Instalation Oracle on Red Hat Linux / CentOS x86_64

Hardware requirements

Internal memory

Memory should be at least 512 MB for Oracle 10g and 1GB for Oracle 11g.
Check the amount of internal memory available to the system.
# grep MemTotal /proc/meminfo
If you do not meet the minimum requirements, you have to add more memory.

Swap space

The minimum is 1 GB swap space, but usually, the rule of thumb is to have approximately twice the amount of internal memory as swap space.
Check the amount of swap space available to the system.
# grep SwapTotal /proc/meminfo
If you do not meet the minimum requirements, you can add swap space.

Temp space

The minimum temp space requirement is 400 MB. Temp space is usually stored in the /tmp partition. If /tmp is part of the root file system then the root file system should have at least 400 MB free space in addition to other space requirements.
Check the /tmp space available to the system.
# df -k /tmp

Temp is too small

If /tmp is too small, you can temporarily create a tmp directory on another file system.

Automatic Memory Management

Starting with Oracle Database 11g, the Automatic Memory Management feature requires more shared memory (/dev/shm) and file descriptors.
The shared memory should be sized to be at least the greater of MEMORY_MAX_TARGET and MEMORY_TARGET for each Oracle instance on that computer.
To determine the amount of shared memory available, enter the following command:
# df -k /dev/shm/
MEMORY_MAX_TARGET and MEMORY_TARGET cannot be used when LOCK_SGA is enabled or with HugePages on Linux.

System architecture

To determine whether the system architecture can run the software, enter the following command:
# grep "model name" /proc/cpuinfo
This does not tell you whether you should be running 32- or 64 bit Linux, just the architecture of the machine. To determine whether you are running 32- or 64-bit Linux, enter the following command:
# uname -mi

Oracle binaries

Reserve at least 1.5 GB for Oracle 10g binaries or 2 GB for a maximum install.
Reserve at least 4.4 GB for Oracle 11g binaries.
Also reserve about 10 GB space for installation files and Oracle patches.

Oracle database files

Reserve at least 1.1 GB for Oracle 10g database files.
Reserve at least 1.68 GB for Oracle 11g database files.
You probably want to reserve more than that because the database will grow over time. You can use a file system, an NFS partition or Oracle ASM disk groups.
Don’t create Oracle exports on an NFS file system because it’s terribly slow.

Software requirements

OS and kernel version

To determine which distribution and version of Linux is installed, enter the following command:
# cat /proc/version
To determine whether the required kernel is installed, enter the following command:
# uname -r
The output must show at least 2.6.9 for Oracle 10g or 2.6.18 for Oracle 11g.

Naming resolution

When you run Oracle Universal Installer, an error may occur if name resolution is not set up. To avoid this error, before you begin installation, you must ensure that host names are resolved only through the /etc/hosts file.
# cat /etc/nsswitch.conf | grep hosts
#hosts:   db files ldap nis dns
hosts:   files dns
The output of this command should contain an entry for files.
Verify that the host name has been set by using the hostname command as follows:
# hostname
Verify that the domain name has not been set dynamically by using the domainname command as follows:
# domainname
(none)
This command should not return any results (none).
Verify that the hosts file contains the fully qualified host name by using the following command:
# cat /etc/hosts | grep `eval hostname`
Make sure the localhost line (127.0.0.1) in /etc/hosts does not contain the hostname or fully qualified hostname.
The output of this command should contain an entry for the fully qualified host name and for localhost.

Packages

You need to install certain software packages to support the Oracle binaries.

Enable Oracle Public Yum Server on Unbreakable Linux

When installing Unbreakable Linux, you need to enable the Public Yum Repositories before you can install any packages.
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-el5.repo
# vi public-yum-el5.repo :%s/enabled=0/enabled=1/g
Change enabled=0 to enabled=1 for every repository you want to use.

Oracle 10g

  • binutils-2.15.92.0.2-10.EL4
  • compat-db-4.1.25-9
  • control-center-2.8.0-12
  • gcc-3.4.3-9.EL4
  • gcc-c++-3.4.3-9.EL4
  • glibc-2.3.4-2
  • glibc-common-2.3.4-2
  • gnome-libs-1.4.1.2.90-44.1
  • libstdc++-3.4.3-9.EL4
  • libstdc++-devel-3.4.3-9.EL4
  • make-3.80-5
  • pdksh-5.2.14-30
  • sysstat-5.0.5-1
  • xscreensaver-4.18-5.rhel4.2

Oracle 11g

  • binutils-2.17.50.0.6
  • compat-libstdc++-33-3.2.3
  • compat-libstdc++-33-3.2.3 (32 bit)
  • elfutils-libelf-0.125
  • elfutils-libelf-devel-0.125
  • gcc-4.1.2
  • gcc-c++-4.1.2
  • glibc-2.5-24
  • glibc-2.5-24 (32 bit)
  • glibc-common-2.5
  • glibc-devel-2.5
  • glibc-devel-2.5 (32 bit)
  • glibc-headers-2.5
  • ksh-20060214
  • libaio-0.3.106
  • libaio-0.3.106 (32 bit)
  • libaio-devel-0.3.106
  • libaio-devel-0.3.106 (32 bit)
  • libgcc-4.1.2
  • libgcc-4.1.2 (32 bit)
  • libstdc++-4.1.2
  • libstdc++-4.1.2 (32 bit)
  • libstdc++-devel 4.1.2
  • make-3.81
  • numactl-devel-0.9.8.x86_64
  • sysstat-7.0.2
  • unixODBC-2.2.11
  • unixODBC-2.2.11 (32 bit)
  • unixODBC-devel-2.2.11
  • unixODBC-devel-2.2.11 (32 bit)

Install Oracle 10g packages

# yum install binutils compat-db compat-libstdc++-33 \
control-center gcc gcc-c++ glibc glibc-common glibc-devel \
gnome-libs libaio libstdc++ libstdc++-devel libXp make pdksh \
sysstat xorg-x11-deprecated-libs xscreensaver

Install Oracle 11g packages

# yum install binutils compat-libstdc++-33 elfutils-libelf \
elfutils-libelf-devel gcc gcc-c++ glibc glibc-common glibc-devel \
glibc-headers ksh libaio libaio-devel libgcc libstdc++ \
libstdc++-devel make numactl-devel sysstat unixODBC unixODBC-devel
Press “y” to install when asked to do so.
The system will ask you to install a GPG key.
Press “y”.

Upgrade existing packages

It is recommended that you upgrade the packages to the latest available version.
# yum upgrade
# yum clean all

Extra packages

In addition to the packagelist Oracle provides, also ensure the following packages are installed to prevent several errors from occuring.

Extra packages for Oracle 10g

compat-libstdc++-33

Install compat-libstdc++-33 to prevent the following error:
Exception String: Error in invoking target 'all_no_orcl' of makefile '/u01/app/oracle/102/db/rdbms/lib/ins_rdbms.mk' Glibc-devel.i386

glibc-devel.i386

When installing Oracle you can get an error during the linking phase of the installer:
Error in invoking target 'install' of makefile '/u01/app/oracle/oracle/102/db/ctx/lib/ins_ctx.mk'
When looking at $ORACLE_HOME/install/make.log to trace the cause of the error you will find this line at the bottom:
/usr/bin/ld: crt1.o: No such file: No such file or directory
Install glibc-devel.i386 to prevent this error.

libaio.i386 and .x86_64

Ensure to install the libaio-0.3.96 or a newer version, otherwise the OUI prerequisite check will fail.

libXp

The libXp library is needed to prevent the error below after running runInstaller:
Exception java.lang.UnsatisfiedLinkError: /tmp/OraInstall2005-06-15_07-36-25AM/jre/1.4.2/lib/i386/libawt.so:
    libXp.so.6: cannot open shared object file: No such file or directory occurred..
 java.lang.UnsatisfiedLinkError: /tmp/OraInstall2005-06-15_07-36-25AM/jre/1.4.2/lib/i386/libawt.so:
    libXp.so.6: cannot open shared object file: No such file or directory

Extra packages for Oracle 11g

pdksh

Install at least pdksh-5.2.14.
# yum install pdksh

Users and groups

Before you can install Oracle on Linux, two users and two or three Oracle groups should be present, depending on the choice of separation of administrative duties.

Oracle groups

The Oracle Inventory group (oinstall)

This group owns the Oracle inventory, which is a catalog of all Oracle software installed on the system. Members of this group could be Linux administrators who install new versions of Oracle. To check if the oinstall group exists, run:
# groupadd -g 501 oinstall

The OSDBA group (dba)

This group identifies operating system user accounts that have database administrative privileges (the SYSDBA privilege). The default name for this group is dba. To check if the oinstall group exists, run:
# groupadd -g 502 dba

The OSOPER group (oper)

This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of database administrative privileges (the SYSOPER privilege). By default, members of the OSDBA group also have the SYSOPER privilege.
If you want to specify a separate OSOPER group, other than the default dba group, then you must choose the Custom installation type to install the software or start Oracle Universal Installer as a user that is not a member of the dba group. In this case, Oracle Universal Installer prompts you to specify the name of this group. The usual name chosen for this group is oper. To check if the oinstall group exists, run:
# groupadd -g 503 oper

Oracle users

The Oracle software owner

This user owns all of the software installed during the installation. This user must have the Oracle Inventory group (oinstall) as it’s primary group. It must also have the OSDBA (dba) and, if you decide to use it, OSOPER (oper) groups as secondary groups. Create the user and set the password.
# useradd -m -u 501 -g oinstall -G dba,oper,users,wheel -d /home/oracle -s /bin/bash -c "Oracle Software Owner" oracle
# passwd oracle
Give the Oracle user sudo rights, by commenting requiretty and by uncommenting the wheel group without a password.
# visudo
...
...
#Defaults    requiretty

## Allows people in group wheel to run all commands
# %wheel       ALL=(ALL)       ALL

## Same thing without a password
%wheel  ALL=(ALL)       NOPASSWD: ALL

Unprivileged user

When installing Oracle 10g, verify that the unprivileged user nobody exists on the system.
The nobody user must own the external jobs (extjob) executable after the installation.
According to Metalink document 357575.1, the answer to the question what an unprivileged user is, is this:
As the purpose of the user is essentially to allow database users to execute external jobs, you should not use the oracle user.
The oracle user is a powerful user; obviously they can shut down the database, and have access to a number of resources, oracle and otherwise. You would not want to give any database user with privileges to schedule this job (actually create external job privs.) the ability to perform all oracle actions; at least not in a normal environment.
For security purposes, it is best to create a user with minimum privileges required to do the job. For example, if it reads from a specific directory, give them access to that directory, but not to the oracle binaries directory.
The need for the low privilege user is simply a security measure. The term unprivileged user, in many contexts, is used to refer to a non-DBA user; it’s a general term for a non super user.
So an unprivileged local user must own the extjob executable. You can use any user name for this user.
Before installing the software, perform the following procedure to verify that the nobody user exists on the system:
To determine whether the user exists, enter the following command:
 # id nobody
If this command displays information about the nobody user, then you do not have to create that user.
If the nobody user does not exist, then enter the following command to create it:
 # useradd nobody

Kernel parameters

In order for the Oracle database to function properly certain OS resources must be configured. By default, some of these are set too low. Linux allows these parameters to be modified dynamically, no reboot is required to activate the changes. The kernel parameters can be altered by modifying the values in the /proc pseudo file system.
Do not change the value of a kernel parameter if it is already higher than required by Oracle.
Below is a list of how to check, and if neccesary correct the kernel parameters.

semmsl, semmns, semopm and semmni

# sysctl -a | grep sem
# echo 'kernel.sem = 250 32000 100 128' >> /etc/sysctl.conf

shmall

# sysctl -a | grep shmall
# echo 'kernel.shmall = 2097152' >> /etc/sysctl.conf

shmmax

# sysctl -a | grep shmmax
# echo 'kernel.shmall = 2097152' >> /etc/sysctl.conf
This value should be half the internal memory in bytes

shmmni

# sysctl -a | grep shmmni
# echo 'kernel.shmmni = 4096' >> /etc/sysctl.conf

file-max

# sysctl -a | grep file-max
# echo 'fs.file-max = 65536' >> /etc/sysctl.conf (10g)
# echo 'fs.file-max = 6815744' >> /etc/sysctl.conf (11g)

ip_local_port_range

# sysctl -a | grep ip_local
# echo 'net.ipv4.ip_local_port_range = 9000 65500' >> /etc/sysctl.conf

rmem_default

# sysctl -a | grep rmem_default
# echo 'net.core.rmem_default = 1048576' >> /etc/sysctl.conf

rmem_max

# sysctl -a | grep rmem_max
# echo 'net.core.rmem_max = 1048576' >> /etc/sysctl.conf (10g)
# echo 'net.core.rmem_max = 4194304' >> /etc/sysctl.conf (11g)

wmem_default

# sysctl -a | grep wmem_default
# echo 'net.core.wmem_default = 262144' >> /etc/sysctl.conf

wmem_max

# sysctl -a | grep wmem_max
# echo 'net.core.wmem_max = 262144' >> /etc/sysctl.conf (10g)
# echo 'net.core.wmem_max = 1048576' >> /etc/sysctl.conf (11g)

aio-max-nr

# sysctl -a | grep aio-max-nr
# echo 'fs.aio-max-nr = 1048576' >> /etc/sysctl.conf (11g)
aio-max-nr limits concurrent outstanding requests and should be set to avoid I/O subsystem failures.
To make the changes effective immediately, run:
# sysctl -p

Shell Limits

Ulimit

ulimit provides control over the resources available to processes started by the shell, on systems that allow such control.
To check all current limits enter the command:
# ulimit -a
Two limits have to be increased for Oracle to be able to handle large amounts of files, the maximum number of open file descriptors and the maximum number of processes available to a single user. This can be done by adding these limits to /etc/profile:
# cat >> /etc/profile << EOF
if [ $USER = "oracle" ]; then
        if [ $SHELL = "/bin/ksh" ]; then
              ulimit -p 16384
              ulimit -n 65536
        else
              ulimit -u 16384 -n 65536
        fi
fi
EOF
This sets the maximum number of user processes to 16384 and the maximum number of open files to 64000.
In the Oracle documentation, the number of open files is set to 65536. During configuration of the kernel parameters, file-max was also set to 65536, which would enable the Oracle user to use up all the file handles available to the system. Therefore it’s better to lower this value a little.

Securing PAM

PAM is an abbreviation for Pluggable Authentication Modules. On most Linux systems you have two directories on your system “/etc/pam.d/” and “/etc/security/”. /etc/pam.d/ is where the modules are located and /etc/security/ is where some of the configuration files for some of these modules are.
In certain kinds of attacks, the attacker doesn’t attempt to gain access, but instead tries to break a certain part of your computer’s operation. You can protect against certain types of DoS attacks by modifying /etc/security/limits.conf. This file sets limits on system resources for each user. Since several major daemons, including the web, name and ftp servers, may run as a particular user, this has the effect of stopping many attacks against these applications from crippling the entire machine.
To limit the processes and open files of the Oracle user execute the following:
# cat >> /etc/security/limits.conf << EOF
oracle           soft    nproc           2047
oracle           hard    nproc          16384
oracle           soft    nofile          1024
oracle           hard    nofile         65536
EOF
The last step is to modify the PAM module.
# cat >> /etc/pam.d/login << EOF
session    required     pam_limits.so
EOF
This will invoke the limits shared library during login.

Software directories

You must identify or create the following directories for the Oracle software:
  • Oracle inventory directory
  • Oracle base directory
  • Oracle data directory
  • Oracle flash recovery directory (optional)

Oracle Directories

Create the required Oracle directories and set the correct permissions.
# mkdir -p /opt/oraInventory
# chmod -R 770 /opt/oraInventory
# chown -R oracle:oinstall /opt/oraInventory

# mkdir -p /opt/oracle/app
# mkdir -p /opt/oracle/admin
# mkdir -p /opt/oracle/diag (11g)
# mkdir -p /opt/oracle/oradata
# mkdir -p /opt/oracle/flash_recovery_area
# chmod -R 770 /opt/oracle
# chown -R oracle:oinstall /opt/oracle

Oracle user environment variables

Login as user oracle and add some variables to the bash profile.

Oracle 10g

$ cat >> /home/oracle/.bash_profile << EOF
export ORACLE_BASE=/opt/oracle
export ORACLE_HOME=\$ORACLE_BASE/app/102/db
export ORACLE_HOME_LISTNER=\$ORACLE_HOME
export TNS_ADMIN=\$ORACLE_HOME/network/admin
export PATH=\$ORACLE_HOME/bin:\$ORACLE_HOME/OPatch:\$PATH
EOF

Oracle 11g

 $ cat >> /home/oracle/.bash_profile << EOF
export ORACLE_BASE=/opt/oracle
export ORACLE_HOME=\$ORACLE_BASE/app/112/db
export ORACLE_HOME_LISTNER=\$ORACLE_HOME
export TNS_ADMIN=\$ORACLE_HOME/network/admin
export PATH=\$ORACLE_HOME/bin:\$ORACLE_HOME/OPatch:\$PATH
EOF

No comments:

Post a Comment

Thank for showing interest in giving comments/feedback/suggestions

Note: Only a member of this blog may post a comment.

Subscribe to: Posts (Atom)