AsterionDB Zero Trust Architecture

OCI Installation - Non Autonomous Database

Table of Contents

Introduction

The purpose of guide is to show you how to install AsterionDB in OCI when using a non-autonomous database (e.g. OracleXE).

Our installation process is designed to be familiar to experienced Oracle database users and system administrators. Please reach out to us if you need additional assistance.

If you are just getting started, you may want to check out this Installation Guide first, which details how to install AsterionDB in Oracle Cloud Infrastructure using the Autonomous Database. It provides a bit more detail and context.

Objective

This guide will walk you through the process of installing AsterionDB. The documentation does not include instructions on creating a load balancer nor does it detail the process of properly exposing AsterionDB on the internet with an SSL certificate. Refer to this Installation Guide for more information on configuring a load balancer.

Prerequisites

These prerequisites will give you a good understanding of what you need to know in advance in order to install and use AsterionDB.

Most of the steps are pretty simple but we don’t want to turn anyone away for lack of understanding. So, please feel free to reach out to us for help on your initial installation.

AsterionDB has a very simple set of prerequisites, starting with an Oracle Database. Any version of the database (XE, Standard, Enterprise, etc.) can be used. You can also install AsterionDB on a single, turn-key machine which includes the database.

Our other primary dependency is OracleLinux v7.9. This is used for the compute instance that runs all of the AsterionDB framework components as well as a JavaScript web application served by Nginx.

You should also be familiar with common, simple power-user tasks such as:

  • Downloading a file to a known location
  • Accessing a file using a file browser or the command line
  • Changing file permissions and properties
  • SSH
  • Copying and pasting text
  • Installing software applications
  • Using Windows Powershell if necessary

Finally, you should have some appropriate evaluation content to upload into AsterionDB such as a few photographs and PDF documents. Nothing too big or extensive – just enough to get yourself going.

Overview

The general outline of steps we will be taking are:

  • Obtain the SYSDBA username and password, the DBA username and password and the database connection strings (CDB & PDB) for an instance of the Oracle database
  • Create a compute instance based on OracleLinux 7.9
  • Connect to the compute instance
  • Setup the compute instance to install AsterionDB
  • Download and install AsterionDB on the compute instance
  • Update the configuration settings
  • Apply the configuration settings
  • Access your production system

The Installation Process

Here are the steps we will take to install AsterionDB.

Gather Required Database Information

As previously mentioned, AsterionDB’s primary requirement is an Oracle Database. We will need the following information:

  • SYSDBA username and password. This is needed in order to setup a target PDB with necessary privileges and logic that enable advanced security capabilities.
  • DBA username and password for the target PDB. AsterionDB’s installation is driven using the DBA account.
  • Database connection string or a tnsnames.ora entry value that points to the container database (CDB)
  • Database connection string or a tnsnames.ora entry value that points to the target PDB

Create the AsterionDB Compute Instance

An installable image for the compute instance is located in the Oracle Cloud Marketplace.  Navigate to Cloud Marketplace –> All Applications and select AsterionDB in the publisher drop-down.

AsterionDB Zero Trust Software Development Platform Marketplace Listing

Click on the entry for the AsterionDB Zero Trust Platform and then click the Launch Instance button to start the creation process of a compute instance from the marketplace image.

Select your desired shape by pressing the Change Shape button. If you intend to use a free-tier compute instance, you will have to select the appropriate availability domain when selecting the shape; free-tier compute instances are not available in all availability domains. Furthermore, the free-tier shape is only available in the Specialty and Previous Generation shape series.

As mentioned, the Cloud Shell has printed out your public key.  Paste the Cloud Shell’s public key in the section Add SSH Keys:

Set the SSH key - AsterionDB

Power-User Tip: Add another key and paste the public RSA key from your local computer, if you have one. You will then be able to connect to the compute instance from your local computer.

 

Establish Connection Between Compute Node and Database

Our setup process installs Oracle’s instant-client software. If you want to use a tnsnames.ora file entry, you will need to create a tnsnames.ora file in:
				
					cd /usr/lib/oracle/21/client64/lib/network
				
			

Create entries for your CDB and PDB and use sqlplus to verify that you can connect to both.

Alternatively, you can use standard Oracle connect-string syntax (i.e. host:port/service – your.host.computer:1521/asteriondb-instance).

Set The TWO_TASK and ORACLE_SID Environment Variables

You will want to edit /home/asterion/.bash_profile to set values for the TWO_TASK and ORACLE_SID environment variables. The installation scripts rely upon these settings:
				
					export TWO_TASK=your_pdb
export ORACLE_SID=your_cdb
				
			

You will have to exit out and reconnect as asterion again, or use the ‘source’ command, to pick up the new environment variable settings.

Run the PDB Configuration Script

As mentioned earlier, you will need to configure the PDB prior to installing AsterionDB. This only needs to be done once. For this step you will need the SYSDBA username and password in order to access the CDB as a SYSDBA.

Run this script:

				
					cd /home/asterion/asterion/oracle/admin
./configurePDB.sh
				
			

This script will connect to the database as a SYSDBA, display the available PDBs and ask you which PDB will be configured. Enter the name of the target PDB and press Enter:

Update The Installation Settings

We use a script to store your settings in order to efficiently drive the installation process.

Execute this script to create the installation settings file:

				
					./updateConfig.sh
				
			

This script will prompt you for the following values:

  • Specify the database type: PDB
  • Enter in Database connection string or alias your_pdb(default)
    • You can press Enter to accept the default, which is taken from the TWO_TASK environment variable
  • Database Admin User SYSTEM(default)
    • You can press Enter to accept the default, or enter a value other than SYSTEM
  • Database Admin Password
  • Enter the External facing Hostname:Port localhost:8080(default)
    • Depending upon your environment, you may be specifying a fully qualified hostname, an IP address and possibly port 8080. This will depend upon how your compute node is accessed on the network.
  • Do you want enable SSL (y/n – default y)?
    • Most likely, unless you have taken other steps, you will answer N to this prompt
  • AsterionDB Administrator Username asteriondb_admin(default)
    • You can press Enter to accept the default or specify a custom value
  • Enter the AsterionDB Administrator Password
You can rerun the update script if you feel that you have entered a value (i.e. your password) incorrectly.
It is important to remember that the /home/asterion/asterion/oracle/admin/installSettings.sh file contains sensitive information – your DBA username and password as well as your AsterionDB administrator username and password. This file will be deleted by the installation script after AsterionDB has been installed.

Apply The Configuration And Install AsterionDB

The final step will install the database schema objects and start the AsterionDB services (i.e. DbTwig, DbObscura & DbStreamer).  To complete the installation use the following command:
				
					./applyConfig.sh
				
			

The installation process does not take long. Upon successfully installing AsterionDB, the script will delete the installSettings.sh file. The script will also ask you if you want to run the post-install cleanup script which will remove installation artifacts that are no longer needed.

What To Do If Something Goes Wrong

This installation process is fairly straightforward and there should not be too many ways in which things can fail.  Most failures can be attributed to an improper network setup (regional subnets only), copy/paste errors, invalid passwords and so forth.

If necessary, you can delete the appropriate component (e.g. load balancer, compute node) and start over.

If an error occurs in the apply step, you may have to delete the schema users.  The default user names that you will have to drop are:

  • asteriondb_dgbunker
  • asteriondb_runtime
  • dbtwig
  • dbtwig_listener

Accessing Your Production AsterionDB Installation

You can now use browser to connect to your compute node to access the AsterionDB Web Application.  You will be presented with a login screen:

Login Screen - AsterionDB

Conclusion

Thank you for taking the time to work through this installation guide.  For additional information and documentation, please refer to our Users Guide located here (opens in a new window): AsterionDB User’s Guide