2.1.1.2.2 Exascale User Accounts and Wallets

Exascale has a system of user accounts enabling different users to perform actions and access data according to their assigned privileges. This topic describes the Exascale user accounts and associated key stores (wallets) created during system deployment.

After system deployment, the number of Exascale user accounts, and their settings, depends on the configuration details specified on the OEDA Web UI User(s) and Groups page and the clusters defined on the Define Clusters page.

The following occurs for each virtual machine (VM) cluster or bare-metal database server cluster on the Define Clusters page:

• If the cluster is associated with a default (non-role-separated) user configuration containing one Oracle OS user account, then one matching Exascale user account is created.

  In this case, the Exascale user manages the Oracle Grid Infrastructure shared clusterware files (Oracle Cluster Registry and voting disks) and the Oracle Database files (data files, control files, log files, and so on) for all databases associated with the cluster. Consequently, the Exascale user is the owner and manager of all Exascale vaults associated with the cluster.

  The Exascale user identifier (ID) is set to a concatenation of:

  • The User Name (typically oracle) as specified on the User(s) and Groups page.

  • The value of the Cluster Name as specified on the Define Clusters page.

  For example, if the User Name is oracle and the Cluster Name is Escluster1, then the Exascale user ID is oracleEscluster1.

  The Exascale user account uses a system-generated public and private key pair for authentication. The Exascale user account definition contains the public key, and each compute node (database server or VM) contains a system-generated key store (wallet), which contains the corresponding private key. The wallet is created at /etc/oracle/cell/network-config/eswallet.

• If the cluster is associated with a role-separated user configuration containing one Grid OS user account and one Oracle OS user account, then two matching Exascale user accounts are created.

  The Exascale user that matches the Grid OS user manages the Oracle Grid Infrastructure shared clusterware files (Oracle Cluster Registry and voting disks). Also known as the grid Exascale user, this Exascale user account has the following characteristics:

  • The user ID is set to a concatenation of:

    • The User Name for the Grid OS user (typically grid) as specified on the User(s) and Groups page.

    • The value of the Cluster Name as specified on the Define Clusters page.

    For example, if the User Name is grid and the Cluster Name is Escluster2, then the Exascale user ID is gridEscluster2.

  • The Exascale user account uses a system-generated public and private key pair for authentication. The Exascale user account definition contains the public key, and each compute node (database server or VM) contains a system-generated key store (wallet), which contains the corresponding private key. The wallet for the grid Exascale user account is created at /etc/oracle/cell/network-config/eswallet.

  • The Exascale grid user is the owner and manager of the Exascale vault specified on the Define Clusters page.

  The Exascale user that matches the Oracle OS user manages the Oracle Database files (data files, control files, log files, and so on) for all databases associated with the cluster. Also known as the oracle Exascale user, this Exascale user account has the following characteristics:

  • The user ID is set to a concatenation of:

    • The User Name for the Oracle OS user (typically oracle) as specified on the User(s) and Groups page.

    • The value of the Cluster Name as specified on the Define Clusters page.

    For example, if the User Name is oracle and the Cluster Name is Escluster2, then the Exascale user ID is oracleEscluster2.

  • The Exascale user account uses a system-generated public and private key pair for authentication. The Exascale user account definition contains the public key, and each compute node (database server or VM) contains a system-generated key store (wallet), which contains the corresponding private key. The wallet for the Exascale user account that corresponds with the Oracle OS user is created at $ORACLE_BASE/admin/eswallet (typically /u01/app/oracle/admin/eswallet).

  • The Exascale oracle user is the owner and manager of the database-specific Exascale vaults specified on the Create Database page.

    However, if any database uses the vault that contains the Oracle Grid Infrastructure shared clusterware files, then the Exascale oracle user is added as a manager of that vault.

In addition to the aforementioned Exascale user accounts, each Exascale cluster contains:

• One superuser account. The user ID for the superuser account is admin. The admin user can implicitly perform any system operation and effectively holds all system privileges.

  During system deployment, the admin user wallet is created on every storage server at /opt/oracle/cell/cellsrv/deploy/config/security/admwallet and every wallet contains the same system-generated private key.

• One node administration account for every node (storage server or compute node) that runs Exascale software services. Each node administration account inherits its user ID from the server hostname and each account contains the privileges required to run the Exascale software services on the node. Do not directly use or modify these accounts.

  During system deployment, the node administration user wallet is created on every node, and every wallet contains a system-generated private key. On a storage server, the wallet is located at /opt/oracle/cell/cellsrv/deploy/config/eswallet. On a compute node, the wallet is located at /opt/oracle/dbserver/dbms/deploy/config/eswallet.