Invoke Generic Scripts on an Autonomous Database Instance
You can invoke generic scripts, of type BASH, C, or Python on your Autonomous Database.
- About Running Generic Scripts on Autonomous Database
You can invoke generic scripts, including scripts written in Bash, C, or Python, from an Autonomous Database instance. - Upload Wallet to Create Secure Connection to the EXTPROC Agent Instance
A self-signed wallet is created as part of theEXTPROC
agent application creation. This wallet allows you to access theEXTPROC
agent instance from an Autonomous Database instance. - Steps to Invoke Generic Scripts
Shows the steps to invoke generic scripts on an Autonomous Database.
Parent topic: Invoke User Defined Functions
About Running Generic Scripts on Autonomous Database
You can invoke generic scripts, including scripts written in Bash, C, or Python, from an Autonomous Database instance.
You cannot run a generic script directly on an Autonomous Database instance. Instead, the script is hosted remotely on an Oracle Autonomous Database Extproc container image running in an Oracle Cloud Infrastructure Virtual Cloud Network (VCN). You invoke generic scripts from your Autonomous Database using Oracle Scheduler jobs. The Oracle Scheduler job that you create must be an executable job. The executable jobs can execute shell scripts, or other executables.
Note:
This feature is only supported for Oracle database release 19c.Generic scripts from your Autonomous Database are only supported when your database is on a private endpoint. To run generic scripts, you must obtain, install, and configure Oracle Autonomous Database container image with the EXTPROC
agent installed. The Autonomous Database EXTPROC
container image enables you to call external procedures and scripts written in BASH, C, or Python from your Autonomous Database. The EXTPROC
agent instance is hosted on a private subnet, and the Autonomous Database access the EXTPROC
agent through a Reverse Connection Endpoint (RCE).
Generic scripts are deployed by using:
-
An Oracle provided Autonomous Database container image with the
EXTPROC
agent installed. Oracle provides the container image on GitHub packages.See GitHub README for instructions to obtain and configure the
EXTPROC
container image:The
EXTPROC
agent instance is hosted remotely on a container image running in an Oracle Cloud Infrastructure Virtual Cloud Network (VCN). The secure communication between your Autonomous Database and theEXTPROC
agent instance is secured by setting Network Security Group (NSG) rules such that the traffic is allowed from your Autonomous Database instance running on a private endpoint to theEXTPROC
agent instance. TheEXTPROC
agent image is pre-configured to host and run external procedures on port 16000. -
PL/SQL procedures to register endpoint environments and manage privileges on the registered endpoints. See DBMS_CLOUD_FUNCTION_ADMIN Package for more information.
-
PL/SQL procedures to create and manage scheduler jobs and programs to invoke generic scripts.
See DBMS_SCHEDULER for more information.
Follow these steps to run a generic script from an Autonomous Database instance:
-
Obtain and configure the
EXTPROC
container image. See GitHub README for more information. -
Configure your Autonomous Database to connect to the
EXTPROC
agent instance. See Upload Wallet to Create Secure Connection to the EXTPROC Agent Instance for more information. -
Invoke generic scripts on your Autonomous Database. See Steps to Invoke Generic Scripts for more information.
Upload Wallet to Create Secure Connection to the EXTPROC Agent Instance
A self-signed wallet is created as part of the EXTPROC
agent application creation. This wallet allows you to access the EXTPROC
agent
instance from an Autonomous Database instance.
To run generic scripts at the EXTPROC
agent instance, the Autonomous Database and the EXTPROC
agent connect using Mutual Transport Layer Security (mTLS). When you connect to the EXTPROC agent with mTLS, you use a TCPS (Secure TCP) database connection using standard TLS 1.2 with a trusted client certificate authority (CA) certificate. See About Connecting to an Autonomous Database Instance for more information.
Note:
You can also obtain and use a public certificate issued by a Certificate Authority (CA).As a prerequisite, you must export the wallet to Object Storage from the /u01/app/oracle/wallets/extproc_wallet/
directory on the VM where EXTPROC
runs. This allows the Autonomous Database to use the wallet to securely access the EXTPROC
.
Upload the EXTPROC
wallet to your Autonomous Database instance:
Steps to Invoke Generic Scripts
Shows the steps to invoke generic scripts on an Autonomous Database.
After you configure the EXTPROC
agent instance to run generic scripts, you register a remote endpoint and create Scheduler jobs to call generic scripts.
The following are prerequisites to invoke generic scripts with Autonomous Database:
-
The generic scripts must be copied into the EXTPROC agent instance. See GitHub README for more information.
-
To create and manage Scheduler jobs to invoke generic scripts with a user other than ADMIN, you must have the following privileges:
-
MANAGE SCHEDULER
-
CREATE JOB
-
Privilege on the registered remote endpoint
-
Topics
- Register and Manage Remote Endpoint on Autonomous Database
As the ADMIN user, perform the following steps to register and manage remote endpoints in your Autonomous Database. - Create and Manage Scheduler Jobs to Invoke Generic Scripts
Shows the steps to create and manage scheduler jobs to invoke generic scripts from Autonomous Database.
Register and Manage Remote Endpoint on Autonomous Database
As the ADMIN user, perform the following steps to register and manage remote endpoints in your Autonomous Database.
Register a Remote Endpoint
Use DBMS_CLOUD_FUNCTION_ADMIN.REGISTER_REMOTE_EXECUTION_ENV
to register a remote endpoint.
Example:
BEGIN
DBMS_CLOUD_FUNCTION_ADMIN.REGISTER_REMOTE_EXECUTION_ENV
(
remote_endpoint_name => 'rem_executable',
remote_endpoint_url => 'remote_extproc_hostname:16000',
wallet_dir => 'WALLET_DIR',
remote_cert_dn => 'CN=MACHINENAME'
);
END;
/
This example creates the rem_executable
library and registers the EXTPROC
agent instance specified in the remote_url
parameter in your Autonomous Database. The EXTPROC
agent instance is pre-configured to host generic scripts on port 16000.
See REGISTER_REMOTE_EXECUTION_ENV Procedure for more information.
Manage Privileges on a Registered Endpoint
This step is optional and is only required when a user other than the ADMIN needs to invoke generic scripts from Autonomous Database.
Use DBMS_CLOUD_FUNCTION_ADMIN.GRANT_REMOTE_EXECUTION_ENV
to grant privilege on the registered endpoint to a user other than the ADMIN.
Example:
BEGIN
DBMS_CLOUD_FUNCTION_ADMIN.GRANT_REMOTE_EXECUTION_ENV
(
remote_endpoint_name => 'REM_EXECUTABLE',
user_name => 'username');
END;
/
This example grants privilege on REM_EXECUTABLE
to the specified user. See GRANT_REMOTE_EXECUTION_ENV Procedure for more information.
After you grant privilege on the registered endpoint, you can use DBMS_CLOUD_FUNCTION_ADMIN.REVOKE_REMOTE_EXECUTION_ENV
to revoke privilege on the registered endpoint form a user.
Example:
BEGIN
DBMS_CLOUD_FUNCTION_ADMIN.REVOKE_REMOTE_EXECUTION_ENV
(
remote_endpoint_name => 'REM_EXECUTABLE',
user_name => 'username');
END;
/
This example revokes privilege on REM_EXECUTABLE
from the specified user. See REVOKE_REMOTE_EXECUTION_ENV Procedure for more information.
You can query the DBA_CLOUD_FUNCTION_REMOTE_EXECUTION_GRANT
to list the permissions granted for all remote endpoints. See DBA_CLOUD_FUNCTION_REMOTE_EXECUTION_GRANT View for more information.
Remove a Registered Endpoint
Use DBMS_CLOUD_FUNCTION_ADMIN.DEREGISTER_REMOTE_EXECUTION_ENV
to remove a registered remote endpoint.
Example:
BEGIN
DBMS_CLOUD_FUNCTION_ADMIN.DEREGISTER_REMOTE_EXECUTION_ENV
(
remote_endpoint_name => 'REM_EXECUTABLE');
END;
/
This removes the rem_executable
remote endpoint from your Autonomous Database. See DEREGISTER_REMOTE_EXECUTION_ENV Procedure for more information.
Parent topic: Steps to Invoke Generic Scripts
Create and Manage Scheduler Jobs to Invoke Generic Scripts
Shows the steps to create and manage scheduler jobs to invoke generic scripts from Autonomous Database.
Parent topic: Steps to Invoke Generic Scripts