#255 – Rundeck Script Management


This week on the podcast, Kyle and Dan discuss Rundeck and how to manage scripts used by Rundeck, share their virtual meeting tips, get back on the conference speaking circuit.

Show Notes

#254 – Vagabond Updates


This week on the podcast, Kyle and Dan discuss Cloud Managers Start/Stop feature, Dan shares some Vagabond project updates, then they discuss the benefits of simple systems.

Show Notes

#252 – Elasticsearch Direct Transfer


This week on the podcast, Kyle and Dan talk about Elasticsearch Direct Transfer architecture and a few edge cases with the setup. They also remind everyone about mosbot, and also talk about accessing metadata on OCI instances.

Show Notes

#250 – Pre-Production


This week on the podcast, Dan and Kyle discuss autonomous database and linux support with PeopleSoft, Kyle shares some follow-up on Instance Pools, and Dan explains why a Pre-Production environment is important.

Show Notes

#249 – App Designer Crash Logs



This week on the podcast, Dan shares a tip to generate App Designer crash logs, Kyle talks about adapting and learning to new technologies and some tips for using the OCI CLI.

Show Notes

#248 – Proxy Craziness



This week on the podcast, Dan talks about using ACM for basic configuration and his tips for using proxies to debug search and IB issues. Kyle shares how he used Terraform and Resource Manager to auto-deploy Cloud Manager.

Show Notes

#247 – Cloud Manager Kit


This week on the podcast, Dan talks about a contextual Nav Bar idea and then he and Kyle discuss the idea of using the Cloud Manager libraries for general automation.

Show Notes

Environment Template Security in Cloud Manager

Now that Cloud Manager is here, we have self-service ability to create PeopleSoft environments in OCI. Cue Uncle Ben… “With great power comes great responsibility.” Having a self-service portal that allows for the creation of these environments is fantastic, but how do we put some controls around this awesome power? This is where Environment Template security comes in to play.

To create an Environment in Cloud Manager, you first need an Environment Template. This template is created using some General Details, a Topology, and finally Security. It is this security detail that will help us control who can use these templates to create environments in the future. When you are creating a template, you will see the following section 3 – Define Security in the wizard. Let’s break down what our options are.

Assign Template to Zone(s)

Templates can be assigned to a single or multiple Zones. As of Image 11, there are currently three zones to choose from:

  • Development
  • Test
  • Production

A Zone is just “a logical grouping of environments,” according to Oracle’s Cloud Manager FAQ. At this time, it doesn’t serve any other purpose outside of helping you organize your environments. I could see a level of security being added to Zones in the future. If not by Oracle, maybe a custom bolt-on?

Assign Template to Role(s)

Templates can also be assigned to PeopleSoft security Roles. Any user that has a Role specified in this section will have the ability to create an Environment based on this template. Cloud Manager delivers three roles intended to be used with templates:

  • Cloud Administrator (PACL_CAD)
  • Cloud PeopleSoft Administrator (PACL_PAD)
  • Self-Service User (PACL_SSC)

As you would expect with PeopleSoft security, you are free to create and use your custom roles here. I think the delivered roles make it clear how Oracle sees the breakdown of potential users. Users who admin OCI resources, users who admin PeopleSoft, and users of PeopleSoft who might want ad-hoc environments(thinking developers or maybe even business staff looking for demos). I could see the OCI and PS admin roles combined often. Also, the self-service user might be split out into a technical and functional role or disabled altogether. Each organization will have to review this for themselves and come up with a good policy. Just keep in mind, you can add multiple roles to each template.

Creating Environments

Once the security and other details are added to a template, it will be available to use when creating an Environment.

Only the templates the user has access to will be in the Template Name dropdown. The Zone dropdown will also be populated with available zones from the selected template. If a single zone were added, this would be auto-selected and read-only.

Overall, I feel that Environment Template security offers a lot of control. It gives us enough control to provide a level of self-service environment deployments if desired. I do look forward to seeing actual functionality added to Zones. It might be easier to manage this security if we could somehow control access by zone versus strictly individual template security.

#246 – OCI Instance Pools


This week on the podcast, Dan shares some writing tips for on remote teams, Kyle talks about using OCI instance pools with PeopleSoft, and they discuss the changes they are excited for in Cloud Manager 11.

Show Notes

Taking PeopleSoft Swimming in an OCI Instance Pool

I was recently studying for some OCI Certification exams when I came across the topic of Instance Pools. I’ve known about this OCI feature for a while but realized I somehow never thought seriously about using them with PeopleSoft. So, I decided to do a proof of concept and write about it. What I found was with a few changes to a traditional PeopleSoft topology and configuration, you can get this working!

Please keep in mind that this is a proof of concept. I know I didn’t touch on all PeopleSoft configuration and features, so there is likely more work to be done to make this setup viable. I will try to call out some “gotchas” that come to mind but feel free to call out potential issues in the comments. If we can turn this POC into something usable, it might even open the door for container exploration!

Getting Started

To get started, we first need to understand what an Instance Pool is, and what is required to create one. An Instance Pool is a feature that allows you to create and manage multiple compute instances that share the same configuration. What makes them powerful is the ability to scale instance count and attach to a Load Balancer. You can scale on a schedule, with metric based rules, with Terraform or a script using OCI CLI, or manually with the OCI Console. Adjusting the instance count will create or terminate instances automatically. Also, when the pool is attached to a load balancer, the instances are automatically added or removed from the load balancer’s backend set. As you can see, this type of functionality would be great in the PeopleSoft space, where the load on a system can vary day-to-day. Think “timesheet day,” open enrollment, course registration, etc.

To complete this POC, we first need a few things.

Load Balancer

We will leverage the Load Balancing service that OCI offers. This service’s integration with our Instance Pool will give us the automation that we need. Creating a Load Balancer is straight forward, but there are a few things to keep in mind for this POC.

  1. Select a visibility type of Public if you hope to access it from the internet.
  2. Don’t worry about adding Backends at the time of Load Balancer creation. This will be handled by the Instance Pool in the future.
  3. Make sure to enable Session Persistence on the Backend Set. This is needed for PeopleSoft to work correctly.

Custom Image

An Instance Pool uses an Instance Configuration to spin up new instances on demand. An Instance Configuration contains all the configuration details like network, OS, shape, and image needed to create an instance. The image can be an Oracle provided platform image( Oracle-Linux-7.x, etc.) or a custom image that you create.

This image marks the first real decision on how to approach this POC. What we are after is a server with PeopleSoft web and application domains fully deployed and running. I see two approaches to this. One, use a standard platform image and then use cloud-init to configure and deploy the domains using DPK at instance creation. Two, create a custom image with the domains already deployed. I chose to leverage the custom image approach for this POC. I felt this was the fastest, most reliable way to create these instances. With rule-based scaling, and maybe to a lesser extent scheduled scaling, we ideally want these instances created quickly, and DPK takes time.

If startup time at creation isn’t a concern, then an approach using cloud-init probably is the way to go. One thought I had was to keep all middleware installations on FSS. The cloud-init script could just mount that and have DPK just focus on deploying PS_CFG_HOME. That would really speed things up. Maybe something to try in a future blog post!

Create Base Instance

I found a few things that were needed when prepping a PeopleSoft webapp server for Custom Image creation. I started by creating a new instance using the latest Linux 7 platform image. Next, I downloaded the latest PeopleTools 8.58 DPK to the instance and ran the psft-dpk-setup.sh setup script, passing the --env_type midtier --domain_type all options. This gave me a server with working web and application domains.

Update PeopleSoft Configuration

If we stopped here and created a Custom Image from this base instance, we might have some success. However, every future instance created from this image would have the exact same PeopleSoft domain configuration. There are some parts of a PeopleSoft domain configuration that are required to be unique. Also, some parts of the configuration will have a hostname “hardcoded,” etc. Here is a list of changes I made to address these concerns before I created a Custom Image. As mentioned before, there are likely more changes needed. However, these were enough to get this POC working.

  1. Update Cookie Configuration
    • Make sure your cookie configuration in the weblogic.xml file is set not to include a hostname.
    • <cookie-name>DBNAME-PORTAL-PSJSESSIONID</cookie-name>
  2. Update configuration.properties
    • Set the psserver= value to use localhost, since we are using a webapp deployment approach.
    • This will pin each web domain to use its local app domain, with load balancing and failover handled strictly by the OCI Load Balancer.
  3. Update setEnv.sh
    • By default, the ADMINSERVER_HOSTNAME variable is set to the hostname the domain was installed on.
    • Change this to be a dynamic value, driving off of the $HOSTNAME environment variable.
      • ADMINSERVER_HOSTNAME=${HOSTNAME}
  4. Update psappsrv.cfg
    • The [Domain Settings]\Domain ID value should be unique across all your PeopleSoft domains.
    • It is common for domain ids to follow a sequence number pattern. Example: APPDOM1, APPDOM2, etc.
    • Update the value to use an environment variable for the sequence number, ensuring a unique ID.
      • Domain ID=APPDOM%PS_DOMAIN_NBR%
      • We will discuss ideas on how to set this %PS_DOMAIN_NBR% variable later.
  5. Update psft-appserver service script
    • To ensure our domain configurations are correct and domains start properly, we should enforce a domain configure during instance creation and boot.
    • For this POC, I simply added a psadmin configure command to the domain service script.
    • For each application domain installed by the DPK, there is a service setup using a script found here:
      • $PS_CFG_HOME/appserv/APPDOM/psft-appserver-APPDOM-domain-appdom.sh
    • Update this script in the start_application_server function and add the following configure command before the start command.
      • su - $APPSRV_ADMIN -c "$APPSRV_PS_HOME/bin/psadmin -c configure -d $APPSRVDOM" 1>>$LOG_FILE 2>&1
  6. Create $PS_DOMAIN_NBR
    • In the psadm2 ~/.bashrc file, export a $PS_DOMAIN_NBR variable.
    • The goal for this is to generate a unique number that can be used in your domain configuration.
    • When an Instance Pool creates an instance, a random number is appended to the hostname.
      • Example: webapp-634836, webapp-973369, etc.
    • To leverage this appended number for $PS_DOMAIN_NBR, you can use something like this:
      • export PS_DOMAIN_NBR=$(hostname | rev | cut -d- -f1 | rev)

Create a Custom Image

Before creating the custom image, there are a few more things to clean up. First, remove any unwanted domains or software. Depending on your DPK deployment, a process scheduler domain may have been created. We won’t be needing this, so it can be manually removed using psadmin. Next, remove any unwanted entries in /etc/hosts file. For this POC, I stripped down to just the “localhost” entries. New entries will be added when instances are created with new hostnames. Last, stop all running PeopleSoft domains. This step is just to ensure a clean configuration.

Now we are ready to create the Custom Image. In the OCI Console, find your base instance. Under More Actions, select Create Custom Image.

Instance Configuration

After the Custom Image is done provisioning, we are ready to create our Instance Configuration. To start, we need to create an instance based on our new Custom Image. In the OCI Console, navigate to Compute > Custom Image and find the new image. Click on Create Instance. Enter a name, shape, networking, and other details we want to be used in our future Instance Configuration. Select Create and wait for the instance to provision.

Once provisioned, go ahead and validate that the instance looks good. Login to the PIA, make sure the domains started correctly, etc. If all looks well, go back to your newly created instance in the OCI Console. Under More Actions, select Create Instance Configuration. Select a compartment, name, and optional tags, then click Create Instance Configuration.

Instance Pool

Now that we have our Instance Configuration, we can finally create our Instance Pool. In OCI Console, navigate to the newly created Instance Configuration and click on Create Instance Pool. Select a name, the instance configuration, and the number of instances you would like in the pool. Next, we will configure the pool placement with Availability Domain details. Also, make sure to select Attach a Load Balancer. Select the Load Balancer details we created earlier. Lastly, review the details and click Create. You can now follow the provisioning steps under Work Requests.

Once the provisioning work requests are completed, you can validate everything worked as expected. Under Instance Pool Details, you can navigate to Created Instances. You should see the newly created instances listed here. Also, you can navigate to Load Balancers. You will see the attached load balancer. Click into this to review that the Backend Set was updated with the newly created instances.

After validating the initial deployment, you can play around with the instance count. Navigate back to your Instance Pool and click on Edit. Try adding or subtracting to the Number of Instances. Monitor the work requests then validate instances were added or subtracted correctly.

Conclusion

This blog post was a quick, high-level walkthrough of using Instance Pools with PeopleSoft on OCI. My goal was mainly to prove that this was possible in a POC. However, I also wanted to help start a conversation about how this might look in a Production setting. I listed out a few things that could be done to get a custom image approach to work. What other configuration values did I not mention? What ideas do you have for a more dynamic approach, using DPK installs at creation time? As the feature set of OCI grows relating to Load Balancers and Instance Pools, I think we will be more and more motivated to get a deployment like this working outside of the lab!