0% found this document useful (0 votes)
45 views10 pages

Apex Install On OCIv2

Download as pdf or txt
Download as pdf or txt
Download as pdf or txt
You are on page 1/ 10

APEX install on OCI – step by step guide on How To

Prerequisites
 Download Oracle APEX 18.2 version from
https://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html
 Download Oracle REST Data Services (ORDS) 18.4 version
https://www.oracle.com/technetwork/developer-tools/rest-data-
services/downloads/index.html
 Provision a DBCS 18.3.0.0 Enterprise Edition on the OCI Cloud Account
Chapter 1 How to provision a DBCS – to be provided
For this exercise we used:
 DBCSOCI as DBCS name, host and DB system. If you want to use different
naming conventions, then you must be aware that you should replace them when
required.
 As password, we have: WElcome2019_# (but you may have another one as long
as you keep the password conventions)

Chapter 2 How to install Apex on DBCS – Oracle Cloud Infrastructure


1. Open WinSCP to transfer the zip files downloaded in the Prerequisites section.
 Click on New Site -> select SFTP as File protocol
 Provide the IP address as hostname and keep the port number as 22
 Type in ‘opc’ as username
 Click Advanced -> Session Advanced.. -> go to SSH Authentication and provide
the private key -> Click OK
 Click Save and then Login
 For the first login you may be required to provide also a password (most of the
cases, it’s ‘oracle’) -> Click Yes
 On the right side of the tool, click on the drop-down list and select ‘/ <root>’ -> go
through the list where you find ‘tmp’ folder -> click on it
 Drag and drop your zip files, both apex and ords, into the tmp folder
 Close WinSCP

2. Open Putty to set the following:


 Hostname (in this case the IP Address of the DBCS already provisioned)
 Type in the session name (Saved Sessions)
 If you require a proxy: Go to Connection -> Proxy -> set proxy type to HTTP and
provide proxy hostname

1
 Expand SSH -> click on Auth and assign the private key for authentication
 Go back to Session -> click Save
 Search for it in the above list -> click Load -> click Open
 On the new session, execute $ sudo su – oracle to change the user to
oracle
 Find the current path by using $ pwd (our current path should /home/oracle)
 Create in here 2 directories called apex and ords (one at a time)
$ mkdir apex
$ mkdir ords

 Exit the current user: $ exit


 Execute $ sudo su – root to change the user to root
 Change directory to tmp $ cd /tmp
 Display the files within the tmp folder $ ls –ltr
 The zip files we’re looking for are red colored; we need to move both of them on
a new path /home/oracle/ . For this we need to perform the following command:
$ cp apex_18.2_en.zip /home/oracle/apex/
$ cp ords-18.4.0.354.1002.zip /home/oracle/ords/

 In order to perform the installation, we need to change the files ownership to


oracle.

$ chown oracle:oinstall apex_18.2_en.zip


$ chown oracle:oinstall ords-18.4.0.354.1002.zip

 exit the current user: $ exit


 Change the user to oracle: $ sudo su – oracle
 Go to the apex directory $ cd /home/oracle/apex/
 Unzip the file: $ unzip apex_18.2_en.zip
 List the files within the apex subdirectory: $ ls -ltr
 Connect to the Database with sqlplus: $ sqlplus / as sysdba
 Change container to pdb1: alter session set container = pdb1;

 In order to get remove a resource limit and password management parameter in


a profile, perform the following command:
ALTER PROFILE DEFAULT LIMIT
PASSWORD_VERIFY_FUNCTION NULL;

 Exit: $ exit
 Locate tnsnames.ora file by running the following command:

2
$ locate tnsnames.ora
 One of the paths available should be
/u01/app/oracle/product/18.0.0.0/dbhome_1/network/admin/tnsnames.ora
Change directory to:
$ cd /u01/app/oracle/product/18.0.0.0/dbhome_1/network/admin/

 List all the files: $ ls –ltr


 Perform the vi command to open tnsnames.ora: $ vi tnsnames.ora
Check if PDB1 is displayed there as service name. If not then, you should add it
within the file:
Click I to insert and then copy and paste the entry below and change the
following:
PDB1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = dbcsoci)(PORT =
1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME =
pdb1.sub12130944270.vcndmteam.oraclevcn.com)
)
)

 Click Esc and then :wq! to save all the changes.


 Go back to the apex directory: $ cd /home/oracle/apex/apex/
 Connect again to the database and run the apex install:
$ sqlplus sys/your_password@pdb1 as sysdba @apexins sysaux sysaux temp /i/

 Change container to pdb1: alter session set container = pdb1;

 Unlock the APEX_PUBLIC_USER and change the password (for consistency


purposes, I kept the same password when creating the DBCS Instance)

$ alter user APEX_PUBLIC_USER identified by WElcome2019_# account unlock;

 Create the APEX Instance Administration user and set the password:

begin
apex_util.set_security_group_id( 10 );
apex_util.create_user(
p_user_name => 'ADMIN',
p_email_address => '[email protected]',
p_web_password => 'WElcome2019_#',

3
p_developer_privs => 'ADMIN' );
apex_util.set_security_group_id( null );
commit;
end;
/

 Run APEX REST configuration, and set the passwords of


APEX_REST_PUBLIC_USER and APEX_LISTENER:

@apex_rest_config_core.sql WElcome2019_# WElcome2019_#

 Create a network ACE for APEX (this is used when consuming Web services or
sending outbound mail):
declare
l_acl_path varchar2(4000);
l_apex_schema varchar2(100);
begin
for c1 in (select schema
from sys.dba_registry
where comp_id = 'APEX') loop
l_apex_schema := c1.schema;
end loop;
sys.dbms_network_acl_admin.append_host_ace(
host => '*',
ace => xs$ace_type(privilege_list => xs$name_list('connect'),
principal_name => l_apex_schema,
principal_type => xs_acl.ptype_db));
commit;
end;
/
 Exit SQLPlus: $ exit .

Chapter 3 How to install ORDS on DBCS – Oracle Cloud Infrastructure

 Go to /home/oracle/ords : $ cd /home/oracle/ords
 List the files that are within ords directory: $ ls –ltr
 Unzip the ords file: $ unzip ords-18.4.0.354.1002.zip
 Check if ords.war file is in the current directory: $ ls –ltr
 Access params directory: $ cd params
 List the files: $ ls –ltr
 See the ords_params.properties file that we need to modify with our own
credentials:
$ vi ords_params.properties

4
 Remove the actual content by pressing Esc and then double D for each line.
 Copy and paste the following content (Replace the hostname, servicename,
password with your own ones):
db.hostname=130.61.121.174
db.port=1521
# CUSTOMIZE db.servicename
db.servicename=pdb1.sub12130944270.vcndmteam.oraclevcn.com
db.username=APEX_PUBLIC_USER
db.password=WElcome2019_#
migrate.apex.rest=false
plsql.gateway.add=true
rest.services.apex.add=true
rest.services.ords.add=true
schema.tablespace.default=SYSAUX
schema.tablespace.temp=TEMP
standalone.mode=TRUE
standalone.http.port=8080
standalone.use.https=false
# CUSTOMIZE standalone.static.images to point to the directory
# containing the images directory of your APEX distribution
standalone.static.images=/home/oracle/apex/apex/images
user.apex.listener.password=WElcome2019_#
user.apex.restpublic.password=WElcome2019_#
user.public.password=WElcome2019_#
user.tablespace.default=SYSAUX
user.tablespace.temp=TEMP

 Click Esc and then :wq! and press Enter.


 If you want to be sure that your credentials were saved perform:
$ cat ords_params.properties

5
 Go to the ords.war location, in our case /home/oracle/ords :
$ cd /home/oracle/ords

 Check if ords.war is located here:


$ ls –ltr

 If so, then configure and start ORDS in stand-alone mode. You'll be prompted
for the SYS username and SYS password:
$ nohup java -Dconfig.dir=/home/oracle/ords/ords_config -jar
ords.war install simple –-preserveParamFile &

Nohup is very helpful when you have to execute a shell-script or command that take a
long time to finish.

 After this step, we will move to the OCI platform to check the Security Rules.

Chapter 4 How to set up the Security Rules from both UI and server level
 Login to your OCI account. Click the Left Hand Side Menu to open the list. Select
Compute.
 Select Bare Metal, VM and Exadata from the Database list.
 Click on the DBCS you provisioned earlier. Within the DBCS details, you have
also the VCN used when creating the DBCS service. Click on it.
 On the next page, you have Resources and as a subcategory, Security Lists.
Click Security Lists.
 Click Default Security List for the VCN used in our exercise.
 Make sure that on the Ingress Rules you have 1521, 8080 and 8082 ports
opened.
 For the Egress Rules, it’s ok to have all the ports opened.
 Moving back to the Putty window, we need to enable the security rules on the
server level also.

 Connect as root: $ sudo su – root


 Perform the following command to enable the security rules:
$ iptables -I INPUT 8 -p tcp -m state --state NEW -m tcp --
dport 8080 -j ACCEPT -m comment --comment "ORDS"

 After this operation is done, we need to restart the ords.


 Change user to oracle: $ sudo su - oracle
 Go to the directory where ords was installed:
$ cd /home/oracle/ords

6
 Restart ords by performing the following command: $ java –jar ords.war

Chapter 5 Apex Console


 Access the Apex Console using the link below:
http:// 130.61.121.174:8080/ords/
Your URL will be different from this one! (http:hostname(IP Address):port/ords/)

Chapter 6 SSL Configuration (HTTPS)

If you do want direct access, or internal network traffic encryption, you will need to
configure Jetty to use HTTPS. If you have a proper CA certificate and key, make sure
they are in DER format and just do the "standalone.properties" file settings. In this case
we will manually create a new self-signed certificate and use that for the HTTPS
configuration. Remember to adjust the "dname" and passwords as required.

 Create a self-signed certificate in a JKS keystore:


$ /u01/app/oracle/product/18.0.0.0/dbhome_1/jdk/jre/bin/keytool
-genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -
dname "CN='cert', OU=Example Department, O=Example Company,
L=Birmingham, ST=West Midlands, C=GB" -storepass WElcome2019_# -
validity 3600 -keysize 2048 -keypass WElcome2019_#

 Create a PKCS12 keystore from the JKS keystore:


$ /u01/app/oracle/product/18.0.0.0/dbhome_1/jdk/jre/bin/keytool
-importkeystore -srckeystore keystore.jks -srcalias selfsigned -
srcstorepass WElcome2019_# -destkeystore keystore.p12 -
deststoretype PKCS12 -deststorepass WElcome2019_# -destkeypass
WElcome2019_#

 Extract the key and certificate in PEM format:


$ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out 'cert'-
key.pem
$ openssl pkcs12 -in keystore.p12 -nokeys -out 'cert'.pem

7
 Convert them to DER format:
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in 'cert'-
key.pem -out 'cert'-key.der -nocrypt
$ openssl x509 -inform PEM -outform DER -in 'cert'.pem -out
'cert'.der

 List the key and certificate in DER format: $ ls *.der


 Go to /home/oracle/ords/ords_config/ords/standalone/ using the following
command:
$ cd /home/oracle/ords/ords_config/ords/standalone/
 List the files: $ ls –ltr
 We will update the standalone.properties file:
$ vi standalone.properties
 Remove the actual content by pressing Esc and then double D for each line.
 Copy and paste the following content (Replace the hostname, servicename,
password with your own ones):

jetty.secure.port=8082
ssl.cert=/home/oracle/keystore/cert.der
ssl.cert.key=/home/oracle/keystore/cert-key.der
ssl.host=yourhostname (from tnsnames.ora)
standalone.context.path=/ords
standalone.doc.root=/home/oracle/ords/ords_config/ords/stan
dalone/doc_root
standalone.scheme.do.not.prompt=true
standalone.static.context.path=/i
standalone.static.path=/home/oracle/apex/apex/images

 Click Esc and then :wq! and press Enter.


 If you want to be sure that your credentials were saved perform:
$ cat standalone.properties

 Connect to the Database with sqlplus: $ sqlplus / as sysdba


 Change container to pdb1: alter session set container = pdb1;
 Create user: create user schema_name identified by
WElcome2019_#;
 Assign the corresponding privileges to the user:
grant create session, connect, resource, dba to schema_name;
 Let’s connect using the user details: conn
schema_name/WElcome2019_#@pdb1

8
 In order to enable Oracle REST Data Services to access the named schema, use
the following command:
begin
ords.enable_schema;
end;
/

or

exec ords.enable_schema;

commit
/
 To check if the schema is enabled for the ORDS access, run the following
statement:
select id, parsing_schema from user_ords_schemas;

 Exit sqlplus: exit

 Go to /home/oracle/ords/ords_config/ords subdirectory:
$ cd /home/oracle/ords/ords_config/ords/

 List the files: $ ls -ltr

 You will have the defaults.xml file that needs to be updated in order to REST
Enable SQL service.
$ vi defaults.xml
 Append to the existing configuration the following row:
<entry key="restEnabledSql.active">true</entry>

 Exit the file by pressing Esc and then :wq!


 Exit: $ exit

 Connect as root: $ sudo su – root


 Perform the following command to enable the security rules:

9
$ iptables -I INPUT 8 -p tcp -m state --state NEW -m tcp --
dport 8082 -j ACCEPT -m comment --comment "ORDS"

 After this operation is done, we need to restart the ords.


 Change user to oracle: $ sudo su - oracle
 Go to the directory where ords was installed:
$ cd /home/oracle/ords

 Restart ords by performing the following command: $ java –jar ords.war

 The REST Enabled SQL service is accessible by using the HTTPS POST
method. To test the REST Enabled SQL service, you can use the command-line
tool named cURL. This powerful tool is available for most platforms, and enables
you to test and control the data that is being sent to and received from a REST
Enabled SQL service.

$ curl -v -i -X POST --user 'sys:WElcome2019_#' --data-binary


"select sysdate from dual;" -H "Content-Type: application/sql" -
k https:// 130.61.121.174:8082/ords/pdb1/schema_name/_/sql

10

You might also like