OCICLI コマンドとjq コマンドのメモ
目次
コンパートメントID取得
.name == の条件は必要に応じて変更。
$ oci iam compartment list | jq -r '.data | map(select(.name=="poul"))[].id '
コンピュートの表示名、ocid取得
$ oci compute instance list --compartment-id=$comp_id | jq -r '.data[] | {name:."display-name",id:."id"}' { "name": "db01", "id": "ocid1.instance.oc1.ap-tokyo-1.xxx" } $ oci compute instance list --compartment-id=$comp_id | jq -r '.data | map(select(."display-name"=="db01"))[] | .id' ocid1.instance.oc1.ap-tokyo-1.xxx
コンピュート起動
$ oci compute instance action --instance-id=$inst_id --action start
コンピュート停止
$ oci compute instance action --instance-id=$inst_id --action stop
OCICLI on docker container
目次
- 目次
- やること
- Oracle Linux のイメージをpull
- コンテナ起動
- Python3導入
- OCICLI インストール
- OCIコマンドの確認
- OCIコマンドの設定
- 公開鍵の確認
- ユーザーにAPIキーの設定
- 動作確認
- dockerイメージのコミット
- 参考
やること
OCICLI をDocker container上にインストールしたいと思います。
Oracle Linux のイメージをpull
$ docker pull oraclelinux:7-slim 7-slim: Pulling from library/oraclelinux 89ad662320ef: Pull complete Digest: sha256:68d5af67eaa92bb7346d6a7626761fc30a6d0934abbb32ac2af71d5d74b3023b Status: Downloaded newer image for oraclelinux:7-slim docker.io/library/oraclelinux:7-slim $ docker image list REPOSITORY TAG IMAGE ID CREATED SIZE docker/getting-started latest adfdb308d623 4 days ago 27.4MB oraclelinux 7-slim 1aadc5c6dfe3 4 weeks ago 162MB
コンテナ起動
$ docker run -it oraclelinux:7-slim bash-4.2#
Python3導入
bash-4.2# yum install python3
OCICLI インストール
bash-4.2# bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 16641 100 16641 0 0 73865 0 --:--:-- --:--:-- --:--:-- 73960 ****************************************************************************** You have started the OCI CLI Installer in interactive mode. If you do not wish to run this in interactive mode, please include the --accept-all-defaults option. If you have the script locally and would like to know more about input options for this script, then you can run: ./install.sh -h If you would like to know more about input options for this script, refer to: https://github.com/oracle/oci-cli/blob/master/scripts/install/README.rst ****************************************************************************** Downloading Oracle Cloud Infrastructure CLI install script from https://raw.githubusercontent.com/oracle/oci-cli/v3.2.1/scripts/install/install.py to /tmp/oci_cli_install_tmp_Q888. ######################################################################## 100.0% Running install script. python3 /tmp/oci_cli_install_tmp_Q888 -- Verifying Python version. -- Python version 3.6.8 okay. ===> In what directory would you like to place the install? (leave blank to use '/root/lib/oracle-cli'): -- Creating directory '/root/lib/oracle-cli'. -- We will install at '/root/lib/oracle-cli'. ===> In what directory would you like to place the 'oci' executable? (leave blank to use '/root/bin'): -- Creating directory '/root/bin'. -- The executable will be in '/root/bin'. ===> In what directory would you like to place the OCI scripts? (leave blank to use '/root/bin/oci-cli-scripts'): -- Creating directory '/root/bin/oci-cli-scripts'. -- The scripts will be in '/root/bin/oci-cli-scripts'. ===> Currently supported optional packages are: ['db (will install cx_Oracle)'] What optional CLI packages would you like to be installed (comma separated names; press enter if you don't need any optional packages)?: -- The optional packages installed will be ''. -- Trying to use python3 venv. -- Executing: ['/usr/bin/python3', '-m', 'venv', '/root/lib/oracle-cli'] -- Executing: ['/root/lib/oracle-cli/bin/pip', 'install', '--upgrade', 'pip'] Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) 100% |████████████████████████████████| 1.7MB 1.1MB/s Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. -- Executing: ['/root/lib/oracle-cli/bin/pip', 'install', '--cache-dir', '/tmp/tmpgc3ok70p', 'wheel', '--upgrade'] Collecting wheel Downloading wheel-0.37.1-py2.py3-none-any.whl (35 kB) Installing collected packages: wheel Successfully installed wheel-0.37.1 -- Executing: ['/root/lib/oracle-cli/bin/pip', 'install', '--cache-dir', '/tmp/tmpgc3ok70p', 'oci_cli', '--upgrade'] Collecting oci_cli Downloading oci_cli-3.5.0-py3-none-any.whl (24.3 MB) |████████████████████████████████| 24.3 MB 12.4 MB/s Collecting cryptography<=3.4.7,>=3.2.1 Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_aarch64.whl (3.1 MB) |████████████████████████████████| 3.1 MB 12.1 MB/s Collecting python-dateutil<3.0.0,>=2.5.3 Downloading python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB) |████████████████████████████████| 247 kB 9.6 MB/s Collecting click==7.1.2 Downloading click-7.1.2-py2.py3-none-any.whl (82 kB) |████████████████████████████████| 82 kB 3.4 MB/s Collecting pyOpenSSL==19.1.0 Downloading pyOpenSSL-19.1.0-py2.py3-none-any.whl (53 kB) |████████████████████████████████| 53 kB 5.4 MB/s Collecting pytz>=2016.10 Downloading pytz-2021.3-py2.py3-none-any.whl (503 kB) |████████████████████████████████| 503 kB 11.3 MB/s Collecting jmespath==0.10.0 Downloading jmespath-0.10.0-py2.py3-none-any.whl (24 kB) Collecting oci==2.56.0 Downloading oci-2.56.0-py2.py3-none-any.whl (12.5 MB) |████████████████████████████████| 12.5 MB 10.6 MB/s Collecting arrow>=1.0.0 Downloading arrow-1.2.2-py3-none-any.whl (64 kB) |████████████████████████████████| 64 kB 6.0 MB/s Collecting terminaltables==3.1.0 Downloading terminaltables-3.1.0.tar.gz (12 kB) Preparing metadata (setup.py) ... done Collecting certifi Downloading certifi-2021.10.8-py2.py3-none-any.whl (149 kB) |████████████████████████████████| 149 kB 11.2 MB/s Collecting six>=1.15.0 Downloading six-1.16.0-py2.py3-none-any.whl (11 kB) Collecting PyYAML<6,>=5.4 Downloading PyYAML-5.4.1-cp36-cp36m-manylinux2014_aarch64.whl (726 kB) |████████████████████████████████| 726 kB 11.2 MB/s Collecting circuitbreaker<2.0.0,>=1.3.1 Downloading circuitbreaker-1.3.2.tar.gz (7.9 kB) Preparing metadata (setup.py) ... done Collecting typing-extensions Downloading typing_extensions-4.1.1-py3-none-any.whl (26 kB) Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (433 kB) |████████████████████████████████| 433 kB 12.3 MB/s Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) |████████████████████████████████| 118 kB 12.8 MB/s Building wheels for collected packages: terminaltables, circuitbreaker Building wheel for terminaltables (setup.py) ... done Created wheel for terminaltables: filename=terminaltables-3.1.0-py3-none-any.whl size=15355 sha256=05e9fb3f5a78ad9460b858974cb1968899d812cde2d8e443003fe1b8d540423c Stored in directory: /tmp/tmpgc3ok70p/wheels/86/1b/58/c23af2fe683acd8edc15d5a1268f0242be1ff2cf827fe34737 Building wheel for circuitbreaker (setup.py) ... done Created wheel for circuitbreaker: filename=circuitbreaker-1.3.2-py3-none-any.whl size=6017 sha256=2059f5037fbaa29a7df94a3090622cf78e599b8e2f721098af74247526499b87 Stored in directory: /tmp/tmpgc3ok70p/wheels/2b/54/c2/70629ee4335118768dceec192e138df3636ecf02973fa2c1f0 Successfully built terminaltables circuitbreaker Installing collected packages: pycparser, cffi, six, cryptography, typing-extensions, pytz, python-dateutil, pyOpenSSL, circuitbreaker, certifi, terminaltables, PyYAML, oci, jmespath, click, arrow, oci-cli Successfully installed PyYAML-5.4.1 arrow-1.2.2 certifi-2021.10.8 cffi-1.15.0 circuitbreaker-1.3.2 click-7.1.2 cryptography-3.4.7 jmespath-0.10.0 oci-2.56.0 oci-cli-3.5.0 pyOpenSSL-19.1.0 pycparser-2.21 python-dateutil-2.8.2 pytz-2021.3 six-1.16.0 terminaltables-3.1.0 typing-extensions-4.1.1 ===> Modify profile to update your $PATH and enable shell/tab completion now? (Y/n): Y ===> Could not automatically find a suitable file to use. Create /root/.bashrc now? (Y/n): Y -- Backed up '/root/.bashrc' to '/root/.bashrc.backup' -- Tab completion set up complete. -- If tab completion is not activated, verify that '/root/.bashrc' is sourced by your shell. -- -- ** Run `exec -l $SHELL` to restart your shell. ** -- -- Installation successful. -- Run the CLI with /root/bin/oci --help
OCIコマンドの確認
bash-4.2# bash bash-4.2# oci -v 3.5.0
OCIコマンドの設定
★の箇所で値を入力します。
bash-4.2# oci setup config This command provides a walkthrough of creating a valid CLI config file. The following links explain where to find the information required by this script: User API Signing Key, OCID and Tenancy OCID: https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#Other Region: https://docs.cloud.oracle.com/Content/General/Concepts/regions.htm General config documentation: https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm Enter a location for your config [/root/.oci/config]: Enter a user OCID: ocid1.user.oc1..**** ---- ★ Enter a tenancy OCID: ocid1.tenancy.oc1..**** ---- ★ Enter a region by index or name(e.g. 1: af-johannesburg-1, 2: ap-chiyoda-1, 3: ap-chuncheon-1, 4: ap-dcc-canberra-1, 5: ap-hyderabad-1, 6: ap-ibaraki-1, 7: ap-melbourne-1, 8: ap-mumbai-1, 9: ap-osaka-1, 10: ap-seoul-1, 11: ap-singapore-1, 12: ap-sydney-1, 13: ap-tokyo-1, 14: ca-montreal-1, 15: ca-toronto-1, 16: eu-amsterdam-1, 17: eu-frankfurt-1, 18: eu-marseille-1, 19: eu-milan-1, 20: eu-stockholm-1, 21: eu-zurich-1, 22: il-jerusalem-1, 23: me-abudhabi-1, 24: me-dcc-muscat-1, 25: me-dubai-1, 26: me-jeddah-1, 27: sa-santiago-1, 28: sa-saopaulo-1, 29: sa-vinhedo-1, 30: uk-cardiff-1, 31: uk-gov-cardiff-1, 32: uk-gov-london-1, 33: uk-london-1, 34: us-ashburn-1, 35: us-gov-ashburn-1, 36: us-gov-chicago-1, 37: us-gov-phoenix-1, 38: us-langley-1, 39: us-luke-1, 40: us-phoenix-1, 41: us-sanjose-1): 13 ---- ★ Do you want to generate a new API Signing RSA key pair? (If you decline you will be asked to supply the path to an existing key.) [Y/n]: Y Enter a directory for your keys to be created [/root/.oci]: Enter a name for your key [oci_api_key]: Public key written to: /root/.oci/oci_api_key_public.pem Enter a passphrase for your private key (empty for no passphrase): Private key written to: /root/.oci/oci_api_key.pem Fingerprint: 8d:e6:7e:cf:15:ec:b4:9a:5d:c8:d9:b9:5b:dc:03:53 Config written to /root/.oci/config If you haven't already uploaded your API Signing public key through the console, follow the instructions on the page linked below in the section 'How to upload the public key': https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#How2
user/tenancy OCIDの確認
遷移
user OCIDコピー
tenancy OCIDコピー
公開鍵の確認
bash-4.2# cat /root/.oci/oci_api_key_public.pem -----BEGIN PUBLIC KEY----- **************************** **************************** **************************** -----END PUBLIC KEY-----
ユーザーにAPIキーの設定
「プロファイル」-「ユーザー設定」から左タブの「APIキー」を選択
Paste pub key を選択し、確認した公開鍵を貼り付ける。Add -> Close。
鍵が追加されフィンガープリントが表示されていることを確認
動作確認
bash-4.2# oci iam region list { "data": [ { "key": "AMS", "name": "eu-amsterdam-1" }, { "key": "ARN", "name": "eu-stockholm-1" ・・・
dockerイメージのコミット
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cea66ba5dfba oraclelinux:7-slim "/bin/bash" 29 minutes ago Up 29 minutes bold_fermi $ docker commit cea66ba5dfba ocicli $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE ocicli latest 8ff29331de26 16 seconds ago 1.09GB docker/getting-started latest adfdb308d623 4 days ago 27.4MB oraclelinux 7-slim 1aadc5c6dfe3 4 weeks ago 162MB
参考
OCI コンソールの接続元IPアドレスの制限とCLIからの解除
目次
やること
- OCIコンソールにログインを許可する接続元のIPアドレスを制限
- 接続元IP制限で誤ってコンソールログインできなくなってしまった場合の制限解除
接続元の制限
ネットワーク・ソースの作成
ネットワーク・ソースに遷移
ネットワーク・ソースの作成
項目を入力して作成を押下します。
- OCI以外からのアクセスを許可する場合は、接続元のCIDRブロックを指定します。(パブリックIP)
認証設定
- 「認証設定」に遷移します。
- 認証設定の編集
- 作成したネットワーク・ソースを選択し保存します。
接続確認
一度ログアウトし、ネットワークを切り替えてログインを試みます。
- 認証設定の管理 ネットワーク・ソース制限に対する変更が有効になるタイミング
ネットワーク・ソース制限が定義されると、コンソールにサインインしているユーザーは現在のセッションを続行できますが、サインアウト後、次回サインインしようとしたときにネットワーク制限が適用されます。
制限解除
- 「事前設定」、「事前確認」については「接続元の制限」を行う前にやっておきましょう。
※環境変数$tenant_idも事前に設定しています。
事前設定
- APIキーの設定が行われていることを確認します。
OCICLIの初期設定時に設定されているはずです。
「プロファイル」メニュー から「ユーザー設定」→「APIキー」タブを選択し、
OCICLIの初期設定で設定したキーが表示されていれば問題ありません。
事前確認
- ネットワーク・リソースを設定する前の設定を確認しておきます。
$ oci iam authentication-policy get --compartment-id $tenant_id { "data": { "compartment-id": "ocid1.tenancy.oc1.****", "network-policy": { "network-source-ids": [] }, "password-policy": { "is-lowercase-characters-required": true, "is-numeric-characters-required": true, "is-special-characters-required": true, "is-uppercase-characters-required": true, "is-username-containment-allowed": false, "minimum-password-length": 8 } }, "etag": "bea7c39e38d4ee6176c31bcbdae9b955e97fdc68" }
OCICLIから制限解除
- では実際に解除します。
input.json で使用するフォーマットを確認します。
$ oci iam authentication-policy update --compartment-id $tenant_id --generate-full-command-json-input { "compartmentId": "string", "force": true, "ifMatch": "string", "networkPolicy": { "networkSourceIds": [ "string", "string" ] }, "passwordPolicy": { "isLowercaseCharactersRequired": true, "isNumericCharactersRequired": true, "isSpecialCharactersRequired": true, "isUppercaseCharactersRequired": true, "isUsernameContainmentAllowed": true, "minimumPasswordLength": 0 } }
- 上記をもとにinput.jsonを作成します。今回は以下の様にします。
$ cat input.json { "compartmentId": "ocid1.tenancy.oc1..****", "force": true, "networkPolicy": { "networkSourceIds": [] }, "passwordPolicy": { "isLowercaseCharactersRequired": true, "isNumericCharactersRequired": true, "isSpecialCharactersRequired": true, "isUppercaseCharactersRequired": true, "isUsernameContainmentAllowed": false, "minimumPasswordLength": 8 } }
- 以下を実行し、ネットワーク・ソースの設定を解除します
$ oci iam authentication-policy update --compartment-id $tenant_id --from-json file://input.json $ oci iam authentication-policy get --compartment-id $tenant_id
参考
Oracle Database 実行計画を実行統計付きで取得
目次
取得方法
alter session set statistics_level = ALL; -- 実行計画確認対象のSQL select * from t1 where c1 = 1; set line 200 pages 1000 tab off select * from table(DBMS_XPLAN.DISPLAY_CURSOR(format=>'ALL ALLSTATS LAST'));
取得結果
PLAN_TABLE_OUTPUT -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- SQL_ID 3c3yp27cag5mv, child number 0 ------------------------------------- select * from t1 where c1 = 1 Plan hash value: 1141790563 ------------------------------------------------------------------------------------------------------------------------------- | Id | Operation | Name | Starts | E-Rows |E-Bytes| Cost (%CPU)| E-Time | A-Rows | A-Time | Buffers | ------------------------------------------------------------------------------------------------------------------------------- | 0 | SELECT STATEMENT | | 1 | | | 1 (100)| | 1 |00:00:00.01 | 3 | | 1 | TABLE ACCESS BY INDEX ROWID| T1 | 1 | 1 | 26 | 1 (0)| 00:00:01 | 1 |00:00:00.01 | 3 | |* 2 | INDEX UNIQUE SCAN | PK_T1 | 1 | 1 | | 1 (0)| 00:00:01 | 1 |00:00:00.01 | 2 | ------------------------------------------------------------------------------------------------------------------------------- Query Block Name / Object Alias (identified by operation id): ------------------------------------------------------------- 1 - SEL$1 / T1@SEL$1 2 - SEL$1 / T1@SEL$1 Predicate Information (identified by operation id): --------------------------------------------------- 2 - access("C1"=1) Column Projection Information (identified by operation id): ----------------------------------------------------------- 1 - "C1"[NUMBER,22], "T1"."C2"[NUMBER,22] 2 - "T1".ROWID[ROWID,10], "C1"[NUMBER,22] 31 rows selected. SQL>
Mac Book Air の設定メモ
今後の買換えた時などのためにメモしておきたい。
目次
隠しファイルの表示
$ defaults write com.apple.finder AppleShowAllFiles TRUE ## 確認 $ defaults read com.apple.finder AppleShowAllFiles TRUE
terminal 環境変数ファイル
~ % ls -lda .z* -rw-r--r-- 1 hiroshi staff 45 1 20 23:16 .zprofile -rw------- 1 hiroshi staff 2433 1 22 01:20 .zsh_history drwx------ 28 hiroshi staff 896 1 22 01:24 .zsh_sessions -rw-r--r-- 1 hiroshi staff 36 1 20 22:27 .zshrc
- .zprofile
if [ -f ~/.zshrc ]; then . ~/.zshrc fi
- .zshrc
alias ll="ls -l" alias rm="rm -i"
MacOS Catalinaはデフォルトのログインシェルがbashではないらしい。
hosts の設定
Linuxでいうところの/etc/hosts の編集に相当することは以下で実施できる様です。
sudo vi /private/etc/hosts
terminalのログ取得設定
script ~/99_terminallog/terminal_`openssl rand -hex 2`_`date +%Y_%m_%d_%H%M%S`.log
Homebrew
macOS(またはLinux)用パッケージマネージャー — Homebrew
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" ... ... ... ==> Next steps: - Run these two commands in your terminal to add Homebrew to your PATH: echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/hiroshi/.zprofile eval "$(/opt/homebrew/bin/brew shellenv)" - Run brew help to get started - Further documentation: https://docs.brew.sh
hiroshi@hiroshinoMacBook-Air ~ % echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/hiroshi/.zprofile hiroshi@hiroshinoMacBook-Air ~ % cat ~/.zprofile if [ -f ~/.zshrc ]; then . ~/.zshrc fi eval "$(/opt/homebrew/bin/brew shellenv)" hiroshi@hiroshinoMacBook-Air ~ % eval "$(/opt/homebrew/bin/brew shellenv)" hiroshi@hiroshinoMacBook-Air ~ % hiroshi@hiroshinoMacBook-Air ~ % which brew /opt/homebrew/bin/brew
visual-studio-code
hiroshi@hiroshinoMacBook-Air ~ % brew search visual-studio-code ==> Casks homebrew/cask-versions/visual-studio-code-insiders hiroshi@hiroshinoMacBook-Air ~ % brew install visual-studio-code --cask ==> Tapping homebrew/cask Cloning into '/opt/homebrew/Library/Taps/homebrew/homebrew-cask'... remote: Enumerating objects: 618333, done. remote: Counting objects: 100% (16/16), done. remote: Compressing objects: 100% (14/14), done. remote: Total 618333 (delta 6), reused 11 (delta 2), pack-reused 618317 Receiving objects: 100% (618333/618333), 282.63 MiB | 10.49 MiB/s, done. Resolving deltas: 100% (437277/437277), done. Tapped 3957 casks (4,028 files, 302.4MB). ==> Downloading https://update.code.visualstudio.com/1.63.2/darwin-arm64/stable ==> Downloading from https://az764295.vo.msecnd.net/stable/899d46d82c4c95423fb7e10e68eba52050e30ba3/VSCode-darwin-arm64. ######################################################################## 100.0% ==> Installing Cask visual-studio-code ==> Moving App 'Visual Studio Code.app' to '/Applications/Visual Studio Code.app' ==> Linking Binary 'code' to '/opt/homebrew/bin/code' 🍺 visual-studio-code was successfully installed!
vimのエミュレーター
VSCode Neovim - Visual Studio Marketplace
brew install neovim
vimのキー移動で長押しの有効化
defaults write com.microsoft.VSCode ApplePressAndHoldEnabled -bool false
VSCodeでキーボードの長押しができなくなったときの対処方法 | book-reviews.blog
Docker上の開発環境
これをやりたい。
M1 Mac で Python環境 (Docker + VSCode編)
DockerをHomebrewでMac OSに導入する方法 - Qiita
brew install --cask docker
OCI上に検証用のOracle Databaseを立てる
目次
- 目次
- はじめに
- VMの作成
- 接続元IPアドレスの制限
- OS設定
- 環境変数ファイルの作成
- インストール
- リスナー起動
- DB作成
- 接続確認
- tnsnames.oraの設定
- 自動起動設定
- PDB自動起動設定
はじめに
Oracle Database の検証用として次のコンセプトでDBを作成したいと思います。
- 気軽に触れる
- 維持が面倒でない(PCの容量を取らない)
- お金をかけたくない
- OSも触れる
小さめのVMを作成して、その上にサイレント・インストールで Single DBを立てます。
DB作成の手順はこちらを参考にします。
ORACLE-BASE - Oracle Database 19c Installation On Oracle Linux 7 (OL7)
VMの作成
VMのImage、シェイプは以下の様にしました。
- Image : Oracle-Linux-7.9-2021.12.08-0
- Shape : VM.Standard.E4.Flex
- OCPU: 2
- Memory: 4GB
- ブートボリューム: デフォルトサイズ(46.xGB)
dfはこんな感じです。
[root@db01 ~]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 1.8G 0 1.8G 0% /dev tmpfs 1.8G 0 1.8G 0% /dev/shm tmpfs 1.8G 8.8M 1.8G 1% /run tmpfs 1.8G 0 1.8G 0% /sys/fs/cgroup /dev/sda3 39G 14G 25G 35% / /dev/sda1 200M 7.5M 193M 4% /boot/efi tmpfs 364M 0 364M 0% /run/user/0 tmpfs 364M 0 364M 0% /run/user/1000 tmpfs 364M 0 364M 0% /run/user/994
不正な接続は気になりますが、接続を楽にしたいのでVMはパブリック・セグメントに作成し、踏み台(Bastion)は作りません。
一応、接続元のIP アドレスは制限します。
接続元IPアドレスの制限
VMに接続したら /var/log/secureを参照し、自身の接続元のIPアドレスを確認します。
その、IPアドレスをセキュリティ・リストのイングレス・ルールの22番ポートへの接続元IPに設定します。
OS設定
必要なパッケージを入れます。
[root@db01 ~]# yum install -y oracle-database-preinstall-19c [root@db01 ~]# yum update -y
oracle ユーザーも作成されます
[root@db01 ~]# id oracle uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba),54323(oper),54324(backupdba),54325(dgdba),54326(kmdba),54330(racdba)
SELinux無効化
[root@db01 ~]# vi /etc/selinux/config [root@db01 ~]# [root@db01 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@db01 ~]# getenforce Enforcing [root@db01 ~]# setenforce Permissive [root@db01 ~]# getenforce Permissive [root@db01 ~]#
Firewalld停止
● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-01-14 13:55:53 GMT; 53min ago Docs: man:firewalld(1) Main PID: 1336 (firewalld) Memory: 0B CGroup: /system.slice/firewalld.service mq1336 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid Jan 14 13:55:53 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... Jan 14 13:55:53 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. Jan 14 13:55:54 localhost.localdomain firewalld[1336]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now. [root@db01 ~]# systemctl stop firewalld [root@db01 ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
ディレクトリ作成。
[root@db01 ~]# mkdir -p /u01/app/oracle/product/19.0.0/dbhome_1 [root@db01 ~]# mkdir -p /u02/oradata [root@db01 ~]# chown -R oracle:oinstall /u01 /u02 [root@db01 ~]# chmod -R 775 /u01 /u02
環境変数ファイルの作成
[oracle@db01 ~]$ vi .bash_profile [oracle@db01 ~]$ [oracle@db01 ~]$ cat .bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/.local/bin:$HOME/bin export PATH export ORACLE_UNQNAME=cdb1 export ORACLE_BASE=/u01/app/oracle export ORACLE_HOME=$ORACLE_BASE/product/19.0.0/dbhome_1 export ORA_INVENTORY=/u01/app/oraInventory export ORACLE_SID=cdb1 export PDB_NAME=pdb1 export DATA_DIR=/u02/oradata export PATH=$ORACLE_HOME/bin:$PATH export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib [oracle@db01 ~]$ . .bash_profile
インストール
バイナリは先にサーバに送り込んでおきます。解凍。
[oracle@db01 ~]$ cd $ORACLE_HOME [oracle@db01 dbhome_1]$ unzip -oq /tmp/LINUX.X64_193000_db_home.zip
インストーラー実行
[oracle@db01 dbhome_1]$ ./runInstaller -ignorePrereq -waitforcompletion -silent \ > -responseFile ${ORACLE_HOME}/install/response/db_install.rsp \ > oracle.install.option=INSTALL_DB_SWONLY \ > ORACLE_HOSTNAME=${ORACLE_HOSTNAME} \ > UNIX_GROUP_NAME=oinstall \ > INVENTORY_LOCATION=${ORA_INVENTORY} \ > SELECTED_LANGUAGES=en,en_GB \ > ORACLE_HOME=${ORACLE_HOME} \ > ORACLE_BASE=${ORACLE_BASE} \ > oracle.install.db.InstallEdition=EE \ > oracle.install.db.OSDBA_GROUP=dba \ > oracle.install.db.OSBACKUPDBA_GROUP=dba \ > oracle.install.db.OSDGDBA_GROUP=dba \ > oracle.install.db.OSKMDBA_GROUP=dba \ > oracle.install.db.OSRACDBA_GROUP=dba \ > SECURITY_UPDATES_VIA_MYORACLESUPPORT=false \ > DECLINE_SECURITY_UPDATES=true Launching Oracle Database Setup Wizard... The response file for this session can be found at: /u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_2022-01-15_00-59-13AM.rsp You can find the log of this install session at: /tmp/InstallActions2022-01-15_00-59-13AM/installActions2022-01-15_00-59-13AM.log As a root user, execute the following script(s): 1. /u01/app/oraInventory/orainstRoot.sh 2. /u01/app/oracle/product/19.0.0/dbhome_1/root.sh Execute /u01/app/oraInventory/orainstRoot.sh on the following nodes: [db01] Execute /u01/app/oracle/product/19.0.0/dbhome_1/root.sh on the following nodes: [db01] Successfully Setup Software. Moved the install session logs to: /u01/app/oraInventory/logs/InstallActions2022-01-15_00-59-13AM
rootスクリプトの実行
[oracle@db01 dbhome_1]$ logout [opc@db01 ~]$ [opc@db01 ~]$ sudo su - Last login: Fri Jan 14 15:47:17 GMT 2022 on pts/0 [root@db01 ~]# [root@db01 ~]# /u01/app/oraInventory/orainstRoot.sh Changing permissions of /u01/app/oraInventory. Adding read,write permissions for group. Removing read,write,execute permissions for world. Changing groupname of /u01/app/oraInventory to oinstall. The execution of the script is complete. [root@db01 ~]# /u01/app/oracle/product/19.0.0/dbhome_1/root.sh Check /u01/app/oracle/product/19.0.0/dbhome_1/install/root_db01_2022-01-15_01-01-42-755954239.log for the output of root script [root@db01 ~]# [root@db01 ~]# cat /u01/app/oracle/product/19.0.0/dbhome_1/install/root_db01_2022-01-15_01-01-42-755954239.log Performing root user operation. The following environment variables are set as: ORACLE_OWNER= oracle ORACLE_HOME= /u01/app/oracle/product/19.0.0/dbhome_1 Copying dbhome to /usr/local/bin ... Copying oraenv to /usr/local/bin ... Copying coraenv to /usr/local/bin ... Creating /etc/oratab file... Entries will be added to the /etc/oratab file as needed by Database Configuration Assistant when a database is created Finished running generic part of root script. Now product-specific root actions will be performed. Oracle Trace File Analyzer (TFA) is available at : /u01/app/oracle/product/19.0.0/dbhome_1/bin/tfactl
リスナー起動
[oracle@db01 dbhome_1]$ lsnrctl start LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 15-JAN-2022 01:08:32 Copyright (c) 1991, 2019, Oracle. All rights reserved. Starting /u01/app/oracle/product/19.0.0/dbhome_1/bin/tnslsnr: please wait... TNSLSNR for Linux: Version 19.0.0.0.0 - Production Log messages written to /u01/app/oracle/diag/tnslsnr/db01/listener/alert/log.xml Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db01.subnet10220017.vcn10220017.oraclevcn.com)(PORT=1521))) Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production Start Date 15-JAN-2022 01:08:32 Uptime 0 days 0 hr. 0 min. 0 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Log File /u01/app/oracle/diag/tnslsnr/db01/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db01.subnet10220017.vcn10220017.oraclevcn.com)(PORT=1521))) The listener supports no services The command completed successfully
DB作成
[oracle@db01 dbhome_1]$ dbca -silent -createDatabase \ > -templateName General_Purpose.dbc \ > -gdbname ${ORACLE_SID} -sid ${ORACLE_SID} -responseFile NO_VALUE \ > -characterSet AL32UTF8 \ > -sysPassword SysPassword1 \ > -systemPassword SysPassword1 \ > -createAsContainerDatabase true \ > -numberOfPDBs 1 \ > -pdbName ${PDB_NAME} \ > -pdbAdminPassword PdbPassword1 \ > -databaseType MULTIPURPOSE \ > -memoryMgmtType auto_sga \ > -totalMemory 2000 \ > -storageType FS \ > -datafileDestination "${DATA_DIR}" \ > -redoLogFileSize 50 \ > -emConfiguration NONE \ > -ignorePreReqs Prepare for db operation 8% complete Copying database files 31% complete Creating and starting Oracle instance 32% complete 36% complete 40% complete 43% complete 46% complete Completing Database Creation 51% complete 53% complete 54% complete Creating Pluggable Databases 58% complete 77% complete Executing Post Configuration Actions 100% complete Database creation complete. For details check the logfiles at: /u01/app/oracle/cfgtoollogs/dbca/cdb1. Database Information: Global Database Name:cdb1 System Identifier(SID):cdb1 Look at the log file "/u01/app/oracle/cfgtoollogs/dbca/cdb1/cdb1.log" for further details.
接続確認
[oracle@db01 dbhome_1]$ ps -ef | grep pmon oracle 6402 1 0 01:20 ? 00:00:00 ora_pmon_cdb1 oracle 9250 32701 0 01:30 pts/0 00:00:00 grep --color=auto pmon [oracle@db01 dbhome_1]$ sqlplus / as sysdba SQL*Plus: Release 19.0.0.0.0 - Production on Sat Jan 15 01:30:20 2022 Version 19.3.0.0.0 Copyright (c) 1982, 2019, Oracle. All rights reserved. Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.3.0.0.0 SQL> show pdbs CON_ID CON_NAME OPEN MODE RESTRICTED ---------- ------------------------------ ---------- ---------- 2 PDB$SEED READ ONLY NO 3 PDB1 READ WRITE NO
tnsnames.oraの設定
[oracle@db01 ~]$ cat $ORACLE_HOME/network/admin/tnsnames.ora PDB1 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = db01)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = PDB1) ) )
自動起動設定
[oracle@db01 ~]$ vi /etc/oratab [oracle@db01 ~]$ cat /etc/oratab cdb1:/u01/app/oracle/product/19.0.0/dbhome_1:Y
PDB自動起動設定
SQL> alter pluggable database pdb1 open; Pluggable database altered. SQL> show pdbs CON_ID CON_NAME OPEN MODE RESTRICTED ---------- ------------------------------ ---------- ---------- 2 PDB$SEED READ ONLY NO 3 PDB1 READ WRITE NO SQL> SQL> alter pluggable database all save state; Pluggable database altered.
ADW+APEXで体重管理アプリ作成のマネをしてみる③ ~ APEXユーザーの作成~
目次
ここまで
アプリケーションが作成できたので、ユーザー用のAPEXユーザーを作成します。
アプリの利用者は家族を想定していて、ログイン後は全員分のデータを参照・更新可能とします。
なので、共用のユーザーを1つ作成します。
ここまでの、アプリの作成まではこちらで実施しています。
ユーザーの作成
Administration画面へ遷移します
Manage Users and Groupを選択
Create User
必要項目を入力して、Create Userします
作成されます。
ログイン確認
ログインしてみます。
初回ログイン時にパスワードを変更し、変更後のパスワードでログインできればOKです。