...
Using Oracle Wallet® for JobScheduler Master and JOC Cockpit
Delimitation
Consider that before JobScheduler release 1.13.9 you cannot use Oracle Wallet® when installing JobScheduler Master and JOC Cockpit, you can use it at run-time.
- For installation a user/password has to be used.
- Apply below changes after installation to the respective hibernate files.
- Future releases will improve this behavior. However, the current behavior fits to a situation where you want to use a different DBMS accounts for installation and at run-time with different privileges.
Usage
JobScheduler Master and JOC Cockpit connect to the Oracle database without specifying a database account and password, instead the run-time account of the components component is used.
- Consider to use hibernate files when running the installer instead of specifying the account/password with the installer response files
jobscheduler_install.xml
andjoc_install.xml
.update the hibernate files for Master and JOC Cockpit:- Master
$SCHEDULER_DATA/config/hibernate.cfg.xml
$SCHEDULER_DATA/config/reporting.hibernate.cfg.xml
- JOC Cockpit
$JETTY_BASE/resources/joc/jobscheduler.hibernate.cfg.xml
$JETTY_BASE/resources/joc/reporting.hibernate.cfg.xml
- The hibernate configuration should look like this:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<hibernate-configuration>
<session-factory>
<property name="hibernate.connection.driver_class">oracle.jdbc.driver.OracleDriver</property>
<property name="hibernate.connection.password"></property>
<property name="hibernate.connection.url">jdbc:oracle:thin:/@jobscheduler</property>
<property name="hibernate.connection.username"></property>
<property name="hibernate.dialect">org.hibernate.dialect.Oracle10gDialect</property>
<property name="hibernate.show_sql">false</property>
<property name="hibernate.connection.autocommit">false</property>
<property name="hibernate.format_sql">true</property>
<property name="hibernate.temp.use_jdbc_metadata_defaults">false</property>
</session-factory>
</hibernate-configuration>
- Consider that empty elements are used for the account and password. Do not delete the respective elements from the hibernate configuration file.
- The above example specifies the URL
jdbc:oracle:thin:/@jobscheduler
that indicates that the database alias namejobscheduler
is configured with yourtnsnames.ora
file. - Alternatively the database connect string can be specified directly with the URL like this:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=minos.sos)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=jobscheduler)))
- The above connect string specifies the database host
minos.sos
listening on port1521
running a databasejobscheduler
. - When using the above URL syntax then no
tnsnames.ora
file is used.
- Master
- Configure the location of the Oracle Wallet® by use of a Java define like this:
-Doracle.net.wallet_location=/home/jobscheduler/wallet
. This setting should point to the directory where the wallet files of the JobScheduler's run-time account are stored.- For JobScheduler Master
- specify the Java define with the environment variable
JAVA_OPTIONS
before running the installer, e.g.JAVA_OPTIONS="-Doracle.net.wallet_location=/home/jobscheduler/wallet"
- alternatively activate/modify the
options
setting in the[java]
section of the ./config/factory.ini
file like this:[java]
options = ...
-Doracle.net.wallet_location=/home/jobscheduler/wallet
- specify the Java define with the environment variable
- For JOC Cockpit
- specify the Java define with the
jettyOptions
setting of the installer response filejoc_install_xml
like this:<entry key="jettyOptions" value="-Doracle.net.wallet_location=/home/jobscheduler/wallet"/>
- alternatively create/modify the
/etc/default/joc
file to include theJAVA_OPTIONS
environment variable like this:JAVA_OPTIONS="-Doracle.net.wallet_location=/home/jobscheduler/wallet"
- specify the Java define with the
- For JobScheduler Master
...
- No Oracle Client installation is used, however, you might need an Oracle Client to set up and to configure the Oracle Wallet®.
- Typical commands to create a wallet include e.g.:
# create wallet in a directory that is accessible to the JobScheduler run-time account assumed to be "jobscheduler"
mkstore -wrl /home/jobscheduler/wallet -create
# add credentials to wallet; specify entry key, database account and password
mkstore -wrl /home/jobscheduler/wallet/ -createCredential jobscheduler some_account some_password
- Consider that the
mkstore
command will might add the location of the wallet to yoursqlnet.ora
configuration file.- This file is used e.g. by SQLPlus SQL*Plus and therefore allows e.g. to execute:
sqlplus /@jobscheduler
by specifying the entry key fortnsnames.ora
andsqlnet.ora
- This file is not considered when using the Oracle JDBC Driver, therefore the above Java define
-Doracle.net.wallet_location
has to be used.
- This file is used e.g. by SQLPlus SQL*Plus and therefore allows e.g. to execute:
- Typical commands to create a wallet include e.g.:
- JobScheduler makes use of the Oracle JDBC Driver:
- Check the Oracle JDBC Driver version that ships with the JobScheduler release, see Which Database Management Systems are supported by JobScheduler? A newer Oracle JDBC Driver might be available for download as the Open Source JobScheduler might not be bundled with the latest Oracle JDBC Driver.
- Oracle JDBC Drivers that ship for release 18c of the DBMS are reported to work. Previous JDBC Driver releases as e.g. 12c are reported not to work with Oracle Wallet® when used by JobScheduler.
- The following Oracle Java libraries are required that should match the version of the Oracle JDBC Driver.
- The .jar files are available from an Oracle Client installation and that are offered by Oracle for download:
$ORACLE_HOME/jlib/oraclepki.jar
$ORACLE_HOME/jlib/osdt_cert.jar
$ORACLE_HOME/jlib/osdt_core.jar
- Store the libraries in the
./lib/user_lib
directory of our JobScheduler Master and JOC Cockpit installation path respectively.
- The .jar files are available from an Oracle Client installation and that are offered by Oracle for download:
Using Oracle Wallet® for Jobs
Usage
Once Oracle Wallet® is configured for the account that will trigger the jobs, the account is able to See How to make JITL Jobs connect to an Oracle database without password specification, e.g. by using sqlplus /@db11g
Prerequisites
Prerequisites to execute SQL*Plus with Oracle Wallet® on Linux:
- Oracle client installed
- Environment variables being set:
ORACLE_HOME
,LD_LIBRARY_PATH
=$ORACLE_HOME/lib,TNS_ADMIN
Prerequisites to execute shell scripts from JobScheduler Master that call SQL*Plus with Oracle Wallet®:
- Copy declaration and initialization with export of the environment variables to the script
./user_bin/jobscheduler_environment_variables.sh
ORACLE_HOME=/some_location
LD_LIBRARY_PATH=$ORACLE_HOME/lib
TNS_ADMIN=/some_location
export ORACLE_HOME LD_LIBRARY_PATH TNS_ADMIN- This script is executed on JobScheduler start in the context of the user account that JobScheduler is operated for. The environment variables are forwarded to subsequent jobs.
- Restart JobScheduler
Hints
...