Manage SOA Marketplace Image Database Password Reset!!!

This blog title seems quite easy and simple but there are bit of steps to manage SOA Market Place Image (SOA MP) Database password reset configuration within application tier which I will discuss in this blog.

There could be multiple situations when user needs to change SOA MP Database password e.g. SOA MP DB password might got expired, or about to expire hence that’s must need to reset to new password which should get further updated all relevant places inside SOA application tier.

In my case it was for SOA dev/test environment eventually SOA MP DB password has default expiry set for 6-month time and it got expired, due to which SOA application was not coming up and constantly keep throwing below error-

Caused by: java.sql.SQLException: ORA-28001: the password has expired

Note:

In my case below software version were used.

Continue reading “Manage SOA Marketplace Image Database Password Reset!!!”

Oracle Integration, OCI API Gateway and OCI Logging & Analytics

Integration, Control, Security and Monitoring

A real implementation often has different aspects which need to be addressed. Some of them are:

  • A tool to be used for building the integration among applications and technologies, possibly leveraging a low code environment
  • A tool to expose the APIs enabling the integration with third party applications applying in addition security policies, caching capabilities, routing, etc
  • A tool to monitor from IT Operation perspective the entire solution as just one application skipping the need to manage several silos or frameworks

Oracle Cloud can provide the right answer to your developer needs using the best Cloud native services and here identified by OCI API Gateway (API GTW), Oracle Integration (OIC) and OCI Logging and Analytics (LA)

If you are already using Oracle Integration for your development purposes probably you have already noticed the chance you have to configure the API Management solution that you prefer, exposing what you have already built.

From OIC console, you can access the “Setting” section and configure properly what you need

Clicking on the “API Management” link you can configure the connection to your OCI API Gateway instance

How and where can you find the required information?

Tenancy OCID can be found navigating the OCI Console and clicking on “Tenancy” details

Copy and paste this value on the previous screen into the Oracle Integration console

User OCID can be found from OCI Console under the link “My Profile”.

Also in this case, copy and paste the “OCID Id” into the Oracle Integration console

Finger Print: from OCI Console, after having selected “User Profile”, click on “API Keys” and from here you can add a new API Key

Download the “private key” than click “add”

A new key will appear among those eventually already generated previously

Private Key: this one, in pem format, comes from the activities previously done during the API Key creation. Before uploading the key in the API Management setting, you need to convert this one. The key that you have downloaded is in PKCS8 format and this one must be converted to RSA (PKCS1) before using it for the API Management connection, using the following command from your shell

openssl rsa -in private_key_in_pkcs8_format.pem -out new_converted_file.pem

Once converted the file, you can upload your new key to complete the configuration with your API Management connection.

Click “Save” and that’s all

Now from your Oracle Integration console, you can work with your integration flows and after having completed your implementation you are now ready to publish your asset to you OCI API Gateway instance. I’m using the “ECHO” integration flow as an example

Clicking on API Management you can publish the integration flow providing all the required information and details as below presented

selecting the Compartment where your OCI API Gateway is running and the right API GTW instance (for example that one for the TEST environment)

Clicking on the “Deploy” button and wait for few seconds before seeing your service exposed into you OCI API Gateway instance (in my case “MyAPIGateway”)

Clicking on the active gateway instance, you can access to the deployed APIs

as below shown

Clicking on your service, it’s possible to configure the policy you want to apply. In the case below shown, a “Rate Limiting” policy has been applied to control and filter the use of this service

So, jumping again into the previous webpage, where your REST service is detailed, you can copy the URL of the API endpoint to use it for invocation

Open your REST client (or simply a browser) to test your service

The invocation has been successfully tested.

Now, you can monitor the metrics from the OCI API Gateway console in the “Metrics” section to get more details about the behavior; you can select the right time interval to check and get visibility of the API execution

At the same time, you can also have a look at your Oracle Integration console to see how the calls have been managed by the integration platform and if needed you can submit again manually the requests in case of error if, of course, they are involving back-end systems which ahd some problems (networking issues, maintenance, …).

and getting further info about the execution and all details about the business message

In this case, I have used 2 different consoles to monitor OCI API Gateway and Oracle Integration respectevely.

Keep in mind that Oracle Cloud Infrastructure can help you in case you want to consolidate in just one console several information coming from different and disparate OCI Services.

This is the right case for using OCI Logging & Analytics; it allows you to build your own dashboard collecting all info you need from IT Operations perspective and just if needed you can use the dedicated console of each service to leverage deeper and specific management capabilities (errors management, resubmitting faulted instances, changing scheduling parameters, modifying security policies, tuning caching options, etc).

How to use OCI Logging & Analytics?

Using OCI Console and clicking on “Observability and Management” as below described

and select “Logging Analytics” link

From here you can create your own dashboard to include all information you need. In my case I have built a dashboard (“My OCI Dashboard”) collecting info from OCI API Gateway, Oracle Integration and Logging & Analytics itself, as below described:

The screenshot upper represented, includes 6 different widgets which are collecting metrics from different sources so including in just one console all information you want about latency, inbound requests, bytes ingested, bytes sent, etc

How to create a Logging & Analytics dashboard?

Not really hard… on the contrary very straightforward procedure and you can get more details looking at the following blog post:

https://blogs.oracle.com/observability/post/monitor-and-optimize-performance-of-integrated-applications

This is a very simple implementation to show capabilities and synergies of the Oracle Cloud Infrastructure services and resources

Documentation:

OCI API Gateway

https://docs.oracle.com/en-us/iaas/Content/APIGateway/Concepts/apigatewayoverview.htm

https://www.oracle.com/webfolder/technetwork/tutorials/infographics/oci_apigw_gs_quickview/apigw_quickview_top/apigw_quickview/index.html

Oracle Integration

https://docs.oracle.com/en/cloud/paas/integration-cloud/integrations-user/managing-integration-api-oracle-api-gateway.html#GUID-7F82A91E-CA79-4053-94D8-7DF0BEB0438A

https://docs.oracle.com/en/cloud/paas/integration-cloud/rest-adapter/troubleshoot-rest-adapter.html#GUID-F6137806-4051-484A-810B-DA366B96D7C1

https://docs.oracle.com/en/cloud/paas/integration-cloud/index.html

OCI Logging & Analytics

https://docs.oracle.com/en/cloud/paas/logging-analytics/logqs/#before_you_begin

Today is the best time for pursuing your Oracle Cloud Infrastructure certification!

There is nothing like experience. Having been there and having done that is the best benefit that one can offer to those who require our services, the knowhow. Cloud, specifically Infrastructure as a Service (IaaS), is a skill that is in high demand. One way to validate the gained experience is via a certification from your IaaS provider of choice. You are reading this blog post on Red Thunder, which means that Oracle Cloud Infrastructure (OCI) is your vendor of choice!

A certification is also a great way to start gaining experience, and the good news is that there is no better time for earning OCI certifications than today because for the rest of 2021 you can pursuit and earn OCI certifications for free!!! Not only can you secure a free 30 day trial on OCI (including always free resources), but also you can study all the OCI learning material free of charge. Oracle and Oracle University have released all the learning material that serves as a guide to OCI certifications, in addition to free OCI training, OCI certification testing is also free until 31 December, 2021

These are the some of the OCI certifications that you can pursuit and earn free of charge:

Summarizing, the learning material from Oracle University is free of charge, the certification testing is also free until 31 December, 2021. You can subscribe to a free 30 day Oracle Cloud Infrastructure trial, which you can use for doing OCI labs, and you can keep the always free resources for life; resources such as Compute, Virtual Cloud Network, Autonomous Database, Network Load Balancer, among others. Therefore, whether you are new to OCI or already have hands-on experience today is the best time for pursuing your OCI certification.

To learn more, visit the Free OCI Certification Promotion page.

Connect your OCI resources to other Clouds with Libreswan

IPSec VPN view from the OCI Network Visualizer

In today’s world, the norm for videos is that they should be short in length, even if they are instructional videos. They cite the short attention span of the targeted audience…. And I do agree to some extent. However, in tech there are many occasions that  require a longer length so they can properly address all the details of the topic at hand. Back in March 2021, I recorded myself for the purpose of demonstrating how to configure to completion an Inter-Cloud VPN connection using the Oracle Cloud Infrastructure (OCI) native IPSec VPN tunnel against a Customer Premises Equipment (CPE) with LibreSwan on an Amazon Web Services (AWS) Elastic Cloud Compute (EC2) instance. The video is nearly 30 minutes long! Only the truly committed will follow along, which is the intention.  

I used official OCI documentation as a basis. Basically I explain every single step on this document while I perform them on both OCI and AWS consoles.

This is the link to this document:

https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/libreswan.htm

Even though in the video I present myself as an Oracle employee, which I proudly am, the video and this post are NOT official Oracle documents. Any opinion is my own and only my own.

I hope that you find this step-by-step video helpful. This is the link to it:

P.S. The reason why I am using a non-RFC1918 CIDR prefix is because I am strictly following the steps in the guide.

Ingesting Logs into OCI Logging Analytics (via Agent Based Deployment)

Logs are often voluminous can be challenging to navigate through, but it can be a gold mine of valuable data to help administrators troubleshoot and identify issues or trends for operational activities.

To overcome the burden of manually eye-balling millions or (even billions) of rows in log records, bringing that data into OCI Logging Analytics (which is part of the Observability & Manageability Portfolio) will allow administrators to get quick insights, to reduce the time to isolate issues, minimising downtime and prevent impact to end users.

Continue reading “Ingesting Logs into OCI Logging Analytics (via Agent Based Deployment)”

OCI Observability & Management Platform (O&M) – Agent Based Monitoring

There are various ways you can bring telemetry and operational data into OCI Observability & Management (O&M) to proactively monitor and gain operational insights into your IT fleet.

Example of ways you can do this are:

  • Service Connector Hub – Route and move data from one OCI service to Another OCI Service (eg. OCI Logging to Logging Analytics)
  • API Call – Collect data from files stored on Object Storage or Upload Log data on demand
  • Agent Based – Deployment of Agent on Host

If you have targets you want to monitor on-premise or in the cloud (OCI, AWS, Azure etc…) and you have access to the VM or Compute instance (ie. you can SSH or Remote Desktop to the host), then an Agent based method will allow you to collect and bring that data into unified platform in O&M.

In this example we will show how you can deploy Agent based method (on Linux OS) so you can leverage the O&M services including:

  • Logging Analytics
  • DB Management
  • Operations Insights
  • Java Management Service

1 – NETWORK COMMUNICATION (For External Targets to OCI)

NOTE: The additional network communication setup is not required if the targets you are monitoring are within your OCI tenancy account.

2 – ADDITIONAL PRE-REQUISITES

For Setup Compartments, IAM Groups and Policies

Please also check the following tasks has been completed.
https://docs.oracle.com/en-us/iaas/management-agents/doc/perform-prerequisites-deploying-management-agents.html

NOTE: You may need to contact your OCI administrator to grant you the appropriate permissions.

3 – DOWNLOAD AND CREATE KEY

  1. From OCI Console navigate to:

OBSERVABILITY & MANAGEMENT > MANAGEMENT AGENTS > DOWNLOADS AND KEYS > CREATE KEY

2. Specify details and Click on CREATE

  • Key Name (eg. oci-reg-key)
  • Compartment (eg. shared_resources)

3. Review Key and Download Key to File (eg. oci-reg-key.txt)

NOTE: Your Key File will be in the format of <Key Name>.txt. Copy it to your target host.

4. Download Agent by clicking on the Agent for your OS (eg. Agent for LINUX) and copy to your target host

Alternatively you can download the agent file using wget:
wget https://objectstorage.<oci-region>.oraclecloud.com/n/idtskf8cjzhp/b/installer/o/Linux-x86_64/latest/oracle.mgmt_agent.rpm 

Example:
wget https://objectstorage.ap-sydney-1.oraclecloud.com/n/idtskf8cjzhp/b/installer/o/Linux-x86_64/latest/oracle.mgmt_agent.rpm 

4 – INSTALL AGENT

1. Login to the host and locate the downloaded agent file oracle.mgmt_agent.rpm

$ sudo rpm -ivh oracle.mgmt_agent.rpm
Preparing...                          ################################# [100%]
Checking pre-requisites
        Checking if any previous agent service exists
        Checking if OS has systemd or initd
        Checking available disk space for agent install
        Checking if /opt/oracle/mgmt_agent directory exists
        Checking if 'mgmt_agent' user exists
        Checking Java version
                JAVA_HOME is not set or not readable to root
                Trying default path /usr/bin/java
                Java version: 1.8.0_271 found at /usr/bin/java
Updating / installing...
   1:oracle.mgmt_agent-201113.1621-1  ################################# [100%]

Executing install
        Unpacking software zip
        Copying files to destination dir (/opt/oracle/mgmt_agent)
        Initializing software from template
        Creating 'mgmt_agent' daemon
        Agent Install Logs: /opt/oracle/mgmt_agent/installer-logs/installer.log.0

        Setup agent using input response file (run as any user with 'sudo' privileges)
        Usage:
                sudo /opt/oracle/mgmt_agent/agent_inst/bin/setup.sh opts=[FULL_PATH_TO_INPUT.RSP]

Agent install successful


2. Verify that the agent has been installed.

$ rpm -qa|grep mgmt_agent
oracle.mgmt_agent-201113.1621-1.x86_64

3. Copy the Downloaded key file (eg. oci-reg-key.txt)

$ cp oci-demo-key.txt /tmp/input.rsp
$ chmod 755 /tmp/input.rsp

4. Update the parameter CredentialWalletPassword with your own password in the input.rsp file and then save file.

CredentialWalletPassword = YourP8ssW0rd123!

5. Then execute the setup script to install the agent

$ sudo /opt/oracle/mgmt_agent/agent_inst/bin/setup.sh opts=/tmp/input.rsp

6. When completed, check status of agent on host

For Oracle Linux 6: sudo /sbin/initctl status mgmt_agent
For Oracle Linux 7 or later: sudo systemctl status mgmt_agent

$ sudo systemctl status mgmt_agent
● mgmt_agent.service - mgmt_agent
   Loaded: loaded (/etc/systemd/system/mgmt_agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-12-03 05:20:43 GMT; 6min ago
  Process: 3072 ExecStart=/opt/oracle/mgmt_agent/agent_inst/bin/agentcore start sysd (code=exited, status=0/SUCCESS)
 Main PID: 3148 (wrapper)
   Memory: 248.5M
   CGroup: /system.slice/mgmt_agent.service
           ├─3148 /opt/oracle/mgmt_agent/agent_inst/bin/./wrapper /opt/oracle/mgmt_agent/agent_inst/bin/../config/wrapper.conf wrapper.syslog.ident=mgmt_agent wrapper.pidfile=/opt/oracle/mgmt_agent/agent_inst/bin/../log/mgmt_agent.pid wrapper.daemonize=TRU...
           └─3163 /usr/java/jre1.8.0_271-amd64/bin/java -Dorg.tanukisoftware.wrapper.WrapperSimpleApp.maxStartMainWait=5 -Djava.security.egd=file:///dev/./urandom -XX:+HeapDumpOnOutOfMemoryError -Xmx512m -Djava.library.path=../../201113.1621/lib -classpath...

Dec 03 05:20:31 oma-host systemd[1]: Starting mgmt_agent...
Dec 03 05:20:31 oma-host agentcore[3072]: Starting mgmt_agent...
Dec 03 05:20:38 oma-host agentcore[3072]: Waiting for mgmt_agent.........
Dec 03 05:20:43 oma-host systemd[1]: Started mgmt_agent.

5 – VERIFY AGENT IN CONSOLE AND DEPLOY PLUGIN

  1. In OCI Console, navigate to:
    OBSERVABILITY & MANAGEMENT > MANAGEMENT AGENTS > AGENTS

    Then click on the link to drill into the Agent (eg. Agent (snoopy))

2. Click on the Deploy Plug-Ins button

3. Choose the Plug-ins to deploy for your agent.

NOTE: If the plug-in is greyed out, then the plug-in is already enabled.

Now you should be ready to configure your service for:

For further details please visit:
https://docs.oracle.com/en-us/iaas/Content/services.htm

Configure to completion a site-to-site VPN tunnel on OCI using the VPN Wizard

There is plenty of information out there about connecting from an on-premises network to OCI. But if you want to see a step-by step-procedure that configures to completion an actual VPN you will have a hard time finding it. And rather than writing about it, this time I will actually show it.

OCI VPN Wizard

This link will take you to the list of OCI’s verified CPE (Customer Premises Equipment) devices. If your On-Premises CPE is in this list then the VPN configuration should be very easy. In my case, the router I used is not in the list. It is a SOHO (Small Office-Home Office) type of router. For this configuration the on-premises network is my Home-Office LAN. For routers not on the list, there is an option called “other”. OCI offers a lists of supported configuration parameters for VPN connections that you can use for “other” types of routers. Here is the link to these parameter. And I explain them in the video. I hope that you find it useful:

https://tinyurl.com/OCI2HomeVPN

Triggering an OIC integration via OCI Events – the Notifications Service Approach

Do you want to trigger an Oracle Integration Cloud (OIC) integration as soon as a file is uploaded to OCI Object Storage?

This event driven approach allows you to respond to state changes in Oracle Cloud Infrastructure (OCI) in real-time, removing the need to poll Object Storage buckets on a predefined schedule. In a two-part blog series, I will explore how you can achieve this event-driven pattern with OIC. As the name suggests this blog will capture the Notifications Service Approach, while part 2 will provide a guide to using OCI Functions to achieve the same outcome.

Continue reading “Triggering an OIC integration via OCI Events – the Notifications Service Approach”

Access OIC REST based Integrations using an OAuth Client (No Password Expiry For Basic Auth User Anymore) !!!

Oracle Integration Cloud (OIC) is Oracle’s next generation modern Integration solution Platform as a Service (PaaS) offering. The core purpose of this product to integrate various SaaS and On-prem systems real time. In addition to Integration capability, it also provides Process Automation and Visual Builder Capability. Details docs are available here.

OIC has concept of Adapters. There are huge range of adapters available and documented here.

One of the Adapter REST Adapter been used to expose an Integration to outside world for consumption. In order word, it’s an entry point for most of Integrations what we developed using OIC. It also gets used to invoke any external REST based endpoint.

REST Adapter support Basic Auth and various flavour of OAuth as security mechanism to protect the Integration access.

However, not all OAuth flavour supported for Trigger Role (Used as Entry point of Integration) vs Invoke Role (Used for invoking third party REST endpoint).

REST APIs exposed using the REST Adapter (Trigger Role) are protected using Basic Authentication and OAuth token-based authentication.

REST API consumed using the REST Adapter (Invoke Role) Support HTTP Basic Authentication, OAuth Client Credentials (two-legged flow), OAuth Resource Owner Password Credentials (two-legged flow), OAuth Authorization Code Credentials (three-legged flow), OAuth Custom Three Legged Flow, OAuth Custom Two Legged Flow, OAuth 1.0a One Legged Authentication, Amazon Web Services (AWS) Signature Version 4, and Oracle Cloud Infrastructure (OCI) Signature Version 1. There is also support for consuming APIs that are unprotected.

Now, majority of Customers chose Basic AUTH while publishing an Integration because it’s very simply to implement but has limitation because the user password gets expired in every 3 month which result changing all Integrations configuration again in 3 month of time.  We can very well avoid this problem by Implementing OAuth token which never gets expired.

Oracle has official document for setting up Service Account without expiry but it’s quite difficult to follow instructions from that document. Hence, I thought to publish more user friendly instructions  to achieve the same outcome.

In this blog, I will be covering how we can invoke an Integration exposed using REST Adapter (Trigger role) using OAuth token which doesn’t get expired.

Continue reading “Access OIC REST based Integrations using an OAuth Client (No Password Expiry For Basic Auth User Anymore) !!!”

Object Storage with Oracle Integration Cloud – Part 2

The first part of this series explored how to setup a connection between Oracle Integration Cloud (OIC) and OCI Object Storage, and how to use Object Storage as a location to write files as part of an integration.

In this blog I will show you how to use Oracle Integration Cloud to consume objects from OCI Object Storage, including listing, reading and deleting those objects. To do this I have prepared an integration which showcases a common integration pattern; consuming a staged file in order to load data into an enterprise system. In this case, the integration will load financial data from Object Storage into Oracle’s ERP Cloud application. Specifically, this integration will:

  1. List Account Payable (AP) Invoice files available on OCI Object Storage
  2. For each source file that it finds in the cloud bucket, it will:
    1. Read & transform the file to the format required by Oracle ERP Cloud
    2. Upload the transformed file to ERP Cloud and trigger the required Import jobs in the application
    3. Delete the now processed file from the OCI Object Storage bucket
Continue reading “Object Storage with Oracle Integration Cloud – Part 2”
%d bloggers like this: