Oracle

  • Published on Sep 17, 2024
  • 1 minute(s) read

Configuring Hyperscience for Oracle

For a list of supported versions, see Infrastructure Requirements (Production).

Note that the standard convention for Oracle DB names includes the host in front of it so you must include that in the ".env" file:  

FORMS_DB_TYPE=oracle
FORMS_DB_HOST=:<port>
FORMS_DB_NAME=:<port>/<DB>
FORMS_DB_USER=<username>
FORMS_DB_PASS=<password>

In v32 and later, you can choose to store your system-level credentials in a secrets manager. To learn more about our secrets-management integration, see Secrets Management.

If you would like to specify the tablespace where the database tables will be created, you can use the following optional parameters in the ".env" file. Note that the specified tablespaces need to be created by the database administrator.

DEFAULT_TABLESPACE=<tablespace>
DEFAULT_INDEX_TABLESPACE=<index tablespace>

Oracle NNE (Network Native Encryption)

Hyperscience supports NNE, when encryption settings are managed on the server side. Any desired encryption settings should be set to ‘REQUIRED’ on the server side.

Oracle SSL/TLS connections

SSL/TLS encryption is supported. Please note that SSL/TLS authentication aka 2-way or mutual TLS is not supported.

In order to use SSL/TLS encryption, you must supply a certificate wallet file and “.env” configuration.

The wallet file must be named "cwallet.sso" and be on the host file system in the following directory:

$HS_PATH/certs/oracle_ssl_wallet/

If SELinux is enabled, execute: 

chcon -t container_file_t -R /mnt/hs/certs/oracle_ssl_wallet

The file must be readable by UID 1000, unless user namespaces are used. In those cases, refer to your namespace configuration.

To set the permissions, execute the following:

chown -R 1000:1000 /mnt/hs/certs/oracle_ssl_wallet
chmod u+r -R /mnt/hs/certs/oracle_ssl_wallet

The following minimum configuration is required in the “.env” file:

ORACLE_ENABLE_SSL=true

It is required to set FORMS_DB_NAME in Oracle DSN (Data Source Name) format. In this case, the FORMS_DB_HOST value will be ignored:

FORMS_DB_HOST=

FORMS_DB_NAME=(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCPS) (HOST = ) 
(PORT = )))(CONNECT_DATA = (SID = )) (SECURITY = (SSL_SERVER_CERT_DN = ""))) 

The following optional configuration is supported and it will be passed through to sqlnet.ora to configure oracle db connections from the app (please see oracle docs about sqlnet.ora for valid values and more context):

Hyperscience config

Corresponding oracle config

ORACLE_SSL_VERSION

SSL_VERSION

ORACLE_SSL_CIPHER_SUITES

SSL_CIPHER_SUITES

ORACLE_SSL_SERVER_DN_MATCH

SSL_SERVER_DN_MATCH