This chapter describes how to install Oracle Site Guard and how to prepare it for operation in an Enterprise Manager Cloud Control environment.
This chapter includes the following sections:
Oracle Site Guard is included with Enterprise Manager Cloud Control 13cR1 Fusion Middleware Plugin 13.1.1.0.0.
You can manage an Oracle Site Guard configuration with Enterprise Manager Command-Line Interface (EMCLI), or with a compatible version of Oracle Enterprise Manager Cloud Control (Cloud Control).
To install Oracle Site Guard:
Install Enterprise Manager Cloud Control 13cR1 Fusion Middleware Plugin 13.1.1.0.0 for your Oracle Fusion Middleware enterprise deployment. For information about installing Enterprise Manager Cloud Control 13cR1 Fusion Middleware Plugin 13.1.1.0.0, see Oracle Enterprise Manager Cloud Control Basic Installation Guide.
Note:
Ensure that you install Oracle Management Agent (Enterprise Manager Agent) on each of the hosts managed by Enterprise Manager, as described in "Installing Oracle Management Agent" in Oracle Enterprise Manager Cloud Control Basic Installation Guide.Install EMCLI, as described in Oracle Enterprise Manager Command Line Interface Guide.
Note:
Oracle recommends that you install EM CLI in the same Oracle home where Oracle Management Service is installed. For example,OMS_HOME/bin/emcli
.After installing Oracle Site Guard, complete the following pre-requisite tasks before beginning Oracle Site Guard Configuration:
Discovering Targets on the Primary Site and the Standby Site
Granting Credential Privileges to Oracle Site Guard Administrator Users
As the first step towards getting started with Oracle Site Guard, you need to discover all the targets at the primary and standby sites that Oracle Site Guard will protect.
To discover targets at the primary and standby site, complete the steps described in "Discovering and Monitoring Targets" in the Oracle Enterprise Manager Cloud Control Administrator's Guide.
Discover the following target types in Oracle Enterprise Manager:
Oracle Fusion Applications
Oracle Fusion Middleware farm/ WebLogic Domain
Oracle Fusion Middleware managed system components, such as Oracle HTTP Server and Oracle Internet Directory (part of the Oracle Fusion Middleware farm)
Real Application Cluster (RAC) databases
Single-instance database
A site should be up and running for its targets to be discovered. This means that the site would function as the production site. For a two-site deployment, the targets in the primary site should be discovered first, followed by the targets in the standby site. After you discover the targets in the primary site, you must manually perform a switchover operation, so that the standby site takes over the production role, as described in "Performing a Switchover" in Oracle Fusion Middleware Disaster Recovery Guide. Then you must discover the targets in the standby site, as you did for the primary site.
Note:
After discovering the targets for the standby site, you can use Oracle Site Guard to switch back operations to the primary site, so that the primary site takes over the production role, as described in "Performing a Switchover" in Oracle Fusion Middleware Disaster Recovery Guide. You only need to switchover and switchback manually during the configuration process.It is recommended that you create Oracle Site Guard-focused users or administrators for managing disaster-recovery operations. Users who are not Enterprise Manager super users and who do not have EM_SG_ADMINISTRATOR
role assigned, cannot access the Oracle Site Guard functionality.
Note the following privilege restrictions for Oracle Site Guard administrators and how it affects Enterprise Manager super users:
Oracle Site Guard administrators can only view, modify and execute operation plans owned by them. An administrator cannot view, modify, or execute operation plans owned by another Oracle Site Guard administrator or super user.
A super user can view, modify and execute operation plans owned by anyone, including all Oracle Site Guard administrators and other super users.
If these restrictions do not work in your deployment, skip the steps for creating Oracle Site Guard Administrator users and use the built-in super user roles to access Oracle Site Guard functionality.
To create one or more Oracle Site Guard Administrator users, use one of the following methods:
Creating an Oracle Site Guard Administrator User with Enterprise Manager Cloud Control Console
Creating an Oracle Site Guard Administrator User with Enterprise Manager Command-Line Interface
To create an Oracle Site Guard Administrator user with Enterprise Manager Cloud Control, complete the following steps:
Log in to Enterprise Manager as a super user.
From the Setup menu, select Security, then select Administrators.
On the Administrators page, click Create.
In the Create Administrator wizard, do the following:
On the Properties page:
1. Specify the name SG_ADMIN
.
2. Provide a password.
3. Provide a password confirmation.
Make changes to any other fields as appropriate, and then click Next.
On the Roles page, select the EM_SG_ADMINISTRATOR
role in the Available Roles pane on the left, and click Move to add the role to the Selected Roles pane on the right.
If you discovered targets at the Primary and Standby sites as another user, assign target level privileges to the Oracle Site Guard Administrator user on the Target Privileges page.
1. Assign Full any Target or View any Target privileges in the section Privileges applicable to all Targets.
2. Alternately, assign view or full privileges for every target in the Primary and Standby sites by setting Target Privileges.
On the Review page, review the information you have provided for the user account, and click Finish.
Create an Oracle Site Guard Administrator user by running the following EMCLI commands (located at OMS_HOME/bin/emcli
) in the command-line interface:
emcli create_user
-name="SG_ADMIN"
-password=password
-roles="EM_SG_ADMINISTRATOR;EM_USER;PUBLIC"
Parameter | Description |
---|---|
-name |
Enter a name for the Oracle Site Guard Administrator user. |
-password |
Enter a password for the Oracle Site Guard Administrator user. |
-roles |
The list of roles assigned to this user.
Enter |
For more information about the create_user
command, see "create_user" in Oracle Enterprise Manager Command Line Interface Guide.
A disaster-recovery site managed by Oracle Site Guard is modeled as a Generic System target type in Enterprise Manager. You can create a generic system to create primary and standby sites. Each generic system that you use, must include all targets, Oracle Fusion Middleware farms and Databases, pertaining to the site that it represents.
To create a generic system, use one of the following methods:
To create a generic system for the primary site with Enterprise Manager Cloud Control Console, complete the following steps:
Log in to Enterprise Manager as a super user.
From the Targets menu, click Systems.
Click Add and from the drop-down menu, select Generic System.
In the General section, enter the name for your primary system or site.
Select the time zone from the drop-down menu.
In the Member section, click Add.
Choose the targets that will be part of your primary system, and click Select. Following are examples of targets that are usually added:
Oracle Fusion Middleware Farm which includes:
Administration Server
Managed Servers
System components (for example, Oracle HTTP Server)
If you are using Oracle RAC Database then you must associate it with a Cluster Database target. For a single database instance, you must associate it with a Database Instance target.
Note:
Ensure that the following target types are not added to the generic system:Database System
Individual RAC Database instances
Click Next.
The Define Associations page is displayed.
Click Next.
The Availability Criteria page is displayed.
From Availability Criteria, select the Any Of The Key Members option, and double-click a target in the Members pane. The selected member is removed from the Members pane and added in the Key Members pane.
Click Next.
The Charts page is displayed.
Click Next.
The Review page is displayed.
Review your settings, and click Finish.
Create a generic system by running the following emcli
commands (located at OMS_HOME
/bin/emcli
) in the command-line interface:
Note:
For information about setting up a new EMCLI client, see the Enterprise Manager Command-Line Interface Download page within the Cloud Control console. To access the page, in Cloud Control, from the Setup menu, click Command Line Interface.emcli create_system -name="name" -type=generic_system -add_members="name1:type1;name2:type2;..."]... -timezone_region="actual_timezone_region"
Note:
To get status and alert information for targets, you can runemcli get_targets
command. For more information, see the chapter "Verb Reference" in the Oracle Enterprise Manager Command Line Interface Guide.Parameter | Description |
---|---|
-name |
Enter a name for the system. |
-type |
Enter generic_system as the type. |
-add_members |
Add existing targets to the system. Each target is specified as a name-value pair target_name:target_type . You can specify this option more than once. |
-timezone_region |
Specify the time zone region. The time zone you specify here is used for scheduling operations such as jobs and blackouts, on the system. |
See "create_system" in the Oracle Enterprise Manager Command Line Interface Guide.
You can create and delegate named credentials or preferred credentials for the following targets associated with Oracle Site Guard:
Host (for normal or non-root user)
Host (for user with root privileges)
Oracle Node Manager (use Oracle Weblogic Domain as the Target Type and Node Manager as the Credential Type)
Oracle Weblogic Server
Oracle Database (SYSDBA)
This section contains the following topics:
Note:
You must associate the credentials that you create with the Oracle Site Guard configuration. Oracle Site Guard supports specifying the same credentials for all targets of the same target type. For example, all databases in a system can have the samesysdba
credentials. Oracle Site Guard also allows the targets of same type to have different credentials.
You need not create credentials for the targets running at the standby site if the credentials are the same across all targets on the primary and standby sites.
To create a named credential, use one of the following methods:
Creating Named Credentials with Enterprise Manager Cloud Control Console
To create named credentials with Enterprise Manager Cloud Control Console:
Log in to Enterprise Manager, preferably as an EM_CLOUD_ADMINISTRATOR
user.
From the Setup menu, select Security, then select Named Credentials.
The Named Credentials page is displayed.
Click Create.
The Create Credential page is displayed.
In the General Properties section, specify the following:
Credential name: Enter a name for the credential.
Credential description: Enter the credential description.
Authenticating Target Type/ Credential type/ Scope: Enter the details as specified in the following table:
Element | Host | Host (root -User Privileges) |
Oracle Node Manager | Oracle WebLogic Server | Database Instance |
---|---|---|---|---|---|
Authenticating Target Type | Host | Host | Oracle Weblogic Domain | Oracle WebLogic Server | Database Instance |
Credential type | Host Credentials | Host Credentials | Node Manager Credentials | Oracle WebLogic Credentials | Database Credentials |
Scope | Global | Global | Global | Global | Global |
If these credentials are valid for all targets of the selected Authenticating Target Type, then set Scope to Global.
If these credentials are only valid for a specific target, then set Scope to Target, and set the Target Type and Name fields to match the specific target.
In the Credential Properties section, specify the following:
UserName: Enter the user name.
Password: Enter the password.
Confirm Password: Enter the password again.
Run Privilege: Enter the details as specified in the following table:
Element | Host | Host (Users with root privileges) |
Oracle WebLogic Server | Database Instance |
---|---|---|---|---|
Run Privilege | None | Select Sudo and enter values in the Run As fields | Oracle WebLogic Server Administration user credentials | Oracle Database SYS user credential |
Note:
When the credentials used by Oracle Site Guard are configured to usesudo
privileges to run as root
, the sudo
privilege must be configured as PDP (Privilege Delegation Provider) on all the agents running on the respective hosts of the target.
PDP can be configured from Enterprise Manager Cloud Control console. To configure PDP, go to Setup -> Security -> Privilege Delegation in the Enterprise Manager Cloud Control console.
If you are creating this credential as a user other than the Oracle Site Guard Administrator, you must grant view credential access to the Oracle Site Guard Administrator who will use the credential. To provide access, use the procedure in Granting Credential Privileges to Oracle Site Guard Administrator Users.
To provide access, complete the following steps in the Access Control section.
Click Add Grant. The Add Grant pop-up window appears.
Select the rows for all the Oracle Site Guard Administrator users you created while creating Oracle Site Guard Administrator users. See Creating Oracle Site Guard Administrator Users.
Click Select.
Verify that the users you selected appear in the list of Grantees in the Access Control table.
Click Test and Save. To test credentials, select the appropriate Test Target Type from the drop-down menu for which you want to test the credentials, and specify Test Target Name.
Creating Named Credentials with EMCLI Commands
You can create a named credential by running the following EMCLI commands in the command-line interface:
emcli create_named_credential -cred_name="cred_name" -auth_target_type="auth_target_type" -cred_type="cred_type" -attributes="p1:v1;p2:v2"
Parameter | Description |
---|---|
cred_name |
Sets the name for this credential set. |
auth_target_type |
Set the authenticating target type. |
cred_type |
Set the credential type for the target/credential set. |
attributes |
Enter the following credential column values:
colname:colvalue;colname:colvalue To change the value of the separator, use Note: For more information about the values of this parameter, see Oracle Enterprise Manager Command Line Interface Guide. |
To create a preferred-credential association, use one of the following methods:
Creating Preferred Credentials with Enterprise Manager Cloud Control Console
To create preferred credentials with the Enterprise Manager Cloud Control Console:
Log in to Enterprise Manager as a super user or EM_CLOUD_ADMINISTRATOR
.
From the Setup menu, select Security, then select Preferred Credentials.
The Preferred Credentials page is displayed.
Select a target type, and click Manage Preferred Credentials. The target specific Preferred Credentials page is displayed.
Select the credential type from the Default Preferred Credentials table, and click Set. The Select Named Credential pop-up window is displayed.
Select an existing named credential to be the Preferred Credential and click Save.
Select New to create a new named credential to be set as Preferred Credential.
Enter a user name and password for the credential.
Enter a credential name, and select Save As. The credential will be saved with the name that you have provided.
Click Test and Save.
Creating Preferred Credentials with EMCLI Commands
To set a named credential as a target preferred credential, run the following emcli
commands in the command-line interface:
Note:
Oracle recommends that you to create preferred credentials with theemcli
commands.emcli set_preferred_credential -set_name="set_name" -target_name="target_name" -target_type="type" -credential_name="name" [-credential_owner ="owner"]
Note:
[ ]
indicates that the parameter is optional.Parameter | Description |
---|---|
set_name |
Sets the preferred credential for this credential set. |
target_name |
Sets the path for the software library location. |
target_type |
Target type for the target/credential set. |
credential_name |
Name of the credential. |
credential_owner |
Owner of the credential. This defaults to the currently logged-in user. |
Example:
emcli set_preferred_credential -set_name="HostCredsNormal" -target_name="test.example.com" -target_type="host" -credential_name="MyHostCredentials" -credential_owner="Admin"
The named credentials configured as described in Section 3.2.4.1, "Creating Named Credentials", are used to access and manage targets for disaster-recovery operations. If you have assigned Oracle Site Guard Administrator users as described in Section 3.2.2, "Creating Oracle Site Guard Administrator Users", you must also assign privileges to use these named credentials.
To grant credential privileges to Oracle Site Guard Administrators, see Granting Credential Privileges with Enterprise Manager Cloud Control Console.
To grant credential privileges with Enterprise Manager Cloud Control Console:
Log in to Enterprise Manager as a super user or EM_CLOUD_ADMINISTRATOR
.
From the Setup menu, select Security, then select Named Credentials.
The Named Credentials page is displayed.
Select the named credential for which privilege is to be granted, and click Manage Access. The Manage Access page for that credential is displayed.
Click Add Grant.
In the pop-up window, select the Oracle Site Guard Administrator user to whom the privilege is to be granted. Then click Select
Click Save to save the privilege granted.
The Oracle Enterprise Manager Software Library (Software Library) is a repository that stores scripts and artifacts used by Enterprise Manager and its plug-ins. This includes storing the scripts required to execute Site Guard operation plans. The storage location for the Software Library needs to be configured only once when you initially install and set up Oracle Enterprise Manager.
For information about the Software Library and how to determine whether a storage location for the Software Library is already configured, see section "Configuring a Software Library" in Oracle Enterprise Manager Cloud Control Administrator's Guide.
If you determine that a storage location is not configured, configure it using one of the following methods:
Configuring Software Library Storage Location with Enterprise Manager Cloud Control Console
Configuring Software Library Storage Location with Enterprise Manager Command-Line Interface
To configure the storage location for the Oracle Software Library:
Note:
Configuring Oracle Software Library is a one-time process. Enterprise Manager requires you to configure Oracle Software Library before proceeding with any deployment-procedure related tasks. Perform the steps listed in this section after confirming that Oracle Software Library is not already configured.Log in to Enterprise Manager as an EM_CLOUD_ADMINISTRATOR
user.
From the Setup menu, select Provisioning and Patching, then select Software Library.
The Software Library: Administration page is displayed.
Select OMS Shared File System from the Storage Type drop-down box.
Click Add.
Specify a name and location that is accessible to all OMS users, and click OK.
Note:
As the storage location for the Software Library must be accessible to all OMS as local directories, in a multi-OMS scenario, you must set up a clustered file system using OCFS2 or NFS. For single OMS systems, any local directory is sufficient.Oracle Enterprise Manager begins execution of a new job to upload Software Library content to the specified location.
Note:
For more information, see "Configuring Software Library" in the Oracle Enterprise Manager Cloud Control Administrator's Guide.To configure storage location in the software library with EMCLI, run the following command in the command-line interface:
emcli add_swlib_storage_location
-name="name_of_software_library"
-path="path_to_the_software_library_location"
Parameter | Description |
---|---|
name |
Sets the name for the software library. |
path |
Sets the path to the software library location. |
For example:
emcli add_swlib_storage_location -name="Softlib" -path="/u01/em/swlib"
Oracle Site Guard uses Oracle Data Guard to perform database switchover and failover. To ensure that Oracle Site Guard can correctly perform database operations as part of disaster recovery workflows, perform the following steps:
Ensure that Flashback Recovery is configured and enabled on both, the primary and the standby databases. If Flashback is not correctly configured, the standby database will have to be recreated after a failover operation. Whereas if Flashback is correctly configured the standby database can be easily reinstated after a failover operation with Data Guard Broker. Flashback need to be enabled only for failover operations and it is not required for switchovers.
Verify the status and its configuration by ensuring that Oracle Data Guard is functional on the primary and standby databases (either single-instance or RAC).
Ensure that you can perform Oracle Data Guard switchover and failover operations outside Site Guard (for example, with the DGMGRL
utility).
Note:
For more information about viewing the summary and status of the Data Guard Broker configuration, see "SHOW CONFIGURATION" in the Oracle Data Guard Broker guide.