Professional Documents
Culture Documents
su vi /etc/sysconfig/vncservers
Enter these lines:
VNCSERVERS="1:root"
VNCSERVERARGS[1]="-geometry 1366x768"
su - root
# vncpasswd
Password:
Verify:
su - root
chkconfig vncserver on
service vncserver start
6. Change the run-level in /etc/inittab file
su vi /etc/inittab
from
id:3:initdefault:
to
id:5:initdefault:
7. Configure Firewall if it is enabled:
su - root
nano /etc/sysconfig/iptables
Add this line:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
su - root
/sbin/service iptables restart
8. Reboot
9. Configure vnc and firewall for other users e.g. while connected via vnc to ro
ot, unlock oracle user and enable vnc for oracle user:
su vi /etc/sysconfig/vncservers
Adjust these lines:
VNCSERVERS="1:root 2:oracle"
VNCSERVERARGS[1]="-geometry 1366x768"
VNCSERVERARGS[2]="-geometry 1366x768"
su - oracle
$ vncpasswd
Password:
Verify:
su - root
nano /etc/sysconfig/iptables
Add this line:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5902 -j ACCEPT
su - root
/sbin/service iptables restart
10. Perform other configurations as described in the other sections of this docu
ment.
Swap Space
++++++++++++
Swap space is determined by the amount of RAM found within the system. The follo
wing
table displays the swap space recommendation.
RAM Swap Space
----------------Between 1 GB and 2 GB
2 GB up to 16 GB
Greater than 16 GB
nproc
1024
to
* - nproc 16384
Configuring SecurityEnhanced Linux (SELinux)
+++++++++++++++++++++++++++++++++++++++++++++++++++
SELinux is an implementation of a mandatory access control (MAC) mechanism devel
oped
by the National Security Agency (NSA). The purpose of SELinux is to apply rules
on files and processes based on defined policies. When policies are appropriatel
y defined, a system running SELinux enhances application security by determining
if an action from a particular process should be granted thus protecting agains
t vulnerabilities within a system.
The implementation of Red Hat Enterprise Linux 6 enables SELinux by default and
appropriately sets it to the default setting of ENFORCING . It is highly recomme
nded that SELinux be kept in ENFORCING mode when running Oracle Database 11g Rel
ease 2 (11.2.0.3) and above.
From Oracle Support "Requirements for Installing Oracle 11gR2 RDBMS on RHEL6 or
OL6 64-bit (x86-64) (Doc ID 1441282.1)":
By default, RHEL 6 x86_64 Linux is installed with SELinux as "enforcing". This i
s fine for the 11gR2 installation process. However, to subsequently run "sqlplus
", switch SELinux to the "Permissive" mode. See NOTE 454196.1, "./sqlplus: error
on libnnz11.so: cannot restore segment prot after reloc" for more details. UPDA
TE: Internal testing suggests that there is no problem running "sqlplus" with SE
Linux in "enforcing" mode on RHEL6/OL6. The problem only affects RHEL5/OL5.
Verify that SELinux is running and set to ENFORCING :
As the root user,
su - root
getenforce
Enforcing
If the system is running in PERMISSIVE or DISABLED mode, modify the /etc/sysconf
ig/selinux file and set SELinux to enforcing as shown below.
SELINUX=enforcing
The modification of the /etc/sysconfig/selinux file takes effect after a reboot.
To change the
setting of SELinux immediately without a reboot, run the following command:
su - root
setenforce 1
Configuring Firewall Settings
+++++++++++++++++++++++++++++++++++++
Firewall access and restrictions play a critical role in securing your Oracle Da
tabase 11g Release 2 (11.2.0.3) environment. It is recommended that the firewall
[dvd]
name=OracleLinux6.6
baseurl=file:///media/"OL6.6 x86_64 Disc 1 20141018"
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
3. Rename any other existing yum repository configuration files that point to th
e internet:
su mv /etc/yum.repos.d/public-yum-ol6.repo /etc/yum.repos.d/public-yum-ol6.repo.ren
amed
4. Clean up the yum cache.
yum clean all
5. Test that you can use yum to access the repository.
yum repolist
Packages required for Cloud Control 12.1.0.4
+++++++++++++++++++++++++++++++++++++++++++++++++
To install required packages for Cloud Control 12.1.0.4 on OL6.6 create a text f
ile (e.g. packages-to-install.txt) containing only the following :
make-3.81
binutils-2.20.51.0.2-5.42.el6.x86_64
gcc-4.4.7-11.el6.x86_64
libaio-0.3.107
glibc-common-2.12
libstdc++-4.4.7-11.el6.x86_64
libXtst-1.2.2-2.1.el6.i686
sysstat-9.0.4
glibc-devel-2.12-1.149.el6.i686
glibc-devel-2.12-1.149.el6.x86_64
As root, Change directory to the location of the text file and install:
su - root
cd /home/oracle
yum install -y $(cat packages-to-install.txt)
To verify the existence of the packages, run the above command again:
yum install -y $(cat packages-to-install.txt)
The response will be:
Package binutils-2.20.51.0.2-5.36.el6.x86_64 already installed and latest versio
n
...
Configure OS for DB
+++++++++++++++++++++++++++
1. The "/etc/hosts" file must contain a fully qualified name for the server.
su cp /etc/hosts /etc/hosts.backup
nano /etc/hosts
Make sure that each IP address points to one and only one hostname. Example of C
orrect Contents of /etc/hosts:
127.0.0.1 localhost.localdomain localhost
172.22.100.5
srv01.class
srv01
172.22.100.6
srv02.class
srv02
2. Open /etc/pam.d/login and add the following line if it is not already there:
su nano /etc/pam.d/login
session
required
pam_limits.so
3. Edit /etc/profile and add the following code (delete any additional spaces be
tween lines if you use copy and paste):
su - root
nano /etc/profile
if [ $USER = "oracle" ] || [ $USER = "grid" ]; then
umask 022
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
4. Configure for AMM (Automatic Memory Management)
As root user,
Make a backup of /etc/fstab file and amend the tmpfs line in /etc/fstab
su cp /etc/fstab /etc/fstab.bkup
gedit /etc/fstab
Include the value for size for /dev/shm as follows (Assuming the Server has 8GB
Ram of which 6GB will be used for Oracle):
tmpfs
/dev/shm
tmpfs
size=7000M
0 0
5. Login as the oracle user and add the following lines at the end of the ".bash
_profile" file (delete any additional spaces between lines if you use copy and p
aste):
su - oracle
nano .bash_profile
umask 022
ORACLE_BASE=/u01/app/oracle
export ORACLE_BASE
reload .bash_profile and test:
su - oracle
. ./.bash_profile
echo $ORACLE_BASE
6. As root user, create the directories in which the Oracle software will be ins
talled.
su - root
mkdir -p /u01/app/oracle
chown -R oracle:oinstall /u01
chmod -R 775 /u01
Configure a new Firefox version
+++++++++++++++++++++++++++++++++++++
*** 64bit ***
su cd /usr/lib64
mv firefox firefox.old
cp /home/oracle/Downloads/firefox-35.0.tar.bz2 .
tar -jxvf firefox-35.0.tar.bz2
cp /usr/lib64/firefox/browser/icons/mozicon128.png /usr/share/pixmaps
rm -rf /usr/lib64/firefox-35.0.tar.bz2
rm -rf /usr/lib64/firefox.old <--- optional
*** 32bit ***
cd /usr/lib
mv firefox firefox.old
cp /home/oracle/Downloads/firefox-35.0.tar.bz2 .
tar -jxvf firefox-35.0.tar.bz2
cp /usr/lib/firefox/browser/icons/mozicon128.png /usr/share/pixmaps
rm -rf /usr/lib/firefox-35.0.tar.bz2
rm -rf /usr/lib/firefox.old <--- optional
Install Flash plugin for Firefox on 64bit Linux
+++++++++++++++++++++++++++++++++++++++++++++++++++
Some of the pages of Enterprise Manager require the Flash plugin to display prop
erly.
The file containing the player is "flash-plugin-11.2.202.332-release.x86_64.rpm"
which is assumed to be located in /home/oracle/Downloads
Steps
* Shutdown Firefox
* As root user, remove any existing flash plugin
su - root
rpm -e flash-plugin
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
if=/dev/zero
of=/u01/asmdisks/_file_disk_01
of=/u01/asmdisks/_file_disk_02
of=/u01/asmdisks/_file_disk_03
of=/u01/asmdisks/_file_disk_04
of=/u01/asmdisks/_file_disk_05
of=/u01/asmdisks/_file_disk_06
of=/u01/asmdisks/_file_disk_07
of=/u01/asmdisks/_file_disk_08
of=/u01/asmdisks/_file_disk_09
of=/u01/asmdisks/_file_disk_10
of=/u01/asmdisks/_file_disk_11
of=/u01/asmdisks/_file_disk_12
of=/u01/asmdisks/_file_disk_13
bs=1k
bs=1k
bs=1k
bs=1k
bs=1k
bs=1k
bs=1k
bs=1k
bs=1k
bs=1k
bs=1k
bs=1k
bs=1k
count=2359296
count=2359296
count=2359296
count=2359296
count=2359296
count=2359296
count=2359296
count=2359296
count=2359296
count=2359296
count=2359296
count=2359296
count=2359296
sleep 2
losetup /dev/loop13 /u01/asmdisks/_file_disk_13
sleep 2
6. Alias the loopback devices to make them look like virtual block devices (VBDs
).
check if any of the xvd* naming has been taken and adjust the usage below:
ls /dev/xvd*
If all the below (xvdb up to xvdn) are available, proceed
su
ln
ln
ln
ln
ln
ln
ln
ln
ln
ln
ln
ln
ln
- root
-s /dev/loop1 /dev/xvdb
-s /dev/loop2 /dev/xvdc
-s /dev/loop3 /dev/xvdd
-s /dev/loop4 /dev/xvde
-s /dev/loop5 /dev/xvdf
-s /dev/loop6 /dev/xvdg
-s /dev/loop7 /dev/xvdh
-s /dev/loop8 /dev/xvdi
-s /dev/loop9 /dev/xvdj
-s /dev/loop10 /dev/xvdk
-s /dev/loop11 /dev/xvdl
-s /dev/loop12 /dev/xvdm
-s /dev/loop13 /dev/xvdn
/etc/init.d/losetup
losetup --add
losetup on
losetup --list
5. stamp (or label) the ASM files created earlier as ASM disks.
su - root
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
/etc/init.d/oracleasm
createdisk
createdisk
createdisk
createdisk
createdisk
createdisk
createdisk
createdisk
createdisk
createdisk
createdisk
createdisk
createdisk
ASMDISK01
ASMDISK02
ASMDISK03
ASMDISK04
ASMDISK05
ASMDISK06
ASMDISK07
ASMDISK08
ASMDISK09
ASMDISK10
ASMDISK11
ASMDISK12
ASMDISK13
/dev/xvdb
/dev/xvdc
/dev/xvdd
/dev/xvde
/dev/xvdf
/dev/xvdg
/dev/xvdh
/dev/xvdi
/dev/xvdj
/dev/xvdk
/dev/xvdl
/dev/xvdm
/dev/xvdn
DEVICE=eth0
TYPE=Ethernet
UUID=ef782262-0006-4e92-9a7e-5183109abc32
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=08:00:27:CC:D5:56
IPADDR=10.10.120.1
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
--- AFTER CLONING --2. Change Hostname in the cloned VM:
su nano /etc/sysconfig/network
Final Result:
NETWORKING=yes
HOSTNAME=srv2.class
NOZEROCONF=yes
3. in the cloned VM, edit the udev rule for network devices:
su nano /etc/udev/rules.d/70-persistent-net.rules
Result:
# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:cc:d5:5
6", ATTR{type}=="1", K$
# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:98:ab:7
9", ATTR{type}=="1", K$
4. Copy the new mac address (08:00:27:98:ab:79) to the line of your eth0 rule (f
irst line) and delete the new rule for eth1 (second line).
Result:
# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:98:ab:7
9", ATTR{type}=="1", K$
5. Open the network configuration file for ifcfg-eth0:
su nano /etc/sysconfig/network-scripts/ifcfg-eth0
6. Replace the old ip with the new one and the old mac address (HWADDR) with the
new mac address:
Before modification:
DEVICE=eth0
TYPE=Ethernet
UUID=ef782262-0006-4e92-9a7e-5183109abc32
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=08:00:27:CC:D5:56
IPADDR=10.10.120.1
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
After modification:
DEVICE=eth0
TYPE=Ethernet
UUID=ef782262-0006-4e92-9a7e-5183109abc32
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=08:00:27:98:ab:79
IPADDR=10.10.120.2
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
7. Configure hosts file for new IP and hostname (e.g. srv2.class)
su nano /etc/hosts
Make sure it looks like this:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1
localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.120.2 srv2.class srv2
8. reboot cloned VM so the new device names will be known in your system.
Installing in XenServer 6.5
+++++++++++++++++++++++++++++++++
*** Note: Only Oracle Linux 6.5 is supported i.e. has an install template ***
1. Install from iso rather than url
2. Set advanced OS boot parameters when creating the VM:
Document: Citrix XenServer 6.5 Virtual Machine User's Guide --> Appendix B. Linu
x VM Release Notes --> B.1.1.2. RHEL Graphical Network Install Support
To perform a graphical installation, add VNC to the list of advanced OS boot par