Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Cluster Data Service for Oracle External Proxy Guide Oracle Solaris Cluster 4.1 |
1. Installing and Configuring HA for Oracle External Proxy
Overview of the Installation and Configuration Process for HA for Oracle External Proxy
Installing the HA for Oracle External Proxy Package
How to Install the HA for Oracle External Proxy Package
Registering and Configuring HA for Oracle External Proxy
Setting HA for Oracle External Proxy Extension Properties
Tools for Registering and Configuring HA for Oracle External Proxy
How to Register and Configure HA for Oracle External Proxy
Setting up Dependencies on Oracle External Proxy Resources
How to Verify Data Service Installation and Configuration
Operations By HA for Oracle External Proxy
Upgrading the ORCL.oracle_external_proxy Resource Type
Information for Registering the New Resource Type Version
Information for Migrating Existing Instances of the Resource Type
Note - The HA for Oracle External Proxy software can be configured to run in a zone cluster.
To register and configure HA for Oracle External Proxy, you must consider or provide information on the following points.
Decide whether to run HA for Oracle External Proxy as a failover or scalable data service.
Decide which extension properties to set. See the Oracle Solaris Cluster Data Services Planning and Administration Guide for information about the standard properties and Appendix A, HA for Oracle External Proxy Extension Properties for information about the extension properties.
Provide the name of the resource type for HA for Oracle External Proxy. This name is ORCL.oracle_external_proxy.
Provide the names of the cluster nodes that will master the data service.
The following sections describe the configuration requirements for Oracle External Proxy.
On the Oracle Database or the Oracle RAC database, create a user that will be used by the Oracle External Proxy resource.
The following example shows that a user hauser with a password hauser has been created by using the SQL commands. You can choose a different username and password. The username and password that you chose will be used later by the Oracle Solaris Cluster resource.
-bash-3.00$ sqlplus "/as sysdba" SQL*Plus: Release 11.2.0.2.0 Production on Fri Nov 4 05:23:31 2011 Copyright (c) 1982, 2010, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP, Data Mining and Real Application Testing options SQL> create user hauser identified by hauser; User created. SQL> grant create session to hauser; Grant succeeded. SQL> grant execute on dbms_lock to hauser; Grant succeeded. SQL> grant select on v_$instance to hauser; Grant succeeded. SQL> create profile hauser limit PASSWORD_LIFE_TIME UNLIMITED; Profile created. SQL> alter user hauser identified by hauser profile hauser; User altered. SQL>
The ORCL.oracle_external_proxy resource type verifies a connection to the remote Oracle database. There is no requirement for any Oracle Client software on the nodes where the ORCL.oracle_external_proxy resource type will execute. You will need to create a secure password to connect to a remote database. Example 1-1 shows how to encrypt the database user password. The example uses hauser as the password. However, this password must correspond to the password you used when creating the database user in Remote Database User.
Note - Create /var/cluster/scoep_key only once on each node. If you intend to create multiple resources of the ORCL.oracle_external_proxy type, use the same key for encryption and decryption. If /var/cluster/scoep_key is recreated after an encrypted password has been created, it will not be possible to decrypt the encrypted password using the newly created /var/cluster/scoep_key. Consequently, the ORCL.oracle_external_proxy resource type will fail to connect to the remote database. Also, the resource will go OFFLINE and you will get the ORA-01017: invalid username/password; logon denied message.
If you have recreated /var/cluster/scoep_key, you will need to recreate the encrypted password again, and then disable and enable the ORCL.oracle_external_proxy resource type for the change to be effective.
Example 1-1 Encrypting the Database User Password
Assuming a root role on all Oracle Solaris Cluster nodes, do the following:
bash-3.00# dd if=/dev/urandom of=/var/cluster/scoep_key bs=8 count=1 1+0 records in 1+0 records out bash-3.00# bash-3.00# echo hauser | /usr/sfw/bin/openssl enc -aes128 -e -pass \ file:/var/cluster/scoep_key -out /opt/ORCLscoep/.oep-rs_passwd bash-3.00#
oep-rs in oep-rs_passwd represents the resource name that you will create later. However, you can choose a different resource name. Now verify that the password can be decrypted.
bash-3.00# /usr/sfw/bin/openssl enc -aes128 -d -pass \ file:/var/cluster/scoep_key -in /opt/ORCLscoep/.oep-rs_passwd hauser bash-3.00# chmod 400 /var/cluster/scoep_key bash-3.00# chmod 400 /opt/ORCLscoep/.oep-rs_passwd
A valid tnsnames entry for the Oracle Database or Oracle RAC service is required. If an existing Oracle installation exists, for example if an Oracle Application Tier is installed on the Oracle Solaris Cluster nodes, then it is acceptable to use the tnsnames.ora file in that installation:
${ORACLE_HOME}/network/admin/tnsnames.ora
When registering an Oracle External Proxy resource, you need to specify a tns_admin extension property, unless the default value /var/opt/oracle is acceptable. If so, you can provide either of the following entries:
-p TNS_ADMIN=<${ORACLE_HOME}>/network/admin -p TNS_ADMIN=your path to tnsnames.ora
If the tns_admin extension property is omitted, the Oracle External Proxy resource defaults to the /var/opt/oracle file. If you are interrogating an Oracle Database , the HOST entry in tnsnames.ora must refer to the SCAN name.
bash-3.00# mkdir /var/opt/oracle bash-3.00# cat /var/opt/oracle/tnsnames.ora ORCL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = dbhost-scan-lh)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = ORCL) ) ) bash-3.00#
The hostname dbhost-scan-lh must be resolvable and within the /etc/inet/hosts file on each node.
bash-3.00# grep dbhost-scan-lh /etc/inet/hosts 10.134.84.58 dbhost-scan-lh.us.oracle.com dbhost-scan-lh bash-3.00#
Running Oracle Notification Service on every database node reduces the time it takes for the ORCL.oracle_external_proxy resource type to connect to the database and to determine the state of the database. To verify that Oracle Notification Service is running on the database nodes, run the following command.
bash-3.00# su - oragrid Oracle Corporation SunOS 5.11 11.0 November 2011 -bash-3.00$ crsctl stat res ora.ons -t --------------------------------------------------------- NAME TARGET STATE SERVER STATE_DETAILS Local Resources --------------------------------------------------------- ora.ons ONLINE ONLINE dbhost1 ONLINE ONLINE dbhost2 bash-3.00$
If Oracle Notification Service fails or stops running on a database node, the ORCL.oracle_external_proxy resource will still continue to monitor the remote database. However, it will take longer to connect to the database and determine the state of the database.