RH-SSO with Oracle Back-end Database

Why this article ?

Working with RH-SSO is multiple customers sites raised a very interesting question. “can we deploy RH-SSO on OpenShift with an external DB?”
It took a while but finally the answer to this question is “YES”. from version 7.3 we can create update the current set of files which RH-SSO uses in order to direct it to a different DATABASE

Connect with Environment variables ?

Yes , we can update the connection string so it will expect the connection credentials from the environment variables.

Where to start ?

Create a new project that will store our rh-sso application

# oc new-project rh-sso

Deploy the rh-sso from the Openshift template :

# oc new-app --template=sso75-x509-postgresql-persistent \
--param=SSO_ADMIN_USERNAME=admin \
--param=SSO_ADMIN_PASSWORD="<your password>"

Now let’s delete the postgreSQL database :

# oc delete dc/sso-postgresql
# mkdir rh-sso-oracle && cd rh-sso-oracle
# mkdir extensions

Now we need to create our Jdbc extension for Oracle database with environment variables.
We will create the following file in the directory structure :

.
├── Containerfile
└── extensions
├── actions.cli
├── ojdbc7.jar
└── postconfigure.sh
  1. Download the required JDBC driver for your version of Oracle.
  2. Important: Make sure the file name is “ojdbc7.jar”

Configuration files

First we will create the postconfigure.sh file which is a very simple SHELL command that will be run by the rh-sso in order to connect to the DB :

# cat > extensions/postconfigure.sh << EOF
$JBOSS_HOME/bin/jboss-cli.sh — file=/opt/eap/extensions/actions.cli
EOF

Next our actions.cli is a simple connection string for ojdbc. We will setup so it will look for environment variables that we are going to provide from the deployment config :

with your favorite editor create the file “extensions/actions.cli” and paste the following content :

## admin cli commands to edit the configuration
embed-server --std-out=echo --server-config=standalone-openshift.xml
batch
module add --name=com.oracle --resources=/extensions/ojdbc7.jar dependencies=javax.api,javax.resource.api
/subsystem=datasources/jdbc-driver=oracle:add
(driver name=oracle,driver-module-name=com.oracle,driver-xa-datasource class-name=oracle.jdbc.xa.client.OracleXADataSource)
/subsystem=datasources/data-source=KeycloakDS:remove()
/subsystem=datasources/data-source=KeycloakDS:add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,connection-url=”jdbc\:
oracle\:thin\:@(DESCRIPTION\=(LOAD_BALANCE\=on)(ADDRESS\=(PROTOCOL\=TCP)(HOST\=${env.ORACLE_SERVICE_HOST})(PORT\=1521))(ADDRESS\=(PROTOCOL\=TCP)(HOST\=
${env.ORACLE_SERVICE_HOST})(PORT\=1521))(CONNECT_DATA\=(SERVICE_NAME\=${env.ORACLE_SERVICE_NAME})))”,driver-name=oracle,user-name=${env.ORACLE_USERNAME
},password=${env.ORACLE_PASSWORD})
run-batch
quit

The Key environment variable are :

  • ORACLE_SERVICE_HOST
  • ORACLE_SERVICE_NAME
  • ORACLE_USERNAME
  • ORACLE_PASSWORD
  • DB_VENDOR

Next we will create a Containerfile that will compile everything together to a single image :

# cat > Containerfile << EOF
FROM registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:latest
COPY extensions/ojdbc7.jar /opt/eap/extensions/
COPY extensions/postconfigure.sh /opt/eap/extensions/
COPY extensions/actions.cli /opt/eap/extensions/
USER root
RUN chmod 774 /opt/eap/extensions/*.sh
USER jboss
CMD [“/opt/eap/bin/openshift-launch.sh”]
EOF

To build the image we are going to use buildah and push it to our internal registry :

First login to registry.redhat.io with your credentials :

#podman login registry.redhat.io

Now build the image :

# buildah bud -f Containerfile -t <internal registry>/rh-sso/rh-sso-oracle# buildah push <internal registry>/rh-sso/rh-sso-oracle

For our final step we need to update the deploymentConfig with the environment variables and our new image. more so any reference to postgreSQL should be removed.

# oc edit deploymentconfig.apps.openshift.io/sso
spec:

template:

spec:
containers:
- image: <internal registry>/rh-sso/rh-sso-oracle:latest
env:
- name: DB_VENDOR
value: ORACLE
- name: ORACLE_SERVICE_HOST
value: < oracle hostname>
- name: ORACLE_SERVICE_NAME
value: < oracle SID>
- name: ORACLE_USERNAME
value: < oracle username >
- name: ORACLE_PASSWORD
value: < oracle password >

Save and close the deploymentConfig editing mode and Now wait for the rh-sso to start successfully with a connection to the Oracle database.

--

--

--

Open Source contributer for the past 15 years

Love podcasts or audiobooks? Learn on the go with our new app.

VPC Sharing rather than another VPN tunnel

Bashing yourself with Pipes

100 Days of DevOps — Day 72-Introduction to Kubernetes

Event Pair Sum (EVENPSUM)Solution — Codechef December Long Challenge

My Terminal Setup: iTerm2 + ZSH + Powerlevel10k

K8s PVC & Secret

“Anita Jacket”: Designing an Alexa Skill to determine if you need a jacket

Ask Women in Product: What’s the best way to break down a large scope of work?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Oren Oichman

Oren Oichman

Open Source contributer for the past 15 years

More from Medium

Deploying MySQL on Kubernetes

Keeping Secrets hidden on public github repository during deployment to Kubernetes cluster

Labels in Kubernetes

Istio Security part 2 — Authorization