From eb9f26526e2f4423b22a994b7085529bc30b046f Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Tue, 6 Aug 2024 16:14:50 +0530 Subject: [PATCH 01/15] fixed permission matching logic --- .../samples/scripts/agentAutoUpdate.sh | 1157 +++++++++++++++-- 1 file changed, 1083 insertions(+), 74 deletions(-) diff --git a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh index b5edf33999..add255950c 100755 --- a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh +++ b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh @@ -1,97 +1,1106 @@ #!/bin/sh # -# Copyright (c) 2023 Oracle and/or its affiliates. +# Copyright (c) 2022 Oracle and/or its affiliates. # # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # Author: OIG Development # -# Description: Script for upgrading agent +# Description: Script for management of agents # # # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. -cd "$1" || exit -if [ -d "$1"/newpackage ] -then - echo "There is already an upgrade in progress. Skipping this." - exit -else - echo "Starting Auto upgrade Process..." -fi -mkdir -p newpackage || true +#Global Variables +containerRuntime="" +errorFlag=false +operation="" +newContainer="" +agentVersion="" -cd newpackage || exit -#Download upgrade cli -wget https://objectstorage.us-ashburn-1.oraclecloud.com/p/fFvMAmluNZpv4P5dCzH7VsyJUYra5AMxhLiBSOa3AZuul4KtycxDuJtyUyWaweU4/n/idjypktnxhrf/b/agcs_ido_agent_updater/o/idm-agcs-agent-cli-upgrade.jar +validateEmpty(){ + if [ "$1" = "" ]; + then + errorFlag=true + echo "ERROR: $2 is mandatory." + echo " Specify Using $3." + else + echo "INFO: Using $1 for $2." + fi -#Get Agent Package -agentVersion=$(unzip -q -c "$1"/data/agent/agent-lcm/idm-agcs-agent-lcm.jar META-INF/MANIFEST.MF | grep "Agent-Version: " | awk '{print $2}' | tr -d '\n' | tr -d '\r') -if [ -f "$1"/cacerts ] - then - java \ - -Djavax.net.ssl.trustStore="$1"/cacerts \ - -Djavax.net.ssl.trustStorePassword=changeit \ - -DidoConfig.logDir="$1"/newpackage\ - -DidoConfig.metricsDir="$1"/newpackage \ - -DidoConfig.walletDir="$1"/newpackage \ - -DidoConfig.workDir="$1"/newpackage \ - -cp idm-agcs-agent-cli-upgrade.jar \ - com.oracle.idm.agcs.agent.cli.AgentUpdateMain \ - --config "$1"/data/conf/config.json \ - ido autoRunUpdate \ - -ip "$1" \ - -co "$1"/data/conf/config.properties \ - -cv "$agentVersion" - else - if [ -f "$1"/data/conf/config.properties ] - then - java \ - -DidoConfig.logDir="$1"/data/logs \ - -DidoConfig.metricsDir="$1"/newpackage \ - -DidoConfig.walletDir="$1"/newpackage \ - -DidoConfig.workDir="$1"/newpackage \ - -cp idm-agcs-agent-cli-upgrade.jar \ - com.oracle.idm.agcs.agent.cli.AgentUpdateMain \ - --config "$1"/data/conf/config.json \ - ido autoRunUpdate \ - -ip "$1" \ - -co "$1"/data/conf/config.properties \ - -cv "$agentVersion" - else - java \ - -DidoConfig.logDir="$1"/data/logs \ - -DidoConfig.metricsDir="$1"/newpackage \ - -DidoConfig.walletDir="$1"/newpackage \ - -DidoConfig.workDir="$1"/newpackage \ - -cp idm-agcs-agent-cli-upgrade.jar \ - com.oracle.idm.agcs.agent.cli.AgentUpdateMain \ - --config "$1"/data/conf/config.json \ - ido autoRunUpdate \ - -ip "$1" \ - -cv "$agentVersion" +} + +createDir(){ + + if [ ! -d "$1" ] + then + echo "ERROR: Volume directory $1 does not exist" + exit 1; fi + absoluteVolumePath=$(cd "$(dirname "$1")" || exit 1; pwd -P)/$(basename "$1") + + CONFDIR="$absoluteVolumePath"/data/conf; + LOGSDIR="$absoluteVolumePath"/data/logs; + WALLETDIR="$absoluteVolumePath"/data/wallet; + AGENTDIR="$absoluteVolumePath"/data/agent; + METRICSDIR="$absoluteVolumePath"/data/metrics; + BUNDLEDIR="$absoluteVolumePath"/data/bundle-home; + CUSTOMJARSDIR="$absoluteVolumePath"/data/customJars; + + if [ ! -d "$CONFDIR" ] + then + echo "INFO: Creating conf directory" + mkdir -p "$CONFDIR"; + fi + + if [ ! -d "$LOGSDIR" ] + then + echo "INFO: Creating logs directory" + mkdir -p "$LOGSDIR"; + fi + + if [ ! -d "$WALLETDIR" ] + then + echo "INFO: Creating wallet directory" + mkdir -p "$WALLETDIR"; + fi + + if [ ! -d "$AGENTDIR" ] + then + echo "INFO: Creating agent directory" + mkdir -p "$AGENTDIR"; + fi + + if [ ! -d "$METRICSDIR" ] + then + echo "INFO: Creating metrics directory" + mkdir -p "$METRICSDIR"; + fi + + if [ ! -d "$BUNDLEDIR" ] + then + echo "INFO: Creating bundle-home directory" + mkdir -p "$BUNDLEDIR"; + fi + + if [ ! -d "$CUSTOMJARSDIR" ] + then + echo "INFO: Creating custom driver jars directory" + mkdir -p "$CUSTOMJARSDIR"; + fi + + if [ -d "$absoluteVolumePath"/data ] + then + chmod -R 775 "$absoluteVolumePath"/data >/dev/null 2>&1 + fi + + + ENV_FILE="$CONFDIR"/env.properties + ENV_FILE_TEMP="$CONFDIR"/env_temp.properties + + touch "$ENV_FILE" + rm -f "$ENV_FILE_TEMP" + touch "$ENV_FILE_TEMP" +} + +isDockerAvailable() +{ + if [ "$(docker --version 2>/dev/null)" ] + then + echo "INFO: Docker is available" + echo "--------------------------------------------------" + docker --version + echo "--------------------------------------------------" + containerRuntime="docker"; + fi +} + +isPodmanAvailable() +{ + if [ "$(podman --version 2>/dev/null)" ] + then + echo "INFO: Podman is available" + echo "--------------------------------------------------" + podman --version + echo "--------------------------------------------------" + containerRuntime="podman"; + fi +} + +detectJDKversion() +{ + javac -version + if [ ! "$?" ] + then + echo "ERROR: JDK is not installed. Please install JDK 11" + errorFlag=true + return + fi + javaVersion=$(javac -version 2>&1 | awk '{ print $2 }' | cut -d'.' -f1) + if [ "$javaVersion" != "11" ] + then + echo "ERROR: JDK 11 is required" + errorFlag=true + fi +} + +detectContainerRuntime() +{ + echo "INFO: Detecting Container Runtime" + isPodmanAvailable + if [ -z "$containerRuntime" ] && [ "$containerRuntime" = "" ] + then + isDockerAvailable + fi + + if [ -z "$containerRuntime" ] && [ "$containerRuntime" = "" ] + then + echo "ERROR: No container runtime available. Please install Docker/Podman before proceeding" + errorFlag=true + return + fi + echo "INFO: Using $containerRuntime Container Runtime" + echo containerRuntime=$containerRuntime >> "$ENV_FILE_TEMP" +} + +# shellcheck source=/dev/null +copyAndUnzipAgentPackage() +{ + . "$ENV_FILE_TEMP" + rm -rf "$AGENTDIR:?"/* + unzip "$AP" -d "$AGENTDIR" +} + +copyConfigOverride(){ + if [ -f "$configOverride" ] + then + cp -f "$configOverride" "$CONFDIR"/config.properties + fi +} + +# shellcheck source=/dev/null +copyConfig(){ + echo "INFO: Copying wallet and config.json" + . "$ENV_FILE_TEMP" + CONFFILE="$CONFDIR"/config.json + WALLETFILE="$WALLETDIR"/cwallet.sso + WALLETLOCKFILE="$WALLETDIR"/cwallet.sso.lck + + if [ ! -f "$CONFFILE" ] + then + cp -r "$AGENTDIR"/config.json "$CONFDIR" + else + echo "INFO: Config.json already exists" + fi + + if [ ! -f "$WALLETFILE" ] + then + cp -r "$AGENTDIR"/wallet/cwallet.sso "$WALLETDIR" + else + echo "INFO: Wallet already exists" + fi + + if [ ! -f "$WALLETLOCKFILE" ] + then + cp -r "$AGENTDIR"/wallet/cwallet.sso.lck "$WALLETDIR" + fi + +} + +# shellcheck source=/dev/null +setupConfig(){ + +. "$ENV_FILE" +echo "INFO: Setting up Configuration" +if [ "${AI}" = "" ]; + then + AI=agent_"$(hostname -f)"_"$(date +%s)" + echo AI=agent_"$(hostname -f)"_"$(date +%s)" >> "$ENV_FILE_TEMP" fi -# shellcheck disable=SC2181 -if [ "$?" = "0" ] +if [ "${AU}" = "" ]; + then + AU=true + echo AU=true >> "$ENV_FILE_TEMP" +fi + +# shellcheck disable=SC3010,SC3028 +if [[ "$OSTYPE" == "darwin"* ]]; then + sed -i "" -e "s/__AGENT_ID__/${AI}/g" "$CONFDIR"/config.json +else + sed -i -e "s/__AGENT_ID__/${AI}/g" "$CONFDIR"/config.json +fi + +} + +loadImage(){ + echo "INFO: Loading container image. It may take some time." + imageName="" + if [ "$containerRuntime" = "docker" ] + then + imageName=$(docker load < "$AGENTDIR"/agent-lcm/idm-agcs-agent-framework.dockerize_agent.tar.gz | grep "Loaded image" | awk '{ print $3 }') + elif [ "$containerRuntime" = "podman" ] + then + imageName=$(podman load < "$AGENTDIR"/agent-lcm/idm-agcs-agent-framework.dockerize_agent.tar.gz | grep "Loaded image" | awk '{ print $3 }') + fi + if [ "$imageName" = "" ] + then + echo "ABORTED: Unable to load the image." + exit 1; + fi + echo imageName="$imageName" >> "$ENV_FILE_TEMP" +} + +# shellcheck source=/dev/null +runAgent(){ + groupId=$(id -g) + . "$ENV_FILE" + if [ "$containerRuntime" = "docker" ] then - if [ -f "$1"/cacerts ] + if [ ! "$(docker ps -a -f "name=$AI" --format '{{.Names}}')" ] then - mkdir "$1"/upgrade/ - cp "$1"/cacerts "$1"/upgrade/ - fi - if [ -f "$1"/data/conf/config.properties ] + echo "INFO: Starting new container." + if [ -f "$CONFDIR"/config.properties ]; then + docker run -d --env-file "$CONFDIR"/config.properties -v "$PV":/app --group-add "$groupId" --name "$AI" "$imageName" + else + docker run -d -v "$PV":/app --group-add "$groupId" --name "$AI" "$imageName" + fi + docker exec "$AI" /bin/bash -c 'agent ido validate --config /app/data/conf/config.json; if [[ "$?" != "0" ]] ; then echo VALIDATE_FAILED > /app/data/conf/status.txt; else echo VALIDATE_SUCCESS > /app/data/conf/status.txt; fi ;' + validateStatus=$(cat "$CONFDIR"/status.txt) + if [ "$validateStatus" = "VALIDATE_FAILED" ] + then + echo "ERROR: Agent Validation Failed. Exiting" + docker rm -f "$AI" + exit 1; + fi + if [ ! "$operation" = "upgrade" ] then - curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentManagement.sh -o agentManagement.sh; \ - sh agentManagement.sh --volume "$1" --agentpackage agent-package.zip \ - --config "$1"/data/conf/config.properties \ - --internalUpgrade + docker exec "$AI" /bin/bash -c "agent ido start --config /app/data/conf/config.json &" + fi + + elif [ ! "$(docker ps -f "name=$AI" --format '{{.Names}}')" ] + then + echo "INFO: Starting existing container $AI " + docker start "$AI" + docker exec "$AI" /bin/bash -c 'agent ido validate --config /app/data/conf/config.json; if [[ "$?" != "0" ]] ; then echo VALIDATE_FAILED > /app/data/conf/status.txt; else echo VALIDATE_SUCCESS > /app/data/conf/status.txt; fi ;' + validateStatus=$(cat "$CONFDIR"/status.txt) + if [ "$validateStatus" = "VALIDATE_FAILED" ] + then + echo "ERROR: Agent Validation Failed. Exiting" + docker rm -f "$AI" + exit 1; + fi + if [ ! "$operation" = "upgrade" ] + then + docker exec "$AI" /bin/bash -c 'agent ido start --config /app/data/conf/config.json &' + fi + else + echo "WARN: Agent is already running" + fi + # removing older image in case of upgrade + if [ "$operation" = "postUpgrade" ] + then + echo "INFO: Removing older image ${installedImageName}" + docker image rm "${installedImageName}" || true + fi + elif [ "$containerRuntime" = "podman" ] + then + if [ ! "$(podman ps -a -f "name=$AI" --format '{{.Names}}')" ] + then + echo "INFO: Starting new container." + if [ -f "$CONFDIR"/config.properties ]; then + podman run -d --user root --env-file "$CONFDIR"/config.properties -v "$PV":/app --group-add "$groupId" --name "$AI" "$imageName" + else + podman run -d --user root -v "$PV":/app --group-add "$groupId" --name "$AI" "$imageName" + fi + + podman exec "$AI" /bin/bash -c 'agent ido validate --config /app/data/conf/config.json; if [[ "$?" != "0" ]] ; then echo VALIDATE_FAILED > /app/data/conf/status.txt; else echo VALIDATE_SUCCESS > /app/data/conf/status.txt; fi ;' + validateStatus=$(cat "$CONFDIR"/status.txt) + if [ "$validateStatus" = "VALIDATE_FAILED" ] + then + echo "ERROR: Agent Validation Failed. Exiting" + podman rm -f "$AI" + exit 1; + fi + if [ ! "$operation" = "upgrade" ] + then + podman exec "$AI" /bin/bash -c "agent ido start --config /app/data/conf/config.json &" + fi + + elif [ ! "$(podman ps -f "name=$AI" --format '{{.Names}}')" ] + then + echo "INFO: Starting existing container $AI " + podman start "$AI" + podman exec "$AI" /bin/bash -c 'agent ido validate --config /app/data/conf/config.json; if [[ "$?" != "0" ]] ; then echo VALIDATE_FAILED > /app/data/conf/status.txt; else echo VALIDATE_SUCCESS > /app/data/conf/status.txt; fi ;' + validateStatus=$(cat "$CONFDIR"/status.txt) + if [ "$validateStatus" = "VALIDATE_FAILED" ] + then + echo "ERROR: Agent Validation Failed. Exiting" + podman rm -f "$AI" + exit 1; + fi + if [ ! "$operation" = "upgrade" ] + then + podman exec "$AI" /bin/bash -c "agent ido start --config /app/data/conf/config.json &" + fi + + else + echo "WARN: Agent is already running" + fi + # removing older image in case of upgrade + if [ "$operation" = "postUpgrade" ] + then + echo "INFO: Removing older image ${installedImageName} " + podman image rm "${installedImageName}" || true + fi + fi +} + +hasDockerPermissions() +{ + echo "" +} + +isWriteAccessOnVolume() +{ + # shellcheck disable=SC2012 + permissions=$(ls -ld "$PV" | awk '{print $1}') + perms="${permissions:0:10}" + if [ "$perms" != "drwxrwxr-x" ] && [ "$perms" != "drwxrwxrwx" ]; then + echo "ERROR: Volume does not have required permissions. Make sure to have 775" + errorFlag=true + fi +} + +validate() +{ + echo "Validating Agent" +} + +info(){ + agentImageVersion=$(echo "$imageName" | cut -d':' -f2) + echo "Agent Id : $AI" + + if [ "$containerRuntime" = "docker" ] + then + echo "Container Runtime : $(docker --version)" + elif [ "$containerRuntime" = "podman" ] + then + echo "Container Runtime : $(podman --version)" + fi + echo "Install Location : $PV" + echo "Agent Package used : $AP" + echo "Agent Version : $agentImageVersion" + echo "Logs directory : ${PV}/data/logs" + +} + +agentDaemonStatus(){ + validateStatus=$(cat "$CONFDIR"/status.txt) + if [ "$validateStatus" = "AGENT_RUNNING_NORMALLY" ] + then + echo "Agent Status : Running normally" + elif [ "$validateStatus" = "AGENT_SHUTDOWN_IN_PROGRESS" ]; then + echo "Agent Status : Shutdown is in Progress" + else + echo "Agent Status : Stopped" + fi +} + +# shellcheck source=/dev/null +status(){ + errorFlag=false + if [ -f "$ENV_FILE" ] + then + . "$ENV_FILE" + fi + validateEmpty "${PV}" "Volume" "--volume" + isAgentAvailable + if [ $errorFlag = "true" ]; then + echo "Agent is not installed." + exit 1 + fi + agentVersion=$(grep agentVersion "$CONFDIR"/config.json | awk '{ print $2 }' | sed 's/,//g') + info + if [ "$containerRuntime" = "docker" ] + then + if [ "$(docker ps -f "name=$AI" --format '{{.Names}}')" ] + then + docker exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; if [[ "$?" == "0" ]] ; then echo AGENT_RUNNING_NORMALLY > /app/data/conf/status.txt; elif [[ "$?" == "1" ]] ; then echo AGENT_SHUTDOWN_IN_PROGRESS > /app/data/conf/status.txt; else echo AGENT_SHUTDOWN > /app/data/conf/status.txt; fi ;' >/dev/null + agentDaemonStatus + else + echo "Agent Status : Container not running" + fi + elif [ "$containerRuntime" = "podman" ] + then + if [ "$(podman ps -f "name=$AI" --format '{{.Names}}')" ] + then + podman exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; if [[ "$?" == "0" ]] ; then echo AGENT_RUNNING_NORMALLY > /app/data/conf/status.txt; elif [[ "$?" == "1" ]] ; then echo AGENT_SHUTDOWN_IN_PROGRESS > /app/data/conf/status.txt; else echo AGENT_SHUTDOWN > /app/data/conf/status.txt; fi ;' >/dev/null + agentDaemonStatus + else + echo "Agent Status : Container not running" + fi + fi +} + +# shellcheck source=/dev/null +setproxy(){ + # new/user provided configuration is stored in ENV_FILE_TEMP so sourcing it first + . "$ENV_FILE" + . "$ENV_FILE_TEMP" + echo "INFO: Setting proxy" + + # Set proxy params in config.json + + # in the end replace proxy parms in the env.properties(Source of truth) +} + +isAlreadyInstalled(){ +# shellcheck disable=SC2154 + if [ "$isInstallSuccess" = "true" ] && [ ! "$operation" = "upgrade" ] + then + echo "INFO: Agent is already installed with agent id ${AI} " + errorFlag=true + fi +} + +isAgentAvailable(){ + if [ "$isInstallSuccess" = "true" ] + then + echo "INFO: Agent with agent id ${AI} is available." + else + errorFlag=true + fi +} + +getProperty() { + PROP_KEY=$1 +# shellcheck disable=SC2002 + PROP_VALUE=$(cat "$CONFDIR"/config.properties | grep "$PROP_KEY" | cut -d'=' -f2) + echo "$PROP_VALUE" +} + +fetchAgentContainerImage(){ + + echo "INFO: Fetching Agent Container Image" + proxyUri="" + proxyUserName="" + proxyUserPassword="" + if [ -f "$CONFDIR"/config.properties ]; then + echo "INFO: Getting Proxy settings" + proxyUri=$(getProperty idoConfig.httpClientConfiguration.proxyUri) + proxyUserName=$(getProperty idoConfig.httpClientConfiguration.proxyUserName) + proxyUserPassword=$(getProperty idoConfig.httpClientConfiguration.proxyUserPassword) + fi + agentVersion=$(unzip -q -c "$AGENTDIR"/agent-lcm/idm-agcs-agent-lcm.jar META-INF/MANIFEST.MF | grep "Agent-Version: " | awk '{print $2}' | tr -d '\n' | tr -d '\r') + java -jar "$AGENTDIR"/agent-lcm/idm-agcs-agent-lcm.jar install -w "$WALLETDIR" -d "$AGENTDIR"/agent-lcm/ -ph "$proxyUri" -pu "$proxyUserName" -pp "$proxyUserPassword" -v "$agentVersion" + if [ -f "$AGENTDIR"/agent-lcm/"$agentVersion"/idm-agcs-agent-framework.dockerize_agent.tar.gz ]; then + mv "$AGENTDIR"/agent-lcm/"$agentVersion"/idm-agcs-agent-framework.dockerize_agent.tar.gz "$AGENTDIR"/agent-lcm/ + echo "INFO: Successfully fetched the Agent Container Image" + else + echo "ERROR: Unable to fetch the Agent Container Image" + exit 1 + fi +} + +isValidChecksum() +{ + echo "INFO: Verifying Integrity Check" + java -jar "$AGENTDIR"/agent-lcm/idm-agcs-agent-lcm.jar validateIntegrity -w "$WALLETDIR" -p "$AGENTDIR"/agent-lcm/idm-agcs-agent-framework.dockerize_agent.tar.gz + if [ ! "$?" ] + then + echo "ERROR: Integrity Check Verification failed." + exit 1 + fi +} + +# shellcheck source=/dev/null +install() +{ + if [ -f "$ENV_FILE_TEMP" ] + then + . "$ENV_FILE_TEMP" + fi + + if [ -f "$ENV_FILE" ] + then + . "$ENV_FILE" + fi + + validateEmpty "${AP}" "Agent Package" "--agentpackage" + validateEmpty "${PV}" "Volume" "--volume" + if [ ! -f "${AP}" ] + then + echo "ERROR: Agent Package does not exist" + exit 1; + fi + if [ ! -d "${PV}" ] + then + echo "ERROR: Volume directory does not exist" + exit 1; + fi + #Pre-requiste Validations + isAlreadyInstalled + detectJDKversion + isWriteAccessOnVolume + detectContainerRuntime + if [ $errorFlag = "true" ]; then + echo "ABORTED: Please rectify the errors. Use -h/--help option for help" + exit 1 + fi + copyAndUnzipAgentPackage + copyConfig + copyConfigOverride + setupConfig + fetchAgentContainerImage + isValidChecksum + loadImage + if [ "$AU" = "true" ] + then + enableAutoUpgrade + fi + echo "INFO: Agent installed successfully. You can start the agent now." + echo "isInstallSuccess=true" >> "$ENV_FILE_TEMP" + cp "$ENV_FILE_TEMP" "$ENV_FILE" +} + +# shellcheck source=/dev/null +enableAutoUpgrade(){ + + if [ -f "$ENV_FILE_TEMP" ] + then + . "$ENV_FILE_TEMP" + fi + + if [ -f "$ENV_FILE" ] + then + . "$ENV_FILE" + fi + validateEmpty "${PV}" "Volume" "--volume" + detectJDKversion + + if [ $errorFlag = "true" ]; then + echo "ABORTED: Please rectify the errors. Use -h/--help option for help" + exit 1 + fi + crontab -l > autoupdatercron + alreadyExists=$(grep -rnw autoupdatercron -e "${AI}") + if [ "" != "${alreadyExists}" ] + then + echo "INFO: Auto Upgrade for the agent with id ${AI} already exists. " + else + echo "INFO: Setting Up Auto Upgrade of the agent with id ${AI}. " + javaPath=$(which java | rev | cut -c6- | rev) + # shellcheck disable=SC2002 + proxyUri=$(cat "$PV"/data/conf/config.properties | grep "idoConfig.httpClientConfiguration.proxyUri" | cut -d'=' -f2) + echo "INFO: Proxy URL is ${proxyUri}" + if [ "${proxyUri}" != "" ] + then + echo "*/30 * * * * export HTTPS_PROXY=${proxyUri};export https_proxy=${proxyUri};export PATH=${javaPath}:$PATH;curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o ${PV}/agentAutoUpdate.sh;sh ${PV}/agentAutoUpdate.sh ${PV} ${AI} " >> autoupdatercron + else + echo "*/30 * * * * export PATH=${javaPath}:$PATH;curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o ${PV}/agentAutoUpdate.sh;sh ${PV}/agentAutoUpdate.sh ${PV} ${AI} " >> autoupdatercron + fi + crontab autoupdatercron + rm autoupdatercron + currentCron=$(crontab -l) + if [ "" = "${currentCron}" ] + then + echo "INFO: No cron exists. Please try again." + else + echo "INFO: List of the current cron tabs" + echo "${currentCron}" + echo "INFO: Successfully Set Up Auto Upgrade of the agent with id ${AI}." + fi + fi +} + +# shellcheck source=/dev/null +autoUpgrade(){ + if [ -f "$ENV_FILE_TEMP" ] + then + . "$ENV_FILE_TEMP" + fi + + if [ -f "$ENV_FILE" ] + then + . "$ENV_FILE" + fi + validateEmpty "${PV}" "Volume" "--volume" + detectJDKversion + + if [ $errorFlag = "true" ]; then + echo "ABORTED: Please rectify the errors. Use -h/--help option for help" + exit 1 + fi + curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o "${PV}"/agentAutoUpdate.sh;sh "${PV}"/agentAutoUpdate.sh "${PV}" "${AI}" +} + +# shellcheck source=/dev/null +disableAutoUpgrade(){ + if [ -f "$ENV_FILE_TEMP" ] + then + . "$ENV_FILE_TEMP" + fi + + if [ -f "$ENV_FILE" ] + then + . "$ENV_FILE" + fi + validateEmpty "${PV}" "Volume" "--volume" + if [ $errorFlag = "true" ]; then + echo "ABORTED: Please rectify the errors. Use -h/--help option for help" + exit 1 + fi + crontab -l > autoupdatercron + ifExists=$(grep -rnw autoupdatercron -e "${AI}") + if [ "" = "${ifExists}" ] + then + echo "INFO: Auto Upgrade for the agent with id ${AI} does not exist. " + else + echo "INFO: Removing Auto Upgrade of the agent with id ${AI}. " + crontab -l | grep -v "${AI}" | crontab - + rm autoupdatercron + currentCron=$(crontab -l) + if [ "" = "${currentCron}" ] + then + echo "INFO: No cron exists now." else - curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentManagement.sh -o agentManagement.sh; \ - sh agentManagement.sh --volume "$1" --agentpackage agent-package.zip \ - --internalUpgrade + echo "${currentCron}" + fi + echo "INFO: Successfully Removed Auto Upgrade of the agent with id ${AI}." + fi +} + +# shellcheck source=/dev/null +start() +{ + if [ -f "$ENV_FILE" ] + then + . "$ENV_FILE" + fi + validateEmpty "${PV}" "Volume" "--volume" + if [ $errorFlag = "true" ]; then + echo "ABORTED: Please rectify the errors. Use -h/--help option for help" + exit 1 + fi + echo "INFO: Starting Agent" + copyConfigOverride + if [ -f "$configOverride" ]; then + kill + fi + runAgent + echo "" + agentVersion=$(grep agentVersion "$CONFDIR"/config.json | awk '{ print $2 }' | sed 's/,//g') + info + echo "" + echo "INFO: Logs directory: ${PV}/data/logs" + echo "INFO: You can monitor the agent ${AI} from the Access Governance Console." +} + +# shellcheck source=/dev/null +stop() +{ + echo "INFO: Gracefully Stopping Agent" + if [ -f "$ENV_FILE" ] + then + . "$ENV_FILE" + fi + validateEmpty "${PV}" "Volume" "--volume" + if [ $errorFlag = "true" ]; then + echo "ABORTED: Please rectify the errors. Use -h/--help option for help" + exit 1 + fi + if [ "$containerRuntime" = "docker" ] + then + docker exec "$AI" /bin/bash -c "agent --config /app/data/conf/config.json ido lcm -i graceful_shutdown;" + echo "INFO: Waiting for running operations to complete. It may take some time" + docker exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null + docker stop "$AI" + elif [ "$containerRuntime" = "podman" ] + then + podman exec "$AI" /bin/bash -c "agent --config /app/data/conf/config.json ido lcm -i graceful_shutdown;" + echo "INFO: Waiting for running operations to complete. It may take some time" + podman exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null + podman stop "$AI" + fi + echo "INFO: Agent Stopped" +} + +# shellcheck source=/dev/null +kill() +{ + if [ -f "$ENV_FILE" ] + then + . "$ENV_FILE" + fi + validateEmpty "${PV}" "Volume" "--volume" + if [ $errorFlag = "true" ]; then + echo "ABORTED: Please rectify the errors. Use -h/--help option for help" + exit 1 + fi + if [ "$containerRuntime" = "docker" ] && [ "$(docker ps -a -f "name=$AI" --format '{{.Names}}')" ] + then + + if [ ! "$operation" = "upgrade" ] && [ ! "$operation" = "postUpgrade" ] + then + docker exec "$AI" /bin/bash -c "agent --config /app/data/conf/config.json ido lcm -i graceful_shutdown;" + echo "INFO: Waiting for running operations to complete. It may take some time" + docker exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null + fi + docker rm -f "$AI" + elif [ "$containerRuntime" = "podman" ] && [ "$(podman ps -a -f "name=$AI" --format '{{.Names}}')" ] + then + if [ ! "$operation" = "upgrade" ] && [ ! "$operation" = "postUpgrade" ] + then + podman exec "$AI" /bin/bash -c "agent --config /app/data/conf/config.json ido lcm -i graceful_shutdown;" + echo "INFO: Waiting for running operations to complete. It may take some time" + podman exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null + fi + podman rm -f "$AI" + fi +} + +createBackup(){ + echo "INFO: Backing up the previous agent" + rm -rf "${PV}"/backup + mkdir -p "${PV}"/backup + cp -rf "${PV}"/data "${PV}"/backup +} + +restoreBackup(){ + echo "INFO: Restoring backup" + #copying all the files from the backup dir to the volume + cp -rf "${PV}"/backup "${PV}" +} + +# shellcheck source=/dev/null +upgrade() +{ + if [ -f "$ENV_FILE_TEMP" ] + then + . "$ENV_FILE_TEMP" + fi + #validate mandatory fields + validateEmpty "${AP}" "New Agent Package" "--agentpackage" + validateEmpty "${PV}" "Volume" "--volume" + if [ $errorFlag = "true" ]; then + echo "ABORTED: Please rectify the errors. Use -h/--help option for help" + exit 1 + fi + + if [ ! "${AI}" = "" ] + then + echo "WARN: Ignoring Agent Id ${AI} " + fi + + #store the new agent package into a variable + newAgentPackage="${AP}" + + . "$ENV_FILE" #older config file + isAgentAvailable + if [ $errorFlag = "true" ]; then + echo "ABORTED: Agent is not installed." + rm -rf "$PV/data" + rm -rf "$PV/upgrade" + rm -rf "$PV/backup" + exit 1 + fi + + echo "INFO: Upgrading Agent with id ${AI} " + installedPV="${PV}" + installedAgentId="${AI}" + installedImageName="${imageName}" + #generate a new agent id for upgrade using old agent id + AI="${installedAgentId}"_upgrade + newAgentId=${AI} + + #createDir changes the current working directory + mkdir -p "${PV}/upgrade" + chmod -R 775 "${PV}/upgrade" >/dev/null 2>&1 + + createDir "${PV}/upgrade" +# shellcheck disable=SC2129 + echo AP="${newAgentPackage}" >> "$ENV_FILE_TEMP" + echo PV="${PV}"/upgrade >> "$ENV_FILE_TEMP" + echo AI="${AI}" >> "$ENV_FILE_TEMP" + + #install the upgrade + operation=upgrade + # Following copies the customJars from the install location to the upgrade directory + if [ -d "${installedPV}/data/customJars" ] + then + if [ "$(ls -A "${installedPV}/data/customJars")" ] + then + echo "INFO: Copying custom jars" + cp -rf "${installedPV}/data/customJars" "${PV}/upgrade/data" + fi + fi + + install + #install also loads the image, so we can get the new image here + newimage="${imageName}" + echo "INFO: Starting test upgrade agent" + start + echo "INFO: Test Upgrade is successful" + kill + #remove the crontab from upgrade + crontab -l | grep -v "${AI}" | crontab - + + #change to the installed directory, this sets the ENV_FILE to the older config + createDir "${installedPV}" + # sourcing installed config to kill the older container + operation=postUpgrade + . "$ENV_FILE" + createBackup + echo "INFO: Removing the old agent" + kill + #removing the cron of older agent + crontab -l | grep -v "${AI}" | crontab - + + echo "INFO: Copying new wallet" + cp -rf "${PV}/upgrade/data/wallet" "${PV}"/data + + cp -rf "${PV}/upgrade/data/agent" "${PV}"/data + + echo "INFO: Copying new configuration" + cp -f "${PV}/upgrade/data/conf/config.json" "$CONFDIR" + + if [ -f "${PV}/upgrade/data/conf/config.properties" ] + then + cp -f "${PV}/upgrade/data/conf/config.properties" "$CONFDIR" + fi + + sed -i "" -e "s/${newAgentId}/${installedAgentId}/g" "$CONFDIR"/config.json + + + #use the older agent id + awk -F"=" -v OFS='=' -v newval="$installedAgentId" '/^AI/{$2=newval;print;next}1' "$ENV_FILE" > "$ENV_FILE_TEMP" + cp -f "$ENV_FILE_TEMP" "$ENV_FILE" + awk -F"=" -v OFS='=' -v newval="$newAgentPackage" '/^AP/{$2=newval;print;next}1' "$ENV_FILE" > "$ENV_FILE_TEMP" + cp -f "$ENV_FILE_TEMP" "$ENV_FILE" + awk -F"=" -v OFS='=' -v newval="$newimage" '/^imageName/{$2=newval;print;next}1' "$ENV_FILE" > "$ENV_FILE_TEMP" + cp -f "$ENV_FILE_TEMP" "$ENV_FILE" + + start + crontab -l > autoupdatercron + alreadyExists=$(grep -rnw autoupdatercron -e "${AI}") + if [ "" != "${alreadyExists}" ] + then + echo "INFO: Auto Upgrade for the agent with id ${AI} is already setup. " + else + echo "INFO: Setting Up Auto Upgrade of the agent with id ${AI}. " + javaPath=$(which java | rev | cut -c6- | rev) + # shellcheck disable=SC2002 + proxyUri=$(cat "$PV"/data/conf/config.properties | grep "idoConfig.httpClientConfiguration.proxyUri" | cut -d'=' -f2) + echo "INFO: Proxy URL is ${proxyUri}" + if [ "${proxyUri}" != "" ] + then + echo "*/30 * * * * export HTTPS_PROXY=${proxyUri};export https_proxy=${proxyUri};export PATH=${javaPath}:$PATH;curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o ${PV}/agentAutoUpdate.sh;sh ${PV}/agentAutoUpdate.sh ${PV} ${AI} " >> autoupdatercron + else + echo "*/30 * * * * export PATH=${javaPath}:$PATH;curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o ${PV}/agentAutoUpdate.sh;sh ${PV}/agentAutoUpdate.sh ${PV} ${AI} " >> autoupdatercron + fi + crontab autoupdatercron + rm autoupdatercron + currentCron=$(crontab -l) + if [ "" = "${currentCron}" ] + then + echo "INFO: No cron exists. Please try again." + else + echo "INFO: List of the current cron tabs" + echo "${currentCron}" + echo "INFO: Successfully Set Up Auto Upgrade of the agent with id ${AI}." + fi + fi + rm -rf "${PV}/upgrade" +} + +restart() +{ + echo "INFO: Restarting Agent" + if [ "$newContainer" = "true" ] + then + echo "WARN: This will remove the existing agent container and start a new one." + echo "Are you sure to continue? [y/N]" + read -r input + if [ "$input" = "y" ] || [ "$input" = "Y" ] + then + kill + else + echo "ABORTED: Restart" + exit 1; fi + else + stop + fi + start +} + +# shellcheck source=/dev/null +uninstall(){ + + echo "WARN: This will remove the existing agent and clean up the install directory." + echo "Are you sure to continue? [y/N]" + read -r input + if [ ! "$input" = "y" ] && [ ! "$input" = "Y" ] + then + exit 1; + fi + if [ -f "$ENV_FILE" ] + then + . "$ENV_FILE" + fi + isAgentAvailable + if [ $errorFlag = "true" ]; then + echo "ABORTED: Agent is not installed." + exit 1 + fi + echo "INFO: Uninstalling Agent" + kill + disableAutoUpgrade + if [ -d "${PV}" ] + then + echo "INFO: Removing agent data from ${PV} " + rm -rf "${PV}/data" + rm -rf "${PV}/upgrade" + rm -rf "${PV}/backup" + echo "INFO: Agent uninstalled successfully" + fi +} + +# shellcheck source=/dev/null +rename(){ + . "$ENV_FILE_TEMP" + validateEmpty "${AI}" "Agent Id" "--agentid" + if [ $errorFlag = "true" ]; then + echo "ABORTED: Please rectify the errors. Use -h/--help option for help" + exit 1 + fi + + newAgentId="${AI}" + . "$ENV_FILE" + + if [ "$containerRuntime" = "docker" ] + then + if [ "$(docker ps -a -f "name=$AI" --format '{{.Names}}')" ] + then + echo "INFO: Renaming Agent" + docker rename "${AI}" "${newAgentId}" + else + echo "INFO: No Container with the name ${AI} is available to rename" + exit 1 + fi + elif [ "$containerRuntime" = "podman" ] + then + if [ "$(podman ps -a -f "name=$AI" --format '{{.Names}}')" ] + then + echo "INFO: Renaming Agent" + podman rename "${AI}" "${newAgentId}" + else + echo "INFO: No Container with the name ${AI} is available to rename" + exit 1 + fi + fi + awk -F"=" -v OFS='=' -v newval="$newAgentId" '/^AI/{$2=newval;print;next}1' "$ENV_FILE" > "$ENV_FILE_TEMP" + cp "$ENV_FILE_TEMP" "$ENV_FILE" +} + + +################################################################################ +# Help # +################################################################################ +Help() +{ + # Display Help + echo "Access Governance - Agent Management Script " + echo + echo "Syntax: ./agentManagement.sh --volume [config] [operation]" + echo + echo "Config Mandatory Default Value Description" + echo "------ --------- ------------- -----------" + echo "-ai|--agentid No agent__ Agent Id of the container" + echo "-ap|--agentpackage No(Required in validate,install + and upgrade) \"\" Agent Package Path" + echo "-c|--config No - Path of the custom config property file" + echo "-pv|--volume Yes - Directory to persist agent data such as + configuration, wallet, logs, etc." + + echo + + echo "Operation Description" + echo "--------- -----------" + echo "" + echo "--install 1. Installs the agent package to the specified volume + 2. Loads the container image " + echo "" + echo "--start 1. Starts the agent container + 2. Starts the agent daemon" + echo "--setupautoupgrade 1. Setup Auto Upgrade of the agent" + echo "" + echo "--status 1. Displays the status of the agent" + echo "" + echo "--stop 1. Stops the agent daemon + 2. Stops the agent container" + echo "" + echo "--restart 1. Stops the agent daemon + 2. Stops the agent container + 3. remove the agent container if \"newcontainer\" flag is set + 4. Starts the agent container + 5. Starts the agent daemon" + echo " Provide --newcontainer to create a new container" + + echo "" + echo "--uninstall 1. Stops the agent daemon + 2. Remove the agent container + 3. Cleanup the volume" + echo "" + echo "--upgrade 1. Unzips the new agent-package.zip in a temporary location + 2. Validates the contents + 3. Loads image from the new tar.gz + 4. Brings up a temporary container using the new image and the new configuration + 4. If successful then stop the temporary container + 5. Stop the existing agent container + 6. Copy the new config from the temporary location to the main location keeping the customizations + 7. Start the agent with the new image and the new config + 8. Spin up the agent daemon" + + + +} + +################################################################################ +if [ $# -eq 0 ]; then + Help; + exit 1 fi +while [ $# -gt 0 ]; do + opt="$1" + shift; + current_arg="$1" + case $current_arg in + -[!-]* | --*) + echo "WARNING: You may have left an argument blank. Double check your command." + ;; + esac + case "$opt" in -rm -rf "$1"/newpackage \ No newline at end of file + "-pv"|"--volume" ) createDir "$1"; echo PV="$(cd "$(dirname "$1")" || exit 1; pwd -P)"/"$(basename "$1")" >> "$ENV_FILE_TEMP"; shift;; + "-h"|"--help" ) Help; exit 1;; + "-ai"|"--agentid" ) echo AI="$1" >> "$ENV_FILE_TEMP"; shift;; + "-au"|"--autoupgrade" ) echo AU="$1" >> "$ENV_FILE_TEMP"; shift;; + "-ap"|"--agentpackage" ) echo AP="$(cd "$(dirname "$1")" || exit 1; pwd -P)"/"$(basename "$1")" >> "$ENV_FILE_TEMP"; shift;; + "-c"|"--config" ) configOverride=$(cd "$(dirname "$1")" || exit 1; pwd -P)/$(basename "$1"); shift;; + "-nc"|"--newcontainer" ) newContainer=true;; + "-i"|"--install" ) install; exit 1;; + "-up"|"--upgrade" ) autoUpgrade; exit 1;; + "-iu"|"--internalUpgrade" ) upgrade; exit 1;; + "-st"|"--stop" ) stop; exit 1;; + "-rs"|"--restart" ) restart; exit 1;; + "-u"|"--uninstall" ) uninstall; exit 1;; + "-s"|"--start" ) start; exit 1;; + "-sa"|"--status" ) status; exit 1;; + "-eau"|"--enableautoupgrade" ) enableAutoUpgrade; exit 1;; + "-dau"|"--disableautoupgrade" ) disableAutoUpgrade; exit 1;; + * ) echo "ERROR: agentManagement: Invalid option: \"$opt\"" >&2 + exit 1;; + esac +done From b133fae2c347fccb5c1b23cc121b5cde8d5d684f Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Tue, 6 Aug 2024 16:16:38 +0530 Subject: [PATCH 02/15] fixed permission matching logic --- OracleIdentityGovernance/samples/scripts/agentManagement.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/OracleIdentityGovernance/samples/scripts/agentManagement.sh b/OracleIdentityGovernance/samples/scripts/agentManagement.sh index 1c429a18ef..9f31ce9603 100755 --- a/OracleIdentityGovernance/samples/scripts/agentManagement.sh +++ b/OracleIdentityGovernance/samples/scripts/agentManagement.sh @@ -365,7 +365,8 @@ isWriteAccessOnVolume() { # shellcheck disable=SC2012 permissions=$(ls -ld "$PV" | awk '{print $1}') - if [ "$permissions" != "drwxrwxr-x" ] && [ "$permissions" != "drwxrwxrwx" ] && [ "$permissions" != "drwxrwxr-x." ] && [ "$permissions" != "drwxrwxrwx." ]; then + perms="${permissions:0:10}" + if [ "$perms" != "drwxrwxr-x" ] && [ "$perms" != "drwxrwxrwx" ]; then echo "ERROR: Volume does not have required permissions. Make sure to have 775" errorFlag=true fi From 09236739c3d33ebe6104c5f3efe4066557f87500 Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Tue, 6 Aug 2024 16:17:01 +0530 Subject: [PATCH 03/15] fixed permission matching logic --- .../samples/scripts/agentAutoUpdate.sh | 1157 ++--------------- 1 file changed, 74 insertions(+), 1083 deletions(-) diff --git a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh index add255950c..b5edf33999 100755 --- a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh +++ b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh @@ -1,1106 +1,97 @@ #!/bin/sh # -# Copyright (c) 2022 Oracle and/or its affiliates. +# Copyright (c) 2023 Oracle and/or its affiliates. # # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # # Author: OIG Development # -# Description: Script for management of agents +# Description: Script for upgrading agent # # # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. -#Global Variables -containerRuntime="" -errorFlag=false -operation="" -newContainer="" -agentVersion="" - -validateEmpty(){ - if [ "$1" = "" ]; - then - errorFlag=true - echo "ERROR: $2 is mandatory." - echo " Specify Using $3." - else - echo "INFO: Using $1 for $2." - fi - -} - -createDir(){ - - if [ ! -d "$1" ] - then - echo "ERROR: Volume directory $1 does not exist" - exit 1; - fi - absoluteVolumePath=$(cd "$(dirname "$1")" || exit 1; pwd -P)/$(basename "$1") - - CONFDIR="$absoluteVolumePath"/data/conf; - LOGSDIR="$absoluteVolumePath"/data/logs; - WALLETDIR="$absoluteVolumePath"/data/wallet; - AGENTDIR="$absoluteVolumePath"/data/agent; - METRICSDIR="$absoluteVolumePath"/data/metrics; - BUNDLEDIR="$absoluteVolumePath"/data/bundle-home; - CUSTOMJARSDIR="$absoluteVolumePath"/data/customJars; - - if [ ! -d "$CONFDIR" ] - then - echo "INFO: Creating conf directory" - mkdir -p "$CONFDIR"; - fi - - if [ ! -d "$LOGSDIR" ] - then - echo "INFO: Creating logs directory" - mkdir -p "$LOGSDIR"; - fi - - if [ ! -d "$WALLETDIR" ] - then - echo "INFO: Creating wallet directory" - mkdir -p "$WALLETDIR"; - fi - - if [ ! -d "$AGENTDIR" ] - then - echo "INFO: Creating agent directory" - mkdir -p "$AGENTDIR"; - fi - - if [ ! -d "$METRICSDIR" ] - then - echo "INFO: Creating metrics directory" - mkdir -p "$METRICSDIR"; - fi - - if [ ! -d "$BUNDLEDIR" ] - then - echo "INFO: Creating bundle-home directory" - mkdir -p "$BUNDLEDIR"; - fi - - if [ ! -d "$CUSTOMJARSDIR" ] - then - echo "INFO: Creating custom driver jars directory" - mkdir -p "$CUSTOMJARSDIR"; - fi - - if [ -d "$absoluteVolumePath"/data ] - then - chmod -R 775 "$absoluteVolumePath"/data >/dev/null 2>&1 - fi - - - ENV_FILE="$CONFDIR"/env.properties - ENV_FILE_TEMP="$CONFDIR"/env_temp.properties - - touch "$ENV_FILE" - rm -f "$ENV_FILE_TEMP" - touch "$ENV_FILE_TEMP" -} - -isDockerAvailable() -{ - if [ "$(docker --version 2>/dev/null)" ] - then - echo "INFO: Docker is available" - echo "--------------------------------------------------" - docker --version - echo "--------------------------------------------------" - containerRuntime="docker"; - fi -} - -isPodmanAvailable() -{ - if [ "$(podman --version 2>/dev/null)" ] - then - echo "INFO: Podman is available" - echo "--------------------------------------------------" - podman --version - echo "--------------------------------------------------" - containerRuntime="podman"; - fi -} - -detectJDKversion() -{ - javac -version - if [ ! "$?" ] - then - echo "ERROR: JDK is not installed. Please install JDK 11" - errorFlag=true - return - fi - javaVersion=$(javac -version 2>&1 | awk '{ print $2 }' | cut -d'.' -f1) - if [ "$javaVersion" != "11" ] - then - echo "ERROR: JDK 11 is required" - errorFlag=true - fi -} - -detectContainerRuntime() -{ - echo "INFO: Detecting Container Runtime" - isPodmanAvailable - if [ -z "$containerRuntime" ] && [ "$containerRuntime" = "" ] - then - isDockerAvailable - fi - - if [ -z "$containerRuntime" ] && [ "$containerRuntime" = "" ] - then - echo "ERROR: No container runtime available. Please install Docker/Podman before proceeding" - errorFlag=true - return - fi - echo "INFO: Using $containerRuntime Container Runtime" - echo containerRuntime=$containerRuntime >> "$ENV_FILE_TEMP" -} - -# shellcheck source=/dev/null -copyAndUnzipAgentPackage() -{ - . "$ENV_FILE_TEMP" - rm -rf "$AGENTDIR:?"/* - unzip "$AP" -d "$AGENTDIR" -} - -copyConfigOverride(){ - if [ -f "$configOverride" ] - then - cp -f "$configOverride" "$CONFDIR"/config.properties - fi -} - -# shellcheck source=/dev/null -copyConfig(){ - echo "INFO: Copying wallet and config.json" - . "$ENV_FILE_TEMP" - CONFFILE="$CONFDIR"/config.json - WALLETFILE="$WALLETDIR"/cwallet.sso - WALLETLOCKFILE="$WALLETDIR"/cwallet.sso.lck - - if [ ! -f "$CONFFILE" ] - then - cp -r "$AGENTDIR"/config.json "$CONFDIR" - else - echo "INFO: Config.json already exists" - fi - - if [ ! -f "$WALLETFILE" ] - then - cp -r "$AGENTDIR"/wallet/cwallet.sso "$WALLETDIR" - else - echo "INFO: Wallet already exists" - fi - - if [ ! -f "$WALLETLOCKFILE" ] - then - cp -r "$AGENTDIR"/wallet/cwallet.sso.lck "$WALLETDIR" - fi - -} - -# shellcheck source=/dev/null -setupConfig(){ - -. "$ENV_FILE" -echo "INFO: Setting up Configuration" -if [ "${AI}" = "" ]; - then - AI=agent_"$(hostname -f)"_"$(date +%s)" - echo AI=agent_"$(hostname -f)"_"$(date +%s)" >> "$ENV_FILE_TEMP" -fi - -if [ "${AU}" = "" ]; - then - AU=true - echo AU=true >> "$ENV_FILE_TEMP" -fi - -# shellcheck disable=SC3010,SC3028 -if [[ "$OSTYPE" == "darwin"* ]]; then - sed -i "" -e "s/__AGENT_ID__/${AI}/g" "$CONFDIR"/config.json +cd "$1" || exit +if [ -d "$1"/newpackage ] +then + echo "There is already an upgrade in progress. Skipping this." + exit else - sed -i -e "s/__AGENT_ID__/${AI}/g" "$CONFDIR"/config.json + echo "Starting Auto upgrade Process..." fi +mkdir -p newpackage || true -} - -loadImage(){ - echo "INFO: Loading container image. It may take some time." - imageName="" - if [ "$containerRuntime" = "docker" ] - then - imageName=$(docker load < "$AGENTDIR"/agent-lcm/idm-agcs-agent-framework.dockerize_agent.tar.gz | grep "Loaded image" | awk '{ print $3 }') - elif [ "$containerRuntime" = "podman" ] - then - imageName=$(podman load < "$AGENTDIR"/agent-lcm/idm-agcs-agent-framework.dockerize_agent.tar.gz | grep "Loaded image" | awk '{ print $3 }') - fi - if [ "$imageName" = "" ] - then - echo "ABORTED: Unable to load the image." - exit 1; - fi - echo imageName="$imageName" >> "$ENV_FILE_TEMP" -} - -# shellcheck source=/dev/null -runAgent(){ - groupId=$(id -g) - . "$ENV_FILE" - if [ "$containerRuntime" = "docker" ] - then - if [ ! "$(docker ps -a -f "name=$AI" --format '{{.Names}}')" ] - then - echo "INFO: Starting new container." - if [ -f "$CONFDIR"/config.properties ]; then - docker run -d --env-file "$CONFDIR"/config.properties -v "$PV":/app --group-add "$groupId" --name "$AI" "$imageName" - else - docker run -d -v "$PV":/app --group-add "$groupId" --name "$AI" "$imageName" - fi - docker exec "$AI" /bin/bash -c 'agent ido validate --config /app/data/conf/config.json; if [[ "$?" != "0" ]] ; then echo VALIDATE_FAILED > /app/data/conf/status.txt; else echo VALIDATE_SUCCESS > /app/data/conf/status.txt; fi ;' - validateStatus=$(cat "$CONFDIR"/status.txt) - if [ "$validateStatus" = "VALIDATE_FAILED" ] - then - echo "ERROR: Agent Validation Failed. Exiting" - docker rm -f "$AI" - exit 1; - fi - if [ ! "$operation" = "upgrade" ] - then - docker exec "$AI" /bin/bash -c "agent ido start --config /app/data/conf/config.json &" - fi - - elif [ ! "$(docker ps -f "name=$AI" --format '{{.Names}}')" ] - then - echo "INFO: Starting existing container $AI " - docker start "$AI" - docker exec "$AI" /bin/bash -c 'agent ido validate --config /app/data/conf/config.json; if [[ "$?" != "0" ]] ; then echo VALIDATE_FAILED > /app/data/conf/status.txt; else echo VALIDATE_SUCCESS > /app/data/conf/status.txt; fi ;' - validateStatus=$(cat "$CONFDIR"/status.txt) - if [ "$validateStatus" = "VALIDATE_FAILED" ] - then - echo "ERROR: Agent Validation Failed. Exiting" - docker rm -f "$AI" - exit 1; - fi - if [ ! "$operation" = "upgrade" ] - then - docker exec "$AI" /bin/bash -c 'agent ido start --config /app/data/conf/config.json &' - fi - else - echo "WARN: Agent is already running" - fi - # removing older image in case of upgrade - if [ "$operation" = "postUpgrade" ] - then - echo "INFO: Removing older image ${installedImageName}" - docker image rm "${installedImageName}" || true - fi - elif [ "$containerRuntime" = "podman" ] - then - if [ ! "$(podman ps -a -f "name=$AI" --format '{{.Names}}')" ] - then - echo "INFO: Starting new container." - if [ -f "$CONFDIR"/config.properties ]; then - podman run -d --user root --env-file "$CONFDIR"/config.properties -v "$PV":/app --group-add "$groupId" --name "$AI" "$imageName" - else - podman run -d --user root -v "$PV":/app --group-add "$groupId" --name "$AI" "$imageName" - fi - - podman exec "$AI" /bin/bash -c 'agent ido validate --config /app/data/conf/config.json; if [[ "$?" != "0" ]] ; then echo VALIDATE_FAILED > /app/data/conf/status.txt; else echo VALIDATE_SUCCESS > /app/data/conf/status.txt; fi ;' - validateStatus=$(cat "$CONFDIR"/status.txt) - if [ "$validateStatus" = "VALIDATE_FAILED" ] - then - echo "ERROR: Agent Validation Failed. Exiting" - podman rm -f "$AI" - exit 1; - fi - if [ ! "$operation" = "upgrade" ] - then - podman exec "$AI" /bin/bash -c "agent ido start --config /app/data/conf/config.json &" - fi - - elif [ ! "$(podman ps -f "name=$AI" --format '{{.Names}}')" ] - then - echo "INFO: Starting existing container $AI " - podman start "$AI" - podman exec "$AI" /bin/bash -c 'agent ido validate --config /app/data/conf/config.json; if [[ "$?" != "0" ]] ; then echo VALIDATE_FAILED > /app/data/conf/status.txt; else echo VALIDATE_SUCCESS > /app/data/conf/status.txt; fi ;' - validateStatus=$(cat "$CONFDIR"/status.txt) - if [ "$validateStatus" = "VALIDATE_FAILED" ] - then - echo "ERROR: Agent Validation Failed. Exiting" - podman rm -f "$AI" - exit 1; - fi - if [ ! "$operation" = "upgrade" ] - then - podman exec "$AI" /bin/bash -c "agent ido start --config /app/data/conf/config.json &" - fi - - else - echo "WARN: Agent is already running" - fi - # removing older image in case of upgrade - if [ "$operation" = "postUpgrade" ] - then - echo "INFO: Removing older image ${installedImageName} " - podman image rm "${installedImageName}" || true - fi - fi -} +cd newpackage || exit +#Download upgrade cli +wget https://objectstorage.us-ashburn-1.oraclecloud.com/p/fFvMAmluNZpv4P5dCzH7VsyJUYra5AMxhLiBSOa3AZuul4KtycxDuJtyUyWaweU4/n/idjypktnxhrf/b/agcs_ido_agent_updater/o/idm-agcs-agent-cli-upgrade.jar -hasDockerPermissions() -{ - echo "" -} - -isWriteAccessOnVolume() -{ - # shellcheck disable=SC2012 - permissions=$(ls -ld "$PV" | awk '{print $1}') - perms="${permissions:0:10}" - if [ "$perms" != "drwxrwxr-x" ] && [ "$perms" != "drwxrwxrwx" ]; then - echo "ERROR: Volume does not have required permissions. Make sure to have 775" - errorFlag=true - fi -} - -validate() -{ - echo "Validating Agent" -} - -info(){ - agentImageVersion=$(echo "$imageName" | cut -d':' -f2) - echo "Agent Id : $AI" - - if [ "$containerRuntime" = "docker" ] - then - echo "Container Runtime : $(docker --version)" - elif [ "$containerRuntime" = "podman" ] - then - echo "Container Runtime : $(podman --version)" - fi - echo "Install Location : $PV" - echo "Agent Package used : $AP" - echo "Agent Version : $agentImageVersion" - echo "Logs directory : ${PV}/data/logs" - -} - -agentDaemonStatus(){ - validateStatus=$(cat "$CONFDIR"/status.txt) - if [ "$validateStatus" = "AGENT_RUNNING_NORMALLY" ] - then - echo "Agent Status : Running normally" - elif [ "$validateStatus" = "AGENT_SHUTDOWN_IN_PROGRESS" ]; then - echo "Agent Status : Shutdown is in Progress" - else - echo "Agent Status : Stopped" - fi -} +#Get Agent Package +agentVersion=$(unzip -q -c "$1"/data/agent/agent-lcm/idm-agcs-agent-lcm.jar META-INF/MANIFEST.MF | grep "Agent-Version: " | awk '{print $2}' | tr -d '\n' | tr -d '\r') +if [ -f "$1"/cacerts ] + then + java \ + -Djavax.net.ssl.trustStore="$1"/cacerts \ + -Djavax.net.ssl.trustStorePassword=changeit \ + -DidoConfig.logDir="$1"/newpackage\ + -DidoConfig.metricsDir="$1"/newpackage \ + -DidoConfig.walletDir="$1"/newpackage \ + -DidoConfig.workDir="$1"/newpackage \ + -cp idm-agcs-agent-cli-upgrade.jar \ + com.oracle.idm.agcs.agent.cli.AgentUpdateMain \ + --config "$1"/data/conf/config.json \ + ido autoRunUpdate \ + -ip "$1" \ + -co "$1"/data/conf/config.properties \ + -cv "$agentVersion" + else + if [ -f "$1"/data/conf/config.properties ] + then + java \ + -DidoConfig.logDir="$1"/data/logs \ + -DidoConfig.metricsDir="$1"/newpackage \ + -DidoConfig.walletDir="$1"/newpackage \ + -DidoConfig.workDir="$1"/newpackage \ + -cp idm-agcs-agent-cli-upgrade.jar \ + com.oracle.idm.agcs.agent.cli.AgentUpdateMain \ + --config "$1"/data/conf/config.json \ + ido autoRunUpdate \ + -ip "$1" \ + -co "$1"/data/conf/config.properties \ + -cv "$agentVersion" + else + java \ + -DidoConfig.logDir="$1"/data/logs \ + -DidoConfig.metricsDir="$1"/newpackage \ + -DidoConfig.walletDir="$1"/newpackage \ + -DidoConfig.workDir="$1"/newpackage \ + -cp idm-agcs-agent-cli-upgrade.jar \ + com.oracle.idm.agcs.agent.cli.AgentUpdateMain \ + --config "$1"/data/conf/config.json \ + ido autoRunUpdate \ + -ip "$1" \ + -cv "$agentVersion" + fi +fi -# shellcheck source=/dev/null -status(){ - errorFlag=false - if [ -f "$ENV_FILE" ] +# shellcheck disable=SC2181 +if [ "$?" = "0" ] then - . "$ENV_FILE" - fi - validateEmpty "${PV}" "Volume" "--volume" - isAgentAvailable - if [ $errorFlag = "true" ]; then - echo "Agent is not installed." - exit 1 - fi - agentVersion=$(grep agentVersion "$CONFDIR"/config.json | awk '{ print $2 }' | sed 's/,//g') - info - if [ "$containerRuntime" = "docker" ] - then - if [ "$(docker ps -f "name=$AI" --format '{{.Names}}')" ] - then - docker exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; if [[ "$?" == "0" ]] ; then echo AGENT_RUNNING_NORMALLY > /app/data/conf/status.txt; elif [[ "$?" == "1" ]] ; then echo AGENT_SHUTDOWN_IN_PROGRESS > /app/data/conf/status.txt; else echo AGENT_SHUTDOWN > /app/data/conf/status.txt; fi ;' >/dev/null - agentDaemonStatus - else - echo "Agent Status : Container not running" - fi - elif [ "$containerRuntime" = "podman" ] - then - if [ "$(podman ps -f "name=$AI" --format '{{.Names}}')" ] + if [ -f "$1"/cacerts ] then - podman exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; if [[ "$?" == "0" ]] ; then echo AGENT_RUNNING_NORMALLY > /app/data/conf/status.txt; elif [[ "$?" == "1" ]] ; then echo AGENT_SHUTDOWN_IN_PROGRESS > /app/data/conf/status.txt; else echo AGENT_SHUTDOWN > /app/data/conf/status.txt; fi ;' >/dev/null - agentDaemonStatus - else - echo "Agent Status : Container not running" - fi - fi -} - -# shellcheck source=/dev/null -setproxy(){ - # new/user provided configuration is stored in ENV_FILE_TEMP so sourcing it first - . "$ENV_FILE" - . "$ENV_FILE_TEMP" - echo "INFO: Setting proxy" - - # Set proxy params in config.json - - # in the end replace proxy parms in the env.properties(Source of truth) -} - -isAlreadyInstalled(){ -# shellcheck disable=SC2154 - if [ "$isInstallSuccess" = "true" ] && [ ! "$operation" = "upgrade" ] - then - echo "INFO: Agent is already installed with agent id ${AI} " - errorFlag=true - fi -} - -isAgentAvailable(){ - if [ "$isInstallSuccess" = "true" ] - then - echo "INFO: Agent with agent id ${AI} is available." - else - errorFlag=true - fi -} - -getProperty() { - PROP_KEY=$1 -# shellcheck disable=SC2002 - PROP_VALUE=$(cat "$CONFDIR"/config.properties | grep "$PROP_KEY" | cut -d'=' -f2) - echo "$PROP_VALUE" -} - -fetchAgentContainerImage(){ - - echo "INFO: Fetching Agent Container Image" - proxyUri="" - proxyUserName="" - proxyUserPassword="" - if [ -f "$CONFDIR"/config.properties ]; then - echo "INFO: Getting Proxy settings" - proxyUri=$(getProperty idoConfig.httpClientConfiguration.proxyUri) - proxyUserName=$(getProperty idoConfig.httpClientConfiguration.proxyUserName) - proxyUserPassword=$(getProperty idoConfig.httpClientConfiguration.proxyUserPassword) - fi - agentVersion=$(unzip -q -c "$AGENTDIR"/agent-lcm/idm-agcs-agent-lcm.jar META-INF/MANIFEST.MF | grep "Agent-Version: " | awk '{print $2}' | tr -d '\n' | tr -d '\r') - java -jar "$AGENTDIR"/agent-lcm/idm-agcs-agent-lcm.jar install -w "$WALLETDIR" -d "$AGENTDIR"/agent-lcm/ -ph "$proxyUri" -pu "$proxyUserName" -pp "$proxyUserPassword" -v "$agentVersion" - if [ -f "$AGENTDIR"/agent-lcm/"$agentVersion"/idm-agcs-agent-framework.dockerize_agent.tar.gz ]; then - mv "$AGENTDIR"/agent-lcm/"$agentVersion"/idm-agcs-agent-framework.dockerize_agent.tar.gz "$AGENTDIR"/agent-lcm/ - echo "INFO: Successfully fetched the Agent Container Image" - else - echo "ERROR: Unable to fetch the Agent Container Image" - exit 1 - fi -} - -isValidChecksum() -{ - echo "INFO: Verifying Integrity Check" - java -jar "$AGENTDIR"/agent-lcm/idm-agcs-agent-lcm.jar validateIntegrity -w "$WALLETDIR" -p "$AGENTDIR"/agent-lcm/idm-agcs-agent-framework.dockerize_agent.tar.gz - if [ ! "$?" ] - then - echo "ERROR: Integrity Check Verification failed." - exit 1 - fi -} - -# shellcheck source=/dev/null -install() -{ - if [ -f "$ENV_FILE_TEMP" ] - then - . "$ENV_FILE_TEMP" - fi - - if [ -f "$ENV_FILE" ] - then - . "$ENV_FILE" - fi - - validateEmpty "${AP}" "Agent Package" "--agentpackage" - validateEmpty "${PV}" "Volume" "--volume" - if [ ! -f "${AP}" ] - then - echo "ERROR: Agent Package does not exist" - exit 1; - fi - if [ ! -d "${PV}" ] - then - echo "ERROR: Volume directory does not exist" - exit 1; - fi - #Pre-requiste Validations - isAlreadyInstalled - detectJDKversion - isWriteAccessOnVolume - detectContainerRuntime - if [ $errorFlag = "true" ]; then - echo "ABORTED: Please rectify the errors. Use -h/--help option for help" - exit 1 - fi - copyAndUnzipAgentPackage - copyConfig - copyConfigOverride - setupConfig - fetchAgentContainerImage - isValidChecksum - loadImage - if [ "$AU" = "true" ] - then - enableAutoUpgrade - fi - echo "INFO: Agent installed successfully. You can start the agent now." - echo "isInstallSuccess=true" >> "$ENV_FILE_TEMP" - cp "$ENV_FILE_TEMP" "$ENV_FILE" -} - -# shellcheck source=/dev/null -enableAutoUpgrade(){ - - if [ -f "$ENV_FILE_TEMP" ] - then - . "$ENV_FILE_TEMP" - fi - - if [ -f "$ENV_FILE" ] - then - . "$ENV_FILE" - fi - validateEmpty "${PV}" "Volume" "--volume" - detectJDKversion - - if [ $errorFlag = "true" ]; then - echo "ABORTED: Please rectify the errors. Use -h/--help option for help" - exit 1 - fi - crontab -l > autoupdatercron - alreadyExists=$(grep -rnw autoupdatercron -e "${AI}") - if [ "" != "${alreadyExists}" ] - then - echo "INFO: Auto Upgrade for the agent with id ${AI} already exists. " - else - echo "INFO: Setting Up Auto Upgrade of the agent with id ${AI}. " - javaPath=$(which java | rev | cut -c6- | rev) - # shellcheck disable=SC2002 - proxyUri=$(cat "$PV"/data/conf/config.properties | grep "idoConfig.httpClientConfiguration.proxyUri" | cut -d'=' -f2) - echo "INFO: Proxy URL is ${proxyUri}" - if [ "${proxyUri}" != "" ] - then - echo "*/30 * * * * export HTTPS_PROXY=${proxyUri};export https_proxy=${proxyUri};export PATH=${javaPath}:$PATH;curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o ${PV}/agentAutoUpdate.sh;sh ${PV}/agentAutoUpdate.sh ${PV} ${AI} " >> autoupdatercron - else - echo "*/30 * * * * export PATH=${javaPath}:$PATH;curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o ${PV}/agentAutoUpdate.sh;sh ${PV}/agentAutoUpdate.sh ${PV} ${AI} " >> autoupdatercron - fi - crontab autoupdatercron - rm autoupdatercron - currentCron=$(crontab -l) - if [ "" = "${currentCron}" ] - then - echo "INFO: No cron exists. Please try again." - else - echo "INFO: List of the current cron tabs" - echo "${currentCron}" - echo "INFO: Successfully Set Up Auto Upgrade of the agent with id ${AI}." - fi - fi -} - -# shellcheck source=/dev/null -autoUpgrade(){ - if [ -f "$ENV_FILE_TEMP" ] - then - . "$ENV_FILE_TEMP" - fi - - if [ -f "$ENV_FILE" ] - then - . "$ENV_FILE" - fi - validateEmpty "${PV}" "Volume" "--volume" - detectJDKversion - - if [ $errorFlag = "true" ]; then - echo "ABORTED: Please rectify the errors. Use -h/--help option for help" - exit 1 - fi - curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o "${PV}"/agentAutoUpdate.sh;sh "${PV}"/agentAutoUpdate.sh "${PV}" "${AI}" -} - -# shellcheck source=/dev/null -disableAutoUpgrade(){ - if [ -f "$ENV_FILE_TEMP" ] - then - . "$ENV_FILE_TEMP" - fi - - if [ -f "$ENV_FILE" ] - then - . "$ENV_FILE" - fi - validateEmpty "${PV}" "Volume" "--volume" - if [ $errorFlag = "true" ]; then - echo "ABORTED: Please rectify the errors. Use -h/--help option for help" - exit 1 - fi - crontab -l > autoupdatercron - ifExists=$(grep -rnw autoupdatercron -e "${AI}") - if [ "" = "${ifExists}" ] - then - echo "INFO: Auto Upgrade for the agent with id ${AI} does not exist. " - else - echo "INFO: Removing Auto Upgrade of the agent with id ${AI}. " - crontab -l | grep -v "${AI}" | crontab - - rm autoupdatercron - currentCron=$(crontab -l) - if [ "" = "${currentCron}" ] + mkdir "$1"/upgrade/ + cp "$1"/cacerts "$1"/upgrade/ + fi + if [ -f "$1"/data/conf/config.properties ] then - echo "INFO: No cron exists now." + curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentManagement.sh -o agentManagement.sh; \ + sh agentManagement.sh --volume "$1" --agentpackage agent-package.zip \ + --config "$1"/data/conf/config.properties \ + --internalUpgrade else - echo "${currentCron}" - fi - echo "INFO: Successfully Removed Auto Upgrade of the agent with id ${AI}." - fi -} - -# shellcheck source=/dev/null -start() -{ - if [ -f "$ENV_FILE" ] - then - . "$ENV_FILE" - fi - validateEmpty "${PV}" "Volume" "--volume" - if [ $errorFlag = "true" ]; then - echo "ABORTED: Please rectify the errors. Use -h/--help option for help" - exit 1 - fi - echo "INFO: Starting Agent" - copyConfigOverride - if [ -f "$configOverride" ]; then - kill - fi - runAgent - echo "" - agentVersion=$(grep agentVersion "$CONFDIR"/config.json | awk '{ print $2 }' | sed 's/,//g') - info - echo "" - echo "INFO: Logs directory: ${PV}/data/logs" - echo "INFO: You can monitor the agent ${AI} from the Access Governance Console." -} - -# shellcheck source=/dev/null -stop() -{ - echo "INFO: Gracefully Stopping Agent" - if [ -f "$ENV_FILE" ] - then - . "$ENV_FILE" - fi - validateEmpty "${PV}" "Volume" "--volume" - if [ $errorFlag = "true" ]; then - echo "ABORTED: Please rectify the errors. Use -h/--help option for help" - exit 1 - fi - if [ "$containerRuntime" = "docker" ] - then - docker exec "$AI" /bin/bash -c "agent --config /app/data/conf/config.json ido lcm -i graceful_shutdown;" - echo "INFO: Waiting for running operations to complete. It may take some time" - docker exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null - docker stop "$AI" - elif [ "$containerRuntime" = "podman" ] - then - podman exec "$AI" /bin/bash -c "agent --config /app/data/conf/config.json ido lcm -i graceful_shutdown;" - echo "INFO: Waiting for running operations to complete. It may take some time" - podman exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null - podman stop "$AI" - fi - echo "INFO: Agent Stopped" -} - -# shellcheck source=/dev/null -kill() -{ - if [ -f "$ENV_FILE" ] - then - . "$ENV_FILE" - fi - validateEmpty "${PV}" "Volume" "--volume" - if [ $errorFlag = "true" ]; then - echo "ABORTED: Please rectify the errors. Use -h/--help option for help" - exit 1 - fi - if [ "$containerRuntime" = "docker" ] && [ "$(docker ps -a -f "name=$AI" --format '{{.Names}}')" ] - then - - if [ ! "$operation" = "upgrade" ] && [ ! "$operation" = "postUpgrade" ] - then - docker exec "$AI" /bin/bash -c "agent --config /app/data/conf/config.json ido lcm -i graceful_shutdown;" - echo "INFO: Waiting for running operations to complete. It may take some time" - docker exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null - fi - docker rm -f "$AI" - elif [ "$containerRuntime" = "podman" ] && [ "$(podman ps -a -f "name=$AI" --format '{{.Names}}')" ] - then - if [ ! "$operation" = "upgrade" ] && [ ! "$operation" = "postUpgrade" ] - then - podman exec "$AI" /bin/bash -c "agent --config /app/data/conf/config.json ido lcm -i graceful_shutdown;" - echo "INFO: Waiting for running operations to complete. It may take some time" - podman exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null - fi - podman rm -f "$AI" - fi -} - -createBackup(){ - echo "INFO: Backing up the previous agent" - rm -rf "${PV}"/backup - mkdir -p "${PV}"/backup - cp -rf "${PV}"/data "${PV}"/backup -} - -restoreBackup(){ - echo "INFO: Restoring backup" - #copying all the files from the backup dir to the volume - cp -rf "${PV}"/backup "${PV}" -} - -# shellcheck source=/dev/null -upgrade() -{ - if [ -f "$ENV_FILE_TEMP" ] - then - . "$ENV_FILE_TEMP" - fi - #validate mandatory fields - validateEmpty "${AP}" "New Agent Package" "--agentpackage" - validateEmpty "${PV}" "Volume" "--volume" - if [ $errorFlag = "true" ]; then - echo "ABORTED: Please rectify the errors. Use -h/--help option for help" - exit 1 - fi - - if [ ! "${AI}" = "" ] - then - echo "WARN: Ignoring Agent Id ${AI} " - fi - - #store the new agent package into a variable - newAgentPackage="${AP}" - - . "$ENV_FILE" #older config file - isAgentAvailable - if [ $errorFlag = "true" ]; then - echo "ABORTED: Agent is not installed." - rm -rf "$PV/data" - rm -rf "$PV/upgrade" - rm -rf "$PV/backup" - exit 1 - fi - - echo "INFO: Upgrading Agent with id ${AI} " - installedPV="${PV}" - installedAgentId="${AI}" - installedImageName="${imageName}" - #generate a new agent id for upgrade using old agent id - AI="${installedAgentId}"_upgrade - newAgentId=${AI} - - #createDir changes the current working directory - mkdir -p "${PV}/upgrade" - chmod -R 775 "${PV}/upgrade" >/dev/null 2>&1 - - createDir "${PV}/upgrade" -# shellcheck disable=SC2129 - echo AP="${newAgentPackage}" >> "$ENV_FILE_TEMP" - echo PV="${PV}"/upgrade >> "$ENV_FILE_TEMP" - echo AI="${AI}" >> "$ENV_FILE_TEMP" - - #install the upgrade - operation=upgrade - # Following copies the customJars from the install location to the upgrade directory - if [ -d "${installedPV}/data/customJars" ] - then - if [ "$(ls -A "${installedPV}/data/customJars")" ] - then - echo "INFO: Copying custom jars" - cp -rf "${installedPV}/data/customJars" "${PV}/upgrade/data" - fi - fi - - install - #install also loads the image, so we can get the new image here - newimage="${imageName}" - echo "INFO: Starting test upgrade agent" - start - echo "INFO: Test Upgrade is successful" - kill - #remove the crontab from upgrade - crontab -l | grep -v "${AI}" | crontab - - - #change to the installed directory, this sets the ENV_FILE to the older config - createDir "${installedPV}" - # sourcing installed config to kill the older container - operation=postUpgrade - . "$ENV_FILE" - createBackup - echo "INFO: Removing the old agent" - kill - #removing the cron of older agent - crontab -l | grep -v "${AI}" | crontab - - - echo "INFO: Copying new wallet" - cp -rf "${PV}/upgrade/data/wallet" "${PV}"/data - - cp -rf "${PV}/upgrade/data/agent" "${PV}"/data - - echo "INFO: Copying new configuration" - cp -f "${PV}/upgrade/data/conf/config.json" "$CONFDIR" - - if [ -f "${PV}/upgrade/data/conf/config.properties" ] - then - cp -f "${PV}/upgrade/data/conf/config.properties" "$CONFDIR" - fi - - sed -i "" -e "s/${newAgentId}/${installedAgentId}/g" "$CONFDIR"/config.json - - - #use the older agent id - awk -F"=" -v OFS='=' -v newval="$installedAgentId" '/^AI/{$2=newval;print;next}1' "$ENV_FILE" > "$ENV_FILE_TEMP" - cp -f "$ENV_FILE_TEMP" "$ENV_FILE" - awk -F"=" -v OFS='=' -v newval="$newAgentPackage" '/^AP/{$2=newval;print;next}1' "$ENV_FILE" > "$ENV_FILE_TEMP" - cp -f "$ENV_FILE_TEMP" "$ENV_FILE" - awk -F"=" -v OFS='=' -v newval="$newimage" '/^imageName/{$2=newval;print;next}1' "$ENV_FILE" > "$ENV_FILE_TEMP" - cp -f "$ENV_FILE_TEMP" "$ENV_FILE" - - start - crontab -l > autoupdatercron - alreadyExists=$(grep -rnw autoupdatercron -e "${AI}") - if [ "" != "${alreadyExists}" ] - then - echo "INFO: Auto Upgrade for the agent with id ${AI} is already setup. " - else - echo "INFO: Setting Up Auto Upgrade of the agent with id ${AI}. " - javaPath=$(which java | rev | cut -c6- | rev) - # shellcheck disable=SC2002 - proxyUri=$(cat "$PV"/data/conf/config.properties | grep "idoConfig.httpClientConfiguration.proxyUri" | cut -d'=' -f2) - echo "INFO: Proxy URL is ${proxyUri}" - if [ "${proxyUri}" != "" ] - then - echo "*/30 * * * * export HTTPS_PROXY=${proxyUri};export https_proxy=${proxyUri};export PATH=${javaPath}:$PATH;curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o ${PV}/agentAutoUpdate.sh;sh ${PV}/agentAutoUpdate.sh ${PV} ${AI} " >> autoupdatercron - else - echo "*/30 * * * * export PATH=${javaPath}:$PATH;curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh -o ${PV}/agentAutoUpdate.sh;sh ${PV}/agentAutoUpdate.sh ${PV} ${AI} " >> autoupdatercron - fi - crontab autoupdatercron - rm autoupdatercron - currentCron=$(crontab -l) - if [ "" = "${currentCron}" ] - then - echo "INFO: No cron exists. Please try again." - else - echo "INFO: List of the current cron tabs" - echo "${currentCron}" - echo "INFO: Successfully Set Up Auto Upgrade of the agent with id ${AI}." - fi - fi - rm -rf "${PV}/upgrade" -} - -restart() -{ - echo "INFO: Restarting Agent" - if [ "$newContainer" = "true" ] - then - echo "WARN: This will remove the existing agent container and start a new one." - echo "Are you sure to continue? [y/N]" - read -r input - if [ "$input" = "y" ] || [ "$input" = "Y" ] - then - kill - else - echo "ABORTED: Restart" - exit 1; + curl https://raw.githubusercontent.com/oracle/docker-images/main/OracleIdentityGovernance/samples/scripts/agentManagement.sh -o agentManagement.sh; \ + sh agentManagement.sh --volume "$1" --agentpackage agent-package.zip \ + --internalUpgrade fi - else - stop - fi - start -} - -# shellcheck source=/dev/null -uninstall(){ - - echo "WARN: This will remove the existing agent and clean up the install directory." - echo "Are you sure to continue? [y/N]" - read -r input - if [ ! "$input" = "y" ] && [ ! "$input" = "Y" ] - then - exit 1; - fi - if [ -f "$ENV_FILE" ] - then - . "$ENV_FILE" - fi - isAgentAvailable - if [ $errorFlag = "true" ]; then - echo "ABORTED: Agent is not installed." - exit 1 - fi - echo "INFO: Uninstalling Agent" - kill - disableAutoUpgrade - if [ -d "${PV}" ] - then - echo "INFO: Removing agent data from ${PV} " - rm -rf "${PV}/data" - rm -rf "${PV}/upgrade" - rm -rf "${PV}/backup" - echo "INFO: Agent uninstalled successfully" - fi -} - -# shellcheck source=/dev/null -rename(){ - . "$ENV_FILE_TEMP" - validateEmpty "${AI}" "Agent Id" "--agentid" - if [ $errorFlag = "true" ]; then - echo "ABORTED: Please rectify the errors. Use -h/--help option for help" - exit 1 - fi - - newAgentId="${AI}" - . "$ENV_FILE" - - if [ "$containerRuntime" = "docker" ] - then - if [ "$(docker ps -a -f "name=$AI" --format '{{.Names}}')" ] - then - echo "INFO: Renaming Agent" - docker rename "${AI}" "${newAgentId}" - else - echo "INFO: No Container with the name ${AI} is available to rename" - exit 1 - fi - elif [ "$containerRuntime" = "podman" ] - then - if [ "$(podman ps -a -f "name=$AI" --format '{{.Names}}')" ] - then - echo "INFO: Renaming Agent" - podman rename "${AI}" "${newAgentId}" - else - echo "INFO: No Container with the name ${AI} is available to rename" - exit 1 - fi - fi - awk -F"=" -v OFS='=' -v newval="$newAgentId" '/^AI/{$2=newval;print;next}1' "$ENV_FILE" > "$ENV_FILE_TEMP" - cp "$ENV_FILE_TEMP" "$ENV_FILE" -} - - -################################################################################ -# Help # -################################################################################ -Help() -{ - # Display Help - echo "Access Governance - Agent Management Script " - echo - echo "Syntax: ./agentManagement.sh --volume [config] [operation]" - echo - echo "Config Mandatory Default Value Description" - echo "------ --------- ------------- -----------" - echo "-ai|--agentid No agent__ Agent Id of the container" - echo "-ap|--agentpackage No(Required in validate,install - and upgrade) \"\" Agent Package Path" - echo "-c|--config No - Path of the custom config property file" - echo "-pv|--volume Yes - Directory to persist agent data such as - configuration, wallet, logs, etc." - - echo - - echo "Operation Description" - echo "--------- -----------" - echo "" - echo "--install 1. Installs the agent package to the specified volume - 2. Loads the container image " - echo "" - echo "--start 1. Starts the agent container - 2. Starts the agent daemon" - echo "--setupautoupgrade 1. Setup Auto Upgrade of the agent" - echo "" - echo "--status 1. Displays the status of the agent" - echo "" - echo "--stop 1. Stops the agent daemon - 2. Stops the agent container" - echo "" - echo "--restart 1. Stops the agent daemon - 2. Stops the agent container - 3. remove the agent container if \"newcontainer\" flag is set - 4. Starts the agent container - 5. Starts the agent daemon" - echo " Provide --newcontainer to create a new container" - - echo "" - echo "--uninstall 1. Stops the agent daemon - 2. Remove the agent container - 3. Cleanup the volume" - echo "" - echo "--upgrade 1. Unzips the new agent-package.zip in a temporary location - 2. Validates the contents - 3. Loads image from the new tar.gz - 4. Brings up a temporary container using the new image and the new configuration - 4. If successful then stop the temporary container - 5. Stop the existing agent container - 6. Copy the new config from the temporary location to the main location keeping the customizations - 7. Start the agent with the new image and the new config - 8. Spin up the agent daemon" - - - -} - -################################################################################ -if [ $# -eq 0 ]; then - Help; - exit 1 fi -while [ $# -gt 0 ]; do - opt="$1" - shift; - current_arg="$1" - case $current_arg in - -[!-]* | --*) - echo "WARNING: You may have left an argument blank. Double check your command." - ;; - esac - case "$opt" in - "-pv"|"--volume" ) createDir "$1"; echo PV="$(cd "$(dirname "$1")" || exit 1; pwd -P)"/"$(basename "$1")" >> "$ENV_FILE_TEMP"; shift;; - "-h"|"--help" ) Help; exit 1;; - "-ai"|"--agentid" ) echo AI="$1" >> "$ENV_FILE_TEMP"; shift;; - "-au"|"--autoupgrade" ) echo AU="$1" >> "$ENV_FILE_TEMP"; shift;; - "-ap"|"--agentpackage" ) echo AP="$(cd "$(dirname "$1")" || exit 1; pwd -P)"/"$(basename "$1")" >> "$ENV_FILE_TEMP"; shift;; - "-c"|"--config" ) configOverride=$(cd "$(dirname "$1")" || exit 1; pwd -P)/$(basename "$1"); shift;; - "-nc"|"--newcontainer" ) newContainer=true;; - "-i"|"--install" ) install; exit 1;; - "-up"|"--upgrade" ) autoUpgrade; exit 1;; - "-iu"|"--internalUpgrade" ) upgrade; exit 1;; - "-st"|"--stop" ) stop; exit 1;; - "-rs"|"--restart" ) restart; exit 1;; - "-u"|"--uninstall" ) uninstall; exit 1;; - "-s"|"--start" ) start; exit 1;; - "-sa"|"--status" ) status; exit 1;; - "-eau"|"--enableautoupgrade" ) enableAutoUpgrade; exit 1;; - "-dau"|"--disableautoupgrade" ) disableAutoUpgrade; exit 1;; - * ) echo "ERROR: agentManagement: Invalid option: \"$opt\"" >&2 - exit 1;; - esac -done +rm -rf "$1"/newpackage \ No newline at end of file From f10d00824a3500b5d30ea7486dc03fcbd6200eb0 Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Tue, 6 Aug 2024 16:33:50 +0530 Subject: [PATCH 04/15] fixed permission matching logic --- OracleIdentityGovernance/samples/scripts/agentManagement.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/OracleIdentityGovernance/samples/scripts/agentManagement.sh b/OracleIdentityGovernance/samples/scripts/agentManagement.sh index 9f31ce9603..f657071a68 100755 --- a/OracleIdentityGovernance/samples/scripts/agentManagement.sh +++ b/OracleIdentityGovernance/samples/scripts/agentManagement.sh @@ -365,6 +365,7 @@ isWriteAccessOnVolume() { # shellcheck disable=SC2012 permissions=$(ls -ld "$PV" | awk '{print $1}') + # shellcheck disable=SC3057 perms="${permissions:0:10}" if [ "$perms" != "drwxrwxr-x" ] && [ "$perms" != "drwxrwxrwx" ]; then echo "ERROR: Volume does not have required permissions. Make sure to have 775" From 5877e33a274db5592a5945858128a007da21ee39 Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Tue, 20 Aug 2024 19:32:53 +0530 Subject: [PATCH 05/15] updated PAR URL --- OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh index b5edf33999..a33c18a6fb 100755 --- a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh +++ b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh @@ -23,7 +23,7 @@ mkdir -p newpackage || true cd newpackage || exit #Download upgrade cli -wget https://objectstorage.us-ashburn-1.oraclecloud.com/p/fFvMAmluNZpv4P5dCzH7VsyJUYra5AMxhLiBSOa3AZuul4KtycxDuJtyUyWaweU4/n/idjypktnxhrf/b/agcs_ido_agent_updater/o/idm-agcs-agent-cli-upgrade.jar +wget https://objectstorage.us-ashburn-1.oraclecloud.com/p/JcqrvD9KJiJKJd_2o6LoHhJU812gb-9rh2bOAYI_2t7nJP7eBxaLXDnWShQg0ds9/n/idjypktnxhrf/b/agcs_ido_agent_updater/o/idm-agcs-agent-cli-upgrade.jar #Get Agent Package agentVersion=$(unzip -q -c "$1"/data/agent/agent-lcm/idm-agcs-agent-lcm.jar META-INF/MANIFEST.MF | grep "Agent-Version: " | awk '{print $2}' | tr -d '\n' | tr -d '\r') From 7c1d71479449c0f82483fb00c536c41634b164a7 Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Thu, 12 Dec 2024 16:37:32 +0530 Subject: [PATCH 06/15] Added to support handling of stuck podman container --- .../samples/scripts/agentManagement.sh | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/OracleIdentityGovernance/samples/scripts/agentManagement.sh b/OracleIdentityGovernance/samples/scripts/agentManagement.sh index f657071a68..3a727adab6 100755 --- a/OracleIdentityGovernance/samples/scripts/agentManagement.sh +++ b/OracleIdentityGovernance/samples/scripts/agentManagement.sh @@ -421,7 +421,6 @@ status(){ echo "Agent is not installed." exit 1 fi - agentVersion=$(grep agentVersion "$CONFDIR"/config.json | awk '{ print $2 }' | sed 's/,//g') info if [ "$containerRuntime" = "docker" ] then @@ -691,13 +690,33 @@ start() fi runAgent echo "" - agentVersion=$(grep agentVersion "$CONFDIR"/config.json | awk '{ print $2 }' | sed 's/,//g') info echo "" echo "INFO: Logs directory: ${PV}/data/logs" echo "INFO: You can monitor the agent ${AI} from the Access Governance Console." } +forceStopPodman() +{ +# Get the main process for the container. +CONTAINER_ID=$(podman ps | grep "$AI" | awk '{print $1}') +if [ -n "${CONTAINER_ID}" ]; then + echo Container ID : "$CONTAINER_ID" + CONTAINER_PROCESS_ID=$(ps -ef | grep -v grep | grep "$CONTAINER_ID" | awk '{print $2}') + echo Container Process ID: ${CONTAINER_PROCESS_ID} + + # Kill any processes containing the process ID. + # This kills the child processes too. + kill -9 `ps -ef | grep -v grep | grep ${CONTAINER_PROCESS_ID} | awk '{print $2}'` + + # Stop the container, as Podman doesn't notice the processes are dead until you interact with the container. + echo "Stop container. Ignore errors." + podman stop "$AI" +else + echo "Container Already Stopped" +fi +} + # shellcheck source=/dev/null stop() { @@ -723,6 +742,7 @@ stop() echo "INFO: Waiting for running operations to complete. It may take some time" podman exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null podman stop "$AI" + forceStopPodman fi echo "INFO: Agent Stopped" } @@ -1104,4 +1124,4 @@ while [ $# -gt 0 ]; do * ) echo "ERROR: agentManagement: Invalid option: \"$opt\"" >&2 exit 1;; esac -done \ No newline at end of file +done From 840829775d2a56506ddf0fcc2fe29c3709fcefaf Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Thu, 12 Dec 2024 16:46:59 +0530 Subject: [PATCH 07/15] fixed lint --- OracleIdentityGovernance/samples/scripts/agentManagement.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/OracleIdentityGovernance/samples/scripts/agentManagement.sh b/OracleIdentityGovernance/samples/scripts/agentManagement.sh index 3a727adab6..4d01511bcb 100755 --- a/OracleIdentityGovernance/samples/scripts/agentManagement.sh +++ b/OracleIdentityGovernance/samples/scripts/agentManagement.sh @@ -707,6 +707,7 @@ if [ -n "${CONTAINER_ID}" ]; then # Kill any processes containing the process ID. # This kills the child processes too. + # shellcheck disable=SC2046 kill -9 `ps -ef | grep -v grep | grep ${CONTAINER_PROCESS_ID} | awk '{print $2}'` # Stop the container, as Podman doesn't notice the processes are dead until you interact with the container. From 3f2050cde83a6493af0d135b6fd50e44eaa6324f Mon Sep 17 00:00:00 2001 From: Tanmay Garg <68961153+tanmaygarg-oracle@users.noreply.github.com> Date: Thu, 6 Feb 2025 16:33:21 +0530 Subject: [PATCH 08/15] Update agentAutoUpdate.sh --- OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh index a33c18a6fb..f0004fba8a 100755 --- a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh +++ b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh @@ -27,6 +27,10 @@ wget https://objectstorage.us-ashburn-1.oraclecloud.com/p/JcqrvD9KJiJKJd_2o6LoHh #Get Agent Package agentVersion=$(unzip -q -c "$1"/data/agent/agent-lcm/idm-agcs-agent-lcm.jar META-INF/MANIFEST.MF | grep "Agent-Version: " | awk '{print $2}' | tr -d '\n' | tr -d '\r') + +r=$[ $RANDOM % 121 ] +sleep $[r] + if [ -f "$1"/cacerts ] then java \ @@ -94,4 +98,4 @@ if [ "$?" = "0" ] fi fi -rm -rf "$1"/newpackage \ No newline at end of file +rm -rf "$1"/newpackage From 74ecf334305a795edad246e51f90d6a25876f3aa Mon Sep 17 00:00:00 2001 From: Tanmay Garg <68961153+tanmaygarg-oracle@users.noreply.github.com> Date: Thu, 6 Feb 2025 16:45:07 +0530 Subject: [PATCH 09/15] Update agentAutoUpdate.sh --- OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh index f0004fba8a..483aabab8f 100755 --- a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh +++ b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh @@ -28,6 +28,7 @@ wget https://objectstorage.us-ashburn-1.oraclecloud.com/p/JcqrvD9KJiJKJd_2o6LoHh #Get Agent Package agentVersion=$(unzip -q -c "$1"/data/agent/agent-lcm/idm-agcs-agent-lcm.jar META-INF/MANIFEST.MF | grep "Agent-Version: " | awk '{print $2}' | tr -d '\n' | tr -d '\r') +# shellcheck disable=SC3028,SC3007 r=$[ $RANDOM % 121 ] sleep $[r] From 15b56caab2054e930bfec6f32205361c1caec636 Mon Sep 17 00:00:00 2001 From: Tanmay Garg <68961153+tanmaygarg-oracle@users.noreply.github.com> Date: Thu, 6 Feb 2025 16:47:43 +0530 Subject: [PATCH 10/15] Update agentAutoUpdate.sh --- OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh index 483aabab8f..2cc5f08fa5 100755 --- a/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh +++ b/OracleIdentityGovernance/samples/scripts/agentAutoUpdate.sh @@ -30,6 +30,7 @@ agentVersion=$(unzip -q -c "$1"/data/agent/agent-lcm/idm-agcs-agent-lcm.jar MET # shellcheck disable=SC3028,SC3007 r=$[ $RANDOM % 121 ] +# shellcheck disable=SC3007 sleep $[r] if [ -f "$1"/cacerts ] From 2dabbe026fad1dc665ce326f35107f353821861d Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Tue, 25 Feb 2025 15:52:59 +0530 Subject: [PATCH 11/15] Fixed handling of force removal of stuck podman containers in stopping state --- .../samples/scripts/agentManagement.sh | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/OracleIdentityGovernance/samples/scripts/agentManagement.sh b/OracleIdentityGovernance/samples/scripts/agentManagement.sh index 4d01511bcb..91e1c4261a 100755 --- a/OracleIdentityGovernance/samples/scripts/agentManagement.sh +++ b/OracleIdentityGovernance/samples/scripts/agentManagement.sh @@ -718,6 +718,27 @@ else fi } +forceRmPodman() +{ +# Get the main process for the container. +CONTAINER_ID=$(podman ps -a | grep "$AI" | awk '{print $1}') +if [ -n "${CONTAINER_ID}" ]; then + echo Container ID : "$CONTAINER_ID" + CONTAINER_PROCESS_ID=$(ps -ef | grep -v grep | grep "$CONTAINER_ID" | awk '{print $2}') + echo Container Process ID: ${CONTAINER_PROCESS_ID} + + # Kill any processes containing the process ID. + # This kills the child processes too. + kill -9 `ps -ef | grep -v grep | grep ${CONTAINER_PROCESS_ID} | awk '{print $2}'` + + # Stop the container, as Podman doesn't notice the processes are dead until you interact with the container. + echo "Removing container. Ignore errors." + podman rm -f "$AI" +else + echo "Container Already Removed" +fi +} + # shellcheck source=/dev/null stop() { @@ -779,6 +800,7 @@ kill() podman exec "$AI" /bin/bash -c 'agent --config /app/data/conf/config.json ido lcm -i status_check; while [[ "$?" != "2" && "$?" != "255" ]]; do sleep 5s;agent --config /app/data/conf/config.json ido lcm -i status_check; done' >/dev/null fi podman rm -f "$AI" + forceRmPodman fi } From d9140ad4c37b672f0ee3c4d650cf50a9861d4e65 Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Tue, 25 Feb 2025 15:58:38 +0530 Subject: [PATCH 12/15] Fixed handling of force removal of stuck podman containers in stopping state --- OracleIdentityGovernance/samples/scripts/agentManagement.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/OracleIdentityGovernance/samples/scripts/agentManagement.sh b/OracleIdentityGovernance/samples/scripts/agentManagement.sh index 91e1c4261a..88c74ad021 100755 --- a/OracleIdentityGovernance/samples/scripts/agentManagement.sh +++ b/OracleIdentityGovernance/samples/scripts/agentManagement.sh @@ -729,6 +729,7 @@ if [ -n "${CONTAINER_ID}" ]; then # Kill any processes containing the process ID. # This kills the child processes too. + # shellcheck disable=SC2046 kill -9 `ps -ef | grep -v grep | grep ${CONTAINER_PROCESS_ID} | awk '{print $2}'` # Stop the container, as Podman doesn't notice the processes are dead until you interact with the container. From 99216da4f248dd144a4bc96bf06e979f6e70c34d Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Mon, 24 Mar 2025 17:33:02 +0530 Subject: [PATCH 13/15] Added Peoplesoft views definitions --- .../scripts/PEOPLESOFT/Job_data_view.sql | 77 +++++++++++++++++++ .../scripts/PEOPLESOFT/Personal_data_view.sql | 48 ++++++++++++ 2 files changed, 125 insertions(+) create mode 100644 OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Job_data_view.sql create mode 100644 OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Personal_data_view.sql diff --git a/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Job_data_view.sql b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Job_data_view.sql new file mode 100644 index 0000000000..1a5e9e948e --- /dev/null +++ b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Job_data_view.sql @@ -0,0 +1,77 @@ +-- Copyright (c) 2025 Oracle and/or its affiliates. +-- +-- Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +-- +-- Author: OAG Development +-- +-- Description: Script file to create JOB_DATA_VIEW in the AG Service Account User Schema of the PSFT DB, required for OAG integration +-- +-- DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + +CREATE OR REPLACE VIEW job_Data_View ( +empl_id, +empl_rcd, +eff_dt, +EFF_SEQ, +business_unit, +empl_type, +empl_class, +officer_Code, +company, +per_org, +POSITION_NBR, +poi_type, +deptid, +jobcode, +supervisor_id, +hr_status, +empl_status, +full_part_time, +action, +action_reason, +locationCode, +locationDetails, +job_type, +setid_jobcode, +job_title, +end_date, +termination_dt, +reports_to, +dept_code_hierarchy, +Description, +lastupddttm ) AS +SELECT + pj.emplid, + pj.empl_rcd, + pj.effdt, + pj.EFFSEQ, + pj.business_unit, + pj.empl_type, + pj.empl_class, + pj.officer_cd, + pj.company, + pj.per_org, + pj.POSITION_NBR, + pj.poi_type, + pj.deptid, + pj.jobcode, + pj.supervisor_id, + pj.hr_status, + pj.empl_status, + pj.full_part_time, + pj.action, + pj.action_reason, + pj.location, + null, + pj.JOB_INDICATOR, + setid_jobcode, + pjc.descr, + To_Date(NULL, 'YYYYMMDD'), + pj.termination_dt, + pj.reports_to, + null, + null, + pj.lastupddttm +FROM + ps_job pj + left join PS_JOBCODE_TBL pjc on pj.SETID_JOBCODE=pjc.setid and pj.jobcode = pjc.jobcode and pj.effdt = pjc.effdt; \ No newline at end of file diff --git a/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Personal_data_view.sql b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Personal_data_view.sql new file mode 100644 index 0000000000..b3e327481c --- /dev/null +++ b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Personal_data_view.sql @@ -0,0 +1,48 @@ +-- Copyright (c) 2025 Oracle and/or its affiliates. +-- +-- Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +-- +-- Author: OAG Development +-- +-- Description: Script file to create PERSONAL_DATA_VIEW in the AG Service Account User Schema of the PSFT DB, required for OAG integration +-- +-- DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + +CREATE OR REPLACE VIEW personal_data_view ( empl_id, +first_name, +last_name, +middle_name, +pref_first_name, +name_title, +phone, +email, +organization_name, +country, +address1, +address2, +address3, +city, +state, +postal, +lastupddttm) AS +SELECT + pd.emplid, + pd.first_name, + pd.last_name, + pd.middle_name, + pd.pref_first_name, + pd.name_title, + pd.phone, + pe.email_addr, + '', + pd.country, + pd.address1, + pd.address2, + pd.address3, + pd.city, + pd.state, + pd.postal, + pd.lastupddttm +FROM + ps_personal_data pd + LEFT JOIN ps_email_addresses pe ON pd.emplid = pe.emplid and pe.pref_email_flag='Y'; \ No newline at end of file From c919d27408f21591addd760a36a3731ddf29feea Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Tue, 25 Mar 2025 15:14:37 +0530 Subject: [PATCH 14/15] Added Peoplesoft views definitions, updated readme and created versions --- .../scripts/PEOPLESOFT/Job_data_view.sql | 77 ------------------- .../scripts/PEOPLESOFT/Personal_data_view.sql | 48 ------------ .../samples/scripts/README.md | 6 +- 3 files changed, 5 insertions(+), 126 deletions(-) delete mode 100644 OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Job_data_view.sql delete mode 100644 OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Personal_data_view.sql diff --git a/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Job_data_view.sql b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Job_data_view.sql deleted file mode 100644 index 1a5e9e948e..0000000000 --- a/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Job_data_view.sql +++ /dev/null @@ -1,77 +0,0 @@ --- Copyright (c) 2025 Oracle and/or its affiliates. --- --- Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. --- --- Author: OAG Development --- --- Description: Script file to create JOB_DATA_VIEW in the AG Service Account User Schema of the PSFT DB, required for OAG integration --- --- DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. - -CREATE OR REPLACE VIEW job_Data_View ( -empl_id, -empl_rcd, -eff_dt, -EFF_SEQ, -business_unit, -empl_type, -empl_class, -officer_Code, -company, -per_org, -POSITION_NBR, -poi_type, -deptid, -jobcode, -supervisor_id, -hr_status, -empl_status, -full_part_time, -action, -action_reason, -locationCode, -locationDetails, -job_type, -setid_jobcode, -job_title, -end_date, -termination_dt, -reports_to, -dept_code_hierarchy, -Description, -lastupddttm ) AS -SELECT - pj.emplid, - pj.empl_rcd, - pj.effdt, - pj.EFFSEQ, - pj.business_unit, - pj.empl_type, - pj.empl_class, - pj.officer_cd, - pj.company, - pj.per_org, - pj.POSITION_NBR, - pj.poi_type, - pj.deptid, - pj.jobcode, - pj.supervisor_id, - pj.hr_status, - pj.empl_status, - pj.full_part_time, - pj.action, - pj.action_reason, - pj.location, - null, - pj.JOB_INDICATOR, - setid_jobcode, - pjc.descr, - To_Date(NULL, 'YYYYMMDD'), - pj.termination_dt, - pj.reports_to, - null, - null, - pj.lastupddttm -FROM - ps_job pj - left join PS_JOBCODE_TBL pjc on pj.SETID_JOBCODE=pjc.setid and pj.jobcode = pjc.jobcode and pj.effdt = pjc.effdt; \ No newline at end of file diff --git a/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Personal_data_view.sql b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Personal_data_view.sql deleted file mode 100644 index b3e327481c..0000000000 --- a/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/Personal_data_view.sql +++ /dev/null @@ -1,48 +0,0 @@ --- Copyright (c) 2025 Oracle and/or its affiliates. --- --- Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. --- --- Author: OAG Development --- --- Description: Script file to create PERSONAL_DATA_VIEW in the AG Service Account User Schema of the PSFT DB, required for OAG integration --- --- DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. - -CREATE OR REPLACE VIEW personal_data_view ( empl_id, -first_name, -last_name, -middle_name, -pref_first_name, -name_title, -phone, -email, -organization_name, -country, -address1, -address2, -address3, -city, -state, -postal, -lastupddttm) AS -SELECT - pd.emplid, - pd.first_name, - pd.last_name, - pd.middle_name, - pd.pref_first_name, - pd.name_title, - pd.phone, - pe.email_addr, - '', - pd.country, - pd.address1, - pd.address2, - pd.address3, - pd.city, - pd.state, - pd.postal, - pd.lastupddttm -FROM - ps_personal_data pd - LEFT JOIN ps_email_addresses pe ON pd.emplid = pe.emplid and pe.pref_email_flag='Y'; \ No newline at end of file diff --git a/OracleIdentityGovernance/samples/scripts/README.md b/OracleIdentityGovernance/samples/scripts/README.md index 8c6848ea9a..dacb2636f3 100644 --- a/OracleIdentityGovernance/samples/scripts/README.md +++ b/OracleIdentityGovernance/samples/scripts/README.md @@ -8,4 +8,8 @@ Directory Oracle_EBS_HRMS contains script files for creating a service account i Directory Oracle_EBS_UM contains script files for creating a service account in EBS target For UM -Copyright (c) 2019, 2023 Oracle and/or its affiliates. \ No newline at end of file +## PEOPLESOFT + +Directory PEOPLESOFT contains views definitions for peoplesoft target + +Copyright (c) 2025 Oracle and/or its affiliates. \ No newline at end of file From 3ab23f42fa500353724643f0101a0e2e3826d587 Mon Sep 17 00:00:00 2001 From: Tanmay Garg Date: Tue, 25 Mar 2025 15:15:07 +0530 Subject: [PATCH 15/15] Added Peoplesoft views definitions, updated readme and created versions --- .../scripts/PEOPLESOFT/1.0/Job_data_view.sql | 77 +++++++++++++++++++ .../PEOPLESOFT/1.0/Personal_data_view.sql | 48 ++++++++++++ 2 files changed, 125 insertions(+) create mode 100644 OracleIdentityGovernance/samples/scripts/PEOPLESOFT/1.0/Job_data_view.sql create mode 100644 OracleIdentityGovernance/samples/scripts/PEOPLESOFT/1.0/Personal_data_view.sql diff --git a/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/1.0/Job_data_view.sql b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/1.0/Job_data_view.sql new file mode 100644 index 0000000000..1a5e9e948e --- /dev/null +++ b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/1.0/Job_data_view.sql @@ -0,0 +1,77 @@ +-- Copyright (c) 2025 Oracle and/or its affiliates. +-- +-- Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +-- +-- Author: OAG Development +-- +-- Description: Script file to create JOB_DATA_VIEW in the AG Service Account User Schema of the PSFT DB, required for OAG integration +-- +-- DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + +CREATE OR REPLACE VIEW job_Data_View ( +empl_id, +empl_rcd, +eff_dt, +EFF_SEQ, +business_unit, +empl_type, +empl_class, +officer_Code, +company, +per_org, +POSITION_NBR, +poi_type, +deptid, +jobcode, +supervisor_id, +hr_status, +empl_status, +full_part_time, +action, +action_reason, +locationCode, +locationDetails, +job_type, +setid_jobcode, +job_title, +end_date, +termination_dt, +reports_to, +dept_code_hierarchy, +Description, +lastupddttm ) AS +SELECT + pj.emplid, + pj.empl_rcd, + pj.effdt, + pj.EFFSEQ, + pj.business_unit, + pj.empl_type, + pj.empl_class, + pj.officer_cd, + pj.company, + pj.per_org, + pj.POSITION_NBR, + pj.poi_type, + pj.deptid, + pj.jobcode, + pj.supervisor_id, + pj.hr_status, + pj.empl_status, + pj.full_part_time, + pj.action, + pj.action_reason, + pj.location, + null, + pj.JOB_INDICATOR, + setid_jobcode, + pjc.descr, + To_Date(NULL, 'YYYYMMDD'), + pj.termination_dt, + pj.reports_to, + null, + null, + pj.lastupddttm +FROM + ps_job pj + left join PS_JOBCODE_TBL pjc on pj.SETID_JOBCODE=pjc.setid and pj.jobcode = pjc.jobcode and pj.effdt = pjc.effdt; \ No newline at end of file diff --git a/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/1.0/Personal_data_view.sql b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/1.0/Personal_data_view.sql new file mode 100644 index 0000000000..b3e327481c --- /dev/null +++ b/OracleIdentityGovernance/samples/scripts/PEOPLESOFT/1.0/Personal_data_view.sql @@ -0,0 +1,48 @@ +-- Copyright (c) 2025 Oracle and/or its affiliates. +-- +-- Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. +-- +-- Author: OAG Development +-- +-- Description: Script file to create PERSONAL_DATA_VIEW in the AG Service Account User Schema of the PSFT DB, required for OAG integration +-- +-- DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + +CREATE OR REPLACE VIEW personal_data_view ( empl_id, +first_name, +last_name, +middle_name, +pref_first_name, +name_title, +phone, +email, +organization_name, +country, +address1, +address2, +address3, +city, +state, +postal, +lastupddttm) AS +SELECT + pd.emplid, + pd.first_name, + pd.last_name, + pd.middle_name, + pd.pref_first_name, + pd.name_title, + pd.phone, + pe.email_addr, + '', + pd.country, + pd.address1, + pd.address2, + pd.address3, + pd.city, + pd.state, + pd.postal, + pd.lastupddttm +FROM + ps_personal_data pd + LEFT JOIN ps_email_addresses pe ON pd.emplid = pe.emplid and pe.pref_email_flag='Y'; \ No newline at end of file