Connecting to Oracle data sources with SEPS authentication (Oracle Wallet) in DataStage

You can configure the Secure External Password Store (SEPS) protocol for Oracle data sources that use the Oracle Database for DataStage connection in DataStage®. You copy configuration files from the Oracle database server to Cloud Pak for Data, and then you create a secret in Cloud Pak for Data that contains those files.

Set up the Oracle database server and identify the configuration files

Set up the Oracle database server for SEPS. Consult the Oracle documentation.

You will need the following configuration files when you create a secret in Cloud Pak for Data:

  • cwallet.sso
  • ewallet.p12
  • tnsnames.ora: This file must contain the information about the Oracle database host, port number, and service or SID name. Use the following syntax to create the tnsnames.ora file: 
    
ORCL_WALLET =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = oracle-db-host)(PORT = oracle-db-port))
(CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = oracle-service-name)
  )
 )
  • sqlnet.ora: This file must contain the information about the wallet directory on the Oracle server. For example, /etc/oracle-config-files. Use the following syntax for the WALLET_LOCATION information.
    
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /etc/oracle-config-files)
 )
)

Copy the configuration files to Cloud Pak for Data

Copy the cwallet.sso, ewallet.p12, tnsnames.ora, and sqlnet.ora files to a location in the Cloud Pak for Data cluster to which you have access. Make note of the directory.

Create the secret in Cloud Pak for Data

  1. Log in to Red Hat® OpenShift Container Platform as a user with sufficient permissions to complete the task:
    oc login -u <username> -p <password> OpenShift_URL:port
  2. Set the context to the project where DataStage is deployed:
    oc project <project/namespace>
  3. Change to the directory where you copied the cwallet.sso, ewallet.p12, tnsnames.ora, and sqlnet.ora files.
  4. Create a secret with the name oracle-optimized-ldap-tcps that contains the cwallet.sso, ewallet.p12, tnsnames.ora, and sqlnet.ora files:
    oc create secret generic oracle-optimized-ldap-tcps --from-file=sqlnet.ora=./sqlnet.ora --from-file=cwallet.sso=./cwallet.sso --from-file=ewallet.p12=./ewallet.p12  --from-file=tnsnames.ora=./tnsnames.ora 

  5. Restart the caslite pod.

    It might take a few minutes for the secret to take effect.

  6. Optional: Verify that the secret is mounted correctly under the location /etc/oracle-config-files/ in the datastage-ibm-datastage-caslite service container:
    oc exec `(oc get pods -o jsonpath='{range .items[*].metadata}{.name}{"\n"}' | grep -i caslite)` -- ls -l /etc/oracle-config-files/
    Example output:
    lrwxrwxrwx. 1 root 1000640000 15 Nov 2 13:07 wallet.p12 -> ..data/ewallet.p12 
lrwxrwxrwx. 1 root 1000640000 17 Nov 2 13:07 cwallet.sso -> ..data/cwallet.sso
lrwxrwxrwx. 1 root 1000640000 17 Nov  2 13:07 sqlnet.ora -> ..data/sqlnet.ora
lrwxrwxrwx. 1 root 1000640000 17 Nov  2 13:07 tnsnames.ora -> ..data/tnsnames.ora

Create the connection in Cloud Pak for Data

  1. In the project, go to Assets > New asset > Data access tools > Connection.
  2. Select the Oracle Database for DataStage connection.
  3. Enter the connection details:
    • For Servicename, enter the same service name that is in the tnsnames.ora file. In this example ORCL_WALLET.
    • For Connection protocol, select SEPS.