IDM MAA bug fixes (#182)

Author: mdr2

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/README.md

@@ -323,6 +323,7 @@ These can include registry prefixes if you use a registry. Use the `local/` pref
 |**OAA\_MGT\_IMAGE** | `$REGISTRY/oracle/oaa-mgmt` | The OAA Management container image.|
 |**KUBECTL\_REPO** | `bitnami/kubectl` | The kubectl image used by OUD.|
 |**BUSYBOX\_REPO** | `docker.io/busybox` | The busybox image used by OUD.|
+|**PROM\_REPO** |  | If you are using your own container registry and have staged the Prometheus and Grafana images in this registry then set this variable to the location of your registry.  Leave blank if you wish to obtain the images from the public repositories.|
 |**OPER\_VER** | `4.0.4` | The version of the WebLogic Kubernetes Operator.|
 |**OUD\_VER** | `12.2.1.4.0-8-ol7-210715.1921` | The OUD version.|
 |**OUDSM\_VER** | `12.2.1.4.0-8-ol7-210721.0755` | The OUDSM version.|
@@ -503,7 +504,7 @@ These parameters determine how OAM is deployed and configured.
 |**OAM\_OAP\_HOST** | `k8worker1.example.com` | The name of one of the Kubernetes worker nodes used for OAP calls.|
 |**OAM\_OAP\_PORT** | `5575` | The internal Kubernetes port used for OAM requests.|
 |**OAMSERVER\_JAVA\_PARAMS** | "`-Xms2048m -Xmx8192m`" | The internal Kubernetes port used for OAM requests.|
-|**COPY\_WG\_FILES** | "`true`" | Set to true if you wish the deployment to copy the Webate Artifacts to your Oracle HTTP Server(s)|
+|**COPY\_WG\_FILES** | `true` | Set to true if you wish the deployment to copy the WebGate Artifacts to your Oracle HTTP Server(s)|
 
 ### OIG Parameters
 These parameters determine how OIG is provisioned and configured.
@@ -596,7 +597,7 @@ These parameters determine how OAA is provisioned and configured.
 |**OAANS** |`oaans`| The Kubernetes namespace used to hold the OAA objects.|
 |**OAA\_DEPLOYMENT** |`edg`| A name for your OAA deployment. Do not use the name `oaa` because this is reserved for internal use.|
 |**OAA\_DOMAIN** |`OAADomain`| The name of the OAM OAuth domain you want to create.|
-|**OAA\_VAULT\_TYPE** |`file|oci`| The type of vault to use: file system or OCI.|
+|**OAA\_VAULT\_TYPE** |`file or oci`| The type of vault to use: file system or OCI.|
 |**OAA\_CREATE\_OHS** |`true`| Set to `false` if you are installing OAA standalone front ended by Ingress. |
 |**OAA\_CONFIG\_SHARE** |`$IAM_PVS/oaaconfigpv`| The mount point on NFS where OAA config persistent volume is exported.|
 |**OAA\_CRED\_SHARE** |`$IAM_PVS/oaacredpv`| The mount point on NFS where OAA credentials persistent volume is exported.|

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh

@@ -891,6 +891,10 @@ enable_monitor()
    ENC_WEBLOGIC_PWD=`encode_pwd $OAM_WEBLOGIC_PWD`
 
 
+   PROM_REL=$(kubectl get prometheuses.monitoring.coreos.com --all-namespaces -o jsonpath="{.items[*].spec.serviceMonitorSelector}" | tr '"{}' ' ' | cut -f3 -d: | sed 's/ //g ')
+
+   cp $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml.template $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
+   replace_value2 release $PROM_REL $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
    replace_value2 domainName $OAM_DOMAIN_NAME $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
    replace_value2 namespace $OAMNS $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
    sed -i  "/namespaceSelector/,/-/{s/-.*/- $OAMNS/}" $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh

@@ -1082,7 +1082,10 @@ enable_monitor()
    ENC_WEBLOGIC_USER=`encode_pwd $OIG_WEBLOGIC_USER`
    ENC_WEBLOGIC_PWD=`encode_pwd $OIG_WEBLOGIC_PWD`
 
+   PROM_REL=$(kubectl get prometheuses.monitoring.coreos.com --all-namespaces -o jsonpath="{.items[*].spec.serviceMonitorSelector}" | tr '"{}' ' ' | cut -f3 -d: | sed 's/ //g ')
 
+   cp $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml.template $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
+   replace_value2 release $PROM_REL $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
    replace_value2 domainName $OIG_DOMAIN_NAME $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
    replace_value2 namespace $OIGNS $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml
    sed -i  "/namespaceSelector/,/-/{s/-.*/- $OIGNS/}" $WORKDIR/samples/monitoring-service/manifests/wls-exporter-ServiceMonitor.yaml

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/prom_functions.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright (c) 2022, Oracle and/or its affiliates.
+# Copyright (c) 2022, 2023, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # This is an example of Prometheus functions and procedures used by the provisioning and deletion scripts
@@ -47,12 +47,15 @@ create_override()
    update_variable "<PROM_K8>" $PROM_K8 $filename
    update_variable "<PROM_GRAF_K8>" $PROM_GRAF_K8 $filename
    update_variable "<OHS_HOST1>" $OHS_HOST1 $filename
+   if [ ! "$PROM_REPO" = "" ]
+   then
+     sed -i "/^alert/i global:\n  imageRegistry: $PROM_REPO\n  imagePullSecrets:\n    - name: regcred\n" $filename
+   fi
    if [ ! "$OHS_HOST2" = "" ]
    then
       update_variable "<OHS_HOST2>" $OHS_HOST2 $filename
    fi
    update_variable "<PROM_ADMIN_PWD>" $PROM_ADMIN_PWD $filename
-
    print_status $?
 
    ET=`date +%s`
@@ -68,7 +71,12 @@ deploy_prometheus()
    print_msg "Deploying Prometheus"
 
    cd $WORKDIR
-   helm install -n $PROMNS kube-prometheus  prometheus-community/kube-prometheus-stack -f $WORKDIR/override_prom.yaml > $LOGDIR/deploy.log 2>&1
+   if [ "$PROM_REPO" = "" ]
+   then
+      helm install -n $PROMNS  kube-prometheus  prometheus-community/kube-prometheus-stack -f $WORKDIR/override_prom.yaml > $LOGDIR/deploy.log 2>&1
+   else
+      helm install -n $PROMNS --set grafana.image.repository=$PROM_REPO/grafana/grafana kube-prometheus  prometheus-community/kube-prometheus-stack -f $WORKDIR/override_prom.yaml > $LOGDIR/deploy.log 2>&1
+   fi
    print_status $? $LOGDIR/deploy.log
 
    ET=`date +%s`

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/oke_utils/common/oci_create_functions.sh

@@ -192,7 +192,7 @@ createBastion() {
   if [[ $STEPNO -gt $PROGRESS ]]; then
     ST=`date +%s`
     print_msg begin "Copying the ssh keyfile '$SSH_ID_KEYFILE' to the Bastion Node..."
-    id=$(cat $RESOURCE_OCID_FILE | grep $BASTION_INSTANCE_DISPLAY_NAME | cut -d: -f2)
+    id=$(cat $RESOURCE_OCID_FILE | grep $BASTION_INSTANCE_DISPLAY_NAME: | cut -d: -f2)
     ip=$(oci compute instance list-vnics --region $REGION --compartment-id $COMPARTMENT_ID --instance-id $id \
            --query 'data[0]."public-ip"' --raw-output)
     cmd="scp -q -o \"StrictHostKeyChecking no\" -i $SSH_ID_KEYFILE $SSH_ID_KEYFILE opc@$ip:~/.ssh/id_rsa"

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/oke_utils/common/oci_util_functions.sh

@@ -209,7 +209,7 @@ formatShapeConfig() {
 
 # Retrieve the IP address of the bastion host given its ocid
 get_bastion_ip() {
-  id=$(cat $RESOURCE_OCID_FILE | grep $BASTION_INSTANCE_DISPLAY_NAME | cut -d: -f2)
+  id=$(cat $RESOURCE_OCID_FILE | grep $BASTION_INSTANCE_DISPLAY_NAME: | cut -d: -f2)
   BASTIONIP=$(oci compute instance list-vnics --region $REGION --compartment-id $COMPARTMENT_ID --instance-id $id \
           --query 'data[0]."public-ip"' --raw-output)
   if [[ "$?" != "0" ]]; then

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/oke_utils/provision_oke.sh

@@ -134,7 +134,7 @@ print_msg screen "\n\nCreation of the OCI resources defined in chapter 9 of the
 print_msg screen "in $total_time."
 print_msg screen "\nReview the log file at $LOGDIR/$LOGFILE for full details."
 
-id=$(cat $RESOURCE_OCID_FILE | grep $BASTION_INSTANCE_DISPLAY_NAME | cut -d: -f2)
+id=$(cat $RESOURCE_OCID_FILE | grep $BASTION_INSTANCE_DISPLAY_NAME: | cut -d: -f2)
 ip=$(oci compute instance list-vnics --compartment-id $COMPARTMENT_ID --instance-id $id \
        --query 'data[0]."public-ip"' --raw-output) 
 print_msg screen "Use the following command to connect to the bastion host:"

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_prom.sh

@@ -92,6 +92,21 @@ then
     update_progress
 fi
 
+# Create a Container Registry Secret if requested
+#
+if [ ! "$PROM_REPO" = "" ]
+then
+  new_step
+  if [ $STEPNO -gt $PROGRESS ]
+  then
+     if [ "$CREATE_REGSECRET" = "true" ]
+     then
+        create_registry_secret $REGISTRY $REG_USER $REG_PWD $PROMNS
+     fi
+     update_progress
+  fi
+fi
+
 new_step
 if [ $STEPNO -gt $PROGRESS ]
 then

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/oud_dr.sh

@@ -8,7 +8,7 @@
 #
 
 COPIES=3
-EXCLUDE_LIST="--exclude=\".snapshot\" "
+EXCLUDE_LIST="--exclude=\".snapshot\" --exclude=\"backups\" --exclude=\"backup_running\" --exclude=\"dr_scripts\" "
 
 
 create_oci_snapshot()

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/prometheus/override_prom.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2022, Oracle and/or its affiliates.
+# Copyright (c) 2022, 2023, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # This is an example of a helm override file to deploy Prometheus
@@ -7,6 +7,7 @@
 #
 # Usage: Used and Input to Helm command
 #
+
 alertmanager:
   service:
     nodePort: <PROM_ALERT_K8>
@@ -30,4 +31,3 @@ grafana:
     type: NodePort
 
   adminPassword: <PROM_ADMIN_PWD>
-