RH-SSO with Oracle Back-end Database
Why this article ?
Working with RH-SSO is multiple customers sites raised a very interesting question. “can we deploy RH-SSO on OpenShift with an external DB?”
It took a while but finally the answer to this question is “YES”. from version 7.3 we can create update the current set of files which RH-SSO uses in order to direct it to a different DATABASE
Connect with Environment variables ?
Yes , we can update the connection string so it will expect the connection credentials from the environment variables.
Where to start ?
Create a new project that will store our rh-sso application
# oc new-project rh-sso
Deploy the rh-sso from the Openshift template :
# oc new-app --template=sso75-x509-postgresql-persistent \
--param=SSO_ADMIN_USERNAME=admin \
--param=SSO_ADMIN_PASSWORD="<your password>"
Now let’s delete the postgreSQL database :
# oc delete dc/sso-postgresql
Create the directories :
# mkdir rh-sso-oracle && cd rh-sso-oracle
# mkdir extensions
Now we need to create our Jdbc extension for Oracle database with environment variables.
We will create the following file in the directory structure :
.
├── Containerfile
└── extensions
├── actions.cli
├── ojdbc7.jar
└── postconfigure.sh
Download Oracle JDBC driver
- Download the required JDBC driver for your version of Oracle.
- Important: Make sure the file name is “ojdbc7.jar”
Configuration files
First we will create the postconfigure.sh file which is a very simple SHELL command that will be run by the rh-sso in order to connect to the DB :
# cat > extensions/postconfigure.sh << EOF
$JBOSS_HOME/bin/jboss-cli.sh — file=/opt/eap/extensions/actions.cli
EOF
Next our actions.cli is a simple connection string for ojdbc. We will setup so it will look for environment variables that we are going to provide from the deployment config :
with your favorite editor create the file “extensions/actions.cli” and paste the following content :
## admin cli commands to edit the configuration
embed-server --std-out=echo --server-config=standalone-openshift.xml
batch
module add --name=com.oracle --resources=/extensions/ojdbc7.jar dependencies=javax.api,javax.resource.api
/subsystem=datasources/jdbc-driver=oracle:add
(driver name=oracle,driver-module-name=com.oracle,driver-xa-datasource class-name=oracle.jdbc.xa.client.OracleXADataSource)
/subsystem=datasources/data-source=KeycloakDS:remove()
/subsystem=datasources/data-source=KeycloakDS:add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,connection-url=”jdbc\:
oracle\:thin\:@(DESCRIPTION\=(LOAD_BALANCE\=on)(ADDRESS\=(PROTOCOL\=TCP)(HOST\=${env.ORACLE_SERVICE_HOST})(PORT\=1521))(ADDRESS\=(PROTOCOL\=TCP)(HOST\=
${env.ORACLE_SERVICE_HOST})(PORT\=1521))(CONNECT_DATA\=(SERVICE_NAME\=${env.ORACLE_SERVICE_NAME})))”,driver-name=oracle,user-name=${env.ORACLE_USERNAME
},password=${env.ORACLE_PASSWORD})
run-batch
quit
The Key environment variable are :
- ORACLE_SERVICE_HOST
- ORACLE_SERVICE_NAME
- ORACLE_USERNAME
- ORACLE_PASSWORD
- DB_VENDOR
Next we will create a Containerfile that will compile everything together to a single image :
# cat > Containerfile << EOF
FROM registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:latestCOPY extensions/ojdbc7.jar /opt/eap/extensions/
COPY extensions/postconfigure.sh /opt/eap/extensions/
COPY extensions/actions.cli /opt/eap/extensions/
USER root
RUN chmod 774 /opt/eap/extensions/*.sh
USER jboss
CMD [“/opt/eap/bin/openshift-launch.sh”]
EOF
Build the Image
To build the image we are going to use buildah and push it to our internal registry :
First login to registry.redhat.io with your credentials :
#podman login registry.redhat.io
Now build the image :
# buildah bud -f Containerfile -t <internal registry>/rh-sso/rh-sso-oracle# buildah push <internal registry>/rh-sso/rh-sso-oracle
Edit the DeploymentConfig
For our final step we need to update the deploymentConfig with the environment variables and our new image. more so any reference to postgreSQL should be removed.
# oc edit deploymentconfig.apps.openshift.io/sso
spec:
…
template:
…
spec:
containers:
- image: <internal registry>/rh-sso/rh-sso-oracle:latest
env:
- name: DB_VENDOR
value: ORACLE
- name: ORACLE_SERVICE_HOST
value: < oracle hostname>
- name: ORACLE_SERVICE_NAME
value: < oracle SID>
- name: ORACLE_USERNAME
value: < oracle username >
- name: ORACLE_PASSWORD
value: < oracle password >
Save and close the deploymentConfig editing mode and Now wait for the rh-sso to start successfully with a connection to the Oracle database.