16 Extending Storage

If Oracle AVDF requires more space than was originally allocated, you can extend the storage for the file system and for the collected data.

16.1 Extending File System Storage

If Oracle AVDF requires more space than was originally allocated, you can extend the storage for the file system.

16.1.1 About Extending Storage

You can allocate space in the volume group to extend the storage for a file system. You can add physical storage to extend the storage for the volume group.

You have the following options for extending storage:

  • If an Oracle AVDF folder runs out of space, you can allocate more space to the logical volume that holds the file system.

    Oracle AVDF reserves a small amount of space in the volume group so that you can allocate it to any file system that needs more space. The space requirements depend on the workload, so you can evaluate needs and allocate the extra space when and where it's needed.

  • If the volume group itself needs more space, you can add more physical storage, like adding an solid state drive (SSD) or allocating space from a storage area network (SAN) repository.

16.1.2 Increasing the Logical Volume Capacity for a File System

If an Oracle AVDF file system runs out of space, you can allocate more space to the logical volume that holds the file system.

Use the lvextend command to increase the logical volume capacity. The vg_root volume group normally has unallocated space for this purpose.

  1. Log in to the appliance through SSH and switch to the root user.

    See Logging In to Oracle AVDF Appliances Through SSH.

  2. Run vgs to check the volume group free space. For example:

    /usr/sbin/vgs  
    VG      #PV #LV #SN   Attr   VSize  VFree  
    vg_root   1  13   0 wz--n- 149.84G 10.72G

    For more detailed volume group information, run vgdisplay.

  3. Increase the logical volume capacity.

    For example, the following command adds 2 GB to the /tmp folder from the VG_ROOT volume group:

    /usr/sbin/lvextend -r -L+2G /dev/mapper/vg_root-lv_tmp

16.1.3 Adding a Disk to a Volume Group

If the vg_root volume group needs more space for patching, upgrading, or another purpose, you can add a disk and extend the volume group to the new disk.

Caution:

Each additional physical device that is added to the volume group adds an additional single point of failure, unless the physical devices are hosted on the same back-end storage such as on a SAN or virtual environment. This document does not cover how to make the volume group resilient. To find more information about how to make the volume group resilient through RAID, see Configure RAID Logical Volumes on Oracle Linux
  1. Log in to the appliance through SSH and switch to the root user.

    See Logging In to Oracle AVDF Appliances Through SSH.

  2. Run vgs to check the volume group free space. For example:

    /usr/sbin/vgs  
    VG      #PV #LV #SN   Attr   VSize  VFree  
    vg_root   1  13   0 wz--n- 149.84G 10.72G
  3. Run lsblk to view a list of all the available hard disks. For example:

    lsblk
    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
    sda 8:0 0 256G 0 disk
            sda1 8:1 0 200M 0 part
            sda2 8:2 0 1G 0 part
            sda3 8:3 0 160.2G 0 part
                    vg_root-lv_ol8root 252:0 0 6.6G 0 lvm /
                    vg_root-lv_swap 252:1 0 15.3G 0 lvm [SWAP]
                    vg_root-lv_images 252:2 0 488M 0 lvm
                    vg_root-lv_var_dbfw 252:3 0 2.9G 0 lvm /var/dbfw
                    vg_root-lv_oracle 252:4 0 58.6G 0 lvm /var/lib/oracle
                    vg_root-lv_tmp 252:5 0 1.9G 0 lvm /tmp
                    vg_root-lv_var_log 252:6 0 5.7G 0 lvm /var/log
                    vg_root-lv_home 252:7 0 976M 0 lvm /home
                    vg_root-lv_opt 252:8 0 976M 0 lvm /opt
                    vg_root-lv_var_tmp 252:9 0 5.7G 0 lvm /var/tmp
                    vg_root-lv_local_dbfw_tmp 252:10 0 6.6G 0 lvm /usr/local/dbfw/tmp
                    vg_root-lv_local_dbfw 252:11 0 976M 0 lvm /usr/local/dbfw
            sda4 8:4 0 31.6G 0 part
            sda5 8:5 0 31.6G 0 part
            sda6 8:6 0 31.6G 0 part
    sdb 8:16 0 2T 0 disk
    sr0 11:0 1 1024M 0 rom
    sr1 11:1 1 1024M 0 rom
  4. From the list, locate a disk with no partitions defined and with the same size that you need.

  5. Use the parted command to create the partition.

    1. Run parted /<path of the disk> using the path of the disk that you identified in step 4. For example:

      /sbin/parted /dev/sdb
      
      GNU Parted 3.2
      Using /dev/sdb
      Welcome to GNU Parted! Type 'help' to view a list of commands.
      (parted)
    2. Run mklabel gpt to set the disk label to GPT. For example:

      (parted) mklabel gpt
      (parted) print
      
      Model: XXX VBOX HARDDISK (scsi)
      Disk /dev/sdb: 2199GB
      Sector size (logical/physical): 512B/512B
      Partition Table: gpt
      
      Number Start End Size File system Name Flags
      
      (parted)
    3. Run the mkpart primary ext3 command to create the partition.

      When prompted, enter 0GB as the start point and specify another size of the first partition as the end point.

      For example, to create three partitions and to use 314GB as the end of partition 1, use the following command:

      
      (parted) mkpart primary ext3
      Start? 0GB
      End? -1
      (parted)
      
    4. Set the partition type to LVM.

      In this example, the partition number is 1, and you can use the print command to verify the change.

      (parted) set 1 lvm on
      (parted) print
      Model: XXX VBOX HARDDISK (scsi)
      Disk /dev/sdb: 2199GB
      Sector size (logical/physical): 512B/512B
      Partition Table: gpt
      Number Start    End   Size File system Name Flags
      1     1049kB 2199GB 2199GB ext3 primary lvm
      (parted)
    5. Run quit to exit parted. The changes are automatically saved.
  6. Run pvcreate to create the physical volume using the added disk. For example:

    /usr/sbin/pvcreate /dev/sdb1
    Writing physical volume data to disk "/dev/sdb1"
    Physical volume "/dev/sdb1" successfully created
  7. Verify the creation with pvdisplay.

    You should now have two physical volumes: vg_root and the one you just created. For example:

    /usr/sbin/pvdisplay  
    --- Physical volume ---  
    PV Name               /dev/sda3  
    VG Name               vg_root  
    PV Size                <160.16 GiB / not usable 4.00 MiB  
    Allocatable           yes  
    PE Size        4.00 MiB  
    Total PE              40999  
    Free PE               13724  
    Allocated PE          27275  
    PV UUID               4Fup6c-ruea-0B20-s9Sn-66on-4sVf-fDON2D
    
    "/dev/sdb1" is a new physical volume of "<2.00 TiB"  
    --- NEW Physical volume ---  
    PV Name               /dev/sdb1  
    VG Name  
    PV Size               <2.00 TiB  
    Allocatable           NO  
    PE Size (KByte)       0  
    Total PE              0  
    Free PE               0  
    Allocated PE          0  
    PV UUID               uDgKdm-LawO-4cXB-Bjog-pZ48-gNHD-fQE1IE
  8. Run vgextend to extend the vg_root volume group to the added disk. For example:

    /usr/sbin/vgextend vg_root /dev/sdb1
    Volume group "vg_root" successfully extended
  9. Run vgs again and compare it to the output from step 2.

    You should see more free space available for the vg_root volume group. For example:

    /usr/sbin/vgs  
    VG      #PV #LV #SN   Attr   VSize  VFree  
    vg_root   2  13   0 wz--n- 199.81G 60.69G

    In the examples throughout this procedure, you can see that the VSize has increased from 149.84 G to 199.81 G.

16.2 Extending Storage for Collected Data

If Oracle AVDF requires more space than was originally allocated for the collected data, you can add local disks or configure a storage area network (SAN).

16.2.1 Adding Local Disks to the Audit Vault Server ASM Disk Groups

To increase storage, you can add local disks to the Oracle Automatic Storage Management (ASM) disk groups for the Audit Vault Server.

This procedure discusses how to add storage to all three ASM disk groups. However, it may not be necessary to increase the storage for all three. Use your discretion to add storage where it's needed.

Note:

For Oracle AVDF installations that are hosted on VMware, don't extend the current virtual disk. Instead, add a new virtual disk device.

Prerequisite

Ensure that any disks that you added to the Oracle AVDF appliance have no preexisting Local Volume Manager (LVM), partition, or other device mapper metadata. If the disks have been used previously, then restore them to a clean state before completing this procedure.

Procedure

  1. Log in to the Audit Vault Server through SSH and switch to the root user.

    See Logging In to Oracle AVDF Appliances Through SSH.

  2. Run fdisk -l to view a list of all the available hard disks. For example:

    /sbin/fdisk -l 2> /dev/null | more
    Disk /dev/sda: 322.1 GB, 322122547200 bytes
    255 heads, 63 sectors/track, 39162 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes   
       Device Boot Start   End    Blocks  Id  System
    /dev/sda1    *     1    19    152586  83  Linux
    /dev/sda2         20 10727  86012010  8e  Linux LVM
    /dev/sda3      10728 22914  97892077+ 83  Linux
    /dev/sda4      22915 39162 130512060   5  Extended
    /dev/sda5      22915 31037  65247966  83  Linux
    /dev/sda6      31038 39162  65264031  83  Linux 
    
    Disk /dev/sdb: 107.3 GB, 107374182400 bytes
    255 heads, 63 sectors/track, 13054 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes
  3. From the list, locate a disk with no partitions defined and with the same size that you need. Ignore any entries referring to /dev/dm-0, and so on.

    In the example in step 2, a SATA disk of 100 GB was added, so the target in that example would be /dev/sdb.

    Note:

    • Fiber Channel-based storage with multipath is supported starting with Oracle AVDF 20.1.

      Here's an example of the multipath device: /dev/mpatha

      To get a list of existing multipath devices, run the multipath -ll command.

    • Fiber Channel over Ethernet (FCoE) is currently not supported by Oracle AVDF.
  4. Use the parted command to create the partitions.

    1. Run parted /<path of the disk> using the path of the disk that you identified in step 3. For example:

      /sbin/parted /dev/sdb
      
      GNU Parted 1.8.1
      Using /dev/sdb
      Welcome to GNU Parted! Type 'help' to view a list of commands.
      (parted)

      Oracle recommends that all ASM disks in a disk group should be the same size. For example, if the SYSTEMDATA disk group has a 5 GB disk and you want to add another disk, it should also be 5 GB. This is because Oracle ASM stripes the files in the disk group across each disk. If the disks are mismatched in size, the smallest disk limits the size of the whole disk group. After the smallest disk is 100 percent full, you can't rebalance until space on that disk is freed.

    2. Run mklabel gpt to set the disk label to GPT. For example:

      (parted) mklabel gpt
      (parted) print
      
      Model: ATA VBOX HARDDISK (scsi)
      Disk /dev/sdb: 107GB
      Sector size (logical/physical): 512B/512B
      Partition Table: gpt
      
      Number Start End Size File system Name Flags
      
      (parted)
    3. Run the mkpart primary ext3 command to create the partition.

      When prompted, enter 0GB as the start point and specify another size of the first partition as the end point.

      For example, to create three partitions and to use 35GB as the end of partition 1, use the following command:

      
      (parted) mkpart primary ext3
      Start? 0GB
      End? 35GB
      (parted)
      
    4. Run the mkpart command to create the second partition. For example:

      
      (parted) mkpart primary ext3
      Start? 35GB
      End? 70GB
      (parted)
      
    5. Run the mkpart command to create the third partition. For example:

      
      (parted) mkpart primary ext3
      Start? 70GB
      End? 107GB
      (parted) print
      

      The end point GB should match the total GB for the disk that appears in the output of step 4b.

    6. Run quit to exit parted. The changes are automatically saved.
  5. Run oracleasm createdisk to create the ASM disks. For example:

    /usr/sbin/oracleasm createdisk -v EVENTDATA2 /dev/sdb1
    Disk "EVENTDATA2" does not exist or is not instantiated
    Writing disk header: done
    Instantiating disk: done
    

    Note:

    If this command fails, then remove all the data and partitions from the new disk and repeat all the preceding steps.
  6. Add the new disks to the existing ASM disk groups.

    1. Run the following commands to change to the grid user and connect to the grid instance as sysasm to manage the existing ASM disk groups:
      su - grid
      id
      sqlplus /nolog
      sqlplus / as sysasm
    2. Check the current status of the existing ASM disks and disk groups. For example:

      SQL> select GROUP_NUMBER,NAME,TOTAL_MB,FREE_MB from V$ASM_DISKGROUP;
      
      GROUP_NUMBER NAME        TOTAL_MB FREE_MB
      ------------ ----        -------- -------
      1            EVENTDATA   63718    62557
      2            RECOVERY    95597    91924
      3            SYSTEMDATA  63734    60577
      
      SQL> SELECT MOUNT_STATUS,HEADER_STATUS,MODE_STATUS,STATE,TOTAL_MB,FREE_MB,NAME,PATH,LABEL FROM V$ASM_DISK;
      
      MOUNT_STAT HEADER_STATUS  MODE_STATUS   STATE   TOTAL_MB FREE_MB  NAME             PATH                             LABEL
      ---------- -------------  -----------   -----   -------- -------  ----             ----                             -----
      CLOSED     PROVISIONED    ONLINE        NORMAL  0        0                         /dev/oracleasm/disks/RECOVERY2
      CLOSED     PROVISIONED    ONLINE        NORMAL  0        0                         /dev/oracleasm/disks/SYSTEMDATA2
      CLOSED     PROVISIONED    ONLINE        NORMAL  0        0                         /dev/oracleasm/disks/EVENTDATA2
      CACHED     MEMBER         ONLINE        NORMAL  63734    60577    SYSTEMDATA_0000  /dev/oracleasm/disks/SYSTEMDATA1
      CACHED     MEMBER         ONLINE        NORMAL  63718    62557    EVENTDATA_0000   /dev/oracleasm/disks/EVENTDATA1
      CACHED     MEMBER         ONLINE        NORMAL  95597    91924    RECOVERY_0000    /dev/oracleasm/disks/RECOVERY1
      6 rows selected.
    3. Use ALTER DISKGROUP to add the new disks to the disk groups. For example:

      SQL> ALTER DISKGROUP EVENTDATA add disk 'ORCL:EVENTDATA2';
      Diskgroup altered.
    4. Verify the increase in storage space. For example:

      SQL> select GROUP_NUMBER,NAME,TOTAL_MB,FREE_MB from V$ASM_DISKGROUP;
      
      GROUP_NUMBER NAME       TOTAL_MB FREE_MB
      ------------ ----       -------- -------
      1            EVENTDATA  97096    95933
      2            RECOVERY   131239   127564
      3            SYSTEMDATA 97112    93953

16.2.2 Configuring a SAN Repository

Learn how to configure, discover targets, and add and drop disks for an Oracle Audit Vault and Database Firewall storage area network.

16.2.2.1 About Configuring a SAN Repository

You can configure an Oracle Audit Vault storage area network (SAN) for event data, system data, recovery data, and for high availability.

You can use storage area networks (SANs) to expand your data storage, and manage high availability.

Types of Data Supported for SANs

You have the option to configure a SAN storage repository for these data types:

  • Event Data - Data that is kept online in the Oracle Audit Vault Server for a specified duration according to archiving policies. After the online duration expires, this data is then archived.

  • System Data - Data specific to the Oracle Audit Vault and Database Firewall system

  • Recovery - Recovery data for the Oracle Audit Vault Server repository

During the Oracle Audit Vault Server installation process, your server is partitioned to store Event, System, and Recovery data in a way that works with the number of disk partitions you have set up on the server. Optionally, you can register SAN servers and configure your storage repository to use additional disks to store this data.

About Configuring a SAN Repository When Federal Information Processing Standards (FIPS) is Enabled on the Audit Vault Server

Challenge-Handshake Authentication Protocol (CHAP) should be disabled on the SAN server when FIPS is enabled.

About Configuring a SAN Repository in High Availability Environments

In a high availability environment, you can configure the storage repository on the secondary Oracle Audit Vault Server from the primary Oracle Audit Vault Server, using either the console UI or AVCLI commands. The primary and secondary Oracle Audit Vault Servers must not share (read or write to) the same SAN disks, and you must ensure that the secondary server has at least the same amount of space in each disk group as the primary server.

16.2.2.2 Configuring a SAN Server to Communicate with Oracle Audit Vault and Database Firewall

To configure a storage area network (SAN) for Oracle Audit Vault and Database Firewall, complete this procedure.

Oracle Audit Vault and Database Firewall uses Linux Open-iSCSI to communicate with SAN servers. You must ensure that the iSCSI service is enabled on the SAN server you want to use for storing Audit Vault and Database Firewall data, and provide the Audit Vault Server's iSCSI initiator name to your storage administrator to use in configuring the SAN server. The SAN server must allow iSCSI targets and LUNs (logical unit numbers) to communicate with this iSCSI initiator name. We recommend that the LUN numbers assigned to a disk should be fixed.

Note:

  • Ensure that you do not have more than one target mapped to the same disk on the SAN storage server.
  • Multipath is not supported with ISCSI storage.

Some SAN servers may also require the Oracle Audit Vault Server's IP address.

To find the Oracle Audit Vault Server's iSCSI initiator name and IP address:

  1. Log in to the Oracle Audit Vault Server as a super administrator.
  2. Click the Settings tab, and then click SAN.

    The SAN Servers page is displayed with the iSCSI initiator name at the bottom.

    In a high availability environment, you see two iSCSI initiator names: one for the primary Oracle Audit Vault Server, and one for the secondary.

  3. To find the Oracle Audit Vault Server's IP address, click the Settings tab, and then click Network. The IP address is at the top of this page.

Note:

Do not restart the iSCSI service on either the Oracle Audit Vault Server, or the SAN server that is servicing the Oracle Audit Vault Server. If there is a need to restart either of these services, then contact Oracle Support.

16.2.2.3 Registering or Dropping SAN Servers in the Oracle Audit Vault Server

You can register or drop a storage area network server for Oracle Audit Vault.

16.2.2.3.1 Registering a SAN Server

To register a storage area network (SAN) server to the Oracle Audit Vault server, complete this procedure.

In a high availability environment, you can use this procedure to register a SAN server to the primary or the secondary Oracle Audit Vault Server. Note that while you can register the same SAN server to both the primary and secondary Oracle Audit Vault Servers, they must not share (read or write to) the same SAN disks.

Note:

Multipath is not supported with ISCSI storage.

To register a SAN server in the Audit Vault Server:

  1. If you plan to use Internet Small Computer System Interface (iSCSI) as a target, then ensure that it is not shared with other systems. The iSCSI target must be exclusive to the Audit Vault Server.
  2. Log in to the Audit Vault Server as a super administrator.
  3. Click the Settings tab, and then click SAN.
  4. Click Register, and provide the following information:
    • Register to - (High Availability Only) Select the Primary or Secondary Audit Vault Server.

    • Storage Name - Name for this SAN server

    • IP Address - SAN Server IP address

    • Port - SAN Server port

    • Method - The data transfer method

    • Authentication - If sendTargets is the transfer method, this specifies no authentication, or CHAP (one way). Using CHAP (one way), the Oracle Audit Vault Server is authenticated by the SAN server.

  5. Click Submit.
16.2.2.3.2 Dropping a SAN Server

To drop a storage area network (SAN) server from the Oracle Audit Vault Server, complete this procedure.

You can drop a SAN server if none of its disks are in use for storage in the Oracle Audit Vault Server repository. Otherwise, you must first drop the disks from any disk groups that use this SAN server.

To drop a SAN server from the Audit Vault Server:

  1. Log in to the Oracle Audit Vault Server as a super administrator.
  2. Click the Settings tab, and then click SAN.
  3. Select the SAN servers that you want to drop, and then click Drop.
16.2.2.4 Discovering Targets on a SAN Server

Find out how to discover and manage storage area network (SAN) targets for Oracle Audit Vault and Database Firewall.

16.2.2.4.1 About SAN Targets and Disks

To make storage area network disks available to Oracle Audit Vault and Database Firewall, you must discover storage area network servers, and then log in to available targets.

After you have registered SAN servers in the Audit Vault Server, to make SAN disks available for storing Audit Vault Server data, you must discover and log in to the available targets on the SAN server.

When you log in to a target on the SAN server, a number of storage disks are made available to the Audit Vault Server, corresponding to the number of LUNs available on the SAN server for that target.

16.2.2.4.2 Discovering Targets on a SAN Server and Making Disks Available

Discover targets on a storage area network (SAN) server that is registered with the Audit Vault Server.

To make SAN server disks available for storing Audit Vault Server data, you must log in to a target on the SAN server, and then provide login credentials if required.

To discover targets on a SAN server:

  1. Log in to the Audit Vault Server as a super administrator.
  2. Click the Settings tab, and then click SAN.
  3. Find the SAN server you want, and then click the corresponding Discover link.

    A list of targets appears, showing the status of each target.

  4. Click Log In to log in to a target on this SAN server and make its disks available for storage.

    If the SAN server is configured so that the target does not require credentials, then you can leave those fields empty and click Log in.

Related Topics

16.2.2.4.3 Logging Out of Targets on SAN Servers

Learn how to log out of SAN server targets.

You can log out of a target if none of its disks are in use for storing Audit Vault Server data. If a disk from a target is in use, then you must first drop the disk and then log out of the target.

To log out of a target on a SAN server:

  1. Log in to the Audit Vault Server as a super administrator.

  2. Click the Settings tab, and then click SAN.

  3. Find the SAN server you want, and then click the corresponding Discover link.

    A list of targets appears, showing the status of each target.

  4. Find the target you want, and then click the corresponding Log Out link in the Action column.

    If there is a dash character in the Action column for the target, then disks from this target are in use.

16.2.2.5 Adding or Dropping SAN Disks in the Audit Vault Server Repository

Find out about storage area network (SAN) disk groups, and how to add or drop them from the Oracle Audit Vault Server repository.

16.2.2.5.1 About Disk Groups in the Oracle Audit Vault Server Repository

You can add disk groups for the three data types to the repository, and you can make these disk groups highly available.

Log in to the Audit Vault Server console as super administrator. Click the Settings tab, and then click the Storage tab in the left navigation menu. The Repository sub tab can be accessed from the main page.

Adding Disk Groups to the Repository sub tab

There are three disk groups used for storing Oracle Audit Vault Server data, corresponding to three data types:

  • EVENTDATA

  • SYSTEMDATA

  • RECOVERY

If desired, you can add disks from a registered SAN server to the EVENTDATA, SYSTEMDATA, and RECOVERY disk groups to increase the storage capacity for those types of data. Else, these data types are stored in disk partitions on the Audit Vault Server.

Adding SAN disks to these disk groups is optional.

In a high availability environment, you must ensure that the secondary server has at least the same amount of space in each disk group as the primary server.

The Repository sub tab in a High Availability Environment

In a high availability environment, you see the disk groups in the Repository page for the Primary Oracle Audit Vault Server, followed by the same disk groups for the Secondary Oracle Audit Vault Server. You must ensure that the secondary server has at least the same amount of space in each disk group as the primary server.

16.2.2.5.2 Adding SAN Disks to the Audit Vault Server Repository

To add storage area network (SAN) disks to the Oracle Audit Vault Server repository, use this procedure.

You can add SAN disks that are not already in use to any of the disk groups in the repository.

Note:

Adding an additional disk creates two VG_ROOT volume groups. When you have two VG_ROOT disks, this results in failure during upgrade. Ensure that any disk added to the appliance has no pre-existing LVM or other device mapper metadata.

To add disks to a disk group in the repository:

  1. Log in to the Audit Vault Server as a super administrator.
  2. Click the Settings tab, and then click Storage tab in the left navigation menu.
  3. Click Repository sub tab on the main page.
  4. Click the Add Disk button against the specific disk group.

    Details for available disks are displayed, including disk capacity and free space.

  5. Select the disks that you want to add to this disk group, and then click Use Disk(s) button.
  6. Click OK to confirm.

    The selected disks are displayed under the specified disk group.

16.2.2.5.3 Dropping SAN Disks from the Audit Vault Server Repository

Learn how to drop a SAN disk from a disk group.

The data on the disk being dropped is relocated to the remaining disks in the disk group. Before dropping a disk, the system checks for space on the remaining disks in the disk group for data to be relocated. If this space check fails, it results in OAV-47330 error. You cannot drop the only disk in the disk group.

To drop a SAN disk from a disk group in the repository:

  1. Log in to the Audit Vault Server console as a super administrator.
  2. Click the Settings tab, and then click Storage tab in the left navigation menu.
  3. Find the disk you want to drop under one of the disk groups, select the disk, and then click Drop Disk button.
  4. Click OK to confirm.