Merge branch 'AbhiK_tcps_bugfix2' into 'master'

Reducing number of events, explain about tcpsCertRenewInterval in readme

See merge request rac-docker-dev/oracle-database-operator!224

Author: yunus-qureshi

config/samples/sidb/singleinstancedatabase_tcps.yaml

@@ -3,18 +3,6 @@
 # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
 #
 
-apiVersion: v1
-kind: Secret
-metadata:
-  name: db-admin-secret
-  namespace: default
-type: Opaque
-stringData:
-  # Specify your DB password here
-  oracle_pwd: 
-
----
-
 apiVersion: database.oracle.com/v1alpha1
 kind: SingleInstanceDatabase
 metadata:

controllers/database/singleinstancedatabase_controller.go

@@ -674,7 +674,7 @@ func (r *SingleInstanceDatabaseReconciler) instantiatePodSpec(m *dbapi.SingleIns
 						if m.Spec.ReadinessCheckPeriod > 0 {
 							return int32(m.Spec.ReadinessCheckPeriod)
 						}
-						return 30
+						return 60
 					}(),
 				},
 
@@ -1796,15 +1796,13 @@ func (r *SingleInstanceDatabaseReconciler) validateDBReadiness(m *dbapi.SingleIn
 		return requeueY, readyPod, err
 	}
 	if readyPod.Name == "" {
-		eventReason := "Database Pending"
-		eventMsg := "status of database is not ready, retrying..."
 		m.Status.Status = dbcommons.StatusPending
 		if ok, _ := dbcommons.IsAnyPodWithStatus(available, corev1.PodFailed); ok {
-			eventReason = "Database Failed"
-			eventMsg = "pod creation failed"
+			eventReason := "Database Failed"
+			eventMsg := "pod creation failed"
+			r.Recorder.Eventf(m, corev1.EventTypeNormal, eventReason, eventMsg)
 		} else if ok, runningPod := dbcommons.IsAnyPodWithStatus(available, corev1.PodRunning); ok {
-			eventReason = "Database Creating"
-			eventMsg = "database creation in progress..."
+			r.Log.Info("Database Creating...", "Name", m.Name)
 			m.Status.Status = dbcommons.StatusCreating
 			if m.Spec.CloneFrom != "" {
 				// Required since clone creates the datafiles under primary database SID folder
@@ -1823,18 +1821,20 @@ func (r *SingleInstanceDatabaseReconciler) validateDBReadiness(m *dbapi.SingleIn
 			r.Log.Info("GetCheckpointFileCMD Output : \n" + out)
 
 			if out != "" {
-				eventReason = "Database Unhealthy"
-				eventMsg = "datafiles exists"
+				eventReason := "Database Unhealthy"
+				eventMsg := "datafiles exists"
+				r.Recorder.Eventf(m, corev1.EventTypeNormal, eventReason, eventMsg)
 				m.Status.DatafilesCreated = "true"
 				m.Status.Status = dbcommons.StatusNotReady
 				r.updateORDSStatus(m, ctx, req)
 			}
 
+		} else {
+			r.Log.Info("Database Pending...", "Name", m.Name)
 		}
-		r.Recorder.Eventf(m, corev1.EventTypeNormal, eventReason, eventMsg)
-		r.Log.Info(eventMsg)
+
 		// As No pod is ready now , turn on mode when pod is ready . so requeue the request
-		return requeueY, readyPod, errors.New(eventMsg)
+		return requeueY, readyPod, errors.New("no pod is ready currently")
 	}
 	if m.Status.DatafilesPatched != "true" {
 		eventReason := "Datapatch Pending"

docs/sidb/README.md

@@ -535,15 +535,9 @@ true
 ```
 
 The following steps are required to connect the Database using TCPS:
-- You need to download the wallet from the Persistent Volume(PV) attached with the database pod. You can use the following command to get the list of pod:
+- You need to download the wallet from the Persistent Volume (PV) attached with the database pod. The location of the wallet inside the pod is as `/opt/oracle/oradata/clientWallet/$ORACLE_SID`. **Let us assume the `ORACLE_SID` is `ORCL1`, and singleinstance database resource name is `sidb-sample` for the upcoming example command**. You can copy the wallet to the destination directory by the following command:
   ```bash
-  kubectl get po
-  NAME                READY   STATUS    RESTARTS   AGE
-  sidb-sample-gaqoe   1/1     Running   0          3d14h
-  ```
-- The location of the wallet inside the pod is as `/opt/oracle/oradata/clientWallet/$ORACLE_SID`. **Let us assume the `ORACLE_SID` is `ORCL1` for the upcoming example commands**. The sample command to download the wallet is as follows:
-  ```bash
-  kubectl cp sidb-sample-gaqoe:/opt/oracle/oradata/clientWallet/ORCL1  <Destination directory>
+  kubectl cp $(kubectl get pods -l app=sidb-sample -o=jsonpath='{.items[0].metadata.name}'):/opt/oracle/oradata/clientWallet/ORCL1 <Destination directory>
   ```
 - This wallet includes the sample `tnsnames.ora` and `sqlnet.ora` files. All the TNS entries for the database (corresponding to the CDB and PDB) resides in `tnsnames.ora` file. You need to go inside the downloaded wallet directory and set the `TNS_ADMIN` environment variable to point to the current directory as follows:
   ```bash
@@ -553,13 +547,20 @@ The following steps are required to connect the Database using TCPS:
   After this, you can connect using SQL\*Plus using the following sample commands:
   ```bash
   sqlplus sys@ORCL1 as sysdba
-
-  sqlplus system@ORCL1
+  ```
+- Alternatively, you can use the following SQL\*Plus command to connect using TCPS without setting TNS_ADMIN environment variable:
+  ```bash
+  sqlplus sys@tcps://<TCPS Connect String>?wallet_location=<Downloaded Wallet Directory>
+  ```
+  Here, TCPS connect string can be found by using the following command:
+  ```bash
+  kubectl get singleinstancedatabase sidb-sample -o "jsonpath={.status.TcpsConnectString}"
   ```
 **NOTE:**
 - Only database server authentication is supported (no mTLS).
 - When TCPS is enabled, a self-signed certificate is generated and stored inside the wallets. For users' convenience, a client-side wallet is generated and stored at `/opt/oracle/oradata/clientWallet/$ORACLE_SID` location in the pod.
 - The self-signed certificate used with TCPS has validity for 2 years. After the certificate is expired, it will be renewed by the `OraOperator` automatically. You need to download the wallet again after the auto-renewal.
+- You can set the certificate renew interval with the help of `tcpsCertRenewInterval` field in the **[config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml)** file. The minimum accepted value is 1m, and the maximum value is 26280h (3 years). The certificates used with TCPS will automatically be renewed after this interval. If this field is omitted/commented in the yaml file, the certificates will not be renewed automatically.
 
 ### Specifying Custom Ports
 As mentioned in the section [Setup Database with LoadBalancer](#setup-database-with-loadbalancer), there are two kubernetes services possible for the database: NodePort and LoadBalancer. You can specify which port to use with these services by editing the `listenerPort` and `tcpsListenerPort` fields of the [config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml) file.
@@ -574,6 +575,7 @@ In case of `NodePort` service, `listenerPort`, and `tcpsListenerPort` will be th
 - `listenerPort` and `tcpsListenerPort` can not have same values.
 - `tcpsListenerPort` will come into effect only when TCPS connections are enabled (i.e. `enableTCPS` field is set in [config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml) file).
 - If TCPS connections are enabled, and `listenerPort` is commented/removed in the [config/samples/sidb/singleinstancedatabase.yaml](../../config/samples/sidb/singleinstancedatabase.yaml) file, only TCPS endpoint will be exposed.
+- If LoadBalancer is enabled, and either `listenerPort` or `tcpsListenerPort` is changed, then it takes some time to complete the work requests (drain existing backend sets and create new ones). SingleInstanceDatabase and LoadBalancer remains in the healthy state, but, you can check the progress of the work requests by logging into the OCI console and checking the corresponding LoadBalancer.
 
 
 ## OracleRestDataService Resource