Palo-Alto-Useful-CLI-Commands

General system health
show system info –provides the system’s management IP, serial number and code version
show system statistics – shows the real time throughput on the device
show system software status – shows whether various system processes are running
show jobs processed – used to see when commits, downloads, upgrades, etc. are completed
show system disk–space– show percent usage of disk partitions
show system logdb–quota – shows the maximum log file sizes
debug dataplane internal vif link – show management interface (eth0) counters
To monitor CPUs
show system resources — shows processes running in the management plane similar to “top” command
show running resource–monitor – used to see the resource utilization in the data plane, such as dataplane CPU utilization
less mp–log mp–monitor.log – Every 15 minutes the system runs a script to monitor management plane resource usage, output is stored in this file.
less dp–log dp–monitor.log — Every 15 minutes the system runs a script to monitor dataplane resource usage, output is stored in this file.
General dropped packet troubleshooting
ping source <IP_addr_src_int> host <IP_addr_host> — allows to ping from the specified FW source interface
ping host <IP> — ping from the MGT interface
show session all | match – used to show specific sessions in the session table. You can
enter any text after the word match. A good example would be a source or destination IP or an application
show session all | filter destination <IP> dest–port <port>– shows all sessions going to a particular dest IP and port
show session id – shows the specifics behind a particular session by entering the ID number after the word “id”
show counter interface – shows interface counters
show counter global | match drop – used to troubleshoot dropped packets
show counter global delta yes | match [ drop | error | frag ] – show counter changes
since last time ran this command, filter on particular keyword
NAT
show running nat–policy– shows current NAT policy table
show running ippool– use to see if NAT pool leak
test nat–policy–match – simulate traffic going through the device, what NAT policy will it match?
Routing
show routing route – displays the routing table
test routing fib–lookup virtual–router <VR_name> ip <IP_addr_trying_reach> — finds which route in the routing table will be used to reach the IP address that you are testing
Policies
show running security–policy – shows the current policy set
test security–policy–match from trust to untrust destination <IP>– simulate a packet going through the system, which policy will it match?
PAN Agent
show user pan–agent statistics – used to see if the agent is connected and operational. Status should be connected OK and you should see numbers under users, groups and IPs.
show pan–agent user–IDs — used to see if the FW has pulled groups from the PANAgent
show user ip–user–mapping – used to see IP to username mappings on the FW
clear user–cache all – clears the user–ID cache
debug device–server reset pan–agent <name> — reset the firewall’s connection to the specified agent
URL
test url <url or IP> – used to test the categorization of a URL on the FW
tail follow yes mp–log pan_bc_download.log – shows the BrightCloud database update logs
request url–filtering download status – shows the status of the database download (essentially the very last line from the pan_bc_download.log file)
debug dataplane show url–cache statistics– shows statistics on the URL cache
show counter global | match url – shows statistics on URL processing
clear url–cache – used to clear the URL cache– cache contains 100k of the most popular URLs on this network
show log url direction equal backward– view the URL log, most recent entries first
To test connectivity to the BrightCloud servers:
ping host service.brightcloud.com
ping host database.brightcloud.com
Log viewing / deleting1
show log [ system | traffic | threat ] direction equal backward – will take you to the end of the specified log
show log [ system | traffic | threat ] direction equal forward – will take you to beginning of the specified log
clear log [ traffic | threat | acc ] – clear everything in the specified log
Software, Content, and Licenses
To upgrade the software on the FW:
tftp import software from <IP_addr_tftp_server> file <filename>
request system software install file <filename>
request restart system
request system software [info | check | download | install ] –manipulate PANOS software from the CLI
To upgrade the content on the FW:
tftp import content from <IP_addr_tftp_server> file <filename>
request content upgrade install file <filename>
request content downgrade install previous –downgrade to the previous content version
request system private–data–reset– to clear config and logs/reports
debug swm [ status | list | revert ] – will show possible code to install, or code that was installed. “revert” is used to revert to last running OS version without having to do a
factory reset (such as from 4.0 to back to 3.1)
request license info – shows the license installed on the device
delete license key ? – use to delete a license file if having issues and want to retrieve new licenses, use question mark to list file names, only delete the files you see fit
Config diff/force/cli format
show config diff– compares two versions of the config
commit force– perform a commit, even if there are errors
set cli config–output–format set– use to view the config  in “set” format from within the configure prompt (#)
IPSec
To view detailed debug information for IPSec tunneling:
1. debug ike global on debug
2. less mp–log ikemgr.log
Misc
set deviceconfig setting session tcp–reject–non–syn no – used to ignore SYN when creating sessions; confirm command took effect with show session info
set deviceconfig setting session offload no –– makes all packets go through CPU, otherwise all fastpath packets just go through EZ chip (turns off session offload to fastpath); confirm command took effect with show session info
debug dataplane pool statistics — this will show the different dataplane buffers and can e used to see if the system is nearing capacity in certain functionality.

adduser-command-linux-with-examples

Q: How do you know what default values would be assigned to a user when created using useradd command?

A: These are the two files which contain the default values to be assigned to a user when created using useradd
# less /etc/default/useradd
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
You can also view the default parameters set for new user to be created using
# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
The second file containing values used by useradd command for UID, GID, password encryption method and expiry related information
# less /etc/login.defs
MAIL_DIR        /var/spool/mail

PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_MIN_LEN    5
PASS_WARN_AGE   7

UID_MIN                   500
UID_MAX                 60000

GID_MIN                   500
GID_MAX                 60000

CREATE_HOME     yes
UMASK           077

USERGROUPS_ENAB yes
ENCRYPT_METHOD SHA512

1. How to change default values of useradd command?

Either you can open /etc/default/useradd file and edit the file or you can also do the same using CLI as shown below

To change the default home directory location for all new users
# useradd -D -b /opt/users
# useradd -D | grep HOME
HOME=/opt/users
To change the default login shell
# useradd -D -s /bin/sh
# useradd -D | grep -i shell
SHELL=/bin/sh
Now what if you want to add custom arguments to your user while creating them. let us discuss in detail the different options which you can use along with useradd command

2. Create multiple users with same UID

# useradd -o deepak -u 501
# useradd -o deep -u 501
# useradd -o user -u 501
Verify the UID of the newly create users
# grep 501 /etc/passwd
deepak:x:501:501::/home/deepak:/bin/sh
deep:x:501:504::/home/deep:/bin/sh
user:x:501:505::/home/user:/bin/sh

3. Manually assign a UID to the user

By default a user automatically gets any free uid more than 500 when you run the useradd command. But what if you manually want to assign a uid to your user
# useradd -u 550 deepak
Let us verify the assigned uid to deepak
# id deepak
uid=550(deepak) gid=550(deepak) groups=550(deepak)

4. Create user without home directory

# useradd -M test
# su - test
su: warning: cannot change directory to /home/test: No such file or directory

-bash-4.1$ pwd
/root

5. Create user with custom defined home directory

# useradd -d /home/users/test test
# su - test

$ pwd
/home/users/test

6. Add user to different primary group

By default when you run useradd command, a group with the same name is created inside /etc/group but what if you donot want a group to be created with the same name instead add the user to some different already existing group.

Here we will create a user “deep” and add him to group “admin” without creating another “deep” group
# useradd -g admin deep
Verify the groups of user “deep”
# groups deep
deep : admin

7. Add user to different secondary group

In the above command you saw if we are mentioning a different primary group while using useradd command then a default group with the name of user is NOT created. Now what if you want a group with username’s to be created but instead you want the user to add some secondary group.

Here user deepak is created along with group deepak but also in the same command we are adding deepak to dba group
# useradd  -G dba deepak
Verify groups of deepak
# groups deepak
deepak : deepak dba

8. Add user to multiple groups

You can add the user to multiple secondary groups using single command
# useradd -G admin,dba deepak
Verify
# groups deepak
deepak : deepak admin dba

9. Manually assign a shell to user

Be default when you create a user in Red Hat Linux the user gets /bin/bash shell. But in case you want to give them some other shell for login use the below command
# useradd -s /bin/sh  deepak
# su - deepak

-sh-4.1$ echo $SHELL
/bin/sh
-sh-4.1$

10. Creating a user along with encrypted password

Now you can create a user with pre-defined password, but the condition is the password used should be encrypted which you can do with various methods. Here I will show you one method to do so

Encrypt your password using below command
# openssl passwd -crypt mypassw0rd
Warning: truncating password to 8 characters
TuUFdiN1KaCHQ
Now you can use the encrypted password for your new user
# useradd -p TuUFdiN1KaCHQ deepak
Try to login to the user, for which the password would be “mypassw0rd“

Oracle-11g-step-by-step-Installation-Guide-with-Screenshots

This is a 16 step Oracle 11g installation guide that covers a typical installation scenario with screenshots.

Note: Since there are several screenshots of various Oracle installation steps on this page, I’ve shown only the thumbnails of the screenshot. Click on the individual thumbnail image to view the full-size screenshot of a particular Oracle installation step.

1. Select installation method

Following two installation methods are available:

• Basic Installation – Choose this to perform the full Oracle Database 11g installation with standard configuration options. You can use only filesystem for storage in this option.
• Advanced Installation – This gives your full control over the installation, including the ability to choose Automatic Storage Management. Select this option as shown below.

Fig – Select Installation Method (Click on the image to enlarge it)

2. Specify Inventory directory and credentials

Enter the following information:

• Enter the inventory directory: /u01/app/oraInventory
• Specify operating system group name: oinstall

Fig – Specify Inventory directory and credentials (Click on the image to enlarge it)

3. Select Installation Type

Following three installation types are available:

• Enterprise Edition – Select this option.
• Standard Edition
• Custom

Fig – Select Installation Type (Click on the image to enlarge it)

4. Specify Install Location

Enter the following information:

• Oracle Base: /u01/app/oracle
• Name: Oracle_Home
• Path: /u01/app/oarcle/product/11.1.0

Fig – Select Install Location (Click on the image to enlarge it)

5. Product-Specific Prerequisite Checks

In this screen, the Installer verifies that your environment meets all of the minimum requirements for installing and configuring the products that you have chosen to install. You must manually verify and confirm the items that are flagged with warnings and items that require manual checks.

6. Select Configuration Option

Following three configuration options are available:

• Create a Database – Select this option.
• Configure Automatic Storage Management (ASM)
• Install Software Only

Fig – Select Configuration Option (Click on the image to enlarge it)

7. Select a Database Configuration

Following three database configuration options are available.

• General Purpose/Transaction Processing – Select this option.
• Data Warehouse
• Advanced

Fig – Select Database Configuration (Click on the image to enlarge it)

8. Specify Database Configuration

Enter the following information:

• Global Database Name: devdb.example.com . An Oracle database is uniquely identified by a Global Database Name, typically of the form “name.domain”
• SID: devdb

9. Specify Database Configuration Details

There are four different tabs in this screen as shown below:

• Memory Tab
  • Select the check-box to Enable Automatic Memory Management
  • Drag the bar to allocate the memory. This will automatically allocate memory size for SGA and PGA depending on the total database memory allocated.
• Character Sets Tab. Following three character set options are given in this tab.
  • Use the default
  • Use Unicode (AL32UTF8)
  • Choose from the list of character sets.  Select Database Character Set as Unicode standard UTF-8AL32UTF8 – Select this option.
• Security Tab – Just leave the defaults in this tab.
• Sample Schema Tab – Just leave the defaults in this tab.

Fig – Select Database Config Details with Memory Tab (Click on the image to enlarge it)

10. Select Database Management Option

Following two management options are available:

• Use Grid Control for Database Management
  • Management Service: Choose an agent.
• Use Database Control for Database Management- Select this option.
  • Select the check-box to Enable Email Notifications
  • Outgoing mail (SMTP) Server:
  • Email Address:

Fig – Select Database Management Option (Click on the image to enlarge it)

11. Specify Database Storage Option

Following two storage options are available:

• File System – Select this option.
  • Specify Database File location: /u01/app/oracle/oradata/
• Automatic Storage Management. ASM simplifies database storage administration and optimizes database layout for I/O performance.

12. Specify Backup and Recovery Option

Enable automated backup as shown below. If you’ve configured ASM, you can choose to store the automated backups on ASM. If not, select File System option.

Fig – Specify Backup and Recovery Options (Click on the image to enlarge it)

13. Specify database schema password

Enter the password for sys, system, sysman, dbsnmp schemas. You have the option of either using the same passwords or different password for all the accounts in this screen.

14. Privileged Operating System Groups

Enter the following information in this screen:

• Database Administrator (OSDBA) Group: dba
• Database Operator (OSOPER) Group: dba
• ASM administrator (OSASM) Group: dba

15. Oracle Configuration Manager Registration

You can associate your configration information with your metalink account as shown below.

Fig – Oracle Configuration Manager Registration (Click on the image to enlarge it)

16. Final Summary Screen

This will display a summary of all the installation option you’ve selected so far. Click on Install to complete the installation.

Fig – Installation Summary Screen (Click on the image to enlarge it)

 

Oracle-Database-11g-Release-2-RAC-On-Linux-Using-NFS

This article describes the installation of Oracle Database 11g Release 2 (11.2 64-bit) RAC on Linux (Oracle Enterprise Linux 5.4 64-bit) using NFS to provide the shared storage.

• Introduction
• Download Software
• Operating System Installation
• Oracle Installation Prerequisites
  • Automatic Setup
  • Manual Setup
  • Additional Setup
• Create Shared Disks
• Install the Grid Infrastructure
• Install the Database
• Check the Status of the RAC
• Direct NFS Client

Introduction

NFS is an abbreviation of Network File System, a platform independent technology created by Sun Microsystems that allows shared access to files stored on computers via an interface called the Virtual File System (VFS) that runs on top of TCP/IP. Computers that share files are considered NFS servers, while those that access shared files are considered NFS clients. An individual computer can be either an NFS server, a NFS client or both.

We can use NFS to provide shared storage for a RAC installation. In a production environment we would expect the NFS server to be a NAS, but for testing it can just as easily be another server, or even one of the RAC nodes itself.

To cut costs, this articles uses one of the RAC nodes as the source of the shared storage. Obviously, this means if that node goes down the whole database is lost, so it’s not a sensible idea to do this if you are testing high availability. If you have access to a NAS or a third server you can easily use that for the shared storage, making the whole solution much more resilient. Whichever route you take, the fundamentals of the installation are the same.

The Single Client Access Name (SCAN) should really be defined in the DNS or GNS and round-robin between one of 3 addresses, which are on the same subnet as the public and virtual IPs. In this article I’ve defined it as a single IP address in the “/etc/hosts” file, which is wrong and will cause the cluster verification to fail, but it allows me to complete the install without the presence of a DNS.

This article was inspired by the blog postings of Kevin Closson.

Assumptions. You need two machines available to act as your two RAC nodes. They can be physical or virtual. In this case I’m using two virtual machines called “rac1” and “rac2”. If you want a different naming convention or different IP addresses that’s fine, but make sure you stay consistent with how they are used.

Download Software

Download the following software.

• Oracle Enterprise Linux 5.4
• Oracle 11g Release 2 (11.2) Clusterware and Database software

Operating System Installation

This article uses Oracle Enterprise Linux 5.4. A general pictorial guide to the operating system installation can be found here. More specifically, it should be a server installation with a minimum of 2G swap (preferably 3-4G), firewall and secure Linux disabled. Oracle recommend a default server installation, but if you perform a custom installation include the following package groups:

• GNOME Desktop Environment
• Editors
• Graphical Internet
• Text-based Internet
• Development Libraries
• Development Tools
• Server Configuration Tools
• Administration Tools
• Base
• System Tools
• X Window System

To be consistent with the rest of the article, the following information should be set during the installation.

RAC1.

• hostname: ol5-112-rac1.localdomain
• IP Address eth0: 192.168.2.101 (public address)
• Default Gateway eth0: 192.168.2.1 (public address)
• IP Address eth1: 192.168.0.101 (private address)
• Default Gateway eth1: none

RAC2.

• hostname: ol5-112-rac2.localdomain
• IP Address eth0: 192.168.2.102 (public address)
• Default Gateway eth0: 192.168.2.1 (public address)
• IP Address eth1: 192.168.0.102 (private address)
• Default Gateway eth1: none

You are free to change the IP addresses to suit your network, but remember to stay consistent with those adjustments throughout the rest of the article.

Oracle Installation Prerequisites

Perform either the Automatic Setup or the Manual Setup to complete the basic prerequisites. The Additional Setup is required for all installations.

Automatic Setup

If you plan to use the “oracle-validated” package to perform all your prerequisite setup, follow the instructions at http://public-yum.oracle.com to setup the yum repository for OL, then perform the following command.

# yum install oracle-validated

All necessary prerequisites will be performed automatically.

It is probably worth doing a full update as well, but this is not strictly speaking necessary.

# yum update

Manual Setup

If you have not used the “oracle-validated” package to perform all prerequisites, you will need to manually perform the following setup tasks.

In addition to the basic OS installation, the following packages must be installed whilst logged in as the root user. This includes the 64-bit and 32-bit versions of some packages.

# From Oracle Linux 5 DVD
cd /media/cdrom/Server
rpm -Uvh binutils-2.*
rpm -Uvh compat-libstdc++-33*
rpm -Uvh elfutils-libelf-0.*
rpm -Uvh elfutils-libelf-devel-*
rpm -Uvh gcc-4.*
rpm -Uvh gcc-c++-4.*
rpm -Uvh glibc-2.*
rpm -Uvh glibc-common-2.*
rpm -Uvh glibc-devel-2.*
rpm -Uvh glibc-headers-2.*
rpm -Uvh ksh-2*
rpm -Uvh libaio-0.*
rpm -Uvh libaio-devel-0.*
rpm -Uvh libgcc-4.*
rpm -Uvh libstdc++-4.*
rpm -Uvh libstdc++-devel-4.*
rpm -Uvh make-3.*
rpm -Uvh sysstat-7.*
rpm -Uvh unixODBC-2.*
rpm -Uvh unixODBC-devel-2.*

cd /
eject

Add or amend the following lines to the “/etc/sysctl.conf” file.

fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.shmall = 2097152
kernel.shmmax = 1054504960
kernel.shmmni = 4096
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default=262144
net.core.rmem_max=4194304
net.core.wmem_default=262144
net.core.wmem_max=1048586

Run the following command to change the current kernel parameters.

/sbin/sysctl -p

Add the following lines to the “/etc/security/limits.conf” file.

oracle               soft    nproc   2047
oracle               hard    nproc   16384
oracle               soft    nofile  1024
oracle               hard    nofile  65536

Add the following lines to the “/etc/pam.d/login” file, if it does not already exist.

session    required     pam_limits.so

Create the new groups and users.

groupadd -g 1000 oinstall
groupadd -g 1200 dba
useradd -u 1100 -g oinstall -G dba oracle
passwd oracle

Create the directories in which the Oracle software will be installed.

mkdir -p  /u01/app/11.2.0/grid
mkdir -p /u01/app/oracle/product/11.2.0/db_1
chown -R oracle:oinstall /u01
chmod -R 775 /u01/

Additional Setup

Perform the following steps whilst logged into the “rac1” virtual machine as the root user.

Set the password for the “oracle” user.

passwd oracle

Install the following package from the Oracle grid media after you’ve defined groups.

cd /your/path/to/grid/rpm
rpm -Uvh cvuqdisk*

If you are not using DNS, the “/etc/hosts” file must contain the following information.

127.0.0.1       localhost.localdomain   localhost
# Public
192.168.0.101   ol5-112-rac1.localdomain        ol5-112-rac1
192.168.0.102   ol5-112-rac2.localdomain        ol5-112-rac2
# Private
192.168.1.101   ol5-112-rac1-priv.localdomain   ol5-112-rac1-priv
192.168.1.102   ol5-112-rac2-priv.localdomain   ol5-112-rac2-priv
# Virtual
192.168.0.103   ol5-112-rac1-vip.localdomain    ol5-112-rac1-vip
192.168.0.104   ol5-112-rac2-vip.localdomain    ol5-112-rac2-vip
# SCAN
192.168.0.105   ol5-112-scan.localdomain        ol5-112-scan
192.168.0.106   ol5-112-scan.localdomain        ol5-112-scan
192.168.0.107   ol5-112-scan.localdomain        ol5-112-scan

The SCAN address should not really be defined in the hosts file. Instead is should be defined on the DNS to round-robin between 3 addresses on the same subnet as the public IPs. For this installation, we will compromise and use the hosts file. This may cause problems if you are using 11.2.0.2 onward.

If you are using DNS, then only the first line needs to be present in the “/etc/hosts” file. The other entries are defined in the DNS, as described here. Having said that, I typically include all but the SCAN addresses.

Change the setting of SELinux to permissive by editing the “/etc/selinux/config” file, making sure the SELINUX flag is set as follows.

SELINUX=permissive

Alternatively, this alteration can be done using the GUI tool (System > Administration > Security Level and Firewall). Click on the SELinux tab and disable the feature.

If you have the Linux firewall enabled, you will need to disable or configure it, as shown here or here. The following is an example of disabling the firewall.

# service iptables stop
# chkconfig iptables off

Either configure NTP, or make sure it is not configured so the Oracle Cluster Time Synchronization Service (ctssd) can synchronize the times of the RAC nodes. If you want to deconfigure NTP do the following.

# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
# chkconfig ntpd off
# mv /etc/ntp.conf /etc/ntp.conf.orig
# rm /var/run/ntpd.pid

If you want to use NTP, you must add the “-x” option into the following line in the “/etc/sysconfig/ntpd” file.

OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"

Then restart NTP.

# service ntpd restart

Create the directories in which the Oracle software will be installed.

mkdir -p  /u01/app/11.2.0/grid
mkdir -p /u01/app/oracle/product/11.2.0/db_1
chown -R oracle:oinstall /u01
chmod -R 775 /u01/

Login as the “oracle” user and add the following lines at the end of the “/home/oracle/.bash_profile” file.

# Oracle Settings
TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR

ORACLE_HOSTNAME=ol5-112-rac1.localdomain; export ORACLE_HOSTNAME
ORACLE_UNQNAME=RAC; export ORACLE_UNQNAME
ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
GRID_HOME=/u01/app/11.2.0/grid; export GRID_HOME
DB_HOME=$ORACLE_BASE/product/11.2.0/db_1; export DB_HOME
ORACLE_HOME=$DB_HOME; export ORACLE_HOME
ORACLE_SID=RAC1; export ORACLE_SID
ORACLE_TERM=xterm; export ORACLE_TERM
BASE_PATH=/usr/sbin:$PATH; export BASE_PATH
PATH=$ORACLE_HOME/bin:$BASE_PATH; export PATH

LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH

alias grid_env='. /home/oracle/grid_env'
alias db_env='. /home/oracle/db_env'

Create a file called “/home/oracle/grid_env” with the following contents.

ORACLE_HOME=$GRID_HOME; export ORACLE_HOME
PATH=$ORACLE_HOME/bin:$BASE_PATH; export PATH

LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH

Create a file called “/home/oracle/db_env” with the following contents.

ORACLE_SID=RAC1; export ORACLE_SID
ORACLE_HOME=$DB_HOME; export ORACLE_HOME
PATH=$ORACLE_HOME/bin:$BASE_PATH; export PATH

LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH

Once the “/home/oracle/.bash_profile” has been run, you will be able to switch between environments as follows.

$ grid_env
$ echo $ORACLE_HOME
/u01/app/11.2.0/grid
$ db_env
$ echo $ORACLE_HOME
/u01/app/oracle/product/11.2.0/db_1
$

Remember to amend the environment setting accordingly on each server.

We’ve made a lot of changes, so it’s worth doing a reboot of the servers at this point to make sure all the changes have taken effect.

# shutdown -r now

Create Shared Disks

First we need to set up some NFS shares. In this case we will do this on the ol5-112-rac1 node, but you can do the on a NAS or a third server if you have one available. On the ol5-112-rac1 node create the following directories.

mkdir /shared_config
mkdir /shared_grid
mkdir /shared_home
mkdir /shared_data

Add the following lines to the “/etc/exports” file.

/shared_config               *(rw,sync,no_wdelay,insecure_locks,no_root_squash)
/shared_grid                 *(rw,sync,no_wdelay,insecure_locks,no_root_squash)
/shared_home                 *(rw,sync,no_wdelay,insecure_locks,no_root_squash)
/shared_data                 *(rw,sync,no_wdelay,insecure_locks,no_root_squash)

Run the following command to export the NFS shares.

chkconfig nfs on
service nfs restart

On both ol5-112-rac1 and ol5-112-rac2 create the directories in which the Oracle software will be installed.

mkdir -p /u01/app/11.2.0/grid
mkdir -p /u01/app/oracle/product/11.2.0/db_1
mkdir -p /u01/oradata
mkdir -p /u01/shared_config
chown -R oracle:oinstall /u01/app /u01/app/oracle /u01/oradata /u01/shared_config
chmod -R 775 /u01/app /u01/app/oracle /u01/oradata /u01/shared_config

Add the following lines to the “/etc/fstab” file.

nas1:/shared_config /u01/shared_config  nfs  rw,bg,hard,nointr,tcp,vers=3,timeo=600,rsize=32768,wsize=32768,actimeo=0  0 0
nas1:/shared_grid   /u01/app/11.2.0/grid  nfs  rw,bg,hard,nointr,tcp,vers=3,timeo=600,rsize=32768,wsize=32768,actimeo=0  0 0
nas1:/shared_home   /u01/app/oracle/product/11.2.0/db_1  nfs  rw,bg,hard,nointr,tcp,vers=3,timeo=600,rsize=32768,wsize=32768,actimeo=0  0 0
nas1:/shared_data   /u01/oradata  nfs  rw,bg,hard,nointr,tcp,vers=3,timeo=600,rsize=32768,wsize=32768,actimeo=0  0 0

Mount the NFS shares on both servers.

mount /u01/shared_config
mount /u01/app/11.2.0/grid
mount /u01/app/oracle/product/11.2.0/db_1
mount /u01/oradata

Make sure the permissions on the shared directories are correct.

chown -R oracle:oinstall /u01/shared_config
chown -R oracle:oinstall /u01/app/11.2.0/grid
chown -R oracle:oinstall /u01/app/oracle/product/11.2.0/db_1
chown -R oracle:oinstall /u01/oradata

Install the Grid Infrastructure

Start both RAC nodes, login to ol5-112-rac1 as the oracle user and start the Oracle installer.

./runInstaller

Select the “Install and Configure Grid Infrastructure for a Cluster” option, then click the “Next” button.

Select the “Advanced Installation” option, then click the “Next” button.

Select the the required language support, then click the “Next” button.

Enter cluster information and uncheck the “Configure GNS” option, then click the “Next” button.

On the “Specify Node Information” screen, click the “Add” button.

Enter the details of the second node in the cluster, then click the “OK” button.

Click the “SSH Connectivity…” button and enter the password for the “oracle” user. Click the “Setup” button to to configure SSH connectivity, and the “Test” button to test it once it is complete. Click the “Next” button.

Check the public and private networks are specified correctly, then click the “Next” button.

Select the “Shared File System” option, then click the “Next” button.

Select the required level of redundancy and enter the OCR File Location(s), then click the “Next” button.

Select the required level of redundancy and enter the Voting Disk File Location(s), then click the “Next” button.

Accept the default failure isolation support by clicking the “Next” button.

Select the preferred OS groups for each option, then click the “Next” button. Click the “Yes” button on the subsequent message dialog.

Enter “/u01/app/oracle” as the Oracle Base and “/u01/app/11.2.0/grid” as the software location, then click the “Next” button.

Accept the default inventory directory by clicking the “Next” button.

Wait while the prerequisite checks complete. If you have any issues, either fix them or check the “Ignore All” checkbox and click the “Next” button. If there are no issues, you will move directly to the summary screen. If you are happy with the summary information, click the “Finish” button.

Wait while the setup takes place.

When prompted, run the configuration scripts on each node.

The output from the “orainstRoot.sh” file should look something like that listed below.

# cd /u01/app/oraInventory
# ./orainstRoot.sh
Changing permissions of /u01/app/oraInventory.
Adding read,write permissions for group.
Removing read,write,execute permissions for world.

Changing groupname of /u01/app/oraInventory to oinstall.
The execution of the script is complete.
#

The output of the root.sh will vary a little depending on the node it is run on. Example output can be seen here (Node1, Node2).

Once the scripts have completed, return to the “Execute Configuration Scripts” screen on ol5-112-rac1 and click the “OK” button.

Wait for the configuration assistants to complete.

We expect the verification phase to fail with an error relating to the SCAN, assuming you are not using DNS.

INFO: Checking Single Client Access Name (SCAN)...
INFO: Checking name resolution setup for "rac-scan.localdomain"...
INFO: ERROR:
INFO: PRVF-4664 : Found inconsistent name resolution entries for SCAN name "rac-scan.localdomain"
INFO: ERROR:
INFO: PRVF-4657 : Name resolution setup check for "rac-scan.localdomain" (IP address: 192.168.2.201) failed
INFO: ERROR:
INFO: PRVF-4664 : Found inconsistent name resolution entries for SCAN name "rac-scan.localdomain"
INFO: Verification of SCAN VIP and Listener setup failed

Provided this is the only error, it is safe to ignore this and continue by clicking the “Next” button.

Click the “Close” button to exit the installer.

The grid infrastructure installation is now complete.

Install the Database

Start all the RAC nodes, login to ol5-112-rac1 as the oracle user and start the Oracle installer.

./runInstaller

Uncheck the security updates checkbox and click the “Next” button.

Accept the “Create and configure a database” option by clicking the “Next” button.

Accept the “Server Class” option by clicking the “Next” button.

Make sure both nodes are selected, then click the “Next” button.

Accept the “Typical install” option by clicking the “Next” button.

Enter “/u01/app/oracle/product/11.2.0/db_1” for the software location. The storage type should be set to “File System” with the file location set to “/u01/oradata”. Enter the appropriate passwords and database name, in this case “RAC.localdomain”.

Wait for the prerequisite check to complete. If there are any problems either fix them, or check the “Ignore All” checkbox and click the “Next” button.

If you are happy with the summary information, click the “Finish” button.

Wait while the installation takes place.

Once the software installation is complete the Database Configuration Assistant (DBCA) will start automatically.

Once the Database Configuration Assistant (DBCA) has finished, click the “OK” button.

When prompted, run the configuration scripts on each node. When the scripts have been run on each node, click the “OK” button.

Click the “Close” button to exit the installer.

The RAC database creation is now complete.

Check the Status of the RAC

There are several ways to check the status of the RAC. The srvctl utility shows the current configuration and status of the RAC database.

$ srvctl config database -d rac
Database unique name: rac
Database name: rac
Oracle home: /u01/app/oracle/product/11.2.0/db_1
Oracle user: oracle
Spfile: /u01/oradata/rac/spfilerac.ora
Domain: localdomain
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Server pools: rac
Database instances: ol5-112-rac1,ol5-112-rac2
Disk Groups: 
Services: 
Database is administrator managed
$

$ srvctl status database -d rac
Instance ol5-112-rac1 is running on node ol5-112-rac1
Instance ol5-112-rac2 is running on node ol5-112-rac2
$

The V$ACTIVE_INSTANCES view can also display the current status of the instances.

$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on Sat Sep 26 19:04:19 2009

Copyright (c) 1982, 2009, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
Data Mining and Real Application Testing options

SQL> SELECT inst_name FROM v$active_instances;

INST_NAME
--------------------------------------------------------------------------------
rac1.localdomain:rac1
rac2.localdomain:rac2

SQL>

If you have configured Enterprise Manager, it can be used to view the configuration and current status of the database using a URL like “https://rac1.localdomain:1158/em&#8221;.

Direct NFS Client

The Direct NFS Client should be used for CRS-related files, so it is important to have separate NFS mounts for the different types of files, rather than trying to compact them into a single NFS share.

For improved NFS performance, Oracle recommend using the Direct NFS Client shipped with Oracle 11g. The direct NFS client looks for NFS details in the following locations.

1. $ORACLE_HOME/dbs/oranfstab
2. /etc/oranfstab
3. /etc/mtab

Since we already have our NFS mount point details in the “/etc/fstab”, and therefore the “/etc/mtab” file also, there is no need to configure any extra connection details.

For the client to work we need to switch the “libodm11.so” library for the “libnfsodm11.so” library, which can be done manually or via the “make” command.

srvctl stop database -d rac

# manual method
cd $ORACLE_HOME/lib
mv libodm11.so libodm11.so_stub
ln -s libnfsodm11.so libodm11.so

# make method
$ cd $ORACLE_HOME/rdbms/lib
$ make -f ins_rdbms.mk dnfs_on

srvctl start database -d rac

With the configuration complete, you can see the direct NFS client usage via the following views.

• v$dnfs_servers
• v$dnfs_files
• v$dnfs_channels
• v$dnfs_stats

For example.

SQL> SELECT svrname, dirname FROM v$dnfs_servers;

SVRNAME        DIRNAME
-------------  -----------------
nas1           /shared_data

SQL>

The Direct NFS Client supports direct I/O and asynchronous I/O by default.

For more information see:

• Grid Infrastructure Installation Guide for Linux
• Real Application Clusters Installation Guide for Linux and UNIX