Running the Configuration Assistant

3.2 Running the Configuration Assistant

After the Oracle GoldenGate Veridata installation is complete, navigate to the bin directory, and run vdtca.sh to display the Configuration Assistant.
If MySQL is a new install from Installer, then in the Repository Creation page, enter the New Root Password, and New Veridata Password. Ensure to pick a unique Schema Prefix to allow multiple Veridata installation to point to the same MySQL Repository. To ensure successful configuration, remove previously-installed MySQL instances.

Note:
If the Configuration Assistant detects a pre-existing MySQL instance in the system, it will display the information with red text shown as follows:

Figure 3-7 Repository Creation Page for a New MySQL Install

Note:
If the Configuration Assistant shows a warning message saying it has detected a pre-existing MySQL for the new MySQL installation option, then run the following command: yum list installed | grep mysql and verify if any MySQL database or package is installed in the system. If you are sure that the MySQL database does not exist in the system, then you can safely ignore the warning and proceed with the configuration. For example, pcp-pmda-mysql.x86_64 package can cause a false warning.

If MySQL is an existing database, then in the Repository Creation page, enter the database details for all the text fields.
- The New Veridata Username cannot be defined as an existing user in the existing MySQL database.
- The user responsible for creating a new MySQL Veridata repository user in an existing MySQL instance needs to have all privileges across all databases and tables. This includes the ability to grant privileges to other MySQL users and allow connections from any IP address. The following is a sample SQL script for creating such a user:
```
CREATE USER 'superuser'@'%' IDENTIFIED BY 'superpassword'; 
GRANT ALL PRIVILEGES ON *.* TO 'superuser'@'%' WITH GRANT OPTION; 
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'superuser'@'%';
```
  Figure 3-8 Repository Creation Page for an Existing MySQL
In the Memory Options page, for the Java Heap Sizes, select Use recommended settings (or modify according to your requirements) and click Next.

Figure 3-9 Memory Options
In the Administrator Account Credentials page, enter the Veridata Administrator Username, Password, and Confirm Password and click Next.

Figure 3-10 Administrator Account Credentials
The Security Options step of the Oracle GoldenGate Veridata Configuration Assistant allows users to configure the security settings for the Web User Interface (UI) by selecting encryption options, certificates, and communication ports. The primary function of this screen is to secure the connection between the client and the server using SSL/TLS protocols. This point outlines each of the available options and describes how to configure them.
1. SSL / TLS Security for Web UI
  - Purpose: Enabling this option ensures that communication between the Web UI and users is encrypted using SSL (Secure Sockets Layer) or TLS (Transport Layer Security).
  - Default Setting: This checkbox is enabled by default, meaning SSL/TLS is turned on.
  - Implications: If disabled, the communication will not be encrypted, making it vulnerable to eavesdropping and other security threats. You can opt in to disable SSL/TLS for faster and simpler deployment in a test environment.
  Note:
  The SSL / TLS Security for Web requires 8830 port to be open apart from the selected port. If 8830 the port is not open, then Oracle GoldenGate Veridata server does not start after the installation. In such a case, do the following after installation:
  1. Update the following property in <VERIDATA_HOME>/config/oggvdt_cainput.properties server.port=8830 to an available port.
  2. Start the Oracle GoldenGate Veridata server from <VERIDATA_HOME>/bin:
    ./run.sh
2. Certificate Configuration
  To secure the Web UI, Oracle GoldenGate Veridata uses X.509 certificates. The configuration wizard provides two ways to specify certificates outlined as follows:
  1. Use Veridata Self-Signed Certificate:
    - Purpose: Use this option if you want Veridata to automatically generate a self-signed SSL certificate.
    - Pros:
      - Quick and easy setup with no need for external certificate files
      - Useful in non-production environments or internal use cases where a trusted Certificate Authority (CA) is not necessary.
    - Cons:
      - Self-signed certificates are not trusted by web browsers without manual intervention.
      - Not suitable for production environments where certificates must be validated by a third-party CA.
  2. Upload Custom PEM Files
    - Purpose: This option allows users to specify their own SSL certificate, private key, and CA certificate files (in PEM format).
    - Required Files: This is the public certificate (usually with a .pem or .crt extension) that will be used to identify the server to clients.
      - File Input Field: Certificate
      - Example Path: /scratch/vdt23c/web/certificate.pem
    - CA Certificate File: This file contains the certificate(s) of the Certificate Authority (CA) that signed the server certificate. The CA file is used to verify that the server certificate is trusted.
      - File Input Field: CA Certificate File
      - Example Path: /scratch/vdt23c/web/ca.pem
    - When to Use: This option is best suited for production environments where an official SSL certificate issued by a trusted CA (such as Let’s Encrypt, DigiCert, or GoDaddy) is required.
3. Port Configuration
  Oracle GoldenGate Veridata operates over specific ports, and users can define whether to use the default port or a custom one.
  1. Use Default Port (8831)
    - Purpose: The default port for SSL/TLS connections to the Veridata Web UI is 8831.
    - When to Use
      - Suitable for environments where port 8831 is open and available.
      - Easier to configure, especially in less restrictive network environments.
  2. Use Non-Default Port
    - Purpose: Allows users to specify a custom port for Veridata to use for SSL/TLS traffic instead of the default 8831.
    - When to Use
      - In cases where the default port (8831) is blocked or already in use.
      - When a specific port policy is enforced by your IT or security team (for example, using port 443 for HTTPS traffic).
      - Configuration: Enter the custom port number into the input field provided.
Figure 3-11 Security Options
Review the configuration summary on the Summary page. Click Save Response File to save the respose file if needed.

Figure 3-12 Conifuguration Assistant Summary
Open a terminal and run sudo su to change to root. After you see the following screen, run the script as root.

Figure 3-13 Configure root

Note:
The root script should typically take 10-15 seconds.
If the install_configure_mysql.sh script was executed successfully, the console will display the following information:
- The Configuration Assistant will set the root user password as what you entered in the next stage of veridata repository creation.
- MySQL has been installed and started.
- Please return to the Configuration Assistant and click OK to continue.
  
  Then follow the console instruction, return to the Configuration Assistant and click OK to continue.
After a successful configuration, the Finish page displays the URL of Oracle Goldengate Veridata web application. Input the URL to a web browser to verify that the Oracle GoldenGate Veridata server is running.

Figure 3-14 Configuration Complete

Parent topic: Install