Skip Headers
Oracle® Audit Vault Server Installation Guide
Release 10.3 for Oracle Solaris on SPARC (64-Bit)

Part Number E23568-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

2 Oracle Audit Vault Preinstallation Requirements

This chapter describes the tasks that you must complete before you start Oracle Universal Installer to install Oracle Audit Vault Server Release 10.3. It includes information about the following tasks:

Note:

If you want to use Oracle Automatic Storage Management (Oracle ASM) or Oracle Restart, then you must first install Oracle Grid Infrastructure for a standalone server and then install Oracle Audit Vault Server.

See Also:

2.1 Logging In to the System as root

Before you install the Oracle software, you must complete several tasks as the root user. To log in as the root user, complete the following procedure:

$ su - root
password:
#

2.2 Checking the Hardware Requirements

The system must meet the following minimum hardware requirements:

2.2.1 Memory Requirements

The following are the memory requirements for installing Oracle Audit Vault Server Release 10.3, which installs a customized, specially configured release of Oracle Database 11g Release 2 (11.2.0.3):

Minimum: 1 GB of RAM

Recommended: 2 GB of RAM or more

  • To determine the RAM size, enter the following command:

    # /usr/sbin/prtconf | grep "Memory size"
    

    If the size of the RAM is less than the required size, then you must install more memory before continuing.

  • The following table describes the relationship between the installed RAM and the configured swap space recommendation:

    Note:

    On Oracle Solaris, if you use non-swappable memory, like ISM, then deduct the memory allocated to this space from the available RAM before calculating the swap space.
    RAM Swap Space
    Between 1 GB and 2 GB 1.5 times the size of the RAM
    Between 2 GB and 16 GB Equal to the size of the RAM
    More than 16 GB 16 GB

If the size of the RAM is less than the required size, then you must install more memory before continuing.

To determine the size of the configured swap space, enter the following command:

# /usr/sbin/swap -l

If necessary, see the operating system documentation for information about how to configure additional swap space.

To determine the available RAM and swap space, enter the following command:

# sar -r -i n

Where, n is the number of seconds to delay for the next iterations and i is the number of iterations you want to test.

Note:

Oracle recommends that you take multiple values for the available RAM and swap space before finalizing a value. This is because the available RAM and swap space keep changing depending on the user interactions with the computer.

2.2.2 System Architecture

To determine if the system architecture can run the software, enter the following command:

# /bin/isainfo -kv

This command displays the processor type.

The following is the expected output of this command:

Oracle Solaris on SPARC (64-Bit):

64-bit sparcv9 kernel modules

Verify that the processor architecture matches the Oracle software release that you want to install. If you do not see the expected output, then you cannot install the software on this system.

2.2.3 Disk Space Requirements

The following are the disk space requirements for installing Oracle Audit Vault Server Release 10.3:

  • At least 1 GB of space in the /tmp directory

    To determine the amount of space available in the /tmp directory, enter the following command:

    # df -k /tmp
    

    This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df command with the -h flag (df -h) to display output in "human-readable" format.

    If the free space available in the /tmp directory is less than what is required, then complete one of the following steps:

    • Delete unnecessary files from the /tmp directory to meet the disk space requirement.

    • Set the TMP and TMPDIR environment variables when setting the oracle user's environment.

      See Also:

      Section 2.14 for more information about setting TMP and TMPDIR
    • Extend the file system that contains the /tmp directory. If necessary, contact the system administrator for information about extending file systems.

  • The following table describes the disk space requirements for software files for each installation type on Oracle Solaris:

    Installation Type Requirement for Software Files (GB)
    Oracle Audit Vault Server 4.45

    Installation Type Disk Space for Data Files (GB)
    Oracle Audit Vault Server 2.30

To determine the amount of free disk space on the system, enter the following command:

# df -h
# df -k
# df -k
# bdf

This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df command with the -h flag (df -h) to display output in "human-readable" format.

Additional disk space, either on a file system or on an Oracle ASM disk group is required for the fast recovery area if you configure automated backups.

2.2.4 Display Requirements

The minimum resolution for Oracle Audit Vault Server is 1024 x 768 or higher.

2.2.5 Run Level Requirement

Ensure that the system is started with run level 3.

2.3 Checking the Software Requirements

Depending on the products that you intend to install, verify that the following software is installed on your system:

Note:

  • This guide contains information required to install Oracle Audit Vault Server on various platforms. Ensure that you review information related to the platform on which you intend to install Oracle Audit Vault Server.

  • Oracle Universal Installer performs checks on the system to verify that it meets the listed requirements. To ensure that these checks pass, verify the requirements before you start Oracle Universal Installer.

2.3.1 Operating System Requirements

The following operating system versions (or later) are required for Oracle Audit Vault Server Release 10.3:

  • Oracle Solaris 10 U6 (5.10-2008.10)

  • Oracle Solaris 11 11/11 SPARC

To determine the distribution and version of Oracle Solaris installed, enter the following command:

# uname -r
5.10

In this example, the version shown is Oracle Solaris 10 (5.10). If necessary, see your operating system documentation for information about upgrading the operating system.

To determine the update level of Oracle Solaris installed, enter the following command:

$ cat /etc/release

2.3.2 Package Requirements

The following packages (or later versions) are required for Oracle Audit Vault Server Release 10.3 for Oracle Solaris:

  • SUNWarc

  • SUNWbtool

  • SUNWhea

  • SUNWlibC

  • SUNWlibm

  • SUNWlibms

  • SUNWsprot

  • SUNWtoo

  • SUNWi1of

  • SUNWi1cs (ISO8859-1)

  • SUNWi15cs (ISO8859-15)

  • SUNWxwfnt

  • SUNWcsl

Verifying Packages

You may also require additional font packages for Java, depending on your locale. See the following Web site for more information:

http://java.sun.com/j2se/1.4.2/font-requirements.html

To determine if the required packages are installed, enter commands similar to the following:

# pkginfo -i SUNWarc SUNWbtool SUNWhea SUNWlibC SUNWlibms SUNWsprot \
 SUNWtoo SUNWi1of SUNWi1cs SUNWi15cs SUNWxwfnt

If a package is not installed, then install it. See your operating system or software documentation for information about installing packages.

2.3.3 Patch Requirements

The following, or later, patches are required for Oracle Audit Vault Server Release 10.3 for Oracle Solaris on SPARC (64-Bit):

Installation Type or Product Requirement
All Installations Patches for Oracle Solaris 10:
  • 120753-06: SunOS 5.10: Microtasking libraries (libmtsk) patch

  • 139574-03: SunOS 5.10

  • 141444-09

  • 141414-02

Database Smart Flash Cache The following patches are required:
  • 125555-03

  • 140796-01

  • 140899-01

  • 141016-01

  • 139555-08

  • 141414-10

  • 141736-05


Verifying Operating System Patches

To determine if an operating system patch is installed, enter a command similar to the following:

# /usr/sbin/patchadd -p | grep patch_number(without version number)

For example, to determine if any version of the 119963 patch is installed, use the following command:

# /usr/sbin/patchadd -p | grep 119963

If an operating system patch is not installed, then download it from the following Web site and install it:

http://www.oracle.com/sun/index.htm

2.3.4 Additional Software Requirements

Depending on the components you want to use, you must ensure that the following software is installed:

2.3.4.1 Oracle JDBC/OCI Drivers

Use JDK 6 (Java SE Development Kit 1.6.0.20) or JDK 5 (1.5.0.24) with the JNDI extension with the Oracle Java Database Connectivity and Oracle Call Interface drivers. However, these are not mandatory for the database installation. IBM JDK 1.5 is installed with this release.

JDK 6 is the minimum level of JDK supported on Oracle Solaris 11.

2.3.4.2 Oracle Messaging Gateway

Oracle Messaging Gateway supports the integration of Oracle Streams Advanced Queuing (AQ) with the following software:

  • IBM MQ Series V6.0, client and server

  • Tibco Rendezvous 7.2

2.3.4.3 Programming Languages

The following products are certified for use with:

  • Pro* COBOL

    Micro Focus Server Express 5.1

  • Pro* FORTRAN

    Oracle Solaris Studio 12 Fortran F 95

2.3.4.4 Browser Requirements

Web browsers must support JavaScript, and the HTML 4.0 and CSS 1.0 standards. The following browsers meet these requirements for Oracle Enterprise Manager Database Control:

  • Netscape Navigator 8.1

  • Netscape Navigator 9.0

  • Microsoft Internet Explorer 6.0 SP2

  • Microsoft Internet Explorer 7.0 SP1

  • Microsoft Internet Explorer 8.0

  • Microsoft Internet Explorer 9.0

  • Firefox 2.0

  • Firefox 3.0.7

  • Firefox 3.5

  • Firefox 3.6

  • Safari 3.1

  • Safari 3.2

  • Safari 4.0.x

  • Google Chrome 3.0

  • Google Chrome 4.0

2.3.4.5 Oracle Database Vault Preinstallation Requirement

To install Oracle Database Vault, set the DB_BLOCK_SIZE initialization parameter to 4096 or larger. If the value is less than 4096, then you cannot change it. The only way to change the DB_BLOCK_SIZE value is by re-creating the database.

2.4 Installation Fixup Scripts

During installation, for certain prerequisite verification failures, click Fix & Check Again to generate a fixup script (runfixup.sh). You can run this script as the root user to complete the required preinstallation steps.

The fixup script checks for and sets kernel parameters to values required for successful installation, including:

Oracle recommends that you do not modify the contents of the generated fixup script.

Note:

Using fixup scripts does not ensure that all the prerequisites for installing Oracle Audit Vault Server are met. You must still verify that all the preinstallation requirements are met to ensure a successful installation.

2.5 Verifying UDP and TCP Kernel Parameters

Use NDD to ensure that the kernel TCP/IP ephemeral port range is broad enough to provide enough ephemeral ports for the anticipated server workload. Ensure that the lower range is set to at least 9000 or higher, to avoid Well Known ports, and to avoid ports in the Registered Ports range commonly used by Oracle and other server ports. Set the port range high enough to avoid reserved ports for any applications you may intend to use. If the lower value of the range you have is greater than 9000, and the range is large enough for your anticipated workload, then you can ignore OUI warnings regarding the ephemeral port range.

Use the following command to check your current range for ephemerial ports:

# /usr/sbin/ndd /dev/tcp tcp_smallest_anon_port tcp_largest_anon_port
32768
65535

In the preceding example, tcp_smallest_anon_port is set to the default range (32768-65535).

If necessary for your anticipated workload or number of servers , update the UDP and TCP ephemeral port range to a broader range. For example:

# /usr/sbin/ndd -set /dev/tcp tcp_smallest_anon_port 9000
# /usr/sbin/ndd -set /dev/tcp tcp_largest_anon_port 65500
# /usr/sbin/ndd -set /dev/udp udp_smallest_anon_port 9000
# /usr/sbin/ndd -set /dev/udp udp_largest_anon_port 65500

Oracle recommends that you make these settings permanent. Refer to your system administration documentation for information about how to automate this ephemeral port range alteration on system restarts.

2.6 Checking the Network Setup

Typically, the computer on which you want to install Oracle Audit Vault Server is connected to the network. The computer has local storage to store the Oracle Audit Vault Server installation. It also contains a display monitor and DVD drive. This section describes how to install Oracle Audit Vault Server on computers that do not meet the typical scenario. It describes the following cases:

2.6.1 Installing on DHCP Computers

Dynamic Host Configuration Protocol (DHCP) assigns dynamic IP addresses on a network. Dynamic addressing enables a computer to have a different IP address each time it connects to the network. In some cases, the IP address can change while the computer is still connected. You can have a mixture of static and dynamic IP addressing in a DHCP system.

In a DHCP setup, the software tracks IP addresses, which simplifies network administration. This lets you add a new computer to the network without having to manually assign a unique IP address to the newly added computer.

Do not install Oracle Audit Vault Server in an environment where the IP addresses of the Audit Vault Server or the Oracle Audit Vault collection agent can change. If your environment uses DHCP, ensure that all Oracle Audit Vault systems use static IP addresses.

2.6.2 Installing on Multihomed Computers

You can install Oracle Audit Vault Server on a multihomed computer. A multihomed computer is associated with multiple IP addresses. This is typically achieved by having multiple network cards on the computer. Each IP address is associated with a host name. In addition, you can set up aliases for the host name. By default, Oracle Universal Installer uses the ORACLE_HOSTNAME environment variable setting to find the host name. If ORACLE_HOSTNAME is not set and you are installing on a computer that has multiple network cards, then Oracle Universal Installer determines the host name from the /etc/hosts file.

Clients must be able to access the computer either by using this host name or by using aliases for this host name. To verify this, ping the host name from the client computers using the short name (host name only) and the full name (host name and domain name). Both tests must be successful.

Setting the ORACLE_HOSTNAME Environment Variable

Use the following procedure to set the ORACLE_HOSTNAME environment variable. For example, if the fully qualified host name is somehost.us.example.com, then enter one of the following commands:

In Bourne, Bash, or Korn shell:

$ ORACLE_HOSTNAME=somehost.us.example.com
$ export ORACLE_HOSTNAME

In C shell:

% setenv ORACLE_HOSTNAME somehost.us.example.com

2.6.3 Installing on Computers with Multiple Aliases

A computer with multiple aliases is registered with the naming service under a single IP address but with multiple aliases. The naming service resolves any of those aliases to the same computer. Before installing Oracle Audit Vault Server on such a computer, set the ORACLE_HOSTNAME environment variable to the computer whose host name you want to use.

2.7 Creating Required Operating System Groups and Users

Depending on if this is the first time Oracle software is being installed on this system and on the products that you are installing, you may need to create several operating system groups and users. Log in to your system as the root user before you attempt to create these operating system groups and users.

If you are installing Oracle Audit Vault Server, it requires the following operating system groups and user:

The following operating system group and user are required for all installations:

All installations of Oracle software on the system require a single Oracle Inventory group. After the first installation of Oracle software, you must use the same Oracle Inventory group for all subsequent Oracle software installations on that system. However, you can choose to create different Oracle software owner users, OSDBA groups, and OSOPER groups (other than oracle, dba, and oper) for separate installations. By using different groups for different installations, members of these different groups have DBA privileges only on the associated databases, rather than on all databases on the system.

See Also:

Oracle Database Administrator's Guide for more information about the OSDBA group and the SYSDBA and SYSOPER privileges

Note:

The following topics describe how to create local users and groups. As an alternative to creating local users and groups, you could create the appropriate users and groups in a directory service, for example, Network Information Services (NIS). For information about using directory services, contact your system administrator or see your operating system documentation.

If you prefer to allocate operating system user privileges so that you can use one administrative user and one group for operating system authentication for all administrative privileges, then you can use the oracle user as the installation owner, and use one group as the primary group for any user requiring administrative privileges for Oracle ASM, and Oracle Audit Vault Server administration. This group must also be the Oracle Inventory group. To simplify using the defaults for Oracle tools the group name should be oinstall.

You can also create custom configuration groups and users based on job role separation. A custom configuration is a configuration with groups and users that divide access privileges granted by membership in separate operating system groups and users. You can create a single user (for example, oracle) to own both Oracle Audit Vault Server, and Oracle Grid Infrastructure installations. Alternatively, you can create a separate user (for example, grid) to own the Oracle Grid Infrastructure installation.

Note that all Oracle Audit Vault Server and Oracle Grid Infrastructure for a standalone server installations must be owned by the Oracle software owner user (oracle), and belong to the Oracle Inventory group (oinstall).

Note:

In Oracle documentation, a user created to own only Oracle Grid Infrastructure software installations is called the grid user. A user created to own either all Oracle installations, or only Oracle Audit Vault installations, is called the oracle user.

2.7.1 Creating Custom Configuration Groups and Users for Job Roles

This section provides an overview of how to create users and groups to divide access privileges by job roles. Log in as root to create these groups and users.

2.7.1.1 Understanding Restrictions for Oracle Installations with Job Role Separation

Oracle recommends that you create one software owner to own each Oracle software installation (typically, oracle, for the database software and grid for the Oracle Restart owner user). You must create at least one software owner the first time you install Oracle software on the system.

To create separate Oracle software owners, to create separate users, and separate operating system privileges groups for different Oracle software installations, note that each of these users must have the Oracle central inventory group (oraInventory group) as their primary group. Members of this group have write privileges to the Oracle central inventory (oraInventory) directory. In Oracle documentation, this group is represented as oinstall in code examples. See Section 2.7.2.1 about creating the Oracle Inventory Group.

The database software owner (typically, oracle) must also have the OSDBA group of the Oracle Grid Infrastructure home so that database instances can log on to Oracle ASM, and (if you create it) the OSOPER group as secondary groups. In Oracle documentation, the Oracle software owner users are referred to as oracle users.

For Oracle Grid Infrastructure only, the grid user (grid) must be in the OSDBA group of every database home.

See Also:

Oracle Database Administrator's Guide for more information about the OSDBA, OSASM and OSOPER groups, and the SYSDBA, SYSASM and SYSOPER privileges

2.7.1.2 Database Groups for Job Role Installations

Create the following operating system groups if you are installing Oracle Audit Vault Server:

  • The OSDBA group (typically, dba)

    You must create this group the first time you install Oracle software on the system. This group identifies operating system user accounts that have database administrative privileges (the SYSDBA privilege). The name used for this group in Oracle code examples is dba.

  • The OSOPER group (typically, oper)

    This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of database administrative privileges (the SYSOPER privilege). This group cannot directly connect as SYSOPER, unless explicitly granted. However, they will have the privileges granted by the SYSOPER privilege. By default, members of the OSDBA group have all privileges granted by the SYSOPER privilege.

    Oracle Universal Installer prompts you to specify the name of this group. The usual name chosen for this group is oper.

2.7.1.3 Oracle Grid Infrastructure Groups for Job Role Installations

Create the following operating system groups if you are installing Oracle Grid Infrastructure:

Note:

You can designate a unique group, separate from database administrator groups, or you can use the same group as the OSASM and OSDBA groups, to grant system privileges to administer both the Oracle ASM instances and Oracle Audit Vault Server instances.
  • The OSDBA group for Oracle ASM (typically, asmdba)

    The OSDBA group for Oracle ASM can be the same group used as the OSDBA group for the database, or you can create a separate OSDBA group for Oracle ASM (typically, asmdba) to provide administrative access to Oracle ASM instances.

    Members of the OSDBA group for Oracle Restart are granted read and write access to files managed by Oracle Restart. The Oracle Restart software owner (typically grid) must be a member of this group, and all users with OSDBA membership on Oracle Restart who want to have access to the files managed by ASM should be members of this group. If you do not designate a separate group as the OSASM group, then the OSDBA group you define is also by default the OSASM group.

    The Oracle Grid Infrastructure software owner (typically, grid) must be a member of the OSDBA group. Membership in the OSDBA group enables access to the files managed by Oracle ASM. If you have a separate OSDBA group for Oracle ASM, then the Oracle Restart software owner must be a member of the OSDBA group for each database and the OSDBA group for Oracle ASM.

  • The OSASM group for Oracle ASM (typically, asmadmin)

    SYSASM privileges for Oracle ASM files provide administrator privileges for storage file. In Oracle documentation, the operating system group whose members are granted SYSASM privileges is called the OSASM group, and in command lines, is referred to as asmadmin. Oracle ASM can support multiple databases.

    Members of the OSASM group can use SQL to connect to an Oracle ASM instance as SYSASM using operating system authentication. The SYSASM privileges permit mounting and dismounting of disk groups, and other storage administration tasks. SYSASM privileges provide no access privileges on an RDBMS instance.

    If you do not designate a separate group as the OSASM group, then the OSDBA group you define is also, by default, the OSASM group.

  • The OSOPER group for Oracle ASM (typically, asmoper)

    This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of Oracle instance administrative privileges (the SYSOPER for ASM privilege), including starting up and stopping the Oracle ASM instance. By default, members of the OSASM group also have all privileges granted by the SYSOPER for ASM privilege.

    If you want to have an OSOPER group for Oracle ASM, then the Oracle Grid Infrastructure owner must be a member of this group.

2.7.2 Creating Database Operating System Groups and Users with Job Role Separation

The following sections describe how to create the required operating system user and groups:

Note:

If necessary, contact your system administrator before using or modifying an existing user.

Oracle recommends that you do not use the UID and GID defaults on each node because group and user IDs likely will be different on each node. Instead, provide common assigned group and user IDs, and confirm that they are unused on any node before you create or modify groups and users.

2.7.2.1 Creating the Oracle Inventory Group

When you install Oracle software on the system for the first time, Oracle Universal Installer creates the oraInst.loc file. This file identifies the name of the Oracle Inventory group (typically, oinstall) and the path of the Oracle Inventory directory.

You can configure one group to be the access control group for Oracle Inventory, for database administrators (OSDBA), and for all other access control groups used by Oracle software for operating system authentication. However, this group then must be the primary group for all users granted administrative privileges.

Log in as root, and use the following instructions to locate or create the Oracle Inventory group and a software owner:

Determining if the Oracle Inventory Group Exists

An oraInst.loc file in the /var/opt/oracle directory has contents similar to the following:

inventory_loc=central_inventory_location
inst_group=group

In the preceding example, central_inventory_location is the location of the Oracle Central Inventory, and group is the name of the group that has permissions to write to the central inventory.

If you have an existing Oracle Inventory, then ensure that you use the same Oracle Inventory for all Oracle software installations, and ensure that all Oracle software users you intend to use for installation have permissions to write to this directory.

To determine if the Oracle Inventory group exist, enter the following command:

# grep oinstall /etc/group

To determine if the oraInst.loc file exists, enter the following command:

# more /var/opt/oracle/oraInst.loc

If the oraInst.loc file exists, then the output from this command is similar to the following:

inventory_loc=/u01/app/oraInventory
inst_group=oinstall

In the previous output example:

  • The inventory_loc group shows the location of the Oracle Inventory

  • The inst_group parameter shows the name of the Oracle Inventory group (in this example, oinstall).

Creating the Oracle Inventory Group

If the oraInst.loc file does not exist, then create the Oracle Inventory group by entering the following command:

# /usr/sbin/groupadd oinstall

2.7.2.2 Creating the OSDBA Group for Database Installations

You must create an OSDBA group in the following circumstances:

  • An OSDBA group does not exist, for example, if this is the first installation of Oracle software on the system

  • An OSDBA group exists, but you want to give a different group of operating system users database administrative privileges for a new Oracle installation

If the OSDBA group does not exist or if you require a new OSDBA group, then create it as follows. In the following procedure, use the group name dba unless a group with that name exists:

# /usr/sbin/groupadd -g 502 dba

2.7.2.3 Creating an OSOPER Group for Database Installations

Create an OSOPER group only if you want to identify a group of operating system users with a limited set of database administrative privileges (SYSOPER operator privileges). For most installations, it is sufficient to create only the OSDBA group. If you want to use an OSOPER group, then you must create it in the following circumstances:

  • If an OSOPER group does not exist; for example, if this is the first installation of Oracle software on the system

  • If an OSOPER group exists, but you want to give a different group of operating system users database operator privileges in a new Oracle installation

If you require a new OSOPER group (typically, oper), then create it as follows. In the following, use the group name oper unless a group with that name already exists:

# /usr/sbin/groupadd -g 503 oper

2.7.2.4 Creating the OSASM Group for Oracle Automatic Storage Management

If the OSASM group does not exist or if you require a new OSASM group, then create it as follows. In the following procedure, use the group name asmadmin unless a group with that name already exists:

# /usr/sbin/groupadd -g 504 asmadmin

2.7.2.5 Creating the OSDBA Group for Oracle Automatic Storage Management

If you require a new OSDBA group for Oracle ASM, then create it as follows. In the following procedure, use the group name asmdba unless a group with that name already exists:

# /usr/sbin/groupadd -g 506 asmdba

2.7.2.6 Creating the OSOPER Group for Oracle Automatic Storage Management

If you require an OSOPER group, then create it as follows. In the following procedure, use the group name asmoper unless a group with that name already exists:

# /usr/sbin/groupadd -g 505 asmoper

2.7.2.7 Creating the Oracle Software Owner User

You must create an Oracle software owner user in the following circumstances:

  • If an Oracle software owner user does not exist; for example, if this is the first installation of Oracle software on the system.

  • If an Oracle software owner user exists, but you want to use a different operating system user, with different group membership, to give database administrative privileges to those groups in a new Oracle Audit Vault Server installation.

  • If you have created an Oracle software owner for Oracle Grid Infrastructure, such as grid, and you want to create a separate Oracle software owner for Oracle Audit Vault Server software, such as oracle.

2.7.2.7.1 Determining if an Oracle Software Owner User Exists

To determine if an Oracle software owner user named oracle, or grid exists, enter a command similar to the following:

# id oracle
# id grid

If the oracle user exists, then the output from this command is similar to the following:

uid=501(oracle) gid=501(oinstall) groups=502(dba),503(oper)

If the grid user exists, then the output from this command is similar to the following:

uid=8001(oracle) gid=8001(oinstall) groups=8001(oinstall),8002(asmadmin),8003(asmdba),8006(dba)

Determine if you want to use the existing user or create another user. If you want to use the existing user, then ensure that the user's primary group is the Oracle Inventory group (oinstall) and that it is a member of the appropriate OSDBA and OSOPER groups. See the following sections for more information:

Note:

If necessary, contact your system administrator before using or modifying an existing user.
2.7.2.7.2 Creating an Oracle Software Owner User

If the Oracle software owner user does not exist, or if you require a new Oracle software owner user, such as oracle or grid, then create it as described in this section (in this case to create the oracle user).

In the following procedure, use the user name oracle unless a user with that name already exists:

  1. To create an oracle user, enter a command similar to the following:

    # /usr/sbin/useradd -u 502 -g oinstall -G dba,asmdba,[oper] oracle
    

    In the preceding command:

    • The -u option specifies the user ID. Using this command flag is optional because the system can provide you with an automatically generated user ID number. You must note the oracle user ID number because you will need it during preinstallation.

    • The -g option specifies the primary group, which must be the Oracle Inventory group, for example oinstall.

    • The -G option specifies the secondary groups, which must include the OSDBA group, and, if required, the OSOPER and ASMDBA groups, for example, dba, asmdba, or oper.

  2. Set the password of the oracle user:

    # passwd oracle
    
2.7.2.7.3 Modifying an Existing Oracle Software Owner User

If the oracle user exists, but its primary group is not oinstall, or it is not a member of the appropriate OSDBA or OSOPER groups, then modify it as follows:

Specify the primary group using the -g option and any required secondary group using the -G option:

# /usr/sbin/usermod -g oinstall -G dba,asmdba[,oper] oracle

2.8 Configure Shell Limits

Oracle recommends that you set shell limits and system configuration parameters as described in this section.

Note:

The shell limit values in this section are minimum values only. For production database systems, Oracle recommends that you tune these values to optimize the performance of the system. See your operating system documentation for more information on configuring shell limits.

The ulimit settings determine process memory related resource limits. Verify that the shell limits displayed in the following table are set to the values shown:

Shell Limit Recommended Value
TIME -1 (Unlimited)
FILE -1 (Unlimited)
DATA Minimum value: 1048576
STACK Minimum value: 32768
NOFILES Minimum value: 4096
VMEMORY Minimum value: 4194304

To display the current value specified for these shell limits enter the following commands:

ulimit -t
ulimit -f
ulimit -d
ulimit -s
ulimit -n
ulimit -v

2.9 Configuring Kernel Parameters on Oracle Solaris 10

During installation, you can generate and run the Fixup script to check and set the kernel parameter values required for successful installation of the database. This script updates required kernel packages if necessary to minimum values.

If you cannot use the Fixup scripts, then verify that the kernel parameters shown in the following table are set to values greater than or equal to the minimum value shown. The procedure following the table describes how to verify and set the values manually.

Note:

The kernel parameter values in this section are minimum values only. For production database systems, Oracle recommends that you tune these values to optimize the performance of the system. Refer to your operating system documentation for more information about tuning kernel parameters.

On Oracle Solaris 10, verify that the kernel parameters shown in the following table are set to values greater than or equal to the minimum value shown. The table also contains the resource controls that replace the /etc/system file for a specific kernel parameter. As Oracle Audit Vault does not set project information when starting processes, some /etc/system processes that are deprecated but not removed must still be set for Oracle Audit Vault.

Note:

On Oracle Solaris 10, you are not required to make changes to the /etc/system file to implement the System V IPC. Oracle Solaris 10 uses the resource control facility for its implementation. However, Oracle recommends that you set both resource control and /etc/system/ parameters. Operating system parameters not replaced by resource controls continue to affect performance and security on Oracle Solaris 10 systems. For further information, contact your vendor.
Parameter Replaced by Resource Control Minimum Value
noexec_user_stack NA 1
semsys:seminfo_semmni project.max-sem-ids 100
semsys:seminfo_semmns NA 1024
semsys:seminfo_semmsl process.max-sem-nsems 256
semsys:seminfo_semvmx NA 32767
shmsys:shminfo_shmmax project.max-shm-memory 4294967295
shmsys:shminfo_shmmni project.max-shm-ids 100

Note:

  • project.max-shm-memory resource control = single largest segment * number of Oracle database instances started

  • The project.max-shm-memory resource control value assumes that no other application is using the shared memory segment from this project other than the Oracle instances. If applications, other than the Oracle instances are using the shared memory segment, then you must add that shared memory usage to the project.max-shm-memory resource control value.

On Oracle Solaris 10, use the following procedure to display the current value specified for resource controls, and to change them if necessary:

  1. To display the current values of the resource control, enter the following commands:

    $ id -p // to verify the project id
    uid=100(oracle) gid=100(dba) projid=1 (group.dba)
    $ prctl -n project.max-shm-memory -i project group.dba
    $ prctl -n project.max-sem-ids -i project group.dba
    
  2. If you must change any of the current values, then:

    1. To modify the value of max-shm-memory to 6 GB:

      # prctl -n project.max-shm-memory -v 6gb -r -i project group.dba
      
    2. To modify the value of max-sem-ids to 256:

      # prctl -n project.max-sem-ids -v 256 -r -i project group.dba
      

Note:

When you use the prctl command (Resource Control) to change system parameters, you do not need to restart the system for these parameter changes to take effect. However, the changed parameters do not persist after a system restart.

Use the following procedure to modify the resource control project settings, so that they persist after a system restart:

  1. By default, Oracle instances are run as the oracle user of the dba group. A project with the name group.dba is created to serve as the default project for the oracle user. Run the command id to verify the default project for the oracle user:

    # su - oracle
    $ id -p
    uid=100(oracle) gid=100(dba) projid=100(group.dba)
    $ exit
    
  2. To set the maximum shared memory size to 2 GB, run the projmod command:

    # projmod -sK "project.max-shm-memory=(privileged,2G,deny)" group.dba
    

    Alternatively, add the resource control value project.max-shm-memory=(privileged,2147483648,deny) to the last field of the project entries for the Oracle project.

  3. After these steps are complete, check the values for the /etc/project file using the following command:

    # cat /etc/project
    

    The output should be similar to the following:

    system:0::::
    user.root:1::::
    noproject:2::::
    default:3::::
    group.staff:10::::
    group.dba:100:Oracle default
    project:::project.max-shmmemory=(privileged,2147483648,deny)
        
    
  4. To verify that the resource control is active, check process ownership, and run the commands id and prctl, as in the following example:

    # su - oracle
    $ id -p
    uid=100(oracle) gid=100(dba) projid=100(group.dba)
    $ prctl -n project.max-shm-memory -i process $$
    process: 5754: -bash
    NAME                    PRIVILEGE     VALUE     FLAG     ACTION    RECIPIENT
    project.max-shm-memory  privileged    2.00GB     -       deny 
    

    Note:

    The value for the maximum shared memory depends on the SGA requirements and should be set to a value greater than the SGA size.

    For more information, see the Oracle Solaris Tunable Parameters Reference Manual.

See Also:

2.10 Identifying Required Software Directories

You must identify or create the following directories for the Oracle software:

Note:

  • Ensure that the paths you select for Oracle software, such as the Oracle home path and the Oracle base path, use only ASCII characters. Because installation owner names are used by default for some path, this ASCII character restriction applies to user names, file names, and directory names.

  • Ensure that all paths used by the database software, such as the Oracle home path and the Oracle base path, use characters only from the following set: "#%&'()*+,-./:;<=>?@_A-Za-z0-9. This includes user names, file names, and directory names. At the time of this release, the use of other characters for an Oracle Grid Infrastructure home or Oracle Audit Vault Server home is not supported. The set of characters provided above is further restricted by user and file naming rules of the operating system.

2.10.1 Oracle Base Directory

The Oracle base directory is a top-level directory for Oracle software installations. The Optimal Flexible Architecture (OFA) guidelines recommend that you use a path similar to the following for the Oracle base directory:

/mount_point/app/software_owner

In this example:

  • mount_point is the mount point directory for the file system that will contain the Oracle software.

    The examples in this guide use /u01 for the mount point directory. However, you can choose another mount point directory, such as /oracle or /opt/oracle.

  • software_owner is the operating system user name of the software owner installing the Oracle software, for example oracle, or grid.

Note:

If you start a database instance using spfile with ORACLE_BASE environment variable set, then its value is automatically stored in spfile. If you unset ORACLE_BASE environment variable subsequently and start the instance afresh, then database uses the value of Oracle base stored in spfile.

You must specify the Oracle base folder that contains all Oracle products.

Note:

If you have an existing Oracle base, then you can select it from the Use existing list. By default, the list contains the existing value for Oracle base preselected. Refer to Section 4.3 and Section 4.5 for further information.

If you do not have an Oracle base, then you can create one by editing the text in the list box.

You can use the same Oracle base directory for more than one installation or you can create separate Oracle base directories for different installations. If different operating system users install Oracle software on the same system, then each user must create a separate Oracle base directory. The following are examples of Oracle base directories that can exist on the same system:

/u01/app/oracle
/u01/app/orauser

Refer to Section 2.11.2 for information about creating an Oracle base directory.

2.10.2 Oracle Inventory Directory

The Oracle Inventory directory (oraInventory) stores an inventory of all software installed on the system. It is required and shared by all Oracle software installations on a single system. If you have an existing Oracle Inventory path, then Oracle Universal Installer continues to use that Oracle Inventory.

The first time you install Oracle software on a system, Oracle Universal Installer provides an OFA-compliant path in the format u[01-09]/app, such as /u01/app. The user running the installation has permissions to write to that path. If this is true, then Oracle Universal Installer creates the Oracle Inventory directory in the path /u[01-09]/app/oraInventory. For example:

/u01/app/oraInventory

If you have set ORACLE_BASE for the oracle user during installation, then Oracle Universal Installer creates the Oracle Inventory directory in the path ORACLE_BASE/../oraInventory. For example, if ORACLE_BASE is set to /opt/oracle/11, then the Oracle Inventory directory is created in the path /opt/oracle/oraInventory.

If you have neither created an OFA-compliant path nor set ORACLE_BASE, then the Oracle Inventory directory is placed in the home directory of the user that is performing the installation. For example:

/home/oracle/oraInventory

Oracle Universal Installer creates the directory that you specify and sets the correct owner, group, and permissions for it. You do not need to create it.

Note:

  • All Oracle software installations rely on this directory. Ensure that you back it up regularly.

  • Do not delete this directory unless you have completely removed all Oracle software from the system.

  • By default, the Oracle Inventory directory is not installed under the Oracle Base directory. This is because all Oracle software installations share a common Oracle Inventory, so there is only one Oracle Inventory for all users. Whereas, there is a separate Oracle Base for each user.

2.10.3 Oracle Home Directory

The Oracle home directory is the directory where you choose to install the software for a particular Oracle product. You must install different Oracle products or different releases of the same Oracle product in separate Oracle home directories. When you run Oracle Universal Installer, it prompts you to specify the path to this directory as well as a name that identifies it. The directory that you specify must be a subdirectory of the Oracle base directory. Oracle recommends that you specify a path similar to the following for the Oracle home directory:

oracle_base/product/10.3.0/av_1

Oracle Universal Installer creates the directory path that you specify under the Oracle base directory. It also sets the correct owner, group, and permissions on it. You do not need to create this directory.

Note:

During installation, you must not specify an existing directory that has predefined permissions applied to it as the Oracle home directory. If you do, then you may experience installation failure due to file and group ownership permission errors.

2.11 Identifying or Creating an Oracle Base Directory

Before starting the installation, you must either identify an existing Oracle base directory or if required, create one. This section contains information about the following:

Note:

You can choose to create an Oracle base directory, even if other Oracle base directories exist on the system.

2.11.1 Identifying an Existing Oracle Base Directory

Existing Oracle base directories may not have paths that comply with OFA (Optimal Flexible Architecture) guidelines. However, if you identify an existing Oracle Inventory directory or existing Oracle home directories, then you can usually identify the Oracle base directories, as follows:

  • Identifying an existing Oracle Inventory directory. Refer to Section 2.7.2.1 for more information.

    Note:

    Oracle recommends that you do not put the oraInventory directory under Oracle base for a new installation. However, if you have an existing installation, then you should follow the steps suggested in this section.
  • Identifying an existing Oracle home directory

    Enter the following command to display the contents of the oratab file:

    # more /var/opt/oracle/oratab
    

    If the oratab file exists, then it contains lines similar to the following:

    *:/u03/app/oracle/product/11.2.0/dbhome_1:N
    *:/opt/orauser/infra_904:N
    *:/oracle/9.2.0:N
    

    The directory paths specified on each line identify Oracle home directories. Directory paths that end with the user name of the Oracle software owner that you want to use are valid choices for an Oracle base directory. If you intend to use the oracle user to install the software, then you can choose one of the following directories listed in the previous example:

    /u03/app/oracle
    /oracle
    

    Note:

    If possible, choose a directory path similar to the first one (/u03/app/oracle). This path complies with the OFA guidelines.
  • Identifying an existing Oracle base directory

    After you have located the Oracle home directory, run a similar command to confirm the location of Oracle base:

    cat /u01/app/oraInventory/ContentsXML/inventory.xml
    

Before deciding to use an existing Oracle base directory for this installation, ensure that it satisfies the following conditions:

  • It should not be on the same file system as the operating system.

  • The Oracle base directory requires a free disk space of 5 GB for its software files.

    To determine the free disk space on the file system where the Oracle base directory is located, enter the following command:

    # df -k
    

    This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df command with the -h flag (df -h) to display output in "human-readable" format.

See the following sections for more information:

  • If an Oracle base directory exists and you want to use it, then refer to Section 2.12.

    When you configure the oracle user's environment later in this chapter, set the ORACLE_BASE environment variable to specify the directory you chose.

  • If an Oracle base directory does not exist on the system or if you want to create an Oracle base directory, then refer to the following section.

2.11.2 Creating an Oracle Base Directory

Before you create an Oracle base directory, you must identify an appropriate file system with sufficient free disk space.

To identify an appropriate file system:

  1. To determine the free disk space on each mounted file system use the following command:

    # df -k
    

    This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df command with the -h flag (df -h) to display output in "human-readable" format.

  2. From the display, identify a file system that has appropriate free space.

    The file system that you identify can be a local file system, a cluster file system, or an NFS file system on a certified NAS device.

  3. Note the name of the mount point directory for the file system that you identified.

To create the Oracle base directory and specify the correct owner, group, and permissions for it:

  1. Enter commands similar to the following to create the recommended subdirectories in the mount point directory that you identified and set the appropriate owner, group, and permissions on them:

    # mkdir -p /mount_point/app/oracle_sw_owner
    # chown -R oracle:oinstall /mount_point/app/oracle_sw_owner
    # chmod -R 775 /mount_point/app/oracle_sw_owner
    

    For example:

    # mkdir -p /u01/app/oracle
    # chown -R oracle:oinstall /u01/app/oracle
    # chmod -R 775 /u01/app/oracle
    
  2. When you configure the oracle user's environment (see Section 2.14), set the ORACLE_BASE environment variable to specify the Oracle base directory that you have created.

2.12 Choosing a Storage Option for Oracle Audit Vault Server and Recovery Files

Oracle Audit Vault Server files include data files, control files, redo log files, the server parameter file, and the password file. For all installations, you must choose the storage option that you want to use for Oracle Audit Vault Server files. If you want to enable automated backups during the installation, then you must also choose the storage option that you want to use for recovery files (the fast recovery area). You do not have to use the same storage option for each file type.

Note:

Oracle Audit Vault Server files and recovery files are supported on file systems and Oracle ASM.

Use the following guidelines when choosing the storage options that you want to use for each file type:

For information about how to configure disk storage before you start the installation, refer to one of the following sections depending on your choice:

2.13 Creating Directories for Oracle Audit Vault Server or Recovery Files

This section contains the following topics:

2.13.1 Guidelines for Placing Oracle Audit Vault Server Files on a File System

If you choose to place the Oracle Audit Vault Server files on a file system, then use the following guidelines when deciding where to place them:

  • The default path suggested by Oracle Universal Installer for the database file directory is a subdirectory of the Oracle base directory.

  • You can choose either a single file system or more than one file system to store the database files:

    • If you want to use a single file system, then choose a file system on a physical device that is dedicated to the database.

      For best performance and reliability, choose a RAID device or a logical volume on more than one physical device and implement the stripe-and-mirror-everything (SAME) methodology.

    • If you want to use more than one file system, then choose file systems on separate physical devices that are dedicated to the database.

      This method enables you to distribute physical input-output operations and create separate control files on different devices for increased reliability. It also enables you to fully implement the OFA guidelines. You can choose the Advanced database creation option to implement this method.

  • If you intend to create a preconfigured database during the installation, then the file system (or file systems) that you choose must have at least 2 GB of free disk space.

    For production databases, you must estimate the disk space requirement depending on the use that you want to make of the database.

  • For optimum performance, the file systems that you choose should be on physical devices that are used only by the database.

  • The oracle user must have write permissions to create the files in the path that you specify.

2.13.2 Creating Required Directories

Note:

You must perform this procedure only if you want to place the Oracle Audit Vault Server or recovery files on a separate file system to the Oracle base directory.

To create directories for the Oracle Audit Vault Server, or recovery files on separate file systems to the Oracle base directory:

  1. Use the following to determine the free disk space on each mounted file system:

    # df -k
    

    This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df command with the -h flag (df -h) to display output in "human-readable" format.

  2. From the display, identify the file systems that you want to use:

    File Type File System Requirements
    Oracle Audit Vault Server files Choose either:
    • A single file system with at least 2.5 GB of free disk space

    • Two or more file systems with at least 2.5 GB of free disk space in total

    Recovery files Choose a file system with at least 3 GB of free disk space

    If you are using the same file system for more than one type of file, then add the disk space requirements for each type to determine the total disk space requirement.

  3. Note the names of the mount point directories for the file systems that you identified.

  4. Enter commands similar to the following to create the recommended subdirectories in each of the mount point directories and set the appropriate owner, group, and permissions on them:

    • Database file directory:

      # mkdir /mount_point/oradata
      # chown oracle:oinstall /mount_point/oradata
      # chmod 775 /mount_point/oradata
      

      The default location for Database file directory is $ORACLE_BASE/oradata.

    • Recovery file directory (fast recovery area):

      # mkdir /mount_point/recovery_area
      # chown oracle:oinstall /mount_point/recovery_area
      # chmod 775 /mount_point/recovery_area
      

      The default fast recovery area is $ORACLE_BASE/recovery_area. However, Oracle recommends that you keep the fast recovery area on a separate physical disk than that of the database file directory. This will enable you to use the fast recovery area to retrieve data if the disk containing oradata is unusable due to any reasons.

  5. If you also want to use Oracle ASM for storage, then refer to Section 3.6.

2.14 Configuring the oracle User's Environment

You run Oracle Universal Installer from the oracle account. However, before you start Oracle Universal Installer you must configure the environment of the oracle user. To configure the environment, you must:

Caution:

Use shell programs supported by your operating system vendor. If you use a shell program that is not supported by your operating system, then you can encounter errors during installation.

To set the oracle user's environment:

  1. Start a new terminal session, for example, an X terminal (xterm).

  2. Enter the following command to ensure that X Window applications can display on this system:

    $ xhost fully_qualified_remote_host_name
    

    For example:

    $ xhost somehost.us.example.com
    
  3. If you are not already logged in to the system where you want to install the software, then log in to that system as the oracle user.

  4. If you are not logged in as the oracle user, then switch user to oracle:

    $ su - oracle
    
  5. To determine the default shell for the oracle user, enter the following command:

    $ echo $SHELL
    
  6. To run the shell startup script, enter one of the following commands:

    • Bash shell:

      $ . ./.bash_profile
      
    • Bourne or Korn shell:

      $ . ./.profile
      
    • C shell:

      % source ./.login
      
  7. If you are not installing the software on the local computer, then run the following command on the remote machine to set the DISPLAY variable:

    • Bourne, Bash or Korn shell:

      $ export DISPLAY=local_host:0.0      
      
    • C shell:

      % setenv DISPLAY local_host:0.0
      

    In this example, local_host is the host name or IP address of the local computer that you want to use to display Oracle Universal Installer.

    Run the following command on the remote machine to check if the shell and the DISPLAY environmental variable are set correctly:

    echo $SHELL
    echo $DISPLAY
    

    Now to enable X applications, run the following commands on the local computer:

    $ xhost + fully_qualified_remote_host_name
    

    To verify that X applications display is set properly, run a X11 based program that comes with the operating system such as xclock:

    $ xclock
    

    In this example, you can find xclock at /usr/X11R6/bin/xclock. If the DISPLAY variable is set properly, then you can see xclock on your computer screen. If you receive any display errors, refer to the section "X Window Display Errors" the Troubleshooting chapter in Oracle Database Installation Guide for more information.

    See Also:

    PC-X Server or operating system vendor documents for further assistance
  8. If you determined that the /tmp directory has less than 1 GB of free disk space, then identify a file system with at least 1 GB of free space and set the TMP and TMPDIR environment variables to specify a temporary directory on this file system:

    1. To determine the free disk space on each mounted file system use the following command:

      # df -h /tmp
      
    2. If necessary, enter commands similar to the following to create a temporary directory on the file system that you identified, and set the appropriate permissions on the directory:

      $ sudo mkdir /mount_point/tmp
      $ sudo chmod a+wr /mount_point/tmp
      # exit
      
    3. Enter commands similar to the following to set the TMP and TMPDIR environment variables:

      • Bourne, Bash, or Korn shell:

        $ TMP=/mount_point/tmp
        $ TMPDIR=/mount_point/tmp
        $ export TMP TMPDIR
        
      • C shell:

        % setenv TMP /mount_point/tmp
        % setenv TMPDIR /mount_point/tmp
        
  9. Enter commands similar to the following to set the ORACLE_BASE and ORACLE_SID environment variables:

    • Bourne, Bash, or Korn shell:

      $ ORACLE_BASE=/u01/app/oracle
      $ ORACLE_SID=sales
      $ export ORACLE_BASE ORACLE_SID
      
    • C shell:

      % setenv ORACLE_BASE /u01/app/oracle
      % setenv ORACLE_SID sales
      

    In this example, /u01/app/oracle is the Oracle base directory that you created or identified earlier and sales is the name that you want to call the database (typically no more than five characters).

  10. Enter the following commands to ensure that the ORACLE_HOME and TNS_ADMIN environment variables are not set:

    • Bourne, Bash, or Korn shell:

      $ unset ORACLE_HOME
      $ unset TNS_ADMIN
      
    • C shell:

      % unsetenv ORACLE_HOME
      % unsetenv TNS_ADMIN
      

    Note:

    If the ORACLE_HOME environment variable is set, then Oracle Universal Installer uses the value that it specifies as the default path for the Oracle home directory. However, if you set the ORACLE_BASE environment variable, then Oracle recommends that you unset the ORACLE_HOME environment variable and choose the default path suggested by Oracle Universal Installer.

See Also:

Section 3.1.3 about configuring the user's environment

2.15 Setting the DISPLAY Environment Variable

Before you begin the Audit Vault Server installation, you should check to see that the DISPLAY environment variable is set to a proper value. For example, for the Bourne, Bash, or Korn shell, you would enter the following commands, where myhost.us.example.com is your host name:

$ export DISPLAY = myhost.us.example.com:1.0

For example, for the C shell, you would enter the following command, where myhost.us.example.com is your host name:

% setenv DISPLAY myhost.us.example.com:1.0

2.16 Setting the Correct Locale

Ensure that the NLS_LANG environment variable is not set.

For example, for C shell:

unsetenv NLS_LANG

For example, for Bourne, Bash, or Korn shells:

unset NLS_LANG