diff --git a/NoSQL/README-sec.md b/NoSQL/README-sec.md index d95bb283ef..e17f02f7ed 100644 --- a/NoSQL/README-sec.md +++ b/NoSQL/README-sec.md @@ -14,7 +14,7 @@ This container image uses a simplified version of the Oracle NoSQL Database call This container image configures an Oracle NoSQL Database secure configuration 1. Create a KVlite secured configuration with the -[password complexity policy](https://docs.oracle.com/en/database/other-databases/nosql-database/22.1/security/password-complexity-policies.html) +[password complexity policy](https://docs.oracle.com/en/database/other-databases/nosql-database/24.3/security/password-complexity-policies.html) enabled 2. Create the `root` user and the file `user.security` that contain property settings for the login as admin 3. Generate the `certificate.pem` file allowing to establish a HTTP secure communication between the proxy and the driver @@ -86,7 +86,7 @@ For example, to check the version of KVLite, use the `version` command: ```shell $ docker run --rm -ti --link kvlite:store oracle/nosql:ce-sec java -Xmx64m -Xms64m -jar lib/kvstore.jar version -23.3.32 2024-03-06 18:21:38 UTC Build id: 69f48431fc69 Edition: Community +24.3.9 2024-09-26 18:01:32 UTC Build id: 0d82533c492e Edition: Community ``` To check the size of the storage shard: @@ -113,13 +113,13 @@ $ docker run --rm -ti -v secfiles:/shared_conf:ro --link kvlite:store oracle/nos Pinging components of store kvstore based upon topology sequence #14 10 partitions and 1 storage nodes -Time: 2024-04-25 08:13:14 UTC Version: 23.3.32 +Time: 2024-12-04 12:14:44 UTC Version: 24.3.9 Shard Status: healthy: 1 writable-degraded: 0 read-only: 0 offline: 0 total: 1 Admin Status: healthy Zone [name=KVLite id=zn1 type=PRIMARY allowArbiters=false masterAffinity=false] RN Status: online: 1 read-only: 0 offline: 0 -Storage Node [sn1] on kvlite: 5000 Zone: [name=KVLite id=zn1 type=PRIMARY allowArbiters=false masterAffinity=false] Status: RUNNING Ver: 23.3.32 2024-03-06 18:21:38 UTC Build id: 69f48431fc69 Edition: Community isMasterBalanced: true serviceStartTime: 2024-04-25 08:10:10 UTC - Admin [admin1] Status: RUNNING,MASTER serviceStartTime: 2024-04-25 08:10:13 UTC stateChangeTime: 2024-04-25 08:10:13 UTC availableStorageSize: 2 GB - Rep Node [rg1-rn1] Status: RUNNING,MASTER sequenceNumber: 86 haPort: 5011 availableStorageSize: 9 GB storageType: HD serviceStartTime: 2024-04-25 08:10:14 UTC stateChangeTime: 2024-04-25 08:10:15 UTC +Storage Node [sn1] on kvlite: 5000 Zone: [name=KVLite id=zn1 type=PRIMARY allowArbiters=false masterAffinity=false] Status: RUNNING Ver: 24.3.9 2024-09-26 18:01:32 UTC Build id: 0d82533c492e Edition: Community isMasterBalanced: true serviceStartTime: 2024-12-04 12:06:43 UTC + Admin [admin1] Status: RUNNING,MASTER serviceStartTime: 2024-12-04 12:06:47 UTC stateChangeTime: 2024-12-04 12:06:47 UTC availableStorageSize: 2 GB + Rep Node [rg1-rn1] Status: RUNNING,MASTER sequenceNumber: 131 haPort: 5011 availableStorageSize: 9 GB storageType: HD serviceStartTime: 2024-12-04 12:06:49 UTC stateChangeTime: 2024-12-04 12:06:50 UTC kv-> put kv -key /SomeKey -value SomeValue @@ -140,13 +140,17 @@ $ docker run --rm -ti -v secfiles:/shared_conf:ro --link kvlite:store oracle/nos tables SYS$IndexStatsLease SYS$MRTableAgentStat + SYS$MRTableInfo SYS$MRTableInitCheckpoint SYS$PartitionStatsLease SYS$SGAttributesTable SYS$StreamRequest SYS$StreamResponse + SYS$TableMetadata SYS$TableStatsIndex SYS$TableStatsPartition + SYS$TopologyHistory + sql-> exit ``` @@ -202,7 +206,7 @@ $ openssl x509 -text -noout -in /mylocalpath/certificate.pem | grep CN ```` Note: the certicate can be customized in the script setup-http-proxy-sec.sh -(e.g adding [SAN](https://docs.oracle.com/en/database/other-databases/nosql-database/23.1/security/ssl-using-openssl.html)) +(e.g adding [SAN](https://docs.oracle.com/en/database/other-databases/nosql-database/24.3/security/ssl-using-openssl.html)) ## Advanced Scenario: connecting to Oracle NoSQL CE from another host @@ -217,10 +221,10 @@ be made via the Oracle NoSQL Database Proxy on the `KV_PROXY_PORT`. First, install the latest version of Oracle NoSQL on your remote host: ```shell -KV_VERSION=23.3.32 +KV_VERSION=24.3.9 rm -rf kv-$KV_VERSION DOWNLOAD_ROOT=http://download.oracle.com/otn-pub/otn_software/nosql-database -DOWNLOAD_FILE="community-edition-${KV_VERSION}.zip" +DOWNLOAD_FILE="kv-ce-${KV_VERSION}.zip" DOWNLOAD_LINK="${DOWNLOAD_ROOT}/${DOWNLOAD_FILE}" curl -OLs $DOWNLOAD_LINK jar tf $DOWNLOAD_FILE | grep "kv-$KV_VERSION/lib" > extract.libs @@ -400,7 +404,7 @@ number used for the image tag: ```shell -KV_VERSION=23.3.32 docker build --build-arg "$KV_VERSION" --tag "oracle/nosql-ce-sec:$KV_VERSION" . +KV_VERSION=24.3.9 docker build --build-arg "$KV_VERSION" --tag "oracle/nosql-ce-sec:$KV_VERSION" . ``` ## More information @@ -427,5 +431,5 @@ Copyright (c) 2017, 2024 Oracle and/or its affiliates. [NOSQL]: http://www.oracle.com/technetwork/database/database-technologies/nosqldb/overview/index.html [DOCS]: https://docs.oracle.com/en/database/other-databases/nosql-database/index.html -[Apache-2.0]: https://docs.oracle.com/en/database/other-databases/nosql-database/23.3/license/index.html#GUID-006E432E-1965-45A2-AEDE-204BD05E1560 +[Apache-2.0]: https://docs.oracle.com/en/database/other-databases/nosql-database/24.3/license/apache-license.html [GraalVM-License]: https://github.com/graalvm/container/blob/master/LICENSE.md diff --git a/NoSQL/README.md b/NoSQL/README.md index 4053e454ee..661c824096 100644 --- a/NoSQL/README.md +++ b/NoSQL/README.md @@ -73,7 +73,7 @@ For example, to check the version of KVLite, use the `version` command: ```shell $ docker run --rm -ti --link kvlite:store oracle/nosql:ce java -Xmx64m -Xms64m -jar lib/kvstore.jar version -23.3.32 2024-03-06 18:21:38 UTC Build id: 69f48431fc69 Edition: Community +24.3.9 2024-09-26 18:01:32 UTC Build id: 0d82533c492e Edition: Community ``` To check the size of the storage shard: @@ -98,13 +98,13 @@ $ docker run --rm -ti --link kvlite:store oracle/nosql:ce \ Pinging components of store kvstore based upon topology sequence #14 10 partitions and 1 storage nodes -Time: 2024-04-25 08:13:14 UTC Version: 23.3.32 +Time: 2024-12-04 11:50:35 UTC Version: 24.3.9 Shard Status: healthy: 1 writable-degraded: 0 read-only: 0 offline: 0 total: 1 Admin Status: healthy Zone [name=KVLite id=zn1 type=PRIMARY allowArbiters=false masterAffinity=false] RN Status: online: 1 read-only: 0 offline: 0 -Storage Node [sn1] on kvlite: 5000 Zone: [name=KVLite id=zn1 type=PRIMARY allowArbiters=false masterAffinity=false] Status: RUNNING Ver: 23.3.32 2024-03-06 18:21:38 UTC Build id: 69f48431fc69 Edition: Community isMasterBalanced: true serviceStartTime: 2024-04-25 08:10:10 UTC - Admin [admin1] Status: RUNNING,MASTER serviceStartTime: 2024-04-25 08:10:13 UTC stateChangeTime: 2024-04-25 08:10:13 UTC availableStorageSize: 2 GB - Rep Node [rg1-rn1] Status: RUNNING,MASTER sequenceNumber: 86 haPort: 5011 availableStorageSize: 9 GB storageType: HD serviceStartTime: 2024-04-25 08:10:14 UTC stateChangeTime: 2024-04-25 08:10:15 UTC +Storage Node [sn1] on kvlite: 5000 Zone: [name=KVLite id=zn1 type=PRIMARY allowArbiters=false masterAffinity=false] Status: RUNNING Ver: 24.3.9 2024-09-26 18:01:32 UTC Build id: 0d82533c492e Edition: Community isMasterBalanced: true serviceStartTime: 2024-12-04 11:47:05 UTC + Admin [admin1] Status: RUNNING,MASTER serviceStartTime: 2024-12-04 11:47:08 UTC stateChangeTime: 2024-12-04 11:47:08 UTC availableStorageSize: 2 GB + Rep Node [rg1-rn1] Status: RUNNING,MASTER sequenceNumber: 470 haPort: 5011 availableStorageSize: 9 GB storageType: HD serviceStartTime: 2024-12-04 11:47:09 UTC stateChangeTime: 2024-12-04 11:47:09 UTC kv-> put kv -key /SomeKey -value SomeValue Operation successful, record inserted. @@ -123,13 +123,17 @@ $ docker run --rm -ti --link kvlite:store oracle/nosql:ce \ tables SYS$IndexStatsLease SYS$MRTableAgentStat + SYS$MRTableInfo SYS$MRTableInitCheckpoint SYS$PartitionStatsLease SYS$SGAttributesTable SYS$StreamRequest SYS$StreamResponse + SYS$TableMetadata SYS$TableStatsIndex SYS$TableStatsPartition + SYS$TopologyHistory + sql-> exit ``` @@ -172,10 +176,10 @@ be made via the Oracle NoSQL Database Proxy on the `KV_PROXY_PORT`. First, install the latest version of Oracle NoSQL on your remote host: ```shell -KV_VERSION=23.3.32 +KV_VERSION=24.3.9 rm -rf kv-$KV_VERSION DOWNLOAD_ROOT=http://download.oracle.com/otn-pub/otn_software/nosql-database -DOWNLOAD_FILE="community-edition-${KV_VERSION}.zip" +DOWNLOAD_FILE="kv-ce-${KV_VERSION}.zip" DOWNLOAD_LINK="${DOWNLOAD_ROOT}/${DOWNLOAD_FILE}" curl -OLs $DOWNLOAD_LINK jar tf $DOWNLOAD_FILE | grep "kv-$KV_VERSION/lib" > extract.libs @@ -332,7 +336,7 @@ number used for the image tag: ```shell -KV_VERSION=23.3.32 docker build --build-arg "$KV_VERSION" --tag "oracle/nosql-ce:$KV_VERSION" . +KV_VERSION=24.3.9 docker build --build-arg "$KV_VERSION" --tag "oracle/nosql-ce:$KV_VERSION" . ``` ## More information @@ -359,5 +363,5 @@ Copyright (c) 2017, 2024 Oracle and/or its affiliates. [NOSQL]: http://www.oracle.com/technetwork/database/database-technologies/nosqldb/overview/index.html [DOCS]: https://docs.oracle.com/en/database/other-databases/nosql-database/index.html -[Apache-2.0]: https://docs.oracle.com/en/database/other-databases/nosql-database/23.3/license/index.html#GUID-006E432E-1965-45A2-AEDE-204BD05E1560 +[Apache-2.0]: https://docs.oracle.com/en/database/other-databases/nosql-database/24.3/license/apache-license.html [GraalVM-License]: https://github.com/graalvm/container/blob/master/LICENSE.md diff --git a/NoSQL/ce-sec/Dockerfile b/NoSQL/ce-sec/Dockerfile index 2bc89d59fe..e3a962db26 100644 --- a/NoSQL/ce-sec/Dockerfile +++ b/NoSQL/ce-sec/Dockerfile @@ -1,13 +1,13 @@ # Copyright (c) 2022, 2024 Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ # -FROM ghcr.io/graalvm/jdk:ol8-java17 +FROM ghcr.io/graalvm/jdk:ol9-java17 LABEL org.opencontainers.image.source = "https://github.com/oracle/docker-images" -ARG KV_VERSION=23.3.32 +ARG KV_VERSION=24.3.9 ARG DOWNLOAD_ROOT=http://download.oracle.com/otn-pub/otn_software/nosql-database -ARG DOWNLOAD_FILE="community-edition-${KV_VERSION}.zip" +ARG DOWNLOAD_FILE="kv-ce-${KV_VERSION}.zip" ARG DOWNLOAD_LINK="${DOWNLOAD_ROOT}/${DOWNLOAD_FILE}" ENV KV_PROXY_PORT 8080 @@ -16,9 +16,10 @@ ENV KV_ADMIN_PORT 5999 ENV KV_PORT 5000 ENV KV_HARANGE 5010-5020 ENV KV_SERVICERANGE 5021-5049 +ENV KV_ADDITIONAL_SAN=",DNS:proxy-nosql,DNS:kvlite-nosql-container-host" # specific to secure configuration -RUN microdnf -y install openssl-1.1.1k && microdnf clean all +RUN microdnf -y install openssl-3.0.1 && microdnf clean all # hadolint ignore=DL4006 RUN useradd -d /kvroot -m -s /bin/bash -u 1000 nosql-user && \ diff --git a/NoSQL/ce-sec/sec/setup-http-proxy-sec.sh b/NoSQL/ce-sec/sec/setup-http-proxy-sec.sh old mode 100644 new mode 100755 index 72aff9d621..bac9257f61 --- a/NoSQL/ce-sec/sec/setup-http-proxy-sec.sh +++ b/NoSQL/ce-sec/sec/setup-http-proxy-sec.sh @@ -1,8 +1,10 @@ #! /bin/bash # -# Copyright (c) 2022 Oracle and/or its affiliates. +# Copyright (c) 2022, 2024 Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ +set -e + if [ -d /kvroot/proxy/ ] ; then echo "Reusing existing configuration" exit 0; @@ -11,7 +13,7 @@ fi mkdir -p /kvroot/proxy/ echo "Creating password" -TMPPWD="$(gpg --gen-random --armor 2 8)$(gpg --gen-random --armor 2 8)" +TMPPWD="$(gpg --gen-random --armor 2 8)12$(gpg --gen-random --armor 2 8)" echo "Creating USER proxy_user" @@ -40,7 +42,7 @@ openssl req -x509 -days 365 -newkey rsa:4096 -keyout /kvroot/proxy/key.pem -out <(echo "[req]"; echo distinguished_name=req; echo "[san]"; - echo "subjectAltName=DNS:${HOSTNAME},DNS:localhost,DNS:proxy-nosql,DNS:kvlite-nosql-container-host" + echo "subjectAltName=DNS:${HOSTNAME},DNS:localhost${KV_ADDITIONAL_SAN}" ) openssl pkcs8 -topk8 -inform PEM -outform PEM -in /kvroot/proxy/key.pem -out /kvroot/proxy/key-pkcs8.pem -passin file:/kvroot/proxy/pwdin -passout file:/kvroot/proxy/pwdout -v1 PBE-SHA1-3DES keytool -import -alias example -keystore /kvroot/proxy/driver.trust -file /kvroot/proxy/certificate.pem -storepass "$(cat /kvroot/proxy/pwdin)" -noprompt diff --git a/NoSQL/ce/Dockerfile b/NoSQL/ce/Dockerfile index 7cdcf26ea0..b32711c467 100644 --- a/NoSQL/ce/Dockerfile +++ b/NoSQL/ce/Dockerfile @@ -1,13 +1,13 @@ # Copyright (c) 2022, 2024 Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/ # -FROM ghcr.io/graalvm/jdk:ol8-java17 +FROM ghcr.io/graalvm/jdk:ol9-java17 LABEL org.opencontainers.image.source = "https://github.com/oracle/docker-images" -ARG KV_VERSION=23.3.32 +ARG KV_VERSION=24.3.9 ARG DOWNLOAD_ROOT=http://download.oracle.com/otn-pub/otn_software/nosql-database -ARG DOWNLOAD_FILE="community-edition-${KV_VERSION}.zip" +ARG DOWNLOAD_FILE="kv-ce-${KV_VERSION}.zip" ARG DOWNLOAD_LINK="${DOWNLOAD_ROOT}/${DOWNLOAD_FILE}" ENV KV_PROXY_PORT 8080