Preparing the Properties file for Installation

5.3 Preparing the Properties file for Installation

You can customize the OAA, OARM, and OUA installation by setting properties in the installOAA.properties file. The installOAA.properties is used by the Management Container installation script and is copied to the <NFS_CONFIG_PATH> during the installation of the Management Container pod. The installOAA.properties file is later passed as an argument to the OAA.sh script when deploying OAA, OARM, and OUA.

The following sections show how to prepare the installOAA.properties file based on deploying using the Oracle recommended sandbox architecture in Supported Architectures:

5.3.1 Gathering Variables

List of Variables

Throughout the Prerequisite Configurations for Installing OAA, OARM, and OUA chapter, you should have gathered variables during the Configuration Checkpoints sections. These variables will be used to populate the parameters in the installOAA.properties. The variables required for the installOAA.properties are shown below for completeness:

Note:

The variables are listed in the order they were collected in the Configuration Checkpoints sections.

Variable	Sample Value	Description
<NFS_HOST>	`nfs.example.com`	The fully qualified hostname of the NFS Server used by the Kubernetes Cluster.
<NFS_CONFIG_PATH>	`/nfs/mountOAApv/OAAConfig`	The path on NFS server to the <NFS_CONFIG_PATH>
<NFS_CREDS_PATH>	`/nfs/mountOAApv/OAACreds`	The path on NFS server to the <NFS_CREDS_PATH>
<NFS_LOGS_PATH>	`/nfs/mountOAApv/OAALogs`	The path on NFS server to the <NFS_LOGS_PATH>
<NFS_VAULT_PATH>	`/nfs/mountOAApv/OAAVault`	The path on NFS server to the <NFS_VAULT_PATH>
<INSTALL_HOST>	`install.example.com`	Fully qualified hostname of the installation host.
<WORKDIR>	`/workdir`	The working directory created on the installation host.
<DB_HOST>	`db.example.com`	The fully qualified hostname of the database server.
<DB_PORT>	`1521`	The database listener port.
<DB_SERVICE>	`orcl.example.com`	The database service name.
<DB_NAME>	`orcl`	The database name.
<SYS_PWD>	`password`	The password of the SYS user in the database.
<WEB_HOST>	`https://ohs.oracle.com`	The fully qualified hostname of the OHS server that is used as the entry point to OAM. If you are using a load balancer in front of OHS, also collect the fully qualified hostname of the load balancer <LBR_HOST>.
<OAM_ADMIN_USER>	`oamadmin`	The username of the OAM administration user who logs into the OAM Administration console (`/oamconsole`).
<OAM_ADMIN_PASSWORD>	`password`	The password for the OAM administration user.
<OAM_ADMIN_BASE64>	`b2FtYWRtaW46cGFzc3dvcmQ=`	The BASE64 encoded value of`<OAM_ADMIN_USER>:<OAM_ADMIN_PASSWORD>`
<IDSTORE>	`OUDStore`	The Default User Identity Store used by OAM.
<OUA_TAPFILE_LOCATION>	`/workdir/OAMOUAKeyStore.jks`	The location of the `<WORKDIR>/OAMOUAKeyStore.jks` on the <INSTALL_HOST>.
<OUA_TAPFILE_PASSWORD>	`cGFzc3dvcmQ=`	The BASE64 encoded password of the `OAMOUAKeyStore.jks`.
<OAA_TAPFILE_LOCATION>	`/workdir/ OAMOAAKeyStore.jks`	The location of the `<WORKDIR>/OAMOAAKeyStore.jks` on the <INSTALL_HOST>.
<OAA_TAPFILE_PASSWORD>	`cGFzc3dvcmQ=`	The BASE64 encoded password of the `OAMOAAKeyStore.jks`.
<LDAP_SERVER>	`ldap://oud.example.com:1389`	The LDAP server protocol, hostname and port.
<LDAP_ADMIN_USER>	`cn=oudadmin`	The user name of the directory administrator.
<LDAP_ADMIN_PWD>	`password`	The password of the directory administrator.
<LDAP_USER_SEARCHBASE>	`cn=Users,dc=example,dc=com`	The location in the directory where names of users are stored.
<LDAP_GROUP_SEARCHBASE>	`cn=Groups,dc=example,dc=com`	The location in the directory where groups/roles are stored.
<CIR_HOST>	`cir.example.com`	The fully qualified hostname of the Container Image Registry
<CIR_REPOSITORY>	`cir.example.com/repository/oaa`	The repository where the OAA images will be pushed to.
<USER_CERT_P12>	`/workdir/cert.p12`	The location of the `<WORKDIR>/cert.p12` on the <INSTALL_HOST>. This is only required if you generated third party certificates.
<USER_CERT_P12_PWD>	`password`	The password for the `cert.p12`. This is only required if you generated third party certificates.
<TRUST_CERT_P12>	`/workdir/trust.p12`	The location of the `<WORKDIR>/trust.p12` on the <INSTALL_HOST>. This is only required if you generated third party certificates.
<TRUST_CERT_P12_PWD>	`password`	The password for the `trust.p12`. This is only required if you generated third party certificates.

5.3.2 Editing the installOAA.properties

The following are the properties that must be changed in the installOAA.properties based on installing as per the Oracle recommended sandbox architecture in Supported Architectures. Properties not listed below should not be changed from their default values. Where variables are referenced, replace with your corresponding value.

Note:

If you are not using the Oracle recommended sandbox architecture Supported Architectures, you will need to refer to Understanding installOAA.properties Parameters, as the parameters to change may differ.

Common Deployment Configuration

Variable	Sample Value	Description
`common.deployment.keystorepassphrase=<USER_CERT_P12_PWD>`	`password`	If using your own certificates, you must set this to <USER_CERT_P12_PWD>. If you are going to use the self-signed certificates generated by OAA during installation, then set to a password of your choice.
`common.deployment.truststorepassphrase=<TRUST_CERT_P12_PWD>`	`password`	If using your own certificates, you must set this to <TRUST_CERT_P12_PWD>. If you are going to use the self-signed certificates generated by OAA during installation, then set to a password of your choice.
`common.deployment.mode=<type>`	`Both`	Determines the installation type. Set `<type>` to the value based on the components you wish to install: `Both` - install OAA and OARM. `OUA` - install OAA, OARM, and OUA. `OAA` - install OAA only.

Database Configuration

Variable	Sample Value	Description
`database.host=<DB_HOST>`	`db.example.com`	The fully qualified hostname of the database server where you want to store your OAA schemas.
`database.port=<DB_PORT>`	`1521`	The database listener port.
`database.syspassword=<SYS_PWD>`	`password`	The password of the SYS user in the database.
`database.schemapassword=<password>`	`password`	The password you want to set for the OAA schema in the database
`database.svc=<DB_SERVICE>`	`orcl.example.com`	The database service name.
`database.name=<DB_NAME>`	`orcl`	The database name.

OAUTH Configuration

Variable	Sample Value	Description
`oauth.identityprovider=<IDSTORE>`	`OUDStore`	The Default User Identity Store used by OAM.
`oauth.redirecturl=<WEB_HOST>`	`https://ohs.example.com`	The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer <LBR_HOST>.
`oauth.applicationid=default`	`default`	Application ID for OAA. Can be set to any value.
`oauth.adminurl=<WEB_HOST>`	`https://ohs.example.com`	The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer <LBR_HOST>.
`oauth.basicauthzheader=<OAM_ADMIN_BASE64>`	`b2FtYWRtaW46cGFzc3dvcmQ=`	The BASE64 encoded value for`<OAM_ADMIN_USER>:<OAM_ADMIN_PASSWORD>`
`oauth.identityuri=<WEB_HOST>`	`https://ohs.example.com:443`	The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>. For this value only, if the port is the default SSL port (443), you must append the port to the URL.
`oauth.clientpassword=<password>`	`password`	Set to a password of your choice. This will be the password for the OAuth client created during OAA installation.

Vault Configuration

Variable Sample Value Description

vault.fks.server=<NFS_HOST> nfs.example.com The fully qualified hostname of the NFS Server used by the Kubernetes cluster.

vault.fks.path=<NFS_VAULT_PATH> /nfs/mountOAApv/OAAVault The path on the NFS server to the <NFS_VAULT_PATH>

Variable	Sample Value	Description
`vault.fks.server=<NFS_HOST>`	`nfs.example.com`	The fully qualified hostname of the NFS Server used by the Kubernetes cluster.
`vault.fks.path=<NFS_VAULT_PATH>`	`/nfs/mountOAApv/OAAVault`	The path on the NFS server to the <NFS_VAULT_PATH>
`vault.fks.key=<base64_password>`	`cGFzc3dvcmQ=`	Set to a password of your choice. The password must be BASE64 encoded. To find the BASE64 encoded version run: `echo -n <password> \| base64`

vault.fks.key=<base64_password>

cGFzc3dvcmQ=

Set to a password of your choice. The password must be BASE64 encoded.

To find the BASE64 encoded version run:

echo -n <password> | base64

Chart Configuration

Variable	Sample Value	Description
`install.global.repo=<CIR_REPOSITORY>`	`cir.example.com/repository/oaa`	The repository where the OAA images will be pushed to.
`install.global.image.tag=12.2.1.4.1-<YYMMDD>`	`12.2.1.4.1-<YYMMDD>`	The image tag for the release.
`install.global.uasapikey=<password>`	`password`	Set to a password of your choice.
`install.global.policyapikey=<password>`	`password`	Set to a password of your choice.
`install.global.factorsapikey=<password>`	`password`	Set to a password of your choice.
`install.global.riskapikey=<password>`	`password`	Set to a password of your choice.
`install.global.drssapikey=<password>`	`password`	Set to a password of your choice. This only needs to be set if you have set `common.deployment.mode=OUA`.

Optional Configuration

Variable Sample Value Description

install.global.ingress.enabled=true true Must be set to true when using your own ingress controller.

Variable	Sample Value	Description
`install.global.ingress.enabled=true`	`true`	Must be set to true when using your own ingress controller.
`install.global.serviceurl=<WEBHOST>`	`https://ohs.example.com`	The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>. This parameter is used for the OAA runtime URL's.
`install.oaa-admin-ui.serviceurl=<WEB_HOST>`	`https://ohs.example.com`	The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>. This parameter is used for the OAA Administration URL's.

install.global.serviceurl=<WEBHOST>

https://ohs.example.com

The OHS URL used as the entry point to OAM.

If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>.

This parameter is used for the OAA runtime URL's.

install.oaa-admin-ui.serviceurl=<WEB_HOST>

https://ohs.example.com

The OHS URL used as the entry point to OAM.

If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>.

This parameter is used for the OAA Administration URL's.

OAA Management Configuration

Variable	Sample Value	Description
`install.mount.config.path=<NFS_CONFIG_PATH>`	`/nfs/mountOAApv/OAAConfig`	The path on NFS server to the <NFS_CONFIG_PATH>.
`install.mount.config.server=<NFS_HOST>`	`nfs.example.com`	The fully qualified hostname of the NFS Server used by the Kubernetes cluster.
`install.mount.creds.path=<NFS_CREDS_PATH>`	`/nfs/mountOAApv/OAACreds`	The path on NFS server to the <NFS_CREDS_PATH>.
`install.mount.creds.server=<NFS_HOST>`	`nfs.example.com`	The fully qualified hostname of the NFS Server used by the Kubernetes cluster.
`install.mount.logs.path=<NFS_LOGS_PATH>`	`/nfs/mountOAApv/OAALogs`	The path on NFS server to the <NFS_LOGS_PATH>.
`install.mount.logs.server=<NFS_HOST>`	`nfs.example.com`	The fully qualified hostname of the NFS Server used by the Kubernetes cluster.
`common.local.sslcert=<WORKDIR>/cert.p12`	`/workdir/cert.p12`	The location of the `<WORKDIR>/cert.p12` on the <INSTALL_HOST>. This parameter is only required if you generated third party certificates in Generating Server Certificates and Trusted Certificates.
`common.local.trustcert=<WORKDIR>/trust.p12`	`/workdir/trust.p12`	The location of the `<WORKDIR>/trust.p12` on the <INSTALL_HOST>. This parameter is only required if you generated third party certificates in Generating Server Certificates and Trusted Certificates.

OUA Configuration

The parameters in this section only have to be set if you are deploying OUA.

Variable	Sample Value	Description
`oua.tapAgentFilePass=<OUA_TAPFILE_PASSWORD>`	`cGFzc3dvcmQ=`	The BASE64 encoded password of the `OAMOUAKeyStore.jks`.
`oua.tapAgentFileLocation=<OUA_TAPFILE_LOCATION>`	`/workdir/OAMOUAKeyStore.jks`	The location of the `<WORKDIR>/OAMOUAKeyStore.jks` on the <INSTALL_HOST>.
`oua.oamRuntimeEndpoint=<WEB_HOST>`	`https://ohs.example.com`	The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>.

LDAP Configuration

Variable	Sample Value	Description
`ldap.server=<LDAP_SERVER>`	`ldap://oud.example.com:1389`	The LDAP server protocol, hostname and port.
`ldap.username=<LDAP_ADMIN_USER>`	`cn=oudadmin`	The user name of the directory administrator.
`ldap.password=<LDAP_ADMIN_PWD>`	`password`	The password of the directory administrator.
`ldap.oaaAdminUser=cn=oaaadmin,<LDAP_USER_SEARCHBASE>`	`cn=oaaadmin,cn=Users,dc=example,dc=com`	The OAA administration user to be created in the LDAP user search base.
`ldap.adminRole=cn=OAA-Admin-Role,<LDAP_GROUP_SEARCHBASE>`	`cn=OAA-Admin-Role,cn=Groups,dc=example,dc=com`	The OAA-Admin-Role group to be created in the LDAP group search base.
`ldap.userRole=cn=OAA-App-User,cn=<LDAP_GROUP_SEARCHBASE>`	`cn=OAA-App-User,cn=Groups,dc=example,dc=com`	The OAA-App-User group to be created in the LDAP group search base.
`ldap.oaaAdminUserPwd=<password>`	`password`	Set to a password of your choice. This will be the password for the `oaaadmin` user.
`ldap.addExistingUsers=<yes/no>`	`yes`	Set this value to `yes` if you want the OAA installation to add all your existing users in your <LDAP_USER_SEARCHBASE> to the OAA-App-User group. See Creating Users and Groups in the LDAP Store for more details.

OAA Configuration

Variable	Sample Value	Description
`oaa.tapAgentFilePass=<OAA_TAPFILE_PASSWORD>`	`cGFzc3dvcmQ=`	The BASE64 encoded password of the `OAMOAAKeyStore.jks`.
`oaa.tapAgentFileLocation=<OAA_TAPFILE_LOCATION>`	`/workdir/OAMOAAKeyStore.jks`	The location of the `<WORKDIR>/OAMOAAKeyStore.jks` on the <INSTALL_HOST>.

Additional Considerations

If you have pushed the additional image (oraclelinux:8-slim) referenced in Setting Up a Container Image Registry (CIR) to a repository, you must add the following parameter to the ## 5. Chart configuration# section:

Note:

This parameter is not referenced in the default file so you must add it.

install.global.testrepo=<CIR_REPOSITORY>

Next Steps: Creating the Management Container