Overview
In this guide we use the following ORACLE_BASE, ORACLE_HOME and ORACLE_SID.
- export ORACLE_BASE=/opt/oracle
- export
ORACLE_HOME=$ORACLE_BASE/product/11.2.0
- export ORACLE_SID=GEN1
Download
Download the following software from the Oracle Download
- unzip linux_11gR2_database_1of2.zip
- unzip linux_11gR2_database_2of2.zip
|
After downloading
check the CKSUM / MD5SUM as described on Oracle's Site.
|
cksum
linux_11gR2_database_1of2.zip
md5sum linux_11gR2_database_1of2.zip
Requirements
Checking Memory and Swap Space
Oracle says that the system must have at least
1GB of physical RAM and 1GB of swap space or twice the size of RAM. And for systems
with more than 2 GB of RAM, the swap space can be between one and two times the
size of RAM. You might also want to check out sizing swap space.
To check the size of physical memory,
execute:
grep MemTotal /proc/meminfo
MemTotal: 515700 kB
To check the size of swap space,
execute:
grep SwapTotal /proc/meminfo
SwapTotal: 1004052 kB
You also can add temporary swap space to your
system by creating a temporary swap file instead of using a raw device. Here
is the procedure:
su - root
cd /root
dd if=/dev/zero of=/root/tmpswp bs=1k count=500000
500000+0 records in
500000+0 records out
chmod 600 tmpswp
mkswap tmpswp
Setting up swapspace version 1, size = 511995 kB
swapon tmpswp
grep SwapTotal /proc/meminfo
SwapTotal: 1504044
kB
Checking /tmp
Space
The Oracle Universal Installer requires up to
400 MB of free space in the /tmp directory. If you
do not have enough space in the /tmp filesystem,
you can temporarily create a tmp directory in another filesystem. Here is how you
can do this (/u01 is another filesystem)
su - root
mkdir /u01/tmp
chown root:root /u01/tmp
chmod 1777 /u01/tmp
export TEMP=/u01
export TMPDIR=/u01
When you are done with the Oracle
installation, shutdown Oracle and remove the temporary /tmp directory:
su - root
rmdir /u01/tmp
unset TEMP
unset TMPDIR
Hosts File
The /etc/hosts file must contain a fully
qualified name for the server.
192.168.138.80
gentic
Checking Kernel Parameters (Values from Oracle Site
for 11.2.0.x)
To see all kernel parameters,
execute:
su - root
sysctl -a
Verify that the kernel parameters shown in the following
table are set to values greater than or equal to the recommended value shown. Do
not change the value of any kernel parameter on a system where it is already higher
than listed as minimum requirement.
We added the following lines to the
/etc/sysctl.conf file which is used during
the boot process:
# Kernel Parameters
for Oracle 11.2.0
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048586
Adding these lines to the /etc/sysctl.conf file will cause the system to change these
kernel parameters after each boot using the /etc/init.d/bootmisc script which is invoked by /etc/inittab. But in order that these new added lines or
settings in /etc/sysctl.conf become effective
immediately, execute the following command:
Configuring kernel parameters:
su - root
sysctl -p
Disable SELINUX
Disable secure linux by editing the /etc/selinux/config file, making sure the SELINUX flag is set
as follows.
SELINUX = disabled
The server will need a reboot for the change to take effect.
reboot
Creating Oracle User Account
To create the oracle account and group(s), execute the
following commands:
su - root
groupadd -g 400 dba
useradd -u 400 -g 400 -d /home/oracle -s /bin/bash -c "Oracle Owner"
oracle
| Members of the dba
group can administer Oracle databases, for example starting up and shutting
down databases. In this guide, we are creating the oracle user account to have
this responsibility. |
Note on the «oinstall» Group
The oinstall
group is often needed for those organizations who have separate groups that
maintain the software and the database. In this scenario, the group membership
prevents unauthorized access to the database by personnel who maintain the
software, and it prevents the database administrators from making changes to the
software and the installations inventory directory.
When using oinstall during the install of the software, one must set
their default group to the one that will be maintaining the database before
creating the database or permission problems will arise.
Oinstall is not needed when the same people
will be maintaining the software and the database. In this situation, it will
create more work and add an extra layer of complexity to the maintenance of the
installation.
Recommendation: if you don't need the
oinstall group for added security, just
install using the dba group.
Setting Shell Limits for the Oracle User
Most shells like Bash provide control over
various resources like the maximum allowable number of open file descriptors or the
maximum number of processes available to a user.
To see all shell limits, run:
ulimit -a
Setting Limits for the Oracle User
After you changed and increased /proc/sys/fs/file-max, there is still a per user limit
of open file descriptors which is set to 1024 by default:
su - oracle
ulimit -n
1024
To change this, you have to edit the file
/etc/security/limits.conf as root and make
the following changes or add the following lines, respectively:
# To increase the
shell limits for Oracle 11
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
The «soft limit» in the first line
defines the number of file handles or open files that the Oracle user will have
after login. If the Oracle user gets error messages about running out of file
handles, then the Oracle user can increase the number of file handles like in this
example up to 63536 («hard limit») by running the following
command:
ulimit -n 63536
Note that we do not recommend to set the «hard
limit» for nofile for the oracle user equal to /proc/sys/fs/file-max. If you do that and the user uses up all
the file handles, then the system would run out of file handles. This could mean
that you won't be able to initiate new remote logins any more since the system
won't be able to open any PAM modules which are required for performing a login.
That's why we set the hard limit to 63536 and not to 65536.
You also need to make sure that pam_limits is
configured in the file /etc/pam.d/system-auth. This is the PAM module that will
read the /etc/security/limits.conf file. The entry
should read like:
session required
pam_limits.so
session required pam_unix.so
Now login to the oracle account again since
the changes will become effective for new login sessions only.
su - oracle
ulimit -n
4096
Make Settings Permanent
For the Bourne, Bash, or Korn shell, add the
following lines to the $HOME/.bash_profile
if [ $USER = "oracle"
]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 63536
else
ulimit -u 16384 -n 63536
fi
fi
Setup Environment
Before installing the Oracle software, set the environment in
$HOME/.GEN1, this file
will be sourced each time after login. In the example below, GEN1 is the SID of the database which we will
create.
cd $HOME
. ./.GEN1
ls -l
drwxr-xr-x 4 oracle dba 4.0K Sep 26 14:51
admin
lrwxrwxrwx 1 oracle dba 15 Oct 2 10:18
.GEN1 -> admin/GEN1/.oraenv
#!/bin/sh
unset TWO_TASK
# Permanent Settings
export ORACLE_ADMIN=/home/oracle
export TNS_ADMIN=$ORACLE_ADMIN/admin/sqlnet
export ORACLE_HOSTNAME=gentic
export ORACLE_SID=GEN1
export LISTENER_NAME=$ORACLE_SID
export ORACLE_BASE=/opt/oracle
export ORACLE_HOME=$ORACLE_BASE/product/11.2.0
export ORACLE_DOC=$ORACLE_HOME/doc
export ORACLE_TERM=xterm
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib:$LD_LIBRARY_PATH
export CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib
export PATH=$ORACLE_HOME/bin:$PATH
export NLS_LANG=american_america.al32utf8
export TEMP=/tmp
export TMPDIR=/tmp
export EDITOR=vi
ulimit -u 16384 -n 63536 1>/dev/null 2>&1
Installing Software only
This is only a brief description of the installation, the
screenshots are shown next.
Create Oracle Home Directories
Oracle Installer does not create Oracle Base / Oracle Home
directories.
mkdir -p /opt/oracle/product/11.2.0
chown -R
oracle:dba /opt/oracle
chmod -R 775 /opt/oracle
Start Installer
As Oracle11g is certified only on
some Linux editions you may get the following error when you run Oracle's
runInstaller, and installation will
stop:
Checking operating
system version: must be redhat-2.1,
UnitedLinux-1.0 or redhat-3
Failed <<<<
|
Solution: Use the
option -ignoreSysPrereqs or edit/create the
file /etc/redhat-release.
|
Edit the /etc/redhat-release file
replacing the current release information Fedora release 12 (Constantine) with the
following:
redhat release 5
cd <unpacked directory>
DISPLAY=<my X-Window Host>:0.0
export DISPLAY
./runInstaller
Depending on your installation other packages will be missing. You can install
them now using yum or rpm. After the installation of the missing packages
click «Check Again». Some tests may be ignored, for example Swap Space -
therefore if you are ready click «Ignore All» then «Next».
Example with yum:
yum install binutils
yum install libaio libaio-devel
.....
Example with rpm:
rpm -Uvh binutils<version>
rpm -Uvh compat-libstdc<version>
......
Cleanup $ORACLE_HOME/bin
After the installation some non used files in
$ORACLE_HOME/bin can be removed.
cd $ORACLE_HOME/bin
rm *O
rm *0
Create the Listener
You can generate the needed files or you can create them
manually. Put them in $TNS_ADMIN, but create
symbolic links from $ORACLE_HOME/network/admin to
these files, because some tools do not consult $TNS_ADMIN environment variable.
Example of LISTNER.ORA
#
--------------------------------------------------------------------------
# File: listener.ora
#
# Autor: Martin Zahn, Akadia AG, 12.03.2010
#
# Purpose: Configuration file for Net Listener
#
# Location: $TNS_ADMIN
# --------------------------------------------------------------------------
ADR_BASE_GEN1 = /opt/oracle
GEN1 =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = gentic)(PORT =
25000))
)
)
SID_LIST_GEN1 =
(SID_LIST =
(SID_DESC =
(SID_NAME = GEN1)
(GLOBAL_DBNAME = GEN1.AKADIA.COM)
(ORACLE_HOME = /opt/oracle/product/11.2.0)
)
)
Example of TNSNAMES.ORA
#
--------------------------------------------------------------------------
# File: sqlnet.ora
#
# Autor: Martin Zahn, Akadia AG, 12.03.2010
#
# Purpose: Configuration file for Net Client
#
# Location: $TNS_ADMIN
# --------------------------------------------------------------------------
GEN1 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = gentic)(PORT =
25000))
)
(CONNECT_DATA =
(SERVICE_NAME = GEN1.AKADIA.COM)
)
)
Example of SQLNET.ORA
#
--------------------------------------------------------------------------
# File: sqlnet.ora
#
# Autor: Martin Zahn, Akadia AG, 12.03.2010
#
# Purpose: Configuration file for Net Client
#
# Location: $TNS_ADMIN
# --------------------------------------------------------------------------
NAMES.DIRECTORY_PATH= (TNSNAMES)
ADR_BASE = /opt/oracle
Init.ora Parameters for SQLNET
db_domain = AKADIA.COM
service_names = GEN1
Create Symbolic Links
cd
$ORACLE_HOME/network/admin
ln -s /home/oracle/admin/sqlnet/listener.ora listener.ora
ln -s /home/oracle/admin/sqlnet/sqlnet.ora sqlnet.ora
ln -s /home/oracle/admin/sqlnet/tnsnames.ora tnsnames.ora
Start and show status of Listener
lsnrctl start GEN1
lsnrctl status GEN1
Create Database
We recommend to generate the create scripts
using Oracle DBCA. These scripts should be verified because they show man important issues - important to know for every DBA. Based on these
scripts, we created our own initSID.sql and
initSID.ora to create the database. In the
subdirectory addons all optional parts of the
database can be found and installed using install-addons.bash
Edit initSID.ora
and initSID.sql for your needs
Adjust and check the parameters for your
environment, for example all PATH must be changed, the value of SGA_TARGET and SGA_MAX_SIZE
must be set according your physical memory, etc.
The files can be found in:
$ORACLE_ADMIN/admin/GEN1/scripts/initGEN1.sql
$ORACLE_ADMIN/admin/GEN1/pfile/initGEN1.ora
Enable Remote Administration with SYSDBA
Privileges
If you want to manage all of your Oracle
databases from one place and not have to log on to each host, you must do it via a
network connection. For example to remotely administer RMAN through a network
connection, you need such an environment. To enable remote administration you have
to two things:
1. Create a password file on each target
database.
2. Enable remote logins for password file users.
To create the password file, as the Oracle
software owner or as a member of the DBA group:
cd
$ORACLE_ADMIN/admin/GEN1/pfile
orapwd file=orapwGEN1 password=<password> entries=5 force=y
After you create a password file, you need to
enable remote logins. To do this, set the instance's REMOTE_LOGIN_PASSWORDFILE initialization parameter in INIT.ORA
to exclusive, as shown:
remote_login_passwordfile = exclusive
Setting this parameter to exclusive signifies
that only one database can use the password file and that users other than SYS can
reside in it. You can now use a network connection to connect to your target
database as SYSDBA.
sqlplus
"sys/<password>@<SERVICE> as
sysdba"
Create Symbolic Links
Create symbolic links from $ORACLE_HOME/dbs as follows:
$ cd $ORACLE_HOME/dbs
ln
-s /home/oracle/admin/GEN1/pfile/orapwGEN1 orapwGEN1
ln -s /home/oracle/admin/GEN1/pfile/initGEN1.ora initGEN1.ora
Create the Database
First start the Instance, just to test your
INIT file for correct syntax and system resources.
cd $ORACLE_ADMIN/admin/GEN1/scripts
sqlplus /nolog
SQL> connect / as sysdba
SQL> startup nomount
SQL> shutdown immediate
Now you can create the database
SQL> @initGEN1.sql
SQL> @shutdown immediate
SQL> startup
Check the Logfile:
initGEN1.log for Errors !
Create additional Products in the Database (optional)
If you do not want all additional products to
be installed, uncomment them in install-addons.sql.
Enter the passwords for the the asked schema owners.
cd $ORACLE_ADMIN/admin/addons
sqlplus "/ as sysdba"
SQL> @create_addons.sql
Enter new password for SYS: manager
Enter new password for SYSTEM: manager
Enter new password for SYSMAN: manager
Enter new password for DBSNMP: manager
Check the Logfiles for Errors !
Check the installed Products
sqlplus / as sysdba
clear buffer
clear columns
clear breaks
set linesize 500
set pagesize 5000
column comp_id heading 'ID' format a10
column comp_name heading 'Name' format a35
column version heading 'Version' format a15
column modified heading 'Modified' format a20
select comp_id, comp_name, version, modified
from dba_registry
order by comp_id;
ID
Name
Version Modified
---------- ----------------------------------- ---------------
--------------------
AMD OLAP
Catalog
11.2.0.1.0 15-MAR-2010 14:03:27
APEX Oracle Application
Express
3.2.1.00.10 15-MAR-2010 14:40:23
APS OLAP Analytic
Workspace
11.2.0.1.0 15-MAR-2010 13:59:10
CATALOG Oracle Database Catalog
Views 11.2.0.1.0
15-MAR-2010 13:12:50
CATJAVA Oracle Database Java
Packages
11.2.0.1.0 15-MAR-2010 13:29:09
CATPROC Oracle Database Packages and Types
11.2.0.1.0 15-MAR-2010 13:12:50
CONTEXT Oracle
Text
11.2.0.1.0 15-MAR-2010 13:31:42
EXF Oracle Expression
Filter
11.2.0.1.0 15-MAR-2010 13:29:58
JAVAVM JServer JAVA Virtual
Machine
11.2.0.1.0 15-MAR-2010 13:25:57
ORDIM Oracle
Multimedia
11.2.0.1.0 15-MAR-2010 13:57:41
OWB
OWB
11.2.0.1.0 15-MAR-2010 14:48:34
OWM Oracle Workspace
Manager
11.2.0.1.0 15-MAR-2010 13:12:50
RAC Oracle Real Application
Clusters 11.2.0.1.0 15-MAR-2010
13:12:50
RUL Oracle Rules
Manager
11.2.0.1.0 15-MAR-2010 13:39:27
SDO
Spatial
11.2.0.1.0 15-MAR-2010 14:13:54
XDB Oracle XML
Database
11.2.0.1.0 15-MAR-2010 13:38:03
XML Oracle
XDK
11.2.0.1.0 15-MAR-2010 13:28:07
XOQ Oracle OLAP
API
11.2.0.1.0 15-MAR-2010 14:00:10
Create Server Parameter File
Server parameter files let you make persistent changes to
individual parameters. When you use a server parameter file, you can specify in an
ALTER SYSTEM SET parameter statement that the new
parameter value should be persistent. This means that the new value applies not
only in the current instance, but also to any instances that are started up
subsequently. Traditional client-side parameter files do not let you make
persistent changes to parameter values.
cd $ORACLE_HOME/dbs
rm initGEN1.ora
sqlplus / as sysdba
SQL> create spfile =
'$ORACLE_ADMIN/admin/GEN1/pfile/spfileGEN1.ora'
from pfile
= '$ORACLE_ADMIN/admin/GEN1/pfile/initGEN1.ora';
File created.
SQL> exit;
ln -s $ORACLE_ADMIN/admin/GEN1/pfile/spfileGEN1.ora spfileGEN1.ora
sqlplus / as sysdba
SQL> shutdown immediate;
SQL>
startup;
SQL>
exit;
Automatically Start / Stop the Database and
Listener
If you want to start the database
automatically on boot-time
perform the following steps:
- Create start/stop script in /etc/init.d
- Activate this start/stop script with chkconfig
- Edit /etc/oratab to
start/stop the desired Databases
Create start/stop script in /etc/init.d as user root.
#!/bin/bash
#
# chkconfig: 12345 99 10
# description: Oracle auto start-stop script
# --------------------------------------------------------------------------
# File: oracle
#
# Purpose: Oracle auto start-stop script
#
# Location: /etc/init.d
# --------------------------------------------------------------------------
# Variables
ORACLE_OWNER=oracle; export ORACLE_OWNER
ORACLE_ADMIN=/home/oracle; export ORACLE_ADMIN
ORACLE_SCRIPTS_DIR=$ORACLE_ADMIN/admin; export ORACLE_SCRIPTS_DIR
ORACLE_HOME=/opt/oracle/product/11.2.0; export ORACLE_HOME
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network
RETVAL=0
prog="oracle"
start() {
echo -n $"Starting $prog: "
if [ ! -f $ORACLE_SCRIPTS_DIR/dbstart ]
then
echo "Oracle not started (no dbstart
script)"
else
# Start RDBMS
su - $ORACLE_OWNER -c
$ORACLE_SCRIPTS_DIR/dbstart
# Start Enterprise Manager Console
# su - $ORACLE_OWNER
$ORACLE_HOME/bin/emctl start dbconsole
# Start iSQL*Plus
# su - $ORACLE_OWNER
$ORACLE_HOME/bin/isqlplusctl start
fi
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/oracle
return $RETVAL
}
stop() {
echo -n $"Shutting down $prog: "
if [ ! -f $ORACLE_SCRIPTS_DIR/dbshut ]
then
echo "Oracle not stopped (no dbshut
script)"
else
# Stop iSQL*Plus
# su - $ORACLE_OWNER
$ORACLE_HOME/bin/isqlplusctl stop
# Stop Enterprise Manager Console
# su - $ORACLE_OWNER
$ORACLE_HOME/bin/emctl stop dbconsole
# Stop RDBMS
su - $ORACLE_OWNER -c
$ORACLE_SCRIPTS_DIR/dbshut
fi
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/oracle
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo $"Usage: $0 {start|stop}"
exit 1
esac
exit $RETVAL
Activate this start/stop script with chkconfig as root as follows
su - root
chkconfig --add oracle
chkconfig --list oracle
Edit /etc/oratab to start/stop
the desired databases
su - root
cat /etc/oratab
# Entries are of the
form:
# $ORACLE_SID:$ORACLE_HOME:<N|Y>:
GEN1:/home/oracle/product/11.2.0:Y
Activate Enterprise Manager Console
Create the the following response file emca.rsp
ORACLE_HOSTNAME=gentic
SID=GEN1
PORT=25000
ORACLE_HOME=/opt/oracle/product/11.2.0
LISTENER_OH=/home/oracle/admin/sqlnet
DBSNMP_PWD=manager
SYSMAN_PWD=manager
SYS_PWD=manager
Now create Enterprise Manager DB Control - enter all in
one line.
emca -config dbcontrol db -repos create -silent -respfile
$ORACLE_ADMIN/admin/GEN1/scripts/emca.rsp
STARTED EMCA at Mar 15, 2010 4:12:39 PM
EM Configuration Assistant, Version 11.2.0.0.2 Production
Copyright (c) 2003, 2005, Oracle. All rights reserved.
....
INFO: >>>>>>>>>>> The Database Control URL is
https://gentic:1158/em <<<<<<<<<<<
Mar 15, 2010 4:21:41 PM oracle.sysman.emcp.EMDBPostConfig invoke
....
Enterprise Manager configuration completed successfully
FINISHED EMCA at Mar 15, 2010 4:21:41 PM
Connect to the database control as
follows:
https://gentic:1158/em
Start and stop the DB-console
emctl start dbconsole
emctl stop dbconsole
emctl status dbconsole
Lock expired Accounts
Open and expired accounts should be locked for security
reasons.
set linesize 100
set pagesize 200
SELECT USERNAME
FROM DBA_USERS
WHERE ACCOUNT_STATUS IN ('OPEN','LOCKED','EXPIRED')
AND USERNAME NOT IN ('SYS','SYSTEM','SYSMAN','DBSNMP');
USERNAME
------------------------------
MDDATA
APEX_PUBLIC_USER
CTXSYS
FLOWS_FILES
APEX_030200
OWBSYS_AUDIT
ANONYMOUS
OWBSYS
OUTLN
MGMT_VIEW
Lock the accounts with the following command:
SET VERIFY OFF
set echo on
BEGIN
FOR item IN (SELECT USERNAME
FROM DBA_USERS
WHERE ACCOUNT_STATUS IN ('OPEN','LOCKED','EXPIRED')
AND USERNAME NOT IN ('SYS','SYSTEM','SYSMAN','DBSNMP'))
LOOP
dbms_output.put_line('Locking and Expiring: ' || item.USERNAME);
execute immediate 'alter user ' ||
sys.dbms_assert.enquote_name(
sys.dbms_assert.schema_name(
item.USERNAME),false) || ' password expire account lock';
END LOOP;
END;
/
PL/SQL procedure successfully completed.
|
