2 Managing ODI Setup
This chapter helps you to manage the ODI setup that you have provisioned on Oracle Cloud Marketplace.
It contains the following sections:
2.1 Working with ODI Linux Services
The following table lists all the available services in ODI marketplace installation for applicable technology and stack deployment:
Name of the Linux Service | Database Technology | Type of Stack Deployment | Supported Release Versions | Funtions |
---|---|---|---|---|
agentodi.service |
MYSQL,ADB |
ODI Studio | Supported in release(s) prior to 12.2.1.4.200618 version of ODI Marketplace. | You can start, stop and check the status of the service. |
mysqlodi.service |
MYSQL |
ODI Studio | Supported in release(s) prior to 12.2.1.4.200618 version of ODI Marketplace. | You can start, stop and check the status of the service. |
manageodiapps.service |
MYSQL,ADB |
ODI Studio | Supported only from ODI Web V12.2.1.4.200618 and later versions of ODI Marketplace. | You can only check the status of the service. Use the python commands listed below, to start, stop and restart the ODI Agent. |
2.2 Changing Repository in Oracle Data Transforms Administrator
- Launch ODI Studio.
- Select the option Connect to Repository.
- Create new login using '+' icon and provide the connection details.
- Click Test and then click OK, if test connection is successful.
- Click OK on the Oracle Data Integrator Login dialog.
2.3 Switching Repositories of the ODI App Server
Note:
You can switch between repositories only when the repositories in stack mode and repo mode match.In ODI App Server, you can switch repository in the following technologies:
- Switching from ADB to ADB
- Switching from MYSQL to ADB or DBCS
Note:
But the reverse (switching back to MYSQL from ADB or DBCS) is not supported. - Switching from DBCS to DBCS
- Switching from DBCS or ADB
Note:
python manageOdiApps.py shutdown
For more information, refer to Managing ODI App Server.
Switching Between ADB Repositories
If you already have a ADB repository in which you have your transformation project developed and wish to continue with your development in the same repository, follow the below procedure to switch from the new ADB repository (that you just created) to your existing ADB repository:
- Create
odi-setup.properties
file in the location$MW_HOME/odi/common/scripts
and if the file already exists, clear the existing content of the file and then add the following properties:dbTech=ADB rcuCreationMode=false odiSchemaPassword=<valid password> odiSchemaUser=<odi schema username> odiSupervisorPassword=<odi SUPERVISOR password> walletZipLoc=<path_to_zipped_wallet> workRepoName=<WORK REPO NAME> adwInstancePassword= <adw Instance password>
Note:
workRepoName=<WORK REPO NAME>
is an optional property but you may have to configure this property if your default work repository name is notWORKREP
.adwInstancePassword= <adw Instance password>
is an optional property but configure this property only when you have used OPTACH for applying a patch on your ODI instance and wish to run Upgrade Assistant (UA) using the configuration scriptodiMPConfiguration.py
.
- Create
repository.properties
file in the location$MW_HOME/odi/common/scripts
and if the file already exists, clear the existing content of the file and then add the following properties:masterReposDriver=oracle.jdbc.OracleDriver masterReposUser=<odi schema username> workReposName=<WORK REPO NAME>
- Navigate to the location
$MW_HOME/odi/common/scripts
directory and execute the following python scripts in the given order:python odiMPConfiguration.py python manageOdiApps.py start
Note:
Stop the server before running any configuration. For more information on this, refer to Managing ODI App Server.Switching Between DBCS Repositories
If you already have a DBCS repository in which you have your transformation project developed and wish to continue with your development in the same repository, follow the below procedure to switch from the new DBCS repository (that you just created) to your existing DBCS repository:
- Create
odi-setup.properties
file in the location$MW_HOME/odi/common/scripts
and if the file already exists, clear the existing content of the file and then add the following properties:dbTech=DBCS dbHost=<IP Address of the DBCS Instance> dbPort=<port of DBCS Instance> dbServiceName=<Service Name of DBCS Instance> odiSchemaUser=<odi schema username> odiSchemaPassword=<valid password> odiSupervisorPassword=<odi SUPERVISOR password> workRepoName=<WORK REPO NAME>
- Create
repository.properties
file in the location$MW_HOME/odi/common/scripts
and if the file already exists, clear the existing content of the file and then add the following properties:masterReposDriver=oracle.jdbc.OracleDriver masterReposUser=<odi schema username> workReposName=<WORK REPO NAME>
- Navigate to the location
$MW_HOME/odi/common/scripts
directory and execute the following python scripts in the given order:python odiMPConfiguration.py python manageOdiApps.py start
2.4 Managing ODI App Server
The following commands help you to manage ODI App server associated with your provisioned ODI instance on Oracle Cloud Marketplace.
Application available in ODI Studio are:
APPODIAGENT
You can use ODI App Server to manage all the ODI applications deployed in ODI App Server.
Navigate to the location $MW_HOME/odi/common/scripts
to run the following commands:
- Use the following command to check the status of the service (as the oracle user):
systemctl status manageodiapps.service
Note:
You cannot use this command to start or stop the service. - Use the following command to start the service:
python manageOdiApps.py start
- Use the following command to shutdown the service:
python manageOdiApps.py shutdown
- Use the following command to restart the service:
python manageOdiApps.py restart
Note:
When you execute any of the abovepython manageOdiApps.py
commands, the terminal holds the session to run the jetty sever. Open a new terminal, if you wish to perform any other operations. - Use the following command to start all the applications associated with the service:
python manageOdiApps.py start -apps=<allowed values> allowed values: all or APPODIAGENT with combination separated by ","
- Use the following command to stop all the applications associated with the service:
python manageOdiApps.py stop -apps=<allowed values> allowed values: all or APPODIAGENT with combination separated by ","
Note:
When you execute the commandpython manageOdiApps.py
, two log filesodiagent.log
andodi_adp_rest_txt.log
are created. For details on the location of the files, refer to Log Files Location. - Use the following command to get the status of all applications associated with the service:
python manageOdiApps.py status
- If you have provisioned this stack prior to 12.2.1.4.200618 release version of ODI Marketplace or if you have provisioned this stack for ODI Studio, follow the below procedure to manage your ODI Agent lifecycle:
- To stop the ODI Agent:
python stopAgent.py
- To start the ODI Agent:
python startAgent.py $MW_HOME
- To stop the ODI Agent:
2.5 Managing ODI Credential
manageCredentials.py
script to update or manage ODI credentials required to start the ODI App Server successfully.
Navigate to the location $MW_HOME/odi/common/scripts
to run the following commands:
S.No. | Key Name |
---|---|
1 | odiSchemaPassword |
2 | odiSupervisorPassword |
python manageCredentials.py set <Key Name>=<value>
Enclose the password string with single quotes so that the Linux shell treats the string as an exact value and does not parse the contents. For example:
python manageCredentials.py set odiSchemaPassword='pas$word'
Use the following command to get the credential key value stored in the Credential Store:
python manageCredentials.py read <key Name>
2.6 Configuring Proxy Settings
Note:
Depending on your OCI network configurations, you may or may not require access through proxy-hosts. While you are connecting through proxy, make sure that the proxy address/port or the source dataserver is allowed through OCI VCN configurations.You can set proxy:
- In ODI Studio or ODI Studio Administrator
- For ODI Agent
- In ODI App server
To set proxy in ODI Studio and Oracle Data Transforms Administrator, navigate to Tools, Preferences, Web Browser and Proxy, to setup a proxy for your network.
Note:
For backward compatibility, use the scriptsstartAgent.py
and stopAgent.py
to manage ODI Agent Lifecycle.
- From the location
$MW_HOME/oracle/odi/common/scripts
, locate and edit the filestartAgent.py
and add the following lines after the property after-Drepo.props=
-Xms1024m -Xmx4048 -cp
-Dhttp.proxyHost=www-proxy-xxx.com -Dhttp.proxyPort=80 -Dhttps.proxyHost=www-proxy-xxx.com -Dhttps.proxyPort=80 -cp
For example, after adding the above lines, your file should be like this:
subprocess.call('nohup java -Drepo.props=odi-setup.properties -Xms1024m -Xmx4048 -cp -Dhttp.proxyHost=www-proxy-xxx.com -Dhttp.proxyPort=80 -Dhttps.proxyHost=www-proxy-xxx.com -Dhttps.proxyPort=80 -cp $AGENTCLASSPATH oracle.odi.OdiStandaloneAgentStarter'+' '+oraclediagentPath+" &", shell=True)
- Save the file and use the following command to start the agent:
python startAgent.py $MW_HOME
Note:
Ensure you do not add any extra lines or space or tab on the filestartAgent.py
. Just add-D
option within the line content. It is a python script and it requires proper line indentation to work. - Test the standalone agent from ODI studio to see if the agent has started successfully. Then execute the packages/mappings using the standalone agent.
Note:
If you are using a BI Cloud Connector Dataserver, you may need to add the BI Cloud Connector host to the Proxy Exclusion field.Follow the below procedure to set proxy in ODI App Server:
- Open the script file
manageOdiApps.py
. - Find the below lines in the file:
JETTY_SERVER_COMMAND_STR = 'java -DAPP_LOGS='+APP_LOGS+' -Dconfig.template.file=../../apps/webapps.template.yaml -Dapps.config=../../apps/webapps.yaml -Drepo.props=odi-setup.properties -Drestrepo.props=repository.properties -Djetty.enabled=true -Dagent.logging.config=../logging/agent-logging-config.xml -cp $CLASSPATH oracle.odi.setup.util.ODIMPJettyServerAppsManager
- After the above lines, add the below line before
-cp
:-Dhttp.proxyHost=<proxyhost> -Dhttp.proxyPort=<proxy port> -Dhttps.proxyHost=<proxyhost> -Dhttps.proxyPort=<proxy port>
- Save the file.
- Restart the ODI App server.
2.7 Configuring Email Delivery Service
Oracle Cloud Marketplace Email Delivery is an email sending service that provides a fast and reliable managed solution for sending high-volume emails that need to reach your recipients' inbox.
- Generate SMTP credentials for a user
- Set up permissions
- Create an approved sender
- Configure SPF on the approved sender domain
- Configure the SMTP connection
- Begin sending email
Note:
Before configuring the Email Delivery service, make sure to have permissions to Generate SMTP credentials and create Email Approved Senders. Also, the Email Approved Sender must be in a group that has IAM policy permissions to send outgoing emails. For more details, refer to Generate SMTP Credentials for a User section of OCI documentation.Generating a SMTP Credential
Simple Mail Transfer Protocol (SMTP) credentials are necessary to send email through Email Delivery. Each user is limited to a maximum of two SMTP credentials. If more than two are required, SMTP credentials must be generated on other existing users or more users must be created.
- To generate SMTP credentials for a user, login to Oracle Cloud Infrastructure and navigate to Email Delivery → Manage Credentials and select the option Generate SMTP Credentials. It allows you to generate the SMTP user name and password details. Copy the generated password for your future reference. Click Close.
Setting Up Permissions
An email approved sender must be in a group that has IAM policy permissions to send emails. The approved sender must be in a compartment with permissions to manage approved senders. You have to create a policy to manage approved senders in the entire tenant, if the approved senders exist in root compartment.
Add the following policy statement to enable odi_group
to manage approved senders:
Allow dynamic-group odi_group to use approved-senders in compartment odi
For more information about policies and policy syntax, see Policy Basics.
Creating your Email Approved Sender
You must set up an approved sender for all “From:” addresses sending email via Oracle Cloud Infrastructure or the email will be rejected. An approved sender is associated with a compartment and only exists in the region where the approved sender was configured.
Note:
Approved senders should not be created in the root compartment.Creating approved senders in a compartment other than the root allows the policy to be specific to that compartment.
- To create your Email Approved Sender, login to Oracle Cloud Infrastructure and navigate to Email Delivery → Email Approved Senders and select the option Create Approved Senders.
Note:
Configure this option for the user already created on the instance.For example,
opc@oracle-odi-inst-3mnc.localdomain
, whereoracle-odi-inst-3mnc
is the hostname.
Configuring SPF on the Approved Sender Domain
Configure SPF, if necessary. The Approved Senders section within the Console provides validation of an SPF record for each of your approved senders. SPF is required for subdomains of oraclegovcloud.com and recommended in other cases.
Refer to Configure SPF for detailed steps on configuring SPF.
Configuring the SMTP connection
For securing your email connections, get SSL/TLS CA details from OCI email SMTP hosts
- Log in to the instance using ssh as opc user and sudo su and create a directory
nss-config-dr
and then runcertutil
to manage keys and certificate in both NSS databases.[root@localhost ~]# mkdir /etc/certs [root@localhost ~]# cd /etc/certs [root@localhost certs]# certutil -N -d /etc/certs/ Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, and should contain at least one non-alphabetic character. Enter new password: Re-enter password: [root@localhost certs]# ls cert8.db key3.db secmod.db [root@localhost certs]#
- To get SMTP domain CA details, run
openssl s_client
to smtp host.Note:
- If it is on ashburn:
openssl s_client -showcerts -connect smtp.us-ashburn-1.oraclecloud.com:587 -starttls smtp > /etc/certs/mycerts-ashburn
- If it is on phoenix :
openssl s_client -showcerts -connect smtp.us-phoenix-1.oraclecloud.com:587 -starttls smtp > /etc/certs/mycerts-phoenix
For example:[root@localhost certs]# openssl s_client -showcerts -connect smtp.us-phoenix-1.oraclecloud.com:587 -starttls smtp > /etc/certs/mycerts-phoenix depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA verify return:1 depth=0 C = US, ST = California, L = Redwood City, O = Oracle Corporation, OU = Oracle DYN-DEV US, CN = smtp.us-phoenix-1.oraclecloud.com verify return:1 250 Ok [root@localhost certs]#
- If it is on ashburn:
- Execute
cat
onmycerts-phoenix
orashburn
and copy each certificate including the --BEGIN CERTIFICATE-- and --END CERTIFICATE-- and paste it to their respective files.For example -ocismtp-phoenix1.pem ocismtp-phoenix2.pem ocismtp-phoenix3.pem [root@localhost certs]# ls -la | grep -i ocism -rw-r--r--. 1 root root 2443 Jan 31 18:00 ocismtp-phoenix1.pem -rw-r--r--. 1 root root 1648 Jan 31 18:01 ocismtp-phoenix2.pem -rw-r--r--. 1 root root 1338 Jan 31 18:01 ocismtp-phoenix3.pem [root@localhost certs]# [root@localhost certs]# cat ocismtp-phoenix1.pem -----BEGIN CERTIFICATE----- MIIG3jCCBcagAwIBAgIQDD6TwDfguDbn1CI1U46l0zANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMjA3MDAwMDAwWhcN MjEwMTA1MTIwMDAwWjCBnjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju aWExFTATBgNVBAcTDFJlZHdvb2QgQ2l0eTEbMBkGA1UEChMST3JhY2xlIENvcnBv cmF0aW9uMRowGAYDVQQLExFPcmFjbGUgRFlOLURFViBVUzEqMCgGA1UEAxMhc210 cC51cy1waG9lbml4LTEub3JhY2xlY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA2ZUXc/xjwwlmsaSKxy2e0Y3K9UeWs/MQSBkQALC0+Pi9 tIdS7BLmYtpTjGmUpwiNzG9pMYHpWjQlQFkxNpqd6JwegpgdEG/8SnbrhH9kRsRg MG8kRNZiJYsDrpwLnjE74gNIjVldqbcMHmBinfKbfFAcPzp5sqOFw3hfSz8TU45A 7UHfbWmF3HiLF+Ozhnr0cUdiVb79HVYH4fm15V4uwewj/ZvALmK000jdOaeOgOna vrx30WSqfkoqOpferIrW4a6wsrj82vaAjuxgBU3rbuaJb2KFYYes3SeUoFkFAZp7 URMy3DZD7MmgmWIXnjGu75xqF4Ul/uEF6cjnYeuDpwIDAQABo4IDZjCCA2IwHwYD VR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFCN96Xt5uS1q xt2ZgTWONBD4VHfdMCwGA1UdEQQlMCOCIXNtdHAudXMtcGhvZW5peC0xLm9yYWNs ZWNsb3VkLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0 LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2Vy dC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAq MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeB DAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp Z2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu Y29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAJBgNVHRMEAjAAMIIB fQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgDuS723dc5guuFCaR+r4Z5mow9+X7By 2IMAxHuJeqj9ywAAAWeJXuinAAAEAwBHMEUCIQDqeInMySXAN1UDIJOLG3v/ViBJ xsY3lK2JY/zwebUaugIgepOPAwKQdVrnY7CMCzWGGGqJbLgkFWIRMGK0FUJ8+RsA dQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWeJXumPAAAEAwBG MEQCIA1jRQ0797YV7BLzCANvicAsYk2QdGjCuZ4YxxRgTIs+AiBRztTbnjiT9WGE HIRVEJa/Bx7eSlcu7J2gpEZruOWrFwB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1Lo GpCWZDaOHtGFAAABZ4le6LcAAAQDAEcwRQIgMk9G/KNM9xR3GR9q/2vEB85skPlL EgDFVpKBQxQN2f8CIQD2Cn54OAL8HkDDYglLpAjTnzaSUJeP2h07NG90xS5VOjAN BgkqhkiG9w0BAQsFAAOCAQEAP8q05wiAKVkvv+Y6l0aPclFiW5/yZmnQeGNE85kx CmQgbdeGcNUgQ9PjDaBMhHMErVasq1E//oYjuRuF4bFO9QYYMn2QOuz1p61s+60/ IDNCP8xJuBAJ61Gu0mAw7mm44Z+jfD1LMdg/xyZwlH9wFZID9lgVdqpvhlLiYRNy zBtKfgLhzu2B08T4a/V3w2SaDyhPIED2ry+HV+9B7CnzpmLrSqRFw7kk9ihm9Iwq YlyJV3qzO1tIykRALDvYAT50yd+d9ZfTcEQvSrMLoM6N0HJezdTnf67UqwYFF5jT KhyG/2LIAn4XGK0AyS8ieCmmEnW1Hku2ykCo4Ls0gdcYOA== -----END CERTIFICATE----- [root@localhost certs]# [root@localhost certs]# cat ocismtp-phoenix2.pem -----BEGIN CERTIFICATE----- MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83 nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f /ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0 /RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6 Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1 oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl 5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA 8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC 2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0 j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz -----END CERTIFICATE----- [root@localhost certs]# cat ocismtp-phoenix3.pem -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt 43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg 06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= -----END CERTIFICATE----- [root@localhost certs]#
- Import to the location
nss-config-dr /etc/certs
by using following commands:[root@localhost certs]# certutil -A -n "DigiCert SHA2 Secure Server CA" -t "TC,," -d /etc/certs -i /etc/certs/ocismtp-phoenix1.pem [root@localhost certs]# [root@localhost certs]# certutil -A -n "DigiCert SHA2 Secure Server CA smtp " -t "TC,," -d /etc/certs -i /etc/certs/ocismtp-phoenix2.pem [root@localhost certs]# [root@localhost certs]# certutil -A -n "DigiCert SHA2 Secure Server CA smtp2 " -t "TC,," -d /etc/certs -i /etc/certs/ocismtp-phoenix3.pem
- To check whether the imports are done correctly, execute the command
certutil -L -d /etc/certs
[root@localhost certs]# certutil -L -d /etc/certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPIDigiCert SHA2 Secure Server CA CT,, DigiCert SHA2 Secure Server CA smtp CT,, DigiCert SHA2 Secure Server CA smtp2 CT,,
Configuring PostFix for Relaying Host with Authentication
- Make sure the latese version of Postfix is installed along with
cyrus-sasl-*
packages.[root@localhost ~]# rpm -qa | grep -i postfix postfix-2.6.6-8.el6.x86_64 [root@localhost ~]# yum install postfix Loaded plugins: security, ulninfo Setting up Install Process Package 2:postfix-2.6.6-8.el6.x86_64 already installed and latest version Nothing to do [root@localhost ~]# [root@localhost ~]#yum install -y cyrus-sasl-*
Note:
All the available SASL mechanisms can be installed on the system by pulling in the relevantcyrus-sasl-*
packages. - Add the following config directives in the file
/etc/postfix/main.cf
:#OCI SMTP Relay Host: #relayhost = <Replace with your OCI SMTP server> relayhost = smtp.us-phoenix-1.oraclecloud.com:587 #SASL Authentication settings: smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = #TSL Settings: smtp_tls_loglevel = 2 smtp_use_tls = yes smtpd_tls_security_level = may smtp_tls_CApath = /etc/certs
- Create the file
/etc/postfix/sasl_passwd
to store the credentials created in the Generating a SMTP Credential step and make sure permissions are set to 600.#vi /etc/postfix/sasl_passwd relay_host:587 username:password Example: [root@localhost postfix]# cat /etc/postfix/sasl_passwd smtp.us-phoenix-1.oraclecloud.com:587 ocid1.user.oc1..aaaaaaaajjcwynf4ebqp32wdpdy6h4lpeknqiyld7s35t2psfmmfw3y4iosq@ocid1.tenancy.oc1..aaaaaaaavcpbui4wu2ttfnipykravgudbooie2eucf3odrsltgwj236epvha.fa.com:pP)QB&[YIz2ehe>7}fj_ [root@localhost postfix]# [root@localhost postfix]# chmod 600 /etc/postfix/sasl_passwd [root@localhost postfix]#
- Create
sasl_passwd.db
that Postfix can read:[root@localhost postfix]# postmap /etc/postfix/sasl_passwd [root@localhost postfix]# [root@localhost postfix]# ls -l | grep -i passwd -rw-------. 1 root root 224 Jan 31 18:17 sasl_passwd -rw-------. 1 root root 12288 Jan 31 18:21 sasl_passwd.db [root@localhost postfix]#
Starting Postfix
[root@localhost postfix]# chkconfig postfix on
[root@localhost postfix]# service postfix start
[root@localhost postfix]# service postfix status
master (pid 12162) is running...
[root@localhost postfix]#
If you are running Oracle Linux 7 run
#systemctl start --now postfix
Configuring Firewall Ports
Add these ports to firewall list of the smtp client machines (VM from where we have to send emails )
sudo firewall-cmd --zone=public --permanent --add-port=25/tcp
sudo firewall-cmd --zone=public --permanent --add-port=587/tcp
sudo firewall-cmd --reload
Beginning to Send Email
- Send Email
approval is : user@<instancename.localdomain> e.g. opc@oracle-odi-inst-31up.localdomain In this case, login as user and test it with mailx [user@localhost ~]$ echo "test" | mailx -v -s "OCI Test Message [mailx]" user@oracle.com Mail Delivery Status Report will be mailed to <user>. [user@localhost ~]
- Verify
/var/log/maillog
for any error messages:Jan 31 18:24:36 localhost postfix/pickup[13812]: ECF9BA00B4: uid=501 from=<user> Jan 31 18:24:36 localhost postfix/cleanup[14692]: ECF9BA00B4: message-id=<20190131182436.ECF9BA00B4@localhost.sub12182009561.cnvmau.oraclevcn.com> Jan 31 18:24:36 localhost postfix/qmgr[12172]: ECF9BA00B4: from=<user@localhost.sub12182009561.cnvmau.oraclevcn.com>, size=549, nrcpt=1 (queue active) Jan 31 18:24:36 localhost postfix/smtp[14694]: initializing the client-side TLS engine Jan 31 18:24:37 localhost postfix/smtp[14694]: setting up TLS connection to smtp.us-phoenix-1.oraclecloud.com[Public IP]:587 Jan 31 18:24:37 localhost postfix/smtp[14694]: smtp.us-phoenix-1.oraclecloud.com[Public IP]:587: TLS cipher list "ALL:+RC4:@STRENGTH" Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:before/connect initialization Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv2/v3 write client hello A Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv3 read server hello A Jan 31 18:24:37 localhost postfix/smtp[14694]: smtp.us-phoenix-1.oraclecloud.com [Public IP]:587: certificate verification depth=2 verify=1 subject=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA Jan 31 18:24:37 localhost postfix/smtp[14694]: smtp.us-phoenix-1.oraclecloud.com[Public IP]:587: certificate verification depth=1 verify=1 subject=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA Jan 31 18:24:37 localhost postfix/smtp[14694]: smtp.us-phoenix-1.oraclecloud.com [Public IP]:587: certificate verification depth=0 verify=1 subject=/C=US/ST=California/L=Redwood City/O=Oracle Corporation/OU=Oracle DYN-DEV US/CN=smtp.us-phoenix-1.oraclecloud.com Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv3 read server certificate A Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv3 read server key exchange A Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv3 read server done A Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv3 write client key exchange A Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv3 write change cipher spec A Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv3 write finished A Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv3 flush data Jan 31 18:24:37 localhost postfix/smtp[14694]: SSL_connect:SSLv3 read finished A Jan 31 18:24:37 localhost postfix/smtp[14694]: Trusted TLS connection established to smtp.us-phoenix-1.oraclecloud.com[public ip]:587: TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits) Jan 31 18:24:38 localhost postfix/smtp[14694]: ECF9BA00B4: to=<user@oracle.com>, relay=smtp.us-phoenix-1.oraclecloud.com[public ip]:587, delay=1.6, delays=0.02/0.03/0.57/1, dsn=2.0.0, status=sent (250 Ok) Jan 31 18:24:38 localhost postfix/cleanup[14692]: 94136A00B8: message-id=<20190131182438.94136A00B8@localhost.sub12182009561.cnvmau.oraclevcn.com> Jan 31 18:24:38 localhost postfix/bounce[14696]: ECF9BA00B4: sender delivery status notification: 94136A00
- The email has been delivered correctly:
-------- Forwarded Message -------- Subject: OCI Test Message [mailx] Date: Thu, 31 Jan 2019 18:24:36 +0000 From: user@localhost.sub12182009561.cnvmau.oraclevcn.com To: user@oracle.com