Category Archives: Oracle Unified Directory

Oracle Unified Directory

Oracle Unified Directory systemd unit file

About a year ago I explained in the blog post Start OUD Servers on Boot using systemd how to start Oracle Unified Directory automatically on system startup. In the meantime a lot has changed, so has my unit file. The simple unit file actually worked quite well. Until the time came when I installed an updated Java version for OUD. At this point I did realize, that it is not really optimal to have the JAVA_HOME respectively OPENDS_JAVA_HOME in the unit file. It all happened on a system where I didn’t have root access. OUD couldn’t be started any more using systemd, because the Java home path in the unit file was no longer correct. A change request and a few days later the problem was solved. Nevertheless this was a good opportunity to optimize the OUD unit file and get rid of static information. JAVA_HOME does not explicitly have to be specified when starting OUD. It is usually specified within the java.properties see also blog post Change default JAVA_HOME for OUD Instance.

What has been changed in the current unit file?

  • Environment The environment variable OPENDS_JAVA_HOME has been completely be removed. start-ds does use the JAVA_HOME specified by the java.properties.
  • WorkingDirectory The working directory has been set to the OUD instance home.
  • PIDFile Since the service type is forking, this directive is used to set the path of the PID file for the OUD instance. The file contains the process ID number of the directory server process respectively JVM which is monitored.
  • Restart Systemd will attempt to automatically restart the service on-failure.
  • RestartSec Amount of time to wait before attempting to restart the service.
  • SuccessExitStatus stop-ds does send a SIGTERM to the JVM to stop the directory server. This generates an exit code 143. By default, systemd interprets this as an error. By setting SuccessExitStatus we can overwrite this behavior and accept 143 or SIGTERM as successful.
  • User and Group Has been set to oud/oud rather than oracle/osdba. User and group for OUD highly depends on your environment.

Below you see the revised version of the OUD unit file. The OUD instance home path has been replaced with the placeholder OUD_INSTANCE_HOME.

[Unit]
Description=OUD Instance
Wants=network.target
After=network.target

[Service]
Type=forking
User=oud
Group=oud
WorkingDirectory=OUD_INSTANCE_HOME/OUD
PIDFile=OUD_INSTANCE_HOME/OUD/logs/server.pid
ExecStart=OUD_INSTANCE_HOME/OUD/bin/start-ds --quiet
ExecStop=OUD_INSTANCE_HOME/OUD/bin/stop-ds --quiet
ExecReload=OUD_INSTANCE_HOME/OUD/bin/stop-ds --restart --quiet
RestartSec=42s
Restart=on-failure
SuccessExitStatus=143 SIGTERM
TimeoutSec=300
StandardOutput=syslog+console
StandardError=syslog+console

[Install]
WantedBy=multi-user.target

This updated unit file is also part of the latest version of OUD Base, my environment scripts for OUD. If you want to use it, you have to replace OUD_INSTANCE_HOME with your specific OUD instance home path.

export OUD_INSTANCE="oudtest"
export OUD_INSTANCE_HOME="/u00/app/oud/instances/$OUD_INSTANCE"
export $cdl="/u00/app/oud/local"
export $cda="/u00/app/oud/admin/$OUD_INSTANCE"
cat $cdl/oudbase/templates/etc/oud_instance.service \
  >$cda/etc/oud_$OUD_INSTANCE.service
sed -i "s|OUD_INSTANCE_HOME|/app/oud/instances/$OUD_INSTANCE|" \
  $cda/etc/oud_$OUD_INSTANCE.service
cat $cda/etc/oud_$OUD_INSTANCE.service

Enable the new unit file by coping it to the systemd folder /etc/systemd/system.

sudo cp $cda/etc/oud_$OUD_INSTANCE.service \
  /etc/systemd/system/oud_$OUD_INSTANCE.service

Run systemctl daemon-reload and enable the new service.

sudo systemctl daemon-reload
sudo systemctl enable oud_$OUD_INSTANCE.service

You OUD instance can now be started / stopped with systemctl as explained in the first blog post about OUD and systemd.

Some references and links related to this blog post:

Smaller Oracle Docker images

One of the important challenges with Docker is to get used to the image layers and the layered file system. It quickly happens that you unintentionally have too much data in an intermediate layer. Either log files, installation software or login credentials. Whereby the first two “only” blow up the Docker image unnecessarily, while the last point can be a major security vulnerability. It also happens to me when I build Docker images for Oracle Unified Directory. See my blog post on Oracle Unified Directory on Docker.

Problem

Each instruction in the Dockerfile adds a layer to the image, and you need to remember to clean up any artifacts you don’t need before moving on to the next layer. If you do use COPY or ADD in particular a clean up is not possible. Every credential file or software package which is copied during build will remain. Later attempts to remove the intermediate files will only result in the corresponding files no longer being visible in the next layers.

Although there is a way to work around this by using the new build parameter --squash. Squash does merge newly built layers into a single new layer. But --squash is only available in the latest Docker releases. In older releases not at all or at best as experimental feature. Beside this it also has some other downside eg. losing the history or intermediate layers, issue with ONBUILD command etc. Squash does also not help if you specify your credentials as build arguments via ARG.

So why not make small, secure and clean Docker image at first place.

Idea

Rather than put the software packages or credential files to the Docker build context and using COPY or ADD, we will download them in a RUN command using curl. But from where? Oracle software can not be downloaded unattended without credentials. And we do not want to set up a web server just for software, secrets, credentials, etc.

Hei, you are using Docker. Setting up a local web server is a pice of cake. 🙂

  • Put your software, credentials, etc in a dedicated folder
  • Run a Docker container with an Apache HTTP server and make sure it has access to the folder mentioned before
  • Change your Dockerfile to download the software or credentials for the HTTP server
  • Make sure that you docker build can get access to the intermediate HTTP server

Solution

Let’s see how I did use a local HTTP sever to set up small Oracle Unified Directory Docker images.

HTTP Server

Create a folder with all required Oracle software, patch’s etc. But make sure, that you Docker can use this folder as Docker volume.

ls -alh /Data/vm/docker/volumes/orarepo
total 5009896
drwxr-xr-x 11 oracle staff 352B 26 Mär 23:52 .
drwxr-xr-x 4 oracle staff 128B 26 Mär 22:50 ..
-rw-r--r-- 1 oracle staff 1,5G 26 Mär 23:03 p26269885_122130_Generic.zip
-rw-r--r-- 1 oracle staff 404M 26 Mär 22:55 p26270957_122130_Generic.zip
-rw-r--r-- 1 oracle staff 94M 26 Mär 22:49 p26540481_111230_Generic.zip
-rw-r--r-- 1 oracle staff 157M 26 Mär 22:45 p26724938_111170_Linux-x86-64.zip
-rw-r--r-- 1 oracle staff 56M 26 Mär 22:55 p27217121_904_Linux-x86-64.zip
-rw-r--r-- 1 oracle staff 52M 26 Mär 22:56 p27217289_180162_Linux-x86-64.zip
-rw-r--r-- 1 oracle staff 1,3M 26 Mär 22:44 p27438258_122130_Generic.zip
-rw-r--r-- 1 oracle staff 56M 26 Mär 22:54 p27478886_100000_Linux-x86-64.zip
-rw-r--r-- 1 oracle staff 52M 26 Mär 22:53 p27638647_180162_Linux-x86-64.zip

Get your revered HTTP server. For this case I do use the official Apache HTTP server-based on alpine linux. This image is way smaller and more than enough for our purpose.

docker pull httpd:alpine

alpine: Pulling from library/httpd
605ce1bd3f31: Pull complete
6e4ededbced2: Pull complete
03b3c72c9962: Pull complete
bf08478b6930: Pull complete
222d70b58166: Pull complete
Digest: sha256:80d69271825a27c41f41609707095a1cdec381d22f772511ae6e30156c2b788f
Status: Downloaded newer image for httpd:alpine

Start a container for the HTTP server. Define a hostname, volume and external http port. For more information on configuration, see the official httpd Docker image.

docker run -dit --hostname orarepo --name orarepo \
-p 8080:80 \
-v /Data/vm/docker/volumes/orarepo:/usr/local/apache2/htdocs/ \
httpd:alpine

Get the IP address with docker inspect of the orarepo for later use.

orarepo_ip=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' orarepo)

A test via curl on command line curl http://localhost:8080 or with your favorite browser will show the files mentioned above. Be aware this test does access the HTTP container from your host network via exposed port 8080.

Dockerfile

Now we just have to adopt the Dockerfile to make sure it does get the software from the HTTP server orarepo. See excerpt from my Dockerfile.

...
RUN curl -f http://orarepo/p26270957_122130_Generic.zip \
-o /tmp/download/p26270957_122130_Generic.zip && \
...

To be more flexible and allow both local files as well download via curl I did extend my RUN command with an extra file check [ -s ... ]. In this case it first check’s if the file is available and not zero. If the file is not available it will use curl to download the file from orarepo. See excerpt from my Dockerfile.

...
COPY p26270957_122130_Generic.zip* /tmp/download/
...
RUN [ -s "/tmp/download/p26270957_122130_Generic.zip" ] || \
curl -f http://orarepo/p26270957_122130_Generic.zip \
-o /tmp/download/p26270957_122130_Generic.zip && \
...

If the OUD software package p26270957_122130_Generic.zip is part of the build context it will be copied to the image and used to build and setup OUD. In case it is not part of the build context the file check will fail and start to use curl.

Build using COPY

Let’s build the Docker image with the software package copied during build. Check the build context.

ls -alh

total 858168
drwxr-xr-x 9 oracle staff 288B 28 Mär 09:31 .
drwxr-xr-x 6 oracle staff 192B 19 Mär 14:19 ..
-rw-r--r-- 1 oracle staff 4,9K 27 Mär 21:40 Dockerfile
-rw-r--r-- 1 oracle staff 225B 19 Mär 11:18 install.rsp
-rw-r--r-- 1 oracle staff 63B 19 Mär 10:57 oraInst.loc
-rw-r--r-- 1 oracle staff 404M 28 Mär 09:31 p26270957_122130_Generic.zip
-rw-r--r-- 1 oracle staff 754B 12 Mär 14:18 p26270957_122130_Generic.zip.download
drwxr-xr-x 6 oracle staff 192B 20 Mär 11:46 scripts

And run docker build.

docker build -t oracle/oud:12.2.1.3.0-copy .

Build using curl

Now let’s build the docker image using curl and not the local software package. For this p26270957_122130_Generic.zip has to be removed from the build context. Additionally the Docker build requires the IP of the orarepo, which is used to download the software image.
Check the build context.

rm p26270957_122130_Generic.zip
ls -alh

total 858168
drwxr-xr-x 9 oracle staff 288B 28 Mär 09:31 .
drwxr-xr-x 6 oracle staff 192B 19 Mär 14:19 ..
-rw-r--r-- 1 oracle staff 4,9K 27 Mär 21:40 Dockerfile
-rw-r--r-- 1 oracle staff 225B 19 Mär 11:18 install.rsp
-rw-r--r-- 1 oracle staff 63B 19 Mär 10:57 oraInst.loc
-rw-r--r-- 1 oracle staff 754B 12 Mär 14:18 p26270957_122130_Generic.zip.download
drwxr-xr-x 6 oracle staff 192B 20 Mär 11:46 scripts

And run docker build with --add-host. Add host does use the variable defined above for the IP address of the orarepo.

docker build --add-host=orarepo:${orarepo_ip} -t oracle/oud:12.2.1.3.0-curl .

The Docker images

When we compare the two image we see, that they differ by around 400MB. More or less the size of the OUD software package.

docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oracle/oud 12.2.1.3.0-curl f7c80fa69db3 2 minutes ago 754MB
oracle/oud 12.2.1.3.0-copy a5e1751d534d 7 minutes ago 1.18GB

Docker history for the image oracle/oud:12.2.1.3.0-copy does also show the size of the COPY layer.

docker history oracle/oud:12.2.1.3.0-copy
IMAGE CREATED CREATED BY SIZE COMMENT
...
07614f386e0f 16 minutes ago /bin/sh -c #(nop) COPY multi:b8206d7811ce917… 424MB
832c9d0bf308 34 hours ago /bin/sh -c #(nop) COPY multi:58a01d5459f0ac6… 20kB
9c9531205281 34 hours ago /bin/sh -c groupadd --gid 1000 oracle && … 8.29MB
96278dfe7c12 34 hours ago /bin/sh -c #(nop) ENV PATH=/usr/local/sbin:…
...

Conclusion

With little effort it is possible to create secure and especially small Docker images. Creating a HTTP server to share software or credentials during build is a piece of cake. Reducing the docker image by 400MB is nice. Depending on the Oracle software this will be even more. Although the downside is, that this does not work for automated builds on Docker Hub. but I’m still working on that 🙂

References

Below you find a few references related to the topics discussed in this post:

Oracle Unified Directory on Docker

A bit a while ago I’ve started to use Docker for miscellaneous purposes. Not really an early adopter, but I still hope I caught the train just in time. 🙂 In one of my customer project, I did have to set up a couple of OUD instance to develop and test the transition from Oracle Directory Server Enterprise Edition (ODSEE) to Oracle Unified Directory (OUD). This did include more engineering and troubleshooting work as initially planned. So I eventually got to set up my OUD instances in docker containers rather than in dedicated Virtualbox VM. Unfortunately Oracle does not provide any Docker images or build templates for Oracle Unified Directory. Indeed they do have a bunch of official Docker configurations, images, and examples on GitHub for a couple of Oracle products. But just not for Oracle unified Directory. Ok, there is a issue requesting such a Docker image see Issue #656. Well… challenge accepted. I did build my own OUD GitHub Repository for OUD Docker deployments.

My GitHub repository oehrlis/docker-oud does contain the Docker build files to facilitate installation, configuration, and environment setup for Docker DevOps users. The project allows you to create two different types of docker images.

  • Standalone Oracle Unified Directory 12.2.1.3.0 to setup and run Oracle Unified Directory. This is the smaller image with only the OUD binaries used to set up and run an OUD directory or proxy server. Administration has to be done via dsconfig, ldapmodify or any other regular LDAP command line or GUI tools.
  • Collocated Oracle Unified Directory 12.2.1.3.0 and Oracle Fusion Middleware Infrastructure 12.2.1.3.0. A rather big docker image to setup and run an Oracle Unified Directory Server Manager (OUDSM). My intention was to use this docker image primarily for OUDSM. Nevertheless, it can also be used to build an OUD directory or proxy server which is operated in a WLS domain. So in Collocated Mode (Under Same Domain) or Non-Collocated Mode (Under Separate Domains).

To setup my Docker OUD images, I’ve tried to follow a few best practice, rules (Oracle’s golden rules for contributing to oracle/docker-images) as well hints by my workmates (Philipp Salvisberg and others).

  • Always aim to produce the smallest possible image. I did not push this to the maximum and start to remove unused components in the Oracle binaries. Oracle Fusion Middleware Infrastructure is currently outrageous large to only running OUDSM.
  • Separate persistent data from the image / container and put it on a volume. Or at least let the user decide, if he want to put it on a volume or not.
  • No public distribution of Docker images containing Oracle software. That’s a legal requirement. My docker build scripts do provide a couple of possibilities to install the software.
  • Allow flexible configuration via –build-arg or -e but provide useful default values.
  • Use Oracle Linux as the base image and install only as much as you need.
  • And much more…

Build Docker Images

The Docker images have to be build manually based on oehrlis/docker-oud from GitHub. To assist in building the images, you can use the scripts/buildDockerImage.sh script. See below for instructions and usage. The buildDockerImage.sh script is just a utility shell script to setup the docker build command and is an easy way for beginners to get started. Expert users are welcome to directly call docker build with their preferred set of parameters.

Usage of buildDockerImage.sh:

buildDockerImage.sh [-hv] [-t TYPE] [-o DOCKER_BUILD_OPTION]
-h Usage (this message)
-v Enable verbose mode
-t TYPE OUD image and installation type to build.
Possible types are:
OUD : Standalone Oracle Unified Directory Server
OUDSM : Collocated Oracle Unified Directory Server.
Default is type is OUD.
-o DOCKER_BUILD_OPTION Passes on Docker build option

Logfile : buildDockerImage.log

Due to license restrictions from Oracle, the Docker images containing Oracle software can not provided on a public Docker repository (see [OTN Developer License Terms](http://www.oracle.com/technetwork/licenses/standard-license-152015.html)). This is the reason why you have to build the images yourself and downloaded the required software prior image build. Alternatively it is possible to specify MOS credentials in scripts/.netrc or via build arguments. Using MOS download during image build will lead into smaller images, since the software will not be part of an intermediate container.

Obtaining Product Distributions

The software can either be downloaded from My Oracle Support, Oracle Technology Network (OTN) or Oracle Software Delivery Cloud (OSDC). The following steps will refer to the MOS software download to simplify the build process.

The following software is required for the Oracle Unified Directory Docker image:

  • Oracle Java Development Kit (JDK) 1.8 (1.8u152) Patch 26595894 for the OUD and OUDSM image
  • Oracle Unified Directory 12.2.1.3.0 Patch 26270957 for the OUD and OUDSM image
  • Oracle Fusion Middleware Infrastructure 12.2.1.3.0 Patch 26269885 just for OUDSM image

Manual Download Software

Simplest method to build the OUD or OUDSM image is to manually download the required software. However this will lead to bigger docker images, since the software is copied during build, which temporary blow up the container file-system. But its more safe because you do not have to store any MOS credentials. If you’ve enabled Docker experimental features, you could work around this and squash Squash newly built layers with docker build parameter --squash.

The corresponding links and checksum can be found in *.download files in the software folder. Alternatively the direct Oracle Support Download Links:

Copy all files to the software folder.

cp p26595894_180152_Linux-x86-64.zip docker-oud/software
cp p26270957_122130_Generic.zip docker-oud/software
cp p26269885_122130_Generic.zip docker-oud/software

Build the docker image either by using docker build or buildDockerImage.sh.

docker build -t oehrlis/oud -f Dockerfile.oud .
docker build -t oehrlis/oudsm -f Dockerfile.oudsm .

scripts/buildDockerImage.sh -v -t OUD
scripts/buildDockerImage.sh -v -t OUDSM

Automatic download with .netrc

The advantage of an automatic software download during build is the reduced image size. No additional image layers are created for the software and the final docker image is about 3GB smaller. But the setup script’s setup_oud.sh, setup_oud.sh and setup_oudsm.sh requires MOS credentials to download the software with using curl. Curl does read the credentials from the .netrc file in scripts folder. The .netrc file will be copied to /opt/docker/bin/.netrc, but it will be removed at the end of the build.

Create a .netrc file with the credentials for login.oracle.com.

echo "machine login.oracle.com login $MOS_USER password $MOS_PASSWORD" >docker-oud/scripts/.netrc

Build the docker image either by using docker build or buildDockerImage.sh.

docker build -t oehrlis/oud -f Dockerfile.oud .
docker build -t oehrlis/oudsm -f Dockerfile.oudsm .

scripts/buildDockerImage.sh -v -t OUD
scripts/buildDockerImage.sh -v -t OUDSM

Although this method has some security issues. The credentials will always remains in the intermediate layer. It is recommended to use a different approach discussed in the new blog post Smaller Oracle Docker images.

Automatic download with Build Arguments

This method is similar to the automatic download with .netrc file. Instead of manually creating a .netrc file it will created based on build parameters. Also with this method the .netrc file is deleted at the end.

Build the docker image with MOS credentials as arguments using docker build or buildDockerImage.sh.

docker build --build-arg MOS_USER=$MOS_USER \
--build-arg MOS_PASSWORD=$MOS_PASSWORD \
-t oehrlis/oud -f Dockerfile.oud .

scripts/buildDockerImage.sh -v -t OUD \

-o "--build-arg MOS_PASSWORD=$MOS_PASSWORD --build-arg MOS_USER=$MOS_USER"

The time taken to build the OUD or OUDSM image will depend on your internet speed. In any case it shouldn’t be more than a couple of minutes. Although this method has as well some security issues. The credentials will always remains in the intermediate layer. It is recommended to use a different approach discussed in the new blog post Smaller Oracle Docker images.

Next Steps

You are now the happy owner of OUD Docker images with a standalone and / or collocated Oracle Directory Server installations. The next step is to start using these Docker images to run your OUD containers and deploy different kind of OUD and OUDSM configurations. I’ll provide how to build the containers as well some “behind the seance” information in my upcoming blog posts about OUD on Docker. Stay tuned.

Files and References

Below you find a few references related to Oracle Unified Directory on Docker:

Install Oracle Unified Directory 12c the smart way

Installing Oracle Unified Directory has always been easy. The installation guide for OUD 11c as well OUD 12 is simple and straight forward. Additionally Oracle does provide a couple of MOS notes for different deployment scenarios. Nevertheless there is always room for improvement 🙂 During my work on OUD to go on Raspberry Pi Zero or on Docker images for OUD I’ve had to optimise the installation of OUD. In this blog post I’ll show how I did simplify respectively optimise my OUD installations.

Prerequisites

Standalone or Collocated?

Since the latest release, Oracle allows a couple of different ways how OUD can be deployed.

  • Standalone Oracle Unified Directory Server With this deployment method OUD is used as a straight forward LDAP server with a small footprint. Administration has to be done via command line (eg. dsconfig, ldapmodify, etc) or when possible with a third party LDAP Browser.
  • Collocated Oracle Unified Directory Server with OUD and OUDSM in a separate domains. OUD and Fusion Middleware (FMW) Infrastructure are installed in the same middleware home directory. In non-collocated mode, OUD and OUDSM will be deployed in different domains.
  • Collocated Oracle Unified Directory Server with OUD and OUDSM in a single domain. OUD and Fusion Middleware Infrastructure are installed in the same middleware home directory. In collocated mode OUD and OUDSM will be deployed under the same domain.
  • Collocated Oracle Unified Directory Server But just used for OUDSM. This is not really an official deployment method, but becomes quite handy when you’ve deployed a couple of standalone OUD server. The OUD software is just deployed into FMW Infrastructure to be able to create and start the OUDSM web application. There will only be an OUDSM domain deployed.

For simple OUD installation’s I usually just install and deploy a standalone OUD. This installation is fast and has a small foot print. I do use dsconfig for the administration and the Apache Directory Studio for general LDAP browsing. If I do need an OUDSM from time to time, I install a dedicated OUDSM (Collocated OUD Server) or use my OUDSM docker container.

Environment

OUD does not make great demands on the environment. Nevertheless, I usually follow the Oracle Flexible Architecture OFA and a couple of environment scripts similar to the Trivadis BasEnv. See my blog post about OUD environment scripts.

For the further installation steps I stick to the following environment variables.

export SOFTWARE=$HOME/software
export ORACLE_BASE=/u00/app/oracle
export JAVA_HOME=$ORACLE_BASE/product/jdk1.8.0_144
export OUD_HOME=$ORACLE_BASE/product/oud12.2.1.3.0
export FMW_HOME=$ORACLE_BASE/product/fmw12.2.1.3.0

In the table below you find a short description of the environment variables. For further explanations see blog post OUD environment scripts.

ENV Variable Path Description
$ORACLE_BASE, $cdob /u00/app/oracle Base directory for the oracle binaries
$ORACLE_HOME, $OUD_HOME $ORACLE_BASE/product/oud12.2.1.3.0 Standalone Oracle Unified Directory binaries
$ORACLE_HOME, $OUD_HOME $ORACLE_BASE/product/fmw12.2.1.3.0 Collocated Oracle Unified Directory binaries
$JAVA_HOME $ORACLE_BASE/product/jdk1.8.0_144 Java used for OUD
$OUD_INSTANCE_BASE, $cdib $ORACLE_BASE/instances Base directory for the instance homes
$SOFTWARE $HOME/software Software Depot for the JAR’s

To do a silent installation, we will require a response file. In case of OUD and FMW it is a simple text file to define a few generic installation values. The same response file can be used for either of the products. We add the missing value INSTALL_TYPE when calling the installer.

echo "[ENGINE]"                                    > $ETC_BASE/install.rsp
echo "Response File Version=1.0.0.0.0"            >> $ETC_BASE/install.rsp
echo "[GENERIC]"                                  >> $ETC_BASE/install.rsp
echo "DECLINE_SECURITY_UPDATES=true"              >> $ETC_BASE/install.rsp
echo "SECURITY_UPDATES_VIA_MYORACLESUPPORT=false" >> $ETC_BASE/install.rsp

Beside the response file we also have to have an inventory location file. You probably have to adjust the group name to fit your environment.

echo "inventory_loc=$ORACLE_BASE/oraInventory" > $ETC_BASE/oraInst.loc
echo "inst_group=oinstall"                    >> $ETC_BASE/oraInst.loc

Software

To start the installation, you first have to get the required software packages. Oracle makes it easy, you can either download the software on Oracle Technology Network (OTN), Oracle Software Delivery Cloud (OSDC) or My Oracle Support (MOS). All download URLs are ok, but I prefer to do the download direct from MOS since this allows to use curl with a simple download URL. The downside is, that this requires a valid MOS account.

Create a netrc file for curl with your MOS credentials.

MOS_USER="<your MOS USER>"
MOS_PASSWORD="</your><your MOS PASSWORD>"
echo "machine login.oracle.com login $MOS_USER password $MOS_PASSWORD" >$SOFTWARE/.netrc

OK, lets download the software.

Java 1.8 update 144, Patch ID 26512979:

curl --netrc-file $SOFTWARE/.netrc \
  --cookie-jar $SOFTWARE/cookie-jar.txt \
  --location-trusted "https://updates.oracle.com/Orion/Services/download/p26512979_180144_Linux-x86-64.zip?aru=21443434&patch_file=p26512979_180144_Linux-x86-64.zip" \
  --output $SOFTWARE/java/p26512979_180144_Linux-x86-64.zip

Oracle Unified Directory 12.2.1.3.0, Patch ID 26270957:

curl --netrc-file $SOFTWARE/.netrc \
  --cookie-jar $SOFTWARE/cookie-jar.txt \
  --location-trusted "https://updates.oracle.com/Orion/Services/download/p26270957_122130_Generic.zip?aru=21504981&patch_file=p26270957_122130_Generic.zip" \
  --output $SOFTWARE/fmw/p26270957_122130_Generic.zip

FWM Infrastructure 12.2.1.3.0, Patch ID 26269885:

curl --netrc-file $SOFTWARE/.netrc \
  --cookie-jar $SOFTWARE/cookie-jar.txt \
  --location-trusted "https://updates.oracle.com/Orion/Services/download/p26269885_122130_Generic.zip?aru=21502041&patch_file=p26269885_122130_Generic.zip" \
  --output $SOFTWARE/fmw/p26269885_122130_Generic.zip

As soon as the software has been downloaded, we will unpack the OUD and FMW packages. In the example below it’s done directly by using the jar utility.

cd $SOFTWARE/fmw
$JAVA_HOME/bin/jar -xvf $SOFTWARE/fmw/p26270957_122130_Generic.zip
$JAVA_HOME/bin/jar -xvf $SOFTWARE/fmw/p26269885_122130_Generic.zip

Java

Although Java is probably already installed on you system, its recommended to install a dedicated JVM for OUD. This way we can keep our java installation for OUD independent from the OS default java. The installation is done with just a untar into the right directory. I do this with just one combined command of unzip and tar.

unzip -p $SOFTWARE/java/p26512979_180144_Linux-x86-64.zip \
*tar* |tar zxv -C $ORACLE_BASE/product

Install Standalone OUD

Start the silent installation with the extracted JAR file and the previously created response file. Set INSTALL_TYPE to Standalone Oracle Unified Directory Server (Managed independently of WebLogic server) will initiate a standalone installation into the defined ORACLE_HOME.

$JAVA_HOME/bin/java -jar $SOFTWARE/fmw/fmw_12.2.1.3.0_oud.jar -silent \
  -responseFile $ETC_BASE/install.rsp \
  -invPtrLoc $ETC_BASE/oraInst.loc \
  -ignoreSysPrereqs -force \
  -novalidation ORACLE_HOME=$OUD_HOME \
  INSTALL_TYPE="Standalone Oracle Unified Directory Server (Managed independently of WebLogic server)"

That’s it. After a couple of minutes the OUD binaries are installed and ready to deploy an Oracle Directory or Proxy server.

Install Collocated OUD

To do a collocated OUD installation, we first have to install FMW infrastructure before installing OUD. The installation is done again in silent mode by specifying the ORACLE_HOME and the INSTALL_TYPE. Execution of this JAR will take longer since it is around 1.5GB.

$JAVA_HOME/bin/java -jar $SOFTWARE/fmw/fmw_12.2.1.3.0_infrastructure.jar \
  -silent \
  -responseFile $ETC_BASE/install.rsp \
  -invPtrLoc $ETC_BASE/oraInst.loc \
  -ignoreSysPrereqs -force \
  -novalidation ORACLE_HOME=$FMW_HOME \
  INSTALL_TYPE="WebLogic Server"

As soon as the FMW installation has been successfully finished, we initiate the OUD installation. For ORACLE_HOME we have to choose the same directory as using for the FMW infrastructure. The INSTALL_TYPE is set to collocated mode.

$JAVA_HOME/bin/java -jar $SOFTWARE/fmw/fmw_12.2.1.3.0_oud.jar -silent \
  -responseFile $ETC_BASE/install.rsp \
  -invPtrLoc $ETC_BASE/oraInst.loc \
  -ignoreSysPrereqs -force \
  -novalidation ORACLE_HOME=$OUD_HOME \
  INSTALL_TYPE="Collocated Oracle Unified Directory Server (Managed through WebLogic server)"

In this newly created Oracle home directory we now have a collocated Oracle Unified Directory Server. These binaries can be used to deploy OUD and OUDSM in separate domains, in a single domain or just to deploy an OUDSM server.

Next Steps

For know we just have the OUD binaries. The next steps will be to deploy a OUD directory or proxy server using either oud-setup or oud-proxy-setup tool. Both tools can be used in command line mode, GUI mode or silently by specify the corresponding parameters. The statement below is an example to create an OUD directory server instance oud_demo for the base DN dc=postgasse,dc=org with 20 sample records.

$OUD_HOME/oud/oud-setup \
--cli \
--instancePath $OUD_INSTANCE_BASE/oud_demo/OUD \
--adminConnectorPort 4444 \
--rootUserDN cn=Directory\ Manager \
--rootUserPasswordFile $ETC_BASE/oud_demo_pwd.txt \
--ldapPort 1389 \
--baseDN dc=postgasse,dc=org \
--sampleData 20 \
--serverTuning jvm-default \
--offlineToolsTuning jvm-default \
--no-prompt \
--noPropertiesFile

Files and References

Below you find a few references related to Oracle Unified Directory:

  • Oracle JDK 8 Update 144 for ARM 32Bit VFP HardFP MOS Patch 26512975
  • Oracle Unified Directory FMW 12.2.1.3.0 MOS Patch 26270957
  • Oracle Unified Directory 12.2.1.3.0 on Oracle Technology Network
  • Oracle Software Delivery Cloud OSDC
  • Environment Scripts for OUD on www.oradba.ch
  • Github repository for the OUD environment scripts oudbase
  • OUD base environment installation script. It’s a bash script including a TAR.  oudbase_install.sh
  • OUD base environment as TAR archive without installation script.  oudbase_install.tgz
  • Github repository for the OUD environment scripts oudbase
  • Oracle Unified Directory 12c PS3 Released [2300623.1]
  • OUD 12c – How to Download and Install OUD 12c in Standalone Mode (with No Domain Configuration) [2298379.1]
  • OUD 12c: How to Install OUD 12c and OUDSM 12c in Collocated Mode (Under Same Domain) or Non-Collocated Mode (Under Separate Domains) [2303721.1]
  • OUD 12c: Understanding the Oracle Unified Directory 12c Installation Directories MW_HOME, PRODUCT_HOME, OUD ORACLE_HOME, DOMAIN_HOME WLS_HOME ORACLE_COMMON Home [2302813.1]
  • All Java SE Downloads on MOS [1439822.1]
  • Information Center: Using Oracle Unified Directory (OUD) [1419823.2]

Oracle Unified Directory to go on Raspberry Pi Zero

Recently I ran out of movies on one of my longer train rides. Coincidentally, I had my Raspberry Pi Zero with me and thought, “There’s Java running on it, right?”. Doesn’t Oracle Unified Directory also require a JVM? OK, I guess Raspberry Pi or ARM wasn’t in focus when Oracle defined the certified platforms of Unified Directory. But hey, I don’t want to set up a production environment, I just need a small project for a long train ride…

The aim is to setup an Raspberry Pi in OTG Mode, install Java and Oracle Unified Directory and configure a small Directory Server, available whenever you need an OUD instance :-). First of all, yes, it works. But before we begin, a few things we need

  • Raspberry Pi Zero I do use a Zero 1.3 without WiFi.
  • USB OTG host cable Dedicated cable supporting USB On-The-Go (OTG). Regular USB cables usually do not support OTG. See Wikipedia On-The-Go (OTG).
  • Raspbian-Image I do recommend the latest Raspbian Stretch Lite. See Raspbian.
  • Oracle JDK 8 for ARM I do use Oracle JDK 8 Update 144 for ARM 32Bit VFP HardFP MOS Patch 26512975. Other Java version are available on MOS Note 1439822.1.
  • Oracle Unified Directory 12.2.1.3 Available through Oracle Technology Network, Oracle Software Delivery Cloud or as My Oracle Support patch 26270957. See also OUD 12.2.1.3 documentation or MOS Note 2300623.1.
  • Temorary System to install OUD Although unified directory does work on ARM, the OUI installer does not. Due to this OUD first have to be “installed” on a supported system. But later more.
  • Environment Scripts for OUD This is optional but quite handy when working on OUD environments. See blog post Environment Scripts for OUD.

In the following chapters I’ll now go through the different steps to setup the OUD “on the go” device. I work primarily on MacOS. Therefore, the individual steps are related to this operating system, but can be easily adapted to other operating systems. Depending on your individual environment, you may skip one or the other step. Shall we get started?

Setup Raspberry Pi

Install Raspian OS

After download the latest release of Raspbian Stretch Lite, we have to create the SD card to setup the OS on raspberry pi. I usually prefer to do this via commandline. Other methods are decribed on www.raspberrypi.org.

PlugIn the SD card and identify the disk via diskutil list. My SD Card is identified disk2. Your output may look different.

soe@gaia:~/ [ic12102] diskutil list
...

/dev/disk2 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *32.0 GB disk2
1: Windows_NTFS SD Card 32.0 GB disk2s1

Unmount the disk

soe@gaia:~/ [ic12102] diskutil unmountDisk /dev/disk2
Unmount of all volumes on disk2 was successful

Copy the Raspian image to the SD card.

soe@gaia:~/ sudo dd bs=1m \
if=/Data/ISO-Images/2017-09-07-raspbian-stretch-lite.img \
of=/dev/rdisk2 conv=sync

1768+1 records in
1769+0 records out
1854930944 bytes transferred in 73.667297 secs (25179843 bytes/sec)

soe@gaia:~/ [ic12102] diskutil list
...

/dev/disk2 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *32.0 GB disk2
1: Windows_FAT_32 boot 43.8 MB disk2s1
2: Linux 1.8 GB disk2s2

That’s it, the OS basically has been setup. But before we plug the SD card into the Raspberry Pi we first have to configure the OTG mode.

Configure OTG Mode

Configuring the OTG mode is straight forward, since the latest Rasbian OS does provide all. Eg. modules, kernel, etc. You just have to adjust the boot configuration.

Update cmdline.txt and add the g_ether module. You have to add modules-load=dwc2,g_ether after rootwait and before quiet. If you use vi to edit cmdline.txt your fine. But if you do use an other editor make sure you do not change the file suffix or add extra lines or line breaks to the file cmdline.txt. Everything must be on one line.
Change to the boot directory on the SD Card. Mounted as /Volumes/boot on my Mac.

soe@gaia:~/ [ic12102] cd /Volumes/boot

Update cmdline.txt

soe@gaia:/Volumes/boot/ [ic12102] vi cmdline.txt

dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=11eccc69-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait modules-load=dwc2,g_ether quiet init=/usr/lib/raspi-config/init_resize.sh

Update config.txt and add dtoverlay=dwc2 at the end of the file.

soe@gaia:/Volumes/boot/ [ic12102] vi config.txt

As last task, make sure to create an empty file named ssh in the boot folder. This tells Raspian to configure and start the ssh daemon at first system boot. Unmount the SD card and the basic OS setup is finished.

soe@gaia:/Volumes/boot/ [ic12102] touch ssh
soe@gaia:/Volumes/boot/ [ic12102] cd
soe@gaia:~/ [ic12102] diskutil unmountDisk /dev/disk2
Unmount of all volumes on disk2 was successful

Now put the SD card back in your Raspberry Pi Zero and plug in the USB cable. The first system boot will take slightly longer, since the filesystem is getting extended to the maximum size of the SD card. To be on the safe side, wait up to 5 minutes and then try to login via ssh.

soe@gaia:~/ [ic12102] ssh pi@raspberrypi.local

The Raspberry Pi Zero is now ready as headless server in OTG mode.

Setup Environment

General Configuration

This step is not really mandatory, nevertheless I do prefer to adjust a few configuration settings on my pi. First of all upgrade OS to the latest release using apt-get.

pi@raspberrypi:~ $ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

By default the Raspberry Pi hostname is set to raspberrypi. If you do have several Raspberry Pi’s it makes sense to assign names. In my case I do set the hostname to oud2go by changing /etc/hostname and /etc/hosts. In both files you have to replace raspberry with the new name.

pi@raspberrypi:~ $ sudo vi /etc/hostname
pi@raspberrypi:~ $ sudo vi /etc/hosts
pi@raspberrypi:~ $ sudo reboot

sudo: unable to resolve host raspberrypi: Connection timed out
Connection to raspberrypi.local closed by remote host.
Connection to raspberrypi.local closed.

As soon the Pi is back it’s now available by its new name.

soe@gaia:~/ [ic12102] ssh pi@oud2go.local
The authenticity of host 'oud2go.local (fe80::6554:bfdd:7283:3fa9%bridge100)' can't be established.
ECDSA key fingerprint is SHA256:E7WxvWlYDOi0RLNJxEu7rrmA9PH+GlwEJsz0OdHSgCY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '
oud2go.local,fe80::6554:bfdd:7283:3fa9%bridge100' (ECDSA) to the list of known hosts.
pi@oud2go.local'
s password:
Linux oud2go 4.9.41+ #1023 Tue Aug 8 15:47:12 BST 2017 armv6l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Sep 7 16:22:54 2017 from fe80::acde:48ff:fe00:3364%usb0

SSH is enabled and the default password for the 'pi' user has not been changed.
This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.
pi@oud2go.local:~ $

It is a good moment to adjust the time zone from UTC to an appropriate for your Raspberry Pi’s. This can either be done using raspi-config or dpkg-reconfigure.

root@oud2go:~# dpkg-reconfigure tzdata

Current default time zone: 'Europe/Zurich'
Local time is now: Mon Oct 30 19:55:21 CET 2017.
Universal Time is now: Mon Oct 30 18:55:21 UTC 2017.

Change the softlinks for localtime will also do the job.

root@oud2go:~# ln -s -f /usr/share/zoneinfo/Europe/Zurich /etc/localtime

Oracle User

In the oracle context it is common practice to create a dedicated user and group. To keep it simple and clear I name it oracle. Indeed I did set up the environment as described in post about the OUD Base environment.

root@oud2go:~# groupadd --gid 1010 oinstall
root@oud2go:~# useradd --create-home --gid oinstall --shell /bin/bash \
--groups oinstall oracle

To install the OUD software, instance and scripts I do use a limited OFA directory structure. See also my Blog Post on OUD Base.

root@oud2go:~# mkdir -p /u00 /u01
root@oud2go:~# mkdir -p /u00/app/oracle
root@oud2go:~# mkdir -p /u00/app/oracle/etc /u00/app/oracle/local
root@oud2go:~# mkdir -p /u00/app/oracle/product /u00/app/oracle/software

root@oud2go:~# chmod a+xr /u00 /u01
root@oud2go:~# chown oracle:oinstall -R /u00 /u01

The newly created user should be allowed to use sudo similar the pi. For this a new sudoers file has to be created.

root@oud2go:~# echo "oracle ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/020_oracle-nopasswd
root@oud2go:~# chmod 440 /etc/sudoers.d/020_oracle-nopasswd

As the last custom configuration I usually distribute the ssh key’s to allow login without password authentication. You only have to include your public key in the file authorized_keys. Lets create the required .ssh user directory for root, pi and the user oracle.

root@oud2go:~# mkdir .ssh
root@oud2go:~# vi .ssh/authorized_keys
root@oud2go:~# chmod 600 .ssh/authorized_keys
root@oud2go:~# chmod 700 .ssh/
root@oud2go:~# cp -r .ssh /home/oracle
root@oud2go:~# cp -r .ssh /home/pi
root@oud2go:~# chown -R pi:pi /home/pi/.ssh
root@oud2go:~# chown -R oracle:oinstall /home/oracle/.ssh

One more thing. Until now all user still have some default password. It’s more than appropriate to change the passwords for the user root, pi and oracle.

root@oud2go:~# passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@oud2go:~# passwd pi
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@oud2go:~# passwd oracle
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Install OUD Base

Install the OUD Base environment scripts according to blog post OUD Base. First we have to get the install scripts using curl.

oracle@oud2go:~ $ cd /u00/app/oracle
oracle@oud2go:/u00/app/oracle $ curl --cookie-jar /tmp/cookie-jar.txt \
--location-trusted "https://github.com/oehrlis/oudbase/raw/master/build/oudbase_install.sh" \
-o oudbase_install.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 147 100 147 0 0 141 0 0:00:01 0:00:01 --:--:-- 141
100 25556 100 25556 0 0 16704 0 0:00:01 0:00:01 --:--:-- 60273
oracle@oud2go:/u00/app/oracle $ chmod 755 oudbase_install.sh

The installation is straight forward. Just run oudbase_install.sh and specify the ORACLE_BASE directory. More options are available via oudbase_install.sh -h.

oracle@oud2go:/u00/app/oracle/ [oud_pi] ./oudbase_install.sh -v -b /u00/app/oracle
2017-11-13_21:13:23 START: Start of oudbase_install.sh (Version 0.1) with -v -b /u00/app/oracle
2017-11-13_21:13:23 INFO : processing commandline parameter
2017-11-13_21:13:23 Using the following variable for installation
2017-11-13_21:13:23 ORACLE_BASE = /u00/app/oracle
2017-11-13_21:13:23 OUD_BASE = /u00/app/oracle
2017-11-13_21:13:23 OUD_DATA = /u00/app/oracle
2017-11-13_21:13:23 ORACLE_INSTANCE_BASE = /u00/app/oracle/instances
2017-11-13_21:13:23 ORACLE_HOME_BASE = /u00/app/oracle/middleware
2017-11-13_21:13:23 OUD_BACKUP_BASE = /u00/app/oracle/backup
2017-11-13_21:13:23 SCRIPT_FQN = /u00/app/oracle/oudbase_install.sh
2017-11-13_21:13:23 Installing OUD Environment
2017-11-13_21:13:23 Create required directories in ORACLE_BASE=/u00/app/oracle
2017-11-13_21:13:23 Create Directory /u00/app/oracle/local/log
2017-11-13_21:13:23 Create Directory /u00/app/oracle/local/etc
2017-11-13_21:13:23 Create Directory /u00/app/oracle/local
2017-11-13_21:13:23 Create Directory /u00/app/oracle/backup
2017-11-13_21:13:23 Create Directory /u00/app/oracle/instances
2017-11-13_21:13:23 Extracting file into /u00/app/oracle/local
bin/
bin/oud_backup.sh
bin/oud_export.sh
bin/oud_status.sh
bin/oudenv.sh
config/
certificates/
doc/
doc/README.md
etc/
etc/oud._DEFAULT_.conf
etc/oudenv.conf
etc/oudtab
lib/
log/
templates/
templates/.bash_profile
templates/cron.d/
templates/etc/
templates/ldif/
templates/logrotate.d/
templates/logrotate.d/oud
templates/ldif/oud_pi_init.ldif
templates/etc/install.rsp
templates/etc/oraInst.loc
templates/etc/oud_instance.service
templates/etc/wls_oudsm.service
templates/cron.d/oud
2017-11-13_21:13:23 Store customization for OUD_DATA (/u00/app/oracle)
2017-11-13_21:13:23 Store customization for OUD_BASE (/u00/app/oracle)
2017-11-13_21:13:23 Store customization for ORACLE_BASE (/u00/app/oracle)
2017-11-13_21:13:23 Please manual adjust your .bash_profile to load / source
2017-11-13_21:13:23 your OUD Environment
2017-11-13_21:13:23 END : of oudbase_install.sh

To start using OUD Base you have to update your .profile file with the following lines.

# Check OUD_BASE and load if necessary
if [ "${OUD_BASE}" = "" ]
then
if [ -f "${HOME}/.OUD_BASE" ]
then
. "${HOME}/.OUD_BASE"
else
echo "ERROR: Could not load ${HOME}/.OUD_BASE"
fi
fi

# define an oudenv alias
alias oud=". $(find $OUD_BASE -name oudenv.sh)"

# source oud environment
. $(find $OUD_BASE -name oudenv.sh)

Install Oracle Software

Install Java

Since a while, Oracle does also provide Java for Raspberry Pi respectively ARM. See Oracle Java on Raspberry Pi. For OUD it’s recommend to use Oracle Java 8 rather than OpenJDK. You can download either download OracleJDK on Java SE Development Kit 8 Downloads or via My Oracle Support. I do prefer the download via My Oracle Support, since this method allows the use of wget or curl.

Create a .netrc file for curl.

oracle@oud2go:~/ [oud_pi] cd /u00/app/oracle/software
oracle@oud2go:/u00/app/oracle/software/ [oud_pi]
oracle@oud2go:/u00/app/oracle/software/ [oud_pi] echo "machine login.oracle.com login password " >.netrc

Download JDK from My Oracle Support:

oracle@oud2go:/u00/app/oracle/software/ [oud_pi] export JAVA_URL="https://updates.oracle.com/Orion/Services/download/p26512975_180144_Linux_VFP.zip?aru=21442384&amp;patch_file=p26512975_180144_Linux_VFP.zip"
oracle@oud2go:/u00/app/oracle/software/ [oud_pi] export JAVA_PKG="p26512975_180144_Linux_VFP.zip"
oracle@oud2go:/u00/app/oracle/software/ [oud_pi] curl --netrc-file .netrc --cookie-jar cookie-jar.txt --location-trusted $JAVA_URL -o $JAVA_PKG
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 1959 0 1959 0 0 820 0 --:--:-- 0:00:02 --:--:-- 1839
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0
100 77.6M 100 77.6M 0 0 3262k 0 0:00:24 0:00:24 --:--:-- 3578k

Install the JDK as root:

oracle@oud2go:/u00/app/oracle/software/ [oud_pi] sudo su -
root@oud2go:~# unzip -p /u00/app/oracle/software/$JAVA_PKG *tar* |tar zvx -C /usr/java

# set the JAVA alternatives directories and links
root@oud2go:~# export JAVA_DIR=$(ls -1 -d /usr/java/*)
root@oud2go:~# ln -s $JAVA_DIR /usr/java/latest
root@oud2go:~# ln -s $JAVA_DIR /usr/java/default

root@oud2go:~# update-alternatives --install /usr/bin/java java $JAVA_DIR/bin/java 20000
update-alternatives: using /usr/java/jdk1.8.0_144/bin/java to provide /usr/bin/java (java) in auto mode

root@oud2go:~# update-alternatives --install /usr/bin/javac javac $JAVA_DIR/bin/javac 20000
update-alternatives: using /usr/java/jdk1.8.0_144/bin/javac to provide /usr/bin/javac (javac) in auto mode

root@oud2go:~# update-alternatives --install /usr/bin/jar jar $JAVA_DIR/bin/jar 20000
update-alternatives: using /usr/java/jdk1.8.0_144/bin/jar to provide /usr/bin/jar (jar) in auto mode

root@oud2go:~# which java
/usr/bin/java

root@oud2go:~# java -version
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) Client VM (build 25.144-b01, mixed mode)

Install OUD

In principle, one should be able to install OUD directly on the Respberry Pi. OUD is unpacked and installed directly with java. But the Oracle Universal Installer or at least a small part of the installation does not work on the ARM platform. Due to this you have to install OUD on an other OS and move the installation directory onto your Raspberry Pi. In my case I do use my MacBook Pro to temporarily install OUD. Alternatively you may also copy the OUD installation from my OUD docker image. But that’s an other story. I’ll post on this topic in a couple of days.

Prepare the download installation path, variables .netca file.

soe@gaia:~/ [ic12102] export DOWNLOAD=/tmp/download
soe@gaia:~/ [ic12102] mkdir -p $DOWNLOAD
soe@gaia:~/ [ic12102] chmod 777 $DOWNLOAD

soe@gaia:~/ [ic12102] export FMW_OUD_URL="https://updates.oracle.com/Orion/Services/download/p26270957_122130_Generic.zip?aru=21504981&amp;patch_file=p26270957_122130_Generic.zip"
soe@gaia:~/ [ic12102] export FMW_OUD_PKG="p26270957_122130_Generic.zip"
soe@gaia:~/ [ic12102] export FMW_OUD_JAR=fmw_12.2.1.3.0_oud.jar

soe@gaia:~/ [ic12102] echo "machine login.oracle.com login password " >/tmp/download/.netrc

soe@gaia:~/ [ic12102] curl --netrc-file /tmp/download/.netrc --cookie-jar \
 /tmp/download/cookie-jar.txt  --location-trusted $FMW_OUD_URL \
 -o $DOWNLOAD/$FMW_OUD_PKG

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 1927 0 1927 0 0 963 0 --:--:-- 0:00:02 --:--:-- 1715
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0
100 404M 100 404M 0 0 1847k 0 0:03:44 0:03:44 --:--:-- 1689k

Create a bunch of local Directories in ORACLE_BASE

soe@gaia:~/ [ic12102] export ORACLE_BASE=/u00/app/oracle
soe@gaia:~/ [ic12102] mkdir -p $ORACLE_BASE/etc $ORACLE_BASE/product

To install OUD in silent mode, we need a response file. For OUD this is a simple and straight forward text file.

soe@gaia:~/ [ic12102] echo "[ENGINE]" > $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] echo "Response File Version=1.0.0.0.0" >> $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] echo "[GENERIC]" >> $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] echo "DECLINE_SECURITY_UPDATES=true" >> $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] echo "SECURITY_UPDATES_VIA_MYORACLESUPPORT=false" >> $ORACLE_BASE/etc/install.rsp

The installer does also require a OraInventory Location file:

soe@gaia:~/ [ic12102] echo "inventory_loc=$ORACLE_BASE/oraInventory" > $ORACLE_BASE/etc/oraInst.loc
soe@gaia:~/ [ic12102] echo "inst_group=oinstall" >> $ORACLE_BASE/etc/oraInst.loc

The JAR and the response file will then be used to install OUD in silent mode

soe@gaia:/tmp/download/ [ic12102] java -jar $DOWNLOAD/$FMW_OUD_JAR -silent \
 -responseFile $ORACLE_BASE/etc/install.rsp \
 -invPtrLoc $ORACLE_BASE/etc/oraInst.loc \
 -ignoreSysPrereqs -force \
 -novalidation ORACLE_HOME=$ORACLE_BASE/product/fmw12.2.1.3.0 \
 INSTALL_TYPE="Standalone Oracle Unified Directory Server (Managed independently of WebLogic server)"

Launcher log file is /private/var/folders/80/xtg0v0r16sl6z5sjmxhkvr540000gn/T/OraInstall2017-10-30_08-47-41PM/launcher2017-10-30_08-47-41PM.log.
Extracting the installer . . . . . Done
Checking if CPU speed is above 300 MHz. Actual 2969.6 MHz Passed
Checking swap space: must be greater than 512 MB. Actual 257166 MB Passed
Checking if this platform requires a 64-bit JVM. Actual 64 Passed
Checking temp space: must be greater than 300 MB. Actual 257166 MB Passed
Preparing to launch the Oracle Universal Installer from /private/var/folders/80/xtg0v0r16sl6z5sjmxhkvr540000gn/T/OraInstall2017-10-30_08-47-41PM
Log: /private/var/folders/80/xtg0v0r16sl6z5sjmxhkvr540000gn/T/OraInstall2017-10-30_08-47-41PM/install2017-10-30_08-47-41PM.log
Setting ORACLE_HOME to /u00/app/oracle/product/fmw12.2.1.3.0
Setting INSTALL_TYPE to Standalone Oracle Unified Directory Server (Managed independently of WebLogic server)
Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved.
Reading response file..
Skipping Software Updates
Validations are disabled for this session.
Verifying data
Copying Files
Percent Complete : 10
Percent Complete : 20
Percent Complete : 30
Percent Complete : 40
Percent Complete : 50
Percent Complete : 60
Percent Complete : 70
Percent Complete : 80
Percent Complete : 90
Percent Complete : 100

The installation of Oracle Unified Directory 12.2.1.3.0 completed successfully.
Logs successfully copied to /u00/app/oracle/oraInventory/logs.

Copy the OUD binaries to your Raspberry Pi.

soe@gaia:~/ [ic12102] scp -r /u00/app/oracle/product/fmw12.2.1.3.0 oracle@oud2go.local:/u00/app/oracle/product

Clean up the temporary installation on the MacBook Pro:

soe@gaia:~/ [ic12102] rm -rf $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] rm -rf $ORACLE_BASE/etc/oraInst.loc
soe@gaia:~/ [ic12102] rm -rf $ORACLE_BASE/oraInventory
soe@gaia:~/ [ic12102] rm -rf $ORACLE_BASE/product/fmw12.2.1.3.0
soe@gaia:~/ [ic12102] rm -rf /tmp/download

Thats it. You not have your OUD software on your pi. Now lets create an OUD instance.

Setup OUD Directory Server

Depending on your need, you may create an OUD directory server or an OUD proxy server. The setup scripts can either be execute interactive via GUI or command line or as on command. On my Raspberry Pi I do setup a directory server with just one command.

Create a password file for the OUD instance oud_pi_pwd.txt

oracle@oud2go:/u00/app/oracle/ [oud_pi] echo "manager" >/u00/app/oracle/local/etc/oud_pi_pwd.txt

Create the OUD directory server for Base DN dc=postgasse,dc=org with a bunch of dummy entries using oud-setup.

oracle@oud2go:/u00/app/oracle/ [oud_pi] $ORACLE_HOME/oud/oud-setup \
--cli \
--instancePath /u00/app/oracle/instances/oud_pi/OUD \
--adminConnectorPort 4444 \
--rootUserDN cn=Directory\ Manager \
--rootUserPasswordFile /u00/app/oracle/local/etc/oud_pi_pwd.txt \
--ldapPort 1389 \
--baseDN dc=postgasse,dc=org \
--sampleData 20 \
--serverTuning jvm-default \
--offlineToolsTuning jvm-default \
--no-prompt \
--noPropertiesFile

Oracle Unified Directory 12.2.1.3.0
Please wait while the setup program initializes...

Creating instance directory /u00/app/oracle/instances/oud_pi/OUD ..... Done.
See /u00/app/oracle/instances/oud_pi/OUD/logs/oud-setup for a detailed log of
this operation.

Configuring Directory Server ......... Done.
Importing Automatically-Generated Data (20 Entries) ....................................... Done.
Starting Directory Server ........................................ Done.

To see basic server configuration status and configuration you can launch
/u00/app/oracle/instances/oud_pi/OUD/bin/status

That’s it, we now have an empty directory server with 20 sample records 🙂 Since the Raspberry Pi only has limited resources, I’ve just configure the LDAP port. For a simple test and engineering system LDAPS is not really required. Specially because we do not setup any EUS integration.

Conclusion

It works… but the directory server is far away from a high performance setup. Nevertheless it’s a nice and handy setup for simple engineering work and simple demos. Striving for a bit more performance? You may also setup OUD in a docker container. I’ll provide more information on this topic in a couple of day’s. If you can’t wait, take a look at my Docker OUD Repository on GitHub now (docker-oud or docker-oudsm).

Files and References

Below you find a few references related to Raspberry Pi, USB OTG or Oracle Unified Directory:

Software related to this project:

  • Raspbian Stretch Lite latest
  • Oracle JDK 8 Update 144 for ARM 32Bit VFP HardFP MOS Patch 26512975
  • Oracle Unified Directory 12.2.1.3.0 on Oracle Technology Network
  • Oracle Software Delivery Cloud OSDC
  • Oracle Unified Directory FMW 12.2.1.3.0 MOS Patch 26270957
  • OUD base environment installation script. It’s a bash script including a TAR.  oudbase_install.sh
  • OUD base environment as TAR archive without installation script.  oudbase_install.tgz

My Oracle Support Notes:

  • Oracle Unified Directory 12c PS3 Released [2300623.1]
  • All Java SE Downloads on MOS [1439822.1]
  • Information Center: Using Oracle Unified Directory (OUD) [1419823.2]

Articles in DOAG Red Stack Magazin

A while ago I wrote two articles for the DOAG Red Stack Magazin. In the meantime both articles have been published. For this reason I use the opportunity to make the PDF versions of the articles available on oradba.ch. The articles are written in German and available as Trivadis version as well Red Stack version. Although the articles versions differ only in the number of typos and layout.

None of the articles are currently available in english. On request I will write also articles about Oracle Unified Directory in English in the future. However, currently I still have a lot of ideas for blog posts about database security, enterprise user security and unified directory on my to-do list. And blog posts I usually write in english… 🙂

Start ODSM on boot using systemd

A couple of month ago I wrote blog on how to start Oracle Unified Directory (OUD) on system boot (see Start OUD Servers on Boot using systemd) using a unit file and systemd. Quite a simple and straightforward way to start OUD. Why not using the same approach for ODSM? This can be easily implemented, because my weblog infrastructure is only used for the ODSM domain.

Boot Properties File for ODSM

Normally the credentials must be specified when the weblogic server is started. To avoid this, a boot.properties file is defined. This file does contain the username and password of the weblogic admin. Excerpt from my weblogic startup log including the prompt for username and password.

...
<sep 7, 2017 6:01:09 AM CEST> <info> <weblogicserver> <bea -000377> <starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 24.141-b31 from Oracle Corporation>
<sep 7, 2017 6:01:10 AM CEST> <info> <management> <bea -141107> <version: WebLogic Server 10.3.6.0.170418 PSU Patch for BUG25388747 WED MAR 21 18:34:42 IST 2017
WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050 >
<sep 7, 2017 6:01:11 AM CEST> <info> <security> <bea -090065> <getting boot identity from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<sep 7, 2017 6:01:39 AM CEST> <notice> <weblogicserver> <bea -000365> <server state changed to STARTING>
<sep 7, 2017 6:01:39 AM CEST> <info> <workmanager> <bea -002900> <initializing self-tuning thread pool>
...

ODSM just has an admin server. So let’s create the boot.properties file in the security folder of the admin server. Since this security directory may not already exist, we must create it beforehand. On my environment I’ve put the user projects outside of my middleware folder in /u00/app/oracle/user_projects. The working directory for the next couple of commands will be /u00/app/oracle/user_projects/domains/ODSM_domain.

cd /u00/app/oracle/user_projects/domains/ODSM_domain

ls servers/AdminServer
adr  cache  data  logs  sysman  tmp

mkdir -p servers/AdminServer/security
touch servers/AdminServer/security/boot.properties

Add values for username and password to the boot.properties file.

vi servers/AdminServer/security/boot.properties

username=weblogic
password=manager

The boot.properties file fortunately does not stay like this. so. During the first start of the weblogic server, the username and password is encrypted with AES.

cat servers/AdminServer/security/boot.properties
#Thu Sep 07 06:34:11 CEST 2017
password={AES}lCtDx2TYm8rHZt/n9CiwmCgbiPjE+noBdyI+1MmJ21o\=
username={AES}4ROGb6gIkFWhqQA6uoV2mTN7cZy/jdM/pUO4aDbB74k\=

Unit File for ODSM

After the weblogic server can now be started without password input, one only need the corresponding unit file to automatically start the ODSM domain during system boot. The unit file will be created as root in the folder /usr/lib/systemd/system. For my environment I do create the following unity file. Working directory, domain name, user name etc has to be adjusted accordingly for other environments. Add the following content to the new unit file.

sudo vi /usr/lib/systemd/system/wls_odsm.service

# -----------------------------------------------------------------------
#  Trivadis AG, Infrastructure Managed Services
#  Saegereistrasse 29, 8152 Glattbrugg, Switzerland
# -----------------------------------------------------------------------
#  File-Name........: wls_odsm.service
#  Author...........: Stefan Oehrli, stefan.oehrli at trivadis.com
#  Date.............: 07. Sept 2017
#  Revision.........: 1.0
#  Purpose..........: Unit file for ODSM domain
#  Usage............: systemctl enable wls_odsm.service
#  Notes............: --
# -----------------------------------------------------------------------
#  Revision history.:  
#  07.09.2017  soe     initial release
# -----------------------------------------------------------------------

[Unit]
Description=WLS ODSM Instance
Wants=network.target
After=network.target
 
[Service]
Type=simple
User=oracle
Group=osdba
WorkingDirectory=/u00/app/oracle/user_projects/domains/ODSM_domain
ExecStart=/u00/app/oracle/user_projects/domains/ODSM_domain/startWebLogic.sh
ExecStop=/u00/app/oracle/user_projects/domains/ODSM_domain/bin/stopWebLogic.sh
StandardOutput=syslog
 
[Install]
WantedBy=multi-user.target

As soon as we have the new unit file we have to enable the service. This also creates a softlink in /etc/systemd/system/multi-user.target.wants to the new unit file.

sudo systemctl enable wls_odsm.service
Created symlink from /etc/systemd/system/multi-user.target.wants/wls_odsm.service to /usr/lib/systemd/system/wls_odsm.service.

Start the admin server for the ODSM domain using systemctl.

sudo systemctl start wls_odsm.service

Stop the admin server for the ODSM domain using systemctl.

sudo systemctl stop wls_odsm.service

Display the status of the admin server for the ODSM domain.

sudo systemctl status wls_odsm.service
 wls_odsm.service - WLS ODSM Instance
   Loaded: loaded (/usr/lib/systemd/system/wls_odsm.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-09-07 06:55:25 CEST; 1min 32s ago
 Main PID: 10645 (startWebLogic.s)
   CGroup: /system.slice/wls_odsm.service
           ├─10645 /bin/sh /u00/app/oracle/user_projects/domains/ODSM_domain/startWebLogic.sh
           ├─10648 /bin/sh /u00/app/oracle/user_projects/domains/ODSM_domain/bin/startWebLogic.sh
           └─10695 /u00/app/oracle/product/jdk1.7.0_141/bin/java -server -Xms256m -Xmx512m -XX:MaxPermSize=512m -Dweblogic.Name=AdminServer -Djava.security.polic...

Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[4]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default" is now listening on fd1...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[1]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[5]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[6]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <server> <bea -002613> <channel "Default[7]" is now listening on ...p, http.>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <weblogicserver> <bea -000329> <started WebLogic Admin Server "Ad...ion Mode>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <warning> <server> <bea -002611> <hostname "
localhost", maps to multiple I...:0:0:0:1>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <weblogicserver> <bea -000365> <server state changed to RUNNING>
Sep 07 06:56:19 euterpe startWebLogic.sh[10645]: <sep 7, 2017 6:56:19 AM CEST> <notice> <weblogicserver> <bea -000360> <server started in RUNNING mode>
Hint: Some lines were ellipsized, use -l to show in full.

All in all, a simple and easy way to start the ODSM automatically at system boot.

Reference

Some references and links to MOS Notes:

Oracle Unified Directory 12 Released

Finally end of working day. But while reading some newsletter and mails on my way home, I realised that there will be some work at home. After a long wait, Oracle has finally released Oracle Unified Directory 12c 🙂

A overview of the new features:

  • Improved performance and scalability
  • Support for TNS aliases for Oracle Unified Directory deployments with Oracle Enterprise User Security (EUS) configured
  • Support for TLS 1.2 Protocols and Cipher Suites
  • Password-Based Key Derivation Function 2 Password Storage Schemes
  • ODSM Rebranding
  • Support for new log publishers that are configurable via OUDSM
  • Support for the Upgrade OUD Instance script
  • Support for WebLogic Scripting Tool provisioning commands
  • Support for new log publishers that are configurable via OUDSM
  • Support for Oracle Fusion Middleware configuration tools
  • Support for Oracle WebLogic Server 12.2.1.3
  • Support for Oracle JDK 1.8

See Fusion Middleware Release Notes What’s New in Oracle Identity Management 12c (12.2.1.3.0) for a full list of new features.

Links related to Oracle Unified Directory 12c:

Stay tuned, I’ll definitely write more blog posts on Oracle Unified Directory 12 soon.

Start OUD Servers on Boot using systemd

Starting Oracle Unified Directory on system boot is essential for production environment. Unfortunately OUD just provides a script to create the init.d script. But newer system in general use systemd initialise and startup. Nevertheless, creating a custom unit file for OUD is simple and straightforward. First, let’s create a regular init.d script with the create-rc-script from oud. The created custom script can be used as template for the systemd unit file.

create-rc-script does allow a couple of parameter to specify the script name, OS user for OUD and the JAVA_HOME. The following example of create-rc-script does show how to create a regular start script for OUD instance oud_ad_proxy.

export OUD_HOME=/u00/app/oracle/instances/oud_ad_proxy
export JAVA_HOME=/u00/app/oracle/product/jdk1.7.0_141

cd $OUD_HOME/OUD/bin
create-rc-script -f oud_ad_proxy.sh -u oracle -j $JAVA_HOME

This does create the following bornshell script for init.d.

#!/bin/sh
#
# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
#
#
# chkconfig: 345 90 30
# description: Oracle Unified Directory startup script
#


# Set the path to the Oracle Unified Directory instance to manage
INSTALL_ROOT="/u00/app/oracle/instances/oud_ad_proxy/OUD"
export INSTALL_ROOT

# Specify the path to the Java installation to use
OPENDS_JAVA_HOME="/u00/app/oracle/product/jdk1.7.0_141"
export OPENDS_JAVA_HOME

# Determine what action should be performed on the server
case "${1}" in
start)
  /bin/su - oracle -- "${INSTALL_ROOT}/bin/start-ds" --quiet
  exit ${?}
  ;;
stop)
  /bin/su - oracle -- "${INSTALL_ROOT}/bin/stop-ds" --quiet
  exit ${?}
  ;;
restart)
  /bin/su - oracle -- "${INSTALL_ROOT}/bin/stop-ds" --restart --quiet
  exit ${?}
  ;;
*)
  echo "Usage:  $0 { start | stop | restart }"
  exit 1
  ;;
esac

The same start / stop commands can now be used in the unit file. So let’s create a new custom unit file in /etc/systemd/system. The unit file is named according the old instance.

sudo vi /etc/systemd/system/oud_ad_proxy.service

Add the following content to the new unit file.

[Unit]
Description=OUD AD Proxy Instance oud_ad_proxy
Wants=network.target
After=network.target

[Service]
Type=forking
User=oracle
Group=osdba
Environment=OPENDS_JAVA_HOME="/u00/app/oracle/product/jdk1.7.0_141"
ExecStart=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/start-ds --quiet
ExecStop=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/stop-ds --quiet
ExecReload=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/stop-ds --restart --quiet
StandardOutput=syslog

[Install]
WantedBy=multi-user.target

As soon as we have the new unit file we have to enable the service.

sudo systemctl enable oud_ad_proxy.service

Start the OUD instance using systemctl.

sudo systemctl start oud_ad_proxy.service

Stop the OUD instance using systemctl.

sudo systemctl stop oud_ad_proxy.service

Display the status of the OUD service.

sudo systemctl status oud_ad_proxy.service

 oud_ad_proxy.service - OUD AD Proxy Instance oud_ad_proxy
   Loaded: loaded (/etc/systemd/system/oud_ad_proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2017-05-16 22:41:09 CEST; 28s ago
  Process: 18300 ExecStop=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/stop-ds --quiet (code=exited, status=0/SUCCESS)
  Process: 18397 ExecStart=/u00/app/oracle/instances/oud_ad_proxy/OUD/bin/start-ds --quiet (code=exited, status=0/SUCCESS)
 Main PID: 18477 (java)
   CGroup: /system.slice/oud_ad_proxy.service
           └─18477 /u00/app/oracle/product/jdk1.7.0_141/jre/bin/java -server -Dorg.opends.server.scriptName=start-ds org.opends.server.core.DirectoryServer --configClass org.opends.server.extensions.ConfigFileHandler -...

May 16 22:41:01 euterpe systemd[1]: Starting OUD AD Proxy Instance oud_ad_proxy...
May 16 22:41:09 euterpe systemd[1]: Started OUD AD Proxy Instance oud_ad_proxy.

Some references and links to MOS Notes:

Environment Scripts for OUD

At Trivadis we do have the TVD-BasEnv™ to standardizes and simplifies the handling of environments for Oracle database and application server landscapes. This inspired me to create something similar for Oracle Unified Directory environments. Although current versions of TVD-BasEnv™ already support OUD and OID environment. I’ve had the situation, where I need some small and slimmed down environment scripts for dedicated OUD test servers. TVD-BasEnv™ is rather complex and brings a lot of nice features for Oracle Database environments with ASM, RAC, DataGuard and more stuff which is in general not required on a simple OUD server.

My OUD Base is basically just the oudenv.sh script, some configuration files and a bunch of aliases. The directory structure for the OUD binaries, scripts and configuration files is similar to what we use in TVD-BasEnv™ and based on OFA. It is written in bash and tested on my Oracle Linux VM’s and Raspberry Pi’s with Raspbian Jessy. It should also run on any other bash environment. Um, well OUD and Raspberry Pi? Yes I’ll explain this soon in an other blog post.

Setup the Environment

In general I do use a dedicated OS user for my Oracle installations. To keep it simple and clear I name it oracle. The following commands are run on my Raspberry Pi and therefore as OS user pi. Please adjust it accordingly. Create the user and the corresponding OS groups as pi user with sudo.

pi@oud2go:~ $ sudo adduser oracle
Adding user oracle ...
Adding new group oracle (1001) ...
Adding new user oracle (1001) with group oracle ...
Creating home directory /home/oracle ...
Copying files from /etc/skel ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for oracle
Enter the new value, or press ENTER for the default
    Full Name []: oracle
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n] y
pi@oud2go:~ $ sudo addgroup oinstall
Adding group oinstall (GID 1002) ...
Done.
pi@oud2go:~ $ sudo addgroup osdba
Adding group osdba (GID 1003) ...
Done.
pi@oud2go:~ $ sudo adduser oracle oinstall
Adding user oracle to group oinstall ...
Adding user oracle to group oinstall
Done.
pi@oud2go:~ $ sudo adduser oracle osdba
Adding user oracle to group osdba ...
Adding user oracle to group osdba
Done.

Create an ORACLE_BASE directory which is used for OUD and provide access to OS user oracle.

pi@pi2go:~ $ sudo mkdir -p /u00/app/oracle
pi@pi2go:~ $ sudo chown -R oracle:oinstall /u00/app/oracle

My OUD Base is available as Bash Install script with an embedded TAR ( oudbase_install.sh) or as plain TAR file ( oudbase_install.tgz). If you use the TAR file a few manuell configuration steps are required.

Install using oudbase_install.sh

This installation is straightforward as you can see in the usage.

2016-10-15_11:41:58  START: Start of oudbase_install.sh (Version 0.1) with
2016-10-15_11:41:58  INFO : Usage, oudbase_install.sh [-hv] [-b <oracle_base>]
2016-10-15_11:41:58  INFO :   [-i <oracle_instance_base>] [-m <oracle_home_base>] [-B <oud_backup_base>]
2016-10-15_11:41:58  INFO :
2016-10-15_11:41:58  INFO :   -h                          Usage (this message)
2016-10-15_11:41:58  INFO :   -v                          enable verbose mode
2016-10-15_11:41:58  INFO :   -b <oracle_base>            ORACLE_BASE Directory. Mandatory argument.
2016-10-15_11:41:58  INFO :   -i <oracle_instance_base>   Base directory for OUD instances (default $ORACLE_BASE/instances)
2016-10-15_11:41:58  INFO :   -m <oracle_home_base>       Base directory for OUD binaries (default $ORACLE_BASE/middleware)
2016-10-15_11:41:58  INFO :   -B <oud_backup_base>        Base directory for OUD backups (default $ORACLE_BASE/backup)
2016-10-15_11:41:58  INFO :
2016-10-15_11:41:58  INFO : Logfile : /u00/app/oracle/local/log/oudbase_install.log
2016-10-15_11:41:58  ERR  : Exit Code 1. Wrong amount of arguments. See usage for correct one.

We will just provide the ORACLE_BASE and use the default values for all other settings.

oracle@pi2go:~ $ ./oudbase_install.sh -v -b /u00/app/oracle
2016-10-15_11:44:03  START: Start of oudbase_install.sh (Version 0.1) with -v -b /u00/app/oracle
2016-10-15_11:44:03  INFO : processing commandline parameter
2016-10-15_11:44:03  Installing OUD Environment
2016-10-15_11:44:03  Create required directories in ORACLE_BASE=/u00/app/oracle
2016-10-15_11:44:03  Create Directory /u00/app/oracle/etc
2016-10-15_11:44:03  Create Directory /u00/app/oracle/local
2016-10-15_11:44:03  Create Directory /u00/app/oracle/backup
2016-10-15_11:44:03  Create Directory /u00/app/oracle/middleware
2016-10-15_11:44:03  Create Directory /u00/app/oracle/instances
2016-10-15_11:44:03  Extracting file into /u00/app/oracle/local
bin/
bin/oud_export.sh
bin/oud_backup.sh
bin/oudenv.sh
bin/oudbase_install.sh
bin/oud_status.sh
config/
certificates/
doc/
etc/
etc/oudtab
etc/oudenv.conf
etc/oud._DEFAULT_.conf
lib/
log/
log/oud_status.log
log/oud_export.log
log/oud_backup.log
log/oudbase_install.log
templates/
templates/cron.d/
templates/cron.d/oud
templates/.bash_profile
templates/ldif/
templates/ldif/oud_pi_init.ldif
templates/logrotate.d/
templates/logrotate.d/oud
2016-10-15_11:44:03  Please manual adjust your .profile to load / source your OUD Environment
2016-10-15_11:44:03  END  : of oudbase_install.sh

You have to change your bash profile to make sure that the environment is loaded. Just add the following lines.

oracle@pi2go:~ $ vi .profile
# Check OUD_BASE and load if necessary
if [ "${OUD_BASE}" = "" ]
  then
    if [ -f "${HOME}/.OUD_BASE" ]
      then
        . "${HOME}/.OUD_BASE"
      else
        echo "ERROR: Could not load ${HOME}/.OUD_BASE"
    fi
fi

# define an oudenv alias
alias oud='. ${OUD_BASE}/bin/oudenv.sh'

# source oud environment
. ${OUD_BASE}/bin/oudenv.sh

During the next logon you have the OUD Base available

Manual installation using oudbase_install.tgz

Ok, it is not really more complex just un-tar the file in a directory. Normally it is $ORACLE_BASE/local. Other directory probably have to be specified in the config file.

oracle@pi2go:~ $ cd /u00/app/oracle/
oracle@pi2go:~ $ mkdir local
oracle@pi2go:~ $ cd local
oracle@pi2go:~ $ tar zxvf oudbase_install.tgz

You also have to change your bash profile as mentioned above.

Examples

A few example how to use OUD Base to simplify OUD management.

Change environment to OUD instance oud_pi.

oracle@pi2go:~/ [oud_pi] oud_pi
Source environment for OUD Instance oud_pi
--------------------------------------------------------------
 Instance Name   : oud_pi
 Instance Home   : /u00/app/oracle/instances/oud_pi
 Oracle Home     : /u00/app/oracle/middleware/oud_11.1.2.3
 Instance Status : up
 LDAP Port       : 1389
 LDAPS Port      : 1636
 Admin Port      : 4444
 Replication Port: 8989
--------------------------------------------------------------

List available / running OUD instances using oudup or via alias u.

oracle@pi2go:~/ [oud_pi] oudup
TYPE INSTANCE   STATUS PORT HOME
---- ---------- ------ ---- ----------------------------------
OUD  oud_pi     up     4444 /u00/app/oracle/instances/oud_pi

Configuration and Architecture

Config Files

The OUD Base does have the following configuration files.

File Description
.OUD_BASE This is a simple file in the user home directory. It includes the pointer to the OUD Base directory. This file is used to initiate $OUD_BASE.
oudtab oudtab is a simple file which includes all OUD instance and there ports eg. default LDAP port, admin port, SSL port and replication port.
oudenv.conf This is the main configuration file for environment variables and aliases. It is loaded when an environment is set or changed. Location of oudenv.conf is $ETC_BASE.
oud._DEFAULT_.conf This configuration file for custom environment variables. Location of oud._DEFAULT_.conf is $ETC_BASE.
oud._INSTANCE_.conf This configuration file for custom environment variables for a dedicated OUD instance eg. oud_pi Location of oud._oud_pi_.conf is $ETC_BASE.

Directories and its variables

The following directory, environment variables and aliases are defined and used in OUD Base. Most of them are inspired by OFA (Oracle Flexible Architecture) and TVD-BasEnv™.

ENV Variable Alias Path Description
$ORACLE_BASE, $cdob cdob /u00/app/oracle Base directory for the oracle binaries
$OUD_BASE, $cdl cdl $ORACLE_BASE/local OUD Base directory with the scripts, config etc
cdl.bin $ORACLE_BASE/bin Scripts directory in OUD_BASE
$ETC_BASE, $etc etc, cdl.etc $ORACLE_BASE/etc OUD Base configuration directory
$LOG_BASE, $log log, cdl.log $ORACLE_BASE/log OUD Base log directory
$ORACLE_BASE/doc OUD Base documentation directory
$ORACLE_BASE/config Local directory for configuration files, LDIF etc to build an OUD instance
$ORACLE_BASE/certificates Local directory for certificates
$ORACLE_HOME, $cdh cdh $ORACLE_BASE/middleware/oud_11.1.2.3 Oracle Unified Directory binaries eg. 11.1.2.3
$JAVA_HOME /usr/lib/jvm/jre-1.7.0-oracle-1.7.0.101-1jpp.1.el7.x86_64 Java used for OUD
$OUD_INSTANCE_BASE, $cdib cdib $ORACLE_BASE/instances Base directory for the instance homes
oud_pi Alias to set environment for OUD instance oud_pi
$OUD_INSTANCE_HOME, $cdih cdih $ORACLE_BASE/instances/oud_pi OUD Instance Home directory for Instance oud_pi
$cdic cdic $OUD_INSTANCE_HOME/OUD/config Config directory for OUD instance oud_pi
$cdil cdil $OUD_INSTANCE_HOME/OUD/logs Log directory for OUD instance oud_pi

Variables

Variable besides the ones mentioned above.

Variable Description
$OUD_INSTANCE Name of the current OUD instance
$OUD_INST_LIST List of OUD instances taken from $OUDTAB
$PWD_FILE Password file for the OUD instance eg. ${ETC_BASE}/$OUD_INSTANCE_pwd.txt or ${ETC_BASE}/pwd.txt
$PORT OUD instance port taken from oudtab file
$PORT_ADMIN OUD instance admin port taken from oudtab file
$PORT_REP OUD instance replication port taken from oudtab file
$PORT_SSL OUD instance SSL port taken from oudtab file
$OUDTAB oudtab config file eg. ${ETC_BASE}/oudtab

Aliases

Alias Description
dsc dsconfig including hostname, $PORT_ADMIN and $PWD_FILE
dsrs dsreplication status
oud_pi OUD Base does generate an alias for each OUD instance based on its name. This allows to easily change the environment from one to an other OUD instance.
oud INSTANCE Use oud INSTANCE name to change the environment to a particular OUD instance
taa tea will do a tail -f on the OUD instance access log
tae tea will do a tail -f on the OUD instance error log
tas tea will do a tail -f on the OUD instance server.out log
tarep tea will do a tail -f on the OUD instance replication log
task task does run a manage-tasks with hostname, port etc parameter
u u runs oudup to display the current OUD Instances
vio vio opens the oudtab file eg. ${ETC_BASE}/oudtab

Conclusion

Although there is the possibility to use property files for OUD I’m still happy, that I have a bunch of aliases to set or change a few directories. Eg. jump to the log directory, view config files etc. Feel free to use the OUD Base as it is on your OUD environments at your own risk. It simplifies a few settings in particular if you have multiple OUD instance on one system. You may change, modify the scripts as you like. I can not guarantee, that the scripts do not have any errors or bugs. Please test before you start using them on a production environment.

Files and References

Below you find a few references related to Raspberry Pi, USB OTG or Oracle Unified Directory: