Release 23.2.1 - Oracle Identity Management documentation updates (#162)

Author: ashageetha

OracleUnifiedDirectory/kubernetes/helm/oud-ds-rs/templates/service-admin-upgrade-hook.yaml

@@ -23,9 +23,9 @@ environment. You can:
 
 ### Current production release
 
-The current production release for the Oracle Access Management domain deployment on Kubernetes is [23.1.1](https://github.com/oracle/fmw-kubernetes/releases). This release uses the WebLogic Kubernetes Operator version 3.4.2.
+The current production release for the Oracle Access Management domain deployment on Kubernetes is [23.2.1](https://github.com/oracle/fmw-kubernetes/releases). This release uses the WebLogic Kubernetes Operator version 4.0.4.
 
-For 3.3.X WebLogic Kubernetes Operator refer to [Version 22.3.1](https://oracle.github.io/fmw-kubernetes/22.3.1/oam/)
+For 3.4.X WebLogic Kubernetes Operator refer to [Version 23.1.1](https://oracle.github.io/fmw-kubernetes/23.1.1/idm-products/oam/)
 
 ### Recent changes and known issues
 
@@ -46,6 +46,7 @@ If performing an Enterprise Deployment where multiple Oracle Identity Management
 
 To view documentation for an earlier release, see:
 
+* [Version 23.1.1](https://oracle.github.io/fmw-kubernetes/23.1.1/idm-products/oam/)
 * [Version 22.4.1](https://oracle.github.io/fmw-kubernetes/22.4.1/oam/)
 * [Version 22.3.1](https://oracle.github.io/fmw-kubernetes/22.3.1/oam/)
 * [Version 22.2.1](https://oracle.github.io/fmw-kubernetes/22.2.1/oam/)

docs-source/content/idm-products/oam/create-oam-domains/_index.md

@@ -27,12 +27,13 @@ The table below outlines the variables and values you must set:
 | --- | --- | --- |
 | `<ELK_VER>` | `8.3.1` | The version of logstash you want to install.|
 | `<ELK_SSL>` | `true` | If SSL is enabled for ELK set the value to `true`, or if NON-SSL set to `false`. This value must be lowercase.|
-| `<ELK_CERT>` | `MIIDVjCCAj6gAwIBAgIRAOqQ3Gy75..etc...P9ovZ/EKPpE6Gq`  | If `ELK_SSL=true`, this is the BASE64 version of the certificate between `---BEGIN CERTIFICATE---` and `---END CERTIFICATE---`. This is the Certificate Authority (CA) certificate(s), that signed the certificate of the Elasticsearch server. If using a self-signed certificate, this is the self signed certificate of the Elasticsearch server. See [Copying the Elasticsearch Certificate](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-monitoring-and-visualization-software.html#GUID-C1FC1063-FA76-48AD-AE3D-A39390874C74) for details on how to get the correct certificate.|
 | `<ELK_HOSTS>` | `https://elasticsearch.example.com:9200` | The URL for sending logs to Elasticsearch. HTTP if NON-SSL is used.|
 | `<ELKNS>` | `oamns` | The domain namespace.|
 | `<ELK_USER>` | `logstash_internal` | The name of the user for logstash to access Elasticsearch.|
 | `<ELK_PASSWORD>` |  `password` | The password for ELK_USER.|
 | `<ELK_APIKEY>` | `apikey` | The API key details.|
+
+You will also need the BASE64 version of the Certificate Authority (CA) certificate(s) that signed the certificate of the Elasticsearch server. If using a self-signed certificate, this is the self signed certificate of the Elasticsearch server. See [Copying the Elasticsearch Certificate](https://docs.oracle.com/en/middleware/fusion-middleware/12.2.1.4/ikedg/installing-monitoring-and-visualization-software.html#GUID-C1FC1063-FA76-48AD-AE3D-A39390874C74) for details on how to get the correct certificate. In the example below the certificate is called `elk.crt`.
 
 
 #### Create Kubernetes secrets
@@ -152,7 +153,29 @@ The table below outlines the variables and values you must set:
 
 #### Create the Configmap
 
-1. Navigate to the `$WORKDIR/kubernetes/elasticsearch-and-kibana` directory and create a `logstash_cm.yaml` file as follows:
+1. Copy the `elk.crt` file to the `$WORKDIR/kubernetes/elasticsearch-and-kibana` directory.
+
+1. Navigate to the `$WORKDIR/kubernetes/elasticsearch-and-kibana` directory and run the following:
+
+   ```
+   kubectl create configmap elk-cert --from-file=elk.crt -n <namespace>
+   ```
+   
+   For example:
+   
+   ```
+   kubectl create configmap elk-cert --from-file=elk.crt -n oamns
+   ```
+   
+   The output will look similar to the following:
+   
+   ```
+   configmap/elk-cert created
+   ```
+   
+   
+
+1. Create a `logstash_cm.yaml` file in the `$WORKDIR/kubernetes/elasticsearch-and-kibana` directory as follows:
 
    ```
    apiVersion: v1
@@ -163,14 +186,9 @@ The table below outlines the variables and values you must set:
    data:
      logstash.yml: |
      #http.host: "0.0.0.0"
- 
-     elk.crt: |
-       -----BEGIN CERTIFICATE-----  
-       <ELK_CERT>
-       -----END CERTIFICATE-----
      logstash-config.conf: |
        input {
-         file {
+        file {
            path => "/u01/oracle/user_projects/domains/logs/accessdomain/AdminServer*.log"
            tags => "Adminserver_log"
            start_position => beginning
@@ -195,16 +213,6 @@ The table below outlines the variables and values you must set:
            tags => "Policy_diagnostic"
            start_position => beginning
          }
-         file {
-           path => "/u01/oracle/user_projects/domains/accessdomain/servers/**/logs/oam_server*-diagnostic.log"
-           tags => "Oamserver_diagnostic"
-           start_position => beginning
-         }
-         file {
-           path => "/u01/oracle/user_projects/domains/accessdomain/servers/**/logs/access*.log"
-           tags => "Access_logs"
-           start_position => beginning
-         }
          file {
          path => "/u01/oracle/user_projects/domains/accessdomain/servers/AdminServer/logs/auditlogs/OAM/audit.log"
          tags => "Audit_logs"
@@ -226,20 +234,18 @@ The table below outlines the variables and values you must set:
        hosts => ["<ELK_HOSTS>"]
        cacert => '/usr/share/logstash/config/certs/elk.crt'
        index => "oamlogs-000001"
-       ssl => <ELK_SSL>
+       ssl => true
        ssl_certificate_verification => false
        user => "<ELK_USER>"
        password => "${ELASTICSEARCH_PASSWORD}"
-       api_key => "${ELASTICSEARCH_PASSWORD}"
+	   api_key => "${ELASTICSEARCH_PASSWORD}"
          }
        }
    ```
 
    Change the values in the above file as follows:
 
-   + Change the `<ELKNS>`, `<ELK_CERT>`, `<ELK_HOSTS>`. `<ELK_SSL>` to match the values for your environment.
-   + If using SSL, make sure the value for `<ELK_CERT>` is indented correctly. You can use the command: `sed 's/^/   /' elk.crt` to output the certificate with the correct indentation.
-   + If not using SSL, delete the `<ELK_CERT>` line, but leave the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
+   + Change the `<ELKNS>`, `<ELK_HOSTS>`, `<ELK_SSL>`, and `<ELK_USER>` to match the values for your environment.
    + Change `/u01/oracle/user_projects/domains` to match the `mountPath` returned earlier
    + If your domainUID is anything other than `accessdomain`, change each instance of `accessdomain` to your domainUID.
    + If using API KEY for your ELK authentication, delete the `user` and `password` lines.
@@ -257,28 +263,6 @@ The table below outlines the variables and values you must set:
    data:
      logstash.yml: |
      #http.host: "0.0.0.0"
-
-     elk.crt: |
-       -----BEGIN CERTIFICATE-----
-       MIIDVjCCAj6gAwIBAgIRAOqQ3Gy75NvPPQUN5kXqNQUwDQYJKoZIhvcNAQELBQAw
-       NTEWMBQGA1UECxMNZWxhc3RpY3NlYXJjaDEbMBkGA1UEAxMSZWxhc3RpY3NlYXJj
-       aC1odHRwMB4XDTIyMDgyNDA1MTU1OVoXDTIzMDgyNDA1MjU1OVowNTEWMBQGA1UE
-       CxMNZWxhc3RpY3NlYXJjaDEbMBkGA1UEAxMSZWxhc3RpY3NlYXJjaC1odHRwMIIB
-       IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQOnxUm9uF32+lyc9SA3WcMZ
-       P1X7TbHMDuO/l3UHBUf5F/bt2m3YkGw+enIos9wzuUNpjIwVt8q4WrRCMl80nAQ0
-       yCXrfLSI9zaHxEC8Ht7V0U+7Sgu5uysD4tyZ9T0Q5zjvkWS6oBPxhfri3OQfPvUW
-       gQ6wJaPGDteYZAwiBMvPEkmh0VUTBTXjToHrtrT7pzmz5BBWnUzdf+jv0+nEfedm
-       mMWw/8jqyqid7bu7bo6gKBZ8zk06n2iMaXzmGW34QlYRLBgubThhxyDE7joZ4NTA
-       UFEJecZR2fccmpN8CNkT9Ex4Hq88nh2OP5XKKPNF4kLh2u6F4auF7Uz42jwvIwID
-       AQABo2EwXzAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-       AQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLQb/IjHHkSmHgKSPY7r
-       zBIJZMbdMA0GCSqGSIb3DQEBCwUAA4IBBQA01qY0tGIPsKNkn7blxRjEYkTg59Z5
-       vi6MCpGtdoyZeJgH621IpwyB34Hpu1RQfyg1aNgmOtIK9cvQZRl008DHF4AiHYhU
-       6xe3cjI/QxDXwitoBgWl+a0mkwhSmzJt7TuzImq7RMO4ws3M/nGeNUwFjwsQu86+
-       N/Y3RuuUVbK1xy8Jdz3FZADIgHVPN6GQwYKEpWrZNapKBXjunjCZmpBFxqGMRF44
-       fcSKFlFkwjyTq4kgq44NPv18NMfKCYZcK7ttRTiep77vKB7No/TM69Oz5ZHhQ+2Q
-       pSGg3QF+1fOCFCgWXFEOle6lQ5i8a/GihY0FuphrZxP9ovZ/EKPpE6Gq
-       -----END CERTIFICATE-----
      logstash-config.conf: |
        input {
         file {
@@ -307,7 +291,7 @@ The table below outlines the variables and values you must set:
            start_position => beginning
          }
          file {
-		 path => "/u01/oracle/user_projects/domains/accessdomain/servers/AdminServer/logs/auditlogs/OAM/audit.log"
+         path => "/u01/oracle/user_projects/domains/accessdomain/servers/AdminServer/logs/auditlogs/OAM/audit.log"
          tags => "Audit_logs"
          start_position => beginning
          }
@@ -387,7 +371,7 @@ The table below outlines the variables and values you must set:
            - containerPort: 5044
              name: logstash
            volumeMounts:
-           - mountPath: /u01/oracle/user_projects/domains
+           - mountPath: /u01/oracle/user_projects
              name: weblogic-domain-storage-volume
            - name: shared-logs
              mountPath: /shared-logs
@@ -404,7 +388,7 @@ The table below outlines the variables and values you must set:
              items:
              - key: elk.crt
                path: elk.crt
-             name: oam-logstash-configmap
+             name: elk-cert
            name: elk-cert
          - configMap:
              defaultMode: 420
@@ -430,6 +414,7 @@ The table below outlines the variables and values you must set:
    + Change the `<ELKNS>`, `<ELK_VER>` to match the values for your environment.
    + Change `/u01/oracle/user_projects/domains` to match the `mountPath` returned earlier
    + Change the `claimName` value to match the `claimName` returned earlier
+   + If your Kubernetes environment does not allow access to the internet to pull the logstash image, you must load the logstash image in your own container registry and change `image: logstash:<ELK_VER>` to the location of the image in your container registry e.g: `container-registry.example.com/logstash:8.3.1`
 
 
    For example:
@@ -468,7 +453,7 @@ The table below outlines the variables and values you must set:
            - containerPort: 5044
              name: logstash
            volumeMounts:
-           - mountPath: /u01/oracle/user_projects/domains
+           - mountPath: /u01/oracle/user_projects
              name: weblogic-domain-storage-volume
            - name: shared-logs
              mountPath: /shared-logs
@@ -485,7 +470,7 @@ The table below outlines the variables and values you must set:
              items:
              - key: elk.crt
                path: elk.crt
-             name: oam-logstash-configmap
+             name: elk-cert
            name: elk-cert
          - configMap:
              defaultMode: 420
@@ -505,8 +490,7 @@ The table below outlines the variables and values you must set:
            persistentVolumeClaim:
              claimName: accessdomain-domain-pvc
          - name: shared-logs
-           emptyDir: {}
-   ```   
+           emptyDir: {}   ```   
 
 1. Deploy the `logstash` pod by executing the following command: