FAQ

Installation and Configuration

How do I configure TCPS for Oracle databases?

Install sqlnet.ora and tnsnames.ora from the template files.

➜ TNS_ADMIN=./volumes/core/config/oracle/network/admin
➜ cp "$TNS_ADMIN/templates"/*.ora "$TNS_ADMIN/"

Add the net service name of the secure connection to the volumes/core/config/oracle/network/admin/tnsnames.ora.
Create a client wallet containing the database server certificates and copy all wallet files to ./volumes/core/config/oracle/wallet and restart the Migrator:
```
➜ cp <client wallet files> volumes/core/config/oracle/wallet
➜ ./migrator down
➜ ./migrator up
```
When creating a new migration use the Oracle net service name defined in the previous steps. The URL format is oracle://net_service_name.
Alternatively, connect directly using the protocol parameter (e.g. oracle://localhost:2484/pdb2?protocol=tcps). This requires at least the Oracle Wallet to have been set up correctly.

How do I generate a self-signed certificate

Generate the certificate with migrator configure --tls self-signed-cert and restart the Migrator.

➜ ./migrator configure --tls self-signed-cert
[INFO] Generating self-signed TLS/SSL certificate

➜ ./migrator up
Recreating cybertec_migrator_core_db_1 ... done
Recreating cybertec_migrator_core_1    ... done
Recreating cybertec_migrator_web_gui_1 ... done
[OK] Started on 'https://example.org'

How do I install an existing certificate?

Install the certificate and the private key with configure --tls cert:<file-location>, respective configure --tls key:<file-location>, and restart the Migrator. For example if you have a certificate example.org.crt and the private key example.org.key located in /tmp.
The provided paths have to be absolute.

➜ ./migrator configure --tls cert:/tmp/example.org.crt
[OK] Installed TLS/SSL certificate

➜ ./migrator configure --tls key:/tmp/example.org.key
[OK] Installed TLS/SSL certificate key

➜ ./migrator up
Recreating cybertec_migrator_core_db_1 ... done
Recreating cybertec_migrator_core_1    ... done
Recreating cybertec_migrator_web_gui_1 ... done
[OK] Started on 'https://example.org'

How do I configure HTTP Basic Auth?

The Migrator’s Nginx configuration automatically enables HTTP Basic Auth if the /etc/nginx/htpasswd/.htpasswd file is present. For Docker Compose users, this volume is pre-configured. To set up authentication, create an empty file at ./volumes/web_gui/nginx/htpasswd/.htpasswd.

To add a user, run:

sh -c "echo -n 'your-username:' >> ./volumes/web_gui/nginx/htpasswd/.htpasswd"
sh -c "openssl passwd -apr1 >> ./volumes/web_gui/nginx/htpasswd/.htpasswd"

Restart the Migrator with ./migrator up. The GUI will now prompt for credentials on access.

How do I set environment variables

The initial ./migrator install command will generate a .env file, the contents of which will be used in the core docker compose service. When editing, make sure not to alter the # —— Internal ⚠ —— section.

Permissions

What permissions does the Migrator require for Oracle

The Migrator requires the following permissions in order to introspect and migrate an Oracle database:

Permission	Usage
`SELECT_CATALOG_ROLE`	Querying the system catalog
`SELECT ANY TABLE`	Migrating table data
`FLASHBACK ANY TABLE`	Migrating table data at a certain SCN

Troubleshooting

`ORA-12637: Packet receive failed` while verifying source credentials

Open the file volumes/core/config/oracle/network/admin/sqlnet.ora. If it does not exist, copy it from the templates folder.
Insert the line DISABLE_OOB=ON at the beginning of the file.
Restart the migrator with ./migrator up.