User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active
 

This article will show how to configure Oracle Linux 7 for Oracle Database 12c:

  • System and Kernel parameters
  • Users and Groups for Job Role Separation
  • Directories

Before starting, you should have ...
... Oracle Linux 7 already installed (if not, see ol7 installation here)
... a root access

Users and Groups

For Job Role Separation, groups and users will be created as follow :

Description OS Group Name OS Users Assigned Oracle Privilege Oracle Group Name
Oracle Inventory/Software Group (mandatory) oinstall grid, oracle    
Database Administrator (mandatory) dba oracle SYSDBA OSDBA
Database Operator oper oracle SYSOPER OSOPER
ASM Administration Group asmadmin grid SYSASM OSASM
ASM Database Administrator Group asmdba grid, oracle SYSDBA for ASM OSDBA for ASM
ASM Operator Group asmoper grid SYSOPER for ASM OSOPER for ASM
RMAN Management Group backupdba oracle SYSBACKUP OSBACKUPDBA
Data Guard Management Group dgdba oracle SYSDG OSDGDBA
Encryption Key Management Group kmdba oracle SYSKM OSKMDBA
RAC Management Group (from 12.2) racdba oracle SYSRAC OSRACDBA

Groups

Create groups with the following commands as root:

 
# Oracle inventory/software group
[root]$ groupadd -g 54321 oinstall
# Full admin database management group (mandatory)
[root]$ groupadd -g 54322 dba
# Operator database management group (subset of full admin privilege)
[root]$ groupadd -g 54323 oper

# RMAN management group
[root]$ groupadd -g 54324 backupdba
# DataGuard management group
[root]$ groupadd -g 54325 dgdba
# Encryption key management group
[root]$ groupadd -g 54326 kmdba

# ASM management groups
[root]$ groupadd -g 54327 asmdba
[root]$ groupadd -g 54328 asmoper
[root]$ groupadd -g 54329 asmadmin

# RAC management (available from 12.2.0)
groupadd -g 54330 racdba

Users

Create oracle users with the following commands as root:

 
# Oracle user (mandatory)
[root]$ useradd -u 54321 -g oinstall -s /bin/bash -c "Oracle Software Owner" oracle
[root]$ usermod -aG oinstall,dba,oper,asmdba,backupdba,dgdba,kmdba,racdba oracle
[root]$ passwd oracle

Create grid users with the following commands as root:

 
# Grid user
[root]$ useradd -u 54322 -g oinstall -s /bin/bash -c "Grid Infrastructure Owner" grid
[root]$ usermod -aG oinstall,asmdba,asmadmin,asmoper grid
[root]$ passwd grid

Users Profiles

For both oracle and grid users, do the following:

0- Connect to the user with su

# For example, connect to oracle
[root]$ su - oracle

1- Add the following code to ~/.bash_profile if use bash or ~/.profile if use ksh as shell login

# Load oracle_profile
if [ -f ~/ora_profile ]; then
  . ~/ora_profile
fi

2- Then create ~/ora_profile file as follow:

# ora_profile
umask 022
 
# Keyboard
set -o vi
stty erase ^?
if [ -t 0 ]; then
	stty intr ^C
fi
 
# UNIX Prompt
export PS1='[\[email protected]\h:\w (${ORACLE_SID:-"NoSID"})]$ '

ORAENVDIR="$HOME/bin"
GRIDENVFILE="$ORAENVDIR/oraenv_grid"
DBENVFILE="$ORAENVDIR/oraenv_db"
SQLCMD="sql"
ORAENVCMD="oraenv2"
[[ "x$(which $ORAENVCMD 2>/dev/null)" == "x" ]] && ORAENVCMD="oraenv"

# Command aliases
alias ls="ls -FA"
alias ll='ls -FAl --color=tty'
alias mv='mv -i'
alias rm='rm -i'

# Oracle directories aliases
alias cdoh='cd $ORACLE_HOME'
alias cdtns='cd $ORACLE_HOME/network/admin'
alias cdadm='cd $ORACLE_BASE/admin/$ORACLE_SID'

# Oracle command aliases
alias sq='$SQLCMD / as sysoper'
alias sqdba='$SQLCMD / as sysdba'
alias osid='echo $ORACLE_SID'
alias oenv='. $ORAENVCMD'

alias crsstat='crsctl status resource -t'
alias sqasm='$SQLCMD / as sysasm'

# Oracle env aliases
alias gridenv='. $GRIDENVFILE'
alias dbenv='. $DBENVFILE'

# Oracle Settings
export TMP=/tmp
export TMPDIR=$TMP

export EDITOR=vi
#export SQLPATH=/u01/app/common/oracle/sql
export THREADS_FLAG=native;

export NLS_LANG='American_America.UTF8'
export NLS_DATE_FORMAT="DD/MM/YYYY HH24:MI:SS"

export ORACLE_TERM=xterm
export ORACLE_HOSTNAME=oralab01.uxora.com
#export ORACLE_UNQNAME=ORALAB

export BASE_PATH=/usr/sbin:$PATH

export GRID_SID=+ASM1
export GRID_BASE=/u01/app/grid
export GRID_HOME=/u01/app/12.2.0/grid

export DB_SID=UXOCDB1
export DB_BASE=/u01/app/oracle
export DB_HOME=$DB_BASE/product/12.2.0/db_1

[[ ! -e $ORAENVDIR ]] && mkdir -p $ORAENVDIR

for vType in DB GRID; do
	vFile=$DBENVFILE
	[[ "x$vType" == "xGRID" ]] && vFile=$GRIDENVFILE
	if [[ ! -e $vFile ]]; then
		cat >> $vFile <<-_EOF_
			export ORACLE_SID=\$${vType}_SID
			export ORACLE_BASE=\$${vType}_BASE
			export ORACLE_HOME=\$${vType}_HOME
			
			export LD_LIBRARY_PATH=\$ORACLE_HOME/lib:/lib:/usr/lib
			export CLASSPATH=\$ORACLE_HOME/JRE:\$ORACLE_HOME/jlib:\$ORACLE_HOME/rdbms/jlib:\$ORACLE_HOME/network/jlib
			
			export PATH=\$ORACLE_HOME/bin:\$BASE_PATH
			
			export TNS_ADMIN=\$ORACLE_HOME/network/admin
			export ORA_NLS11=\$ORACLE_HOME/nls/data
		_EOF_
	fi
done

if [[ "$USER" == "oracle" ]]; then
	. $DBENVFILE
elif [[ "$USER" == "grid" ]]; then
	. $GRIDENVFILE
fi

Note
Make sure this script use tabulation (not space as tabulation) to work properly

3- Reconnect to the user to reload the profile.
Now to change environement, you can use :

  • gridenv alias to load grid db environement
  • dbenv alias to load default oracle db environement
  • oenv for other oracle db environement

Directories

Mountpoint (/u01)

It is optional but recommended to create a mountpoint with a dedicated filesystem to store oracle software binaries for several reasons:

  • to not fill up root filesystem
  • to increase this specific filesystem only if needed
  • to be able to move disk and filesystems to an other server

Execute theses commands as root for a new sdb disk:

# Create partition on the new disk
[root]$ fdisk /dev/sdb
    Welcome to fdisk (util-linux 2.23.2).

    Changes will remain in memory only, until you decide to write them.
    Be careful before using the write command.

    Command (m for help):n
    Partition type:
       p   primary (1 primary, 0 extended, 3 free)
       e   extended
    Select (default p): p
    First cylinder (1-6, default 1): 1
    Last cylinder or +size or +sizeM or +sizeK (1-6, default 6): 6

    Command (m for help): w
    The partition table has been altered!

    Calling ioctl() to re-read partition table.
    Syncing disks.

# Check new created partition
[root]$ fdisk -l /dev/sdb
    Disk /dev/sdb: 6442 MB, 6442450944 bytes, 12582912 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk label type: dos
    Disk identifier: 0x23f11588

       Device Boot      Start         End      Blocks   Id  System
    /dev/sdb1            2048    12582911     6290432   83  Linux

# Create filesystem
[root]$ mkfs -t xfs /dev/sdb1
    meta-data=/dev/sdb1              isize=256    agcount=4, agsize=131008 blks
             =                       sectsz=512   attr=2, projid32bit=1
             =                       crc=0
    data     =                       bsize=4096   blocks=1572608, imaxpct=25
             =                       sunit=0      swidth=0 blks
    naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
    log      =internal log           bsize=4096   blocks=2560, version=2
             =                       sectsz=512   sunit=0 blks, lazy-count=1
    realtime =none                   extsz=4096   blocks=0, rtextents=0

# Create mountpoint
[root]$ mkdir /u01

# Mount mountpoint
[root]$ printf "\n/dev/sdb1\t/u01\txfs\tdefaults\t1 2\n" >> /etc/fstab
[root]$ mount /u01
[root]$ df -m | grep /u01
    /dev/sdb1                6133   4049      2085  67% /u01

# Change permissions
[root]$ chown root.oinstall /u01
[root]$ chmod 775 /u01

Oracle software directories

# Create Oracle base directory
[root]$ mkdir -p /u01/app/oracle
[root]$ chown oracle:oinstall /u01/app/oracle
[root]$ chmod 775 /u01/app/oracle

# Create Oracle Inventory directory
[root]$ mkdir -p /u01/app/oraInventory
[root]$ chown oracle:oinstall /u01/app/oraInventory
[root]$ chmod 775 /u01/app/oraInventory

# Create Grid Infrastructure directories
[root]$ mkdir -p /u01/app/grid
[root]$ mkdir -p /u01/app/12.2.0/grid
[root]$ chown grid:oinstall /u01/app/grid /u01/app/12.2.0/grid
[root]$ chmod 775 /u01/app/grid /u01/app/12.2.0/grid

Oracle inventory file

If not already exist, create /etc/oraInst.loc file:

# Create oraInst.loc
[root]$ cat > /etc/oraInst.loc <<EOF
inventory_loc=/u01/app/oraInventory
inst_group=oinstall
EOF

[root]$ chown oracle:oinstall /etc/oraInst.loc
[root]$ chmod 664 /etc/oraInst.loc

System

Kernel

If not already present, add the following lines to:

  • Either /etc/sysctl.d/99-oracle_db-sysctl.conf
  • Or /etc/sysctl.conf
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.panic_on_oops = 1
kernel.sem = 250 32000 100 128
kernel.shmall = 1073741824
kernel.shmmax = 4398046511104
kernel.shmmni = 4096
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.default.rp_filter = 2
net.ipv4.ip_local_port_range = 9000 65500

Reload kernel parameters with the following command:

 # Reload kernel parameters
[root]$ sysctl -p

Shell Limits

If not already present, add the following lines to:

  • Either /etc/security/limits.d/oracle_users_limits.conf
  • Or /etc/security/limits.conf
# set oracle user limits
oracle   soft   nofile   1024
oracle   hard   nofile   65536
oracle   soft   nproc    16384
oracle   hard   nproc    16384
oracle   soft   stack    10240
oracle   hard   stack    32768
oracle   hard   memlock  134217728
oracle   soft   memlock  134217728

# set grid user limits
grid   soft   nofile   1024
grid   hard   nofile   65536
grid   soft   nproc    16384
grid   hard   nproc    16384
grid   soft   stack    10240
grid   hard   stack    32768
grid   hard   memlock  134217728
grid   soft   memlock  134217728

If not already present, add the following lines to:

  • /etc/pam.d/login file
session required pam_limits.so

User limits

Make sure oracle user's default shell is Bourne, Bash, or Korn shell.

[root]$ grep -e "oracle" -e "grid" /etc/passwd
    oracle:x:54321:54321::/home/oracle:/bin/bash
    grid:x:54322:54321::/home/grid:/bin/bash

Then add the following lines to the end of /etc/profile file:

if [ $USER = "oracle" ] || [ $USER = "grid" ]; then
    if [ $SHELL = "/bin/ksh" ]; then
        ulimit -p 16384
        ulimit -n 65536
    else
        ulimit -u 16384 -n 65536
    fi
fi

Disable SELinux

Edit /etc/selinux/config config file and set SELINUX to "disabled" or "permissive":

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

And execute the following commands as root to immediately disable SELinux:

# Disable SELinux
[root]$ /usr/sbin/setenforce 0

# Check current SELinux configuration
[root]$ /usr/sbin/getenforce
    Permissive

Services

# Disable firewall
[root]$ systemctl stop firewalld
[root]$ systemctl disable firewalld

# Disable avahi-daemon
[root]$ systemctl stop avahi-daemon
[root]$ systemctl disable avahi-daemon

# Enable chrony (ntp)
[root]$ systemctl start chronyd
[root]$ systemctl enable chronyd

Packages

Install prerequisite packages manually or automaticaly with the special oracle preinstall package

# Automatic oracle packages prerequisite install
[root]$ yum -y install oracle-database-server-12cR2-preinstall

# Manually oracle packages prerequisite install
[root]$ yum install -y binutils
[root]$ yum install -y compat-libcap1
[root]$ yum install -y compat-libstdc++-33 compat-libstdc++-33.i686
[root]$ yum install -y glibc glibc.i686
[root]$ yum install -y glibc-devel glibc-devel.i686
[root]$ yum install -y ksh
[root]$ yum install -y libaio libaio.i686
[root]$ yum install -y libaio-devel libaio-devel.i686
[root]$ yum install -y libX11 libX11.i686
[root]$ yum install -y libXau libXau.i686
[root]$ yum install -y libXi libXi.i686
[root]$ yum install -y libXtst libXtst.i686
[root]$ yum install -y libgcc libgcc.i686
[root]$ yum install -y libstdc++ libstdc++.i686
[root]$ yum install -y libstdc++-devel libstdc++-devel.i686
[root]$ yum install -y libxcb libxcb.i686
[root]$ yum install -y make
[root]$ yum install -y nfs-utils
[root]$ yum install -y net-tools
[root]$ yum install -y smartmontools
[root]$ yum install -y sysstat

What next

Hope This Helps,
Michel.

Reference
Administrative Privileges and Job Role Separation (oracle-base.com)
Configuring OS for Oracle Grid Infrastructure on Linux (docs.oracle.com)

Enjoyed this article? Please like it or share it.

Add comment

Please connect with one of social login below (or fill up name and email)

     


Security code
Refresh