init_oracle_client(config_dir=f"{lib_dir}/network/admin") is the only path that seems to work for wallet based auth

[streamnsight]

Database: ATP 19c on OCI
platform.platform: Linux-5.4.17-2036.100.6.1.el7uek.x86_64-x86_64-with-glibc2.28
sys.maxsize > 2**32: True
platform.python_version: 3.9.1
cx_Oracle.version: 8.1.0
cx_Oracle.clientversion: (21, 1, 0, 0, 0)

2. Is it an error or a hang or a crash?
   Error: File not found

If I save my wallet into a folder (for example /atp_creds) and set the config_dir to that path as per the docs in

cx_Oracle.init_oracle_client(config_dir="/atp_creds")

It runs,
but when i try to connect with

cx_Oracle.connect(...

it hangs for about 1 minute and then returns the error:
ORA-28759: failure to open file

Using strace, I was able to find out that the init is looking for the cwallet.sso in the LD_LIBRARY_PATH/network/admin folder

close(9)                                = 0
openat(AT_FDCWD, "/instantclient_21_1/ldap/admin/sslconf.ora", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/instantclient_21_1/network/admin/ewallet.p12", 0x7ffd30281db0) = -1 ENOENT (No such file or directory)
stat("/instantclient_21_1/network/admin/cwallet.sso", 0x7ffd30281db0) = -1 ENOENT (No such file or directory)
close(8)     

When I place the wallet content there, it works.

I have set TNS_ADMIN environment variable to the credentials path
I have set LD_LIBRARY_PATH to the instantclient library location

I need to set TNS_ADMIN to LD_LIBRARY_PATH/network/admin for the wallet to be discovered and the connection to work.

[cjbj]

Do you have a sqlnet.ora file? Is there a directory path that needs to be updated? If it's an Oracle DB cloud wallet the default path would indeed map to instantclient*/network/admin. Review https://www.oracle.com/database/technologies/appdev/python/quickstartpython.html

If it's some other kind of wallet, please share all details, including the sqlnet.ora contents.

[cjbj]

And also see https://cx-oracle.readthedocs.io/en/latest/user_guide/connection_handling.html#connecting-to-autononmous-databases

[streamnsight]

there is an sqlnet.ora file and I did not modify it. Using the TNS_ADMIN variable typically overrides this, and it seems from the doc that that's exactly the purpose of the config_dir option in the init_oracle_client function
It's just not intuitive that the TNS_ADMIN option works with other clients but doesn't with cx_Oracle.
At the very least the documentation should specify that the wallet MUST be in the LD_LIBRARY_PATH/network/admin folder
unless the sqlnet.ora file is edited.

[cjbj]

I don't understand your problem: please share details to expedite problem solving! If your sqlnet.ora contains WALLET_LOCATION = (SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY="?/network/admin"))) then of course you need to edit the path ?/network/admin to match the directory where cwallet.sso is - assuming you have this file (again, please tell me what you're doing so I don't have to waste time guessing). TNS_ADMIN / config_dir specifies where sqlnet.ora and tnsnames.ora are, but your cwallet.sso file can be anywhere else you like - that's what the WALLET_LOCATION setting is for.

[streamnsight]

When I use the same wallet files with a java app server like WebLogic or Tomcat, I can use the syntax for the connection as jdbc:oracle:thin:@dbname_medium?TNS_ADMIN=/path/to/wallet for example and it works fine, without editing the sqlnet.ora file

TNS_ADMIN variable replaces the DIRECTORY location as far as I know and the wallet is found

This is not what is happening here.

[cjbj]

Noted.

The main question now is whether editing sqlnet.ora solved your issue?

[streamnsight]

I don't want to edit the sqlnet.ora. I shouldn't have to.
I am using this in kubernetes and the wallet comes as a secret that is dumped in a folder. putting the wallet in the proper folder (i.e LD_LIBRARY_PATH/network/admin) does work, but it took me a day of debugging to figure this out.

My point is this is not the same behavior as other Oracle DB clients and it is confusing.
At the very least the docs should mention the default location for the wallet is LD_LIBRARY_PATH/network/admin, but better yet, fix the issue and make it behave the same way other clients do, using the TNS_ADMIN path to locate the wallet.
Thanks

[anthony-tuininga]

You can use the technique I posted about here. That performs all of the steps necesary to get a connection without having to manually edit any files.

Note that if you have the files extracted, you can also use this connect string to get a connection:

username/password@tcps://host:port/service_name?WALLET_LOCATION=/my/path/to/the/wallet

Hopefully one of those is useful to you!

[stale]

This issue has been automatically marked as inactive because it has not been updated recently. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically closed because it has not been updated for a month.