问题描述
这是如何设置自定义 JupyterHub 环境“oracle-minimal”的方法,根据此处的 Dockerfile 改编 https://github.com/jupyter/docker-stacks/blob/master/minimal-notebook/Dockerfile,以使用 ORACLE 钱包连接到 ORACLE 数据库。
创建以下文件...
Dockerfile(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
# copyright (c) Jupyter Development Team.
# distributed under the terms of the Modified BSD License.
ARG BASE_CONTAINER=jupyter/base-notebook
FROM $BASE_CONTAINER
LABEL maintainer="Jupyter Project <jupyter@googlegroups.com>"
USER root
# Install all OS dependencies for fully functional notebook server
RUN apt-get update && apt-get install -yq --no-install-recommends \
build-essential \
vim-tiny \
git \
inkscape \
libsm6 \
libxext-dev \
libxrender1 \
lmodern \
netcat \
# ---- nbconvert dependencies ----
texlive-xetex \
texlive-fonts-recommended \
texlive-plain-generic \
# ----
tzdata \
unzip \
nano-tiny \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
#BEGIN: JAVA JRE / JDK installation
RUN apt update && \
apt install default-jre -y && \
apt install default-jdk -y
#BEGIN: ORACLE InstantClient / ORACLE sql*Plus / ORACLE SDK installation
copY oracle-instantclient-basic-21.1.0.0.0-1.x86_64.rpm /
copY oracle-instantclient-sqlplus-21.1.0.0.0-1.x86_64.rpm /
copY oracle-instantclient-devel-21.1.0.0.0-1.x86_64.rpm /
workdir /
RUN apt-get install alien -y && \
alien -i oracle-instantclient-basic-21.1.0.0.0-1.x86_64.rpm && \
alien -i oracle-instantclient-sqlplus-21.1.0.0.0-1.x86_64.rpm && \
alien -i oracle-instantclient-devel-21.1.0.0.0-1.x86_64.rpm && \
rm /oracle*.rpm && \
apt-get install libaio1 -y && \
echo 'export ORACLE_HOME=/usr/lib/oracle/21/client64' >> ~/.bashrc && \
source ~/.bashrc && \
echo '$ORACLE_HOME/lib/' > /etc/ld.so.conf.d/oracle.conf && \
ldconfig && \
echo 'export LD_LIBRARY_PATH=$ORACLE_HOME/lib' >> ~/.bashrc && \
echo 'export PATH=$PATH:$ORACLE_HOME/bin' >> ~/.bashrc && \
echo 'export TNS_ADMIN=$ORACLE_HOME/lib/network/admin' >> ~/.bashrc && \
source ~/.bashrc
copY sqlnet.ora /
copY tnsnames.ora /
workdir /usr/lib/oracle/21/client64/lib/network/admin/
RUN mv -t $(pwd) /*.ora
#END: ORACLE InstantClient / ORACLE sql*Plus / ORACLE SDK installation
#BEGIN: cx_Oracle installation
RUN python -m pip install cx_Oracle
#END: cx_Oracle installation
#BEGIN: sqlcl installation
copY sqlcl-20.4.2.35.2359.zip /
workdir /usr/lib/oracle/
RUN unzip -oq /sqlcl-20.4.2.35.2359.zip -d . && \
rm /sqlcl*.zip && \
echo "alias sql='/usr/lib/oracle/sqlcl/bin/sql'" >> ~/.bashrc && \
source ~/.bashrc
#END: sqlcl installation
#BEGIN: Prepare ORACLE Wallet creation
copY orapki /
copY mkstore /
copY create_wallet.sh /home/jovyan/
RUN mv -t /usr/lib/oracle/sqlcl/bin/ /orapki /mkstore
#END: Prepare ORACLE Wallet creation
workdir $HOME
# Create alternative for nano -> nano-tiny
RUN update-alternatives --install /usr/bin/nano nano /bin/nano-tiny 10
# Switch back to jovyan to avoid accidental container runs as root
USER $NB_UID
# Executes the script create_wallet.sh,and removes the script file before starting the JupyterHub environment
CMD ~/create_wallet.sh && rm ~/create_wallet.sh && start-notebook.sh
sqlnet.ora(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /home/jovyan/.wallet/)))
sqlNET.WALLET_OVERRIDE=TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
tnsnames.ora(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
ORA019 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ora019.srv.domain.com)(PORT = 1514))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = ORCLSRV1)
)
)
sqlcl-20.4.2.35.2359.zip(位置:C:\oracle_minimal):
Downloaded from here: https://www.oracle.com/de/tools/downloads/sqlcl-downloads.html
oracle-instantclient-basic-21.1.0.0.0-1.x86_64.rpm(位置:C:\oracle_minimal):
Downloaded from here: https://www.oracle.com/de/database/technologies/instant-client/linux-x86-64-downloads.html
oracle-instantclient-sqlplus-21.1.0.0.0-1.x86_64.rpm(位置:C:\oracle_minimal):
Downloaded from here: https://www.oracle.com/de/database/technologies/instant-client/linux-x86-64-downloads.html
oracle-instantclient-devel-21.1.0.0.0-1.x86_64.rpm(位置:C:\oracle_minimal):
Downloaded from here: https://www.oracle.com/de/database/technologies/instant-client/linux-x86-64-downloads.html
mkstore(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
#!/bin/bash
# set classpath for mkstore - align this to your local sqlcl installation
sqlCL=/usr/lib/oracle/sqlcl/lib
CLAsspATH=${sqlCL}/oraclepki.jar:${sqlCL}/osdt_core.jar:${sqlCL}/osdt_cert.jar
# simulate mkstore command
java -classpath ${CLAsspATH} oracle.security.pki.OraclesecretstoreTextUI "$@"
orapki(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
#!/bin/bash
# set classpath for orapki - align this to your local sqlcl installation
sqlCL=/usr/lib/oracle/sqlcl/lib
CLAsspATH=${sqlCL}/oraclepki.jar:${sqlCL}/osdt_core.jar:${sqlCL}/osdt_cert.jar
# simulate orapki command
java -classpath ${CLAsspATH} oracle.security.pki.textui.OraclePKITextUI "$@"
create_wallet.sh(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
# Creates a new directory ".wallet" for the ORACLE Wallet
mkdir ~/.wallet/
# Creates an empty/new ORACLE Wallet using "orapki"
/usr/lib/oracle/sqlcl/bin/orapki wallet create -wallet ~/.wallet -pwd "MyWalletPwd1!" -auto_login_local
# Stores a new Credential in the ORACLE Wallet
# TNSNAMES-Entry: ORA019
# DB_USERNAME: Username for TNSNAMES-Entry above
# DB_PASSWORD: Password for TNSNAMES-Entry above
/usr/lib/oracle/sqlcl/bin/mkstore -wrl ~/.wallet/ -createCredential ORA019 DB_USERNAME DB_PASSWORD <<EOF
MyWalletPwd1!
EOF
使用 CMD.exe 构建 Dockerfile 并将其他资源(见上文)绑定到 Docker 镜像:
REM Change directory to have all Dockerfile ressources in place
cd C:\oracle_minimal
REM Build new Docker image "oracle_minimal"
docker build -t oracle_minimal .
REM List all Docker images
docker images
REM Run Docker container using the latest "IMAGE ID",and set hostname as "jupyter-user1"
docker run --hostname jupyter-user1 -p 8888:8888 <IMAGE ID>
打开一个新的 Web 浏览器窗口并粘贴 CMD 窗口中的最后一个 URL 行:
点击 Jupyter Web 界面的 新建 按钮,然后选择下拉条目 终端,开始一个新的终端会话...
点击 Jupyter Web 界面的新建按钮,然后选择下拉条目 Python 3,以启动一个新的 Jupyter Notebook...
注意安全:
Is it possible to steal the ORACLE Wallet files and use them as
- another user on the SAME host
- or as the same / another user on a DIFFERENT host?
否。由于 ORACLE 钱包是使用 orapki 创建的,因此 ORACLE 钱包绑定到创建它的用户名和主机名(此处:jovyan@jupyter-user1)。只有创建 ORACLE 钱包的用户名和主机名的相同组合才能打开 ORACLE 钱包。
如果您想为不同的用户和/或主机共享一个 ORACLE 钱包,请改用以下脚本内容:
create_wallet.sh(位置:C:\oracle_minimal;UNIX (LF);UTF-8):
# Creates a new directory ".wallet" for the ORACLE Wallet
mkdir ~/.wallet/
# Creates an empty/new ORACLE Wallet using "mkstore"
/usr/lib/oracle/sqlcl/bin/mkstore -wrl ~/.wallet -create <<EOF
MyWalletPwd1!
MyWalletPwd1!
EOF
# Stores a new Credential in the ORACLE Wallet
# TNSNAMES-Entry: ORA019
# DB_USERNAME: Username for TNSNAMES-Entry above
# DB_PASSWORD: Password for TNSNAMES-Entry above
/usr/lib/oracle/sqlcl/bin/mkstore -wrl ~/.wallet/ -createCredential ORA019 DB_USERNAME DB_PASSWORD <<EOF
MyWalletPwd1!
EOF
进一步阅读
https://oracle-base.com/articles/10g/secure-external-password-store-10gr2 https://docs.oracle.com/cd/E78494_01/aip/pdf/1411/html/ig/aip-ig-apx_wallet.htm https://ogobrecht.com/posts/2020-07-29-how-to-use-mkstore-and-orapki-with-oracle-instant-client/
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)