This chapter contains information about how to install Oracle Site Guard in an Enterprise Manager Cloud Control environment.
It contains the following sections:
Oracle Site Guard is included with Enterprise Manager Cloud Control 12c Fusion Middleware Plugin 12.1.0.7.
You can manage an Oracle Site Guard configuration by using either Enterprise Manager Command-Line Interface (EMCLI), or a compatible version of Oracle Enterprise Manager Cloud Control (Cloud Control).
To install Oracle Site Guard, complete the following tasks:
Install Enterprise Manager Cloud Control 12c Fusion Middleware Plugin 12.1.0.7 for your existing Oracle Fusion Middleware enterprise deployment. For information about installing Enterprise Manager Cloud Control 12c Fusion Middleware Plugin 12.1.0.7, see Oracle Enterprise Manager Cloud Control Basic Installation Guide.
Note:
Ensure that you install Oracle Management Agent (Enterprise Manager Agent) on each of the hosts managed by Enterprise Manager, as described in "Installing Oracle Management Agent" in Oracle Enterprise Manager Cloud Control Basic Installation Guide.Install the Enterprise Manager Command-Line Interface (EMCLI), as described in Oracle Enterprise Manager Command Line Interface Guide.
Note:
Oracle recommends that you install EM CLI in the same Oracle home where Oracle Management Service is installed. For example,OMS_HOME/bin/emcli.After installing Oracle Site Guard, you must complete the following pre-requisites before beginning Oracle Site Guard Configuration.
Discovering Targets on the Primary Site and the Standby Site
Granting Credential Privileges to Oracle Site Guard Administrator Users
As the first step towards getting started with Oracle Site Guard, you need to discover all the targets at the primary and standby sites that Oracle Site Guard will protect.
To discover targets at the primary and standby site, complete the steps described in "Discovering and Monitoring Targets" in the Oracle Enterprise Manager Cloud Control Administrator's Guide.
Discover the following target types in Oracle Enterprise Manager:
Oracle Fusion Applications
Oracle Fusion Middleware farm/ WebLogic Domain
Oracle Fusion Middleware managed system components, such as Oracle HTTP Server and Oracle Internet Directory (part of the Oracle Fusion Middleware farm)
Real Application Cluster (RAC) databases
Single-instance database
A site should be up and running for its targets to be discovered. This means that the site would function as the production site. For a two-site deployment, the targets in the primary site should be discovered first, followed by the targets in the standby site. After you discover the targets in the primary site, you must manually perform a switchover operation, so that the standby site takes over the production role, as described in "Performing a Switchover" in Oracle Fusion Middleware Disaster Recovery Guide. Then you must discover the targets in the standby site, as you did for the primary site.
Note:
After discovering the targets for the standby site, you can use Oracle Site Guard to switch back operations to the primary site, so that the primary site takes over the production role, as described in "Performing a Switchover" in Oracle Fusion Middleware Disaster Recovery Guide. You only need to switchover and switchback manually during the configuration process.It is recommended that you create Oracle Site Guard-focused users or administrators for managing disaster-recovery operations. Users who are not Enterprise Manager super users and who do not have EM_SG_ADMINISTRATOR role assigned, cannot access the Oracle Site Guard functionality.
Note the following privilege restrictions for Oracle Site Guard administrators and how it affects Enterprise Manager super users:
Oracle Site Guard administrators can only view, modify and execute operation plans owned by them. An administrator cannot view, modify, or execute operation plans owned by another Oracle Site Guard administrator or super user.
A super user can view, modify and execute operation plans owned by anyone, including all Oracle Site Guard administrators and other super users.
If these restrictions do not work in your deployment, skip the steps for creating Oracle Site Guard Administrator users and use the built-in super user roles to access Oracle Site Guard functionality.
Using one of the following methods, create one or more Oracle Site Guard Administrator users:
Creating a Oracle Site Guard Administrator User Using Enterprise Manager Cloud Control Console
Creating a Oracle Site Guard Administrator User Using Enterprise Manager Command-Line Interface
To create a Oracle Site Guard Administrator user using Enterprise Manager Cloud Control, complete the following steps:
Log in to Enterprise Manager as a super user.
From the Setup menu, select Security, then select Administrators.
On the Administrators page, click Create.
In the Create Administrator wizard, do the following:
On the Properties page:
1. Specify the name SG_ADMIN.
2. Provide a password.
3. Provide a password confirmation.
Without making any changes to the other data fields, click Next.
On the Roles page, select the EM_SG_ADMINISTRATOR role in the Available Roles pane on the left, and click Move to add the role to the Selected Roles pane on the right.
If you discovered targets at the Primary and Standby sites as another user, assign target level privileges to the Oracle Site Guard Administrator user on the Target Privileges page.
1. Assign Full any Target or View any Target privileges in the section Privileges applicable to all Targets.
2. Alternately, assign view or full privileges for every target in the Primary and Standby sites by setting Target Privileges.
On the Review page, review the information you have provided for the user account, and click Finish.
Create a Oracle Site Guard Administrator user by running the following EMCLI commands (located at OMS_HOME/bin/emcli) in the command-line interface:
emcli create_user
-name="SG_ADMIN"
-password=password
-roles="EM_SG_ADMINISTRATOR;EM_USER;PUBLIC"
| Parameter | Description |
|---|---|
-name |
Enter a name for the Oracle Site Guard Administrator user. |
-password |
Enter a password for the Oracle Site Guard Administrator user. |
-roles |
The list of roles assigned to this user.
Enter |
For more information about using the create_user command, see "create_user" in Oracle Enterprise Manager Command Line Interface Guide.
A disaster-recovery site managed by Oracle Site Guard is modeled as a Generic System target type in Enterprise Manager. You can create a generic system to create primary and standby sites. Each generic system that you use, must include all targets, Oracle Fusion Middleware farms and Databases, pertaining to the site that it represents.
You can create a generic system using one of the following methods:
To create a generic system for the primary site, using an Enterprise Manager Cloud Control console, complete the following steps:
Log in to Enterprise Manager as a super user.
From the Targets menu, click Systems.
Click Add and from the drop-down menu, select Generic System.
In the General section, enter the name for your primary system or site.
Select the time zone from the drop-down menu.
In the Member section, click Add.
Choose the targets that will be part of your primary system, and click Select. Following are examples of targets that are usually added:
Oracle Fusion Middleware Farm which includes:
Administration Server
Managed Servers
System components (for example, Oracle HTTP Server)
If you are using Oracle RAC Database then you must associate it with a Cluster Database target. For a single database instance, you must associate it with a Database Instance target.
Note:
Ensure that the following target types are not added to the generic system:Database System
Individual RAC Database instances
Click Next.
The Define Associations page is displayed.
Click Next.
The Availability Criteria page is displayed.
From Availability Criteria, select the Any Of The Key Members option, and double-click a target in the Members pane. The selected member is removed from the Members pane and added in the Key Members pane.
Click Next.
The Charts page is displayed.
Click Next.
The Review page is displayed.
Review your settings, and click Finish.
Create a generic system by running the following emcli commands (located at OMS_HOME/bin/emcli) in the command-line interface:
Note:
For information about setting up a new EMCLI client, see the Enterprise Manager Command-Line Interface Download page within the Cloud Control console. To access the page, in Cloud Control, from the Setup menu, click Command Line Interface.
emcli create_system
-name="name"
-type=generic_system
-add_members="name1:type1;name2:type2;..."]...
-timezone_region="actual_timezone_region"
Note:
To get status and alert information for targets, you can runemcli get_targets command. For more information, see the chapter "Verb Reference" in the Oracle Enterprise Manager Command Line Interface Guide.| Parameter | Description |
|---|---|
-name |
Enter a name for the system. |
-type |
Enter generic_system as the type. |
-add_members |
Add existing targets to the system. Each target is specified as a name-value pair target_name:target_type. You can specify this option more than once. |
-timezone_region |
Specify the time zone region. The time zone you specify here is used for scheduling operations such as jobs and blackouts, on the system. |
See "create_system" in the Oracle Enterprise Manager Command Line Interface Guide.
You can create and delegate named credentials or preferred credentials for the following targets associated with Oracle Site Guard:
Host (for normal or non-root user)
Host (for user with root privileges)
Oracle Node Manager (use Host target credentials for Node Manager)
Oracle Weblogic Server
Oracle Database (SYSDBA)
This section contains the following topics:
Note:
You must associate the credentials that you create with the Oracle Site Guard configuration. Oracle Site Guard supports specifying the same credentials for all targets of the same target type. For example, all databases in a system can have the samesysdba credentials. Oracle Site Guard also allows the targets of same type to have different credentials.
You need not create credentials for the targets running at the standby site if the credentials are the same across all targets on the primary and standby sites.
You can create a named credential using one of the following methods:
Creating Named Credentials Using Enterprise Manager Cloud Control Console
To create a named credentials using Enterprise Manager Cloud Control Console, complete the following steps:
Log in to Enterprise Manager, preferably as an EM_CLOUD_ADMINISTRATOR user.
From the Setup menu, select Security, then select Named Credentials.
The Named Credentials page is displayed.
Click Create.
The Create Credential page is displayed.
In the General Properties section, specify the following:
Credential name: Enter a name for the credential.
Credential description: Enter the credential description.
Authenticating Target Type/ Credential type/ Scope: Enter the details as specified in the following table:
| Element | Host Details | Host (root-User Privileges) Details |
Oracle Node Manager Details | Oracle WebLogic Server | Database Instance |
|---|---|---|---|---|---|
| Authenticating Target Type | Host | Host | Host | Oracle WebLogic Server | Database Instance |
| Credential type | Host Credentials | Host Credentials | Host Credentials | Oracle WebLogic Credentials | Database Credentials |
| Scope | Global | Global | Global | Global | Global |
If these credentials are valid for all targets of the selected Authenticating Target Type, then set Scope to Global.
If these credentials are only valid for a specific target, then set Scope to Target, and set the Target Type and Name fields to match the specific target.
In the Credential Properties section, specify the following:
UserName: Enter the user name.
Password: Enter the password.
Confirm Password: Enter the password again.
Run Privilege: Enter the details as specified in the following table:
| Element | Host | Host (Users with root privileges) |
Oracle WebLogic Server | Database Instance |
|---|---|---|---|---|
| Run Privilege | None | Select Sudo and enter values in the Run As fields | Oracle WebLogic Server Administration user credentials | Oracle Database SYS user credential |
Note:
When the credentials used by Oracle Site Guard are configured to usesudo privileges to run as root, the sudo privilege must be configured as PDP (Privilege Delegation Provider) on all the agents running on the respective hosts of the target.
PDP can be configured from Enterprise Manager Cloud Control console. To configure PDP, go to Setup -> Security -> Privilege Delegation in the Enterprise Manager Cloud Control console.
If you are creating this credential as a user other than the Oracle Site Guard Administrator, you must grant view credential access to the Oracle Site Guard Administrator who will use the credential. You can provide access using the procedure described in Granting Credential Privileges to Oracle Site Guard Administrator Users.
To provide access, complete the following steps in the Access Control section.
Click Add Grant. The Add Grant pop-up window appears.
Select the rows for all the Oracle Site Guard Administrator users you created while creating Oracle Site Guard Administrator users. See Creating Oracle Site Guard Administrator Users.
Click Select.
Verify that the users you selected appear in the list of Grantees in the Access Control table.
Click Test and Save. To test credentials, select the appropriate Test Target Type from the drop-down menu for which you want to test the credentials, and specify Test Target Name.
Creating Named Credentials Using EMCLI Commands
You can create a named credential by running the following EMCLI commands in the command-line interface:
emcli create_named_credential
-cred_name="cred_name"
-auth_target_type="auth_target_type"
-cred_type="cred_type"
-attributes="p1:v1;p2:v2"
| Parameter | Description |
|---|---|
cred_name |
Sets the name for this credential set. |
auth_target_type |
Set the authenticating target type. |
cred_type |
Set the credential type for the target/credential set. |
attributes |
Enter the following credential column values:
colname:colvalue;colname:colvalue You can change the value of the separator using Note: For more information about the values of this parameter, see Oracle Enterprise Manager Command Line Interface Guide. |
You can create a preferred-credential association using one of the following methods:
Creating Preferred Credentials Using Enterprise Manager Cloud Control Console
To create preferred credentials using the Enterprise Manager Cloud Control Console, follow these steps:
Log in to Enterprise Manager as a super user or EM_CLOUD_ADMINISTRATOR.
From the Setup menu, select Security, then select Preferred Credentials.
The Preferred Credentials page is displayed.
Select a target type, and click Manage Preferred Credentials. The target specific Preferred Credentials page is displayed.
Select the credential type from the Default Preferred Credentials table, and click Set. The Select Named Credential pop-up window is displayed.
Select an existing named credential to be the Preferred Credential and click Save.
Select New to create a new named credential to be set as Preferred Credential.
Enter a user name and password for the credential.
Enter a credential name, and select Save As. The credential will be saved with the name that you have provided.
Click Test and Save.
Creating Preferred Credentials Using EMCLI Commands
You can set a named credential as a target preferred credential by running the following emcli commands in the command-line interface:
Note:
Oracle recommends that you to create preferred credentials using theemcli commands.
emcli set_preferred_credential
-set_name="set_name"
-target_name="target_name"
-target_type="type"
-credential_name="name"
[-credential_owner ="owner"]
Note:
[ ] indicates that the parameter is optional.| Parameter | Description |
|---|---|
set_name |
Sets the preferred credential for this credential set. |
target_name |
Sets the path for the software library location. |
target_type |
Target type for the target/credential set. |
credential_name |
Name of the credential. |
credential_owner |
Owner of the credential. This defaults to the currently logged-in user. |
Example:
emcli set_preferred_credential
-set_name="HostCredsNormal"
-target_name="test.example.com"
-target_type="host"
-credential_name="MyHostCredentials"
-credential_owner="Admin"
The named credentials are configured as described in Section 3.2.4.1, "Creating Named Credentials", and are used to access and manage targets for disaster-recovery operations. If you have assigned Oracle Site Guard Administrator users as described in Section 3.2.2, "Creating Oracle Site Guard Administrator Users", you must also assign privileges to use these named credentials.
To grant credential privileges to Oracle Site Guard Administrators, use one of the following methods:
To grant credential privileges using the Enterprise Manager Cloud Control Console, follow these steps:
Log in to Enterprise Manager as a super user or EM_CLOUD_ADMINISTRATOR.
From the Setup menu, select Security, then select Named Credentials.
The Named Credentials page is displayed.
Select the named credential for which privilege is to be granted, and click Manage Access. The Manage Access page for that credential is displayed.
Click Add Grant.
In the pop-up window, select the Oracle Site Guard Administrator user to whom the privilege is to be granted. Then click Select
Click Save to save the privilege granted.
Oracle Software Library (Software Library) is a repository that stores scripts required to execute the operation plan.
For information about configuring a software library, see "Configuring a Software Library" in Oracle Manager Cloud Control Administrator's Guide.
To configure a storage location for the software library, use one of the following methods:
Configuring Software Library Storage Location Using Enterprise Manager Cloud Control Console
Configuring Software Library Storage Location Using Enterprise Manager Command-Line Interface
To configure the storage location for the Oracle Software Library, complete the following steps:
Note:
Configuring Oracle Software Library is a one-time process. Enterprise Manager requires you to configure Oracle Software Library before proceeding with any deployment-procedure related tasks. Perform the steps listed in this section after confirming that Oracle Software Library is not configured.Log in to Enterprise Manager as an EM_CLOUD_ADMINISTRATOR user.
From the Setup menu, select Provisioning and Patching, then select Software Library.
The Software Library: Administration page is displayed.
Select OMS Shared File System from the Storage Type drop-down box.
Click Add.
Specify a name and location that is accessible to all OMS users, and click OK.
Note:
As the storage location for the Software Library must be accessible to all OMS as local directories, in a multi-OMS scenario, you must set up a clustered file system using OCFS2 or NFS. For single OMS systems, any local directory is sufficient.Oracle Enterprise Manager begins execution of a new job to upload Software Library content to the specified location.
Note:
For more information, see "Configuring Software Library" in the Oracle Enterprise Manager Cloud Control Administrator's Guide.You can configure storage location in the software library by running the following EMCLI command in the command-line interface:
emcli add_swlib_storage_location
-name="name_of_software_library"
-path="path_to_the_software_library_location"
| Parameter | Description |
|---|---|
| name | Sets the name for the software library. |
path |
Sets the path to the software library location. |
For example:
emcli add_swlib_storage_location
-name="Softlib"
-path="/u01/em/swlib"
Oracle Site Guard uses Oracle Data Guard to perform database switchovers and failovers. To ensure that Oracle Site Guard can correctly perform database operations as part of disaster recovery workflows, perform the following steps:
Ensure that Flashback Recovery is configured and enabled on both, the primary and the standby databases. If Flashback is not correctly configured, the standby database will have to be reinstated after a failover operation.
Ensure that Oracle Data Guard is functional on the primary and standby databases (either single-instance or RAC).
Ensure that you can perform Oracle Data Guard switchover and failover operations outside Site Guard (for example, using the DGMGRL utility).
Note:
For more information about viewing the summary and status of the Data Guard Broker configuration, see "SHOW CONFIGURATION" in the Oracle Data Guard Broker guide.