5.3 Preparing the Properties file for Installation
You can customize the OAA, OARM, and OUA installation by setting
properties in the installOAA.properties
file. The
installOAA.properties
is used by the Management Container
installation script and is copied to the <NFS_CONFIG_PATH> during the
installation of the Management Container pod. The
installOAA.properties
file is later passed as an argument to
the OAA.sh
script when deploying OAA, OARM, and OUA.
installOAA.properties
file based on deploying using the Oracle
recommended sandbox architecture in Supported Architectures:
5.3.1 Gathering Variables
List of Variables
installOAA.properties
. The variables
required for the installOAA.properties
are shown below for
completeness:
Note:
The variables are listed in the order they were collected in the Configuration Checkpoints sections.Variable | Your Value | Sample Value | Description |
---|---|---|---|
<NFS_HOST> | nfs.example.com |
The fully qualified hostname of the NFS Server used by the Kubernetes Cluster. | |
<NFS_CONFIG_PATH> | /nfs/mountOAApv/OAAConfig |
The path on NFS server to the <NFS_CONFIG_PATH> | |
<NFS_CREDS_PATH> | /nfs/mountOAApv/OAACreds |
The path on NFS server to the <NFS_CREDS_PATH> | |
<NFS_LOGS_PATH> | /nfs/mountOAApv/OAALogs |
The path on NFS server to the <NFS_LOGS_PATH> | |
<NFS_VAULT_PATH> | /nfs/mountOAApv/OAAVault |
The path on NFS server to the <NFS_VAULT_PATH> | |
<INSTALL_HOST> | install.example.com |
Fully qualified hostname of the installation host. | |
<WORKDIR> | /workdir |
The working directory created on the installation host. | |
<DB_HOST> | db.example.com |
The fully qualified hostname of the database server. | |
<DB_PORT> | 1521 |
The database listener port. | |
<DB_SERVICE> | orcl.example.com |
The database service name. | |
<DB_NAME> | orcl |
The database name. | |
<SYS_PWD> | password |
The password of the SYS user in the database. | |
<WEB_HOST> | https://ohs.oracle.com |
The fully qualified hostname of the OHS server that is used as the entry point to OAM. If you are using a load balancer in front of OHS, also collect the fully qualified hostname of the load balancer <LBR_HOST>. |
|
<OAM_ADMIN_USER> | oamadmin |
The username of the OAM administration user who
logs into the OAM Administration console
(/oamconsole ).
|
|
<OAM_ADMIN_PASSWORD> | password |
The password for the OAM administration user. | |
<OAM_ADMIN_BASE64> | b2FtYWRtaW46cGFzc3dvcmQ= |
The BASE64 encoded value
of<OAM_ADMIN_USER>:<OAM_ADMIN_PASSWORD> |
|
<IDSTORE> | OUDStore |
The Default User Identity Store used by OAM. | |
<OUA_TAPFILE_LOCATION> | /workdir/OAMOUAKeyStore.jks |
The location of the
<WORKDIR>/OAMOUAKeyStore.jks on the
<INSTALL_HOST>.
|
|
<OUA_TAPFILE_PASSWORD> | cGFzc3dvcmQ= |
The BASE64 encoded password of the
OAMOUAKeyStore.jks .
|
|
<OAA_TAPFILE_LOCATION> |
|
The location of the
<WORKDIR>/OAMOAAKeyStore.jks on the
<INSTALL_HOST>.
|
|
<OAA_TAPFILE_PASSWORD> | cGFzc3dvcmQ= |
The BASE64 encoded password of the
OAMOAAKeyStore.jks .
|
|
<LDAP_SERVER> | ldap://oud.example.com:1389 |
The LDAP server protocol, hostname and port. | |
<LDAP_ADMIN_USER> | cn=oudadmin |
The user name of the directory administrator. | |
<LDAP_ADMIN_PWD> | password |
The password of the directory administrator. | |
<LDAP_USER_SEARCHBASE> | cn=Users,dc=example,dc=com |
The location in the directory where names of users are stored. | |
<LDAP_GROUP_SEARCHBASE> | cn=Groups,dc=example,dc=com |
The location in the directory where groups/roles are stored. | |
<CIR_HOST> | cir.example.com |
The fully qualified hostname of the Container Image Registry | |
<CIR_REPOSITORY> | cir.example.com/repository/oaa |
The repository where the OAA images will be pushed to. | |
<USER_CERT_P12> | /workdir/cert.p12 |
The location of the
<WORKDIR>/cert.p12 on the
<INSTALL_HOST>. This is only required if you
generated third party certificates.
|
|
<USER_CERT_P12_PWD> | password |
The password for the cert.p12 .
This is only required if you generated third party
certificates.
|
|
<TRUST_CERT_P12> | /workdir/trust.p12 |
The location of the
<WORKDIR>/trust.p12 on the
<INSTALL_HOST>. This is only required if you
generated third party certificates.
|
|
<TRUST_CERT_P12_PWD> | password |
The password for the trust.p12 .
This is only required if you generated third party
certificates.
|
5.3.2 Editing the installOAA.properties
installOAA.properties
based on installing as per the Oracle
recommended sandbox architecture in Supported Architectures. Properties not listed below should not be changed from their
default values. Where variables are referenced, replace with your corresponding
value.
Note:
If you are not using the Oracle recommended sandbox architecture Supported Architectures, you will need to refer to Understanding installOAA.properties Parameters, as the parameters to change may differ.Common Deployment Configuration
Variable | Sample Value | Description |
---|---|---|
common.deployment.keystorepassphrase=<USER_CERT_P12_PWD> |
password |
If using your own certificates, you must set this to <USER_CERT_P12_PWD>. If you are going to use the self-signed certificates generated by OAA during installation, then set to a password of your choice. |
common.deployment.truststorepassphrase=<TRUST_CERT_P12_PWD> |
password |
If using your own certificates, you must set this to <TRUST_CERT_P12_PWD>. If you are going to use the self-signed certificates generated by OAA during installation, then set to a password of your choice. |
common.deployment.mode=<type> |
Both |
Determines the installation type. Set
<type> to the value based on the
components you wish to install:
|
Database Configuration
Variable | Sample Value | Description |
---|---|---|
database.host=<DB_HOST> |
db.example.com |
The fully qualified hostname of the database server where you want to store your OAA schemas. |
database.port=<DB_PORT> |
1521 |
The database listener port. |
database.syspassword=<SYS_PWD> |
password |
The password of the SYS user in the database. |
database.schemapassword=<password> |
password |
The password you want to set for the OAA schema in the database |
database.svc=<DB_SERVICE> |
orcl.example.com |
The database service name. |
database.name=<DB_NAME> |
orcl |
The database name. |
OAUTH Configuration
Variable | Sample Value | Description |
---|---|---|
oauth.identityprovider=<IDSTORE> |
OUDStore |
The Default User Identity Store used by OAM. |
oauth.redirecturl=<WEB_HOST> |
https://ohs.example.com |
The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer <LBR_HOST>. |
oauth.applicationid=default |
default |
Application ID for OAA. Can be set to any value. |
oauth.adminurl=<WEB_HOST> |
https://ohs.example.com |
The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer <LBR_HOST>. |
oauth.basicauthzheader=<OAM_ADMIN_BASE64> |
b2FtYWRtaW46cGFzc3dvcmQ= |
The BASE64 encoded value for
<OAM_ADMIN_USER>:<OAM_ADMIN_PASSWORD> |
oauth.identityuri=<WEB_HOST> |
https://ohs.example.com:443 |
The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>. For this value only, if the port is the default SSL port (443), you must append the port to the URL. |
oauth.clientpassword=<password> |
password |
Set to a password of your choice. This will be the password for the OAuth client created during OAA installation. |
Vault Configuration
Variable | Sample Value | Description |
---|---|---|
vault.fks.server=<NFS_HOST> |
nfs.example.com |
The fully qualified hostname of the NFS Server used by the Kubernetes cluster. |
vault.fks.path=<NFS_VAULT_PATH> |
/nfs/mountOAApv/OAAVault |
The path on the NFS server to the <NFS_VAULT_PATH> |
vault.fks.key=<base64_password> |
cGFzc3dvcmQ= |
Set to a password of your choice. The password must be BASE64 encoded. To find the BASE64 encoded version run:
|
Chart Configuration
Variable | Sample Value | Description |
---|---|---|
install.global.repo=<CIR_REPOSITORY> |
cir.example.com/repository/oaa |
The repository where the OAA images will be pushed to. |
install.global.uasapikey=<password> |
password |
Set to a password of your choice. |
install.global.policyapikey=<password> |
password |
Set to a password of your choice. |
install.global.factorsapikey=<password> |
password |
Set to a password of your choice. |
install.global.riskapikey=<password> |
password |
Set to a password of your choice. |
install.global.drssapikey=<password> |
password |
Set to a password of your choice. This only needs to
be set if you have set
common.deployment.mode=OUA .
|
Optional Configuration
Variable | Sample Value | Description |
---|---|---|
install.global.ingress.enabled=true |
true |
Must be set to true when using your own ingress controller. |
install.global.serviceurl=<WEBHOST> |
https://ohs.example.com |
The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>. This parameter is used for the OAA runtime URL's. |
install.oaa-admin-ui.serviceurl=<WEB_HOST> |
https://ohs.example.com |
The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>. This parameter is used for the OAA Administration URL's. |
OAA Management Configuration
Variable | Sample Value | Description |
---|---|---|
install.mount.config.path=<NFS_CONFIG_PATH> |
/nfs/mountOAApv/OAAConfig |
The path on NFS server to the <NFS_CONFIG_PATH>. |
install.mount.config.server=<NFS_HOST> |
nfs.example.com |
The fully qualified hostname of the NFS Server used by the Kubernetes cluster. |
install.mount.creds.path=<NFS_CREDS_PATH> |
/nfs/mountOAApv/OAACreds |
The path on NFS server to the <NFS_CREDS_PATH>. |
install.mount.creds.server=<NFS_HOST> |
nfs.example.com |
The fully qualified hostname of the NFS Server used by the Kubernetes cluster. |
install.mount.logs.path=<NFS_LOGS_PATH> |
/nfs/mountOAApv/OAALogs |
The path on NFS server to the <NFS_LOGS_PATH>. |
install.mount.logs.server=<NFS_HOST> |
nfs.example.com |
The fully qualified hostname of the NFS Server used by the Kubernetes cluster. |
common.local.sslcert=<WORKDIR>/cert.p12
|
/workdir/cert.p12 |
The location of the
<WORKDIR>/cert.p12 on the
<INSTALL_HOST>. This parameter is only required if you
generated third party certificates in Generating Server Certificates and Trusted Certificates.
|
common.local.trustcert=<WORKDIR>/trust.p12 |
/workdir/trust.p12 |
The location of the
<WORKDIR>/trust.p12 on the
<INSTALL_HOST>. This parameter is only required if you
generated third party certificates in Generating Server Certificates and Trusted Certificates.
|
OUA Configuration
The parameters in this section only have to be set if you are deploying OUA.
Variable | Sample Value | Description |
---|---|---|
oua.tapAgentFilePass=<OUA_TAPFILE_PASSWORD> |
cGFzc3dvcmQ= |
The BASE64 encoded password of the
OAMOUAKeyStore.jks .
|
oua.tapAgentFileLocation=<OUA_TAPFILE_LOCATION> |
/workdir/OAMOUAKeyStore.jks |
The location of the
<WORKDIR>/OAMOUAKeyStore.jks on
the <INSTALL_HOST>.
|
oua.oamRuntimeEndpoint=<WEB_HOST> |
https://ohs.example.com |
The OHS URL used as the entry point to OAM. If a load balancer front ends the OHS then this value is the load balancer URL <LBR_HOST>. |
LDAP Configuration
Variable | Sample Value | Description |
---|---|---|
ldap.server=<LDAP_SERVER> |
ldap://oud.example.com:1389 |
The LDAP server protocol, hostname and port. |
ldap.username=<LDAP_ADMIN_USER> |
cn=oudadmin |
The user name of the directory administrator. |
ldap.password=<LDAP_ADMIN_PWD> |
password |
The password of the directory administrator. |
ldap.oaaAdminUser=cn=oaaadmin,<LDAP_USER_SEARCHBASE> |
cn=oaaadmin,cn=Users,dc=example,dc=com |
The OAA administration user to be created in the LDAP user search base. |
ldap.adminRole=cn=OAA-Admin-Role,<LDAP_GROUP_SEARCHBASE> |
cn=OAA-Admin-Role,cn=Groups,dc=example,dc=com |
The OAA-Admin-Role group to be created in the LDAP group search base. |
ldap.userRole=cn=OAA-App-User,cn=<LDAP_GROUP_SEARCHBASE> |
cn=OAA-App-User,cn=Groups,dc=example,dc=com |
The OAA-App-User group to be created in the LDAP group search base. |
ldap.oaaAdminUserPwd=<password> |
password |
Set to a password of your choice. This will be the
password for the oaaadmin user.
|
ldap.addExistingUsers=<yes/no> |
yes |
Set this value to |
OAA Configuration
Variable | Sample Value | Description |
---|---|---|
oaa.tapAgentFilePass=<OAA_TAPFILE_PASSWORD> |
cGFzc3dvcmQ= |
The BASE64 encoded password of the
OAMOAAKeyStore.jks .
|
oaa.tapAgentFileLocation=<OAA_TAPFILE_LOCATION> |
/workdir/OAMOAAKeyStore.jks |
The location of the
<WORKDIR>/OAMOAAKeyStore.jks on
the <INSTALL_HOST>.
|
Additional Considerations
oraclelinux:8-slim
and
oraclelinux7-instantclient:19
) referenced in Setting Up a Container Image Registry (CIR) to a repository, you must add the following parameter to the
## 5. Chart configuration# section:
Note:
This parameter is not referenced in the default file so you must add it.install.global.testrepo=<CIR_REPOSITORY>