martinberger.com

Latest Posts

Oracle Enterprise Manager EM13c – My Oracle Support is back!

Author: Martin Berger 12. July 2020

Since a few weeks, the online connection in Oracle Enterprise Manager EM13c to My Oracle Support was broken. This resulted in errors like Error occurred when sending request to My Oracle Support, for example when you tried to set the My Oracle Support credentials in a fresh EM13c setup. Existing configurations were not able to get newest patch information anymore. Oracle has documented it in the note Recent Changes to MOS will Disable Enterprise Manager Online Connections (Doc ID 2664002.1).

Screenshot when trying to set MOS credentials in a new EM13c RU4 setup:

Now there is a fix available for all current EM 13 releases, RU included. For more details see Patch Now Available For Recent Changes to MOS That Disabled Enterprise Manager Online Connections (Doc ID 2678494.1). Here is the installation of the patch for an Oracle Enterprise Manager EM13c Release 4 RU2 without using a property file (optional). The patch is transferred to target OMS server and extracted in directory /u01/app/oracle/stage/31233849.

oracle@kestenholz:/u01/app/oracle/stage/ [em13cr4] ll
total 424
drwxr-xr-x 3 oracle oinstall 92 Jul 12 23:00 .
drwxr-xr-x. 13 oracle dba 4096 May 11 13:03 ..
drwxr-x--- 4 oracle oinstall 76 Jun 22 22:10 31233849
-rw-rw-r-- 1 oracle oinstall 3092 Jul 6 17:24 PatchSearch.xml
-rw-r--r-- 1 oracle oinstall 425127 Jul 12 23:00 p31233849_13400200531Bundle_Generic.zip

oracle@kestenholz:/u01/app/oracle/stage/ [em13cr4] ll

total 424

drwxr-xr-x 3 oracle oinstall 92 Jul 12 23:00 .

drwxr-xr-x. 13 oracle dba 4096 May 11 13:03 ..

drwxr-x--- 4 oracle oinstall 76 Jun 22 22:10 31233849

-rw-rw-r-- 1 oracle oinstall 3092 Jul 6 17:24 PatchSearch.xml

-rw-r--r-- 1 oracle oinstall 425127 Jul 12 23:00 p31233849_13400200531Bundle_Generic.zip

Stop OMS

oracle@kestenholz:/u01/app/oracle/stage/ [em13cr4] emctl stop oms

1	oracle@kestenholz:/u01/app/oracle/stage/ [em13cr4] emctl stop oms

Validate Patch Apply

oracle@kestenholz:/u01/app/oracle/stage/ [em13cr4] cd /u01/app/oracle/stage/31233849

oracle@kestenholz:/u01/app/oracle/stage/31233849/ [em13cr4] $ORACLE_HOME/OMSPatcher/omspatcher apply -analyze
OMSPatcher Automation Tool
Copyright (c) 2017, Oracle Corporation. All rights reserved.


OMSPatcher version : 13.9.4.1.0
OUI version : 13.9.4.0.0
Running from : /u01/app/oracle/product/em13cr4
Log file location : /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/opatch2020-07-12_23-01-08PM_1.log

OMSPatcher log file: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/31233849/omspatcher_2020-07-12_23-01-13PM_analyze.log

Please enter OMS weblogic admin server URL(t3s://kestenholz.martinberger.local:7102):>
Please enter OMS weblogic admin server username(weblogic):>
Please enter OMS weblogic admin server password:>

Configuration Validation: Success


Running apply prerequisite checks for sub-patch(es) "31233849" and Oracle Home "/u01/app/oracle/product/em13cr4"...
Sub-patch(es) "31233849" are successfully analyzed for Oracle Home "/u01/app/oracle/product/em13cr4"


Complete Summary
================


All log file names referenced below can be accessed from the directory "/u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/2020-07-12_23-01-08PM_SystemPatch_31233849_1"

Prerequisites analysis summary:
-------------------------------

The following sub-patch(es) are applicable:

Featureset Sub-patches Log file
---------- ----------- --------
oracle.sysman.top.oms 31233849 31233849_opatch2020-07-12_23-01-13PM_1.log

Log file location: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/31233849/omspatcher_2020-07-12_23-01-13PM_analyze.log

OMSPatcher succeeded.

oracle@kestenholz:/u01/app/oracle/stage/ [em13cr4] cd /u01/app/oracle/stage/31233849

oracle@kestenholz:/u01/app/oracle/stage/31233849/ [em13cr4] $ORACLE_HOME/OMSPatcher/omspatcher apply -analyze

OMSPatcher Automation Tool

OMSPatcher version : 13.9.4.1.0

OUI version : 13.9.4.0.0

Running from : /u01/app/oracle/product/em13cr4

Log file location : /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/opatch2020-07-12_23-01-08PM_1.log

OMSPatcher log file: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/31233849/omspatcher_2020-07-12_23-01-13PM_analyze.log

Please enter OMS weblogic admin server URL(t3s://kestenholz.martinberger.local:7102):>

Please enter OMS weblogic admin server username(weblogic):>

Please enter OMS weblogic admin server password:>

Configuration Validation: Success

Running apply prerequisite checks for sub-patch(es) "31233849" and Oracle Home "/u01/app/oracle/product/em13cr4"...

Sub-patch(es) "31233849" are successfully analyzed for Oracle Home "/u01/app/oracle/product/em13cr4"

Complete Summary

================

All log file names referenced below can be accessed from the directory "/u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/2020-07-12_23-01-08PM_SystemPatch_31233849_1"

Prerequisites analysis summary:

-------------------------------

The following sub-patch(es) are applicable:

Featureset Sub-patches Log file

---------- ----------- --------

oracle.sysman.top.oms 31233849 31233849_opatch2020-07-12_23-01-13PM_1.log

Log file location: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/31233849/omspatcher_2020-07-12_23-01-13PM_analyze.log

OMSPatcher succeeded.

Patch Apply

oracle@kestenholz:/u01/app/oracle/stage/31233849/ [em13cr4] $ORACLE_HOME/OMSPatcher/omspatcher apply
OMSPatcher Automation Tool
Copyright (c) 2017, Oracle Corporation. All rights reserved.


OMSPatcher version : 13.9.4.1.0
OUI version : 13.9.4.0.0
Running from : /u01/app/oracle/product/em13cr4
Log file location : /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/opatch2020-07-12_23-03-23PM_1.log

OMSPatcher log file: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/31233849/omspatcher_2020-07-12_23-03-27PM_deploy.log

Please enter OMS weblogic admin server URL(t3s://kestenholz.martinberger.local:7102):>
Please enter OMS weblogic admin server username(weblogic):>
Please enter OMS weblogic admin server password:>

Configuration Validation: Success


Running apply prerequisite checks for sub-patch(es) "31233849" and Oracle Home "/u01/app/oracle/product/em13cr4"...
Sub-patch(es) "31233849" are successfully analyzed for Oracle Home "/u01/app/oracle/product/em13cr4"

To continue, OMSPatcher will do the following:
[Patch and deploy artifacts] : Apply sub-patch(es) [ 31233849 ]
Apply RCU artifact with patch "/u01/app/oracle/product/em13cr4/.omspatcher_storage/31233849_Jun_22_2020_22_08_35/original_patch";
Register MRS artifact "omsPropertyDef"


Do you want to proceed? [y|n]
y
User Responded with: Y

Applying sub-patch(es) "31233849"
Please monitor log file: /u01/app/oracle/product/em13cr4/cfgtoollogs/opatch/opatch2020-07-12_23-03-27PM_1.log


Updating repository with RCU reference file "/u01/app/oracle/product/em13cr4/.omspatcher_storage/31233849_Jun_22_2020_22_08_35/original_patch"

Registering service "omsPropertyDef" with register file "/u01/app/oracle/product/em13cr4/sysman/metadata/omsProperties/definition/MosOMSPropDefinition.xml" for plugin id as "core"...
Please monitor log file: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/2020-07-12_23-03-23PM_SystemPatch_31233849_1/emctl_register_omsPropertyDef_2020-07-12_23-06-34PM.log


Complete Summary
================


All log file names referenced below can be accessed from the directory "/u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/2020-07-12_23-03-23PM_SystemPatch_31233849_1"

Patching summary:
-----------------

Binaries of the following sub-patch(es) have been applied successfully:

Featureset Sub-patches Log file
---------- ----------- --------
oracle.sysman.top.oms_13.4.0.0.0 31233849 31233849_opatch2020-07-12_23-03-27PM_1.log

Deployment summary:
-------------------

The following artifact(s) have been successfully deployed:

Artifacts Log file
--------- --------
SQL rcu_applypatch_original_patch_2020-07-12_23-06-16PM.log
MRS-omsPropertyDef emctl_register_omsPropertyDef_2020-07-12_23-06-34PM.log


Log file location: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/31233849/omspatcher_2020-07-12_23-03-27PM_deploy.log

OMSPatcher succeeded.

oracle@kestenholz:/u01/app/oracle/stage/31233849/ [em13cr4] $ORACLE_HOME/OMSPatcher/omspatcher apply

OMSPatcher Automation Tool

OMSPatcher version : 13.9.4.1.0

OUI version : 13.9.4.0.0

Running from : /u01/app/oracle/product/em13cr4

Log file location : /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/opatch2020-07-12_23-03-23PM_1.log

OMSPatcher log file: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/31233849/omspatcher_2020-07-12_23-03-27PM_deploy.log

Please enter OMS weblogic admin server URL(t3s://kestenholz.martinberger.local:7102):>

Please enter OMS weblogic admin server username(weblogic):>

Please enter OMS weblogic admin server password:>

Configuration Validation: Success

Running apply prerequisite checks for sub-patch(es) "31233849" and Oracle Home "/u01/app/oracle/product/em13cr4"...

Sub-patch(es) "31233849" are successfully analyzed for Oracle Home "/u01/app/oracle/product/em13cr4"

To continue, OMSPatcher will do the following:

[Patch and deploy artifacts] : Apply sub-patch(es) [ 31233849 ]

Apply RCU artifact with patch "/u01/app/oracle/product/em13cr4/.omspatcher_storage/31233849_Jun_22_2020_22_08_35/original_patch";

Do you want to proceed? [y|n]

User Responded with: Y

Applying sub-patch(es) "31233849"

Please monitor log file: /u01/app/oracle/product/em13cr4/cfgtoollogs/opatch/opatch2020-07-12_23-03-27PM_1.log

Updating repository with RCU reference file "/u01/app/oracle/product/em13cr4/.omspatcher_storage/31233849_Jun_22_2020_22_08_35/original_patch"

Registering service "omsPropertyDef" with register file "/u01/app/oracle/product/em13cr4/sysman/metadata/omsProperties/definition/MosOMSPropDefinition.xml" for plugin id as "core"...

Please monitor log file: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/2020-07-12_23-03-23PM_SystemPatch_31233849_1/emctl_register_omsPropertyDef_2020-07-12_23-06-34PM.log

Complete Summary

================

All log file names referenced below can be accessed from the directory "/u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/2020-07-12_23-03-23PM_SystemPatch_31233849_1"

Patching summary:

-----------------

Binaries of the following sub-patch(es) have been applied successfully:

Featureset Sub-patches Log file

---------- ----------- --------

oracle.sysman.top.oms_13.4.0.0.0 31233849 31233849_opatch2020-07-12_23-03-27PM_1.log

Deployment summary:

-------------------

The following artifact(s) have been successfully deployed:

Artifacts Log file

--------- --------

SQL rcu_applypatch_original_patch_2020-07-12_23-06-16PM.log

MRS-omsPropertyDef emctl_register_omsPropertyDef_2020-07-12_23-06-34PM.log

Log file location: /u01/app/oracle/product/em13cr4/cfgtoollogs/omspatcher/31233849/omspatcher_2020-07-12_23-03-27PM_deploy.log

OMSPatcher succeeded.

Start OMS

oracle@kestenholz:/u01/app/oracle/stage/31233849/ [em13cr4] emctl start oms
Oracle Enterprise Manager Cloud Control 13c Release 4
Copyright (c) 1996, 2020 Oracle Corporation. All rights reserved.
Starting Oracle Management Server...
WebTier Successfully Started
Oracle Management Server Successfully Started
Oracle Management Server is Up
JVMD Engine is Up

oracle@kestenholz:/u01/app/oracle/stage/31233849/ [em13cr4] emctl start oms

Oracle Enterprise Manager Cloud Control 13c Release 4

Starting Oracle Management Server...

WebTier Successfully Started

Oracle Management Server Successfully Started

Oracle Management Server is Up

JVMD Engine is Up

New try to set My Oracle Support Credentials – MOS is back!

Et voilà

MOS is back, take care if you use a proxy or a firewall – a new URL has to be whitelisted: https://oauth-e.oracle.com !

EM13c Cloud Control, Oracle Tools, TrivadisContent

Install Oracle 19c RDBMS on Oracle Linux 8 – avoid [WARNING] [INS-08101] Unexpected error while executing the action at state: ‘supportedOSCheck’

Author: Martin Berger 18. May 2020

Oracle RDBMS 19c is now certified on Oracle Linux 8. Unfortunately the Oracle Universal Installer in Silent Mode fails when checking the OS version. My OS release:

[oracle@olten dbhome_1]$ cat /etc/oracle-release
Oracle Linux Server release 8.2

1 2	[oracle@olten dbhome_1]$ cat /etc/oracle-release Oracle Linux Server release 8.2

Oracle Universal Installer in Silent Mode

The OUI installer in silent mode stops and shows this error message: [WARNING] [INS-08101] Unexpected error while executing the action at state: ‘supportedOSCheck’. There is no parameter available like -ignoreOS or whatever, but two workarounds.

[oracle@olten dbhome_1]$ ./runInstaller -ignorePrereq -waitforcompletion -silent \
-responseFile /u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_install.rsp \
oracle.install.option=INSTALL_DB_SWONLY \
> -responseFile /u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_install.rsp \
> oracle.install.option=INSTALL_DB_SWONLY \
> ORACLE_HOSTNAME=mohnweg.kestenholz.net \
> UNIX_GROUP_NAME=oinstall \
> INVENTORY_LOCATION=/u01/app/oraInventory \
> SELECTED_LANGUAGES=en,en_GB \
> ORACLE_HOME=/u01/app/oracle/product/19.0.0/dbhome_1 \
> ORACLE_BASE=/u01/app/oracle \
> oracle.install.db.InstallEdition=EE \
> oracle.install.db.OSDBA_GROUP=dba \
> oracle.install.db.OSBACKUPDBA_GROUP=dba \
> oracle.install.db.OSDGDBA_GROUP=dba \
> oracle.install.db.OSKMDBA_GROUP=dba \
> oracle.install.db.OSRACDBA_GROUP=dba \
> SECURITY_UPDATES_VIA_MYORACLESUPPORT=false \
> DECLINE_SECURITY_UPDATES=true
Launching Oracle Database Setup Wizard...

[WARNING] [INS-08101] Unexpected error while executing the action at state: 'supportedOSCheck'
CAUSE: No additional information available.
ACTION: Contact Oracle Support Services or refer to the software manual.
SUMMARY:
- java.lang.NullPointerException
Moved the install session logs to:
/u01/app/oraInventory/logs/InstallActions2020-05-18_09-48-44AM

[oracle@olten dbhome_1]$ ./runInstaller -ignorePrereq -waitforcompletion -silent \

-responseFile /u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_install.rsp \

oracle.install.option=INSTALL_DB_SWONLY \

> -responseFile /u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_install.rsp \

> oracle.install.option=INSTALL_DB_SWONLY \

> ORACLE_HOSTNAME=mohnweg.kestenholz.net \

> UNIX_GROUP_NAME=oinstall \

> INVENTORY_LOCATION=/u01/app/oraInventory \

> SELECTED_LANGUAGES=en,en_GB \

> ORACLE_HOME=/u01/app/oracle/product/19.0.0/dbhome_1 \

> ORACLE_BASE=/u01/app/oracle \

> oracle.install.db.InstallEdition=EE \

> oracle.install.db.OSDBA_GROUP=dba \

> oracle.install.db.OSBACKUPDBA_GROUP=dba \

> oracle.install.db.OSDGDBA_GROUP=dba \

> oracle.install.db.OSKMDBA_GROUP=dba \

> oracle.install.db.OSRACDBA_GROUP=dba \

> SECURITY_UPDATES_VIA_MYORACLESUPPORT=false \

> DECLINE_SECURITY_UPDATES=true

Launching Oracle Database Setup Wizard...

[WARNING] [INS-08101] Unexpected error while executing the action at state: 'supportedOSCheck'

CAUSE: No additional information available.

ACTION: Contact Oracle Support Services or refer to the software manual.

SUMMARY:

- java.lang.NullPointerException

Moved the install session logs to:

/u01/app/oraInventory/logs/InstallActions2020-05-18_09-48-44AM

Workaround 1

Set the OS parameter in your terminal to a previous version and re-start the Oracle Universal Installer.

export CV_ASSUME_DISTID=OEL7.8

1	export CV_ASSUME_DISTID=OEL7.8

Workaround 2

Edit the file cvu_config which is located in $ORACLE_HOME/cv/admin, change the line from

# Fallback to this distribution id
#CV_ASSUME_DISTID=OEL5

1 2	# Fallback to this distribution id #CV_ASSUME_DISTID=OEL5

# Fallback to this distribution id
CV_ASSUME_DISTID=OEL7.8

1 2	# Fallback to this distribution id CV_ASSUME_DISTID=OEL7.8

Save the file and re-start the Oracle Universal Installer.

Et voilà

Some moments later… the WARNING message about the inventory can be ignored. OUI has created there some files from the previous attempt.

Launching Oracle Database Setup Wizard...

[WARNING] [INS-32047] The location (/u01/app/oraInventory) specified for the central inventory is not empty.
   ACTION: It is recommended to provide an empty location for the inventory.
The response file for this session can be found at:
 /u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_2020-05-18_10-04-19AM.rsp

You can find the log of this install session at:
 /tmp/InstallActions2020-05-18_10-04-19AM/installActions2020-05-18_10-04-19AM.log

As a root user, execute the following script(s):
        1. /u01/app/oraInventory/orainstRoot.sh
        2. /u01/app/oracle/product/19.0.0/dbhome_1/root.sh

Execute /u01/app/oraInventory/orainstRoot.sh on the following nodes:
[olten]
Execute /u01/app/oracle/product/19.0.0/dbhome_1/root.sh on the following nodes:
[olten]


Successfully Setup Software.
Moved the install session logs to:
 /u01/app/oraInventory/logs/InstallActions2020-05-18_10-04-19AM

Launching Oracle Database Setup Wizard...

[WARNING] [INS-32047] The location (/u01/app/oraInventory) specified for the central inventory is not empty.

ACTION: It is recommended to provide an empty location for the inventory.

The response file for this session can be found at:

/u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_2020-05-18_10-04-19AM.rsp

You can find the log of this install session at:

/tmp/InstallActions2020-05-18_10-04-19AM/installActions2020-05-18_10-04-19AM.log

As a root user, execute the following script(s):

1. /u01/app/oraInventory/orainstRoot.sh

2. /u01/app/oracle/product/19.0.0/dbhome_1/root.sh

Execute /u01/app/oraInventory/orainstRoot.sh on the following nodes:

[olten]

Execute /u01/app/oracle/product/19.0.0/dbhome_1/root.sh on the following nodes:

[olten]

Successfully Setup Software.

Moved the install session logs to:

/u01/app/oraInventory/logs/InstallActions2020-05-18_10-04-19AM

Oracle Universal Installer in GUI Mode

In the OUI Graphical User Interface you can ignore the message which occurs when the installer starts:

Summary

The installation of the RDBMS software by GUI is not my favourite. I try to use the silent method whenever it’s possible. And with a small workaround, this can be successfully done with 19c on OL8.

19c, Oracle Linux

Oracle Cloud Infrastructure and SSH Keys – Jump!

Author: Martin Berger 27. April 2020

Jump!

In our Trivadis Oracle Cloud Infrastructure training environments, we never use direct access to an application or database server by a public IP address. For this case, we use an Oracle Linux based bastion host which acts as a jump host. For security reasons, I never put any SSH keys on a bastion host to connect from there to the target instances. If your bastion host is compromitted, your SSH keys are lost! In one of the last trainings, some participants had problems with. So I decided to blog about. This blog post shows you the different methods to connect to an Oracle Cloud Infrastructure private/public network by using a bastion host.

SSH Keys

Oracle Cloud Infrastructure Linux based offerings like compute instances and virtual machines for databases are accessible by SSH key as per default. For working with these machines, I use these three types of SSH keys:

id_rsa_oci – Private key generated by ssh-keygen
id_rsa_oci.pub – Public key generated by ssh-keygen
id_rsa_oci.ppk – Puttygen-converted private key

This gives me the flexibility, to connect to running OCI instances on different ways like Putty, MobaXterm, Windows Subsystem for Linux, WinSCP etc.

Oracle Cloud Infrastructure Sample Setup

Host	Public IP	Private IP	Accessible by
Bastion Host	140.238.216.114	10.0.0.2	SSH
Windows Application Server		10.0.1.2	RDP
Oracle Database Server		10.0.2.2	SSH

Reminder: In OCI only SSH port 22 is open in the subnet security lists as per default when the VCN is created by the VCN Wizard. If you want to allow connection from the public to the private subnet by RDP and Oracle Net, then port 3389 and 1521 must be added in the security list for the private subnet. Create stateful ingress rules and restrict the source connections to the bastion host private IP range.

Build your own SSH Tunnel

There different ways to build a SSH (tunnel) configuration to Oracle Cloud Infrastructure instances on a Windows based platform, my favourites:

Windows Subsystem for Linux (WSL)
MobaXterm
Putty

Here are some connection examples how to work with instances in a private subnet via bastion host with this three methods. As a Windows 10 user, for some connections I d’ like to use WSL Ubuntu more and more – now available in version 20 🙂

1. Connect by using Windows Subsystem for Linux (WSL)

Test: Verify the Connection to the Bastion Host public IP Address

$ <strong>ssh -i .ssh/id_rsa_oci opc@140.238.216.114</strong>
Last login: Mon Apr 27 15:47:54 2020 from 139.178.22.30
[opc@bastion-host ~]$ oci-metadata | grep hostname
hostname: bastion-host

$ <strong>ssh -i .ssh/id_rsa_oci opc@140.238.216.114</strong>

Last login: Mon Apr 27 15:47:54 2020 from 139.178.22.30

[opc@bastion-host ~]$ oci-metadata | grep hostname

hostname: bastion-host

Database Server: SSH Connect via Bastion Host

This opens a session on the database server as user opc.

$ <strong>ssh -i .ssh/id_rsa_oci -o ProxyCommand="ssh -i .ssh/id_rsa_oci -W %h:%p opc@140.238.216.114" opc@10.0.2.2</strong>
Last login: Mon Apr 27 15:51:32 2020 from 10.0.0.2
[opc@dbsrv01 ~]$ sudo su - oracle
Last login: Mon Apr 27 15:51:47 UTC 2020 on pts/0
[oracle@dbsrv01 ~]$ . oraenv
ORACLE_SID = [DB0427] ?
The Oracle base has been set to /u01/app/oracle
[oracle@dbsrv01 ~]$ sqlplus / as sysdba

SQL*Plus: Release 19.0.0.0.0 - Production on Mon Apr 27 15:52:14 2020
Version 19.6.0.0.0

Copyright (c) 1982, 2019, Oracle. All rights reserved.


Connected to:
Oracle Database 19c Standard Edition 2 Release 19.0.0.0.0 - Production
Version 19.6.0.0.0

SQL> show pdbs

CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PDB01 READ WRITE NO

$ <strong>ssh -i .ssh/id_rsa_oci -o ProxyCommand="ssh -i .ssh/id_rsa_oci -W %h:%p opc@140.238.216.114" opc@10.0.2.2</strong>

Last login: Mon Apr 27 15:51:32 2020 from 10.0.0.2

[opc@dbsrv01 ~]$ sudo su - oracle

Last login: Mon Apr 27 15:51:47 UTC 2020 on pts/0

[oracle@dbsrv01 ~]$ . oraenv

ORACLE_SID = [DB0427] ?

The Oracle base has been set to /u01/app/oracle

[oracle@dbsrv01 ~]$ sqlplus / as sysdba

SQL*Plus: Release 19.0.0.0.0 - Production on Mon Apr 27 15:52:14 2020

Version 19.6.0.0.0

Connected to:

Oracle Database 19c Standard Edition 2 Release 19.0.0.0.0 - Production

Version 19.6.0.0.0

SQL> show pdbs

CON_ID CON_NAME OPEN MODE RESTRICTED

---------- ------------------------------ ---------- ----------

2 PDB$SEED READ ONLY NO

3 PDB01 READ WRITE NO

Database Server: Create a new SSH Tunnel to forward port 1521 as port 15210

This opens a connection to the bastion host.

$ ssh -i .ssh/id_rsa_oci -A -L 15210:10.0.2.2:1521 opc@140.238.216.114
Last login: Mon Apr 27 15:48:23 2020 from 139.178.22.30
[opc@bastion-host ~]$

$ ssh -i .ssh/id_rsa_oci -A -L 15210:10.0.2.2:1521 opc@140.238.216.114

Last login: Mon Apr 27 15:48:23 2020 from 139.178.22.30

[opc@bastion-host ~]$

Database Server: Connect to the Database by SQL Developer

Use port 15210 and localhost as hostname.

Verify the Oracle Net service name from the DBA panel menu.

Application Server: Create a new SSH Tunnel to forward port 3389 as port 33890

This opens a connection to the bastion host.

$ ssh -i .ssh/id_rsa_oci -A -L 33890:10.0.1.2:3389 opc@140.238.216.114
Last login: Mon Apr 27 15:48:23 2020 from 139.178.22.30
[opc@bastion-host ~]$

$ ssh -i .ssh/id_rsa_oci -A -L 33890:10.0.1.2:3389 opc@140.238.216.114

Last login: Mon Apr 27 15:48:23 2020 from 139.178.22.30

[opc@bastion-host ~]$

Application Server: Connect to the Windows Desktop by Remote Desktop Connection

Use port 33890 and localhost as hostname.

2. Connect by using MobaXterm

Database Server: SSH Connect via Bastion Host

This opens a session ion the database server as user opc.

Fill in Remote Host, Specify username and Port. Activate Use private key and select the local private SSH key in Putty format.

Activate Connect through SSH gateway, fill in Gateway SSH server, Port, User. Activate Use private key and select the local private SSH key in Putty format.

Start the session.

As you can see in the MobaXterm Header, X-Forwarding works too.

Database Server: Create a new SSH Tunnel to forward port 1521 as port 15210

Open MobaXterm Tunneling menu and add a New SSH tunnel. Fill in Forwarded port, Remote server, Remote port, SSH server, SSH login and SSH port. Save the tunnel settings. For an application server tunnel, just replace Remote server, Remote port and Forwared port settings.

Add the private SSH key in Putty format by click on the key icon. Start the tunnel.

Database Server: Connect to the Database by SQL Developer

Use port 15210 and localhost as hostname.

Verify the database control file settings from the DBA panel menu.

3. Connect by using Putty

Database Server: SSH Connect via Bastion Host

As prerequisite, I have created a Putty session called OCI Bastion Host for the jump host connection with the SSH private key in Putty format and user opc. This session is now used as Proxy.

Fill in database server private IP. The red one is the already existing session.

Add proxy command and save session settings. Optioanl enable proxy diagnostics.

plink "OCI Bastion Host" -agent -nc %host:%port

1	plink "OCI Bastion Host" -agent -nc %host:%port

Open the new created session to connect to database server with user opc.

Application Server: Create a new SSH Tunnel to forward port 3389 as port 33890

This opens a connection to the bastion host. Fill in bastion host public IP.

Add private key file in Putty format and enable checkbox Allow agent forwarding.

Add a port forwarding rule for RDP. Save session.

Open the new created session to enable port forwarding for Remote Desktop Protocol.

Application Server: Connect to the Windows Desktop by Remote Desktop Connection

Use port 33890 and localhost as hostname.

Alternative Method – Start Putty from Command Line

Start Putty with the port forwarding settings by command line. This opens a Putty session and port 3389 can be used. No addtional settings are required.

C:\> putty.exe -ssh -A -i C:\oci\ssh\id_rsa_oci.ppk -L 33890:10.0.1.2:3389 opc@140.238.216.114

1	C:\> putty.exe -ssh -A -i C:\oci\ssh\id_rsa_oci.ppk -L 33890:10.0.1.2:3389 opc@140.238.216.114

Summary

A bastion host is an “easy-to-setup” alternative to a VPN connection without any huge infrastructure overhead. There are several ways how to connect & tunnel to the target servers. Use the method which are you familiar with it, but NEVER place SSH keys on a bastion host.

And now: click here to make some noise – Jump by Van Halen

Links

Oracle Cloud Infrastructure, Oracle Linux, Oracle RDBMS, TrivadisContent