Tuesday, 16 January 2018

Step 10 - Oracle DBCS : Create Additional OS Users On Oracle Cloud Compute Node

When a Oracle Database Cloud deployment is created, it creates following 3 OS users:
  1. opc: This user is authorized to login to compute and execute root commands. It can use sudo -s command to switch to root.
  2. root: This user is not authorized to login to the compute node. To perform operations that requires root user access, connect to the compute node as opc user and use the sudo command.
  3. oracle: This user is authorized to login to the compute node and execute user level commands but not root commands.
If you want you can create additional operating system users to login to the compute node. The new user can perform OS standard operations, such as Install, configuring and running applications. You can provide sudo access to this user to execute sudo commands.



In this article we will demonstrate how to create additions OS users and grant the sudo permissions to execute sudo commands.



Steps to create additional OS users on Oracle Cloud Compute Node

Open PuTTY session on your desktop and enter Compute Node IP address


  • On the left pane, expand "SSH" and select "Auth". On the right pane, click on "Browse" button. Select the Private Key that matches the Public Key for your Deployment. Click "Open"


  • Enter login as "opc". This will connect you to the compute node without password. Switch to root by executing "sudo -s" command. Confirm that you are switched to root by executing "id" command.


  • Use the "useradd" command to create new user. Here we are creating a new OS user by name "nsmuser"


  • Now create the ".ssh" directory and "authorized_keys" file as shown below.


  • Copy the SSH Public key value from your desktop


  • Paste the SSH public key value to the "authorized_key" file. Save and exit the file


  • Verify the file is created and the contents of the file


  • Add the new user to the allowed users list under "sshd_config" file. Open the "sshd_config" file


  • Add the new user "nsmuser" to the the "Allowusers" line as show below. Save and exit the file


  • Verify the file is modified


  • Change the ownership and permissions of ".ssh" directory as show below. Restart the sshd daemon so the changes made to "sshd_config" can take affect.


  • Add the new user "nsmuser" to the "sudoers" file allow root access. Open the "sudoers" file as shown below


  • Add the line to the sudoers file as shown below


  • Verify that the new user is added to the sudoers file


  • Login to the Compute node using new user created above. Open PuTTY session and enter the Compute Node IP address, select the private key that matches the Public Key for your Deployment


  • Login as "nsmuser". Execute "sudo -s" to switch to root user



Conclusion


In this article we have learned about cloud database deployment OS users, how to create additional OS user and grant sudoers permissions to execute sudo commands.

Monday, 15 January 2018

Step 9 - Oracle DBCS : Manage Network Security

Network access to the Compute Node associated with Oracle Database Cloud Service is primarily provided by SSH connections on port 22. By default SSH port 22 is opened to allow access to the tools, utilities and other resources on the Compute Node associated with the Oracle Database Cloud Services. You can use SSH client software such as PuTTY on Windows to establish a secure connection and log in as "opc" or "oracle" user.

To access network protocols and services on a compute node by using a port other than port 22, require additional configuration:
  • Enable network access to the port: Use the Oracle Database Cloud Service console to enable access to a port on a compute node.
  • Create an SSH tunnel to the port: Create SSH tunnel enables you to access a specific compute node port by using an SSH connection as the transport mechanism.

To provide network access to the compute node, the following Oracle Compute Cloud Service networking resources are created:
  • A permanent IP reservation named ipreservation is created and associated with the Compute Cloud Service instance (VM).
  • A security list named ora_db is created and associated with the compute node. 
  • The following security applications (port specifications) are created so that they can be used in security rules to enable access to specific ports on the compute node:
    • ora_dbconsole provides TCP access using port 1158
    • ora_dbexpress provides TCP access using port 5500
    • ora_dblistener provides TCP access using the listener port that you specified when you created the database deployment (default 1521)
    • ora_http provides TCP access using port 80
    • ora_httpssl provides TCP access using port 443
  • The following rules are created when a database deployment is created. They are set to disabled by default:
    • ora_p2_ssh: Controls access to port 22 and this port is used by SSH client to connect to the compute node. 
    • ora_p2_dbconsole: Controls access to port 1158 and this port is used by Enterprise Manager 11g Database Control.
    • ora_p2_dbexpress: Controls access to port 5500 and this port is used by Enterprise Manager Database Express 12c.
    • ora_p2_dblistener: Controls access to port 1521 and this port is used by SQL*Net.
    • ora_p2_http: Controls access to port 80 and this port is used for HTTP connections.
    • ora_p2_httpssl: Controls access to port 443 and this port is used for HTTPS connections, including Oracle REST Data Services (ORDS), Oracle Application Express (APEX), and Oracle DBaaS Monitor.

Oracle Database Cloud Service uses access rules to provide secure network access to database deployments. You can use the Oracle Database Cloud Service console to perform network access operations such as enabling and disabling access rules and creating new access rules. 

You can create an access rule to enable ports not associated with a predefined rule, or to restrict access to ports to only permit connections from specific IP addresses. The security list is used in security rules to enable access to specific security applications (port specifications) on the compute node.

In this article we will demonstrate how to create custom Security List and Rules to enable access to specific security applications (VNC application and port range 5901 - 5905) on the compute node.

  • Open a web browser and enter the URL you received in the Welcome email to login to Oracle Cloud Account

https://myservices-xxxxx-xxxxxxxxxxef4b21bb7ee3b2cf4123d1.console.oraclecloud.com/mycloud/faces/dashboard.jspx

  • Enter your username and password

  • On the home page, Click "Menu" under "Compute Classic" Cloud Service as shown below

  • Click "Open Service Console"

  • Click on "Network"

  • Expand "Shared Network"

  • Click "Security Applications" and then "Create Security Application"

  • Enter a Security Application Name, Port Type, Port Range Start, Port Range End and a Description and click Create. In our scenario we are enabling access to VNC application on the ports between 5901 and 5905

  • Make sure the Security Application is created by searching it

  • Click "Security Lists" and then "Create Security List"

  • Enter Security List Name and leave Inbound Policy and Outbound Policy to DEFAULT value and click Create

  • Make sure the Security List is created by searching it

  • Click "Security Rules" and then "Create Security Rule"

  • Enter the details as show below:
Name: Any desired meaningful name
Status: Enabled to enable the rule
Security Application: we create above
Source: Security IP List -> public-internet
Destination: select security list created above from drop down 
Click Create

  • Make sure the Security Rule is created by searching it


  • Click "Instances"

  • Select your Instance and scroll down

  • Click "Add Security List"

  • Select "Security List" create above from the drop down list

  • Make sure the Security List added to your Instance

  • Open VNC on your desktop/Laptop and enter the IP address of your Database Deployment

  • Enter VNC password used at the time of starting VNC server software on the compute node

  • Enter Oracle user password to connect to the Compute node

  • We are now connected to the compute node using VNC




Conclusion

In this article we have learned how to create custom Security List and Rules to enable access to specific security applications (VNC application and port range 5901 - to 5905) on the compute node. Oracle Compute Cloud Service networking create resources to provide network access to the compute node.


Thursday, 11 January 2018

Oracle Exadata Deployment Assistance (oedacli) Command Line Interface

Starting with Oracle ESS version 18c and OEDA August 2017 release Oracle introduced a new feature OEDA command-line (oedacli). The new OEDA command line interface allows you to update an existing es.xml file. These updates are called Actions and an action is a single atomic task. 


OEDA command-line interface (oedacli) can help you with various Exadata life cycle management tasks, such as:

  • Add node to or remove node from a Virtual Cluster on Exadata
  • Add database home to or remove database home from physical cluster
  • Add or remove Storage cell
  • Resize Oracle ASM disk groups
  • Add or remove additional Databases
  • Add or remove additional database homes to an Oracle VM cluster

Software requirement:

  • OEDA, August 2017 release

You can operate oedacli in 2 mode:

  • Edit mode
  • Deploy mode

Using OEDACLI utility
oedacli utility can be used for various routine tasks on Exadata Database Machine.


Prerequisites

  • OEDA August 2017 release or later
  • Original OEDA configuration XML file used for deployment
  • Use default password for root, oracle and grid users on the compute nodes in cluster


To start the oedacli navigate to the directoy containing the oeda software.
# cd /u01/app/oracle/software/oeda
# unzip p26964044_181000_Linux-x86-64.zip
# cd linux-64
# ./oedacli





For more details read the OEDA Command-Line interface at:
http://docs.oracle.com/cd/E80920_01/DBMIN/exadata-deployment-assistant.htm#DBMIN-GUID-CCACB268-C707-4897-8C1C-0F3568FA456C

  • To Load an original OEDA xml Configuration file 

[root@dm01db01 linux-x64]# ./oedacli


oedacli> LOAD FILE name=/u01/app/oracle/software/oeda/Netsoftmate-dm01.xml

 SUCCESS - file loaded OK
 Customer : Netsoftamte - QED -QA -IND


  • To List xmlactions

oedacli> list xmlactions
 There are no actions in this XML file

  • To Display help using oedacli

[root@dm01db01 linux-x64]# ./oedacli
oedacli> help
 HELP [topic]
   Available Objects:
 ACFSVOLUME
        ADD ACFSVOLUME
        ALTER ACFSVOLUME
        DELETE ACFSVOLUME
        LIST ACFSVOLUMES
 CELL
        CLONE CELL
        DELETE CELL
        LIST CELLS
 CLUSTER
        ALTER CLUSTER
        UPGRADE CLUSTER
        LIST CLUSTERS
 DISKGROUP
        ADD DISKGROUP
        ALTER DISKGROUP
        ALTER DISKGROUPS
        DELETE DISKGROUP
        LIST DISKGROUPS
 DATABASE
        ADD DATABASE
        ALTER DATABASE
        DELETE DATABASE
        LIST DATABASES
 DATABASEHOME
        ADD DATABASEHOME
        ALTER DATABASEHOME
        CLONE DATABASEHOME
        DELETE DATABASEHOME
        LIST DATABASEHOMES
 DOM0
        LIST DOM0S
 ES
        ALTER ES
 GUEST
        CLONE GUEST
        DELETE GUEST
        LIST GUESTS
 ILOM
        ALTER ILOM
        LIST ILOMS
 MACHINE
        ALTER MACHINE
        LIST MACHINES
 NETWORK
        ADD NETWORK
        ALTER NETWORK
        DELETE NETWORK
        LIST NETWORKS
 SCAN
        ADD SCAN
        ALTER SCAN
        DELETE SCAN
        LIST SCANS
 SWITCH
        ALTER SWITCH
        LIST SWITCHES
 VIP
        ADD VIP
        ALTER VIP
        DELETE VIP
        LIST VIPS
 CLI COMMANDS
        LOAD FILE
        SAVE FILE
        SAVE FILES
        DELETE XMLACTION
        LIST XMLACTIONS
        SAVE ACTION
        MERGE ACTIONS
        DEPLOY ACTIONS


  • To Display help add database

oedacli> help add database
 Usage:
 ADD DATABASE
  BLOCKSIZE = <blocksize> |
  CHARSET = <characterset> |
  DATADG = <datadg> |
  DBLANG = <dblang> |
  DBNAME = <dbname> |
  DBTEMPLATE = <dbtemplate> |
  DBTYPE = <dbtype> |
  HOSTNAMES = <hostnames> |
  RECODG = <recodg>
 WHERE
  DBHOMEID = <databasehomeid> |
  CLUSTERNUMBER = <clusternumber> DBHOMELOC = <databasehomelocation> |
  CLUSTERNAME = <clustername>  DBHOMELOC = <databasehomelocation> |
  CLUSTERID = <clusterid>  DBHOMELOC = <databasehomelocation> |
  CLUSTERNUMBER = <clusternumber> CDBNAME = <containerdbname>
  CLUSTERNAME = <clusternumber> CDBNAME = <containerdbname>
  CLUSTERID = <clusternumber> CDBNAME = <containerdbname>


 Purpose:

   Adds a database or a CDB or a PDB to an existing CDB
 Arguments:
   <blocksize>    :  Default: 8192,  not required for PDB
   <characterset> :  Default: AL32UTF8,  not required for PDB
   <datadg>       : *The DATA diskgroup, not required for PDB
   <dblang>       :  Default: all_langs, not required for PDB
   <dbname>       : *Database name
   <dbtemplate>   :  Default: ADMIN, otherwise ADMIN or DW, not required for PDB
   <dbtype>       :  Default: normal DB, otherwise CDB or PDB
   <hostnames>    :  Default:  list of nodes from db home
   <recodg>       : *The RECO diskgroup, not required for PDB
 Where:
   <databasehomeid>       : The es id for the databasehome
   <clusternumber>        : The cluster number in the es xml, starting at 1
   <clustername>          : The name of the cluster
   <clusterid>            : The es xml id of the cluster
   <databasehomelocation> : The path for the target database home
   <containerdbname>      : The database name for the container - only  required when DBTYPE is PDB
 Comments: * indicates a mandatory parameter

  • To Display help add ASM Diskgroup

oedacli> help add diskgroup
 Usage:
 ADD DISKGROUP
   ACFSNAME = <acfsname>
   ACFSPATH = <acfspath>
   ACFSSIZE = <acfssize>
   CELLLIST = '<cellist>'
  *DISKGROUPNAME = <diskgroupname>
  *DISKGROUPSIZE = <diskgroupsize>
   OCRVOTE = <ocrvote>
   QUORUMDISK = <quorumdisk>
  *REDUNDANCY = <redundancy>
  *SLICESIZE = <slicesize>
   SPARSE = <sparse>
   SPARSEVIRTUALSIZE = <sparsevirtualsize>
   TYPE = <diskgrouptype>
   [DATABASENAME = <databasename>]
 WHERE
  CLUSTERNAME = <clustername> |
  CLUSTERNUMBER = <clusternumber> |
  CLUSTERID = <clusterid>


 Purpose:

   Adds a diskgroup
 Arguments:
   <acfsname>          : The name of the acfs volume on this diskgroup
   <acfspath>          : The path for the acfs filesystem
   <acfssize>          : The size of the acfs volume
   <cellist>           : A comma separated list of cells for this diskgroup, the list enclosed in '
   <diskgroupname>     : The new name for the diskgroup
   <ocrvote>           : true if this diskgroup will host the ocrvote for clusterwear
   <quorumdisk>        : true if this diskgroup will require quorum
   <redundancy>        : Redundancy for this diskgroup : NORMAL or HIGH
   <diskgroupsize>     : The size of the diskgroup, specify in G or T. Only slice or diskgroup size, not both
   <slicesize>         : The slice size on disk for each griddisk for this diskgroup
   <sparse>            : true if this diskgroup  has sparse enabled
   <sparsevirtualsize> : The sparsevirtual size
   <type>              : Diskgroup type, DATA, RECO, DBFS or OTHER, default is other. If you want the database to be built using this diskgrouptype must be set to DATA or RECO
   <databasename>      : If type is DATA or RECO, the dbname of the target database
 Where:
   <clusternumber> : The cluster number in the es xml, starting at 1
   <clustername>   : The name of the cluster
   <clusterid>     : The es xml id of the cluster
 Comments: * indicates a mandatory field
oedacli>


Conclusion:



In this article we have learned about new OEDA command-line (oedacli) utility. The new OEDA command line interface to update an existing es.xml file. These updates are called Actions and an action is a single atomic task. 


Comparing Oracle Database Appliance X8-2 Model Family

September 2019 Oracle announced Oracle Database Appliance X8-2 (Small, Medium and HA). ODA X8-2 comes with more computing resources com...