7 Preparing the Host Operating System

This chapter describes how to set up your operating system on the host, mount file systems and create installation users.

Once the environment is commissioned, you will have a number of compute nodes (physical deployment) or vServers (virtual deployment). In this chapter the vServer or compute node is generically referred to as Host.

Parent topic: Preparing Exalogic for an Enterprise Deployment

7.1 Verifying Minimum Hardware Requirements for Each Host

This topic provides information on the minimum hardware requirements required for each host.

To use a host in an Oracle enterprise deployment, you must verify that it meets the minimum specification described in System Requirements document.

If you are deploying to a virtual host environment, ensure that each of the virtual hosts meets the minimum requirements.

Ensure that you have sufficient local disk and that shared storage is configured as described in Preparing Storage.

Allow sufficient swap and temporary space. Specifically,

  • Swap Space–The system must have at least 512 MB.

  • Temporary Space–There must be a minimum of 2 GB of free space in ‪/tmp.

7.2 Verifying Linux Operating System Requirements

This topic provides information on verifying the Linux operating system requirements.

Before performing an enterprise deployment, ensure that you have installed a certified operating system and that you have applied all the necessary patches for the operating system as described in Oracle Fusion Middleware System Requirements and Specifications.

In addition, review the following sections for information about typical Linux operating system requirements for an enterprise deployment:

7.2.1 Configuring Linux Kernel Parameters

For production systems, Oracle recommends that you tune these values to optimize the performance of the system. See your operating system documentation for more information about tuning kernel parameters.

The kernel parameter and shell limit values shown below are recommended values only.

Kernel parameters must be set to a minimum of those below on all nodes in the topology.

The values in the following table are the current Linux recommendations. For the latest recommendations for Linux and other operating systems, see the Oracle Fusion Middleware System Requirements and Specifications.

Table 7-1 UNIX Kernel Parameters

Parameter Value

kernel.sem

256 32000 100 142

kernel.shmmax

2147483648 or higher

net.ipv4.ip_nonlocal_bind 1

  

Note:

If the host is used to host an OTD instance, and you are going to create a listener bound to a virtual IP Address (Recommended for faster failover), then you need to set the kernel parameter net.ipv4.ip_nonlocal_bind as described above. Add the Kernel parameters (/etc/sysctl.conf file) if they are missing from your configuration.

To set these parameters:

  1. Log in as ‪root and add or amend the entries in the file ‪/etc/sysctl.conf.
  2. Save the file.
  3. Activate the changes by issuing the following command: 
    /sbin/sysctl -p

7.2.2 Verifying the Open File Limit on UNIX Operating Systems

On UNIX operating systems, the open file limit is an important system setting, which can affect the overall performance of the software running on the host.

On all UNIX operating systems, the minimum open file limit should be 4096.

Note:

The following examples are for Linux operating systems. Consult your operating system documentation to determine the commands to be used on your system.

This section contains the following topics:

7.2.2.1 Viewing the Number of Currently Open Files

This topic provides information on viewing the number of currently open files.

You can see how many files are open with the following command:

/usr/sbin/lsof | wc -l

To check your open file limits, use the commands below.

C shell:

limit descriptors

Bash:

ulimit -n

7.2.2.2 Setting the Open File Limit on Linux Operating Systems

This topic provides information on setting the open file limit for Linux operating systems.

To change the open file limit on most Linux operating systems:
  1. Log in as root and edit the following file: 
    /etc/security/limits.conf
  2. Add the following lines to the limits.conf file: 
    * soft  nofile  65536
* hard  nofile  150000
* soft  nproc   2048
* hard  nproc   16384

    Note:

    For information on the most recent suggested values, see the Oracle Fusion Middleware System Requirements and Specifications.

  3. After editing the file, save your changes and reboot the machine.

7.2.2.3 Setting the Open File Limit on Oracle Linux 6

This topic provides information on setting the open file limit on Oracle Linux 6 systems.

To change the open file limit on Oracle Linux 6:
  1. Log in as root and edit the following file: 
    /etc/security/limits.conf
  2. Add the following lines to the limits.conf file: 
    * soft  nofile  65536
* hard  nofile  150000
  3. After editing the limits.conf file, save your changes.
  4. Add the following lines to the /etc/security/limits.d/90–nproc.conf file: 
    * soft  nproc   2048
* hard  nproc   16384

    Note:

    For information on the most recent suggested values, see the Oracle Fusion Middleware System Requirements and Specifications.
  5. After editing the 90–nproc.conf file, save your changes and reboot the machine.

7.2.3 Configuring Local Hosts File

This topic provides information on configuring the local hosts file.

Before you begin the installation of the Oracle software, ensure that your local ‪/etc/hosts file is formatted like this:

IP_Address       Fully_Qualified_Name       Short_Name

For example:

# Host Primary Network Interfaces
192.168.10.5 host1-int.example.com host1-int
10.10.10.5   host1-ext.example.com host1-ext
192.168.32.5 host1-stor.example.com host1-sto
192.168.10.5 host1-data.example.com host1-data

#Host Name associated with the ZFS Storage Appliance
172.17.0.9 zfsinternal.example.com zfsinternal

#Virtual Hosts
10.10.30.3   adminvhn.example.com adminvhn
192.168.30.5 host1vhn1.example.com host1vhn1
192.168.30.6 host2vhn1.example.com host2vhn1

#OTD Failover Groups
192.168.50.1 idstore.example.com idstore
192.168.50.2 edginternal.example.com edginternal
Each host file should contain the entries for non-DNS registered IP addresses that are used in the deployment topology.

7.2.4 Setting Huge Page Allocation

By default, huge pages are enabled in Exalogic compute nodes. It is recommended that the Huge Page allocation be set to 25000.

To verify the existing allocation, run the following command as root:

grep Huge /proc/meminfo

Specify the number of large pages. In the following example 3 GB of a 4 GB system are reserved for large pages (assuming a large page size of 2048k, then 3g = 3 x 1024m = 3072m = 3072 * 1024k = 3145728k, and 3145728k / 2048k = 1536).

To set the Huge Page allocation, run the following command as root in the compute node:

echo 1536  > /proc/sys/vm/nr_hugepages

Note:

To make use of huge pages in a Java vm you need to add the following to the arguments field of the web logic managed server: -XX:+UseLargePages.

7.3 Enabling Unicode Support

Your operating system configuration can influence the behavior of characters supported by Oracle Fusion Middleware products.

On UNIX operating systems, Oracle highly recommends that you enable Unicode support by setting the ‪LANG‬ environment variable to a locale with the UTF-8 character set. For example,

LANG=en_GB.UTF-8

This enables the operating system to process any character in Unicode. Oracle SOA Suite technologies, for example, are based on Unicode.

If the operating system is configured to use a non-UTF-8 encoding, Oracle Fusion Middleware Suite components might function in an unexpected way. For example, a non-ASCII file name might make the file inaccessible and cause an error. Oracle does not support problems caused by operating system constraints.

7.4 Updating DNS Settings

Configure the host to access your corporate DNS hosts.

To do this, update the DNS settings in the‪/etc/resolv.conf file.

7.5 Configuring a Host to use a NTP (time) Server

It is important that all hosts in the deployment have the same time. The best way to achieve this is to use a NTP (Network Time Protocol) server.

To configure a host to use a NTP server, perform the following steps:
  1. Determine the name of the NTP server(s) you want to use.

    Note:

    For security reasons, it is recommended that these servers are inside your organization.

  2. Log into the host as the root user.
  3. Edit the /etc/ntp.conf file to include a list of the time servers.

    After editing the ntp.conf file, the file should look like the following example:

    host ntpserver1.example.com
host ntpserver2.example.com
  4. Run the command to synchronize the system clock with the NTP server: 
    /usr/sbin/ntpdate ntpserver1.example.com
/usr/sbin/ntpdate ntpserver2.example.com
  5. Start the NTP client by using the following command: 
    service ntpd start
  6. Validate that the time is set correctly using the date command.
  7. To ensure that the host always uses the NTP server to synchronize time, set the client to start on reboot by using the following command: 
    chkconfig ntpd on

7.6 Configuring a Host to Use a NIS/YP Host

If you are using NFS version 4 (v4), configure a directory service or a NIS (Network Information Host).

If your organization does not have one already, use the built-in one on the ZFS storage appliance. For more information, see Creating Users and Groups in NIS.

Once you have configured your NIS host, configure each compute node or vserver to use it. If you are using the built-in NIS host on the Exalogic ZFS appliance, perform the following steps:

  1. Determine the name of the NIS host by logging into the storage BUI using the following URL: 
    https://exalogicsn01-priv:215
  2. Click Configuration, Services, and then NIS.
  3. Make a note of one of the listed NIS hosts.
  4. Log into the host as root.
  5. Open the /etc/idmapd.conf configuration file.
  6. In the idmapd.conf file, set the domain value as shown in the following example: 
    Domain = example.com
  7. Restart the rpcidmapd service by running the following command: 
    service rpcidmapd restart
  8. Restart the rpcbind service by running the following command: 
    service rpcbind restart

    Note:

    If the rpcbind service is not started already then start the same with the following command: 
    service rpcbind start
  9. Open the ‪/etc/yp.conf configuration file.
  10. In the yp.conf file, add the following line to set the correct domain value: 
    domain example.com server NIS_Host_hostname_or_IP

    Where ‪example.com is the example domain and NIS_Host_hostname_or_IP is the host name or IP address of the NIS host. You must replace these sample values with values appropriate for your environment.

  11. Set the NIS domain name on the command line: 
    domainname NIS_DOMAIN_NAME

    For example:

    domainname example.com
  12. Open the ‪/etc/nsswitch.conf configuration file, and change the following entries:: 
    passwd:     files nis
shadow:     files nis
group:      files nis
automount:  files nis nisplus
aliases:    files nis nisplus
  13. Restart the rpcidmapd service by running the following command: 
    service rpcidmapd restart
  14. Restart the ‪ypbind service by running the following command: 
    service ypbind restart
  15. Check the ‪yp service by running the following command: 
    ypwhich
  16. Verify if you can access Oracle user accounts: 
    ypcat passwd
  17. Add ‪ypbind to your boot sequence so that it starts automatically after rebooting. 
    chkconfig ypbind on

    Note:

    Check the service rpcbind and rpcidmapd are configured to start at machine boot.

7.7 Network Routing for Multiple Networks

Now that you have added new interfaces to each host, having only one default gateway might not be sufficient. You might want to have one interface for an Internet connection and another for a corporate WAN, for example.

In the example below, the different interfaces are shown, along with example IP addresses and gateway requirements:

Interface IP Address Gateway Requirements

eth0

201.19.23.128 / 24

Gateway IP 201.19.23.1

bond0

192.168.10.1 / 24

No Gateway requirements

bond1

10.10.10.101/ 24

Gateway IP 10.10.10.1

As you can see, eth0 and bond1 must have their own respective default gateways.

Bond0, however, does not have any default gateway requirements. It is simply confined to their actual Layer 3 subnet.

To get around this, create rules and tables for routing lookups, as follows.

  1. Check the existing table IDs by issuing this command: 
    ip rule list
  2. Choose a unique id that has not already been used. In this example, 224 and 225 will be used.
  3. For eth0, create the following two files:

    • The file /etc/sysconfig/network-scripts/rule-eth0, which contains:

      from 201.19.23.128/24 table 224
to 201.19.23.128 table 224

    • The file /etc/sysconfig/network-scripts/route-eth0, which contains:

      201.19.23.0/24 dev eth0 table 224
default via 201.19.23.1 dev eth0 table 224
  4. For bond1, create the following two files:

    • The file /etc/sysconfig/network-scripts/rule-bond1, which contains:

      from 10.10.10.10/24 table 225
to 10.10.10.10 table 225

    • The file /etc/sysconfig/network-scripts/route-bond1, which contains:

      10.10.10.0/24 dev bond1 table 225
default via 10.10.10.1 dev bond1 table 225
  5. Restart the network to make the configuration effective. 
    service network restart
    The hosts are now accessible from both routers.

7.8 Enabling Virtual IP Addresses

The enterprise deployment requires that certain hosts, such as the WebLogic Administration hosts or SOA Managed hosts, use virtual IP addresses.

You must enable the appropriate IP address on each host. Preparing the Network describes the mapping of IP addresses to the hosts.

The following tables list the assignment of virtual IP addresses to network interfaces for the typical enterprise deployment topology. Managed hosts not using a virtual IP address use the default network interface for communications.

When you configure networking, you will by default create a default network interface that will be assigned to the network card. For example, bond1 for the client EoIB network and bond0 for the internal IPoIB network.

If you want to then assign another IP address to the same network card, then an index number is applied. For example, assigning VIP1 and VIP2 to bond0 would result in bond0:1 and bond0:2.

Note:

Refer to the appropriate product-specific Enterprise Deployment Guide for the list of VIP addresses you need to create for your deployment.

This section contains the following topics:

7.8.1 Summary of Exalogic Virtual IP Addresses

This topic provides a summary of Exalogic virtual IP address.

Table 7-2 shows the Virtual IP address mapping for a typical enterprise deployment on Exalogic.

For instructions on defining these virtual IP addresses, see Enabling a Virtual IP Address on a Network Interface.

Table 7-2 Virtual IP Addresses Associated with IPoIB and EoIB Network interfaces

Interface Address Example Netmask Example Used By Virtual Host Name Default Physical Host Default Virtual Host

BOND1:1

10.10.30.1

255.255.224.0

OTD Administration Host

OTDADMINVHN

HOST1

WEBHOST1

BOND1:1

10.10.30.2

255.255.224.0

Administration Host

ADMINVHN

HOST1

HOST1

BOND0:1

192.168.30.1

255.255.240.0

WLS_PRODA1

HOST1VHN1

HOST1

HOST1

BOND0:1

192.168.30.2

255.255.240.0

WLS_PRODA2

HOST2VHN1

HOST2

HOST2

BOND0:2

192.168.30.3

255.255.240.0

WLS_PRODB1

HOST1VHN2

HOST1

HOST1

BOND0:2

192.168.30.4

255.255.240.0

WLS_PRODB2

HOST2VHN2

HOST2

HOST2
 

192.168.50.1

255.255.224.0

OTD Failover group for callbacks

EDGINTERNAL

HOST1

WEBHOST1
 

192.168.50.2

255.255.224.0

OTD Failover group for LDAP

IDSTORE

HOST2

WEBHOST2

Default Physical Host is the compute node that the Virtual Host is assigned to by default. It will only move in the event of host failure.

Default Virtual Host is the virtual host that the Virtual Host is assigned to by default. It will only move in the event of host failure.

In the example above, the Administration host is listening on the External IPoIB network. It could also be on the internal network.

Note:

The virtual IP addresses used here are examples. You should use the IP addresses you reserved in Reserving Virtual IP Addresses.

7.8.2 Enabling a Virtual IP Address on a Network Interface

This topic provides the procedure to enable a virtual IP address on a network interface.

  1. Use the ‪ifconfig command to create the virtual IP address. 
    ifconfig subinterface virtual_ip_address netmask netmask_value

    For example, on HOST1, enter the following:


    ifconfig bond0:1 192.168.30.2 netmask 255.255.240.0
  2. For each virtual IP address you define, update the ARP caches using the following command:
 
    arping -b -A -c 3 -I bond0 192.168.30.2

    This section contains the following topics:

  • Oracle Linux 5
    If you are using Oracle Linux 5, complete the following steps to enable the virtual IP addresses.
  • Oracle Linux 6 and Onwards
    In Oracle Linux 6, the ifconfig command described above has been deprecated and is replaced with the ip command.

7.8.2.1 Oracle Linux 5

If you are using Oracle Linux 5, complete the following steps to enable the virtual IP addresses.

  1. Use the ifconfig command to create the virtual IP address: 
    ifconfig subinterface virtual_ip_address netmask netmask_value
    For example, to enable the IP address 192.168.20.3, net mask 255.255.240 on network card bond0, use the following command:
    ifconfig bond0:1 192.168.20.3 netmask 255.255.240.0

    Note:

    Example in this section is applicable for both physical and virtual Exalogic deployments.
  2. For each virtual IP address you define, update the ARP caches using the following command: 
    arping -b -A -c 3 -I bond0 192.168.20.3
    This command does not return any response.

7.8.2.2 Oracle Linux 6 and Onwards

In Oracle Linux 6, the ifconfig command described above has been deprecated and is replaced with the ip command.

To enable the virtual IP addresses, complete the following steps:
  1. Determine the CIDR notation of the netmask. Each Netmask has a CIDR notation. For example, 255.255.240.0 has a CIDR of 20.
    If the netmask you are adding is the same as the interface, the fastest way to determine this is to examine the existing IP address assigned to the network card. You can do this using the following command: 
    ip addr show dev bond0
    The following is a sample output: 
    2: bond0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:21:f6:03:85:9f brd ff:ff:ff:ff:ff:ff
int 192.168.20.1/20 brd 10.248.11.255 scope global bond0
    In this example, the CIDR value is the value after /, that is, 20. If you are unsure of the CIDR value, contact your network administrator.
  2. Add the IP address 192.168.20.3, net mask 255.255.240 (CIDR20) on network card bond0 using the following command:
    ip addr add 192.168.20.3/20 dev bond0:1
  3. For each of the virtual IP addresses you define, update the ARP caches using the following command: 
    arping -b -A -c 3 -I bond0 192.168.20.3

7.9 Configuring Users and Groups

If you are using NFS 4 then make sure that the users and groups that you enter are in your NIS servers.

Do not create them locally. If you are using NFSv3 then you can create your users locally. Create the following users and groups either locally or in your NIS or LDAP host. This user is the Oracle software owner.

The instructions below are for creating users and groups locally. Refer to your NIS documentation for information about creating these users/groups in your NIS host.

This section contains the following topics:

7.9.1 Creating Users and Groups Locally

This topic provides information on creating users and groups.

Refer to creating groups and creating users in the following sections.

  • Creating Groups
    This topic provides the procedure to create groups on each node.
  • Creating Users
    This topic provides procedure for creating users.

7.9.1.1 Creating Groups

This topic provides the procedure to create groups on each node.

You must create the following groups on each node.

  • oinstall

  • dba

To create the groups, run the following command as root:

groupadd groupname

For example:

groupadd -g 500 oinstall
groupadd -g 501 dba

7.9.1.2 Creating Users

This topic provides procedure for creating users.

You must create the following user on each node.

  • oracle – The owner of the Oracle software. You can use a different name. The primary group for this account must be oinstall.

    The account must also be in the dba group.

Note:

  • The group ‪oinstall must have write privileges to all the file systems on shared and local storage that are used by the Oracle software.

  • Each group must have the same group ID on every node.

  • Each user must have the same user ID on every node.

To create users, run the following command as root:

useradd -g primary_group -G optional_groups -u userid username

For example:

useradd -g oinstall -G dba -u 500 oracle

7.9.2 Creating Users and Groups in NIS

To create an account for an NIS user on the NIS master server.

  • NIS provides maps for password, group, and auto-home.

  • The NIS master server uses NFS to export the users home directories.

WARNING:

NIS authentication is deprecated as it has security issues, including a lack of protection of authentication data.
  1. If the NIS master server does not export the base directory of the users home directories, perform the following steps on the NIS master server:
    1. Create the base directory for user directories, for example /nethome:
      # mkdir /nethome
    2. Add an entry such as the following to /etc/exports:
      /nethome *(rw,sync)

      You might prefer to restrict which clients can mount the file system.

      For example, the following entry allows only clients in the 192.168.1.0/24 subnet to mount /nethome:

      /nethome 192.168.1.0/24(rw,sync)

    3. Use the following command to export the file system:
      # exportfs -i -o ro,sync *:/nethome
    4. If you have configured /var/yp/Makfile to make the auto-home map available to NIS clients, create the following entry in /etc/auto.home:
      * -rw,sync nissvr:/nethome/&

      where nissvr is the host name or IP address of the NIS server.

  2. Create the user account.
    # useradd -b /nethome username

    The command updates the /etc/passwd file and creates a home directory on the NIS server.

  3. Depending on the type of authentication that you have configured:
    • For Kerberos authentication, on the Kerberos server or a client system with kadmin access, use kadmin to create a principal for the user in the Kerberos domain, for example:

      # kadmin -q "addprinc username@KRBDOMAIN"

      The command prompts you to set a password for the user, and adds the principal to the Kerberos database.

    • For NIS authentication, use the password command:

      # passwd username

      The command updates the /etc/shadow file with the hashed password.

  4. Update the NIS maps.
    # make -C /var/yp
    This command makes the NIS maps that are defined for the all target in /var/yp/Makefile. If you have configured NOPUSH=false in /var/yp/Makefile and the names of the slave servers in /var/yp/ypservers, the command also pushes the updated maps to the slave servers.

    Note:

    A Kerberos-authenticated user can use either kpasswd or passwd to change his or her password. An NIS-authenticated user must use the yppasswd command rather than passwd to change his or her password.

7.10 Mounting Shared Storage onto the Host

This topic provides information on mounting shared storage on the host.

As described in Preparing Storage, you must make shared storage available to each host that will use it.

This section contains the following topics:

7.10.1 Shared Storage Overview

This topic provides information on the shared storage.

Mount the shared storage to the hosts according to the following table.

Table 7-3 Mapping the Shares on the Appliance to Mount Points on Each Compute Node

Volume Mounted Mounted on Physical Host Mounted on Virtual Host Mounted Point Exclusive

/export/product_binaries/shared_binaries

HOST1

HOST2

vServers on HOST1

vServers on HOST2

/u01/oracle/products

No

/export/product_binaries/webhost1_local_binaries

HOST1

WEBHOST1

/u01/oracle/products

Yes

/export/product_binaries/webhost2_local_binaries

HOST2

WEBHOST2

/u01/oracle/products

Yes

/export/product_config/shared_config

HOST1

HOST2

vServers on HOST1

vServers on HOST2

/u01/oracle/config

No

/export/runtime/shared_runtime

HOST1

HOST2

vServers on HOST1

vServers on HOST2

/u01/oracle/runtime

No

/export/product_config/host1_local_config

HOST1

vServers on HOST1

/u02/private/oracle/config

Yes

/export/product_config/host2_local_config

HOST2

vServers on HOST2

/u02/private/oracle/config

Yes

Note the following points:

  • Each host must have appropriate privileges set within the NAS or SAN so that it can write to the shared storage.

  • Temporary mounts are only required during provisioning and patching.

  • If WEBHOST1 and WEBHOST2 are in the DMZ, ‪SW_ROOT is not shared between those two hosts.

  • The mount point should be owned by the user and group created in Configuring Users and Groups.

  • Follow the best practices of your organization for mounting shared storage. This section provides an example of how to do this on UNIX or Linux using NFS storage.

  • The user ID used to create a shared storage file system owns and has read, write, and execute privileges for those files. Other users in the operating system group can read and execute the files, but they do not have write privileges. For more information about installation and configuration privileges, see the "Understanding Installation and Configuration Privileges and Users" section in the Oracle Fusion Middleware Installation Planning Guide.

7.10.2 Mounting Shared Storage

You must create and mount shared storage locations so that each application tier host can see the same location for the binary installation.

You use the following command to mount shared storage from the ZFS storage device to a Linux host.

To mount shared storage on a host, use a command similar to the following:

mount -t nfs zfs:volume mountpoint

For example:

mount -t nfs zfsinternal:/export/product_binaries/shared_binaries /u01/oracle/products

Using the ‪mount command mounts the shared storage until the host is rebooted. Once rebooted, the storage must be remounted to the host.

To ensure that storage is made available following a host reboot, place an entry into the file ‪/etc/fstab that looks like the following:

zfsinternal:/export/product_binaries/shared_binaries /u01/oracle/products nfs4 nointr,timeo=300

7.10.3 Validating the Shared Storage Configuration

This topic provides the steps to validate the shared storage.

  1. Ensure that you can read and write files to the newly mounted directories by creating a test file in the shared storage location you just configured.

    For example:

    cd /u01/oracle/products
touch testfile
  2. Verify that the owner and permissions are correct: 
    ls -l testfile
  3. Remove the file: 
    rm testfile