Oracle wallet configuration

We are currently using check_mk (cee 2.0.0p4) as we have saved passwords in the mk_oracle.cfg file.

It looks like:
DBUSER_one=‘sys:pass:sysdba:ip_addr:port’
DBUSER_two=‘sys:pass:sysdba:ip_addr:port’
DBUSER_three=‘sys:pass:sysdba:ip_addr:port’

We want to switch to a wallet configuration.

To existing oracle wallet we added new credentials:

mkstore -wrl wallet_path -createCredential SYS_ONE SYS PASS
mkstore -wrl wallet_path -createCredential SYS_TWO SYS PASS
mkstore -wrl wallet_path -createCredential SYS_THREE SYS PASS

We also have appropriate entries in sqlnet.ora and tnsnames.ora

sqlnet.ora

SQLNET.WALLET_OVERRIDE = TRUE
WALLET_LOCATION=(
SOURCE=(METHOD=FILE)
(METHOD_DATA=(DIRECTORY=wallet_path))
)

tnsnames.ora
SYS_ONE =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ip_addr)(PORT = port))
)
(CONNECT_DATA =
(SERVICE_NAME=one)
)
)

SYS_TWO =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ip_addr)(PORT = port))
)
(CONNECT_DATA =
(SERVICE_NAME=two)
)
)

SYS_THREE =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ip_addr)(PORT = port))
)
(CONNECT_DATA =
(SERVICE_NAME=three)
)
)

What is the correct syntax in mk_oracle.cfg to use the sys user as a sysdba, whose user and password are retrieved from the wallet and there are many instances on the server?

Hi Lukasz

you can try the following:

/@SYS_ONE;sysdba
/@SYS_TWO;sysdba
/@SYS_THREE;sysdba

or a more generic Version if you use the same User for all SID:

DBUSER='/@SYS_${ORACLE_SID}:sysdba:::'

Be aware that the Login to the Database with Wallet only works when the Listerner is up and running.

Regards, Lars

Hi

Thanks for the hint
For me works like this:

DBUSER_one=’/@SYS_ONE::sysdba::’
DBUSER_two=’/@SYS_TWO::sysdba::’

Sorry, I put the sysdba in the wrong column :blush:

But i’m sure you got the idea behind the generic solution. In older versions of mk_oracle you have to use ${SID} instead of ${ORACLE_SID}.

DBUSER='/@SYS_${ORACLE_SID}::sysdba::'

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.