Deploying Oracle 11g R2 RAC on RHEL6


Deploying Oracle RAC 11g R2 Database on Red Hat Enterprise Linux 6 Best Practices Roger Lopez, Sr. Software Engineer RHCE Version 1.0 September 2013 1801 Varsity Drive™ Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA Linux is a registered trademark of Linus Torvalds. Red Hat, Red Hat Enterprise Linux and the Red Hat "Shadowman" logo are registered trademarks of Red Hat, Inc. in the United States and other countries. Oracle and Java are registered trademarks of Oracle. Intel, the Intel logo and Xeon are registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. All other trademarks referenced herein are the property of their respective owners. © 2013 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). The information contained herein is subject to change without notice. Red Hat, Inc. shall not be liable for technical or editorial errors or omissions contained herein. Distribution of modified versions of this document is prohibited without the explicit permission of Red Hat Inc. Distribution of this work or derivative of this work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from Red Hat Inc. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E www.redhat.com ii refarch-feedback@redhat.com Comments and Feedback In the spirit of open source, we invite anyone to provide feedback and comments on any reference architectures. Although we review our papers internally, sometimes issues or typographical errors are encountered. Feedback allows us to not only improve the quality of the papers we produce, but allows the reader to provide their thoughts on potential improvements and topic expansion to the papers. Feedback on the papers can be provided by emailing refarch-feedback@redhat.com. Please refer to the title within the email. Staying In Touch Join us on some of the popular social media sites where we keep our audience informed on new reference architectures as well as offer related information on things we find interesting. Like us on Facebook: https://www.facebook.com/rhrefarch Follow us on Twitter: https://twitter.com/RedHatRefArch Plus us on Google+: https://plus.google.com/u/0/b/114152126783830728030/ Accessing Reference Architectures There are two ways to access Red Hat reference architectures: • The Red Hat customer portal at http://access.redhat.com using a customer login • The Red Hat resource library at http://www.redhat.com/resourcelibrary/reference-architectures/ refarch-feedback@redhat.com iii www.redhat.com Table of Contents 1 Executive Summary......................................................................................... 1 2 Reference Architecture Environment................................................................ 2 2.1 Reference Architecture Overview...................................................................................... 2 2.2 Network Topology.............................................................................................................. 3 2.3 Hardware Details............................................................................................................... 4 2.4 File System Layout & Disk Space Details........................................................................ 5 2.5 Storage Layout.................................................................................................................. 7 2.6 Swap Space...................................................................................................................... 7 2.7 Security: Firewall Settings................................................................................................. 8 2.8 Security: SELinux.............................................................................................................. 9 3 Reference Architecture Configuration Details................................................. 10 3.1 Setting OS Hostname...................................................................................................... 10 3.2 Network Configuration..................................................................................................... 11 3.2.1 Configuring /etc/resolv.conf file.................................................................................. 11 3.2.2 Configure SCAN via DNS.......................................................................................... 11 3.2.3 Configure Virtual IP (VIP) via DNS............................................................................ 13 3.2.4 Public Network Configuration.................................................................................... 14 3.2.5 Private Network Configuration................................................................................... 16 3.2.6 NTP Configuration..................................................................................................... 19 3.3 OS Configuration............................................................................................................. 20 3.3.1 Accessing the RHN Repository................................................................................. 20 3.3.2 Oracle RAC Database 11g Release 2 (11.2.0.3) Package Requirements............... 20 3.3.3 Configuring Security-Enhanced Linux (SELinux)...................................................... 22 3.3.4 Configuring Firewall Settings..................................................................................... 22 3.3.5 Setting Virtual Memory.............................................................................................. 23 3.3.6 Setting Shared Memory............................................................................................. 25 3.3.7 Setting Semaphores.................................................................................................. 26 3.3.8 Ephemeral Network Ports.......................................................................................... 26 3.3.9 Optimizing Network Settings...................................................................................... 27 3.3.10 Increasing synchronous I/O Requests..................................................................... 27 3.3.11 Increasing File Handles........................................................................................... 28 3.3.12 Reverse Path Filtering............................................................................................. 29 3.3.13 User Accounts & Groups......................................................................................... 29 www.redhat.com iv refarch-feedback@redhat.com 3.3.14 Setting Shell Limits for the Grid and Oracle User.................................................... 30 3.4 Storage Configuration..................................................................................................... 32 3.4.1 Setting up DM-Multipath............................................................................................ 32 3.4.2 Partitioning Device Mapper Shared Disks................................................................. 36 3.4.3 Configuring Oracle ASM Disks.................................................................................. 37 3.4.3.1 Oracle ASMLib Alternative: Configuring udev Rules........................................... 37 3.4.3.2 Configuring Oracle ASMLib.................................................................................. 39 3.4.4 Optimizing Database Storage using Automatic System Tuning................................ 43 4 Oracle 11gR2 Configuration........................................................................... 45 4.1.1 Installing Oracle Grid Infrastructure (Required for ASM)........................................... 45 4.1.2 Installing Oracle 11g R2 Database Software............................................................ 55 4.1.3 Creating ASM Diskgroups via the ASM Configuration Assistant (ASMCA)............... 61 4.1.4 Creating a Database using Database Configuration Assistant (DBCA).................... 64 4.1.5 Enabling HugePages................................................................................................. 69 5 Logging into an Oracle RAC Database 11g Release 2 Instance (11.2.0.3)... 72 6 Conclusion...................................................................................................... 73 Appendix A: Revision History........................................................................... 74 Appendix B: Contributors ................................................................................ 75 Appendix C: DM Multipath Configuration File................................................... 76 Appendix D: iptables Configuration File........................................................... 78 Appendix E: Huge Pages Script....................................................................... 79 Appendix F: Oracle Database Package Requirements Text File...................... 80 Appendix G: Kernel Parameters....................................................................... 81 Appendix H: Limits Configuration File (Limits.conf).......................................... 82 Appendix I: 99-oracle-asmdevices.rules........................................................... 83 Appendix J: Sample Kickstart File.................................................................... 84 Appendix K: Configuration Files....................................................................... 85 refarch-feedback@redhat.com v www.redhat.com Appendix L: Troubleshooting ORA-* Errors...................................................... 86 Appendix M: References.................................................................................. 91 www.redhat.com vi refarch-feedback@redhat.com 1 Executive Summary IT organizations face challenges of optimizing Oracle database environments to keep up with the ever increasing workload demands and evolving security risks. This reference architecture provides a step-by-step deployment procedure with the latest best practices to install and configure an Oracle Real Application Clusters (RAC) Database 11g Release (11.2.0.3) with Oracle Automatic Storage Management (ASM). It is suited for system, storage, and database administrators deploying Oracle RAC Database 11g Release 2 (11.2.0.3) on Red Hat Enterprise Linux 6. It is intended to provide a Red Hat | Oracle reference architecture that focuses on the following tasks: • Deploying Oracle Grid Infrastructure 11g R2 (11.2.0.3) • Deploying Oracle RAC Database 11g R2 (11.2.0.3) with shared SAN disks • Using Oracle ASM disks with udev rules • Using Oracle ASM disks with Oracle ASMLib (RHEL 6.4 and above) • Enabling the Oracle RAC Database 11gR2 environment with SELinux refarch-feedback@redhat.com 1 www.redhat.com 2 Reference Architecture Environment This section focuses on the components used during the deployment of Oracle RAC Database 11g Release 2 (11.2.0.3) with Oracle Automatic Storage Management (ASM) on Red Hat Enterprise Linux 6.4 x86_64 in this reference architecture. 2.1 Reference Architecture Overview A pictorial representation of the environment used in this reference architecture is shown in the following Figure 2.1.1: Reference Architecture Overview. www.redhat.com 2 refarch-feedback@redhat.com Figure 2.1.1: Reference Architecture Overview 2.2 Network Topology The network topology used in this reference architecture consists of two public switches using link aggregation to connect the two switches together (Public Switch A and Public Switch B), creating a single logical switch. Ethernet device em1 on the server connects to Public Switch A, while Ethernet device em2 on the server connects to Public Switch B. Ethernet devices em1 and em2 are bonded together as a bond device, bond0, providing high availability for the public network traffic. Ethernet device em3 on each server connects to Private Switch A, while Ethernet device em4 on each server connects to Private Switch B. Ethernet devices em3 and em4 take advantage of Oracle's Highly Available Internet Protocol (HAIP) for Oracle's private interconnect. HAIP can load balance Ethernet traffic for up to four Ethernet devices. Due to the use of Oracle's HAIP, no bond device is created for the private Ethernet devices em3 and em4 on each node within the Oracle RAC Database 11.2.0.3 cluster. Figure 2.2.1: Network Toplogy shows the pictorial representation of the network topology. refarch-feedback@redhat.com 3 www.redhat.com Figure 2.2.1: Network Toplogy 2.3 Hardware Details The following are the minimum hardware requirements to properly install Oracle RAC Database 11g Release 2 (11.2.0.3) on a x86_64 system (minimum of two systems required): • Minimum of 1.5 GB of RAM for the installation of both Oracle Grid Infrastructure and Oracle RAC Database, however 2 GB of memory or more is recommended • The minimum of three Network Interface Cards (NIC) with the usage of direct attach storage or fibre channel storage; however, four NICs are recommended • Console access that supports 1024 x 768 resolution to ensure correct display of Oracle's Universal Installer (OUI). • All nodes within the Oracle RAC Database environment require the same chip architecture. This reference architecture uses 64-bit processors on all nodes within the cluster.1 Table 2.3.1: Server Details specifies the hardware for each server used within this reference architecture. This hardware meets the minimum requirements for properly installing Oracle RAC Database 11g Release 2 (11.2.0.3) on two x86_64 systems. Server Hardware Specifications per Server Oracle RAC 11g R2 Database (db-oracle-node1, db-oracle-node2) [2 x HP ProLiant DL370 G6 Server] Red Hat Enterprise Linux 6.4 kernel 2.6.32-358.el6.x86_64 2 Socket, 8 Core (16 cores) Intel(R) Xeon(R) CPU W5580 @ 3.20 GHz 48 GB of memory, DDR3 4096 MB @ 1333 MHz DIMMs 2 x NetXen NX3031 1/10-Gigabit Network Interface Cards (NICs) for public network 2 x NetXen NX3031 1/10-Gigabit Network Interface Cards (NICs) for private network 1 x Qlogic ISP2532 8GB Fibre Channel Dual Port HBA2 Table 2.3.1: Server Details Table 2.3.2: Switch Details specifies the fibre channel and Ethernet switches used within this reference architecture. 1 Preparing your Cluster, Oracle Documentation - http://docs.oracle.com/cd/E11882_01/rac.112/e17264/preparing.htm 2 Due to hardware limitations, this reference architecture uses only one dual port HBA. It is recommended to have at least two Fibre Channel Single Port HBAs for high availability. www.redhat.com 4 refarch-feedback@redhat.com Switch Hardware Fibre Channel 2 x Brocade Silkworm Fibre Switches Public Network 1 x HP ProCurve Gigabit Switch 1 x Cisco Catalyst Switch Private Network (Private VLANs) 1 x Cisco Catalyst Switch 1 x HP ProCurve Gigabit Switch Table 2.3.2: Switch Details Table 2.3.3: Storage Details specifies the storage used for storing Oracle data files within this reference architecture. Storage Hardware Specifications HP StorageWorks MSA2324fc Dual Controller Array 24 x 146 GB 15K SAS Hard disks Table 2.3.3: Storage Details 2.4 File System Layout & Disk Space Details The following are the minimum disk space requirements for properly installing Oracle RAC Database 11g Release 2 (11.2.0.3) software based upon this reference architecture. Software Disk Space Oracle Grid Infrastructure Home 5.5 GB Oracle Database Home Enterprise Edition (includes software files and data files) 8.9 GB /tmp 1 GB Table 2.4.1:Disk Space Requirements NOTE: The actual amount of disk space consumed for Oracle Grid Infrastructure Home and Oracle Database Home Enterprise Edition may vary. refarch-feedback@redhat.com 5 www.redhat.com Table 2.4.2: File System Layout specifies the file system layout for the two servers used in this reference architecture. The layout ensures the disk space requirements to properly install the Oracle Grid Infrastructure and Oracle Database software for Oracle RAC Database 11g Release 2 (11.2.0.3). File System Layout Disk Space Size / 15 GB /dev/shm 24 GB /boot 248 MB /home 8 GB /tmp 4 GB /u01 50 GB /usr 5 GB /var 8 GB Table 2.4.2: File System Layout Oracle RAC Database 11g Release 2 (11.2.0.3) recommends three volumes each of 1 GB in size to store the Oracle Cluster Registry (OCR) and voting disks within an Oracle ASM disk group with the use of normal redundancy. The OCR manages the Oracle Clusterware and Oracle RAC Database 11g Release 2 (11.2.0.3) configuration information. The voting disk manages any information pertaining to the node membership. While the size of the Oracle data files varies for each solution, the following are the Oracle data file sizes used for this reference architecture. Volume Volume Size Oracle Database Volume 1 (db1) 100 GB Oracle Database Volume 2 (db2) 100 GB Fast Recovery Area (fra) 200 GB Oracle Redo Log Volume (redo) 10 GB OCR & Voting Disks (ocrvote1) 1 GB OCR & Voting Disks (ocrvote2) 1 GB OCR & Voting Disks (ocrvote3) 1 GB Table 2.4.3: Oracle OCR, Voting Disk, & Data File Sizes www.redhat.com 6 refarch-feedback@redhat.com 2.5 Storage Layout Table 2.5.1: Storage Disk Layout for Reference Architecture shows the storage disk layout for each volume. Virtual Diskgroup Name Volume Name Volume Size RAID Group Type Harddrive Count Hot Spares Available Size of Virtual Disk vd01 db1 100 GB Raid 10 8 0 586 GB vd02 db2 100 GB Raid 10 8 0 586 GB vd03 fra 200 GB Raid 5 5 0 586 GB vd04 redo 10 GB Raid 1 2 0 146 GB vd04 ocrvote1 1 GB Raid 1 2 0 146 GB vd04 ocrvote2 1 GB Raid 1 2 0 146 GB vd04 ocrvote3 1 GB Raid 1 2 0 146 GB - - - - 1 1 146 GB Table 2.5.1: Storage Disk Layout for Reference Architecture NOTE: The Hot Spare Available is a Global Hot Spare that can be applied to any virtual disk group in case of failure. 2.6 Swap Space Swap space is determined by the amount of RAM found within the system. The following table displays the swap space recommendation. This reference architecture allocates 16 GB of RAM for swap space. RAM Swap Space 2.5 GB up to 16 GB Equal to the size of RAM Greater than 16 GB 16 GB of RAM Table 2.6.1: Recommended Swap Space NOTE: When calculating swap space, ensure not to include RAM assigned for hugepages. More information on hugepages can be found in Section 4.1.5 Enabling HugePages refarch-feedback@redhat.com 7 www.redhat.com 2.7 Security: Firewall Settings This section focuses on providing the details required to run iptables successfully for an Oracle RAC Database 11.2.0.3 environment. It is not uncommon for corporations to be running hardware based firewalls to protect their corporate networks. Due to this, enabling iptables might not be required. However, for the purposes of this reference architecture, iptables is enabled. For complete details, visit Section 3.3.4 Configuring Firewall Settings. The iptables configuration can be seen in its entirety at Appendix D iptables Configuration File Table 2.7.1: Firewall Port Settings lists the enabled ports within this reference architecture. Port Protocol Description 22 TCP Secure Shell (SSH) 80 TCP Hypertext Transfer Protocol (HTTP) 443 TCP Hypertext Transfer Protocol over SSL/TLS (HTTPS) 1521 TCP Oracle Transparent Network Substrate (TNS) Listener default port 1158 TCP Oracle Enterprise Manager 11g default port Table 2.7.1: Firewall Port Settings Table 2.7.2: Firewall Settings lists the source addresses and destination address allowed to accept input traffic. www.redhat.com 8 refarch-feedback@redhat.com Interface Source Address Destination Address bond0 10.16.142.51/32 - bond0 10.16.142.52/32 - - 192.11.142.0/24 230.0.1.0 - 192.11.142.0/24 224.0.0.251 - 192.12.142.0/24 230.0.1.0 - 192.12.142.0/24 224.0.0.251 bond0 - 230.0.1.0 bond0 - 224.0.0.251 em33 - - em43 - - Table 2.7.2: Firewall Settings 2.8 Security: SELinux Oracle RAC Database 11g Release 2 version 11.2.0.3 and later support SELinux. All systems in this reference architecture run with SELinux enabled and set to ENFORCING mode. Table 2.8.1: SELinux Packages lists the required SELinux packages. Version 3.7.19-211 is currently only available within the downloadable tar.gz file from Appendix K Configuration Files. It is important to note that at this time, the SELinux package 3.7.19-211 is not supported. However, to take advantage of SELinux enablement with Oracle ASMLib, version 3.7.19-211 is required. Package Version selinux-policy 3.7.19-211 selinux-policy-targeted 3.7.19-211 Table 2.8.1: SELinux Packages 3 Oracle recommends to disable firewall traffic on the private interconnect. Due to this em3 and em4 allow all traffic. refarch-feedback@redhat.com 9 www.redhat.com 3 Reference Architecture Configuration  Details This reference architecture focuses on the deployment of Oracle RAC Database 11g Release 2 (11.2.0.3) with Oracle Automatic Storage Management (ASM) on Red Hat Enterprise Linux 6.4 x86_64. The configuration is intended to provide a comprehensive Red Hat | Oracle solution. The key solution components covered within this reference architecture consists of: • Red Hat Enterprise Linux 6 Update 4 • Oracle Grid Infrastructure 11g Release 2 (11.2.0.3) • Oracle RAC Database 11g Release 2 (11.2.0.3) • Security-Enhanced Linux (SELinux) • Device Mapper Multipathing • udev Rules • Oracle ASMLib 3.1 Setting OS Hostname Each node within the Oracle RAC Database 11g Release 2 (11.2.0.3) cluster requires a unique host name. The host names within this reference architecture are: db-oracle-node1 and db-oracle-node2. To set the host name, please follow the instructions below. On each node, set the host name via the use of the hostname command. An example of setting db-oracle-node1 host name is shown below. # hostname db-oracle-node1.cloud.lab.eng.bos.redhat.com On each node, edit the /etc/sysconfig/network file's host name variable with the host name provided above. An example of the /etc/sysconfig/network file on db-oracle-node1 is displayed below. # cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=db-oracle-node1.cloud.lab.eng.bos.redhat.com www.redhat.com 10 refarch-feedback@redhat.com 3.2 Network Configuration The network configuration focuses on the proper setup of a public and private network interfaces along with the DNS configuration for the Single Client Access Name (SCAN). The public bonded network interface provides an Oracle environment with high availability in case of a network interface failure. The High Availability Internet Protocol (HAIP) provides the private network interfaces with failover and load balancing across each private network interface. SCAN provides the Oracle RAC Database 11g Release 2 (11.2.0.3) environment a single name that can be used by any client trying to access an Oracle Database within the cluster. 3.2.1 Configuring /etc/resolv.conf file The resolver is a set of routines in the C library that provide access to the Internet Domain Name System (DNS). The resolver configuration file contains information that is read by the resolver routines the first time they are invoked by a process. The file is designed to be human readable and contains a list of keywords with values that provide various types of resolver information.4 The /etc/resolv.conf file for this reference architecture consists of two configuration options: nameserver and search. The search option is used to search for a host name part of a particular domain. The nameserver option is the IP address of the name server the systems (db-oracle-node1, db-oracle-node2) should query. If more than one nameserver is listed, the resolver library queries them in order. An example of the /etc/resolv.conf file used on each node of the reference architecture is displayed below. cat /etc/resolv.conf search cloud.lab.eng.bos.redhat.com nameserver 10.16.143.247 nameserver 10.16.143.248 nameserver 10.16.255.2 For more information, please visit the man pages of the resolv.conf file via the command: # man resolv.conf 3.2.2 Configure SCAN via DNS SCAN provides a single name in which a client server can use to connect to a particular Oracle Database. The main benefit of SCAN is the ability to keep a client connection string the same even if changes within the Oracle RAC Database 11g Release 2 environment occur, such as adding or removing of nodes within the cluster. The reason this works is because every client connection sends a request to the SCAN Listener, which then routes the traffic to an available VIP Listener within the Oracle RAC Database 11g Release 2 cluster to establish a database connection. The setup of SCAN requires the creation of a single name, no longer than 15 characters in length not including the domain suffix, resolving to three IP addresses using a round-robin algorithm from the DNS server. SCAN must reside in the same subnet as the public network within the Oracle RAC Database cluster and be resolvable without the 4 Linux man pages – man resolv.conf refarch-feedback@redhat.com 11 www.redhat.com domain suffix. Within the reference environment, the domain is cloud.lab.eng.bos.redhat.com and SCAN name is db-oracle-scan An example DNS entry for the SCAN is as follows: db-oracle-scan IN A 10.16.142.53 IN A 10.16.142.54 IN A 10.16.142.55 An example of the DNS entry for the SCAN to enable reverse lookups is as follows: 53 IN PTR db-oracle-scan.cloud.lab.eng.bos.redhat.com. 54 IN PTR db-oracle-scan.cloud.lab.eng.bos.redhat.com. 55 IN PTR db-oracle-scan.cloud.lab.eng.bos.redhat.com. On each node within the Oracle RAC cluster, verify the SCAN configuration within the DNS server is setup properly using the nslookup and host command as follows: # nslookup db-oracle-scan Server: 10.16.143.247 Address: 10.16.143.247#53 Name: db-oracle-scan.cloud.lab.eng.bos.redhat.com Address: 10.16.142.54 Name: db-oracle-scan.cloud.lab.eng.bos.redhat.com Address: 10.16.142.55 Name: db-oracle-scan.cloud.lab.eng.bos.redhat.com Address: 10.16.142.53 # host db-oracle-scan db-oracle-scan.cloud.lab.eng.bos.redhat.com has address 10.16.142.53 db-oracle-scan.cloud.lab.eng.bos.redhat.com has address 10.16.142.54 db-oracle-scan.cloud.lab.eng.bos.redhat.com has address 10.16.142.55 On each node within the Oracle RAC cluster, verify the SCAN configuration reverse lookup is setup properly using the nslookup and host command as follows: # nslookup 10.16.142.53 Server: 10.16.143.247 Address: 10.16.143.247#53 53.142.16.10.in-addr.arpa name = db-oracle- scan.cloud.lab.eng.bos.redhat.com. Repeat the above step for the reverse lookup on the remaining IP addresses used for the SCAN. www.redhat.com 12 refarch-feedback@redhat.com NOTE: The reference environment resolves the following IP address to the following host names: IP Hostname 10.16.142.53 db-oracle-scan 10.16.142.54 db-oracle-scan 10.16.142.55 db-oracle-scan Table 3.2.2.1: SCAN IP & Hostnames For more information on SCAN, please refer to Oracle's documentation5. 3.2.3 Configure Virtual IP (VIP) via DNS The virtual IP is an IP address assigned to each node within an Oracle RAC Database environment with the IP address residing in the public subnet. During the installation of the Oracle Grid Infrastructure, each VIP Listener registers with every SCAN Listener. The reason is because when a client sends a request, the SCAN Listener routes the incoming traffic to one of the VIP Listeners within the Oracle RAC Database cluster. If a client connection string uses the VIP to talk directly to the VIP Listener (as done in prior versions), every time changes to the Oracle RAC Database environment are made, such as adding or removing nodes within the cluster, the client connection string would require updating. Due to this, Oracle recommends always using the SCAN for client connection string. An example DNS entry for our VIPs is as follows: db-oracle-node1-vip IN A 10.16.142.56 db-oracle-node2-vip IN A 10.16.142.57 On each node within the Oracle RAC cluster, verify the VIP address for db-oracle-node1-vip and db-oracle-node2-vip within the DNS server is setup properly using the nslookup and host command. An example of checking db-oracle-node1-vip can be seen below. # nslookup db-oracle-node1-vip Server: 10.16.143.247 Address: 10.16.143.247#53 Name: db-oracle-node1-vip.cloud.lab.eng.bos.redhat.com Address: 10.16.142.56 # host db-oracle-node1-vip db-oracle-node1-vip.cloud.lab.eng.bos.redhat.com has address 10.16.142.56 5 Oracle Single Client Access Name (SCAN) http://www.oracle.com/technetwork/products/clustering/overview/scan-129069.pdf refarch-feedback@redhat.com 13 www.redhat.com An example of the DNS entry for the SCAN to enable reverse lookups is as follows: 56 IN PTR db-oracle-node1-vip.cloud.lab.eng.bos.redhat.com. 57 IN PTR db-oracle-node2-vip.cloud.lab.eng.bos.redhat.com. On each node within the Oracle RAC Database cluster, verify the VIP address reverse lookup for both VIP addresses (10.16.142.56 and 10.16.142.57) is setup properly using the nslookup and host command . An example is shown using VIP address 10.16.142.56 below. # nslookup 10.16.142.56 Server: 10.16.143.247 Address: 10.16.143.247#53 56.142.16.10.in-addr.arpa name = db-oracle-node1- vip.cloud.lab.eng.bos.redhat.com. # host 10.16.142.56 56.142.16.10.in-addr.arpa domain name pointer db-oracle-node1- vip.cloud.lab.eng.bos.redhat.com. NOTE: The VIP address should provide a 'Destintation Host Unreachable' response if an attempt to ping the VIP or VIP host name is attempted. NOTE: This reference environment resolves the following Virtual IP addresses to the following host names: IP Hostname 10.16.142.56 db-oracle-node1-vip 10.16.142.57 db-oracle-node2-vip Table 3.2.3.1: Virtual IP & Hostnames 3.2.4 Public Network Configuration The public network configuration consists of two network interfaces bonded together to provide high availability. The example below shows how to bond physical interfaces em1 and em2 with a bond device labeled bond0. If NetworkManager is installed, ensure it is disabled. Check the status of NetworkManager: # chkconfig –-list | grep NetworkManager NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off Disable NetworkManager: # service NetworkManager stop # chkconfig NetworkManager off www.redhat.com 14 refarch-feedback@redhat.com On each node, as the root user, execute the following command which creates a file named bonding.conf within the /etc/modprobe.d/ directory needed to create a bonded device for multiple network interfaces. The bonding.conf file is also part of Appendix K Configuration Files # echo "alias bond0 bonding" > /etc/modprobe.d/bonding.conf On each node, as the root user, create a backup of the ifcfg-em1 & ifcfg-em2 files, create the ifcfg-bond0 file and edit the ifcfg-em1 & ifcfg-em2 configuration files found within /etc/sysconfig/network-scripts. An example can be seen below. # cp /etc/sysconfig/network-scripts/ifcfg-em1 /etc/sysconfig/network- scripts/em1.bkup # cp /etc/sysconfig/network-scripts/ifcfg-em2 /etc/sysconfig/network- scripts/em2.bkup # cat /etc/sysconfig/network-scripts/ifcfg-bond0 DEVICE="bond0" BONDING_OPTS="mode=1 miimon=100 primary=em1" NM_CONTROLLED="no" IPADDR="10.16.142.51" NETMASK="255.255.248.0" GATEWAY="10.16.143.254" ONBOOT="yes" # cat /etc/sysconfig/network-scripts/ifcfg-em1 DEVICE="em1" BOOTPROTO="none" HWADDR="00:25:B3:A8:6F:18" IPV6INIT="no" NM_CONTROLLED="no" ONBOOT="yes" TYPE="Ethernet" UUID="3db45d28-e63c-401b-906a-ef095de4fc1e" SLAVE="yes" MASTER="bond0" # cat /etc/sysconfig/network-scripts/ifcfg-em2 DEVICE="em2" BOOTPROTO="none" HWADDR="00:25:B3:A8:6F:19" IPV6INIT="no” NM_CONTROLLED="no" ONBOOT="yes" TYPE="Ethernet" UUID="7d29d87f-52bb-4dc6-88ca-d0857c7d7fd9" SLAVE="yes" MASTER="bond0" refarch-feedback@redhat.com 15 www.redhat.com After all the network scripts are configured, restart the network service on each node via the command: # service network restart Shutting down interface bond0: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface bond0: [ OK ] Once the bond0 device is configured on each node, use the ping command to verify connectivity as follows: On node one labeled db-oracle-node1, # ping db-oracle-node2 PING db-oracle-node2.cloud.lab.eng.bos.redhat.com (10.16.142.52) 56(84) bytes of data. 64 bytes from db-oracle-node2.cloud.lab.eng.bos.redhat.com (10.16.142.52): icmp_seq=1 ttl=64 time=0.179 ms On node two labeled db-oracle-node2, # ping db-oracle-node1 PING db-oracle-node1.cloud.lab.eng.bos.redhat.com (10.16.142.51) 56(84) bytes of data. 64 bytes from db-oracle-node1.cloud.lab.eng.bos.redhat.com (10.16.142.51): icmp_seq=1 ttl=64 time=0.755 ms NOTE: Please ensure a DNS entry that resolves to the appropriate hostname is set. This reference architecture resolves the following IP address to the following host names: IP Hostname 10.16.142.51 db-oracle-node1 10.16.142.52 db-oracle-node2 Table 3.2.4.1: Public IP & Hostnames 3.2.5 Private Network Configuration The private network configuration consists of two network interfaces em3 and em4. The private network is used to provide interconnect communication between all the nodes in the cluster. This is accomplished via Oracle's Redundant Interconnect, also known as Highly Available Internet Protocol (HAIP), that allows the Oracle Grid Infrastructure to activate and load balance traffic on up to four Ethernet devices for private interconnect communication. The example below shows how to set up physical interfaces em3 and em4 to be used with HAIP. On each node, as the root user, create a backup of the ifcfg-em3 & ifcfg-em4 files, and edit the ifcfg-em3 & ifcfg-em4 configuration files found within /etc/sysconfig/network-scripts. An example of ifcfg-em3 and ifcfg-em4 on db-oracle-node1 is displayed below. www.redhat.com 16 refarch-feedback@redhat.com # cp /etc/sysconfig/network-scripts/ifcfg-em3 /etc/sysconfig/network- scripts/em3.bkup # cp /etc/sysconfig/network-scripts/ifcfg-em4 /etc/sysconfig/network- scripts/em4.bkup # cat /etc/sysconfig/network-scripts/ifcfg-em3 DEVICE="em3" BOOTPROTO="static" HWADDR="00:25:B3:A8:6F:18" IPV6INIT="no" NM_CONTROLLED="no" ONBOOT="yes" TYPE="Ethernet" UUID="3db45d28-e63c-401b-906a-ef095de4fc1e" IPADDR=”192.11.142.51” NETMASK=”255.255.255.0” MTU=”9000” # cat /etc/sysconfig/network-scripts/ifcfg-em4 DEVICE="em4" BOOTPROTO="static" HWADDR="00:25:B3:A8:6F:19" IPV6INIT="no” NM_CONTROLLED="no" ONBOOT="yes" TYPE="Ethernet" UUID="7d29d87f-52bb-4dc6-88ca-d0857c7d7fd9" IPADDR=”192.12.142.51” NETMASK=”255.255.255.0” MTU=”9000” NOTE: The MTU size is set to 9000 for the enablement of Jumbo Frames. Ensure Jumbo Frames are enabled on the private Ethernet switches. After all the network scripts are configured on each node, restart the network service on each node: # service network restart Shutting down interface bond0: [ OK ] Shutting down interface em3: [ OK ] Shutting down interface em4: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface bond0: [ OK ] Bringing up interface em3: [ OK ] Bringing up interface em4: [ OK ] refarch-feedback@redhat.com 17 www.redhat.com NOTE: Ensure that all private Ethernet interfaces i.e. em3 and em4, are set to different subnets on each node. If different subnets are not used and connectivity is lost, this can cause a node reboot within the cluster. For the reference environment, subnets 192.11.142.X and 192.12.142.X are used on each node within the Oracle RAC Database 11.2.0.3 cluster. Once the Ethernet devices are configured on each node, use the ping command to verify connectivity as follows: On node one labeled db-oracle-node1, # ping 192.11.142.52 PING 192.11.142.52 (192.11.142.52) 56(84) bytes of data. 64 bytes from 192.11.142.52: icmp_seq=1 ttl=64 time=0.145 ms # ping 192.12.142.52 PING 192.12.142.52 (192.12.142.52) 56(84) bytes of data. 64 bytes from 192.12.142.52: icmp_seq=1 ttl=64 time=0.183 ms On node two labeled db-oracle-node2, # ping 192.11.142.51 PING 192.11.142.51 (192.11.142.51) 56(84) bytes of data. 64 bytes from 192.11.142.51: icmp_seq=1 ttl=64 time=0.138 ms # ping 192.12.142.51 PING 192.12.142.51 (192.12.142.51) 56(84) bytes of data. 64 bytes from 192.12.142.51: icmp_seq=1 ttl=64 time=0.164 ms IP Ethernet Interface Host 192.11.142.51 em3 db-oracle-node1 192.12.142.51 em4 db-oracle-node1 192.11.142.52 em3 db-oracle-node2 192.12.142.52 em4 db-oracle-node2 Table 3.2.5.1: Private IP, Ethernet Interfaces, & Host www.redhat.com 18 refarch-feedback@redhat.com 3.2.6 NTP Configuration The ntpd program is an operating system daemon which sets and maintains the system time, synchronizing with Internet standard time servers6. The ntpd program operates by exchanging messages with one or more configured servers at designated poll intervals3. Oracle RAC Databases require time synchronization for all nodes within the cluster. To configure the ntpd daemon, on each node, follow the instructions below. 1. Edit the /etc/ntp.conf file with a text editor such as vi. # vi /etc/ntp.conf 2. Locate the following public server pool section, and modify to include the appropriate NTP servers. For the purposes of this reference architecture, only one NTP server is used, but three are recommended. The iburst option was added to speed up the time in which it takes to properly sync with the NTP servers. # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 10.16.255.2 iburst 3. Save all the changes within the /etc/ntp.conf file 4. The following -x option within the /etc/sysconfig/ntpd file needs to be added to prevent the time synced by the NTP daemon to be adjusted backward. Original /etc/sysconfig/ntpd file content: OPTIONS=”-u ntp:ntp -p /var/run/ntpd.pid -g” Modified /etc/sysconfig/ntpd file content: OPTIONS=”-x -u ntp:ntp -p /var/run/ntpd.pid -g” 5. Save all the changes within the /etc/sysconfig/ntpd file 6. Restart the ntpd daemon via the command: # service ntpd restart Shutting down ntpd: [FAILED] Starting ntpd: [ OK ] NOTE: Shutting down ntpd daemon provides a status of 'FAILED' if the ntpd daemon is currently off. 7. Ensure that the ntpd daemon is started when the system is booted. # chkconfig ntpd on 6 ntpd – Network Time Protocol (NTP) daemon man page – man ntpd (8) refarch-feedback@redhat.com 19 www.redhat.com 3.3 OS Configuration 3.3.1 Accessing the RHN Repository Instructions on how to register a system and manage subscriptions on Red Hat Enterprise Linux 6 can be found within the Red Hat Linux 6 Deployment Guide documentation7. The following table shows the required channels via the Red Hat Network to support the installation of Oracle. Channel Source rhel-x86_64-server-6 RHN Classic rhel-x86_64-server-supplementary-6 RHN Classic Table 3.3.1.1: Required Channels NOTE: The rhel-x86_64-server-supplementary-6 channel is a requirement for the implementation of Oracle ASMLib found in Section 3.4.3.2 Configuring Oracle ASMLib. However, Oracle ASMLib is not required for the use of Oracle ASM disks. This reference architecture features both methods of implementation within Section 3.4.3.1 Oracle ASMLib Alternative: Configuring udev Rules and Section 3.4.3.2 Configuring Oracle ASMLib 3.3.2 Oracle RAC Database 11g Release 2 (11.2.0.3) Package  Requirements A specific set of packages is required to properly deploy Oracle RAC Database 11g Release 2 (11.2.0.3) on Red Hat Enterprise Linux 6 (x86_64). The number of installed packages required varies depending on whether a default or minimal installation of Red Hat Enterprise Linux 6 (x86_64) is performed. For the purposes of this reference architecture, a minimal Red Hat Enterprise Linux 6 installation is performed to reduce the number of installed packages. A sample kickstart file as been provided within Appendix K Configuration Files. Red Hat Enterprise Linux 6 installation requires the following group packages: Required Group Packages @Base @Core Table 3.3.2.1: Group Packages 7 Red Hat Enterprise Linux 6 Deployment Guide, https://access.redhat.com/site/documentation/en- US/Red_Hat_Enterprise_Linux/6/html-single/Deployment_Guide/index.html#entitlements www.redhat.com 20 refarch-feedback@redhat.com Oracle Grid Infrastructure 11.2 and Oracle RAC Database 11.2 require the following x86_64 RPM packages8: Required Packages cloog-ppl libXxf86misc compat-libcap1 libXxf86vm compat-libstdc++-33 libaio-devel cpp libdmx gcc libstdc++-devel gcc-c++ mpfr glibc-devel make glibc-headers ppl kernel-headers xorg-x11-utils libXmu xorg-x11-xauth libXt libXv ksh libXxf86dga Table 3.3.2.2: Required Packages After the installation of Red Hat Enterprise Linux 6 is completed on each node within the Oracle RAC Database cluster, create a file, req-rpm.txt, that contains the name of each RPM package listed above on a separate line. An example of the req-rpm.txt file is included in Appendix F Oracle Database Package Requirements Text File. On each node, use the yum package manager to install the packages and any of their dependencies with the following command: # yum install `awk '{print $1}' ./req-rpm.txt` A minimum installation of Red Hat Enterprise Linux 6 does not install the X Window System server package, but only the required X11 client libraries. In order to run the Oracle Universal Installer (OUI), a system with the X Window System server package installed is required. Via a system with X Window System installed, SSH into node one of the Oracle RAC Database cluster with the Y option to ensure trusted X11 forwarding is set. The command is as follows: # ssh -Y db-oracle-node1 Alternatively, if a system with the X Window System server package is unavailable, install the X Window System server package directly on node one of the Oracle RAC Database cluster. # yum groupinstall "X Window System" 8 Linux OS Installation with Reduced Set of Packages for Running Oracle Database Server [ID 728346.1] via http://support.oracle.com refarch-feedback@redhat.com 21 www.redhat.com 3.3.3 Configuring Security­Enhanced Linux (SELinux) SELinux is an implementation of a mandatory access control (MAC) mechanism developed by the National Security Agency (NSA). The purpose of SELinux is to apply rules on files and processes based on defined policies. When policies are appropriately defined, a system running SELinux enhances application security by determining if an action from a particular process should be granted thus protecting against vulnerabilities within a system. The implementation of Red Hat Enterprise Linux 6 enables SELinux by default and appropriately sets it to the default setting of ENFORCING. Starting with Oracle Database 11g Release 2, SELinux is supported for Red Hat Enterprise Linux 69. It is highly recommended that SELinux be kept in ENFORCING mode when running Oracle RAC Database 11g Release 2 (11.2.0.3). On each node, verify that SELinux is running and set to ENFORCING: As the root user, # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted If the system is running in PERMISSIVE or DISABLED mode, modify the /etc/selinux/config file and set SELinux to enforcing as shown below. SELINUX=enforcing The modification of the /etc/selinux/config file takes effect after a reboot. To change the setting of SELinux immediately without a reboot, run the following command: # setenforce 1 For more information on Security-Enhanced Linux, please visit the Red Hat Enterprise Linux 6 Security-Enhanced Linux User Guide 3.3.4 Configuring Firewall Settings Firewall access and restrictions play a critical role in securing your Oracle RAC Database 11g Release 2 (11.2.0.3) environment. It is not uncommon for corporations to be running hardware based firewalls to protect their corporate networks. Due to this, enabling iptables might not be required. However, the reference environment demonstrates how to successfully implement firewall settings for an Oracle RAC Database environment. The following iptables rules are used on each node: # Generated by iptables-save v1.4.7 on Mon Aug 5 19:20:53 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] 9 Oracle Documentation http://docs.oracle.com/cd/E11882_01/install.112/e22489/prelinux.htm#CWLIN220 www.redhat.com 22 refarch-feedback@redhat.com :OUTPUT ACCEPT [25:2660] -A INPUT -s 10.16.142.51/32 -i bond0 -j ACCEPT -A INPUT -s 10.16.142.52/32 -i bond0 -j ACCEPT -A INPUT -i em3 -j ACCEPT -A INPUT -i em4 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 192.11.142.0/24 -d 230.0.1.0 -j ACCEPT -A INPUT -s 192.11.142.0/24 -d 224.0.0.251 -j ACCEPT -A INPUT -s 192.12.142.0/24 -d 230.0.1.0 -j ACCEPT -A INPUT -s 192.12.142.0/24 -d 224.0.0.251 -j ACCEPT -A INPUT -i bond0 -d 230.0.1.0 -j ACCEPT -A INPUT -i bond0 -d 224.0.0.251 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s 10.16.142.54 --dport 1521 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s 10.16.142.54 --dport 1158 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT The key points from the iptables configuration are: • Enable all traffic from the private interconnect interfaces em3 and em4 • Enable Oracle SCAN Listener Port 1521 for Oracle DB client access • Enable Oracle Enterprise Manager 11g Port 1158 for Oracle DB client access • Enable SSH, HTTPS via ports 22 and 443 • Enable Oracle's Multicast address IPs: 230.0.1.0 and 224.0.0.251 Once the rules have been modified within the /etc/sysconfig/iptables, on each node within the Oracle RAC Database cluster, run the following command to activate: # service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: nat mangle filte[ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] NOTE: A full listing of all the firewall settings within the /etc/sysconfig/iptables file for this reference architecture can be found at Appendix D iptables Configuration File. 3.3.5 Setting Virtual Memory Tuning virtual memory requires the modification of five kernel parameters that affect the rate at which virtual memory is used within Oracle RAC Database cluster. It is important to note the recommended values are to be used as a starting point when setting virtual memory. A refarch-feedback@redhat.com 23 www.redhat.com brief description10 and recommended settings for the virtual memory parameters, as well as, the definition of dirty data are described below. SWAPPINESS10 - A value from 0 to 100 which controls the degree to which the system swaps. A high value prioritizes system performance, aggressively swapping processes out of physical memory when they are not active. A low value prioritizes interactivity and avoids swapping processes out of physical memory for as long as possible, which decreases response latency. The default value is 60. The Oracle recommended value is 0. DIRTY DATA – Dirty data is data that has been modified and held in the page cache for performance benefits. Once the data is flushed to disk, the data is clean. DIRTY_RATIO10 – Contains, as a percentage of total system memory, the number of pages at which a process which is generating disk writes will itself start writing out dirty data. The default value is 20. The recommended value is 80. DIRTY_BACKGROUND_RATIO10 – Contains, as a percentage of total system memory, the number of pages at which the background write back daemon will start writing out dirty data. The Oracle recommended value is 3. DIRTY_EXPIRE_CENTISECS10 - Defines when dirty in-memory data is old enough to be eligible for writeout. The default value is 3000, expressed in hundredths of a second. The Oracle recommended value is 500. DIRTY_WRITEBACK_CENTISECS10 - Defines the interval of when writes of dirty in-memory data are written out to disk. The default value is 500, expressed in hundredths of a second. The Oracle recommended value is 100. Prior to making any changes to the /etc/sysctl.conf ensure to create a backup on each node as follows: # cp /etc/sysctl.conf /etc/sysctl.conf.bkup The following is a snippet from the /etc/sysctl.conf file with the five virtual memory parameters set on each node with the recommended settings: vm.swappiness = 0 vm.dirty_background_ratio = 3 vm.dirty_ratio = 80 vm.dirty_expire_centisecs = 500 vm.dirty_writeback_centisecs = 100 For the changes take effect immediately, run the following command on each node: # sysctl -p NOTE: A full listing of all the kernel parameters modified within the /etc/sysctl.conf file can be found at Appendix G Kernel Parameters. 10 RHEL6 Kernel Documentation - /usr/share/doc/kernel-doc-2.6.32/Documentation/sysctl/vm.txt www.redhat.com 24 refarch-feedback@redhat.com 3.3.6 Setting Shared Memory Shared memory allows processes to communicate with each other by placing regions of memory into memory segments. In the case of Oracle, shared memory segments are used by the System Global Area (SGA) to store incoming data and control information. The size of Oracle's SGA impacts the amount of shared memory pages and shared memory segments to be set within a system. By default, Red Hat Enterprise Linux 6 provides a large amount of shared memory pages and segments, however, the appropriate allocation for a system depends on the amount of RAM within the system. In order to allocate the appropriate amount of shared memory pages and shared memory segments for a system running an Oracle RAC database, the kernel parameters SHMALL, SHMMAX, and SHMMNI must be set on each node within the cluster. SHMALL – is the maximum total amount of shared memory pages SHMMAX – is the maximum size in bytes of a single shared memory segment SHMMNI – is the maximum total amount of shared memory segments On each node within the Oracle RAC Database 11g Release 2 cluster, determine the maximum amount of shared memory pages (SHMALL) in each system's page size in bytes. The following command can be used to obtain the system page size. # getconf PAGE_SIZE 4096 Once the page size is captured, calculate SHMALL as follows: TOTAL RAM IN BYTES / PAGE_SIZE For example, on a system with 48 GB of memory the SHMALL calculation would look as follows: # echo “48 * 1024^3 / 4096” | bc 12582912 The calculation of SHMMAX, is as follows: HALF OF TOTAL RAM IN BYTES For example, on a system with 48 GB of memory the SHMMAX calculation would look as follows: # echo “48 * 1024^3 / 2” | bc 25769803776 As for SHMMNI, Oracle recommends the value of SHMMNI to be set to 4096. NOTE: If the current value found within /etc/sysctl.conf for any parameter is higher than the value calculated for SHMMAX and SHMALL on any nodes within the Oracle RAC cluster, do not change the value found within the /etc/sysctl.conf file. refarch-feedback@redhat.com 25 www.redhat.com Since the values of SHMMAX and SHMALL calculated are smaller then the values already set, no changes to those parameters are made within /etc/sysctl.conf. However, an entry for SHMMNI is required on any of the Oracle RAC Database nodes within the cluster. A snippet of the /etc/sysctl.conf file: kernel.shmmax = 68719476736 kernel.shmall = 4294967296 kernel.shmmni = 4096 In order for the changes take effect immediately, on each node run the following command: # sysctl -p NOTE: A full listing of all the kernel parameters modified within the /etc/sysctl.conf file can be found at Appendix G Kernel Parameters. 3.3.7 Setting Semaphores Red Hat Enterprise Linux 6 provides semaphores for synchronization of information between processes. The kernel parameter sem is composed of four parameters: SEMMSL – is defined as the maximum number of semaphores per semaphore set SEMMNI – is defined as the maximum number of semaphore sets for the entire system SEMMNS – is defined as the total number of semaphores for the entire system NOTE: SEMMNS is calculated by SEMMSL * SEMMNI SEMOPM – is defined as the total number of semaphore operations performed per semop system call. The following line is required within the /etc/sysctl.conf file of each node of the Oracle RAC Database cluster to provide sufficient semaphores for Oracle: kernel.sem = 250 32000 100 128 In order for the changes take effect immediately, on each node run the following command: # sysctl -p NOTE: A full listing of all the kernel parameters modified within the /etc/sysctl.conf file can be found at Appendix G Kernel Parameters. 3.3.8 Ephemeral Network Ports Oracle recommends that the ephemeral default port range be set starting at 9000 to 65500. This ensures that all well known ports, ports used by Oracle and other applications are avoided. To set the ephemeral port range, modify the /etc/sysctl.conf file on each node of the Oracle RAC Database cluster and add the following line: net.ipv4.ip_local_port_range = 9000 65500 www.redhat.com 26 refarch-feedback@redhat.com In order for the changes take effect immediately, on each node of the Oracle RAC Database 11g Release 2 cluster run the following command: # sysctl -p NOTE: A full listing of all the kernel parameters modified within the /etc/sysctl.conf file can be found at Appendix G Kernel Parameters. 3.3.9 Optimizing Network Settings Optimizing the network settings for the default and maximum buffers for the application sockets in Oracle is done by setting static sizes to RMEM and WMEM. The RMEM parameter represents the receive buffer size, while the WMEM represents the send buffer size. The recommended values by Oracle are modified within each node of the Oracle RAC Database cluster within the /etc/sysct.conf file. net.core.rmem_default = 262144 net.core.rmem_max = 4194304 net.core.wmem_default = 262144 net.core.wmem_max = 1048576 In order to make the changes take effect immediately, on each node of the Oracle RAC Database cluster, run the following command: # sysctl -p NOTE: A full listing of all the kernel parameters modified within the /etc/sysctl.conf file can be found at Appendix G Kernel Parameters. 3.3.10 Increasing synchronous I/O Requests The kernel parameter FS.AIO-MAX-NR sets the maximum number of on current asynchronous I/O requests. Oracle recommends setting the value to 1048576. In order to add FS-AIO-MAX-NR to 1048576, modify on each node of the Oracle RAC Database cluster the /etc/sysctl.conf file as follows: fs.aio-max-nr = 1048576 In order for the changes take effect immediately, on each node of the Oracle RAC Database cluster run the following command: # sysctl -p NOTE: A full listing of all the kernel parameters modified within the /etc/sysctl.conf file can be found at Appendix G Kernel Parameters. refarch-feedback@redhat.com 27 www.redhat.com 3.3.11 Increasing File Handles The kernel parameter FS.FILE-MAX sets the maximum number of open file handles assigned to the Red Hat Enterprise Linux 6 operating system. Oracle recommends that for each Oracle RAC Database instance found within a system, allocate 512*PROCESSSES in addition to the open file handles already assigned to the Red Hat Enterprise Linux 6 operating system. PROCESSES within a database instance refers to the maximum number of processes that can be concurrently connected to the Oracle RAC Database by the oracle user. The default value for PROCESSES is 150. To properly calculate the FS.FILE-MAX for a system, first identify the current FS.FILE-MAX allocated on each node of the Oracle RAC Database cluster via the following command: # cat /proc/sys/fs/file-max 4909067 Next, add all the PROCESSES together from each Oracle RAC Database instance found within the cluster and multiple by 512 as seen in the following command. The reference environment contains one Oracle RAC Database instance per server for a total of 300 PROCESSES (150 PROCESSES for each instance). # echo “512 * 300” | bc 153600 NOTE: Since a Oracle RAC Database cluster has yet to be created within the reference environment, the default value of 150 PROCESSES is used for each instance. The FS.FILE-MAX parameter can be adjusted later if an increase in Oracle PROCESSES is required. Finally, add the current FS.FILE-MAX value to each node within the Oracle RAC Database cluster with the new value found from multiplying 512*PROCESSES to obtain the new FS.FILE-MAX value. # echo “4909067 + 153600” | bc 5062667 While the value of the FS.FILE-MAX parameter varies upon your Oracle RAC Database environment, the reference environment sets the value at 6815744. Oracle recommends a value no smaller than 6815744. Due to the calculation in the above example equating to 5062667, the minimum Oracle recommended value is used. In order to add FS.FILE-MAX to 6815744, modify the /etc/sysctl.conf file on each node of the Oracle RAC Database cluster as follows: fs.file-max = 6815744 In order for the changes take effect immediately, on each node of the Oracle RAC Database cluster run the following command: # sysctl -p www.redhat.com 28 refarch-feedback@redhat.com NOTE: Oracle ASMLib does not open file descriptors for each device, but instead opens one file descriptor per Oracle process. The reference environment features both methods of implementation within Section 3.4.3.1 Oracle ASMLib Alternative: Configuring udev Rules and Section 3.4.3.2 Configuring Oracle ASMLib. However, during the installation of Oracle RAC Database cluster the FS.FILE-MAX kernel parameter must be set to at least 6815744 on each node. NOTE: It is recommended to revisit the FS.FILE-MAX value if the PROCESSES value is increased for the Oracle RAC Database instances. NOTE: A full listing of all the kernel parameters modified within the /etc/sysctl.conf file can be found at Appendix G Kernel Parameters. 3.3.12 Reverse Path Filtering Red Hat Enterprise Linux 6 defaults to the use of Strict Reverse Path filtering. The reason strict mode is the default is to prevent IP spoofing from Distributed Denial-of-service (DDos) attacks. However, having strict mode enabled on the private interconnect of Oracle RAC Database cluster may cause disruption of interconnect communication. It is recommended to set the RP_FILTER from strict mode to loose mode. Loosening the security on the private Ethernet interfaces should not be of concern as best practices recommend for an isolated private network that can only communicate between nodes specifically for Oracle's private interconnect. Add the following modifications to the /etc/sysctl.conf on each node of the Oracle RAC Database cluster as follows: net.ipv4.conf.em3.rp_filter = 2 net.ipv4.conf.em4.rp_filter = 2 In order for the changes take effect immediately, on each node of the Oracle RAC Database 11g Release 2 cluster run the following command: # sysctl -p NOTE: A full listing of all the kernel parameters modified within the /etc/sysctl.conf file can be found at Appendix G Kernel Parameters. 3.3.13 User Accounts & Groups Prior to the installation of Oracle RAC Database 11g Release 2 (11.2.0.3), Oracle recommends the creation of a grid user for the Oracle Grid Infrastructure and an oracle user for the Oracle RAC Database software installed on the system. For the purposes of the reference environment, the Oracle RAC Database software owner is the user oracle and the Oracle Grid Infrastructure software owner is the user grid. Each user is designated different groups to handle specific roles based on the software installed. However, the creation of separate users requires that both the oracle user and the grid user have a common primary group, the Oracle central inventory group (OINSTALL). The following are the recommended system groups created for the installation of the Oracle RAC Database cluster and part of the oracle user. refarch-feedback@redhat.com 29 www.redhat.com OSDBA group (DBA) – determines OS user accounts with DBA privileges OSOPER group (OPER) – an optional group created to assign limited DBA privileges (SYSOPER priviledge) to particular OS user accounts The following are the recommended system groups created for the installation of the Oracle Grid Infrastructure and part of the grid user OSDBA group (ASMDBA) – provides administrative access to Oracle ASM instances OSASM group (ASMADMIN) – provides administrative access for storage files via the SYSASM priviledge OSOPER group (ASMOPER) – an optional group created to assign limited DBA privileges with regards to ASM to particular OS user accounts On each node within the Oracle RAC Database cluster, as the root user, create the following user accounts, groups, and group assignments using a consistent UID and GID assignments across your organization: # groupadd --gid 54321 oinstall # groupadd --gid 54322 dba # groupadd --gid 54323 asmdba # groupadd --gid 54324 asmoper # groupadd --gid 54325 asmadmin # groupadd --gid 54326 oper # useradd --uid 54321 --gid oinstall --groups dba,oper,asmdba,asmoper oracle # passwd oracle # useradd --uid 54322 --gid oinstall --groups dba,asmadmin,asmdba,asmoper grid # passwd grid Verify the grid and oracle user correctly display the appropriate primary and supplementary groups on each node of the Oracle RAC Database cluster via the commands: # id oracle uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba),54323(asmdba),54324(asmoper),54326(oper) # id grid uid=54322(grid) gid=54321(oinstall) groups=54321(oinstall),54322(dba),54323(asmdba),54324(asmoper),54325(asmadmin) 3.3.14 Setting Shell Limits for the Grid and Oracle User Oracle recommends the following settings for the soft and hard limits for the number of open file descriptors (nofile), number of processes (nproc), and size of the stack segment (stack) allowed by each user respectively. The purpose of setting these limits is to prevent a system wide crash that could be caused if an application, such as Oracle, were allowed to exhaust all of the OS resources under an extremely heavy workload. Prior to modifying the /etc/security/limits.conf create a backup on each node of the Oracle RAC Database cluster as follows: # cp /etc/security/limits.conf /etc/security/limits.conf.bkup www.redhat.com 30 refarch-feedback@redhat.com Within the /etc/security/limits.conf file, on each node of the Oracle RAC Database cluster, add the following soft and hard limits for the oracle and grid user: oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard nofile 65536 oracle soft stack 10240 oracle hard stack 32768 grid soft nproc 2047 grid hard nproc 16384 grid soft nofile 1024 grid hard nofile 65536 grid soft stack 10240 grid hard stack 32768 . NOTE: Modifications made to the limits.conf file take effect immediately. However, please ensure that any previously logged in oracle or grid user sessions (if any) are logged out and logged back in for the changes to take effect. Once the modifications of the limits.conf are set, enable the Pluggable Authentication Module (PAM) labeled pam_limits.so within /etc/pam.d/login. The pam_limits.so module limits the resources on login sessions On each node of the Oracle RAC Database cluster, as the root user, create a backup of /etc/pam.d/login # cp /etc/pam.d/login /etc/pam.d/login.bkup On each node of the Oracle RAC Database cluster, as the root user, add the following line within the /etc/pam.d/login file session required pam_limits.so On each node of the Oracle RAC Database cluster, as the root user, create a shell script labeled oracle-grid.sh within /etc/profile.d/ to create the appropriate ulimits for the oracle and grid user. The contents of the oracle-grid.sh script is displayed below. #Setting the appropriate ulimits for oracle and grid user if [ $USER = "oracle" ]; then if [ $SHELL = "/bin/ksh" ]; then ulimit -u 16384 ulimit -n 65536 else ulimit -u 16384 -n 65536 fi fi if [ $USER = "grid" ]; then if [ $SHELL = "/bin/ksh" ]; then ulimit -u 16384 refarch-feedback@redhat.com 31 www.redhat.com ulimit -n 65536 else ulimit -u 16384 -n 65536 fi fi NOTE: While the ulimit values can be set directly within the /etc/profile file, it is recommended to create a custom shell script within /etc/profile.d instead. The oracle-grid.sh script can be downloaded from the Appendix K Configuration Files As the oracle and grid users on each node, verify the ULIMIT values by running the following command: # ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 385878 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 65536 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 16384 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited 3.4 Storage Configuration The following storage configuration section provides recommendations for setting up device mapper multipath, the use of udev rules or Oracle ASMLib for ASM disk management, and the use of the tuned package for optimal performance. 3.4.1 Setting up DM­Multipath Device mapper multipath provides the ability to aggregate multiple I/O paths to a newly created device mapper path to achieve high availability, I/O load balancing, and persistent naming. The following procedures provides the recommendations for installing and configuring device mapper multipath devices. NOTE: Ensure Oracle RAC Database volumes are accessible via the operating system on all nodes within the Oracle RAC Database cluster prior to continuing with the section below. The following instructions are required on each node within the Oracle RAC Database 11g Release 2 Cluster. 1. As the root user, install the device-mapper-multipath package using the yum package manager. # yum install device-mapper-multipath www.redhat.com 32 refarch-feedback@redhat.com 2. Copy the multipath.conf file found within /usr/share/doc/device-mapper-multipath-0.4.9/ to /etc/ # cp /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf /etc/ 3. Capture the scsi id of the local disk(s) on the system. # scsi_id --whitelisted --replace-whitespace –-device=/dev/sda 3600508b1001030353434363646301200 4. Uncomment and modify the blacklist section within the /etc/multipath.conf file to include the scsi id of the local disk on the system. Once complete, save the changes made to the multipath.conf file. blacklist { wwid 3600508b1001030353434363646301200 devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*" devnode "^hd[a-z]" } 5. Start the multipath daemon. # service multipathd start Starting multipathd daemon: [ OK ] 6. Enable the multipath daemon to ensure it is started upon boot time. # chkconfig multipathd on 7. Identify the dm- device, size, and WWID of each device mapper volume for Oracle OCR and voting disks, data disks and recovery disks. In this example, volume mpathb is identified via the following command: # multipath -ll refarch-feedback@redhat.com 33 www.redhat.com Figure 3.4.1.1: Multipath Device (mpathb) identifies the current multipath alias name, size, WWID, and dm device. This information is required for the application of a custom alias to each volume as shown in step 9. NOTE: Due to the size of some the disks being the same, compare the WWID found on the system with the WWID located on the storage array to ensure the multipath alias name assigned corresponds with the name of the volume from the storage array. 8. Uncomment the defaults section found within the /etc/multipath.conf file. defaults { udev_dir /dev polling_interval 10 path_selector "round-robin 0" path_grouping_policy multibus getuid_callout "/lib/udev/scsi_id --whitelisted --device=/dev/%n" prio alua path_checker readsector0 rr_min_io 100 max_fds 8192 rr_weight priorities failback immediate no_path_retry fail user_friendly_names yes } NOTE: The standard options can be customized to better fit your storage array's capabilities. Check with your storage vendor for details. www.redhat.com 34 refarch-feedback@redhat.com Figure 3.4.1.1: Multipath Device (mpathb) 9. Un-comment the multipath section found within the /etc/multipath.conf file and create an alias for each device mapper volume in order to enable persistent naming of those volumes. Once complete, save the changes made to the multipath.conf file. The output should resemble the example below. For reference, refer the Oracle data volumes created for the reference environment as displayed in Table 2.4.3: Oracle OCR, Voting Disk, & Data File Sizes. /etc/multipath.conf multipaths { multipath { wwid 3600c0ff000d7e7a854a0f65101000000 alias db1 } multipath { wwid 3600c0ff000dabfe562a0f65101000000 alias db2 } multipath { wwid 3600c0ff000d7e7a874a0f65101000000 alias fra } multipath { wwid 3600c0ff000dabfe585a0f65101000000 alias redo } multipath { wwid 3600c0ff000dabfe596a0f65101000000 alias ocrvote1 } multipath { wwid 3600c0ff000dabfe5a2a0f65101000000 alias ocrvote2 } multipath { wwid 3600c0ff000dabfe5b4a0f65101000000 alias ocrvote3 } } 10.Restart the device mapper multipath daemon. # service multipathd restart ok Stopping multipathd daemon: [ OK ] Starting multipathd daemon: [ OK ] 11.Verify the device mapper paths and aliases are displayed properly. Below is an example of one device mapper device labeled fra. # multipath -ll fra (3600c0ff000d7e7a89e85ac5101000000) dm-10 HP,MSA2324fc size=186G features='1 queue_if_no_path' hwhandler='0' wp=rw |-+- policy='round-robin 0' prio=130 status=active refarch-feedback@redhat.com 35 www.redhat.com | |- 3:0:0:3 sdd 8:48 active ready running | |- 3:0:1:3 sdh 8:112 active ready running | |- 4:0:0:3 sdt 65:48 active ready running | `- 4:0:1:3 sdx 65:112 active ready running `-+- policy='round-robin 0' prio=10 status=enabled |- 3:0:2:3 sdl 8:176 active ready running |- 3:0:3:3 sdp 8:240 active ready running |- 4:0:2:3 sdab 65:176 active ready running `- 4:0:3:3 sdaf 65:240 active ready running 3.4.2 Partitioning Device Mapper Shared Disks Partitioning of the device mapper shared disks is only required when using Oracle ASMLib. This reference architecture provides instructions to configure either Oracle ASMLib or udev rules. Partitions for each device mapper volume are created to comply with either option. On the first node of the Oracle RAC Database cluster, create a partition for each device mapper volume (db1,db2,fra,redo,ocrvote1,ocrvote2,ocrvote3) using parted as displayed below for device db1. # parted /dev/mapper/db1 mklabel gpt mkpart primary "1 -1" Information: You may need to update /etc/fstab. Once the partitions are created, verify a newly created device mapper device is created for each. An example of verifying the db1p1 partition as follows: # ls -l /dev/mapper/db1p1 lrwxrwxrwx. 1 root root 8 Apr 16 15:15 /dev/mapper/db1p1 -> ../dm-11 NOTE: A newly created partition requires the alias name followed by p1 such as db1p1, see above. If p1 is missing, please run the following kpartx command to add the partition mappings to the device mapper disks. If the following command does not add the p1, reboot the system. # kpartx -a /dev/mapper/db1 Once the partitions are created, on all other nodes in the Oracle RAC Database cluster, run the following kpartx command on each device mapper volume in order to update the partition table mapping. # kpartx -a /dev/mapper/db1 NOTE: If the following kpartx command does not add the p1 suffix to each partition, reboot the system. www.redhat.com 36 refarch-feedback@redhat.com 3.4.3 Configuring Oracle ASM Disks The configuration of Oracle ASM requires the use of either udev rules or Oracle's ASMLib. Oracle's ASMLib is an optional utility used to manage and assist users with Oracle ASM devices and is not required for proper operation of Oracle ASM disks. Moreover, Oracle ASMLib does not have any impact on Oracle Database performance and requires a kernel module labeled kmod-oracleasm and proprietary user space utilities to properly function. udev rules represent an alternative to Oracle's ASMLib and does not require additional kernel modules thus keeping an overall smaller footprint on the Linux systems. While this reference architecture documents both methods of implementation, only one method can be applied for a given solution. This section covers best practices of using Red Hat's native udev rules to setup the appropriate permissions for each device mapper disk, as well as, the best practices for Oracle's ASMLib. 3.4.3.1 Oracle ASMLib Alternative: Configuring udev Rules The configuration of Oracle ASM requires the use of either udev rules or Oracle's ASMLib. This section, focuses on the best practices of using Red Hat's native udev rules to setup the appropriate permissions for each device mapper disk. NOTE: If following the steps in this section, please ignore Section 3.4.3.2 Configuring Oracle ASMLib 1. On the first node of the Oracle RAC cluster, as the root user, identify the Device Mapper Universally Unique IDentifier (DM_UUID) for each device mapper volume. The example below shows the DM_UID for the partitions of the volumes labeled ocrvote1,ocrvote2,ocrvote3,db1,db2,fra, and redo. # for i in ocrvote1p1 ocrvote2p1 ocrvote3p1 db1p1 db2p1 frap1 redop1; do printf "%s %s\n" "$i" "$(udevadm info --query=all --name=/dev/mapper/$i | grep -i dm_uuid)"; done ocrvote1p1 E: DM_UUID=part1-mpath-3600c0ff000dabfe596a0f65101000000 ocrvote2p1 E: DM_UUID=part1-mpath-3600c0ff000dabfe5a2a0f65101000000 ocrvote3p1 E: DM_UUID=part1-mpath-3600c0ff000dabfe5b4a0f65101000000 db1p1 E: DM_UUID=part1-mpath-3600c0ff000d7e7a854a0f65101000000 db2p1 E: DM_UUID=part1-mpath-3600c0ff000dabfe562a0f65101000000 frap1 E: DM_UUID=part1-mpath-3600c0ff000d7e7a874a0f65101000000 redop1 E: DM_UUID=part1-mpath-3600c0ff000dabfe585a0f65101000000 2. Create a file labeled 99-oracle-asmdevices.rules within /etc/udev/rules.d/ refarch-feedback@redhat.com 37 www.redhat.com 3. Within 99-oracle-asmdevices.rules file, create rules for each device similar to the example below: /etc/udev/rules.d/99-oracle-asmdevices.rules KERNEL=="dm-*",ENV{DM_UUID}=="part1-mpath- 3600c0ff000dabfe5f4d8515101000000",OWNER="grid",GROUP="asmadmin",MODE="06 60" To understand the rule above, it can be read as follows: If any dm- device matches the DM_UUID of part1-mpath- 3600c0ff000dabfe5f4d8515101000000, assign to that dm- device to be owned by the grid user and part of the asmadmin group with the permission mode set to 0660. The 0660 value provides read and write permissions to the user grid and owner asmadmin. 4. Save the file labeled 99-oracle-asmdevices.rules 5. Copy the 99-oracle-asmdevices.rules file to each node within the Oracle RAC Database 11g Release 2 cluster using the scp command and enter the appropriate password credentials for the other nodes. The example below shows how to copy the file to node two of the Oracle RAC Database 11g Release 2 cluster. # scp /etc/udev/rules.d/99-oracle-asmdevices.rules db-oracle- node2:/etc/udev/rules.d/ Warning: Permanently added 'db-oracle-node2,10.16.142.52' (RSA) to the list of known hosts. root@db-oracle-node2's password: 99-oracleasmdevices.rules 100% 833 0.8KB/s 00:00 6. On each node within the Oracle RAC Database cluster, locate the dm- device for each Oracle related partition. An example of how to find the dm- device for each partition is to run the following command: # for i in db1p1 db2p1 frap1 redop1 ocrvote1p1 ocrvote2p1 ocrvote3p1; do printf "%s %s\n" "$i" "$(ls -ll /dev/mapper/$i)"; done db1p1 lrwxrwxrwx. 1 root root 8 Aug 1 15:21 /dev/mapper/db1p1 -> ../dm-14 db2p1 lrwxrwxrwx. 1 root root 8 Aug 1 15:22 /dev/mapper/db2p1 -> ../dm-15 frap1 lrwxrwxrwx. 1 root root 8 Aug 1 15:22 /dev/mapper/frap1 -> ../dm-17 redop1 lrwxrwxrwx. 1 root root 8 Aug 1 15:22 /dev/mapper/redop1 -> ../dm-16 ocrvote1p1 lrwxrwxrwx. 1 root root 8 Aug 1 15:22 /dev/mapper/ocrvote1p1 -> ../dm-18 ocrvote2p1 lrwxrwxrwx. 1 root root 8 Aug 1 15:22 /dev/mapper/ocrvote2p1 -> ../dm-19 ocrvote3p1 lrwxrwxrwx. 1 root root 8 Aug 1 15:22 /dev/mapper/ocrvote3p1 -> ../dm-20 7. On each node within the Oracle RAC Database cluster, apply and test the rules for each dm- device created within the 99-oracle-asmdevices.rules by running a udevadm test on each device. The example below demonstrates a udevadm test on dm-11. # udevadm test /sys/block/dm-11 [ ... Output Abbreviated ... ] udevadm_test: DM_NAME=db1p1 udevadm_test: DM_UUID=part1-mpath-3600c0ff000d7e7a86485ac5101000000 www.redhat.com 38 refarch-feedback@redhat.com udevadm_test: DM_SUSPENDED=0 udevadm_test: DEVLINKS=/dev/mapper/db1p1 /dev/disk/by-id/dm-name-db1p1 /dev/disk/by-id/dm-uuid-part1-mpath-3600c0ff000d7e7a86485ac5101000000 /dev/block/253:11 udevadm_test: ID_FS_TYPE=oracleasm 8. Confirm each device has the desired permissions on each node within the cluster. # ls -lh /dev/dm-* brw-rw----. 1 grid asmadmin 253, 14 Aug 1 16:02 /dev/dm-14 brw-rw----. 1 grid asmadmin 253, 15 Aug 1 16:02 /dev/dm-15 brw-rw----. 1 grid asmadmin 253, 16 Aug 1 16:02 /dev/dm-16 brw-rw----. 1 grid asmadmin 253, 17 Aug 1 16:02 /dev/dm-17 brw-rw----. 1 grid asmadmin 253, 18 Aug 1 16:02 /dev/dm-18 brw-rw----. 1 grid asmadmin 253, 19 Aug 1 16:03 /dev/dm-19 brw-rw----. 1 grid asmadmin 253, 20 Aug 1 16:02 /dev/dm-20 NOTE: If the desired permissions are not visibile, please reboot the particular node from the Oracle RAC Database cluster. NOTE: For simplicity, this 99-oracle-asmdevices.rules file is included in Appendix I 99-oracle-asmdevices.rules 3.4.3.2 Configuring Oracle ASMLib In order to configure Oracle ASMLib the following components are required: kmod- oracleasm, oracleasm-support, and oracleasmlib NOTE: If Section 3.4.3.1 Oracle ASMLib Alternative: Configuring udev Rules has been configured, ignore this section and continue to Section 3.4.4 Optimizing Database Storage using Automatic System Tuning The ASMLib kernel module package (kmod-oracleasm) is provided for Red Hat customers via the Supplementary Channel on Red Hat Network (RHN). In order to properly install and configure ASMLib the following procedures must be followed. 1. Enable the Red Hat Enterprise Linux 6 Supplementary repository on RHN11. 2. Download the ASMLib library package (oracleasmlib) # wget http://download.oracle.com/otn_software/asmlib/oracleasmlib-2.0.4- 1.el6.x86_64.rpm 3. Download the ASMLib utilites package (oracleasm-support) # wget http://public- yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/oracleasm-support- 2.1.8-1.el6.x86_64.rpm 11 Enabling the Supplementary Repository Knowledge Base Article, https://access.redhat.com/knowledge/articles/58637 refarch-feedback@redhat.com 39 www.redhat.com 4. Install the ASMLib kernel module package (kmod-oracleasm), ASMLib library package (oracleasmlib), and the ASMLib utilities package (oracleasm-support) using the following command: # yum install kmod-oracleasm oracleasmlib-2.0.4-1.el6.x86_64.rpm oracleasm-support-2.1.8-1.el6.x86_64.rpm 5. Configure ASMLib using the following command: # /usr/sbin/oracleasm configure -i Configuring the Oracle ASM library driver. This will configure the on-boot properties of the Oracle ASM library driver. The following questions will determine whether the driver is loaded on boot and what permissions it will have. The current values will be shown in brackets ('[]'). Hitting without typing an answer will keep that current value. Ctrl-C will abort. Default user to own the driver interface []: grid Default group to own the driver interface []: asmadmin Start Oracle ASM library driver on boot (y/n) [ n ]: y Scan for Oracle ASM disks on boot (y/n) [y]: y Writing Oracle ASM library driver configuration: done 6. Within /etc/sysconfig/oracleasm, set the ORACLEASM_SCANORDER and ORACLEASM_SCANEXCLUDE parameters as follows: # ORACLEASM_SCANORDER: Matching patterns to order disk scanning ORACLEASM_SCANORDER="dm" # ORACLEASM_SCANEXCLUDE: Matching patterns to exclude disks from scan ORACLEASM_SCANEXCLUDE="sda" NOTE: The ORACLEASM_SCANORDER set to dm ensures that when oracleasm scans disks, it is appropriately scanning devices known by the kernel. The ORACLEASM_SCANEXCLUDE set to sda is ensuring that local disk sda is to be ignored by ASMLib. 7. Prior to creating disks with oracleasm, ensure the SELinux policy files version 3.7.19-211 is downloaded from Appendix K Configuration Files. This ensures that oracleasm properly runs with SELinux enabled and avoids any SELinux errors12. Enable the SELinux policy and modules as follows: • Update the selinux-policy via the following commands: # rpm -Uvh selinux-policy-3.7.19-211.el6.noarch.rpm selinux-policy- targeted-3.7.19-211.el6.noarch.rpm Preparing... #####################################[100%] 1:selinux-policy #####################################[ 50%] 2:selinux-policytargeted#####################################[100%] 12 oracleasm createdisk fails with Selinux enabled [ID 1430947.1] www.redhat.com 40 refarch-feedback@redhat.com 8. Run the following oracleasm command to ensure that oracleasm is enabled. # /etc/init.d/oracleasm enable Writing Oracle ASM library driver configuration: done Initializing the Oracle ASMLib driver: [ OK ] Scanning the system for Oracle ASMLib disks: [ OK ] 9. Repeat steps one thru nine on all remaining nodes within the Oracle RAC Database cluster. 10.On only node one of the Oracle RAC cluster, run the following oracleasm command to create and label all Oracle related volumes as an ASM disk. The example below creates an ASM disk labeled DATA1 for the following /dev/mapper/db1p1 partition. # /usr/sbin/oracleasm createdisk DATA1 /dev/mapper/db1p1 Writing disk header: done Instantiating disk: done NOTE: It is highly recommended to have all Oracle related disks to be included within Oracle ASM. 11. Once all the ASM disks have been created on node one of the Oracle RAC cluster, run the oracleasm scandisks command to scan the ASM disks on the remaining nodes within the cluster as follows: # /usr/sbin/oracleasm scandisks Reloading disk partitions: done Cleaning any stale ASM disks... Scanning system for ASM disks... Instantiating disk "DATA1" Instantiating disk "FRA1" Instantiating disk "DATA2" Instantiating disk "OCRVOTE2" Instantiating disk "REDO1" Instantiating disk "OCRVOTE1" Instantiating disk "OCRVOTE3" 12.Verify all the Oracle ASM disks created are listed on all nodes within the Oracle RAC cluster via the oracleasm listdisks command: # /usr/sbin/oracleasm listdisks DATA1 DATA2 FRA1 OCRVOTE1 OCRVOTE2 OCRVOTE3 REDO1 13.If no disks are listed or if any disks are missing, run the following command to rescan the ASM disks on that specific node. # /usr/sbin/oracleasm scandisks refarch-feedback@redhat.com 41 www.redhat.com Reloading disk partitions: done Cleaning any stale ASM disks... Scanning system for ASM disks... NOTE: If the issue persists after a rescan of the Oracle ASM disks, a reboot of the system might be required via the reboot, shutdown, or init 6 command: # reboot www.redhat.com 42 refarch-feedback@redhat.com 3.4.4 Optimizing Database Storage using Automatic System  Tuning The tuned package in Red Hat Enterprise Linux 6 is recommended for automatically tuning the system for common workloads via the use of profiles. Each profile is tailored for different workload scenarios such as: • enterprise-storage • power savings • high network throughput It is recommended to enable the enterprise-storage profile for Oracle RAC database workload environments. Table 3.4.4.1: Default vs Enterprise-Storage Profile provides details of the enterprise-storage profile attributes that are adjusted versus the defaults found within the Red Hat Enterprise Linux 6 distribution. Tuned Parameters default enterprise-Storage I/O Elevator CFQ deadline CPU governor OnDemand performance kernel.sched_min_granularity _ns 4ms 10ms kernel.sched_wake_up_granu larity_ns 4ms 15ms Disk read-ahead 1x 4x vm.dirty_ratio 20% 40%13 File-system barrier on off Table 3.4.4.1: Default vs Enterprise-Storage Profile The following procedures provide the steps that are required to install, enable, and select the enterprise-storage profile. On each node within the Oracle RAC Database cluster, as the root user, 1. Install the tuned package via the yum package manager. # yum install tuned 2. Enable tuned to ensure it is started upon boot time. # chkconfig tuned on 13 The vm.dirty_ratio value explicitly set within the /etc/sysctl.conf file has precedence over the value set by tuned. refarch-feedback@redhat.com 43 www.redhat.com 3. Start the tuned service # service tuned start Starting tuned: [ OK ] 4. Select the enterprise-storage profile # tuned-adm profile enterprise-storage Stopping tuned: [ OK ] Switching to profile 'enterprise-storage' Applying ktune sysctl settings: /etc/ktune.d/tunedadm.conf: [ OK ] Calling '/etc/ktune.d/tunedadm.sh start': [ OK ] Applying sysctl settings from /etc/sysctl.conf Applying deadline elevator: dm-0 dm-1 dm-10 dm-11 dm-12 dm-13 dm-14 dm-15 dm-16 dm-17 dm-18 dm-19 dm-2 dm-20 dm-3 dm-4 dm-5 dm-6 dm-7 dm-8 dm-9 sda sdaa sdab sdac sdb sdc sdd sde sdf sdg sdh sdi sdj sdk sdl sdm sdn sdo sdp sdq sdr sds sdt sdu sdv sdw sdx sdy sdz [ OK ] Starting tuned: [ OK ] NOTE: If at any point in time a revert to the original settings are required, the following command can be run on each node within the Oracle RAC Database cluster: # tuned-adm off To make the change permanent across reboots, run the following command on each node within the Oracle RAC Database cluster: # chkconfig tuned off www.redhat.com 44 refarch-feedback@redhat.com 4 Oracle 11gR2 Configuration 4.1.1 Installing Oracle Grid Infrastructure (Required for ASM) The installation of the Oracle Grid Infrastructure for Oracle RAC Database 11g Release 2 (11.2.0.3) is required for the use of Oracle ASM. Prior to the installation of the Oracle Grid Infrastructure, ensure the following prerequisites from the following sections have been met: • Section 2 Reference Architecture Environment • Section 3 Reference Architecture Configuration Details NOTE: The reference architecture uses the /u01/app/grid as the grid base. The owner is set to grid and the group is set to oinstall. Run the following commands to create the grid base directory and set the appropriate permissions: On each node within the Oracle RAC environment, as the root user, create the following directory structure and set the proper permissions. # mkdir --parents /u01/app/grid # chown --recursive grid.oinstall /u01/ The following steps are intended for only node one of the Oracle RAC Database environment unless otherwise specified. 1. Download the Oracle Grid Infrastructure software14 from the My Oracle Support site. 2. As the grid user, create a temporary directory within /u01/app/grid/grid-software to store the Oracle Grid Software gunzip file, move the Oracle Grid Software gunzip file to the /u01/app/grid/grid-software location, ensure the Oracle Grid Software gunzip has the proper permissions and unpack its contents. As the grid user, # mkdir /u01/app/grid/grid-software # mv p10404530_112030_Linux-x86-64_3of7.zip /u01/app/grid/grid-software As the root user, # chown grid.oinstall p10404530_112030_Linux-x86-64_3of7.zip As the grid user, # cd /u01/app/grid/grid-software # unzip p10404530_112030_Linux-x86-64_3of7.zip 3. As the grid user, locate the Oracle Grid Infrastructure software and modify the file labeled cvu_config to ensure the Oracle Universal Installer (OUI) performs the correct prerequisite checks for Red Hat Enterprise Linux 6. 14 Patch 10404530: 11.2.0.3.0 PATCH SET FOR ORACLE DATABASE SERVER, via http://support.oracle.com refarch-feedback@redhat.com 45 www.redhat.com • Edit the cvu_config file as follows: # sed -i 's/CV_ASSUME_DISTID=OEL4/CV_ASSUME_DISTID=OEL6/' /u01/app/grid/grid-software/grid/stage/cvu/cv/admin/cvu_config 4. As the grid user, start the OUI via the command: # /u01/app/grid/grid-software/grid/runInstaller Starting Oracle Universal Installer... Checking Temp space: must be greater than 120 MB. Actual 3690 MB Passed Checking swap space: must be greater than 150 MB. Actual 16383 MB Passed Checking monitor: must be configured to display at least 256 colors. Actual 16777216 Passed NOTE: Ensure to SSH with the -Y option as the grid user from the client server, otherwise the following error will occur. # /u01/app/grid/grid-software/grid/runInstaller Starting Oracle Universal Installer... Checking Temp space: must be greater than 120 MB. Actual 3690 MB Passed Checking swap space: must be greater than 150 MB. Actual 20479 MB Passed Checking monitor: must be configured to display at least 256 colors >>> Could not execute auto check for display colors using command /usr/bin/xdpyinfo. Check if the DISPLAY variable is set. Failed <<<< Some requirement checks failed. You must fulfill these requirements before continuing with the installation, Continue? (y/n) [n] n 5. Within the Download Software Updates window, select the option to either enter the My Oracle Support credentials to download latest software updates or select Skip software updates. This reference architecture selected Skip software updates and click Next. 6. Within the Installation Option window, select Install and Configure Oracle Grid Infrastructure for a Cluster and click Next. 7. Within the Installation Type window, select Advanced Installation, and click Next. 8. Within the Product Languages window, select the appropriate language, and click Next. 9. Within the Grid Plug and Play Information window, provide the appropriate credentials for the SCAN. This reference architecture provides the following SCAN credentials: ◦ Cluster Name: db-ora-cluster www.redhat.com 46 refarch-feedback@redhat.com ◦ SCAN Name: db-oracle-scan.cloud.lab.eng.bos.redhat.com NOTE: The SCAN Name is the name registered with the DNS Server as seen in Section 3.2.2 Configure SCAN via DNS ◦ SCAN Port: 1521 ◦ Uncheck Configure GNS refarch-feedback@redhat.com 47 www.redhat.com Figure 4.1.1.1: Oracle Plug and Play Window 10.Within the Cluster Node Information window, click the Add button to add each node within the Oracle RAC Database cluster and click OK. Each node within the Oracle RAC cluster requires the public hostname and VIP information as seen in Figure 4.1.1.2: Cluster Node Information Window, Add button below. www.redhat.com 48 refarch-feedback@redhat.com Figure 4.1.1.2: Cluster Node Information Window, Add button 11.Within the same Cluster Node information window, select the SSH Connectivity button to set the passwordless SSH connectivity by entering the OS Password: credentials for the grid user and clicking Setup. Once a dialog box returns with 'Successfully established passwordless SSH connectivity between the selected nodes', click OK and click Next to continue to the next window. NOTE: The password for the grid user must be the same across all nodes within the Oracle RAC Database cluster. 12. Within the Network Interface Usage window, select the Interface Name, bond0, to be set as the Interface Type Public and the Interface Name, em3 and em4, to be set as the Interface Type Private. Any other interfaces should be set to Do Not Use. Select Next to continue. 13.Within the Storage Option window, select Oracle Automatic Storage Management (Oracle ASM) radio button and click Next. refarch-feedback@redhat.com 49 www.redhat.com Figure 4.1.1.3: Cluster Node Window, SSH Connectivity 14.Within the Create ASM Disk Group window, provide the following: • Disk Group Name • Redundancy Level ◦ EXTERNAL – redundancy provided by the storage system RAID, and not by Oracle ASM. ◦ NORMAL – provides two-way mirroring by Oracle ASM, thus provided two copies of every data extent. ◦ HIGH – provides three-way mirroring by Oracle ASM thus enduring the loss of two ASM disks within different failure groups. • Disks to be assigned to the ASM Disk Group The following Table 4.1.1.1: ASM Disk Group Window provides the details for the reference environment. ASM Disk Group Window Disk Group Name OCRVOTE - Redundancy Level Normal - If using device mapper multipath and udev rules, Disks Assigned to ASM Disk Group /dev/mapper/ocrvote1p1 /dev/mapper/ocrvote2p1 /dev/mapper/ocrvote3p1 Header Status: Candidate If using Oracle ASMLib, Disks Assigned to ASM Disk Group /dev/oracleasm/disks/OCRVOTE1 /dev/oracleasm/disks/OCRVOTE2 /dev/oracleasm/disks/OCRVOTE3 Header Status: Provisioned Table 4.1.1.1: ASM Disk Group Window www.redhat.com 50 refarch-feedback@redhat.com To display the appropriate candidate disks if not already displayed, click on the Change Discovery Path button and enter as the Disk Discovery Path one of the following: • For Device Mapper devices, type: /dev/mapper/* • For Oracle ASMLib marked disks, type: /dev/oracleasm/disks/* NOTE: For device mapper disks, Header Status is Candidate, but for Oracle ASMLib disks the Header Status is Provisioned. 16.Click Next once complete within the Create ASM Disk Group window 17.Within the ASM Password window, specify the password for the SYS and ASMSNMP user accounts. refarch-feedback@redhat.com 51 www.redhat.com Figure 4.1.1.4: Create ASM Disk Group Window 18. Within the Failure Isolation Support window, select whether to use or not use the Intelligent Platform Management Interface (IPMI). This reference architecture selects the Do not use Intelligent Platform Management Interface (IPMI) radio button and clicks Next. 19.Within the Privileged Operating System Groups window, select the appropriate OS groups and click Next to continue. The values as created and assigned within this reference architecture are as follows: • Oracle ASM DBA (OSDBA for ASM) Group – ASMDBA • Oracle ASM Operator (OSOPER for ASM) Group – ASMOPER • Oracle ASM Administrator (OSASM) Group – ASMADMIN 20.Within the Installation Location window, specify the appropriate Oracle base and software locations and click Next to continue. The values used by the reference environment are as follows: • ORACLE BASE - /u01/app/grid • SOFTWARE LOCATION - /u01/app/11.2.0/grid 21.Within the Create Inventory window, specify the inventory directory and click Next. The values used for the reference environment are as follows: • INVENTORY DIRECTORY - /u01/app/oraInventory 22. Within the Prerequisite Checks window, review the status and ensure there are no errors prior to continuing the installation. For failures with a status set to Fixable, select the Fix & Check Again button. The execution of the Fix & Check Again button provides a runfixup.sh script provided by the OUI. As root, run the runfixup.sh and click on the Check Again button once the runfixup.sh has finished. Repeat step within Prerequisite Checks window until all prerequisites are met and fixed by the OUI or manual involvement. For errors that can be ignored, select the Ignore All check box and click Next. ◦ The following check errors are common and extra details are provided below. ▪ Task resolv.conf Integrity – This task checks consistency of the file /etc/resolv.conf across all nodes and displays a PRVF-5637 error (bug 16038314). Manually verify that all nodes across the Oracle RAC Database cluster provide the appropriate response with the use of nslookup. If the appropriate response is achieved, this error can be safely ignored. For more information please visit My Oracle Support Doc ID [1480242.1]15 15 PRVF-5637 : DNS response time could not be checked on following nodes (Doc ID 1480242.1), via http://support.oracle.com www.redhat.com 52 refarch-feedback@redhat.com ▪ Package: cvuqdisk-1.0.9-1 – An rpm package required for the installation of the Oracle Grid Infrastructure. If the Prerequisite Checks window does not provide a Fixable script, the rpm can be found in the following location: /u01/app/grid/grid-software/grid/rpm. This rpm is required to be installed on all nodes within the cluster. ▪ Device Checks for ASM – checks to ensure all the ASM disks specified meet the requirements by the OUI and displays a PRVF-7017 error. This error will disappear once the installation of the cvuqdisk-1.0.9-1 package on each node within the Oracle RAC Database cluster is met. ▪ Device Checks for ASM – checks to ensure all the ASM disks specified meet the requirements by the OUI and displays a PRVF-5150 error. This is bug 14112643 and can be safely ignored. The OUI should not verify Oracle ASMLib disks in this manner. Please refer to My Oracle Support Doc ID [1474961.1] for more information. 23. Within the Summary window, review all the information provided, and select Install to start the installation. 24. Once the installation completes, execute the scripts within the Execute Configuration scripts window. As the root user, run the following on each node within the Oracle RAC Database cluster: # /u01/app/oraInventory/orainstRoot.sh Changing permissions of /u01/app/oraInventory. Adding read,write permissions for group. Removing read,write,execute permissions for world. Changing groupname of /u01/app/oraInventory to oinstall. The execution of the script is complete. # /u01/app/11.2.0/grid/root.sh Performing root user operation for Oracle 11g The following environment variables are set as: ORACLE_OWNER= grid ORACLE_HOME= /u01/app/11.2.0/grid Enter the full pathname of the local bin directory: [/usr/local/bin]: /usr/local/bin Copying dbhome to /usr/local/bin ... Copying oraenv to /usr/local/bin ... Copying coraenv to /usr/local/bin ... [ ... Abbreviated Ouputput ... ] Configure Oracle Grid Infrastructure for a Cluster ... succeeded refarch-feedback@redhat.com 53 www.redhat.com NOTE: When running the root.sh on node two of the cluster, the following “CRS: 4402: The CSS daemon was started in exclusive mode but found an active CSS daemon on node db- oracle-node1, number 1, and is terminating An active cluster was found during exclusive startup, restarting to join the cluster.“ message appears prior to the successful installation of the Oracle Grid Infrastructure for a Cluster. This message is not an error when running Oracle Grid Infrastructure 11.2.0.3, and can be safely ignored. For more information on CRS-4402 please visit My Oracle Support Doc ID [1212703.1]16 25.Click OK within the Execute Configuration scripts window. NOTE: It is possible the Oracle Cluster Verification Utility within the Oracle Grid Infrastructure Installer 11.2.0.3 might end up with a status of 'Failed'. If so, wait 5 minutes, then click on the Retry button to reinitiate the Oracle Cluster Verification Utility. If problem persists, click Next and click Yes to confirm. 26.Within the Finish window, click Close. 27.On node one of the cluster, as the grid user, verify the cluster health via the following command: # /u01/app/11.2.0/grid/bin/crs_stat -t Name Type Target State Host ------------------------------------------------------------ ora....ER.lsnr ora....er.type ONLINE ONLINE db-o...ode1 ora....N1.lsnr ora....er.type ONLINE ONLINE db-o...ode2 ora....N2.lsnr ora....er.type ONLINE ONLINE db-o...ode1 ora....N3.lsnr ora....er.type ONLINE ONLINE db-o...ode1 ora.OCRVOTE.dg ora....up.type ONLINE ONLINE db-o...ode1 ora.asm ora.asm.type ONLINE ONLINE db-o...ode1 ora.cvu ora.cvu.type ONLINE ONLINE db-o...ode1 ora....SM1.asm application ONLINE ONLINE db-o...ode1 ora....E1.lsnr application ONLINE ONLINE db-o...ode1 ora....de1.gsd application OFFLINE OFFLINE ora....de1.ons application ONLINE ONLINE db-o...ode1 ora....de1.vip ora....t1.type ONLINE ONLINE db-o...ode1 ora....SM2.asm application ONLINE ONLINE db-o...ode2 ora....E2.lsnr application ONLINE ONLINE db-o...ode2 ora....de2.gsd application OFFLINE OFFLINE ora....de2.ons application ONLINE ONLINE db-o...ode2 ora....de2.vip ora....t1.type ONLINE ONLINE db-o...ode2 ora.gsd ora.gsd.type OFFLINE OFFLINE ora....network ora....rk.type ONLINE ONLINE db-o...ode1 ora.oc4j ora.oc4j.type ONLINE ONLINE db-o...ode1 ora.ons ora.ons.type ONLINE ONLINE db-o...ode1 ora.scan1.vip ora....ip.type ONLINE ONLINE db-o...ode2 ora.scan2.vip ora....ip.type ONLINE ONLINE db-o...ode1 ora.scan3.vip ora....ip.type ONLINE ONLINE db-o...ode1 16 Grid Infrastructure Startup During Patching, Install or Upgrade May Fail Due to Multicasting Requirement (Doc ID 1212703.1) - https://support.oracle.com/epmos/faces/DocumentDisplay?_adf.ctrl- state=osgi7wnt9_14&_afrLoop=392592718553079 www.redhat.com 54 refarch-feedback@redhat.com NOTE: Everything should have a target and state of ONLINE except for anything ending in .gsd. Global Services Daemon (GSD) is disabled by default starting with Oracle Grid Infrastrcture 11.2. For more information on GSD, visit My Oracle Support Doc ID [ 429966.1 ] - GSD is Used Only if 9i RAC Database is Present 4.1.2 Installing Oracle 11g R2 Database Software Prior to the installation of Oracle RAC Database 11g Release 2 (11.2.0.3), ensure the following prerequisites from the following sections have been met: • Section 2 Reference Architecture Environment • Section 3 Reference Architecture Configuration Details NOTE: The reference environment uses the /u01/app/oracle as the Oracle base. The owner is set to oracle and the group is set to oinstall. Run the following commands to create the Oracle base directory set the appropriate permissions: On each node within the Oracle RAC environment, as the root user, create the following directory structure and set the proper permissions. # mkdir /u01/app/oracle # chown --recursive oracle.oinstall /u01/app/oracle The following steps are intended for only node one of the Oracle RAC Database 11.2.0.3 environment unless otherwise specified. 1. Download the Oracle Database software17 from the My Oracle Support site. 2. As the oracle user, create a temporary directory within /u01/app/oracle/oracle- software to store the Oracle Database Software gunzip files, move the Oracle Database software gunzip files to the /u01/app/oracle/oracle-software location, ensure the Oracle Database software gunzip has the proper permissions and unpack its contents. As the oracle user, # mkdir /u01/app/oracle/oracle-software # mv p10404530_112030_Linux-x86-64_1of7.zip p10404530_112030_Linux-x86- 64_2of7.zip /u01/app/oracle/oracle-software/ As the root user, # chown oracle.oinstall /path/to/p10404530_112030_Linux-x86-64_1of7.zip # chown oracle.oinstall /path/to/p10404530_112030_Linux-x86-64_2of7.zip As the oracle user, # cd /u01/app/oracle/oracle-software # unzip p10404530_112030_Linux-x86-64_1of7.zip # unzip p10404530_112030_Linux-x86-64_2of7.zip 17 Patch 10404530: 11.2.0.3.0 PATCH SET FOR ORACLE DATABASE SERVER, via http://support.oracle.com refarch-feedback@redhat.com 55 www.redhat.com 3. As the oracle user, locate the Oracle Database software and modify the file labeled cvu_config to ensure the Oracle Universal Installer (OUI) performs the correct prerequisite checks for Red Hat Enterprise Linux 6. 4. Edit the cvu_config file as follows: sed -i 's/CV_ASSUME_DISTID=OEL4/CV_ASSUME_DISTID=OEL6/' /u01/app/oracle/oracle-software/database/stage/cvu/cv/admin/cvu_config 5. As the oracle user, start the OUI via the command: # /u01/app/oracle/oracle-software/database/runInstaller NOTE: Ensure to SSH with the -Y option as the oracle user from the client server, otherwise the following error will occur. # /u01/app/oracle/oracle-software/database/runInstaller Starting Oracle Universal Installer... Checking Temp space: must be greater than 120 MB. Actual 3461 MB Passed Checking swap space: must be greater than 150 MB. Actual 20479 MB Passed X11 connection rejected because of wrong authentication. X11 connection rejected because of wrong authentication. Checking monitor: must be configured to display at least 256 colors >>> Could not execute auto check for display colors using command / usr/bin/xdpyinfo. Check if the DISPLAY variable is set. Failed <<<< Some requirement checks failed. You must fulfill these requirements before continuing with the installation, Continue? (y/n) [n] n 6. Within the Configure Security Updates window, provide the My Oracle Support email address for the latest security issues information, otherwise uncheck the I wish to receive security updates via My Oracle Support and click Next. A follow up dialog box asking Do you wish to remain uniformed of criticial security issues in your configuration? click Yes. 7. Within the Download Software Updates window, provide the My Oracle Support credentials to download the latest security updates, otherwise select the Skip software updates radio button. The reference environment selected Skip software updates. Click Next. www.redhat.com 56 refarch-feedback@redhat.com 8. Within the Installation Option window, select Install database software only and click Next. refarch-feedback@redhat.com 57 www.redhat.com Figure 4.1.2.1: Installation Option Window 9. Within the Grid Installation Options window, select Oracle Real Application Clusters database installation radio button and click on the SSH Connectivity button. Within the OS Password: dialog box enter the user oracle's password and click Setup. Once a dialog box returns with 'Successfully established passwordless SSH connectivity between the selected nodes', click OK and Next to continue to the next window. NOTE: The oracle password must be the same for all nodes within the Oracle RAC Database 11.2.0.3 cluster. 10.Within the Product Languages window, select the appropriate language for the installation. 11.Within the Database Edition window, select the appropriate database edition and click Next. For the purposes of the reference environment, Enterprise Edition is the edition of choice. www.redhat.com 58 refarch-feedback@redhat.com Figure 4.1.2.2: Grid Installation Options Window 12.Within the Installation Location window, select the appropriate Oracle base and software location and click Next. For the purposes of the reference environment, the following values are set: • ORACLE BASE - /u01/app/oracle • SOFTWARE LOCATION - /u01/app/oracle/product/11.2.0/dbhome_1 13.Within the Operating System Groups window, select the appropriate OS groups and click Next. For the purposes of the reference environment, the following values are set: • DATABASE ADMINISTRATOR GROUP – DBA • DATABASE OPERATOR GROUP – OPER 14.Within the Prerequisite Checks window, review the status and ensure there are no errors prior to continuing the installation. For failures with a status set to Fixable, select the Fix & Check Again button. The execution of the Fix & Check Again button provides a runfixup.sh script provided by the OUI. As root, run the runfixup.sh and click on the Check Again button once the runfixup.sh has finished. For errors that can be ignored, select the Ignore All check box and click Next. ◦ The following check errors are common and extra details are provided below. ▪ Task resolv.conf Integrity – This task checks consistency of the file /etc/resolv.conf across all nodes and displays a PRVF-5637 error (bug 16038314). Manually verify that all nodes across the Oracle RAC Database cluster provide the appropriate response with the use of nslookup. If the appropriate response is achieved, this error can be safely ignored. For more information please visit My Oracle Support Doc ID [1480242.1]18 ▪ Node Connectivity – The Node Connectivity task checks TCP connectivity is available between all subnets within the Oracle RAC environment cluster and displays a PRVF-7617 error if it cannot. Within a new terminal, as the oracle user, verify that each interface has node connectivity with the following command. For the purposes of this reference architecture, bond0, em3, and em4 are the interfaces that are examined. # /u01/app/11.2.0/grid/bin/cluvfy comp nodecon -i bond0,em3,em4 -n db-oracle-node1,db-oracle-node2 -verbose The output expected for each interface should result in 'Verification of node connectivity was successful. ' If successful, this error can be safely ignored. Otherwise, consult My Oracle Support Doc ID [1335136.1]19 18 PRVF-5637 : DNS response time could not be checked on following nodes (Doc ID 1480242.1), via http://support.oracle.com 19 PRVF-7617: TCP connectivity check failed for subnet (Doc ID 1335136.1), via http://support.oracle.com refarch-feedback@redhat.com 59 www.redhat.com ▪ Clock Synchronization – checks the Oracle Cluster Time Services and provides within the Details button the following PRVG -1015 error. The workaround to remove this error is as follows: • Stop ntpd service on each node within the Oracle RAC Database cluster via the command: # service ntpd stop • On each node, as the root user, run the following ntpdate command where 10.16.255.2 is the IP of the NTP server: # ntpdate 10.16.255.2 • Restart the ntpd service on each node within the Oracle RAC Database cluster via the command: # service ntpd start • Within the Oracle Database OUI, select the Check Again button. 15. Within the Summary window, review all the information provided, and select Install to start the installation. 16. Once the installation completes, execute the scripts within the Execute Configuration scripts window for each node within the Oracle RAC Database 11.2.0.3 environment. As the root user, run the following: # /u01/app/oracle/product/11.2.0/dbhome_1/root.sh Performing root user operation for Oracle 11g The following environment variables are set as: ORACLE_OWNER= oracle ORACLE_HOME= /u01/app/oracle/product/11.2.0/dbhome_1 Enter the full pathname of the local bin directory: [/usr/local/bin]: /usr/local/bin The contents of "dbhome" have not changed. No need to overwrite. The contents of "oraenv" have not changed. No need to overwrite. The contents of "coraenv" have not changed. No need to overwrite. Entries will be added to the /etc/oratab file as needed by Database Configuration Assistant when a database is created Finished running generic part of root script. Now product-specific root actions will be performed. Finished product-specific root actions. 17.Click OK within the Execute Configuration scripts window. 18.Within the Finish window, click Close. www.redhat.com 60 refarch-feedback@redhat.com 4.1.3 Creating ASM Diskgroups via the ASM Configuration  Assistant (ASMCA) Prior to the creation of an Oracle RAC database, create the Database, Fast Recovery Area and Redo Logs Oracle ASM diskgroups via Oracle's ASM Configuration Assistant (ASMCA). The following steps should be done on node one of the Oracle RAC Database cluster environment. 1. ssh with the -Y option as the grid user to node one of the Oracle RAC Database cluster. 2. As the grid user, start asmca via the following command: # /u01/app/11.2.0/grid/bin/asmca NOTE: In the example above, /u01/app/11.2.0/grid is the grid home directory. 3. Via the asmca application, select the Disk Groups tab and click Create. refarch-feedback@redhat.com 61 www.redhat.com Figure 4.1.3.1: ASMCA DiskGroup Tab 3. Within the Create Disk Group window, create the following disk groups as follows: • Disk Group Name • Redundancy level • Selection of the disks to be added to each Disk Group ASMCA Disk Group Diskgroup Name Disk Path Header Status DATADG If using device mapper multipath: /dev/mapper/db1p1 /dev/mapper/db2p1 If using Oracle ASMLib: /dev/oracleasm/disks/DATA1 /dev/oracleasm/disks/DATA2 If using device mapper multipath: Candidate If using Oracle ASMLib: Provisioned FRADG If using device mapper multipath: /dev/mapper/frap1 If using Oracle ASMLib: /dev/oracleasm/disks/FRA1 If using device mapper multipath: Candidate If using Oracle ASMLib: Provisioned REDODG If using device mapper multipath: /dev/mapper/redop1 If using Oracle ASMLib: /dev/oracleasm/disks/REDO1 If using device mapper multipath: Candidate If using Oracle ASMLib: Provisioned Table 4.1.3.1: ASMCA Create Disk Group www.redhat.com 62 refarch-feedback@redhat.com NOTE: To display the appropriate eligible disks, click on the Change Discovery Path button and enter as the 'Disk Discovery Path' one of the following: • For Device Mapper devices, type: /dev/mapper/* • For Oracle ASMLib marked disks, type: /dev/oracleasm/disks/* NOTE: For device mapper disks, Header Status is Candidate, but for Oracle ASMLib disks the Header Status is Provisioned. refarch-feedback@redhat.com 63 www.redhat.com Figure 4.1.3.2: ASMCA Disk Group Creation Window Click the OK button within the Create Diskgroup window once the steps above are complete. 4. Repeat steps 2 and 3 to configure both a disk group for the Fast Recovery Area (FRA) and the redo logs. NOTE: Separation of redo logs into a separate Oracle ASM disk group is optional, but recommended. 5. Once all disk groups are created, click the Exit button from the main ASM Configuration Assistant window. Click yes, when asked to confirm quitting the application. 4.1.4 Creating a Database using Database Configuration  Assistant (DBCA) When creating an Oracle database, the recommended method is the usage of the DBCA utility. The following section describes the step-by-step to create a custom database. 1. ssh with the -Y option as the oracle user to node one of the Oracle RAC Database cluster. 2. As the oracle user, run the dbca utility via the command: # /u01/app/oracle/product/11.2.0/dbhome_1/bin/dbca NOTE: In the example above, /u01/app/oracle/product/11.2.0/dbhome_1 is the Oracle home directory. 2. Within the Welcome window, ensure Oracle Real Application Clusters (RAC) database is selected and click Next. 3. Within the Operations window, select Create a Database radio button and click Next. 4. Within the Database Template window, select Custom Database radio button and click Next. 5. Within the Database Identification window, specify the Configuration Type, Global Database Name, SID Prefix, and nodes to be associated with the cluster database and click Next. For the purposes of the reference environment, the following values are used: • CONFIGURATION TYPE – Admin-Managed • GLOBAL DATABASE NAME – racdb • SID PREFIX – racdb • Nodes selected for the cluster database – db-oracle-node1,db-oracle-node2 6. Within the Management Options window, select the check box Configure Enterprise Manager and click Next. 7. Within the Database Credentials window, provide the administrative passwords for each username and click Next. www.redhat.com 64 refarch-feedback@redhat.com 8. Within the Database File Locations window, select the appropriate storage type and storage location. For the purposes of the reference environment the following selections are made: • STORAGE TYPE – Automatic Storage Management (ASM) • STORAGE LOCATIONS – Use Oracle-Managed Files ◦ DATABASE AREA: +DATADG refarch-feedback@redhat.com 65 www.redhat.com Figure 4.1.4.1: Database File Locations Window 9. Select the Multiplex Redo Logs and Control Files button and within the Multiplex Redo Logs and Control Files window, add the Redo Logs diskgroup, i.e. +REDODG and click OK, then click Next. 10. Within the ASM Credentials window, specify a ASMSNMP password and click OK. www.redhat.com 66 refarch-feedback@redhat.com Figure 4.1.4.2: Multiplex Redo Logs and Control Files Window 11.Within the Recovery Configuration window, select the recovery options appropriate for the database. The selections for the reference environment enable the Fast Recovery Area (FRA) and Archiving. Archiving is enabled to prevent the loss of data in case a failure occurs when writing data to disk. The delta is stored within the redo logs. The FRA location and size values are displayed below. Click Next. • FRA – +FRADG • FRA Size – 190680 Megabytes (total size of FRA) NOTE: It is recommended, to modify the values above based on the database's recovery requirements. For more information, visit My Oracle Support Doc ID [305648.1]20 20 What is a Flash Recovery Area and how to configure it ? (Doc ID 305648.1) - https://support.oracle.com/epmos/faces/DocumentDisplay? _afrLoop=34803820034309&id=305648.1&_afrWindowMode=0&_adf.ctrl-state=4d6uvx8f3_58 refarch-feedback@redhat.com 67 www.redhat.com Figure 4.1.4.3: Recovery Configuration Window 12.Within the Database Content window, select the components to be configured for the database and click Next. Default settings are used for the reference environment. 13.Within the Initialization Parameters window, select Custom and enter the appropriate values for the SGA and PGA size and click Next. It is recommended that the Memory Management be set as Automatic Shared Memory Management. The values set for the reference environment for SGA and PGA are the following: • SGA – 14475 Megabytes • PGA – 4825 Megabytes NOTE: It is recommended to modify the values above based on the database's SGA and PGA requirements. 14. Within the Database Storage window, click Next. 15. Within the Creation Options window, ensure the Create Database box is checked and click Finish. 16. Within the Confirmation window, review the database configuration summary, and click OK to start the database creation. www.redhat.com 68 refarch-feedback@redhat.com Figure 4.1.4.4: Initialization Parameters Window 4.1.5 Enabling HugePages Transparent Huge Pages (THP) are implemented within Red Hat Enterprise Linux 6 to improve memory management by removing many of the difficulties of manually managing huge pages by dynamically allocating huge pages as needed. Red Hat Enterprise Linux 6, by default, uses transparent huge pages also known as anonymous huge pages. Unlike static huge pages, no additional configuration is needed to use them. Huge pages can boost application performance by increasing the chance a program will have quick access to a memory page. Unlike traditional huge pages, transparent huge pages can be swapped out (as smaller 4kB pages) when virtual memory clean up is required. Unfortunately, Oracle Databases do not take advantage of transparent huge pages for interprocess communication. In fact, My Oracle Support [ID 1557478.1]21 states to disable THP due to unexpected performance issues or delays when THP is found to be enabled. To reap the benefit of huge pages for an Oracle database, it is required to allocate static huge pages and disable THP. Due to the complexity of properly configuring huge pages, it is recommended to copy the bash shell script found within Appendix E Huge Pages Script and run the script once the database is up and running. The reasoning behind allocating huge pages once the database is up and running is to provide a proper number of pages to handle the running shared memory segments. The steps are as follows: On each node within the Oracle RAC Database environment, 1. Copy the bash script found within Appendix E Huge Pages Script and save it as huge_pages_settings.sh 2. As the root user, ensure the huge_pages_settings.sh is executable by running the following command: # chmod +x huge_pages_settings.sh 3. As the root user, execute the huge_pages_settings.sh script as follows: # ./huge_pages_settings.sh Recommended setting within the kernel boot command line: hugepages = Recommended setting within /etc/security/limits.conf: oracle soft memlock Recommended setting within /etc/security/limits.conf: oracle hard memlock 21 ALERT: Disable Transparent HugePages on SLES11,RHEL6,OEL6 and UEK2 Kernels (DOC ID: 1557478.1) refarch-feedback@redhat.com 69 www.redhat.com 4. Add the number of hugepages provided by the huge_pages_settings.sh script to the kernel boot command line within the /etc/grub.conf and disable transparent huge pages persistently across reboots as follows: /etc/grub.conf title Red Hat Enterprise Linux (2.6.32-358.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-358.el6.x86_64 ro root=/dev/mapper/myvg-root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_NO_DM rd_LVM_LV=myvg/root KEYBOARDTYPE=pc KEYTABLE=us rd_LVM_LV=myvg/swap rhgb quiet hugepages= transparent_hugepage=never initrd /initramfs-2.6.32-358.el6.x86_64.img NOTE: Allocating the number of huge pages within the kernel boot command line is the most reliable method due to memory not yet becoming fragmented.22 5. Add the Oracle soft and hard limits with regards to memlock within /etc/security/limits.conf as follows: /etc/security/limits.conf oracle soft memlock oracle hard memlock 6. The tuned package automatically enables THP upon start of the tuned services. This includes during boot time. Due to this, one must set the following THP_ENABLE line within /etc/tune-profiles/functions to be set as /dev/null. From: THP_ENABLE=”/sys/kernel/mm/redhat_transparent_hugepage/enabled” To: THP_ENABLE=”/dev/null” Within the /etc/tune-profiles/functions file, disable transparent huge pages by running the following sed command: # sed -i 's/THP_ENABLE=\"\/sys\/kernel\/mm\/redhat_transparent_hugepage\/enabled/T HP_ENABLE=\"\/dev\/null/g' /etc/tune-profiles/functions NOTE: Failure to change the /etc/tune-profiles/functions THP_ENABLE variable to /dev/null results in transparent huge pages forever being set to always. For more information refer to Red Hat Article: Disabling transparent hugepages (THP) on Red Hat Enterprise Linux 6 is not taking effect.23 7. Reboot each node to ensure the nr_hugepages setting takes effect properly. 22 https://www.kernel.org/doc/Documentation/vm/hugetlbpage.txt 23 https://access.redhat.com/site/solutions/422283 www.redhat.com 70 refarch-feedback@redhat.com 8. Verify the total number of huge pages on the system with the following command: # cat /proc/meminfo | grep -i hugepages_total HugePages_Total: 9. Verify the current status of the transparent huge pages is set to NEVER via the following command: # cat /sys/kernel/mm/transparent_hugepage/enabled always [never] NOTE: Starting with Oracle Database version 11.2.0.2, the initialization parameter “USE_LARGE_PAGES” was introduced to allocate huge pages on a per database use case. The default value for Oracle Database 11.2.0.2 is true, while for Oracle Databases running 11.2.0.3 or higher it is set to auto. For more information on the parameter and its value refer to My Oracle Support24. NOTE: Huge Pages is not compatible with Automatic Memory Management (AMM). 24 USE_LARGE_PAGES To Enable HugePages In 11.2 [ID 1392497.1] refarch-feedback@redhat.com 71 www.redhat.com 5 Logging into an Oracle RAC Database  11g Release 2 Instance (11.2.0.3) This section focuses on ensuring once the Oracle RAC Database 11g Release 2 (11.2.0.3) deployment is complete, one can successfully log into an Oracle RAC database instance. The following steps provide the details to connect to a particular instance, racdb1, of the database created within the Oracle RAC Database environment. The following steps are to be done only on node one of the Oracle RAC environment. As the oracle user, 1. Set the environment variable for ORACLE_HOME with the location of your Oracle Database 11g Release 2 (11.2.0.3) home. The reference environment sets ORACLE_HOME to /u01/app/oracle/product/11.2.0/dbhome_1 # export ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1 # echo $ORACLE_HOME /u01/app/oracle/product/11.2.0/dbhome_1 NOTE: There is a bug within Oracle Database 11g Release 2 (11.2.0.3) that requires that the export of ORACLE_HOME not include a trailing forward slash (/). 2. Set the Oracle System ID (ORACLE_SID) used to identify the database. # export ORACLE_SID=racdb1 # echo $ORACLE_SID racdb1 3. Invoke the sqlplus binary to log into the Oracle instance as a sysdba. # $ORACLE_HOME/bin/sqlplus / as sysdba; SQL*Plus: Release 11.2.0.3.0 Production on Wed Jun 5 13:55:05 2013 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Automatic Storage Management, OLAP, Data Mining and Real Application Testing options NOTE: Similar procedures can be followed for each node within the Oracle RAC Database 11.2.0.3 cluster by simply altering the ORACLE_SID environment variable for the particular node in which to connect too. www.redhat.com 72 refarch-feedback@redhat.com 6 Conclusion Red Hat has a history of creating solutions that include Oracle Databases dating back several years. Red Hat Enterprise Linux 6 provides an excellent foundation for database deployments with demonstrated stability, scalability, and performance. With support for Oracle RAC Database 11g Release 2 (11.2.0.3) on Red Hat Enterprise Linux 6, customers can increasingly look to deploy Oracle Databases in advanced configurations. The steps and procedures described in this reference architecture should provide system and storage administrators the blueprint required to create a robust and performing solution based on Oracle Real Application Clusters (RAC) Databases. Administrators can reference this document to simplify and optimize the deployment process and employ the latest best practices for configuring Red Hat technologies while implementing the following tasks: • Deploying Oracle Grid Infrastructure 11g R2 (11.2.0.3) • Deploying Oracle RAC Database 11g R2 (11.2.0.3) with shared SAN disks • Using Oracle ASM disks with udev rules • Using Oracle ASM disks with Oracle ASMLib (RHEL 6.4 and above) • Enabling the Oracle RAC Database 11gR2 environment with SELinux refarch-feedback@redhat.com 73 www.redhat.com Appendix A: Revision History Revision 1.0 Friday September 13, 2013 Roger Lopez Initial Release www.redhat.com 74 refarch-feedback@redhat.com Appendix B: Contributors 1. Brett Thurber, content review and technical review of Oracle deployment procedures 2. Yan Fisher, content review 3. John Boero, content review refarch-feedback@redhat.com 75 www.redhat.com Appendix C: DM Multipath Configuration File # This is a basic configuration file with some examples, for device mapper # multipath. # For a complete list of the default configuration values, see # /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf.defaults # For a list of configuration options with descriptions, see # /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf.annotated # # REMEMBER: After updating multipath.conf, you must run # # service multipathd reload # # for the changes to take effect in multipathd ## By default, devices with vendor = "IBM" and product = "S/390.*" are ## blacklisted. To enable mulitpathing on these devies, uncomment the ## following lines. #blacklist_exceptions { # device { # vendor "IBM" # product "S/390.*" # } #} ## Use user friendly names, instead of using WWIDs as names. defaults { user_friendly_names yes } ## ## Here is an example of how to configure some standard options. ## # defaults { udev_dir /dev polling_interval 10 path_selector "round-robin 0" path_grouping_policy multibus getuid_callout "/lib/udev/scsi_id --whitelisted --device=/dev/%n" prio alua path_checker readsector0 rr_min_io 100 max_fds 8192 rr_weight priorities failback immediate no_path_retry fail user_friendly_names yes } ## ## The wwid line in the following blacklist section is shown as an example www.redhat.com 76 refarch-feedback@redhat.com ## of how to blacklist devices by wwid. The 2 devnode lines are the ## compiled in default blacklist. If you want to blacklist entire types ## of devices, such as all scsi devices, you should use a devnode line. ## However, if you want to blacklist specific devices, you should use ## a wwid line. Since there is no guarantee that a specific device will ## not change names on reboot (from /dev/sda to /dev/sdb for example) ## devnode lines are not recommended for blacklisting specific devices. ## blacklist { wwid 3600508b1001030353434363646301200 devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*" devnode "^hd[a-z]" } multipaths { multipath { wwid 3600c0ff000d7e7a899d8515101000000 alias db1 } multipath { wwid 3600c0ff000dabfe5a7d8515101000000 alias db2 } multipath { wwid 3600c0ff000dabfe596a0f65101000000 alias ocrvote1 } multipath { wwid 3600c0ff000dabfe5a2a0f65101000000 alias ocrvote2 } multipath { wwid 3600c0ff000dabfe5b4a0f65101000000 alias ocrvote3 } multipath { wwid 3600c0ff000dabfe5f4d8515101000000 alias redo } multipath { wwid 3600c0ff000d7e7a8dbd8515101000000 alias fra } } #devices { # device { # vendor "COMPAQ " # product "HSV110 (C)COMPAQ" # path_grouping_policy multibus # getuid_callout "/lib/udev/scsi_id --whitelisted --device=/dev/%n" # path_checker readsector0 # path_selector "round-robin 0" # hardware_handler "0" # failback 15 refarch-feedback@redhat.com 77 www.redhat.com # rr_weight priorities # no_path_retry queue # } # device { # vendor "COMPAQ " # product "MSA1000 " # path_grouping_policy multibus # } #} Appendix D: iptables Configuration File # Generated by iptables-save v1.4.7 on Mon Aug 5 19:20:53 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [25:2660] -A INPUT -s 10.16.142.51/32 -i bond0 -j ACCEPT -A INPUT -s 10.16.142.52/32 -i bond0 -j ACCEPT -A INPUT -i em3 -j ACCEPT -A INPUT -i em4 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 192.11.142.0/24 -d 230.0.1.0 -j ACCEPT -A INPUT -s 192.11.142.0/24 -d 224.0.0.251 -j ACCEPT -A INPUT -s 192.12.142.0/24 -d 230.0.1.0 -j ACCEPT -A INPUT -s 192.12.142.0/24 -d 224.0.0.251 -j ACCEPT -A INPUT -i bond0 -d 230.0.1.0 -j ACCEPT -A INPUT -i bond0 -d 224.0.0.251 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s 10.16.142.54 --dport 1521 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -s 10.16.142.54 --dport 1158 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT www.redhat.com 78 refarch-feedback@redhat.com Appendix E: Huge Pages Script The following hugepages script is from Tuning Red Hat Enterprise Linux For Oracle & Oracle RAC by Scott Crot, Sr. Consultant, Red Hat25 and modified to include the values Oracle's soft and hard memlock. #!/bin/bash KERN=`uname -r | awk -F. '{ printf("%d.%d\n",$1,$2); }'` # Find out the HugePage size HPG_SZ=`grep Hugepagesize /proc/meminfo | awk '{print $2}'` # Start from 1 pages to be on the safe side and guarantee 1 free HugePage NUM_PG=1 # Cumulative number of pages required to handle the running shared memory segments for SEG_BYTES in `ipcs -m | awk '{print $5}' | grep "[0-9][0-9]*"` do MIN_PG=`echo "$SEG_BYTES/($HPG_SZ*1024)" | bc -q` if [ $MIN_PG -gt 0 ]; then NUM_PG=`echo "$NUM_PG+$MIN_PG+1" | bc -q` fi done # Finish with results case $KERN in '2.4') HUGETLB_POOL=`echo "$NUM_PG*$HPG_SZ/1024" | bc -q`; echo "Recommended setting: vm.hugetlb_pool = $HUGETLB_POOL" ;; '2.6') MEM_LOCK=`echo "$NUM_PG*$HPG_SZ" | bc -q`; echo "Recommended setting within the kernel boot command line: hugepages = $NUM_PG" echo "Recommended setting within /etc/security/limits.conf: oracle soft memlock $MEM_LOCK" echo "Recommended setting within /etc/security/limits.conf: oracle hard memlock $MEM_LOCK" ;; *) echo "Unrecognized kernel version $KERN. Exiting." ;; esac 25 Tuning Red Hat Enterprise Linux For Oracle & Oracle RAC by Scott Crot, Sr. Consultant, Red Hat, http://www.redhat.com/promo/summit/2010/presentations/summit/decoding-the-code/fri/scott-945- tuning/summit_jbw_2010_presentation.pdf refarch-feedback@redhat.com 79 www.redhat.com Appendix F: Oracle Database Package Requirements Text File cloog-ppl compat-libcap1 compat-libstdc++-33 cpp gcc gcc-c++ glibc-devel glibc-headers kernel-headers ksh libXmu libXt libXv libXxf86dga libXxf86misc libXxf86vm libaio-devel libdmx libstdc++-devel mpfr make ppl xorg-x11-utils xorg-x11-xauth www.redhat.com 80 refarch-feedback@redhat.com Appendix G: Kernel Parameters vm.swappiness = 0 vm.dirty_background_ratio = 3 vm.dirty_ratio = 80 vm.dirty_expire_centisecs = 500 vm.dirty_writeback_centisecs = 100 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 # fs.file-max needs to be set to at least 6815744 for the Oracle RAC Installation. fs.file-max = 6815744 fs.aio-max-nr = 1048576 net.ipv4.ip_local_port_range = 9000 65500 net.core.rmem_default = 262144 net.core.rmem_max = 4194304 net.core.wmem_default = 262144 net.core.wmem_max = 1048576 # set to the appropriate private eth devices net.ipv4.conf.em3.rp_filter = 2 net.ipv4.conf.em4.rp_filter = 2 refarch-feedback@redhat.com 81 www.redhat.com Appendix H: Limits Configuration File (Limits.conf) oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard nofile 65536 oracle soft stack 10240 oracle hard stack 32768 oracle soft memlock oracle hard memlock grid soft nproc 2047 grid hard nproc 16384 grid soft nofile 1024 grid hard nofile 65536 grid soft stack 10240 grid hard stack 32768 # End of file www.redhat.com 82 refarch-feedback@redhat.com Appendix I: 99-oracle-asmdevices.rules KERNEL=="dm-*",ENV{DM_UUID}=="",OWNER="grid",GROUP="asmadmin",MODE="0660" KERNEL=="dm-*",ENV{DM_UUID}=="",OWNER="grid",GROUP="asmadmin",MODE="0660" KERNEL=="dm-*",ENV{DM_UUID}=="",OWNER="grid",GROUP="asmadmin",MODE="0660" KERNEL=="dm-*",ENV{DM_UUID}=="",OWNER="grid",GROUP="asmadmin",MODE="0660" KERNEL=="dm-*",ENV{DM_UUID}=="",OWNER="grid",GROUP="asmadmin",MODE="0660" KERNEL=="dm-*",ENV{DM_UUID}=="",OWNER="grid",GROUP="asmadmin",MODE="0660" KERNEL=="dm-*",ENV{DM_UUID}=="",OWNER="grid",GROUP="asmadmin",MODE="0660" refarch-feedback@redhat.com 83 www.redhat.com Appendix J: Sample Kickstart File # Red Hat | Oracle Solutions Kickstart Script install url --url= lang en_US.UTF-8 keyboard us network --onboot yes --device em1 --mtu=1500 --bootproto dhcp rootpw # Reboot after installation reboot authconfig --enablemd5 --enableshadow selinux --enforcing timezone America/New_York bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet transparent_hugepage=never" # The following is the partition information you requested # Note that any partitions you deleted are not expressed # here so unless you clear all partitions first, this is # not guaranteed to work clearpart --all volgroup myvg --pesize=32768 pv.008002 logvol /home --fstype=ext4 --name=home --vgname=myvg --size=8192 logvol / --fstype=ext4 --name=root --vgname=myvg --size=15360 logvol swap --name=swap --vgname=myvg --size=16400 logvol /tmp --fstype=ext4 --name=tmp --vgname=myvg --size=4096 logvol /u01 --fstype=ext4 --name=u01 --vgname=myvg --size=51200 logvol /usr --fstype=ext4 --name=usr --vgname=myvg --size=5120 logvol /var --fstype=ext4 --name=var --vgname=myvg --size=8192 part /boot --fstype=ext4 --size=256 part pv.008002 --grow –size=1000 %packages @Base @Core www.redhat.com 84 refarch-feedback@redhat.com Appendix K: Configuration Files All configuration files can be downloaded from the Red Hat customer portal26. A listing of all the files and a brief description can be seen on the Table 6.1: Configuration Files. Some of the configuration files require input with the proper information pertaining to your environment. Files Description req-rpm.txt The required RPMs to deploy Oracle. huge_page_settings.sh Script that provides the proper hugepage values to set. multipath.conf Device Mapper Multipath configuration file. sysctl.conf Configuration file for the kernel parameters limits.conf Configuration file to set limits for a user. selinux-policy Version: 3.7.19-211. This version ensures that Oracle ASMLib works properly with SELinux enabled. selinux-policy-targeted Version: 3.7.19-211. This version ensures that Oracle ASMLib works properly with SELinux enabled. 99-oracle-asmdevices.rules Udev configuration file for Oracle ASM disks iptables iptables configuration bonding.conf /etc/modprobe.d/ bonding configuration file oracle-grid.sh Shell script used to set user limits sample-ks.cfg Sample Kickstart File CHANGELOG Text file with modifications made to scripts. Table 6.1: Configuration Files 26 https://access.redhat.com/site/node/479093/40/1 refarch-feedback@redhat.com 85 www.redhat.com Appendix L: Troubleshooting ORA-* Errors This section focuses on using the command line tool, Automatic Diagnostic Repository Command Interpreter (ADRCI), to troubleshoot Oracle RAC database related errors. ADRCI was introduced in Oracle RAC Database 11g in order to help users diagnose errors within their Oracle RAC database environments and provide health reports if an issue should arise. The following example shows how one could troubleshoot an Oracle RAC database instance error using the ADRCI tool. NOTE: The following steps are intended to produce an ORA-07445 error that can be troubleshooted using the ADRCI tool. Do not attempt on a Oracle RAC Database Production environment. The following is for demonstration purposes only and intended only to show how to troubleshoot ORA-* related errors using the ADRCI tool. 1. In order to create an ORA-07445 error, an essential Oracle process will be killed via the following commands: # ps -A --format pid,args | grep ora_dbrm | grep -v grep 7622 ora_dbrm_racdb1 # kill -SEGV 7622 2. Export the ORACLE_HOME via the command: # export ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1 3. Start the ADRCI command tool via the command: # $ORACLE_HOME/bin/adrci ADRCI: Release 11.2.0.3.0 - Production on Mon Jul 1 19:42:58 2013 Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved. ADR base = "/u01/app/oracle" adrci> 4. At the ADRCI prompt, show Oracle Home's available via the command: adcri> show home ADR Homes: diag/rdbms/racdb/racdb1 NOTE: If more than one Oracle Home is available, one must specify a particular Oracle Database Home. An example on how to set to a particular Oracle Database Home is as follows: adcri> set home diag/rdbms/racdb/racdb1 5. At the ADRCI prompt, run the following command to see the last 50 entries in the alert log: adrci> show alert -tail -f [ ... Output Abbreviated ... ] Exception [type: SIGSEGV, unknown code] [ADDR:0xD431000057BA] [PC:0x3B312EAFCA, semtimedop()+10] [exception issued by pid: 22458, uid: 54321] [flags: 0x0, count: 1] Errors in file /u01/app/oracle/diag/rdbms/racdb/racdb1/trace/racdb1_dbrm_7622.trc www.redhat.com 86 refarch-feedback@redhat.com (incident=3657): ORA-07445: exception encountered: core dump [semtimedop()+10] [SIGSEGV] [ADDR:0xD431000057BA] [PC:0x3B312EAFCA] [unknown code] [] Incident details in: /u01/app/oracle/diag/rdbms/racdb/racdb1/incident/incdir_3657/racdb1_dbrm_ 7622_i3657.trc Use ADRCI or Support Workbench to package the incident. See Note 411.1 at My Oracle Support for error and packaging details. NOTE: In this particular case, we are looking for an ORA-07445 within the alert log as seen above. However, this step is just to confirm what is seen in the future ADRCI steps. To exit the alert log, CTRL+C. 6. Within the ADRCI, there are two key terms to be aware of, problem and incident. An incident is a particular time when a problem occurred. For example, it is possible for an Oracle process to crash at different times with the same ORA-07445. The multiple occurences of the crash are incidents, while the problem is still the ORA-07445 error. In order to view the problem, the following ADRCI command needs to be run. adrci> show problem ADR Home = /u01/app/oracle/diag/rdbms/racdb/racdb1: ************************************************************************* PROBLEM_ID PROBLEM_KEY LAST_INCIDENT LASTINC_TIME ------------------------------------------------------------------------- 1 ORA 7445 [semtimedop()+10] 3657 2013-08-21 10:35:10.876000 -04:00 7. In order to view how many incidents, the following ADRCI command needs to be run. In this example, I only have one incident in which the ORA-07445 problem occurred. adrci> show incident ADR Home = /u01/app/oracle/diag/rdbms/racdb/racdb1: ************************************************************************* INCIDENT_ID PROBLEM_KEY CREATE_TIME ------------------------------------------------------------------------- 3657 ORA 7445 [semtimedop()+10] 2013-08-21 10:35:10.876000 -04:00 1 rows fetched 8. In order to view the incident in more detail, run the following command: adrci> show incident -mode detail -p “incident_id=3657” ADR Home = /u01/app/oracle/diag/rdbms/racdb/racdb1: ************************************************************************* ********************************************************** INCIDENT INFO RECORD 1 ********************************************************** INCIDENT_ID 3657 STATUS ready CREATE_TIME 2013-08-21 10:35:10.876000 -04:00 PROBLEM_ID 1 CLOSE_TIME FLOOD_CONTROLLED none refarch-feedback@redhat.com 87 www.redhat.com ERROR_FACILITY ORA ERROR_NUMBER 7445 ERROR_ARG1 semtimedop()+10 ERROR_ARG2 SIGSEGV ERROR_ARG3 ADDR:0xD431000057BA ERROR_ARG4 PC:0x3B312EAFCA ERROR_ARG5 unknown code ERROR_ARG6 ERROR_ARG7 ERROR_ARG8 ERROR_ARG9 ERROR_ARG10 ERROR_ARG11 ERROR_ARG12 SIGNALLING_COMPONENT SIGNALLING_SUBCOMPONENT SUSPECT_COMPONENT SUSPECT_SUBCOMPONENT ECID IMPACTS 0 PROBLEM_KEY ORA 7445 [semtimedop()+10] FIRST_INCIDENT 3657 FIRSTINC_TIME 2013-08-21 10:35:10.876000 -04:00 LAST_INCIDENT 3657 LASTINC_TIME 2013-08-21 10:35:10.876000 -04:00 IMPACT1 0 IMPACT2 0 IMPACT3 0 IMPACT4 0 KEY_NAME ProcId KEY_VALUE 7.1 KEY_NAME Client ProcId KEY_VALUE oracle@db-oracle- node1.cloud.lab.eng.bos.redhat.com.7622_139933798536960 KEY_NAME SID KEY_VALUE 113.1 OWNER_ID 1 INCIDENT_FILE /u01/app/oracle/diag/rdbms/racdb/racdb1/trace/racdb1_dbrm_7622.trc OWNER_ID 1 INCIDENT_FILE /u01/app/oracle/diag/rdbms/racdb/racdb1/incident/incdir_3657/racdb1_dbrm_ 7622_i3657.trc 1 rows fetched NOTE: The two parameters of importance here are the PROBLEM_ID and INCIDENT_FILE. 9. When looking at the incident in further detail, the following incident file can be examined further via the following command: adrci> show trace /u01/app/oracle/diag/rdbms/racdb/racdb1/incident/incdir_3657/racdb1_dbrm_ 7622_i3657.trc Output the results to file: /tmp/utsout_23273_14021_2.ado /bin/bash: adrci: command not found www.redhat.com 88 refarch-feedback@redhat.com adrci> quit # cat /tmp/utsout_23273_14021_2.ado //u01/app/oracle/diag/rdbms/racdb/racdb1/incident/incdir_3657/racdb1_dbrm _7622_i3657.trc ---------------------------------------------------------- LEVEL PAYLOAD ----- ------------------------------------------------------------------------- ----------------------------------------------------------------------- Dump file /u01/app/oracle/diag/rdbms/racdb/racdb1/incident/incdir_3657/racdb1_dbrm_ 7622_i3657.trc Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP, Data Mining and Real Application Testing options ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1 System name: Linux Node name: db-oracle-node1.cloud.lab.eng.bos.redhat.com Release: 2.6.32-358.el6.x86_64 Version: #1 SMP Tue Jan 29 11:47:41 EST 2013 Machine: x86_64 Instance name: racdb1 Redo thread mounted by this instance: 1 Oracle process number: 7 Unix process pid: 7622, image: ? *** 2013-08-21 10:35:10.892 *** SESSION ID:(113.1) 2013-08-21 10:35:10.892 *** CLIENT ID:() 2013-08-21 10:35:10.892 *** SERVICE NAME:(SYS$BACKGROUND) 2013-08-21 10:35:10.892 *** MODULE NAME:() 2013-08-21 10:35:10.892 *** ACTION NAME:() 2013-08-21 10:35:10.892 Dump continued from file: /u01/app/oracle/diag/rdbms/racdb/racdb1/trace/racdb1_dbrm_7622.trc 1> ***** Error Stack ***** ORA-07445: exception encountered: core dump [semtimedop()+10] [SIGSEGV] [ADDR:0xD431000057BA] [PC:0x3B312EAFCA] [unknown code] [] 1< ***** Error Stack ***** 1> ***** Dump for incident 3657 (ORA 7445 [semtimedop()+10]) ***** 2> ***** Beginning of Customized Incident Dump(s) ***** Exception [type: SIGSEGV, unknown code] [ADDR:0xD431000057BA] [PC:0x3B312EAFCA, semtimedop()+10] [exception issued by pid: 22458, uid: 54321] [ ... Output Abbreviated ... ] 10. While this concludes how to examine trace files that pertain to a particular ORA error using ADRCI; if the issue cannot be solved by the end user, the ADRCI provides the Incident Packaging Service (IPS) tool to ZIP the necessary trace files based on the problem. It can then be sent to support for further debugging. To create the appropriate ZIP file, log back into ADRCI and use the following commands: refarch-feedback@redhat.com 89 www.redhat.com # $ORACLE_HOME/bin/adrci adrci> ips create package problem 1 correlate all Created package 1 based on problem id 1, correlation level all NOTE: Problem 1 is the Problem_ID found step 6. adrci> ips generate package 1 in “/home/oracle” Generated package 1 in file /home/oracle/ORA7445se_20130821105403_COM_1.zip, mode complete NOTE: Package 1 is the package ID captured from the ips create output command. For more information about ADRCI, please visit the http://docs.oracle.com/cd/E11882_01/server.112/e25494/diag001.htm www.redhat.com 90 refarch-feedback@redhat.com Appendix M: References TECH: Unix Semaphores and Shared Memory Explained [ID 15566.1] http://docs.oracle.com/cd/E11882_01/install.112/e24321/pre_install.htm Oracle Grid Infrastructure, Oracle Documentation http://docs.oracle.com/cd/E18248_01/doc/install.112/e16763/oraclerestart.htm#CHDFDAIG http://docs.oracle.com/cd/E11882_01/install.112/e10812/concepts.htm Tuning Red Hat Enterprise Linux For Oracle & Oracle RAC by Scott Crot, Sr. Consultant, Red Hat http://www.redhat.com/promo/summit/2010/presentations/summit/decoding-the-code/fri/scott-945- tuning/summit_jbw_2010_presentation.pdf Linux OS Installation with Reduced Set of Packages for Running Oracle Database Server [ID 728346.1] https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=290805959329203&id=728346.1&_adf.ctrl- state=13886txzey_67 Installing 11.2.0.3 32-bit (x86) or 64-bit (x86-64) on RHEL6 Reports That Packages "elfutils-libelf-devel-0.97" and "pdksh-5.2.14" are missing (PRVF-7532) [ID 1454982.1] https://support.oracle.com/epmos/faces/ui/km/SearchDocDisplay.jspx? returnToSrId=&_afrLoop=290981302886992&srnum=&type=DOCUMENT&id=1454982.1&displayIndex=3&_afr WindowMode=0&_adf.ctrl-state=13886txzey_154 USE_LARGE_PAGES To Enable HugePages In 11.2 [ID 1392497.1] https://support.oracle.com/epmos/faces/Dashboard?_adf.ctrl-state=nvtwimbst_252 Large Pages Information in the Alert Log [ID 1392543.1] https://support.oracle.com/epmos/faces/ui/km/SearchDocDisplay.jspx?_adf.ctrl-state=nvtwimbst_226 Tuning Virtual Memory https://access.redhat.com/site/documentation/en- US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/s-memory-tunables.html Maximum SHMMAX values for Linux x86 and x86-64 [ID 567506.1] https://support.oracle.com/epmos/faces/ui/km/SearchDocDisplay.jspx?_adf.ctrl-state=yp0o5bwk6_4 About the Oracle Database Fault Diagnosability Infrastructure http://docs.oracle.com/cd/E11882_01/server.112/e25494/diag001.htm Oracle® Database Installation Guide 11g Release 2 (11.2) for Linux http://docs.oracle.com/cd/E11882_01/install.112/e24321/oraclerestart.htm Oracle® Grid Infrastructure Installation Guide 11g Release 2 (11.2) for Linux http://docs.oracle.com/cd/E11882_01/install.112/e22489/prelinux.htm Oracle® Real Application Clusters Installation Guide 11g Release 2 (11.2) for Linux and UNIX http://docs.oracle.com/cd/E11882_01/install.112/e24660/chklist.htm refarch-feedback@redhat.com 91 www.redhat.com
还剩97页未读

继续阅读

下载pdf到电脑,查找使用更方便

pdf的实际排版效果,会与网站的显示效果略有不同!!

需要 8 金币 [ 分享pdf获得金币 ] 0 人已下载

下载pdf

pdf贡献者

chxueli

贡献于2014-09-11

下载需要 8 金币 [金币充值 ]
亲,您也可以通过 分享原创pdf 来获得金币奖励!
下载pdf