Identity wallets used by Oracle GoldenGate Microservices

Wallets, Wallets, and more wallets! … Wallets are used for a few different things within Oracle GoldenGate Microservices; identifying what wallet is being used by a service is simple if you know where to look.  

The biggest usage of wallets within Oracle GoldenGate Microservices is to help secure the communication between the Distribution Service and the Receiver Service.  In order to find the wallet that is being used for these services, you have to refer to the deploymentConfiguration.dat file that is under the $DEPLOYMENT_HOME/etc/conf.  

The deploymentConfiguration.dat file is a JSON based file and can be viewed by using any text editor.  Word of caution though, do not edit anything within the dat file.

To find out what wallet is being used for a service; within that service definition identify the section called securityDetails.  In the example below (Distribution Service (distsrvr)), this is clearly seen with an “inbound” and “outbound” section under.

Example:

"distsrvr": {
"$schema": "ogg:service",
"config": {
"network": {
"serviceListeningPort": 16002
},
"authorizationDetails": {
"common": {
"allow": [
"Digest",
"x-Cert",
"Basic"
]
}
},
"authorizationEnabled": true,
"workerThreadCount": 24,
"legacyProtocolEnabled": true,
"taskManagerEnabled": true,
"security": true,
"securityDetails": {
"network": {
"common": {
"id": "OracleSSL"
},
"inbound": {
"authMode": "clientOptional_server",
"crlEnabled": false,
"role": "server",
"wrl": "file:/opt/app/oracle/gg_deployments/Atlanta/etc/ssl/gg19c",
"wrlPassword": "",
"cipherSuites": [
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"
],
"protocolVersion": "1_2"
},
"outbound": {
"authMode": "client_server",
"crlEnabled": false,
"role": "client",
"wrl": "file:/opt/app/oracle/gg_deployments/Atlanta/etc/ssl/distroclient",
"wrlPassword": ""
}
}
}
},
"quiet": true,
"configForce": true,
"enabled": true,
"locked": false,
"critical": true,
"status": "running",
"id": "fd3bb243-6d02-44eb-8fc9-de3e5bdf45dd"
}

Under the “inbound” section, you will see an entry for “wrl”.  The WRL entry is the location of the inbound wallet.  In this example, the wallet is named after the server I’m using.  Additionally the inbound section shows you what ciphers are being used by the wallet (cipherSuites).

Under the “outbound” section, you see an entry for “wrl” as well.  This is the outbound wallet that is used for communication between the Distribution Service and the Receiver Service.  If you are connecting two Microservices Architectures together, this is the wallet that needs to have the trusted certificates imported into.

As you look at the rest of the deploymentConfiguration.dat file, you will notice there are wallet entries for each fo the services. 

Now you know how to find the wallets within the Oracle GoldenGate Microservices Architecture.  

Enjoy!!!

twitter: @dbasolved

Please follow and like: