Release 21.1.0.0.1 (#56)

Merge the 21.1.0.0.1 release files from our internal repository.

Author: anilarora

.github/workflows/build-essbase-stack-release.yml

@@ -11,22 +11,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - name: Terraform Init
-      uses: hashicorp/terraform-github-actions@master
+    - uses: hashicorp/setup-terraform@v1
       with:
-        tf_actions_version: 0.12.17
-        tf_actions_subcommand: 'init'
-        tf_actions_working_dir: terraform
+        terraform_version: ~0.13.0
+    - name: Terraform Init
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      working-directory: ./terraform
+      run: terraform init
     - name: 'Terraform Validate'
-      uses: hashicorp/terraform-github-actions@master
-      with:
-        tf_actions_version: 0.12.17
-        tf_actions_subcommand: 'validate'
-        tf_actions_working_dir: terraform
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      working-directory: ./terraform
+      run: terraform validate -no-color
     - name: Build artifacts
       run: |
         /bin/bash -e build.sh

.github/workflows/build-essbase-stack.yml

@@ -14,22 +14,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - name: Terraform Init
-      uses: hashicorp/terraform-github-actions@master
+    - uses: hashicorp/setup-terraform@v1
       with:
-        tf_actions_version: 0.12.17
-        tf_actions_subcommand: 'init'
-        tf_actions_working_dir: terraform
+        terraform_version: ~0.13.0
+    - name: Terraform Init
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      working-directory: ./terraform
+      run: terraform init
     - name: 'Terraform Validate'
-      uses: hashicorp/terraform-github-actions@master
-      with:
-        tf_actions_version: 0.12.17
-        tf_actions_subcommand: 'validate'
-        tf_actions_working_dir: terraform
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      working-directory: ./terraform 
+      run: terraform validate -no-color
     - name: Build artifacts
       run: |
         /bin/bash -e build.sh

.gitignore

@@ -13,4 +13,4 @@ build
 
 # .tfvars files
 *.tfvars
-!essbase-byol.auto.tfvars
+!essbase.auto.tfvars*

CHANGELOG.md

@@ -4,7 +4,34 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [21.1.0.0.1]
+
+### Changed
+- Essbase 21.1 GA Release
+- Fusion Middleware 12.2.1.4.0
+- Migrate scripts to terraform 0.13 syntax.
+- Switch from encrypted keys to secrets in vault.
+- Support for flex compute shapes.
+- Support for existing Autonomous Databases configured with private endpoint.
+- Rename variable `security_mode` to `identity_provider`
+- Disable bastion creation when using an existing network.
+- Support selection of timezone for the compute instance.
+
+### Image Details
+- [Oracle-Linux-7.9-2021.01.12-0](https://docs.oracle.com/en-us/iaas/images/image/b6a7b057-03a8-4624-b08b-c12caa2c63a0/)
+- Oracle Fusion Middleware 12.2.1.4.0 GA
+- Oracle Essbase 21.1.0.0.0 GA
+- Oracle JDK 8 update 281 Server JRE
+- Applied patches:
+  - 28186730 - OPatch 13.9.4.2.5 for FMW/WLS 12.2.1.3.0 and 12.2.1.4.0
+  - 32253037 - WebLogic Patch Set Update 12.2.1.4.201209
+  - 31544353 - ADR for WebLogic Server 12.2.1.4.0 July CPU 2020
+  - 32124456 - Coherence 12.2.1.4.7 Cumulative Patch
+  - 31676526 - RCU Patches for ADB
+  - 30540494 - RCU Patches for ADB
+  - 30754186 - RCU Patches for ADB
+  - 31666198 - OPSS Bundle Patch 12.2.1.4.200724
+  - 32357288 - ADF Bundle Patch 12.2.1.4.210107
 
 ## [19.3.0.3.4]
 

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2019-2020 Oracle and/or its affiliates.  All rights reserved.
+Copyright (c) 2019-2021 Oracle and/or its affiliates.  All rights reserved.
 
 The Universal Permissive License (UPL), Version 1.0
 

README.md

@@ -8,13 +8,13 @@
 ![essbase-stack](https://github.com/oracle-quickstart/oci-essbase/workflows/essbase-stack/badge.svg)
 
 [![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)
-](https://console.us-phoenix-1.oraclecloud.com/resourcemanager/stacks/create?region=home&zipUrl=https://github.com/oracle-quickstart/oci-essbase/releases/download/v19.3.0.3.4/essbase-stack-v19.3.0.3.4-byol.zip)
+](https://console.us-phoenix-1.oraclecloud.com/resourcemanager/stacks/create?region=home&zipUrl=https://github.com/oracle-quickstart/oci-essbase/releases/download/v21.1.0.0.1/essbase-stack-v21.1.0.0.1-byol.zip)
 
 [Oracle Essbase][essbase] is a business analytics solution that uses a proven, flexible, best-in-class architecture for analysis, reporting, and collaboration. It delivers instant value and greater productivity for your business users, analysts, modelers, and decision-makers, across all lines of business within your organization. You can interact with Essbase, through a web or Microsoft Office interface, to analyze, model, collaborate, and report.
 
 This Quick Start automates the deployment of Oracle Essbase on [Oracle Cloud Infrastructure (OCI)][oci]. It can also deploy additional stack components required – Autonomous Database, Load Balancer, Storage, Virtual Cloud Network (VCN) as part of the deployment.
 
-For more details on deploying the Essbase stack on Oracle Cloud Infrastructure, please visit the [Administering Oracle Essbase](https://docs.oracle.com/en/database/other-databases/essbase/19.3/essad/index.html) guide.
+For more details on deploying the Essbase stack on Oracle Cloud Infrastructure, please visit the [Administering Oracle Essbase](https://docs.oracle.com/en/database/other-databases/essbase/21/essad/index.html) guide.
 
 ### Default Topology
 
@@ -30,11 +30,11 @@ The above digram shows the full topology supported by the terraform scripts.  In
 
 ## Before You Begin with Oracle Essbase
 
-Refer to the [documentation](https://docs.oracle.com/en/database/other-databases/essbase/19.3/essad/you-begin-oracle-essbase.html) for the pre-requisite steps to using Essbase on OCI.
+Refer to the [documentation](https://docs.oracle.com/en/database/other-databases/essbase/21/essad/you-begin-oracle-essbase.html) for the pre-requisite steps to using Essbase on OCI.
 
-### Encrypt Values using KMS
+### Create Secrets with OCI Vault
 
-Oracle Cloud Infrastructure [Key Management (KMS)][kms] enables you to manage sensitive information when creating a stack. You are required to use KMS to encrypt credentials during provisioning by creating a key. Passwords chosen for Essbase administrator and Database must meet their respective password requirements.
+Oracle Cloud Infrastructure [Vault][vault] enables you to manage sensitive information when creating a stack. You are required to store your credentials in the vault prior to provisioning the Essbase stack. Passwords chosen for Essbase administrator and Database must meet their respective password requirements.
 
 ### Create Dynamic Group
 
@@ -57,6 +57,7 @@ allow group group_name to manage buckets in compartment compartment_name
 allow group group_name to manage objects in compartment compartment_name
 allow group group_name to use vaults in compartment compartment_name
 allow group group_name to use keys in compartment compartment_name
+allow group group_name to use secrets in compartment compartment_name
 ```
 
 Some policies may be optional, depending on expected use. For example, if you're not using a load balancer, you don't need a policy that allows management of load balancers.
@@ -73,6 +74,7 @@ allow dynamic-group group_name to manage autonomous-backups in compartment compa
 allow dynamic-group group_name to read buckets in compartment compartment_name
 allow dynamic-group group_name to manage objects in compartment compartment_name
 allow dynamic-group group_name to use keys in compartment compartment_name
+allow dynamic-group group_name to use secrets in compartment compartment_name
 ```
 
 ## Using the Terraform command line tool
@@ -97,7 +99,7 @@ terraform init
 
 ### Configure
 
-Choose the Essbase image that corresponds to the desired [license](#License), by removing the `.disabled` extension on appropriate `essbase-<license>.auto.tfvars.disabled` file.  Set the remaining [variables](./VARIABLES.md) needed to drive the stack creation.  This can be done by creating the terraform.tfvars from the [template file](./terraform/terraform.tfvars.template), or using environment variables as described here.
+By default, the Essbase image selected is the BYOL [license](#License). To use the UCM [license](#License), replace the `essbase.auto.tfvars` file with `essbase.auto.tfvars.ucm`. Set the remaining [variables](./VARIABLES.md) needed to drive the stack creation.  This can be done by creating the terraform.tfvars from the [template file](./terraform/terraform.tfvars.template), or using environment variables as described here.
 
 Let's make sure the plan looks good:
 
@@ -149,7 +151,7 @@ allow group group_name to manage orm-jobs in compartment compartment_name
 
 ## Post-Deployment Tasks
 
-Refer to the [documentation](https://docs.oracle.com/en/database/other-databases/essbase/19.3/essad/complete-deployment-tasks.html) for a list of post-deployment tasks.
+Refer to the [documentation](https://docs.oracle.com/en/database/other-databases/essbase/21/essad/complete-deployment-tasks.html) for a list of post-deployment tasks.
 
 ## License
 
@@ -171,8 +173,8 @@ The Oracle Essbase product requires an on-premises purchased license and active
 
 If you have an issue or a question, please take a look at our [FAQs](./FAQs.md) or [open an issue](https://github.com/oracle-quickstart/oci-essbase/issues/new).
 
-[essbase]: https://docs.oracle.com/en/database/other-databases/essbase/19.3/index.html
+[essbase]: https://docs.oracle.com/en/database/other-databases/essbase/21/index.html
 [oci]: https://cloud.oracle.com/cloud-infrastructure
 [orm]: https://docs.cloud.oracle.com/iaas/Content/ResourceManager/Concepts/resourcemanager.htm
-[kms]: https://docs.cloud.oracle.com/iaas/Content/KeyManagement/Concepts/keyoverview.htm
+[vault]: https://docs.cloud.oracle.com/iaas/Content/KeyManagement/Concepts/keyoverview.htm
 [tf]: https://www.terraform.io

VARIABLES.md

@@ -22,12 +22,6 @@
 | compartment_ocid | Y | | The target compartment OCID in which all provisioned resources will be created. |
 | stack_display_name | N | | Display name prefix for all generated resources. If not specified, this will be automatically generated. |
 
-## Vault Variables
-| Name | Required | Default | Description |
-| ---- | -------- | ------- | ----------- |
-| kms_key_id | Y | | The OCID for the encryption key used for the provided credentials. |
-| kms_crypto_endpoint | Y | | The crypto endpoint for the vault. |
-
 ## Notification Details
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
@@ -73,7 +67,7 @@
 | config_volume_size | N | 64 | Define the target size of the configuration volume, which stored the Essbase system data, such as logs. |
 | temp_volume_size | N | 64 | Defined the target size of runtime temporary data. |
 | essbase_admin_username | N | admin | The name of the Essbase system administrator. |
-| essbase_admin_password_encrypted | Y | | The password for the Essbase system administrator, encrypted with the provided vaule key. Use a password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters (`$` `#` `_`). For example, `Ach1z0#d`. |
+| essbase_admin_password_id | Y | | The OCID for the vault secret that holds the password for the Essbase system administrator. Use a password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters (`$` `#` `_`). For example, `Ach1z0#d`. |
 | rcu_schema_prefix | N | | Schema prefix to use when running RCU. A value with be automatically generated if not specified. |
 | create_public_essbase_instance | N | false | Create the Essbase compute instance with a public IP address. |
 | enable_essbase_monitoring | N | false | If enabled, the Essbase compute instance will emit telemetry data to the OCI Monitoring service. |
@@ -82,21 +76,21 @@
 ## Security Details
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
-| security_mode | N | idcs | Choose embedded LDAP or integration with Identity Cloud Service (IDCS). The use of embedded LDAP is not recommended for production workloads. | 
-| idcs_tenant | if `security_mode=idcs` | | The ID of your Identity Cloud Service instance, which typically has the format idcs-<guid>, and is part of the host name that you use to access Identity Cloud Service. |
-| idcs_client_id | if `security_mode=idcs` | | The client ID for the IDCS application. |
-| idcs_client_secret_encrypted | if `security_mode=idcs` | | The client secret for the IDCS application, encrypted with the provided vault key. |
-| idcs_external_admin_username | if `security_mode=idcs` | | A user id to be registered as an Essbase administrator. This user must exist in the provided Identity Cloud Service instance. |
+| identity_provider | N | idcs | Choose embedded LDAP or integration with Identity Cloud Service (IDCS). The use of embedded LDAP is not recommended for production workloads. | 
+| idcs_tenant | if `identity_provider=idcs` | | The ID of your Identity Cloud Service instance, which typically has the format idcs-<guid>, and is part of the host name that you use to access Identity Cloud Service. |
+| idcs_client_id | if `identity_provider=idcs` | | The client ID for the IDCS application. |
+| idcs_client_secret_id | if `identity_provider=idcs` | | The OCID for the vault secret that holds the client secret for the IDCS application. |
+| idcs_external_admin_username | if `identity_provider=idcs` | | A user id to be registered as an Essbase administrator. This user must exist in the provided Identity Cloud Service instance. |
 
 ## Database Details
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
 | use_existing_db | N | false | Select this option to enable support of an existing database for the internal Essbase repository. |
 | existing_db_type | N | Autonomous Database |  Select which database you will use |
 | existing_db_id | N | | Target ATP database in which to create the Essbase schema. |
-| db_admin_password_encrypted | if `existing_db_type=Autonomous Database` | | The password for the database administrator, encrypted with the provided vault key. Use a password that starts with a letter, is between 12 and 30 characters long, contains at least one number, and at least one of the special characters (`$` `#` `_`). For example, `BEstr0ng_#12`. |
+| db_admin_password_id | if `existing_db_type=Autonomous Database` | | The OCID for the vault secret that holds the password for the database administrator. Use a password that starts with a letter, is between 12 and 30 characters long, contains at least one number, and at least one of the special characters (`$` `#` `_`). For example, `BEstr0ng_#12`. |
 | db_license_model | N | LICENSE_INCLUDED | |
 | existing_oci_db_system_database_id | N | | The database within the DB System in which to create the Essbase schema. |
 | existing_oci_db_system_database_pdb_name | N | | The name of the pdb in the target database. Required if not using the default pdb created during database provision. |
 | oci_db_admin_username | N | SYS | The username for the database administrator. |
-| oci_db_admin_password_encrypted | if `existing_db_type=OCI` | | The password for the database administrator, encrypted with the provided vault key. Use a password that starts with a letter, is between 12 and 30 characters long, contains at least one number, and at least one of the special characters (`$` `#` `_`). For example, `BEstr0ng_#12`. |
+| oci_db_admin_password_id | if `existing_db_type=OCI` | | The OCID for the vault secret that holds the password for the database administrator. Use a password that starts with a letter, is between 12 and 30 characters long, contains at least one number, and at least one of the special characters (`$` `#` `_`). For example, `BEstr0ng_#12`. |

build.sh

@@ -14,8 +14,7 @@ mkdir -p $folder
 cd $folder
 cp -R $SCRIPT_DIR/terraform/* .
 rm -rf .terraform
-rm -rf essbase-ucm*
-for file in *.disabled; do mv $file ${file//.disabled/}; done
+rm -rf *.ucm
 ls -la
 zip -r $SCRIPT_DIR/build/essbase-stack-byol.zip *
 cd $SCRIPT_DIR
@@ -28,8 +27,7 @@ mkdir -p $folder
 cd $folder
 cp -R $SCRIPT_DIR/terraform/* .
 rm -rf .terraform
-rm -rf essbase-byol*
-for file in *.disabled; do mv $file ${file//.disabled/}; done
+for file in *.ucm; do mv $file ${file//.ucm/}; done
 ls -la
 zip -r $SCRIPT_DIR/build/essbase-stack-ucm.zip *
 cd $SCRIPT_DIR

terraform/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2019, 2020 Oracle and/or its affiliates. 
+Copyright (c) 2019, 2021 Oracle and/or its affiliates. 
 
 The Universal Permissive License (UPL), Version 1.0
 

terraform/bastion.auto.tfvars

@@ -1,6 +1,6 @@
-## Copyright (c) 2020, Oracle and/or its affiliates.
+## Copyright (c) 2020, 2021, Oracle and/or its affiliates.
 ## Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
-bastion_listing_id="ocid1.appcataloglisting.oc1..aaaaaaaapijjaj2lugi5nfhs4nmgtsjpcvz6zppgt6ndhobbcwkttdbfefeq"
-bastion_listing_resource_version="19.3.0.3.4-2010151027"
-bastion_listing_resource_id="ocid1.image.oc1..aaaaaaaaxidkhbnhzf2mwwuw6wgswqibk4hkzhz3ccpoa47qs4ddu6a4tqxa"
+bastion_listing_id               = "ocid1.appcataloglisting.oc1..aaaaaaaapijjaj2lugi5nfhs4nmgtsjpcvz6zppgt6ndhobbcwkttdbfefeq"
+bastion_listing_resource_version = "19.3.0.3.4-2010151027"
+bastion_listing_resource_id      = "ocid1.image.oc1..aaaaaaaaxidkhbnhzf2mwwuw6wgswqibk4hkzhz3ccpoa47qs4ddu6a4tqxa"