{"id":4551,"date":"2021-05-12T07:49:26","date_gmt":"2021-05-12T07:49:26","guid":{"rendered":"https:\/\/swiv.com.br\/getting-familiar-with-the-oci-system-characteristics\/"},"modified":"2026-05-27T20:02:32","modified_gmt":"2026-05-27T19:02:32","slug":"getting-familiar-with-the-oci-system-characteristics","status":"publish","type":"post","link":"https:\/\/swiv.com.br\/index.php\/2021\/05\/12\/getting-familiar-with-the-oci-system-characteristics\/","title":{"rendered":"Getting Familiar with the OCI System Characteristics"},"content":{"rendered":"\n

Uma vez que j\u00e1 conseguimos conectar na camada de Sistema Operacional do nosso DB System, vamos explorar neste artigo algumas caracter\u00edsticas desse ambiente, para nossa ambienta\u00e7\u00e3o, e para vermos que \u00e9 muito pr\u00f3ximo do que j\u00e1 existe no modelo on-premises.<\/p>\n\n\n\n

Avaliando a vers\u00e3o do S.O:<\/p>\n\n\n

\n[opc@luxor ~]$ cat \/etc\/*release*\nOracle Linux Server release 7.9\nNAME="Oracle Linux Server"\nVERSION="7.9"\nID="ol"\nID_LIKE="fedora"\nVARIANT="Server"\nVARIANT_ID="server"\nVERSION_ID="7.9"\nPRETTY_NAME="Oracle Linux Server 7.9"\nANSI_COLOR="0;31"\nCPE_NAME="cpe:\/o:oracle:linux:7:9:server"\nHOME_URL="https:\/\/linux.oracle.com\/"\nBUG_REPORT_URL="https:\/\/bugzilla.oracle.com\/"\n \nORACLE_BUGZILLA_PRODUCT="Oracle Linux 7"\nORACLE_BUGZILLA_PRODUCT_VERSION=7.9\nORACLE_SUPPORT_PRODUCT="Oracle Linux"\nORACLE_SUPPORT_PRODUCT_VERSION=7.9\nRed Hat Enterprise Linux Server release 7.9 (Maipo)\nOracle Linux Server release 7.9\ncpe:\/o:oracle:linux:7:9:server\n<\/pre><\/div>\n\n\n
Por \u00f3bvias quest\u00f5es de seguran\u00e7a, temos o recurso no OCI de Security Lists nas Subnets, que funciona como um firewall no ambiente, para que possamos definir as regras de entrada e sa\u00edda de conex\u00f5es (veremos o seu funcionamento em outro artigo). Al\u00e9m desse mecanismo, na camada de S.O tamb\u00e9m temos o IPTABLES habilitado, conforme exposto abaixo. Fica como registro a possibilidade de mudarmos a conex\u00e3o do usu\u00e1rio opc para root, oracle, etc:<\/p>\n\n\n
\n[opc@luxor ~]$ sudo su -\nLast login: Wed May 12 07:19:42 UTC 2021\n[root@luxor ~]# service iptables status\nRedirecting to \/bin\/systemctl status iptables.service\n\u25cf iptables.service - IPv4 firewall with iptables\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/iptables.service; enabled; vendor preset: disabled)\n   Active: active (exited) since Wed 2021-05-12 07:17:46 UTC; 6min ago\n  Process: 1086 ExecStart=\/usr\/libexec\/iptables\/iptables.init start (code=exited, status=0\/SUCCESS)\n Main PID: 1086 (code=exited, status=0\/SUCCESS)\n   CGroup: \/system.slice\/iptables.service\n \nMay 12 07:17:46 luxor systemd[1]: Starting IPv4 firewall with iptables...\nMay 12 07:17:46 luxor iptables.init[1086]: iptables: Applying firewall rules: [  OK  ]\nMay 12 07:17:46 luxor systemd[1]: Started IPv4 firewall with iptables.\n[root@luxor ~]# iptables -L\nChain INPUT (policy ACCEPT)\ntarget     prot opt source               destination\nACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED\nACCEPT     icmp --  anywhere             anywhere\nACCEPT     all  --  anywhere             anywhere\nACCEPT     all  --  anywhere             anywhere\nACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh\nACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ncube-lm \/* Required for access to Database Listener, Do not remove or modify.  *\/\nACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:commplex-main \/* Required for TFA traffic.  *\/\nACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:lm-x \/* This rule is recommended and enables the Oracle Notification Services (ONS) to communicate about Fast Application Notification (FAN) events.  *\/\nACCEPT     tcp  --  link-local\/16        anywhere             state NEW tcp dpt:arcp \/* Required for instance management by the Database Service, Do not remove or modify.  *\/\nACCEPT     tcp  --  link-local\/16        anywhere             state NEW tcp dpt:7060 \/* Required for instance management by the Database Service, Do not remove or modify.  *\/\nACCEPT     tcp  --  link-local\/16        anywhere             state NEW tcp dpt:ssh \/* Required for instance management by the Database Service, Do not remove or modify.  *\/\nREJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited\n \nChain FORWARD (policy ACCEPT)\ntarget     prot opt source               destination\nREJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited\n \nChain OUTPUT (policy ACCEPT)\ntarget     prot opt source               destination\nACCEPT     all  --  anywhere             anywhere\nACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED\nBareMetalInstanceServices  all  --  anywhere             link-local\/16\n \nChain BareMetalInstanceServices (1 references)\ntarget     prot opt source               destination\nACCEPT     tcp  --  anywhere             169.254.2.0\/24       owner UID match root tcp dpt:iscsi-target \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nACCEPT     tcp  --  anywhere             169.254.0.2          owner UID match root tcp dpt:iscsi-target \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nACCEPT     tcp  --  anywhere             169.254.0.2          tcp dpt:http \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nACCEPT     udp  --  anywhere             169.254.169.254      udp dpt:domain \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nACCEPT     tcp  --  anywhere             169.254.169.254      tcp dpt:domain \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nACCEPT     tcp  --  anywhere             169.254.0.3          owner UID match root tcp dpt:http \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nACCEPT     tcp  --  anywhere             169.254.0.4          tcp dpt:http \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nACCEPT     udp  --  anywhere             169.254.169.254      udp dpt:ntp \/* Allow access to OCI local NTP service *\/\nACCEPT     tcp  --  anywhere             169.254.169.254      tcp dpt:http \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nACCEPT     udp  --  anywhere             169.254.169.254      udp dpt:bootps \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nACCEPT     udp  --  anywhere             169.254.169.254      udp dpt:tftp \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/\nREJECT     tcp  --  anywhere             link-local\/16        tcp \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/ reject-with tcp-reset\nREJECT     udp  --  anywhere             link-local\/16        udp \/* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule *\/ reject-with icmp-port-unreachable\n[root@luxor ~]#\n<\/pre><\/div>\n\n\n
 As vari\u00e1veis de ambientes, geralmente salvas em arquivo bash_profile, aqui s\u00e3o salvas em arquivo bashrc, pela necessidade de se trocar o usu\u00e1rio constantemente de opc para root, oracle, etc:<\/p>\n\n\n
\n[opc@luxor ~]$ sudo su -\nLast login: Wed May 12 07:23:20 UTC 2021 on pts\/0\n[root@luxor ~]# sudo su oracle\n[oracle@luxor root]$ echo $ORACLE_SID\nCORTEX\n[oracle@luxor root]$ echo $ORACLE_HOME\n\/u01\/app\/oracle\/product\/12.2.0.1\/dbhome_1\n[oracle@luxor root]$ echo $ORACLE_UNQNAME\nCORTEX_phx1hb\n[oracle@luxor root]$ echo $TNS_ADMIN\n \n[oracle@luxor root]$ cd\n[oracle@luxor ~]$ cat .bashrc\n# .bashrc\n \n# Source global definitions\nif [ -f \/etc\/bashrc ]; then\n. \/etc\/bashrc\nfi\n \n# Uncomment the following line if you don't like systemctl's auto-paging feature:\n# export SYSTEMD_PAGER=\n \n# User specific aliases and functions\nORACLE_HOME=\/u01\/app\/oracle\/product\/12.2.0.1\/dbhome_1; export ORACLE_HOME\nPATH=$PATH:\/u01\/app\/oracle\/product\/12.2.0.1\/dbhome_1\/bin; export PATH\nLD_LIBRARY_PATH=\/u01\/app\/oracle\/product\/12.2.0.1\/dbhome_1\/lib; export LD_LIBRARY_PATH\nORACLE_UNQNAME=CORTEX_phx1hb;export ORACLE_UNQNAME\nORACLE_SID=CORTEX; export ORACLE_SID\n## WARNING!! Modifying this file can cause failures in API\/CLI provided by Cloud Tooling!!\n<\/pre><\/div>\n\n\n
A vari\u00e1vel $TNS_ADMIN como n\u00e3o est\u00e1 preenchida, vai respeitar o seu valor padr\u00e3o, que \u00e9 $ORACLE_HOME\/network\/admin:<\/p>\n\n\n
\n[oracle@luxor ~]$ cd $ORACLE_HOME\n[oracle@luxor dbhome_1]$ cd network\/admin\/\n[oracle@luxor admin]$ ll\ntotal 16\ndrwxr-xr-x 2 oracle oinstall 4096 Feb 28  2019 samples\n-rw-r--r-- 1 oracle oinstall 1441 Aug 28  2015 shrept.lst\n-rw-r--r-- 1 oracle oinstall  472 May  8 09:53 sqlnet.ora\n-rw-r----- 1 oracle oinstall  527 May  8 09:41 tnsnames.ora\n<\/pre><\/div>\n\n\n
Conseguimos utilizar tamb\u00e9m o utilit\u00e1rio srvctl, consumindo os valores de algumas vari\u00e1veis de ambiente, como a $ORACLE_UNQNAME (que \u00e9 diferente do $ORACLE_SID):<\/p>\n\n\n
\n[oracle@luxor admin]$ srvctl status database -thishome\nDatabase unique name: CORTEX_phx1hb\nInstance CORTEX is running on node luxor\n[oracle@luxor admin]$ srvctl status database -database $ORACLE_UNQNAME\nInstance CORTEX is running on node luxor\n[oracle@luxor admin]$ srvctl config database -database $ORACLE_UNQNAME\nDatabase unique name: CORTEX_phx1hb\nDatabase name: CORTEX\nOracle home: \/u01\/app\/oracle\/product\/12.2.0.1\/dbhome_1\nOracle user: oracle\nSpfile: +DATA\/CORTEX_PHX1HB\/PARAMETERFILE\/spfile.269.1071999801\nPassword file:\nDomain: luxorsubnet.luxorvcn.oraclevcn.com\nStart options: open\nStop options: immediate\nDatabase role: PRIMARY\nManagement policy: AUTOMATIC\nServer pools:\nDisk Groups: RECO,DATA\nMount point paths:\nServices:\nType: SINGLE\nOSDBA group: dba\nOSOPER group: dbaoper\nDatabase instance: CORTEX\nConfigured nodes: luxor\nCSS critical: no\nCPU count: 0\nMemory target: 0\nMaximum memory: 0\nDefault network number for database services:\nDatabase is administrator managed\n<\/pre><\/div>\n\n\n
O conte\u00fado do arquivo tnsnames.ora possui apenas a string de conex\u00e3o do CDB$ROOT:<\/p>\n\n\n
\n[oracle@luxor admin]$ cat tnsnames.ora\n# tnsnames.ora Network Configuration File: \/u01\/app\/oracle\/product\/12.2.0.1\/dbhome_1\/network\/admin\/tnsnames.ora\n# Generated by Oracle configuration tools.\n \nLISTENER_CORTEX =\n  (ADDRESS = (PROTOCOL = TCP)(HOST = luxor.luxorsubnet.luxorvcn.oraclevcn.com)(PORT = 1521))\n \n \nCORTEX_PHX1HB =\n  (DESCRIPTION =\n    (ADDRESS = (PROTOCOL = TCP)(HOST = luxor.luxorsubnet.luxorvcn.oraclevcn.com)(PORT = 1521))\n    (CONNECT_DATA =\n      (SERVER = DEDICATED)\n      (SERVICE_NAME = CORTEX_phx1hb.luxorsubnet.luxorvcn.oraclevcn.com)\n    )\n  )\n<\/pre><\/div>\n\n\n
Observando PDB criado:<\/p>\n\n\n
\n[oracle@luxor admin]$ sqlplus \/ as sysdba\n \nSQL*Plus: Release 12.2.0.1.0 Production on Wed May 12 07:41:44 2021\n \nCopyright (c) 1982, 2016, Oracle.  All rights reserved.\n \n \nConnected to:\nOracle Database 12c EE Extreme Perf Release 12.2.0.1.0 - 64bit Production\n \nSQL> SELECT NAME,CDB FROM V$DATABASE;\n \nNAME      CDB\n--------- ---\nCORTEX    YES\n \nSQL> SELECT NAME,OPEN_MODE FROM V$PDBS;\n \nNAME\n--------------------------------------------------------------------------------\nOPEN_MODE\n----------\nPDB$SEED\nREAD ONLY\n \nHIPOFISE1\nREAD WRITE\n \n \nSQL> SELECT NAME FROM V$DATAFILE ORDER BY 1;\n \nNAME\n--------------------------------------------------------------------------------\n+DATA\/CORTEX_PHX1HB\/B2084748142A4638E053C003F40A65C0\/DATAFILE\/sysaux.265.1071999\n505\n \n+DATA\/CORTEX_PHX1HB\/B2084748142A4638E053C003F40A65C0\/DATAFILE\/system.266.1071999\n505\n \n+DATA\/CORTEX_PHX1HB\/B2084748142A4638E053C003F40A65C0\/DATAFILE\/undotbs1.267.10719\n99505\n \n+DATA\/CORTEX_PHX1HB\/C1CF6DCEA12F134DE0539501000A20C1\/DATAFILE\/sysaux.272.1072000\n035\n \nNAME\n--------------------------------------------------------------------------------\n \n+DATA\/CORTEX_PHX1HB\/C1CF6DCEA12F134DE0539501000A20C1\/DATAFILE\/system.271.1072000\n035\n \n+DATA\/CORTEX_PHX1HB\/C1CF6DCEA12F134DE0539501000A20C1\/DATAFILE\/undotbs1.270.10720\n00035\n \n+DATA\/CORTEX_PHX1HB\/C1CF6DCEA12F134DE0539501000A20C1\/DATAFILE\/users.275.10720003\n83\n \n+DATA\/CORTEX_PHX1HB\/DATAFILE\/sysaux.262.1071999373\n \nNAME\n--------------------------------------------------------------------------------\n+DATA\/CORTEX_PHX1HB\/DATAFILE\/system.261.1071999329\n+DATA\/CORTEX_PHX1HB\/DATAFILE\/undotbs1.263.1071999399\n+DATA\/CORTEX_PHX1HB\/DATAFILE\/users.274.1072000383\n \n11 rows selected.\n \nSQL> SELECT CON_NAME, INSTANCE_NAME, STATE FROM DBA_PDB_SAVED_STATES;\n \nCON_NAME\n--------------------------------------------------------------------------------\nINSTANCE_NAME\n--------------------------------------------------------------------------------\nSTATE\n--------------\nHIPOFISE1\nCORTEX\nOPEN\n<\/pre><\/div>\n\n\n
O banco de dados encontra-se em archivelog mode:<\/p>\n\n\n
\nSQL> archive log list;\nDatabase log mode              Archive Mode\nAutomatic archival             Enabled\nArchive destination            USE_DB_RECOVERY_FILE_DEST\nOldest online log sequence     2\nNext log sequence to archive   4\nCurrent log sequence           4\nSQL> SHOW PARAMETER USE_DB_RECOVERY_FILE_DEST\nSQL> SHOW PARAMETER RECOVERY_FILE_DEST;\n \nNAME                                 TYPE        VALUE\n------------------------------------ ----------- ------------------------------\ndb_recovery_file_dest                string      +RECO\ndb_recovery_file_dest_size           big integer 255G\nremote_recovery_file_dest            string\n<\/pre><\/div>\n\n\n
J\u00e1 o recurso de Flashback database n\u00e3o vem habilitado. Por quest\u00f5es de recupera\u00e7\u00e3o, vou habilit\u00e1-lo:<\/p>\n\n\n
\nSQL> SELECT FLASHBACK_ON FROM V$DATABASE;\n \nFLASHBACK_ON\n------------------\nNO\n \nSQL> ALTER DATABASE FLASHBACK ON;\n \nDatabase altered.\n \nSQL> SELECT FLASHBACK_ON FROM V$DATABASE;\n \nFLASHBACK_ON\n------------------\nYES\n<\/pre><\/div>\n\n\n
Por \u00faltimo, podemos checar os DiskGroups com o usu\u00e1rio grid, conforme abaixo:<\/p>\n\n\n
\n[oracle@luxor admin]$ exit\nexit\n[root@luxor ~]# sudo su - grid\nLast login: Wed May 12 07:39:02 UTC 2021\n[grid@luxor ~]$ asmcmd lsdg\nState    Type    Rebal  Sector  Logical_Sector  Block       AU  Total_MB  Free_MB  Req_mir_free_MB  Usable_file_MB  Offline_disks  Voting_files  Name\nMOUNTED  EXTERN  N         512             512   4096  4194304    262144   253584                0          253584              0             Y  DATA\/\nMOUNTED  EXTERN  N         512             512   4096  4194304    262144   256400                0          256400              0             N  RECO\/\n[grid@luxor ~]$\n<\/pre><\/div>\n\n\n
Obs: Este procedimento foi criado pelo senhor Ahmed Baraka (www.ahmedbaraka.com) e foi apenas reproduzido por mim em um laborat\u00f3rio pessoal para fins de aprendizado.<\/p>\n","protected":false},"excerpt":{"rendered":"
Uma vez que j\u00e1 conseguimos conectar na camada de Sistema Operacional do nosso DB System, vamos explorar neste artigo algumas caracter\u00edsticas desse ambiente, para nossa ambienta\u00e7\u00e3o, e para vermos que \u00e9 muito pr\u00f3ximo do que j\u00e1 existe no modelo on-premises. Avaliando a vers\u00e3o do S.O: Por \u00f3bvias quest\u00f5es de seguran\u00e7a, temos o recurso no OCI […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-4551","post","type-post","status-publish","format-standard","hentry","category-oci"],"_links":{"self":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts\/4551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/comments?post=4551"}],"version-history":[{"count":1,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts\/4551\/revisions"}],"predecessor-version":[{"id":9140,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts\/4551\/revisions\/9140"}],"wp:attachment":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/media?parent=4551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/categories?post=4551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/tags?post=4551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}