Mit dem Database Service for Google Distributed Cloud (GDC) Air-Gapped können Oracle-Datenbanken verwaltet werden, aber Oracle-Software oder -Lizenzen werden nicht mit dem Dienst bereitgestellt. Als Nutzer sind Sie dafür verantwortlich, dass Sie eine Lizenz zur Nutzung von Oracle-Software haben. Sie müssen auch die Software für die Nutzung mit dem Dienst bereitstellen und hochladen.
Sie können die folgenden Aufgaben ausführen:
- Laden Sie Oracle Database-Binärdateien herunter.
- Oracle-Datenbank-Container-Images erstellen
- Laden Sie Datenbank-Container-Images in die Harbor-Container-Registry hoch.
Sie benötigen eine gültige Oracle Database-Lizenz, um die Aufgaben auf dieser Seite auszuführen.
Von Database Service unterstützte Oracle-Datenbankversionen prüfen
Prüfen Sie vor dem Fortfahren mit dem folgenden Befehl, welche Datenbankversionen vom Database Service unterstützt werden. Führen Sie diesen Befehl im Cluster der Administratororganisation aus:
kubectl get SoftwareLibrary -o=jsonpath='{.items[0].databaseEngines[?(@.name=="Oracle")]}.databaseVersions'
Die Ausgabe sollte so aussehen:
[{
"edition":"enterprise",
"isDisabled":false,
"majorVersion":"19",
"minorVersion":"10.0.0.0",
"versionDisplayName":"Oracle 19.10.0.0.0"
}]
Diese Ausgabe bedeutet, dass der Datenbankdienst das Erstellen neuer Datenbankcluster aus Oracle-Datenbank-Images mit der Hauptversion 19, der Nebenversion 10.0.0.0 und der Edition „Enterprise“ unterstützt.
Oracle-Binärdateien herunterladen
Laden Sie die Oracle-Binärdateien von der Oracle-Website herunter. Dazu benötigen Sie eine gültige Oracle-Lizenz. Es gibt drei Softwarekomponenten, die von der Oracle-Website heruntergeladen werden müssen:
- Die Oracle-Datenbankbinärdatei.
- Ein aktuelles Patch Set Update (PSU).
- Der neueste verfügbare OPatch.
Die Binärdateien für Oracle Database 19.3.0.0.0 Enterprise sind beispielsweise:
Oracle Database 19c (19.3.0.0.0) für Linux x86-64 (Enterprise Edition). Laden Sie diese Binärdatei aus der Oracle eDelivery Cloud herunter:
https://edelivery.oracle.com/. Wählen Sie auf der Downloadseite in der Liste Paket herunterladen aus, geben SieOracle Database 19 Enterprise Editionin das Suchfeld ein und klicken Sie auf Suchen.
Patch Set Update (PSU) Die PSU vom April 2021 finden Sie unter
https://support.oracle.com/epmos/faces/PatchDetail?patchId=32545013&languageId=0&platformId=226&patch_name=32545013&releaseId=600000000018520&_adf.ctrl-state=7pbau4y2d_4&_afrLoop=470976018798075. Notieren Sie sich die Patchversion, in diesem Beispiel32545013, die Sie später beim Erstellen von Images verwenden.
Das neueste verfügbare OPatch:
https://updates.oracle.com/download/6880880.html. Wählen Sie die folgenden Downloadparameter aus:- Wählen Sie in der Liste Select a Release (Release auswählen) die Option OPatch 19.0.0.0.0 aus.
- Wählen Sie in der Liste Plattform oder Sprache die Option Linux x86_64 aus.
Oracle-Datenbank-Container-Images erstellen
Docker muss installiert sein, bevor Sie mit den folgenden Schritten fortfahren. Sie müssen diese Schritte auf einem Linux-System ausführen.
Erstellen Sie ein Verzeichnis mit den Binärdateien, die Sie in den vorherigen Schritten heruntergeladen haben. Legen Sie in Ihrer Umgebung die Variable
PATH_TO_IMAGE_BUILDfest:export PATH_TO_IMAGE_BUILD=PATHErsetzen Sie PATH durch den vollständigen Pfad zum Verzeichnis mit den Oracle-Binärdateien.
Kopieren Sie die Skripts zum Erstellen von Images aus dem Anhang dieses Dokuments in das Verzeichnis PATH_TO_IMAGE_BUILD.
Kopieren Sie die zuvor heruntergeladenen Oracle-Binärdateien in das Verzeichnis PATH_TO_IMAGE_BUILD, in dem sich die Build-Skripts befinden. Prüfen Sie, ob das Verzeichnis PATH_TO_IMAGE_BUILD die richtigen Dateien enthält:
ls -1X Dockerfile README.md image_build.sh install-oracle-18c-xe.sh install-oracle.sh ora12-config.sh ora19-config.sh oracle-preinstall.sh cloudbuild.yaml p32545013_190000_Linux-x86-64.zip p6880880_200000_Linux-x86-64.zipFühren Sie das Skript zur Bilderstellung aus:
cd $PATH_TO_IMAGE_BUILD chmod +x ./image_build.sh ./image_build.sh --local_build=true --db_version=19.3 --patch_version=32545013 \ --create_cdb=true --cdb_name=GCLOUD --mem_pct=45 --no_dry_run --project_id=local-buildDie Ausführung des Skripts dauert etwa 40 Minuten.
Das Skript erstellt ein Seed-Image, das eine Containerdatenbank (CDB) enthält. Für Database Service müssen Sie die Oracle-Images vorbereiten, da dies die Bereitstellungszeit erheblich verkürzt.
Prüfen Sie mit dem folgenden Befehl, ob Sie das containerisierte Datenbank-Image erfolgreich erstellt haben:
docker imagesSie sehen eine ähnliche Ausgabe, in der das Bild aufgeführt ist:
REPOSITORY gcr.io/local-build/oracle-database-images/oracle-19.3-ee-seeded-GCLOUD TAG IMAGE ID CREATED SIZE latest c18d81c3cf6e 3 hours ago 13.5GBVerwenden Sie den Imagenamen und das Tag aus der Ausgabe des vorherigen Schritts, um das erstellte Image in einer TAR-Datei zu speichern:
docker save <image name>:<tag name> | gzip > gdch_db_oracle_image.tar.gz
Images in die Harbor-Registry hochladen
Richten Sie einen Speicher-Bucket in Ihrem Projekt ein und laden Sie die TAR-Datei dorthin hoch.
Erstellen Sie ein Ticket für den Infrastrukturbetreiber, um den Upload des Images in die Artifact Registry anzufordern. Geben Sie im Ticket die folgenden Informationen an:
Anfrage zum Hochladen eines Oracle-Images für den Datenbankdienst.
- Name der Organisation:
<organization name> - Dateipfad:
- Projektname:
<name of project owning the bucket> - Bucket-Name:
<name of the bucket> - Pfad:
<gdch_db_oracle_image.tar.gz>
- Projektname:
- Bildspeicherort:
- Image-Name:
gpc-system-container-images/ods-database-images/oracle.db.anthosapis.com/oracle-enterprise - Bild-Tag:
majorVersion-minorVersion
- Image-Name:
- Name der Organisation:
Sobald das Ticket bearbeitet wurde, können Sie Oracle als Datenbank-Engine verwenden.
Nächste Schritte
Datenbankmodultyp auswählen und Datenbankcluster erstellen
Anhang: Image-Build-Skripts
Dieser Abschnitt enthält die Skripts zum Erstellen von Images, auf die in Oracle-Datenbank-Container-Images erstellen verwiesen wird.
Dockerfile
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Base image can be either RHEL8 UBI or OEL8 slim
# BASE_IMAGE=registry.access.redhat.com/ubi8/ubi
# ARG BASE_IMAGE=oraclelinux:8-slim
# Oracle 8 does not support 12c.
# ARG BASE_IMAGE=oraclelinux:7-slim
FROM docker.io/oraclelinux:7-slim as base
ARG DB_VERSION
ARG ORACLE_HOME
ARG ORACLE_BASE
ARG CREATE_CDB
ARG CDB_NAME
ENV STAGE_DIR=/tmp/stage/
COPY oracle-preinstall.sh $STAGE_DIR
RUN /bin/bash -c $STAGE_DIR/oracle-preinstall.sh
FROM base as installer
ARG DB_VERSION
ARG CREATE_CDB
ARG CDB_NAME
ARG CHARACTER_SET
ARG MEM_PCT
ARG EDITION
ARG PATCH_VERSION
ARG INSTALL_SCRIPT
ADD ./* $STAGE_DIR
RUN /bin/bash -c \
'if [ "${DB_VERSION}" = "18c" ] && [ "${EDITION}" = "xe" ]; then \
export INSTALL_SCRIPT=install-oracle-18c-xe.sh; \
chmod +x $STAGE_DIR$INSTALL_SCRIPT; \
$STAGE_DIR/$INSTALL_SCRIPT "${CDB_NAME}" "${CHARACTER_SET}" && \
rm -rf $INSTALL_SCRIPT && \
rm -rf $STAGE_DIR; \
else \
export INSTALL_SCRIPT=install-oracle.sh; \
chmod +x $STAGE_DIR$INSTALL_SCRIPT; \
$STAGE_DIR/$INSTALL_SCRIPT "${DB_VERSION}" "${EDITION}" "${CREATE_CDB}" "${CDB_NAME}" "${CHARACTER_SET}" "${MEM_PCT}" "${PATCH_VERSION}" && \
rm -rf $INSTALL_SCRIPT && \
rm -rf $STAGE_DIR; \
fi'
FROM base as database_image
ARG ORACLE_HOME
ARG ORACLE_BASE
ARG CDB_NAME
ENV ORACLE_HOME=$ORACLE_HOME
ENV ORACLE_BASE=$ORACLE_BASE
ENV ORACLE_SID=$CDB_NAME
ENV LD_LIBRARY_PATH=$ORACLE_HOME/lib:/usr/lib
USER oracle
COPY --chown=oracle:dba --from=installer $ORACLE_BASE $ORACLE_BASE
COPY --chown=oracle:dba --from=installer /etc/oratab /etc/oratab
COPY --chown=oracle:dba --from=installer /etc/oraInst.loc /etc/oraInst.loc
USER root
RUN $ORACLE_HOME/root.sh && rm $STAGE_DIR/oracle-preinstall.sh
VOLUME ["/u02", "/u03"]
# TODO: make the port number configurable
EXPOSE 1521
# Define default command to start Oracle Database.
CMD exec /bin/bash
README.md
# Cloud Build for DB Image This tooling picks up the software from Cloud Storage bucket and then creates a container image with the RDBMS software preinstalled. At present, it supports Oracle 19c and Oracle 12.2. The docker container does not contain the database, and needs to be created separately. The base container OS is Oracle Enterprise Linux (OEL7-slim). ## How to run Oracle 19c EE ```shell $ GCS_PATH=$ gcloud builds submit --config=cloudbuild.yaml --substitutions=_INSTALL_PATH=$GCS_PATH,_DB_VERSION=19c ``` Oracle 12.2 EE ```shell $ GCS_PATH= $ gcloud builds submit --config=cloudbuild.yaml --substitutions=_INSTALL_PATH=$GCS_PATH,_DB_VERSION=12.2 ``` Oracle 18c XE ```shell $ GCS_PATH= $ gcloud builds submit --config=cloudbuild.yaml --substitutions=_INSTALL_PATH=$GCS_PATH,_DB_VERSION=18c,_CREATE_CDB=true,_CDB_NAME=MYDB ``` ## Access When running the command, mentioned in Oracle 18c XE, you might see failures if the cloudbuilder service account does not have 'Storage Viewer' access to the Cloud Storage bucket that stores the software. ```shell export PROJECT_NUMBER= export BUCKET_NAME= gcloud storage buckets add-iam-policy-binding gs://$BUCKET_NAME --member=serviceAccount:$PROJECT_NUMBER@cloudbuild.gserviceaccount.com --role=roles/storage.objectViewer ```
image_build.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
readonly ORACLE_12="12.2"
readonly ORACLE_19="19.3"
readonly ORACLE_18="18c"
readonly DUMMY_VALUE="-1"
DB_VERSION=''
EDITION='ee'
CREATE_CDB=false
CDB_NAME=''
CHARACTER_SET='AL32UTF8'
MEM_PCT=25
IMAGE_NAME_SUFFIX=''
INSTALL_PATH=''
NO_DRY_RUN=false
ORACLE_HOME=''
ORACLE_BASE=''
PROJECT_ID=''
LOCAL_BUILD=false
TAG=''
sanity_check_params() {
if [[ "${CREATE_CDB}" == true ]]; then
if [ -z "${CDB_NAME}" ]; then
CDB_NAME="GCLOUD"
fi
db_name_len="${#CDB_NAME}"
if [[ "${db_name_len}" -le 0 || "${db_name_len}" -gt 8 ]]; then
echo "CDB_NAME should be less than or equal to 8 characters"
usage
fi
else
db_name_len="${#CDB_NAME}"
if [[ "${db_name_len}" -gt 0 ]]; then
echo "CDB_NAME is set but CREATE_CDB is not"
usage
fi
fi
if [[ -z "${DB_VERSION}" ]]; then
echo "Version DB_VERSION parameter is required to create images"
usage
fi
if [[ "${DB_VERSION}" != "${ORACLE_12}" && "${DB_VERSION}" != "${ORACLE_18}" && "${DB_VERSION}" != "${ORACLE_19}" ]]; then
echo "${DB_VERSION} is not supported, the supported versions are ${ORACLE_12} and ${ORACLE_19}"
usage
fi
if [ -z "${INSTALL_PATH}" ] && [ "${DB_VERSION}" != "${ORACLE_18}" ] && [ "${LOCAL_BUILD}" != true ]; then
echo "Cloud Storage path containing Oracle installation files is not provided"
usage
fi
if [[ "${MEM_PCT}" -le 0 || "${MEM_PCT}" -gt 100 ]]; then
echo "MEM_PCT should be between 0 and 100"
usage
fi
if [[ "${DB_VERSION}" == "${ORACLE_18}" ]]; then
EDITION="xe"
fi
}
usage() {
echo "------USAGE------
This tool allows you to build oracle database container images.
You have the option of using the Google Cloud build script or performing a local build by setting the --local_build flag to true.
Sanity checks are conducted on your inputs and safe defaults are used as necessary.
image_build.sh --db_version [12.2, 19.3 or 18c] --create_cdb [true or false] --cdb_name [CDB_NAME] --install_path [INSTALL_PATH]
REQUIRED FLAGS
--install_path
Cloud Storage path containing Oracle Database EE installation files.
This flag is only required when using Google Cloud Build.
You do not need to specify this parameter for Oracle 18c XE.
--db_version
Version of the Oracle database.
--create_cdb
Specifies whether a CDB should be created. Must be set to 'true' if using Oracle 18c.
OPTIONAL FLAGS
--cdb_name
Name of the CDB to create. Defaults to 'GCLOUD' if unspecified.
--edition
Edition of the Oracle database. ee is used if unspecified.
This flag is not supported for Oracle 18c and will be ignored.
--patch_version
Version of the Oracle database PSU.
If unspecified, 31741641 is used as the default value for 12.2 ,
32545013 is used as the default value for 19.3 .
This flag is not supported for Oracle 18c and will be ignored.
--local_build
if true, docker is used to build an image locally. If false or unspecified, Google Cloud Build is used to build the image.
--project_id
project_id Google Cloud project to use for image build. If unspecified, your default gcloud project will be used.
For local builds, this flag can be set to 'local-build'.
--mem_pct
Percentage of memory.
This flag is not supported for Oracle 18c and will be ignored.
--character_set
Character set for the newly created CDB
--tag
Tag that should be applied to the image.
If a tag is not specified, 'gcr.io/\$GCR_PROJECT_ID/oracle-database-images/oracle-\${DB_VERSION}-\${EDITION}-\${IMAGE_NAME_SUFFIX}:latest' is used.
--no_dry_run
Run command in full mode. Will execute actions.
"
exit 1
}
function parse_arguments() {
opts=$(getopt -o i:v:c:n:p:m:c:h \
--longoptions install_path:,db_version:,edition:,create_cdb:,cdb_name:,mem_pct:,character_set:,help:,project_id:,patch_version:,local_build:,tag:,no_dry_run,help \
-n "$(basename "$0")" -- "$@")
eval set -- "$opts"
while true; do
case "$1" in
-i | --install_path)
shift
INSTALL_PATH=$1
shift
;;
-v | --db_version)
shift
DB_VERSION=$1
shift
;;
-e | --edition)
shift
EDITION=$1
shift
;;
-c | --create_cdb)
shift
CREATE_CDB=$1
shift
;;
-n | --cdb_name)
shift
CDB_NAME=$1
shift
;;
-m | --mem_pct)
shift
MEM_PCT=$1
shift
;;
--character_set)
shift
CHARACTER_SET=$1
shift
;;
--patch_version)
shift
PATCH_VERSION=$1
shift
;;
--project_id)
shift
PROJECT_ID=$1
shift
;;
--local_build)
shift
LOCAL_BUILD=$1
shift
;;
-t | --tag)
shift
TAG=$1
shift
;;
-h | --help)
usage
return 1
;;
--no_dry_run)
NO_DRY_RUN=true
shift
;;
--)
shift
break
;;
*)
echo Invalid argument "$1"
usage
exit 1
;;
esac
done
}
execute_command() {
IMAGE_NAME_SUFFIX=$(echo "$CDB_NAME" | tr '[:upper:]' '[:lower:]')
if [ -z "${PROJECT_ID}" ]; then
PROJECT_ID=$(gcloud config get-value project 2>/dev/null)
echo "Project not specified, falling back on current gcloud default:"
echo "$PROJECT_ID"
fi
if [ -z "${PATCH_VERSION}" ]; then
PATCH_VERSION="${DUMMY_VALUE}"
fi
GCR_PROJECT_ID=$(echo "$PROJECT_ID" | tr : /)
if [[ "${CREATE_CDB}" == true ]]; then
IMAGE_NAME_SUFFIX="seeded-${IMAGE_NAME_SUFFIX}"
else
IMAGE_NAME_SUFFIX="unseeded"
CDB_NAME=""
fi
if [ "${DB_VERSION}" == "${ORACLE_18}" ] && [ "${EDITION}" == "xe" ]; then
ORACLE_HOME="/opt/oracle/product/18c/dbhomeXE"
ORACLE_BASE="/opt/oracle"
else
ORACLE_HOME="/u01/app/oracle/product/${DB_VERSION}/db"
ORACLE_BASE="/u01/app/oracle"
fi
if [ -z "${TAG}" ]; then
TAG="gcr.io/${GCR_PROJECT_ID}/oracle-database-images/oracle-${DB_VERSION}-${EDITION}-${IMAGE_NAME_SUFFIX}:latest"
fi
if [ "${LOCAL_BUILD}" == true ]; then
BUILD_CMD=$(echo docker build --no-cache --build-arg=DB_VERSION="${DB_VERSION}" --build-arg=ORACLE_HOME="${ORACLE_HOME}" --build-arg=ORACLE_BASE="${ORACLE_BASE}" --build-arg=CREATE_CDB="${CREATE_CDB}" --build-arg=CDB_NAME="${CDB_NAME}" --build-arg=CHARACTER_SET="${CHARACTER_SET}" --build-arg=MEM_PCT="${MEM_PCT}" --build-arg=EDITION="${EDITION}" --build-arg=PATCH_VERSION="${PATCH_VERSION}" --tag="$TAG" .)
else
if [ "${DB_VERSION}" == "${ORACLE_18}" ]; then
BUILD_CMD=$(echo gcloud builds submit --project=${PROJECT_ID} --config=cloudbuild-18c-xe.yaml --substitutions=_ORACLE_HOME="${ORACLE_HOME}",_ORACLE_BASE="${ORACLE_BASE}",_CDB_NAME="${CDB_NAME}",_CHARACTER_SET="${CHARACTER_SET}",_TAG="${TAG}")
else
BUILD_CMD=$(echo gcloud builds submit --project=${PROJECT_ID} --config=cloudbuild.yaml --substitutions=_INSTALL_PATH="${INSTALL_PATH}",_DB_VERSION="${DB_VERSION}",_EDITION="${EDITION}",_ORACLE_HOME="${ORACLE_HOME}",_ORACLE_BASE="${ORACLE_BASE}",_CREATE_CDB="${CREATE_CDB}",_CDB_NAME="${CDB_NAME}",_CHARACTER_SET="${CHARACTER_SET}",_MEM_PCT="${MEM_PCT}",_TAG="${TAG}",_PATCH_VERSION="${PATCH_VERSION}")
fi
fi
if [[ "$NO_DRY_RUN" == true ]]; then
echo "Executing the following command:"
echo "$BUILD_CMD"
${BUILD_CMD}
else
echo "Dry run mode: the command would have executed as follows:"
echo "$BUILD_CMD"
fi
}
main() {
parse_arguments "$@"
sanity_check_params
date
time execute_command
}
main "$@"
install-oracle-18c-xe.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# shellcheck disable=2153
set -x
set -e
set -u
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
readonly CDB_NAME=${1:-GCLOUD}
readonly CHARACTER_SET=${2:-AL32UTF8}
readonly USER="oracle"
readonly GROUP="dba"
readonly OHOME="/opt/oracle/product/18c/dbhomeXE"
readonly DB_VERSION="18c"
set_environment() {
export ORACLE_DOCKER_INSTALL=true
source "/home/oracle/${CDB_NAME}.env"
}
install_oracle() {
yum -y localinstall https://download.oracle.com/otn-pub/otn_software/db-express/oracle-database-xe-18c-1.0-1.x86_64.rpm
}
write_oracle_config() {
echo "\
CHARSET=${CHARACTER_SET}
ORACLE_SID=${CDB_NAME}
SKIP_VALIDATIONS=FALSE" > /etc/sysconfig/oracle-xe-18c.conf
}
create_cdb() {
local syspass="$(openssl rand -base64 16 | tr -dc a-zA-Z0-9)"
(echo "${syspass}"; echo "${syspass}";) | /etc/init.d/oracle-xe-18c configure
}
set_file_ownership() {
chown -R "${USER}:${GROUP}" "${OHOME}"
chown -R "${USER}:${GROUP}" "/home/${USER}"
chown "${USER}:${GROUP}" /etc/oraInst.loc
chown -R "${USER}:${GROUP}" /opt
}
shutdown_oracle() {
run_sql "shutdown immediate;"
echo "Oracle Database Shutdown"
}
delete_xe_pdb() {
run_sql "ALTER PLUGGABLE DATABASE XEPDB1 CLOSE;"
run_sql "DROP PLUGGABLE DATABASE XEPDB1 INCLUDING DATAFILES;"
}
run_sql() {
echo "${1}" | sudo -E -u oracle "${ORACLE_HOME}/bin/sqlplus" -S / as sysdba
}
main() {
echo "Running Oracle 18c XE install script..."
set_environment
install_oracle
write_oracle_config
create_cdb
set_file_ownership
delete_xe_pdb
shutdown_oracle
echo "Oracle 18c XE installation succeeded!"
}
main
install-oracle.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# shellcheck disable=2153
set -x
set -e
set -u
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
readonly DB_VERSION="$1"
readonly EDITION="$2"
readonly CREATE_CDB="$3"
readonly CDB_NAME="$4"
readonly CHARACTER_SET=${5:-AL32UTF8}
readonly MEM_PCT=${6:-25}
PATCH_VERSION="$7"
readonly INIT_PARAMS="log_archive_dest_1='LOCATION=USE_DB_RECOVERY_FILE_DEST',enable_pluggable_database=TRUE,common_user_prefix='gcsql$'"
readonly USER='oracle'
readonly GROUP='dba'
readonly OCM_FILE="ocm.rsp"
readonly OHOME="/u01/app/oracle/product/${DB_VERSION}/db"
readonly ORACLE_12="12.2"
readonly ORACLE_19="19.3"
setup_patching() {
if [[ "${PATCH_VERSION}" == "-1" ]]; then
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
PATCH_VERSION="31741641"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
PATCH_VERSION="32545013"
fi
fi
local patch_suffix
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
patch_suffix="_122010_Linux-x86-64.zip"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
patch_suffix="_190000_Linux-x86-64.zip"
fi
PATCH_ZIP="p${PATCH_VERSION}${patch_suffix}"
if [[ ! -f "${STAGE_DIR}"/"${PATCH_ZIP}" ]]; then
echo "could not find the PSU zip in ${STAGE_DIR}/${PATCH_ZIP}, possible fixes:
if '--local_build' is enabled, try stage ${PATCH_ZIP} to the same directory with image_build.sh.
if '--local_build' is disabled, try stage ${PATCH_ZIP} to the gcs bucket.
Update '--patch_version' when running image_build.sh, the script assumes the file name is 'p<var>patch_version</var>${patch_suffix}'."
exit 1
fi
}
setup_installers() {
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
local -g INSTALL_CONFIG="ora12-config.sh"
# shellcheck source=ora12-config.sh
source "${STAGE_DIR}"/"${INSTALL_CONFIG}"
local -g CHECKSUM_FILE="checksum.sha256.12"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
local -g INSTALL_CONFIG="ora19-config.sh"
# shellcheck source=ora19-config.sh
source "${STAGE_DIR}"/"${INSTALL_CONFIG}"
local -g CHECKSUM_FILE="checksum.sha256.19"
else
echo "DB version ${DB_VERSION} not supported"
exit 1
fi
_fallback_install_file
_fallback_opatch_file
}
_fallback_install_file() {
if [[ -f "${STAGE_DIR}"/"${INSTALL_ZIP}" ]]; then
echo "found DB installer zip ${STAGE_DIR}/${INSTALL_ZIP}, install will use ${INSTALL_ZIP}"
return
fi
# installer zip can be downloaded either from OTN or edelivery
# default file name for edelivery: V839960-01.zip
# default file name for OTN: linuxx64_12201_database.zip
local candidates=("linuxx64_12201_database.zip")
if [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
candidates=("LINUX.X64_193000_db_home.zip")
fi
echo "could not find the specified DB installer zip. Will try falling back to one of these possible names:" "${candidates[@]}"
for f in "${candidates[@]}"; do
if [[ -f "${STAGE_DIR}"/"${f}" ]]; then
echo "found DB installer zip ${STAGE_DIR}/${f},install will use ${f}"
INSTALL_ZIP="${f}"
break
else
echo "could not find fallback DB installer zip ${STAGE_DIR}/${f}, try specifying an installer from one of these possible names:" "${candidates[@]}"
fi
done
}
_fallback_opatch_file() {
if [[ -f "${STAGE_DIR}"/"${OPATCH_ZIP}" ]]; then
echo "found opatch zip ${STAGE_DIR}/${OPATCH_ZIP}, install will use ${OPATCH_ZIP}"
return
fi
# OPATCH_ZIP can be p6880880_200000_Linux-x86-64.zip, p6880880_190000_Linux-x86-64.zip
# p6880880_180000_Linux-x86-64.zip, p6880880_122010_Linux-x86-64.zip
# for 04302020 OPATCH, their sha256sum are identical "B08320195434559D9662729C5E02ABC8436A5C602B4355CC33A673F24D9D174"
local candidates=(
"p6880880_200000_Linux-x86-64.zip"
"p6880880_190000_Linux-x86-64.zip"
"p6880880_180000_Linux-x86-64.zip"
"p6880880_122010_Linux-x86-64.zip"
)
echo "cannot find opatch zip from config, try one of possible names" "${candidates[@]}"
for f in "${candidates[@]}"; do
if [[ -f "${STAGE_DIR}"/"${f}" ]]; then
echo "found opatch zip ${STAGE_DIR}/${f},install will use ${f}"
OPATCH_ZIP="${f}"
break
else
echo "cannot find opatch zip ${STAGE_DIR}/${f}, try fallback to other possible names"
fi
done
}
setup_ocm() {
if [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
echo "oracle.install.responseFileVersion=/oracle/install/rspfmt_dbinstall_response_schema_v19.0.0" >"${STAGE_DIR}/${OCM_FILE}"
elif [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
echo "oracle.install.responseFileVersion=/oracle/install/rspfmt_dbinstall_response_schema_v12.2.0" >"${STAGE_DIR}/${OCM_FILE}"
else
echo "Unsupported version ${DB_VERSION}"
exit 1
fi
echo "oracle.install.option=INSTALL_DB_SWONLY" >>"${STAGE_DIR}/${OCM_FILE}"
echo "UNIX_GROUP_NAME=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "INVENTORY_LOCATION=/u01/app/oracle/oraInventory" >>"${STAGE_DIR}/${OCM_FILE}"
echo "ORACLE_HOME=${OHOME}" >>"${STAGE_DIR}/${OCM_FILE}"
echo "ORACLE_BASE=/u01/app/oracle" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.InstallEdition=${EDITION}" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSOPER_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSBACKUPDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSDGDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSKMDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSRACDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "SECURITY_UPDATES_VIA_MYORACLESUPPORT=false" >>"${STAGE_DIR}/${OCM_FILE}"
echo "DECLINE_SECURITY_UPDATES=true" >>"${STAGE_DIR}/${OCM_FILE}"
}
setup_directories() {
mkdir -p "${STAGE_DIR}/patches"
chown "${USER}:${GROUP}" "${STAGE_DIR}/patches"
}
patch_oracle() {
cd "${STAGE_DIR}/patches/${PATCH_VERSION}/${PATCH_VERSION}"
sudo -E -u oracle "${OHOME}/OPatch/opatch" \
apply -silent -ocmrf "${STAGE_DIR}/${OCM_FILE}"
}
checksum_files() {
cd "${STAGE_DIR}"
cat >"${CHECKSUM_FILE}" <<EOF
${INSTALL_ZIP_SHA256} ${INSTALL_ZIP}
EOF
cat "${CHECKSUM_FILE}"
if ! sha256sum -c "${STAGE_DIR}/${CHECKSUM_FILE}" --quiet; then
echo "Checksum failure of installables."
echo "try double check ${INSTALL_CONFIG} DB install/OPatch/PSUs filename and sha256, ensure they are matched with Cloud Storage bucket staged zip files"
exit 1
fi
}
install_oracle() {
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
install_oracle12
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
install_oracle19
fi
}
install_oracle19() {
printf "inventory_loc=/u01/app/oracle/oraInventory\ninst_group=dba\n" \
>>/etc/oraInst.loc
chown "${USER}:${GROUP}" /etc/oraInst.loc
cd "${OHOME}"
export CV_ASSUME_DISTID=OL7
sudo -E -u oracle "${OHOME}/runInstaller" \
-silent \
-waitforcompletion \
-ignorePrereqFailure \
INVENTORY_LOCATION=/etc/oraInst.loc \
UNIX_GROUP_NAME=dba \
ORACLE_HOME="${OHOME}" \
ORACLE_BASE=/u01/app/oracle \
oracle.install.db.InstallEdition="${EDITION}" \
oracle.install.db.OSDBA_GROUP="${GROUP}" \
oracle.install.db.OSOPER_GROUP="${GROUP}" \
oracle.install.db.OSBACKUPDBA_GROUP="${GROUP}" \
oracle.install.db.OSDGDBA_GROUP="${GROUP}" \
oracle.install.db.OSKMDBA_GROUP="${GROUP}" \
oracle.install.db.OSRACDBA_GROUP="${GROUP}" \
oracle.install.option=INSTALL_DB_SWONLY ||
(($? == 6)) # Check for successful install with warning suppressed.
enable_unified_auditing
"${OHOME}/root.sh"
}
install_oracle12() {
printf "inventory_loc=/u01/app/oracle/oraInventory\ninst_group=dba\n" \
>>/etc/oraInst.loc
chown "${USER}:${GROUP}" /etc/oraInst.loc
sudo -u oracle "${STAGE_DIR}/database/runInstaller" \
-silent \
-force \
-invptrloc /etc/oraInst.loc \
-waitforcompletion \
-ignoresysprereqs \
-ignoreprereq \
UNIX_GROUP_NAME=dba \
ORACLE_HOME="${OHOME}" \
ORACLE_BASE=/u01/app/oracle \
oracle.install.db.InstallEdition="${EDITION}" \
oracle.install.db.OSDBA_GROUP="${GROUP}" \
oracle.install.db.OSOPER_GROUP="${GROUP}" \
oracle.install.db.OSBACKUPDBA_GROUP="${GROUP}" \
oracle.install.db.OSDGDBA_GROUP="${GROUP}" \
oracle.install.db.OSKMDBA_GROUP="${GROUP}" \
oracle.install.db.OSRACDBA_GROUP="${GROUP}" \
oracle.install.option=INSTALL_DB_SWONLY ||
(($? == 6)) # Check for successful install with warning suppressed.
enable_unified_auditing
"${OHOME}/root.sh"
}
enable_unified_auditing() {
cd "${OHOME}/rdbms/lib"
sudo -u oracle \
make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME="${OHOME}"
}
create_cdb() {
local syspass="$(openssl rand -base64 16 | tr -dc a-zA-Z0-9)"
sudo -u oracle "${OHOME}/bin/dbca" \
-silent \
-createDatabase \
-templateName General_Purpose.dbc \
-gdbname "${CDB_NAME}" \
-createAsContainerDatabase true \
-sid "${CDB_NAME}" \
-responseFile NO_VALUE \
-characterSet "${CHARACTER_SET}" \
-memoryPercentage "${MEM_PCT}" \
-emConfiguration NONE \
-datafileDestination "/u01/app/oracle/oradata" \
-storageType FS \
-initParams "${INIT_PARAMS}" \
-databaseType MULTIPURPOSE \
-recoveryAreaDestination /u01/app/oracle/fast_recovery_area \
-sysPassword "${syspass}" \
-systemPassword "${syspass}"
}
set_environment() {
source "/home/oracle/${CDB_NAME}.env"
}
cleanup_post_success() {
# ORDS
rm -rf "${OHOME}/ords" &&
# SQL Developer
rm -rf "${OHOME}/sqldeveloper" &&
# UCP connection pool
rm -rf "${OHOME}/ucp" &&
# All installer files
rm -rf "${OHOME}/lib/*.zip" &&
# OUI backup
rm -rf "${OHOME}/inventory/backup/*" &&
# Network tools help
rm -rf "${OHOME}/network/tools/help" &&
# Database upgrade assistant
rm -rf "${OHOME}/assistants/dbua" &&
# Database migration assistant
rm -rf "${OHOME}/dmu" &&
# Remove pilot workflow installer
rm -rf "${OHOME}/install/pilot" &&
# Support tools
rm -rf "${OHOME}/suptools" &&
# Temp location
rm -rf /tmp/* &&
# Install files
rm -rf "${STAGE_DIR}"
}
unzip_binaries() {
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
chown -R "${USER}:${GROUP}" "${STAGE_DIR}"
sudo -u oracle unzip "${STAGE_DIR}/${INSTALL_ZIP}" -d "${STAGE_DIR}"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
sudo -u oracle unzip "${STAGE_DIR}/${INSTALL_ZIP}" -d "${OHOME}"
fi
sudo -u oracle unzip "${STAGE_DIR}/${PATCH_ZIP}" -d "${STAGE_DIR}/patches/${PATCH_VERSION}"
rm "${STAGE_DIR}/${INSTALL_ZIP}"
rm "${STAGE_DIR}/${PATCH_ZIP}"
}
shutdown_oracle() {
run_sql "shutdown immediate;"
echo "Oracle Database Shutdown"
}
run_sql() {
echo "${1}" | sudo -E -u oracle "${OHOME}/bin/sqlplus" -S / as sysdba
}
patch_log4j(){
# Delete Jndi classes from log4j jars as part of CVE-2021-44228
# While waiting for oracle patches.
for f in $(find "${OHOME}" -type f -name "log4j-core*.jar"); do
sudo -u oracle zip -q -d "$f" org/apache/logging/log4j/core/lookup/JndiLookup.class || true
done
}
main() {
setup_patching
setup_installers
checksum_files
setup_directories
setup_ocm
if [[ "${CREATE_CDB}" == true ]]; then
set_environment
fi
chown -R "${USER}:${GROUP}" /u01
unzip_binaries
install_oracle
rm -rf "${OHOME}/OPatch"
sudo -u oracle unzip "${STAGE_DIR}/${OPATCH_ZIP}" -d "${OHOME}"
patch_oracle
if [[ "${CREATE_CDB}" == true ]]; then
create_cdb
shutdown_oracle
fi
chown "${USER}:${GROUP}" /etc/oratab
cleanup_post_success
patch_log4j
echo "Oracle installation success"
}
main
ora12-config.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
INSTALL_ZIP="V839960-01.zip"
INSTALL_ZIP_SHA256="96ed97d21f15c1ac0cce3749da6c3dac7059bb60672d76b008103fc754d22dde"
OPATCH_ZIP="p6880880_122010_Linux-x86-64.zip"
OPATCH_ZIP_SHA256="b08320195434559d9662729c5e02abc8436a5c602b4355cc33a673f24d9d1740"
ora19-config.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
INSTALL_ZIP="V982063-01.zip"
INSTALL_ZIP_SHA256="ba8329c757133da313ed3b6d7f86c5ac42cd9970a28bf2e6233f3235233aa8d8"
OPATCH_ZIP="p6880880_190000_Linux-x86-64.zip"
OPATCH_ZIP_SHA256="b08320195434559d9662729c5e02abc8436a5c602b4355cc33a673f24d9d1740"
oracle-preinstall.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -x
set -e
set -u
readonly ORACLE_12="12.2"
readonly ORACLE_18="18c"
readonly ORACLE_19="19.3"
readonly USER='oracle'
readonly GROUP='dba'
install_packages() {
yum install -y shadow-utils openssl sudo zip
yum install -y nmap-ncat.x86_64
yum install -y strace.x86_64
yum install -y net-tools.x86_64
yum install -y lsof.x86_64
yum install -y "${PREINSTALL_RPM}"
echo "#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
" >/etc/pam.d/sudo
if [[ "${DB_VERSION}" == "${ORACLE_18}" ]]; then
echo "#%PAM-1.0
auth sufficient pam_rootok.so
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include postlogin
session optional pam_xauth.so
" >/etc/pam.d/su
fi
}
# Update cryptographic modules from ol7_u8_security_validation repository
# https://docs.oracle.com/en/operating-systems/oracle-linux/7/security/security-FIPS1402ComplianceinOracleLinux7.html#ol7-fips
update_packages_fips() {
yum-config-manager --enable ol7_u8_security_validation ol7_latest
# To ensure that packages are updated from the security repo, disable other repos and only
# enable the security repo.
yum -y --disablerepo="*" --enablerepo="ol7_u8_security_validation" update \
openssl-libs\
openssh-clients\
openssh-server\
libgcrypt\
nss-softokn\
libreswan\
gnutls\
kernel-uek
}
pick_pre_installer() {
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
local -g PREINSTALL_RPM="oracle-database-server-12cR2-preinstall.x86_64"
elif [[ "${DB_VERSION}" == "${ORACLE_18}" ]]; then
local -g PREINSTALL_RPM="oracle-database-preinstall-18c.x86_64"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
local -g PREINSTALL_RPM="oracle-database-preinstall-19c.x86_64"
else
echo "DB version ${DB_VERSION} not supported"
exit 1
fi
}
setup_directories() {
mkdir -p "${ORACLE_HOME}"
#use oinstall instead of dba to allow the script to work for 18c XE.
#This is harmless because we always revert ownership of $ORACLE_BASE to oracle:dba in the Dockerfile.
chown -R "${USER}:oinstall" "${ORACLE_BASE}"
chown -R "${USER}:${GROUP}" "/home/${USER}"
}
create_env_file() {
echo "export ORACLE_HOME=${ORACLE_HOME}" >>"/home/oracle/${CDB_NAME}.env"
echo "export ORACLE_BASE=${ORACLE_BASE}" >>"/home/oracle/${CDB_NAME}.env"
echo "export ORACLE_SID=${CDB_NAME}" >>"/home/oracle/${CDB_NAME}.env"
echo "export PATH=${ORACLE_HOME}/bin:${ORACLE_HOME}/OPatch:/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin" >>"/home/oracle/${CDB_NAME}.env"
echo "export LD_LIBRARY_PATH=${ORACLE_HOME}/lib:/usr/lib" >>"/home/oracle/${CDB_NAME}.env"
chown "${USER}:${GROUP}" "/home/oracle/${CDB_NAME}.env"
}
pick_pre_installer
install_packages
update_packages_fips
setup_directories
if [[ "${CREATE_CDB}" == true ]]; then
create_env_file
fi
cloudbuild.yaml
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
substitutions:
"_DB_VERSION": "12.2"
"_EDITION": "ee"
options:
diskSizeGb: 1000
machineType: 'E2_HIGHCPU_8'
timeout: 7200s
steps:
- name: 'gcr.io/cloud-builders/gsutil'
id: 'install_zip'
args: ['-m', 'cp', "-r", '${_INSTALL_PATH}/*', '.']
- name: 'gcr.io/cloud-builders/docker'
waitFor:
- 'install_zip'
args:
- 'build'
- '--no-cache'
- '--build-arg=DB_VERSION=$_DB_VERSION'
- '--build-arg=ORACLE_HOME=$_ORACLE_HOME'
- '--build-arg=ORACLE_BASE=$_ORACLE_BASE'
- '--build-arg=CREATE_CDB=$_CREATE_CDB'
- '--build-arg=CDB_NAME=$_CDB_NAME'
- '--build-arg=CHARACTER_SET=$_CHARACTER_SET'
- '--build-arg=MEM_PCT=$_MEM_PCT'
- '--build-arg=EDITION=$_EDITION'
- '--build-arg=PATCH_VERSION=$_PATCH_VERSION'
- '--tag=$_TAG'
- '--file=Dockerfile'
- '.'
images:
- '$_TAG'