The OIG domain patching script automatically performs the update of your OIG Kubernetes cluster with a new OIG container image.
The script executes the following steps sequentially:
NEVERin the domain definition yaml.
serverStartPolicyto IF_NEEDED and
imageto new image tag.
The script exits with a failure if a configurable timeout is reached before the target pod count is reached, depending upon the domain configuration. It also exits if there is any failure while patching the database schema and domain.
Note: The script execution will cause downtime while patching the OIG deployment and database schemas.
Before you begin, perform the following steps:
Review the Domain resource documentation.
Ensure that you have a running OIG deployment in your cluster.
Ensure that the database is up and running.
Download the latest code repository as follows:
Create a working directory to setup the source code.
$ mkdir <workdir>
$ mkdir /scratch/OIGK8Slatest
Download the latest OIG deployment scripts from the OIG repository.
$ cd <workdir> $ git clone https://github.com/oracle/fmw-kubernetes.git
$ cd /scratch/OIGK8Slatest $ git clone https://github.com/oracle/fmw-kubernetes.git
$WORKDIR environment variable as follows:
$ export WORKDIR=<workdir>/fmw-kubernetes/OracleIdentityGovernance
$ export WORKDIR=/scratch/OIGK8Slatest/fmw-kubernetes/OracleIdentityGovernance
Run the patch domain script as follows. Specify the inputs required by the script. If you need help understanding the inputs run the command help
$ cd $WORKDIR/kubernetes/domain-lifecycle $ ./patch_oig_domain.sh -h $ ./patch_oig_domain.sh -i <target_image_tag> -n <oig_namespace>
$ cd $WORKDIR/kubernetes/domain-lifecycle $ ./patch_oig_domain.sh -h $ ./patch_oig_domain.sh -i 22.214.171.124.0-8-ol7-<January`23> -n oigns
The output will look similar to the following
[INFO] Found domain name: governancedomain [INFO] Image Registry: container-registry.oracle.com/middleware/oig_cpu [INFO] Domain governancedomain is currently running with image: container-registry.oracle.com/middleware/oig_cpu:126.96.36.199-jdk8-ol7-<October`22> current no of pods under governancedomain are 3 [INFO] The pod helper already exists in namespace oigns. [INFO] Deleting pod helper pod "helper" deleted [INFO] Fetched Image Pull Secret: orclcred [INFO] Creating new helper pod with image: container-registry.oracle.com/middleware/oig_cpu:188.8.131.52-jdk8-ol7-<January`23> pod/helper created Checking helper Running [INFO] Stopping Admin, SOA and OIM servers in domain governancedomain. This may take some time, monitor log /scratch/OIGK8Slatest/fmw-kubernetes/OracleIdentityGovernance/kubernetes/domain-lifecycle/log/oim_patch_log-<DATE>/stop_servers.log for details [INFO] All servers are now stopped successfully. Proceeding with DB Schema changes [INFO] Patching OIM schemas... [INFO] DB schema update successful. Check log /scratch/OIGK8Slatest/fmw-kubernetes/OracleIdentityGovernance/kubernetes/domain-lifecycle/log/oim_patch_log-<DATE>/patch_oim_wls.log for details [INFO] Starting Admin, SOA and OIM servers with new image container-registry.oracle.com/middleware/oig_cpu:184.108.40.206-jdk8-ol7-<January`23> [INFO] Waiting for 3 weblogic pods to be ready..This may take several minutes, do not close the window. Check log /scratch/OIGK8Slatest/fmw-kubernetes/OracleIdentityGovernance/kubernetes/domain-lifecycle/log/oim_patch_log-<DATE>/monitor_weblogic_pods.log for progress [SUCCESS] All servers under governancedomain are now in ready state with new image: container-registry.oracle.com/middleware/oig_cpu:220.127.116.11-jdk8-ol7-<January`23>
The logs are available at
$WORKDIR/kubernetes/domain-lifecycle by default. A custom log location can also be provided to the script.
Note: If the patch domain script creation fails, refer to the Troubleshooting section.