# $Id: Oracle-DBA-rhel6,v 1.10 2014/06/25 01:16:32 root Exp $
# **************************************************************************
# Author: james.radtke
# Date: 20140527
# Location: prhnsat01:/var/www/html/pub/snippets/spacewalk/1/
#
# Goal: Have a single script that can:
# - configure a new system for Oracle
# - validate an existing installation
# - be run on an existing system to update/repair Oracle install
# **************************************************************************
# **************************************************************************
# CLEANUP / TODOD
# Should clean up the THP section to check the current value from /proc or /sys
#
# VARIABLES YOU CAN/SHOULD MODIFY
IS_RAC=0
ORACLE_USER="oracle"
GRID_USER="grid"
ORACLE_GROUP="dba"
MIN_SWAP=16384
FSAIOMAX="1048576"
KERNEL_SEM='250 32000 100 128'
VIRTUAL=0
# NON-MODIFIABLE VARIABLES
PRETTY_DATE=`date +%Y%m%d`
ERROR_MSG=""
NEWLINE="\n"
USER=bootstrap
PASS=b00tstrap
REDHAT_RELEASE=`cat /etc/redhat-release | awk '{ print $7 }'`
CLIENTHOSTNAME=`hostname | cut -f1 -d.`
SERVER_ENV=${CLIENTHOSTNAME: 6:6}
PRETTYDATE=`date +%Y%m%d`
SYSTEM_MANUFACTURER=`/usr/sbin/dmidecode -s system-manufacturer`
SYSTEM_PRODUCT_NAME=`/usr/sbin/dmidecode -s system-product-name`
MOUNT_ERROR=0
# BUILD FILES FOR FUTURE USE
RPM_LIST="/tmp/rpm-qa-${PRETTY_DATE}"
/bin/rpm -qa > $RPM_LIST
SYSCTL_A="/tmp/sysctl-a-${PRETTY_DATE}"
/sbin/sysctl -a > ${SYSCTL_A}
PKG_LIST="cloog-ppl libXxf86misc compat-libcap1 libXxf86vm compat-libstdc++-33 libaio-devel cpp libdmx gcc libstdc++-devel gcc-c++ mpfr glibc-devel make glibc-headers ppl kernel-headers xorg-x11-utils libXmu xorg-x11-xauth libXt libXv ksh libXxf86dga"
if [ "${SYSTEM_MANUFACTURER}" == "VMware, Inc." ]
then
VIRTUAL=1
else
VIRTUAL=0
fi
# ######################
# FUNCTIONS
# ######################
# Message Function for Successful Commands
success() {
echo -e "[SUCCESS] ${MSG}"
}
# Error Function - to build an error report
error() {
echo -e "[ERROR] $MSG"
ERROR_MSG=${ERROR_MSG}${MSG}${NEWLINE}
}
# Standard Usage Stanza
usage() {
cat << EOF
Usage:
$0 -[ivh]
-i --install
-v --validate
-h --help
EOF
exit 0
}
##############################################################################
##############################################################################
validate() {
MSG="RUNNING VALIDATION" success
echo $MSG
# CHECK: MOUNTPOINTS
# Section (2.4)
for MOUNT in u01 u02 u03
do
mountpoint /$MOUNT > /dev/null 2>&1
if [ $? -eq 0 ]
then
MSG="$MOUNT discovered" success
else
MSG="$MOUNT not a mount" error
fi
done
# CHECK: SWAP
# Section (2.6)
TOTAL_SWAP=`free -m | grep ^Swap | awk '{ print $2 }'`
if [ $TOTAL_SWAP -lt $MIN_SWAP ]
then
MSG="Swap ($TOTAL_SWAP) is less than $MIN_SWAP"
error
else
MSG="Swap ($TOTAL_SWAP) is greater than $MIN_SWAP"
success
fi
# CHECK: NETWORK BONDING
# Section (3.2.2)
if [ $VIRTUAL != 1 ]
then
for BOND in bond0
do
if [ -f /proc/net/bonding/${BOND} ]
then
if [ `grep "Slave Interface" /proc/net/bonding/${BOND} | wc -l` -lt 2 ]
then
MSG="Bond: $BOND - Number of Slaves is not 2" error
else
MSG="Bond: $BOND - Number of slaves is 2" success
fi
fi
done
else
MSG="Bond not used on Virtual" success
fi
# CHECK: DISABLE SERVICES
# Section (3.2.2)
for SERVICE in NetworkManager
do
if [ -f /etc/init.d/${SERVICE} ]
then
chkconfig --list ${SERVICE} | grep 3:off > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="SERVICE: Disable $SERVICE"
error
fi
fi
done
# CHECK: NTP SETTINGS
# Section (3.2.3)
CONFIG=/etc/ntp.conf
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current" error
else
MSG="$CONFIG is current" success
fi
# CHECK: WHETHER RHN CHANNEL(s) ARE PRESENT
# Section (3.3.1)
for CHANNEL in dba-rhel-x86_64-server-6 dba-rhel-x86_64-server-supplementary-6 dba-ol6_asm
do
/usr/sbin/rhn-channel --list | grep $CHANNEL > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Channel: $CHANNEL is missing" error
else
MSG="Channel: $CHANNEL is configured" success
fi
done
# CHECK: OS Packages
# Section (3.3.2)
# NOTE: This is a bit of a messy approach
for PKG in $PKG_LIST
do
grep $PKG $RPM_LIST > /dev/null 2>&1 && MSG="PKG: $PKG installed" success || MSG="PKG: $PKG missing" error
done
# CHECK: SELinux
# Section (3.3.3)
# CHECK: IPtables
# Section (3.3.4)
# Since we are inadequate in managing our environment, SELinux and IPtables are beyond our capability
# CHECK: Kernel Tuning (Virtual Memory)
# Section (3.3.5)
# REVISIT
# vm.swappiness = 0
# vm.dirty_background_ratio = 3
# vm.dirty_ratio = 80
# vm.dirty_expire_centisecs = 500
# vm.dirty_writeback_centisecs = 100
# CHECK: Kernel Tuning (Shared Memory)
# Section (3.3.6)
# REVISIT
# kernel.shmmax = 68719476736
# kernel.shmall = 4294967296
# kernel.shmmni = 4096
# CHECK: Kernel Tuning (Semaphores)
# Section (3.3.7)
grep ^kernel.sem $SYSCTL_A | tr -s [:blank:] ' ' | cut -f2 -d\= | sed 's/^\ //g' | grep "${KERNEL_SEM}" > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="KernelSem: kernel.sem did not return $KERNEL_SEM" error
else
MSG="KernelSem: kernel.sem did return $KERNEL_SEM" success
fi
# CHECK: Network Tuning (Ephemeral Network Ports)
# Section (3.3.8)
# REVISIT
for PORT in 9000 65500
do
grep $PORT /proc/sys/net/ipv4/ip_local_port_range > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="PORT: $PORT not found in net.ipv4.ip_local_port_range" error
else
MSG="PORT: $PORT found in net.ipv4.ip_local_port_range" success
fi
done
# CHECK: Network Tuning (Ephemeral Network Ports)
# Section (3.3.9)
# REVISIT
# net.core.rmem_default = 262144
# net.core.rmem_max = 4194304
# net.core.wmem_default = 262144
# net.core.wmem_max = 1048576
# CHECK: Kernel Tuning (Synchronous I/O)
# Section (3.3.10)
grep "fs.aio-max-nr = ${FSAIOMAX}" ${SYSCTL_A} > /dev/null 2>&1 && MSG="FS.AIO: Synchronous I/O set to ${FSAIOMAX}" success || MSG="FS.AIO: Synchronous I/O NOT set to ${FSAIOMAX}"
# CHECK: Kernel Tuning (File Handles)
# Section (3.3.11)
# REVISIT - REQUIRES THE DATABASE(s) TO BE RUNNING
# Oracle Recommends 512 File Handles per process
# ((ps -ef | grep oracle | wc -l) * 512) = /etc/sysctl.conf:fs.file-max = ${ARG}
# fs.file-max = 6815744
# CHECK: OS (User and Group accounts)
# Section (3.3.12)
# PROBABLY WANT TO CLEAN THIS UP A BIT TOO
for GROUP in dba:x:9000:oracle,grid oinstall:x:9001: oper:x:9005:oracle
do
grep $GROUP /etc/group > /dev/null 2>&1 && MSG="Group ($GROUP) found in /etc/group" success || MSG="Group ($GROUP) NOT found in /etc/group" error
done
for USER in "oracle:x:1038:9001:Oracle SXM Service Account:/sxmhome/oracle:/bin/ksh" "grid:x:21000:9001:Grid SXM Service Account:/sxmhome/grid:/bin/ksh"
do
grep "$USER" /etc/passwd > /dev/null 2>&1 && MSG="USER: ($USER) found in /etc/passwd" success || MSG="USER: ($USER) NOT found in /etc/passwd" error
done
for NETGROUP in "+@sysadmin" "+@sxmdba"
do
grep $NETGROUP /etc/passwd > /dev/null 2>&1 && MSG="NETGROUP: ($NETGROUP) found in /etc/passwd" success || MSG="NETGROUP: ($NETGROUP) NOT found in /etc/passwd" error
done
# CHECK: OS (Shell Limits for Oracle and Grid User, OracleASM configuration file)
# Section (3.3.13)
# If the file does not exist on the system, the rhncfg-client will not work. Therefore, make a empty-file
# for the diff to compare.
for CONFIG in /etc/security/limits.d/99-grid-oracle-limits.conf /etc/profile.d/99-grid-oracle-limits.conf
do
test -f $CONFIG || touch ${CONFIG}
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current" error
else
MSG="$CONFIG is current" success
fi
done
# CHECK: Oracle ASM ()
# Section (3.4.3.2)
for PKG in kmod-oracleasm oracleasm-support oracleasmlib
do
grep $PKG $RPM_LIST > /dev/null 2>&1 && MSG="PKG: $PKG installed" success || MSG="PKG: $PKG missing" error
done
# ORACLE ASM CONFIG FILE
for CONFIG in /etc/sysconfig/oracleasm-_dev_oracleasm
do
test -f $CONFIG || touch ${CONFIG}
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current" error
else
MSG="$CONFIG is current" success
fi
done
# CHECK: OS (Enterprise Tuning)
# Section (3.4.4)
for PKG in tuned
do
grep $PKG $RPM_LIST > /dev/null 2>&1 && MSG="PKG: $PKG installed" success || MSG="PKG: $PKG missing" error
done
# CHECK: Oracle GRID (Installation)
# Section (4.1.1)
for DIR in /u01/app/grid
do
test -d $DIR && MSG="DIR: $DIR present" success || MSG="DIR: $DIR missing" error
done
# CHECK: THP Disable in grub.conf
# Section (4.1.5)
grep transparent_hugepage=never /boot/grub/grub.conf > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Transparent Huge Pages are still enabled."
error
else
MSG="Transparent Huge Pages are disabled."
success
fi
}
## end validate
##############################################################################
##############################################################################
install() {
MSG="RUNNING INSTALL" success
echo $MSG
# CHECK: DISABLE SERVICES
# Section (3.2.2)
for SERVICE in NetworkManager
do
if [ -f /etc/init.d/${SERVICE} ]
then
chkconfig ${SERVICE} off > /dev/null 2>&1
fi
done
# CHECK: WHETHER RHN CHANNEL(s) ARE PRESENT
# Section (3.3.1)
for CHANNEL in dba-rhel-x86_64-server-6 dba-rhel-x86_64-server-supplementary-6 dba-ol6_asm
do
/usr/sbin/rhn-channel --list | grep $CHANNEL > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Channel: $CHANNEL is missing, adding now..." error
/usr/sbin/rhn-channel -a -c $CHANNEL -u $USER -p $PASS > /dev/null 2>&1
else
MSG="Channel: $CHANNEL is configured" success
fi
done
# CHECK: OS Packages
# Section (3.3.2)
# NOTE: This is a bit of a messy approach
cat /dev/null > /tmp/packages_to_install.out
for PKG in $PKG_LIST
do
grep $PKG $RPM_LIST > /dev/null 2>&1 || echo $PKG | tr '\n' ' ' >> /tmp/packages_to_install.out
done
if [ -s /tmp/packages_to_install.out ]
then
MSG="Installed `cat /tmp/packages_to_install.out`" error
yum -y install `cat /tmp/packages_to_install.out`
fi
# CHECK: OS (User and Group accounts)
# Section (3.3.12)
# PROBABLY WANT TO CLEAN THIS UP A BIT TOO
for GROUP in dba:x:9000:oracle,grid oinstall:x:9001: oper:x:9005:oracle
do
grep $GROUP /etc/group > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Group ($GROUP) NOT found in /etc/group, adding..." error
echo "$GROUP" >> /etc/group
fi
done
# NEED THIS TO ADD THE USERS -BEFORE- THE NETGROUP (if present)
for USER in "oracle:x:1038:9001:Oracle SXM Service Account:/sxmhome/oracle:/bin/ksh" "grid:x:21000:9001:Grid SXM Service Account:/sxmhome/grid:/bin/ksh"
do
# Figure out which line in the passwd file the first + sign is...
INSLINE=`cat -n /etc/passwd | grep + | awk '{ print $1 }' | head -1`
grep "$USER" /etc/passwd > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Group ($USER) NOT found in /etc/passwd, adding..." error
sed -i -e "${INSLINE}"i"$USER" /etc/passwd
fi
done
for NETGROUP in "+@sysadmin" "+@sxmdba"
do
grep $NETGROUP /etc/passwd > /dev/null 2>&1
if [ $? -eq 0 ]
then
MSG="NETGROUP: ($NETGROUP) found in /etc/passwd" success
else
MSG="NETGROUP: ($NETGROUP) NOT found in /etc/passwd, adding..." error
echo "$NETGROUP" >> /etc/passwd
fi
done
# CHECK: OS (Shell Limits for Oracle and Grid User, OracleASM configuration file)
# Section (3.3.13)
# If the file does not exist on the system, the rhncfg-client will not work. Therefore, make a empty-file
# for the diff to compare.
for CONFIG in /etc/security/limits.d/99-grid-oracle-limits.conf /etc/profile.d/99-grid-oracle-limits.conf
do
test -f $CONFIG || touch ${CONFIG}
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current, retrieving from Satellite..." error
rhncfg-client get $CONFIG
else
MSG="$CONFIG is current" success
fi
done
# CHECK: Oracle ASM ()
# Section (3.4.3.2)
cat /dev/null > /tmp/packages_to_install.out
for PKG in kmod-oracleasm oracleasm-support oracleasmlib
do
grep $PKG $RPM_LIST > /dev/null 2>&1 || echo $PKG | tr '\n' ' ' >> /tmp/packages_to_install.out
done
if [ -s /tmp/packages_to_install.out ]
then
MSG="Installed `cat /tmp/packages_to_install.out`" error
yum -y install `cat /tmp/packages_to_install.out`
fi
# ORACLE ASM CONFIG FILE
for CONFIG in /etc/sysconfig/oracleasm-_dev_oracleasm
do
test -f $CONFIG || touch ${CONFIG}
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current, retrieving from Satellite..." error
rhncfg-client get $CONFIG
else
MSG="$CONFIG is current" success
fi
done
# CHECK: OS (Enterprise Tuning)
# THIS SECTION IS ONLY FOR "tuned" DUE TO THE COMPLEXITY
# Section (3.4.4)
grep tuned $RPM_LIST > /dev/null 2>&1
if [ $? -ne 0 ]
then
if [ $VIRTUAL != 1 ]
then
MSG="Tuned was NOT installed, Installing (for Physical)..." error
yum -y install tuned
chkconfig tuned on
cp -r /etc/tune-profiles/enterprise-storage /etc/tune-profiles/enterprise-storage-nothp
sed -i -e 's/set_transparent_hugepages always/set_transparent_hugepages never/g' /etc/tune-profiles/enterprise-storage-nothp/ktune.sh
tuned-adm profile enterprise-storage-nothp
else
MSG="Tuned was NOT installed, Installing (for Virtual)..." error
yum -y install tuned
chkconfig tuned on
cp -r /etc/tune-profiles/virtual-guest /etc/tune-profiles/virtual-guest-nothp
sed -i -e 's/set_transparent_hugepages always/set_transparent_hugepages never/g' /etc/tune-profiles/virtual-guest-nothp/ktune.sh
tuned-adm profile virtual-guest-nothp
fi
else
MSG="Tuned was installed."
success
fi
# CHECK: Kernel Tuning (Semaphores)
# Section (3.3.7)
grep ^kernel.sem $SYSCTL_A | tr -s [:blank:] ' ' | cut -f2 -d\= | sed 's/^\ //g' | grep "${KERNEL_SEM}" > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="KernelSem: kernel.sem did not return $KERNEL_SEM... attempting to fix" error
echo "# ADDED BY ORACLE INSTALL SCRIPT (USG)" >> /etc/sysctl.conf
echo "kernel.sem = "$KERNEL_SEM >> /etc/sysctl.conf
sysctl -p
else
MSG="KernelSem: kernel.sem did return $KERNEL_SEM" success
fi
# CHECK: THP Disable in grub.conf
# Section (4.1.5)
grep transparent_hugepage=never /boot/grub/grub.conf > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Transparent Huge Pages are still enabled. Correcting..."
cp /boot/grub/grub.conf /boot/grub/grub.conf-`date +%F`
sed -i -e '/^.kernel/ s/$/ transparent_hugepage=never/' /boot/grub/grub.conf
error
else
MSG="Transparent Huge Pages are disabled. "
success
fi
# LASTLY... AND THIS DEFINITELY NEEDS SOME WORK...
for MOUNT in u01 u02 u03
do
mountpoint /$MOUNT > /dev/null 2>&1
if [ $? -eq 0 ]
then
MSG="$MOUNT discovered" success
else
MSG="$MOUNT not a mount" error
MOUNT_ERROR=1
fi
done
# STILL NEED TO DETERMINE IF THE DIRECTORIES ARE EMPTY, THEN PROCEED
if [ $MOUNT_ERROR -ne 0 ]
then
mkdir -p /u01/app/11.2.0/grid; mkdir -p /u01/app/grid; chmod -R 775 /u01
mkdir -p /u02/app/oracle/product/11.2.0; chmod -R 775 /u02
mkdir -p /u03/app/12.1.0/agent; chmod -R 775 /u03
chown -R grid:oinstall /u01; chown -R oracle:oinstall /u02; chown -R oracle:oinstall /u03
chown grid:oinstall /opt/oracle; chmod -R 775 /opt/oracle
mkdir /sxmhome/oracle; chown oracle:oinstall /sxmhome/oracle
mkdir /sxmhome/grid; chown grid:oinstall /sxmhome/grid
fi
}
## end install
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
# MAIN
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
case "$1" in
"-i")
install
shift
;;
"-v")
validate
shift
;;
"-h")
usage
shift
;;
*)
echo "ERROR: Unrecognized option - $1"
usage
shift
;;
esac
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
# THE END...
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
if [ ! -z "${ERROR_MSG}" ]
then
echo ""
echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * "
uname -n
echo "FAILBLOG - errors were detected"
echo -e "$ERROR_MSG"
exit 9
else
echo ""
echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * "
echo "SUCCESS - No errors were detected!"
fi
# **************************************************************************
# Author: james.radtke
# Date: 20140527
# Location: prhnsat01:/var/www/html/pub/snippets/spacewalk/1/
#
# Goal: Have a single script that can:
# - configure a new system for Oracle
# - validate an existing installation
# - be run on an existing system to update/repair Oracle install
# **************************************************************************
# **************************************************************************
# CLEANUP / TODOD
# Should clean up the THP section to check the current value from /proc or /sys
#
# VARIABLES YOU CAN/SHOULD MODIFY
IS_RAC=0
ORACLE_USER="oracle"
GRID_USER="grid"
ORACLE_GROUP="dba"
MIN_SWAP=16384
FSAIOMAX="1048576"
KERNEL_SEM='250 32000 100 128'
VIRTUAL=0
# NON-MODIFIABLE VARIABLES
PRETTY_DATE=`date +%Y%m%d`
ERROR_MSG=""
NEWLINE="\n"
USER=bootstrap
PASS=b00tstrap
REDHAT_RELEASE=`cat /etc/redhat-release | awk '{ print $7 }'`
CLIENTHOSTNAME=`hostname | cut -f1 -d.`
SERVER_ENV=${CLIENTHOSTNAME: 6:6}
PRETTYDATE=`date +%Y%m%d`
SYSTEM_MANUFACTURER=`/usr/sbin/dmidecode -s system-manufacturer`
SYSTEM_PRODUCT_NAME=`/usr/sbin/dmidecode -s system-product-name`
MOUNT_ERROR=0
# BUILD FILES FOR FUTURE USE
RPM_LIST="/tmp/rpm-qa-${PRETTY_DATE}"
/bin/rpm -qa > $RPM_LIST
SYSCTL_A="/tmp/sysctl-a-${PRETTY_DATE}"
/sbin/sysctl -a > ${SYSCTL_A}
PKG_LIST="cloog-ppl libXxf86misc compat-libcap1 libXxf86vm compat-libstdc++-33 libaio-devel cpp libdmx gcc libstdc++-devel gcc-c++ mpfr glibc-devel make glibc-headers ppl kernel-headers xorg-x11-utils libXmu xorg-x11-xauth libXt libXv ksh libXxf86dga"
if [ "${SYSTEM_MANUFACTURER}" == "VMware, Inc." ]
then
VIRTUAL=1
else
VIRTUAL=0
fi
# ######################
# FUNCTIONS
# ######################
# Message Function for Successful Commands
success() {
echo -e "[SUCCESS] ${MSG}"
}
# Error Function - to build an error report
error() {
echo -e "[ERROR] $MSG"
ERROR_MSG=${ERROR_MSG}${MSG}${NEWLINE}
}
# Standard Usage Stanza
usage() {
cat << EOF
Usage:
$0 -[ivh]
-i --install
-v --validate
-h --help
EOF
exit 0
}
##############################################################################
##############################################################################
validate() {
MSG="RUNNING VALIDATION" success
echo $MSG
# CHECK: MOUNTPOINTS
# Section (2.4)
for MOUNT in u01 u02 u03
do
mountpoint /$MOUNT > /dev/null 2>&1
if [ $? -eq 0 ]
then
MSG="$MOUNT discovered" success
else
MSG="$MOUNT not a mount" error
fi
done
# CHECK: SWAP
# Section (2.6)
TOTAL_SWAP=`free -m | grep ^Swap | awk '{ print $2 }'`
if [ $TOTAL_SWAP -lt $MIN_SWAP ]
then
MSG="Swap ($TOTAL_SWAP) is less than $MIN_SWAP"
error
else
MSG="Swap ($TOTAL_SWAP) is greater than $MIN_SWAP"
success
fi
# CHECK: NETWORK BONDING
# Section (3.2.2)
if [ $VIRTUAL != 1 ]
then
for BOND in bond0
do
if [ -f /proc/net/bonding/${BOND} ]
then
if [ `grep "Slave Interface" /proc/net/bonding/${BOND} | wc -l` -lt 2 ]
then
MSG="Bond: $BOND - Number of Slaves is not 2" error
else
MSG="Bond: $BOND - Number of slaves is 2" success
fi
fi
done
else
MSG="Bond not used on Virtual" success
fi
# CHECK: DISABLE SERVICES
# Section (3.2.2)
for SERVICE in NetworkManager
do
if [ -f /etc/init.d/${SERVICE} ]
then
chkconfig --list ${SERVICE} | grep 3:off > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="SERVICE: Disable $SERVICE"
error
fi
fi
done
# CHECK: NTP SETTINGS
# Section (3.2.3)
CONFIG=/etc/ntp.conf
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current" error
else
MSG="$CONFIG is current" success
fi
# CHECK: WHETHER RHN CHANNEL(s) ARE PRESENT
# Section (3.3.1)
for CHANNEL in dba-rhel-x86_64-server-6 dba-rhel-x86_64-server-supplementary-6 dba-ol6_asm
do
/usr/sbin/rhn-channel --list | grep $CHANNEL > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Channel: $CHANNEL is missing" error
else
MSG="Channel: $CHANNEL is configured" success
fi
done
# CHECK: OS Packages
# Section (3.3.2)
# NOTE: This is a bit of a messy approach
for PKG in $PKG_LIST
do
grep $PKG $RPM_LIST > /dev/null 2>&1 && MSG="PKG: $PKG installed" success || MSG="PKG: $PKG missing" error
done
# CHECK: SELinux
# Section (3.3.3)
# CHECK: IPtables
# Section (3.3.4)
# Since we are inadequate in managing our environment, SELinux and IPtables are beyond our capability
# CHECK: Kernel Tuning (Virtual Memory)
# Section (3.3.5)
# REVISIT
# vm.swappiness = 0
# vm.dirty_background_ratio = 3
# vm.dirty_ratio = 80
# vm.dirty_expire_centisecs = 500
# vm.dirty_writeback_centisecs = 100
# CHECK: Kernel Tuning (Shared Memory)
# Section (3.3.6)
# REVISIT
# kernel.shmmax = 68719476736
# kernel.shmall = 4294967296
# kernel.shmmni = 4096
# CHECK: Kernel Tuning (Semaphores)
# Section (3.3.7)
grep ^kernel.sem $SYSCTL_A | tr -s [:blank:] ' ' | cut -f2 -d\= | sed 's/^\ //g' | grep "${KERNEL_SEM}" > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="KernelSem: kernel.sem did not return $KERNEL_SEM" error
else
MSG="KernelSem: kernel.sem did return $KERNEL_SEM" success
fi
# CHECK: Network Tuning (Ephemeral Network Ports)
# Section (3.3.8)
# REVISIT
for PORT in 9000 65500
do
grep $PORT /proc/sys/net/ipv4/ip_local_port_range > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="PORT: $PORT not found in net.ipv4.ip_local_port_range" error
else
MSG="PORT: $PORT found in net.ipv4.ip_local_port_range" success
fi
done
# CHECK: Network Tuning (Ephemeral Network Ports)
# Section (3.3.9)
# REVISIT
# net.core.rmem_default = 262144
# net.core.rmem_max = 4194304
# net.core.wmem_default = 262144
# net.core.wmem_max = 1048576
# CHECK: Kernel Tuning (Synchronous I/O)
# Section (3.3.10)
grep "fs.aio-max-nr = ${FSAIOMAX}" ${SYSCTL_A} > /dev/null 2>&1 && MSG="FS.AIO: Synchronous I/O set to ${FSAIOMAX}" success || MSG="FS.AIO: Synchronous I/O NOT set to ${FSAIOMAX}"
# CHECK: Kernel Tuning (File Handles)
# Section (3.3.11)
# REVISIT - REQUIRES THE DATABASE(s) TO BE RUNNING
# Oracle Recommends 512 File Handles per process
# ((ps -ef | grep oracle | wc -l) * 512) = /etc/sysctl.conf:fs.file-max = ${ARG}
# fs.file-max = 6815744
# CHECK: OS (User and Group accounts)
# Section (3.3.12)
# PROBABLY WANT TO CLEAN THIS UP A BIT TOO
for GROUP in dba:x:9000:oracle,grid oinstall:x:9001: oper:x:9005:oracle
do
grep $GROUP /etc/group > /dev/null 2>&1 && MSG="Group ($GROUP) found in /etc/group" success || MSG="Group ($GROUP) NOT found in /etc/group" error
done
for USER in "oracle:x:1038:9001:Oracle SXM Service Account:/sxmhome/oracle:/bin/ksh" "grid:x:21000:9001:Grid SXM Service Account:/sxmhome/grid:/bin/ksh"
do
grep "$USER" /etc/passwd > /dev/null 2>&1 && MSG="USER: ($USER) found in /etc/passwd" success || MSG="USER: ($USER) NOT found in /etc/passwd" error
done
for NETGROUP in "+@sysadmin" "+@sxmdba"
do
grep $NETGROUP /etc/passwd > /dev/null 2>&1 && MSG="NETGROUP: ($NETGROUP) found in /etc/passwd" success || MSG="NETGROUP: ($NETGROUP) NOT found in /etc/passwd" error
done
# CHECK: OS (Shell Limits for Oracle and Grid User, OracleASM configuration file)
# Section (3.3.13)
# If the file does not exist on the system, the rhncfg-client will not work. Therefore, make a empty-file
# for the diff to compare.
for CONFIG in /etc/security/limits.d/99-grid-oracle-limits.conf /etc/profile.d/99-grid-oracle-limits.conf
do
test -f $CONFIG || touch ${CONFIG}
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current" error
else
MSG="$CONFIG is current" success
fi
done
# CHECK: Oracle ASM ()
# Section (3.4.3.2)
for PKG in kmod-oracleasm oracleasm-support oracleasmlib
do
grep $PKG $RPM_LIST > /dev/null 2>&1 && MSG="PKG: $PKG installed" success || MSG="PKG: $PKG missing" error
done
# ORACLE ASM CONFIG FILE
for CONFIG in /etc/sysconfig/oracleasm-_dev_oracleasm
do
test -f $CONFIG || touch ${CONFIG}
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current" error
else
MSG="$CONFIG is current" success
fi
done
# CHECK: OS (Enterprise Tuning)
# Section (3.4.4)
for PKG in tuned
do
grep $PKG $RPM_LIST > /dev/null 2>&1 && MSG="PKG: $PKG installed" success || MSG="PKG: $PKG missing" error
done
# CHECK: Oracle GRID (Installation)
# Section (4.1.1)
for DIR in /u01/app/grid
do
test -d $DIR && MSG="DIR: $DIR present" success || MSG="DIR: $DIR missing" error
done
# CHECK: THP Disable in grub.conf
# Section (4.1.5)
grep transparent_hugepage=never /boot/grub/grub.conf > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Transparent Huge Pages are still enabled."
error
else
MSG="Transparent Huge Pages are disabled."
success
fi
}
## end validate
##############################################################################
##############################################################################
install() {
MSG="RUNNING INSTALL" success
echo $MSG
# CHECK: DISABLE SERVICES
# Section (3.2.2)
for SERVICE in NetworkManager
do
if [ -f /etc/init.d/${SERVICE} ]
then
chkconfig ${SERVICE} off > /dev/null 2>&1
fi
done
# CHECK: WHETHER RHN CHANNEL(s) ARE PRESENT
# Section (3.3.1)
for CHANNEL in dba-rhel-x86_64-server-6 dba-rhel-x86_64-server-supplementary-6 dba-ol6_asm
do
/usr/sbin/rhn-channel --list | grep $CHANNEL > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Channel: $CHANNEL is missing, adding now..." error
/usr/sbin/rhn-channel -a -c $CHANNEL -u $USER -p $PASS > /dev/null 2>&1
else
MSG="Channel: $CHANNEL is configured" success
fi
done
# CHECK: OS Packages
# Section (3.3.2)
# NOTE: This is a bit of a messy approach
cat /dev/null > /tmp/packages_to_install.out
for PKG in $PKG_LIST
do
grep $PKG $RPM_LIST > /dev/null 2>&1 || echo $PKG | tr '\n' ' ' >> /tmp/packages_to_install.out
done
if [ -s /tmp/packages_to_install.out ]
then
MSG="Installed `cat /tmp/packages_to_install.out`" error
yum -y install `cat /tmp/packages_to_install.out`
fi
# CHECK: OS (User and Group accounts)
# Section (3.3.12)
# PROBABLY WANT TO CLEAN THIS UP A BIT TOO
for GROUP in dba:x:9000:oracle,grid oinstall:x:9001: oper:x:9005:oracle
do
grep $GROUP /etc/group > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Group ($GROUP) NOT found in /etc/group, adding..." error
echo "$GROUP" >> /etc/group
fi
done
# NEED THIS TO ADD THE USERS -BEFORE- THE NETGROUP (if present)
for USER in "oracle:x:1038:9001:Oracle SXM Service Account:/sxmhome/oracle:/bin/ksh" "grid:x:21000:9001:Grid SXM Service Account:/sxmhome/grid:/bin/ksh"
do
# Figure out which line in the passwd file the first + sign is...
INSLINE=`cat -n /etc/passwd | grep + | awk '{ print $1 }' | head -1`
grep "$USER" /etc/passwd > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Group ($USER) NOT found in /etc/passwd, adding..." error
sed -i -e "${INSLINE}"i"$USER" /etc/passwd
fi
done
for NETGROUP in "+@sysadmin" "+@sxmdba"
do
grep $NETGROUP /etc/passwd > /dev/null 2>&1
if [ $? -eq 0 ]
then
MSG="NETGROUP: ($NETGROUP) found in /etc/passwd" success
else
MSG="NETGROUP: ($NETGROUP) NOT found in /etc/passwd, adding..." error
echo "$NETGROUP" >> /etc/passwd
fi
done
# CHECK: OS (Shell Limits for Oracle and Grid User, OracleASM configuration file)
# Section (3.3.13)
# If the file does not exist on the system, the rhncfg-client will not work. Therefore, make a empty-file
# for the diff to compare.
for CONFIG in /etc/security/limits.d/99-grid-oracle-limits.conf /etc/profile.d/99-grid-oracle-limits.conf
do
test -f $CONFIG || touch ${CONFIG}
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current, retrieving from Satellite..." error
rhncfg-client get $CONFIG
else
MSG="$CONFIG is current" success
fi
done
# CHECK: Oracle ASM ()
# Section (3.4.3.2)
cat /dev/null > /tmp/packages_to_install.out
for PKG in kmod-oracleasm oracleasm-support oracleasmlib
do
grep $PKG $RPM_LIST > /dev/null 2>&1 || echo $PKG | tr '\n' ' ' >> /tmp/packages_to_install.out
done
if [ -s /tmp/packages_to_install.out ]
then
MSG="Installed `cat /tmp/packages_to_install.out`" error
yum -y install `cat /tmp/packages_to_install.out`
fi
# ORACLE ASM CONFIG FILE
for CONFIG in /etc/sysconfig/oracleasm-_dev_oracleasm
do
test -f $CONFIG || touch ${CONFIG}
RESULT=`rhncfg-client diff $CONFIG | wc -l`
if [ $RESULT -gt 1 ]
then
MSG="$CONFIG is NOT current, retrieving from Satellite..." error
rhncfg-client get $CONFIG
else
MSG="$CONFIG is current" success
fi
done
# CHECK: OS (Enterprise Tuning)
# THIS SECTION IS ONLY FOR "tuned" DUE TO THE COMPLEXITY
# Section (3.4.4)
grep tuned $RPM_LIST > /dev/null 2>&1
if [ $? -ne 0 ]
then
if [ $VIRTUAL != 1 ]
then
MSG="Tuned was NOT installed, Installing (for Physical)..." error
yum -y install tuned
chkconfig tuned on
cp -r /etc/tune-profiles/enterprise-storage /etc/tune-profiles/enterprise-storage-nothp
sed -i -e 's/set_transparent_hugepages always/set_transparent_hugepages never/g' /etc/tune-profiles/enterprise-storage-nothp/ktune.sh
tuned-adm profile enterprise-storage-nothp
else
MSG="Tuned was NOT installed, Installing (for Virtual)..." error
yum -y install tuned
chkconfig tuned on
cp -r /etc/tune-profiles/virtual-guest /etc/tune-profiles/virtual-guest-nothp
sed -i -e 's/set_transparent_hugepages always/set_transparent_hugepages never/g' /etc/tune-profiles/virtual-guest-nothp/ktune.sh
tuned-adm profile virtual-guest-nothp
fi
else
MSG="Tuned was installed."
success
fi
# CHECK: Kernel Tuning (Semaphores)
# Section (3.3.7)
grep ^kernel.sem $SYSCTL_A | tr -s [:blank:] ' ' | cut -f2 -d\= | sed 's/^\ //g' | grep "${KERNEL_SEM}" > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="KernelSem: kernel.sem did not return $KERNEL_SEM... attempting to fix" error
echo "# ADDED BY ORACLE INSTALL SCRIPT (USG)" >> /etc/sysctl.conf
echo "kernel.sem = "$KERNEL_SEM >> /etc/sysctl.conf
sysctl -p
else
MSG="KernelSem: kernel.sem did return $KERNEL_SEM" success
fi
# CHECK: THP Disable in grub.conf
# Section (4.1.5)
grep transparent_hugepage=never /boot/grub/grub.conf > /dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="Transparent Huge Pages are still enabled. Correcting..."
cp /boot/grub/grub.conf /boot/grub/grub.conf-`date +%F`
sed -i -e '/^.kernel/ s/$/ transparent_hugepage=never/' /boot/grub/grub.conf
error
else
MSG="Transparent Huge Pages are disabled. "
success
fi
# LASTLY... AND THIS DEFINITELY NEEDS SOME WORK...
for MOUNT in u01 u02 u03
do
mountpoint /$MOUNT > /dev/null 2>&1
if [ $? -eq 0 ]
then
MSG="$MOUNT discovered" success
else
MSG="$MOUNT not a mount" error
MOUNT_ERROR=1
fi
done
# STILL NEED TO DETERMINE IF THE DIRECTORIES ARE EMPTY, THEN PROCEED
if [ $MOUNT_ERROR -ne 0 ]
then
mkdir -p /u01/app/11.2.0/grid; mkdir -p /u01/app/grid; chmod -R 775 /u01
mkdir -p /u02/app/oracle/product/11.2.0; chmod -R 775 /u02
mkdir -p /u03/app/12.1.0/agent; chmod -R 775 /u03
chown -R grid:oinstall /u01; chown -R oracle:oinstall /u02; chown -R oracle:oinstall /u03
chown grid:oinstall /opt/oracle; chmod -R 775 /opt/oracle
mkdir /sxmhome/oracle; chown oracle:oinstall /sxmhome/oracle
mkdir /sxmhome/grid; chown grid:oinstall /sxmhome/grid
fi
}
## end install
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
# MAIN
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
case "$1" in
"-i")
install
shift
;;
"-v")
validate
shift
;;
"-h")
usage
shift
;;
*)
echo "ERROR: Unrecognized option - $1"
usage
shift
;;
esac
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
# THE END...
# * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
if [ ! -z "${ERROR_MSG}" ]
then
echo ""
echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * "
uname -n
echo "FAILBLOG - errors were detected"
echo -e "$ERROR_MSG"
exit 9
else
echo ""
echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * "
echo "SUCCESS - No errors were detected!"
fi
Comments
Post a Comment