Oracle 19c in Docker

 You can download all the files I have used from the following locations:

https://github.com/tenzin-ravi/docker-applied.

The goals:

Part I

1. Install and Patch Oracle 19c Enterprise Edition in Docker
1. With Oracle's Approach 
2. With RPMs

Part II

1. Create a script to start Oracle 19c in Docker

Part III

1. Create Transparently Data Encryption(TDE) for TNS as well as Database Files
2. Create Pluggable Databases in Oracle 19c in Docker
3. Create encrypted tablespaces in Oracle 19c Pluggable Database 

Part I - Install and Patch Oracle 19c Enterprise Edition in Docker

1. With Oracle's Docker Files.

A.  Build the Docker image for Oracle 19.3.0.0

[oracle@dockerhost withoutrpms]$ pwd

/opt/dockerOracle19c/withoutrpms

[oracle@dockerhost withoutrpms]$ ./buildDockerImage.sh -v 19.3.0 -e

Checking Docker version.

Checking if required packages are present and valid...

Oracle Image: oracle/database:19.3.0-ee-original  

B.  Apply 19.9.0.0 patch

[oracle@dockerhost applypatch]$ pwd

/opt/dockerOracle19c/withoutrpms/applypatch

[oracle@dockerhost applypatch]$

Oracle Image: oracle/database:19.3.0.0-ee-Patch 

C. Test if patching succeeded

[oracle@dockerhost applypatch]$ docker run -it oracle/database:19.3.0.0-ee-Patch bash

[oracle@25aafd35a6c5 ~]$ sqlplus

SQL*Plus: Release 19.0.0.0.0 - Production on Sat Jan 2 01:18:43 2021

Version 19.9.0.0.0

Copyright (c) 1982, 2020, Oracle.  All rights reserved.

Enter user-name:

2. With Oracle RPMs.

A. I have installed and patched Oracle 19c. Here are the details.

[oracle@dockerhost ~]$ echo $ORACLE_HOME

/opt/oracle/product/19c/dbhome_1/

B. I check the Oracle DB version.

[oracle@dockerhost ~]$ sqlplus

SQL*Plus: Release 19.0.0.0.0 - Production on Fri Jan 1 16:07:49 2021

Version 19.9.0.0.0

Copyright (c) 1982, 2020, Oracle.  All rights reserved.

Enter user-name:

C. I zip the entire Oracle product dire[oracle@dockerhost ~]$ cd /opt/oracle/

[oracle@dockerhost oracle]$ ls

checkpoints  diag  oraInventory  product

[oracle@dockerhost oracle]$ cd ..

[oracle@dockerhost opt]$ tar -cvzf /opt/dockerOracle19c/withrpms/19.3.0/oracle19c.tar.gz oracle

D. Now I will build the Docker image for Oracle 19.9.0.0

I have taken the file from Oracle's directory https://github.com/oracle/docker-images/ and made changes. 

Here is the Docker file 

[oracle@dockerhost 19.3.0]$ cat Dockerfile

# LICENSE UPL 1.0

#

# Copyright (c) 2018, 2020 Oracle and/or its affiliates.

#

# ORACLE DOCKERFILES PROJECT

# --------------------------

# This is the Dockerfile for Oracle Database 19c

#

# REQUIRED FILES TO BUILD THIS IMAGE

# ----------------------------------

# (1) db_home.zip

#     Download Oracle Database 19c Enterprise Edition or Standard Edition 2 for Linux x64

#     from http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html

#

# HOW TO BUILD THIS IMAGE

# -----------------------

# Put all downloaded files in the same directory as this Dockerfile

# Run:

#      $ docker build -t oracle/database:19.3.0-${EDITION} .

#

# Pull base image

# ---------------

FROM oraclelinux:7-slim as base

# Labels

# ------

LABEL "provider"="Oracle"                                               \

      "issues"="https://github.com/oracle/docker-images/issues"         \

      "volume.data"="/opt/oracle/oradata"                               \

      "volume.setup.location1"="/opt/oracle/scripts/setup"              \

      "volume.setup.location2"="/docker-entrypoint-initdb.d/setup"      \

      "volume.startup.location1"="/opt/oracle/scripts/startup"          \

      "volume.startup.location2"="/docker-entrypoint-initdb.d/startup"  \

      "port.listener"="1521"                                            \

      "port.oemexpress"="5500"

# Argument to control removal of components not needed after db software installation

ARG SLIMMING=false

# Environment variables required for this build (do NOT change)

# -------------------------------------------------------------

ENV ORACLE_BASE=/opt/oracle \

    ORACLE_HOME=/opt/oracle/product/19c/dbhome_1 \

    INSTALL_DIR=/opt/install \

    INSTALL_FILE_1="LINUX.X64_193000_db_home.zip" \

    INSTALL_RSP="db_inst.rsp" \

    CONFIG_RSP="dbca.rsp.tmpl" \

    PWD_FILE="setPassword.sh" \

    RUN_FILE="runOracle.sh" \

    START_FILE="startDB.sh" \

    CREATE_DB_FILE="createDB.sh" \

    SETUP_LINUX_FILE="setupLinuxEnv.sh" \

    CHECK_SPACE_FILE="checkSpace.sh" \

    CHECK_DB_FILE="checkDBStatus.sh" \

    USER_SCRIPTS_FILE="runUserScripts.sh" \

    INSTALL_DB_BINARIES_FILE="installDBBinaries.sh" \

    RELINK_BINARY_FILE="relinkOracleBinary.sh" \

    SLIMMING=$SLIMMING

# Use second ENV so that variable get substituted

ENV PATH=$ORACLE_HOME/bin:$ORACLE_HOME/OPatch/:/usr/sbin:$PATH \

    LD_LIBRARY_PATH=$ORACLE_HOME/lib:/usr/lib \

    CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib

# Copy files needed during both installation and runtime

# -------------

COPY $SETUP_LINUX_FILE $CHECK_SPACE_FILE $INSTALL_DIR/

COPY $RUN_FILE $START_FILE $CREATE_DB_FILE $CONFIG_RSP $PWD_FILE $CHECK_DB_FILE $USER_SCRIPTS_FILE $RELINK_BINARY_FILE $ORACLE_BASE/

# Changes by Ravi Verma

RUN mkdir -p /opt/

ADD compat-libcap1-1.10-7.el7.x86_64.rpm /opt/

ADD compat-libstdc++-33-3.2.3-72.el7.x86_64.rpm /opt/

ADD oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm /opt/

RUN yum -y localinstall /opt/compat-libcap1-1.10-7.el7.x86_64.rpm && \

    yum -y localinstall /opt/compat-libstdc++-33-3.2.3-72.el7.x86_64.rpm && \

    yum -y localinstall /opt/oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm && \

    yum -y clean all && \

    rm -f /opt/*.rpm

RUN chown -R oracle:oinstall /opt/oracle

USER oracle

ADD oracle19c.tar.gz /opt/

COPY --chown=oracle:oinstall wallet /opt/oracle/wallet

#RUN chown -R oracle:oinstall /opt/oracle/

CMD exec $ORACLE_BASE/$RUN_FILE

## End of the Dockerfile ###

[oracle@localhost withrpms]$ pwd

/opt/dockerOracle19c/withrpms

[oracle@localhost withrpms]$ ./buildDockerImage.sh -v 19.3.0 -e

You get the image oracle/database:19.3.0-ee

B. We check the Oracle version.

[oracle@localhost withrpms]$ docker run -it oracle/database:19.3.0-ee bash

[oracle@7a5bd2ff1a96 /]$ sqlplus

SQL*Plus: Release 19.0.0.0.0 - Production on Sat Jan 2 00:54:48 2021

Version 19.9.0.0.0

Copyright (c) 1982, 2020, Oracle.  All rights reserved.

Enter user-name:

We see that we have a Docker image with the patched version

Part II

1. Create a script to start Oracle 19c in Docker

[root@dockerhost ~]# cat /etc/passwd

oracle:x:65535:65535::/home/oracle:/bin/bash

[root@dockerhost ~]# cat /etc/group

......... 

oinstall:x:65535:oracle

dba:x:65536:oracle

oper:x:65537:oracle

backupdba:x:65538:oracle

dgdba:x:65539:oracle

kmdba:x:65540:oracle

racdba:x:65541:oracle

[oracle@f3ff58203196 /]$ cat /etc/passwd

 oracle:x:54321:54321::/home/oracle:/bin/bash

[oracle@f3ff58203196 /]$ cat /etc/group

oinstall:x:54321:oracle

dba:x:54322:oracle

oper:x:54323:oracle

backupdba:x:54324:oracle

dgdba:x:54325:oracle

kmdba:x:54326:oracle

racdba:x:54330:oracle

A. Create a network

[oracle@localhost dockerOracle19c]$ cat createNetwork.sh

docker network create \

  --driver=bridge \

  --subnet=172.19.0.0/16 \

  --ip-range=172.19.5.0/24 \

  --gateway=172.19.5.254 \

  oracledb

A.

docker rm -f oracle19c

docker run -dt --network=oracledb --name oracle19c --hostname dockerdb --user oracle --ip 172.19.5.10 \

-p 192.168.1.45:1521:1521 -p 192.168.1.45:5500:5500 \

-e ORACLE_SID=UNKIND \

-e ORACLE_PDB=UNKINDPDB \

-v /oradrive/oradata:/opt/oracle/oradata \

oracle/database:19.3.0-ee 

B.

docker rm -f oracle19c

docker run -dt --network=oracledb --name oracle19c --hostname dockerdb --user oracle --ip 172.19.5.10 \

-p 192.168.1.45:1521:1521 -p 192.168.1.45:5500:5500 \

-e ORACLE_SID=UNKIND \

-e ORACLE_PDB=UNKINDPDB \

-v /oradrive/oradata/UNKIND/network/admin:/opt/oracle/product/19c/dbhome_1/network/admin \

-v /oradrive/oradata/UNKIND/dbs:/opt/oracle/product/19c/dbhome_1/dbs \

-v /oradrive/oradata/UNKIND/wallet:/opt/oracle/wallet \

-v /oradrive/oradata:/opt/oracle/oradata \

oracle/database:19.3.0-ee

Part III

1. Create Transparently Data Encryption(TDE) for TNS as well as Database Files

[oracle@localhost ~]$ docker exec -it oracle19c bash

[oracle@dockerdb /]$

[oracle@dockerdb ~]$ orapki wallet create -wallet $wallet -auto_login_local

Oracle PKI Tool Release 21.0.0.0.0 - Production

Version 21.0.0.0.0

Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.

Enter password:

Enter password again:

Operation is successfully completed.

[oracle@dockerdb ~]$ orapki wallet add -wallet $wallet -dn "CN=dockerdb.hqsft.com" -keysize 4096 -self_signed -validity 3650

Oracle PKI Tool Release 21.0.0.0.0 - Production

Version 21.0.0.0.0

Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.

Cannot modify auto-login (sso) wallet

Enter wallet password:

Operation is successfully completed.

[oracle@dockerdb ~]$ cat /opt/oracle/product/19c/dbhome_1/network/admin/listener.ora

LISTENER =

(DESCRIPTION_LIST =

  (DESCRIPTION =

    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))

    (ADDRESS = (PROTOCOL = TCP)(HOST = 172.19.5.10 )(PORT = 1521))

    (ADDRESS = (PROTOCOL = TCPS)(HOST = 172.19.5.10 )(PORT = 2484))

  )

)

DEDICATED_THROUGH_BROKER_LISTENER=ON

DIAG_ADR_ENABLED = off

WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

       (DIRECTORY = /opt/oracle/wallet)

     )

   )

SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)

SSL_CLIENT_AUTHENTICATION = FALSE

SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)

 

[oracle@dockerdb ~]$ cat /opt/oracle/product/19c/dbhome_1/network/admin/sqlnet.ora

NAME.DIRECTORY_PATH= (TNSNAMES, EZCONNECT, HOSTNAME)

LISTENER =

(DESCRIPTION_LIST =

  (DESCRIPTION =

    (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))

    (ADDRESS = (PROTOCOL = TCP)(HOST = 172.19.5.10 )(PORT = 1521))

    (ADDRESS = (PROTOCOL = TCPS)(HOST = 172.19.5.10 )(PORT = 2484))

  )

)

DEDICATED_THROUGH_BROKER_LISTENER=ON

DIAG_ADR_ENABLED = off

WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

       (DIRECTORY = /opt/oracle/wallet)

     )

   )

SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,BEQ)

SSL_CLIENT_AUTHENTICATION = FALSE

SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)

[oracle@dockerdb ~]$ cat /opt/oracle/product/19c/dbhome_1/network/admin/tnsnames.ora

UNKINDPDB=

  (DESCRIPTION =

    (ADDRESS = (PROTOCOL = TCP)(HOST = 172.19.5.10)(PORT = 1521))

    (CONNECT_DATA =

      (SERVER = DEDICATED)

      (SERVICE_NAME = UNKINDPDB)

    )

  )

UNKIND=

  (DESCRIPTION =

    (ADDRESS = (PROTOCOL = TCP)(HOST = 172.19.5.10)(PORT = 1521))

    (CONNECT_DATA =

      (SERVER = DEDICATED)

    (SERVICE_NAME = UNKIND)

    )

  )

UNKINDSSL=

  (DESCRIPTION =

    (ADDRESS = (PROTOCOL = TCPS)(HOST = 172.19.5.10)(PORT = 2484))

    (CONNECT_DATA =

      (SERVER = DEDICATED)

    (SERVICE_NAME = UNKIND)

    )

  )

[oracle@dockerdb ~]$ tnsping unkindssl

TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 03-JAN-2021 02:50:05

Copyright (c) 1997, 2020, Oracle.  All rights reserved.

Used parameter files:

/opt/oracle/product/19c/dbhome_1/network/admin/sqlnet.ora

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = 172.19.5.10)(PORT = 2484)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = UNKIND)))

OK (30 msec)

1. Create encrypted tablespaces in Oracle 19c Pluggable Database 

SQL> alter system set db_create_file_dest='/opt/oracle/oradata/UNKIND/' scope=both;

SQL> shutdown immediate;

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> startup mount;

ORACLE instance started.

Total System Global Area 1610610568 bytes

Fixed Size                  9136008 bytes

Variable Size             452984832 bytes

Database Buffers         1140850688 bytes

Redo Buffers                7639040 bytes

Database mounted.

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY MyKeyPassword1234;

keystore altered.

SQL> alter database open;

Database altered.

SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY  MyKeyPassword1234 WITH BACKUP ;

keystore altered.

SQL> show pdbs;

    CON_ID CON_NAME                       OPEN MODE  RESTRICTED

---------- ------------------------------ ---------- ----------

         2 PDB$SEED                       READ ONLY  NO

         3 UNKINDPDB                      READ WRITE NO

SQL> alter session set container=UNKINDPDB;

Session altered.

SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY 

MyKeyPassword1234;

keystore altered.

SQL>  ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY covid192020 WITH BACKUP;

keystore altered.

SQL> create tablespace test datafile '/opt/oracle/oradata/UNKIND/test01.dbf' size 2g autoextend on ENCRYPTION USING 'AES256' default storage(encrypt);

Tablespace created.

SQL>

SQL> select tablespace_name from dba_tablespaces;

TABLESPACE_NAME

------------------------------

SYSTEM

SYSAUX

UNDOTBS1

TEMP

USERS

TEST