Tag Archives: Trivadis Content

Blog posts also posted on the Trivadis Blog (TriBlog)

Install Oracle Unified Directory 12c the smart way

Installing Oracle Unified Directory has always been easy. The installation guide for OUD 11c as well OUD 12 is simple and straight forward. Additionally Oracle does provide a couple of MOS notes for different deployment scenarios. Nevertheless there is always room for improvement 🙂 During my work on OUD to go on Raspberry Pi Zero or on Docker images for OUD I’ve had to optimise the installation of OUD. In this blog post I’ll show how I did simplify respectively optimise my OUD installations.

Prerequisites

Standalone or Collocated?

Since the latest release, Oracle allows a couple of different ways how OUD can be deployed.

  • Standalone Oracle Unified Directory Server With this deployment method OUD is used as a straight forward LDAP server with a small footprint. Administration has to be done via command line (eg. dsconfig, ldapmodify, etc) or when possible with a third party LDAP Browser.
  • Collocated Oracle Unified Directory Server with OUD and OUDSM in a separate domains. OUD and Fusion Middleware (FMW) Infrastructure are installed in the same middleware home directory. In non-collocated mode, OUD and OUDSM will be deployed in different domains.
  • Collocated Oracle Unified Directory Server with OUD and OUDSM in a single domain. OUD and Fusion Middleware Infrastructure are installed in the same middleware home directory. In collocated mode OUD and OUDSM will be deployed under the same domain.
  • Collocated Oracle Unified Directory Server But just used for OUDSM. This is not really an official deployment method, but becomes quite handy when you’ve deployed a couple of standalone OUD server. The OUD software is just deployed into FMW Infrastructure to be able to create and start the OUDSM web application. There will only be an OUDSM domain deployed.

For simple OUD installation’s I usually just install and deploy a standalone OUD. This installation is fast and has a small foot print. I do use dsconfig for the administration and the Apache Directory Studio for general LDAP browsing. If I do need an OUDSM from time to time, I install a dedicated OUDSM (Collocated OUD Server) or use my OUDSM docker container.

Environment

OUD does not make great demands on the environment. Nevertheless, I usually follow the Oracle Flexible Architecture OFA and a couple of environment scripts similar to the Trivadis BasEnv. See my blog post about OUD environment scripts.

For the further installation steps I stick to the following environment variables.

export SOFTWARE=$HOME/software
export ORACLE_BASE=/u00/app/oracle
export JAVA_HOME=$ORACLE_BASE/product/jdk1.8.0_144
export OUD_HOME=$ORACLE_BASE/product/oud12.2.1.3.0
export FMW_HOME=$ORACLE_BASE/product/fmw12.2.1.3.0

In the table below you find a short description of the environment variables. For further explanations see blog post OUD environment scripts.

ENV Variable Path Description
$ORACLE_BASE, $cdob /u00/app/oracle Base directory for the oracle binaries
$ORACLE_HOME, $OUD_HOME $ORACLE_BASE/product/oud12.2.1.3.0 Standalone Oracle Unified Directory binaries
$ORACLE_HOME, $OUD_HOME $ORACLE_BASE/product/fmw12.2.1.3.0 Collocated Oracle Unified Directory binaries
$JAVA_HOME $ORACLE_BASE/product/jdk1.8.0_144 Java used for OUD
$OUD_INSTANCE_BASE, $cdib $ORACLE_BASE/instances Base directory for the instance homes
$SOFTWARE $HOME/software Software Depot for the JAR’s

To do a silent installation, we will require a response file. In case of OUD and FMW it is a simple text file to define a few generic installation values. The same response file can be used for either of the products. We add the missing value INSTALL_TYPE when calling the installer.

echo "[ENGINE]"                                    > $ETC_BASE/install.rsp
echo "Response File Version=1.0.0.0.0"            >> $ETC_BASE/install.rsp
echo "[GENERIC]"                                  >> $ETC_BASE/install.rsp
echo "DECLINE_SECURITY_UPDATES=true"              >> $ETC_BASE/install.rsp
echo "SECURITY_UPDATES_VIA_MYORACLESUPPORT=false" >> $ETC_BASE/install.rsp

Beside the response file we also have to have an inventory location file. You probably have to adjust the group name to fit your environment.

echo "inventory_loc=$ORACLE_BASE/oraInventory" > $ETC_BASE/oraInst.loc
echo "inst_group=oinstall"                    >> $ETC_BASE/oraInst.loc

Software

To start the installation, you first have to get the required software packages. Oracle makes it easy, you can either download the software on Oracle Technology Network (OTN), Oracle Software Delivery Cloud (OSDC) or My Oracle Support (MOS). All download URLs are ok, but I prefer to do the download direct from MOS since this allows to use curl with a simple download URL. The downside is, that this requires a valid MOS account.

Create a netrc file for curl with your MOS credentials.

MOS_USER="<your MOS USER>"
MOS_PASSWORD="</your><your MOS PASSWORD>"
echo "machine login.oracle.com login $MOS_USER password $MOS_PASSWORD" >$SOFTWARE/.netrc

OK, lets download the software.

Java 1.8 update 144, Patch ID 26512979:

curl --netrc-file $SOFTWARE/.netrc \
  --cookie-jar $SOFTWARE/cookie-jar.txt \
  --location-trusted "https://updates.oracle.com/Orion/Services/download/p26512979_180144_Linux-x86-64.zip?aru=21443434&patch_file=p26512979_180144_Linux-x86-64.zip" \
  --output $SOFTWARE/java/p26512979_180144_Linux-x86-64.zip

Oracle Unified Directory 12.2.1.3.0, Patch ID 26270957:

curl --netrc-file $SOFTWARE/.netrc \
  --cookie-jar $SOFTWARE/cookie-jar.txt \
  --location-trusted "https://updates.oracle.com/Orion/Services/download/p26270957_122130_Generic.zip?aru=21504981&patch_file=p26270957_122130_Generic.zip" \
  --output $SOFTWARE/fmw/p26270957_122130_Generic.zip

FWM Infrastructure 12.2.1.3.0, Patch ID 26269885:

curl --netrc-file $SOFTWARE/.netrc \
  --cookie-jar $SOFTWARE/cookie-jar.txt \
  --location-trusted "https://updates.oracle.com/Orion/Services/download/p26269885_122130_Generic.zip?aru=21502041&patch_file=p26269885_122130_Generic.zip" \
  --output $SOFTWARE/fmw/p26269885_122130_Generic.zip

As soon as the software has been downloaded, we will unpack the OUD and FMW packages. In the example below it’s done directly by using the jar utility.

cd $SOFTWARE/fmw
$JAVA_HOME/bin/jar -xvf $SOFTWARE/fmw/p26270957_122130_Generic.zip
$JAVA_HOME/bin/jar -xvf $SOFTWARE/fmw/p26269885_122130_Generic.zip

Java

Although Java is probably already installed on you system, its recommended to install a dedicated JVM for OUD. This way we can keep our java installation for OUD independent from the OS default java. The installation is done with just a untar into the right directory. I do this with just one combined command of unzip and tar.

unzip -p $SOFTWARE/java/p26512979_180144_Linux-x86-64.zip \
*tar* |tar zxv -C $ORACLE_BASE/product

Install Standalone OUD

Start the silent installation with the extracted JAR file and the previously created response file. Set INSTALL_TYPE to Standalone Oracle Unified Directory Server (Managed independently of WebLogic server) will initiate a standalone installation into the defined ORACLE_HOME.

$JAVA_HOME/bin/java -jar $SOFTWARE/fmw/fmw_12.2.1.3.0_oud.jar -silent \
  -responseFile $ETC_BASE/install.rsp \
  -invPtrLoc $ETC_BASE/oraInst.loc \
  -ignoreSysPrereqs -force \
  -novalidation ORACLE_HOME=$OUD_HOME \
  INSTALL_TYPE="Standalone Oracle Unified Directory Server (Managed independently of WebLogic server)"

That’s it. After a couple of minutes the OUD binaries are installed and ready to deploy an Oracle Directory or Proxy server.

Install Collocated OUD

To do a collocated OUD installation, we first have to install FMW infrastructure before installing OUD. The installation is done again in silent mode by specifying the ORACLE_HOME and the INSTALL_TYPE. Execution of this JAR will take longer since it is around 1.5GB.

$JAVA_HOME/bin/java -jar $SOFTWARE/fmw/fmw_12.2.1.3.0_infrastructure.jar \
  -silent \
  -responseFile $ETC_BASE/install.rsp \
  -invPtrLoc $ETC_BASE/oraInst.loc \
  -ignoreSysPrereqs -force \
  -novalidation ORACLE_HOME=$FMW_HOME \
  INSTALL_TYPE="WebLogic Server"

As soon as the FMW installation has been successfully finished, we initiate the OUD installation. For ORACLE_HOME we have to choose the same directory as using for the FMW infrastructure. The INSTALL_TYPE is set to collocated mode.

$JAVA_HOME/bin/java -jar $SOFTWARE/fmw/fmw_12.2.1.3.0_oud.jar -silent \
  -responseFile $ETC_BASE/install.rsp \
  -invPtrLoc $ETC_BASE/oraInst.loc \
  -ignoreSysPrereqs -force \
  -novalidation ORACLE_HOME=$OUD_HOME \
  INSTALL_TYPE="Collocated Oracle Unified Directory Server (Managed through WebLogic server)"

In this newly created Oracle home directory we now have a collocated Oracle Unified Directory Server. These binaries can be used to deploy OUD and OUDSM in separate domains, in a single domain or just to deploy an OUDSM server.

Next Steps

For know we just have the OUD binaries. The next steps will be to deploy a OUD directory or proxy server using either oud-setup or oud-proxy-setup tool. Both tools can be used in command line mode, GUI mode or silently by specify the corresponding parameters. The statement below is an example to create an OUD directory server instance oud_demo for the base DN dc=postgasse,dc=org with 20 sample records.

$OUD_HOME/oud/oud-setup \
--cli \
--instancePath $OUD_INSTANCE_BASE/oud_demo/OUD \
--adminConnectorPort 4444 \
--rootUserDN cn=Directory\ Manager \
--rootUserPasswordFile $ETC_BASE/oud_demo_pwd.txt \
--ldapPort 1389 \
--baseDN dc=postgasse,dc=org \
--sampleData 20 \
--serverTuning jvm-default \
--offlineToolsTuning jvm-default \
--no-prompt \
--noPropertiesFile

Files and References

Below you find a few references related to Oracle Unified Directory:

  • Oracle JDK 8 Update 144 for ARM 32Bit VFP HardFP MOS Patch 26512975
  • Oracle Unified Directory FMW 12.2.1.3.0 MOS Patch 26270957
  • Oracle Unified Directory 12.2.1.3.0 on Oracle Technology Network
  • Oracle Software Delivery Cloud OSDC
  • Environment Scripts for OUD on www.oradba.ch
  • Github repository for the OUD environment scripts oudbase
  • OUD base environment installation script. It’s a bash script including a TAR.  oudbase_install.sh
  • OUD base environment as TAR archive without installation script.  oudbase_install.tgz
  • Github repository for the OUD environment scripts oudbase
  • Oracle Unified Directory 12c PS3 Released [2300623.1]
  • OUD 12c – How to Download and Install OUD 12c in Standalone Mode (with No Domain Configuration) [2298379.1]
  • OUD 12c: How to Install OUD 12c and OUDSM 12c in Collocated Mode (Under Same Domain) or Non-Collocated Mode (Under Separate Domains) [2303721.1]
  • OUD 12c: Understanding the Oracle Unified Directory 12c Installation Directories MW_HOME, PRODUCT_HOME, OUD ORACLE_HOME, DOMAIN_HOME WLS_HOME ORACLE_COMMON Home [2302813.1]
  • All Java SE Downloads on MOS [1439822.1]
  • Information Center: Using Oracle Unified Directory (OUD) [1419823.2]

Oracle Unified Directory to go on Raspberry Pi Zero

Recently I ran out of movies on one of my longer train rides. Coincidentally, I had my Raspberry Pi Zero with me and thought, “There’s Java running on it, right?”. Doesn’t Oracle Unified Directory also require a JVM? OK, I guess Raspberry Pi or ARM wasn’t in focus when Oracle defined the certified platforms of Unified Directory. But hey, I don’t want to set up a production environment, I just need a small project for a long train ride…

The aim is to setup an Raspberry Pi in OTG Mode, install Java and Oracle Unified Directory and configure a small Directory Server, available whenever you need an OUD instance :-). First of all, yes, it works. But before we begin, a few things we need

  • Raspberry Pi Zero I do use a Zero 1.3 without WiFi.
  • USB OTG host cable Dedicated cable supporting USB On-The-Go (OTG). Regular USB cables usually do not support OTG. See Wikipedia On-The-Go (OTG).
  • Raspbian-Image I do recommend the latest Raspbian Stretch Lite. See Raspbian.
  • Oracle JDK 8 for ARM I do use Oracle JDK 8 Update 144 for ARM 32Bit VFP HardFP MOS Patch 26512975. Other Java version are available on MOS Note 1439822.1.
  • Oracle Unified Directory 12.2.1.3 Available through Oracle Technology Network, Oracle Software Delivery Cloud or as My Oracle Support patch 26270957. See also OUD 12.2.1.3 documentation or MOS Note 2300623.1.
  • Temorary System to install OUD Although unified directory does work on ARM, the OUI installer does not. Due to this OUD first have to be “installed” on a supported system. But later more.
  • Environment Scripts for OUD This is optional but quite handy when working on OUD environments. See blog post Environment Scripts for OUD.

In the following chapters I’ll now go through the different steps to setup the OUD “on the go” device. I work primarily on MacOS. Therefore, the individual steps are related to this operating system, but can be easily adapted to other operating systems. Depending on your individual environment, you may skip one or the other step. Shall we get started?

Setup Raspberry Pi

Install Raspian OS

After download the latest release of Raspbian Stretch Lite, we have to create the SD card to setup the OS on raspberry pi. I usually prefer to do this via commandline. Other methods are decribed on www.raspberrypi.org.

PlugIn the SD card and identify the disk via diskutil list. My SD Card is identified disk2. Your output may look different.

soe@gaia:~/ [ic12102] diskutil list
...

/dev/disk2 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *32.0 GB disk2
1: Windows_NTFS SD Card 32.0 GB disk2s1

Unmount the disk

soe@gaia:~/ [ic12102] diskutil unmountDisk /dev/disk2
Unmount of all volumes on disk2 was successful

Copy the Raspian image to the SD card.

soe@gaia:~/ sudo dd bs=1m \
if=/Data/ISO-Images/2017-09-07-raspbian-stretch-lite.img \
of=/dev/rdisk2 conv=sync

1768+1 records in
1769+0 records out
1854930944 bytes transferred in 73.667297 secs (25179843 bytes/sec)

soe@gaia:~/ [ic12102] diskutil list
...

/dev/disk2 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *32.0 GB disk2
1: Windows_FAT_32 boot 43.8 MB disk2s1
2: Linux 1.8 GB disk2s2

That’s it, the OS basically has been setup. But before we plug the SD card into the Raspberry Pi we first have to configure the OTG mode.

Configure OTG Mode

Configuring the OTG mode is straight forward, since the latest Rasbian OS does provide all. Eg. modules, kernel, etc. You just have to adjust the boot configuration.

Update cmdline.txt and add the g_ether module. You have to add modules-load=dwc2,g_ether after rootwait and before quiet. If you use vi to edit cmdline.txt your fine. But if you do use an other editor make sure you do not change the file suffix or add extra lines or line breaks to the file cmdline.txt. Everything must be on one line.
Change to the boot directory on the SD Card. Mounted as /Volumes/boot on my Mac.

soe@gaia:~/ [ic12102] cd /Volumes/boot

Update cmdline.txt

soe@gaia:/Volumes/boot/ [ic12102] vi cmdline.txt

dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=11eccc69-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait modules-load=dwc2,g_ether quiet init=/usr/lib/raspi-config/init_resize.sh

Update config.txt and add dtoverlay=dwc2 at the end of the file.

soe@gaia:/Volumes/boot/ [ic12102] vi config.txt

As last task, make sure to create an empty file named ssh in the boot folder. This tells Raspian to configure and start the ssh daemon at first system boot. Unmount the SD card and the basic OS setup is finished.

soe@gaia:/Volumes/boot/ [ic12102] touch ssh
soe@gaia:/Volumes/boot/ [ic12102] cd
soe@gaia:~/ [ic12102] diskutil unmountDisk /dev/disk2
Unmount of all volumes on disk2 was successful

Now put the SD card back in your Raspberry Pi Zero and plug in the USB cable. The first system boot will take slightly longer, since the filesystem is getting extended to the maximum size of the SD card. To be on the safe side, wait up to 5 minutes and then try to login via ssh.

soe@gaia:~/ [ic12102] ssh pi@raspberrypi.local

The Raspberry Pi Zero is now ready as headless server in OTG mode.

Setup Environment

General Configuration

This step is not really mandatory, nevertheless I do prefer to adjust a few configuration settings on my pi. First of all upgrade OS to the latest release using apt-get.

pi@raspberrypi:~ $ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

By default the Raspberry Pi hostname is set to raspberrypi. If you do have several Raspberry Pi’s it makes sense to assign names. In my case I do set the hostname to oud2go by changing /etc/hostname and /etc/hosts. In both files you have to replace raspberry with the new name.

pi@raspberrypi:~ $ sudo vi /etc/hostname
pi@raspberrypi:~ $ sudo vi /etc/hosts
pi@raspberrypi:~ $ sudo reboot

sudo: unable to resolve host raspberrypi: Connection timed out
Connection to raspberrypi.local closed by remote host.
Connection to raspberrypi.local closed.

As soon the Pi is back it’s now available by its new name.

soe@gaia:~/ [ic12102] ssh pi@oud2go.local
The authenticity of host 'oud2go.local (fe80::6554:bfdd:7283:3fa9%bridge100)' can't be established.
ECDSA key fingerprint is SHA256:E7WxvWlYDOi0RLNJxEu7rrmA9PH+GlwEJsz0OdHSgCY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '
oud2go.local,fe80::6554:bfdd:7283:3fa9%bridge100' (ECDSA) to the list of known hosts.
pi@oud2go.local'
s password:
Linux oud2go 4.9.41+ #1023 Tue Aug 8 15:47:12 BST 2017 armv6l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Sep 7 16:22:54 2017 from fe80::acde:48ff:fe00:3364%usb0

SSH is enabled and the default password for the 'pi' user has not been changed.
This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.
pi@oud2go.local:~ $

It is a good moment to adjust the time zone from UTC to an appropriate for your Raspberry Pi’s. This can either be done using raspi-config or dpkg-reconfigure.

root@oud2go:~# dpkg-reconfigure tzdata

Current default time zone: 'Europe/Zurich'
Local time is now: Mon Oct 30 19:55:21 CET 2017.
Universal Time is now: Mon Oct 30 18:55:21 UTC 2017.

Change the softlinks for localtime will also do the job.

root@oud2go:~# ln -s -f /usr/share/zoneinfo/Europe/Zurich /etc/localtime

Oracle User

In the oracle context it is common practice to create a dedicated user and group. To keep it simple and clear I name it oracle. Indeed I did set up the environment as described in post about the OUD Base environment.

root@oud2go:~# groupadd --gid 1010 oinstall
root@oud2go:~# useradd --create-home --gid oinstall --shell /bin/bash \
--groups oinstall oracle

To install the OUD software, instance and scripts I do use a limited OFA directory structure. See also my Blog Post on OUD Base.

root@oud2go:~# mkdir -p /u00 /u01
root@oud2go:~# mkdir -p /u00/app/oracle
root@oud2go:~# mkdir -p /u00/app/oracle/etc /u00/app/oracle/local
root@oud2go:~# mkdir -p /u00/app/oracle/product /u00/app/oracle/software

root@oud2go:~# chmod a+xr /u00 /u01
root@oud2go:~# chown oracle:oinstall -R /u00 /u01

The newly created user should be allowed to use sudo similar the pi. For this a new sudoers file has to be created.

root@oud2go:~# echo "oracle ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/020_oracle-nopasswd
root@oud2go:~# chmod 440 /etc/sudoers.d/020_oracle-nopasswd

As the last custom configuration I usually distribute the ssh key’s to allow login without password authentication. You only have to include your public key in the file authorized_keys. Lets create the required .ssh user directory for root, pi and the user oracle.

root@oud2go:~# mkdir .ssh
root@oud2go:~# vi .ssh/authorized_keys
root@oud2go:~# chmod 600 .ssh/authorized_keys
root@oud2go:~# chmod 700 .ssh/
root@oud2go:~# cp -r .ssh /home/oracle
root@oud2go:~# cp -r .ssh /home/pi
root@oud2go:~# chown -R pi:pi /home/pi/.ssh
root@oud2go:~# chown -R oracle:oinstall /home/oracle/.ssh

One more thing. Until now all user still have some default password. It’s more than appropriate to change the passwords for the user root, pi and oracle.

root@oud2go:~# passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@oud2go:~# passwd pi
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@oud2go:~# passwd oracle
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Install OUD Base

Install the OUD Base environment scripts according to blog post OUD Base. First we have to get the install scripts using curl.

oracle@oud2go:~ $ cd /u00/app/oracle
oracle@oud2go:/u00/app/oracle $ curl --cookie-jar /tmp/cookie-jar.txt \
--location-trusted "https://github.com/oehrlis/oudbase/raw/master/build/oudbase_install.sh" \
-o oudbase_install.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 147 100 147 0 0 141 0 0:00:01 0:00:01 --:--:-- 141
100 25556 100 25556 0 0 16704 0 0:00:01 0:00:01 --:--:-- 60273
oracle@oud2go:/u00/app/oracle $ chmod 755 oudbase_install.sh

The installation is straight forward. Just run oudbase_install.sh and specify the ORACLE_BASE directory. More options are available via oudbase_install.sh -h.

oracle@oud2go:/u00/app/oracle/ [oud_pi] ./oudbase_install.sh -v -b /u00/app/oracle
2017-11-13_21:13:23 START: Start of oudbase_install.sh (Version 0.1) with -v -b /u00/app/oracle
2017-11-13_21:13:23 INFO : processing commandline parameter
2017-11-13_21:13:23 Using the following variable for installation
2017-11-13_21:13:23 ORACLE_BASE = /u00/app/oracle
2017-11-13_21:13:23 OUD_BASE = /u00/app/oracle
2017-11-13_21:13:23 OUD_DATA = /u00/app/oracle
2017-11-13_21:13:23 ORACLE_INSTANCE_BASE = /u00/app/oracle/instances
2017-11-13_21:13:23 ORACLE_HOME_BASE = /u00/app/oracle/middleware
2017-11-13_21:13:23 OUD_BACKUP_BASE = /u00/app/oracle/backup
2017-11-13_21:13:23 SCRIPT_FQN = /u00/app/oracle/oudbase_install.sh
2017-11-13_21:13:23 Installing OUD Environment
2017-11-13_21:13:23 Create required directories in ORACLE_BASE=/u00/app/oracle
2017-11-13_21:13:23 Create Directory /u00/app/oracle/local/log
2017-11-13_21:13:23 Create Directory /u00/app/oracle/local/etc
2017-11-13_21:13:23 Create Directory /u00/app/oracle/local
2017-11-13_21:13:23 Create Directory /u00/app/oracle/backup
2017-11-13_21:13:23 Create Directory /u00/app/oracle/instances
2017-11-13_21:13:23 Extracting file into /u00/app/oracle/local
bin/
bin/oud_backup.sh
bin/oud_export.sh
bin/oud_status.sh
bin/oudenv.sh
config/
certificates/
doc/
doc/README.md
etc/
etc/oud._DEFAULT_.conf
etc/oudenv.conf
etc/oudtab
lib/
log/
templates/
templates/.bash_profile
templates/cron.d/
templates/etc/
templates/ldif/
templates/logrotate.d/
templates/logrotate.d/oud
templates/ldif/oud_pi_init.ldif
templates/etc/install.rsp
templates/etc/oraInst.loc
templates/etc/oud_instance.service
templates/etc/wls_oudsm.service
templates/cron.d/oud
2017-11-13_21:13:23 Store customization for OUD_DATA (/u00/app/oracle)
2017-11-13_21:13:23 Store customization for OUD_BASE (/u00/app/oracle)
2017-11-13_21:13:23 Store customization for ORACLE_BASE (/u00/app/oracle)
2017-11-13_21:13:23 Please manual adjust your .bash_profile to load / source
2017-11-13_21:13:23 your OUD Environment
2017-11-13_21:13:23 END : of oudbase_install.sh

To start using OUD Base you have to update your .profile file with the following lines.

# Check OUD_BASE and load if necessary
if [ "${OUD_BASE}" = "" ]
then
if [ -f "${HOME}/.OUD_BASE" ]
then
. "${HOME}/.OUD_BASE"
else
echo "ERROR: Could not load ${HOME}/.OUD_BASE"
fi
fi

# define an oudenv alias
alias oud=". $(find $OUD_BASE -name oudenv.sh)"

# source oud environment
. $(find $OUD_BASE -name oudenv.sh)

Install Oracle Software

Install Java

Since a while, Oracle does also provide Java for Raspberry Pi respectively ARM. See Oracle Java on Raspberry Pi. For OUD it’s recommend to use Oracle Java 8 rather than OpenJDK. You can download either download OracleJDK on Java SE Development Kit 8 Downloads or via My Oracle Support. I do prefer the download via My Oracle Support, since this method allows the use of wget or curl.

Create a .netrc file for curl.

oracle@oud2go:~/ [oud_pi] cd /u00/app/oracle/software
oracle@oud2go:/u00/app/oracle/software/ [oud_pi]
oracle@oud2go:/u00/app/oracle/software/ [oud_pi] echo "machine login.oracle.com login password " >.netrc

Download JDK from My Oracle Support:

oracle@oud2go:/u00/app/oracle/software/ [oud_pi] export JAVA_URL="https://updates.oracle.com/Orion/Services/download/p26512975_180144_Linux_VFP.zip?aru=21442384&amp;patch_file=p26512975_180144_Linux_VFP.zip"
oracle@oud2go:/u00/app/oracle/software/ [oud_pi] export JAVA_PKG="p26512975_180144_Linux_VFP.zip"
oracle@oud2go:/u00/app/oracle/software/ [oud_pi] curl --netrc-file .netrc --cookie-jar cookie-jar.txt --location-trusted $JAVA_URL -o $JAVA_PKG
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 1959 0 1959 0 0 820 0 --:--:-- 0:00:02 --:--:-- 1839
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0
100 77.6M 100 77.6M 0 0 3262k 0 0:00:24 0:00:24 --:--:-- 3578k

Install the JDK as root:

oracle@oud2go:/u00/app/oracle/software/ [oud_pi] sudo su -
root@oud2go:~# unzip -p /u00/app/oracle/software/$JAVA_PKG *tar* |tar zvx -C /usr/java

# set the JAVA alternatives directories and links
root@oud2go:~# export JAVA_DIR=$(ls -1 -d /usr/java/*)
root@oud2go:~# ln -s $JAVA_DIR /usr/java/latest
root@oud2go:~# ln -s $JAVA_DIR /usr/java/default

root@oud2go:~# update-alternatives --install /usr/bin/java java $JAVA_DIR/bin/java 20000
update-alternatives: using /usr/java/jdk1.8.0_144/bin/java to provide /usr/bin/java (java) in auto mode

root@oud2go:~# update-alternatives --install /usr/bin/javac javac $JAVA_DIR/bin/javac 20000
update-alternatives: using /usr/java/jdk1.8.0_144/bin/javac to provide /usr/bin/javac (javac) in auto mode

root@oud2go:~# update-alternatives --install /usr/bin/jar jar $JAVA_DIR/bin/jar 20000
update-alternatives: using /usr/java/jdk1.8.0_144/bin/jar to provide /usr/bin/jar (jar) in auto mode

root@oud2go:~# which java
/usr/bin/java

root@oud2go:~# java -version
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) Client VM (build 25.144-b01, mixed mode)

Install OUD

In principle, one should be able to install OUD directly on the Respberry Pi. OUD is unpacked and installed directly with java. But the Oracle Universal Installer or at least a small part of the installation does not work on the ARM platform. Due to this you have to install OUD on an other OS and move the installation directory onto your Raspberry Pi. In my case I do use my MacBook Pro to temporarily install OUD. Alternatively you may also copy the OUD installation from my OUD docker image. But that’s an other story. I’ll post on this topic in a couple of days.

Prepare the download installation path, variables .netca file.

soe@gaia:~/ [ic12102] export DOWNLOAD=/tmp/download
soe@gaia:~/ [ic12102] mkdir -p $DOWNLOAD
soe@gaia:~/ [ic12102] chmod 777 $DOWNLOAD

soe@gaia:~/ [ic12102] export FMW_OUD_URL="https://updates.oracle.com/Orion/Services/download/p26270957_122130_Generic.zip?aru=21504981&amp;patch_file=p26270957_122130_Generic.zip"
soe@gaia:~/ [ic12102] export FMW_OUD_PKG="p26270957_122130_Generic.zip"
soe@gaia:~/ [ic12102] export FMW_OUD_JAR=fmw_12.2.1.3.0_oud.jar

soe@gaia:~/ [ic12102] echo "machine login.oracle.com login password " >/tmp/download/.netrc

soe@gaia:~/ [ic12102] curl --netrc-file /tmp/download/.netrc --cookie-jar \
 /tmp/download/cookie-jar.txt  --location-trusted $FMW_OUD_URL \
 -o $DOWNLOAD/$FMW_OUD_PKG

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 1927 0 1927 0 0 963 0 --:--:-- 0:00:02 --:--:-- 1715
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0
100 404M 100 404M 0 0 1847k 0 0:03:44 0:03:44 --:--:-- 1689k

Create a bunch of local Directories in ORACLE_BASE

soe@gaia:~/ [ic12102] export ORACLE_BASE=/u00/app/oracle
soe@gaia:~/ [ic12102] mkdir -p $ORACLE_BASE/etc $ORACLE_BASE/product

To install OUD in silent mode, we need a response file. For OUD this is a simple and straight forward text file.

soe@gaia:~/ [ic12102] echo "[ENGINE]" > $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] echo "Response File Version=1.0.0.0.0" >> $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] echo "[GENERIC]" >> $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] echo "DECLINE_SECURITY_UPDATES=true" >> $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] echo "SECURITY_UPDATES_VIA_MYORACLESUPPORT=false" >> $ORACLE_BASE/etc/install.rsp

The installer does also require a OraInventory Location file:

soe@gaia:~/ [ic12102] echo "inventory_loc=$ORACLE_BASE/oraInventory" > $ORACLE_BASE/etc/oraInst.loc
soe@gaia:~/ [ic12102] echo "inst_group=oinstall" >> $ORACLE_BASE/etc/oraInst.loc

The JAR and the response file will then be used to install OUD in silent mode

soe@gaia:/tmp/download/ [ic12102] java -jar $DOWNLOAD/$FMW_OUD_JAR -silent \
 -responseFile $ORACLE_BASE/etc/install.rsp \
 -invPtrLoc $ORACLE_BASE/etc/oraInst.loc \
 -ignoreSysPrereqs -force \
 -novalidation ORACLE_HOME=$ORACLE_BASE/product/fmw12.2.1.3.0 \
 INSTALL_TYPE="Standalone Oracle Unified Directory Server (Managed independently of WebLogic server)"

Launcher log file is /private/var/folders/80/xtg0v0r16sl6z5sjmxhkvr540000gn/T/OraInstall2017-10-30_08-47-41PM/launcher2017-10-30_08-47-41PM.log.
Extracting the installer . . . . . Done
Checking if CPU speed is above 300 MHz. Actual 2969.6 MHz Passed
Checking swap space: must be greater than 512 MB. Actual 257166 MB Passed
Checking if this platform requires a 64-bit JVM. Actual 64 Passed
Checking temp space: must be greater than 300 MB. Actual 257166 MB Passed
Preparing to launch the Oracle Universal Installer from /private/var/folders/80/xtg0v0r16sl6z5sjmxhkvr540000gn/T/OraInstall2017-10-30_08-47-41PM
Log: /private/var/folders/80/xtg0v0r16sl6z5sjmxhkvr540000gn/T/OraInstall2017-10-30_08-47-41PM/install2017-10-30_08-47-41PM.log
Setting ORACLE_HOME to /u00/app/oracle/product/fmw12.2.1.3.0
Setting INSTALL_TYPE to Standalone Oracle Unified Directory Server (Managed independently of WebLogic server)
Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved.
Reading response file..
Skipping Software Updates
Validations are disabled for this session.
Verifying data
Copying Files
Percent Complete : 10
Percent Complete : 20
Percent Complete : 30
Percent Complete : 40
Percent Complete : 50
Percent Complete : 60
Percent Complete : 70
Percent Complete : 80
Percent Complete : 90
Percent Complete : 100

The installation of Oracle Unified Directory 12.2.1.3.0 completed successfully.
Logs successfully copied to /u00/app/oracle/oraInventory/logs.

Copy the OUD binaries to your Raspberry Pi.

soe@gaia:~/ [ic12102] scp -r /u00/app/oracle/product/fmw12.2.1.3.0 oracle@oud2go.local:/u00/app/oracle/product

Clean up the temporary installation on the MacBook Pro:

soe@gaia:~/ [ic12102] rm -rf $ORACLE_BASE/etc/install.rsp
soe@gaia:~/ [ic12102] rm -rf $ORACLE_BASE/etc/oraInst.loc
soe@gaia:~/ [ic12102] rm -rf $ORACLE_BASE/oraInventory
soe@gaia:~/ [ic12102] rm -rf $ORACLE_BASE/product/fmw12.2.1.3.0
soe@gaia:~/ [ic12102] rm -rf /tmp/download

Thats it. You not have your OUD software on your pi. Now lets create an OUD instance.

Setup OUD Directory Server

Depending on your need, you may create an OUD directory server or an OUD proxy server. The setup scripts can either be execute interactive via GUI or command line or as on command. On my Raspberry Pi I do setup a directory server with just one command.

Create a password file for the OUD instance oud_pi_pwd.txt

oracle@oud2go:/u00/app/oracle/ [oud_pi] echo "manager" >/u00/app/oracle/local/etc/oud_pi_pwd.txt

Create the OUD directory server for Base DN dc=postgasse,dc=org with a bunch of dummy entries using oud-setup.

oracle@oud2go:/u00/app/oracle/ [oud_pi] $ORACLE_HOME/oud/oud-setup \
--cli \
--instancePath /u00/app/oracle/instances/oud_pi/OUD \
--adminConnectorPort 4444 \
--rootUserDN cn=Directory\ Manager \
--rootUserPasswordFile /u00/app/oracle/local/etc/oud_pi_pwd.txt \
--ldapPort 1389 \
--baseDN dc=postgasse,dc=org \
--sampleData 20 \
--serverTuning jvm-default \
--offlineToolsTuning jvm-default \
--no-prompt \
--noPropertiesFile

Oracle Unified Directory 12.2.1.3.0
Please wait while the setup program initializes...

Creating instance directory /u00/app/oracle/instances/oud_pi/OUD ..... Done.
See /u00/app/oracle/instances/oud_pi/OUD/logs/oud-setup for a detailed log of
this operation.

Configuring Directory Server ......... Done.
Importing Automatically-Generated Data (20 Entries) ....................................... Done.
Starting Directory Server ........................................ Done.

To see basic server configuration status and configuration you can launch
/u00/app/oracle/instances/oud_pi/OUD/bin/status

That’s it, we now have an empty directory server with 20 sample records 🙂 Since the Raspberry Pi only has limited resources, I’ve just configure the LDAP port. For a simple test and engineering system LDAPS is not really required. Specially because we do not setup any EUS integration.

Conclusion

It works… but the directory server is far away from a high performance setup. Nevertheless it’s a nice and handy setup for simple engineering work and simple demos. Striving for a bit more performance? You may also setup OUD in a docker container. I’ll provide more information on this topic in a couple of day’s. If you can’t wait, take a look at my Docker OUD Repository on GitHub now (docker-oud or docker-oudsm).

Files and References

Below you find a few references related to Raspberry Pi, USB OTG or Oracle Unified Directory:

Software related to this project:

  • Raspbian Stretch Lite latest
  • Oracle JDK 8 Update 144 for ARM 32Bit VFP HardFP MOS Patch 26512975
  • Oracle Unified Directory 12.2.1.3.0 on Oracle Technology Network
  • Oracle Software Delivery Cloud OSDC
  • Oracle Unified Directory FMW 12.2.1.3.0 MOS Patch 26270957
  • OUD base environment installation script. It’s a bash script including a TAR.  oudbase_install.sh
  • OUD base environment as TAR archive without installation script.  oudbase_install.tgz

My Oracle Support Notes:

  • Oracle Unified Directory 12c PS3 Released [2300623.1]
  • All Java SE Downloads on MOS [1439822.1]
  • Information Center: Using Oracle Unified Directory (OUD) [1419823.2]

Oracle CPU / PSU Announcement October 2017

The Oracle open world 2017 is over, the dust just settled down. A perfect time for Oracle to release the October critical patch advisory. With not less than 270 new security vulnerability fixes across the Oracle products it seems to be a rather huge update. From the DB perspective it is nothing unusual. It contains 6 new security fixes for vulnerabilities on Oracle Database 11.2.0.4, 12.1.0.2 and 12.2.0.1. 2 of the vulnerabilities can be used remotely without authentication, but none of the vulnerabilities affect Oracle client installations. Overall the highest CVSS Rating is 8.8 for Oracle Database Server 11.2.0.4 on Windows respectively 7.8 for 12.1.0.2 on Windows and Linux. According to Oracle the following components are affected:

  • Core RDBMS
  • Java VM
  • XML Database
  • RDBMS Security
  • Spatial (Apache Groovy)
  • WLM (Apache Tomcat)

Not all of these components are installed by default. It is therefore recommended that you check your database environment to see if it is necessary to apply this critical patch update. OK, I guess Core RDBMS is part of you database setup 🙂

For Oracle Fusion Middleware the situation looks somehow different. The Critical Patch Update includes not less than 40 fixes for vulnerabilities. Up to 26 vulnerabilities may be remotely exploitable without authentication and are rated with the highest CVSS rating of 9.8.

More details about the patch will follow soon on the Oracle Security Pages.

By the way, Oracle improved the table which lists the affected products and components in there advisory. Oracle Database is not a the top of the table any more.

Articles in DOAG Red Stack Magazin

A while ago I wrote two articles for the DOAG Red Stack Magazin. In the meantime both articles have been published. For this reason I use the opportunity to make the PDF versions of the articles available on oradba.ch. The articles are written in German and available as Trivadis version as well Red Stack version. Although the articles versions differ only in the number of typos and layout.

None of the articles are currently available in english. On request I will write also articles about Oracle Unified Directory in English in the future. However, currently I still have a lot of ideas for blog posts about database security, enterprise user security and unified directory on my to-do list. And blog posts I usually write in english… 🙂

Oracle Unified Directory 12 Released

Finally end of working day. But while reading some newsletter and mails on my way home, I realised that there will be some work at home. After a long wait, Oracle has finally released Oracle Unified Directory 12c 🙂

A overview of the new features:

  • Improved performance and scalability
  • Support for TNS aliases for Oracle Unified Directory deployments with Oracle Enterprise User Security (EUS) configured
  • Support for TLS 1.2 Protocols and Cipher Suites
  • Password-Based Key Derivation Function 2 Password Storage Schemes
  • ODSM Rebranding
  • Support for new log publishers that are configurable via OUDSM
  • Support for the Upgrade OUD Instance script
  • Support for WebLogic Scripting Tool provisioning commands
  • Support for new log publishers that are configurable via OUDSM
  • Support for Oracle Fusion Middleware configuration tools
  • Support for Oracle WebLogic Server 12.2.1.3
  • Support for Oracle JDK 1.8

See Fusion Middleware Release Notes What’s New in Oracle Identity Management 12c (12.2.1.3.0) for a full list of new features.

Links related to Oracle Unified Directory 12c:

Stay tuned, I’ll definitely write more blog posts on Oracle Unified Directory 12 soon.

GDPR and Database Security Speeches

The new EU GDPR and Database Security in general keeps me busy. I’ve updated the list of speeches and events for the next couple of month. It’s an interesting mix between GDPR, Oracle Database Security and MS SQL Server 2016 security. Depending on the feedback of the Call For Papers for the DOAG Conference and the Oracle OpenWorld there will probably be more. But for now I’ll definitely give a full day training on Oracle Database 12c Security at the Education day on DOAG Conference.

Upcoming events

No planned public appearances

Have you missed an event? In this case check out the download page or blog post categorized with speaking. If possible, I’ll provide all information online?

DOAG Webinar Oracle 12.2 New Security Features

A couple of days ago I’ve successfully finished the DOAG Webinar on Oracle 12c Release 2 new Security Feature. It was a great opportunity to discuss the security enhancements in the latest Oracle database release. This release introduces some new security features that simplify the secure operation of on-premises or cloud-based databases. Especially the online encryption of tablespaces with TDE.

Based on initial experiences and insights, the following topics have been discussed:

  • Authentication
  • Authorization
  • Database Auditing with Unified Audit
  • Encryption with Transparent Data Encryption
  • As well as an overview of further innovations in database security

The slides and the recording of the webinar is available in German over the following links: