EXD: Exacli setup

To configure exacli on EXD cells, create the following myadmin user on each cell as follow, using cellcli:

create role administrator;
grant privilege all actions on all objects all attributes with all options to role administrator;
create user myadmin password=*;
grant role administrator to user myadmin

 

Assuming as ssh equivalence exists between the compute node and these cells, exacli can be tested as follow, from any of the compute:

# exacli -l myadmin -c <cellname>

 

Advertisements

ODAVP: Re-Imaging

This note is about (re)installing one virtualized ODA.

Full guidelines are posted below in the official documentation:

Relevant MOS notes:

  1. 1520579.1 Step by Step Instructions on Installing Virtualized Image on Oracle Database Appliance
  2. 2233866.1 Unable to use the Virtual CDROM on ILOM Remote System Console Plus
  3. 888888.1 Oracle Database Appliance – 18.2, 12.X, and 2.X Supported ODA Versions and Known Issues

It is easy to get lost in the process, it is going to be about:

  1. Reimage the 2 dom0 nodes from the iso
  2. Create the domU (oda_base) by deploying the oda_base
  3. Configuring the oda_base, including the clusterware from the VNC session

 

#1 Download the virtualized image file from the latest patch (16186163) preferably on a local disk

 

#2 From both ILOM Console, login and connect the storage to the newly downloaded iso file (for example OakOvm_10703.iso for 12.2.1.4.0 or OakOvm_181205.iso for 18.3), then reboot on the CDROM.

In case of issue with https, ie the reboot not picking up the CDROM, disable https.

 

#3 Once the installation get completed, from the dom0 console of the first node, run the following command to setup the network.

# oakcli configure firstnet 
# oakcli configure additionalnet

 

#4 Download the ODA_BASE template file from the latest patch (16186172) on the desktop, and transfer it on the /OVS directory on the first dom0 node

 

#5 From the first node, unzip the ODA_BASE template and concatenate the files together, for example for 18.3:

unzip p16186172_183000_Linux-x86-64_1of4.zip
unzip p16186172_183000_Linux-x86-64_2of4.zip
unzip p16186172_183000_Linux-x86-64_3of4.zip
unzip p16186172_183000_Linux-x86-64_4of4.zip
cat oda_base_183000.gz01 oda_base_183000.gz02 oda_base_183000.gz03 oda_base_183000.gz04 > oda_base_18.3.tar.gz

 

#6 Deploy the ODA_BASE from the first node, this will take care of the second node.

oakcli deploy oda_base

Specify the location and name of the oda_base file.

 

#7 start vncview to access  <dom0 node0 ip adress>:5900 node. Remember that at this point, the domU is not configured

Login with root/welcome1 and start X11:

startx

The vnc session will changed into a X11 desktop access

 

#8 First, login to the oda_base via the vnc or via the private IP to check the patch level of all components

# oakcli show version -detail
Reading the metadata. It takes a while...
System Version  Component Name            Installed Version         Supported Version        
--------------  ---------------           ------------------        -----------------        
18.3.0.0.0                                                                                   
                Controller_INT            4.650.00-7176             Up-to-date               
                Controller_EXT            13.00.00.00               Up-to-date               
                Expander                  0306                      Up-to-date               
                SSD_SHARED {                                                                 
                [ c1d20,c1d21,c1d22,      A29A                      Up-to-date               
                c1d23 ]                                                                      
                [ c1d0,c1d1,c1d2,c1d      A29A                      Up-to-date               
                3,c1d4,c1d5,c1d6,c1d                                                         
                7,c1d8,c1d9,c1d10,c1                                                         
                d11,c1d12,c1d13,c1d1                                                         
                4,c1d15,c1d16,c1d17,                                                         
                c1d18,c1d19 ]                                                                
                             }                                                               
                SSD_LOCAL                 0R3Q                      Up-to-date               
                ILOM                      4.0.4.22 r126940          Up-to-date               
                BIOS                      38110100                  Up-to-date               
                IPMI                      1.8.12.4                  Up-to-date               
                HMP                       2.4.1.0.14                Up-to-date               
                OAK                       18.3.0.0.0                Up-to-date               
                OL                        6.10                      Up-to-date               
                OVM                       3.4.4                     Up-to-date              

 

#9 If any of these components is not up to date, proceed first by patching the servers. First transfer the patch zip files to both oda_base, using the private ip, then unpack them from both nodes, then run the patch command from the first node

oakcli unpack -package /tmp/p28864520_183000_Linux-x86-64_1of3.zip
oakcli unpack -package /tmp/p28864520_183000_Linux-x86-64_2of3.zip
oakcli unpack -package /tmp/p28864520_183000_Linux-x86-64_3of3.zip
oakcli update -patch 18.3.0.0.0 --server
oakcli update -patch 18.3.0.0.0 --storage
oakcli update -patch 18.3.0.0.0 --verify

 

#10 Finish the oda_base deployment

oakcli deploy

 

Note1: the scan address must be registered into the DNS before oakcli deploy can be run.

 

ODAVP: Changing additionalnet IP

It seems that there is no utility to change the “additionalnet” network interface when it has been already configured via the command “oakcli configure additionalnet”

To change the additionalnet information, solution so far (18.3) is

#1 Update /etc/sysconfig/network-scripts/ifcfg-net2 to specify the new IP adress

#2 Restart the network (service restart network)

#3 Update /opt/oracle/oak/conf/dom0.xml to reflect the change above

#4 Then verify that the command below return the expected network details:

oakcli show firstnet

OCI: Connection manager 18c setup for ATP/ADW

This note is about how to configure Connection manager 18c to be used as a front end proxy for both the autonomous database ATP or data warehouse ADW.

 

#1 First provision a VM running a basic shape, running OL7

 

#2 Login to the connection manager VM and configure the oracle user as detailed in this note

 

#3 Configure the XDisplay as detailed in this note

 

#4 Add the following prereq for the 12c client runinstaller not to fail because of missing prerequisites

yum install compat-libcap1 libstdc++-devel ksh glibc-devel libaio-devel psmisc

 

#5 Open the port tcp/1950 for the connection manager as detailed in this note

 

#6 Transfer the 18c Database client on the VM and unzip it as the oracle user.

 

#7 Login with the oracle user and run the installer. Ignore the warning about the swap size. Install the connection manager component

 

#8 Create the directory /u01/app/oracle/admin/wallet/atp_wallet and transfer into this location the ATP or ADP wallet files.

This directory should list the following files:

ls -l /u01/app/oracle/admin/wallet/atp_wallet
total 44
-rw-r--r--. 1 oracle oinstall 10613 Dec 16 13:10 cwallet.sso
-rw-------. 1 oracle oinstall     0 Dec 16 13:10 cwallet.sso.lck
-rw-r--r--. 1 oracle oinstall 10568 Dec 16 13:10 ewallet.p12
-rw-------. 1 oracle oinstall     0 Dec 16 13:10 ewallet.p12.lck

 

#9 Configure the cman.ora file in $ORACLE_HOME/network/admin

Specify the private IP and a port. Other parameters are only relevant for more complex configurations.

Add the wallet_location parameter

cman_[vm].[sub].[vcn].oraclevcn.com=   
  (configuration=
    (ADDRESS_LIST=
      (ADDRESS=(PROTOCOL=tcp)(HOST=10.0.0.14)(PORT=1950))
    )
    (RULE_LIST=
      (RULE=(SRC=*)(DST=*)(SRV=*)(ACT=accept))
    )
    (parameter_list=
      (log_level=user)
      (max_connections=256)
      (idle_timeout=0)
      (inbound_connect_timeout=0)
      (session_timeout=0)
      (outbound_connect_timeout=0)
      (max_gateway_processes=8)
      (min_gateway_processes=3)
      (remote_admin=on)
      (trace_directory=/tmp)
      (trace_level=user)
      (trace_timestamp=on)
      (trace_filelen=1000)
      (trace_fileno=1)
      (max_cmctl_sessions=4)
      (event_group=init_and_term,memory_ops)
    )
  )

wallet_location =
  (SOURCE=
    (METHOD=File)
    (METHOD_DATA=
      (DIRECTORY=/u01/app/oracle/admin/wallet/atp_wallet)
    )
  )

 

#10 Start the connection manager

$ cmctl startup 
CMCTL for Linux: Version 18.0.0.0.0 - Production on 16-Dec-2018 13:35:42
Copyright (c) 1996, 2018, Oracle. All rights reserved.
Current instance ... is not yet started
Connecting to (ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=10.0.0.14)(PORT=1950)))
Starting Oracle Connection Manager instance ...
Please wait...
CMAN for Linux: Version 18.0.0.0.0 - Production
Status of the Instance
----------------------
Instance name cman...oraclevcn.com
Version CMAN for Linux: Version 18.0.0.0.0 - Production
Start date 16-Dec-2018 13:35:42
Uptime 0 days 0 hr. 0 min. 9 sec
Num of gateways started 3
Average Load level 0
Log Level USER
Trace Level USER
Instance Config file /u01/app/oracle/product/18.0.0/client_1/network/admin/cman.ora
Instance Log directory /u01/app/oracle/diag/netcman/.../alert
Instance Trace directory /u01/app/oracle/diag/netcman/.../trace
The command completed successfully.
$

 

 

#11 Test the connection to the ATP

Revise the TNS aliases to reference first the connection manager host and port:

atp_cman=
  (DESCRIPTION =
    (SOURCE_ROUTE=YES)
    (ADDRESS =
       (PROTOCOL = TCP)
       (HOST = 10.0.0.14)
       (PORT = 1950))
    (ADDRESS =
       (protocol=tcps)
       (port=1522)
       (host=adb.eu-frankfurt-1.oraclecloud.com)
    )
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (service_name=[atp service].atp.oraclecloud.com)
    )
    (security=(ssl_server_cert_dn=
        "CN=adwc.eucom-central-1.oraclecloud.com,OU=Oracle BMCS FRANKFURT,O=Oracle Corporation,L=Redwood City,ST=California,C=US"))   )
    )
  )

 

then connect from the ATP database using the new alias:

$ sqlplus user/pwd@atp_cman

SQL*Plus: Release 18.0.0.0.0 - Production on Sun Dec 16 13:47:30 2019 Version 18.3.0.0.0
Copyright (c) 1982, 2018, Oracle.  All rights reserved.
Last Successful login time: Fri Dec 16 2018 13:46:49 +00:00
Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production Version 18.4.0.0.0
SQL>

OCI: Setting up the firewall on iaas VMs

Examples of command to manage the firewall on OCI VMs.

OL6

sudo iptables -I INPUT -p tcp -m tcp --dport 3876 -j ACCEPT

sudo service iptables save

sudo service iptables restart

 

OL7

https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-ctrlfwsvc-sec.html

sudo firewall-cmd --zone=public --add-port=8000/tcp --permanent

sudo firewall-cmd --zone=public --add-port=8443/tcp --permanent

sudo firewall-cmd --add-port=5555/tcp

sudo firewall-cmd --add-port=1521/tcp --permanent

sudo firewall-cmd --add-port=1950/tcp --permanent 
sudo systemctl restart firewalld.service

 

 

EMCC: Redirection http->https

To have the unsecured login page redirected to the secured https page, proceed as follow:

#1 On each OMS server, navigate into the htdocs directory, for example:

cd /u01/app/oracle/gc/gc_inst/user_projects/domains/GCDomain/config/fmwconfig/components/OHS/instances/ohs*/htdocs

 

#2 Create there the redirection page welcome-index.html (12c) or index.html (13c) with the following content:

<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="1; url=https://xxxxx.xxx.com/em">
</head>
<body>
<center>
<img src="/images/company.png"/>
<p>
<p><font size="14"><font color="##FF0000"><font face="Calibri"><i>Redirecting</i></font></font></font></p>
</center>
</body>
</html>

Optionally include an image as above.