C Providing Passwords Non-Interactively Using a Wallet
You can avoid entering passwords in the command line and run the
ZDMCLI migrate database
command without user interaction, such as when
you do automation using Rundeck.
Currently, whenever you submit the $ZDM_HOME/bin/zdmcli migrate
database
command, it prompts for the source database
SYS
password, Object Store user swift authentication token, and
the source database Transparent Data Encryption (TDE) keystore password (if the
wallet was configured as a PASSWORD
-based TDE wallet).
Wallet Creation Examples
The following examples show how to create auto-login wallets for the source database SYS user, the Object Store user, the source database TDE keystore, and the target CDB database TDE keystore password.
Run the following commands on the Zero Downtime Migration service host as Zero
Downtime Migration software owner (for example, zdmuser
).
To create an auto-login wallet for the source database
SYS
user:
-
Create a directory where you want to create and store the wallet.
zdmuser> mkdir sys_wallet_path
For example:
/u01/app/zdmhome> mkdir sysWallet
-
Create a wallet.
zdmuser> $ZDM_HOME/bin/orapki wallet create -wallet sys_wallet_path -auto_login_only
For example
/u01/app/zdmhome> $ZDM_HOME/bin/orapki wallet create -wallet sysWallet -auto_login_only Oracle PKI Tool Release 19.0.0.0.0 - Production Version 19.4.0.0.0 Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed.
-
Add a
SYS
user login credentials to wallet.zdmuser> $ZDM_HOME/bin/mkstore -wrl sys_wallet_path -createCredential store sysuser
At the prompt, enter the source database
SYS
password.For example
/u01/app/zdmhome> $ZDM_HOME/bin/mkstore -wrl ./sysWallet -createCredential store sysuser Oracle Secret Store Tool Release 19.0.0.0.0 - Production Version 19.4.0.0.0 Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. Your secret/Password is missing in the command line Enter your secret/Password: Re-enter your secret/Password:
-
Verify that the wallet files were created.
zdmuser> ls -l sys_wallet_path
For example
/u01/app/zdmhome> ls -l sysWallet/ total 4 -rw-------. 1 opc opc 581 Jun 2 08:00 cwallet.sso -rw-------. 1 opc opc 0 Jun 2 08:00 cwallet.sso.lck
To create an auto-login wallet for the Object Store user:
-
Create a directory where you want to create and store the wallet.
zdmuser> mkdir oss_wallet_path
For example
/u01/app/zdmhome> mkdir ossWallet
-
Create a wallet
zdmuser> $ZDM_HOME/bin/orapki wallet create -wallet oss_wallet_path -auto_login_only
For example
/u01/app/zdmhome> $ZDM_HOME/bin/orapki wallet create -wallet ./ossWallet -auto_login_only Oracle PKI Tool Release 19.0.0.0.0 -Production Version 19.4.0.0.0 Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed.
-
Add the Object Store user login credentials to the wallet.
zdmuser> $ZDM_HOME/bin/mkstore -wrl oss_wallet_path -createCredential store ossuser
For the prompt,
-
If the backup destination is Object Store (Bucket), then enter the user swift authentication token.
-
If the backup destination is Storage Classic (Container), then enter your tenancy login password.
For example
/u01/app/zdmhome> $ZDM_HOME/bin/mkstore -wrl ./ossWallet -createCredential store ossuser Oracle Secret Store Tool Release 19.0.0.0.0 - Production Version 19.4.0.0.0 Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. Your secret/Password is missing in the command line Enter your secret/Password: Re-enter your secret/Password:
-
-
Verify that the wallet files were created.
zdmuser> ls -l oss_wallet_path
For example
/u01/app/zdmhome> ls -l ./ossWallet total 4 -rw-------. 1 opc opc 597 Jun 2 08:02 cwallet.sso -rw-------. 1 opc opc 0 Jun 2 08:01 cwallet.sso.lck
To create an auto-login wallet for the source database TDE keystore:
-
Create a directory where you want to create and store the wallet.
zdmuser> mkdir tde_wallet_path
For example
/u01/app/zdmhome> mkdir tdeWallet
-
Create a wallet.
zdmuser> $ZDM_HOME/bin/orapki wallet create -wallet tde_wallet_path -auto_login_only
For example
/u01/app/zdmhome> $ZDM_HOME/bin/orapki wallet create -wallet ./tdeWallet -auto_login_only Oracle PKI Tool Release 19.0.0.0.0 - Production Version 19.4.0.0.0 Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed.
-
Add the source database TDE keystore credentials to the wallet.
zdmuser> $ZDM_HOME/bin/mkstore -wrl tde_wallet_path -createCredential store tdeuser
At the prompt, enter the TDE keystore password.
For example
/u01/app/zdmhome> $ZDM_HOME/bin/mkstore -wrl ./tdeWallet -createCredential store tdeuser Oracle Secret Store Tool Release 19.0.0.0.0 - Production Version 19.4.0.0.0 Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. Your secret/Password is missing in the command line Enter your secret/Password: Re-enter your secret/Password:
-
Verify that the wallet files were created.
zdmuser> ls -l tde_wallet_path
For example
/u01/app/zdmhome> ls -l tdeWallet total 4 -rw-------. 1 opc opc 581 Jun 2 08:06 cwallet.sso -rw-------. 1 opc opc 0 Jun 2 08:04 cwallet.sso.lck
To create an auto-login wallet for the target CDB database TDE keystore password:
-
Create a directory where you want to create and store the wallet.
zdmuser> mkdir cdb_tde_wallet_path
For example
/u01/app/zdmhome> mkdir cdbtdeWallet
-
Create a wallet.
zdmuser> $ZDM_HOME/bin/orapki wallet create -wallet cdb_tde_wallet_path -auto_login_only
For example
/u01/app/zdmhome> $ZDM_HOME/bin/orapki wallet create -wallet ./cdbtdeWallet -auto_login_only Oracle PKI Tool Release 19.0.0.0.0 - Production Version 19.4.0.0.0 Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. Operation is successfully completed.
-
Add the source database TDE keystore credentials to the wallet.
zdmuser> $ZDM_HOME/bin/mkstore -wrl cdb_tde_wallet_path -createCredential store cdbtdeuser
At the prompt, enter the TDE keystore password.
For example
/u01/app/zdmhome> $ZDM_HOME/bin/mkstore -wrl ./cdbtdeWallet -createCredential store cdbtdeuser Oracle Secret Store Tool Release 19.0.0.0.0 - Production Version 19.4.0.0.0 Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved. Your secret/Password is missing in the command line Enter your secret/Password: Re-enter your secret/Password:
Accessing the Wallets in a Logical Migration Job
In a logical migration you configure the wallet parameters using the RSP
WALLET_*
parameters appropriate for your migration use case.
See the following links for details about the individual parameters.
- WALLET_AMAZONS3SECRET: Amazon S3 Secret Key wallet path
- WALLET_SOURCEGGADMIN: Source database administrative user
ggadmin
password wallet path - WALLET_SOURCECONTAINER: Source database administrative user password wallet path
- WALLET_SOURCECGGADMIN: Source database administrative user
c##ggadmin
password wallet path - WALLET_TARGETADMIN: Target database administrative user password wallet path
- WALLET_TARGETGGADMIN: Target database administrative user
ggadmin
password wallet path - WALLET_OGGADMIN: Oracle GoldenGate hub administrative password wallet path
- WALLET_DATAPUMPENCRYPTION: Oracle Data Pump encryption password wallet path
- WALLET_OCIAUTHTOKEN: OCI Auth Token password wallet path
Accessing the Wallets in a Physical Migration Job
In a physical migration you configure the wallet parameters as options in the
ZDMCLI database migration
command. See migrate database for information about the database migration
options.
- -sourcesyswallet sys_wallet_path: Source database
SYS
password wallet path - -osswallet oss_wallet_path: Object Storage Service (OSS) backup user wallet path
- -dvwallet dv_wallet_path: Oracle Database Vault owner wallet path
- -tdekeystorewallet tde_wallet_path: Transparent Data Encryption (TDE) keystore password wallet path
- -tgttdekeystorewallet tde_wallet_path: Target container database TDE keystore password wallet path
- -backupwallet backup_wallet_path: RMAN backup password wallet path
Note that if you are converting a non-multitenant source database to a multitenant architecture on the target, that is a pluggable database (PDB), then you can also create an auto-login wallet for the target container database (CDB) TDE keystore password.
Setting Command Options to Access the Wallets
To specify wallet information in the ZDMCLI MIGRATE
DATABASE
command, set the -sourcesyswallet
,
-osswallet
, -tdekeystorewallet
, and
-tgttdekeystorewallet
options as shown here.
zdmuser> $ZDM_HOME/bin/zdmcli migrate database
-sourcedb source_db_unique_name_value
-sourcenode source_database_server_name
-srcauth zdmauth
-srcarg1 user:source_database_server_login_user_name
-srcarg2 identity_file:zdm_installed_user_private_key_file_location
-srcarg3 sudo_location:/usr/bin/sudo
-targetnode target_database_server_name
-backupuser object_store_login_user_name
-rsp response_file_location
-tgtauth zdmauth
-tgtarg1 user:target_database_server_login_user_name
-tgtarg2 identity_file:zdm_installed_user_private_key_file_location
-tgtarg3 sudo_location:/usr/bin/sudo
-sourcesyswallet sys_wallet_path
-osswallet oss_wallet_path
-tdekeystorewallet tde_wallet_path
-tgttdekeystorewallet cdb_tde_wallet_path
-eval
-sourcesyswallet sys_wallet_path
specifies the full path for the auto-login wallet file on the Zero Downtime Migration host containing theSYS
password of the source database-osswallet oss_wallet_path
specifies the full path for the auto-login wallet file on the Zero Downtime Migration host containing credentials for the Object Storage Service backup user-tdekeystorewallet tde_wallet_path
specifies the full path for the auto-login wallet file on the Zero Downtime Migration host containing the TDE keystore password-
-tgttdekeystorewallet cdb_tde_wallet_path
specifies the full path for the auto-login wallet file on the Zero Downtime Migration host containing the target CDB TDE keystore password
Evaluation Mode Example
zdmuser> $ZDM_HOME/bin/zdmcli migrate database
-sourcedb zdmsdb
-sourcenode ocicdb1
-srcauth zdmauth
-srcarg1 user:opc
-srcarg2 identity_file:/home/zdmuser/.ssh/zdm_service_host.ppk
-srcarg3 sudo_location:/usr/bin/sudo
-targetnode ocidb1
-backupuser backup_user@example.com
-rsp /u01/app/zdmhome/rhp/zdm/template/zdm_template_zdmsdb.rsp
-tgtauth zdmauth
-tgtarg1 user:opc
-tgtarg2 identity_file:/home/zdmuser/.ssh/zdm_service_host.ppk
-tgtarg3 sudo_location:/usr/bin/sudo
-sourcesyswallet /u01/app/zdmhome/sysWallet
-osswallet /u01/app/zdmhome/ossWallet
-eval
Operation "zdmcli migrate database" scheduled with the job ID "1".
Migration Mode Example
zdmuser> $ZDM_HOME/bin/zdmcli migrate database
-sourcedb zdmsdb
-sourcenode ocicdb1
-srcauth zdmauth
-srcarg1 user:opc
-srcarg2 identity_file:/home/zdmuser/.ssh/zdm_service_host.ppk
-srcarg3 sudo_location:/usr/bin/sudo
-targetnode ocidb1
-backupuser backup_user@example.com
-rsp /u01/app/zdmhome/rhp/zdm/template/zdm_template_zdmsdb.rsp
-tgtauth zdmauth
-tgtarg1 user:opc
-tgtarg2 identity_file:/home/zdmuser/.ssh/zdm_service_host.ppk
-tgtarg3 sudo_location:/usr/bin/sudo
-sourcesyswallet /u01/app/zdmhome/sysWallet
-osswallet /u01/app/zdmhome/ossWallet
Operation "zdmcli migrate database" scheduled with the job ID "2".