oracle - 如何设置自定义 JupyterHub-Docker-Environment 以使用 ORACLE 钱包?
问题描述
这是如何设置自定义 JupyterHub 环境“oracle-minimal”的方式,在 Dockerfile 的改编下从这里https://github.com/jupyter/docker-stacks/blob/master/minimal-notebook/Dockerfile使用用于连接到 ORACLE DB 的 ORACLE 钱包。
创建以下文件...
Dockerfile(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
ARG BASE_CONTAINER=jupyter/base-notebook
FROM $BASE_CONTAINER
LABEL maintainer="Jupyter Project <jupyter@googlegroups.com>"
USER root
# Install all OS dependencies for fully functional notebook server
RUN apt-get update && apt-get install -yq --no-install-recommends \
build-essential \
vim-tiny \
git \
inkscape \
libsm6 \
libxext-dev \
libxrender1 \
lmodern \
netcat \
# ---- nbconvert dependencies ----
texlive-xetex \
texlive-fonts-recommended \
texlive-plain-generic \
# ----
tzdata \
unzip \
nano-tiny \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
#BEGIN: JAVA JRE / JDK installation
RUN apt update && \
apt install default-jre -y && \
apt install default-jdk -y
#BEGIN: ORACLE InstantClient / ORACLE SQL*Plus / ORACLE SDK installation
COPY oracle-instantclient-basic-21.1.0.0.0-1.x86_64.rpm /
COPY oracle-instantclient-sqlplus-21.1.0.0.0-1.x86_64.rpm /
COPY oracle-instantclient-devel-21.1.0.0.0-1.x86_64.rpm /
WORKDIR /
RUN apt-get install alien -y && \
alien -i oracle-instantclient-basic-21.1.0.0.0-1.x86_64.rpm && \
alien -i oracle-instantclient-sqlplus-21.1.0.0.0-1.x86_64.rpm && \
alien -i oracle-instantclient-devel-21.1.0.0.0-1.x86_64.rpm && \
rm /oracle*.rpm && \
apt-get install libaio1 -y && \
echo 'export ORACLE_HOME=/usr/lib/oracle/21/client64' >> ~/.bashrc && \
source ~/.bashrc && \
echo '$ORACLE_HOME/lib/' > /etc/ld.so.conf.d/oracle.conf && \
ldconfig && \
echo 'export LD_LIBRARY_PATH=$ORACLE_HOME/lib' >> ~/.bashrc && \
echo 'export PATH=$PATH:$ORACLE_HOME/bin' >> ~/.bashrc && \
echo 'export TNS_ADMIN=$ORACLE_HOME/lib/network/admin' >> ~/.bashrc && \
source ~/.bashrc
COPY sqlnet.ora /
COPY tnsnames.ora /
WORKDIR /usr/lib/oracle/21/client64/lib/network/admin/
RUN mv -t $(pwd) /*.ora
#END: ORACLE InstantClient / ORACLE SQL*Plus / ORACLE SDK installation
#BEGIN: cx_Oracle installation
RUN python -m pip install cx_Oracle
#END: cx_Oracle installation
#BEGIN: SQLcl installation
COPY sqlcl-20.4.2.35.2359.zip /
WORKDIR /usr/lib/oracle/
RUN unzip -oq /sqlcl-20.4.2.35.2359.zip -d . && \
rm /sqlcl*.zip && \
echo "alias sql='/usr/lib/oracle/sqlcl/bin/sql'" >> ~/.bashrc && \
source ~/.bashrc
#END: SQLcl installation
#BEGIN: Prepare ORACLE Wallet creation
COPY orapki /
COPY mkstore /
COPY create_wallet.sh /home/jovyan/
RUN mv -t /usr/lib/oracle/sqlcl/bin/ /orapki /mkstore
#END: Prepare ORACLE Wallet creation
WORKDIR $HOME
# Create alternative for nano -> nano-tiny
RUN update-alternatives --install /usr/bin/nano nano /bin/nano-tiny 10
# Switch back to jovyan to avoid accidental container runs as root
USER $NB_UID
# Executes the script create_wallet.sh, and removes the script file before starting the JupyterHub environment
CMD ~/create_wallet.sh && rm ~/create_wallet.sh && start-notebook.sh
sqlnet.ora(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /home/jovyan/.wallet/)))
SQLNET.WALLET_OVERRIDE=TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
tnsnames.ora(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
ORA019 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ora019.srv.domain.com)(PORT = 1514))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = ORCLSRV1)
)
)
sqlcl-20.4.2.35.2359.zip(位置:C:\oracle_minimal):
Downloaded from here: https://www.oracle.com/de/tools/downloads/sqlcl-downloads.html
oracle-instantclient-basic-21.1.0.0.0-1.x86_64.rpm(位置:C:\oracle_minimal):
Downloaded from here: https://www.oracle.com/de/database/technologies/instant-client/linux-x86-64-downloads.html
oracle-instantclient-sqlplus-21.1.0.0.0-1.x86_64.rpm(位置:C:\oracle_minimal):
Downloaded from here: https://www.oracle.com/de/database/technologies/instant-client/linux-x86-64-downloads.html
oracle-instantclient-devel-21.1.0.0.0-1.x86_64.rpm(位置:C:\oracle_minimal):
Downloaded from here: https://www.oracle.com/de/database/technologies/instant-client/linux-x86-64-downloads.html
mkstore(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
#!/bin/bash
# set classpath for mkstore - align this to your local SQLcl installation
SQLCL=/usr/lib/oracle/sqlcl/lib
CLASSPATH=${SQLCL}/oraclepki.jar:${SQLCL}/osdt_core.jar:${SQLCL}/osdt_cert.jar
# simulate mkstore command
java -classpath ${CLASSPATH} oracle.security.pki.OracleSecretStoreTextUI "$@"
orapki(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
#!/bin/bash
# set classpath for orapki - align this to your local SQLcl installation
SQLCL=/usr/lib/oracle/sqlcl/lib
CLASSPATH=${SQLCL}/oraclepki.jar:${SQLCL}/osdt_core.jar:${SQLCL}/osdt_cert.jar
# simulate orapki command
java -classpath ${CLASSPATH} oracle.security.pki.textui.OraclePKITextUI "$@"
create_wallet.sh(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
# Creates a new directory ".wallet" for the ORACLE Wallet
mkdir ~/.wallet/
# Creates an empty/new ORACLE Wallet using "orapki"
/usr/lib/oracle/sqlcl/bin/orapki wallet create -wallet ~/.wallet -pwd "MyWalletPwd1!" -auto_login_local
# Stores a new Credential in the ORACLE Wallet
# TNSNAMES-Entry: ORA019
# DB_USERNAME: Username for TNSNAMES-Entry above
# DB_PASSWORD: Password for TNSNAMES-Entry above
/usr/lib/oracle/sqlcl/bin/mkstore -wrl ~/.wallet/ -createCredential ORA019 DB_USERNAME DB_PASSWORD <<EOF
MyWalletPwd1!
EOF
使用 CMD.exe 构建 Dockerfile 并将其他资源(见上文)绑定到 Docker 映像:
REM Change directory to have all Dockerfile ressources in place
cd C:\oracle_minimal
REM Build new Docker image "oracle_minimal"
docker build -t oracle_minimal .
REM List all Docker images
docker images
REM Run Docker container using the latest "IMAGE ID", and set hostname as "jupyter-user1"
docker run --hostname jupyter-user1 -p 8888:8888 <IMAGE ID>
打开一个新的 Web 浏览器窗口并粘贴 CMD-Window 的最后一个 URL 行:
点击 Jupyter Web Interface 的New按钮,然后选择 Drop Down entry Terminal,开始一个新的终端会话...
单击 Jupyter Web Interface 的New按钮,然后选择 Drop Down entry Python 3,以启动一个新的 Jupyter Notebook...
安全备注:
Is it possible to steal the ORACLE Wallet files and use them as
- another user on the SAME host
- or as the same / another user on a DIFFERENT host?
没有。由于 ORACLE 钱包是使用orapki创建的,因此 ORACLE 钱包与创建它的用户名和主机名绑定(此处为:jovyan@jupyter-user1)。只有创建了 ORACLE 钱包的用户名和主机名的相同组合才能打开 ORACLE 钱包。
如果您想为不同的用户和/或主机共享一个 ORACLE 钱包,请改用以下脚本内容:
create_wallet.sh(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
# Creates a new directory ".wallet" for the ORACLE Wallet
mkdir ~/.wallet/
# Creates an empty/new ORACLE Wallet using "mkstore"
/usr/lib/oracle/sqlcl/bin/mkstore -wrl ~/.wallet -create <<EOF
MyWalletPwd1!
MyWalletPwd1!
EOF
# Stores a new Credential in the ORACLE Wallet
# TNSNAMES-Entry: ORA019
# DB_USERNAME: Username for TNSNAMES-Entry above
# DB_PASSWORD: Password for TNSNAMES-Entry above
/usr/lib/oracle/sqlcl/bin/mkstore -wrl ~/.wallet/ -createCredential ORA019 DB_USERNAME DB_PASSWORD <<EOF
MyWalletPwd1!
EOF
进一步阅读
https://oracle-base.com/articles/10g/secure-external-password-store-10gr2 https://docs.oracle.com/cd/E78494_01/aip/pdf/1411/html/ig/aip-ig -apx_wallet.htm https://ogobrecht.com/posts/2020-07-29-how-to-use-mkstore-and-orapki-with-oracle-instant-client/
解决方案
推荐阅读
- java - 为什么这种方法不打开文件并写入文件?
- sql - SQL left join 进行 3 对 1 匹配,无需替换
- python - 在熊猫组中,除了一列之外的所有列都是相同的
- 3d - ARKit 和录制/回放图像+深度与时间流逝
- kubernetes - 是否有任何方法可以为 IBM Cloud Kubernetes Service Cli 打开与 kubectl 相同的自动完成功能?
- c++ - 将 vec3 乘以模型矩阵的问题(缩放问题)
- java - 如何将嵌入式和关系添加到房间数据库
- openshift - OpenShift Cronjob 计划仅在每月的第一个星期三运行
- c++ - 错误 C2664 'HRESULT IUnknown::QueryInterface(const IID &,void **)': 无法将参数 1 从 'const winrt::guid' 转换为 'const IID &'
- python - 标题为“名称”的 Pandas 数据框列