Please check the logs

The issue is likely due to password requirements are not being met. Change password in the setenv.sh file to something longer and/or more complex. For dev installations I use Passw0rd123 which suffice.

kiot :: OracleIdentityGovernance/samples/containerizedDB ‹main*› » . ../../setenv.sh
INFO: Setting up OIM Docker Environment...
INFO: Environment variables
DC_ADMIN_PWD=Passw0rd123
DC_DB_VERSION=19.3.0.0-ee
DC_DDIR_OIM=/home/void/oracle/docker/oimdomain
DC_HOSTNAME=kiot.localdomain
DC_ORCL_DBDATA=/home/void/oracle/docker/dbdata
DC_ORCL_HOST=oimdb
DC_ORCL_OEM_PORT=5500
DC_ORCL_PDB=oimpdb
DC_ORCL_PORT=1521
DC_ORCL_SID=oimdb
DC_ORCL_SYSPWD=Passw0rd123
DC_RCU_OIMPFX=OIM03
DC_RCU_SCHPWD=Passw0rd123
DC_REGISTRY_DB=localhost
DC_REGISTRY_OIG=localhost
DC_USERHOME=/home/void/oracle/docker

Last updated

Was this helpful?