Okv

This article picks up where the networking and storage setup left off. The Proxmox host (pve01.lab.example.com) is running with two VLAN-aware bridges, a ZFS mirror pool (vmpool), and shared ASM zvols already created. We now create all ten VMs using the qm CLI, configure shared storage for RAC, and verify each group before installing Oracle software. 1. VM Inventory and Resource Plan VM ID Hostname Role vCPU RAM OS Disk Notes 100 rac1-node1 RAC Cluster 1, Node 1 8 32 GB 80 GB Shared ASM 101 rac1-node2 RAC Cluster 1, Node 2 8 32 GB 80 GB Shared ASM 110 rac2-node1 RAC Cluster 2, Node 1 8 32 GB 80 GB Shared ASM 111 rac2-node2 RAC Cluster 2, Node 2 8 32 GB 80 GB Shared ASM 120 oms01 Enterprise Manager OMS 1 4 24 GB 80 GB + 200 GB data Primary OMS 121 oms02 Enterprise Manager OMS 2 4 24 GB 80 GB + 200 GB data Secondary OMS 130 okv01 Oracle Key Vault Primary 4 16 GB 80 GB TDE key store 131 okv02 Oracle Key Vault Secondary 4 16 GB 80 GB Paired node 140 ogg01 GoldenGate Microservices (Extract) 4 16 GB 80 GB + 200 GB trail OGG 23ai MA 141 ogg02 GoldenGate Microservices (Replicat) 4 16 GB 80 GB + 200 GB trail OGG 23ai MA Total: 56 vCPU / 240 GB RAM — host has 32 threads and 256 GB. vCPU is intentionally overcommitted (lab workloads are not all active simultaneously). RAM headroom: 16 GB for Proxmox host. ...

The OCI command-line interface (oci) and the Exadata/DB System management CLI (dbaascli) are the tools of choice for automating Oracle database operations on OCI. This article covers real-world scenarios with complete, runnable commands — including the complex case of creating a Data Guard standby when the primary database uses Oracle Key Vault (OKV) for TDE key management. Reference Environment All commands use the following environment: Region: eu-frankfurt-1 Compartment: prod-compartment (OCID: ocid1.compartment.oc1..aaaaxxxx) Primary DB System: prod-db-system Hostname: proddb01.prod.subnet.vcn.oraclevcn.com Database: PRODCDB (CDB + PDB: PDB_PROD) Shape: VM.Standard.E4.Flex (4 OCPUs, 60 GB RAM) DB Version: 19.22.0.0 DB Home OCID: ocid1.dbhome.oc1.eu-frankfurt-1.aaaaxxxx Database OCID: ocid1.database.oc1.eu-frankfurt-1.aaaaxxxx Standby DB System: standby-db-system (to be created) Hostname: stbydb01.stby.subnet.vcn.oraclevcn.com AD: AD-2 (primary is AD-1) OKV Server: okv01.prod.example.com (port 5695) OKV Wallet: /etc/oracle/okv/ (on each DB System compute node) Jump/Admin Host: admin01.prod.example.com OCI CLI version: 3.x.x Python: 3.9 Part 1: OCI-CLI — Foundation Commands Install and Configure OCI-CLI # [[email protected] ~] # Install OCI CLI bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)" # Configure with API key authentication oci setup config # Prompts: # User OCID: ocid1.user.oc1..aaaaxxxx # Tenancy OCID: ocid1.tenancy.oc1..aaaaxxxx # Region: eu-frankfurt-1 # Generate new API key pair: Y # Key file location: ~/.oci/oci_api_key.pem # Upload the generated public key to OCI Console: Identity → Users → API Keys → Add Useful OCI-CLI Shortcut: Environment Variables # [[email protected] ~] # Set frequently used OCIDs as environment variables export OCI_COMPARTMENT=ocid1.compartment.oc1..aaaaxxxx export OCI_PRIMARY_DB_SYSTEM=ocid1.dbsystem.oc1.eu-frankfurt-1.aaaaxxxx export OCI_PRIMARY_DB=ocid1.database.oc1.eu-frankfurt-1.aaaaxxxx export OCI_PRIMARY_DB_HOME=ocid1.dbhome.oc1.eu-frankfurt-1.aaaaxxxx export OCI_REGION=eu-frankfurt-1 # Also useful: set output format to table for human-readable output export OCI_CLI_TABLE_OUTPUT_STYLE=table Part 2: Creating a Data Guard Standby via OCI-CLI Step 1: Verify Primary Database Status # [[email protected] ~] oci db database get \ --database-id $OCI_PRIMARY_DB \ --query 'data.{Name:"db-name", State:"lifecycle-state", "DB Unique Name":"db-unique-name", Version:"db-version"}' \ --output table +-------------------+--------+--------------------+-----------+ | DB Unique Name | Name | State | Version | +-------------------+--------+--------------------+-----------+ | PRODCDB | PRODCDB| AVAILABLE | 19.22.0.0 | +-------------------+--------+--------------------+-----------+ Step 2: Get the Subnet OCID for the Standby AD # [[email protected] ~] # Find the standby subnet in AD-2 oci network subnet list \ --compartment-id $OCI_COMPARTMENT \ --query 'data[?contains("display-name",`stby`)].{Name:"display-name", OCID:id, AD:"availability-domain"}' \ --output table Step 3: Create the Data Guard Association (New DB System) This single command provisions the standby DB System, configures redo transport, and establishes Data Guard: ...

Oracle Key Vault (OKV) is a centralized key management appliance designed to securely store and manage Transparent Data Encryption (TDE) master keys, Oracle Wallets, Java KeyStores, SSH keys, and credentials. By moving keys off local servers, OKV reduces key sprawl, automates rotation, and enforces strict access policies across on-premises and multi-cloud environments. 1. Core Architecture OKV Server: A hardened appliance (often deployed as a multi-master cluster) acting as the central repository for keys and policies. Endpoints: Registered clients (Oracle Database, MySQL, GoldenGate, etc.) that authenticate to OKV to fetch keys. Wallets (Virtual): Logical containers inside OKV used to group keys and secrets; access is granted per-endpoint. Interfaces: Web UI, okv CLI, okvutil, REST APIs, and C/Java client SDKs. 2. Essential Commands and Examples A. Endpoint and Wallet Management (okv CLI / REST) Create a new endpoint (generate JSON template, edit, then apply): ...