Blog
Oracle Autonomous Database and DevOps: A Simple Usage Approach – Part 4
Category: Cloud Author: BRUNO REIS Date: 6 years ago Comments: 0

Oracle Autonomous Database and DevOps:
A Simple Usage Approach - Part 4

 
 
This article is the fourth part of the series of articles on Oracle Autonomous Database and DevOps. For a better understanding, I recommend reading the “Oracle Autonomous Database and DevOps: A Simple Usability Approach – Part 1”, “Part 2” and “Part 3” articles before proceeding with the steps in this article.
 
As in the previous article we treated the secure connection of the ATP instance with Oracle SQL Developer using the wallet file of the provisioned instance, in this article we will proceed with the creation of the Linux application server. An interesting factor in this topic is that the Linux server will be created within the Oracle Cloud and thus showing the versatility of the Oracle Cloud. To start let’s build some concepts:
 
Why create the Virtual Cloud Network?
 
According  to Oracle Corp., “Before you start an instance, you must have a virtual cloud network (VCN) and a subnet to start it. A subnet is a subdivision of your VCN. The subnet directs the traffic according to the route table. “.
 
Therefore, follow these steps:
 
 – Creating the virtual network (Virtual Cloud Network): In the Oracle Cloud menu click on “Networking” and later “Virtual Cloud Network”:
In the Virtual Cloud Networks tab click on the “Create Virtual Cloud Network” button
You will then be presented with the screen to create the Virtual Cloud Network, where it is necessary to specify all the information for the VNC configuration:
In the Virtual Cloud Network tab choose the option “Create Virtual Cloud Network plus related resources” to create the VNC only with public subnets:
Click the “Create Virtual Cloud Network” button and a screen with confirmation of creation will be displayed:
Thus it will be possible to verify the VCN created:
Click the name of the VCN, in the case of the example of this article “VirtualCloud”.
Then click on “Security Lists” in the menu:
Click “Default Security Lists for VirtualCloud”
On the next screen click on “Edit All Rules”: “
Afterwards, under the “Ingress Rule 3” tab, click the “Another Ingress Rule”
In the next Ingress Rule add the following data:
   Source CIDR : 0.0.0.0/0
    Destination Port Range : 3055 (just an example)
After entering the information click on “Save Security List Rules”:
With the Virtual Cloud Network configured, we will proceed with the provisioning of the Linux machine.
Provisioning the Linux server: In the initial menu of Oracle Cloud click on “Compute” and later on “Instances”:
On the next tab, click the “Create Instance” button:
In the Create Compute Instance tab, provide the requested information:
 
Name: Choose a name for your instance. (In the example: VMLINUXmachine)
 
Select an available domain for your instance: Choose the first available domain (In the example: ysjg: PHX-AD-1)
 
Choose an operating system or image source: Keep the option available from Oracle.
Image Operating System: Oracle Linux 7.6
Choose instance type: Choose “Virtual Machine”
Shape: We will use the option “VM.Standard2.1”
Image Version: Please select the latest version, 2018.09.25-0 (latest)
Configure boot volume: Keep the default option.
SSH Keys: Because Linux operating systems use SSH keys for authentication, you must provide a public key. Click “Choose SSH key file” and provide a public SSH key.
Then click on the “create” button:
While the server is being provisioned, the status displayed will be “Provisioning”:
Once the process is finished, the status is changed to “RUNNING”:
An interesting fact is that from this moment it is already possible to make ssh connection with the created server:

 

 

[root@techdatabasketblog /]# ssh 129.146.128.2

The authenticity of host '129.146.128.2 (129.146.128.2)' can't be established.

ECDSA key fingerprint is SHA256:kuM9EKvzZ47/2qof0kVZc9+po3tDjTEPdsCXVgye9BI.

ECDSA key fingerprint is MD5:84:06:1b:75:2c:5a:f4:72:db:49:ab:7e:b1:5c:5a:67.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '129.146.128.2' (ECDSA) to the list of known hosts.

Enter passphrase for key '/root/.ssh/id_rsa': 

Please login as the user "opc" rather than the user "root".




Connection to 129.146.128.2 closed.

[root@techdatabasketblog /]# ssh [email protected]

Enter passphrase for key '/root/.ssh/id_rsa': 




[opc@vmlinuxmachine ~]$ hostname

vmlinuxmachine




[opc@vmlinuxmachine ~]$ uname -a

Linux vmlinuxmachine 4.14.35-1844.3.2.el7uek.x86_64 #2 SMP Mon Feb 25 17:43:37 PST 2019 x86_64 x86_64 x86_64 GNU/Linux




[opc@vmlinuxmachine ~]$ date

Tue Apr 23 11:03:45 GMT 2019

[opc@vmlinuxmachine ~]$

 

So we finished the fourth part of the series of articles about Oracle Autonomous Database in Oracle Cloud for DevOps. In the next article we will continue to create microservices using Docker and the connection of a JAVA application with the database created in the cloud.
 
References:
 
https://docs.cloud.oracle.com/iaas/Content/GSG/Tasks/creatingnetwork.htm
 
https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/compute-iaas/creating_an_instance_using_the_web_console/creating_an_instance_using_the_web_console.html

 

 

Bruno Reis da Silva is a Database Cloud Support Engineer and professionally Certified Oracle Database Administrator who has worked on the South American continent and is now working at the European continent. He was awarded the first Oracle Ace Associate of Hungary in 2017. His interests are in RDBMS, mainly Oracle, operating systems (Linux, AIX, HPUX and Solaris) and High Availability Solutions implementations. In his free time he enjoys playing sports , going to the gym and traveling. His blog www.techdatabasket.com is dedicated to his sister Laura Vitoria and the main reason for blogging is because he believes in the quote “giving back to get back” . He also enjoys continuous learning and the interaction with others who share his interest.

 

 

Carlos Magno de Andrade Júnior is an  Database Architect at eProseed Europe, with more than 15 years of experience in Oracle database on complex projects in countries such as Brazil , India , the Netherlands, Luxembourg , France and Italy, having worked in companies such as Oracle Corporation, IBM, HSBC, among others. Also shares information on his blog ezdba.wordpress.com. Certifications : OCM 12c OCP 10g , 11g OCP , OCP 12c, OCE RAC , Exadata , ITIL and OEM 12c Cloud Control Implementation Specialist.


Webinar – Flashback in PDB
Category: Database Author: Andre Luiz Dutra Ontalba (Board Member) Date: 6 years ago Comments: 0

Webinar - Flashback PDB in Oracle Database

Hi guys !!

Today we had our Webinar and we are posting the webinar here for you.

 
 

Follow the link in the PDF presentation: Click here

 

See you next time.

André Ontalba – Board Member


Configuring Oracle Transparent Data Encryption (TDE) on Oracle 12c multitenant architecture
Category: Database Author: Andre Luiz Dutra Ontalba (Board Member) Date: 6 years ago Comments: 0

Configuring Oracle Transparent Data Encryption (TDE)
on Oracle 12c multitenant architecture

To configure TDE on Oracle 12c multitenant architecture we need to execute some steps in order to
be able to create encrypted tablespaces on Oracle, for example.

 

1) Adjust the sqlnet.ora file to refer your wallet path

 

[oracle@db1 admin]$ cat sqlnet.ora 
ENCRYPTION_WALLET_LOCATION= 
(SOURCE= 
(METHOD=FILE) 
(METHOD_DATA= 
(DIRECTORY=/u01/app/oracle/CDB1)
) 
)
2) Create the folder on OS side

 

[oracle@db1 admin]$ mkdir -p /u01/app/oracle/CDB1
3) Log into database using the role syskm, create the keystore and the auto login keystore

 

[oracle@db1 admin]$ sqlplus / as syskm




SQL*Plus: Release 12.1.0.2.0 Production on Tue Jul 30 13:42:13 2019

Copyright (c) 1982, 2014, Oracle. All rights reserved.

Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

SQL> administer key management create keystore '/u01/app/oracle/CDB1' identified by oracle;

keystore altered.

SQL> 
SQL> 
SQL> ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE '/u01/app/oracle/CDB1' IDENTIFIED BY oracle;

keystore altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID 
------------ --------------------------------- ---------------------- -------------- ----------------------- -----------
FILE /u01/app/oracle/CDB1/ OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNDEFINED 0

4) Bounce the database to see if AUTO_LOGIN keystore is working correctly

 

SQL> connect / as sysdba 
Connected. 
SQL> shut immediate; 
Database closed. 
Database dismounted. 
startup 
ORACLE instance shut down. 
SQL> ORACLE instance started.




Total System Global Area 1660944384 bytes
Fixed Size 2925072 bytes
Variable Size 1040190960 bytes
Database Buffers 603979776 bytes
Redo Buffers 13848576 bytes
Database mounted. 
Database opened.

SQL> select * from v$encryption_wallet;

WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID 
------------ --------------------------------- ---------------------- -------------- ----------------------- -----------
FILE /u01/app/oracle/CDB1/ OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNDEFINED 0

Obs.: The first time, you need to set the masterkey to avoid this status and errors with the key not open properly.

 

SQL> alter pluggable database all open;

Pluggable database altered.

SQL> show pdbs

CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO 
3 PDB2 READ WRITE NO 
4 PD3 READ WRITE NO


5) Let’s setup the masterkey on the keystore

 

SQL> conn / as sysdba
Connected. 
SQL> grant dba,syskm to C##dba identified by oracle container=ALL;




Grant succeeded.

SQL> administer key management set keystore close container=all;

keystore altered.

SQL> administer key management set keystore open identified by oracle container=all;

keystore altered.

 

6) On pluggable database, connected with common user C##DBA, let’s set the key for all pdbs.
 


SQL> conn c##dba/oracle@db1:1521/PD3 as syskm;
Connected. 
SQL> 
SQL> conn / as sysdba
Connected. 
SQL> administer key management set key identified by oracle with backup using 'OMK' container=ALL;

keystore altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID 
------------ --------------------------------- ---------------------- -------------- ----------------------- -----------
FILE /u01/app/oracle/CDB1/ OPEN PASSWORD SINGLE NO 0

As you can see above, now the status is OPEN (by password)
7) Connected on PD3 as common user C##DBA and now we can create our tablespace

 

SQL> conn c##dba/oracle@db1:1521/PD3; 
Connected.




SQL> create tablespace OCM_CRYP 
2 datafile '/u01/app/oracle/oradata/CDB1/8DE664DD797442E9E055000000000001/datafile/OCM.DBF' 
3 size 10m 
4 encryption using 'AES256' 
5 default storage(ENCRYPT);

Tablespace created.

 

So, this is the new way for 12c to management keys for encryption on database.
 
I hope this helps you!!!
 
This article was written by Andre Ontalba e Rodrigo Mufalani
 
Disclaimer: “The postings on this site are my own and don’t necessarily represent may actual employer positions, strategies or opinions. The information here was edited  to be useful for general purpose, specific data and identifications was removed to allow reach generic audience and to be useful.”

 


Exadata – Advanced Intrusion Detection Environment (AIDE)
Category: Engineer System Author: Rodrigo Mufalani (Board Member) Date: 6 years ago Comments: 0

Exadata – Advanced Intrusion Detection Environment (AIDE)

Few days ago, we have upgrade one Exadata environment to 19c version. One of new features named AIDE – Advanced Intrusion Detection Environment was introduced on this release of Exadata software, it came pre-configured. This feature is really awesome, and call my attention, because it tracks if the system files were modified and then helps the DMA (Database Machine Administrator) to find issues and security breaches on their environments. AIDE run crontab jobs daily and monitor if files changes in specific directories. If some files changes, it raise an alert and generate logs on /var/log/aide/aide.log.

 

On Oracle documentation:
exadataAIDE Syntax
The utility is located at /opt/oracle.SupportTools/exadataAIDE.
1
exadataAIDE [-s|-status] [-e|enable] [-d|disable] [-u|-update] [-h|help]
Description of syntax options:
  • -s[tatus] : Print the current status of the AIDE daily cron job
  • -e[nable] : Enable the AIDE daily cron job
  • -d[isable] : Disable the AIDE daily cron job
  • -u[pdate] : Update the AIDE database metadata and run the daily scan
  • -h[elp] : Print the command syntax and help information
  • Get the current status of the aide cron job.exadataAIDE –status
  • Disable the daily AIDE scan.exadataAIDE –disable
  • Enable the daily AIDE scan.exadataAIDE –enable
  • Update the AIDE database after making changes to the system.exadataAIDE –update
Let’s take a look on the “warning file” generated by AIDE.
 [root@myexa01 ~]# cat /var/log/aide/aide.log
 AIDE 0.15.1 found differences between database and filesystem!!
 Start timestamp: 2019-07-21 19:57:20
 Summary:
   Total number of files:        55788
   Added files:                  0
   Removed files:                0
   Changed files:                2
 
 Changed files:
 changed: /home/oracle/monitor/check_compliance
 changed: /home/oracle/monitor/check_oracle
 
 Detailed information about changes:
 File: /home/oracle/monitor/check_listener
  SHA256   : AnuG4ldrP0yB15r/3nOGN+nrnW18391+ , wqPj5hnOIl1HGK7f85/E+0tWGYvEKbH5
 File: /home/oracle/monitor/check_oracle
  SHA256   : t6zk+jufuBfia/YCNHS1WqJt/GPW8xSX , Xk3ZkzP/YpT2jbKvjORsRF3TfoCteY8Z
After that alert, for our environment we need to add an exception for a specific directory by the end of the file:
[root@myexa01 ~]# vi /etc/aide.conf

#Add one Exception for monitoring directory
!/home/oracle/monitor/
Then we need to rebuild the database for AIDE, the DB is located at /var/lib/aide/aide.db.gz
[root@myexa01 ~]# /opt/oracle.SupportTools/exadataAIDE -u
 AIDE: database update request accepted.
Then, we need to clen the alerts raised. To cleanup we use dbmcli utility
[root@myexa01 ~]# dbmcli
 DBMCLI> LIST ALERTHISTORY
          1_1     2019-07-20T18:24:29+02:00       warning         "Advanced Intrusion Detection Environment (AIDE) detected potential changes to software on this system. The changes are in /var/log/aide/aide.log "
          1_2     2019-07-22T09:14:55+02:00       clear           "Advanced Intrusion Detection Environment (AIDE) violation has been cleared."
 
DBMCLI> drop alerthistory 1_1, 1_2
 Alert 1_1 successfully dropped
 Alert 1_2 successfully dropped
To check more this secutiry framework on Exadata, please refer:
https://docs.oracle.com/en/engineered-systems/exadata-database-machine/dbmsq/exadata-security-practices.html#GUID-74FF1D0C-59F2-4F02-B648-34048AC02C31

 

 

 

All the Best,
Rodrigo Mufalani

 

Disclaimer: “The postings on this site are my own and don’t necessarily represent may actual employer positions, strategies or opinions. The information here was edited  to be useful for general purpose, specific data and identifications was removed to allow reach generic audience and to be useful.”


1 22 23 24 25 26 32
LUXOUG – LUXEMBOURG ORACLE USERS GROUP
© 2025 LUXOUG – LUXEMBOURG ORACLE USERS GROUP