Uma vez que já conseguimos conectar na camada de Sistema Operacional do nosso DB System, vamos explorar neste artigo algumas características desse ambiente, para nossa ambientação, e para vermos que é muito próximo do que já existe no modelo on-premises.
Avaliando a versão do S.O:
[opc@luxor ~]$ cat /etc/*release*
Oracle Linux Server release 7.9
NAME="Oracle Linux Server"
VERSION="7.9"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Oracle Linux Server 7.9"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:7:9:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://bugzilla.oracle.com/"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7"
ORACLE_BUGZILLA_PRODUCT_VERSION=7.9
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=7.9
Red Hat Enterprise Linux Server release 7.9 (Maipo)
Oracle Linux Server release 7.9
cpe:/o:oracle:linux:7:9:server
Por óbvias questões de segurança, temos o recurso no OCI de Security Lists nas Subnets, que funciona como um firewall no ambiente, para que possamos definir as regras de entrada e saída de conexões (veremos o seu funcionamento em outro artigo). Além desse mecanismo, na camada de S.O também temos o IPTABLES habilitado, conforme exposto abaixo. Fica como registro a possibilidade de mudarmos a conexão do usuário opc para root, oracle, etc:
[opc@luxor ~]$ sudo su -
Last login: Wed May 12 07:19:42 UTC 2021
[root@luxor ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Wed 2021-05-12 07:17:46 UTC; 6min ago
Process: 1086 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 1086 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
May 12 07:17:46 luxor systemd[1]: Starting IPv4 firewall with iptables...
May 12 07:17:46 luxor iptables.init[1086]: iptables: Applying firewall rules: [ OK ]
May 12 07:17:46 luxor systemd[1]: Started IPv4 firewall with iptables.
[root@luxor ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ncube-lm /* Required for access to Database Listener, Do not remove or modify. */
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:commplex-main /* Required for TFA traffic. */
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:lm-x /* This rule is recommended and enables the Oracle Notification Services (ONS) to communicate about Fast Application Notification (FAN) events. */
ACCEPT tcp -- link-local/16 anywhere state NEW tcp dpt:arcp /* Required for instance management by the Database Service, Do not remove or modify. */
ACCEPT tcp -- link-local/16 anywhere state NEW tcp dpt:7060 /* Required for instance management by the Database Service, Do not remove or modify. */
ACCEPT tcp -- link-local/16 anywhere state NEW tcp dpt:ssh /* Required for instance management by the Database Service, Do not remove or modify. */
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
BareMetalInstanceServices all -- anywhere link-local/16
Chain BareMetalInstanceServices (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 169.254.2.0/24 owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT tcp -- anywhere 169.254.0.2 owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT tcp -- anywhere 169.254.0.2 tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT udp -- anywhere 169.254.169.254 udp dpt:domain /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT tcp -- anywhere 169.254.169.254 tcp dpt:domain /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT tcp -- anywhere 169.254.0.3 owner UID match root tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT tcp -- anywhere 169.254.0.4 tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT udp -- anywhere 169.254.169.254 udp dpt:ntp /* Allow access to OCI local NTP service */
ACCEPT tcp -- anywhere 169.254.169.254 tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT udp -- anywhere 169.254.169.254 udp dpt:bootps /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT udp -- anywhere 169.254.169.254 udp dpt:tftp /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
REJECT tcp -- anywhere link-local/16 tcp /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */ reject-with tcp-reset
REJECT udp -- anywhere link-local/16 udp /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */ reject-with icmp-port-unreachable
[root@luxor ~]#
As variáveis de ambientes, geralmente salvas em arquivo bash_profile, aqui são salvas em arquivo bashrc, pela necessidade de se trocar o usuário constantemente de opc para root, oracle, etc:
[opc@luxor ~]$ sudo su -
Last login: Wed May 12 07:23:20 UTC 2021 on pts/0
[root@luxor ~]# sudo su oracle
[oracle@luxor root]$ echo $ORACLE_SID
CORTEX
[oracle@luxor root]$ echo $ORACLE_HOME
/u01/app/oracle/product/12.2.0.1/dbhome_1
[oracle@luxor root]$ echo $ORACLE_UNQNAME
CORTEX_phx1hb
[oracle@luxor root]$ echo $TNS_ADMIN
[oracle@luxor root]$ cd
[oracle@luxor ~]$ cat .bashrc
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=
# User specific aliases and functions
ORACLE_HOME=/u01/app/oracle/product/12.2.0.1/dbhome_1; export ORACLE_HOME
PATH=$PATH:/u01/app/oracle/product/12.2.0.1/dbhome_1/bin; export PATH
LD_LIBRARY_PATH=/u01/app/oracle/product/12.2.0.1/dbhome_1/lib; export LD_LIBRARY_PATH
ORACLE_UNQNAME=CORTEX_phx1hb;export ORACLE_UNQNAME
ORACLE_SID=CORTEX; export ORACLE_SID
## WARNING!! Modifying this file can cause failures in API/CLI provided by Cloud Tooling!!
A variável $TNS_ADMIN como não está preenchida, vai respeitar o seu valor padrão, que é $ORACLE_HOME/network/admin:
[oracle@luxor ~]$ cd $ORACLE_HOME
[oracle@luxor dbhome_1]$ cd network/admin/
[oracle@luxor admin]$ ll
total 16
drwxr-xr-x 2 oracle oinstall 4096 Feb 28 2019 samples
-rw-r--r-- 1 oracle oinstall 1441 Aug 28 2015 shrept.lst
-rw-r--r-- 1 oracle oinstall 472 May 8 09:53 sqlnet.ora
-rw-r----- 1 oracle oinstall 527 May 8 09:41 tnsnames.ora
Conseguimos utilizar também o utilitário srvctl, consumindo os valores de algumas variáveis de ambiente, como a $ORACLE_UNQNAME (que é diferente do $ORACLE_SID):
[oracle@luxor admin]$ srvctl status database -thishome
Database unique name: CORTEX_phx1hb
Instance CORTEX is running on node luxor
[oracle@luxor admin]$ srvctl status database -database $ORACLE_UNQNAME
Instance CORTEX is running on node luxor
[oracle@luxor admin]$ srvctl config database -database $ORACLE_UNQNAME
Database unique name: CORTEX_phx1hb
Database name: CORTEX
Oracle home: /u01/app/oracle/product/12.2.0.1/dbhome_1
Oracle user: oracle
Spfile: +DATA/CORTEX_PHX1HB/PARAMETERFILE/spfile.269.1071999801
Password file:
Domain: luxorsubnet.luxorvcn.oraclevcn.com
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Server pools:
Disk Groups: RECO,DATA
Mount point paths:
Services:
Type: SINGLE
OSDBA group: dba
OSOPER group: dbaoper
Database instance: CORTEX
Configured nodes: luxor
CSS critical: no
CPU count: 0
Memory target: 0
Maximum memory: 0
Default network number for database services:
Database is administrator managed
O conteúdo do arquivo tnsnames.ora possui apenas a string de conexão do CDB$ROOT:
[oracle@luxor admin]$ cat tnsnames.ora
# tnsnames.ora Network Configuration File: /u01/app/oracle/product/12.2.0.1/dbhome_1/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
LISTENER_CORTEX =
(ADDRESS = (PROTOCOL = TCP)(HOST = luxor.luxorsubnet.luxorvcn.oraclevcn.com)(PORT = 1521))
CORTEX_PHX1HB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = luxor.luxorsubnet.luxorvcn.oraclevcn.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = CORTEX_phx1hb.luxorsubnet.luxorvcn.oraclevcn.com)
)
)
Observando PDB criado:
[oracle@luxor admin]$ sqlplus / as sysdba
SQL*Plus: Release 12.2.0.1.0 Production on Wed May 12 07:41:44 2021
Copyright (c) 1982, 2016, Oracle. All rights reserved.
Connected to:
Oracle Database 12c EE Extreme Perf Release 12.2.0.1.0 - 64bit Production
SQL> SELECT NAME,CDB FROM V$DATABASE;
NAME CDB
--------- ---
CORTEX YES
SQL> SELECT NAME,OPEN_MODE FROM V$PDBS;
NAME
--------------------------------------------------------------------------------
OPEN_MODE
----------
PDB$SEED
READ ONLY
HIPOFISE1
READ WRITE
SQL> SELECT NAME FROM V$DATAFILE ORDER BY 1;
NAME
--------------------------------------------------------------------------------
+DATA/CORTEX_PHX1HB/B2084748142A4638E053C003F40A65C0/DATAFILE/sysaux.265.1071999
505
+DATA/CORTEX_PHX1HB/B2084748142A4638E053C003F40A65C0/DATAFILE/system.266.1071999
505
+DATA/CORTEX_PHX1HB/B2084748142A4638E053C003F40A65C0/DATAFILE/undotbs1.267.10719
99505
+DATA/CORTEX_PHX1HB/C1CF6DCEA12F134DE0539501000A20C1/DATAFILE/sysaux.272.1072000
035
NAME
--------------------------------------------------------------------------------
+DATA/CORTEX_PHX1HB/C1CF6DCEA12F134DE0539501000A20C1/DATAFILE/system.271.1072000
035
+DATA/CORTEX_PHX1HB/C1CF6DCEA12F134DE0539501000A20C1/DATAFILE/undotbs1.270.10720
00035
+DATA/CORTEX_PHX1HB/C1CF6DCEA12F134DE0539501000A20C1/DATAFILE/users.275.10720003
83
+DATA/CORTEX_PHX1HB/DATAFILE/sysaux.262.1071999373
NAME
--------------------------------------------------------------------------------
+DATA/CORTEX_PHX1HB/DATAFILE/system.261.1071999329
+DATA/CORTEX_PHX1HB/DATAFILE/undotbs1.263.1071999399
+DATA/CORTEX_PHX1HB/DATAFILE/users.274.1072000383
11 rows selected.
SQL> SELECT CON_NAME, INSTANCE_NAME, STATE FROM DBA_PDB_SAVED_STATES;
CON_NAME
--------------------------------------------------------------------------------
INSTANCE_NAME
--------------------------------------------------------------------------------
STATE
--------------
HIPOFISE1
CORTEX
OPEN
O banco de dados encontra-se em archivelog mode:
SQL> archive log list;
Database log mode Archive Mode
Automatic archival Enabled
Archive destination USE_DB_RECOVERY_FILE_DEST
Oldest online log sequence 2
Next log sequence to archive 4
Current log sequence 4
SQL> SHOW PARAMETER USE_DB_RECOVERY_FILE_DEST
SQL> SHOW PARAMETER RECOVERY_FILE_DEST;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
db_recovery_file_dest string +RECO
db_recovery_file_dest_size big integer 255G
remote_recovery_file_dest string
Já o recurso de Flashback database não vem habilitado. Por questões de recuperação, vou habilitá-lo:
SQL> SELECT FLASHBACK_ON FROM V$DATABASE;
FLASHBACK_ON
------------------
NO
SQL> ALTER DATABASE FLASHBACK ON;
Database altered.
SQL> SELECT FLASHBACK_ON FROM V$DATABASE;
FLASHBACK_ON
------------------
YES
Por último, podemos checar os DiskGroups com o usuário grid, conforme abaixo:
[oracle@luxor admin]$ exit
exit
[root@luxor ~]# sudo su - grid
Last login: Wed May 12 07:39:02 UTC 2021
[grid@luxor ~]$ asmcmd lsdg
State Type Rebal Sector Logical_Sector Block AU Total_MB Free_MB Req_mir_free_MB Usable_file_MB Offline_disks Voting_files Name
MOUNTED EXTERN N 512 512 4096 4194304 262144 253584 0 253584 0 Y DATA/
MOUNTED EXTERN N 512 512 4096 4194304 262144 256400 0 256400 0 N RECO/
[grid@luxor ~]$
Obs: Este procedimento foi criado pelo senhor Ahmed Baraka (www.ahmedbaraka.com) e foi apenas reproduzido por mim em um laboratório pessoal para fins de aprendizado.
Portuguese
English
Spanish