6 Oracle Database Appliance Postinstallation Tasks

Complete these administrative tasks after you have deployed software, but before the system is operational.

• About Password Requirements on Oracle Database Appliance
  Understand password requirements for multi-user access and non-multi-user access enabled systems.
• Configuring CPU Core Count
  Oracle Database Appliance is delivered with all cores on each server enabled. Follow this procedure to reduce the number of cores, if required.
• Modifying Oracle ASM Listener Port After Deployment
  Understand how you can modify Oracle ASM listener port on Oracle Database Appliance after deployment.
• Securing Oracle ILOM Service Processors
  Change the Oracle ILOM default password after completing Oracle Database Appliance deployment.
• Changing Oracle Database Appliance Passwords
  After deploying your appliance, ensure that you change the following passwords for securing your system.
• Changing the DNS Server Address on Oracle Database Appliance
  If the DNS server in the data center changes, understand how you can update the DNS entries on on Oracle Database Appliance server so that the network functions correctly.

About Password Requirements on Oracle Database Appliance

Understand password requirements for multi-user access and non-multi-user access enabled systems.

Following are the password requirements on Oracle Database Appliance for various deployments.

Table 6-1 Password Requirements on Oracle Database Appliance

Component	Multi-user access enabled and passwordless multi-user access-enabled system	Non-multi-user access enabled system
Password Length	Minimum password length is 9 characters. Maximum password length is 30 characters.	Minimum password length is 9 characters. Maximum password length is 30 characters.
Password History	Yes. New password cannot be the same as any previous password.	Yes. New password cannot be the same as any previous password.
Password Complexity	The password must contain at least two characters each from: uppercase letters, lowercase letters, numbers (0-9), and allowed special characters #, - or _. The password must have a minimum of 9 characters and a maximum of 30 characters.	The password must contain at least two characters each from: uppercase letters, lowercase letters, numbers (0-9), and allowed special characters #, - or _. The password must have a minimum of 9 characters and a maximum of 30 characters.
Maximum Password Age	The default is 90 days. The permitted range is 30 to 180 days, which can be configured by the user.	The default is 90 days. This value is not configurable.
Account Lockout Threshold	default retry attempts 3 times , Allowed Range 2 times – 5 times, user configurable	None
Reset Account Lockout Counter	Account is locked out when you run an ODACLI command after password has expired or after maximum retrial attempts are exceeded in the case of wrong password. You must obtain authorization from the system administrator to unlock the account. You can then change the temporary password provided by the administrator as part of authorizing an unlock of their account. Till the account is re-activated, you cannot run any ODACLI command.	None
Reset Bad Attempts Counter	If you have not exceeded the maximum retrial attempts and enter correct password, then the counter is reset to 0. If the maximum retrial attempts are exceeded, then the account is immediately locked and you must request for unlocking the account. Till the account is re-activated, you cannot run any ODACLI command.	None
Change on first use	Yes. The user account is created initially as Inactive. You must change the password on first login to make it active. Till the account is activated, you cannot run any ODACLI command.	Can be set by a single oda-admin user on the first login to the BUI.

odacli Multi-User Access Commands

ODACLI Command Changes with Multi-User Access on Oracle Database Appliance

Configuring CPU Core Count

Oracle Database Appliance is delivered with all cores on each server enabled. Follow this procedure to reduce the number of cores, if required.

1. To reduce the number of cores, run the following command on Node 0 only:
   Set the cores in multiples of 2, for example, 12:

   [root@oak1 opt]# /opt/oracle/dcs/bin/odacli modify-cpucore --cores 12

   When you run the command, the nodes are restarted to apply the changes.
2. Check if the job completed successfully:

   [root@oak1 opt]# /opt/oracle/dcs/bin/odacli describe-job -i job_ID

3. Verify that the core count is updated on both nodes:

   [root@oak1 opt]# /opt/oracle/dcs/bin/odacli describe-cpucore 

Modifying Oracle ASM Listener Port After Deployment

Understand how you can modify Oracle ASM listener port on Oracle Database Appliance after deployment.

Modifying Oracle ASM listener port using ODACLI commands

In earlier Oracle Database Appliance releases, you provisioned your bare metal system with Oracle ASM listener port 1525 as the default and as the Oracle ASM discovery address port from DB systems. Starting with Oracle Database Appliance release 19.24, you can customize Oracle ASM listener port number as a postinstallation task. All DB systems that you provision after changing the Oracle ASM listener port number use the new Oracle ASM port number.

Use the following command to modify the Oracle ASM listener port number:

odacli modify-asmport -p any_unused_port_between_1024_and_65536

For example:

# odacli modify-asmport -p 1528

Note:

You can run the odacli modify-asmport command only on deployments where the bare metal system is on Oracle Database Appliance release 19.24 and the DB system is on release 19.24 and you use the DB 23ai clones available with Oracle Database Appliance release 19.24.

Modifying Oracle ASM listener port using BUI

Follow these steps:

1. Log into the Browser User Interface:

   https://host-ip-address:7093/mgmt/index.html

2. Click Appliance.
3. In the Basic Information page, Click Modify ASM Port to change the Oracle ASM listener port.
4. In the Modify ASM Port dialog box, specify the ASM Port and click Modify.
5. Click Refresh ASM Port to view the update.

Securing Oracle ILOM Service Processors

Change the Oracle ILOM default password after completing Oracle Database Appliance deployment.

Do not change the default password until after you have completed software deployment on the Oracle Database Appliance.

Changing Oracle ILOM Password from the Console

1. In the Oracle ILOM console, from the Administration menu, select User Management, and then navigate to the User Accounts subtab.

2. Select root user and click Edit.

3. Change the root user password.

Changing Oracle ILOM Password Using CLI Commands

1. Connect to the Oracle ILOM service processor (SP) through SSH:

   # ssh -l root SP-ipaddr

2. Set the new password:

   -> set /SP/users/root password=new_password
   Changing password for user /SP/users/root/password...
   Enter new password again: *********
   New password was successfully set for user /SP/users/root

Changing Oracle Database Appliance Passwords

After deploying your appliance, ensure that you change the following passwords for securing your system.

Changing the Oracle Installation Owner Passwords

During deployment, the root and database users SYS, SYSTEM and PDBADMIN are set to the system password. After deployment, the oracle and grid passwords are also set to the system password. Change the passwords to comply with your enterprise user security protocols. Refer to the Oracle Database Appliance Security Guide and Oracle Database Security Guide for information about the required configuration and best practices to secure database systems.

Changing the oda-admin User Password through the Command-Line

1. Log in to the appliance as root.

2. Run the odacli set-credential command to reset the password. Enter the new password when prompted.

   # odacli set-credential --username oda-admin
   Enter 'user' password: 
   Retype 'user' password:

Changing the the oda-admin User Password through the Browser User Interface

1. Log into the Browser User Interface using the user name oda-admin.

2. Click About, then User Settings in the upper right corner of the Browser User Interface.

3. Enter the password in the Password field and the Password Confirmation field, then click Submit.

   A confirmation message is displayed.

4. Click About, then click Sign Out.

5. Log back into the Browser User Interface with the new password.

Note:

The oda-admin password expiration period is 90 days.

Changing the DNS Server Address on Oracle Database Appliance

If the DNS server in the data center changes, understand how you can update the DNS entries on on Oracle Database Appliance server so that the network functions correctly.

Follow these steps to change the DNS server address on Oracle Database Appliance:

1. Log in as the root user.
2. Open the /etc/resolv.conf file in a text editor.
3. Locate the name server setting for the DNS server and change it to the new value. For example:

   search        example.com
   nameserver    10.7.7.3

4. Save the file and close the editor.