Disclaimer

Saturday, 17 July 2021

Users, Group and Kernel Configuration for Oracle Database

 

Configure Oracle Linux for Oracle Database 12c

This article will show how to configure Oracle Linux 7 for Oracle Database 12c:

  • System and Kernel parameters
  • Users and Groups for Job Role Separation
  • Directories

Users and Groups

For Job Role Separation, groups and users will be created as follow :

DescriptionOS Group NameOS Users AssignedOracle PrivilegeOracle Group Name
Oracle Inventory/Software Group (mandatory)oinstallgrid, oracle  
Database Administrator (mandatory)dbaoracleSYSDBAOSDBA
Database OperatoroperoracleSYSOPEROSOPER
ASM Administration GroupasmadmingridSYSASMOSASM
ASM Database Administrator Groupasmdbagrid, oracleSYSDBA for ASMOSDBA for ASM
ASM Operator GroupasmopergridSYSOPER for ASMOSOPER for ASM
RMAN Management GroupbackupdbaoracleSYSBACKUPOSBACKUPDBA
Data Guard Management GroupdgdbaoracleSYSDGOSDGDBA
Encryption Key Management GroupkmdbaoracleSYSKMOSKMDBA
RAC Management Group (from 12.2)racdbaoracleSYSRACOSRACDBA

Groups

Create groups with the following commands as root:

# Oracle inventory/software group
[root]$ groupadd -g 54321 oinstall
# Full admin database management group (mandatory)
[root]$ groupadd -g 54322 dba
# Operator database management group (subset of full admin privilege)
[root]$ groupadd -g 54323 oper
 
# RMAN management group
[root]$ groupadd -g 54324 backupdba
# DataGuard management group
[root]$ groupadd -g 54325 dgdba
# Encryption key management group
[root]$ groupadd -g 54326 kmdba
 
# ASM management groups
[root]$ groupadd -g 54327 asmdba
[root]$ groupadd -g 54328 asmoper
[root]$ groupadd -g 54329 asmadmin
 
# RAC management (available from 12.2.0)
groupadd -g 54330 racdba

Users

Create oracle users with the following commands as root:

# Oracle user (mandatory)
[root]$ useradd -u 54321 -g oinstall -s /bin/bash -c "Oracle Software Owner" oracle
[root]$ usermod -aG oinstall,dba,oper,asmdba,backupdba,dgdba,kmdba,racdba oracle
[root]$ passwd oracle

Create grid users with the following commands as root:

# Grid user
[root]$ useradd -u 54322 -g oinstall -s /bin/bash -c "Grid Infrastructure Owner" grid
[root]$ usermod -aG oinstall,asmdba,asmadmin,asmoper grid
[root]$ passwd grid

Users Profiles

For both oracle and grid users, do the following:

0- Connect to the user with su

# For example, connect to oracle
[root]$ su - oracle

1- Add the following code to ~/.bash_profile if use bash or ~/.profile if use ksh as shell login

# Load oracle_profile
if [ -f ~/ora_profile ]; then
. ~/ora_profile
fi

2- Then create ~/ora_profile file as follow:


view source
print?
01.# ora_profile
02.umask 022
03. 
04.# Keyboard
05.set -o vi
06.stty erase ^?
07.if [ -t 0 ]; then
08.stty intr ^C
09.fi
10. 
11.# UNIX Prompt
12.export PS1='[\u@\h:\w (${ORACLE_SID:-"NoSID"})]$ '
13. 
14.ORAENVDIR="$HOME/bin"
15.SQLCMD="sql"
16.ORAENVCMD="oraenv2"
17.[[ "x$(which $ORAENVCMD 2>/dev/null)" == "x" ]] && ORAENVCMD="oraenv"
18. 
19.# Command aliases
20.alias ls="ls -FA"
21.alias ll='ls -FAl --color=tty'
22.alias mv='mv -i'
23.alias rm='rm -i'
24. 
25.# Oracle directories aliases
26.alias cdoh='cd $ORACLE_HOME'
27.alias cdtns='cd $ORACLE_HOME/network/admin'
28.alias cdadm='cd $ORACLE_BASE/admin/$ORACLE_SID'
29. 
30.# Oracle command aliases
31.alias sq='$SQLCMD / as sysoper'
32.alias sqdba='$SQLCMD / as sysdba'
33.alias osid='echo $ORACLE_SID'
34.alias oenv='. $ORAENVCMD'
35. 
36.alias crsstat='crsctl status resource -t'
37.alias sqasm='$SQLCMD / as sysasm'
38. 
39.# Oracle Settings
40.export TMP=/tmp
41.export TMPDIR=$TMP
42. 
43.export EDITOR=vi
44.#export SQLPATH=/u01/app/common/oracle/sql
45.export THREADS_FLAG=native;
46. 
47.export NLS_LANG='American_America.UTF8'
48.export NLS_DATE_FORMAT="DD/MM/YYYY HH24:MI:SS"
49. 
50.export ORACLE_TERM=xterm
51.export ORACLE_HOSTNAME=oralab01.uxora.com
52.#export ORACLE_UNQNAME=ORALAB
53. 
54.export BASE_PATH=/usr/sbin:$PATH
55. 
56.export GRID_SID=+ASM1
57.export GRID_BASE=/u01/app/grid
58.export GRID_HOME=/u01/app/12.2.0/grid
59. 
60.export DB_SID=UXOCDB1
61.export DB_BASE=/u01/app/oracle
62.export DB_HOME=$DB_BASE/product/12.2.0/db_1
63. 
64.export OMS_SID=UXOCDB1
65.export OMS_BASE=/u01/app/oracle
66.export OMS_HOME=$DB_BASE/product/middleware/oms
67. 
68.[[ ! -e $ORAENVDIR ]] && mkdir -p $ORAENVDIR
69. 
70.# Create env files and aliases (dbenv,gridenv,...)
71.for iType in DB GRID OMS; do
72.vTypel=$( echo ${iType} | tr "[:upper:]" "[:lower:]" )
73.vFile="$ORAENVDIR/oraenv_${vTypel}"
74.if [[ ! -e $vFile ]]; then
75.cat >> $vFile <<-_EOF_
76.export ORACLE_SID=\$${iType}_SID
77.export ORACLE_BASE=\$${iType}_BASE
78.export ORACLE_HOME=\$${iType}_HOME
79. 
80.export LD_LIBRARY_PATH=\$ORACLE_HOME/lib:/lib:/usr/lib
81.export CLASSPATH=\$ORACLE_HOME/JRE:\$ORACLE_HOME/jlib:\$ORACLE_HOME/rdbms/jlib:\$ORACLE_HOME/network/jlib
82. 
83.export PATH=\$ORACLE_HOME/bin:\$BASE_PATH
84. 
85.export TNS_ADMIN=\$ORACLE_HOME/network/admin
86.export ORA_NLS11=\$ORACLE_HOME/nls/data
87._EOF_
88.fi
89.eval alias ${vTypel}env=\'. ${vFile}\'
90.done
91. 
92.if [[ "$USER" == "oracle" ]]; then
93.. $ORAENVDIR/oraenv_db
94.elif [[ "$USER" == "grid" ]]; then
95.. $ORAENVDIR/oraenv_grid
96.fi


3- Reconnect to the user to reload the profile.
Now to change environement, you can use :

  • gridenv alias to load grid db environement
  • dbenv alias to load default oracle db environement
  • oenv for other oracle db environement

Directories

Mountpoint (/u01)

It is optional but recommended to create a mountpoint with a dedicated filesystem to store oracle software binaries for several reasons:

  • to not fill up root filesystem
  • to increase this specific filesystem only if needed
  • to be able to move disk and filesystems to an other server

Execute theses commands as root for a new sdb disk:

Expand/Collapse

# Create partition on the new disk
[root]$ fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
 
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
 
Command (m for help):n
Partition type:
p   primary (1 primary, 0 extended, 3 free)
e   extended
Select (default p): p
First cylinder (1-6, default 1): 1
Last cylinder or +size or +sizeM or +sizeK (1-6, default 6): 6
 
Command (m for help): w
The partition table has been altered!
 
Calling ioctl() to re-read partition table.
Syncing disks.
 
# Check new created partition
[root]$ fdisk -l /dev/sdb
Disk /dev/sdb: 6442 MB, 6442450944 bytes, 12582912 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x23f11588
 
Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    12582911     6290432   83  Linux
 
# Create filesystem
[root]$ mkfs -t xfs /dev/sdb1
meta-data=/dev/sdb1              isize=256    agcount=4, agsize=131008 blks
=                       sectsz=512   attr=2, projid32bit=1
=                       crc=0
data     =                       bsize=4096   blocks=1572608, imaxpct=25
=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=2560, version=2
=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
 
# Create mountpoint
[root]$ mkdir /u01
 
# Mount mountpoint
[root]$ printf "\n/dev/sdb1\t/u01\txfs\tdefaults\t1 2\n" >> /etc/fstab
[root]$ mount /u01
[root]$ df -m | grep /u01
/dev/sdb1                6133   4049      2085  67% /u01
 
# Change permissions
[root]$ chown root.oinstall /u01
[root]$ chmod 775 /u01

Oracle software directories

# Create Oracle base directory
[root]$ mkdir -p /u01/app/oracle
[root]$ chown oracle:oinstall /u01/app/oracle
[root]$ chmod 775 /u01/app/oracle
 
# Create Oracle Inventory directory
[root]$ mkdir -p /u01/app/oraInventory
[root]$ chown oracle:oinstall /u01/app/oraInventory
[root]$ chmod 775 /u01/app/oraInventory
 
# Create Grid Infrastructure directories
[root]$ mkdir -p /u01/app/grid
[root]$ mkdir -p /u01/app/12.2.0/grid
[root]$ chown grid:oinstall /u01/app/grid /u01/app/12.2.0/grid
[root]$ chmod 775 /u01/app/grid /u01/app/12.2.0/grid

Oracle inventory file

If not already exist, create /etc/oraInst.loc file:

# Create oraInst.loc
[root]$ cat /etc/oraInst.loc <<EOF
inventory_loc=/u01/app/oraInventory
inst_group=oinstall
EOF
 
[root]$ chown oracle:oinstall /etc/oraInst.loc
[root]$ chmod 664 /etc/oraInst.loc

System:-

Kernel

If not already present, add the following lines to:

  • Either /etc/sysctl.d/99-oracle_db-sysctl.conf
  • Or /etc/sysctl.conf
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.panic_on_oops = 1
kernel.sem = 250 32000 100 128
kernel.shmall = 1073741824
kernel.shmmax = 4398046511104
kernel.shmmni = 4096
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.default.rp_filter = 2
net.ipv4.ip_local_port_range = 9000 65500

Reload kernel parameters with the following command:

# Reload kernel parameters
[root]$ sysctl -p

Shell Limits

If not already present, add the following lines to:

  • Either /etc/security/limits.d/oracle_users_limits.conf
  • Or /etc/security/limits.conf
# set oracle user limits
oracle   soft   nofile   1024
oracle   hard   nofile   65536
oracle   soft   nproc    16384
oracle   hard   nproc    16384
oracle   soft   stack    10240
oracle   hard   stack    32768
oracle   hard   memlock  134217728
oracle   soft   memlock  134217728
 
# set grid user limits
grid   soft   nofile   1024
grid   hard   nofile   65536
grid   soft   nproc    16384
grid   hard   nproc    16384
grid   soft   stack    10240
grid   hard   stack    32768
grid   hard   memlock  134217728
grid   soft   memlock  134217728

If not already present, add the following lines to:

  • /etc/pam.d/login file
session required pam_limits.so

User limits

Make sure oracle user's default shell is Bourne, Bash, or Korn shell.

[root]$ grep -e "oracle" -e "grid" /etc/passwd
oracle:x:54321:54321::/home/oracle:/bin/bash
grid:x:54322:54321::/home/grid:/bin/bash

Then add the following lines to the end of /etc/profile file:

if [ $USER = "oracle" ] || [ $USER = "grid" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi

Disable SELinux

Edit /etc/selinux/config config file and set SELINUX to "disabled" or "permissive":

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

And execute the following commands as root to immediately disable SELinux:

# Disable SELinux
[root]$ /usr/sbin/setenforce 0
 
# Check current SELinux configuration
[root]$ /usr/sbin/getenforce
Permissive

Services

# Disable system auto-update
[root]$ systemctl stop packagekit
[root]$ systemctl disable packagekit
 
# Disable firewall
[root]$ systemctl stop firewalld
[root]$ systemctl disable firewalld
 
# Disable avahi-daemon
[root]$ systemctl stop avahi-daemon
[root]$ systemctl disable avahi-daemon
 
# Enable chrony (ntp)
[root]$ systemctl start chronyd
[root]$ systemctl enable chronyd

Packages

Install prerequisite packages manually or automaticaly with the special oracle preinstall package

# Automatic oracle packages prerequisite install
[root]$ yum -y install oracle-database-server-12cR2-preinstall
 
# Manually oracle packages prerequisite install
[root]$ yum install -y binutils
[root]$ yum install -y compat-libcap1
[root]$ yum install -y compat-libstdc++-33 compat-libstdc++-33.i686
[root]$ yum install -y glibc glibc.i686
[root]$ yum install -y glibc-devel glibc-devel.i686
[root]$ yum install -y ksh
[root]$ yum install -y libaio libaio.i686
[root]$ yum install -y libaio-devel libaio-devel.i686
[root]$ yum install -y libX11 libX11.i686
[root]$ yum install -y libXau libXau.i686
[root]$ yum install -y libXi libXi.i686
[root]$ yum install -y libXtst libXtst.i686
[root]$ yum install -y libgcc libgcc.i686
[root]$ yum install -y libstdc++ libstdc++.i686
[root]$ yum install -y libstdc++-devel libstdc++-devel.i686
[root]$ yum install -y libxcb libxcb.i686
[root]$ yum install -y make
[root]$ yum install -y nfs-utils
[root]$ yum install -y net-tools
[root]$ yum install -y smartmontools
[root]$ yum install -y sysstat



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How to recovery PDB when PDB database is dropped in Oracle

  How to recovery PDB when PDB database is dropped :) [oracle@rac01 ~]$ sqlplus '/as sysdba' SQL*Plus: Release 21.0.0.0.0 - Product...