Issue with Password Reset in gvenzl/oracle-xe:21.3.0 Docker Image

[ChrisHellboy]

Hi,

I'm reaching out because I've encountered an issue while using your Docker image gvenzl/oracle-xe:21.3.0.

I set up the container using the command:

docker run -d -p 1521:1521 -p 5500:5500 -e ORACLE_PASSWORD=password_test --name=oracle-xe --volume ~/oracle/docker-volumes/oracle-xe:/opt/oracle/oradata gvenzl/oracle-xe:21.3.0

When I checked the logs with docker logs oracle-xe, I received the following message:

CONTAINER: WARNING: $ORACLE_PASSWORD has been specified but the database is already initialized. The password will be ignored.
CONTAINER: WARNING: If you want to reset the password, please run the resetPassword command, e.g. 'docker|podman exec <container name|id> resetPassword <your password>'.

I tried to reset the password using the resetPassword command as suggested:
docker exec oracle-xe resetPassword password_test

However, this command resulted in the following error:

ALTER USER SYS IDENTIFIED BY "password_test"
*
ERROR at line 1:
ORA-01990: error opening password file ''

Despite trying various troubleshooting steps, including re-creating the container, the problem persists. I'm unable to connect to the database with SQL Developer due to an invalid username/password error.

When I removed the --volume parameter of the docker run command, it worked absolutely fine so it has to be related to it somehow.

Any help would be greatly appreciated.

Thank you in advance for your time and support.

[gvenzl]

Hey @ChrisHellboy,

First of all, thank you very much for using these images!

This is certainly strange but I do remember an issue with volumes on Windows where the samba mount would be implicitly under root and not the oracle user and hence the file permissions go out the window (no pun intended).
Similarly, I think also under Linux with SELinux you may run into permission issues with volume, although I do not remember these details just as exactly anymore.

Could you share your environment details, please?
Docker version, host operating system and anything else you may think could be relevant.

Could you also try starting a brand-new container with an empty volume and the -e ORACLE_PASSWORD variable set, like above, please?
I have a hunch that you will see the same error there as well after CONTAINER: starting up Oracle Database... as the password file (and all other database files) will be in that new volume by then.

Thanks,

[ChrisHellboy]

Hi @gvenzl,

Thanks for your swift response and for your job with the image!

In response to your queries, my setup is as follows: I'm running Docker version 24.0.2, build cb74dfc, on a Ventura 13.3.1. My machine is equipped with an Apple M2 chip, so as per the README, I'm using colima. I can't think of any other details that might be relevant, but please let me know if there's anything else that could help.

Following your suggestion, I started a brand-new container with an empty volume and the -e ORACLE_PASSWORD variable set, as before. Your hunch was spot on — I encountered the same error after the "CONTAINER: starting up Oracle Database..." message.
Logs:

docker run -p 1521:1521 -p 5500:5500 -e ORACLE_PASSWORD=password123 --name=oracle-xe --volume /Users/Christian/Documents/test_oracle_xe:/opt/oracle/oradata gvenzl/oracle-xe:21.3.0
CONTAINER: starting up...
CONTAINER: first database startup, initializing...
CONTAINER: uncompressing database data files, please wait...
CONTAINER: done uncompressing database data files, duration: 191 seconds.
mv: failed to preserve ownership for '/opt/oracle/oradata/dbconfig/XE/spfileXE.ora': Permission denied
mv: failed to preserve ownership for '/opt/oracle/oradata/dbconfig/XE/orapwXE': Permission denied
mv: failed to preserve ownership for '/opt/oracle/oradata/dbconfig/XE/listener.ora': Permission denied
mv: failed to preserve ownership for '/opt/oracle/oradata/dbconfig/XE/tnsnames.ora': Permission denied
mv: failed to preserve ownership for '/opt/oracle/oradata/dbconfig/XE/sqlnet.ora': Permission denied
CONTAINER: starting up Oracle Database...

LSNRCTL for Linux: Version 21.0.0.0.0 - Production on 19-JUL-2023 14:12:32

Copyright (c) 1991, 2021, Oracle.  All rights reserved.

Starting /opt/oracle/product/21c/dbhomeXE/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 21.0.0.0.0 - Production
System parameter file is /opt/oracle/homes/OraDBHome21cXE/network/admin/listener.ora
Log messages written to /opt/oracle/diag/tnslsnr/4f7dc094360d/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 21.0.0.0.0 - Production
Start Date                19-JUL-2023 14:12:32
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Default Service           XE
Listener Parameter File   /opt/oracle/homes/OraDBHome21cXE/network/admin/listener.ora
Listener Log File         /opt/oracle/diag/tnslsnr/4f7dc094360d/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
The listener supports no services
The command completed successfully
ORACLE instance started.

Total System Global Area 1241512312 bytes
Fixed Size		    9685368 bytes
Variable Size		  587202560 bytes
Database Buffers	  637534208 bytes
Redo Buffers		    7090176 bytes
Database mounted.
Database opened.

CONTAINER: Resetting SYS and SYSTEM passwords.
   ALTER USER SYS    IDENTIFIED BY "password123"
*
ERROR at line 1:
ORA-01990: error opening password file ''

Awaiting your advice.

Best,

[gvenzl]

Hey @ChrisHellboy,

After doing some research, it appears that you are running into the same issue as reported over at #163 and that the issue is related to how colima treats volumes, i.e. mount points and the underlying mounting libraries.

Over in the colima repository, people have recommended trying the --mount-type 9p mount option, see: abiosoft/colima#54 (comment)

Another user has also reported that this can be done via an override.yaml file, see: abiosoft/colima#83 (comment)

Could you try the recommended solutions over in colima issue 54 and see whether any of these solve the issue?

Thanks a lot!

[ChrisHellboy]

Hi,
So I looked at the comment and did the following:
colima start --arch x86_64 --memory 4 --mount-type 9p

Then cleaned all my current docker containers and folder and executed the following:

docker run -p 1521:1521 -p 5500:5500 -e ORACLE_PASSWORD=password123 --name=oracle-xe --volume /Users/Christian/Documents/test_oracle_xe:/opt/oracle/oradata gvenzl/oracle-xe:21.3.0

CONTAINER: starting up...
CONTAINER: database already initialized.
CONTAINER: starting up Oracle Database...

LSNRCTL for Linux: Version 21.0.0.0.0 - Production on 09-AUG-2023 15:02:19

Copyright (c) 1991, 2021, Oracle.  All rights reserved.

Starting /opt/oracle/product/21c/dbhomeXE/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 21.0.0.0.0 - Production
System parameter file is /opt/oracle/homes/OraDBHome21cXE/network/admin/listener.ora
Log messages written to /opt/oracle/diag/tnslsnr/20cf1551a568/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 21.0.0.0.0 - Production
Start Date                09-AUG-2023 15:02:20
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Default Service           XE
Listener Parameter File   /opt/oracle/homes/OraDBHome21cXE/network/admin/listener.ora
Listener Log File         /opt/oracle/diag/tnslsnr/20cf1551a568/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
The listener supports no services
The command completed successfully
ORACLE instance started.

Total System Global Area 1241512312 bytes
Fixed Size		    9685368 bytes
Variable Size		  587202560 bytes
Database Buffers	  637534208 bytes
Redo Buffers		    7090176 bytes
ORA-00221: error on write to control file
ORA-00206: error in writing (block 1, # blocks 1) of control file
ORA-00202: control file: '/opt/oracle/oradata/XE/control01.ctl'
ORA-27041: unable to open file
Linux-x86_64 Error: 13: Permission denied
Additional information: 3

I am not exactly sure what it implies though...

[gvenzl]

Hey @ChrisHellboy,

Hmm, ok, that at least produces a different error, seems like we have moved on to a general permission issue.
I think next we need to look into the local folder and see what the permissions of the files are.
Could you please post the output of ls -al /Users/Christian/Documents/test_oracle_xe on your Mac?

[gvenzl]

Closing due to lack of response.