12.1 Connecting to OIG via WLST
In order to use WLST to administer the Oracle Identity Governance (OIG) domain, use must use a helper pod.
- Check to see if the helper pod exists by
running:
For example:kubectl get pods -n <domain_namespace> | grep helper
The output should look similar to the following:kubectl get pods -n oigns | grep helper
If the helper pod doesn’t exist then run the following:helper 1/1 Running 0 26h- If using Oracle Container Registry or your own container registry for the OIG
container
image:
For example:kubectl run --image=<image_name-from-registry>:<tag> \ --image-pull-policy="IfNotPresent" \ --overrides='{"apiVersion": "v1", "spec":{"imagePullSecrets": [{"name": "orclcred"}]}}' \ helper -n <domain_namespace> \ -- sleep infinitykubectl run --image=container-registry.oracle.com/middleware/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD> \ --image-pull-policy="IfNotPresent" \ --overrides='{"apiVersion": "v1","spec":{"imagePullSecrets": [{"name": "orclcred"}]}}' \ helper -n oigns \ -- sleep infinity - If you are not using a container registry and have loaded the image on each of the
worker nodes, run the following
command:
For example:kubectl run helper --image <image>:<tag> -n oigns -- sleep infinity
The output will look similar to the following:kubectl run helper --image oracle/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD> -n oigns -- sleep infinitypod/helper created
- If using Oracle Container Registry or your own container registry for the OIG
container
image:
- Run the following command to start a bash shell in the helper
pod:
For example:kubectl exec -it helper -n <domain_namespace> -- /bin/bash
This will take you into a bash shell in the running helper pod:kubectl exec -it helper -n oigns -- /bin/bash[oracle@helper ~]$ - Inside the helper pod, connect to WLST using the following
command:
cd $ORACLE_HOME/oracle_common/common/bin
The output will look similar to the following:./wlst.shInitializing WebLogic Scripting Tool (WLST) ... Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away. Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands wls:/offline> - To access t3 for the Administration Server connect as
follows:
The output will look similar to the following:connect('weblogic','<password>','t3://governancedomain-adminserver:7001')
Or to access t3 for the OIG Cluster service, connect as follows:Connecting to t3://governancedomain-adminserver:7001 with userid weblogic ... Successfully connected to Admin Server "AdminServer" that belongs to domain "governancedomain". Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead. wls:/governancedomain/serverConfig/>
The output will look similar to the following:connect('weblogic','<password>','t3://governancedomain-cluster-oim-cluster:14000')Connecting to t3://governancedomain-cluster-oim-cluster:14000 with userid weblogic ... Successfully connected to managed Server "oim_server1" that belongs to domain "governancedomain". Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead. wls:/governancedomain/serverConfig/>