Once you configure an Oracle GoldenGate Microservices environment to be secure behind the Nginx reverse proxy, the next thing you have to do is tackle how to connect one environment to the other using the Distribution Server. In using the Distribution Server, you will be creating what is called a Distribution Path.
Distribution Paths are configured routes that are used to move the trail files from one environment to the next. In Oracle GoldenGate Microservices, this is done using Secure WebSockets (wss). There are other protocols that you can use, but for the purpose of this post it will only focus on “wss”.
There are multiple ways of creating a Distribution Path:
1. HTML5 pages (Distribution Server)
2. AdminClient (command line)
3. REST API (devops)
Although there are multiple ways of creating a Distribution Path, the one thing that none of these approaches tackle is how to ensure security between the two environments. In order for the environments to talk with each other, you have to enable the distribution service to talk between the reverse proxies. In this post, you will look at how to do this for a uni-directional setup.
Copying Certificate
The first step in configuring a secure distribution path, you have to copy the certificate from the target reverse proxy. The following steps are how this can be done:
1. Test connection to the target environment
$ openssl s_client -connect <ip_address>:<port>
This would look something like this:
$ openssl s_client -connect 172.20.0.4:443
The output would be the contents of the self-signed certs used by the reverse proxy.
2. Copy the self-signed certificate used by the reverse proxy (ogg.pem) to the source machine. Since I’m using Docker containers, I’m just coping the ogg.pem file to the volume I have defined and shared between both containers. You would have to use what is specific to your environment.
$ sudo cp /etc/nginx/ogg.pem /opt/app/oracle/gg_deployments/ogg.pem
After coping the ogg.pem files from my target container to my shared volume, I can see that the file is there:
$ ls
Atlanta Boston Frankfurt ServiceManager node2 ogg.pem
Change the owner of the ogg.pem file from root to oracle.
$ chown oracle:install ogg.pem
3. Next, you have to identify the wallet for the Distribution Service that is needed. In my configuration, I’ll be using a deployment called Atlanta. To make this post a bit simpler, I have already written about identifying the wallets in this post (here).
Once the wallet has been identified, copy the ogg.pem file into the wallet as a trusted certificate.
$ $OGG_HOME/bin/orapki wallet add -wallet /opt/app/oracle/gg_deployments/Atlanta/etc/ssl/distroclient -trusted_cert -cert /opt/app/oracle/gg_deployments/ogg.pem -pwd ********
Oracle PKI Tool Release 19.0.0.0.0 - Production
Version 19.1.0.0.0Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved.
Operation is successfully completed.
After the certificate has been imported into wallet, verify the addition by displaying the wallet. The certificate should have been added as a trusted cert.
$ $OGG_HOME/bin/orapki wallet display -wallet /opt/app/oracle/gg_deployments/Atlanta/etc/ssl/distroclient -pwd *********
Oracle PKI Tool Release 19.0.0.0.0 - Production
Version 19.1.0.0.0
Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved.
Requested Certificates:
User Certificates:
Subject: CN=distroclient,L=Atlanta,ST=GA,C=US
Trusted Certificates:
Subject: [email protected],CN=localhost.localdomain,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
Subject: CN=Bobby,OU=GoldenGate,O=Oracle,L=Atlanta,ST=GA,C=US
[oracle@gg19c gg_deployments]$
4. To ensure communication between nodes, the /etc/hosts file needs to be updated with the public IP address and FQDN. Since this is going between docker containers, the FQDN that I have to use is localhost.localdomain. This can be easily identified in the previous step based on the certificate that was imported.
$ sudo vi /etc/hosts
5. Restart the Deployment. After the deployment restarts, then restart the ServiceManager. Both restart processes can be done from the ServiceManager Overview page under Deployments. This will not effect any running extracts/replicats.
Creating Protocol User
After restarting the Deployment and ServiceManager, you are now in a position where you have to create what is termed as a “protocol user”. Protocol users are users that one environment uses to connect to the other environment. To create your “protocol user” is just the same as creating an Administrator account; however, this user is created within the deployment that you want to connect too. This “protocol user” will be able to connect Receiver Service within the deployment.
Most “protocol users” would be of the Administrator Role within the deployment where they are built. To create a “protocol user” perform the following steps on the target deployment.
1. Login to the deployment as either the Security Role user or as an Administrator Role user
2. Open the context menu and select the Administrator option
3. Click the plus ( + ) sign to add a new administrator user. Notice that I’m using a name of “stream network”. This is only what I decided to use, you can use anything you like. When providing all the required information, click Submit to create the user.
Add Protocol User to Source Credential Store
On the source host, the same “protocol user” needs to be added to the credential store of the deployment. This credential will be used to login to the target deployment for access to the Receiver Service.
1. Login to the Administration Service for the source deployment as the Security Role or an Administrator Role.
2. Open the context menu and select Configuration
3. On the Credentials page, click the plus (+) sign to add another credential. This time you will be adding the “protocol user” to the credential store. Provide the details needed for the credential then click Submit to create the credential.
Build Distribution Path
With the certificate copied and credential created, we can now build the distribution path between the secure deployments.
1. Open the Distribution Service and the source deployment In this example, you already see a path created. This from a previous test setup. The next path will be right in-line with this one.
2. Click the plus (+) sign to begin the Distribution Path wizard.
3. Fill in the required information for the Distribution Path. I have highlighted the basics that need to be filled in. Noticed I select the “Reverse proxy enabled” and “Use Basic Authentication”. This will all you to configure the distribution path through the Nginx reverse proxy. When ready click either Create or Create and Run button.
Note: Although I’m using an IP Address in the image, you really need to use the FQDN for the target host
4. If everything worked correctly, you should now have a working distribution path between the source environment and the target environment. Notice that the port number being used is 443. This means that the communication is happening over/through the Nginx Reverse Proxy.
Now that I have a secure distribution path between the source and target systems, I can now ship trail files in a secure manner.
Enjoy!!!
twitter: @dbasolved
Please follow and like:
Current Oracle Certs
Bobby Curtis
I’m Bobby Curtis and I’m just your normal average guy who has been working in the technology field for awhile (started when I was 18 with the US Army). The goal of this blog has changed a bit over the years. Initially, it was a general blog where I wrote thoughts down. Then it changed to focus on the Oracle Database, Oracle Enterprise Manager, and eventually Oracle GoldenGate.
If you want to follow me on a more timely manner, I can be followed on twitter at @dbasolved or on LinkedIn under “Bobby Curtis MBA”.
Follow if you like:
If you’re an athlete, such as a baseball player or
Olympic weightlifter, these two actions ought to be a staple in your exercise program.
Even when you simply use them to heat up, you’ll be doing all your shoulders a favor.
The fewer injuries you sustain, the better, so don’t miss out on these
key workout routines. Every Time there’s a
shoulder harm, oftentimes, the part of the rotator cuff will get torn and weakened.
Exterior rotation exercises are a key element of shoulder
rehabilitation programs.
You’ll also notice that I’m specializing in the individual heads of the deltoids.
We’re beginning with the entrance, then going to the medial delt with a
lateral increase movement after which finishing sturdy with
the rear delt muscular tissues. What’s the distinction between a
single and dual pulley workout?
This train goes to work all of the muscles in your physique from the
legs up, particularly the shoulders and legs. This means higher
acceleration, deceleration, and rotational energy, as nicely as damage resilience.
The half kneeling is identical thing because
the tall kneeling wave however actually the half-kneeling place changes up the dynamics
of the motion fairly a bit due to its unilateral positioning.
It units you up so that you are producing energy from one facet of your glutes by
way of your core for stability. And, just like the tall kneeling wave, it additionally
forces you to create extra power through the higher physique
since you won’t be driving a lot drive via the bottom from your ft.
All in all, it may seem like a newbie exercise, however that is one is pretty troublesome as a outcome of it’s onerous to maintain secure.
It’s great for anybody who desires to work on power of both the upper physique and
at hip level.
All of which harm our capability to maneuver, really feel, and
look our best. The outdoors circle will construct energy, stability, and
endurance in the shoulders, traps, interscapular muscle tissue,
and lats. Attempt to generate force all through the entire round motion for the complete work set.
Till I realized how a lot this harm the performance of my body, and the power of the ropes to evoke
extra energy output and proper movement mechanics. You are now informed, and might start a new life journey with the battle ropes.
Your legs are straight and your heels are on a bench or field.
Dip down to where your upper arms are almost parallel with the ground and rise back up.
(Go lower and you threat straining your shoulder joints.)
Relaxation weight plates or chains throughout your thighs
to add resistance. Include 1-2 rear delt workouts in your workout routine, with 3–4 units of 8–12 reps every.
That will improve the effectiveness of the rear deltoid muscular tissues and promote muscle strength and hypertrophy.
These giant ropes may look intimidating, but sure workout routines are great for novices.
While battle ropes can construct muscle, there are better training instruments for constructing muscle, however there could additionally be no better implement for
burning fat and getting shredded.
Performing drop sets can allow us to carry out more repetitions to
extend our total stress on each shoulder muscle.
Research has shown that full vary of motion is simpler than partial vary of motion for muscle strength and hypertrophy.
Should have cable attachments to carry out
various kinds of workouts.
However these three errors need to be addressed before you make them to set you up for some immediate success with ropes.
If you’ve ache or discomfort, a bodily therapist can assess your shoulder range
of motion (ROM) and help you use workout routines to enhance it.
These workout routines are active—they are carried out by you, using your individual muscle energy and energy with no exterior help.
This helps to enhance general muscular perform and strength around your shoulder.
This difference ensures that there is fixed
pressure all through the entire vary of movement and promotes upper
arm strength and hypertrophy features. A cable
machine is simple in your joints and may information and
management your actions to reduce the stress on your elbows, shoulders,
and wrists. Additionally, cable overhead extensions are also
less strenuous than different tricep workout routines like cranium crushers.
Observe the exercise to deal with the entrance part of the shoulder whereas adding cable shoulder
exercises to your routine. It not only enhances shoulder stability and power but also contributes
to improved posture and overall higher body aesthetics.
By maintaining correct kind and management all through the movement, you presumably can maximize the advantages of this versatile train whereas minimizing the chance of
damage. Ideal for isolation workouts, cable shoulder workouts are excellent for
newbies as a outcome of their controlled and secure resistance.
These movements provide a safer different to free weights and could be simply adjusted to accommodate different fitness levels.
Every pull and lift towards the cable’s resistance intensifies muscle engagement,
significantly helpful for focusing on tough-to-reach areas like the rear delts and rotator cuff.
The regular problem from cables means extra than just muscle; it additionally
promotes higher form and control, making them safer than free weights.
It helps preserve mobility earlier than surgery and after a shoulder
substitute. The rope rides smoothly over the roller as they train, making it smoother to pull
and quieter to operate. This is a superb exercise
to strengthen the posterior chain, which can translate to higher deadlift performance.
[newline]It’s additionally a good exercise for lower back workouts, because it strengthens the muscles that play a task in decrease again pain.
The incline barbell and dumbbell bench presses are infamous for putting pressure on the shoulder.
Fortunately, the usage of cables in this variation helps with decreasing shoulder pressure.
Seated cable rows act as a compound exercise in that it requires you to interact your core throughout the motion. This signifies that you’ll be enhancing your stomach power
while doing them. Rope flow can be a welcome boost to your existing workout routine.
Try incorporating it into your warm-up, cool-down, or as
a standalone exercise. Mix it up with different types of motion coaching to keep
your apply various and interesting.
There are numerous muscular tissues that surround the shoulder to protect it, together with the deltoid and rotator cuff.
The deltoid is composed of three completely different muscles, together with the rear (posterior) delt, front (anterior) delt, and facet (lateral) delt.
The deltoid is the primary mover of the shoulder, and it’s the most superficial.
When most individuals discuss with training their
shoulders, they really imply training their delts.
As your elbow goes out, the focus shift in path of the higher again and rear delts.
With your chest up and shoulders rolled back, begin pulling the weights and convey the bar in course of
your upper stomach area. If you are experienced or have good mobility in your shoulders, then you can do
this exercise along with your arms at the back as shown in the above video.
If you’re a newbie, then persist with the basic version of
lateral increase. Stand at a shoulder-width stance with your again facing the cable machine.
This is one other particular sort of torture…
see #21 for my comparisons and assume about. Customers respect the moveable and lightweight design of the product.
They find it compact and simple to make use of, with a small carrying pouch for journey or storage.
Customers can take it anyplace, together with house, work, and vacation.
Whereas preserving your elbow bent to 90 degrees,
slowly rotate your shoulder so your hand moves up towards your navel.
Once your hand is up at your navel, hold this position for 2 seconds, after which slowly lower again to the
starting position. To start active shoulder inside
rotation, you have to lie in your facet, however this time your
shoulder to be exercised must be on the underside.
We will need to hit all areas to construct an all-around sturdy shoulder.
An engaged core and impartial spine are a should
for this train.
For effective shoulder strengthening, aim for 3 to 4 sets of 12 to fifteen repetitions.
Focus on controlled movements to maximise muscle engagement
while avoiding momentum-driven actions. This routine combines shoulder exercises as a complement to a chest-focused workout, ensuring that the shoulders are still engaged with
out overshadowing chest growth. This routine combines shoulder exercises with chest and triceps workout routines,
offering a balanced push exercise that focuses on shoulder improvement.
This versatility makes it easier to work all elements of the shoulder, including the anterior, medial, and posterior
deltoids, as well as the rotator cuff muscular tissues. Workout Routines
are not solely about constructing muscle tissue; by switching issues up
from dumbbells to cables, you keep your exercises recent and fascinating.
They are wonderful for standing exercises, corresponding to whenever you
pull the handles to work your shoulder muscular tissues.
Your core, alongside together with your entire kinetic chain is working hard to
stabilize your physique during battle rope workouts.
Dynamic actions like this supply so many more advantages than simple isolation workout routines.
What’s additionally great about battle ropes is as a result of your arms are working
independently of one another, battle ropes lend themselves
to correcting imbalances. What’s extra, this can pressure your core to stabilize your body.
This is why battle ropes workout routines are so nice
for the core. Your core is on the heart of each
motion, working onerous to manage your physique so it doesn’t go
off steadiness.
Doing cable external rotation constantly will strengthen the rotator cuff, warm up the shoulders, and reduce damage risk.
In Contrast to different side delt workouts, the cable upright
row allows you to carry more weight while making use of fixed rigidity to the delts.
This engagement makes the cable upright row a phenomenal mass-building train. You can do that motion one arm at a
time or with each arms, depending in your cable stack set-up.
Cables enable for precise focusing on of specific shoulder muscular
tissues, which is also attainable with dumbbells but may be harder as the quantity
of weight you raise steadily will increase. The controlled motion patterns supplied by the cables reduce the danger of improper form and sudden drops in weight.
This is vital when safely strive for personal information, if that’s something
you’re aiming for. You can connect handles to the cables and use them just
like you’d with different cable machines. This is particularly true for workouts like lateral shoulder raises,
which can be difficult for newbies to carry out correctly without mistakes.
A Cable Shoulder Press may be done both standing or seated on a bench with a
straight bar attachment or cable pulley handles.
This might help to improve your physical strength, flexibility, and endurance.
Mark these words at some point somebody (maybe the
RFW rope flow team?) will rope circulate on the highest
of the Eiffel Tower and any other wonderful places around the globe.
As A Result Of it is so compact and self-contained, rope circulate provides a novel opportunity.
One of the great issues about rope circulate is that each
one you want is a rope and a small quantity of space, so
you presumably can follow nearly anywhere.
Rope move training is suitable for people of all ages and talent levels.
You can select a lightweight circulate rope in case you are new to trying rope move.
Your coordination, energy, and overall cardio might
be improved if you begin working the battle ropes on the common. The cable lateral elevate is likely considered one of the
greatest two-arm cable shoulder workouts you can do when you work out your side deltoid.
Cable hammer curls are unbelievable long-head bicep exercises and provide constant tension throughout the complete range of motion. This
makes the exercise more effective for muscle building
and improving your energy while still being mild on your wrists and elbows because of the impartial grip.
With all forms of range of movement workouts, it could be very important get
professional advice before selecting specific routines
to perform. It isn’t unusual for a professional to supervise the primary few periods to verify the exercises are done correctly.
Usually, the regimen is recommended to be carried out a certain number of
times per week as a substitute of traveling to a rehabilitation center for each workout.
Your capability to show your arm over and bend and straighten your elbows will enhance with elbow range of movement workouts.
A passive shoulder train that’s incessantly really helpful for shoulder rehabilitation is the pendulum exercise.
It doesn’t require contracting muscle tissue and helps
the joint’s passive vary of motion.
References:
steroids for muscle growth and fat loss (Kellye)