Synchronize changes from internal repo for 19.3.0.3.4 release (#52)

Release 19.3.0.3.4

Author: anilarora

CHANGELOG.md

@@ -6,6 +6,53 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [19.3.0.3.4]
+
+### Added
+- Integration with Oracle Notification Service topic for Essbase lifecycle events.
+- Integration with Oracle Monitoring Service for Essbase process and volume metrics collection.
+- Support for private load balancer configuration for internal access.
+- Support monitoring script to publish metrics to OCI Monitoring service for operational support.
+- Added temp volume (default 64Gb) to store temporary runtime data. This does not participate in backup/restore lifecycle events.
+  - Crash dump location updated to store under the temp volume.
+
+### Changed
+- Essbase stack configuration is started in the background using cloud-init.
+  - Allows the remove of the SSH key pair used for provisioning.
+  - Allows for bastion host to be an optional component.
+- Reorganized the layout of the guided UI.
+- Updated ssh public key input type to utilize the native control.
+- Reduced default size of config volume to 64Gb.
+- Support minimum size for the data volume at 256Gb.
+- Support for changing the Essbase compute instance shape.
+- Update bastion subscription to handle terms and conditions properly.
+- Rename variable `mp_listing_id` to `essbase_listing_id`.
+- Rename variable `mp_listing_resource_version` to `essbase_listing_resource_version`.
+- Rename variable `mp_listing_resource_id` to `essbase_listing_resource_id`.
+- Rename variable `service_name` to `stack_display_name` to reflect its role.
+- Rename variable `idcs_client_tenant` to `idcs_tenant`.
+- Rename variable `ssh_public_key` to `ssh_authorized_keys`.
+- Support selection of availability domain for bastion host.
+- Support specifying instance hostname prefix and network dns label to help with disaster-recovery use cases.
+- Experimental: Support for flex compute shapes.
+- Experimental: Support for disabling internal httpd proxy.
+
+### Image Details
+- [Oracle-Linux-7.8-2020.07.28-0](https://docs.cloud.oracle.com/en-us/iaas/images/image/229363c7-b01f-4b71-8c19-0661df7e16b5/)
+- Oracle Fusion Middleware 12.2.1.3.0 GA
+- Oracle Essbase 19.3.0.0.0 GA
+- Oracle JDK 8 update 261 Server JRE
+- Applied patches:
+  - 28186730 - OPatch 13.9.4.2.4 for FMW/WLS 12.2.1.3.0 and 12.2.1.4.0
+  - 30965714 - WebLogic Patch Set Update 12.2.1.3.200227
+  - 31470751 - Coherence 12.2.1.3.10 Cumulative Patch using OPatch
+  - 31532341 - ADF Bundle Patch 12.2.1.3.200623
+  - 30146350 - OPSS Bundle Patch 12.2.1.3.191015
+  - 29650702 - FMW Platform 12.2.1.3.0 SPU April 2019
+  - 20623024 - RCU Patch
+  - 29840258 - RCU Patch for invalid FMWREGISTRY password
+  - 30977621 - Essbase 19.3.0.3.4 Cumulative Bundle Patch
+
 ## [19.3.0.2.3-1]
 
 ### Changed
@@ -18,10 +65,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Use pre-built OCI image for bastion instances. This image is prebuilt with the configuration changes that were previously applied during the provisioning process.
 - Revert change for whitelisting VCN for provisioned Autonomous Database. This resolves some intermittent issues that were seen preventing the compute node from properly access the database during provisioning.
 
-### Noteworthy Image Changes
-- Update base image to [Oracle-Linux-7.7-2020.02.21-0](https://docs.cloud.oracle.com/en-us/iaas/images/image/957e74db-0375-4918-b897-a8ce93753ad9/).
-- Apply Essbase Cumulative Bundle Patch (30464311).
-- Added security-util.sh script to register users with Essbase roles.
+### Image Details
+- [Oracle-Linux-7.7-2020.02.21-0](https://docs.cloud.oracle.com/en-us/iaas/images/image/957e74db-0375-4918-b897-a8ce93753ad9/)
+- Oracle Fusion Middleware 12.2.1.3.0 GA
+- Oracle Essbase 19.3.0.0.0 GA
+- Oracle JDK 8 update 241 Server JRE
+- Applied Patches:
+  - 28186730
+  - 30675853 - WebLogic Patch Set Update January 2020
+  - 30146350 - OPSS Bundle Patch October 2019
+  - 30464311 - Essbase Cumulative Bundle Patch
+  - 29840258 - RCU Patch for invalid FMWREGISTRY password
 
 ## [19.3.0.0.2]
 
@@ -43,11 +97,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Rename variable `create_private_subnet` to `create_private_application_subnet`
 - Rename variable `assign_public_ip` to `assign_instance_public_ip`
 
-### Noteworthy Image Changes
-- Update base image to [Oracle-Linux-7.7-2020.01.28-0](https://docs.cloud.oracle.com/en-us/iaas/images/image/0a72692a-bdbb-46fc-b17b-6e0a3fedeb23/).
-- Update JDK to Oracle Java 8u241 - Server JRE.
-- Apply WebLogic Patch Set Update January 2020 (30675853).
-- Apply OPSS Patch Bundle October 2019 (30146350).
+### Image Details
+- [Oracle-Linux-7.7-2020.01.28-0](https://docs.cloud.oracle.com/en-us/iaas/images/image/0a72692a-bdbb-46fc-b17b-6e0a3fedeb23/)
+- Oracle Fusion Middleware 12.2.1.3.0 GA
+- Oracle Essbase 19.3.0.0.0 GA
+- Applied Patches
+  - 28186730
+  - 30675853 - WebLogic Patch Set Update January 2020
+  - 30146350 - OPSS Bundle Patch October 2019
+  - 29840258 - RCU Patch for invalid FMWREGISTRY password
 
 ## [19.3.0.0.1]
 ### Added
@@ -62,3 +120,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fix Use HTTPS selection to show up when Provision Load Balancer is selected.
 - Support Use Existing Database without requiring using an existing network.
 
+### Image Details
+- Oracle Fusion Middleware 12.2.1.3.0 GA
+- Oracle Essbase 19.3.0.0.0 GA
+- Applied Patches
+  - 28186730
+  - 29814665 - WebLogic Patch Set Update July 2019
+  - 29680122 - OPSS Bundle Patch July 2019
+  - 29135930 - XML Stream Patch
+  - 29840258 - RCU Patch for invalid FMWREGISTRY password
+
+## [19.3.0.0.0]
+
+### Image Details
+- Oracle Fusion Middleware 12.2.1.3.0 GA
+- Oracle Essbase 19.3.0.0.0 GA
+- Applied Patches
+  - 28186730
+  - 29814665 - WebLogic Patch Set Update July 2019
+  - 29680122 - OPSS Bundle Patch July 2019
+

README.md

@@ -23,7 +23,7 @@ The above digram shows the default topology supported by the terraform scripts.
 
 ![Full Topology Diagram](./images/image-full_topology.png)
 
-The above digram shows the full topology supported by the terraform scripts.  In this scenario, the application subnet is private. To access the Essbase user interface, an OCI load balancer is provisioned in another public regional subnet.  A bastion host is also provisioned to support connectivity from the Resource Manager.
+The above digram shows the full topology supported by the terraform scripts.  In this scenario, the application subnet is private. To access the Essbase user interface, an OCI load balancer is provisioned in either public or private regional subnet.  A bastion host (optional) is provisioned to allow access through a public ip address.
 
 ## Before You Begin with Oracle Essbase
 

VARIABLES.md

@@ -20,78 +20,83 @@
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
 | compartment_ocid | Y | | The target compartment OCID in which all provisioned resources will be created. |
-| service_name | N | | Display name prefix for all generated resources. If not specified, this will be automatically generated. |
+| stack_display_name | N | | Display name prefix for all generated resources. If not specified, this will be automatically generated. |
 
-## KMS Variables 
+## Vault Variables
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
 | kms_key_id | Y | | The OCID for the encryption key used for the provided credentials. |
-| kms_crypto_endpoint | Y | | The crypto endpoint for the KMS vault. |
+| kms_crypto_endpoint | Y | | The crypto endpoint for the vault. |
+
+## Notification Details
+| Name | Required | Default | Description |
+| ---- | -------- | ------- | ----------- |
+| notification_topic_id | N | | The target notification topic OCID to send events. |
 
 ## Network Details
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
 | use_existing_vcn | N | false | Select this option to support deployment of Essbase components into an existing virtual cloud network (VCN). |
-| existing_vcn_compartment_id | if `use_existing_vcn=true` | | The OCID the compartment containing the target VCN. |
 | existing_vcn_id | if `use_existing_vcn=true` | | An existing VCN in which to create the compute resources. |
-| existing_application_subnet_compartment_id | if `use_existing_vcn=true` | | The compartment containing the target application subnet. |
 | existing_application_subnet_id | if `use_existing_vcn=true` | | An existing subnet for the target Essbase instance. |
-| existing_bastion_subnet_compartment_id | if `use_existing_vcn=true` | | The compartment containing the target bastion subnet. |
 | existing_bastion_subnet_id | if `use_existing_vcn=true` | | An existing subnet for creating the bastion host |
-| existing_load_balancer_subnet_compartment_id | Y, if `use_existing_vcn=true` | | The compartment containing the target load balancer subnets. |
 | existing_load_balancer_subnet_id | if `use_existing_vcn=true` | | An existing subnet to use for the load balancer. |
 | existing_load_balancer_subnet_id_2 | if `use_existing_vcn=true` | | An existing subnet to use for the second load balancer node. This field is required only if you are not using regional subnets. |
 | vcn_cidr | N | 10.0.0.0/16 | The CIDR to assign to the new virtual cloud network (VCN) to create for this service. |
+| vcn_dns_label | N | | The DNS label to assign to the VCN. If not provided, the value will be randomly generated. |
 | application_subnet_cidr | N | 10.0.1.0/24 | The CIDR to assign to the subnet for the target Essbase compute node. This will be created as a regional subnet. |
 | bastion_subnet_cidr | N | 10.0.3.0/24 | The CIDR to assign to the subnet for the bastion host. This will be created as a regional subnet. |
 | load_balancer_subnet_cidr | N | 10.0.4.0/24 | The CIDR to assign to the subnet for the load balancer.  This will be created as regional subnet. |
-| create_private_application_subnet | N | false | Create a private subnet for the Essbase node. A bastion host will be also created. |
 
 ## Load Balancer Details
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
 | create_load_balancer | N | false | Provision a load balancer in Oracle Cloud Infrastructure. The load balancer will be provisioned with a demo certificate. The use of demo certificate is not recommended for production workloads. |
+| create_public_load_balancer | N | true | Provision the load balancer with a public IP address. |
 | load_balancer_shape | N | 100Mbps | Select which load balancer shape. |
 
 ## Bastion Details
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
-| bastion_instance_shape | N | VM.Standard.E2.1 | The shape for the bastion compute instance. |
+| create_bastion | N | false | Create a bastion host. |
+| bastion_instance_shape | if `create_bastion=true` | VM.Standard.E2.1 | The shape for the bastion compute instance. |
+| bastion_availability_domain | if `create_bastion=true` | | The target availability domain for the bastion. |
 
 ## Essbase instance details
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
 | instance_shape | N | VM.Standard2.4 | The shape for the Essbase compute instance. |
 | instance_availability_domain | Y | | Availability domain in region |
-| ssh_public_key | Y | | Use the corresponding private key to access the Essbase compute instance. |
+| instance_hostname_label_prefix | N | | Prefix for the hostname label to which the compute instance will be assigned. If not provided, a randomly generated value will be used. |
+| ssh_authorized_keys | Y | | Use the corresponding private key to access the Essbase compute instance. |
 | data_volume_size | N | 1024 | Define the target size of the data volume, which stores the Essbase application data. |
-| config_volume_size | N | 512 | Define the target size of the configuration volume, which stored the Essbase system data, such as logs. |
+| config_volume_size | N | 64 | Define the target size of the configuration volume, which stored the Essbase system data, such as logs. |
+| temp_volume_size | N | 64 | Defined the target size of runtime temporary data. |
 | essbase_admin_username | N | admin | The name of the Essbase system administrator. |
-| essbase_admin_password_encrypted | Y | | The password for the Essbase system administrator, encrypted with the provided KMS key. Use a password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters (`$` `#` `_`). For example, `Ach1z0#d`. |
+| essbase_admin_password_encrypted | Y | | The password for the Essbase system administrator, encrypted with the provided vaule key. Use a password that starts with a letter, is between 8 and 30 characters long, contains at least one number, and, optionally, any number of the special characters (`$` `#` `_`). For example, `Ach1z0#d`. |
 | rcu_schema_prefix | N | | Schema prefix to use when running RCU. A value with be automatically generated if not specified. |
-| assign_instance_public_ip | N | true | If the subnet allows for a public ip address, assign one to the Essbase instance. |
+| create_public_essbase_instance | N | false | Create the Essbase compute instance with a public IP address. |
+| enable_essbase_monitoring | N | false | If enabled, the Essbase compute instance will emit telemetry data to the OCI Monitoring service. |
+| enable_embedded_proxy | N | true | Expiremental: If disabled, the Essbase compute instance will not enable an Apache http proxy for IDCS integration. |
 
 ## Security Details
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
 | security_mode | N | idcs | Choose embedded LDAP or integration with Identity Cloud Service (IDCS). The use of embedded LDAP is not recommended for production workloads. | 
-| idcs_client_tenant | if `security_mode=idcs` | | The ID of your Identity Cloud Service instance, which typically has the format idcs-<guid>, and is part of the host name that you use to access Identity Cloud Service. |
+| idcs_tenant | if `security_mode=idcs` | | The ID of your Identity Cloud Service instance, which typically has the format idcs-<guid>, and is part of the host name that you use to access Identity Cloud Service. |
 | idcs_client_id | if `security_mode=idcs` | | The client ID for the IDCS application. |
-| idcs_client_secret_encrypted | if `security_mode=idcs` | | The client secret for the IDCS application, encrypted with the provided KMS key. |
+| idcs_client_secret_encrypted | if `security_mode=idcs` | | The client secret for the IDCS application, encrypted with the provided vault key. |
 | idcs_external_admin_username | if `security_mode=idcs` | | A user id to be registered as an Essbase administrator. This user must exist in the provided Identity Cloud Service instance. |
 
 ## Database Details
 | Name | Required | Default | Description |
 | ---- | -------- | ------- | ----------- |
 | use_existing_db | N | false | Select this option to enable support of an existing database for the internal Essbase repository. |
 | existing_db_type | N | Autonomous Database |  Select which database you will use |
-| existing_db_compartment_id | N | | Target database compartment |
 | existing_db_id | N | | Target ATP database in which to create the Essbase schema. |
-| db_admin_password_encrypted | if `existing_db_type=Autonomous Database` | | The password for the database administrator, encrypted with the provided KMS key. Use a password that starts with a letter, is between 12 and 30 characters long, contains at least one number, and at least one of the special characters (`$` `#` `_`). For example, `BEstr0ng_#12`. |
+| db_admin_password_encrypted | if `existing_db_type=Autonomous Database` | | The password for the database administrator, encrypted with the provided vault key. Use a password that starts with a letter, is between 12 and 30 characters long, contains at least one number, and at least one of the special characters (`$` `#` `_`). For example, `BEstr0ng_#12`. |
 | db_license_model | N | LICENSE_INCLUDED | |
-| existing_oci_db_system_id | N | | Target database system in which to create the Essbase schema. |
-| existing_oci_db_system_dbhome_id | N | | The database home within the DB System |
 | existing_oci_db_system_database_id | N | | The database within the DB System in which to create the Essbase schema. |
 | existing_oci_db_system_database_pdb_name | N | | The name of the pdb in the target database. Required if not using the default pdb created during database provision. |
 | oci_db_admin_username | N | SYS | The username for the database administrator. |
-| oci_db_admin_password_encrypted | if `existing_db_type=OCI` | | The password for the database administrator, encrypted with the provided KMS key. Use a password that starts with a letter, is between 12 and 30 characters long, contains at least one number, and at least one of the special characters (`$` `#` `_`). For example, `BEstr0ng_#12`. |
+| oci_db_admin_password_encrypted | if `existing_db_type=OCI` | | The password for the database administrator, encrypted with the provided vault key. Use a password that starts with a letter, is between 12 and 30 characters long, contains at least one number, and at least one of the special characters (`$` `#` `_`). For example, `BEstr0ng_#12`. |

bastion-image/packer/build.pkr.hcl

@@ -1,5 +1,5 @@
 ## Copyright (c) 2020, Oracle and/or its affiliates.
-## Licensed under the Universal Permissive License v1.0 as shown at http://oss.oracle.com/licenses/upl.
+## Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 locals {
 

bastion-image/packer/scripts/setup.sh

@@ -1,7 +1,7 @@
 #!/bin/bash -e
 #
 # Copyright (c) 2019, 2020, Oracle and/or its affiliates.
-# Licensed under the Universal Permissive License v1.0 as shown at http://oss.oracle.com/licenses/upl.
+# Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 
 set +o history

images/image-default_topology.png

@@ -1,7 +1,7 @@
 ## Copyright (c) 2019, 2020, Oracle and/or its affiliates.
-## Licensed under the Universal Permissive License v1.0 as shown at http://oss.oracle.com/licenses/upl.
+## Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 # Listing details for the Essbase custom image for Bring Your Own License.
-mp_listing_id="ocid1.appcataloglisting.oc1..aaaaaaaaqyxur5zacfln6epkbm46sdu5whf6zepbm43b63rm44d5hnm2ft5a"
-mp_listing_resource_version="19.3.0.0.3-2004011557"
-mp_listing_resource_id="ocid1.image.oc1..aaaaaaaaxzey5mtlw7kdxhql2y3wlmnu6bt4jh5hy5y7rcajmdhrty5hvefa"
+essbase_listing_id="ocid1.appcataloglisting.oc1..aaaaaaaaqyxur5zacfln6epkbm46sdu5whf6zepbm43b63rm44d5hnm2ft5a"
+essbase_listing_resource_version="19.3.0.3.4-2008280915"
+essbase_listing_resource_id="ocid1.image.oc1..aaaaaaaakxp6ug736flztridneayd6jye7xpyr3che352475a6stmj7p7j2q"

images/image-full_topology.png

@@ -1,7 +1,7 @@
 ## Copyright (c) 2020, Oracle and/or its affiliates.
-## Licensed under the Universal Permissive License v1.0 as shown at http://oss.oracle.com/licenses/upl.
+## Licensed under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 # Listing details for the Essbase custom image for Universal Credits.
-mp_listing_id="ocid1.appcataloglisting.oc1..aaaaaaaanstxnoz6uttexhw5jfpqhu4gkwsp2ebmw4i2p7gkq65sr3e7z4gq"
-mp_listing_resource_version="19.3.0.0.3-2004011557"
-mp_listing_resource_id="ocid1.image.oc1..aaaaaaaal6buavzgpciviq6cxl5mvszi34azgsrsroezd2sn4ikcmv5tpopa"
+essbase_listing_id="ocid1.appcataloglisting.oc1..aaaaaaaanstxnoz6uttexhw5jfpqhu4gkwsp2ebmw4i2p7gkq65sr3e7z4gq"
+essbase_listing_resource_version="19.3.0.3.4-2008280915"
+essbase_listing_resource_id="ocid1.image.oc1..aaaaaaaactj6h7kr4q6z5lqjvjwlzgsy7ib4y6zajpbpmxzev3paierlkyla"