Introduce DB health check script with OS authenticated user

Thanks for providing gvenzl/oracle-xe Docker image. I'd like these two repositories to be listed to https://github.com/gvenzl/oci-oracle-xe#users-of-these-images .

• rsim/oracle-enhanced via
  rsim/oracle-enhanced@afd7a93

• rsim/ruby-plsql via
  rsim/ruby-plsql@63baad0

Thanks.

Other images like Postgres and MySQL only set the password for their respected env variables once at DB creation. These images should have the same look and feel.

Report from vas_stergioulis:

When trying with sqlcl, outside of the container, to connect with the host's external ip (internet ip) it connects correctly but when I try instead with 'localhost' or hostname (meaning that it tries with 127.0.0.1), first it asks for the password and after exactly 60 seconds fails with 'IO Error: Got minus one from a read call (CONNECTION_ID=4QZ+EVjLRSeHLmjNPjDj4Q==)'. The same machine is running in a container a 18c-xe and connecting with localhost works as it should. Listener log.xml in both shows a '* establish * xepdb1 ' but in failed attempt it writes immediately ' service_update * XE * 0'.

Putting tcp.validnode_checking = no in sqlnet.ora changes the error, immediately shows ORA-12514, TNS:listener does not currently know of service requested in connect descriptor

In general, it is an error that happens with 127.0.0.1 When I use a server name that resolves in external ip6 or ip4 address connects as it should.

For some reason the health check is not being picked up correctly by docker.

When I do

docker inspect --format "{{json .Config.Healthcheck }} <container>

Then I get null back. In addition to that when I do docker container ls then the status is not displayed for the running container.

e.g.

CONTAINER ID   IMAGE                      COMMAND                  CREATED              STATUS              PORTS                     NAMES
925ac8dbba4b   gvenzl/oracle-xe:11-slim   "container-entrypoin…"   About a minute ago   Up About a minute   0.0.0.0:49161->1521/tcp   exciting_wu

When it works correctly the status is in branches after the time (e.g. "Up About a minute (healthy)")

GitHub Actions calls docker inspect --format="{{if .Config.Healthcheck}}{{print .State.Health.Status}}{{end}}" <container> to check the status of the container.

I tried playing by passing a custom --health-cmd for the GitHub actions to work, but unfortunately I still couldn't make it work. GitHub only provides the status and nothing more so I can't even check the health logs to see what is happening in the container.

Also 21c tags missing under https://hub.docker.com/r/gvenzl/oracle-xe

The current 21-full image comes with an UNDO tablespace and a TEMP tablespace that are taking space. This slows down the PDB provisioning process. It would be great to have the minimum size being used for each:

• 4 MB for UNDO
• 2 MB for TEMP

It would allow to not use sys nor system user and still be able to do some administrative tasks.
For versions 18.4 and 21 at least

Hi @gvenzl ,
I was trying to upgrade Quarkus from using gvenzl/oracle-xe:18.4.0-slim to versions 21.3.0 but the image is failing to boot with this error:

STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 21.0.0.0.0 - Production
Start Date                02-DEC-2021 12:11:25
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Default Service           XE
Listener Parameter File   /opt/oracle/homes/OraDBHome21cXE/network/admin/listener.ora
Listener Log File         /opt/oracle/diag/tnslsnr/4d207a054586/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
The listener supports no services
The command completed successfully
ORA-00821: Specified value of sga_target 1184M is too small, needs to be at least 1344M
ORA-01078: failure in processing system parameters

I've tried both the -slim and the standard versions, they gave me the same error.

Hopefully just a simple configuration problem?

I got a GitHub Workflow working for 11-slim but not 18-slim. Here is the run. The error on 18-slim is:

ORA-01918: user 'SQITCHTEST' does not exist

This user should be created by the service configuration:

    services:
      oracle:
        image: gvenzl/oracle-xe:${{ matrix.oracle.version }}-slim
        ports: [ 1521 ]
        env:
          ORACLE_PASSWORD: sqitchtest
          APP_USER: sqitchtest
          APP_USER_PASSWORD: sqitchtest
        options: >-
          --health-cmd healthcheck.sh
          --health-interval 20s
          --health-timeout 10s
          --health-retries 10

This works well in 11-slim but not 18-slim. Note that for both I'm using the SID XE; maybe the user is created in some other database in 18-slim? I've tried connecting to XEPDB1 instead, but that does not seem to exist, returning

ORA-12505: TNS:listener does not currently know of SID given in connect descriptor (DBD ERROR: OCIServerAttach)

Hi!

I tried starting Oracle XE on Docker 20.10.10 on an Apple M1 computer.

docker run -p 1521:1521 -e ORACLE_PASSWORD=pwd --platform linux/amd64 gvenzl/oracle-xe

Here is my docker info:

Client:
 Cloud integration: v1.0.20
 Version:           20.10.10
 API version:       1.41
 Go version:        go1.16.9
 Git commit:        b485636
 Built:             Mon Oct 25 07:43:15 2021
 OS/Arch:           darwin/arm64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.10
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.9
  Git commit:       e2f740d
  Built:            Mon Oct 25 07:41:10 2021
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.4.11
  GitCommit:        5b46e404f6b9f661a205e28d59c982d3634148f8
 runc:
  Version:          1.0.2
  GitCommit:        v1.0.2-0-g52b36a2
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

It fails whith the following log:

Listening Endpoints Summary...

  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))

  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))

The listener supports no services

The command completed successfully

ERROR:

ORA-12547: TNS:lost contact



SP2-0306: Invalid option.

Usage: CONN[ECT] [{logon|/|proxy} [AS {SYSDBA|SYSOPER|SYSASM|SYSBACKUP|SYSDG|SYSKM|SYSRAC}] [edition=value]]

where <logon> ::= <username>[/<password>][@<connect_identifier>]

      <proxy> ::= <proxyuser>[<username>][/<password>][@<connect_identifier>]

SP2-0306: Invalid option.

Usage: CONN[ECT] [{logon|/|proxy} [AS {SYSDBA|SYSOPER|SYSASM|SYSBACKUP|SYSDG|SYSKM|SYSRAC}] [edition=value]]

where <logon> ::= <username>[/<password>][@<connect_identifier>]

      <proxy> ::= <proxyuser>[<username>][/<password>][@<connect_identifier>]

SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus

Is Oracle XE not yet working on Apple M1?

Thanks!

Start with:

• linux/amd64
• linux/arm64

Problem Statement

The section about container secrets in readme.md might need updating. The way Docker Engine (tested with 20.10.12 on Ubuntu 20.04 LTS) handles secrets is different from podman (tested with podman 3.3.1 on Oracle Linux 8.5).

Docker Engine

For secrets to be available you need to initialise a (single node) Docker Swarm. Otherwise it's not possible to create the secret:

$ sudo docker secret create oracle-passwd ~/.pwd
Error response from daemon: This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.

Once the swarm is initialised it is possible to add the secret:

$ sudo docker swarm init
Swarm initialized: current node (1rzudangjm68u30vx51227zf6) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join --token SWMTKN-1-5ezmfxh6tzi7v4789vi0l8gjq2m1n1zzyiuluets9cawph849w-0soqtexxpbd3blrsygp7qchpi 10.0.2.15:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

Now it's possible to create a secret:

$ sudo docker secret create oracle-passwd ~/.pwd
dkh6i7frg9cstd8zn7izflbjm
$ sudo docker secret ls
ID                          NAME            DRIVER    CREATED          UPDATED
dkh6i7frg9cstd8zn7izflbjm   oracle-passwd             11 seconds ago   11 seconds ago

Without passing the secret on the command line /run/secrets/* does not contain any data and the container fails to start:

$ sudo docker run --name some-oracle -e ORACLE_PASSWORD_FILE=/run/secrets/oracle-passwd --rm -it gvenzl/oracle-xe:21-slim
CONTAINER: starting up...
/opt/oracle/container-entrypoint.sh: line 70: /run/secrets/oracle-passwd: No such file or directory

The error message in container-entrypoint.sh refers to a missing /run/secrets/oracle-passwd file

Unfortunately it seems impossible to pass the secret to docker run:

$ sudo docker run --name some-oracle -e ORACLE_PASSWORD_FILE=/run/secrets/oracle-passwd --rm -it --secret oracle-passwd gvenzl/oracle-xe:21-slim
unknown flag: --secret
See 'docker run --help'.

Passing secrets requires a service to be started:

$ sudo docker service create --name some-oracle -e ORACLE_PASSWORD_FILE=/run/secrets/oracle-passwd --secret oracle-passwd gvenzl/oracle-xe:21-slim
6qkawq9wg3r25uv6ashoajzs1
overall progress: 1 out of 1 tasks 
1/1: running   [==================================================>] 
verify: Service converged 
$ sudo docker service ls
ID             NAME          MODE         REPLICAS   IMAGE                      PORTS
6qkawq9wg3r2   some-oracle   replicated   1/1        gvenzl/oracle-xe:21-slim   

$ sudo docker container exec $(sudo docker ps --filter name=some-oracle -q) ls -l /run/secrets
total 4
-r--r--r-- 1 root root 7 Dec 14 15:09 oracle-passwd

Podman

The use of podman greatly simplifies matters. It is possible to create a secret without the need of any auxiliary construct. A simple podman secret create some-secret ~/.pwd will do. The secret can be passed as an argument to podman run as in

$ podman run --name some-oracle \
  --secret oracle-password \
  -e ORACLE_PASSWORD_FILE=/run/secrets/oracle-password \
  -d docker.io/gvenzl/oracle-xe:21-slim

Unless the secret is passed to either Docker service or podman it won't be accessible in /run/secrets/*

It can be helpful for developers to know how they can further speed up their container startup time by using a pre-existing volume.

Add a password reset command for users to quickly reset the SYS, SYSTEM passwords.

Latest XE 11 container fails with error message:

ORA-47500: XE edition memory parameter invalid or not specified

Full error message:

CONTAINER: starting up...
CONTAINER: first database startup, initializing...
CONTAINER: uncompressing database data files, please wait...
CONTAINER: done uncompressing database data files, duration: 5 seconds.
CONTAINER: machine has high CPU count: 36
CONTAINER: increasing SGA_TARGET to 1.5GB.

File created.



File created.


CONTAINER: done increasing SGA_TARGET.
CONTAINER: starting up Oracle Database...

LSNRCTL for Linux: Version 11.2.0.2.0 - Production on 21-DEC-2021 15:54:42

Copyright (c) 1991, 2011, Oracle.  All rights reserved.

Starting /u01/app/oracle/product/11.2.0/xe/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.2.0 - Production
System parameter file is /u01/app/oracle/product/11.2.0/xe/network/admin/listener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/93529fadf672/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.2.0 - Production
Start Date                21-DEC-2021 15:54:42
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Default Service           XE
Listener Parameter File   /u01/app/oracle/product/11.2.0/xe/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/93529fadf672/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
ORA-47500: XE edition memory parameter invalid or not specified

Exited with code 140

This is most likely due to:

CONTAINER: increasing SGA_TARGET to 1.5GB.

According to this thread, PGA+SGA must not exceed 2G for XE:
https://community.oracle.com/tech/developers/discussion/4188762/ora-56752-oracle-database-express-edition-xe-memory-parameter-invalid-or-not-specified

18-slim seems much bigger compared to 11-slim

pmon is the main database process. The container should attach and wait for pmon to shutdown, instead of a tail on the alert log. Has to be verified how that works with the shutdown trap and whether the database gets a clean shutdown.

Proudly using your oracle-xe image in Aimeos Upscheme: https://upscheme.org

aimeos/upscheme@954650a

Hi

I would like to be able to use TDE but haven’t got an idea where to start as the documentation talks about setting up a keystore/wallet etc and trying ALTER SYSTEM SET ENCRYPTION… doesn’t work due to not being in the root container?

Please could you add this feature in or show an example of how it can be enabled on an 18x XE image?

Suggestion perhaps in the docker image:

ENABLE_TDE=yes
WALLET_PASSWORD=foo

then on first start up these environment variables are read and the sqlora.net file is edited and the wallet set up with the instance created with encryption?

Obviously it would require the init.sql to contain encrypted table spaces etc and the start up be slower as I read that TDE may require a database reboot for it to initiate?!

Thank you for your great work on creating a slimmed down docker image with Oracle XE 18c.

I was wondering if you have any advice on the best way to extend this image with a bundled database. The use case for this is integration testing of large databases etc where bootup times is important.

I see two main approaches:

1. Use docker run, mounting the scripts for creating my database into /container-entrypoint-initdb.d, wait until completion; shutdown and docker commit
2. Use a Dockerfile and ADD the scripts into /container-entrypoint-initdb.d, including a final script that stops the database and trigger container-entrypoint.sh

Neither of these feel very good, however I'm at a loss for a third and better apporach.

Hi,

I'm trying to run an EXTERNAL_SCRIPT job from XE21c:full but it doesn't start because a binary library is missing.

Using the example from https://oracle-base.com/articles/12c/scheduler-enhancements-12cr1#external-script I am getting the following ADDITIONAL_INFO in ALL_SCHEDULER_JOB_RUN_DETAILS:

EXTERNAL_LOG_ID="job_76121_2534",
ORA-27369: Job vom Typ EXTERNAL_SCRIPT nicht erfolgreich mit Exitcode: Device or resource busy
ORA-27369: Job vom Typ EXTERNAL_SCRIPT nicht erfolgreich mit Exitcode: Unable to find or open libpam.so in $LD_LIBRARY_PATH

I've already looked through the install script but couldn't spot a possible reason for this.

Any ideas?

Should work similar to MYSQL_DATABASE
This variable is optional and allows you to specify the name of a database to be created on image startup. If a user/password was supplied then that user will be granted superuser access (corresponding to GRANT ALL) to this database.

As I understand even XE Database allows for up to 3 pdbs. Wouldn't it be convenient to pass up to 3 pdbs names into ORACLE_DATABASE?

Support Docker secrets via _FILE variables.

I appreciate the GitHub Actions example in the README, but I'm struggling to figure out how to connect. Would it be possible to extend the example to show how to connect to the Service Container?

MySQL has a nice -e MYSQL_RANDOM_ROOT_PASSWORD feature that these images could support as well.

Some my tests check canceling by OCIBreak. However 21c+ images set DISABLE_OOB in sqlnet.ora in the database side and the tests fail. I would be happy if DISABLE_OOB could be optionally turned off in the latest images.

I put the following step in github actions to set the environment variable TWO_TASK for later steps. The tests succeed when the docker image is 18c.

      - name: Get the Oracle container IP address
        env:
          ORACLE_SERVICE_ID: ${{ job.services.oracle.id }}
        run: |
          ORACLE_IP_ADDRESS=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{println .IPAddress}}{{end}}' $ORACLE_SERVICE_ID)
          if test -z "$ORACLE_IP_ADDRESS"; then
              echo "Cannot get ORACLE_IP_ADDRESS."
              docker inspect $ORACLE_SERVICE_ID
              exit 1
          fi
          echo TWO_TASK=//$ORACLE_IP_ADDRESS:1521/XEPDB1 >> $GITHUB_ENV

Since no more click is needed, automatic download of the binary RPM file could be added to the buildContainerImage.sh script.

I'm trying to use this Oracle container from .NET but I can't open a connection to the database.

Here's what I'm doing.

1. Run the docker container:

docker run -d -p 1521:1521 -e APP_USER=test -e APP_USER_PASSWORD=test -e ORACLE_RANDOM_PASSWORD=true gvenzl/oracle-xe:11-slim

I can see in the logs that the containers starts successfully:

[…]
CONTAINER: Resetting SYS and SYSTEM passwords.
User altered.
User altered.
############################################
ORACLE PASSWORD FOR SYS AND SYSTEM: YzEyYmNi
############################################
#########################
DATABASE IS READY TO USE!
#########################
##################################################################
CONTAINER: The following output is now from the alert_XE.log file:
##################################################################
[…]

2. Run the following code:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net5.0</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Oracle.ManagedDataAccess.Core" Version="3.21.1" />
  </ItemGroup>

</Project>

using System;
using Oracle.ManagedDataAccess.Client;

static class Program
{
    static void Main()
    {
        try
        {
            var connectionStringBuilder = new OracleConnectionStringBuilder
            {
                DataSource = "(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))",
                UserID = "test",
                Password = "test",
            };
            var connectionString = connectionStringBuilder.ToString();
            Console.WriteLine($"Opening connection to {connectionString}");
            using var connection = new OracleConnection(connectionString);
            connection.Open();
            Console.WriteLine("✅ Success");
        }
        catch (Exception exception)
        {
            Console.WriteLine($"❌ {exception.Message}");
        }
    }
}

I was expecting to see the success message but here's what I got instead:

Opening connection to PASSWORD=test;DATA SOURCE="(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))";USER ID=test
❌ ORA-01017: invalid username/password; logon denied

Can you tell me what I'm doing wrong?

I'm trying to migrate utPLSQL project from Travis to GitHub Actions.

When running our own utPLSQL-cli from GHActions host to connect to 11-full, I get an error:

jdbc:oracle:thin:****/****@127.0.0.1:1521/XE: ORA-00604: error occurred at recursive SQL level 1
ORA-01882: timezone region not found

Could not establish connection to database. Reason: ORA-00604: error occurred at recursive SQL level 1
ORA-01882: timezone region not found

See here: https://github.com/utPLSQL/utPLSQL/runs/4318059768?check_suite_focus=true

The 18-small runs just - fine https://github.com/utPLSQL/utPLSQL/runs/4318059793?check_suite_focus=true

I've tried to do the following:

• [adding explicit ORACLE_JDBC path with ojdbc8 and orai18n] files(utPLSQL/utPLSQL@e94fe62) - that didn't help
• Adding explicit TZ: "Europe/London" in environment variables - this helped

I don't thing that the "workaround" I've found is something usable as Timezones can be different on different systems.

Can you help understanding why this is happening? Is there something missing/wrong in 11-full image?

As demonstrated over in #60, a container with not enough memory leads to a rather cryptic and user-unfriendly error while starting up the database (because Linux OOM Killer is starting to kill random (background) processes which leads the DB to terminate intentionally).

The container entrypoint should check whether a container has enough memory available, and if not, print a user-friendly error instead of an attempt to start up the database.

Used docker-compose to start container for 18.4.0. On the first start up everything is fine.

When stopping the container and removing it, on subsequent usage I get this in the docker logs:

ORA-01157: cannot identify/lock data file 19 - see DBWR trace file

Print DATABASE IS READY TO USE only after healthcheck script has returned successfully.

After spending some time and the amazing help from @filiphr (issue #19), it is clear that setting up GitHub actions with the image can be challenging for users.
Instead of them getting frustrated, the documentation should provide the necessary steps to use these images here with GitHub Actions.

Cloning the repo, the install..sh scripts would need to have execution rights to allow the buildContainerImage.sh to run properly (the docker COPY command would then copy execution rights as well making /install/install..sh command run without error).

Without this change, I did get:
STEP 5: RUN /install/install.2130.sh "${BUILD_MODE}"
/bin/sh: /install/install.2130.sh: Permission denied
error building at STEP "RUN /install/install.2130.sh "${BUILD_MODE}"": error while running runtime: exit status 126
ERRO[0013] exit status 126

For testing purposes it is really handy to start the container with a database already populated with a user that can be used in the tests. In order not to use the SYSTEM user.

Ideally I would like to run the container with:

docker run -d -p 1521:1521 -e ORACLE_PASSWORD=<your password> -e ORACLE_USER=<your database user> gvenzl/oracle-xe

I know that I can mount a volume with an initial script, but it is way easier to only define the user with an environment variable in the CI (e.g. in GitHub actions).

Hi,

Now a test user has been introduced, but I'm not able to setup my database correctly now.
Using your container with testcontainers and need to create tablespaces to be able to initiale database.

How would I set this up correctly?

Thank you for your assistance.

Currently, at container startup the database goes through a decompression phase at:

I have noticed this decompression phase takes anywhere from 15 seconds to a minute depending on the machine the container is started on.
Myself, and other developers that use these containers for testing, would likely accept the trade off of a bigger image, to reclaim performance at container startup.

I need to switch the db to read-only mode. Mostly to produce this error on writes:
ORA-16000: database or pluggable database open for read-only access

Tried some 'alter' queries but don't work. Is it possible?

jOOQ is using your images in integration tests, if you want, you can list it in the "Users of these images" section:
https://hub.docker.com/r/gvenzl/oracle-xe

I don't have a commit to share with you, as the tests are not publicly available

Allow for /docker-entrypoint-initdb.d/ entry scripts.

The resetPassword script does not reset the passwords for SYS and SYSTEM inside the PDB.

When I use gvenzl/oracle-xe:18-full run on macOS Big Sur(11.7), I get the Error.

command see below:

% docker run -d -p 1521:1521 -e ORACLE_PASSWORD=oracleAdmin -v oracle-volume:/opt/oracle/oradata gvenzl/oracle-xe:18-full

As pointed out by
https://franckpachot.medium.com/19c-instant-client-and-docker-1566630ab20e
and especially
https://github.com/oracle/docker-images/blob/main/OracleDatabase/SingleInstance/FAQ.md#ora-12637-packet-receive-failed
there can be an issue with Docker 19+ and Oracle 19+.
I encountered this with Debian 11 as a host, Docker version 20.10.10 and gvenzl/oracle-xe:21-full. Symptoms: connecting to the database inside the container via sqlplus works, but from outside (from the host) you only get timeouts and ORA-12637 or similar errors in the server log.

Solution: disable Out Of Bands feature by executing (inside the container)
echo DISABLE_OOB=ON >> $ORACLE_BASE_HOME/network/admin/sqlnet.ora
or similar. This can be done on the client side too according to above sources.

we use this run command to start a new 21c XE...

docker run -d --name your_name -p $PORT1:1521 -p $PORT2:5500 -p $PORT3:8080 -p $PORT4:8181
-v your_container_home/scripts/startup:/opt/oracle/scripts/startup
-v your_container_home/scripts/setup:/opt/oracle/scripts/setup
-v your_container_home:/opt/oracle/oradata
-e ORACLE_PASSWORD=your_password
gvenzl/oracle-xe:21-full

here is connected local path 'your_container_home/scripts/startup' to container directory /opt/oracle/scripts/startup

we created a symlink in root directory in container, /docker-entrypoint-startdb.d to /opt/oracle/scripts/startup in order to exec scripts inside

if you do not create this link, scripts are not executed.

if you put an "echo command" inside /opt/oracle/container-entrypoint.sh, prior to line #237, that is...
echo "";
echo "CONTAINER: Executing user defined scripts in ${SCRIPTS_ROOT}..."

you receive echoed "/docker-entrypoint-startdb.d" as SCRIPTS_ROOT

So the question is: do we need to create a symlink /docker-entrypoint-startdb.d to /opt/oracle/scripts/startup?

Both latest and 18 images are crashing on startup

In this example, I'm running this command:

docker run -e "ORACLE_PASSWORD=<some-pw>" \
-p 1521:1521 --name oxsql \
-d gvenzl/oracle-xe:18-slim

After a while the container exits on its own. and when I run docker logs:

docker logs oxsql
CONTAINER: starting up...
CONTAINER: first database startup, initializing...
CONTAINER: uncompressing database data files, please wait...
CONTAINER: done uncompressing database data files, duration: 26 seconds.
CONTAINER: starting up Oracle Database...

LSNRCTL for Linux: Version 18.0.0.0.0 - Production on 28-NOV-2021 20:23:01

Copyright (c) 1991, 2018, Oracle.  All rights reserved.

Starting /opt/oracle/product/18c/dbhomeXE/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 18.0.0.0.0 - Production
System parameter file is /opt/oracle/product/18c/dbhomeXE/network/admin/listener.ora
Log messages written to /opt/oracle/diag/tnslsnr/f065ff3bc8a1/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 18.0.0.0.0 - Production
Start Date                28-NOV-2021 20:23:02
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Default Service           XE
Listener Parameter File   /opt/oracle/product/18c/dbhomeXE/network/admin/listener.ora
Listener Log File         /opt/oracle/diag/tnslsnr/f065ff3bc8a1/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC_FOR_XE)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
The listener supports no services
The command completed successfully
ORACLE instance started.

Total System Global Area 1241512896 bytes
Fixed Size                  8895424 bytes
Variable Size             570425344 bytes
Database Buffers          654311424 bytes
Redo Buffers                7880704 bytes
ORA-03113: end-of-file on communication channel
Process ID: 102
Session ID: 20 Serial number: 38017

Any idea whats going on?