1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Installing Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
  3. Procedure for Installing OAA, OARM, and OUA
  4. Prerequisite Configurations for Installing OAA, OARM, and OUA
  5. Validating the Networking Environment

5.1.10 Validating the Networking Environment

Perform the checks described in this section to ensure that your environment is ready for a deployment. If any of the checks fail, then you must resolve before proceeding.

Note:

The variables used in this section are based on the values collected in the earlier Configuration Checkpoint sections

Bastion or Master/Control Plane

  1. From the Kubernetes bastion, or master/control plane node, run the following:
    • nc -zv <WEB_HOST> <PORT>

      Note:

      In this case <WEB_HOST> is the fully qualified hostname of the OHS (or load balancer if one is used in front of OHS), and <PORT> is the configured SSL port.
    • nc -zv <DB_HOST> <DB_PORT>
    • nc -zv <LDAP_HOST> <LDAP_PORT>
    For all of the above you should receive the following: 
    Ncat: Connected to <IP_ADDRESS>:<PORT>.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
  2. Most containers do not have built in networking tools to allow you to check that DNS resolution is working correctly. The easiest way to validate the changes is to use a lightweight container with the network tools installed, such as alpine:
    1. Run the following command to run an alpine container: 
      kubectl run -i --tty --rm debug --image=docker.io/library/alpine:latest --restart=Never -- sh

      Note:

      The above assumes your Kubernetes cluster has access to the internet to access docker.io.
      This will take you inside a bash shell in the container.
    2. Inside the container you can then run nslookup against the <DB_HOST>, <LDAP_HOST>, <WEB_HOST> (and <LBR_HOST> if using a load balancer), and <CIR_HOST>. For example: 
      nslookup ohs.example.com
      Make sure the hostnames resolve correctly. If you have problems resolving any of the hostnames, contact the Kubernetes administrator to resolve before proceeding.

Web Tier (OHS)

From the <WEB_HOST>, run the following to check you can connect to the ingress controller port:
  • nc -zv <K8S_WORKER_HOST1> 30777
  • nc -zv <K8S_WORKER_HOST2> 30777
  • nc -zv <K8S_WORKER_HOST3> 30777
For all of the above you should receive the following: : 
Ncat: Connected to <IP_ADDRESS>:30777.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

OAA Installation Host

From the <INSTALL_HOST>, run the following:
  • ping <CIR_HOST>
  • kubectl get nodes
  • curl -k -I https://container-registry.oracle.com

    Note:

    You should receive HTTP/1.0 200 Connection Established