Oracle expdp/impdp with DDL only

expdp schema/password@localhost:port/service dumpfile=DATA_PUMP_DIR:db_metadata.dmp logfile=DATA_PUMP_DIR:db_expdp.log content=metadata_only

Exclude storage for tables and segment attributes for tables:

impdp schema/password@localhost:port/service dumpfile=DATA_PUMP_DIR:DB_METADATA.dmp logfile=DATA_PUMP_DIR:log.log sqlfile=DATA_PUMP_DIR:sql.ddl transform=SEGMENT_ATTRIBUTES:n:table,STORAGE:N:table

Exclude storage and segment attributes for all objects:

impdp IPH/IPH@localhost:1522/incentage dumpfile=DATA_PUMP_DIR:DB_METADATA.dmp logfile=DATA_PUMP_DIR:log.log sqlfile=DATA_PUMP_DIR:sql.ddl transform=SEGMENT_ATTRIBUTES:n,STORAGE:N
Read More

Unix: find open port/process

To view all open network connections:

sudo netstat -nlp

To list all processes using tcp port 43796:

lsof -i tcp:43796

To list the pids using tcp port 43796:

fuser 1723/tcp
Read More

Oracle: Check SSL connectivity

Once connected to the database, to check whether you are connected via TCPS:

SELECT sys_context('USERENV', 'NETWORK_PROTOCOL') as network_protocol FROM dual;

If you are connected via SSL you will get the response

NETWORK_PROTOCOL
----------------
tcps
Read More

Orapki, TCPS and Oracle SSL

Procedure
Configure your database server to use an Oracle Wallet that includes an SSL certificate for authentication.

Modify the Oracle database user so that the user can be identified by an SSL certificate. Run the following command from Oracle bin directory:
sqlplus / as sysdba
alter user wcs identified externally as ‘CN=oracleuser';
quit;Copy
Note
If your server tier is the same as your client tier, ensure that your user DN is the same as your server tier. For example,
alter user wcs identified externally as ‘CN=server';Copy
Create an Oracle Wallet with the Oracle orapki utility. In a command-line utility, run the following command from Oracle bin directory:
orapki wallet create -wallet wallet_directory -auto_login -pwd wallet_passwordCopy
Where
wallet_directory is the directory where you want to create the Wallet. For example, c:\server.wallet.
Note
Ensure that the directory that you set as the wallet_directory is readable and executable by the appropriate users.
wallet_password is the password that you want to set for the Wallet. For example, s3rv3rp45s.
For example,
orapki wallet create -wallet c:\server.wallet -auto_login -pwd s3rv3rp45sCopy
Install the certificate that is issued by the certificate authority. For more information about creating a certificate request and installing the certificate, see Oracle Technology Network. As an example for testing purposes, add a self-signed certificate to your Oracle Wallet for use as the database server certificate. In a command-line utility, run the following command from Oracle bin directory:
orapki wallet add -wallet wallet_directory -dn “dn_name” -keysize 1024
-self_signed -validity 365 -user_cert -trusted_cert -pwd wallet_passwordCopy
Where
wallet_directory is the directory where you want to create the Wallet. For example, c:\server.wallet.
dn_name is the distinguished name of the certificate owner, which is the database server name. For example, CN=server.
wallet_password is the password that you want to set for the Wallet. For example, s3rv3rp45s.
For example,
orapki wallet add -wallet c:\server.wallet -dn “CN=server” -keysize 1024 -self_signed -validity 365 -user_cert -trusted_cert -pwd s3rv3rp45sCopy
Export the SSL certificate for the database server tier. In a command-line utility, run the following command from Oracle bin directory:
orapki wallet export -wallet wallet_directory -dn “dn_name”
-cert certificate_file -pwd wallet_passwordCopy
Where
wallet_directory is the directory where you want to create the Wallet. For example, c:\server.wallet.
dn_name is the distinguished name of the certificate owner, which is the database server name. For example, CN=server.
certificate_file is the path and name of the file that is to include the certificate that you are exporting. For example, c:\server.cert.
wallet_password is the password that you want to set for the Wallet. For example, s3rv3rp45s.
For example,
orapki wallet export -wallet c:\server.wallet -dn “CN=server” -cert c:\server.cert -pwd s3rv3rp45sCopy
Configure your client tier to create an Oracle Wallet that includes the database server SSL certificate and an SSL certificate for authenticating users.

Note
If the client tier where users run WebSphere Commerce utilities is the same as your database server tier, skip to step 12.
Create an Oracle Wallet with the orapki utility in your client environment. In a command-line utility, run the following command from Oracle bin directory:
orapki wallet create -wallet c:\client.wallet -auto_login -pwd cl13ntp45sCopy
Import the SSL certificate from your server tier. In a command-line utility, run the following command from Oracle bin directory:
orapki wallet add -wallet wallet_directory -trusted_cert
-cert certificate_file -pwd wallet_passwordCopy
Where
wallet_directory is the directory where you want to create the Wallet. For example, c:\client.wallet.
certificate_file is the path and name of the file that is to include the certificate that you are exporting. For example, c:\server.cert.
wallet_password is the password that you want to set for the Wallet. For example, cl13ntp45s.
For example,
orapki wallet add -wallet c:\client.wallet -dn “CN=server” -cert c:\server.cert -pwd cl13ntp45sCopy
Update the Oracle sqlnet.ora configuration file for your client.
Go to the following directory and open the sqlnet.ora file for editing:
LinuxORACLE_HOME/network/admin
WebSphere Commerce DeveloperORACLE_HOME\network\admin
Where ORACLE_HOME is the root directory for your Oracle database. For example, C:\ORACLE\ORA92.
Update the configuration parameters to match the settings for your system. When you are updating the file, ensure that you update the following parameters:
SQLNET.AUTHENTICATION_SERVICES
SSL_CLIENT_AUTHENTICATION
SSL_VERSION
NAMES.DIRECTORY_PATH
WALLET_LOCATION
For example, your parameters can resemble the following code snippet:
SQLNET.AUTHENTICATION_SERVICES = (TCPS, BEQ, NTS)
SSL_VERSION = 3.0
NAMES.DIRECTORY_PATH = (TNSNAMES, EZCONNECT)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = c:\client.wallet)
)
)
SSL_CLIENT_AUTHENTICATION = TRUECopy
Update the Oracle tnsnames.ora configuration file.
Go to the following directory and open the tnsnames.ora file for editing:
LinuxORACLE_HOME/network/admin
WebSphere Commerce DeveloperORACLE_HOME\network\admin
Where ORACLE_HOME is the root directory for your Oracle database. For example, C:\ORACLE\ORA92.
Add a TNS entry that points to your database server. For example, your configuration can resemble the following code snippet:
WCS =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCPS)(HOST = fahadjwcs.canlab.ibm.com)(PORT = 2484))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = WCS)
)
)Copy
Install the certificate that is issued by the certificate authority. For more information about creating a certificate request and installing the certificate, see Oracle Technology Network. As an example for testing purposes, add a self-signed certificate to the client tier Wallet for use as the user certificate. If your client is the same as your server, add the certificate to your server tier Wallet. In a command-line utility, run the following command from Oracle bin directory:
orapki wallet add -wallet wallet_directory -dn “dn_name” -keysize 1024 -self_signed
-validity 365 -user_cert -trusted_cert -pwd wallet_passwordCopy
Where
wallet_directory is the directory where you want to create the Wallet. For example, c:\client.wallet.
dn_name is the distinguished name of the certificate owner, which is the database server name. For example, CN=server.
wallet_password is the password that you want to set for the Wallet. For example, cl13ntp45s.
For example,
orapki wallet add -wallet c:\client.wallet -dn “CN=oracleuser” -keysize 1024 -self_signed
-validity 365 -user_cert -trusted_cert -pwd cl13ntp45sCopy
Export the user SSL certificate from the client tier Oracle Wallet. In a command-line utility, run the following command from Oracle bin directory:
orapki wallet export -wallet c:\client.wallet -dn “CN=oracleuser” -cert c:\user.cert -pwd cl13ntp45sCopy
Continue the configuration for your database server tier.

Import the user SSL certificate from your client tier Oracle Wallet into the server tier Oracle Wallet. In a command-line utility, run the following command from Oracle bin directory:
orapki wallet add -wallet c:\server.wallet -trusted_cert -cert c:\user.cert -pwd s3rv3rp45sCopy
Shut down your Oracle database by running the following command from Oracle bin directory:
sqlplus / as sysdba
shutdown immediate;
quit;Copy
Stop the Oracle listener with the Oracle Listener Control utility by running the following command from Oracle bin directory:
lsnrctl stopCopy
Update the Oracle listener listener.ora configuration file.
Go to the following directory and open the listener.ora file for editing:
LinuxORACLE_HOME/network/admin
WebSphere Commerce DeveloperORACLE_HOME\network\admin
Where ORACLE_HOME is the root directory for your Oracle database. For example, C:\ORACLE\ORA92
Update the listener parameters to match the settings for your system. When you are updating the file, ensure that you update the parameters in the following sections:
SID_LIST_LISTENER
LISTENER
WALLET_LOCATION
SSL_CLIENT_AUTHENTICATION
For example, your updated keys can resemble the following code snippet:
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = WCS)
(SID_NAME = WCS)
(ORACLE_HOME = Oracle_installdir\dbhome_1)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = myhostname.mycompany.com)(PORT = 2484))
)
)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\server.wallet)
)
)
SSL_CLIENT_AUTHENTICATION = TRUECopy
Update the Oracle sqlnet.ora configuration file.
Go to the following directory and open the sqlnet.ora file for editing:
LinuxORACLE_HOME/network/admin
WebSphere Commerce DeveloperORACLE_HOME\network\admin
Where ORACLE_HOME is the root directory for your Oracle database. For example, C:\ORACLE\ORA92.
Update the configuration parameters to match the settings for your system. When you are updating the file, ensure that you update the following parameters:
SQLNET.AUTHENTICATION_SERVICES
SSL_CLIENT_AUTHENTICATION
SSL_VERSION
NAMES.DIRECTORY_PATH
WALLET_LOCATION
For example, your parameters can resemble the following code snippet:
SQLNET.AUTHENTICATION_SERVICES = (BEQ, TCPS, NTS)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 3.0
NAMES.DIRECTORY_PATH = (TNSNAMES, EZCONNECT)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\server.wallet)
)
)Copy
Restart the Oracle listener by running the following command from Oracle bin directory:
lsnrctl startCopy
Start your Oracle database by running the following command from Oracle bin directory:
sqlplus / as sysdba
startup;
quit;Copy
Configure the AllDBConnector class configuration for establishing a database connection for WebSphere Commerce utilities to use the certificate in the Oracle Wallet.

Update the database connection acquisition configuration file to ensure that the WebSphere Commerce utilities can authenticate users through the Oracle Wallet.
Go to the following directory and open the alldbconnector.xml configuration file for editing.
WebSphere Commerce DeveloperWCDE_installdir\WC\xml\config
Update the alldbconnector.xml file to include two overrides to configure how utilities authenticate users. In the first override configuration, you must configure the override for your local client database. In the second override configuration, configure the connection override properties for your production environment database. This second override configuration ensures that utilities can use the SSL certificates to authenticate users when a utility, such as the stagingprop utility, must connect to multiple databases.
Note
For the override property identifier, oradestwallet, a corresponding TNS entry, WCSDEST, must exist in the tnsnames.ora configuration file for your utility client environment.
For more information about the properties that you can include in your override configuration in the alldbconnector.xml file, see Database connection acquisition for utilities and Ant tasks.

If your Oracle database driver type is a thin driver, your updated AllDBConnector class configuration in the alldbconnector.xml file can resemble the following code snippet:















Copy
If your Oracle database driver type is a thick driver, your updated AllDBConnector class configuration in the alldbconnector.xml file can resemble the following code snippet:















Copy
Where
orasrcwallet is the identifier of the override configuration for your authoring or staging environment.
oradestwallet is the identifier of the override configuration for your production environment.
wallet_directory is the directory that includes the Wallet. For example, c:\server.wallet.

Read More

Docker: running httpd with SSL

docker run -d -p 443:443 inanimate/httpd-ssl

The more configurable way:

$ docker run -d -e SERVER_NAME=foobar.example.com \
-v /path/to/server.crt:/usr/local/apache2/conf/server.crt \
-v /path/to/server.key:/usr/local/apache2/conf/server.key \
inanimate/httpd-ssl

Note: you can use the –name to specify a docker name for the container

Read More

Oracle: Configure Oracle to be used with SSL

1. Run the docker image with Oracle EE

docker run -t -p 1532:1532 -p 1521:1521 -e ORACLE_SID=APP -e ORACLE_PWD=pswd -v /local/docker/mounts/oracle:/opt/oracle/oradata oracle/database:12.1.0.2-ee 

2. Connected to the instance:

docker exec -it friendly_khorana /bin/bash

3. Create a wallet

orapki wallet create -wallet /opt/oracle/admin/APP/xdb_wallet -pwd WalletPasswd123 -auto_login_local
orapki wallet add -wallet /opt/oracle/admin/APP/xdb_wallet  -pwd WalletPasswd123   -dn "CN=`hostname`" -keysize 1024 -self_signed -validity 3650
orapki wallet display -wallet /opt/oracle/admin/APP/xdb_wallet -pwd WalletPasswd123
orapki wallet export -wallet /opt/oracle/admin/APP/xdb_wallet -pwd WalletPasswd123 -dn "CN=`hostname`" -cert /tmp/`hostname`-certificate.crt

4. Edit configuration

4.1 listener.ora

SSL_CLIENT_AUTHENTICATION = FALSE

WALLET_LOCATION =
  (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = /opt/oracle/admin/APP/xdb_wallet)
    )
  )

LISTENER =
(DESCRIPTION_LIST =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
    (ADDRESS = (PROTOCOL = TCP)(HOST = 0.0.0.0)(PORT = 1521))
  )
  (DESCRIPTION =
     (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 1532))
   )
)

DEDICATED_THROUGH_BROKER_LISTENER=ON
DIAG_ADR_ENABLED = off

4.2 sqlnet.ora

WALLET_LOCATION =
   (SOURCE =
     (METHOD = FILE)
     (METHOD_DATA =
       (DIRECTORY = /opt/oracle/admin/APP/xdb_wallet)
     )
   )

SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)

4.3 tnsnames.ora

APP=
(DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCPS)(HOST = 0.0.0.0)(PORT = 1532))
  (CONNECT_DATA =
    (SERVER = DEDICATED)
    (SERVICE_NAME = APP)
  )
)

5. Connect with SQLDeveloper

keytool -import -trustcacerts -alias oracle3 -file 15e31b633912-certificate.crt -keystore /u01/keystore/OracleTrustStore.jks

Update SqlDeveloper.conf /Applications/SQLDeveloper.app/Contents/Resources/sqldeveloper/sqldeveloper/bin/sqldeveloper.conf

AddVMOption -Djavax.net.ssl.trustStore=/u01/keystore/OracleTrustStore.jks
AddVMOption -Djavax.net.ssl.trustStorePassword=welcome1234
AddVMOption -Djavax.net.ssl.trustStoreType=JKS
To connect from sqldevloper restart sqldeveloper and use the advanced option in sqldeveloper:
Connection string:

jdbc:oracle:thin:@(DESCRIPTION =  (ADDRESS = (PROTOCOL = TCPS)(HOST = server_ip_addr)(PORT = 1532))(CONNECT_DATA =(SERVER = DEDICATED) (SERVICE_NAME = ORCLCDB)))
Read More

Docker: Run activeMQ and remap ports

Get the latest build:

docker pull webcenter/activemq:latest

Then run the image with the following command:

docker run --name='activemq' -d \
-v /data/activemq:/data \
-v /var/log/activemq:/var/log/activemq \
-p 8162:8161 \
-p 61617:61616 \
-p 61614:61613 \
webcenter/activemq:5.14.3
Read More

Ubuntu: Force clock to update using ntp

sudo service ntp stop
sudo ntpd -gq
sudo service ntp start

Further editing of /etc/ntp.conf can be useful in case you want to add other servers to the ntp pool and other various settings.

You might also want to allow the UDP traffic on the respective port.

sudo ufw allow 123/udp
Read More

Docker cheatsheet

## List Docker CLI commands
docker
docker container --help

## Display Docker version and info
docker --version
docker version
docker info

## Execute Docker image
docker run hello-world

## List Docker images
docker image ls

## List Docker containers (running, all, all in quiet mode)
docker container ls
docker container ls --all
docker container ls -aq


docker build -t friendlyhello .  # Create image using this directory's Dockerfile
docker run -p 4000:80 friendlyhello  # Run "friendlyname" mapping port 4000 to 80
docker run -d -p 4000:80 friendlyhello         # Same thing, but in detached mode
docker container ls                                # List all running containers
docker container ls -a             # List all containers, even those not running
docker container stop <hash>           # Gracefully stop the specified container
docker container kill <hash>         # Force shutdown of the specified container
docker container rm <hash>        # Remove specified container from this machine
docker container rm $(docker container ls -a -q)         # Remove all containers
docker image ls -a                             # List all images on this machine
docker image rm <image id>            # Remove specified image from this machine
docker image rm $(docker image ls -a -q)   # Remove all images from this machine
docker login             # Log in this CLI session using your Docker credentials
docker tag <image> username/repository:tag  # Tag <image> for upload to registry
docker push username/repository:tag            # Upload tagged image to registry
docker run username/repository:tag                   # Run image from a registry

docker stack ls                                            # List stacks or apps
docker stack deploy -c <composefile> <appname>  # Run the specified Compose file
docker service ls                 # List running services associated with an app
docker service ps <service>                  # List tasks associated with an app
docker inspect <task or container>                   # Inspect task or container
docker container ls -q                                      # List container IDs
docker stack rm <appname>                             # Tear down an application
docker swarm leave --force      # Take down a single node swarm from the manager
Read More

Java keystore – certificate request and self-sign with openssl

Generate a private key

openssl genrsa -aes256 -out demo.key.pem 2048 

Generate a certificate request
Use the private key to generate a certificate signing request (CSR). The CSR details can be whatever you wish, but they must not exactly match the root CA. For web server certificates, the Common Name must be a fully qualified domain name (eg, www.example.com), whereas for client certificates it can be any unique identifier (eg, an e-mail address). Note that the Common Name cannot be the same as the root certificate.

openssl req -config config/openssl.cnf -key demo.key.pem -new -sha256 -out demo.csr.pem

Sign the certificate

openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -in demo.csr.pem -out denoc.cert.pem -days 900 -CAcreateserial

Create a fullchain certificate
The new certificate will only be trusted if the root CA is also trusted. Some applications require the CA certificate to be imported before the new certificate. Others require the CA certificate to be appended to the new certificate.

cat demo.cert.pem config/ca/certs/ca.cert.pem > demo.cert.fullchain.pem

Create a .p12 keystore with openssl.

openssl pkcs12 -export -in demo.cert.fullchain.pem -inkey demo.key.pem -out demo.keystore.p12 -name DEMO

Convert from a .p12 to a java keystore .jks

keytool -importkeystore -srckeystore application.keystore.p12 -srcstoretype PKCS12 -destkeystore application.keystore.jks -alias DEMO

Import the CA certificate in the keystore

keytool -import -alias ROOT -keystore application.keystore.jks -trustcacerts -file ca.cert.pem
Read More