JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Cluster Data Service for Oracle External Proxy Guide     Oracle Solaris Cluster 4.1
search filter icon
search icon

Document Information

Preface

1.  Installing and Configuring HA for Oracle External Proxy

Overview

Planning the Installation and Configuration

Configuration Requirements

Remote Database User

Secure Remote Database Password

tnsnames.ora File

Remote Oracle Notification Service

Overview of the Installation and Configuration Process for HA for Oracle External Proxy

Installing the HA for Oracle External Proxy Package

How to Install the HA for Oracle External Proxy Package

Registering and Configuring HA for Oracle External Proxy

Setting HA for Oracle External Proxy Extension Properties

Tools for Registering and Configuring HA for Oracle External Proxy

How to Register and Configure HA for Oracle External Proxy

Setting up Dependencies on Oracle External Proxy Resources

How to Verify Data Service Installation and Configuration

Operations By HA for Oracle External Proxy

Actions in Response to Faults

Upgrading the ORCL.oracle_external_proxy Resource Type

Information for Registering the New Resource Type Version

Information for Migrating Existing Instances of the Resource Type

A.  HA for Oracle External Proxy Extension Properties

Index

Planning the Installation and Configuration


Note - The HA for Oracle External Proxy software can be configured to run in a zone cluster.


To register and configure HA for Oracle External Proxy, you must consider or provide information on the following points.

Configuration Requirements

The following sections describe the configuration requirements for Oracle External Proxy.

Remote Database User

On the Oracle Database or the Oracle RAC database, create a user that will be used by the Oracle External Proxy resource.

The following example shows that a user hauser with a password hauser has been created by using the SQL commands. You can choose a different username and password. The username and password that you chose will be used later by the Oracle Solaris Cluster resource.

-bash-3.00$ sqlplus "/as sysdba"

SQL*Plus: Release 11.2.0.2.0 Production on Fri Nov 4 05:23:31 2011

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
Data Mining and Real Application Testing options

SQL> create user hauser identified by hauser;

User created.

SQL> grant create session to hauser;

Grant succeeded.

SQL> grant execute on dbms_lock to hauser;

Grant succeeded.

SQL> grant select on v_$instance to hauser;

Grant succeeded.

SQL> create profile hauser limit PASSWORD_LIFE_TIME UNLIMITED;
 
Profile created.

SQL> alter user hauser identified by hauser profile hauser;

User altered.

SQL>

Secure Remote Database Password

The ORCL.oracle_external_proxy resource type verifies a connection to the remote Oracle database. There is no requirement for any Oracle Client software on the nodes where the ORCL.oracle_external_proxy resource type will execute. You will need to create a secure password to connect to a remote database. Example 1-1 shows how to encrypt the database user password. The example uses hauser as the password. However, this password must correspond to the password you used when creating the database user in Remote Database User.


Note - Create /var/cluster/scoep_key only once on each node. If you intend to create multiple resources of the ORCL.oracle_external_proxy type, use the same key for encryption and decryption. If /var/cluster/scoep_key is recreated after an encrypted password has been created, it will not be possible to decrypt the encrypted password using the newly created /var/cluster/scoep_key. Consequently, the ORCL.oracle_external_proxy resource type will fail to connect to the remote database. Also, the resource will go OFFLINE and you will get the ORA-01017: invalid username/password; logon denied message.

If you have recreated /var/cluster/scoep_key, you will need to recreate the encrypted password again, and then disable and enable the ORCL.oracle_external_proxy resource type for the change to be effective.


Example 1-1 Encrypting the Database User Password

Assuming a root role on all Oracle Solaris Cluster nodes, do the following:

bash-3.00# dd if=/dev/urandom of=/var/cluster/scoep_key bs=8 count=1
1+0 records in
1+0 records out
bash-3.00#
bash-3.00# echo hauser | /usr/sfw/bin/openssl enc -aes128 -e -pass \
file:/var/cluster/scoep_key -out /opt/ORCLscoep/.oep-rs_passwd
bash-3.00#

oep-rs in oep-rs_passwd represents the resource name that you will create later. However, you can choose a different resource name. Now verify that the password can be decrypted.

bash-3.00# /usr/sfw/bin/openssl enc -aes128 -d -pass \
 file:/var/cluster/scoep_key -in /opt/ORCLscoep/.oep-rs_passwd
hauser
bash-3.00# chmod 400 /var/cluster/scoep_key
bash-3.00# chmod 400 /opt/ORCLscoep/.oep-rs_passwd

tnsnames.ora File

A valid tnsnames entry for the Oracle Database or Oracle RAC service is required. If an existing Oracle installation exists, for example if an Oracle Application Tier is installed on the Oracle Solaris Cluster nodes, then it is acceptable to use the tnsnames.ora file in that installation:

${ORACLE_HOME}/network/admin/tnsnames.ora

When registering an Oracle External Proxy resource, you need to specify a tns_admin extension property, unless the default value /var/opt/oracle is acceptable. If so, you can provide either of the following entries:

-p TNS_ADMIN=<${ORACLE_HOME}>/network/admin
-p TNS_ADMIN=your path to tnsnames.ora

If the tns_admin extension property is omitted, the Oracle External Proxy resource defaults to the /var/opt/oracle file. If you are interrogating an Oracle Database , the HOST entry in tnsnames.ora must refer to the SCAN name.

bash-3.00# mkdir /var/opt/oracle
bash-3.00# cat /var/opt/oracle/tnsnames.ora
ORCL =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = dbhost-scan-lh)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = ORCL)
    )
  )
bash-3.00#

The hostname dbhost-scan-lh must be resolvable and within the /etc/inet/hosts file on each node.

bash-3.00# grep dbhost-scan-lh /etc/inet/hosts
10.134.84.58 dbhost-scan-lh.us.oracle.com dbhost-scan-lh
bash-3.00# 

Remote Oracle Notification Service

Running Oracle Notification Service on every database node reduces the time it takes for the ORCL.oracle_external_proxy resource type to connect to the database and to determine the state of the database. To verify that Oracle Notification Service is running on the database nodes, run the following command.

bash-3.00# su - oragrid
Oracle Corporation SunOS 5.11 11.0 November 2011
-bash-3.00$ crsctl stat res ora.ons -t
---------------------------------------------------------
NAME TARGET STATE SERVER STATE_DETAILS Local Resources
---------------------------------------------------------
ora.ons
ONLINE ONLINE dbhost1
ONLINE ONLINE dbhost2
bash-3.00$

If Oracle Notification Service fails or stops running on a database node, the ORCL.oracle_external_proxy resource will still continue to monitor the remote database. However, it will take longer to connect to the database and determine the state of the database.