GoldenGate Monitor 12.2: how to change password for internal communications

When install GoldenGate Monitor we create special credentials used by GoldenGate Agent and GoldenGate Monitor to secure communications.

image

Also we set this credentials while configuring GoldenGate Agent using pw_agent_util.sh.

But is not well documented how these credentials are used and how change them. So let fill these gap.

Introduction

1. Communication between GoldenGate Monitor and GoldenGate Server are protected by username and password. Username is stored inside config file (Config.properties for Agent and monitor.properties for Monitor Server). Password is stored inside the wallet which is encrypted store for passwords.

2. First of all there is special file oggmon.properties. It contains only one string OGGMON.HELPSTR. Really I don’t know what is the purpose of this string but you can’t create GoldenGate Agent wallet without these file. If you will try to run wallet creation without this file you will get error

[oracle@demolab1 bin]$ ./pw_agent_util.sh -create
Please create a password for Java Agent:
Please confirm password for Java Agent:
Please enter Monitor Server JMX password:
Please confirm Monitor Server JMX password:
Jan 21, 2016 1:51:50 PM oracle.security.jps.JpsStartup start
INFO: Jps initializing.
Jan 21, 2016 1:51:50 PM oracle.security.jps.JpsStartup start
INFO: Jps started.
Exception while reading /oggmon.properties:
Did not find /oggmon.properties on classpath
java.io.FileNotFoundException: Did not find /oggmon.properties on classpath
        at com.goldengate.monitor.jagent.config.impl.ConfigFilesHelper.getConfigFileInput(ConfigFilesHelper.java:69)
        at com.goldengate.monitor.jagent.security.PWAgentUtil.loadSecretKey(PWAgentUtil.java:665)
        at com.goldengate.monitor.jagent.security.PWAgentUtil.loadSecretKey(PWAgentUtil.java:651)
        at com.goldengate.monitor.jagent.security.PWAgentUtil.main(PWAgentUtil.java:129)
Exception in thread “main” java.lang.Exception: Exception while reading /oggmon.properties:
Did not find /oggmon.properties on classpath
        at com.goldengate.monitor.jagent.security.PWAgentUtil.loadSecretKey(PWAgentUtil.java:671)
        at com.goldengate.monitor.jagent.security.PWAgentUtil.loadSecretKey(PWAgentUtil.java:651)
        at com.goldengate.monitor.jagent.security.PWAgentUtil.main(PWAgentUtil.java:129)
[oracle@demolab1 bin]$

But you can run “./pw_agent_util.sh -updateAgentJMX” and “./pw_agent_util.sh -updateServerJMX” to update passwords. Looks like this file will not be required and will be removed in future GoldenGate Monitor versions.

3. To create oggmon.properties you should run updateOGGMonitorConfig.sh

cd /u01/app/oracle/product/Middleware122/monitor_home/oggmon/monitor_server/bin/
./updateOGGMonitorConfig.sh

Then copy it to each agent cfg directory and create wallet using ./pw_agent_util.sh -create command.

4. Let’s look where credentials are stored on GoldenGate Monitor Server side.
Username is stored in file
/u01/app/oracle/product/Middleware122/monitor_home/user_projects/domains/monitor_domain/config/monitorserver/cfg/monitor.properties
Password is stored inside weblogic internal credential store. We can update this password using WLST. It is interesting that while updating credentials using WLST we also pass username (I’ve highlighted it by bold font) but this username is used nowhere

updateCred(map=”OGGMONITOR”,key=”WEB.JMX.PASSWORD”,user=”oggmsjmxusr“,password=”welcome1″,desc=”JMX Password”)

5. Let’s look where credentials are stored on GoldenGate Agent side.
Username for GoldenGate Agent is stored in file
/u01/app/oracle/product/MonitorAgents122/orcl/cfg/Config.properties
Password is stored in wallet – directory dirwlt. We update it using pw_agent_util.sh utility.

How to update password for GoldenGate Monitor

We should update username and password on both side: GoldenGate Agent and GoldenGate Monitor Server.

1. Let’s update password on GoldenGate Agent side.

export INSTANCE_HOME=/u01/app/oracle/product/MonitorAgents122/orcl
export JAVA_HOME=/usr/java/latest
cd $INSTANCE_HOME
rm -rf dirwlt/
bin/pw_agent_util.sh -create

image

2. Replace username in configuration file cfg/Config.properties. There are two username parameters there. We need only one monitor.jmx.username

image

3. Let’s update password on GoldenGate Monitor Server side.

export MONITOR_HOME=/u01/app/oracle/product/Middleware122/monitor_home
cd $MONITOR_HOME
cd oracle_common/common/bin/
./wlst.sh

After running WLST enter the following commands (Weblogic domain should be running before updating password):

connect (“weblogic”,”welcome1″,”t3://localhost:7001“)
updateCred(map=”OGGMONITOR”,key=”WEB.JMX.PASSWORD”,user=”oggmsjmxusr“,password=”welcome1″,desc=”JMX Password”)
exit()

image

4. Replace username in configuration file

export MONITOR_HOME=/u01/app/oracle/product/Middleware122/monitor_home
cd $MONITOR_HOME
cd user_projects/domains/monitor_domain/config/monitorserver/cfg

image

5. That’s all. Restart agents and Monitor Server.