This article will show how to configure Oracle Linux 7 for Oracle Database 12c:
- System and Kernel parameters
- Users and Groups for Job Role Separation
- Directories
Before starting, you should have ...
... Oracle Linux 7 already installed (if not, see ol7 installation here)
... a root access
Users and Groups
For Job Role Separation, groups and users will be created as follow :
| Description | OS Group Name | OS Users Assigned | Oracle Privilege | Oracle Group Name |
| Oracle Inventory/Software Group (mandatory) | oinstall | grid, oracle | | |
| Database Administrator (mandatory) | dba | oracle | SYSDBA | OSDBA |
| Database Operator | oper | oracle | SYSOPER | OSOPER |
| ASM Administration Group | asmadmin | grid | SYSASM | OSASM |
| ASM Database Administrator Group | asmdba | grid, oracle | SYSDBA for ASM | OSDBA for ASM |
| ASM Operator Group | asmoper | grid | SYSOPER for ASM | OSOPER for ASM |
| RMAN Management Group | backupdba | oracle | SYSBACKUP | OSBACKUPDBA |
| Data Guard Management Group | dgdba | oracle | SYSDG | OSDGDBA |
| Encryption Key Management Group | kmdba | oracle | SYSKM | OSKMDBA |
| RAC Management Group (from 12.2) | racdba | oracle | SYSRAC | OSRACDBA |
Groups
Create groups with the following commands as root:
# Oracle inventory/software group
[root]$ groupadd -g 54321 oinstall
# Full admin database management group (mandatory)
[root]$ groupadd -g 54322 dba
# Operator database management group (subset of full admin privilege)
[root]$ groupadd -g 54323 oper
# RMAN management group
[root]$ groupadd -g 54324 backupdba
# DataGuard management group
[root]$ groupadd -g 54325 dgdba
# Encryption key management group
[root]$ groupadd -g 54326 kmdba
# ASM management groups
[root]$ groupadd -g 54327 asmdba
[root]$ groupadd -g 54328 asmoper
[root]$ groupadd -g 54329 asmadmin
# RAC management (available from 12.2.0)
groupadd -g 54330 racdba
Users
Create oracle users with the following commands as root:
# Oracle user (mandatory)
[root]$ useradd -u 54321 -g oinstall -s /bin/bash -c "Oracle Software Owner" oracle
[root]$ usermod -aG oinstall,dba,oper,asmdba,backupdba,dgdba,kmdba,racdba oracle
[root]$ passwd oracle
Create grid users with the following commands as root:
# Grid user
[root]$ useradd -u 54322 -g oinstall -s /bin/bash -c "Grid Infrastructure Owner" grid
[root]$ usermod -aG oinstall,asmdba,asmadmin,asmoper grid
[root]$ passwd grid
Users Profiles
For both oracle and grid users, do the following:
0- Connect to the user with su
# For example, connect to oracle
[root]$ su - oracle
1- Add the following code to ~/.bash_profile if use bash or ~/.profile if use ksh as shell login
# Load oracle_profile
if [ -f ~/ora_profile ]; then
. ~/ora_profile
fi
2- Then create ~/ora_profile file as follow:
Expand/Collapse
# ora_profile
umask 022
# Keyboard
set -o vi
stty erase ^?
if [ -t 0 ]; then
stty intr ^C
fi
# UNIX Prompt
export PS1='[\u@\h:\w (${ORACLE_SID:-"NoSID"})]$ '
ORAENVDIR="$HOME/bin"
SQLCMD="sql"
ORAENVCMD="oraenv2"
[[ "x$(which $ORAENVCMD 2>/dev/null)" == "x" ]] && ORAENVCMD="oraenv"
# Command aliases
alias ls="ls -FA"
alias ll='ls -FAl --color=tty'
alias mv='mv -i'
alias rm='rm -i'
# Oracle directories aliases
alias cdoh='cd $ORACLE_HOME'
alias cdtns='cd $ORACLE_HOME/network/admin'
alias cdadm='cd $ORACLE_BASE/admin/$ORACLE_SID'
# Oracle command aliases
alias sq='$SQLCMD / as sysoper'
alias sqdba='$SQLCMD / as sysdba'
alias osid='echo $ORACLE_SID'
alias oenv='. $ORAENVCMD'
alias crsstat='crsctl status resource -t'
alias sqasm='$SQLCMD / as sysasm'
# Oracle Settings
export TMP=/tmp
export TMPDIR=$TMP
export EDITOR=vi
#export SQLPATH=/u01/app/common/oracle/sql
export THREADS_FLAG=native;
export NLS_LANG='American_America.UTF8'
export NLS_DATE_FORMAT="DD/MM/YYYY HH24:MI:SS"
export ORACLE_TERM=xterm
export ORACLE_HOSTNAME=oralab01.uxora.com
#export ORACLE_UNQNAME=ORALAB
export BASE_PATH=/usr/sbin:$PATH
export GRID_SID=+ASM1
export GRID_BASE=/u01/app/grid
export GRID_HOME=/u01/app/12.2.0/grid
export DB_SID=UXOCDB1
export DB_BASE=/u01/app/oracle
export DB_HOME=$DB_BASE/product/12.2.0/db_1
export OMS_SID=UXOCDB1
export OMS_BASE=/u01/app/oracle
export OMS_HOME=$DB_BASE/product/middleware/oms
[[ ! -e $ORAENVDIR ]] && mkdir -p $ORAENVDIR
# Create env files and aliases (dbenv,gridenv,...)
for iType in DB GRID OMS; do
vTypel=$( echo ${iType} | tr "[:upper:]" "[:lower:]" )
vFile="$ORAENVDIR/oraenv_${vTypel}"
if [[ ! -e $vFile ]]; then
cat >> $vFile <<-_EOF_
export ORACLE_SID=\$${iType}_SID
export ORACLE_BASE=\$${iType}_BASE
export ORACLE_HOME=\$${iType}_HOME
export LD_LIBRARY_PATH=\$ORACLE_HOME/lib:/lib:/usr/lib
export CLASSPATH=\$ORACLE_HOME/JRE:\$ORACLE_HOME/jlib:\$ORACLE_HOME/rdbms/jlib:\$ORACLE_HOME/network/jlib
export PATH=\$ORACLE_HOME/bin:\$BASE_PATH
export TNS_ADMIN=\$ORACLE_HOME/network/admin
export ORA_NLS11=\$ORACLE_HOME/nls/data
_EOF_
fi
eval alias ${vTypel}env=\'. ${vFile}\'
done
if [[ "$USER" == "oracle" ]]; then
. $ORAENVDIR/oraenv_db
elif [[ "$USER" == "grid" ]]; then
. $ORAENVDIR/oraenv_grid
fi
Note
Make sure this script use tabulation (not space as tabulation) to work properly.
About oraenv2 script, it is available here.
3- Reconnect to the user to reload the profile.
Now to change environement, you can use :
gridenv alias to load grid db environementdbenv alias to load default oracle db environementoenv for other oracle db environement
Directories
Mountpoint (/u01)
It is optional but recommended to create a mountpoint with a dedicated filesystem to store oracle software binaries for several reasons:
- to not fill up root filesystem
- to increase this specific filesystem only if needed
- to be able to move disk and filesystems to an other server
Execute theses commands as root for a new sdb disk:
Expand/Collapse
# Create partition on the new disk
[root]$ fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help):n
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p): p
First cylinder (1-6, default 1): 1
Last cylinder or +size or +sizeM or +sizeK (1-6, default 6): 6
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
# Check new created partition
[root]$ fdisk -l /dev/sdb
Disk /dev/sdb: 6442 MB, 6442450944 bytes, 12582912 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x23f11588
Device Boot Start End Blocks Id System
/dev/sdb1 2048 12582911 6290432 83 Linux
# Create filesystem
[root]$ mkfs -t xfs /dev/sdb1
meta-data=/dev/sdb1 isize=256 agcount=4, agsize=131008 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=1572608, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
# Create mountpoint
[root]$ mkdir /u01
# Mount mountpoint
[root]$ printf "\n/dev/sdb1\t/u01\txfs\tdefaults\t1 2\n" >> /etc/fstab
[root]$ mount /u01
[root]$ df -m | grep /u01
/dev/sdb1 6133 4049 2085 67% /u01
# Change permissions
[root]$ chown root.oinstall /u01
[root]$ chmod 775 /u01
Oracle software directories
# Create Oracle base directory
[root]$ mkdir -p /u01/app/oracle
[root]$ chown oracle:oinstall /u01/app/oracle
[root]$ chmod 775 /u01/app/oracle
# Create Oracle Inventory directory
[root]$ mkdir -p /u01/app/oraInventory
[root]$ chown oracle:oinstall /u01/app/oraInventory
[root]$ chmod 775 /u01/app/oraInventory
# Create Grid Infrastructure directories
[root]$ mkdir -p /u01/app/grid
[root]$ mkdir -p /u01/app/12.2.0/grid
[root]$ chown grid:oinstall /u01/app/grid /u01/app/12.2.0/grid
[root]$ chmod 775 /u01/app/grid /u01/app/12.2.0/grid
Oracle inventory file
If not already exist, create /etc/oraInst.loc file:
# Create oraInst.loc
[root]$ cat > /etc/oraInst.loc <<EOF
inventory_loc=/u01/app/oraInventory
inst_group=oinstall
EOF
[root]$ chown oracle:oinstall /etc/oraInst.loc
[root]$ chmod 664 /etc/oraInst.loc
System
Kernel
If not already present, add the following lines to:
- Either
/etc/sysctl.d/99-oracle_db-sysctl.conf - Or
/etc/sysctl.conf
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.panic_on_oops = 1
kernel.sem = 250 32000 100 128
kernel.shmall = 1073741824
kernel.shmmax = 4398046511104
kernel.shmmni = 4096
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.default.rp_filter = 2
net.ipv4.ip_local_port_range = 9000 65500
Reload kernel parameters with the following command:
# Reload kernel parameters
[root]$ sysctl -p
Shell Limits
If not already present, add the following lines to:
- Either
/etc/security/limits.d/oracle_users_limits.conf - Or
/etc/security/limits.conf
# set oracle user limits
oracle soft nofile 1024
oracle hard nofile 65536
oracle soft nproc 16384
oracle hard nproc 16384
oracle soft stack 10240
oracle hard stack 32768
oracle hard memlock 134217728
oracle soft memlock 134217728
# set grid user limits
grid soft nofile 1024
grid hard nofile 65536
grid soft nproc 16384
grid hard nproc 16384
grid soft stack 10240
grid hard stack 32768
grid hard memlock 134217728
grid soft memlock 134217728
If not already present, add the following lines to:
session required pam_limits.so
User limits
Make sure oracle user's default shell is Bourne, Bash, or Korn shell.
[root]$ grep -e "oracle" -e "grid" /etc/passwd
oracle:x:54321:54321::/home/oracle:/bin/bash
grid:x:54322:54321::/home/grid:/bin/bash
Then add the following lines to the end of /etc/profile file:
if [ $USER = "oracle" ] || [ $USER = "grid" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
Disable SELinux
Edit /etc/selinux/config config file and set SELINUX to "disabled" or "permissive":
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
And execute the following commands as root to immediately disable SELinux:
# Disable SELinux
[root]$ /usr/sbin/setenforce 0
# Check current SELinux configuration
[root]$ /usr/sbin/getenforce
Permissive
Services
# Disable system auto-update
[root]$ systemctl stop packagekit
[root]$ systemctl disable packagekit
# Disable firewall
[root]$ systemctl stop firewalld
[root]$ systemctl disable firewalld
# Disable avahi-daemon
[root]$ systemctl stop avahi-daemon
[root]$ systemctl disable avahi-daemon
# Enable chrony (ntp)
[root]$ systemctl start chronyd
[root]$ systemctl enable chronyd
Packages
Install prerequisite packages manually or automaticaly with the special oracle preinstall package
# Automatic oracle packages prerequisite install
[root]$ yum -y install oracle-database-server-12cR2-preinstall
# Manually oracle packages prerequisite install
[root]$ yum install -y binutils
[root]$ yum install -y compat-libcap1
[root]$ yum install -y compat-libstdc++-33 compat-libstdc++-33.i686
[root]$ yum install -y glibc glibc.i686
[root]$ yum install -y glibc-devel glibc-devel.i686
[root]$ yum install -y ksh
[root]$ yum install -y libaio libaio.i686
[root]$ yum install -y libaio-devel libaio-devel.i686
[root]$ yum install -y libX11 libX11.i686
[root]$ yum install -y libXau libXau.i686
[root]$ yum install -y libXi libXi.i686
[root]$ yum install -y libXtst libXtst.i686
[root]$ yum install -y libgcc libgcc.i686
[root]$ yum install -y libstdc++ libstdc++.i686
[root]$ yum install -y libstdc++-devel libstdc++-devel.i686
[root]$ yum install -y libxcb libxcb.i686
[root]$ yum install -y make
[root]$ yum install -y nfs-utils
[root]$ yum install -y net-tools
[root]$ yum install -y smartmontools
[root]$ yum install -y sysstat
What next
Hope This Helps,
Michel.
Reference
Administrative Privileges and Job Role Separation (oracle-base.com)
Configuring OS for Oracle Grid Infrastructure on Linux (docs.oracle.com)
Enjoyed this article? Please like it or share it.
Please connect with one of social login below (or fill up name and email)