Skip to main content

Oracle 11g on RHEL 6 prep script

# $Id: Oracle-DBA-rhel6,v 1.10 2014/06/25 01:16:32 root Exp $

# **************************************************************************
# Author:    james.radtke
# Date:      20140527
# Location:  prhnsat01:/var/www/html/pub/snippets/spacewalk/1/
#
# Goal:      Have a single script that can:
#             - configure a new system for Oracle
#             - validate an existing installation
#             - be run on an existing system to update/repair Oracle install
# **************************************************************************

# **************************************************************************
#  CLEANUP / TODOD
#  Should clean up the THP section to check the current value from /proc or /sys
#


# VARIABLES YOU CAN/SHOULD MODIFY
IS_RAC=0
ORACLE_USER="oracle"
GRID_USER="grid"
ORACLE_GROUP="dba"
MIN_SWAP=16384
FSAIOMAX="1048576"
KERNEL_SEM='250 32000 100 128'
VIRTUAL=0

# NON-MODIFIABLE VARIABLES
PRETTY_DATE=`date +%Y%m%d`
ERROR_MSG=""
NEWLINE="\n"
USER=bootstrap
PASS=b00tstrap

REDHAT_RELEASE=`cat /etc/redhat-release | awk '{ print $7 }'`
CLIENTHOSTNAME=`hostname | cut -f1 -d.`
SERVER_ENV=${CLIENTHOSTNAME: 6:6}
PRETTYDATE=`date +%Y%m%d`
SYSTEM_MANUFACTURER=`/usr/sbin/dmidecode -s system-manufacturer`
SYSTEM_PRODUCT_NAME=`/usr/sbin/dmidecode -s system-product-name`
MOUNT_ERROR=0

# BUILD FILES FOR FUTURE USE
RPM_LIST="/tmp/rpm-qa-${PRETTY_DATE}"
/bin/rpm -qa > $RPM_LIST
SYSCTL_A="/tmp/sysctl-a-${PRETTY_DATE}"
/sbin/sysctl -a > ${SYSCTL_A}

PKG_LIST="cloog-ppl libXxf86misc compat-libcap1 libXxf86vm compat-libstdc++-33 libaio-devel cpp libdmx gcc libstdc++-devel gcc-c++ mpfr glibc-devel make glibc-headers ppl kernel-headers xorg-x11-utils libXmu xorg-x11-xauth libXt libXv ksh libXxf86dga"

if [ "${SYSTEM_MANUFACTURER}" == "VMware, Inc." ]
then
  VIRTUAL=1
else
  VIRTUAL=0
fi

# ######################
# FUNCTIONS
# ######################
# Message Function for Successful Commands
success() {
  echo -e "[SUCCESS] ${MSG}"
}
# Error Function - to build an error report
error() {
  echo -e "[ERROR] $MSG"
  ERROR_MSG=${ERROR_MSG}${MSG}${NEWLINE}
}

# Standard Usage Stanza
usage() {
cat << EOF

Usage:
$0 -[ivh]
    -i --install
       -v --validate
        -h --help
EOF
  exit 0
}

##############################################################################
##############################################################################
validate() {

MSG="RUNNING VALIDATION" success
echo $MSG
# CHECK: MOUNTPOINTS
# Section (2.4)
for MOUNT in u01 u02 u03
do
  mountpoint /$MOUNT > /dev/null 2>&1
  if [ $? -eq 0 ]
  then
    MSG="$MOUNT discovered" success
  else
    MSG="$MOUNT not a mount" error
  fi
done

# CHECK: SWAP
# Section (2.6)
TOTAL_SWAP=`free -m | grep ^Swap | awk '{ print $2 }'`
if [ $TOTAL_SWAP -lt $MIN_SWAP ]
then
  MSG="Swap ($TOTAL_SWAP) is less than $MIN_SWAP"
  error
else
  MSG="Swap ($TOTAL_SWAP) is greater than $MIN_SWAP"
  success
fi

# CHECK: NETWORK BONDING
# Section (3.2.2)
if [ $VIRTUAL != 1 ]
then
  for BOND in bond0
  do
    if [ -f /proc/net/bonding/${BOND} ]
    then
      if [ `grep "Slave Interface" /proc/net/bonding/${BOND} | wc -l` -lt 2 ]
      then
        MSG="Bond: $BOND - Number of Slaves is not 2" error
      else
        MSG="Bond: $BOND - Number of slaves is 2" success
      fi
    fi
  done
else
  MSG="Bond not used on Virtual" success
fi

# CHECK: DISABLE SERVICES
# Section (3.2.2)
for SERVICE in NetworkManager
do
  if [ -f /etc/init.d/${SERVICE} ]
  then
    chkconfig --list ${SERVICE} | grep 3:off > /dev/null 2>&1
    if [ $? -ne 0 ]
    then
      MSG="SERVICE: Disable $SERVICE"
      error
    fi
  fi
done

# CHECK: NTP SETTINGS
# Section (3.2.3)
CONFIG=/etc/ntp.conf
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
  MSG="$CONFIG is NOT current" error
else
  MSG="$CONFIG is current" success
fi

# CHECK: WHETHER RHN CHANNEL(s) ARE PRESENT
# Section (3.3.1)
for CHANNEL in dba-rhel-x86_64-server-6 dba-rhel-x86_64-server-supplementary-6 dba-ol6_asm
do
  /usr/sbin/rhn-channel --list | grep $CHANNEL > /dev/null 2>&1
  if [ $? -ne 0 ]
  then
    MSG="Channel: $CHANNEL is missing" error
  else
    MSG="Channel: $CHANNEL is configured" success
  fi
done

# CHECK: OS Packages
# Section (3.3.2)
# NOTE: This is a bit of a messy approach
for PKG in $PKG_LIST
do
  grep $PKG $RPM_LIST > /dev/null 2>&1 && MSG="PKG: $PKG installed" success || MSG="PKG: $PKG missing" error
done

# CHECK: SELinux
# Section (3.3.3)
# CHECK: IPtables
# Section (3.3.4)
# Since we are inadequate in managing our environment, SELinux and IPtables are beyond our capability

# CHECK: Kernel Tuning (Virtual Memory)
# Section (3.3.5)
# REVISIT
# vm.swappiness = 0
# vm.dirty_background_ratio = 3
# vm.dirty_ratio = 80
# vm.dirty_expire_centisecs = 500
# vm.dirty_writeback_centisecs = 100

# CHECK: Kernel Tuning (Shared Memory)
# Section (3.3.6)
# REVISIT
# kernel.shmmax = 68719476736
# kernel.shmall = 4294967296
# kernel.shmmni = 4096

# CHECK: Kernel Tuning (Semaphores)
# Section (3.3.7)
grep ^kernel.sem $SYSCTL_A | tr -s [:blank:] ' ' | cut -f2 -d\= | sed 's/^\ //g' | grep "${KERNEL_SEM}" > /dev/null 2>&1
if [ $? -ne 0 ]
then
  MSG="KernelSem: kernel.sem did not return $KERNEL_SEM" error
else
  MSG="KernelSem: kernel.sem did return $KERNEL_SEM" success
fi

# CHECK: Network Tuning (Ephemeral Network Ports)
# Section (3.3.8)
# REVISIT
for PORT in 9000 65500
do
  grep $PORT /proc/sys/net/ipv4/ip_local_port_range > /dev/null 2>&1
  if [ $? -ne 0 ]
  then
    MSG="PORT: $PORT not found in net.ipv4.ip_local_port_range" error
  else
    MSG="PORT: $PORT found in net.ipv4.ip_local_port_range" success
  fi
done

# CHECK: Network Tuning (Ephemeral Network Ports)
# Section (3.3.9)
# REVISIT
# net.core.rmem_default = 262144
# net.core.rmem_max = 4194304
# net.core.wmem_default = 262144
# net.core.wmem_max = 1048576

# CHECK: Kernel Tuning (Synchronous I/O)
# Section (3.3.10)
grep "fs.aio-max-nr = ${FSAIOMAX}" ${SYSCTL_A} > /dev/null 2>&1 && MSG="FS.AIO: Synchronous I/O set to ${FSAIOMAX}" success || MSG="FS.AIO: Synchronous I/O NOT set to ${FSAIOMAX}"

# CHECK: Kernel Tuning (File Handles)
# Section (3.3.11)
# REVISIT - REQUIRES THE DATABASE(s) TO BE RUNNING
# Oracle Recommends 512 File Handles per process
# ((ps -ef | grep oracle | wc -l) * 512) = /etc/sysctl.conf:fs.file-max = ${ARG}
# fs.file-max = 6815744

# CHECK: OS (User and Group accounts)
# Section (3.3.12)
# PROBABLY WANT TO CLEAN THIS UP A BIT TOO
for GROUP in dba:x:9000:oracle,grid oinstall:x:9001: oper:x:9005:oracle
do
  grep $GROUP /etc/group > /dev/null 2>&1 && MSG="Group ($GROUP) found in /etc/group" success || MSG="Group ($GROUP) NOT found in /etc/group" error
done

for USER in "oracle:x:1038:9001:Oracle SXM Service Account:/sxmhome/oracle:/bin/ksh" "grid:x:21000:9001:Grid SXM Service Account:/sxmhome/grid:/bin/ksh"
do
  grep "$USER" /etc/passwd > /dev/null 2>&1 && MSG="USER: ($USER) found in /etc/passwd" success || MSG="USER: ($USER) NOT found in /etc/passwd" error
done

for NETGROUP in "+@sysadmin" "+@sxmdba"
do
  grep $NETGROUP /etc/passwd > /dev/null 2>&1 && MSG="NETGROUP: ($NETGROUP) found in /etc/passwd" success || MSG="NETGROUP: ($NETGROUP) NOT found in /etc/passwd" error
done

# CHECK: OS (Shell Limits for Oracle and Grid User, OracleASM configuration file)
# Section (3.3.13)
# If the file does not exist on the system, the rhncfg-client will not work.  Therefore, make a empty-file
#   for the diff to compare.
for CONFIG in /etc/security/limits.d/99-grid-oracle-limits.conf /etc/profile.d/99-grid-oracle-limits.conf
do
  test -f $CONFIG || touch ${CONFIG}
  RESULT=`rhncfg-client diff $CONFIG | wc -l`
  if [ $RESULT -gt 1 ]
  then
    MSG="$CONFIG is NOT current" error
  else
    MSG="$CONFIG is current" success
  fi
done

# CHECK: Oracle ASM ()
# Section (3.4.3.2)
for PKG in kmod-oracleasm oracleasm-support oracleasmlib
do
  grep $PKG $RPM_LIST > /dev/null 2>&1 && MSG="PKG: $PKG installed" success || MSG="PKG: $PKG missing" error
done
# ORACLE ASM CONFIG FILE
for CONFIG in /etc/sysconfig/oracleasm-_dev_oracleasm
do
  test -f $CONFIG || touch ${CONFIG}
  RESULT=`rhncfg-client diff $CONFIG | wc -l`
  if [ $RESULT -gt 1 ]
  then
    MSG="$CONFIG is NOT current" error
  else
    MSG="$CONFIG is current" success
  fi
done

# CHECK: OS (Enterprise Tuning)
# Section (3.4.4)
for PKG in tuned
do
  grep $PKG $RPM_LIST > /dev/null 2>&1 && MSG="PKG: $PKG installed" success || MSG="PKG: $PKG missing" error
done

# CHECK: Oracle GRID (Installation)
# Section (4.1.1)
for DIR in /u01/app/grid
do
  test -d $DIR && MSG="DIR: $DIR present" success || MSG="DIR: $DIR missing" error
done

# CHECK: THP Disable in grub.conf
# Section (4.1.5)
grep transparent_hugepage=never /boot/grub/grub.conf > /dev/null 2>&1
if [ $? -ne 0 ]
then
  MSG="Transparent Huge Pages are still enabled."
  error
else
  MSG="Transparent Huge Pages are disabled."
  success
fi

}
## end validate

##############################################################################
##############################################################################
install() {
MSG="RUNNING INSTALL" success
echo $MSG

# CHECK: DISABLE SERVICES
# Section (3.2.2)
for SERVICE in NetworkManager
do
  if [ -f /etc/init.d/${SERVICE} ]
  then
    chkconfig ${SERVICE} off  > /dev/null 2>&1
  fi
done

# CHECK: WHETHER RHN CHANNEL(s) ARE PRESENT
# Section (3.3.1)
for CHANNEL in dba-rhel-x86_64-server-6 dba-rhel-x86_64-server-supplementary-6 dba-ol6_asm
do
  /usr/sbin/rhn-channel --list | grep $CHANNEL > /dev/null 2>&1
  if [ $? -ne 0 ]
  then
    MSG="Channel: $CHANNEL is missing, adding now..." error
    /usr/sbin/rhn-channel -a -c $CHANNEL -u $USER -p $PASS > /dev/null 2>&1
  else
    MSG="Channel: $CHANNEL is configured" success
  fi
done

# CHECK: OS Packages
# Section (3.3.2)
# NOTE: This is a bit of a messy approach
cat /dev/null > /tmp/packages_to_install.out
for PKG in $PKG_LIST
do
  grep $PKG $RPM_LIST > /dev/null 2>&1 || echo $PKG | tr '\n' ' ' >> /tmp/packages_to_install.out
done

if [ -s /tmp/packages_to_install.out ]
then
  MSG="Installed `cat /tmp/packages_to_install.out`" error
  yum -y install `cat /tmp/packages_to_install.out`
fi

# CHECK: OS (User and Group accounts)
# Section (3.3.12)
# PROBABLY WANT TO CLEAN THIS UP A BIT TOO
for GROUP in dba:x:9000:oracle,grid oinstall:x:9001: oper:x:9005:oracle
do
  grep $GROUP /etc/group > /dev/null 2>&1
  if [ $? -ne 0 ]
  then
    MSG="Group ($GROUP) NOT found in /etc/group, adding..." error
    echo "$GROUP" >> /etc/group
  fi
done

# NEED THIS TO ADD THE USERS -BEFORE- THE NETGROUP (if present)
for USER in "oracle:x:1038:9001:Oracle SXM Service Account:/sxmhome/oracle:/bin/ksh" "grid:x:21000:9001:Grid SXM Service Account:/sxmhome/grid:/bin/ksh"
do
  # Figure out which line in the passwd file the first + sign is...
  INSLINE=`cat -n /etc/passwd | grep + | awk '{ print $1 }' | head -1`
  grep "$USER" /etc/passwd > /dev/null 2>&1
  if [ $? -ne 0 ]
  then
    MSG="Group ($USER) NOT found in /etc/passwd, adding..." error
    sed -i -e "${INSLINE}"i"$USER" /etc/passwd
  fi
done

for NETGROUP in "+@sysadmin" "+@sxmdba"
do
  grep $NETGROUP /etc/passwd > /dev/null 2>&1
  if [ $? -eq 0 ]
  then
    MSG="NETGROUP: ($NETGROUP) found in /etc/passwd" success
  else
    MSG="NETGROUP: ($NETGROUP) NOT found in /etc/passwd, adding..." error
    echo "$NETGROUP" >> /etc/passwd
  fi
done

# CHECK: OS (Shell Limits for Oracle and Grid User, OracleASM configuration file)
# Section (3.3.13)
# If the file does not exist on the system, the rhncfg-client will not work.  Therefore, make a empty-file
#   for the diff to compare.
for CONFIG in /etc/security/limits.d/99-grid-oracle-limits.conf /etc/profile.d/99-grid-oracle-limits.conf
do
  test -f $CONFIG || touch ${CONFIG}
  RESULT=`rhncfg-client diff $CONFIG | wc -l`
  if [ $RESULT -gt 1 ]
  then
    MSG="$CONFIG is NOT current, retrieving from Satellite..." error
    rhncfg-client get $CONFIG
  else
    MSG="$CONFIG is current" success
  fi
done

# CHECK: Oracle ASM ()
# Section (3.4.3.2)
cat /dev/null > /tmp/packages_to_install.out
for PKG in kmod-oracleasm oracleasm-support oracleasmlib
do
  grep $PKG $RPM_LIST > /dev/null 2>&1 || echo $PKG | tr '\n' ' ' >> /tmp/packages_to_install.out
done
if [ -s /tmp/packages_to_install.out ]
then
  MSG="Installed `cat /tmp/packages_to_install.out`" error
  yum -y install `cat /tmp/packages_to_install.out`
fi

# ORACLE ASM CONFIG FILE
for CONFIG in /etc/sysconfig/oracleasm-_dev_oracleasm
do
  test -f $CONFIG || touch ${CONFIG}
  RESULT=`rhncfg-client diff $CONFIG | wc -l`
  if [ $RESULT -gt 1 ]
  then
    MSG="$CONFIG is NOT current, retrieving from Satellite..." error
    rhncfg-client get $CONFIG
  else
    MSG="$CONFIG is current" success
  fi
done

# CHECK: OS (Enterprise Tuning)
# THIS SECTION IS ONLY FOR "tuned" DUE TO THE COMPLEXITY

# Section (3.4.4)
grep tuned $RPM_LIST > /dev/null 2>&1
if [ $? -ne 0 ]
then
  if [ $VIRTUAL != 1 ]
  then
    MSG="Tuned was NOT installed, Installing (for Physical)..." error
    yum -y install tuned
    chkconfig tuned on
    cp -r /etc/tune-profiles/enterprise-storage /etc/tune-profiles/enterprise-storage-nothp
    sed -i -e 's/set_transparent_hugepages always/set_transparent_hugepages never/g' /etc/tune-profiles/enterprise-storage-nothp/ktune.sh
    tuned-adm profile enterprise-storage-nothp
  else
    MSG="Tuned was NOT installed, Installing (for Virtual)..." error
    yum -y install tuned
    chkconfig tuned on
    cp -r /etc/tune-profiles/virtual-guest /etc/tune-profiles/virtual-guest-nothp
    sed -i -e 's/set_transparent_hugepages always/set_transparent_hugepages never/g' /etc/tune-profiles/virtual-guest-nothp/ktune.sh
    tuned-adm profile virtual-guest-nothp
  fi
else
  MSG="Tuned was installed."
  success
fi

# CHECK: Kernel Tuning (Semaphores)
# Section (3.3.7)
grep ^kernel.sem $SYSCTL_A | tr -s [:blank:] ' ' | cut -f2 -d\= | sed 's/^\ //g' | grep "${KERNEL_SEM}" > /dev/null 2>&1
if [ $? -ne 0 ]
then
  MSG="KernelSem: kernel.sem did not return $KERNEL_SEM... attempting to fix" error
  echo "# ADDED BY ORACLE INSTALL SCRIPT (USG)" >> /etc/sysctl.conf
  echo "kernel.sem = "$KERNEL_SEM >> /etc/sysctl.conf
  sysctl -p
else
  MSG="KernelSem: kernel.sem did return $KERNEL_SEM" success
fi

# CHECK: THP Disable in grub.conf
# Section (4.1.5)
grep transparent_hugepage=never /boot/grub/grub.conf > /dev/null 2>&1
if [ $? -ne 0 ]
then
  MSG="Transparent Huge Pages are still enabled.  Correcting..."
  cp /boot/grub/grub.conf /boot/grub/grub.conf-`date +%F`
  sed -i -e '/^.kernel/ s/$/ transparent_hugepage=never/' /boot/grub/grub.conf
  error
else
  MSG="Transparent Huge Pages are disabled. "
  success
fi
 
# LASTLY... AND THIS DEFINITELY NEEDS SOME WORK...
for MOUNT in u01 u02 u03
do
  mountpoint /$MOUNT > /dev/null 2>&1
  if [ $? -eq 0 ]
  then
    MSG="$MOUNT discovered" success
  else
    MSG="$MOUNT not a mount" error
    MOUNT_ERROR=1
  fi
done

# STILL NEED TO DETERMINE IF THE DIRECTORIES ARE EMPTY, THEN PROCEED
if [ $MOUNT_ERROR -ne 0 ]
then
  mkdir -p /u01/app/11.2.0/grid; mkdir -p /u01/app/grid; chmod -R 775 /u01
  mkdir -p /u02/app/oracle/product/11.2.0; chmod -R 775 /u02
  mkdir -p /u03/app/12.1.0/agent; chmod -R 775 /u03
  chown -R grid:oinstall /u01; chown -R oracle:oinstall /u02; chown -R oracle:oinstall /u03
  chown grid:oinstall /opt/oracle; chmod -R 775 /opt/oracle
  mkdir /sxmhome/oracle; chown oracle:oinstall /sxmhome/oracle
  mkdir /sxmhome/grid; chown grid:oinstall /sxmhome/grid
fi

}
## end install

# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#                          MAIN
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
case "$1" in
  "-i")
    install
    shift
  ;;
  "-v")
    validate
    shift
  ;;
  "-h")
    usage
    shift
  ;;
  *)
    echo "ERROR: Unrecognized option - $1"
    usage
    shift
  ;;
esac

# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
#                          THE END...
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
if [ ! -z "${ERROR_MSG}" ]
then
  echo ""
  echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * "
  uname -n
  echo "FAILBLOG - errors were detected"
  echo -e "$ERROR_MSG"
  exit 9
else
  echo ""
  echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * "
  echo "SUCCESS - No errors were detected!"
fi
Labels:

Comments

Post a Comment

Popular posts from this blog

P2V using dd for KVM-QEMU guest

Preface: I have certainly not exhaustively tested this process.  I had a specific need and found a specific solution that worked. Situation:  I was issued a shiny new laptop running Red Hat Enterprise Linux 7 (with Corp VPN, certs, Authentication configuration, etc...)  The image was great, but I needed more flexibility on my bare metal.  So, my goal was to P2V the corporate image so I could just run it as a VM. * Remove corporate drive and install new SSD * install corp drive in external USB-3 case * Install RHEL 7 on new SSD * dd old drive to a disk-image file in a temp location which will be an image which is the same size as your actual drive (unless you have enough space in your destination to contain a temp and converted image) * convert the raw disk-image to a qcow file while pushing it to the final location - this step should reduce the disk size - however, I believe it will only reduce/collapse zero-byte blocks (not just free space - i.e. if you de...
1 comment
Read more

Sun USS 7100 foo

TIP: put ALL of your LUNs into a designated TARGET and INITIATOR group when you create them.  If you leave them in the "default" group, then everything that does an discovery against the array will find them :-( I'm struggling to recognize a reason that a default should even be present on the array. Also - who, exactly, is Sun trying to kid.  The USS is simply a box.. running Solaris .. with IPMP and ZFS.  Great.  If you have ever attempted to "break-in" or "p0wn" your IBM HMC, you know that there are people out there that can harden a box - then.. there's Sun.  After a recent meltdown at the office I had to get quite intimate with my USS 7110 and learned quite a bit.  Namely: there's a shell ;-) My current irritation is how they attempt to "warn you" away from using the shell (my coverage expired a long time ago to worry about that) and then how they try to hide things, poorly. I was curious as to what version of SunOS it ...
1 comment
Read more

Extending SNMP to run arbitrary shell script

Why are we here... This is not likely something I would have pursued under normal circumstances.  I happen to be working for a customer/client who is not afforded a lot of flexibility to accomplish their goals.  In this case, the rigor is justified.  They have to sometimes be fairly creative with how they solve problems. In this case they would like to utilize an existing snmp implementation to execute a command (or shell script) on a remote system.  They came to me with the idea of using Net-SNMP extend. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-System_Monitoring_Tools-Net-SNMP-Extending.html NOTE:  This is NOT a good implementation strategy in the "real world"  it will simply allow you to test the functionality.  There are a TON of security implications which would need to be taken in to consideration. Implementation Steps: [root@rh7tst01 ~]# yum -y install net-snmp net-snmp-utils ...
Post a Comment
Read more