JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

  • JS7 offers has provision for two levels of integration with an Oracle DBMS:

  • For both scenarios users might prefer not to provide a user account and password for authentication with the DBMS from readable files.

    • Use The use of passwords is considered insecure when passwords are stored in clear text in external files or in job parameters.
    • JS7 offers enables JS7 - Use of Credential Store with JITL Jobs as an alternative way to store and to retrieve passwords.
    • The Oracle Wallet® provides a
    means
    • credential store to connect to an Oracle database without specifying a user account and password from parameters or from readable files.

SOS does not accept any liability for use of JS7 with Oracle Wallet®. Configuration of Oracle Wallet® is the user's responsibility and can change based on the version of the DBMS. The following explanations offer an example how to integrate with Oracle 18c, the example is not authoritative and does not cover future versions of the DBMS. The database vendor's documentation offers authoritative instruction how to connect to Oracle Wallet® and how to analyze connection problems.

Oracle Wallet®

The Oracle Wallet® configuration is explained with in the Oracle documentation. At the time of writing the following links are available:

Using Oracle Wallet® for JOC Cockpit

Anchor
prerequisites
prerequisites
Prerequisites

Anchor
wallet
wallet
Oracle Wallet®

No An Oracle Client installation is not required at run-time for use of to allow a wallet with JS7 componentsto be used with the JOC Cockpit. However, users need an Oracle Client to set up and to configure the wallet.

  • The wallet does not necessarily have to be created on the machine where JS7 components such as the JOC Cockpit or Agents are is located. Technically the The wallet preferably consists of a number of keystores keystore and truststores truststore files that can be copied from a remote machine to the server that hosts the JS7 componentJOC Cockpit.

  • Typical commands

    to create

    for creating a wallet include

    for example:

    :

    Code Block
    titleExample how to set up a wallet
    linenumberstrue
    # create the wallet in an arbitrary location
mkstore -wrl
    # create the wallet in an arbitrary location
    mkstore -wrl 
    /home/js7/wallet -create

    

# add credentials to the wallet; specify key, user account and password for database access

    
mkstore -wrl /home/js7/wallet/ -createCredential js7 some_account some_password

# check that the key has been added to the wallet
mkstore -wrl  /home/js7/wallet/  -listCredential

Anchor
jdbc
jdbc
Oracle JDBC Driver

  • Check the Oracle JDBC Driver version that ships with the JS7 release , - see JS7 - Database, chapter: Individual JDBC Driver Versions. A newer Oracle JDBC Driver might be available for download as included with the JS7 releasefrom Oracle.
  • Oracle JDBC Drivers that ship for release 18c of the DBMS are reported to work. Previous Oracle JDBC Driver releases, for example 12c, are reported not to work with Oracle Wallet® when used by JS7. If in doubt use the Oracle JDBC Driver version that matches the version of the DBMS.
  • To apply a version of the Oracle JDBC Driver that is different from to the version that ships with JS7, see see the JS7 - Database, chapter: Individual JDBC Driver Versions article.

Anchor
pki
pki
Oracle PKI Libraries

  • The following Oracle Java PKI libraries are required that and have to match the version of the Oracle DBMS and Oracle JDBC Driver.
  • The .jar files are provided by Oracle for download and are available from an Oracle Client installation and are offered by Oracle for download, for example from:
    • ORACLE_HOME/jlib/oraclepki.jar
    • ORACLE_HOME/jlib/osdt_cert.jar
    • ORACLE_HOME/jlib/osdt_core.jar
  • Store the libraries to For on premises installations, store the Oracle PKI libraries in the JETTY_HOMEBASE/lib/ext/user_libjoc directory of the JOC Cockpit installation configuration directory respectively.
  • When running JOC Cockpit for Docker® consider to store the JDBC Driver and containers, consider storing the Oracle PKI libraries in the JETTY_BASE/resources/joc/lib directory.

Anchor
configuration
configuration
Configuration

The JOC Cockpit is configured to connect to an Oracle database using Hibernate. In addition, the Oracle database without specifying a user account and password, instead, at run-time JOC Cockpit makes use of a walletlocation of Oracle configuration files and of the wallet has to be specified.

Anchor
hibernate_cfg_xml
hibernate_cfg_xml
Hibernate hibernate.cfg.xml Configuration File

  • Location: JETTY_BASE/resources/joc/hibernate.cfg.xml, see JS7 - Database.

  • The hibernate Hibernate configuration should file may look like this:

    Code Block
    titleExample of a Hibernate configuration file for Oracle® database
    linenumberstrue
    collapsetrue
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<hibernate-configuration>
 <session-factory>
  <property name="hibernate.connection.driver_class">oracle.jdbc.OracleDriver</property>
  <property name="hibernate.connection.password"></property>
  <property name="hibernate.connection.url">jdbc:oracle:thin:@/js7@js7?tnsTNS_adminADMIN=/home/js7/wallet</property>
  <property name="hibernate.connection.username"></property>
  <property name="hibernate.dialect">org.hibernate.dialect.Oracle12cDialect</property>
  <property name="hibernate.show_sql">false</property>
  <property name="hibernate.connection.autocommit">false</property>
  <property name="hibernate.format_sql">true</property>
  <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property>
  <property name="hibernate.connection.provider_class">org.hibernate.hikaricp.internal.HikariCPConnectionProvider</property>
  <property name="hibernate.hikari.maximumPoolSize">10</property>
 </session-factory>
</hibernate-configuration>



  • Consider Note the empty elements that are used for the account and password. Do not delete the respective these elements from the hibernate Hibernate configuration file.
  • The connection URL specifies js7 as as the key to for an entry in the tnsnames.ora configuration file and in the wallet.
  • The URL parameter tns_admin TNS_ADMIN URL parameter is used to specify the directory of the tnsnames.ora configuration file. JDBC Connections usually would do not need require this configuration file as connection details (Listener, Service Name, Service ID) are specified with in the URL. However, due to use of the js7 wallet key to the wallet in the URL, it is preferable to manage that connection details from are managed in a tnsnames.ora configuration file.
  • In the example above example this file is located in the /home/js7/wallet directory that which is in fact is the directory where the wallet is located. This location is not required authoritative as the file can reside in any directory that is accessible to JOC Cockpit.
  • Consider Note that an sqlnet.ora configuration file is not used with the above setup of for a JDBC connection.

Anchor
tnsnames_ora
tnsnames_ora
Oracle tnsnames.ora Configuration File

The following example is not authoritative but is intended to explain a few basic settings:

Code Block
languagetext
titleExample of a tnsnames.ora configuration file
linenumberstrue
collapsetrue
# tnsnames.ora Network Configuration File: /home/js7/product/18.0.0/dbhomeXE/NETWORK/ADMIN/tnsnames.ora
# Generated by Oracle configuration tools.

JS7 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.11.0.99)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = JS7)
    )
  )

LISTENER_JS7 =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 192.11.0.99)(PORT = 1521))


ORACLR_CONNECTION_DATA =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    )
    (CONNECT_DATA =
      (SID = CLRExtProc)
      (PRESENTATION = RO)
    )
  )

...

  • Line 4: The name JS7 of the first entry in this file corresponds to the key for which credentials have been stored to the wallet.
  • Line 5-9: The settings indicate the Listener's host and port and the database Service Name or Service ID.

Anchor
wallet_location
wallet_location
Wallet Location for Java

The wallet location is specified in a Java define.

  • Configure the location of the wallet by use of using a Java define like this: 
    -Doracle.net.wallet_location=/home/js7/wallet. This setting should point to the directory where the wallet files are located. This setting can be specified with one of the following options:
    • specify the Java define with the jettyOptions setting of the joc_install_xml installer response file like this:
      <entry key="jettyOptions" value="-Doracle.net.wallet_location=/home/js7/wallet"/>
    • alternatively, for Unix, use one of the following options:
      • specify the JAVA_OPTIONS environment variable before running the JOC Cockpit jetty.sh start script.
      • create/modify and make executable the /home/js7/.jocrc file, assuming that js7 is the JOC Cockpit run-time account. This file should export the JAVA_OPTIONS environment variable like this:
        export JAVA_OPTIONS="-Doracle.net.wallet_location=/home/js7/wallet"
      • add the JAVA_OPTIONS environment variable to the systemd service file, see as described in the JS7 - systemd Service Files for automated Startup / and Shutdown with Unix Systemsarticle.
    • Find further details from Further details can be found in the JS7 - How To - Apply Java Options article.