에어갭 GDC용 데이터베이스 서비스는 Oracle 데이터베이스를 관리할 수 있지만 Oracle 소프트웨어 또는 라이선스는 서비스와 함께 배포되지 않습니다. 사용자는 Oracle 소프트웨어를 사용할 수 있는 라이선스를 보유하고 있는지 확인해야 합니다. 서비스와 함께 사용할 소프트웨어를 제공하고 업로드해야 합니다.
다음 작업을 수행할 수 있습니다.
- Oracle 데이터베이스 바이너리를 다운로드합니다.
- Oracle 데이터베이스 컨테이너 이미지를 빌드합니다.
- 데이터베이스 컨테이너 이미지를 Harbor 컨테이너 레지스트리에 업로드합니다.
이 페이지의 작업을 수행하려면 유효한 Oracle Database 라이선스가 필요합니다.
데이터베이스 서비스에서 지원하는 Oracle 데이터베이스 버전 확인
계속하기 전에 다음 명령어를 사용하여 데이터베이스 서비스에서 지원하는 데이터베이스 버전을 확인합니다. 관리 조직 클러스터에서 다음 명령어를 실행합니다.
kubectl get SoftwareLibrary -o=jsonpath='{.items[0].databaseEngines[?(@.name=="Oracle")]}.databaseVersions'
다음과 유사한 결과가 출력됩니다.
[{
"edition":"enterprise",
"isDisabled":false,
"majorVersion":"19",
"minorVersion":"10.0.0.0",
"versionDisplayName":"Oracle 19.10.0.0.0"
}]
이 출력은 데이터베이스 서비스가 주 버전이 19이고 부 버전이 10.0.0.0이며 에디션이 Enterprise인 Oracle 데이터베이스 이미지에서 새 데이터베이스 클러스터를 생성하는 것을 지원한다는 의미입니다.
Oracle 바이너리 다운로드
Oracle 웹사이트에서 Oracle 바이너리를 다운로드합니다. 이 작업을 수행하려면 유효한 Oracle 라이선스가 필요합니다. Oracle 웹사이트에서 다운로드할 소프트웨어는 다음 세 가지입니다.
- Oracle 데이터베이스 바이너리입니다.
- 최근 패치 세트 업데이트 (PSU)
- 사용 가능한 최신 OPatch입니다.
예를 들어 Oracle Database 19.3.0.0.0 Enterprise의 바이너리는 다음과 같습니다.
Linux x86-64용 Oracle Database 19c (19.3.0.0.0)(Enterprise Edition) Oracle eDelivery Cloud(
https://edelivery.oracle.com/
)에서 이 바이너리를 다운로드합니다. 다운로드 페이지의 목록에서 패키지 다운로드를 선택하고 검색 필드에Oracle Database 19 Enterprise Edition
를 입력한 다음 검색을 클릭합니다.패치 세트 업데이트 (PSU) 2021년 4월 PSU를 확인하세요(
https://support.oracle.com/epmos/faces/PatchDetail?patchId=32545013&languageId=0&platformId=226&patch_name=32545013&releaseId=600000000018520&_adf.ctrl-state=7pbau4y2d_4&_afrLoop=470976018798075
). 나중에 이미지를 빌드할 때 사용할 패치 버전(이 예에서는32545013
)을 기록해 둡니다.사용 가능한 최신 OPatch:
https://updates.oracle.com/download/6880880.html
다음 다운로드 매개변수를 선택합니다.- Select a Release 목록에서 OPatch 19.0.0.0.0을 선택합니다.
- 플랫폼 또는 언어 목록에서 Linux x86_64를 선택합니다.
Oracle 데이터베이스 컨테이너 이미지 빌드
다음 단계를 진행하기 전에 Docker가 설치되어 있어야 합니다. Linux 시스템에서 이 단계를 실행해야 합니다.
이전 단계에서 다운로드한 바이너리를 포함하는 디렉터리를 만듭니다. 사용자 환경에서
PATH_TO_IMAGE_BUILD
변수를 설정합니다.export PATH_TO_IMAGE_BUILD=PATH
PATH를 Oracle 바이너리가 포함된 디렉터리의 전체 경로로 바꿉니다.
이 문서의 부록에서 이미지 빌드 스크립트를 PATH_TO_IMAGE_BUILD 디렉터리로 복사합니다.
앞서 다운로드한 Oracle 바이너리를 빌드 스크립트가 있는 PATH_TO_IMAGE_BUILD 디렉터리에 복사합니다. PATH_TO_IMAGE_BUILD 디렉터리에 올바른 파일이 포함되어 있는지 확인합니다.
ls -1X Dockerfile README.md image_build.sh install-oracle-18c-xe.sh install-oracle.sh ora12-config.sh ora19-config.sh oracle-preinstall.sh cloudbuild.yaml p32545013_190000_Linux-x86-64.zip p6880880_200000_Linux-x86-64.zip
이미지 생성 스크립트를 실행합니다.
cd $PATH_TO_IMAGE_BUILD chmod +x ./image_build.sh ./image_build.sh --local_build=true --db_version=19.3 --patch_version=32545013 \ --create_cdb=true --cdb_name=GCLOUD --mem_pct=45 --no_dry_run --project_id=local-build
스크립트를 실행하는 데 약 40분이 소요됩니다.
스크립트는 컨테이너 데이터베이스 (CDB)가 포함된 시드 이미지를 만듭니다. 데이터베이스 서비스는 프로비저닝 시간을 크게 줄이므로 Oracle 이미지를 시드해야 합니다.
다음 명령어를 사용하여 컨테이너화된 데이터베이스 이미지를 성공적으로 만들었는지 확인합니다.
docker images
이미지를 나열하는 다음과 비슷한 출력이 표시됩니다.
REPOSITORY gcr.io/local-build/oracle-database-images/oracle-19.3-ee-seeded-GCLOUD TAG IMAGE ID CREATED SIZE latest c18d81c3cf6e 3 hours ago 13.5GB
이전 단계의 출력에서 이미지 이름과 태그를 사용하여 빌드된 이미지를 tar 파일에 저장합니다.
docker save <image name>:<tag name> | gzip > gdch_db_oracle_image.tar.gz
Harbor 레지스트리에 이미지 업로드
프로젝트에서 스토리지 버킷을 설정하고 여기에 tar 파일을 업로드합니다.
인프라 운영자에게 Artifact Registry에 이미지 업로드를 요청하는 티켓을 만듭니다. 티켓에 다음 정보를 포함합니다.
데이터베이스 서비스용 Oracle 이미지를 업로드하도록 요청합니다.
- 조직 이름:
<organization name>
- 파일 위치:
- 프로젝트 이름:
<name of project owning the bucket>
- 버킷 이름:
<name of the bucket>
- 경로:
<gdch_db_oracle_image.tar.gz>
- 프로젝트 이름:
- 이미지 위치:
- 이미지 이름:
gpc-system-container-images/ods-database-images/oracle.db.anthosapis.com/oracle-enterprise
- 이미지 태그:
majorVersion-minorVersion
- 이미지 이름:
- 조직 이름:
티켓이 해결되면 Oracle을 데이터베이스 엔진으로 사용할 수 있습니다.
다음 단계
데이터베이스 엔진 유형 선택 및 데이터베이스 클러스터 만들기
부록: 이미지 빌드 스크립트
이 섹션에는 Oracle 데이터베이스 컨테이너 이미지 빌드에 참조된 이미지 빌드 스크립트가 포함되어 있습니다.
Dockerfile
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Base image can be either RHEL8 UBI or OEL8 slim
# BASE_IMAGE=registry.access.redhat.com/ubi8/ubi
# ARG BASE_IMAGE=oraclelinux:8-slim
# Oracle 8 does not support 12c.
# ARG BASE_IMAGE=oraclelinux:7-slim
FROM docker.io/oraclelinux:7-slim as base
ARG DB_VERSION
ARG ORACLE_HOME
ARG ORACLE_BASE
ARG CREATE_CDB
ARG CDB_NAME
ENV STAGE_DIR=/tmp/stage/
COPY oracle-preinstall.sh $STAGE_DIR
RUN /bin/bash -c $STAGE_DIR/oracle-preinstall.sh
FROM base as installer
ARG DB_VERSION
ARG CREATE_CDB
ARG CDB_NAME
ARG CHARACTER_SET
ARG MEM_PCT
ARG EDITION
ARG PATCH_VERSION
ARG INSTALL_SCRIPT
ADD ./* $STAGE_DIR
RUN /bin/bash -c \
'if [ "${DB_VERSION}" = "18c" ] && [ "${EDITION}" = "xe" ]; then \
export INSTALL_SCRIPT=install-oracle-18c-xe.sh; \
chmod +x $STAGE_DIR$INSTALL_SCRIPT; \
$STAGE_DIR/$INSTALL_SCRIPT "${CDB_NAME}" "${CHARACTER_SET}" && \
rm -rf $INSTALL_SCRIPT && \
rm -rf $STAGE_DIR; \
else \
export INSTALL_SCRIPT=install-oracle.sh; \
chmod +x $STAGE_DIR$INSTALL_SCRIPT; \
$STAGE_DIR/$INSTALL_SCRIPT "${DB_VERSION}" "${EDITION}" "${CREATE_CDB}" "${CDB_NAME}" "${CHARACTER_SET}" "${MEM_PCT}" "${PATCH_VERSION}" && \
rm -rf $INSTALL_SCRIPT && \
rm -rf $STAGE_DIR; \
fi'
FROM base as database_image
ARG ORACLE_HOME
ARG ORACLE_BASE
ARG CDB_NAME
ENV ORACLE_HOME=$ORACLE_HOME
ENV ORACLE_BASE=$ORACLE_BASE
ENV ORACLE_SID=$CDB_NAME
ENV LD_LIBRARY_PATH=$ORACLE_HOME/lib:/usr/lib
USER oracle
COPY --chown=oracle:dba --from=installer $ORACLE_BASE $ORACLE_BASE
COPY --chown=oracle:dba --from=installer /etc/oratab /etc/oratab
COPY --chown=oracle:dba --from=installer /etc/oraInst.loc /etc/oraInst.loc
USER root
RUN $ORACLE_HOME/root.sh && rm $STAGE_DIR/oracle-preinstall.sh
VOLUME ["/u02", "/u03"]
# TODO: make the port number configurable
EXPOSE 1521
# Define default command to start Oracle Database.
CMD exec /bin/bash
README.md
# Cloud Build for DB Image This tooling picks up the software from Cloud Storage bucket and then creates a container image with the RDBMS software preinstalled. At present, it supports Oracle 19c and Oracle 12.2. The docker container does not contain the database, and needs to be created separately. The base container OS is Oracle Enterprise Linux (OEL7-slim). ## How to run Oracle 19c EE ```shell $ GCS_PATH=$ gcloud builds submit --config=cloudbuild.yaml --substitutions=_INSTALL_PATH=$GCS_PATH,_DB_VERSION=19c ``` Oracle 12.2 EE ```shell $ GCS_PATH= $ gcloud builds submit --config=cloudbuild.yaml --substitutions=_INSTALL_PATH=$GCS_PATH,_DB_VERSION=12.2 ``` Oracle 18c XE ```shell $ GCS_PATH= $ gcloud builds submit --config=cloudbuild.yaml --substitutions=_INSTALL_PATH=$GCS_PATH,_DB_VERSION=18c,_CREATE_CDB=true,_CDB_NAME=MYDB ``` ## Access When running the command, mentioned in Oracle 18c XE, you might see failures if the cloudbuilder service account does not have 'Storage Viewer' access to the Cloud Storage bucket that stores the software. ```shell export PROJECT_NUMBER= export BUCKET_NAME= gcloud storage buckets add-iam-policy-binding gs://$BUCKET_NAME --member=serviceAccount:$PROJECT_NUMBER@cloudbuild.gserviceaccount.com --role=roles/storage.objectViewer ```
image_build.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
readonly ORACLE_12="12.2"
readonly ORACLE_19="19.3"
readonly ORACLE_18="18c"
readonly DUMMY_VALUE="-1"
DB_VERSION=''
EDITION='ee'
CREATE_CDB=false
CDB_NAME=''
CHARACTER_SET='AL32UTF8'
MEM_PCT=25
IMAGE_NAME_SUFFIX=''
INSTALL_PATH=''
NO_DRY_RUN=false
ORACLE_HOME=''
ORACLE_BASE=''
PROJECT_ID=''
LOCAL_BUILD=false
TAG=''
sanity_check_params() {
if [[ "${CREATE_CDB}" == true ]]; then
if [ -z "${CDB_NAME}" ]; then
CDB_NAME="GCLOUD"
fi
db_name_len="${#CDB_NAME}"
if [[ "${db_name_len}" -le 0 || "${db_name_len}" -gt 8 ]]; then
echo "CDB_NAME should be less than or equal to 8 characters"
usage
fi
else
db_name_len="${#CDB_NAME}"
if [[ "${db_name_len}" -gt 0 ]]; then
echo "CDB_NAME is set but CREATE_CDB is not"
usage
fi
fi
if [[ -z "${DB_VERSION}" ]]; then
echo "Version DB_VERSION parameter is required to create images"
usage
fi
if [[ "${DB_VERSION}" != "${ORACLE_12}" && "${DB_VERSION}" != "${ORACLE_18}" && "${DB_VERSION}" != "${ORACLE_19}" ]]; then
echo "${DB_VERSION} is not supported, the supported versions are ${ORACLE_12} and ${ORACLE_19}"
usage
fi
if [ -z "${INSTALL_PATH}" ] && [ "${DB_VERSION}" != "${ORACLE_18}" ] && [ "${LOCAL_BUILD}" != true ]; then
echo "Cloud Storage path containing Oracle installation files is not provided"
usage
fi
if [[ "${MEM_PCT}" -le 0 || "${MEM_PCT}" -gt 100 ]]; then
echo "MEM_PCT should be between 0 and 100"
usage
fi
if [[ "${DB_VERSION}" == "${ORACLE_18}" ]]; then
EDITION="xe"
fi
}
usage() {
echo "------USAGE------
This tool allows you to build oracle database container images.
You have the option of using the Google Cloud build script or performing a local build by setting the --local_build flag to true.
Sanity checks are conducted on your inputs and safe defaults are used as necessary.
image_build.sh --db_version [12.2, 19.3 or 18c] --create_cdb [true or false] --cdb_name [CDB_NAME] --install_path [INSTALL_PATH]
REQUIRED FLAGS
--install_path
Cloud Storage path containing Oracle Database EE installation files.
This flag is only required when using Google Cloud Build.
You do not need to specify this parameter for Oracle 18c XE.
--db_version
Version of the Oracle database.
--create_cdb
Specifies whether a CDB should be created. Must be set to 'true' if using Oracle 18c.
OPTIONAL FLAGS
--cdb_name
Name of the CDB to create. Defaults to 'GCLOUD' if unspecified.
--edition
Edition of the Oracle database. ee is used if unspecified.
This flag is not supported for Oracle 18c and will be ignored.
--patch_version
Version of the Oracle database PSU.
If unspecified, 31741641 is used as the default value for 12.2 ,
32545013 is used as the default value for 19.3 .
This flag is not supported for Oracle 18c and will be ignored.
--local_build
if true, docker is used to build an image locally. If false or unspecified, Google Cloud Build is used to build the image.
--project_id
project_id Google Cloud project to use for image build. If unspecified, your default gcloud project will be used.
For local builds, this flag can be set to 'local-build'.
--mem_pct
Percentage of memory.
This flag is not supported for Oracle 18c and will be ignored.
--character_set
Character set for the newly created CDB
--tag
Tag that should be applied to the image.
If a tag is not specified, 'gcr.io/\$GCR_PROJECT_ID/oracle-database-images/oracle-\${DB_VERSION}-\${EDITION}-\${IMAGE_NAME_SUFFIX}:latest' is used.
--no_dry_run
Run command in full mode. Will execute actions.
"
exit 1
}
function parse_arguments() {
opts=$(getopt -o i:v:c:n:p:m:c:h \
--longoptions install_path:,db_version:,edition:,create_cdb:,cdb_name:,mem_pct:,character_set:,help:,project_id:,patch_version:,local_build:,tag:,no_dry_run,help \
-n "$(basename "$0")" -- "$@")
eval set -- "$opts"
while true; do
case "$1" in
-i | --install_path)
shift
INSTALL_PATH=$1
shift
;;
-v | --db_version)
shift
DB_VERSION=$1
shift
;;
-e | --edition)
shift
EDITION=$1
shift
;;
-c | --create_cdb)
shift
CREATE_CDB=$1
shift
;;
-n | --cdb_name)
shift
CDB_NAME=$1
shift
;;
-m | --mem_pct)
shift
MEM_PCT=$1
shift
;;
--character_set)
shift
CHARACTER_SET=$1
shift
;;
--patch_version)
shift
PATCH_VERSION=$1
shift
;;
--project_id)
shift
PROJECT_ID=$1
shift
;;
--local_build)
shift
LOCAL_BUILD=$1
shift
;;
-t | --tag)
shift
TAG=$1
shift
;;
-h | --help)
usage
return 1
;;
--no_dry_run)
NO_DRY_RUN=true
shift
;;
--)
shift
break
;;
*)
echo Invalid argument "$1"
usage
exit 1
;;
esac
done
}
execute_command() {
IMAGE_NAME_SUFFIX=$(echo "$CDB_NAME" | tr '[:upper:]' '[:lower:]')
if [ -z "${PROJECT_ID}" ]; then
PROJECT_ID=$(gcloud config get-value project 2>/dev/null)
echo "Project not specified, falling back on current gcloud default:"
echo "$PROJECT_ID"
fi
if [ -z "${PATCH_VERSION}" ]; then
PATCH_VERSION="${DUMMY_VALUE}"
fi
GCR_PROJECT_ID=$(echo "$PROJECT_ID" | tr : /)
if [[ "${CREATE_CDB}" == true ]]; then
IMAGE_NAME_SUFFIX="seeded-${IMAGE_NAME_SUFFIX}"
else
IMAGE_NAME_SUFFIX="unseeded"
CDB_NAME=""
fi
if [ "${DB_VERSION}" == "${ORACLE_18}" ] && [ "${EDITION}" == "xe" ]; then
ORACLE_HOME="/opt/oracle/product/18c/dbhomeXE"
ORACLE_BASE="/opt/oracle"
else
ORACLE_HOME="/u01/app/oracle/product/${DB_VERSION}/db"
ORACLE_BASE="/u01/app/oracle"
fi
if [ -z "${TAG}" ]; then
TAG="gcr.io/${GCR_PROJECT_ID}/oracle-database-images/oracle-${DB_VERSION}-${EDITION}-${IMAGE_NAME_SUFFIX}:latest"
fi
if [ "${LOCAL_BUILD}" == true ]; then
BUILD_CMD=$(echo docker build --no-cache --build-arg=DB_VERSION="${DB_VERSION}" --build-arg=ORACLE_HOME="${ORACLE_HOME}" --build-arg=ORACLE_BASE="${ORACLE_BASE}" --build-arg=CREATE_CDB="${CREATE_CDB}" --build-arg=CDB_NAME="${CDB_NAME}" --build-arg=CHARACTER_SET="${CHARACTER_SET}" --build-arg=MEM_PCT="${MEM_PCT}" --build-arg=EDITION="${EDITION}" --build-arg=PATCH_VERSION="${PATCH_VERSION}" --tag="$TAG" .)
else
if [ "${DB_VERSION}" == "${ORACLE_18}" ]; then
BUILD_CMD=$(echo gcloud builds submit --project=${PROJECT_ID} --config=cloudbuild-18c-xe.yaml --substitutions=_ORACLE_HOME="${ORACLE_HOME}",_ORACLE_BASE="${ORACLE_BASE}",_CDB_NAME="${CDB_NAME}",_CHARACTER_SET="${CHARACTER_SET}",_TAG="${TAG}")
else
BUILD_CMD=$(echo gcloud builds submit --project=${PROJECT_ID} --config=cloudbuild.yaml --substitutions=_INSTALL_PATH="${INSTALL_PATH}",_DB_VERSION="${DB_VERSION}",_EDITION="${EDITION}",_ORACLE_HOME="${ORACLE_HOME}",_ORACLE_BASE="${ORACLE_BASE}",_CREATE_CDB="${CREATE_CDB}",_CDB_NAME="${CDB_NAME}",_CHARACTER_SET="${CHARACTER_SET}",_MEM_PCT="${MEM_PCT}",_TAG="${TAG}",_PATCH_VERSION="${PATCH_VERSION}")
fi
fi
if [[ "$NO_DRY_RUN" == true ]]; then
echo "Executing the following command:"
echo "$BUILD_CMD"
${BUILD_CMD}
else
echo "Dry run mode: the command would have executed as follows:"
echo "$BUILD_CMD"
fi
}
main() {
parse_arguments "$@"
sanity_check_params
date
time execute_command
}
main "$@"
install-oracle-18c-xe.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# shellcheck disable=2153
set -x
set -e
set -u
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
readonly CDB_NAME=${1:-GCLOUD}
readonly CHARACTER_SET=${2:-AL32UTF8}
readonly USER="oracle"
readonly GROUP="dba"
readonly OHOME="/opt/oracle/product/18c/dbhomeXE"
readonly DB_VERSION="18c"
set_environment() {
export ORACLE_DOCKER_INSTALL=true
source "/home/oracle/${CDB_NAME}.env"
}
install_oracle() {
yum -y localinstall https://download.oracle.com/otn-pub/otn_software/db-express/oracle-database-xe-18c-1.0-1.x86_64.rpm
}
write_oracle_config() {
echo "\
CHARSET=${CHARACTER_SET}
ORACLE_SID=${CDB_NAME}
SKIP_VALIDATIONS=FALSE" > /etc/sysconfig/oracle-xe-18c.conf
}
create_cdb() {
local syspass="$(openssl rand -base64 16 | tr -dc a-zA-Z0-9)"
(echo "${syspass}"; echo "${syspass}";) | /etc/init.d/oracle-xe-18c configure
}
set_file_ownership() {
chown -R "${USER}:${GROUP}" "${OHOME}"
chown -R "${USER}:${GROUP}" "/home/${USER}"
chown "${USER}:${GROUP}" /etc/oraInst.loc
chown -R "${USER}:${GROUP}" /opt
}
shutdown_oracle() {
run_sql "shutdown immediate;"
echo "Oracle Database Shutdown"
}
delete_xe_pdb() {
run_sql "ALTER PLUGGABLE DATABASE XEPDB1 CLOSE;"
run_sql "DROP PLUGGABLE DATABASE XEPDB1 INCLUDING DATAFILES;"
}
run_sql() {
echo "${1}" | sudo -E -u oracle "${ORACLE_HOME}/bin/sqlplus" -S / as sysdba
}
main() {
echo "Running Oracle 18c XE install script..."
set_environment
install_oracle
write_oracle_config
create_cdb
set_file_ownership
delete_xe_pdb
shutdown_oracle
echo "Oracle 18c XE installation succeeded!"
}
main
install-oracle.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# shellcheck disable=2153
set -x
set -e
set -u
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
readonly DB_VERSION="$1"
readonly EDITION="$2"
readonly CREATE_CDB="$3"
readonly CDB_NAME="$4"
readonly CHARACTER_SET=${5:-AL32UTF8}
readonly MEM_PCT=${6:-25}
PATCH_VERSION="$7"
readonly INIT_PARAMS="log_archive_dest_1='LOCATION=USE_DB_RECOVERY_FILE_DEST',enable_pluggable_database=TRUE,common_user_prefix='gcsql$'"
readonly USER='oracle'
readonly GROUP='dba'
readonly OCM_FILE="ocm.rsp"
readonly OHOME="/u01/app/oracle/product/${DB_VERSION}/db"
readonly ORACLE_12="12.2"
readonly ORACLE_19="19.3"
setup_patching() {
if [[ "${PATCH_VERSION}" == "-1" ]]; then
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
PATCH_VERSION="31741641"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
PATCH_VERSION="32545013"
fi
fi
local patch_suffix
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
patch_suffix="_122010_Linux-x86-64.zip"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
patch_suffix="_190000_Linux-x86-64.zip"
fi
PATCH_ZIP="p${PATCH_VERSION}${patch_suffix}"
if [[ ! -f "${STAGE_DIR}"/"${PATCH_ZIP}" ]]; then
echo "could not find the PSU zip in ${STAGE_DIR}/${PATCH_ZIP}, possible fixes:
if '--local_build' is enabled, try stage ${PATCH_ZIP} to the same directory with image_build.sh.
if '--local_build' is disabled, try stage ${PATCH_ZIP} to the gcs bucket.
Update '--patch_version' when running image_build.sh, the script assumes the file name is 'p<var>patch_version</var>${patch_suffix}'."
exit 1
fi
}
setup_installers() {
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
local -g INSTALL_CONFIG="ora12-config.sh"
# shellcheck source=ora12-config.sh
source "${STAGE_DIR}"/"${INSTALL_CONFIG}"
local -g CHECKSUM_FILE="checksum.sha256.12"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
local -g INSTALL_CONFIG="ora19-config.sh"
# shellcheck source=ora19-config.sh
source "${STAGE_DIR}"/"${INSTALL_CONFIG}"
local -g CHECKSUM_FILE="checksum.sha256.19"
else
echo "DB version ${DB_VERSION} not supported"
exit 1
fi
_fallback_install_file
_fallback_opatch_file
}
_fallback_install_file() {
if [[ -f "${STAGE_DIR}"/"${INSTALL_ZIP}" ]]; then
echo "found DB installer zip ${STAGE_DIR}/${INSTALL_ZIP}, install will use ${INSTALL_ZIP}"
return
fi
# installer zip can be downloaded either from OTN or edelivery
# default file name for edelivery: V839960-01.zip
# default file name for OTN: linuxx64_12201_database.zip
local candidates=("linuxx64_12201_database.zip")
if [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
candidates=("LINUX.X64_193000_db_home.zip")
fi
echo "could not find the specified DB installer zip. Will try falling back to one of these possible names:" "${candidates[@]}"
for f in "${candidates[@]}"; do
if [[ -f "${STAGE_DIR}"/"${f}" ]]; then
echo "found DB installer zip ${STAGE_DIR}/${f},install will use ${f}"
INSTALL_ZIP="${f}"
break
else
echo "could not find fallback DB installer zip ${STAGE_DIR}/${f}, try specifying an installer from one of these possible names:" "${candidates[@]}"
fi
done
}
_fallback_opatch_file() {
if [[ -f "${STAGE_DIR}"/"${OPATCH_ZIP}" ]]; then
echo "found opatch zip ${STAGE_DIR}/${OPATCH_ZIP}, install will use ${OPATCH_ZIP}"
return
fi
# OPATCH_ZIP can be p6880880_200000_Linux-x86-64.zip, p6880880_190000_Linux-x86-64.zip
# p6880880_180000_Linux-x86-64.zip, p6880880_122010_Linux-x86-64.zip
# for 04302020 OPATCH, their sha256sum are identical "B08320195434559D9662729C5E02ABC8436A5C602B4355CC33A673F24D9D174"
local candidates=(
"p6880880_200000_Linux-x86-64.zip"
"p6880880_190000_Linux-x86-64.zip"
"p6880880_180000_Linux-x86-64.zip"
"p6880880_122010_Linux-x86-64.zip"
)
echo "cannot find opatch zip from config, try one of possible names" "${candidates[@]}"
for f in "${candidates[@]}"; do
if [[ -f "${STAGE_DIR}"/"${f}" ]]; then
echo "found opatch zip ${STAGE_DIR}/${f},install will use ${f}"
OPATCH_ZIP="${f}"
break
else
echo "cannot find opatch zip ${STAGE_DIR}/${f}, try fallback to other possible names"
fi
done
}
setup_ocm() {
if [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
echo "oracle.install.responseFileVersion=/oracle/install/rspfmt_dbinstall_response_schema_v19.0.0" >"${STAGE_DIR}/${OCM_FILE}"
elif [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
echo "oracle.install.responseFileVersion=/oracle/install/rspfmt_dbinstall_response_schema_v12.2.0" >"${STAGE_DIR}/${OCM_FILE}"
else
echo "Unsupported version ${DB_VERSION}"
exit 1
fi
echo "oracle.install.option=INSTALL_DB_SWONLY" >>"${STAGE_DIR}/${OCM_FILE}"
echo "UNIX_GROUP_NAME=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "INVENTORY_LOCATION=/u01/app/oracle/oraInventory" >>"${STAGE_DIR}/${OCM_FILE}"
echo "ORACLE_HOME=${OHOME}" >>"${STAGE_DIR}/${OCM_FILE}"
echo "ORACLE_BASE=/u01/app/oracle" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.InstallEdition=${EDITION}" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSOPER_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSBACKUPDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSDGDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSKMDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "oracle.install.db.OSRACDBA_GROUP=dba" >>"${STAGE_DIR}/${OCM_FILE}"
echo "SECURITY_UPDATES_VIA_MYORACLESUPPORT=false" >>"${STAGE_DIR}/${OCM_FILE}"
echo "DECLINE_SECURITY_UPDATES=true" >>"${STAGE_DIR}/${OCM_FILE}"
}
setup_directories() {
mkdir -p "${STAGE_DIR}/patches"
chown "${USER}:${GROUP}" "${STAGE_DIR}/patches"
}
patch_oracle() {
cd "${STAGE_DIR}/patches/${PATCH_VERSION}/${PATCH_VERSION}"
sudo -E -u oracle "${OHOME}/OPatch/opatch" \
apply -silent -ocmrf "${STAGE_DIR}/${OCM_FILE}"
}
checksum_files() {
cd "${STAGE_DIR}"
cat >"${CHECKSUM_FILE}" <<EOF
${INSTALL_ZIP_SHA256} ${INSTALL_ZIP}
EOF
cat "${CHECKSUM_FILE}"
if ! sha256sum -c "${STAGE_DIR}/${CHECKSUM_FILE}" --quiet; then
echo "Checksum failure of installables."
echo "try double check ${INSTALL_CONFIG} DB install/OPatch/PSUs filename and sha256, ensure they are matched with Cloud Storage bucket staged zip files"
exit 1
fi
}
install_oracle() {
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
install_oracle12
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
install_oracle19
fi
}
install_oracle19() {
printf "inventory_loc=/u01/app/oracle/oraInventory\ninst_group=dba\n" \
>>/etc/oraInst.loc
chown "${USER}:${GROUP}" /etc/oraInst.loc
cd "${OHOME}"
export CV_ASSUME_DISTID=OL7
sudo -E -u oracle "${OHOME}/runInstaller" \
-silent \
-waitforcompletion \
-ignorePrereqFailure \
INVENTORY_LOCATION=/etc/oraInst.loc \
UNIX_GROUP_NAME=dba \
ORACLE_HOME="${OHOME}" \
ORACLE_BASE=/u01/app/oracle \
oracle.install.db.InstallEdition="${EDITION}" \
oracle.install.db.OSDBA_GROUP="${GROUP}" \
oracle.install.db.OSOPER_GROUP="${GROUP}" \
oracle.install.db.OSBACKUPDBA_GROUP="${GROUP}" \
oracle.install.db.OSDGDBA_GROUP="${GROUP}" \
oracle.install.db.OSKMDBA_GROUP="${GROUP}" \
oracle.install.db.OSRACDBA_GROUP="${GROUP}" \
oracle.install.option=INSTALL_DB_SWONLY ||
(($? == 6)) # Check for successful install with warning suppressed.
enable_unified_auditing
"${OHOME}/root.sh"
}
install_oracle12() {
printf "inventory_loc=/u01/app/oracle/oraInventory\ninst_group=dba\n" \
>>/etc/oraInst.loc
chown "${USER}:${GROUP}" /etc/oraInst.loc
sudo -u oracle "${STAGE_DIR}/database/runInstaller" \
-silent \
-force \
-invptrloc /etc/oraInst.loc \
-waitforcompletion \
-ignoresysprereqs \
-ignoreprereq \
UNIX_GROUP_NAME=dba \
ORACLE_HOME="${OHOME}" \
ORACLE_BASE=/u01/app/oracle \
oracle.install.db.InstallEdition="${EDITION}" \
oracle.install.db.OSDBA_GROUP="${GROUP}" \
oracle.install.db.OSOPER_GROUP="${GROUP}" \
oracle.install.db.OSBACKUPDBA_GROUP="${GROUP}" \
oracle.install.db.OSDGDBA_GROUP="${GROUP}" \
oracle.install.db.OSKMDBA_GROUP="${GROUP}" \
oracle.install.db.OSRACDBA_GROUP="${GROUP}" \
oracle.install.option=INSTALL_DB_SWONLY ||
(($? == 6)) # Check for successful install with warning suppressed.
enable_unified_auditing
"${OHOME}/root.sh"
}
enable_unified_auditing() {
cd "${OHOME}/rdbms/lib"
sudo -u oracle \
make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME="${OHOME}"
}
create_cdb() {
local syspass="$(openssl rand -base64 16 | tr -dc a-zA-Z0-9)"
sudo -u oracle "${OHOME}/bin/dbca" \
-silent \
-createDatabase \
-templateName General_Purpose.dbc \
-gdbname "${CDB_NAME}" \
-createAsContainerDatabase true \
-sid "${CDB_NAME}" \
-responseFile NO_VALUE \
-characterSet "${CHARACTER_SET}" \
-memoryPercentage "${MEM_PCT}" \
-emConfiguration NONE \
-datafileDestination "/u01/app/oracle/oradata" \
-storageType FS \
-initParams "${INIT_PARAMS}" \
-databaseType MULTIPURPOSE \
-recoveryAreaDestination /u01/app/oracle/fast_recovery_area \
-sysPassword "${syspass}" \
-systemPassword "${syspass}"
}
set_environment() {
source "/home/oracle/${CDB_NAME}.env"
}
cleanup_post_success() {
# ORDS
rm -rf "${OHOME}/ords" &&
# SQL Developer
rm -rf "${OHOME}/sqldeveloper" &&
# UCP connection pool
rm -rf "${OHOME}/ucp" &&
# All installer files
rm -rf "${OHOME}/lib/*.zip" &&
# OUI backup
rm -rf "${OHOME}/inventory/backup/*" &&
# Network tools help
rm -rf "${OHOME}/network/tools/help" &&
# Database upgrade assistant
rm -rf "${OHOME}/assistants/dbua" &&
# Database migration assistant
rm -rf "${OHOME}/dmu" &&
# Remove pilot workflow installer
rm -rf "${OHOME}/install/pilot" &&
# Support tools
rm -rf "${OHOME}/suptools" &&
# Temp location
rm -rf /tmp/* &&
# Install files
rm -rf "${STAGE_DIR}"
}
unzip_binaries() {
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
chown -R "${USER}:${GROUP}" "${STAGE_DIR}"
sudo -u oracle unzip "${STAGE_DIR}/${INSTALL_ZIP}" -d "${STAGE_DIR}"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
sudo -u oracle unzip "${STAGE_DIR}/${INSTALL_ZIP}" -d "${OHOME}"
fi
sudo -u oracle unzip "${STAGE_DIR}/${PATCH_ZIP}" -d "${STAGE_DIR}/patches/${PATCH_VERSION}"
rm "${STAGE_DIR}/${INSTALL_ZIP}"
rm "${STAGE_DIR}/${PATCH_ZIP}"
}
shutdown_oracle() {
run_sql "shutdown immediate;"
echo "Oracle Database Shutdown"
}
run_sql() {
echo "${1}" | sudo -E -u oracle "${OHOME}/bin/sqlplus" -S / as sysdba
}
patch_log4j(){
# Delete Jndi classes from log4j jars as part of CVE-2021-44228
# While waiting for oracle patches.
for f in $(find "${OHOME}" -type f -name "log4j-core*.jar"); do
sudo -u oracle zip -q -d "$f" org/apache/logging/log4j/core/lookup/JndiLookup.class || true
done
}
main() {
setup_patching
setup_installers
checksum_files
setup_directories
setup_ocm
if [[ "${CREATE_CDB}" == true ]]; then
set_environment
fi
chown -R "${USER}:${GROUP}" /u01
unzip_binaries
install_oracle
rm -rf "${OHOME}/OPatch"
sudo -u oracle unzip "${STAGE_DIR}/${OPATCH_ZIP}" -d "${OHOME}"
patch_oracle
if [[ "${CREATE_CDB}" == true ]]; then
create_cdb
shutdown_oracle
fi
chown "${USER}:${GROUP}" /etc/oratab
cleanup_post_success
patch_log4j
echo "Oracle installation success"
}
main
ora12-config.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
INSTALL_ZIP="V839960-01.zip"
INSTALL_ZIP_SHA256="96ed97d21f15c1ac0cce3749da6c3dac7059bb60672d76b008103fc754d22dde"
OPATCH_ZIP="p6880880_122010_Linux-x86-64.zip"
OPATCH_ZIP_SHA256="b08320195434559d9662729c5e02abc8436a5c602b4355cc33a673f24d9d1740"
ora19-config.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
INSTALL_ZIP="V982063-01.zip"
INSTALL_ZIP_SHA256="ba8329c757133da313ed3b6d7f86c5ac42cd9970a28bf2e6233f3235233aa8d8"
OPATCH_ZIP="p6880880_190000_Linux-x86-64.zip"
OPATCH_ZIP_SHA256="b08320195434559d9662729c5e02abc8436a5c602b4355cc33a673f24d9d1740"
oracle-preinstall.sh
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -x
set -e
set -u
readonly ORACLE_12="12.2"
readonly ORACLE_18="18c"
readonly ORACLE_19="19.3"
readonly USER='oracle'
readonly GROUP='dba'
install_packages() {
yum install -y shadow-utils openssl sudo zip
yum install -y nmap-ncat.x86_64
yum install -y strace.x86_64
yum install -y net-tools.x86_64
yum install -y lsof.x86_64
yum install -y "${PREINSTALL_RPM}"
echo "#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
" >/etc/pam.d/sudo
if [[ "${DB_VERSION}" == "${ORACLE_18}" ]]; then
echo "#%PAM-1.0
auth sufficient pam_rootok.so
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include postlogin
session optional pam_xauth.so
" >/etc/pam.d/su
fi
}
# Update cryptographic modules from ol7_u8_security_validation repository
# https://docs.oracle.com/en/operating-systems/oracle-linux/7/security/security-FIPS1402ComplianceinOracleLinux7.html#ol7-fips
update_packages_fips() {
yum-config-manager --enable ol7_u8_security_validation ol7_latest
# To ensure that packages are updated from the security repo, disable other repos and only
# enable the security repo.
yum -y --disablerepo="*" --enablerepo="ol7_u8_security_validation" update \
openssl-libs\
openssh-clients\
openssh-server\
libgcrypt\
nss-softokn\
libreswan\
gnutls\
kernel-uek
}
pick_pre_installer() {
if [[ "${DB_VERSION}" == "${ORACLE_12}" ]]; then
local -g PREINSTALL_RPM="oracle-database-server-12cR2-preinstall.x86_64"
elif [[ "${DB_VERSION}" == "${ORACLE_18}" ]]; then
local -g PREINSTALL_RPM="oracle-database-preinstall-18c.x86_64"
elif [[ "${DB_VERSION}" == "${ORACLE_19}" ]]; then
local -g PREINSTALL_RPM="oracle-database-preinstall-19c.x86_64"
else
echo "DB version ${DB_VERSION} not supported"
exit 1
fi
}
setup_directories() {
mkdir -p "${ORACLE_HOME}"
#use oinstall instead of dba to allow the script to work for 18c XE.
#This is harmless because we always revert ownership of $ORACLE_BASE to oracle:dba in the Dockerfile.
chown -R "${USER}:oinstall" "${ORACLE_BASE}"
chown -R "${USER}:${GROUP}" "/home/${USER}"
}
create_env_file() {
echo "export ORACLE_HOME=${ORACLE_HOME}" >>"/home/oracle/${CDB_NAME}.env"
echo "export ORACLE_BASE=${ORACLE_BASE}" >>"/home/oracle/${CDB_NAME}.env"
echo "export ORACLE_SID=${CDB_NAME}" >>"/home/oracle/${CDB_NAME}.env"
echo "export PATH=${ORACLE_HOME}/bin:${ORACLE_HOME}/OPatch:/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin" >>"/home/oracle/${CDB_NAME}.env"
echo "export LD_LIBRARY_PATH=${ORACLE_HOME}/lib:/usr/lib" >>"/home/oracle/${CDB_NAME}.env"
chown "${USER}:${GROUP}" "/home/oracle/${CDB_NAME}.env"
}
pick_pre_installer
install_packages
update_packages_fips
setup_directories
if [[ "${CREATE_CDB}" == true ]]; then
create_env_file
fi
cloudbuild.yaml
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
substitutions:
"_DB_VERSION": "12.2"
"_EDITION": "ee"
options:
diskSizeGb: 1000
machineType: 'E2_HIGHCPU_8'
timeout: 7200s
steps:
- name: 'gcr.io/cloud-builders/gsutil'
id: 'install_zip'
args: ['-m', 'cp', "-r", '${_INSTALL_PATH}/*', '.']
- name: 'gcr.io/cloud-builders/docker'
waitFor:
- 'install_zip'
args:
- 'build'
- '--no-cache'
- '--build-arg=DB_VERSION=$_DB_VERSION'
- '--build-arg=ORACLE_HOME=$_ORACLE_HOME'
- '--build-arg=ORACLE_BASE=$_ORACLE_BASE'
- '--build-arg=CREATE_CDB=$_CREATE_CDB'
- '--build-arg=CDB_NAME=$_CDB_NAME'
- '--build-arg=CHARACTER_SET=$_CHARACTER_SET'
- '--build-arg=MEM_PCT=$_MEM_PCT'
- '--build-arg=EDITION=$_EDITION'
- '--build-arg=PATCH_VERSION=$_PATCH_VERSION'
- '--tag=$_TAG'
- '--file=Dockerfile'
- '.'
images:
- '$_TAG'