4.2.3 Prepare the Graph Server for Database Authentication
Locate the pgx.conf
file of your installation.
If you installed the graph server via RPM, the file is located at: /etc/oracle/graph/pgx.conf
If you use the webapps
package to deploy into Tomcat or WebLogic Server, the pgx.conf
file is located inside the web application archive file (WAR file) at: WEB-INF/classes/pgx.conf
vim graph-server-<version>-pgx<version>.war
Inside the pgx.conf
file, locate the jdbc_url
line of the realm options:
...
"pgx_realm": {
"implementation": "oracle.pg.identity.DatabaseRealm",
"options": {
"jdbc_url": "<REPLACE-WITH-DATABASE-URL-TO-USE-FOR-AUTHENTICATION>",
"token_expiration_seconds": 3600,
...
Replace the text with the JDBC URL pointing to your database that you configured in the previous step. For example:
...
"pgx_realm": {
"implementation": "oracle.pg.identity.DatabaseRealm",
"options": {
"jdbc_url": "jdbc:oracle:thin:@myhost:1521/myservice",
"token_expiration_seconds": 3600,
...
Then, start the graph server by running the following command as a
root
user or with sudo
:
sudo systemctl start pgx
Preparing the Graph Server (PGX) to Connect to Autonomous Database
You can configure your graph server(PGX) to connect to an Autonomous Database instance.
Irrespective of whether your graph server (PGX) instance is running on premises
or on Oracle Cloud Infrastructure (OCI), you can perform the following steps to determine
the service name to connect to your Autonomous Database instance and update the JDBC URL in
/etc/oracle/graph/pgx.conf
file.
As a prerequisite requirement, you must generate an SSH key pair consisting of a public key and a private key in order to securely login to the environment where the graph server (PGX) is running.
- Download and save the wallet for your Autonomous Database instance from the Oracle Cloud Infrastructure (OCI) Console. See Download Client Credentials (Wallets) for more information.
- Upload the wallet from your local machine to the environment where your
graph server instance is running with the
scp
command as shown:scp -i <path_to_ssh_private_key> <path_to_Wallet_DBname>.zip <username>@<public_ip>:/etc/oracle/graph/wallets
The preceding command securely copies the wallet to
/etc/oracle/graph/wallets
directory on your graph server instance using yourssh
private key. - Connect to your graph server instance using the
ssh
private key as shown:ssh -i <ssh_private_key> <username>@<public_ip>
- Unzip the wallet to
/etc/oracle/graph/wallets
directory and change the group permission as shown:cd /etc/oracle/graph/wallets/ unzip <Wallet_DBname>.zip chgrp oraclegraph *
- Determine the connect identifier from the
tnsnames.ora
file in/etc/oracle/graph/wallets
directory. For example, the entry must be similar to:graphdb_low = description= (retry_count=20)(retry_delay=3) (address= (protocol=tcps)(port=1522) (host=adwc.example.oraclecloud.com) ) (connect_data=(service_name=graphdb_low.adwc.oraclecloud.com)) (security=(ssl_server_cert_dn="CN=adwc.example.oraclecloud.com, OU=Oracle BMCS US, O=Oracle Corporation, L=Redwood City, ST=California, C=US")) )
In the preceding example,
graphdb_low
is the connect identifier. - Update the JDBC URL in
/etc/oracle/graph/pgx.conf
file with the connect identifier determined in the preceding step along with the directory path to the unzipped wallet file. For example:... "pgx_realm": { "implementation": "oracle.pg.identity.DatabaseRealm", "options": { "jdbc_url": "jdbc:oracle:thin:@graphdb_low?TNS_ADMIN=/etc/oracle/graph/wallets", "token_expiration_seconds": 3600, ...
- Finally, restart the graph server as
shown:
sudo systemctl restart pgx
Parent topic: User Authentication and Authorization