Apex: upgrading Apex to 18.2, Ords to 18.3

Apex 18.2 and Ords 18.3 are now available.

To upgrade these versions in place, for example on an OCI DBsystem, from respectively Apex 18.1 and Ords 18.2:

#1 Download and unzip apex 18.3 in the n/u01/app/oracle/product/apex/18.3

 

#2 Upgrade apex

cd /u01/app/oracle/product/apex/18.3
sqlplus / as sysdba <<EOF
ALTER SESSION SET CONTAINER=<mycontainer>
@apexins SYSAUX SYSAUX TEMP /i/
EOF

 

#3 Change the images symbolic links (quite convenient to handle periodic upgrades)

cd /u01/app/oracle/product/apex/latest
rm images
ln -s ../18.3/images images

 

#4 Download and unzip the ORDS zip file in the newly created directory

 /u01/app/oracle/product/ords/18.3

 

#5 Upgrade the params files

cd /u01/app/oracle/product/ords/18.3/params
cp /u01/app/oracle/product/ords/18.2/params/* .

 

#6 Upgrade the config directory

cd /u01/app/oracle/product/ords/18.3
java -jar ords.war configdir /u01/app/oracle/product/ords/config

 

#7 Upgrade the ORDS schema

cd /u01/app/oracle/product/ords/18.3
java -jar ords.war

The end of the process should start the ords server

Advertisements

SQL Developer: Rest Development connection setup to DBCS and https

There are two possible hiccups with the setup of “Rest Development” with SQL Developer 18c, when trying to connect to some https respoint, for example running on a DBcs on OCI.

#1 PKIX path building failed trying to connect after https is specified, basically getting the the error below trying to connect to a RestData service:

Cannot connect to <XX>.
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

The Solution is to add the destination server certificate to the cacerts file from the Java JDK embedded with SQL Developer, for example:

C:\Oracle\SQLDev\182\jdk\lib\security\cacerts
or
C:\Oracle\SQLDev\183\jdk\jre\lib\security\cacerts

 

At this point, the easiest  is to transfer that certificate file on Linux and run the following command before transferring it back to Windows.

$ORACLE_HOME/jdk/jre/bin/keytool -storepass changeit -import -trustcacerts -keystore cacerts -file <mycertificate> -alias "myalias"

 

#2 Invalid resource owner credentials during login

The username to be specified is a special user that one can create from the compute instance running ORDS:

cd /u01/app/oracle/product/ords/18.2
or
cd /u01/app/oracle/product/ords/18.3

then

java -jar ords.war user ords_dev   "SQL Developer"
and/or
java -jar ords.war user ords_admin "Listener Administrator"

The command above will store these credentials in the ORDS configuration directory, where the user_name will be specified in clear, for example

/u01/app/oracle/product/ords/config/ords/credentials

Then use ords_dev or ords_admin to connect to the restful admin service to either develop new services or administer the service

 

Note that when upgrading from Apex 18.1 to 18.2, this is a matter to copy the cacerts file into the new SQLdev directory.

OCI: ORDS 18.x redirection and logging

The tips below are applicable for ORDS 18.x standalone, for example after a deployment on an OCI dbsystem.

#1 To configure the access.log, update the file standalone.properties available from the /u01/app/oracle/product/ords/config/ords/standalone/standalone.properties configuration file to add the following property

standalone.access.log=/tmp/ords

Where /tmp/ords is going to be a directory that will hold the daily logfiles. Then restart the ords standalone process.

 

#2 To implement some redirect for the internal ords port to be accessible from the standard https port 443, instead of the native port 8443, create the file https (for example) in /etc/xinetd.d, with the following content:

service jetty-https
{
disable = no
type = UNLISTED
socket_type = stream
protocol = tcp
wait = no
redirect = localhost 8443
port = 443
user = nobody
}

Then restart the xinetd.d service

service xinetd restart

Check that the firewall and the ingress rules allow inbound access to 443.

OCI: Implement a certificate for ORDS

To implement a certificate on a running DBCS instance running on OCI classic, you need:

  • The combined certificate combined.cer, in pem format
  • The certificate private key privatekey.txt, in pem format

 

Navigate in the ORDS configuration directory

cd /u01/app/oracle/product/ords/conf/ords/standalone

 

Convert the key into a pkcs8 format:

openssl pkcs8 -topk8 -inform pem -outform der -in privatekey.txt -out privatekey_pkcs8.der -nocrypt

 

Now reference the certificate concatenated with the intermediate certificate IN THIS ORDER, and the certificate key in pkcs8 format from the configuration file standalone.properties

#Fri Feb 02 18:30:47 UTC 2017
jetty.port=8080
jetty.secure.port=8181
ssl.cert=/u01/app/oracle/product/ords/conf/ords/standalone/combined.cer
ssl.cert.key=/u01/app/oracle/product/ords/conf/ords/standalone/privatekey_pkcs8.key
ssl.host=<hostname>
standalone.context.path=/ords
standalone.doc.root=/u01/app/oracle/product/ords/conf/ords/standalone/doc_root
standalone.scheme.do.not.prompt=true
standalone.static.context.path=/i
standalone.static.do.not.prompt=true

 

Restart now the ORDS service

sudo /etc/init.d/ords restart