EXADATA: How to configure ssh for current user on a list of nodes?

APPLIES TO:

Oracle Exadata Storage Server Software – Version 11.2.1.2.0 and later.

GOAL

Customer needs steps to configure ssh on exadata.

SOLUTION

Run the following on a db node, and follow the prompts.
/opt/oracle.SupportTools/onecommand/setssh-Linux.sh -h /opt.oracle.SupportTools/onecommand/all_nodelist_group
This will configure passwordless ssh for current user for the list of nodes specified in all_nodelist_group.

 

If the utility is missing, it can be extracted from a current download of the onecommand utility

see Document : 888828.1 – Exadata Database Machine and Exadata Storage Server Supported Versions

 

/opt.oracle.SupportTools/onecommand/all_nodelist_group —you may need to create a file with the host entries for which you need SSH.

Example;

IBSWITCH_GROUP –Keep the ibswitches in that file and pass in that command.

[root@exa01dbadm01 ~]# cd /opt/oracle.SupportTools/onecommand/
[root@exa01dbadm01 onecommand]# vi IBSWITCH_GROUP
exa01sw-iba01
exa01sw-ibb01

[root@exa01dbadm01 onecommand]#chmod 775  IBSWITCH_GROUP 

[root@exa01dbadm01 onecommand]# ./setssh-Linux.sh -s -p  PassWord -n N -h IBSWITCH_GROUP
[root@exa01dbadm01 onecommand]# cat IBSWITCH_GROUP
exa01sw-iba01
exa01sw-ibb01
[root@exa01dbadm01 onecommand]# ssh exa01sw-iba01
Last login: Sat Oct 14 15:39:56 2017 from exa01dbadm01.omsan.com.tr
You are now logged in to the root shell.
It is recommended to use ILOM shell instead of root shell.
All usage should be restricted to documented commands and documented
config files.
To view the list of documented commands, use “help” at linux prompt.
[root@exa01sw-iba01 ~]#

For different user from root (for example oracle user)

EXADATA passwordless SSH login not working for oracle user

i. Login to the oracle account:
# su – oracle

ii. Create a dcli group file listing the nodes in the Oracle Cluster.

iii. Run the setup ssh script (this assumes the oracle password on all servers in the dbs_group list is set to “welcome””
$./setssh-Linux.sh -s -p welcome1 -n N -h dbs_group

Source:Oracle support note(Doc ID 1923785.1)

 

Advertisements

root user SSH Failed Login Attempts on Oracle Exadata

Problem:root user SSH Failed Login Attempts on Oracle Exadata

Solution: check log file and unlock user

[root@exa01dbadm01 ~]# tail -f /var/log/secure

Jan 20 08:12:02 exa01dbadm01 sshd[119402]: Failed password for root from 172.18.17.71 port 61446 ssh2

Jan 20 08:12:14 exa01dbadm01 sshd[119402]: pam_tally2(sshd:auth): user root (0) tally 23, deny 5

[root@exa01dbadm01 ~]# pam_tally2 –user=root

Login           Failures Latest failure     From

root               23    01/20/17 09:12:14 172.18.17.71

[root@exa01dbadm01 ~]# pam_tally2 –user=root –reset

Login           Failures Latest failure     From

root               23    01/20/17 09:12:14 172.18.17.71

[root@exa01dbadm01 ~]# pam_tally2 –user=root

Login           Failures Latest failure     From

root                0

How to seperate IP-based production and test database on exadata?is it possible?

Multiple public networks in the same cluster for Production,test and EBS database

Exadata our infrastructure;
/u01——–>Production database mount point
/u02——–>Test database mount point
192.168.90.3 exa01db01-vip
192.168.90.5 exa01db02-vip
exa01-scan IP
192.168.90.6
192.168.90.7
192.168.90.8

Question 1) Is it possible to change scan or vip name and like this?
Exa01live-scan —–>192.168.90.6 ve 192.168.90.7 user connect only PRODUCTION DATABASE with that IPs.
Exa01test-scan ——>192.168.90.8 user connect only TEST DATABASE with that IPs.

Solution:

You can create multiple networks and configure multiple scans for different database to use it. Please find the below document for steps.Note this article talks for ODA.But the steps are same for any 12.1.0.2 Cluster.
ODA (Oracle Database Appliance): HowTo Configure Multiple Public Network on GI (Grid Infrastructure) 12c ( Doc ID 2101109.1 )

 

Network Ports Used in Oracle Enterprise Manager 12c

These ports will be used in every Enterprise Manager 12c installation and will require firewall and/or ACL modifications if your network is restricted.

OEM12C Server:172.76.1.100
Production Db Server:172.76.10.4
Test Db Server:172.76.20.4
Source:172.76.1.100                            —->Destination:172.76.10.4,172.76.20.4
Source:172.76.10.4,172.76.20.4      —->172.76.1.100
Ports:Below

MS-SQL Server(if you have MS-SQL server) monitoring ports:

Sqlnet1                                                –>          tcp 1521

MS-SQL-Monitor                            –>          tcp 1434

MS-SQL-Monitor_UDP                 –>          udp 1434

MS-SQL-Server                                –>          tcp 1433

MS-SQL-Server_UDP                    –>          udp 1433

Network Ports Used in Oracle Enterprise Manager 12c;

Enterprise Manager Upload Http Port                                  –>tcp   4889

Enterprise Manager Upload Http SSL Port                          –>tcp   4903

Enterprise Manager Central Console Http SSL Port         –>tcp   7802

Node Manager Http SSL Port                                                    –>tcp   7403

Managed Server Http Port                                                         –>tcp   7202

Enterprise Manager Central Console Http Port                 –>tcp   7788

Oracle Management Agent Port                                              –>tcp   3872

Admin Server Http SSL Port                                                     –>tcp   7101-7102

Managed Server Http SSL Port                                                 –>tcp   7301

Enterprise Manager OHS Upload HTTP SSL                          –>tcp   1159

EM OHS Central Console HTTP SSL (Apache/UI)                 –>tcp  7799

Database Targets –  SQL*Net Listener (Depends on Listener Configuration)                             –                                                                                                              –>          tcp 1521-1522

 

Resource:https://blogs.oracle.com/oem/entry/planning_your_oracle_entperprise_manager

ORA-28221 REPLACE not specified

Database Version: Oracle 11g
User status:expired(grace)

PROBLEM:

Password complexity is enabled with custom function.I’m trying to change the password of my user and I’m getting this error.

SQL> alter user omerfrkbzkrt identified by new_password;
ORA-28221 REPLACE not specified

SOLUTION:

SQL> alter user omerfrkbzkrt identified by new_password replace old_password;

Reference: http://docs.oracle.com/cd/E11882_01/server.112/e41084/statements_4003.htm#SQLRF53632

 

Oracle ASM commands on Linux

 

grid

  1. Automatic Storage Management (ASM) commands
    1. Start asm daemon and create ASM disk
      1. /usr/sbin/oracleasm init
      2. fdisk /dev/sdb
        1. n –>create new disk
        2. p —>primary partition
        3. w —>save conf.
      3. oracleasm createdisk DATA /dev/sdb1
      4. oracleasm listdisks
    2.  Change  grid user:
      1.  [root@exa01dbadm01 ~]# su – grid
        [grid@exa01dbadm01 ~]$ asmcmd
        ASMCMD> ls -l
        State Type Rebal Name
        MOUNTED NORMAL N DATAC1/
        MOUNTED NORMAL N DBFS_DG/
        MOUNTED NORMAL N RECOC1/
        ASMCMD> lsdg
        State Type Rebal Sector Block AU Total_MB Free_MB Req_mir_free_MB Usable_file_MB Offline_disks Voting_files Name
        MOUNTED NORMAL N 512 4096 4194304 14315520 10306736 1192960 4556888 0 N DATA1/
        MOUNTED NORMAL N 512 4096 4194304 207648 197960 34608 81676 0 Y DBFS/
        MOUNTED NORMAL N 512 4096 4194304 2665536 1009240 222128 393556 0 N RECO/
        ASMCMD> pwd
        +ASMCMD> cd RECO
        ASMCMD> pwd
        +RECOC
        ASMCMD>
    3. ASMCMD Key Commands
      COMMAND DESCRIPTION
      cd Change directory
      cp Copy file
      du Disk space used by a directory and its subdirectories
      exit Exit the utility
      find Locate the path for all occurrences of the specified filename
      help Displays command assistance
      ls List the contents of a directory
      lsct List info about ASM clients
      lsdg List all disk groups and their attributes
      lsdsk List all physical disks visible to ASM
      md_backup Create a backup of the mounted diskgroups
      md_restore Restore the diskgroups from a backup
      mkalias Create an alias for a system generated filename
      mkdir Create directory
      pwd Print working directory (i.e. list current directory location)
      remap Repair a range of blocks on a disk
      rm Remove (i.e. delete) the specified files or directories
      rmalias Remove (i.e. delete) the specified alias