Oracle® Audit Vault Server Installation Guide Release 10.3 for Oracle Solaris on SPARC (64-Bit) Part Number E23568-01 |
|
|
PDF · Mobi · ePub |
This chapter describes the tasks that you must complete before you start Oracle Universal Installer to install Oracle Audit Vault Server Release 10.3. It includes information about the following tasks:
Note:
If you want to use Oracle Automatic Storage Management (Oracle ASM) or Oracle Restart, then you must first install Oracle Grid Infrastructure for a standalone server and then install Oracle Audit Vault Server.
Choosing a Storage Option for Oracle Audit Vault Server and Recovery Files
Creating Directories for Oracle Audit Vault Server or Recovery Files
See Also:
"Preinstallation Requirements" section in Oracle Configuration Manager Installation and Administration Guide and Oracle Configuration Manager Prerequisites
Appendix A, "Country Codes", in Oracle Configuration Manager Installation and Administration Guide for a list of valid country codes that can be used while installing Oracle Configuration Manager
Before you install the Oracle software, you must complete several tasks as the root
user. To log in as the root
user, complete the following procedure:
$ su - root password: #
The system must meet the following minimum hardware requirements:
The following are the memory requirements for installing Oracle Audit Vault Server Release 10.3, which installs a customized, specially configured release of Oracle Database 11g Release 2 (11.2.0.3):
Minimum: 1 GB of RAM
Recommended: 2 GB of RAM or more
To determine the RAM size, enter the following command:
# /usr/sbin/prtconf | grep "Memory size"
If the size of the RAM is less than the required size, then you must install more memory before continuing.
The following table describes the relationship between the installed RAM and the configured swap space recommendation:
Note:
On Oracle Solaris, if you use non-swappable memory, like ISM, then deduct the memory allocated to this space from the available RAM before calculating the swap space.RAM | Swap Space |
---|---|
Between 1 GB and 2 GB | 1.5 times the size of the RAM |
Between 2 GB and 16 GB | Equal to the size of the RAM |
More than 16 GB | 16 GB |
If the size of the RAM is less than the required size, then you must install more memory before continuing.
To determine the size of the configured swap space, enter the following command:
# /usr/sbin/swap -l
If necessary, see the operating system documentation for information about how to configure additional swap space.
To determine the available RAM and swap space, enter the following command:
# sar -r -i n
Where, n
is the number of seconds to delay for the next iterations and i
is the number of iterations you want to test.
Note:
Oracle recommends that you take multiple values for the available RAM and swap space before finalizing a value. This is because the available RAM and swap space keep changing depending on the user interactions with the computer.To determine if the system architecture can run the software, enter the following command:
# /bin/isainfo -kv
This command displays the processor type.
The following is the expected output of this command:
Oracle Solaris on SPARC (64-Bit):
64-bit sparcv9 kernel modules
Verify that the processor architecture matches the Oracle software release that you want to install. If you do not see the expected output, then you cannot install the software on this system.
The following are the disk space requirements for installing Oracle Audit Vault Server Release 10.3:
At least 1 GB of space in the /tmp
directory
To determine the amount of space available in the /tmp
directory, enter the following command:
# df -k /tmp
This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df
command with the -h
flag (df -h
) to display output in "human-readable" format.
If the free space available in the /tmp
directory is less than what is required, then complete one of the following steps:
Delete unnecessary files from the /tmp
directory to meet the disk space requirement.
Set the TMP
and TMPDIR
environment variables when setting the oracle
user's environment.
Extend the file system that contains the /tmp
directory. If necessary, contact the system administrator for information about extending file systems.
The following table describes the disk space requirements for software files for each installation type on Oracle Solaris:
Installation Type | Requirement for Software Files (GB) |
---|---|
Oracle Audit Vault Server | 4.45 |
Installation Type | Disk Space for Data Files (GB) |
---|---|
Oracle Audit Vault Server | 2.30 |
To determine the amount of free disk space on the system, enter the following command:
# df -h # df -k # df -k # bdf
This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df
command with the -h
flag (df -h
) to display output in "human-readable" format.
Additional disk space, either on a file system or on an Oracle ASM disk group is required for the fast recovery area if you configure automated backups.
The minimum resolution for Oracle Audit Vault Server is 1024 x 768 or higher.
Depending on the products that you intend to install, verify that the following software is installed on your system:
Note:
This guide contains information required to install Oracle Audit Vault Server on various platforms. Ensure that you review information related to the platform on which you intend to install Oracle Audit Vault Server.
Oracle Universal Installer performs checks on the system to verify that it meets the listed requirements. To ensure that these checks pass, verify the requirements before you start Oracle Universal Installer.
Oracle Solaris 10 U6 (5.10-2008.10) or later is required for Oracle Audit Vault Server Release 10.3.
To determine the distribution and version of Oracle Solaris installed, enter the following command:
# uname -r 5.10
In this example, the version shown is Oracle Solaris 10 (5.10). If necessary, see your operating system documentation for information about upgrading the operating system.
To determine the update level of Oracle Solaris installed, enter the following command:
$ cat /etc/release
The following packages (or later versions) are required for Oracle Audit Vault Server Release 10.3 for Oracle Solaris:
SUNWarc
SUNWbtool
SUNWhea
SUNWlibC
SUNWlibm
SUNWlibms
SUNWsprot
SUNWtoo
SUNWi1of
SUNWi1cs (ISO8859-1)
SUNWi15cs (ISO8859-15)
SUNWxwfnt
SUNWcsl
Verifying Packages
You may also require additional font packages for Java, depending on your locale. See the following Web site for more information:
http://java.sun.com/j2se/1.4.2/font-requirements.html
To determine if the required packages are installed, enter commands similar to the following:
# pkginfo -i SUNWarc SUNWbtool SUNWhea SUNWlibC SUNWlibms SUNWsprot \ SUNWtoo SUNWi1of SUNWi1cs SUNWi15cs SUNWxwfnt
If a package is not installed, then install it. See your operating system or software documentation for information about installing packages.
The following, or later, patches are required for Oracle Audit Vault Server Release 10.3 for Oracle Solaris on SPARC (64-Bit):
Installation Type or Product | Requirement |
---|---|
All Installations | Patches for Oracle Solaris 10:
|
Database Smart Flash Cache | The following patches are required:
|
Verifying Operating System Patches
To determine if an operating system patch is installed, enter a command similar to the following:
# /usr/sbin/patchadd -p | grep patch_number(without version number)
For example, to determine if any version of the 119963 patch is installed, use the following command:
# /usr/sbin/patchadd -p | grep 119963
If an operating system patch is not installed, then download it from the following Web site and install it:
Depending on the components you want to use, you must ensure that the following software is installed:
See Also:
Chapter 2, "Oracle Application Express Installation Requirements" and "Recommended Pre-installation Tasks" in Oracle Application Express Installation GuideUse JDK 6 (Java SE Development Kit 1.6.0.20
) or JDK 5 (1.5.0.24
) with the JNDI extension with the Oracle Java Database Connectivity and Oracle Call Interface drivers. However, these are not mandatory for the database installation. IBM JDK 1.5 is installed with this release.
JDK 6 is the minimum level of JDK supported on Oracle Solaris 11.
Oracle Messaging Gateway supports the integration of Oracle Streams Advanced Queuing (AQ) with the following software:
IBM MQ Series V6.0, client and server
Tibco Rendezvous 7.2
The following products are certified for use with:
Pro* COBOL
Micro Focus Server Express 5.1
Pro* FORTRAN
Oracle Solaris Studio 12 Fortran F 95
Web browsers must support JavaScript, and the HTML 4.0 and CSS 1.0 standards. The following browsers meet these requirements for Oracle Enterprise Manager Database Control:
Netscape Navigator 8.1
Netscape Navigator 9.0
Microsoft Internet Explorer 6.0 SP2
Microsoft Internet Explorer 7.0 SP1
Microsoft Internet Explorer 8.0
Microsoft Internet Explorer 9.0
Firefox 2.0
Firefox 3.0.7
Firefox 3.5
Firefox 3.6
Safari 3.1
Safari 3.2
Safari 4.0.x
Google Chrome 3.0
Google Chrome 4.0
During installation, for certain prerequisite verification failures, click Fix & Check Again to generate a fixup script (runfixup.sh
). You can run this script as the root
user to complete the required preinstallation steps.
The fixup script checks for and sets kernel parameters to values required for successful installation, including:
Shared memory parameters
Open file descriptor and UDP send/receive parameters
Oracle recommends that you do not modify the contents of the generated fixup script.
Note:
Using fixup scripts does not ensure that all the prerequisites for installing Oracle Audit Vault Server are met. You must still verify that all the preinstallation requirements are met to ensure a successful installation.Use NDD to ensure that the kernel TCP/IP ephemeral port range is broad enough to provide enough ephemeral ports for the anticipated server workload. Ensure that the lower range is set to at least 9000 or higher, to avoid Well Known ports, and to avoid ports in the Registered Ports range commonly used by Oracle and other server ports. Set the port range high enough to avoid reserved ports for any applications you may intend to use. If the lower value of the range you have is greater than 9000, and the range is large enough for your anticipated workload, then you can ignore OUI warnings regarding the ephemeral port range.
Use the following command to check your current range for ephemerial ports:
# /usr/sbin/ndd /dev/tcp tcp_smallest_anon_port tcp_largest_anon_port 32768 65535
In the preceding example, tcp_smallest_anon_port
is set to the default range (32768-65535).
If necessary for your anticipated workload or number of servers , update the UDP and TCP ephemeral port range to a broader range. For example:
# /usr/sbin/ndd -set /dev/tcp tcp_smallest_anon_port 9000 # /usr/sbin/ndd -set /dev/tcp tcp_largest_anon_port 65500 # /usr/sbin/ndd -set /dev/udp udp_smallest_anon_port 9000 # /usr/sbin/ndd -set /dev/udp udp_largest_anon_port 65500
Oracle recommends that you make these settings permanent. Refer to your system administration documentation for information about how to automate this ephemeral port range alteration on system restarts.
Typically, the computer on which you want to install Oracle Audit Vault Server is connected to the network. The computer has local storage to store the Oracle Audit Vault Server installation. It also contains a display monitor and DVD drive. This section describes how to install Oracle Audit Vault Server on computers that do not meet the typical scenario. It describes the following cases:
Dynamic Host Configuration Protocol (DHCP) assigns dynamic IP addresses on a network. Dynamic addressing enables a computer to have a different IP address each time it connects to the network. In some cases, the IP address can change while the computer is still connected. You can have a mixture of static and dynamic IP addressing in a DHCP system.
In a DHCP setup, the software tracks IP addresses, which simplifies network administration. This lets you add a new computer to the network without having to manually assign a unique IP address to the newly added computer.
Do not install Oracle Audit Vault Server in an environment where the IP addresses of the Audit Vault Server or the Oracle Audit Vault collection agent can change. If your environment uses DHCP, ensure that all Oracle Audit Vault systems use static IP addresses.
You can install Oracle Audit Vault Server on a multihomed computer. A multihomed computer is associated with multiple IP addresses. This is typically achieved by having multiple network cards on the computer. Each IP address is associated with a host name. In addition, you can set up aliases for the host name. By default, Oracle Universal Installer uses the ORACLE_HOSTNAME
environment variable setting to find the host name. If ORACLE_HOSTNAME
is not set and you are installing on a computer that has multiple network cards, then Oracle Universal Installer determines the host name from the /etc/hosts
file.
Clients must be able to access the computer either by using this host name or by using aliases for this host name. To verify this, ping the host name from the client computers using the short name (host name only) and the full name (host name and domain name). Both tests must be successful.
Setting the ORACLE_HOSTNAME Environment Variable
Use the following procedure to set the ORACLE_HOSTNAME
environment variable. For example, if the fully qualified host name is somehost.us.example.com
, then enter one of the following commands:
In Bourne, Bash, or Korn shell:
$ ORACLE_HOSTNAME=somehost.us.example.com $ export ORACLE_HOSTNAME
In C shell:
% setenv ORACLE_HOSTNAME somehost.us.example.com
A computer with multiple aliases is registered with the naming service under a single IP address but with multiple aliases. The naming service resolves any of those aliases to the same computer. Before installing Oracle Audit Vault Server on such a computer, set the ORACLE_HOSTNAME
environment variable to the computer whose host name you want to use.
Depending on if this is the first time Oracle software is being installed on this system and on the products that you are installing, you may need to create several operating system groups and users. Log in to your system as the root
user before you attempt to create these operating system groups and users.
If you are installing Oracle Audit Vault Server, it requires the following operating system groups and user:
You must create this group the first time you install Oracle Audit Vault software on the system. It identifies operating system user accounts that have database administrative privileges (the SYSDBA
privilege). The default name for this group is dba
.
This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of administrative privileges (the SYSOPER
privilege). By default, members of the OSDBA group also have the SYSOPER
privilege.
Verify that the unprivileged user nobody
exists on the system. The nobody
user must own the external jobs (extjob
) executable after the installation.
The following operating system group and user are required for all installations:
The Oracle Inventory group (oinstall
)
You must create this group the first time you install Oracle software on the system. The usual name chosen for this group is oinstall
. This group owns the Oracle inventory, which is a catalog of all Oracle software installed on the system.
Note:
If Oracle software is already installed on the system, then the existing Oracle Inventory group must be the primary group of the operating system user that you use to install new Oracle software. The following topics describe how to identify an existing Oracle Inventory group.The Oracle software owner user (typically, oracle
)
You must create this user the first time you install Oracle software on the system. This user owns all software installed during the installation. This user must have the Oracle Inventory group as its primary group. It must also have the OSDBA and OSOPER groups as secondary groups.
Note:
In Oracle documentation, this user is referred to as theoracle
user.All installations of Oracle software on the system require a single Oracle Inventory group. After the first installation of Oracle software, you must use the same Oracle Inventory group for all subsequent Oracle software installations on that system. However, you can choose to create different Oracle software owner users, OSDBA groups, and OSOPER groups (other than oracle
, dba
, and oper
) for separate installations. By using different groups for different installations, members of these different groups have DBA privileges only on the associated databases, rather than on all databases on the system.
See Also:
Oracle Database Administrator's Guide for more information about the OSDBA group and theSYSDBA
and SYSOPER
privilegesNote:
The following topics describe how to create local users and groups. As an alternative to creating local users and groups, you could create the appropriate users and groups in a directory service, for example, Network Information Services (NIS). For information about using directory services, contact your system administrator or see your operating system documentation.If you prefer to allocate operating system user privileges so that you can use one administrative user and one group for operating system authentication for all administrative privileges, then you can use the oracle
user as the installation owner, and use one group as the primary group for any user requiring administrative privileges for Oracle ASM, and Oracle Audit Vault Server administration. This group must also be the Oracle Inventory group. To simplify using the defaults for Oracle tools the group name should be oinstall
.
You can also create custom configuration groups and users based on job role separation. A custom configuration is a configuration with groups and users that divide access privileges granted by membership in separate operating system groups and users. You can create a single user (for example, oracle
) to own both Oracle Audit Vault Server, and Oracle Grid Infrastructure installations. Alternatively, you can create a separate user (for example, grid
) to own the Oracle Grid Infrastructure installation.
Note that all Oracle Audit Vault Server and Oracle Grid Infrastructure for a standalone server installations must be owned by the Oracle software owner user (oracle
), and belong to the Oracle Inventory group (oinstall
).
Creating Custom Configuration Groups and Users for Job Roles
Creating Database Operating System Groups and Users with Job Role Separation
Note:
In Oracle documentation, a user created to own only Oracle Grid Infrastructure software installations is called thegrid
user. A user created to own either all Oracle installations, or only Oracle Audit Vault installations, is called the oracle
user.This section provides an overview of how to create users and groups to divide access privileges by job roles. Log in as root
to create these groups and users.
Understanding Restrictions for Oracle Installations with Job Role Separation
Oracle Grid Infrastructure Groups for Job Role Installations
Oracle recommends that you create one software owner to own each Oracle software installation (typically, oracle
, for the database software and grid
for the Oracle Restart owner user). You must create at least one software owner the first time you install Oracle software on the system.
To create separate Oracle software owners, to create separate users, and separate operating system privileges groups for different Oracle software installations, note that each of these users must have the Oracle central inventory group (oraInventory
group) as their primary group. Members of this group have write privileges to the Oracle central inventory (oraInventory
) directory. In Oracle documentation, this group is represented as oinstall
in code examples. See Section 2.7.2.1 about creating the Oracle Inventory Group.
The database software owner (typically, oracle
) must also have the OSDBA group of the Oracle Grid Infrastructure home so that database instances can log on to Oracle ASM, and (if you create it) the OSOPER group as secondary groups. In Oracle documentation, the Oracle software owner users are referred to as oracle
users.
For Oracle Grid Infrastructure only, the grid user (grid
) must be in the OSDBA group of every database home.
See Also:
Oracle Database Administrator's Guide for more information about the OSDBA, OSASM and OSOPER groups, and theSYSDBA
, SYSASM
and SYSOPER
privilegesCreate the following operating system groups if you are installing Oracle Audit Vault Server:
The OSDBA group (typically, dba
)
You must create this group the first time you install Oracle software on the system. This group identifies operating system user accounts that have database administrative privileges (the SYSDBA
privilege). The name used for this group in Oracle code examples is dba
.
The OSOPER group (typically, oper
)
This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of database administrative privileges (the SYSOPER
privilege). This group cannot directly connect as SYSOPER
, unless explicitly granted. However, they will have the privileges granted by the SYSOPER
privilege. By default, members of the OSDBA group have all privileges granted by the SYSOPER
privilege.
Oracle Universal Installer prompts you to specify the name of this group. The usual name chosen for this group is oper
.
Create the following operating system groups if you are installing Oracle Grid Infrastructure:
Note:
You can designate a unique group, separate from database administrator groups, or you can use the same group as the OSASM and OSDBA groups, to grant system privileges to administer both the Oracle ASM instances and Oracle Audit Vault Server instances.The OSDBA group for Oracle ASM (typically, asmdba
)
The OSDBA group for Oracle ASM can be the same group used as the OSDBA group for the database, or you can create a separate OSDBA group for Oracle ASM (typically, asmdba
) to provide administrative access to Oracle ASM instances.
Members of the OSDBA group for Oracle Restart are granted read and write access to files managed by Oracle Restart. The Oracle Restart software owner (typically grid
) must be a member of this group, and all users with OSDBA membership on Oracle Restart who want to have access to the files managed by ASM should be members of this group. If you do not designate a separate group as the OSASM group, then the OSDBA group you define is also by default the OSASM group.
The Oracle Grid Infrastructure software owner (typically, grid
) must be a member of the OSDBA group. Membership in the OSDBA group enables access to the files managed by Oracle ASM. If you have a separate OSDBA group for Oracle ASM, then the Oracle Restart software owner must be a member of the OSDBA group for each database and the OSDBA group for Oracle ASM.
The OSASM group for Oracle ASM (typically, asmadmin
)
SYSASM
privileges for Oracle ASM files provide administrator privileges for storage file. In Oracle documentation, the operating system group whose members are granted SYSASM
privileges is called the OSASM group, and in command lines, is referred to as asmadmin
. Oracle ASM can support multiple databases.
Members of the OSASM group can use SQL to connect to an Oracle ASM instance as SYSASM
using operating system authentication. The SYSASM
privileges permit mounting and dismounting of disk groups, and other storage administration tasks. SYSASM
privileges provide no access privileges on an RDBMS instance.
If you do not designate a separate group as the OSASM group, then the OSDBA group you define is also, by default, the OSASM group.
The OSOPER group for Oracle ASM (typically, asmoper
)
This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of Oracle instance administrative privileges (the SYSOPER
for ASM privilege), including starting up and stopping the Oracle ASM instance. By default, members of the OSASM group also have all privileges granted by the SYSOPER for ASM privilege.
If you want to have an OSOPER group for Oracle ASM, then the Oracle Grid Infrastructure owner must be a member of this group.
The following sections describe how to create the required operating system user and groups:
Creating the OSASM Group for Oracle Automatic Storage Management
Creating the OSDBA Group for Oracle Automatic Storage Management
Creating the OSOPER Group for Oracle Automatic Storage Management
Note:
If necessary, contact your system administrator before using or modifying an existing user.Oracle recommends that you do not use the UID and GID defaults on each node because group and user IDs likely will be different on each node. Instead, provide common assigned group and user IDs, and confirm that they are unused on any node before you create or modify groups and users.
When you install Oracle software on the system for the first time, Oracle Universal Installer creates the oraInst.loc
file. This file identifies the name of the Oracle Inventory group (typically, oinstall
) and the path of the Oracle Inventory directory.
You can configure one group to be the access control group for Oracle Inventory, for database administrators (OSDBA), and for all other access control groups used by Oracle software for operating system authentication. However, this group then must be the primary group for all users granted administrative privileges.
Log in as root
, and use the following instructions to locate or create the Oracle Inventory group and a software owner:
Determining if the Oracle Inventory Group Exists
An oraInst.loc
file in the /var/opt/oracle directory has contents similar to the following:
inventory_loc=central_inventory_location inst_group=group
In the preceding example, central_inventory_location is the location of the Oracle Central Inventory, and group is the name of the group that has permissions to write to the central inventory.
If you have an existing Oracle Inventory, then ensure that you use the same Oracle Inventory for all Oracle software installations, and ensure that all Oracle software users you intend to use for installation have permissions to write to this directory.
To determine if the Oracle Inventory group exist, enter the following command:
# grep oinstall /etc/group
To determine if the oraInst.loc
file exists, enter the following command:
# more /var/opt/oracle/oraInst.loc
If the oraInst.loc
file exists, then the output from this command is similar to the following:
inventory_loc=/u01/app/oraInventory inst_group=oinstall
In the previous output example:
The inventory_loc
group shows the location of the Oracle Inventory
The inst_group
parameter shows the name of the Oracle Inventory group (in this example, oinstall
).
Creating the Oracle Inventory Group
If the oraInst.loc
file does not exist, then create the Oracle Inventory group by entering the following command:
# /usr/sbin/groupadd oinstall
You must create an OSDBA group in the following circumstances:
An OSDBA group does not exist, for example, if this is the first installation of Oracle software on the system
An OSDBA group exists, but you want to give a different group of operating system users database administrative privileges for a new Oracle installation
If the OSDBA group does not exist or if you require a new OSDBA group, then create it as follows. In the following procedure, use the group name dba
unless a group with that name exists:
# /usr/sbin/groupadd -g 502 dba
Create an OSOPER group only if you want to identify a group of operating system users with a limited set of database administrative privileges (SYSOPER
operator privileges). For most installations, it is sufficient to create only the OSDBA group. If you want to use an OSOPER group, then you must create it in the following circumstances:
If an OSOPER group does not exist; for example, if this is the first installation of Oracle software on the system
If an OSOPER group exists, but you want to give a different group of operating system users database operator privileges in a new Oracle installation
If you require a new OSOPER group (typically, oper
), then create it as follows. In the following, use the group name oper
unless a group with that name already exists:
# /usr/sbin/groupadd -g 503 oper
If the OSASM group does not exist or if you require a new OSASM group, then create it as follows. In the following procedure, use the group name asmadmin
unless a group with that name already exists:
# /usr/sbin/groupadd -g 504 asmadmin
If you require a new OSDBA group for Oracle ASM, then create it as follows. In the following procedure, use the group name asmdba
unless a group with that name already exists:
# /usr/sbin/groupadd -g 506 asmdba
If you require an OSOPER group, then create it as follows. In the following procedure, use the group name asmoper
unless a group with that name already exists:
# /usr/sbin/groupadd -g 505 asmoper
You must create an Oracle software owner user in the following circumstances:
If an Oracle software owner user does not exist; for example, if this is the first installation of Oracle software on the system.
If an Oracle software owner user exists, but you want to use a different operating system user, with different group membership, to give database administrative privileges to those groups in a new Oracle Audit Vault Server installation.
If you have created an Oracle software owner for Oracle Grid Infrastructure, such as grid
, and you want to create a separate Oracle software owner for Oracle Audit Vault Server software, such as oracle
.
To determine if an Oracle software owner user named oracle
, or grid
exists, enter a command similar to the following:
# id oracle # id grid
If the oracle
user exists, then the output from this command is similar to the following:
uid=501(oracle) gid=501(oinstall) groups=502(dba),503(oper)
If the grid
user exists, then the output from this command is similar to the following:
uid=8001(oracle) gid=8001(oinstall) groups=8001(oinstall),8002(asmadmin),8003(asmdba),8006(dba)
Determine if you want to use the existing user or create another user. If you want to use the existing user, then ensure that the user's primary group is the Oracle Inventory group (oinstall
) and that it is a member of the appropriate OSDBA and OSOPER groups. See the following sections for more information:
Note:
If necessary, contact your system administrator before using or modifying an existing user.If the Oracle software owner user does not exist, or if you require a new Oracle software owner user, such as oracle
or grid
, then create it as described in this section (in this case to create the oracle
user).
In the following procedure, use the user name oracle
unless a user with that name already exists:
To create an oracle
user, enter a command similar to the following:
# /usr/sbin/useradd -u 502 -g oinstall -G dba,asmdba,[oper] oracle
In the preceding command:
The -u option specifies the user ID. Using this command flag is optional because the system can provide you with an automatically generated user ID number. You must note the oracle
user ID number because you will need it during preinstallation.
The -g
option specifies the primary group, which must be the Oracle Inventory group, for example oinstall
.
The -G
option specifies the secondary groups, which must include the OSDBA group, and, if required, the OSOPER and ASMDBA groups, for example, dba
, asmdba
, or oper
.
Set the password of the oracle
user:
# passwd oracle
If the oracle
user exists, but its primary group is not oinstall
, or it is not a member of the appropriate OSDBA or OSOPER groups, then modify it as follows:
Specify the primary group using the -g
option and any required secondary group using the -G
option:
# /usr/sbin/usermod -g oinstall -G dba,asmdba[,oper] oracle
Oracle recommends that you set shell limits and system configuration parameters as described in this section.
Note:
The shell limit values in this section are minimum values only. For production database systems, Oracle recommends that you tune these values to optimize the performance of the system. See your operating system documentation for more information on configuring shell limits.The ulimit
settings determine process memory related resource limits. Verify that the shell limits displayed in the following table are set to the values shown:
Shell Limit | Recommended Value |
---|---|
TIME |
-1 (Unlimited) |
FILE |
-1 (Unlimited) |
DATA |
Minimum value: 1048576 |
STACK |
Minimum value: 32768 |
NOFILES |
Minimum value: 4096 |
VMEMORY |
Minimum value: 4194304 |
To display the current value specified for these shell limits enter the following commands:
ulimit -t ulimit -f ulimit -d ulimit -s ulimit -n ulimit -v
During installation, you can generate and run the Fixup script to check and set the kernel parameter values required for successful installation of the database. This script updates required kernel packages if necessary to minimum values.
If you cannot use the Fixup scripts, then verify that the kernel parameters shown in the following table are set to values greater than or equal to the minimum value shown. The procedure following the table describes how to verify and set the values manually.
Note:
The kernel parameter values in this section are minimum values only. For production database systems, Oracle recommends that you tune these values to optimize the performance of the system. Refer to your operating system documentation for more information about tuning kernel parameters.On Oracle Solaris 10, verify that the kernel parameters shown in the following table are set to values greater than or equal to the minimum value shown. The table also contains the resource controls that replace the /etc/system
file for a specific kernel parameter. As Oracle Audit Vault does not set project information when starting processes, some /etc/system
processes that are deprecated but not removed must still be set for Oracle Audit Vault.
Note:
On Oracle Solaris 10, you are not required to make changes to the/etc/system
file to implement the System V IPC. Oracle Solaris 10 uses the resource control facility for its implementation. However, Oracle recommends that you set both resource control and /etc/system/
parameters. Operating system parameters not replaced by resource controls continue to affect performance and security on Oracle Solaris 10 systems. For further information, contact your vendor.Note:
project.max-shm-memory
resource control = single largest segment * number of Oracle database instances started
The project.max-shm-memory
resource control value assumes that no other application is using the shared memory segment from this project other than the Oracle instances. If applications, other than the Oracle instances are using the shared memory segment, then you must add that shared memory usage to the project.max-shm-memory resource control value.
On Oracle Solaris 10, use the following procedure to display the current value specified for resource controls, and to change them if necessary:
To display the current values of the resource control, enter the following commands:
$ id -p // to verify the project id uid=100(oracle) gid=100(dba) projid=1 (group.dba) $ prctl -n project.max-shm-memory -i project group.dba $ prctl -n project.max-sem-ids -i project group.dba
If you must change any of the current values, then:
To modify the value of max-shm-memory to 6 GB:
# prctl -n project.max-shm-memory -v 6gb -r -i project group.dba
To modify the value of max-sem-ids to 256:
# prctl -n project.max-sem-ids -v 256 -r -i project group.dba
Note:
When you use theprctl
command (Resource Control) to change system parameters, you do not need to restart the system for these parameter changes to take effect. However, the changed parameters do not persist after a system restart.Use the following procedure to modify the resource control project settings, so that they persist after a system restart:
By default, Oracle instances are run as the oracle
user of the dba
group. A project with the name group.dba is created to serve as the default project for the oracle user. Run the command id to verify the default project for the oracle user:
# su - oracle $ id -p uid=100(oracle) gid=100(dba) projid=100(group.dba) $ exit
To set the maximum shared memory size to 2 GB, run the projmod command:
# projmod -sK "project.max-shm-memory=(privileged,2G,deny)" group.dba
Alternatively, add the resource control value project.max-shm-memory=(privileged,2147483648,deny) to the last field of the project entries for the Oracle project.
After these steps are complete, check the values for the /etc/project file using the following command:
# cat /etc/project
The output should be similar to the following:
system:0:::: user.root:1:::: noproject:2:::: default:3:::: group.staff:10:::: group.dba:100:Oracle default project:::project.max-shmmemory=(privileged,2147483648,deny)
To verify that the resource control is active, check process ownership, and run the commands id and prctl, as in the following example:
# su - oracle $ id -p uid=100(oracle) gid=100(dba) projid=100(group.dba) $ prctl -n project.max-shm-memory -i process $$ process: 5754: -bash NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT project.max-shm-memory privileged 2.00GB - deny
Note:
The value for the maximum shared memory depends on the SGA requirements and should be set to a value greater than the SGA size.For more information, see the Oracle Solaris Tunable Parameters Reference Manual.
See Also:
"Guidelines for Setting Semaphore Parameters"
You must identify or create the following directories for the Oracle software:
Note:
Ensure that the paths you select for Oracle software, such as the Oracle home path and the Oracle base path, use only ASCII characters. Because installation owner names are used by default for some path, this ASCII character restriction applies to user names, file names, and directory names.
Ensure that all paths used by the database software, such as the Oracle home path and the Oracle base path, use characters only from the following set: "#%&'()*+,-./:;<=>?@_A-Za-z0-9. This includes user names, file names, and directory names. At the time of this release, the use of other characters for an Oracle Grid Infrastructure home or Oracle Audit Vault Server home is not supported. The set of characters provided above is further restricted by user and file naming rules of the operating system.
The Oracle base directory is a top-level directory for Oracle software installations. The Optimal Flexible Architecture (OFA) guidelines recommend that you use a path similar to the following for the Oracle base directory:
/mount_point/app/software_owner
mount_point
is the mount point directory for the file system that will contain the Oracle software.
The examples in this guide use /u01
for the mount point directory. However, you can choose another mount point directory, such as /oracle
or /opt/oracle
.
software_owner
is the operating system user name of the software owner installing the Oracle software, for example oracle
, or grid
.
Note:
If you start a database instance usingspfile
with ORACLE_BASE
environment variable set, then its value is automatically stored in spfile
. If you unset ORACLE_BASE
environment variable subsequently and start the instance afresh, then database uses the value of Oracle base stored in spfile
.You must specify the Oracle base folder that contains all Oracle products.
Note:
If you have an existing Oracle base, then you can select it from the Use existing list. By default, the list contains the existing value for Oracle base preselected. Refer to Section 4.3 and Section 4.5 for further information.If you do not have an Oracle base, then you can create one by editing the text in the list box.
You can use the same Oracle base directory for more than one installation or you can create separate Oracle base directories for different installations. If different operating system users install Oracle software on the same system, then each user must create a separate Oracle base directory. The following are examples of Oracle base directories that can exist on the same system:
/u01/app/oracle /u01/app/orauser
Refer to Section 2.11.2 for information about creating an Oracle base directory.
The Oracle Inventory directory (oraInventory
) stores an inventory of all software installed on the system. It is required and shared by all Oracle software installations on a single system. If you have an existing Oracle Inventory path, then Oracle Universal Installer continues to use that Oracle Inventory.
The first time you install Oracle software on a system, Oracle Universal Installer provides an OFA-compliant path in the format u[01-09]/app
, such as /u01/app
. The user running the installation has permissions to write to that path. If this is true, then Oracle Universal Installer creates the Oracle Inventory directory in the path /u[01-09]/app/oraInventory
. For example:
/u01/app/oraInventory
If you have set ORACLE_BASE
for the oracle
user during installation, then Oracle Universal Installer creates the Oracle Inventory directory in the path ORACLE_BASE/../oraInventory
. For example, if ORACLE_BASE
is set to /opt/oracle/11
, then the Oracle Inventory directory is created in the path /opt/oracle/oraInventory
.
If you have neither created an OFA-compliant path nor set ORACLE_BASE
, then the Oracle Inventory directory is placed in the home directory of the user that is performing the installation. For example:
/home/oracle/oraInventory
Oracle Universal Installer creates the directory that you specify and sets the correct owner, group, and permissions for it. You do not need to create it.
Note:
All Oracle software installations rely on this directory. Ensure that you back it up regularly.
Do not delete this directory unless you have completely removed all Oracle software from the system.
By default, the Oracle Inventory directory is not installed under the Oracle Base directory. This is because all Oracle software installations share a common Oracle Inventory, so there is only one Oracle Inventory for all users. Whereas, there is a separate Oracle Base for each user.
The Oracle home directory is the directory where you choose to install the software for a particular Oracle product. You must install different Oracle products or different releases of the same Oracle product in separate Oracle home directories. When you run Oracle Universal Installer, it prompts you to specify the path to this directory as well as a name that identifies it. The directory that you specify must be a subdirectory of the Oracle base directory. Oracle recommends that you specify a path similar to the following for the Oracle home directory:
oracle_base/product/10.3.0/av_1
Oracle Universal Installer creates the directory path that you specify under the Oracle base directory. It also sets the correct owner, group, and permissions on it. You do not need to create this directory.
Note:
During installation, you must not specify an existing directory that has predefined permissions applied to it as the Oracle home directory. If you do, then you may experience installation failure due to file and group ownership permission errors.Before starting the installation, you must either identify an existing Oracle base directory or if required, create one. This section contains information about the following:
Note:
You can choose to create an Oracle base directory, even if other Oracle base directories exist on the system.Existing Oracle base directories may not have paths that comply with OFA (Optimal Flexible Architecture) guidelines. However, if you identify an existing Oracle Inventory directory or existing Oracle home directories, then you can usually identify the Oracle base directories, as follows:
Identifying an existing Oracle Inventory directory. Refer to Section 2.7.2.1 for more information.
Note:
Oracle recommends that you do not put theoraInventory
directory under Oracle base for a new installation. However, if you have an existing installation, then you should follow the steps suggested in this section.Identifying an existing Oracle home directory
Enter the following command to display the contents of the oratab
file:
# more /var/opt/oracle/oratab
If the oratab
file exists, then it contains lines similar to the following:
*:/u03/app/oracle/product/11.2.0/dbhome_1:N *:/opt/orauser/infra_904:N *:/oracle/9.2.0:N
The directory paths specified on each line identify Oracle home directories. Directory paths that end with the user name of the Oracle software owner that you want to use are valid choices for an Oracle base directory. If you intend to use the oracle
user to install the software, then you can choose one of the following directories listed in the previous example:
/u03/app/oracle /oracle
Note:
If possible, choose a directory path similar to the first one (/u03/app/oracle
). This path complies with the OFA guidelines.Identifying an existing Oracle base directory
After you have located the Oracle home directory, run a similar command to confirm the location of Oracle base:
cat /u01/app/oraInventory/ContentsXML/inventory.xml
Before deciding to use an existing Oracle base directory for this installation, ensure that it satisfies the following conditions:
It should not be on the same file system as the operating system.
The Oracle base directory requires a free disk space of 5 GB for its software files.
To determine the free disk space on the file system where the Oracle base directory is located, enter the following command:
# df -k
This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df
command with the -h
flag (df -h
) to display output in "human-readable" format.
See the following sections for more information:
If an Oracle base directory exists and you want to use it, then refer to Section 2.12.
When you configure the oracle
user's environment later in this chapter, set the ORACLE_BASE
environment variable to specify the directory you chose.
If an Oracle base directory does not exist on the system or if you want to create an Oracle base directory, then refer to the following section.
Before you create an Oracle base directory, you must identify an appropriate file system with sufficient free disk space.
To identify an appropriate file system:
To determine the free disk space on each mounted file system use the following command:
# df -k
This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df
command with the -h
flag (df -h
) to display output in "human-readable" format.
From the display, identify a file system that has appropriate free space.
The file system that you identify can be a local file system, a cluster file system, or an NFS file system on a certified NAS device.
Note the name of the mount point directory for the file system that you identified.
To create the Oracle base directory and specify the correct owner, group, and permissions for it:
Enter commands similar to the following to create the recommended subdirectories in the mount point directory that you identified and set the appropriate owner, group, and permissions on them:
# mkdir -p /mount_point/app/oracle_sw_owner # chown -R oracle:oinstall /mount_point/app/oracle_sw_owner # chmod -R 775 /mount_point/app/oracle_sw_owner
For example:
# mkdir -p /u01/app/oracle # chown -R oracle:oinstall /u01/app/oracle # chmod -R 775 /u01/app/oracle
When you configure the oracle
user's environment (see Section 2.14), set the ORACLE_BASE
environment variable to specify the Oracle base directory that you have created.
Oracle Audit Vault Server files include data files, control files, redo log files, the server parameter file, and the password file. For all installations, you must choose the storage option that you want to use for Oracle Audit Vault Server files. If you want to enable automated backups during the installation, then you must also choose the storage option that you want to use for recovery files (the fast recovery area). You do not have to use the same storage option for each file type.
Note:
Oracle Audit Vault Server files and recovery files are supported on file systems and Oracle ASM.Use the following guidelines when choosing the storage options that you want to use for each file type:
You can choose any combination of the supported storage options for each file type.
Determine if you want to use Oracle ASM for Oracle Audit Vault Server files, recovery files, or both. Refer to the section Section 3.6.2.
For more information about these storage options, refer to the Section 1.7.
For information about how to configure disk storage before you start the installation, refer to one of the following sections depending on your choice:
To use a file system for database or recovery file storage, refer to Section 2.13.
To use Oracle ASM for database or recovery file storage, refer to Section 3.6.
To identify disk groups and determine the free disk space that they contain, refer to Section 4.1.1.
This section contains the following topics:
If you choose to place the Oracle Audit Vault Server files on a file system, then use the following guidelines when deciding where to place them:
The default path suggested by Oracle Universal Installer for the database file directory is a subdirectory of the Oracle base directory.
You can choose either a single file system or more than one file system to store the database files:
If you want to use a single file system, then choose a file system on a physical device that is dedicated to the database.
For best performance and reliability, choose a RAID device or a logical volume on more than one physical device and implement the stripe-and-mirror-everything (SAME) methodology.
If you want to use more than one file system, then choose file systems on separate physical devices that are dedicated to the database.
This method enables you to distribute physical input-output operations and create separate control files on different devices for increased reliability. It also enables you to fully implement the OFA guidelines. You can choose the Advanced database creation option to implement this method.
If you intend to create a preconfigured database during the installation, then the file system (or file systems) that you choose must have at least 2 GB of free disk space.
For production databases, you must estimate the disk space requirement depending on the use that you want to make of the database.
For optimum performance, the file systems that you choose should be on physical devices that are used only by the database.
The oracle
user must have write permissions to create the files in the path that you specify.
Note:
You must perform this procedure only if you want to place the Oracle Audit Vault Server or recovery files on a separate file system to the Oracle base directory.To create directories for the Oracle Audit Vault Server, or recovery files on separate file systems to the Oracle base directory:
Use the following to determine the free disk space on each mounted file system:
# df -k
This command displays disk space in 1 kilobyte blocks. On most systems, you can use the df
command with the -h
flag (df -h
) to display output in "human-readable" format.
From the display, identify the file systems that you want to use:
File Type | File System Requirements |
---|---|
Oracle Audit Vault Server files | Choose either:
|
Recovery files | Choose a file system with at least 3 GB of free disk space |
If you are using the same file system for more than one type of file, then add the disk space requirements for each type to determine the total disk space requirement.
Note the names of the mount point directories for the file systems that you identified.
Enter commands similar to the following to create the recommended subdirectories in each of the mount point directories and set the appropriate owner, group, and permissions on them:
Database file directory:
# mkdir /mount_point/oradata # chown oracle:oinstall /mount_point/oradata # chmod 775 /mount_point/oradata
The default location for Database file directory is $ORACLE_BASE/oradata
.
Recovery file directory (fast recovery area):
# mkdir /mount_point/recovery_area # chown oracle:oinstall /mount_point/recovery_area # chmod 775 /mount_point/recovery_area
The default fast recovery area is $ORACLE_BASE/recovery_area
. However, Oracle recommends that you keep the fast recovery area on a separate physical disk than that of the database file directory. This will enable you to use the fast recovery area to retrieve data if the disk containing oradata
is unusable due to any reasons.
If you also want to use Oracle ASM for storage, then refer to Section 3.6.
You run Oracle Universal Installer from the oracle
account. However, before you start Oracle Universal Installer you must configure the environment of the oracle
user. To configure the environment, you must:
Caution:
Use shell programs supported by your operating system vendor. If you use a shell program that is not supported by your operating system, then you can encounter errors during installation.To set the oracle
user's environment:
Start a new terminal session, for example, an X terminal (xterm
).
Enter the following command to ensure that X Window applications can display on this system:
$ xhost fully_qualified_remote_host_name
For example:
$ xhost somehost.us.example.com
If you are not already logged in to the system where you want to install the software, then log in to that system as the oracle
user.
If you are not logged in as the oracle
user, then switch user to oracle
:
$ su - oracle
To determine the default shell for the oracle
user, enter the following command:
$ echo $SHELL
To run the shell startup script, enter one of the following commands:
Bash shell:
$ . ./.bash_profile
Bourne or Korn shell:
$ . ./.profile
C shell:
% source ./.login
If you are not installing the software on the local computer, then run the following command on the remote machine to set the DISPLAY
variable:
Bourne, Bash or Korn shell:
$ export DISPLAY=local_host:0.0
C shell:
% setenv DISPLAY local_host:0.0
In this example, local_host
is the host name or IP address of the local computer that you want to use to display Oracle Universal Installer.
Run the following command on the remote machine to check if the shell and the DISPLAY environmental variable are set correctly:
echo $SHELL echo $DISPLAY
Now to enable X applications, run the following commands on the local computer:
$ xhost + fully_qualified_remote_host_name
To verify that X applications display is set properly, run a X11 based program that comes with the operating system such as xclock
:
$ xclock
In this example, you can find xclock
at /usr/X11R6/bin/xclock
. If the DISPLAY
variable is set properly, then you can see xclock
on your computer screen. If you receive any display errors, refer to the section "X Window Display Errors" the Troubleshooting chapter in Oracle Database Installation Guide for more information.
See Also:
PC-X Server or operating system vendor documents for further assistanceIf you determined that the /tmp
directory has less than 1 GB of free disk space, then identify a file system with at least 1 GB of free space and set the TMP
and TMPDIR
environment variables to specify a temporary directory on this file system:
To determine the free disk space on each mounted file system use the following command:
# df -h /tmp
If necessary, enter commands similar to the following to create a temporary directory on the file system that you identified, and set the appropriate permissions on the directory:
$ sudo mkdir /mount_point/tmp $ sudo chmod a+wr /mount_point/tmp # exit
Enter commands similar to the following to set the TMP
and TMPDIR
environment variables:
Bourne, Bash, or Korn shell:
$ TMP=/mount_point/tmp $ TMPDIR=/mount_point/tmp $ export TMP TMPDIR
C shell:
% setenv TMP /mount_point/tmp % setenv TMPDIR /mount_point/tmp
Enter commands similar to the following to set the ORACLE_BASE
and ORACLE_SID
environment variables:
Bourne, Bash, or Korn shell:
$ ORACLE_BASE=/u01/app/oracle $ ORACLE_SID=sales $ export ORACLE_BASE ORACLE_SID
C shell:
% setenv ORACLE_BASE /u01/app/oracle % setenv ORACLE_SID sales
In this example, /u01/app/oracle
is the Oracle base directory that you created or identified earlier and sales
is the name that you want to call the database (typically no more than five characters).
Enter the following commands to ensure that the ORACLE_HOME
and TNS_ADMIN
environment variables are not set:
Bourne, Bash, or Korn shell:
$ unset ORACLE_HOME $ unset TNS_ADMIN
C shell:
% unsetenv ORACLE_HOME % unsetenv TNS_ADMIN
Note:
If theORACLE_HOME
environment variable is set, then Oracle Universal Installer uses the value that it specifies as the default path for the Oracle home directory. However, if you set the ORACLE_BASE
environment variable, then Oracle recommends that you unset the ORACLE_HOME
environment variable and choose the default path suggested by Oracle Universal Installer.See Also:
Section 3.1.3 about configuring the user's environmentBefore you begin the Audit Vault Server installation, you should check to see that the DISPLAY
environment variable is set to a proper value. For example, for the Bourne, Bash, or Korn shell, you would enter the following commands, where myhost.us.example.com
is your host name:
$ export DISPLAY = myhost.us.example.com:1.0
For example, for the C shell, you would enter the following command, where myhost.us.example.com
is your host name:
% setenv DISPLAY myhost.us.example.com:1.0
Ensure that the NLS_LANG
environment variable is not set.
For example, for C shell:
unsetenv NLS_LANG
For example, for Bourne, Bash, or Korn shells:
unset NLS_LANG