Latest Posts

Windows 10 WSL 2, Docker and Oracle – a perfect Partnership

I admit it, I was not a friend of Oracle databases running in Docker containers for a long time. My database systems for testing and demo purposes were all running in VMware, Virtual Box or in the Oracle Cloud. But I have used the Windows Subsystem for Linux since beginning, to work with the Oracle Oracle Cloud Infrastructure CLI, Git Integration etc.. And what I really like is the WSL extension for Visual Studio Code which gives me to chance, to edit Ansible Vault files in Windows without any additional Linux based VM running.

With the update of the existing Windows Subsystem for Linux (WSL) architecture to version 2, the Docker Desktop for Windows is now fully integrated and able to run Docker container in WSL as a lightweight VM. Now it’s time to change my mind, why not use Docker to try out new Oracle features, do some development stuff and more?

What to we need to run Oracle databases in WSL 2 Docker Containers?

  1. WSL 2
  2. Docker Desktop for Windows
  3. Docker images with an Oracle Database – I may use the images (oehrlis/docker) from my workmate Stefan Oehrli (oradba.ch)- merci vöumou

This blog post shows you how to setup WSL 2 to run Docker images. Sure, you can use the Oracle provided Docker images or self created images too. But I have verified the Oracle repository today, the Dockerfile version is 19.3.0. And I don’t have the passion, to create new Dockerfiles for example to run 19.8 and download additional RU software.

Installing Windows Subsystem 2 for Linux

Enable Windows Subsystem for Linux basic Functionality

Start Windows PowerShell as Administrator and enable WSL.

Do not restart Windows 10 at the moment.

Activate Windows Subsystem for Linux 2

Check your version before enabling WSL 2, the criteria from the install document must be meet – for example for my x64 platform:

  • Running Windows 10, updated to version 1903 or higher, Build 18362 or higher for x64 systems.

Let’s check it with Windows logo key + R and winver – my version us 1904:

Enable the ‘Virtual Machine Platform’ – this component is required for WSL 2.

Restart the Windows machine. Now wsl.exe is available as command in Power Shell.

Set WSL 2 as default when installing Linux distributions from Microsoft Store like Ubuntu and SLES.

 

 

Getting Windows 10 ready for Docker

Install Docker Desktop for Windows

Run the Docker Desktop Installer executable. Let the checkboxes activated.

Two minutes later.

Start Docker and verify the Availability

After starting the Docker Desktop, you get a notification that Docker is starting. Docker is recognising that WSL is installed.

Docker is now ready to use.

Open a new PowerShell as Administrator and verify if docker and docker-compose are available.

Install Git

Link: https://git-scm.com/download/win

We use Git to checkout the Oracle docker containers later. There are several Git clients for Windows available. I use the one from git-scm.com. Just run the executable. After the successful installation, verify Git availability in PowerShell.

Go for the Oracle Database

Startup the Oracle Docker Image

Before cloning of the Git repository, I created a new directory in my Workplace folder.

Clone Docker Image Repository

The content of my cloned directory Oracle Database 19.0.0.0.

We use Docker Compose here, this makes it very easy to handle networking stuff like port forwarding. Example content of the docker-compose.yml file. In this case, I have not configured the Docker Volume Base, the files for the container are created in a subfolder of the clone directory.

After pulling, let’s start the container with docker-compose.

In the background, the database will be created and configured – example output in Docker Desktop.

SQL Developer Connect

Verify in the Shell if the Oracle database and the listener are running – example output from the Trivadis Toolbox component TVD-Basenv.

Summary

The integration of Docker in Windows Subsystem for Linux is fast and easy to configure. I like the idea to run a lightweight VM inside my existing WSL. In future, before I think about to start a VMware or Virtual Box VM to do some Oracle testing stuff, I will verify if there is Docker image available. And I will definitely spend more time to discover the possibilities of Docker 🙂

Oracle Enterprise Manager 13c Release 4 Update 5 (13.4.0.5) – Time to Patch the OMS

Availability and Information Release Update 13.4.0.5

Since some days, the Release Update 13.4.0.5 for the Oracle Enterprise Manager 13c Release 4 is available in My Oracle Support. Time to update my lab environment.

Note: This blog post describes how to apply the RU on an Oracle Enterprise Manager 13 Release 4 Oracle Management Server which is running on an Oracle Linux 7.6 machine. Applying the RU for agents is not part of of this blog post. For agent patching please visit readme of Patch 31544641: Oracle Enterprise Manager 13c Release 4 Platform Update 5 (13.4.0.5) for Oracle Management Agent.

The RU for the Oracle Management Server is generic and the compressed patch file has the size of 964.6 MB. Useful links for this Release Update like contained fixes and improvements:

From the Patch Readme:

Oracle Enterprise Manager 13c Release 4 Update 5 for Oracle Management Service contains bug fixes, and can be applied on the following:

  • Oracle Management Service 13c Release 4 (13.4.0.0.0)
  • Any Release Update previously released for Oracle Management Service 13c Release 4 (13.4.0.0.0)

OMSPatcher Prerequisites 

OMSPatcher has to be version 13.9.4.1.0 for Enterprise Manager 13.4.0.0.0 – let’s verify it on my OEM environment:

If your OMSPatcher has an older release, take a look here how to update it: EM 13c: How To Upgrade Enterprise Manager 13.4 Cloud Control OMSPatcher Utility to Version 13.9.4.1.0 (Doc ID 2646080.1)

Transfer and extract Release Update

The RU is extracted in the stage directory on the OEM server:

Pre-Check

Run the pre-check to analyze the existing Oracle Enterprise Manager system.

Extract from the OMSPatch logfile, here in my case called omspatcher_2020-08-18_21-35-49PM_analyze.log.

These warnings can ignored, these are patches for plugins which I am not using. So the patch will not be applied here, for example:

  • oracle.sysman.emfa.oms.plugin (Enterprise Manager for Fusion Applications)
  • oracle.sysman.bda.oms.plugin (Oracle Big Data Appliance)

OPatch – The inventory shows Platform Update 13.4.0.3 which is my actual release.

About Enterprise Manager

Show the installed Plugins – emcli

Login

Sync emcli

List plugins

Release Update Apply

1st – Stop the OMS

2nd – Apply RU with OMSPatcher

I don’t use a credential file, therefore the username (if not using weblogic which is default) and the password for the Weblogic AdminServer has to be provied.

Warnings can be ignored as long they depend on plugins which are not installed.

OPatch – The inventory shows Platform Update 13.4.0.5 the RU is applied.

3rd – Start the OMS again

About Enterprise Manager

Summary

Oracle Enterprise Manager 13c Release 4 Update 5 (13.4.0.5) – easy to apply, works!

Oracle Enterprise Manager EM13c – My Oracle Support is back!

Since a few weeks, the online connection in Oracle Enterprise Manager EM13c to My Oracle Support was broken. This resulted in errors like Error occurred when sending request to My Oracle Support, for example when you tried to set the My Oracle Support credentials in a fresh EM13c setup. Existing configurations were not able to get newest patch information anymore. Oracle has documented it in the note Recent Changes to MOS will Disable Enterprise Manager Online Connections (Doc ID 2664002.1)

Screenshot when trying to set MOS credentials in a new EM13c RU4 setup:

Now there is a fix available for all current EM 13 releases, RU included. For more details see Patch Now Available For Recent Changes to MOS That Disabled Enterprise Manager Online Connections (Doc ID 2678494.1). Here is the installation of the patch for an Oracle Enterprise Manager EM13c Release 4 RU2 without using a property file (optional). The patch is transferred to target OMS server and extracted in directory /u01/app/oracle/stage/31233849.

 

Stop OMS

Validate Patch Apply

Patch Apply

 

Start OMS

 

New try to set My Oracle Support Credentials – MOS is back!

Et voilà

MOS is back, take care if you use a proxy or a firewall – a new URL has to be whitelisted:  https://oauth-e.oracle.com !

Install Oracle 19c RDBMS on Oracle Linux 8 – avoid [WARNING] [INS-08101] Unexpected error while executing the action at state: ‘supportedOSCheck’

Oracle RDBMS 19c is now certified on Oracle Linux 8. Unfortunately the Oracle Universal Installer in Silent Mode fails when checking the OS version. My OS release:

Oracle Universal Installer in Silent Mode

The OUI installer in silent mode stops and shows this error message: [WARNING] [INS-08101] Unexpected error while executing the action at state: ‘supportedOSCheck’. There is no parameter available like -ignoreOS or whatever, but two workarounds.

Workaround 1

Set the OS parameter in your terminal to a previous version and re-start the Oracle Universal Installer.

Workaround 2

Edit the file cvu_config which is located in $ORACLE_HOME/cv/admin, change the line from

to

Save the file and re-start the Oracle Universal Installer.

Et voilà

Some moments later… the WARNING message about the inventory can be ignored. OUI has created there some files from the previous attempt.

Oracle Universal Installer in GUI Mode

In the OUI Graphical User Interface you can ignore the message which occurs when the installer starts:

Summary

The installation of the RDBMS software by GUI is not my favourite. I try to use the silent method whenever it’s possible. And with a small workaround, this can be successfully done with 19c on OL8.

Oracle Cloud Infrastructure and SSH Keys – Jump!

Jump!

In our Trivadis Oracle Cloud Infrastructure training environments, we never use direct access to an application or database server by a public IP address. For this case, we use an Oracle Linux based bastion host which acts as a jump host. For security reasons, I never put any SSH keys on a bastion host to connect from there to the target instances. If your bastion host is compromitted, your SSH keys are lost! In one of the last trainings, some participants had problems with. So I decided to blog about. This blog post shows you the different methods to connect to an Oracle Cloud Infrastructure private/public network by using a bastion host. 

SSH Keys

Oracle Cloud Infrastructure Linux based offerings like compute instances and virtual machines for databases are accessible by SSH key as per default. For working with these machines, I use these three types of SSH keys:

  • id_rsa_oci – Private key generated by ssh-keygen
  • id_rsa_oci.pub – Public key generated by ssh-keygen
  • id_rsa_oci.ppk – Puttygen-converted private key

This gives me the flexibility, to connect to running OCI instances on different ways like Putty, MobaXterm, Windows Subsystem for Linux, WinSCP etc. 

Oracle Cloud Infrastructure Sample Setup

 

Host Public IP Private IP Accessible by
Bastion Host 140.238.216.114 10.0.0.2 SSH 
Windows Application Server   10.0.1.2 RDP
Oracle Database Server   10.0.2.2 SSH

 

Reminder: In OCI only SSH port 22 is open in the subnet security lists as per default when the VCN is created by the VCN Wizard. If you want to allow connection from the public to the private subnet by RDP and Oracle Net, then port 3389 and 1521 must be added in the security list for the private subnet. Create stateful ingress rules and restrict the source connections to the bastion host private IP range.

Build your own SSH Tunnel

There different ways to build a SSH (tunnel) configuration to Oracle Cloud Infrastructure instances on a Windows based platform, my favourites:

  1. Windows Subsystem for Linux (WSL)
  2. MobaXterm
  3. Putty

Here are some connection examples how to work with instances in a private subnet via bastion host with this three methods. As a Windows 10 user, for some connections I d’ like to use WSL Ubuntu more and more – now available in version 20 🙂

1. Connect by using Windows Subsystem for Linux (WSL)

Test: Verify the Connection to the Bastion Host public IP Address

Database Server: SSH Connect via Bastion Host

This opens a session on the database server as user opc.

Database Server: Create a new SSH Tunnel to forward port 1521 as port 15210

This opens a connection to the bastion host.

Database Server: Connect to the Database by SQL Developer

Use port 15210 and localhost as hostname.

Verify the Oracle Net service name from the DBA panel menu.

Application Server: Create a new SSH Tunnel to forward port 3389 as port 33890

This opens a connection to the bastion host.

Application Server: Connect to the Windows Desktop by Remote Desktop Connection

Use port 33890 and localhost as hostname.

2. Connect by using MobaXterm

Database Server: SSH Connect via Bastion Host

This opens a session ion the database server as user opc.

Fill in Remote Host, Specify username and Port. Activate Use private key and select the local private SSH key in Putty format.

Activate Connect through SSH gateway, fill in Gateway SSH server, Port, User. Activate Use private key and select the local private SSH key in Putty format.

Start the session.

As you can see in the MobaXterm Header, X-Forwarding works too.

Database Server: Create a new SSH Tunnel to forward port 1521 as port 15210

Open MobaXterm Tunneling menu and add a New SSH tunnel. Fill in Forwarded port, Remote server, Remote port, SSH server, SSH login and SSH port. Save the tunnel settings. For an application server tunnel, just replace Remote server, Remote port and Forwared port settings.

Add the private SSH key in Putty format by click on the key icon. Start the tunnel.

Database Server: Connect to the Database by SQL Developer

Use port 15210 and localhost as hostname.

Verify the database control file settings from the DBA panel menu.

3. Connect by using Putty

Database Server: SSH Connect via Bastion Host

As prerequisite, I have created a Putty session called OCI Bastion Host for the jump host connection with the SSH private key in Putty format and user opc. This session is now used as Proxy.

Fill in database server private IP. The red one is the already existing session.

Add proxy command and save session settings. Optioanl enable proxy diagnostics.

Open the new created session to connect to database server with user opc.

Application Server: Create a new SSH Tunnel to forward port 3389 as port 33890

This opens a connection to the bastion host. Fill in bastion host public IP. 

Add private key file in Putty format and enable checkbox Allow agent forwarding.

Add a port forwarding rule for RDP. Save session.

Open the new created session to enable port forwarding for Remote Desktop Protocol.

Application Server: Connect to the Windows Desktop by Remote Desktop Connection

Use port 33890 and localhost as hostname.

Alternative Method – Start Putty from Command Line

Start Putty with the port forwarding settings by command line. This opens a Putty session and port 3389 can be used. No addtional settings are required.

Summary

A bastion host is an “easy-to-setup” alternative to a VPN connection without any huge infrastructure overhead. There are several ways how to connect & tunnel to the target servers. Use the method which are you familiar with it, but NEVER place SSH keys on a bastion host. 

And now: click here to make some noise – Jump by Van Halen

Links