Tag Archives: trivadis

OUDbase environment scripts for Oracle Unified Directory Part 1

Almost two years ago I started writing environment scripts for my Oracle Unified Directory installations. At the beginning there were only 2-3 scripts, from which at some point a small project on GitHub emerged. A lot has changed since my blog post Environment Scripts for OUD. The current version of OUDbase (v1.5.5) has a number of useful functions that make working with OUD on the command line much easier. This is one reason it is time to write about OUDbase once again. Or better to start a small blog series.

Features at a Glance

At the end of the day, it’s just a script that sets a series of aliases and environment variables. But this script does exactly what it should, it simplifies the work of the administrator. Initially it has been developed for Oracle Unified Directory (OUD), but to a certain degree other Oracle directory server and tools like Oracle Unified Directory Services Manager (OUDSM), Oracle Directory Server Enterprise Edition (ODSEE) and Oracle Internet Directory (OID) are supported as well.

  • Support of various Oracle directory servers and tools
  • Support for Oracle directory servers on Docker
  • Small foot print and minimal requirements
  • Simple and quick installation
  • Auto-configure for common environments and Oracle homes
  • Provide a kind of OFA environment for Oracle directory servers
  • Flexible environment handling eg. easy switching between different environments
  • Alias definitions
  • Platform-independent
  • More flexible and powerful than… wait, there is not oraenv for Oracle directory servers 🙂
  • Customization of environment variables and aliases globally or per instance
  • Miscellaneous templates for cron.d, logrotate.d, systemd service and instance creation

In particular OUDbase provides the following scripts:

  • oudtab as a central configuration file for instance names, ports and directory types
  • oudenv.sh script to source and set the environment
  • oud_backup.sh script to backup specific or all Oracle Unified Directory instances
  • oud_export.sh script to export specific or all Oracle Unified Directory instances
  • oud_status.sh script to check the status of an Oracle Unified Directory instance including replication status
  • oud12c_eus template and scripts to create an Oracle Unified Directory server with Enterprise User Security integration
  • oud12c_eus_ad_proxy template and scripts to create an Oracle Unified Directory proxy server with Enterprise User Security and MS Active Directory integration
  • generic template and scripts as base for customisation

Requirements

OUDbase is modest. You just need a bash shell to run it and tar/gzip to install it. This is also one of the reasons why it perfectly fits on OUD Docker images. Although you do not run several directory servers in one Docker container, it is convenient to work on the command line. A little further up I mentioned that OUDBase is platform-independent. At least one operating system, which does not support bash out of the box. Guess which one? Yes, exactly Microsoft Windows. Basically, OUDbase should also run on MS Windows if bash is installed there. However, this has not yet been tested.

Installation

Before you can start the installation of OUDbase, you have to download the latest version from the GitHub repository oehrlis/oudbase. OUDbase is available as TAR file or as shell installation script. The shell script itself is regular Bash script with additional payload. This means that the TAR file is appended directly at the end of the script. Since the embedded TAR is base64 encoded, the installation script can be sent by mail without any problems. If you are interested in how to do this I recommend the How-To Add a Binary Payload to your Shell Scripts written by Mitch Frazier / Linux Journal.

The script does relay on the directory structure optimal flexible architecture (OFA) introduced by Oracle a couple of years ago. Starting from an ORACLE_BASE path, the installation script evaluates the required parameters based on OFA. If you do use a different structure you can give the necessary directory path via parameters. The following code block does show the oudbase_install.sh usage.

oracle@oudad:/u00/app/oracle/ [oud_ad] ./oudbase_install.sh -h
Start of oudbase_install.sh (Version v1.5.5) with -h
processing commandline parameter
Usage, oudbase_install.sh [-hav] [-b ]
[-i ] [-B ]
[-m ] [-f ] [-j ]

-h Usage (this message)
-v enable verbose mode
-a append to profile eg. .bash_profile or .profile
-b ORACLE_BASE Directory. Mandatory argument. This
directory is use as OUD_BASE directory
-o OUD_BASE Directory. (default $ORACLE_BASE).
-d OUD_DATA Directory. (default /u01 if available otherwise $ORACLE_BASE).
This directory has to be specified to distinct persistant data from software
eg. in a docker containers
-A Base directory for OUD admin (default $OUD_DATA/admin)
-B Base directory for OUD backups (default $OUD_DATA/backup)
-i Base directory for OUD instances (default $OUD_DATA/instances)
-m Oracle home directory for OUD binaries (default $ORACLE_BASE/products)
-f Oracle Fusion Middleware home directory. (default $ORACLE_BASE/products)
-j JAVA_HOME directory. (default search for java in $ORACLE_BASE/products)

Logfile : /u01/log/oudbase_install.log

The following table does provide an overview of installation path, environment variables, parameters and there default values.

Parameter ENV Variable Default Value Description
-v n/a n/a Enable verbose mode
-a n/a n/a Append to profile eg. .bash_profile or .profile
-b $ORACLE_BASE /u00/app/oracle Mandatory argument. This directory is use as ORACLE_BASE from which all other directories are evaluated.
-b $ORACLE_BASE /u00/app/oracle Mandatory argument. This directory is use as ORACLE_BASE from which all other directories are evaluated.
-o $OUD_BASE $ORACLE_BASE OUDbase base directory where the scripts, config etc. will be installed. Usually this is the same directory as used for ORACLE_BASE. Due to some legacy requirement this can be separate directory.
-d $OUD_DATA /u01 or $ORACLE_BASE Directory to store the persistant data eg. the OUD instance homes, backup and admin directories etc. It defaults /u01 if available otherwise $ORACLE_BASE. This directory has to be specified to distinct persistant data from software eg. in a docker containers.
-A $OUD_ADMIN_BASE $OUD_DATA/admin Base directory for an instance specific admin directory, similar to the admin directory of Oracle databases.
-B $OUD_BACKUP_BASE $OUD_DATA/backup Base directory for an instance specific directory to store backup’s and LDIF exports.
-i $OUD_INSTANCE_BASE $OUD_DATA/instances Base directory for the OUD instance homes.
-m $ORACLE_HOME $ORACLE_BASE/products Oracle home directory for binaries. The installation script does search below this path for the corresponding binaries.
-f $ORACLE_FMW_HOME $ORACLE_BASE/products Oracle Fusion Middleware home directory when separating the OUD and OUDSM binaries. The installation script does search below this path for the corresponding binaries.
-j $JAVA_HOME $ORACLE_BASE/products Location of the java home. The installation script does search below this path for the corresponding java binaries.

The installation script will guess the required parameter based on OFA. All parameter specified at the command line will be stored for future use in oudenv_core.conf. If something went wrong during installation, you always have the option of adjusting them manually.

Let’s create an installation as an example. We will use /u00/app/oracle as ORACLE_BASE, /u01 as OUD_DATA and /u00/app/oracle/product/fmw12.2.1.3.0 as ORACLE_HOME. Below you find the command and an excerpt of the output. Ok actually everything except the output of the TAR command.

oracle@oudad:/tmp/ [oud_ad] ./oudbase_install.sh -v -b /u00/app/oracle -d /u01 -m /u00/app/oracle/product/fmw12.2.1.3.0
2018-07-16_20:45:46 START: Start of oudbase_install.sh (Version v1.5.5) with -v -b /u00/app/oracle -d /u01 -m /u00/app/oracle/product/fmw12.2.1.3.0
2018-07-16_20:45:46 INFO : processing commandline parameter
2018-07-16_20:45:46 INFO : Define default values
2018-07-16_20:45:46 INFO : Using the following variable for installation
2018-07-16_20:45:46 INFO : ORACLE_BASE = /u00/app/oracle
2018-07-16_20:45:46 INFO : OUD_BASE = /u00/app/oracle/local/oudbase
2018-07-16_20:45:46 INFO : LOG_BASE = /u01/log
2018-07-16_20:45:46 INFO : ETC_CORE = /u00/app/oracle/local/oudbase/etc
2018-07-16_20:45:46 INFO : ETC_BASE = /u01/etc
2018-07-16_20:45:46 INFO : OUD_DATA = /u01
2018-07-16_20:45:46 INFO : OUD_INSTANCE_BASE = /u01/instances
2018-07-16_20:45:46 INFO : OUD_ADMIN_BASE = /u01/admin
2018-07-16_20:45:46 INFO : OUD_BACKUP_BASE = /u01/backup
2018-07-16_20:45:46 INFO : ORACLE_PRODUCT =
2018-07-16_20:45:46 INFO : ORACLE_HOME = /u00/app/oracle/product/fmw12.2.1.3.0
2018-07-16_20:45:46 INFO : ORACLE_FMW_HOME = /u00/app/oracle/product/fmw12.2.1.3.0
2018-07-16_20:45:46 INFO : JAVA_HOME = /usr/java/jdk1.8.0_172
2018-07-16_20:45:46 INFO : SCRIPT_FQN = /tmp/oudbase_install.sh
2018-07-16_20:45:46 INFO : Installing OUD Environment
2018-07-16_20:45:46 INFO : Create required directories in ORACLE_BASE=/u00/app/oracle
2018-07-16_20:45:46 INFO : Create Directory /u01/log
2018-07-16_20:45:46 INFO : Create Directory /u01/etc
2018-07-16_20:45:46 INFO : Create Directory /u00/app/oracle/local
2018-07-16_20:45:46 INFO : Create Directory /u01/admin
2018-07-16_20:45:46 INFO : Create Directory /u01/backup
2018-07-16_20:45:46 INFO : Create Directory /u01/instances
2018-07-16_20:45:46 INFO : Create Directory /u00/app/oracle/local/oudbase
2018-07-16_20:45:46 INFO : Backup existing config files
2018-07-16_20:45:47 INFO : Backup oudtab to oudtab.save
2018-07-16_20:45:47 INFO : Backup oud.<em>DEFAULT</em>.conf to oud.<em>DEFAULT</em>.conf.save
2018-07-16_20:45:47 INFO : Start processing the payload
2018-07-16_20:45:47 INFO : Payload is available as of line 470.
2018-07-16_20:45:47 INFO : Extracting payload into /u00/app/oracle/local
2018-07-16_20:45:47 INFO : Payload is set to base64. Using base64 decode before untar.
...
2018-07-16_20:45:47 INFO : Store customization in core config file /u00/app/oracle/local/oudbase/etc/oudenv_core.conf
2018-07-16_20:45:47 INFO : save customization for OUD_DATA (/u01)
2018-07-16_20:45:47 INFO : save customization for ORACLE_BASE (/u00/app/oracle)
2018-07-16_20:45:47 INFO : save customization for ORACLE_HOME (/u00/app/oracle/product/fmw12.2.1.3.0)
2018-07-16_20:45:47 INFO : Please manual adjust your .bash_profile to load / source your OUD Environment
2018-07-16_20:45:47 INFO : using the following code
#Check OUD_BASE and load if necessary
if [ "${OUD_BASE}" = "" ]; then
if [ -f "${HOME}/.OUD_BASE" ]; then
. "${HOME}/.OUD_BASE"
else
echo "ERROR: Could not load ${HOME}/.OUD_BASE"
fi
fi

#define an oudenv alias
alias oud='. ${OUD_BASE}/bin/oudenv.sh'

#source oud environment
. /u00/app/oracle/local/oudbase/bin/oudenv.sh
2018-07-16_20:45:47 INFO : update your .OUD_BASE file /home/oracle/.OUD_BASE
2018-07-16_20:45:47 END : of oudbase_install.sh

As you can see from the output above, you just have to source .OUD_BASE and ${OUD_BASE}/bin/oudenv.sh to start using OUDbase. The installation script either provides an example of what you need to add to your .bash_profile or adjusts it directly by specifying the parameter -a.

#Check OUD_BASE and load if necessary
if [ "${OUD_BASE}" = "" ]; then
if [ -f "${HOME}/.OUD_BASE" ]; then
. "${HOME}/.OUD_BASE"
else
echo "ERROR: Could not load ${HOME}/.OUD_BASE"
fi
fi

#define an oudenv alias
alias oud='. ${OUD_BASE}/bin/oudenv.sh'

#source oud environment
. /u00/app/oracle/local/oudbase/bin/oudenv.sh

The next time you login, you’ll see the status of you OUD instance. If you do not have an OUDTAB file, OUDbase will create one for you based on existing OUD instances, Oracle homes etc.

If you haven’t yet installed any Oracle software or created an OUD instance OUDbase can not guess your environment. Therefore you have to manually create an OUDTAB file.

WARN : oudtab (/u00/app/oracle/local/oudbase/etc/oudtab) does not exist or is empty. Create a new one.
WARN : No OUD Instance yet available or defined.

Conclusion

The first blog post of the serie on the OUDbase environment scripts should give you first impression. The installation is straight forward and simple. In the next blog post I’ll show how you can configure and customize OUDbase. Beside a couple of use cases, I’ll provide a deeper insight into environment variables, aliases and scripts. So stay tuned. If you can not wait get the latest version of OUDbase from GitHub and start using it. By the way, my Docker build scripts are configured to use OUDbase.

References

Below you find a few references related to the topics discussed in this post:

DOAG 2018 SIG Security – Oracle Unified Directory on Docker

A couple of days ago I did had the opportunity to give a presentation on Oracle Unified Directory on Docker at the DOAG SIG Security day in Stuttgart. It was a great opportunity to discuss how OUD engineering can be simplified using Docker. As proof how easy this can be, I set up and configured an OUD AD proxy in a short demo.

 

Besides the demo the following topics were discussed:

  • Docker in a nutshell
  • Requirements to setup Oracle Unified Directory in Docker
  • Oracle Unified Directory installation
  • Build an Oracle Unified Directory Docker image
  • Discuss the Dockerfile and build scripts
  • Digression on how to make Docker images smaller
  • Use the Oracle Unified Directory Docker image
  • Discuss the instance status and create scripts
  • Use cases for Oracle Unified Directory in Docker
  • Demo setup Oracle Unified Directory with Enterprise User Security and Active Directory proxy

With an Oracle Unified Directory Docker images and the OUD Base template scripts it took just a couple of minutes to setup and configure Enterprise User Security with an Oracle Unified Directory AD proxy. More complex use cases including high availability, replication etc. will take a bit more time, but it can also be automated.

The presentation and information related to event:

Some references and links related to this blog post and the presentation:

Oracle 18c new Security Features

Today I had the opportunity to give a presentation on Oracle 18c new Security Features at the SOUG day in Baden. It was a great opportunity to discuss the security enhancements in the latest Oracle database release. This release introduces some new security features that simplify the secure operation of on-premises or cloud-based databases. Especially the new central managed user with MS Active Directory.

Based on first experiences and insights, the following topics have been discussed:

  • Create schema only accounts
  • Integration of Active Directory services with Oracle Database
  • Encrypt sensitive credential data in the data dictionary
  • Write Unified Audit Trail records to SYSLOG or the Windows event viewer
  • Use Oracle Data Pump to export and import the Unified Audit Trail
  • Authentication and certification parameters
  • Enterprise User Security Manager (EUSM)
  • User defined master encryption key
  • Keystore for each Pluggable Database
  • User defined master encryption key
  • Enhancements to Oracle Database Vault simulation mode
  • Grant Data Pump-Database Vault authorizations to roles
  • Oracle Database Vault support for Oracle Database Replay

The Killer feature in this release is definitely the centrally managed user with its simple MS Active Directory integration. It is an ideal solution to simplify the user management in small / midsize environments. For larger and more complex environments it makes more sense to engineer central user management using Oracle Enterprise User Security. Many other improvements are due to Oracle’s cloud strategy. Necessary and meaningful but not earth-shattering.

The presentation is available in English over the following links:

Oracle Unified Directory systemd unit file

About a year ago I explained in the blog post Start OUD Servers on Boot using systemd how to start Oracle Unified Directory automatically on system startup. In the meantime a lot has changed, so has my unit file. The simple unit file actually worked quite well. Until the time came when I installed an updated Java version for OUD. At this point I did realize, that it is not really optimal to have the JAVA_HOME respectively OPENDS_JAVA_HOME in the unit file. It all happened on a system where I didn’t have root access. OUD couldn’t be started any more using systemd, because the Java home path in the unit file was no longer correct. A change request and a few days later the problem was solved. Nevertheless this was a good opportunity to optimize the OUD unit file and get rid of static information. JAVA_HOME does not explicitly have to be specified when starting OUD. It is usually specified within the java.properties see also blog post Change default JAVA_HOME for OUD Instance.

What has been changed in the current unit file?

  • Environment The environment variable OPENDS_JAVA_HOME has been completely be removed. start-ds does use the JAVA_HOME specified by the java.properties.
  • WorkingDirectory The working directory has been set to the OUD instance home.
  • PIDFile Since the service type is forking, this directive is used to set the path of the PID file for the OUD instance. The file contains the process ID number of the directory server process respectively JVM which is monitored.
  • Restart Systemd will attempt to automatically restart the service on-failure.
  • RestartSec Amount of time to wait before attempting to restart the service.
  • SuccessExitStatus stop-ds does send a SIGTERM to the JVM to stop the directory server. This generates an exit code 143. By default, systemd interprets this as an error. By setting SuccessExitStatus we can overwrite this behavior and accept 143 or SIGTERM as successful.
  • User and Group Has been set to oud/oud rather than oracle/osdba. User and group for OUD highly depends on your environment.

Below you see the revised version of the OUD unit file. The OUD instance home path has been replaced with the placeholder OUD_INSTANCE_HOME.

[Unit]
Description=OUD Instance
Wants=network.target
After=network.target

[Service]
Type=forking
User=oud
Group=oud
WorkingDirectory=OUD_INSTANCE_HOME/OUD
PIDFile=OUD_INSTANCE_HOME/OUD/logs/server.pid
ExecStart=OUD_INSTANCE_HOME/OUD/bin/start-ds --quiet
ExecStop=OUD_INSTANCE_HOME/OUD/bin/stop-ds --quiet
ExecReload=OUD_INSTANCE_HOME/OUD/bin/stop-ds --restart --quiet
RestartSec=42s
Restart=on-failure
SuccessExitStatus=143 SIGTERM
TimeoutSec=300
StandardOutput=syslog+console
StandardError=syslog+console

[Install]
WantedBy=multi-user.target

This updated unit file is also part of the latest version of OUD Base, my environment scripts for OUD. If you want to use it, you have to replace OUD_INSTANCE_HOME with your specific OUD instance home path.

export OUD_INSTANCE="oudtest"
export OUD_INSTANCE_HOME="/u00/app/oud/instances/$OUD_INSTANCE"
export $cdl="/u00/app/oud/local"
export $cda="/u00/app/oud/admin/$OUD_INSTANCE"
cat $cdl/oudbase/templates/etc/oud_instance.service \
  >$cda/etc/oud_$OUD_INSTANCE.service
sed -i "s|OUD_INSTANCE_HOME|/app/oud/instances/$OUD_INSTANCE|" \
  $cda/etc/oud_$OUD_INSTANCE.service
cat $cda/etc/oud_$OUD_INSTANCE.service

Enable the new unit file by coping it to the systemd folder /etc/systemd/system.

sudo cp $cda/etc/oud_$OUD_INSTANCE.service \
  /etc/systemd/system/oud_$OUD_INSTANCE.service

Run systemctl daemon-reload and enable the new service.

sudo systemctl daemon-reload
sudo systemctl enable oud_$OUD_INSTANCE.service

You OUD instance can now be started / stopped with systemctl as explained in the first blog post about OUD and systemd.

Some references and links related to this blog post:

Reduce PDF size in Mac OS Preview

Once and a while I have to create PDF’s out of my PowerPoint presentations. The same a couple of weeks ago when I finished my presentation on Oracle Transparent Sensitive Data Protection at the SOUG day in Baden-Dättwill. I prefer to do this with a minimal amount of extra tools. So no AcrobatReader, GostScript etc. The built-in functionality for printing and saving as PDF is generally sufficient. However, from time to time the output gets quite large. Ok, I could reduce the images size in my PowerPoint presentations. But then I’ll either have low quality images in my presentation or I have to maintain two presentation files, one for high quality and the other for distribution.

One could now object that nowadays space is no longer a problem. Yes, yes, “space, the final frontier…” 🙂 But that’s an other story. It is still handy to have PDF with a reasonable size. The PowerPoint file for the SOUG presentation is not too large (7.8 MB). But the generated PDF is an impressive 24MB.

Workflow to generate a PDF file out of PowerPoint document:

  1. Create PDF using PowerPoint Print/Save as PDF…
  2. Open PDF using MacOS Preview and export using quarz filter to reize

Resizing PDF’s can be done out of the box with MacOS Preview. Just use the menu File/Export… and select the quarry filter to resize the document. (See picture)
MacOS Preview, Export PDF

The resulting PDF file is small enough (approx. 4MB). But the image quality is way below optimal. Images with fine details, font etc. are reduced too much, so that details are only poorly visible. This is due to how the default quartz filter optimise the images. The compression quality and ImageSizeMax are rather “comprehensive”. But it is an easy task to create some custom Quartz filters for a less intense compression. Just take the default Quarz filter definition file as a template.

Create a new folder for the user defined filters:

mkdir $HOME/Library/Filters

Create new files for good, better and best image compression:

cp "/System/Library/Filters/Reduce File Size.qfilter" \
	$HOME/Library/Filters/reduce_file_size_good.qfilter
cp "/System/Library/Filters/Reduce File Size.qfilter" \
	$HOME/Library/Filters/reduce_file_size_better.qfilter
cp "/System/Library/Filters/Reduce File Size.qfilter" \
	$HOME/Library/Filters/reduce_file_size_best.qfilter

Edit the three files with your favourite text editor and adjust the values for Compression Quality, ImageSizeMax and Name for the filter. For my three levels I do use the following values.

Name Compression Quality ImageSizeMax File
Reduce File Size Good 0.25 842 reduce_file_size_good.qfilter
Reduce File Size Better 0.5 1684 reduce_file_size_better.qfilter
Reduce File Size Best 0.75 3508 reduce_file_size_best.qfilter

See also the excerpt from one of the Quartz filter files:

...
		<key>ImageSettings</key>
			<dict>
				<key>Compression Quality</key>
				<real>0.75</real>
				<key>ImageCompression</key>
				<string>ImageJPEGCompress</string>
				<key>ImageScaleSettings</key>
				</dict>
				<dict>
					<key>ImageScaleFactor</key>
					<real>0.5</real>
					<key>ImageScaleInterpolate</key>
					<true></true>
					<key>ImageSizeMax</key>
					<integer>3508</integer>
					<key>ImageSizeMin</key>
					<integer>128</integer>
...
	<key>FilterType</key>
	<integer>1</integer>
	<key>Name</key>
	<string>Reduce File Size Best</string>

The next time you start Preview and export a PDF you see the new Quarz filters. For the presentation on Oracle Transparent Sensitive Data Protection and its PDF with 24MB I did use the filter for better image quality. The resulting PDF is about 4.4MB and the graphics for the maximum data security architecture (MDSA) still have an acceptable quality.
Preview export PDF new Quarz filters

As you can see from the links below, I didn’t think that up myself. Any way, this post is more a summary and a personal note for the next time I have to export a PDF.

Files and References

Below you find a few references related to reduce file size of PDF using preview including my Quarz filter files:

 

Oracle CPU / PSU April 2018

Oracle recently released the spring Critical Patch Advisory. It is the first critical patch update, which also includes fixes for Oracle 18c. Over all it includes 254 new security fixes across the product families. Overall a rather large update, although only a security vulnerability is patched for the Oracle databases. This vulnerability is not remotely exploitable without authentication and is not applicable to client-only installations. The CVSS Rating is 8.5 for Oracle Database 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18.1.0.0 on any operating system. According to Oracle the following component is affected:

  • Java VM

Oracle Java VM is not installed by default. It is therefore recommended that you check your database environment to see if it is necessary to apply this critical patch update.

For Oracle Fusion Middleware the situation looks somehow different. The Critical Patch Update includes not less than 30 fixes for vulnerabilities. Several of the vulnerabilities may be remotely exploitable without authentication and are rated with the highest CVSS rating of 9.8.

More details about the patch will follow soon on the Oracle Security Pages.

By the way, Oracle improved the table which lists the affected products and components in there advisory. Oracle Database is not a the top of the table any more.

Smaller Oracle Docker images

One of the important challenges with Docker is to get used to the image layers and the layered file system. It quickly happens that you unintentionally have too much data in an intermediate layer. Either log files, installation software or login credentials. Whereby the first two “only” blow up the Docker image unnecessarily, while the last point can be a major security vulnerability. It also happens to me when I build Docker images for Oracle Unified Directory. See my blog post on Oracle Unified Directory on Docker.

Problem

Each instruction in the Dockerfile adds a layer to the image, and you need to remember to clean up any artifacts you don’t need before moving on to the next layer. If you do use COPY or ADD in particular a clean up is not possible. Every credential file or software package which is copied during build will remain. Later attempts to remove the intermediate files will only result in the corresponding files no longer being visible in the next layers.

Although there is a way to work around this by using the new build parameter --squash. Squash does merge newly built layers into a single new layer. But --squash is only available in the latest Docker releases. In older releases not at all or at best as experimental feature. Beside this it also has some other downside eg. losing the history or intermediate layers, issue with ONBUILD command etc. Squash does also not help if you specify your credentials as build arguments via ARG.

So why not make small, secure and clean Docker image at first place.

Idea

Rather than put the software packages or credential files to the Docker build context and using COPY or ADD, we will download them in a RUN command using curl. But from where? Oracle software can not be downloaded unattended without credentials. And we do not want to set up a web server just for software, secrets, credentials, etc.

Hei, you are using Docker. Setting up a local web server is a pice of cake. 🙂

  • Put your software, credentials, etc in a dedicated folder
  • Run a Docker container with an Apache HTTP server and make sure it has access to the folder mentioned before
  • Change your Dockerfile to download the software or credentials for the HTTP server
  • Make sure that you docker build can get access to the intermediate HTTP server

Solution

Let’s see how I did use a local HTTP sever to set up small Oracle Unified Directory Docker images.

HTTP Server

Create a folder with all required Oracle software, patch’s etc. But make sure, that you Docker can use this folder as Docker volume.

ls -alh /Data/vm/docker/volumes/orarepo
total 5009896
drwxr-xr-x 11 oracle staff 352B 26 Mär 23:52 .
drwxr-xr-x 4 oracle staff 128B 26 Mär 22:50 ..
-rw-r--r-- 1 oracle staff 1,5G 26 Mär 23:03 p26269885_122130_Generic.zip
-rw-r--r-- 1 oracle staff 404M 26 Mär 22:55 p26270957_122130_Generic.zip
-rw-r--r-- 1 oracle staff 94M 26 Mär 22:49 p26540481_111230_Generic.zip
-rw-r--r-- 1 oracle staff 157M 26 Mär 22:45 p26724938_111170_Linux-x86-64.zip
-rw-r--r-- 1 oracle staff 56M 26 Mär 22:55 p27217121_904_Linux-x86-64.zip
-rw-r--r-- 1 oracle staff 52M 26 Mär 22:56 p27217289_180162_Linux-x86-64.zip
-rw-r--r-- 1 oracle staff 1,3M 26 Mär 22:44 p27438258_122130_Generic.zip
-rw-r--r-- 1 oracle staff 56M 26 Mär 22:54 p27478886_100000_Linux-x86-64.zip
-rw-r--r-- 1 oracle staff 52M 26 Mär 22:53 p27638647_180162_Linux-x86-64.zip

Get your revered HTTP server. For this case I do use the official Apache HTTP server-based on alpine linux. This image is way smaller and more than enough for our purpose.

docker pull httpd:alpine

alpine: Pulling from library/httpd
605ce1bd3f31: Pull complete
6e4ededbced2: Pull complete
03b3c72c9962: Pull complete
bf08478b6930: Pull complete
222d70b58166: Pull complete
Digest: sha256:80d69271825a27c41f41609707095a1cdec381d22f772511ae6e30156c2b788f
Status: Downloaded newer image for httpd:alpine

Start a container for the HTTP server. Define a hostname, volume and external http port. For more information on configuration, see the official httpd Docker image.

docker run -dit --hostname orarepo --name orarepo \
-p 8080:80 \
-v /Data/vm/docker/volumes/orarepo:/usr/local/apache2/htdocs/ \
httpd:alpine

Get the IP address with docker inspect of the orarepo for later use.

orarepo_ip=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' orarepo)

A test via curl on command line curl http://localhost:8080 or with your favorite browser will show the files mentioned above. Be aware this test does access the HTTP container from your host network via exposed port 8080.

Dockerfile

Now we just have to adopt the Dockerfile to make sure it does get the software from the HTTP server orarepo. See excerpt from my Dockerfile.

...
RUN curl -f http://orarepo/p26270957_122130_Generic.zip \
-o /tmp/download/p26270957_122130_Generic.zip && \
...

To be more flexible and allow both local files as well download via curl I did extend my RUN command with an extra file check [ -s ... ]. In this case it first check’s if the file is available and not zero. If the file is not available it will use curl to download the file from orarepo. See excerpt from my Dockerfile.

...
COPY p26270957_122130_Generic.zip* /tmp/download/
...
RUN [ -s "/tmp/download/p26270957_122130_Generic.zip" ] || \
curl -f http://orarepo/p26270957_122130_Generic.zip \
-o /tmp/download/p26270957_122130_Generic.zip && \
...

If the OUD software package p26270957_122130_Generic.zip is part of the build context it will be copied to the image and used to build and setup OUD. In case it is not part of the build context the file check will fail and start to use curl.

Build using COPY

Let’s build the Docker image with the software package copied during build. Check the build context.

ls -alh

total 858168
drwxr-xr-x 9 oracle staff 288B 28 Mär 09:31 .
drwxr-xr-x 6 oracle staff 192B 19 Mär 14:19 ..
-rw-r--r-- 1 oracle staff 4,9K 27 Mär 21:40 Dockerfile
-rw-r--r-- 1 oracle staff 225B 19 Mär 11:18 install.rsp
-rw-r--r-- 1 oracle staff 63B 19 Mär 10:57 oraInst.loc
-rw-r--r-- 1 oracle staff 404M 28 Mär 09:31 p26270957_122130_Generic.zip
-rw-r--r-- 1 oracle staff 754B 12 Mär 14:18 p26270957_122130_Generic.zip.download
drwxr-xr-x 6 oracle staff 192B 20 Mär 11:46 scripts

And run docker build.

docker build -t oracle/oud:12.2.1.3.0-copy .

Build using curl

Now let’s build the docker image using curl and not the local software package. For this p26270957_122130_Generic.zip has to be removed from the build context. Additionally the Docker build requires the IP of the orarepo, which is used to download the software image.
Check the build context.

rm p26270957_122130_Generic.zip
ls -alh

total 858168
drwxr-xr-x 9 oracle staff 288B 28 Mär 09:31 .
drwxr-xr-x 6 oracle staff 192B 19 Mär 14:19 ..
-rw-r--r-- 1 oracle staff 4,9K 27 Mär 21:40 Dockerfile
-rw-r--r-- 1 oracle staff 225B 19 Mär 11:18 install.rsp
-rw-r--r-- 1 oracle staff 63B 19 Mär 10:57 oraInst.loc
-rw-r--r-- 1 oracle staff 754B 12 Mär 14:18 p26270957_122130_Generic.zip.download
drwxr-xr-x 6 oracle staff 192B 20 Mär 11:46 scripts

And run docker build with --add-host. Add host does use the variable defined above for the IP address of the orarepo.

docker build --add-host=orarepo:${orarepo_ip} -t oracle/oud:12.2.1.3.0-curl .

The Docker images

When we compare the two image we see, that they differ by around 400MB. More or less the size of the OUD software package.

docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
oracle/oud 12.2.1.3.0-curl f7c80fa69db3 2 minutes ago 754MB
oracle/oud 12.2.1.3.0-copy a5e1751d534d 7 minutes ago 1.18GB

Docker history for the image oracle/oud:12.2.1.3.0-copy does also show the size of the COPY layer.

docker history oracle/oud:12.2.1.3.0-copy
IMAGE CREATED CREATED BY SIZE COMMENT
...
07614f386e0f 16 minutes ago /bin/sh -c #(nop) COPY multi:b8206d7811ce917… 424MB
832c9d0bf308 34 hours ago /bin/sh -c #(nop) COPY multi:58a01d5459f0ac6… 20kB
9c9531205281 34 hours ago /bin/sh -c groupadd --gid 1000 oracle && … 8.29MB
96278dfe7c12 34 hours ago /bin/sh -c #(nop) ENV PATH=/usr/local/sbin:…
...

Conclusion

With little effort it is possible to create secure and especially small Docker images. Creating a HTTP server to share software or credentials during build is a piece of cake. Reducing the docker image by 400MB is nice. Depending on the Oracle software this will be even more. Although the downside is, that this does not work for automated builds on Docker Hub. but I’m still working on that 🙂

References

Below you find a few references related to the topics discussed in this post:

Oracle Unified Directory on Docker

A bit a while ago I’ve started to use Docker for miscellaneous purposes. Not really an early adopter, but I still hope I caught the train just in time. 🙂 In one of my customer project, I did have to set up a couple of OUD instance to develop and test the transition from Oracle Directory Server Enterprise Edition (ODSEE) to Oracle Unified Directory (OUD). This did include more engineering and troubleshooting work as initially planned. So I eventually got to set up my OUD instances in docker containers rather than in dedicated Virtualbox VM. Unfortunately Oracle does not provide any Docker images or build templates for Oracle Unified Directory. Indeed they do have a bunch of official Docker configurations, images, and examples on GitHub for a couple of Oracle products. But just not for Oracle unified Directory. Ok, there is a issue requesting such a Docker image see Issue #656. Well… challenge accepted. I did build my own OUD GitHub Repository for OUD Docker deployments.

My GitHub repository oehrlis/docker-oud does contain the Docker build files to facilitate installation, configuration, and environment setup for Docker DevOps users. The project allows you to create two different types of docker images.

  • Standalone Oracle Unified Directory 12.2.1.3.0 to setup and run Oracle Unified Directory. This is the smaller image with only the OUD binaries used to set up and run an OUD directory or proxy server. Administration has to be done via dsconfig, ldapmodify or any other regular LDAP command line or GUI tools.
  • Collocated Oracle Unified Directory 12.2.1.3.0 and Oracle Fusion Middleware Infrastructure 12.2.1.3.0. A rather big docker image to setup and run an Oracle Unified Directory Server Manager (OUDSM). My intention was to use this docker image primarily for OUDSM. Nevertheless, it can also be used to build an OUD directory or proxy server which is operated in a WLS domain. So in Collocated Mode (Under Same Domain) or Non-Collocated Mode (Under Separate Domains).

To setup my Docker OUD images, I’ve tried to follow a few best practice, rules (Oracle’s golden rules for contributing to oracle/docker-images) as well hints by my workmates (Philipp Salvisberg and others).

  • Always aim to produce the smallest possible image. I did not push this to the maximum and start to remove unused components in the Oracle binaries. Oracle Fusion Middleware Infrastructure is currently outrageous large to only running OUDSM.
  • Separate persistent data from the image / container and put it on a volume. Or at least let the user decide, if he want to put it on a volume or not.
  • No public distribution of Docker images containing Oracle software. That’s a legal requirement. My docker build scripts do provide a couple of possibilities to install the software.
  • Allow flexible configuration via –build-arg or -e but provide useful default values.
  • Use Oracle Linux as the base image and install only as much as you need.
  • And much more…

Build Docker Images

The Docker images have to be build manually based on oehrlis/docker-oud from GitHub. To assist in building the images, you can use the scripts/buildDockerImage.sh script. See below for instructions and usage. The buildDockerImage.sh script is just a utility shell script to setup the docker build command and is an easy way for beginners to get started. Expert users are welcome to directly call docker build with their preferred set of parameters.

Usage of buildDockerImage.sh:

buildDockerImage.sh [-hv] [-t TYPE] [-o DOCKER_BUILD_OPTION]
-h Usage (this message)
-v Enable verbose mode
-t TYPE OUD image and installation type to build.
Possible types are:
OUD : Standalone Oracle Unified Directory Server
OUDSM : Collocated Oracle Unified Directory Server.
Default is type is OUD.
-o DOCKER_BUILD_OPTION Passes on Docker build option

Logfile : buildDockerImage.log

Due to license restrictions from Oracle, the Docker images containing Oracle software can not provided on a public Docker repository (see [OTN Developer License Terms](http://www.oracle.com/technetwork/licenses/standard-license-152015.html)). This is the reason why you have to build the images yourself and downloaded the required software prior image build. Alternatively it is possible to specify MOS credentials in scripts/.netrc or via build arguments. Using MOS download during image build will lead into smaller images, since the software will not be part of an intermediate container.

Obtaining Product Distributions

The software can either be downloaded from My Oracle Support, Oracle Technology Network (OTN) or Oracle Software Delivery Cloud (OSDC). The following steps will refer to the MOS software download to simplify the build process.

The following software is required for the Oracle Unified Directory Docker image:

  • Oracle Java Development Kit (JDK) 1.8 (1.8u152) Patch 26595894 for the OUD and OUDSM image
  • Oracle Unified Directory 12.2.1.3.0 Patch 26270957 for the OUD and OUDSM image
  • Oracle Fusion Middleware Infrastructure 12.2.1.3.0 Patch 26269885 just for OUDSM image

Manual Download Software

Simplest method to build the OUD or OUDSM image is to manually download the required software. However this will lead to bigger docker images, since the software is copied during build, which temporary blow up the container file-system. But its more safe because you do not have to store any MOS credentials. If you’ve enabled Docker experimental features, you could work around this and squash Squash newly built layers with docker build parameter --squash.

The corresponding links and checksum can be found in *.download files in the software folder. Alternatively the direct Oracle Support Download Links:

Copy all files to the software folder.

cp p26595894_180152_Linux-x86-64.zip docker-oud/software
cp p26270957_122130_Generic.zip docker-oud/software
cp p26269885_122130_Generic.zip docker-oud/software

Build the docker image either by using docker build or buildDockerImage.sh.


docker build -t oehrlis/oud -f Dockerfile.oud .
docker build -t oehrlis/oudsm -f Dockerfile.oudsm .

scripts/buildDockerImage.sh -v -t OUD
scripts/buildDockerImage.sh -v -t OUDSM

Automatic download with .netrc

The advantage of an automatic software download during build is the reduced image size. No additional image layers are created for the software and the final docker image is about 3GB smaller. But the setup script’s setup_oud.sh, setup_oud.sh and setup_oudsm.sh requires MOS credentials to download the software with using curl. Curl does read the credentials from the .netrc file in scripts folder. The .netrc file will be copied to /opt/docker/bin/.netrc, but it will be removed at the end of the build.

Create a .netrc file with the credentials for login.oracle.com.

echo "machine login.oracle.com login $MOS_USER password $MOS_PASSWORD" >docker-oud/scripts/.netrc

Build the docker image either by using docker build or buildDockerImage.sh.

docker build -t oehrlis/oud -f Dockerfile.oud .
docker build -t oehrlis/oudsm -f Dockerfile.oudsm .

scripts/buildDockerImage.sh -v -t OUD
scripts/buildDockerImage.sh -v -t OUDSM

Although this method has some security issues. The credentials will always remains in the intermediate layer. It is recommended to use a different approach discussed in the new blog post Smaller Oracle Docker images.

Automatic download with Build Arguments

This method is similar to the automatic download with .netrc file. Instead of manually creating a .netrc file it will created based on build parameters. Also with this method the .netrc file is deleted at the end.

Build the docker image with MOS credentials as arguments using docker build or buildDockerImage.sh.

docker build --build-arg MOS_USER=$MOS_USER \
--build-arg MOS_PASSWORD=$MOS_PASSWORD \
-t oehrlis/oud -f Dockerfile.oud .

scripts/buildDockerImage.sh -v -t OUD \

-o "--build-arg MOS_PASSWORD=$MOS_PASSWORD --build-arg MOS_USER=$MOS_USER"

The time taken to build the OUD or OUDSM image will depend on your internet speed. In any case it shouldn’t be more than a couple of minutes. Although this method has as well some security issues. The credentials will always remains in the intermediate layer. It is recommended to use a different approach discussed in the new blog post Smaller Oracle Docker images.

Next Steps

You are now the happy owner of OUD Docker images with a standalone and / or collocated Oracle Directory Server installations. The next step is to start using these Docker images to run your OUD containers and deploy different kind of OUD and OUDSM configurations. I’ll provide how to build the containers as well some “behind the seance” information in my upcoming blog posts about OUD on Docker. Stay tuned.

Files and References

Below you find a few references related to Oracle Unified Directory on Docker:

DOAG 2017 Oracle 12c Release 2 Datenbank-Sicherheit in a Nutshell

DOAG Konferenz 2017Below you will find a list of the different demo scripts used during the DOAG training day 2017 Oracle 12c Release 2 Datenbank-Sicherheit in a Nutshell. In general the script do need a SCOTT or a HR demo schema. Some of the scripts may have more requirements eg. Kerberos configuration, Oracle Enterprise User Security etc. The scripts are available free for anyone to use. I do not accept any responsibility for any damage, errors or anything whatsoever caused by running or using these scripts. The scripts have been tested thoroughly but as there are many platforms, Oracle versions and possible configurations, it does not mean that they will work for you when they work for me. Please check the file header for further information on the scripts, references etc before running them especially on production system.

 

Script Description
 01_authentication.sql Show authentication information of the connected user and its USERENV context
 02_privileges.sql Database privileges analysis demo
 03_vpd.sql Virtual Private Database demo with default and column masking.
 04_audit.sql Unified audit demo script
 05_redaction.sql Oracle Data Redaction demo script
 06_tsdp_redact.sql Transparent Sensitive Data Protection and Data Redaction demo
 07_tsdp_audit.sql Transparent Sensitive Data Protection and Unified Audit demo
 aui.sql Script to show authentication information of the connected user and from its USERENV context.
 hip.sql List init.ora parameter including hidden parameters.
 create_password_hash.sql Calculate Oracle DES based password hash from username and password.
 verify_user_password.sql Wrapper script to check if a user has a weak DES based password. Passwords will be displayed.
 verify_user_password_no.sql Wrapper script to check if a user has a weak DES based password. Passwords will not be displayed
 verify_alluser_passwords.sql Wrapper script to check if any user in sys.user$ has a weak DES based password. Passwords will be displayed.
 verify_alluser_passwords_no.sql Wrapper script to check if any user in sys.user$ has a weak DES based password. Passwords will not be displayed.
 verify_passwords.sql Check if user in sys.user$ has a weak DES based password
 verify_password_hash.sql Check if user has a weak password

Install Oracle Unified Directory 12c the smart way

Installing Oracle Unified Directory has always been easy. The installation guide for OUD 11c as well OUD 12 is simple and straight forward. Additionally Oracle does provide a couple of MOS notes for different deployment scenarios. Nevertheless there is always room for improvement 🙂 During my work on OUD to go on Raspberry Pi Zero or on Docker images for OUD I’ve had to optimise the installation of OUD. In this blog post I’ll show how I did simplify respectively optimise my OUD installations.

Prerequisites

Standalone or Collocated?

Since the latest release, Oracle allows a couple of different ways how OUD can be deployed.

  • Standalone Oracle Unified Directory Server With this deployment method OUD is used as a straight forward LDAP server with a small footprint. Administration has to be done via command line (eg. dsconfig, ldapmodify, etc) or when possible with a third party LDAP Browser.
  • Collocated Oracle Unified Directory Server with OUD and OUDSM in a separate domains. OUD and Fusion Middleware (FMW) Infrastructure are installed in the same middleware home directory. In non-collocated mode, OUD and OUDSM will be deployed in different domains.
  • Collocated Oracle Unified Directory Server with OUD and OUDSM in a single domain. OUD and Fusion Middleware Infrastructure are installed in the same middleware home directory. In collocated mode OUD and OUDSM will be deployed under the same domain.
  • Collocated Oracle Unified Directory Server But just used for OUDSM. This is not really an official deployment method, but becomes quite handy when you’ve deployed a couple of standalone OUD server. The OUD software is just deployed into FMW Infrastructure to be able to create and start the OUDSM web application. There will only be an OUDSM domain deployed.

For simple OUD installation’s I usually just install and deploy a standalone OUD. This installation is fast and has a small foot print. I do use dsconfig for the administration and the Apache Directory Studio for general LDAP browsing. If I do need an OUDSM from time to time, I install a dedicated OUDSM (Collocated OUD Server) or use my OUDSM docker container.

Environment

OUD does not make great demands on the environment. Nevertheless, I usually follow the Oracle Flexible Architecture OFA and a couple of environment scripts similar to the Trivadis BasEnv. See my blog post about OUD environment scripts.

For the further installation steps I stick to the following environment variables.

export SOFTWARE=$HOME/software
export ORACLE_BASE=/u00/app/oracle
export JAVA_HOME=$ORACLE_BASE/product/jdk1.8.0_144
export OUD_HOME=$ORACLE_BASE/product/oud12.2.1.3.0
export FMW_HOME=$ORACLE_BASE/product/fmw12.2.1.3.0

In the table below you find a short description of the environment variables. For further explanations see blog post OUD environment scripts.

ENV Variable Path Description
$ORACLE_BASE, $cdob /u00/app/oracle Base directory for the oracle binaries
$ORACLE_HOME, $OUD_HOME $ORACLE_BASE/product/oud12.2.1.3.0 Standalone Oracle Unified Directory binaries
$ORACLE_HOME, $OUD_HOME $ORACLE_BASE/product/fmw12.2.1.3.0 Collocated Oracle Unified Directory binaries
$JAVA_HOME $ORACLE_BASE/product/jdk1.8.0_144 Java used for OUD
$OUD_INSTANCE_BASE, $cdib $ORACLE_BASE/instances Base directory for the instance homes
$SOFTWARE $HOME/software Software Depot for the JAR’s

To do a silent installation, we will require a response file. In case of OUD and FMW it is a simple text file to define a few generic installation values. The same response file can be used for either of the products. We add the missing value INSTALL_TYPE when calling the installer.

echo "[ENGINE]"                                    > $ETC_BASE/install.rsp
echo "Response File Version=1.0.0.0.0"            >> $ETC_BASE/install.rsp
echo "[GENERIC]"                                  >> $ETC_BASE/install.rsp
echo "DECLINE_SECURITY_UPDATES=true"              >> $ETC_BASE/install.rsp
echo "SECURITY_UPDATES_VIA_MYORACLESUPPORT=false" >> $ETC_BASE/install.rsp

Beside the response file we also have to have an inventory location file. You probably have to adjust the group name to fit your environment.

echo "inventory_loc=$ORACLE_BASE/oraInventory" > $ETC_BASE/oraInst.loc
echo "inst_group=oinstall"                    >> $ETC_BASE/oraInst.loc

Software

To start the installation, you first have to get the required software packages. Oracle makes it easy, you can either download the software on Oracle Technology Network (OTN), Oracle Software Delivery Cloud (OSDC) or My Oracle Support (MOS). All download URLs are ok, but I prefer to do the download direct from MOS since this allows to use curl with a simple download URL. The downside is, that this requires a valid MOS account.

Create a netrc file for curl with your MOS credentials.

MOS_USER="<your MOS USER>"
MOS_PASSWORD="</your><your MOS PASSWORD>"
echo "machine login.oracle.com login $MOS_USER password $MOS_PASSWORD" >$SOFTWARE/.netrc

OK, lets download the software.

Java 1.8 update 144, Patch ID 26512979:

curl --netrc-file $SOFTWARE/.netrc \
  --cookie-jar $SOFTWARE/cookie-jar.txt \
  --location-trusted "https://updates.oracle.com/Orion/Services/download/p26512979_180144_Linux-x86-64.zip?aru=21443434&patch_file=p26512979_180144_Linux-x86-64.zip" \
  --output $SOFTWARE/java/p26512979_180144_Linux-x86-64.zip

Oracle Unified Directory 12.2.1.3.0, Patch ID 26270957:

curl --netrc-file $SOFTWARE/.netrc \
  --cookie-jar $SOFTWARE/cookie-jar.txt \
  --location-trusted "https://updates.oracle.com/Orion/Services/download/p26270957_122130_Generic.zip?aru=21504981&patch_file=p26270957_122130_Generic.zip" \
  --output $SOFTWARE/fmw/p26270957_122130_Generic.zip

FWM Infrastructure 12.2.1.3.0, Patch ID 26269885:

curl --netrc-file $SOFTWARE/.netrc \
  --cookie-jar $SOFTWARE/cookie-jar.txt \
  --location-trusted "https://updates.oracle.com/Orion/Services/download/p26269885_122130_Generic.zip?aru=21502041&patch_file=p26269885_122130_Generic.zip" \
  --output $SOFTWARE/fmw/p26269885_122130_Generic.zip

As soon as the software has been downloaded, we will unpack the OUD and FMW packages. In the example below it’s done directly by using the jar utility.

cd $SOFTWARE/fmw
$JAVA_HOME/bin/jar -xvf $SOFTWARE/fmw/p26270957_122130_Generic.zip
$JAVA_HOME/bin/jar -xvf $SOFTWARE/fmw/p26269885_122130_Generic.zip

Java

Although Java is probably already installed on you system, its recommended to install a dedicated JVM for OUD. This way we can keep our java installation for OUD independent from the OS default java. The installation is done with just a untar into the right directory. I do this with just one combined command of unzip and tar.

unzip -p $SOFTWARE/java/p26512979_180144_Linux-x86-64.zip \
*tar* |tar zxv -C $ORACLE_BASE/product

Install Standalone OUD

Start the silent installation with the extracted JAR file and the previously created response file. Set INSTALL_TYPE to Standalone Oracle Unified Directory Server (Managed independently of WebLogic server) will initiate a standalone installation into the defined ORACLE_HOME.

$JAVA_HOME/bin/java -jar $SOFTWARE/fmw/fmw_12.2.1.3.0_oud.jar -silent \
  -responseFile $ETC_BASE/install.rsp \
  -invPtrLoc $ETC_BASE/oraInst.loc \
  -ignoreSysPrereqs -force \
  -novalidation ORACLE_HOME=$OUD_HOME \
  INSTALL_TYPE="Standalone Oracle Unified Directory Server (Managed independently of WebLogic server)"

That’s it. After a couple of minutes the OUD binaries are installed and ready to deploy an Oracle Directory or Proxy server.

Install Collocated OUD

To do a collocated OUD installation, we first have to install FMW infrastructure before installing OUD. The installation is done again in silent mode by specifying the ORACLE_HOME and the INSTALL_TYPE. Execution of this JAR will take longer since it is around 1.5GB.

$JAVA_HOME/bin/java -jar $SOFTWARE/fmw/fmw_12.2.1.3.0_infrastructure.jar \
  -silent \
  -responseFile $ETC_BASE/install.rsp \
  -invPtrLoc $ETC_BASE/oraInst.loc \
  -ignoreSysPrereqs -force \
  -novalidation ORACLE_HOME=$FMW_HOME \
  INSTALL_TYPE="WebLogic Server"

As soon as the FMW installation has been successfully finished, we initiate the OUD installation. For ORACLE_HOME we have to choose the same directory as using for the FMW infrastructure. The INSTALL_TYPE is set to collocated mode.

$JAVA_HOME/bin/java -jar $SOFTWARE/fmw/fmw_12.2.1.3.0_oud.jar -silent \
  -responseFile $ETC_BASE/install.rsp \
  -invPtrLoc $ETC_BASE/oraInst.loc \
  -ignoreSysPrereqs -force \
  -novalidation ORACLE_HOME=$OUD_HOME \
  INSTALL_TYPE="Collocated Oracle Unified Directory Server (Managed through WebLogic server)"

In this newly created Oracle home directory we now have a collocated Oracle Unified Directory Server. These binaries can be used to deploy OUD and OUDSM in separate domains, in a single domain or just to deploy an OUDSM server.

Next Steps

For know we just have the OUD binaries. The next steps will be to deploy a OUD directory or proxy server using either oud-setup or oud-proxy-setup tool. Both tools can be used in command line mode, GUI mode or silently by specify the corresponding parameters. The statement below is an example to create an OUD directory server instance oud_demo for the base DN dc=postgasse,dc=org with 20 sample records.

$OUD_HOME/oud/oud-setup \
--cli \
--instancePath $OUD_INSTANCE_BASE/oud_demo/OUD \
--adminConnectorPort 4444 \
--rootUserDN cn=Directory\ Manager \
--rootUserPasswordFile $ETC_BASE/oud_demo_pwd.txt \
--ldapPort 1389 \
--baseDN dc=postgasse,dc=org \
--sampleData 20 \
--serverTuning jvm-default \
--offlineToolsTuning jvm-default \
--no-prompt \
--noPropertiesFile

Files and References

Below you find a few references related to Oracle Unified Directory:

  • Oracle JDK 8 Update 144 for ARM 32Bit VFP HardFP MOS Patch 26512975
  • Oracle Unified Directory FMW 12.2.1.3.0 MOS Patch 26270957
  • Oracle Unified Directory 12.2.1.3.0 on Oracle Technology Network
  • Oracle Software Delivery Cloud OSDC
  • Environment Scripts for OUD on www.oradba.ch
  • Github repository for the OUD environment scripts oudbase
  • OUD base environment installation script. It’s a bash script including a TAR.  oudbase_install.sh
  • OUD base environment as TAR archive without installation script.  oudbase_install.tgz
  • Github repository for the OUD environment scripts oudbase
  • Oracle Unified Directory 12c PS3 Released [2300623.1]
  • OUD 12c – How to Download and Install OUD 12c in Standalone Mode (with No Domain Configuration) [2298379.1]
  • OUD 12c: How to Install OUD 12c and OUDSM 12c in Collocated Mode (Under Same Domain) or Non-Collocated Mode (Under Separate Domains) [2303721.1]
  • OUD 12c: Understanding the Oracle Unified Directory 12c Installation Directories MW_HOME, PRODUCT_HOME, OUD ORACLE_HOME, DOMAIN_HOME WLS_HOME ORACLE_COMMON Home [2302813.1]
  • All Java SE Downloads on MOS [1439822.1]
  • Information Center: Using Oracle Unified Directory (OUD) [1419823.2]