OCI: PSM and OCI subnet policies

To allow a subnet to be referenced from PSM, for example when provisioning a DBCS, navigate to the OCI console and:

Set the compartment context.

Navigate in Governance => Identity => Policy and create the following 4 statements

Allow service PSM to inspect vcns in compartment <compartment>
Allow service PSM to use subnets in compartment <compartment>
Allow service PSM to use vnics in compartment <compartment>
Allow service PSM to manage security-lists in compartment <compartment>

 

Reference:

https://docs.cloud.oracle.com/iaas/Content/General/Reference/PaaSprereqs.htm#prereqs

Advertisements

OCI: Ansible setup for OCI on OL6.9

Relevant document is here and here.

Not that Ansible needs Python 2.7+.

 

How to install (root)

Install should probably be along these lines on OL6.x. It is better to install in such a way that it can cohabit with multiple python versions.

yum install python27 python33 git
alternatives --install /usr/bin/python python /usr/bin/python2.7 2
alternatives --install /usr/bin/python python /usr/bin/python3.3 1
scl enable python27 bash
pip2 install oci
pip2 install ansible
git clone https://github.com/oracle/oci-ansible-modules.git
cd oci-ansible-modules
./install.py

 

Sample usage

#1 Switch to the python27 context

scl enable python2.7 bash

 

#2 Configure the file $HOME/.oci/config with a similar content

[DEFAULT]
user=ocid1.user.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxa
fingerprint=xxxxxxxxxxxxxx
key_file=~/.ssh/cloudadmin.pem
tenancy=ocid1.tenancy.oc1..axxxx 
region=eu-frankfurt-1

 

#3 Configure a sample list_buckets.yml file with a similar content:

- name : List summary of existing buckets in OCI object storage
 connection: local
 hosts: localhost
 tasks:
 - name: List bucket facts
 oci_bucket_facts:
 namespace_name: '<tenant>'
 compartment_id: 'ocid1.tenancy.oc1..xxxx'
 register: result
 - name: Dump result
 debug: 
 msg: '{{result}}'

 

#4 Execute the script

ansible-playbook list_buckets.yml

[WARNING]: Unable to parse /etc/ansible/hosts as an inventory source

[WARNING]: No inventory was parsed, only implicit localhost is available

[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [List summary of existing buckets in OCI object storage] **************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************
ok: [localhost]

TASK [List bucket facts] ***************************************************************************************************************************************
ok: [localhost]

TASK [Dump result] *********************************************************************************************************************************************
ok: [localhost] => {
 "msg": {
 "buckets": [
 {
 "compartment_id": "xxxxx", 
 "created_by": "xxxxx", 
 "defined_tags": null, 
 "etag": "xxxxx", 
 "freeform_tags": null, 
 "name": "xxx", 
 "namespace": "xxxx", 
 "time_created": "xxxx"
 }, 
 ], 
 "changed": false, 
 "failed": false
 }
}

PLAY RECAP *****************************************************************************************************************************************************
localhost : ok=3 changed=0 unreachable=0 failed=0

 

OCI: Setting up a compute VM for eBS middle tier (generic)

This note is a generic note to detail how a VM compute should be prepare to deploy eBS, irrespective of the release. Additional steps will be performed, per release.

 

#1 Provision a default image with OL6.9, with a default 50GB.

 

#2 Create the oracle:oinstall user, use this note as a guideline

 

#3 Create a 200GB block volume to host the shared appltop

 

#4 Attach the block volume to the compute instance

Execute the scsi instructions on the oci console to attach the block volume

 

#5 Extend the book disk to create the /u01 partition

fdisk /dev/sdb
mkfs.ext4 /dev/sdb1 -L oracle -m 1

 

#4 Update /etc/fstab with the following content

LABEL=oracle /ebsapp ext4 defaults 0 0

 

#5 Mount the partition

mkdir /ebsapp
mount -a
chown oracle:oinstall /ebsapp

 

#6 Create the oratab file

touch /etc/oratab
chown oracle:oinstall /etc/oratab

 

#7 Create the oraInst.loc

touch /etc/oraInst.loc
chown oracle:oinstall /etc/oraInst.loc

 

#8 Create the local oraInventory

mkdir -p /u01/app/oraInventory
chown oracle:oinstall /u01/app/oraInventory

 

#8 Edit the oraInst.loc file with the following content

inventory_loc=/u01/app/oraInventory
inst_group=oinstall

 

#9 Install the linux dependencies via yum

yum install oracle-ebs-server-R12-preinstall

 

#10 Install the extra dependencies for R12.2

yum install compat-libstdc++-33

 

#11Adjust the kernel parameters

Set the following parameters in sysctl.conf

kernel.shmmax = 2147483648 
kernel.shmmni = 4096
vm.hugetlb_shm_group = 1002 <= dba group id

And reload the parameters sysctl -p

 

 

OCI: PDB needs to import keys from source (12.1.0.2)

This note is how to handle the plug-in warning “PDB needs to import keys from source” with 12.1.0.2, after a non-CDB database has been converted as a PDB inside another CDB database located in an OCI DBsystem.

In the example below, <password1> is the key setup to the non-CDB database to be imported and <password2> is the key setup on the target CDB (identical to the sys and system passwords specified from the console).

#1 Apply the patch 23271203

For OCI 180116, the patch is p23271203_12102180116ProactiveBP_Linux-x86-64.zip

 

#2 Export the keys from the source database (non-CDB):

administer key management set keystore open identified by "<password1>";
administer key management export encryption keys with secret "<password1>"
to '/tmp/key_source.exp' identified by "<password1>";

 

#3 Recreate the wallet from the target CDB

! rm '/opt/oracle/dcs/commonstore/wallets/tde/<cdb>/cwallet.sso

administer key management set keystore close;
administer key management set keystore open identified by "<password2>";
administer key management set key identified by "<password2>" with backup;
administer key management create AUTO_LOGIN keystore from keystore 
'/opt/oracle/dcs/commonstore/wallets/tde/<cdb>' identified by "<password2>";

 

#4 Import the key from the PDB

alter session set container=<PDB>;
administer key management set keystore open identified by "<password2>";
administer key management import keys with secret "<password1>"
from '/tmp/key_prod.exp' identified by "<password2>" with backup;

 

References

MOS 1944507.1 TDE Wallet Problem in 12c: Cannot do a Set Key operation when an auto-login wallet is present
MOS 2392653.1 How to UnPlug/Plug-in PDB (TDE Enabled) in DBaaS Environment

OCI: 32bits VM provisioning for eBS 11i

eBS 11i supports only Linux 32bits on the middle tier. To deploy eBS 11i on OCI, a 32 bits custom image must be imported in the vmdk or qcow2 format.

OL5 images can be found as appliance from edelivery, but their format looks not compatible with OPC, VMware 12.x or VirtualBox 5.1. The solution is to create a custom image using virtual box:

 

#1 Download from edelivery Oracle Linux 5 Update 11 iso image

This is V47134-01.iso

 

#2 From VirtualBox, create a new VM using the iso image

 

#3 Export this VM in the OVF 2.0 format.

Give it a name, for example OL5u11.ova

 

#4 Move this appliance on Linux

 

#5 On this linux box, install the qemu-kvm utility

yum install qemu-kvm -y

 

#6 Unzip the appliance file and run the tar command

tar xvf OL5u11.ova
OL5u11-disk001.vmdk
OL5u11.mf
OL5u11.ovf

 

#7 Convert the disk file into the qcow2 format

qemu-img convert -O qcow2 OL5u11-disk001.vmdk OL5u11.qcow2

 

#8 Using Cyberduck, upload the OL5u11.qcow2 file into an object storage bucket on OCI.

 

#9 Import the custom image by referencing the image file from the object storage, for example:

https://objectstorage.eu-frankfurt--1.oraclecloud.com/n/<namespace>/b/EBS/o/OL5u11.qcow2

Give it a name, for example OL5_32bits. The import should last 1 hours

 

#10 Provision a compute with the OL5 custom image.

 

 

OCI(-c): Deploying EMCC 13cR2 and 13cR3 on DBcs 12.2 and 18.2 Extreme Performance

This note is about deploying EMCC 13cR2 or 13cR3 on either OCI or OCI Classic with the database running on DBcs 12.2 or 18.2 Extreme Edition

Due to some improper validation being executed, the solution for this topology is first to install the software, apply a quickfix to support EE, then configure the OMS.

 

Database setup

#1 Provision the DBcs or dbsystem

Provision an emccdb DBcs with an emcc PDB running 12.2 or 18.2 with 2 OCPU/15GB, 100GB data.

 

#2 Setup the access rules to allow the compute hosting the OMS to connect to the database.

On OCI-c, create an IP security list for example emccdb_listener_client 10.29.0.0/16 (when 10.29.0.0 would be the private subnet)

On OCI-c, create a security rules to allow dblister access between the IP security list emccdb_listener_client and the security_list emccdb/db01/ora_db

On OCI, create an ingress rules to allow all traffic from 10.0.0.0/23

 

#3 Setup the PDB

Setup the PDB with the following parameters

ALTER SESSION SET CONTAINER=emcc;
ALTER SYSTEM SET "_allow_insert_with_update_check"=TRUE SCOPE=BOTH;
ALTER SYSTEM SET session_cached_cursors=500 SCOPE=SPFILE; 
ALTER PROFILE DEFAULT LIMIT password_verify_function null;
SHUTDOWN IMMEDIATE;
STARTUP;

OMS setup

#1 OMS provisioning

Provision a compute with 2 OCPUs, 15GB memory, and 100GB disk space

 

#2 Setup the oracle UNIX user

Create the oracle user. Use this note as a guideline.

Copy the private key to the oracle user to allow ssh directly to ssh.

 

#3 Increase system parameters

Set the following parameter

On Classic and OL6.9, in /etc/security/limits.conf
oracle soft nofile 1024
oracle hard nofile 65536

On OCI and OL75 in /etc/security/limits.d/30-nofile.conf
oracle soft nofile 1024
oracle hard nofile 65536

 

#4 Prepare the product home directories

mkdir -p /u01/app/oracle/product/gc133
mkdir -p /u01/app/oracle/product/emagent
mkdir -p /u01/app/oracle/product/library 
mkdir -p /u01/app/oracle/product/gc_bip/config 
mkdir -p /u01/app/oracle/product/gc_bip/cluster
mkdir -p /u01/app/oraInventory 
chown -R oracle:oinstall /u01/app/oracle
chown -R oracle:oinstall /u01/app/oraInventory

Note that if the purpose is to deploy EMCC in HA mode, at this point, a shared directory may have to be setup for the library and BI Publisher

 

#5 Create the file /etc/oraInst.loc

Create the file /etc/oraInst.loc with the following content, owned by oracle:oinstall

inventory_loc=/u01/app/oraInventory
inst_group=oinstall

 

#6 Download em13cR3

Download the emcc 13cR3 software. Use this note as a guideline.

 

#7 Install the system prereq

Classic OL6.9:
yum install make binutils gcc libaio glibc-common libstdc++ libXtst sysstat glibc-devel.i686 glibc-devel glibc

Classic OL7.4:
sudo yum install make binutils gcc libaio glibc-common libstdc++ sysstat glibc-devel.i686 glibc-devel libXtst xdpyinfo wget xorg-x11-xauth

OCI OL7.5: sudo yum install gcc glibc-devel glibc-devel.i686

 

#8 Generate the response file to prepare for a silent install

ssh -X oracle@<opchost>
chmod +x em13300_linux64.bin
./em13300_linux64.bin -getResponseFileTemplates -outputLoc /home/oracle

 

#9 Configure the installation file

Edit the file software_only.rsp

 

#10 Run the installer in silent mode

./em13300_linux64.bin -silent -responseFile /home/oracle/software_only.rsp

 

#11 Change the prereq checking files

Edit the file /u01/app/oracle/product/gcXXX/install/requisites/properties/stopPrereqOnDemand.properties and make sure that the following property is set to TRUE

id_check_db_is_enterprise_edition=TRUE

If install in interactive, the same would be achieved by downloading the following file for EMCC 13.2: p25679612_132000_Generic.zip

 

#12 Run the configuration assistant

/u01/app/oracle/product/gc132/sysman/install/ConfigureGC.sh

 

At this point, if getting any issue with the DISPLAY settings, check out this note.

 

OCI: Provisioning an eBS edelivery template as a custom image

To provision an eBS appliance, configured as a custom image, on the Oracle Cloud Infrastructure (OCI):

#1 Download the virtual appliance from edelivery, for example the Spare OS-only Virtual Appliance , available in the V46057.1.zip file

#2 Convert the appliance from the .ova format to the vdmk format

VMWare Workstation can be used to import the appliance, that it will convert automatically into the .vmdk format. Note that the .ova filesize is 720MB and the .vmdk file size is 2GB. This convert should take 5 minutes.

#3 From the OCI console, create a bucket ‘EBS’ in the Object Storage.

#4 Using Cyberduck, upload the 2GB file Oracle-E-Business-Suite-OS-12.1.3-disk1.vmdk into the EBS bucket.

#5 Import the custom image by referencing the image file from the object storage, for example:

https://objectstorage.eu-frankfurt--1.oraclecloud.com/n/<namespace>/b/EBS/o/Oracle-E-Business-Suite-OS-12.1.3-disk1.vmdk

Give it a name, for example ebs1213. The import should last 2-3 hours.

#6 Provision a new image by using the newly created ebs1213 custom image

#7 Login to the image as oracle/oracle then su – root to change its password.