Hi,
I am testing using key vault to centrally managed wallets. However, I consistently ran into problems when install the key vault agent to the database.
[oracle@fswest agent]$ . oraenv
ORACLE_SID = [ggstb] ?
The Oracle base remains unchanged with value /u01/app/oracle
[oracle@fswest agent]$ java -jar /tmp/okvclient.jar -d /home/oracle/agent/key/ -v
Detected JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre
Detected ORACLE_HOME: /u01/app/oracle/product/19.6.0/dbhome_1
Detected ORACLE_BASE: /u01/app/oracle
Using OKV_HOME: /home/oracle/agent/key/
Please set environment variables ORACLE_HOME, ORACLE_BASE, and OKV_HOME
consistently across processes.
Enter new Key Vault endpoint password (<enter> for auto-login):
Confirm new Key Vault endpoint password:
Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information. <---------------------------------------------- Error
[oracle@fswest agent]$ echo $ORACLE_HOME
/u01/app/oracle/product/19.6.0/dbhome_1
[oracle@fswest agent]$ echo $ORACLE_BASE
/u01/app/oracle
[oracle@fswest agent]$ echo $OKV_HOME
[oracle@fswest agent]$
Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB
FINEST: waiting for the process to close stdout/err.
Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB
FINEST: done waiting for the process to close stdout/err.
Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB
FINEST: Error: Unable to get current installed JDK/JRE version. <--------------------------------------------------------------------------------- Is there special setting needed here?
Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler installOkvutil
SEVERE: Error while executing command: %/home/oracle/agent/key//bin/okvutil% install% -v% 3%
Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler main
SEVERE: Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.
oracle.okv.platform.common.exception.CommonException: Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.
at oracle.okv.platform.okvutil.OkvDeployHandler.installOkvutil(OkvDeployHandler.java:379)
at oracle.okv.platform.okvutil.OkvDeployHandler.install(OkvDeployHandler.java:254)
at oracle.okv.platform.okvutil.OkvDeployHandler.execute(OkvDeployHandler.java:997)
at oracle.okv.platform.okvutil.OkvDeployHandler.main(OkvDeployHandler.java:1192)
[oracle@fswest agent]$
Note, if I ran the installer again, it successes.
[oracle@fswest agent]$ java -jar /tmp/okvclient.jar -d /home/oracle/agent/key/ -v
Detected JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre
Detected ORACLE_HOME: /u01/app/oracle/product/19.6.0/dbhome_1
Detected ORACLE_BASE: /u01/app/oracle
Using OKV_HOME: /home/oracle/agent/key/
Please set environment variables ORACLE_HOME, ORACLE_BASE, and OKV_HOME
consistently across processes.
The endpoint software for Oracle Key Vault upgraded successfully.
[oracle@fswest agent]$
If I proceed and ignore the above error, I am unable to open the wallet...
[root@fswest ~]# /home/oracle/agent/key/bin/root.sh
Creating directory: /opt/oracle/extapi/64/hsm/oracle/1.0.0/
Copying PKCS library to /opt/oracle/extapi/64/hsm/oracle/1.0.0/
Setting PKCS library file permissions
Installation successful.
[root@fswest ~]#
[oracle@fswest agent]$ cat /u01/app/oracle/homes/OraDB19Home1/network/admin/sqlnet.ora
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=OKV))
[oracle@fswest agent]$
[oracle@fswest agent]$ sqlplus / as sysdba
SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 18 12:25:23 2020
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> administer key management set keystore open identified by oracle_4U;
administer key management set keystore open identified by oracle_4U
*
ERROR at line 1:
ORA-28353: failed to open wallet
SQL>
SQL> select * from V$encryption_wallet
2 ;
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC
------------------------------ -------------------- --------- -------- ---------
CON_ID
----------
OKV <------------------------------------------------------------------------------------------------------------------------------------------- use key vault
CLOSED UNKNOWN SINGLE NONE UNDEFINED
1
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC
------------------------------ -------------------- --------- -------- ---------
CON_ID
----------
OKV
CLOSED UNKNOWN SINGLE UNITED UNDEFINED
2
WRL_TYPE
--------------------
WRL_PARAMETER
--------------------------------------------------------------------------------
STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC
------------------------------ -------------------- --------- -------- ---------
CON_ID
----------
OKV
CLOSED UNKNOWN SINGLE UNITED UNDEFINED
3
SQL>
environment:
DB: Oracle 19.6 CDB on OEL 7
Key Vault: 18.2