1 Reply Latest reply on Mar 17, 2020 11:59 PM by Peter Wahl-Oracle

    Help wanted with adding Oracle endpoint in Key Vault

    P.Huang

      Hi,

       

      I am testing using key vault to centrally managed wallets. However, I consistently ran into problems when install the key vault agent to the database.

       

      [oracle@fswest agent]$ . oraenv

      ORACLE_SID = [ggstb] ?

      The Oracle base remains unchanged with value /u01/app/oracle

      [oracle@fswest agent]$ java -jar /tmp/okvclient.jar -d /home/oracle/agent/key/ -v

      Detected JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre

      Detected ORACLE_HOME: /u01/app/oracle/product/19.6.0/dbhome_1

      Detected ORACLE_BASE: /u01/app/oracle

      Using OKV_HOME: /home/oracle/agent/key/

      Please set environment variables ORACLE_HOME, ORACLE_BASE, and OKV_HOME

      consistently across processes.

      Enter new Key Vault endpoint password (<enter> for auto-login):         

      Confirm new Key Vault endpoint password:         

      Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.  <---------------------------------------------- Error

      [oracle@fswest agent]$ echo $ORACLE_HOME

      /u01/app/oracle/product/19.6.0/dbhome_1

      [oracle@fswest agent]$ echo $ORACLE_BASE

      /u01/app/oracle

      [oracle@fswest agent]$ echo $OKV_HOME

       

      [oracle@fswest agent]$

       

      Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB

      FINEST: waiting for the process to close stdout/err.

      Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB

      FINEST: done waiting for the process to close stdout/err.

      Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB

      FINEST: Error: Unable to get current installed JDK/JRE version.  <--------------------------------------------------------------------------------- Is there special setting needed here?

       

      Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler installOkvutil

      SEVERE: Error while executing command: %/home/oracle/agent/key//bin/okvutil% install% -v% 3%

      Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler main

      SEVERE: Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.

      oracle.okv.platform.common.exception.CommonException: Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.

          at oracle.okv.platform.okvutil.OkvDeployHandler.installOkvutil(OkvDeployHandler.java:379)

          at oracle.okv.platform.okvutil.OkvDeployHandler.install(OkvDeployHandler.java:254)

          at oracle.okv.platform.okvutil.OkvDeployHandler.execute(OkvDeployHandler.java:997)

          at oracle.okv.platform.okvutil.OkvDeployHandler.main(OkvDeployHandler.java:1192)

       

      [oracle@fswest agent]$

       

      Note, if I ran the installer again, it successes.

       

      [oracle@fswest agent]$ java -jar /tmp/okvclient.jar -d /home/oracle/agent/key/ -v

      Detected JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre

      Detected ORACLE_HOME: /u01/app/oracle/product/19.6.0/dbhome_1

      Detected ORACLE_BASE: /u01/app/oracle

      Using OKV_HOME: /home/oracle/agent/key/

      Please set environment variables ORACLE_HOME, ORACLE_BASE, and OKV_HOME

      consistently across processes.

      The endpoint software for Oracle Key Vault upgraded successfully.

      [oracle@fswest agent]$

       

      If I proceed and ignore the above error, I am unable to open the wallet...

       

      [root@fswest ~]# /home/oracle/agent/key/bin/root.sh

      Creating directory: /opt/oracle/extapi/64/hsm/oracle/1.0.0/

      Copying PKCS library to /opt/oracle/extapi/64/hsm/oracle/1.0.0/

      Setting PKCS library file permissions

      Installation successful.

      [root@fswest ~]#

       

      [oracle@fswest agent]$ cat /u01/app/oracle/homes/OraDB19Home1/network/admin/sqlnet.ora

      ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=OKV))

      [oracle@fswest agent]$

       

      [oracle@fswest agent]$ sqlplus / as sysdba

       

      SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 18 12:25:23 2020

      Version 19.6.0.0.0

       

      Copyright (c) 1982, 2019, Oracle.  All rights reserved.

       

       

      Connected to:

      Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production

      Version 19.6.0.0.0

       

      SQL> administer key management set keystore open identified by oracle_4U;

      administer key management set keystore open identified by oracle_4U

      *

      ERROR at line 1:

      ORA-28353: failed to open wallet

       

       

      SQL>

       

      SQL> select * from V$encryption_wallet

        2  ;

       

      WRL_TYPE

      --------------------

      WRL_PARAMETER

      --------------------------------------------------------------------------------

      STATUS                   WALLET_TYPE        WALLET_OR KEYSTORE FULLY_BAC

      ------------------------------ -------------------- --------- -------- ---------

          CON_ID

      ----------

      OKV <------------------------------------------------------------------------------------------------------------------------------------------- use key vault

       

      CLOSED                   UNKNOWN            SINGLE    NONE     UNDEFINED

           1

       

       

      WRL_TYPE

      --------------------

      WRL_PARAMETER

      --------------------------------------------------------------------------------

      STATUS                   WALLET_TYPE        WALLET_OR KEYSTORE FULLY_BAC

      ------------------------------ -------------------- --------- -------- ---------

          CON_ID

      ----------

      OKV

       

      CLOSED                   UNKNOWN            SINGLE    UNITED   UNDEFINED

           2

       

       

      WRL_TYPE

      --------------------

      WRL_PARAMETER

      --------------------------------------------------------------------------------

      STATUS                   WALLET_TYPE        WALLET_OR KEYSTORE FULLY_BAC

      ------------------------------ -------------------- --------- -------- ---------

          CON_ID

      ----------

      OKV

       

      CLOSED                   UNKNOWN            SINGLE    UNITED   UNDEFINED

           3

       

       

      SQL>

       

      environment:

      DB: Oracle 19.6 CDB on OEL 7

      Key Vault: 18.2