Configuring Hyperscience for Oracle
For a list of supported versions, see Infrastructure Requirements (Production).
Note that the standard convention for Oracle DB names includes the host in front of it so you must include that in the ".env" file:
FORMS_DB_TYPE=oracle
FORMS_DB_HOST=:<port>
FORMS_DB_NAME=:<port>/<DB>
FORMS_DB_USER=<username>
FORMS_DB_PASS=<password>
In v32 and later, you can choose to store your system-level credentials in a secrets manager. To learn more about our secrets-management integration, see Secrets Management.
If you would like to specify the tablespace where the database tables will be created, you can use the following optional parameters in the ".env" file. Note that the specified tablespaces need to be created by the database administrator.
DEFAULT_TABLESPACE=<tablespace>
DEFAULT_INDEX_TABLESPACE=<index tablespace>
Oracle NNE (Network Native Encryption)
Hyperscience supports NNE, when encryption settings are managed on the server side. Any desired encryption settings should be set to ‘REQUIRED’ on the server side.
Oracle SSL/TLS connections
SSL/TLS encryption is supported. Please note that SSL/TLS authentication aka 2-way or mutual TLS is not supported.
In order to use SSL/TLS encryption, you must supply a certificate wallet file and “.env” configuration.
The wallet file must be named "cwallet.sso" and be on the host file system in the following directory:
$HS_PATH/certs/oracle_ssl_wallet/
If SELinux is enabled, execute:
chcon -t container_file_t -R /mnt/hs/certs/oracle_ssl_wallet
The file must be readable by UID 1000, unless user namespaces are used. In those cases, refer to your namespace configuration.
To set the permissions, execute the following:
chown -R 1000:1000 /mnt/hs/certs/oracle_ssl_wallet
chmod u+r -R /mnt/hs/certs/oracle_ssl_wallet
The following minimum configuration is required in the “.env” file:
ORACLE_ENABLE_SSL=true
It is required to set FORMS_DB_NAME in Oracle DSN (Data Source Name) format. In this case, the FORMS_DB_HOST value will be ignored:
FORMS_DB_HOST=
FORMS_DB_NAME=(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCPS) (HOST = )
(PORT = )))(CONNECT_DATA = (SID = )) (SECURITY = (SSL_SERVER_CERT_DN = "")))
The following optional configuration is supported and it will be passed through to sqlnet.ora to configure oracle db connections from the app (please see oracle docs about sqlnet.ora for valid values and more context):
Hyperscience config | Corresponding oracle config |
---|---|
ORACLE_SSL_VERSION | SSL_VERSION |
ORACLE_SSL_CIPHER_SUITES | SSL_CIPHER_SUITES |
ORACLE_SSL_SERVER_DN_MATCH | SSL_SERVER_DN_MATCH |