Summary
Review the following requirements and pre-requisites for registering an Oracle provider in ECX.
Details
Software
- The bash and sudo packages must be installed. Sudo must be version 1.7.6p2 or above. Run
sudo -V
to check the version. - Python version 2.6.x or 2.7.x must be installed.
- AIX only: If Oracle data resides on IBM Spectrum Accelerate storage, the IBM Storage Host Attachment Kit (also known as IBM XIV Host Attachment Kit) must be installed on the Oracle server.
- RHEL/OEL/CentOS 6.x only: Ensure the util-linux-ng package is up-to-date by running
yum update util-linux-ng
. Depending on your version or distribution, the package may be named util-linux. - RHEL/OEL/CentOS 7.3 and above: A required Perl module, Digest::MD5, is not installed by default. Install the module by running
yum install perl-Digest-MD5
. - Linux only: If Oracle data resides on LVM volumes, ensure the LVM version is 2.0.2.118 or later. Run
lvm version
to check the version and runyum update lvm2
to update the package if necessary. - Linux only: If Oracle data resides on LVM volumes, the lvm2-lvmetad service must be disabled as it can interfere with ECX's ability to mount and resignature volume group snapshots/clones.
systemctl stop lvm2-lvmetad
systemctl disable lvm2-lvmetad
Additionally, disable lvmetad in the LVM config file. Edit the file /etc/lvm/lvm.conf and set:
use_lvmetad = 0
Connectivity
- The SSH service must be running on port 22 on the server and any firewalls must be configured to allow ECX to connect to the server using SSH. The SFTP subsystem for SSH must also be enabled.
- The server can be registered using a DNS name or IP address. DNS names must be resolvable by ECX.
- When registering Oracle RAC nodes, register each node using its physical IP or name. Do not use a virtual name or Single Client Access Name (SCAN).
- In order to mount clones/copies of Oracle data, ECX automatically maps and unmaps LUNs to the Oracle servers. Each server must be preconfigured to connect to the relevant storage systems at that site.
- For Fibre Channel, the appropriate zoning must be configured beforehand.
- For iSCSI, the Oracle servers must be configured beforehand to discover and log in to the targets on the storage servers.
Authentication
- The Oracle server must be registered in ECX using an operating system user that exists on the Oracle server (referred to as "ECX agent user" for the rest of this topic).
- During registration you must provide either a password or a private SSH key that ECX will use to log in to the server.
- For password-based authentication ensure the password is correctly configured and that the user can log in without facing any other prompts, such as prompts to reset the password.
- For key-based authentication ensure the public SSH key is placed in the appropriate authorized_keys file for the ECX agent user.
- Typically, the file is located at /home/<username>/.ssh/authorized_keys
- Typically, the .ssh directory and all files under it must have their permissions set to 600.
Privileges
The ECX agent user must have the following privileges:
- Privileges to run commands as root and other users using sudo. ECX requires this for various tasks such as discovering storage layouts and mounting and unmounting disks.
- The sudoers configuration must allow the ECX agent user to run commands without a password.
- The !requiretty setting must be set.
- The ENV_KEEP setting must allow the ORACLE_HOME and ORACLE_SID environment variables to be retained.
- Privileges to read the Oracle inventory. ECX requires this to discover and collect information about Oracle homes and databases.
- To achieve this, the ECX agent user must belong to the Oracle inventory group, typically named oinstall.
- SYSDBA privileges for database instances. ECX needs to perform database tasks like querying instance details, hot backup, RMAN cataloging, as well as starting/stopping instances during recovery.
- To achieve this, the ECX agent user must belong to the OSDBA operating system group, typically named dba.
- In the case of multiple Oracle homes each with a different OSDBA group, the ECX agent user must belong to each group.
- SYSASM privileges, if Automatic Storage Management (ASM) is installed. ECX needs to perform storage tasks like querying ASM disk information, as well as renaming, mounting, and unmounting diskgroups.
- To achieve this, the ECX agent user must belong to the OSASM operating system group, typically named asmadmin.
- Shell user limits for the ECX agent user must be the same as those for the user that owns the Oracle home, typically named oracle. Refer to Oracle documentation for requirements and instructions on setting shell limits. Run
ulimit -a
as both the oracle user and the ECX agent user and ensure their settings are identical.
For examples on creating a new user with the necessary privileges, see Sample Configuration of an ECX Agent User.
Database Discovery
ECX discovers databases and their storage layouts by connecting to running instances and querying the locations of their datafiles, log files, etc. In order for ECX to correctly discover databases during cataloging and copy operations, databases must be in "MOUNTED," "READ ONLY," or "READ WRITE" mode. ECX cannot discover or protect database instances that are shut down.
Databases must be started using a server parameter file (spfile). ECX does not support copy operations for databases that are started using a text-based parameter file (pfile).
ASM Disk Discovery
When ECX mounts snapshots/clones of ASM disks, it configures the disks to set the appropriate permissions required to make them discoverable by ASM:
- The disk owner and group are set to the owner of the Grid installation and the OSASM group respectively. These are typically grid and asmadmin. ECX automatically discovers the appropriate owner and group information on each server.
- The disk permissions are set to 660.
Additionally, ECX creates aliases/symbolic links with names that follow a consistent pattern. To ensure that ASM is able to discover the disks mapped by ECX, you must update the ASM_DISKSTRING parameter to add this pattern.
Linux:
ECX creates udev rules for each disk to set the appropriate ownership and permissions. The udev rules also create symbolic links of the form /dev/ecx-asmdisk/<diskId> that point to the appropriate device under /dev.
To ensure the disks are discoverable by ASM, add the following pattern to your existing ASM_DISKSTRING: /dev/ecx-asmdisk/*
AIX:
ECX creates a device node (using mknod) of the form /dev/ecx_asm<diskId> that points to the appropriate hdisk under /dev. ECX also sets the appropriate ownership and permissions for this new device.
To ensure that the disks are discoverable by ASM, add the following pattern to your existing ASM_DISKSTRING: /dev/ecx_asm*
Notes:
- If the existing value of the ASM_DISKSTRING is empty, you may have to first set it to an appropriate value that matches all existing disks, then append the value above.
- If the existing value of the ASM_DISKSTRING is broad enough to discover all disks (for example,
/dev/*
), you may not need to update it. - Refer to Oracle documentation for details about retrieving and modifying the ASM_DISKSTRING parameter.
Sample Configuration of an ECX Agent User
The commands below are examples for creating and configuring an operating system user that ECX will use to log in to the Oracle server. The command syntax may vary depending on your operating system type and version.
- Create the user that will be designated as the ECX agent user:
useradd -m ecxagent
- Set a password if using password-based authentication:
passwd ecxagent
- If using key-based authentication, place the public key in /home/ecxagent/.ssh/authorized_keys, or the appropriate file depending on your sshd configuration, and ensure the correct ownership and permissions are set, such as:
chown -R ecxagent:ecxagent /home/ecxagent/.ssh
chmod 700 /home/ecxagent/.ssh
chmod 600 /home/ecxagent/.ssh/authorized_keys
- Add the user to the Oracle installation and OSDBA group:
usermod -a -G oinstall,dba ecxagent
- If ASM is in use, also add the user to the OSASM group:
usermod -a -G asmadmin ecxagent
- Place the following lines at the end of your sudoers configuration file, typically /etc/sudoers. If your existing sudoers file is configured to import configuration from another directory (for example, /etc/sudoers.d), you can also place the lines in a new file in that directory:
Defaults:ecxagent !requiretty
Defaults:ecxagent env_keep+="ORACLE_HOME"
Defaults:ecxagent env_keep+="ORACLE_SID"
ecxagent ALL=(ALL) NOPASSWD:ALL