Oracle graph 图数据库体验-安装篇

服务端安装

环境准备

安装数据库

DOCKER 安装23AI FREE ，参考：

https://container-registry.oracle.com/ords/f?p=113:4:111381387896144:::4:P4_REPOSITORY,AI_REPOSITORY,AI_REPOSITORY_NAME,P4_REPOSITORY_NAME,P4_EULA_ID,P4_BUSINESS_AREA_ID:1863,1863,Oracle%20Database%20Free,Oracle%20Database%20Free,1,0&cs=36-E53gEIBReS4-J2UPGC9syH8VXvEui-xyk9a8dAdTvTNYF8D_rhkh-0AzP9gtmH6tXPVGJlyvyYCRg6rGJ_2Q

docker run -itd --name orcl23ai -h orcl23ai -p 1521:1521 -p 8080:8080 -e ORACLE_PWD=oracle -v /mnt/d/WSL_DOCKER/oracle/23ai/oradata:/opt/oracle/oradata container-registry.oracle.com/database/free:latest

配置yum源 安装JDK和tomcat

cd /etc/yum.repos.d/
sed -i 's|https://yum$ociregion.$ocidomain|https://yum.oracle.com|g' oracle-linux-ol8.repo
yum install jdk
yum install java

配置DB角色及用户权限

--登录
sql sys/oracle@localhost:1521/freepdb1 as sysdba
alter session set container=freepdb1;
-- This procedure creates a list of roles needed for graph.
  DECLARE
    PRAGMA AUTONOMOUS_TRANSACTION;
    role_exists EXCEPTION;
    PRAGMA EXCEPTION_INIT(role_exists, -01921);
    TYPE graph_roles_table IS TABLE OF VARCHAR2(50);
    graph_roles graph_roles_table;
  BEGIN
    graph_roles := graph_roles_table(
      'GRAPH_DEVELOPER',
      'GRAPH_ADMINISTRATOR',
      'GRAPH_USER',
      'PGX_SESSION_CREATE',
      'PGX_SERVER_GET_INFO',
      'PGX_SERVER_MANAGE',
      'PGX_SESSION_READ_MODEL',
      'PGX_SESSION_MODIFY_MODEL',
      'PGX_SESSION_NEW_GRAPH',
      'PGX_SESSION_GET_PUBLISHED_GRAPH',
      'PGX_SESSION_COMPILE_ALGORITHM',
      'PGX_SESSION_ADD_PUBLISHED_GRAPH',
      'PGX_SESSION_SET_IDLE_TIMEOUT');
    FOR elem IN 1 .. graph_roles.count LOOP
      BEGIN
        dbms_output.put_line('create_graph_roles: ' || elem || ': CREATE ROLE ' || graph_roles(elem));
        EXECUTE IMMEDIATE 'CREATE ROLE ' || graph_roles(elem);
      EXCEPTION
        WHEN role_exists THEN
          dbms_output.put_line('create_graph_roles: role already exists. continue');
        WHEN OTHERS THEN
          RAISE;
      END;
    END LOOP;
  EXCEPTION
    when others then
      dbms_output.put_line('create_graph_roles: hit error ');
      raise;
  END;
  /
-- This procedure add some grants to the graph roles.
  DECLARE
    PRAGMA AUTONOMOUS_TRANSACTION;
  BEGIN
    EXECUTE IMMEDIATE 'GRANT PGX_SESSION_CREATE TO GRAPH_ADMINISTRATOR';
    EXECUTE IMMEDIATE 'GRANT PGX_SERVER_GET_INFO TO GRAPH_ADMINISTRATOR';
    EXECUTE IMMEDIATE 'GRANT PGX_SERVER_MANAGE TO GRAPH_ADMINISTRATOR';
    EXECUTE IMMEDIATE 'GRANT PGX_SESSION_CREATE TO GRAPH_DEVELOPER';
    EXECUTE IMMEDIATE 'GRANT PGX_SESSION_NEW_GRAPH TO GRAPH_DEVELOPER';
    EXECUTE IMMEDIATE 'GRANT PGX_SESSION_GET_PUBLISHED_GRAPH TO GRAPH_DEVELOPER';
    EXECUTE IMMEDIATE 'GRANT PGX_SESSION_MODIFY_MODEL TO GRAPH_DEVELOPER';
    EXECUTE IMMEDIATE 'GRANT PGX_SESSION_READ_MODEL TO GRAPH_DEVELOPER';
    EXECUTE IMMEDIATE 'GRANT PGX_SESSION_SET_IDLE_TIMEOUT TO GRAPH_DEVELOPER';
    EXECUTE IMMEDIATE 'GRANT PGX_SESSION_CREATE TO GRAPH_USER';
    EXECUTE IMMEDIATE 'GRANT PGX_SESSION_GET_PUBLISHED_GRAPH TO GRAPH_USER';
    BEGIN
      EXECUTE IMMEDIATE 'GRANT CREATE PROPERTY GRAPH TO GRAPH_DEVELOPER';
    EXCEPTION WHEN others then
      if sqlcode = -990 then
        mdsys.opg_log.debug('grant create property graph to graph_developer: missing privilege, continue');
      else
        raise;
      end if;
    END;
  EXCEPTION
    when others then
      dbms_output.put_line('add_graph_roles_grants: hit error ');
      raise;
  END;
  /
  --授权
  GRANT GRAPH_DEVELOPER TO hr;
  GRANT GRAPH_ADMINISTRATOR to hr;

服务端安装

安装

rpm -ivh oracle-graph-24.4.0.x86_64.rpm

配置文件

/etc/oracle/graph/pgx.conf

将...
"pgx_realm": {
  "implementation": "oracle.pg.identity.DatabaseRealm",
  "options": {
    "jdbc_url": "<REPLACE-WITH-DATABASE-URL-TO-USE-FOR-AUTHENTICATION>",
    "token_expiration_seconds": 3600,
    
修改如下：
...
"pgx_realm": {
  "implementation": "oracle.pg.identity.DatabaseRealm",
  "options": {
    "jdbc_url": "jdbc:oracle:thin:@localhost:1521/freepdb1",
    "token_expiration_seconds": 3600,
...

启动

#启动
systemctl start pgx
#停止
systemctl reload pgx
#重载
systemctl daemon-reload

#看状态
root@vbox mnt]# systemctl status pgx.service
● pgx.service - Oracle Graph In-Memory Server
   Loaded: loaded (/etc/systemd/system/pgx.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2025-01-17 07:55:07 UTC; 27s ago
 Main PID: 10598 (bash)
    Tasks: 57 (limit: 50345)
   Memory: 1.3G
   CGroup: /system.slice/pgx.service
           ├─10598 /bin/bash start-server
           └─10638 java --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.util=A>

Jan 17 07:55:09 vbox bash[10638]: INFO: Starting Servlet engine: [Apache Tomcat/9.0.90]
Jan 17 07:55:17 vbox bash[10638]: Jan 17, 2025 7:55:17 AM org.apache.catalina.startup.ContextConfig getDefaultWebXmlFragment
Jan 17 07:55:17 vbox bash[10638]: INFO: No global web.xml found
Jan 17 07:55:17 vbox bash[10638]: Jan 17, 2025 7:55:17 AM org.apache.jasper.servlet.TldScanner scanJars
Jan 17 07:55:17 vbox bash[10638]: INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in >
Jan 17 07:55:28 vbox bash[10638]: TeeFilter will be ACTIVE on this host [vbox]
Jan 17 07:55:29 vbox bash[10638]: Jan 17, 2025 7:55:29 AM org.glassfish.jersey.server.wadl.WadlFeature configure
Jan 17 07:55:29 vbox bash[10638]: WARNING: JAXBContext implementation could not be found. WADL feature is disabled.
Jan 17 07:55:30 vbox bash[10638]: Jan 17, 2025 7:55:30 AM org.apache.coyote.AbstractProtocol start
Jan 17 07:55:30 vbox bash[10638]: INFO: Starting ProtocolHandler ["https-jsse-nio-7007"]
#看具体错误
journalctl -u pgx.service

客户端配置

## 因为server端启用了https，java对此有校验，需要把证书导入到信任库里面
#本节参考：https://docs.oracle.com/en/database/oracle/property-graph/24.4/spgdg/using-self-signed-server-keystore.html#GUID-AC35D241-59D0-4CFE-B36B-9838E2B62119
#先配置环境变量
[root@vbox bin]# cat ~/.bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
	. ~/.bashrc
fi

# User specific environment and startup programs
#export  JAVA_HOME=/home/oracle/java/jdk-21.0.5
PATH=$PATH:$HOME/bin

export PATH
export  PGX_SERVER_KEYSTORE_PASSWORD=changeit

#导入证书到信任库
[root@vbox bin]# find / -name "*cacerts*"
find: ‘/proc/12992’: No such file or directory
find: ‘/run/user/1000/doc’: Permission denied
find: ‘/run/user/1000/gvfs’: Permission denied
/etc/pki/ca-trust/extracted/edk2/cacerts.bin
/etc/pki/ca-trust/extracted/java/cacerts
/etc/pki/java/cacerts
/etc/java/java-11-openjdk/java-11-openjdk-11.0.22.0.7-2.0.1.el8.x86_64/lib/security/cacerts
/etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.432.b06-2.0.1.el8.x86_64/lib/security/cacerts
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.432.b06-2.0.1.el8.x86_64/jre/lib/security/cacerts
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.432.b06-2.0.1.el8.x86_64/jre/lib/security/cacerts.upstream
/home/oracle/java/jdk-21.0.5/lib/security/cacerts
/opt/oracle/product/23ai/dbhomeFree/javavm/jdk/jdk11/lib/security/cacerts
/opt/oracle/product/23ai/dbhomeFree/javavm/lib/security/cacerts
/opt/oracle/product/23ai/dbhomeFree/jdk/lib/security/cacerts
[root@vbox bin]# echo $JAVA_HOME
/home/oracle/java/jdk-21.0.5
[root@vbox bin]# keytool -importkeystore -srckeystore /etc/oracle/graph/server_keystore.jks -destkeystore $JAVA_HOME/lib/security/cacerts -deststorepass changeit -srcstorepass changeit -noprompt
Importing keystore /etc/oracle/graph/server_keystore.jks to /home/oracle/java/jdk-21.0.5/lib/security/cacerts...
Entry for alias pgx successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
[root@vbox bin]# keytool -importkeystore -srckeystore /etc/oracle/graph/server_keystore.jks -destkeystore $JAVA_HOME/lib/security/cacerts -deststorepass changeit -srcstorepass changeit -noprompt^C
[root@vbox bin]# export JAVA_HOME=/etc/java/java-11-openjdk/java-11-openjdk-11.0.22.0.7-2.0.1.el8.x86_64
[root@vbox bin]# echo $JAVA_HOME
/etc/java/java-11-openjdk/java-11-openjdk-11.0.22.0.7-2.0.1.el8.x86_64
[root@vbox bin]# keytool -importkeystore -srckeystore /etc/oracle/graph/server_keystore.jks -destkeystore $JAVA_HOME/lib/security/cacerts -deststorepass changeit -srcstorepass changeit -noprompt
Importing keystore /etc/oracle/graph/server_keystore.jks to /etc/java/java-11-openjdk/java-11-openjdk-11.0.22.0.7-2.0.1.el8.x86_64/lib/security/cacerts...
Entry for alias pgx successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /etc/java/java-11-openjdk/java-11-openjdk-11.0.22.0.7-2.0.1.el8.x86_64/lib/security/cacerts -destkeystore /etc/java/java-11-openjdk/java-11-openjdk-11.0.22.0.7-2.0.1.el8.x86_64/lib/security/cacerts -deststoretype pkcs12".
(failed reverse-i-search)`demoad': keytool -importkeystore -srckeystore /etc/oracle/graph/server_keystore.jks -destkeystore $JAVA_HOME/lib/security/cacerts -^Cststorepass changeit -srcstorepass changeit -noprompt
#重启
systemctl daemon-reload
systemctl restart pgx
systemctl stop pgx
systemctl start pgx
systemctl status pgx.service

然后再浏览器中打开 https://localhost:7007/dash

用户名和密码就是刚开始的时候配置数据库的用户名和密码

参考文档

https://docs.oracle.com/en/database/oracle/property-graph/24.4/spgdg/oracle-graph-server-and-client-installation.html#SPGDG-GUID-55880457-D6B1-47D7-A05A-1E95DE9ABFC5