Oracle database installation
General recommendations
Please follow these general recommendations for every Oracle Database installation
Parameter NLS_CHARACTERSET must be AL32UTF8.
The application server uses only a dedicated server process and has its own connection pool mechanism. No dispatchers.
Parameter PROCESSES must be extended from default 300 to (number of censhare Servers * censhare parameter max-open JDBC connections + number of background Oracle processes). For example: for 3 censhare Servers, the number of Oracle processes should be set to 500.
Operating System Timezone should be the same as the master censhare server.
At least 5x 200MB redo log groups. For mission-critical environments, the groups should be multiplexed.
For maximum performance, the data files should be on SSD and the instance should be configured with ASSM on HugePages.
SGA can be sized between 1GB for small DEV servers to 60 GB for globally distributed environments with a few hundred concurrent censhare users. The key factor for the SGA sizing is the number of censhare assets, features, and relations.
censhare needs only one tablespace, which we usually name CORPUS. Sizing estimates, between 20 and 100 GB growth per year.
grant connect, resource, select_catalog_role on the application user named "corpus"
Strict separation on the login to PROD from DEV schemas (aka. source IP->DBschema pairs). For example: If PROD and DEV schemas are in the same database, then a login trigger should allow login to the PROD schema only from the IP on the PROD servers. if DEV and CONS schemas are in different databases, then a firewall or listener (validnode_checking) rules on the PROD database should allow login only from the IP address on the PROD censhare servers.
Monitoring with thresholds, alerts, and usage charts on Tablespace and FRA usage, Listener, and Database availability. Eg. Icinga, Enterprise Manager, etc.
Licensing
It's very important that the installed database edition, options, packs, and features don't violate the purchased license.
Certification of the operating system and platform
It's very important that the database software is installed on a certified operating system and platform, otherwise, you may not get support and be responsible for possible database corruption and data loss.
Here is a snip from the certification requirements for Linux as of January 2018.
## Oracle Database 12.1.0.2
* Oracle Linux 7.2 with UEK 4: 4.1.12-61.1.19.el7uek.x86_64 or later
* RHEL 7 with 3.10.0-123.el7.x86_64 or later
* SLES 12 with 3.12.49-11-default or later
## Oracle Database 11.2.0.4
* Oracle Linux 7.0 with the UEK 3: 3.8.13-35.3.1.el7uek.x86_64 or later
* RHEL 7 with 3.10.0-123.el7.x86_64 or later
* SLES 11
IMPORTANT: For the actual state of the detailed information, always refer to Oracle Note 1304727.1
Oracle database in a VMware environment
Many customers are using VMware infrastructure in their data centers. You should be very careful when installing Oracle products in a VMware VM.
Official statement from Oracle Global Customer Support
This is the position for Oracle Products Running on VMWare Virtualized Environments (Doc ID 249212.1 as of January 2018)
Support Status for VMware Virtualized Environments Oracle has not certified any of its products on VMware virtualized environments. Oracle Support will assist customers running Oracle products on VMware in the following manner: Oracle will only provide support for issues that either are known to occur on the native OS or can be demonstrated not to be as a result of running on VMware. If a problem is a known Oracle issue, Oracle support will recommend the appropriate solution on the native OS. If that solution does not work in the VMware virtualized environment, the customer will be referred to VMware for support. When the customer can demonstrate that the Oracle solution does not work when running on the native OS, Oracle will resume support, including logging a bug with Oracle Development for investigation if required. If the problem is determined not to be a known Oracle issue, we will refer the customer to VMware for support. When the customer can demonstrate that the issue occurs when running on the native OS, Oracle will resume support, including logging a bug with Oracle Development for investigation if required. NOTE: Oracle has not certified any of its products on VMware. For Oracle RAC, Oracle will only accept Service Requests as described in this note on Oracle RAC 11.2.0.2 and later releases.
VMware's interpretation and guidelines
See this white paper for VMware's interpretation about the Oracle Support position:
Understanding Oracle Certification, Support, and Licensing
See also these white papers:
Other types of Virtualization and Partitioning
Solaris zones: censhare IT has long experience in SaaS and on-premiss installations. Docker containers: Oracle supports Oracle Database (single instance) running in Docker containers running on Oracle Linux 7 with UEK4 or Red Hat Enterprise Linux 7. For detailed information see Oracle Notes 2216342.1 and 1921163.1. See this page for a list of Supported Virtualization and Partitioning Technologies.
censhare recommendation
For AWS installations, customers should use RDS. For small on-premises installations, RHEL 7 on a physical machine is a safe choice. Whenever a customer needs Load Balancing and Server Failover within the same data center, he could use the classical solution for two physical servers (one for censhare and one for Oracle). In this case, both servers have to be licensed. For globally distributed business-critical censhare installations with hundreds of users, the business owner usually has high RPO/RTO expectations. In this case, Oracle Database planning, installation, and support have to be performed by the customer's own DBA team or external consulting company.
Install the software and create a database
These are the general steps for installing Oracle Database 12.1.0.2 Standard Edition 2 on RHEL 7.
Get confirmation about license and certification
Before you install any Oracle product, get a written confirmation from the customer, project manager, or colleague:
1. I am sure that customer XXXX has a license for Oracle Database XXXXX Edition.
2. I am sure the underlying hardware and operating system are certified to run version X.X.X.X
and doesn't violate the licensing policy.
Setup kernel parameters
# vi /etc/sysctl.d/98-oracle.conf
fs.file-max = 6815744
kernel.sem = 250 32000 100 128
kernel.shmmni = 4096
kernel.shmall = 1073741824
kernel.shmmax = 4398046511104
kernel.panic_on_oops = 1
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.default.rp_filter = 2
fs.aio-max-nr = 1048576
net.ipv4.ip_local_port_range = 9000 65500
..... then activate the changes like this:
sysctl -p
Setup resource limits
# vi /etc/security/limits.d/oracle-rdbms-server-12cR1-preinstall.conf
oracle soft nofile 1024
oracle hard nofile 65536
oracle soft nproc 16384
oracle hard nproc 16384
oracle soft stack 10240
oracle hard stack 32768
oracle hard memlock 134217728
oracle soft memlock 134217728
Install required OS packages
Enable the optional RPM repository needed for some of the packages below.
yum-config-manager --enable rhel-7-server-optional-rpms
Then install the packages:
yum install xauth \
binutils \
compat-libstdc++-33 compat-libstdc++-33.i686 \
gcc \
gcc-c++ \
glibc glibc.i686 \
glibc-devel glibc-devel.i686 \
ksh \
libgcc libgcc.i686 \
libstdc++ libstdc++.i686 \
libstdc++-devel libstdc++-devel.i686 \
libaio libaio.i686 \
libaio-devel libaio-devel.i686 \
libXext libXext.i686 \
libXtst libXtst.i686 \
libX11 libX11.i686 \
libXau libXau.i686 \
libxcb libxcb.i686 \
libXi libXi.i686 \
make \
unixODBC unixODBC-devel \
zlib-devel zlib-devel.i686 \
compat-libcap1.i686 compat-libcap1.x86_64
Create Oracle user and groups
groupadd -g 54321 oinstall
groupadd -g 54322 dba
groupadd -g 54323 oper
useradd -u 54321 -g oinstall -G dba,oper oracle
passwd oracle
SELinux
##### Change a parameter in file /etc/selinux/config like this
SELINUX=permissive
... then execute:
setenforce Permissive
TODO: put here an option to setup rules instead of setting it to permisive
Firewall
systemctl stop firewalld
systemctl disable firewalld
TODO: put here an option to only open ports instead of disabling the whole firewall
Set up ORACLE_BASE directory
mkdir -p /u01/app/oracle/product/12.1.0.2/db_1
chown -R oracle:oinstall /u01
chmod -R 775 /u01
Set up environment variables
# vi /home/oracle/.bash_profile
export ORACLE_HOSTNAME=[ .........PUT HERE YOUR SERVER'S FQDN............]
export TMP=/tmp
export TMPDIR=$TMP
export ORACLE_UNQNAME=corpus
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=$ORACLE_BASE/product/12.1.0.2/db_1
export ORACLE_SID=corpus
export PATH=/usr/sbin:$PATH
export PATH=$ORACLE_HOME/bin:$ORACLE_HOME/OPatch:$ORACLE_HOME/bin:$PATH
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib
export CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib
export TNS_ADMIN=$ORACLE_HOME/network/admin
export NLS_LANG=AMERICAN_AMERICA.AL32UTF8
export NLS_DATE_FORMAT='YYYY-MM-DD HH24:MI:SS'
export EDITOR=vim
Download the software
You can download the software from https://edelivery.oracle.com
If you have access to the file server, copy the software like this:
.. from your Mac:
scp /Volumes/vol_censhare_it_data_nfs_iso/Oracle_Database/Standard_Edition_2_12.1.0.2/
Linux_x64_V77388-01_*of2.zip \ oracle@DBSERVER:/u01/app/oracle/software/
Install the database software
-------- AS USER oracle
cd /u01/app/oracle/software/
unzip Linux_x64_V77388-01_1of2.zip
unzip Linux_x64_V77388-01_2of2.zip
cd database
export DISTRIB=$(pwd)
./runInstaller -silent \
-responseFile $DISTRIB/response/db_install.rsp \
oracle.install.option=INSTALL_DB_SWONLY \
UNIX_GROUP_NAME=oinstall \
INVENTORY_LOCATION=/u01/app/oraInventory \
SELECTED_LANGUAGES=en \
ORACLE_HOME=$ORACLE_HOME \
ORACLE_BASE=$ORACLE_BASE \
oracle.install.db.InstallEdition=SE2 \
oracle.install.db.isCustomInstall=false \
oracle.install.db.DBA_GROUP=dba \
oracle.install.db.OPER_GROUP=dba \
oracle.install.db.BACKUPDBA_GROUP=dba \
oracle.install.db.DGDBA_GROUP=dba \
oracle.install.db.KMDBA_GROUP=dba \
SECURITY_UPDATES_VIA_MYORACLESUPPORT=false \
DECLINE_SECURITY_UPDATES=true
.... wait for the installer to complete
-------- AS USER root
/u01/app/oraInventory/orainstRoot.sh
/u01/app/oracle/product/12.1.0.2/db_1/root.sh
Create the database
-------- from now on, all commands have to be executed as AS USER oracle
ln -s $ORACLE_HOME ~/orahome
ln -s $ORACLE_BASE/oradata ~/orahome/oradata
dbca -silent -createDatabase \
-templateName General_Purpose.dbc \
-gdbname corpus -sid corpus -responseFile NO_VALUE \
-characterSet AL32UTF8 \
-nationalCharacterSet AL16UTF16 \
-sysPassword $RANDOM$(date +%S) \
-systemPassword $RANDOM$(date +%S) \
-emConfiguration NONE \
-datafileDestination $ORACLE_BASE/oradata \
-createAsContainerDatabase false \
-databaseType MULTIPURPOSE \
-automaticMemoryManagement false \
-storageType FS \
-redoLogFileSize 200 \
-ignorePreReqs
Set some options
sqlplus -s / as sysdba < $ORACLE_HOME/network/admin/tnsnames.ora
Back up the configuration
copy the lates backup_rman.sh script from GIT and create this cron job
0 21 * * * /home/oracle/bin/backup_rman.sh >/dev/null 2>&1
touch /var/log/backup_rman.log as root and change the owner to oracle
Ensure that /rmanbackup/ is on a storage or volume different than the database files.
Check the log file on the next day and setup active monitoring
Schedule annual database recovery tests.
Apply the latest patch update
Critical patch updates are collections of security fixes for Oracle products. They are released on the Tuesday closest to the 17th day of January, April, July, and October.
Download the PSU and OPatch utility
You can download the latest PSU from https://support.oracle.com - see Oracle Note 756671.1 for the latest available patch. if you have access to the file server, you can copy the PSU like this:
scp /Volumes/vol_censhare_it_data_nfs_iso/Oracle_Database/Standard_Edition_2_12.1.0.2/
*Linux-x86-64.zip \
oracle@DBSERVER:/u01/app/oracle/software/
Update the OPatch utility
cd $ORACLE_BASE/software/
cp -r $ORACLE_HOME/OPatch $ORACLE_HOME/OPatch.$(date '+%Y-%m-%d_%H%M%S')
unzip -oq -d $ORACLE_HOME p6880880_122010_Linux-x86-64.zip
opatch lsinv
Apply the PSU
sqlplus / as sysdba
shutdown immediate
exit
lsnrctl stop
ps -ef | grep oracle # ensure that there are no other oracle processes
cd $ORACLE_BASE/software/
unzip p26713565_121020_Linux-x86-64.zip
cd 26713565
opatch prereq CheckConflictAgainstOHWithDetail -ph ./
opatch apply
lsnrctl start
sqlplus / as sysdba
startup
exit
cd $ORACLE_HOME/OPatch
./datapatch -verbose