Thursday, 28 February 2019

Oracle automatically start WebLogic 12c components

Short note on how to start Oracle WebLogic 12c components, e.g. OHS, automatically without prompting for a username and password.
export DOMAIN_HOME=/u01/app/oracle/domains/base_domain
$DOMAIN_HOME/bin/ ohs1 storeUserConfig
This will start ohs1 and prompt you for a username and password.

It will then store these credentials so subsequent starts/stops will not prompt you.

Wednesday, 27 February 2019

Linux - Store Oracle Transparent Encryption pass phrase remotely

I've setup Transparent Database Encryption (TDE) on one of my databases.
I don't want to use auto login or local auto login as that would defeat encrypting the database in the first place.
I do want to automatically open the wallet when I startup the database.

Here's how I fixed it.

First, as root, I need to mount a remote file system and add it to /etc/fstab.

As the Oracle user I need to generate my RSA private and public keys.
openssl genrsa -out ~/.rsa_key.pri 2048
openssl rsa -in ~/.rsa_key.pri -out ~/ -outform PEM -pubout
This creates two hidden files, the private key (.rsa_key.pri) and public key ( in my home directory.

Now I need to pass my TDE pass phrase to openssl for it to encrypt and write to my remote file system.
echo "MyPassPhrase" | openssl rsautl -encrypt -inkey ~/ -pubin -out /remotefs/folder/
Now I can use the following in a script to open the wallet without knowing or having to enter the TDE pass phrase.
passPhrase=$(openssl rsautl -decrypt -inkey ~/.rsa_key.pri -in /remotefs/folder/
sqlplus -s / as sysdba <<!
administer key management set keystore open identified by "$passPhrase";
You can easily wrap these commands in a script and use alongside dbstart in systemctl or manually.

Tuesday, 26 February 2019

Oracle Database Proxy Authenticated Connections

Not sure how long this has been available but we like this at work.

On an Oracle 12c database, login as sys as sysdba.

Create two users:
create user James identified by James;
create user Ben identified by Ben;
grant create session to James;
grant create session to Ben; 
Now grant Ben the ability to connect through to James:
alter user James grant connect through Ben;
Now you are able to connect as Ben without knowing his password.
connect Ben[James]/Ben
show user
So you can see that even though we are logging in as Ben, using the [] brackets we are actually logging in as James;

Oracle CPU downloader

Every quarter I have to go through and download numerous patches for the Oracle CPU (Critical Patch Update). You have to view the CPU docume...