12c

Oracle Database Backup Service – Encrypt your 12.2 Database Backups to the Cloud

The Oracle RMAN backup encryption is necessary if you want to backup your database into the Oracle cloud. In Oracle 12c, you have three methods available to encrypt an Oracle RMAN backup:

  • with a passphrase
  • with a master encryption key
  • hybrid with a passphrase and an encryption key

On docs.oracle.com, the basic setup is described here: https://docs.oracle.com/en/cloud/paas/db-backup-cloud/csdbb/configuring-encryption-backups.html#GUID-4A1F5CF5-7EAF-4D71-9B7F-B46412F552CE

In this blog post, I show you how to configure your database environment with a master encryption key and a keystore. I use this solution to to backup and recovery to and into the Oracle cloud. And in the cloud, I don’t like to type in passwords manually for every action or write passwords in backup and restore scripts.

There are also some issues reports like in My Oracle Support Note TDE Wallet Problem in 12c: Cannot do a Set Key operation when an auto-login wallet is present (Doc ID 1944507.1).

Here are steps to create an autologin wallet.

Configure SQLNET.ora in $TNS_ADMIN to use a Keystore

Create Keystore as SYSDBA

Open Keystore

The status is set to OPEN_NO_MASTER_KEY.

Set Master Key

Now the master key has to defined. When you have already defined a wallet earlier and deleted the keys,  you have to set the undocumented parameter to set the master key again. This works here too to set the key. Otherwise you get an ORA-28374: typed master key not found in wallet error. See Master Note For Transparent Data Encryption ( TDE ) (Doc ID 1228046.1) for further information.

Now the status is set to OPEN.

Activate Auto Login

Restart the Database

Verify if the keystore is available and WALLET_TYPE is AUTOLOGIN.

Configure RMAN for Encryption

RMAN Backup Test

A simple RMAN controlfile backup into the Oracle cloud (OPC Backup Module is already configured).

Error message if you want to backup into the Oracle cloud and the encryption is not configured correctly:

Backup Verification in V$BACKUP_PIECE – Column ENCRYPTED

Links

http://www.oracle.com/technetwork/database/security/twp-transparent-data-encryption-bes-130696.pdf

http://www.oracle.com/technetwork/database/security/index-095354.html

Install and Configure Oracle Application Express with Oracle REST Data Services and Apache Tomcat

In this article I will show you how you can install and configure Oracle Application Express (APEX) and the Oracle REST Data Service (ORDS), which is running on an Apache Tomcat application server. In previous installations I used the Oracle HTTP server and the extenstion mod_plsq. But this does not work anymore with the newest Oracle HTTP server version. In the Oracle Application Express Installation Guide is written:

mod_plsql is deprecated as of Oracle HTTP Server 12c (12.1.3). For more information, please see My Oracle Support Note 1576588.1. Oracle recommends using Oracle REST Data Services instead.

Oracle REST Data Service is the future – so let’s go to the future.

Installation Steps

  1. Installation and Configuration Oracle Application Express 5.1.1
  2. Installation and Configuration Apache Tomcat 8.5.14
  3. Installation and Configuration Oracle Rest Data Service ORDS 3.0.9

My new architecture what I want to build looks like as described on this picture.  

Source: http://www.oracle.com/technetwork/developer-tools/apex/application-express/apex-deploy-installation-1878444.html

My Environment
  • Red Hat Enterprise Linux Server Release 7.3 – server hostname is neuendorf.jurasuedfuss.coom
  • Oracle Database 12c Standard Edition Release 12.2.0.1.0 – database service name is APEXORDS.jurasuedfuss.com
  • OS Firewall is open for Port 8080
OS Users

I work with two OS users to separate RDBMS and application tasks:

  • oracle – Oracle RDBMS / Listener / Oracle Application Express
  • tomcat – Apache Tomcat / ORDS / Java Development Kit JDK 1.8
Directories
  • Oracle Software: /u01/app/oracle
  • Apache Tomcat / ORDS / JDK: /u01/app/tomcat

1. Installation and Configuration Oracle Application Express 5.1.1 – OS User: oracle

I have downloaded Oracle Application Express here: http://www.oracle.com/technetwork/developer-tools/apex/downloads/download-085147.html . The extracted software is located on the server in  the /tmp directory. For the APEX data I have created a new tablespace called APEX too.

Go to the software location:

Login into the database as SYSDBA:

Execute the installation script:

Set password for ADMIN user / Workspace INTERNAL:

Configure database RESTful services – the passwords for the new created users APEX_LISTENER and APEX_REST_PUBLIC_USER will be used later for the ORDS setup:

Set password for the APEX_PUBLIC_USER and unlock the account:

To avoid the password expiration for the APEX_PUBLIC_USER, I have created a  new profile especially for this user with unlimited password lifetime:

Allow other hosts than the localhost to use the Oracle Application Express installation:

2. Installation and Configuration Apache Tomcat 8.5.14 – OS User: tomcat

Create directory :

Go to directory and extract software  form /tmp:

Two new directories for Apache Tomcat and JDK are created:

To simplify the management with the Apache Tomcat application server, I have added environment variables to the .bash_profile:

Startup Tomcat – after the re-login as OS user tomcat the application server can be started by using the environment variable $CATALINA_HOME.

Verify on command line level if tomcat has started, for example with CURL – HTTP 200 means that the response is OK:

Browser Verification – http://neuendorf.jurasuedfuss.com:

 

Shutdown Tomcat:

Start- / Stop Runlevel Script:

To automate the start/stop – we use a runlevel script. The script has to be created as OS user root. In one of the first lines, I have set a sleep command to be sure that the database is available before the application server starts.

Content:

Add the script to the runlevel environment level 3 and 5:

3. Installation and Configuration Oracle Rest Data Service ORDS 3.0.9 – OS User: tomcat

Create ORDS installation directory:

Extract ORDS from /tmp directory:

Verify directory content:

Create ORDS directory and edit the database configuration template – set hostname and database service name:

Content of my ords_params.properties file:

Set Oracle REST Database Service ORDS configuration directory:

Install Oracle REST Database Service ORDS:

You will be asked for a new password for the database user ORDS_PUBLIC_USER (user will be created by this script), for the already existing users APEX_LISTENER and APEX_REST_PUBLIC_USER and for the SYS password. For ORDS metadata, I have created a new tablespace called ORDS.

The values for database server, hostname and the service name are taken from the configuration file ords_params.properties. Do not start ORDS in standalone mode at the end of the configuration.

You can see the encrypted passwords and the selected tablespaces in the configuration file ords_params.properties:

Optimize the database connection settings – add these lines to the apex.xml configuration file:

Prepare the application server directory for the Oracle Application Express images

Copy the ORDS application ords.war to the Apache Tomcat:

Startup the application server:

Login into  Oracle Application Express – add /ords at the end of the application server URL like http://neuendorf.jurasuedfuss.com:8080/ords:

That’s it – have fun with the Oracle Application Express, Oracle REST Data Services and Tomcat :-). In the next post I will show you how you can secure your installation by change to https/SSL.

Manuals:

Installing Application Express and Configuring Oracle REST Data Services

Tomcat Web Application Deployment

Oracle Application Express Installation Overview

DATABASE PATCH SET UPDATE 12.1.0.2.170117 apply fails – catconInit failed, exiting

Last weekend was patchday. The goal was to apply the patch 24732082 (DATABASE PATCH SET UPDATE 12.1.0.2.170117) to a 12.1.0.2 database on AIX. The OPatch precheck returned no error and OPatch apply was ok. The problem was the post step, the datapatch command failed with the message catconInit failed, exiting.

The solution was described in this My Oracle Support Note: Datapatch fails with „catconInit: database is not open on the default instance“ (Doc ID 2003488.1)

In the glogin.sql file  located in ORACLE_HOME/sqlplus/admin were two lines:

After I have commented out these lines, everything runs ok.

Summary: Two small lines, a big impact.