1. Deploying and Managing Oracle Access Management on Kubernetes
  2. Administering Oracle Access Management on Kubernetes
  3. General Troubleshooting
  4. Known Issues

18.3 Known Issues

This section contains information about known issues.

Domain Creation Failure With WLST

The instructions in this section relate to problems creating Oracle Access Management (OAM) domains using WLST. See, Creating OAM Domains Using WLST Offline Scripts.

If the OAM domain creation fails, run the following to diagnose the issue:
kubectl logs <domain_job> -n <domain_namespace>
For example:
kubectl logs accessdomain-create-fmw-infra-sample-domain-job-c6vfb -n oamns
Also run:
kubectl describe pod <domain_job> -n <domain_namespace>
For example:
kubectl describe pod accessdomain-create-fmw-infra-sample-domain-job-c6vfb -n oamns
Using the output you should be able to diagnose the problem and resolve the issue.
If any of the above commands return the following error:
Failed to start container "create-fmw-infra-sample-domain-job": Error response from daemon: error while creating mount source path
'/nfs_volumes/oam/accessdomainpv ': mkdir /nfs_volumes/oam/accessdomainpv : permission denied
Then there is a permissions error on the directory for the PV and PVC and the following should be checked:
  • The directory has 777 permissions: chmod -R 777 <persistent_volume>/accessdomainpv.
  • If it does have the permissions, check if an oracle user exists and the uid is 1000 and gid is 0.

    Create the oracle user if it doesn’t exist and set the uid to 1000 and gid to 0.

  • Edit the $WORKDIR/kubernetes/create-weblogic-domain-pv-pvc/create-pv-pvc-inputs.yaml and add a slash to the end of the directory for the weblogicDomainStoragePath parameter:
    weblogicDomainStoragePath: /nfs_volumes/oam/accessdomainpv/
Once you have diagnosed the problem, clean down the failed domain creation by following: Then follow the instructions again in Creating OAM Domains Using WLST Offline Scripts

Domain Creation Failure With WDT Models

The instructions in this section relate to problems creating OAM domains using WDT models. See, Creating OAM Domains Using WDT Models.

If the domain creation fails while creating domain resources using the domain.yaml file, run the following steps to diagnose the issue:
  1. Check the domain events, by running the following command:
    kubectl describe domain <domain name> -n <domain_namespace>
    For example:
    kubectl describe domain accessdomain -n oamns
    Using the output, you should be able to diagnose the problem and resolve the issue.
  2. If the instrospector job fails due to validation errors, then you can recreate the domain resources using the commands:
    kubectl delete -f domain.yaml
    kubectl create -f domain.yaml
  3. If the domain creation fails because of database issues:
    1. Create a helper pod:
       kubectl run --image=container-registry.oracle.com/middleware/oam_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD> --image-pull-policy="IfNotPresent" --overrides='{"apiVersion": "v1","spec":{"imagePullSecrets": [{"name": "orclcred"}]}}' helper -n oamns -- sleep infinity
    2. Once you have diagnosed the problem, clean down the failed domain creation by following:
    3. Execute the steps in Creating OAM Domains Using WDT Models again.

    Note:

    You might need to recreate the domain creation image depending upon the errors. Domain creation logs are stored in <persistent_volume>/domains/wdt-logs.
  4. If there is any issues bringing up the administration server, OAM managed server pods or policy manager pods, you can run the following to check the logs:
    kubectl logs <pod> -n <domain_namespace>
    For example:
    kubectl logs accessdomain-adminserver -n oamns
    If the above does not give any information you can also run:
    kubectl describe pod <pod> -n <domain_namespace>
    For example:
    kubectl describe pod accessdomain-adminserver -n oamns
For more details related to debugging issues, refer to Domain Debugging.