4.2.3 Prepare the Graph Server for Database Authentication

Locate the pgx.conf file of your installation.

If you installed the graph server via RPM, the file is located at: /etc/oracle/graph/pgx.conf

If you use the webapps package to deploy into Tomcat or WebLogic Server, the pgx.conf file is located inside the web application archive file (WAR file) at: WEB-INF/classes/pgx.conf

Tip: On Linux, you can use vim to edit the file directly inside the WAR file without unzipping it first. For example:

vim graph-server-<version>-pgx<version>.war

Inside the pgx.conf file, locate the jdbc_url line of the realm options:

...
"pgx_realm": {
  "implementation": "oracle.pg.identity.DatabaseRealm",
  "options": {
    "jdbc_url": "<REPLACE-WITH-DATABASE-URL-TO-USE-FOR-AUTHENTICATION>",
    "token_expiration_seconds": 3600,
...

Replace the text with the JDBC URL pointing to your database that you configured in the previous step. For example:

...
"pgx_realm": {
  "implementation": "oracle.pg.identity.DatabaseRealm",
  "options": {
    "jdbc_url": "jdbc:oracle:thin:@myhost:1521/myservice",
    "token_expiration_seconds": 3600,
...

Then, start the graph server by running the following command as a root user or with sudo:

sudo systemctl start pgx

Preparing the Graph Server (PGX) to Connect to Autonomous Database

You can configure your graph server(PGX) to connect to an Autonomous Database instance.

Irrespective of whether your graph server (PGX) instance is running on premises or on Oracle Cloud Infrastructure (OCI), you can perform the following steps to determine the service name to connect to your Autonomous Database instance and update the JDBC URL in /etc/oracle/graph/pgx.conf file.

As a prerequisite requirement, you must generate an SSH key pair consisting of a public key and a private key in order to securely login to the environment where the graph server (PGX) is running.

1. Download and save the wallet for your Autonomous Database instance from the Oracle Cloud Infrastructure (OCI) Console. See Download Client Credentials (Wallets) for more information.
2. Upload the wallet from your local machine to the environment where your graph server instance is running with the scp command as shown:

   scp -i <path_to_ssh_private_key> <path_to_Wallet_DBname>.zip <username>@<public_ip>:/etc/oracle/graph/wallets

   The preceding command securely copies the wallet to /etc/oracle/graph/wallets directory on your graph server instance using your ssh private key.

3. Connect to your graph server instance using the ssh private key as shown:

   ssh -i <ssh_private_key> <username>@<public_ip>

4. Unzip the wallet to /etc/oracle/graph/wallets directory and change the group permission as shown:

   cd /etc/oracle/graph/wallets/
   unzip <Wallet_DBname>.zip
   chgrp oraclegraph *

5. Determine the connect identifier from the tnsnames.ora file in /etc/oracle/graph/wallets directory. For example, the entry must be similar to:

   graphdb_low = 
       description= (retry_count=20)(retry_delay=3)
           (address=
               (protocol=tcps)(port=1522)
               (host=adwc.example.oraclecloud.com)
           )
           (connect_data=(service_name=graphdb_low.adwc.oraclecloud.com))
           (security=(ssl_server_cert_dn="CN=adwc.example.oraclecloud.com, OU=Oracle BMCS US, O=Oracle Corporation, L=Redwood City, ST=California, C=US"))
   )

   In the preceding example, graphdb_low is the connect identifier.

6. Update the JDBC URL in /etc/oracle/graph/pgx.conf file with the connect identifier determined in the preceding step along with the directory path to the unzipped wallet file. For example:

   ...
   "pgx_realm": {
     "implementation": "oracle.pg.identity.DatabaseRealm",
     "options": {
       "jdbc_url": "jdbc:oracle:thin:@graphdb_low?TNS_ADMIN=/etc/oracle/graph/wallets",
       "token_expiration_seconds": 3600,
   ...
   

7. Finally, restart the graph server as shown:

   sudo systemctl restart pgx