Code Monkey home page Code Monkey logo

oracle / oracle-database-operator Goto Github PK

View Code? Open in Web Editor NEW
127.0 10.0 42.0 3.56 MB

The Oracle Database Operator for Kubernetes (a.k.a. OraOperator) helps developers, DBAs, DevOps and GitOps teams reduce the time and complexity of deploying and managing Oracle Databases. It eliminates the dependency on a human operator or administrator for the majority of database operations.

License: Universal Permissive License v1.0

Dockerfile 0.35% Makefile 0.65% Go 97.96% Shell 1.03%
kubernetes kubernetes-operator oracle-database oracle-cloud-infrastucture autonomous-database operator openshift

oracle-database-operator's Introduction

Oracle Database Operator for Kubernetes

Make Oracle Database Kubernetes Native

As part of Oracle's resolution to make Oracle Database Kubernetes native (that is, observable and operable by Kubernetes), Oracle released Oracle Database Operator for Kubernetes (OraOperator or the operator). OraOperator extends the Kubernetes API with custom resources and controllers for automating Oracle Database lifecycle management.

In this v1.0.0 production release, OraOperator supports the following database configurations and infrastructure:

  • Oracle Autonomous Database:
    • Oracle Autonomous Database shared Oracle Cloud Infrastructure (OCI) (ADB-S)
    • Oracle Autonomous Database on dedicated Cloud infrastructure (ADB-D)
    • Oracle Autonomous Container Database (ACD) (infrastructure) the infrastructure for provisionning Autonomous Databases.
  • Containerized Single Instance databases (SIDB) deployed in the Oracle Kubernetes Engine (OKE) and any k8s where OraOperator is deployed
  • Containerized Sharded databases (SHARDED) deployed in OKE and any k8s where OraOperator is deployed
  • Oracle Multitenant Databases (CDB/PDBs)
  • Oracle Base Database Cloud Service (BDBCS)
  • Oracle Data Guard (Preview status)

Oracle will continue to extend OraOperator to support additional Oracle Database configurations.

Features Summary

This release of Oracle Database Operator for Kubernetes (the operator) supports the following lifecycle operations:

  • ADB-S/ADB-D: Provision, Bind, Start, Stop, terminate (soft/hard), scale (up/down), Manual Backup, Manual Restore
  • ACD: provision, bind, restart, terminate (soft/hard)
  • SIDB: Provision, clone, patch (in-place/out-of-place), update database initialization parameters, update database configuration (Flashback, archiving), Oracle Enterprise Manager (EM) Express (a basic observability console), Oracle REST Data Service (ORDS) to support REST based SQL, PDB management, SQL Developer Web, and Application Express (Apex)
  • SHARDED: Provision/deploy sharded databases and the shard topology, Add a new shard, Delete an existing shard
  • Oracle Multitenant Database: Bind to a CDB, Create a  PDB, Plug a  PDB, Unplug a PDB, Delete a PDB, Clone a PDB, Open/Close a PDB
  • Oracle Base Database Cloud Service (BDBCS): provision, bind, scale shape Up/Down, Scale Storage Up, Terminate and Update License
  • Oracle Data Guard: Provision a Standby for the SIDB resource, Create a Data Guard Configuration, Perform a Switchover, Patch Primary and Standby databases in Data Guard Configuration

The upcoming releases will support new configurations, operations and capabilities.

Release Status

This production release has been installed and tested on the following Kubernetes platforms:

Prerequisites

Oracle strongly recommends that you ensure your system meets the following Prerequisites.

  • Install cert-manager

    The operator uses webhooks for validating user input before persisting it in etcd. Webhooks require TLS certificates that are generated and managed by a certificate manager.

    Install the certificate manager with the following command:

    kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml

Quick Install of the Operator

To install the operator in the cluster quickly, you can use a single oracle-database-operator.yaml file.

Run the following command

kubectl apply -f https://raw.githubusercontent.com/oracle/oracle-database-operator/main/oracle-database-operator.yaml

Ensure that the operator pods are up and running. For high availability, Operator pod replicas are set to a default of 3. You can scale this setting up or down.

$ kubectl get pods -n oracle-database-operator-system

  NAME                                                                 READY   STATUS    RESTARTS   AGE
  pod/oracle-database-operator-controller-manager-78666fdddb-s4xcm     1/1     Running   0          11d
  pod/oracle-database-operator-controller-manager-78666fdddb-5k6n4     1/1     Running   0          11d
  pod/oracle-database-operator-controller-manager-78666fdddb-t6bzb     1/1     Running   0          11d
  • Check the resources

You should see that the operator is up and running, along with the shipped controllers.

For more details, see Oracle Database Operator Installation Instructions.

Getting Started

The quickstarts are designed for specific database configurations:

YAML file templates are available under /config/samples. You can copy and edit these template files to configure them for your use cases.

Uninstall the Operator

To uninstall the operator, the final step consists of deciding whether you want to delete the custom resource definitions (CRDs) and Kubernetes APIServices introduced into the cluster by the operator. Choose one of the following options:

  • Deleting the CRDs and APIServices

    To delete all the CRD instances deployed to cluster by the operator, run the following commands, where is the namespace of the cluster object:

    kubectl delete oraclerestdataservice.database.oracle.com --all -n <namespace>
kubectl delete singleinstancedatabase.database.oracle.com --all -n <namespace>
kubectl delete shardingdatabase.database.oracle.com --all -n <namespace>
kubectl delete dbcssystem.database.oracle.com --all -n <namespace>
kubectl delete autonomousdatabase.database.oracle.com --all -n <namespace>
kubectl delete autonomousdatabasebackup.database.oracle.com --all -n <namespace>
kubectl delete autonomousdatabaserestore.database.oracle.com --all -n <namespace>
kubectl delete autonomouscontainerdatabase.database.oracle.com --all -n <namespace>
kubectl delete cdb.database.oracle.com --all -n <namespace>
kubectl delete pdb.database.oracle.com --all -n <namespace>
kubectl delete dataguardbrokers.database.oracle.com --all -n <namespace>

    After all CRD instances are deleted, it is safe to remove the CRDs, APIServices and operator deployment. To remove these files, use the following command:

    kubectl delete -f oracle-database-operator.yaml --ignore-not-found=true

    Note: If the CRD instances are not deleted, and the operator is deleted by using the preceding command, then operator deployment and instance objects (pods, services, PVCs, and so on) are deleted. However, if that happens, then the CRD deletion stops responding. This is because the CRD instances have properties that prevent their deletion, and that can only be removed by the operator pod, which is deleted when the APIServices are deleted.

Docs of the supported Oracle Database configurations

Contributing

See Contributing to this Repository

Support

You can submit a GitHub issue, and/or you file an Oracle Support service request, using this product ID: 14430.

Security

Secure platforms are an important basis for general system security. Ensure that your deployment is in compliance with common security practices.

Managing Sensitive Data

Kubernetes secrets are the usual means for storing credentials or passwords input for access. The operator reads the Secrets programmatically, which limits exposure of sensitive data. However, to protect your sensitive data, Oracle strongly recommends that you set and get sensitive data from Oracle Cloud Infrastructure Vault, or from third-party Vaults.

The following is an example of a YAML file fragment for specifying Oracle Cloud Infrastructure Vault as the repository for the admin password.

 adminPassword:
      ociSecretOCID: ocid1.vaultsecret.oc1...

Examples in this repository where passwords are entered on the command line are for demonstration purposes only.

Reporting a Security Issue

See Reporting security vulnerabilities

License

Copyright (c) 2022, 2023 Oracle and/or its affiliates. Released under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl/

oracle-database-operator's People

Contributors

aberinnj avatar dependabot[bot] avatar dwilliams-orcl avatar gajananbhat avatar ishaandesai45 avatar janleemans avatar jeandelavarene avatar jpverma85 avatar kuassim avatar lokesh-sreedhara avatar matteobaccan avatar nebojsakrtolica avatar psaini79 avatar psilberk avatar rcitton avatar saurabhuja avatar spavlusieva avatar ting-lan-wang avatar vatsrahul avatar yunus-qureshi avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

maniveer2017 mahipalm0911 paulparkinson ting-lan-wang gajananbhat yunus-qureshi manny27nyc abhisbyk ravigajula pasimoes mnemonic01 bittoruiz classicvalues waterdrops2 zhengr saurabhuja isabella232 janleemans bridgecrew-perf7 fmelodb psaini79 vmendo nebojsakrtolica vpc123 pdfruth lokesh-sreedhara rajas-b naveenramamurthy aditya059 hzhangse nitar ishaandesai45 tenstad mbergo-mn ptzagk jofernmorais chevine potgie anders-swanson chuongnx 775999665

oracle-database-operator's Issues

Unable to delete oraclerestdataservice resource on AKS

Hi all, we are testing the operator with an Azure deployment and we are facing this issue.

We deployed the sample singleinstancedatabase example with success

NAME EDITION STATUS VERSION CONNECT STR OEM EXPRESS URL
sidb-sample Enterprise Healthy 19.3.0.0.0 10.240.0.6:31515/ORCL1 https://10.240.0.6:30613/em
but the oraclerestdataservice creation thrown this error

2022-09-07T19:09:37Z    ERROR    controllers.OracleRestDataService    Internal error occurred: failed calling webhook "[moraclerestdataservice.kb.io](http://moraclerestdataservice.kb.io/)": failed to call webhook: Post "[https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc:443/mutate-database-oracle-com-v1alpha1-oraclerestdataservice?timeout=10s](https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc/mutate-database-oracle-com-v1alpha1-oraclerestdataservice?timeout=10s)": proxy error from [127.0.0.1:6443](http://127.0.0.1:6443/) while dialing [10.244.1.245:9443](http://10.244.1.245:9443/), code 500: 500 Internal Server Error    {"manageOracleRestDataServiceDeletion": "db-oracle/ords-sample", "error": "Internal error occurred: failed calling webhook \"[moraclerestdataservice.kb.io](http://moraclerestdataservice.kb.io/)\": failed to call webhook: Post \"[https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc:443/mutate-database-oracle-com-v1alpha1-oraclerestdataservice?timeout=10s\](https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc/mutate-database-oracle-com-v1alpha1-oraclerestdataservice?timeout=10s%5C)": proxy error from [127.0.0.1:6443](http://127.0.0.1:6443/) while dialing [10.244.1.245:9443](http://10.244.1.245:9443/), code 500: 500 Internal Server Error"}
[github.com/oracle/oracle-database-operator/controllers/database.(*OracleRestDataServiceReconciler).Reconcile](http://github.com/oracle/oracle-database-operator/controllers/database.%28*OracleRestDataServiceReconciler%29.Reconcile)
    /workspace/controllers/database/oraclerestdataservice_controller.go:151
[sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile](http://sigs.k8s.io/controller-runtime/pkg/internal/controller.%28*Controller%29.Reconcile)
    /go/pkg/mod/[sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114](http://sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114)
[sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler](http://sigs.k8s.io/controller-runtime/pkg/internal/controller.%28*Controller%29.reconcileHandler)
    /go/pkg/mod/[sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311](http://sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311)
[sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem](http://sigs.k8s.io/controller-runtime/pkg/internal/controller.%28*Controller%29.processNextWorkItem)
    /go/pkg/mod/[sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266](http://sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266)
[sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2](http://sigs.k8s.io/controller-runtime/pkg/internal/controller.%28*Controller%29.Start.func2.2)
    /go/pkg/mod/[sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227](http://sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227)

and we are not able to delete it anymore.
We tried to remove the finalizers, the CRDs, reinstall the operator without luck

kubectl describe oraclerestdataservice ords-sample

Name:         ords-sample
Namespace:    db-oracle
Labels:       <none>
Annotations:  <none>
API Version:  database.oracle.com/v1alpha1
Kind:         OracleRestDataService
Metadata:
  Creation Timestamp:             2022-09-07T16:20:56Z
  Deletion Grace Period Seconds:  0
  Deletion Timestamp:             2022-09-07T17:39:48Z
  Finalizers:
    database.oracle.com/oraclerestdataservicefinalizer
  Generation:  2
  Managed Fields:
    API Version:  database.oracle.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:spec:
        .:
        f:adminPassword:
          .:
          f:secretKey:
          f:secretName:
        f:databaseRef:
        f:image:
          .:
          f:pullFrom:
          f:pullSecrets:
        f:ordsPassword:
          .:
          f:secretKey:
          f:secretName:
        f:restEnableSchemas:
    Manager:      kubectl-client-side-apply
    Operation:    Update
    Time:         2022-09-07T16:20:56Z
    API Version:  database.oracle.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        .:
        f:apexUrl:
        f:databaseActionsUrl:
        f:databaseApiUrl:
        f:databaseRef:
        f:image:
          .:
          f:pullFrom:
          f:pullSecrets:
        f:loadBalancer:
    Manager:      manager
    Operation:    Update
    Time:         2022-09-07T16:34:42Z
    API Version:  database.oracle.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        f:status:
    Manager:         manager
    Operation:       Update
    Subresource:     status
    Time:            2022-09-07T16:58:25Z
  Resource Version:  310396
  UID:               ea244096-0034-496c-8274-b7dc472ddb25
Spec:
  Admin Password:
    Keep Secret:  true
    Secret Key:   oracle_pwd
    Secret Name:  <secretName>
  Apex Password:
    Keep Secret:  true
    Secret Key:   oracle_pwd
    Secret Name:
  Database Ref:   sidb-sample
  Image:
    Pull From:     <imagePath>
    Pull Secrets:  azurecrkey
  Ords Password:
    Keep Secret:  true
    Secret Key:   oracle_pwd
    Secret Name:  ords-secret
  Persistence:
  Replicas:  1
  Rest Enable Schemas:
    Enable:       true
    Schema Name:  <schemaName>
Status:
  Apex URL:              Unavailable
  Database Actions URL:  Unavailable
  Database API URL:      Unavailable
  Database Ref:          sidb-sample
  Image:
    Pull From:     commerceimages.azurecr.io/oracle-db/ords:21.4.2-gh
    Pull Secrets:  azurecrkey
  Load Balancer:   false
  Status:          Error
Events:            <none>

Any idea?
We cannot proceed with any tests and we would really like to fully test this interesting option.

Thanks

RBAC is WAY to permissive

The operator cluster role grants access to a lot of resources/verbs cluster-wide, and I cannot imagine all these permissions are required to operate:

oracle-database-operator/oracle-database-operator.yaml

Lines 2528 to 2690 in bb344e4

- apiGroups:
- ""
resources:
- configmaps
- events
- pods
- pods/exec
- pods/log
- replicasets
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
- namespaces
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- events
- nodes
- persistentvolumeclaims
- pods
- pods/exec
- pods/log
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''''''
resources:
- statefulsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
- configmaps
- events
- namespaces
- nodes
- persistentvolumeclaims
- pods
- pods/exec
- pods/log
- secrets
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
- namespaces
- pods
- secrets
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- database.oracle.com
resources:
- autonomouscontainerdatabases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

In particular, CRUD on nodes and namespaces should NOT be required, making the operator an elevated component if installed like this. You should do a massive cleanup of the RBAC!

SIDB instance is not created when running in k8s cluster with IPV6 addresses

The DB operator creates a SIDB pod but the the PDB is not available for connections.

`[speriyat@speriyat-1 speriyat]$ kubectl get singleinstancedatabase -n ns-visgtc my-oracle-sidb -o "jsonpath={.status.pdbConnectString}"
fc00:f853:ccd:e793::2:30361/ORCLPDB1

[speriyat@speriyat-1 speriyat]$ kubectl exec -it -n ns-visgtc pod/my-oracle-sidb-t9bwa bash

Defaulted container "my-oracle-sidb" out of: my-oracle-sidb, init-permissions (init), init-wallet (init)

[oracle@my-oracle-sidb-t9bwa ~]$ sqlplus

SQL*Plus: Release 19.0.0.0.0 - Production on Wed Nov 1 03:26:13 2023
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle. All rights reserved.

Enter user-name: sys as sysdba
Enter password:

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0

SQL> connect sys/Oradoc_db1@[fc00:f853:ccd:e793::2]:30361/ORCLPDB1 as sysdba
ERROR:
ORA-12541: TNS:no listener

Warning: You are no longer connected to ORACLE.`

Error from server (InternalError): error when creating "oracle-database-operator.yaml"

Hello
I m trying to deploy the operator to a 2 nodes cluster
I have deployed the Install cert-manager
then when i m trying to Install of the Operator with the command kubectl apply -f oracle-database-operator.yaml (from a git clone) or with the command kubectl apply -f https://raw.githubusercontent.com/oracle/oracle-database-operator/main/oracle-database-operator.yaml

i m getting validation errors ( see last section)

no firewall no secureLinux

My configuration :

[oracle@cloud-dev oracle-database-operator]$ kubectl get nodes -o wide
 NAME          STATUS   ROLES   AGE     VERSION   INTERNAL-IP   EXTERNAL-IP      OS-IMAGE                  KERNEL-VERSION                      CONTAINER-RUNTIME
10.0.10.105   Ready    node    7h49m   v1.24.1   10.0.10.105   130.61.158.167   Oracle Linux Server 8.6   5.4.17-2136.314.6.2.el8uek.x86_64   cri-o://1.24.1-76.el8
10.0.10.69    Ready    node    7h49m   v1.24.1   10.0.10.69    130.61.100.1     Oracle Linux Server 8.6   5.4.17-2136.314.6.2.el8uek.x86_64   cri-o://1.24.1-76.el8
[oracle@cloud-dev oracle-database-operator]$ kubectl get pods -n kube-system

NAME                                   READY   STATUS    RESTARTS        AGE
coredns-998dd7c6b-mfvkl                1/1     Running   0               7h57m
coredns-998dd7c6b-qw52n                1/1     Running   0               7h47m
csi-oci-node-gtwnw                     1/1     Running   1 (7h47m ago)   7h49m
csi-oci-node-r2fq6                     1/1     Running   0               7h49m
kube-dns-autoscaler-7b7d7c5676-h6ktt   1/1     Running   0               7h57m
kube-flannel-ds-lx9ql                  1/1     Running   1 (7h47m ago)   7h49m
kube-flannel-ds-x5pd2                  1/1     Running   1 (7h47m ago)   7h49m
kube-proxy-4pzgz                       1/1     Running   0               7h49m
kube-proxy-cflg9                       1/1     Running   0               7h49m
proxymux-client-9xls8                  1/1     Running   0               7h49m
proxymux-client-cgbhj                  1/1     Running   0               7h49m
[oracle@cloud-dev oracle-database-operator]$ kubectl get sc
NAME               PROVISIONER                       RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
oci                oracle.com/oci                    Delete          Immediate              false                  7h57m
oci-bv (default)   blockvolume.csi.oraclecloud.com   Delete          WaitForFirstConsumer   true                   7h57m
[oracle@cloud-dev oracle-database-operator]$
[oracle@cloud-dev oracle-database-operator]$ kubectl version --short | awk -Fv '/Server Version: / {print $3}'
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
WARNING: version difference between client (1.26) and server (1.24) exceeds the supported minor version skew of +/-1
1.24.1

validatingwebhookconfiguration.admissionregistration.k8s.io/oracle-database-operator-validating-webhook-configuration configured
deployment.apps/oracle-database-operator-controller-manager unchanged
Error from server (InternalError): error when creating "oracle-database-operator.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": EOF
Error from server (InternalError): error when creating "oracle-database-operator.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": EOF

discussion: operators and operational ownership of created cloud components

Hi,

I do like the concept of abstracting operational complexity with operators and offering the Kubernetes API to provision and maintain cloud resources. Especially on databases though there might still be an operational component left.

For this I would like to start a bit of a discussion and start by bringing in a suggestion:

Usually there are DBA's taking care of operational aspects of Databases (also in the cloud), making sure they are monitoring and action is taken when they are faulty.

This operational ownership shifts a bit with using an operator - technical a developer can deploy a database by defining the CR and applying it. The question is: should this person then also be responsible for operating the DB?

An potential concept could be that DBA's are the ones maintaining the operator and encoding (config) compliance and operational requirements into the operator. Thus every DB created this way will adhere to the policies set by the DBA.

DBA's could maintain general operational ownership and have generic monitoring created via the operator as well.

What we would need for that:

  • the operator would need to support setting those requirements via config
  • the operator would need to bridge metrics/telemetry from the cloud resources into a common monitoring channel (like making it available via a metrics endpoint that then can be scraped via PodMonitor/ServiceMonitor)

This is not fully thought through yet and is just meant as a basis for discussion.

improve docs

Docs to start using this is not good, in general I tried to follow step by step thru readme and was not able to deploy any database.

There is even missing simple copy paste approach to deploy minimal Proof of concept environment.

Currently to deploy it you need a reverse engineer everything what for most of users will not fit at all

CDB and PDB resources cannot be operated in other namespaces than the one for OraOperator

OraOperator is installed in namespace "oracle-database-operator-system".
CDB resource is installed in another namespace, like "central-database".
PDB resource is installed in another namespace, like "myappdeployment".

The PDB resource needs to reference the CDB in charge to have create/clone/delete operations performed.
But the PDB YAML does not allow to specify the CDB's namespace, only the CDB name:
when specifying a namespace plus name (dot separated syntax), OraOperator cannot find the CDB resource.

When putting the PDB into the same namespace as the CDB (so it can be referenced properly),
then OraOperator is unable to contact the ORDS container because of the missing namespace in it's DNS name.
It should be "https://.:"

Please make OraOperator respect the namespaces of it's managed resources, where they are located in.
Please do NOT make OraOperator capable of having it installed multiple times. Operators should exist only once system-wide, or there may be many follow-up problems...

Unable to deploy DB

Trying to deploy Single Instance DB, however got into issues with AdminPassword.
Have created secrets file.
Now creation is going on for a long time.

It will be good if a working sample code is provided.

NameError: global name 'random' is not defined sharded deployement

Hello
I m trying to deploy a sharded configuration

i see the below error to the shards

p', 'OLDPWD': '/home/oracle', 'ORACLE_HOME': '/opt/oracle/product/21c/dbhome_1', 'KUBERNETES_PORT_12250_TCP_PROTO': 'tcp', 'PWD': '/opt/oracle/scripts/sharding'}
01/17/2023 12:31:31 PM     INFO: orafactory.py -    get_ora_objs    :Checking the OP_TYPE and Version to begin the installation
01/17/2023 12:31:31 PM     INFO: orafactory.py -    get_ora_objs    :OP_TYPE variable is set to primaryshard.
01/17/2023 12:31:31 PM     INFO: orafactory.py -    get_ora_objs    :Creating and calling instance to setup primary shard
01/17/2023 12:31:31 PM     INFO: oramachine.py -       setup        :Machine setup completed sucessfully!
01/17/2023 12:31:31 PM     INFO: orapshard.py  -    ohome_check     :ORACLE_HOME variable is set. Check Passed!
01/17/2023 12:31:31 PM     INFO: orapshard.py  -    ohome_check     :ORACLE_HOME /opt/oracle/product/21c/dbhome_1 dirctory exist. Directory Check passed!
01/17/2023 12:31:31 PM  WARNING: orapshard.py  -    passwd_check    :SECRET_VOLUME passed as an env variable and set to /mnt/secrets
01/17/2023 12:31:31 PM  WARNING: orapshard.py  -    passwd_check    :COMMON_OS_PWD_FILE passed as an env variable and set to common_os_pwdfile.enc
01/17/2023 12:31:31 PM  WARNING: orapshard.py  -    passwd_check    :PWD_KEY passed as an env variable and set to pwd.key
Traceback (most recent call last):
  File "main.py", line 150, in <module>
    main()
  File "main.py", line 146, in main
    obj.setup()
  File "/opt/oracle/scripts/sharding/orapshard.py", line 87, in setup
    self.db_checks()
  File "/opt/oracle/scripts/sharding/orapshard.py", line 125, in db_checks
    self.passwd_check()
  File "/opt/oracle/scripts/sharding/orapshard.py", line 198, in passwd_check
    password  =  "".join(random.sample(s,passlen ))
NameError: global name 'random' is not defined

The databases are up

the command is not reporting any external-ip is this an error ?

I have deployed the sharding config to a 3 nodes OCI cluster , with public endpoints

kubectl get all -n operator-sharding

NAME            READY   STATUS    RESTARTS   AGE
pod/catalog-0   1/1     Running   0          27m
pod/gsm1-0      1/1     Running   1          27m
pod/gsm2-0      1/1     Running   0          27m
pod/shard1-0    1/1     Running   0          27m
pod/shard2-0    1/1     Running   0          27m

NAME              TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                               AGE
service/catalog   ClusterIP   None         <none>        1521/TCP,6234/TCP,6123/TCP,8080/TCP   27m
service/gsm1      ClusterIP   None         <none>        1522/TCP,6234/TCP,6123/TCP,8080/TCP   27m
service/gsm2      ClusterIP   None         <none>        1522/TCP,6234/TCP,6123/TCP,8080/TCP   27m
service/shard1    ClusterIP   None         <none>        1521/TCP,6234/TCP,6123/TCP,8080/TCP   27m
service/shard2    ClusterIP   None         <none>        1521/TCP,6234/TCP,6123/TCP,8080/TCP   27m

NAME                       READY   AGE
statefulset.apps/catalog   1/1     27m
statefulset.apps/gsm1      1/1     27m
statefulset.apps/gsm2      1/1     27m
statefulset.apps/shard1    1/1     27m
statefulset.apps/shard2    1/1     27m

kubectl get nodes -o wide

NAME          STATUS   ROLES   AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                  KERNEL-VERSION                      CONTAINER-RUNTIME
10.0.10.106   Ready    node    49m   v1.25.4   10.0.10.106   <none>        Oracle Linux Server 8.6   5.4.17-2136.314.6.2.el8uek.x86_64   cri-o://1.25.1-111.el8
10.0.10.176   Ready    node    49m   v1.25.4   10.0.10.176   <none>        Oracle Linux Server 8.6   5.4.17-2136.314.6.2.el8uek.x86_64   cri-o://1.25.1-111.el8
10.0.10.76    Ready    node    49m   v1.25.4   10.0.10.76    <none>        Oracle Linux Server 8.6   5.4.17-2136.314.6.2.el8uek.x86_64   cri-o://1.25.1-111.el8

Enterprise SIDB Provisioning Fails on getting Oracle Base

When deploying a SIDB using an Oracle 19c or 21c image from Oracle's container registry and the 0.2.1 version of the operator, we are getting errors upon startup of the database using the operator.

21c image:

Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
The listener supports no services
The command completed successfully
Prepare for db operation
8% complete
Copying database files
9% complete
[WARNING] ORA-09925: Unable to create audit trail file

[FATAL] ORA-01034: ORACLE not available

31% complete
100% complete
[FATAL] ORA-01034: ORACLE not available

8% complete
0% complete
Look at the log file "/home/oracle/Cannot obtain the oracle base/cfgtoollogs/dbca/ENT123/ENT123.log" for further details.
cat: /opt/oracle/cfgtoollogs/dbca/ENT123/ENT123.log: No such file or directory
cat: /opt/oracle/cfgtoollogs/dbca/ENT123.log: No such file or directory

19c image

Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
The listener supports no services
The command completed successfully
PRCR-1159 : Failed to create file output stream because of empty file name
PRCR-1159 : Failed to create file output stream because of empty file name
[FATAL] [DBT-06604] The location specified for 'Data Files Location' has insufficient free space.
CAUSE: Only (0MB) free space is available on the location (?g3?/oradata/ENT123).
ACTION: Choose a 'Data Files Location' that has enough space (minimum of (3,603MB)) or free up space on the specified location.
cat: /opt/oracle/cfgtoollogs/dbca/ENT123/ENT123.log: No such file or directory
cat: /opt/oracle/cfgtoollogs/dbca/ENT123.log: No such file or directory

In either case, it seems like the ORACLE_BASE value isn't being retrieved properly from the Oracle provided image. Both test cases run in TKG clusters on vSphere with Tanzu 7 on Kubernetes 1.21. A 100GB PV is successfully provisioned for both and bound via a PVC successfully but is unutilized due to the missing ORACLE_BASE value.
Both images are provided from:
registry.oracle.com/database/enterprise:latest
registry.oracle.com/database/enterprise:19.3.0.0

SIDB: problem with TCPS support

Hello fellow OraOperator's :-)
I like the feature that a SIDB can be published through SSL ports.
Curently, OraOperator handles the creation and refreshing of certificates.
This is done by OraOperator which creates a self-signed certificate as the root CA, then creating a certificate to be put in the DB wallet.

This gives a problem:
Only C-written programs like sqlcl , sqlplus would tolerate a self-signed root CA certificate, all Java Clients and most other languages would complain about an invalid or missing root CA. Customers would be forced to add this self-signed root CA certificate to their JDKs trust-path or so.

This gives another problem:
Customers would not be able to use their own official root CA certificates for clean certificate creation.

This also gives a disadvantage:
Its feasible to copy out the database certificate and the whole wallet through "kubectl cp" commands, a more kubernetes-conforming way would be to pack the database client wallet inside a kubernetes secret instead.

Suggestion on solution:
Do not let OraOperator handle Certificates for DB wallets. OraOperator already uses cert-manager for a ValidatingWebHook, why not also use it for creating/refreshing certificates once the customer has also supplied an official rootCA certificate to cert-manager ?
OraOperator could check if there is a new / refreshed certificate available (most often a kubernetes secret of certificate type) and create a DB wallet from it.
OraOperator could also create/refresh the DB client wallet into a kubernetes secret, which could then be easily used in client deployments just by mounting them.

What do You think? Feasible, meaningful, other plans ?

K8s service clash when name is identical (SIDB/ORDS)

Hello,
Given the following abbrv. manifest (note that order was determined by kustomize):

apiVersion: database.oracle.com/v1alpha1
kind: OracleRestDataService
metadata:
  name: myproj
  namespace: oracle-database-operator-system
spec:
  databaseRef: myproj
---
apiVersion: database.oracle.com/v1alpha1
kind: SingleInstanceDatabase
  name: myproj
  namespace: oracle-database-operator-system

When applied, the cluster-wide service for the database is not created because the ORDS one, of the same name, gets in first:

NAME                    TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                         
service/myproj          NodePort    10.108.1.151     <none>        8443:32279/TCP                  
service/myproj          NodePort    10.108.217.120   <none>        5500:31293/TCP,1521:32571/TCP

First impressions looks like everything is working fine (both SIDB and ORDS pods are in a running/ready state). However, ORDS does fail to install as it cannot connect to the database due to the missing ClusterIP service, but this is only determined by examining the logs. Other services cannot connect to the database, except through the -ext service. No errors are raised during apply.

Resolved by ensuring names were unique (by appending -db/-ords). Result:

NAME                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      
service/myproj-db       ClusterIP   10.100.48.43    <none>        1521/TCP                     
service/myproj-db-ext   NodePort    10.109.9.224    <none>        5500:31574/TCP,1521:30682/TCP
service/myproj-ords     NodePort    10.100.53.16    <none>        8443:31610/TCP

x509: certificate has expired or is not yet valid

After applying an ADBS yaml, I get an error:

Resource: "database.oracle.com/v1alpha1, Resource=autonomousdatabases", GroupVersionKind: "database.oracle.com/v1alpha1, Kind=AutonomousDatabase"
Name: "autonomousdatabase-sample", Namespace: "oracle-database-operator-system"
for: "adbs.yaml": Internal error occurred: failed calling webhook "mautonomousdatabase.kb.io": failed to call webhook: Post "https://oracle-database-operator-webhook-service.oracle-database-operator-system.svc:443/mutate-database-oracle-com-v1alpha1-autonomousdatabase?timeout=10s": x509: certificate has expired or is not yet valid: current time 2022-10-14T08:42:12Z is after 2022-10-13T14:21:51Z

Is ther a procedure in the operator to update an expired certificate?

ORDS pod connection string issue

How do I attach the conn_string.txt file to the ORDS image?
I am following these steps to manage PDBs on a CDB. Using the CDB yaml file, it gives me an error saying CONN_STRING_FILE has not been added.
The error:
INFO : This container will start a service running ORDS 22.4.4 and APEX 22.2.0. ERROR: CONN_STRING_FILE has not added, create a file with CONN_STRING variable and added as docker volume: mkdir volume ; echo 'CONN_STRING=user/password@hostname:port/service_name' > volume/conn_string.txt

I am able to run a separate ORDS deployment and have attached the conn_string.txt file using a configMap and am able to connect to the CDB I have running.
How do I solve this issue?

Add comment on v0.1.0 to v0.2.0 upgrade

Please add at least one line comment in the Quick Install section of the README that "kubectl apply..." will also upgrade an existing v0.1.0 operator installation to v0.2.0.

Thanks

Documentation: OCI NFS Volume Static Provisioning

  • For the Single Instance Database configuration, the example OCI NFS Volume Static Provisioning syntax is misleading :
    Current format : volumeHandle: "<OCID of the file system>:<Mount Target>/<Export Path>"
    ==> Should be : volumeHandle: "<OCID of the file system>:<Mount Target IP Address>:/<Export Path>"

  • Adding an example would be helpful :
    volumeHandle: "ocid1.filesystem.oc1.eu_frankfurt_1.aaaaaqe3bj...eaaa:10.0.10.156:/FileSystem-20220713-1036-02"

  • Text in the description should also refer to the Mount Target IP Address instead of the Mount Target (which also has a name in the OCI console)

  • Please point out you need to open the required ports in the K8S node Subnet secu list for nfs to function, refer to this page : https://docs.oracle.com/en-us/iaas/Content/File/Tasks/securitylistsfilestorage.htm

  • Text "So specify, in gibibytes (GiB), the maximum capacity reported by file systems exported through this mount target. " :
    ==> Please detail this is to be done on the level of the OCI Console, in the configuration of the OCI mount point itself, not in the yaml file you are describing in this paragraph (and where you also specify the FS size).

Failover error due to missing admin-password

The admin-password need to persist to support failover.

For example if you create a single instance database and then kill the pod to relocate to another node the pod can start on a different node but the Operator reports an error.

Unable to stop and start Single Instance Database

Operator need to provide the ability to stop (normal, immediate & shutdown) and start the database

When using the Oracle database images with a statefulset replicas can be set to 0 or 1 to stop & start, however this is not possible with the operator.

Unable to set resources for Single Instance Database

Hello,

When creating such a database it is not possible to set the resources property in the spec. When the pod starts it complains about needing at least 2GB of memory (Express edition), but it got only 512MB. This was probably all that remained on the node it was scheduled to. With the resources property the scheduler could be forced to select a proper node.

Best regards,

Werner.

creating and binding ADB's

Hi
Is creating and binding ADB's already working? As for the OCI operator, one has to install the SDK with OLM, I don't see this coming back here

Thanks

arm support for the operator image

with growing support of arm it would make sense to have the operator also be available as arm images in the registry

currently it only supports linux/amd64

Error mapping existing PDB: "ORDSError", "message": "Failed: Unauthorized"

I'm trying to create CDB and PDB CRDs for an on-prem database.

The CDB creation apparently was successful, but I keep getting error 401 when I try to map the PDB (I think that Map is the right action, but I've also tried Create with similar results).

I think the controller manager is getting this error from ORDS, but I can't find what config I'm missing to cause this error.

kubectl get cdbs -n oracle-database-operator-system

NAME   CDB NAME   DB SERVER       DB PORT   SCAN NAME   REPLICAS   STATUS   MESSAGE
cdb1   cdb1       10.160.106.88   1521      cdb1        1          Ready

kubectl get pdbs -n oracle-database-operator-system

NAME   CONNECT STRING   CDB NAME   PDB NAME   PDB STATE   PDB SIZE   STATUS   MESSAGE
pdb1                    cdb1       pdb1       UNKNOWN                Failed   ORDS Error - HTTP Status Code:401

kubectl logs -n oracle-database-operator-system -l control-plane=controller-manager -f

2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "UID": "ea47175b-c130-49c0-b130-19d8248d4bc9", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Setting default values in PDB spec for : pdb1
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - reuseTempFile : true
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - unlimitedStorage : true
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - tdeImport : false
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - tdeExport : false
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - asClone : false
2022-12-13T15:23:58Z	INFO	pdb-webhook	 - getScript : false
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "ea47175b-c130-49c0-b130-19d8248d4bc9", "allowed": true}
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "UID": "747dc310-cb33-4f7f-84fd-8722200056e0", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	ValidateCreate-Validating PDB spec for : pdb1
2022-12-13T15:23:58Z	INFO	pdb-webhook	validateCommon	{"name": "pdb1"}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Valdiating PDB Resource Action : MAP
2022-12-13T15:23:58Z	INFO	pdb-webhook	PDB Resource : pdb1 successfully validated for Action : MAP
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "747dc310-cb33-4f7f-84fd-8722200056e0", "allowed": true}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Reconcile requested	{"onpremdboperator": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Adding finalizer	{"managePDBDeletion": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "UID": "72994449-d5c5-469a-ab44-5996cd13ea07", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Setting default values in PDB spec for : pdb1
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/mutate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "72994449-d5c5-469a-ab44-5996cd13ea07", "allowed": true}
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	received request	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "UID": "68eafb19-f11f-498c-adc3-72a6072fa2fc", "kind": "database.oracle.com/v1alpha1, Kind=PDB", "resource": {"group":"database.oracle.com","version":"v1alpha1","resource":"pdbs"}}
2022-12-13T15:23:58Z	INFO	pdb-webhook	ValidateUpdate-Validating PDB spec for : pdb1
2022-12-13T15:23:58Z	INFO	pdb-webhook	validateCommon	{"name": "pdb1"}
2022-12-13T15:23:58Z	INFO	pdb-webhook	Valdiating PDB Resource Action : MAP
2022-12-13T15:23:58Z	DEBUG	controller-runtime.webhook.webhooks	wrote response	{"webhook": "/validate-database-oracle-com-v1alpha1-pdb", "code": 200, "reason": "", "UID": "68eafb19-f11f-498c-adc3-72a6072fa2fc", "allowed": true}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Found PDB: pdb1	{"checkDuplicatePDB": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Validating PDB phase for: pdb1	{"validatePhase": "oracle-database-operator-system/pdb1", "Action": "MAP"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Validation complete	{"validatePhase": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	PDB:	{"onpremdboperator": "oracle-database-operator-system/pdb1", "Name": "pdb1", "Phase": "Mapping", "Status": "false"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Found CR for CDB	{"getCDBResource": "oracle-database-operator-system/pdb1", "Name": "cdb1", "CR Name": "cdb1"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Issuing REST call	{"callAPI": "oracle-database-operator-system/pdb1", "URL": "http://cdb1-ords:8888/ords/_/db-api/latest/database/pdbs/pdb1/", "Action": "GET"}
2022-12-13T15:23:58Z	INFO	controllers.PDB	Found CR for CDB	{"getCDBResource": "oracle-database-operator-system/pdb1", "Name": "cdb1", "CR Name": "cdb1"}
2022-12-13T15:23:59Z	INFO	controllers.PDB	ORDS Error - HTTP Status Code :401	{"callAPI": "oracle-database-operator-system/pdb1", "Err": "\n{\n    \"code\": \"Unauthorized\",\n    \"message\": \"Unauthorized\",\n    \"type\": \"tag:oracle.com,2020:error/Unauthorized\",\n    \"instance\": \"tag:oracle.com,2020:ecid/nVFy_LEmkC2NpInSAjA6bw\"\n}"}
2022-12-13T15:23:59Z	INFO	controllers.PDB	Reconcile completed	{"onpremdboperator": "oracle-database-operator-system/pdb1"}
2022-12-13T15:23:59Z	DEBUG	events	Warning	{"object": {"kind":"PDB","namespace":"oracle-database-operator-system","name":"pdb1","uid":"a3ae6a10-f378-4b66-80d7-9b00569316a5","apiVersion":"database.oracle.com/v1alpha1","resourceVersion":"861439"}, "reason": "ORDSError", "message": "Failed: Unauthorized"}

kubectl logs -n oracle-database-operator-system -l name=cdb1-ords -f

db.username=ORDS_PUBLIC_USER
restEnabledSql.active=true
resource.templates.enabled=true
db.port=1521
feature.sdw=true
db.connectionType=basic

2022-12-13T14:28:04.620Z WARNING     *** jdbc.MaxLimit in configuration |apex|pu| is using a value of 10, this setting may not be sized adequately for a production environment ***
2022-12-13T14:28:04.620Z WARNING     *** jdbc.InitialLimit in configuration |apex|pu| is using a value of 3, this setting may not be sized adequately for a production environment ***
2022-12-13T14:28:05.604Z WARNING     :::got unchecked exception from user-defined connection labeling callback

cdb-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: cdb1-secret
  namespace: oracle-database-operator-system
type: Opaque
data:
  ords_pwd: " T3JhY2xlXzEyMyEK"
  sysadmin_pwd: " T3JhY2xlXzEyMyEK"
  cdbadmin_user: "QyMjREJBUElfQ0RCX0FETUlOCg=="
  cdbadmin_pwd: " T3JhY2xlXzEyMyEK"
  webserver_user: "c3FsX2FkbWluCg=="
  webserver_pwd: " T3JhY2xlXzEyMyEK"

pdb-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: pdb1-secret
  namespace: oracle-database-operator-system
type: Opaque
data:
  sysadmin_user: "cGRiYWRtaW4="
  sysadmin_pwd: " T3JhY2xlXzEyMyEK"

cdb.yaml

apiVersion: database.oracle.com/v1alpha1
kind: CDB
metadata:
  name: cdb1
  namespace: oracle-database-operator-system
spec:
  cdbName: "cdb1"
  scanName: "cdb1"
  dbServer: "10.160.106.88"
  dbPort: 1521
  replicas: 1
  ordsImage: "533693045312.dkr.ecr.us-west-2.amazonaws.com/oracle-database:21.4.3-ords"
  ordsImagePullPolicy: "Always"
  # Uncomment Below Secret Format for accessing ords image from private docker registry
  ordsImagePullSecret: "aws-ecr-cred"
  serviceName: "cdb1"
  sysAdminPwd:
    secret:
      secretName: "cdb1-secret"
      key: "sysadmin_pwd"
  ordsPwd:
    secret:
      secretName: "cdb1-secret"
      key: "ords_pwd"
  cdbAdminUser:
    secret:
      secretName: "cdb1-secret"
      key: "cdbadmin_user"
  cdbAdminPwd:
    secret:
      secretName: "cdb1-secret"
      key: "cdbadmin_pwd"
  webServerUser:
    secret:
      secretName: "cdb1-secret"
      key: "webserver_user"
  webServerPwd:
    secret:
      secretName: "cdb1-secret"
      key: "webserver_pwd"

pdb.yaml

apiVersion: database.oracle.com/v1alpha1
kind: PDB
metadata:
  name: pdb1
  namespace: oracle-database-operator-system
  labels:
    cdb: cdb1
spec:
  cdbResName: "cdb1"
  cdbName: "cdb1"
  pdbName: "pdb1"
  adminName:
    secret:
      secretName: "pdb1-secret"
      key: "sysadmin_user"
  adminPwd:
    secret:
      secretName: "pdb1-secret"
      key: "sysadmin_pwd"
  fileNameConversions: "NONE"
  totalSize: "1G"
  tempSize: "100M"
  action: "Map"

Sample SecurityContextConstraints does not seem to work certain Enterprise Openshift platforms

Sample SecurityContextConstraints provided in sidb does not seem to work on IBM Cloud Openshift container Platform

https://github.com/oracle/oracle-database-operator/blob/main/config/samples/sidb/openshift_rbac.yaml

Can someon help me with this, as i am not able to figure out why the CR is not able to find the sidb-scc

oc get SecurityContextConstraints | grep sidb
sidb-scc                       false   ["*"]                                                                                                                                                      RunAsAny    MustRunAsRange     MustRunAs   MustRunAs   <no value>   false            ["awsElasticBlockStore","azureDisk","azureFile","cephFS","cinder","configMap","csi","downwardAPI","emptyDir","ephemeral","fc","flexVolume","flocker","gcePersistentDisk","gitRepo","glusterfs","iscsi","nfs","persistentVolumeClaim","photonPersistentDisk","portworxVolume","projected","quobyte","rbd","scaleIO","secret","storageOS","vsphere"]

oc get sa | grep sidb
sidb-sa                    2         9m32s

oc get role | grep sidb
use-sidb-scc                                                      2023-03-05T04:45:03Z

oc get rolebinding | grep sidb
use-sidb-scc                                                      Role/use-sidb-scc                                                      5m16s

Stack trace:

oc get SingleInstanceDatabase prebuiltdb-sample
NAME                EDITION   STATUS    VERSION       CONNECT STR   OEM EXPRESS URL
prebuiltdb-sample   Express   Pending   Unavailable   Unavailable   Unavailable

status:
  cloneFrom: Unavailable
  conditions:
  - lastTransitionTime: "2023-03-05T04:53:44Z"
    message: 'pods "prebuiltdb-sample-f58im" is forbidden: unable to validate against
      any security context constraint: [provider "anyuid": Forbidden: not usable by
      user or serviceaccount, provider "pipelines-scc": Forbidden: not usable by user
      or serviceaccount, provider "db2u-c-db2wh-iot-scc": Forbidden: not usable by
      user or serviceaccount, spec.containers[0].securityContext.runAsUser: Invalid
      value: 54321: must be in the ranges: [1000730000, 1000739999], provider "ibm-restricted-scc":
      Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden:
      not usable by user or serviceaccount, provider "sidb-scc": Forbidden: not usable
      by user or serviceaccount, provider "ibm-anyuid-scc": Forbidden: not usable
      by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable
      by user or serviceaccount, provider "ibm-anyuid-hostpath-scc": Forbidden: not
      usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable
      by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user
      or serviceaccount, provider "nfd-worker": Forbidden: not usable by user or serviceaccount,
      provider "ibm-anyuid-hostaccess-scc": Forbidden: not usable by user or serviceaccount,
      provider "nvidia-driver": Forbidden: not usable by user or serviceaccount, provider
      "nvidia-gpu-feature-discovery": Forbidden: not usable by user or serviceaccount,
      provider "nvidia-mig-manager": Forbidden: not usable by user or serviceaccount,
      provider "nvidia-node-status-exporter": Forbidden: not usable by user or serviceaccount,
      provider "nvidia-operator-validator": Forbidden: not usable by user or serviceaccount,
      provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider
      "ibm-privileged-scc": Forbidden: not usable by user or serviceaccount, provider
      "nvidia-dcgm": Forbidden: not usable by user or serviceaccount, provider "nvidia-dcgm-exporter":
      Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden:
      not usable by user or serviceaccount]'

Missing cdbTlsKey and cdbTlsCrt keys in cdb.yaml

When creating CDB custom resource using sample cdb.yaml file (https://github.com/oracle/oracle-database-operator/blob/main/config/samples/multitenant/cdb.yaml), request fails with:

$ kubectl apply -f cdb.yaml
The CDB "cdb-db21" is invalid: 
 * spec.cdbTlsKey: Required value: Please specify CDB Tls key(secret)
 * spec.cdbTlsCrt: Required value: Please specify CDB Tls Certificate(secret)

This is because cdbTlsKey and cdbTlsCrt keys are missing from cdb.yaml file. The issue can be fixed by adding following to specs: section of cdb.yaml file:

spec:
...
  cdbTlsKey:
    secret:
      secretName: "db-tls"
      key: "tls.key"
  cdbTlsCrt:
    secret:
      secretName: "db-tls"
      key: "tls.crt"
...

staticcheck reports issues

running staticheck on code is producing following violations:

staticcheck ./...
commons/oci/database.go:178:3: this value of ok is never used (SA4006)
commons/oci/database.go:503:6: func getConflictRetryPolicy is unused (U1000)
commons/oci/provider.go:80:15: error strings should not be capitalized (ST1005)
commons/oci/provider.go:80:15: error strings should not end with punctuation or a newline (ST1005)
commons/sharding/exec.go:55:181: error should be returned as the last argument (ST1008)
commons/sharding/gsm.go:432:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/provstatus.go:90:6: should omit comparison to bool constant, can be simplified to instance.Spec.IsExternalSvc (S1002)
commons/sharding/provstatus.go:138:6: should omit comparison to bool constant, can be simplified to instance.Spec.IsExternalSvc (S1002)
commons/sharding/provstatus.go:196:6: should omit comparison to bool constant, can be simplified to instance.Spec.IsExternalSvc (S1002)
commons/sharding/provstatus.go:254:3: unnecessary guard around call to delete (S1033)
commons/sharding/provstatus.go:279:3: unnecessary guard around call to delete (S1033)
commons/sharding/provstatus.go:304:3: unnecessary guard around call to delete (S1033)
commons/sharding/provstatus.go:338:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/provstatus.go:358:10: error strings should not be capitalized (ST1005)
commons/sharding/provstatus.go:380:3: unnecessary guard around call to delete (S1033)
commons/sharding/scommon.go:221:6: should omit comparison to bool constant, can be simplified to masterFlag (S1002)
commons/sharding/scommon.go:315:27: should omit comparison to bool constant, can be simplified to instance.Spec.IsDebug (S1002)
commons/sharding/scommon.go:489:2: this value of labelSelector is never used (SA4006)
commons/sharding/scommon.go:497:11: error strings should not be capitalized (ST1005)
commons/sharding/scommon.go:615:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:734:9: empty branch (SA9003)
commons/sharding/scommon.go:747:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:789:6: func labelsForShardingDatabaseKind is unused (U1000)
commons/sharding/scommon.go:800:6: func removeAlpha is unused (U1000)
commons/sharding/scommon.go:839:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:845:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:851:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:863:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:899:6: func getGsmShardValidateCmd is unused (U1000)
commons/sharding/scommon.go:900:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:906:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:911:6: func getGsmAddShardGroupCmd is unused (U1000)
commons/sharding/scommon.go:912:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:918:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:924:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:961:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:1013:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/scommon.go:1166:4: error should be returned as the last argument (ST1008)
commons/sharding/shard.go:108:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/shard.go:358:2: this value of service is never used (SA4006)
commons/sharding/shard.go:405:2: should merge variable declaration with assignment on next line (S1021)
commons/sharding/shard.go:421:2: should merge variable declaration with assignment on next line (S1021)
controllers/database/shardingdatabase_controller.go:155:2: this value of idx is never used (SA4006)
controllers/database/shardingdatabase_controller.go:173:6: should omit comparison to bool constant, can be simplified to isShardTopologyDeleteTrue (S1002)
controllers/database/shardingdatabase_controller.go:285:6: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:305:7: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:379:6: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:463:9: should omit comparison to bool constant, can be simplified to oshInst.deltopology (S1002)
controllers/database/shardingdatabase_controller.go:501:72: should omit comparison to bool constant, can be simplified to !r.osh[idx].onsProviderFlag (S1002)
controllers/database/shardingdatabase_controller.go:545:4: error should be returned as the last argument (ST1008)
controllers/database/shardingdatabase_controller.go:567:10: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:606:2: this value of sfSetFound is never used (SA4006)
controllers/database/shardingdatabase_controller.go:607:2: this value of svcFound is never used (SA4006)
controllers/database/shardingdatabase_controller.go:877:11: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:881:11: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:885:11: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:987:9: empty branch (SA9003)
controllers/database/shardingdatabase_controller.go:990:5: should omit comparison to bool constant, can be simplified to updateFlag (S1002)
controllers/database/shardingdatabase_controller.go:1028:7: should omit comparison to bool constant, can be simplified to !availableFlag (S1002)
controllers/database/shardingdatabase_controller.go:1036:5: should omit comparison to bool constant, can be simplified to availableFlag (S1002)
controllers/database/shardingdatabase_controller.go:1047:2: this value of gsmSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1051:2: this value of podList is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1075:28: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:1101:7: should omit comparison to bool constant, can be simplified to !availlableFlag (S1002)
controllers/database/shardingdatabase_controller.go:1109:5: should omit comparison to bool constant, can be simplified to availlableFlag (S1002)
controllers/database/shardingdatabase_controller.go:1113:35: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:1121:2: this value of catalogSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1123:2: this value of podList is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1146:36: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:1166:2: this value of shardSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1208:2: this value of gsmPod is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1225:2: this value of shardSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1234:7: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:1272:5: should omit comparison to bool constant, can be simplified to eventMsgFlag (S1002)
controllers/database/shardingdatabase_controller.go:1299:5: should omit comparison to bool constant, can be simplified to eventMsgFlag (S1002)
controllers/database/shardingdatabase_controller.go:1325:5: should omit comparison to bool constant, can be simplified to eventMsgFlag (S1002)
controllers/database/shardingdatabase_controller.go:1355:5: should omit comparison to bool constant, can be simplified to eventMsgFlag (S1002)
controllers/database/shardingdatabase_controller.go:1366:2: this value of shardSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1386:7: should omit comparison to bool constant, can be simplified to !OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:1387:8: should omit comparison to bool constant, can be simplified to !setLifeCycleFlag (S1002)
controllers/database/shardingdatabase_controller.go:1428:6: should omit comparison to bool constant, can be simplified to deployFlag (S1002)
controllers/database/shardingdatabase_controller.go:1433:5: should omit comparison to bool constant, can be simplified to errStr (S1002)
controllers/database/shardingdatabase_controller.go:1435:10: error strings should not be capitalized (ST1005)
controllers/database/shardingdatabase_controller.go:1435:10: error strings should not end with punctuation or a newline (ST1005)
controllers/database/shardingdatabase_controller.go:1481:2: this value of shardSfSet is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1482:2: this value of shardPod is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1484:2: this value of gsmPod is never used (SA4006)
controllers/database/shardingdatabase_controller.go:1495:7: should omit comparison to bool constant, can be simplified to OraShardSpex.IsDelete (S1002)
controllers/database/shardingdatabase_controller.go:1496:8: should omit comparison to bool constant, can be simplified to !setLifeCycleFlag (S1002)
controllers/database/shardingdatabase_controller.go:1597:2: this value of svcFound is never used (SA4006)
main.go:122:2: this value of i is never used (SA4006)
test/e2e/autonomousdatabase_controller_bind_test.go:64:8: const bindingHardLinkTestFileName is unused (U1000)
test/e2e/autonomousdatabase_controller_create_test.go:63:3: const changeStateTimeout is unused (U1000)
test/e2e/autonomousdatabase_controller_create_test.go:64:3: const changeStateInterval is unused (U1000)
test/e2e/behavior/shared_behaviors.go:48:2: should not use dot imports (ST1001)
test/e2e/behavior/shared_behaviors.go:49:2: should not use dot imports (ST1001)
test/e2e/util/oci_config_util.go:137:2: ineffective assignment to field configUtil.provider (SA4005)
test/e2e/util/oci_config_util.go:196:54: should omit nil check; len() for nil slices is defined as zero (S1009)
test/e2e/util/oci_vault_request.go:52:6: func waitForVaultStatePolicy is unused (U1000)

Replication does not work.

Are there any extra configuration changes needed for replication to work in the single instance database? If I start a replication, one of the replicas gives an error, while the other starts.

Add Changelog or update release description

Hello,

I was notified, that a new release of the oracle-database-operator was released. But I was not able to see what has changed on first sight. Could you please implement either a Changelog or a release description here on Github?

Kind regards
Philip

Roadmap features

Hi,

Is there a plan to support the following features (for SIDB):

  • RMAN backup
  • Observer and automatic failover
  • Anti-affinity (to guarantee that primary and physical standby(s) are not scheduled on the same worker, in a Dataguard setup).

Also, is expansion of storage already supported? Assuming the storageClass has allowVolumeExpansion set to true, would it work to adjust spec.persistence.size and run kubectl apply (or patch the PVC manually). When I tried this on a physical database instance the PVC size was increased but the pod (after restart) got stuck in Init.

Best regards,
Andreas

Improve docs

[Copied from internal feedback]
This readme step doesn’t work on windows:
https://github.com/oracle/oracle-database-operator/blob/main/docs/adb/README.md

Step 2: Provision an Autonomous Database
kubectl create secret generic admin-password --from-literal=admin-password=‘password_here’
The quotes around the password are taken literally and are not allowed as a database password.

My advice is to replace the quotes with <<password_here>>

Cannot deploy XEDB-Sample

Environment:

  • OS: Windows 11 (WSL2) and macOS Monterey Version 12.6
  • Docker Desktop 4.15.0 (93002)
  • Running on minikube version: v1.26.0

Installation

  1. Installed the operator
  2. Changed PWDs in config\samples\sidb\singleinstancedatabase_secrets.yaml
  3. Changed "storageClass" to "standard" in config\samples\sidb\singleinstancedatabase_express.yaml
  4. kubectl apply -f singleinstancedatabase_express.yaml

Result

>> kubectl logs xedb-sample-a62zg
Error from server (NotFound): pods "xedb-sample-a62zg" not found
>> kubectl get pods
NAME                READY   STATUS     RESTARTS   AGE
xedb-sample-f9unn   0/1     Init:0/2   0          46s
>> kubectl get pods
NAME                READY   STATUS     RESTARTS   AGE
xedb-sample-f9unn   0/1     Init:0/2   0          48s
>> kubectl get pods
NAME                READY   STATUS     RESTARTS   AGE
xedb-sample-f9unn   0/1     Init:0/2   0          53s
>> kubectl get pods
NAME                READY   STATUS     RESTARTS   AGE
xedb-sample-hco8y   0/1     Init:0/2   0          20s
>> kubectl get pods
NAME                READY   STATUS     RESTARTS   AGE
xedb-sample-k0a2g   0/1     Init:0/2   0          87s
>> kubectl get pods
NAME                READY   STATUS     RESTARTS   AGE
xedb-sample-k0a2g   0/1     Init:0/2   0          2m47s
>> kubectl get pods
NAME                READY   STATUS     RESTARTS   AGE
xedb-sample-k0a2g   0/1     Init:0/2   0          2m51s
>> kubectl get pods
NAME                READY   STATUS     RESTARTS   AGE
xedb-sample-k0a2g   0/1     Init:0/2   0          3m17s

Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  2m43s  default-scheduler  Successfully assigned default/xedb-sample-tay14 to minikube
  Normal  Pulling    2m42s  kubelet            Pulling image "container-registry.oracle.com/database/express:latest"

It seems that he is not able to pull the images and minikube is creating pod after pod....

Can you support us here?

Thanks.

ORDS pod creation issue

Hello,

I had an issue with the creation of an ORDS pod on top of a database pod, both created using the operator.
After a successful database creation, I used the standard provided yaml fil to create the ORDS pod but whereas the service was created, the pod wasn't.
ORDS pod creation logs :
2023-03-16T17:44:23Z INFO controllers.OracleRestDataService Found Existing Service {"createSVC": "default/ordsmg", "Service.Name": "ordsmg"}
2023-03-16T17:44:23Z INFO controller.oraclerestdataservice No ordsmg Pod is Ready {"reconciler group": "database.oracle.com", "reconciler kind": "OracleRestDataService", "name": "ordsmg", "namespace": "default", "FindPods": "default/ordsmg"}
2023-03-16T17:44:23Z INFO controller.oraclerestdataservice ordsmg Pods Available ( Other Than Ready Pod ) {"reconciler group": "database.oracle.com", "reconciler kind": "OracleRestDataService", "name": "ordsmg", "namespace": "default", "FindPods": "default/ordsmg", " Names :": []}
2023-03-16T17:44:23Z INFO controller.oraclerestdataservice Total No Of ordsmg PODS {"reconciler group": "database.oracle.com", "reconciler kind": "OracleRestDataService", "name": "ordsmg", "namespace": "default", "FindPods": "default/ordsmg", "Count": 0}
2023-03-16T17:44:23Z INFO controllers.OracleRestDataService PVC already exists {"createPVC": "default/ordsmg"}
2023-03-16T17:44:23Z INFO controller.oraclerestdataservice Ready Pod {"reconciler group": "database.oracle.com", "reconciler kind": "OracleRestDataService", "name": "ordsmg", "namespace": "default", "FindPods": "default/ordsmg", "Name :": "sidb-db-r7dm4"}
2023-03-16T17:44:23Z INFO controller.oraclerestdataservice sidb-mongodb Pods Available ( Other Than Ready Pod ) {"reconciler group": "database.oracle.com", "reconciler kind": "OracleRestDataService", "name": "ordsmg", "namespace": "default", "FindPods": "default/ordsmg", " Names :": []}
2023-03-16T17:44:23Z INFO controller.oraclerestdataservice Total No Of sidb-mongodb PODS {"reconciler group": "database.oracle.com", "reconciler kind": "OracleRestDataService", "name": "ordsmg", "namespace": "default", "FindPods": "default/ordsmg", "Count": 1}
2023-03-16T17:44:23Z DEBUG events Normal {"object": {"kind":"OracleRestDataService","namespace":"default","name":"ordsmg","uid":"128a8010-4434-451b-a27f-a22b2975a5f2","apiVersion":"database.oracle.com/v1alpha1","resourceVersion":"60095605"}, "reason": "Database Check", "message": "status of database sidb-db is ready"}
2023-03-16T17:44:23Z INFO controllers.OracleRestDataService Reconcile queued

Logs where cycling in the reconcile queue.

Operator version : 0.2.1
Database Version : 21.3
ORDS version : 21.21.4.2-gh

Error from server (InternalError): error when creating "oracle-database-operator.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded

I use the process from here: https://ronekins.com/2021/11/11/getting-started-with-the-oracle-database-kubernetes-operator-part-1/ or here: https://github.com/oracle/oracle-database-operator

  1. Verify install of Cert-Manager

# kubectl get pods --namespace cert-manager

NAME READY STATUS RESTARTS AGE
cert-manager-5f68c9c6dd-9h49r 1/1 Running 0 66s
cert-manager-cainjector-57d6fc9f7d-58fjn 1/1 Running 0 66s
cert-manager-webhook-5b7ffbdc98-gx72v 1/1 Running 0 66s

  1. Install the operator from github

# kubectl apply -f https://raw.githubusercontent.com/oracle/oracle-database-operator/main/oracle-database-operator.yaml

namespace/oracle-database-operator-system created
customresourcedefinition.apiextensions.k8s.io/autonomouscontainerdatabases.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/autonomousdatabasebackups.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/autonomousdatabaserestores.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/autonomousdatabases.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/cdbs.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/dataguardbrokers.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/dbcssystems.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/oraclerestdataservices.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/pdbs.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/shardingdatabases.database.oracle.com created
customresourcedefinition.apiextensions.k8s.io/singleinstancedatabases.database.oracle.com created
role.rbac.authorization.k8s.io/oracle-database-operator-leader-election-role created
clusterrole.rbac.authorization.k8s.io/oracle-database-operator-manager-role created
clusterrole.rbac.authorization.k8s.io/oracle-database-operator-metrics-reader created
clusterrole.rbac.authorization.k8s.io/oracle-database-operator-oracle-database-operator-proxy-role created
rolebinding.rbac.authorization.k8s.io/oracle-database-operator-oracle-database-operator-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/oracle-database-operator-oracle-database-operator-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/oracle-database-operator-oracle-database-operator-proxy-rolebinding created
service/oracle-database-operator-controller-manager-metrics-service created
service/oracle-database-operator-webhook-service created
mutatingwebhookconfiguration.admissionregistration.k8s.io/oracle-database-operator-mutating-webhook-configuration created
validatingwebhookconfiguration.admissionregistration.k8s.io/oracle-database-operator-validating-webhook-configuration created
deployment.apps/oracle-database-operator-controller-manager created
Error from server (InternalError): error when creating "https://raw.githubusercontent.com/oracle/oracle-database-operator/main/oracle-database-operator.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded
Error from server (InternalError): error when creating "https://raw.githubusercontent.com/oracle/oracle-database-operator/main/oracle-database-operator.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": context deadline exceeded

  1. Checking the dns is running (coredns and flannel)

kubectl get pods -n kube-system

NAME READY STATUS RESTARTS AGE
coredns-dcb45f57-hzqbn 1/1 Running 5 10d
coredns-dcb45f57-ndxqh 1/1 Running 5 10d
etcd-verrazzano-api-2 1/1 Running 5 10d
kube-apiserver-verrazzano-api-2 1/1 Running 5 10d
kube-controller-manager-verrazzano-api-2 1/1 Running 5 10d
kube-flannel-ds-dqcqk 1/1 Running 5 10d
kube-flannel-ds-mc7vz 1/1 Running 6 10d
kube-flannel-ds-xl4q6 1/1 Running 7 10d
kube-proxy-2ff8c 1/1 Running 5 10d
kube-proxy-9fjvm 1/1 Running 5 10d
kube-proxy-m6qrj 1/1 Running 5 10d
kube-scheduler-verrazzano-api-2 1/1 Running 5 10d

  1. Firewall is stopped for this install

# systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2024-01-17 07:19:10 GMT; 8s ago
Docs: man:firewalld(1)
Process: 1474 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 1474 (code=exited, status=0/SUCCESS)

Jan 17 06:41:16 verrazzano-api-2 systemd[1]: Starting firewalld - dynamic firewall daemon...
Jan 17 06:41:16 verrazzano-api-2 systemd[1]: Started firewalld - dynamic firewall daemon.
Jan 17 06:41:16 verrazzano-api-2 firewalld[1474]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release>
Jan 17 07:19:10 verrazzano-api-2 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jan 17 07:19:10 verrazzano-api-2 systemd[1]: firewalld.service: Succeeded.
Jan 17 07:19:10 verrazzano-api-2 systemd[1]: Stopped firewalld - dynamic firewall daemon.

  1. egress and ingress rules

Egress: 0.0.0.0/0 TCP All All
Ingress: 10.0.2.0/24 TCP All All

What to check and install the operator?

panic: runtime error: invalid memory address or nil pointer dereference

oracle-database-operator keeps CrashLoopBackOff for a SingleInstanceDatabase runtime.

Stack Trace:

21.3.0.0.0
{"reconciler group": "database.oracle.com", "reconciler kind": "SingleInstanceDatabase", "name": "maximodb", "namespace": "oracle-database-operator", "GetDatabaseVersion": "oracle-database-operator/maximodb"}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1a1639e]
goroutine 1630 [running]:
github.com/oracle/oracle-database-operator/controllers/database.(*SingleInstanceDatabaseReconciler).deleteWallet(0xc000665180, 0x3, {0x224ee98, 0xc0033667b0}, {{{0xc0002b4618, 0xe}, {0xc000383678, 0x0}}})
/workspace/controllers/database/singleinstancedatabase_controller.go:1665 +0xde
github.com/oracle/oracle-database-operator/controllers/database.(*SingleInstanceDatabaseReconciler).Reconcile(0xc000665180, {0x224ee98, 0xc0033667b0}, {{{0xc0002b4618, 0x1e6bac0}, {0xc000383678, 0x30}}})
/workspace/controllers/database/singleinstancedatabase_controller.go:188 +0x877
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0xc000648420, {0x224ee98, 0xc003366720}, {{{0xc0002b4618, 0x1e6bac0}, {0xc000383678, 0x413c14}}})
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114 +0x26f
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc000648420, {0x224edf0, 0xc000a1df80}, {0x1d15660, 0xc000662960})
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311 +0x33e
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc000648420, {0x224edf0, 0xc000a1df80})
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266 +0x205
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2()
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227 +0x85
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2

missing helm chart

There should be some helm chart added to automate deployment of operator

Creating Single Instance Database Clone fails

Creating Single Instance Database Clone fails with the following error:

[2023:12:05 08:44:20]: Acquiring lock .ORAW.create_lck with heartbeat 30 secs
[2023:12:05 08:44:20]: Lock acquired
[2023:12:05 08:44:20]: Starting heartbeat
[2023:12:05 08:44:20]: Lock held .ORAW.create_lck
ORACLE EDITION: ENTERPRISE
[WARNING] [DBT-11217] Unable to check available shared memory on specified node(s) ([10]).
Prepare for db operation
[FATAL] [DBT-06006] Unable to create directory: (/opt/oracle/oradata/ORAW).
   CAUSE: Proper permissions are not granted to create the directory or there is no space left in the volume.
[ 2023-12-05 08:44:32.566 UTC ] [WARNING] [DBT-11217] Unable to check available shared memory on specified node(s) ([10]).
[ 2023-12-05 08:46:43.404 UTC ] Prepare for db operation
[ 2023-12-05 08:46:43.473 UTC ] [FATAL] [DBT-06006] Unable to create directory: (/opt/oracle/oradata/ORAW).

LSNRCTL for Linux: Version 21.0.0.0.0 - Production on 05-DEC-2023 08:46:43

Copyright (c) 1991, 2021, Oracle.  All rights reserved.

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
TNS-12541: TNS:no listener
 TNS-12560: TNS:protocol adapter error
  TNS-00511: No listener
   Linux Error: 111: Connection refused

Configuration file used was based on https://github.com/oracle/oracle-database-operator/blob/main/config/samples/sidb/singleinstancedatabase_clone.yaml, just updated name, namespace, sid and cloneFrom.

Before attempting to create the clone I had one Primary and two Physical standby instances running without issues:

kubectl -n oracle-database get singleinstancedatabase
NAME      EDITION      STATUS    ROLE               VERSION      CONNECT STR             TCPS CONNECT STR   OEM EXPRESS URL
szczyrk   Enterprise   Healthy   PHYSICAL_STANDBY   21.3.0.0.0   10.1.2.46:32533/ORAS    Unavailable        https://10.1.2.46:32428/em
ustron    Enterprise   Healthy   PHYSICAL_STANDBY   21.3.0.0.0   10.1.2.46:31519/ORAU    Unavailable        https://10.1.2.46:31105/em
zywiec    Enterprise   Healthy   PRIMARY            21.3.0.0.0   10.1.2.46:31761/ORAZ    Unavailable        https://10.1.2.46:30398/em

After executing kubectl apply on singleinstancedatabase_clone:

kubectl -n oracle-database get singleinstancedatabase
NAME      EDITION      STATUS     ROLE               VERSION       CONNECT STR             TCPS CONNECT STR   OEM EXPRESS URL
szczyrk   Enterprise   Healthy    PHYSICAL_STANDBY   21.3.0.0.0    10.1.2.46:32407/ORAS    Unavailable        https://10.1.2.46:31656/em
ustron    Enterprise   Healthy    PHYSICAL_STANDBY   21.3.0.0.0    10.1.2.46:32678/ORAU    Unavailable        https://10.1.2.46:31596/em
wisla     Enterprise   Creating   Unavailable        Unavailable   10.1.3.159:32557/ORAW   Unavailable        Unavailable
zywiec    Enterprise   Healthy    PRIMARY            21.3.0.0.0    10.1.1.7:32193/ORAZ     Unavailable        https://10.1.1.7:31245/em

kubectl -n oracle-database get pods
NAME            READY   STATUS             RESTARTS      AGE
szczyrk-wx4zj   1/1     Running            0             161m
ustron-9ifi2    1/1     Running            0             154m
wisla-mtqfs     0/1     CrashLoopBackOff   21 (4m ago)   139m
zywiec-vlf14    1/1     Running            0             3h17m

kubectl -n oracle-database get pvc
NAME      STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
szczyrk   Bound    pvc-ce59ebf8-11b3-4b90-8493-3a9bcd1a8d06   10Gi       RWO            gp2            27m
ustron    Bound    pvc-55696dbb-714a-4c20-8bbb-8ba85314cf8a   10Gi       RWO            gp2            20m
wisla     Bound    pvc-283d044d-74f4-4289-b3b7-4cd769e35bfa   10Gi       RWO            gp2            5m13s
zywiec    Bound    pvc-3f4b83cb-d861-4963-8bae-5d7badf1eca6   10Gi       RWO            gp2            63m

Environment:

  • AWS EKS 1.25
  • StorageClass gp2, provisioner kubernetes.io/aws-ebs
  • oracle-database-operator 1.0.0

Kube Oracle Operator

We need below feature enhancements on Oracle Operator Side.

  1. TCPS support.
  2. Operator DR support. (Currently it’s only supported single Kube cluster)
  3. OEM agent Sidcar rather than OEM Express. If OEM agent supported, We can add endpoint on our existing OEM setup .
  4. Standby DB (HA Support)
  5. Production Support ETA for Operator.

ORD Pod Crash looping

I tried to create a CDB using the cdb.yaml provided however its status is stuck as "ValidatingPods' and the Message is 'Waiting for ORDS Pod(s) to be ready'. The logs from the cdb-dev-ords pod are :
`cp: cannot create regular file '/opt/oracle/ords/params/ords_params.properties': No such file or directory
sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory
sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory
sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory
sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory
sed: can't read /opt/oracle/ords/params/ords_params.properties: No such file or directory
Warning: Support for executing: java -jar ords.war has been deprecated.
Please add ords to your PATH and use the ords command instead.
Run the following command to add ords to your PATH:

echo -e 'export PATH="$PATH:/opt/oracle/ords/bin"' >> ~/.bash_profile

Start a new shell to pick up this change.

ORDS: Release 22.2 Production on Thu Sep 08 19:43:10 2022

Copyright (c) 2010, 2022, Oracle.

Configuration:
/home/oracle/

Unknown command: ords install [simple]

Use ords install --help to review the help for this command
spawn java -jar /opt/oracle/ords/ords.war user sql_admin SQL Administrator
Warning: Support for executing: java -jar ords.war has been deprecated.
Please add ords to your PATH and use the ords command instead.
Run the following command to add ords to your PATH:

echo -e 'export PATH="$PATH:/opt/oracle/ords/bin"' >> ~/.bash_profile

Start a new shell to pick up this change.

ORDS: Release 22.2 Production on Thu Sep 08 19:43:12 2022

Copyright (c) 2010, 2022, Oracle.

`

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.