7.1.1 Creating the RCU Schemas
In this section you create the Repository Creation Utility (RCU) schemas in the Oracle
Database.
Note:
Before following the steps below, make sure that the Oracle Database and Listener are up and running, and you can connect to the database via SQL*Plus or other client tool.- Run the following command to create a helper pod to run RCU:
- If using Oracle Container Registry or your own container registry for the
Oracle Identity Governance (OIG) container
image:
For example:kubectl run --image=<image_name-from-registry>:<tag> \ --image-pull-policy="IfNotPresent" \ --overrides='{"apiVersion": "v1", "spec":{"imagePullSecrets": [{"name": "orclcred"}]}}' \ helper -n <domain_namespace> \ -- sleep infinitykubectl run --image=container-registry.oracle.com/middleware/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD> \ --image-pull-policy="IfNotPresent" \ --overrides='{"apiVersion": "v1","spec":{"imagePullSecrets": [{"name": "orclcred"}]}}' \ helper -n oigns \ -- sleep infinity - If you are not using a container registry and have loaded the image on each of
the worker nodes, run the following
command:
For example:kubectl run helper --image <image>:<tag> -n oigns -- sleep infinitykubectl run helper --image oracle/oig_cpu:14.1.2.1.0-jdk17-ol8-<YYMMDD> -n oigns --sleep infinity
pod/helper created - If using Oracle Container Registry or your own container registry for the
Oracle Identity Governance (OIG) container
image:
- Run the following command to check the pod is
running:
For example:kubectl get pods -n <domain_namespace>
The output will look similar to the following:kubectl get pods -n oignsNAME READY STATUS RESTARTS AGE helper 1/1 Running 0 3mNote:
If you are pulling the image from a container registry it may take several minutes before the pod has aREADYstatus of1\1. While the pod is starting you can check the status of the pod, by running the following command:kubectl describe pod helper -n oigns - Run the following command to start a bash shell in the helper
pod:
For example:kubectl exec -it helper -n <domain_namespace> -- /bin/bash
This will take you into a bash shell in the running helper pod:kubectl exec -it helper -n oigns -- /bin/bash[oracle@helper ~]$ - In the helper bash shell run the following commands to set the
environment:
export DB_HOST=<db_host.domain>export DB_PORT=<db_port>export DB_SERVICE=<service_name>export RCUPREFIX=<rcu_schema_prefix>export RCU_SCHEMA_PWD=<rcu_schema_pwd>echo -e <db_pwd>"\n"<rcu_schema_pwd> > /tmp/pwd.txt
Where:cat /tmp/pwd.txt-
<db_host.domain>is the database server hostname. <db_port>is the database listener port.<service_name>is the database service name.-
<rcu_schema_prefix>is the RCU schema prefix you want to set. -
<db_pwd>is the SYS password for the database. -
<rcu_schema_pwd>is the password you want to set for the<rcu_schema_prefix>.
export DB_HOST=mydatabasehost.example.comexport DB_PORT=1521export DB_SERVICE=orcl.example.comexport RCUPREFIX=OIGK8Sexport RCU_SCHEMA_PWD=<password>echo -e <password>"\n"<password> > /tmp/pwd.txt
Ensure thecat /tmp/pwd.txtcat /tmp/pwd.txtcommand shows the correct passwords. -
- In the helper bash shell, run the following command to create the RCU schemas in the
database:
The output will look similar to the following:/u01/oracle/oracle_common/bin/rcu -silent -createRepository -databaseType ORACLE \ -connectString $DB_HOST:$DB_PORT/$DB_SERVICE \ -dbUser sys -dbRole sysdba -useSamePasswordForAllSchemaUsers true \ -selectDependentsForComponents true -schemaPrefix $RCUPREFIX -component OIM -component MDS -component SOAINFRA -component OPSS \ -f < /tmp/pwd.txtRCU Logfile: /tmp/RCU<DATE>/logs/rcu.log Processing command line .... Repository Creation Utility - Checking Prerequisites Checking Global Prerequisites Repository Creation Utility - Checking Prerequisites Checking Component Prerequisites Repository Creation Utility - Creating Tablespaces Validating and Creating Tablespaces Create tablespaces in the repository database Repository Creation Utility - Create Repository Create in progress. Percent Complete: 10 Executing pre create operations Percent Complete: 25 Percent Complete: 25 Percent Complete: 26 Percent Complete: 27 Percent Complete: 28 Percent Complete: 28 Percent Complete: 29 Percent Complete: 29 Creating Common Infrastructure Services(STB) Percent Complete: 36 Percent Complete: 36 Percent Complete: 44 Percent Complete: 44 Percent Complete: 44 Creating Audit Services Append(IAU_APPEND) Percent Complete: 51 Percent Complete: 51 Percent Complete: 59 Percent Complete: 59 Percent Complete: 59 Creating Audit Services Viewer(IAU_VIEWER) Percent Complete: 66 Percent Complete: 66 Percent Complete: 67 Percent Complete: 67 Percent Complete: 68 Percent Complete: 68 Creating Metadata Services(MDS) Percent Complete: 76 Percent Complete: 76 Percent Complete: 76 Percent Complete: 77 Percent Complete: 77 Percent Complete: 78 Percent Complete: 78 Percent Complete: 78 Creating Weblogic Services(WLS) Percent Complete: 82 Percent Complete: 82 Percent Complete: 83 Percent Complete: 84 Percent Complete: 86 Percent Complete: 88 Percent Complete: 88 Percent Complete: 88 Creating User Messaging Service(UCSUMS) Percent Complete: 92 Percent Complete: 92 Percent Complete: 95 Percent Complete: 95 Percent Complete: 100 Creating Audit Services(IAU) Creating Oracle Platform Security Services(OPSS) Creating SOA Infrastructure(SOAINFRA) Creating Oracle Identity Manager(OIM) Executing post create operations Repository Creation Utility: Create - Completion Summary Database details: ----------------------------- Host Name : mydatabasehost.example.com Port : 1521 Service Name : ORCL.EXAMPLE.COM Connected As : sys Prefix for (prefixable) Schema Owners : OIGK8S RCU Logfile : /tmp/RCU<DATE>/logs/rcu.log Component schemas created: ----------------------------- Component Status Logfile Common Infrastructure Services Success /tmp/RCU<DATE>/logs/stb.log Oracle Platform Security Services Success /tmp/RCU<DATE>/logs/opss.log SOA Infrastructure Success /tmp/RCU<DATE>/logs/soainfra.log Oracle Identity Manager Success /tmp/RCU<DATE>/logs/oim.log User Messaging Service Success /tmp/RCU<DATE>/logs/ucsums.log Audit Services Success /tmp/RCU<DATE>/logs/iau.log Audit Services Append Success /tmp/RCU<DATE>/logs/iau_append.log Audit Services Viewer Success /tmp/RCU<DATE>/logs/iau_viewer.log Metadata Services Success /tmp/RCU<DATE>/logs/mds.log WebLogic Services Success /tmp/RCU<DATE>/logs/wls.log Repository Creation Utility - Create : Operation Completed [oracle@helper oracle]$ - Run the following command inside the helper pod to patch schemas in the
database:
Note:
This command should not be run for the initial February 2025 release. It should only be run when using an OIG image that contains the latest OIG Patch Set Update (PSU) and Critical Patch Update (CPU).
The output will look similar to the following:/u01/oracle/oracle_common/modules/thirdparty/org.apache.ant/apache-ant/bin/ant \ -f /u01/oracle/idm/server/setup/deploy-files/automation.xml \ run-patched-sql-files \ -logger org.apache.tools.ant.NoBannerLogger \ -logfile /u01/oracle/idm/server/bin/patch_oim_wls.log \ -DoperationsDB.host=$DB_HOST \ -DoperationsDB.port=$DB_PORT \ -DoperationsDB.serviceName=$DB_SERVICE \ -DoperationsDB.user=${RCUPREFIX}_OIM \ -DOIM.DBPassword=$RCU_SCHEMA_PWD \ -Dojdbc=/u01/oracle/oracle_common/modules/oracle.jdbc/ojdbc11.jarBuildfile: /u01/oracle/idm/server/setup/deploy-files/automation.xml - Verify the database was patched successfully by viewing the
patch_oim_wls.log:cat /u01/oracle/idm/server/bin/patch_oim_wls.log - Exit the helper bash shell by issuing the command
exit.