You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Introduction

Oracle Wallet®

The Oracle Wallet® configuration is explained with the Oracle documentation:

Prerequisites

Oracle Wallet®

Except for use of the JS7 - JITL SQLPLUSJob no Oracle Client installation is required at run-time for use of a wallet with JS7 Agents. However, users need an Oracle Client to set up and to configure the wallet.

  • The wallet does not necessarily have to be created on the machines where JS7 Agents are located. The wallet preferably consists of a number of keystore and truststore files that can be copied from a remote machine to the servers that hosts the JS7 Agents.
  • Typical commands to create a wallet include for example:

    Example how to set up a wallet
    # create the wallet in an arbitrary location
    mkstore -wrl /home/js7/wallet -create
    # add credentials to the wallet; specify key, user account and password for database access
    mkstore -wrl /home/js7/wallet/ -createCredential js7 some_account some_password

Oracle JDBC Driver

The JS7 - JITL SQLExecutorJob and JS7 - JITL PLSQLJob make use of the Oracle JDBC Driver.

  • Check the Oracle JDBC Driver version that ships with the JS7 release, see JS7 - Database, chapter: Individual JDBC Driver Versions. A newer JDBC Driver might be available for download from Oracle.
  • Oracle JDBC Drivers that ship for release 18c of the DBMS are reported to work. Previous JDBC Driver releases, for example 12c, are reported not to work with Oracle Wallet® when used by JS7. If in doubt use the Oracle JDBC Driver version that matches the version of the DBMS.
  • Users who want to use a specific version of the Oracle JDBC Driver can apply the following steps:
    • For on premises installations store the libraries in the JS7_AGENT_HOME/lib/user_lib directory of the Agent installation directory.
    • When running Agent containers for Docker® consider to store the Oracle JDBC Driver and libraries in the JS7_AGENT_CONFIG_DIR/lib directory.

Oracle PKI Libraries

  • A number of Oracle Java libraries are required that have to match the version of the Oracle DBMS and Oracle JDBC Driver.
  • The .jar files are available from an Oracle Client installation and are offered by Oracle for download:
    • ORACLE_HOME/jlib/oraclepki.jar
    • ORACLE_HOME/jlib/osdt_cert.jar
    • ORACLE_HOME/jlib/osdt_core.jar
  • For on premises installations store the libraries in the JS7_AGENT_HOME/lib/user_lib directory of the Agent installation directory.
  • When running Agent containers for Docker® consider to store the Oracle JDBC Driver and libraries in the JS7_AGENT_CONFIG_DIR/lib directory.

Configuration

Som JITL  configured to connect to an Oracle database by use of Hibernate. In addition the locations of Oracle configuration files and of the wallet have to be specified.

Hibernate hibernate.cfg.xml Configuration File

  • Location: JETTY_BASE/resources/joc/hibernate.cfg.xml, see JS7 - Database.
  • The hibernate configuration should look like this:

    Hibernate configuration file for Oracle® database
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <hibernate-configuration>
     <session-factory>
      <property name="hibernate.connection.driver_class">oracle.jdbc.OracleDriver</property>
      <property name="hibernate.connection.password"></property>
      <property name="hibernate.connection.url">jdbc:oracle:thin:@/js7?tns_admin=/home/js7/wallet</property>
      <property name="hibernate.connection.username"></property>
      <property name="hibernate.dialect">org.hibernate.dialect.Oracle12cDialect</property>
      <property name="hibernate.show_sql">false</property>
      <property name="hibernate.connection.autocommit">false</property>
      <property name="hibernate.format_sql">true</property>
      <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property>
      <property name="hibernate.connection.provider_class">org.hibernate.hikaricp.internal.HikariCPConnectionProvider</property>
      <property name="hibernate.hikari.maximumPoolSize">10</property>
     </session-factory>
    </hibernate-configuration>
  • Consider the empty elements that are used for the account and password. Do not delete the respective elements from the hibernate configuration file.
  • The connection URL specifies js7 as the key to an entry in the wallet.
    • The URL parameter tns_admin is used to specify the directory of the tnsnames.ora configuration file. JDBC Connections usually would not need this configuration file as connection details (Listener, Service Name, Service ID) are specified with the URL. However, due to use of the js7 key to the wallet in the URL it is preferable to manage connection details from a tnsnames.ora configuration file.
    • In the above example this file is located in the /home/js7/wallet directory that in fact is the directory where the wallet is located. This location not required as the file can reside in any directory that is accessible to JOC Cockpit.
    • Consider that an sqlnet.ora configuration file is not used with the above setup of a JDBC connection.

Oracle tnsnames.ora Configuration File

The following example is not authoritative but is intended to explain a few basic settings:

Example of a tnsnames.ora configuration file
# tnsnames.ora Network Configuration File: /home/js7/product/18.0.0/dbhomeXE/NETWORK/ADMIN/tnsnames.ora
# Generated by Oracle configuration tools.

JS7 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.11.0.99)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = JS7)
    )
  )

LISTENER_JS7 =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.11.0.99)(PORT = 1521))


ORACLR_CONNECTION_DATA =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
    (CONNECT_DATA =
      (SID = CLRExtProc)
      (PRESENTATION = RO)
    )
  )


Explanation:

  • Line 4: The name JS7 of the first entry in this file corresponds to the key for which credentials have been stored to the wallet.
  • Line 5-9: The settings indicate the Listener's host and port and the database Service Name or Service ID.

Wallet Location for Java

  • Configure the location of the wallet by use of a Java define like this: 
    -Doracle.net.wallet_location=/home/js7/wallet. This setting should point to the directory where the wallet files are located. This setting can be specified with one of the following options:
    • specify the Java define with the jettyOptions setting of the joc_install_xml installer response file like this:
      <entry key="jettyOptions" value="-Doracle.net.wallet_location=/home/js7/wallet"/>
    • alternatively, for Unix use one of the following options:
      • specify the JAVA_OPTIONS environment variable before running the JOC Cockpit jetty.sh start script.
      • create/modify and make executable the /home/js7/.jocrc file, assuming that js7 is the JOC Cockpit run-time account. This file should export the JAVA_OPTIONS environment variable like this:
        export JAVA_OPTIONS="-Doracle.net.wallet_location=/home/js7/wallet"

      • add the JAVA_OPTIONS environment variable to the systemd service file, see JS7 - systemd Service Files for automated Startup / Shutdown with Unix Systems
    • Find further details from JS7 - How To - Apply Java Options.

Using Oracle Wallet® for the JITL SQLExecutorJob and PLSQLJob with Agents

The JS7 offers the following job templates for use with Oracle Wallet®:

Both template jobs are running with Agents, therefore the wallet configuration is applied to the respective Agent.

Prerequisites

Configuration

Hibernate hibernate.cfg.xml configuration file

  • The JS7 - JITL SQLExecutorJob optionally makes use of a Hibernate configuration file. The explanations above from chapter Hibernate hibernate.cfg.xml Configuration File apply. A Hibernate file by default is looked up from JS7_AGENT_CONFIG_DIR/hibernate.cfg.xml.
  • The JS7 - JITL PLSQLJob does not use a Hibernate file but the job argument db_url for the database URL. Above explanations about use of a URL such as jdbc:oracle:thin:@/js7?tns_admin=/home/js7/wallet similarly apply.
  • For use with Oracle Wallet® the job arguments db_user and db_password are omitted.

Oracle tnsnames.ora configuration file

Wallet Location for Java

  • Configure the location of the wallet by use of a Java define like this: 
    -Doracle.net.wallet_location=/home/js7/wallet. This setting should point to the directory where the wallet files are located. This setting can be specified for an Agent with one of the following options:

Using Oracle Wallet® for the JITL SQLPlusJob with Agents

JS7 offers the following job templates for use with Oracle Wallet®:

The template job is running with Agents and makes use of the sqlplus Command Line Client, therefore the wallet configuration is applied to the respective Agent.

Prerequisites

Prerequisites to execute SQL*Plus with Oracle Wallet® include that

  1. the Oracle Client including SQL*Plus is installed
  2. the following environment variables are set: ORACLE_HOME, LD_LIBRARY_PATH=$ORACLE_HOME/lib, TNS_ADMIN

The prerequisites for setting up the wallet are the same as explained above with chapter Prerequisites.

  • Consider that the mkstore command will add the location of the wallet to your sqlnet.ora configuration file.
    • This file is required by SQL*Plus and allows to execute the command line client like this: sqlplus /@js7. 
    • The  js7 is the key for the tnsnames.ora configuration file to identify the database connection settings and for the wallet to identify the matching credentials.

Configuration

Environment Variables

The prerequisites to set environment variables for use of SQL*Plus with Oracle Wallet® can be met

  • by adding environment variable to the Agent Instance Start Script or
  • by setting up JS7 - Job Resources to inject environment variables to workflows and jobs.

Agent Instance Start Script

  • Adjust Agent Instance Start Script
    • For Unix add environment variables to the Agent Instance Start Script ./bin/agent_<port>.sh
      • ORACLE_HOME=/some_location
        LD_LIBRARY_PATH=$ORACLE_HOME/lib
        TNS_ADMIN=/some_location
        export ORACLE_HOME LD_LIBRARY_PATH TNS_ADMIN
    • For Windows add environment variables to the Agent Instance Start Script ./bin/agent_<port>.cmd
      • set ORACLE_HOME=C:\some_location
        set LD_LIBRARY_PATH=%ORACLE_HOME%\lib
        set TNS_ADMIN=C:\some_location
    • The Instance Start Script is executed on startup of the Agent in the context of the user account that the Agent is operated for. The environment variables are forwarded to subsequent jobs in a workflow.
  • Restart the Agent.

Use of Job Resources

Instead of adding the above environment variables to the Agent's Instance Start Script, they can be added to JS7 - Job Resources that are assigned to the workflow or job that requires access to an Oracle database. Job Resources include name/value pairs that can be assigned any workflow or job.

Oracle sqlnet.ora Configuration File

This file is located in the directory specified by the TNS_ADMIN environment variable.

The following example is not authoritative but is intended to explain a few basic settings:

Example of sqlnet.ora configuration file
# sqlnet.ora Network Configuration File: /home/js7/product/18.0.0/dbhomeXE/NETWORK/ADMIN/sqlnet.ora
# Generated by Oracle configuration tools.

# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.

SQLNET.AUTHENTICATION_SERVICES= (NTS)

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

WALLET_LOCATION = (SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/var/sos-berlin.com/js7/agent/var_4445/config/wallet)))
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0


Explanation:

  • The wallet location specified from /var/sos-berlin.com/js7/agent/var_4445/config/wallet is a possible location that corresponds to JS7_AGENT_CONFIG_DIR/config/wallet. Any location that is within reach of the Agent and that allows to read wallet files can be used.


  • No labels