psadmin.conf Blog Podcast Community Code Wiki

psst…Cloud Manager now supports Vault!

cloud manager oci security Oct 10, 2024

PeopleSoft Cloud Manager (PCM) is a great resource for those running PeopleSoft in OCI. It gives PeopleSoft administrators a great deal of automation for deploying and managing PeopleSoft environments. Deploying PCM itself is even automated, deployed from the OCI Marketplace using Stacks. The only real manual effort is filling out a form which prompts you for some resource settings and PeopleSoft passwords.

We all know PeopleSoft has A LOT of passwords to set in an environment. Not only is the list long, they each have their own unique requirements. Manually entering these passwords in the PCM Stack has always been a major pain. Messing up a password may not be realized until the PCM instance is fully deployed and fails on bootstrapping.

Well, good news. Starting in Image 16, PCM now supports the use of Vault Secrets! Now you can create and store your secrets in a Vault, which PCM can then use when deploying environments. The PCM Stack from the Marketplace also uses Vault. Now you point to a Vault and Secrets instead of manually entering passwords. For more info, check out MOS doc PeopleSoft Cloud Manager Images 3 – 18 Overview (Doc ID 2233277.1) or the PeopleSoft YouTube video.

This is a great new feature, but does it really solve our problem? We are still required to enter these passwords into a Vault. We have just shifted this burden to another data entry point. And on top of that, we now lose the explanation and validation of our individual password requirements that we had in our Stack form. Can’t we just auto-generate these passwords somehow? 😠

The answer from Oracle is seemingly - No. I couldn't accept that answer. So, I created the PeopleSoft Secret Tool(psst). This is a tool, written in python, to help us create and manage PeopleSoft secrets. As of this early release 0.1.0 , the tool will generate you a list of all the needed PeopleSoft secrets. Each password will match the requirements expected from PeopleSoft. It also has the ability to create a new OCI Vault that includes all the needed secrets pre-populated. This is a great way to quickly generate the passwords needed to deploy PCM. Let’s walk through the steps needed to get this working.

Setup psst

  1. Login to your OCI Console and select the appropriate region.

  2. Open your Cloud Shell.

    NOTE: You can use this anywhere you have OCI CLI configured. We are using Cloud Shell because it is just quick and easy.

  3. Clone the psst repository and install using pip.

    cd ~/
git clone [email protected]:psadmin-io/psst.git
cd psst
pip install --user .

  4. Reload your .bash_profile and display psst help text.

    . ~/.bash_profile
psst --help

  5. Use psst to generate a list of passwords for PCM.

    psst secrets generate --secrets-list pcm

 

Create Vault

  1. First, validate your OCI CLI is working by listing your Compartment OCIDs.

    oci iam compartment list --output table --query "data[*].{Name:name,OCID:id}"

  2. Copy the OCID of the compartment you would like to use for your vault.

  3. Set these variables and use psst to generate a new Vault, prepopulated with needed PCM passwords.

    vault_name="pcm-vault"
comp_id="ocid1.compartment.oc1..aaaaaaaa6bvleekdzh27di3trkbypzpm3mj3rp7o25v7mvp4ne3h7esbmbwa"

psst vault create \
    --type oci \
    --vault-name $vault_name \
    --compartment-id $comp_id \
    --secrets-list pcm

  4. Copy the new vault OCID from the output: Vault created: ocid1.vault.oc1...

  5. Using the new Vault OCID, list the secrets in the new vault.

    vault_id=ocid1.vault.oc1.phx.eftqnjocaabn4.afdg...dkq

oci vault secret list \
    --compartment-id $comp_id \
    --vault-id $vault_id \
    --output table \
    --query "data[*].{Name:\"secret-name\",OCID:id}"


 

Create Cloud Manager

  1. Login to OCI Console and navigate to Menu > Marketplace > All Applications.

  2. Search for PeopleSoft Cloud Manager for OCI and select it.

  3. Select your compartment, agree to terms and click on Launch Stack

  4. If you would like, update the Name and Description fields and then click Next.

  5. Configure the variables as needed, starting with the Cloud Manage Instance section.

  6. About half way down the section, configure the vault and secret information.

  7. Complete the configuration of the Networking section and then click Next.

  8. Review settings and click Create.

  9. The Stack will now run an Apply job to deploy PCM.

  10. Once the Compute Instance is created, the bootstrapping script will run and utilize our Vault secrets as needed.

Conclusion

Taking PCM secret management a step further with psst is a great way to streamline the deployment of PeopleSoft environments in OCI. Please keep in mind that this is an early release of psst and I hope to make improvements. Here is a short list of ideas I have in the backlog. If you run into issues or have ideas for enhancements, please submit issues in GitHub!

NOTE: This post was updated 11/04/2024 to reflect changes in `psst` Release 0.2.0

Categories

All Categories acm app engine app server branding browser change assistant cli client tools cloud manager cobol conference containers course database debugging development documentation dpk event mapping file attachments fluid integration broker java lifecycle management linux load balancer monitoring networking nvision oci patching peoplecode peopletools process scheduler psadmin.conf puppet refresh related content framework search security talk terraform web server windows