ttInstanceModify

Use the ttInstanceModify utility to modify certain attributes of an instance.

The attributes that you can modify are:

  • The installation associated with this instance

  • The daemon and server port numbers

  • The TNS_ADMIN path for the instance

  • The configuration of TimesTen Replication with Oracle Clusterware for this instance

  • TLS settings, if any

  • The system start up scripts

The instance that is modified is the one that $TIMESTEN_HOME references.

If you do not specify any options for this utility, ttInstanceModify displays the current value of each attribute and a prompt that allows you to keep the value or change it.

If you change any of the settings, the utility:

  1. Shuts down the TimesTen daemon for the instance.
  2. Edits the timesten.conf file in the timesten_home/conf directory.
  3. Starts the TimesTen main daemon for the instance.

Required Privilege

Run this utility as the instance administrator.

Syntax

% ttInstanceModify -h
ttInstanceModify - Modifies an existing instance

Usage:
  ttInstanceModify { -help | -h }
  ttInstanceModify [-install <path>] [-tnsadmin <path>] [-verbose | -v]
      [-port <number>] [-serverport <number>] [-crs]
      [-serverencryption <requirement>] [-serverciphersuites <suites>] [-serverwallet <path>]

Options:
  -help, -h              Displays this help message
  -verbose, -v           Displays extra information
  -install               Changes the installation the instance points to
  -tnsadmin <path>       Changes the path for the TNS_ADMIN environment variable
  -port <number>         Specifies a new daemon port number
  -serverport <number>   Specifies a new server port number
  -[no]systemd           Enables/disables systemd to manage TimesTen Daemon
  -serverencryption <requirement>  Whether client/server traffic is encrypted.
                         One of: accepted rejected requested required
  -serverciphersuites <suites>     Cipher suites used for TLS encryption.
                         One of, or a comma-separated list of:
                           TLS_AES_128_CCM_SHA256
                           TLS_AES_128_GCM_SHA256
                           TLS_AES_256_GCM_SHA384
                           TLS_CHACHA20_POLY1305_SHA256
                           TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
                           TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
                           TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
                           TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
                           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
                           TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  -serverwallet <path>   Absolute path to the wallet directory
  -crs                   Creates or modifies Clusterware configuration

Options

ttInstanceModify has the following options:

Option Description

-h

-help

-?

Displays help information.
-verbose Displays additional information during the operation of the utility.

-install path

Changes the installation that the instance uses.

You can use the -install option to associate the instance with a different TimesTen installation. Typically, this is used to upgrade the instance to a new maintenance or patch release.

This option is not used to upgrade to a new major release.

-tnsadmin path

Updates the instance's TNS_ADMIN setting (for cache).

-port number

Specifies a new daemon port number.

-serverport number

 Specifies a new server port number.

-systemd | -nosystemd

You can use this option to change whether systemd is used to manage the instance’s main daemon or not.

This option cannot be used with Clusterware.

-serverEncryption requirement

Determines whether encryption is accepted, rejected, requested, or required for a client/server connection.

  • accepted: Enable an encrypted session if required or requested by the client; use an unencrypted session otherwise. This is the default.
  • rejected: Demand an unencrypted session. (If the server does not support encryption, TimesTen behaves as if this is the setting on the server.) The connection is rejected if the client requires encryption.
  • requested: Request an encrypted session if the client allows it (if the client has any setting other than rejected); use an unencrypted session otherwise.
  • required: Demand an encrypted session. Reject the connection if the client rejects encryption.

The -serverEncryption and -serverCipherSuites values are set at the instance creation level in the timesten.conf file and serve as the default values for any database created on that instance. However, you can override them by setting the corresponding connection attribute in the database definition.

See Transport Layer Security for TimesTen Client/Server in Oracle TimesTen In-Memory Database Security Guide regarding usage of the -serverEncryption and -serverCipherSuites options.

-serverCipherSuites {suites}

Lists the cipher suite or cipher suites that can be used for Transport Layer Security, depending also on the client setting. There is no default setting. Specify one or more TLS version 1.3 or 1.2 cipher suites in a comma-separated list from strongest to weakest. To use TLS, the server and client settings must include at least one common suite. See Cipher Suites in TimesTen in Oracle TimesTen In-Memory Database Security Guide to learn more about the supported cipher suites and how TimesTen negotiates cipher suite selection.

For more information on TLS for encrypted communication between clients and server, see Transport Layer Security for TimesTen Client/Server in Oracle TimesTen In-Memory Database Security Guide.

-serverWallet new_wallet_dir

If you move or copy the server wallet to a different location, you must specify this new location in the timesten.conf file. You can do this using -serverWallet, which determines if the new server wallet directory is valid, and if so, modifies the entry in the timesten.conf file.

See Task 3: Configure the Server for TLS in the Oracle TimesTen In-Memory Database Security Guide for more information.

-crs

Creates or modifies the instance's Oracle Clusterware configuration.

Examples

This example modifies the encryption settings of an existing TimesTen instance by updating the cipher suite to TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and configures the instance to accept the encrypted connections. It specifies a new server wallet location and warns that you may need to manually re-create the certificates to match the updated settings.
% ttInstanceModify -serverEncryption accepted -serverciphersuites TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 -serverWallet /scratch/myinstance/conf/test
INFO: Changing cipher suites. Make sure to manually re-create certificates if needed.
This example modifies the encryption settings of an existing TimesTen instance by updating the cipher suite to TLS 1.3 TLS_AES_128_CCM_SHA256 and configures the instance to accept the encrypted connections.
% ttInstanceModify -serverEncryption accepted -serverciphersuites TLS_AES_128_CCM_SHA256 -serverWallet /scratch/myinstance/conf/test
INFO: Changing cipher suites. Make sure to manually re-create certificates if needed.
In this example, an attempt is made to alter the TLS 1.2 cipher suite with a TLS 1.3 TLS_AES_256_GCM_SHA384 cipher suite that does not require re-creating the certificates.
% ttInstanceModify -serverciphersuites TLS_AES_256_GCM_SHA384
INFO: Changing cipher suites. Make sure to manually re-create certificates if needed.