Oracle HOWTO
- Model in image https://oracle.github.io/weblogic-kubernetes-operator/samples/domains/model-in-image/
- Auxiliary image creation https://oracle.github.io/weblogic-kubernetes-operator/samples/domains/model-in-image/auxiliary-image-creation/
- https://oracle.github.io/weblogic-kubernetes-operator/managing-domains/model-in-image/auxiliary-images/
- Initial use case https://oracle.github.io/weblogic-kubernetes-operator/samples/domains/model-in-image/initial/
- Archive Helper Tool https://oracle.github.io/weblogic-deploy-tooling/userguide/tools/archive_helper/
- Describe cluster and domain resource https://oracle.github.io/weblogic-kubernetes-operator/managing-domains/domain-resource/
- Ingress https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/scripts/create-weblogic-domain/ingresses/traefik-ingress-sample-domain1-admin-server.yaml
Docker HOWTO
- https://docs.docker.com/reference/cli/docker/container/run/
- --rm Automatically remove the container when it exits
- -i, --interactive Keep STDIN open even if not attached
- -t, --tty Allocate a pseudo-TTY
See also
Auxiliary images are the recommended best approach for including Model in Image model files,
application archive files, and the WebLogic Deploy Tooling installation, in your pods.
This feature eliminates the need to provide these files in the image specified
in domain.spec.image.
Instead:
- The domain resource’s
domain.spec.imagedirectly references a base image that needs to include only a WebLogic installation and a Java installation. - The domain resource’s auxiliary image related fields reference one or more smaller images that contain the desired Model in Image files.
References
-
Run the
kubectl explain domain.spec.configuration.model.auxiliaryImagescommand. -
See the
model.auxiliaryImagessection in the domain resource schema.
Domain model in image files
dave@dave:/git/weblogic-kubernetes-operator/kubernetes/samples/quick-start$ find
.
./archive
./archive/wlsdeploy
./archive/wlsdeploy/applications
./archive/wlsdeploy/applications/quickstart
./archive/wlsdeploy/applications/quickstart/WEB-INF
./archive/wlsdeploy/applications/quickstart/WEB-INF/web.xml
./archive/wlsdeploy/applications/quickstart/index.jsp
./domain-resource.yaml
./ingress-route.yaml
./model.properties
./model.yaml
- https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/quick-start/domain-resource.yaml - Weblogic k8s Operator domain resource
- https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/quick-start/model.yaml - Weblogic model descriptor
- https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/quick-start/model.properties - model properties
- https://github.com/oracle/weblogic-kubernetes-operator/blob/main/kubernetes/samples/quick-start/ingress-route.yaml - ingress k8s resources
Prepare files for Dave Domain - descriptors and application archive
- WDT - Weblogic Domain Model file https://github.com/dveselka/weblogic/blob/master/wit/dave-domain-aux-image/DiscoveredABDataSourceEARDomain.yaml
- k8s domain resources - descriptor for Weblogic k8s Opearator https://github.com/dveselka/weblogic/blob/master/wit/dave-domain-aux-image/DiscoveredABDataSourceEARDomain.yaml
- Application archive https://github.com/dveselka/weblogic/blob/master/wit/dave-domain-aux-image/DaveDomainAuxImage.zip - compiled from https://github.com/dveselka/weblogic/tree/master/dave-basic-project/dave-basic-webapp-ejb-project
dave@dave:/git/weblogic/wit/dave-domain-aux-image$ find
.
./archive
./archive/wlsdeploy
./archive/wlsdeploy/applications
./archive/wlsdeploy/applications/basicWebappEjb.war
./DiscoveredABDataSourceEARDomain.yaml
./ABDataSourceEARDomain-k8s.yaml
$ rm DaveDomainAuxImage.zip
$ archiveHelper.sh add application -archive_file=DaveDomainAuxImage.zip -source /git/weblogic/wit/dave-domain-aux-image/archive/wlsdeploy/applications/basicWebappEjb.war
wlsdeploy/applications/basicWebappEjb.war
$ unzip -l ../DaveDomainAuxImage.zip
Archive: ../DaveDomainAuxImage.zip
Length Date Time Name
--------- ---------- ----- ----
28381729 04-04-2024 11:10 wlsdeploy/applications/basicWebappEjb.war
--------- -------
28381729 1 file
Created archive - check with archive tool
$ archiveHelper.sh list application -archive_file DaveDomainAuxImage.zip
wlsdeploy/applications/basicWebappEjb.war
Add WDT installer into cache
dave@dave:/git/weblogic/wit/dave-domain-aux-image$ imagetool.sh cache deleteEntry --key wdt_latest
[INFO ] Nothing to delete for key: wdt_latest
dave@dave:/git/weblogic/wit/dave-domain-aux-image$ imagetool.sh cache addInstaller \
--type wdt \
--version latest \
--path /git/weblogic/installers/weblogic-deploy.zip
[INFO ] Successfully added to cache. wdt_latest=/git/weblogic/installers/weblogic-deploy.zip
Create Auxiliary image with WIT
Run imagetool
- WDT descriptor
- application archive
ave@dave:/git/weblogic/wit/dave-domain-aux-image$ imagetool.sh createAuxImage --tag dave-aux-wdt-domain-image:WLS-1.0 --wdtModel ./DiscoveredABDataSourceEARDomain.yaml --wdtArchive ./DaveDomainAuxImage.zip
[INFO ] WebLogic Image Tool version 1.12.2
[INFO ] Image Tool build ID: 30ea5b40-b948-4b38-b674-24ec35dd236b
[INFO ] Temporary directory used for image build context: /home/dave/wlsimgbuilder_temp576740407265692995
[INFO ] Copying ./DiscoveredABDataSourceEARDomain.yaml to build context folder.
[INFO ] Copying ./DaveDomainAuxImage.zip to build context folder.
[INFO ] Copying /git/weblogic/installers/weblogic-deploy.zip to build context folder.
[INFO ] Starting build: docker build --no-cache --force-rm --tag dave-aux-wdt-domain-image:WLS-1.0 /home/dave/wlsimgbuilder_temp576740407265692995
Sending build context to Docker daemon 30.84MB
Step 1/18 : FROM busybox as os_update
---> ba5dc23f65d4
Step 2/18 : LABEL com.oracle.weblogic.imagetool.buildid="30ea5b40-b948-4b38-b674-24ec35dd236b"
---> Running in e2ef68d98bf2
Removing intermediate container e2ef68d98bf2
---> 4e107816576d
Step 3/18 : USER root
---> Running in 1a8e7575a313
Removing intermediate container 1a8e7575a313
---> 91aaaff0af83
Step 4/18 : RUN if [ -z "$(grep ^oracle: /etc/group)" ]; then addgroup oracle || exit 1 ; fi && if [ -z "$(grep ^oracle: /etc/group)" ]; then addgroup oracle || exit 1 ; fi && if [ -z "$(grep ^oracle: /etc/passwd)" ]; then adduser -D -G oracle oracle || exit 1 ; fi
---> Running in 196b518f14a4
Removing intermediate container 196b518f14a4
---> fd867c67d0f3
Step 5/18 : FROM os_update as wdt_build
---> fd867c67d0f3
Step 6/18 : RUN mkdir -p /auxiliary && mkdir -p /auxiliary/models && chown oracle:oracle /auxiliary
---> Running in 3d8d3ca61e64
Removing intermediate container 3d8d3ca61e64
---> 388f3953e444
Step 7/18 : COPY --chown=oracle:oracle ["weblogic-deploy.zip", "/tmp/imagetool/"]
---> 4fe844c892a3
Step 8/18 : RUN test -d /auxiliary/weblogic-deploy && rm -rf /auxiliary/weblogic-deploy || echo Initial WDT install && unzip -q "/tmp/imagetool/weblogic-deploy.zip" -d /auxiliary
---> Running in c1dbd28230ec
Initial WDT install
Removing intermediate container c1dbd28230ec
---> 4216a2cc1075
Step 9/18 : FROM os_update as final
---> fd867c67d0f3
Step 10/18 : ENV AUXILIARY_IMAGE_PATH=/auxiliary WDT_HOME=/auxiliary WDT_MODEL_HOME=/auxiliary/models
---> Running in 5f9ae6be833d
Removing intermediate container 5f9ae6be833d
---> c7a4f766d1bc
Step 11/18 : RUN mkdir -p /auxiliary && chown oracle:oracle /auxiliary
---> Running in 777aec70d270
Removing intermediate container 777aec70d270
---> d15ec5a87e2a
Step 12/18 : COPY --from=wdt_build --chown=oracle:oracle /auxiliary /auxiliary/
---> 5877bb70ecd0
Step 13/18 : RUN mkdir -p /auxiliary/models && chown oracle:oracle /auxiliary/models
---> Running in 6db0d4d979f3
Removing intermediate container 6db0d4d979f3
---> acbc52b480c5
Step 14/18 : COPY --chown=oracle:oracle ["DiscoveredABDataSourceEARDomain.yaml", "/auxiliary/models/"]
---> d230c6a7af74
Step 15/18 : COPY --chown=oracle:oracle ["DaveDomainAuxImage.zip", "/auxiliary/models/"]
---> c26830f8ffa4
Step 16/18 : RUN chmod -R 640 /auxiliary/models/*
---> Running in 5cbc03438514
Removing intermediate container 5cbc03438514
---> 7828c4cf743b
Step 17/18 : USER oracle
---> Running in 13dcde89b0b2
Removing intermediate container 13dcde89b0b2
---> de177b7f5a62
Step 18/18 : WORKDIR /auxiliary
---> Running in 7a1a402e5807
Removing intermediate container 7a1a402e5807
---> 90b60de7d8e1
Successfully built 90b60de7d8e1
Successfully tagged dave-aux-wdt-domain-image:WLS-1.0
[INFO ] Build successful. Build time=19s. Image tag=dave-aux-wdt-domain-image:WLS-1.0
Check created Docker image
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
dave-aux-wdt-domain-image WLS-1.0 90b60de7d8e1 About a minute ago 37.1MB
$ docker run -it --rm dave-aux-wdt-domain-image:WLS-1.0 ls -l /auxiliary
total 0
drwxr-xr-x 1 oracle oracle 116 Apr 4 09:19 models
drwxr-x--- 1 oracle oracle 76 Apr 4 09:19 weblogic-deploy
dave@dave:/git/weblogic/wit/dave-domain-aux-image$ docker run -it --rm dave-aux-wdt-domain-image:WLS-1.0 ls -l /auxiliary/models
total 27724
-rw-r----- 1 oracle oracle 28385215 Apr 4 09:19 DaveDomainAuxImage.zip
-rw-r----- 1 oracle oracle 3286 Apr 4 09:19 DiscoveredABDataSourceEARDomain.yaml
dave@dave:/git/weblogic/wit/dave-domain-aux-image$ docker run -it --rm dave-aux-wdt-domain-image:WLS-1.0 ls -l /auxiliary/weblogic-deploy
total 8
-rw-r----- 1 oracle oracle 1839 Apr 4 09:19 LICENSE.txt
-rw-r----- 1 oracle oracle 29 Apr 4 09:19 VERSION.txt
drwxr-x--- 1 oracle oracle 826 Apr 4 09:19 bin
drwxr-x--- 1 oracle oracle 36 Apr 4 09:19 etc
drwxr-x--- 1 oracle oracle 298 Apr 4 09:19 lib
drwxr-x--- 1 oracle oracle 96 Apr 4 09:19 samples
Deploy create Dave Auxiliary image to minikube with Weblogic k8s Operator
Steps to do
- Create a Secret containing your WebLogic administrator user name and password.
- Create a Secret containing your Model in Image runtime encryption password:
- All Model in Image domains must supply a runtime encryption Secret with a
passwordvalue. - It is used to encrypt configuration that is passed around internally by the operator.
- The value must be kept private but can be arbitrary; you can optionally supply a different secret value every time you restart the domain.
- All Model in Image domains must supply a runtime encryption Secret with a
- Deploy a Domain YAML file that references the new image.
- Wait for the domain’s Pods to start and reach their ready state.
Create aux image inside Minikube Docker env to use it locally
$ eval $(minikube docker-env)
$ imagetool.sh createAuxImage --tag dave-aux-wdt-domain-image:WLS-1.0 --wdtModel ./DiscoveredABDataSourceEARDomain.yaml --wdtArchive ./DaveDomainAuxImage.zip
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
dave-aux-wdt-domain-image WLS-1.0 10b30f4038fb About a minute ago 65.5MB
$kubectl apply -f domain-resource.yaml
$ kubectl port-forward base-domain-adminserver 7001:7001 -n sample-domain1-ns
Forwarding from 127.0.0.1:7001 -> 7001
Forwarding from [::1]:7001 -> 7001
Auxiliary image operator inside Minikube
All pods
$ kubectl describe domain base-domain -n sample-domain1-ns Normal PodCycleStarting 13m weblogic.operator Replacing pod base-domain-adminserver because: Pod spec has changed. Normal RollStarting 13m weblogic.operator Rolling restart WebLogic server pods in domain base-domain because: . Normal PodCycleStarting 12m weblogic.operator Replacing pod base-domain-managedserverb because: Pod spec has changed. Normal RollStarting 12m weblogic.operator Rolling restart WebLogic server pods in domain base-domain because: . Warning Unavailable 12m (x2 over 14m) weblogic.operator Domain base-domain is unavailable: an insufficient number of its servers that are expected to be running are ready."; Normal PodCycleStarting 11m weblogic.operator Replacing pod base-domain-managedservera because: Pod spec has changed. Normal Available 10m (x2 over 14m) weblogic.operator Domain base-domain is available: a sufficient number of its servers have reached the ready state. Normal RollCompleted 10m (x2 over 13m) weblogic.operator Rolling restart of domain base-domain completed. Normal Completed 9m35s weblogic.operator Domain base-domain is complete because all of the following are true: there is no failure detected, there are no pending server shutdowns, and all servers expected to be running are ready and at their target image, auxiliary images, restart version, and introspect version.
dave@dave:/git/weblogic/wit/dave-domain-aux-image$ kubectl get pods -n sample-domain1-ns
NAME READY STATUS RESTARTS AGE
base-domain-adminserver 1/1 Running 0 13m
base-domain-managedservera 1/1 Running 0 11m
base-domain-managedserverb 1/1 Running 0 11m
sample-domain1-introspector-qzst6 0/1 Error 0 3h8m
[oracle@base-domain-adminserver config]$ cat config.xml
<?xml version="1.0" encoding="UTF-8"?>
<domain xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd" xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<name>base_domain</name>
<domain-version>14.1.1.0.0</domain-version>
<security-configuration xmlns:xacml="http://xmlns.oracle.com/weblogic/security/xacml" xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator">
<name>base_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:name>DefaultAuthenticator</sec:name>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:name>DefaultIdentityAsserter</sec:name>
<sec:active-type>AuthenticatedUser</sec:active-type>
<sec:active-type>weblogic-jwt-token</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xsi:type="xacml:xacml-role-mapperType">
<sec:name>XACMLRoleMapper</sec:name>
</sec:role-mapper>
<sec:authorizer xsi:type="xacml:xacml-authorizerType">
<sec:name>XACMLAuthorizer</sec:name>
</sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType">
<sec:name>DefaultAdjudicator</sec:name>
</sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType">
<sec:name>DefaultCredentialMapper</sec:name>
</sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType">
<sec:name>WebLogicCertPathProvider</sec:name>
</sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES256}NFOF8DcWvKQxlhAcZiWrifCqOi5l4PluW+09IN9nq1ur39UDANcIqzlNOjpg0ZwoIwTlsgw8Hh/D0D52kfpmCkC2HbmS1Ox75XM24dtacK/zwEGDAtoOsBBym7w/3JNz</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES256}r30smSbzmUw0hP/oPaKLUlvx8RSn7XVVavl1N1u6Yhs=</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<listen-address>base-domain-adminserver</listen-address>
<network-access-point>
<name>internal-t3</name>
<listen-address>localhost</listen-address>
<listen-port>7001</listen-port>
</network-access-point>
</server>
<server>
<name>ManagedServerA</name>
<listen-port>7002</listen-port>
<cluster>cluster1</cluster>
<web-server>
<name>ManagedServerA</name>
<web-server-log>
<name>ManagedServerA</name>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>base-domain-managedservera</listen-address>
<jta-migratable-target>
<name>ManagedServerA</name>
<user-preferred-server>ManagedServerA</user-preferred-server>
<cluster>cluster1</cluster>
</jta-migratable-target>
</server>
<server>
<name>ManagedServerB</name>
<listen-port>7003</listen-port>
<cluster>cluster2</cluster>
<web-server>
<name>ManagedServerB</name>
<web-server-log>
<name>ManagedServerB</name>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>base-domain-managedserverb</listen-address>
<jta-migratable-target>
<name>ManagedServerB</name>
<user-preferred-server>ManagedServerB</user-preferred-server>
<cluster>cluster2</cluster>
</jta-migratable-target>
</server>
<cluster>
<name>cluster1</name>
<cluster-messaging-mode>unicast</cluster-messaging-mode>
</cluster>
<cluster>
<name>cluster2</name>
<cluster-messaging-mode>unicast</cluster-messaging-mode>
</cluster>
<embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES256}c03SXQ9UQZkCkVVwzsX0N6kKZ+SwVOSCOYw2L/gEn9K67Ao5xnXBpELgldlsLkrq</credential-encrypted>
</embedded-ldap>
<configuration-version>14.1.1.0.0</configuration-version>
<app-deployment>
<name>basicWebapp</name>
<target>cluster1, cluster2</target>
<module-type>war</module-type>
<source-path>wlsdeploy/applications/basicWebappEjb.war</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<migratable-target>
<name>ManagedServerA (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>ManagedServerA</user-preferred-server>
<cluster>cluster1</cluster>
<migration-policy>manual</migration-policy>
</migratable-target>
<migratable-target>
<name>ManagedServerB (migratable)</name>
<notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
<user-preferred-server>ManagedServerB</user-preferred-server>
<cluster>cluster2</cluster>
<migration-policy>manual</migration-policy>
</migratable-target>
<admin-server-name>AdminServer</admin-server-name>
<jdbc-system-resource>
<name>JDBC-Data-Source-Oracle</name>
<target>cluster1, cluster2</target>
<descriptor-file-name>jdbc/JDBC-Data-Source-Oracle-3873-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
</domain>
No comments:
Post a Comment