Running WebLogic on OpenShift

openshift-weblogic

From time to time I have customers expressing interest in running WebLogic on OpenShift. Having worked extensively with WebLogic in my previous career as an Oracle consultant, it’s immediately obvious that there are a number of copmplexities in getting the WebLogic domain structure working in a dynamic environment like OpenShift or Kubernetes. To Oracle’s credit, they are working on this and have written an article “WebLogic on Kubernetes, Try It!” with an example based on the Oracle docker images.

This post will discuss the basic steps needed to get this working in OpenShift. While OpenShift is based on Kubernetes, there are some differences particularly around security that require some tweaks. Additionally, the article and associated sample has some issues associated with it that I wanted to cover.

The instructions in the article are clear for the most part, here are the items that require tweaking to work:

a. Before you create the docker image in the wls-12213-domain directory, you will need to edit the file container-scripts/provision-domain.py. This file creates the managed servers ahead of time to support the statefulset, however it creates the listen address as ms-X.wls-subdomain.default.svc.cluster.local. The issue here is that it is hard-coding the default namespace which means you would need to deploy this sample in the default project in OpenShift. In theory, changing it to ms-X.wls-subdomain should work, however it did not for me and I need to investigate further. For now, I changed default to weblogic and deployed the sample into a weblogic project.

b. I also had an issue creating the docker file with the chown failing, see the issue I opened here for a workaround.

c. When creating the docker file, the sample implies you can select an admin user but you can’t. Just use the default weblogic admin user.

d. The Oracle docker images must be run as the Oracle user. OpenShift by default disallows images running as specific users, therefore a service account must be created to grant the anyuid scc.

oc create serviceaccount weblogic
oc adm policy add-scc-to-user anyuid -z weblogic

e. The wls-admin-webhook.yml and wls-stateful.yml files need to be updated to use the weblogic service account:

spec:
containers:
...
serviceAccount: weblogic
serviceAccountName: weblogic

f. The sample exposes the services using NodePort which should work in OpenShift, however I ended up creating routes as follows:

oc expose svc wls-admin-server
oc expose svc wls-service

g. If you are not familiar with WebLogic, to access the web console use the wls-admin-server route and add /console to the end of it. The username will be weblogic and the password whatever you selected.

Obviously the Oracle work is just a sample and a number of things would need to happen to operationalize it. The biggest IMHO is not having to hardcode the OpenShift namespaces the image will be running in. I’m hoping to resolve this as I play around with it further.