Tuesday, March 7, 2023

RMAN based Database Duplicate

Scenerio: We would like to restore a database to new server with different name from the backup with until time clause. Steps in Brief: 1. Start the Target database instance (RMAN Auxiliary) at nomount as single node; configure the controfile to file system or ASM diskgroup with just name, instead of complete path, like '+DATA1','+DATA2','+FRA' 2. Configure static listener and start it, start the above database with local_listener parameter. 3. run the rman command and connect source (RMAN target) using SYS and connect target (RMAN Auxiliary) database using / 4. Since we restoring from backup device, make sure the backup medium is accessible from target database $ export ORACLE_SID=TARGET_INSTANCE $ rman RMAN> connect target sys/<>@ RMAN> connnect auxiliary / RMAN>run{ allocate channel A1 device type disk; allocate channel A2 device type disk; allocate channel A3 device type disk; allocate channel A4 device type disk; Allocate auxiliary channel c1 type 'sbt_tape' PARMS="SBT_LIBRARY=/opt/commvault/Base/libobk.so,BLKSIZE=1048576"; Allocate auxiliary channel c2 type 'sbt_tape' PARMS="SBT_LIBRARY=/opt/commvault/Base/libobk.so,BLKSIZE=1048576"; Allocate auxiliary channel c3 type 'sbt_tape' PARMS="SBT_LIBRARY=/opt/commvault/Base/libobk.so,BLKSIZE=1048576"; Allocate auxiliary channel c4 type 'sbt_tape' PARMS="SBT_LIBRARY=/opt/commvault/Base/libobk.so,BLKSIZE=1048576"; DUPLICATE TARGET DATABASE TO TARGET_DB_NAME until time "to_date('07-MAR-23 09.02.51PM','dd-mon-yy hh:mi:sspm')" ; } After Database is OPEN. Configure the database in srvctl srvctl add database -db TARGET_DB_NAME -oraclehome /u01/app/oracle/product/12.2.0/dbhome_1 srvctl add instance -db TARGET_DB_NAME -instance TARGET_instance_NAME1 -node hostname1 srvctl add instance -db TARGET_DB_NAME -instance TARGET_instance_NAME2 -node hostname2 srvctl add instance -db TARGET_DB_NAME -instance TARGET_instance_NAME3 -node hostname3
Posted by at No comments:

Monday, June 29, 2020

Password-based Oracle Database-Microsoft Active Directory integration using Oracle Unified Directory and Microsoft Active Directory

 Password-based Oracle Database-Microsoft Active Directory integration using Oracle Unified Directory and Microsoft Active Directory 


This integration enables organizations to use Active Directory to centrally manage users and roles in multiple Oracle databases with a single directory along with other Information Technology services.
Active Directory users can authenticate to the Oracle database by using credentials that are stored in Active Directory.
Active Directory users can also be associated with database users (schemas) and roles by using Active Directory groups.
Microsoft Active Directory users can be mapped to exclusive or shared Oracle Database users (schemas), and be associated with database roles through their group membership in the directory.
Active Directory account policies such as password expiration time and lockout after a specified number of failed login attempts are honored by the Oracle Database when users login.
centrally managed users (CMUs) with Active Directory.
This integration is designed for organizations that prefer to use Active Directory as their centralized identity management solution. Oracle Net Naming Services continues to work as it did before with directory services.

Option1: Mapping Microsoft Active Directory users and groups directly to Oracle database users and roles. 
Option2: Mapping Active Directory architecture enables Oracle Database users and roles to be managed in Active Directory

How Authentication happens when users and groups are directed to Oracle database users and roles
End-Stage→ Oracle database must able to login account created for the database in MS-AD.
Step 1: query Active Directory for user and group information when a user logs into the database
Step 2: Active Directory service account has all the privileges required to query the user and group information
Step 3: User authenticate using passwords assigned to an exclusive schema.
Step 4: Mapping of an Active Directory user to a shared schema is determined by the association of the user to an Active Directory group that is mapped to the shared schema

Configuring the Oracle Database-Microsoft Active Directory Integration

Prereq
Microsoft Active Directory installed and configured
Configure the Oracle Database connection to Active Directory
Configure the database and Active Directory for password
The Active Directory users and groups have been created
Map Database users and global roles to Active Directory users and groups ( CREATE USER, CREATE ROLE, ALTER USER, ALTER ROLE SQL statements with the GLOBALLY clause)
Set up new Active Directory groups with Active Directory users

Connecting to Microsoft Active Directory

Create Oracle Service Directory user Account on MS AD

Create AD user and check permissions with Reading or Write properties

Install Password Filter and extend the AD schema

Use the Oracle opwdintg.exe executable on the Active Directory server to install the password filter and extend the Active Directory schema.
The opwdintg.exe executable installs the Oracle password filter, extends the Active Directory schema, and creates Active Directory groups to allow Oracle Database password authentication with Active Directory. This procedure adds an orclCommonAttribute attribute to the Active Directory schema for user accounts.
Execute  opwdintg.exe utility

Create dsi.ora File

You must manually create the dsi.ora file to identify the Active Directory servers.

Request AD Certificate for Secure Connection

Create a Wallet for Secure connection

create a wallet in location $ORACLE_BASE/admin/db_unique_name/wallet/
configure using orapki utility

Configure AD Connection 

Configure the Active Directory services connection manually by using LDAP-specific Oracle Database system parameters
Ensure dsi.ora and ldap.ora in wallet location
connect database with user@TNS_service name
Modify the LDAP_DIRECTORY_ACCESS parameter, which determines the type of LDAP directory access.
Set the LDAP_DIRECTORY_SYSAUTH parameter to YES, so that administrative users from Active Directory can log in to Oracle Database with the SYSDBA, SYSOPER, SYSBACKUP, SYSDG, SYSKM, or SYSRAC administrative privilege.

Verify Oracle Wallet 

Login to server and in Wallet location check so, p12 and ora files

Test Integration

Configure ORACLE_HOME, ORACLE_SID, PATH, and ORACLE_BASE and connect to database using
sqlplus user@TNS_servicename

Configuration of CMU and AD users 

Mapping a Directory Group to a Shared Database Global User
Most users of the database will be mapped to a shared global database user (schema) through membership in a directory group.
eg:
Country + Application + RO+ RW specific AD GroupMapped Oracle Role Privilegeshared global database user
ADM-VUT_PRD_UBS_DB FCUBS_RWselect, update,deleteREADONLYUSR
ADM-VUT_PRD_UBS_RO_DB FCUBS_ROselectFCUBS, OBDX, AB, IEXTN




Posted by at No comments:

Wednesday, May 13, 2020

Configure X11 on Solaris 11.4


Log into the SPARC server as root.   The server needs to have access to a software repository so that you can install the solaris-desktop package as follows:
# pkg install solaris-desktop
root@BSPZTSTDB0303:~# pkg install solaris-desktop
           Packages to install: 379
            Services to change:  15
       Create boot environment:  No
Create backup boot environment:  No

DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                            379/379   73183/73183  994.0/994.0  2.7M/s

PHASE                                          ITEMS
Installing new actions                   89149/89149
Updating package state database                 Done
Updating package cache                           0/0
Updating image state                            Done
Creating fast lookup database                   Done
Updating package cache                           4/4
root@BSPZTSTDB0303:~# vi /etc/gdm/custom.conf
root@BSPZTSTDB0303:~# inetadm -e xvnc-inetd
root@BSPZTSTDB0303:~# svcs -vx

When the installation is complete, enable XDMCP connections by editing the /etc/gdm/custom.conf file. Add this line to the end of the file:
[xdmcp]
Enable=true
Enable xvnc-inetd as follows:
# inetadm -e xvnc-inetd
Restart the graphical login service (gdm) as follows:
# svcadm restart svc:/application/graphical-login/gdm:default
Check the state of the gdm service by typing:
# svcs -vx



configure X-Server to accept remote connections.
#svccfg -s application/x11/x11-server
svc:/application/x11/x11-server> setprop options/tcp_listen = boolean: true
svc:/application/x11/x11-server> end

#svccfg -s xvnc-inetd
svc:/application/x11/xvnc-inetd> setprop inetd_start/exec = astring: "/usr/bin/Xvnc -geometry 1280x720 -inetd -query localhost -once securitytypes=none"
svc:/application/x11/xvnc-inetd> end

# svcadm disable gdm xvnc-inetd; svcadm enable gdm xvnc-inetd
Step 5
Point your favourite VNC client at your Solaris server and test if it accepts your VNC connection – you should be presented with a Username/Password login screen.
You could just install solaris -large-server or just a minimal packages (if you prefer) to allow runinstaller to run.

# pkg install xauth x11/diagnostic/x11-info-clients library/motif terminal/xterm

Posted by at 1 comment:

Friday, May 8, 2020

Terraform in OCI




Terraform in OCI

1.       Generate API keys from command prompt
debaranw@DEBARANW-IN MINGW64 ~/.ssh
$ pwd
/c/Users/debaranw/.ssh

debaranw@DEBARANW-IN MINGW64 ~/.ssh
$ openssl genrsa -out oci_api_key.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................+++++
.....................................+++++
e is 65537 (0x010001)

debaranw@DEBARANW-IN MINGW64 ~/.ssh
$ dir
id_rsa  id_rsa.pub  known_hosts  oci_api_key.pem

debaranw@DEBARANW-IN MINGW64 ~/.ssh
$ openssl rsa -pubout -in oci_api_key.pem -out oci_api_key_public.pem
writing RSA key

debaranw@DEBARANW-IN MINGW64 ~/.ssh
$ dir
id_rsa  id_rsa.pub  known_hosts  oci_api_key.pem  oci_api_key_public.pem

debaranw@DEBARANW-IN MINGW64 ~/.ssh
$ ls -lrt
total 14
-rw-r--r-- 1 debaranw 197121 1831 Jul  1 09:43 id_rsa
-rw-r--r-- 1 debaranw 197121  402 Jul  1 09:43 id_rsa.pub
-rw-r--r-- 1 debaranw 197121 1353 Jul 16 11:27 known_hosts
-rw-r--r-- 1 debaranw 197121 1706 Jul 18 11:01 oci_api_key.pem
-rw-r--r-- 1 debaranw 197121  460 Jul 18 11:12 oci_api_key_public.pem

debaranw@DEBARANW-IN MINGW64 ~/.ssh
$ cat oci_api_key_public.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrCoUaj+4oMECD4Gyhet
j0NmZ1dwMTaKQWEDy0KAUVRbUKJeoB0GH60y7Jh566aswRDXowZBlKvxOUL5XL+t
pZc18yMhpKWbq5wq9+43ut0IjrLZNl2D1jBqxvOp2oqTO7uPRKoRlywcHtDri0pT
fSq5Em8dQIrrmcaFKD5PXi/+KRc1KR5kOcxkOxnBTlIiAUPmusmuL5qIosMA5G/M
EhZPtipgddAVcpunCO9L9NBo1rEUiTv0LAH253MGrw+YQ+2eRYWqMnyWuzGkRyym
m0sT9FWp8En2lo2HdB+dg440U6AoPCheftzH8gGzDd0Je1b1x12SCkuRj+v1/1i7
SQIDAQAB
-----END PUBLIC KEY-----

debaranw@DEBARANW-IN MINGW64 ~/.ssh
$


2.       Download and configure Terraform
3.       Set Environment Variable

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ export TF_VAR_tenancy_ocid=ocid1.tenancy.oc1..aaaaaaaa5kxrelenhoqbpg7olifnxkm5uefxvtysusm4xgoeqgotnmjasc5q
export TF_VAR_fingerprint=f5:f2:7d:9c:f4:29:75:b8:8d:79:e7:af:fd:c9:ff:2f
export TF_VAR_private_key_path=oci_api_key.pem
### Region
export TF_VAR_region=eu-frankfurt-1
### Compartment
export TF_VAR_compartment_ocid=ocid1.compartment.oc1..aaaaaaaaibjd3h7s64dv6sefbg6hvnche7sfnefpnlyifx5g2z6ccf2qdj2q
debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ export TF_VAR_user_ocid=ocid1.user.oc1..aaaaaaaavdteylrqbpokvwbhjdz62b4d6g6squclzatzr5ukgu422nx2c5ba

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ export TF_VAR_fingerprint=f5:f2:7d:9c:f4:29:75:b8:8d:79:e7:af:fd:c9:ff:2f

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ export TF_VAR_private_key_path=oci_api_key.pem

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ ### Region

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ export TF_VAR_region=eu-frankfurt-1

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ ### Compartment

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ export TF_VAR_compartment_ocid=ocid1.compartment.oc1..aaaaaaaaibjd3h7s64dv6sefbg6hvnche7sfnefpnlyifx5g2z6ccf2qdj2q

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ vi vcn.tf

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
4.        

5.       Initialize the terraform
debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ terraform init

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...

Registry service unreachable.

This may indicate a network issue, or an issue with the requested Terraform Registry.


Error: registry service is unreachable, check https://status.hashicorp.com/ for status updates



debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ terraform init

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "oci" (terraform-providers/oci) 3.34.0...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$

6.       Check the environment variable and run terraform plan

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ env|grep TF
TF_VAR_compartment_ocid=ocid1.compartment.oc1..aaaaaaaaibjd3h7s64dv6sefbg6hvnche7sfnefpnlyifx5g2z6ccf2qdj2q
TF_VAR_region=eu-frankfurt-1
LANG=en_US.UTF-8
TF_VAR_private_key_path=/c/Users/debaranw/.ssh/oci_api_key.pem
TF_VAR_tenancy_ocid=ocid1.tenancy.oc1..aaaaaaaa5kxrelenhoqbpg7olifnxkm5uefxvtysusm4xgoeqgotnmjasc5q
TF_VAR_user_ocid=ocid1.user.oc1..aaaaaaaavdteylrqbpokvwbhjdz62b4d6g6squclzatzr5ukgu422nx2c5ba
TF_VAR_fingerprint=f5:f2:7d:9c:f4:29:75:b8:8d:79:e7:af:fd:c9:ff:2f

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # oci_core_virtual_network.simple-vcn will be created
  + resource "oci_core_virtual_network" "simple-vcn" {
      + cidr_block               = "10.9.0.0/16"
      + compartment_id           = "ocid1.compartment.oc1..aaaaaaaaibjd3h7s64dv6sefbg6hvnche7sfnefpnlyifx5g2z6ccf2qdj2q"
      + default_dhcp_options_id  = (known after apply)
      + default_route_table_id   = (known after apply)
      + default_security_list_id = (known after apply)
      + defined_tags             = (known after apply)
      + display_name             = "simple-vcn"
      + dns_label                = "testvcn1"
      + freeform_tags            = (known after apply)
      + id                       = (known after apply)
      + state                    = (known after apply)
      + time_created             = (known after apply)
      + vcn_domain_name          = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.


debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$
debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # oci_core_virtual_network.simple-vcn will be created
  + resource "oci_core_virtual_network" "simple-vcn" {
      + cidr_block               = "10.9.0.0/16"
      + compartment_id           = "ocid1.compartment.oc1..aaaaaaaaibjd3h7s64dv6sefbg6hvnche7sfnefpnlyifx5g2z6ccf2qdj2q"
      + default_dhcp_options_id  = (known after apply)
      + default_route_table_id   = (known after apply)
      + default_security_list_id = (known after apply)
      + defined_tags             = (known after apply)
      + display_name             = "simple-vcn"
      + dns_label                = "testvcn1"
      + freeform_tags            = (known after apply)
      + id                       = (known after apply)
      + state                    = (known after apply)
      + time_created             = (known after apply)
      + vcn_domain_name          = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

oci_core_virtual_network.simple-vcn: Creating...
oci_core_virtual_network.simple-vcn: Creation complete after 2s [id=ocid1.vcn.oc1.eu-frankfurt-1.aaaaaaaaok6ypiurwudbpaqkqeujntabvljxouysm6xackt275si52ucqpvq]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$ terraform destroy
oci_core_virtual_network.simple-vcn: Refreshing state... [id=ocid1.vcn.oc1.eu-frankfurt-1.aaaaaaaaok6ypiurwudbpaqkqeujntabvljxouysm6xackt275si52ucqpvq]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  # oci_core_virtual_network.simple-vcn will be destroyed
  - resource "oci_core_virtual_network" "simple-vcn" {
      - cidr_block               = "10.9.0.0/16" -> null
      - compartment_id           = "ocid1.compartment.oc1..aaaaaaaaibjd3h7s64dv6sefbg6hvnche7sfnefpnlyifx5g2z6ccf2qdj2q" -> null
      - default_dhcp_options_id  = "ocid1.dhcpoptions.oc1.eu-frankfurt-1.aaaaaaaaopepr6mcsm5ynnsr4qugfimz2w5l5laqaa5xh3jzs6fhbfs4r6ga" -> null
      - default_route_table_id   = "ocid1.routetable.oc1.eu-frankfurt-1.aaaaaaaaq43ws44iotwcdsu6b46mjibmzcvcgyalk5qtfo4eknqsbeqjhtrq" -> null
      - default_security_list_id = "ocid1.securitylist.oc1.eu-frankfurt-1.aaaaaaaax3zatlgrkmrqtsh7no674hxmm6u7tj3rwgmw5hyfp6zsu7gdjdkq" -> null
      - defined_tags             = {} -> null
      - display_name             = "simple-vcn" -> null
      - dns_label                = "testvcn1" -> null
      - freeform_tags            = {} -> null
      - id                       = "ocid1.vcn.oc1.eu-frankfurt-1.aaaaaaaaok6ypiurwudbpaqkqeujntabvljxouysm6xackt275si52ucqpvq" -> null
      - state                    = "AVAILABLE" -> null
      - time_created             = "2019-07-18 06:35:56.175 +0000 UTC" -> null
      - vcn_domain_name          = "testvcn1.oraclevcn.com" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

oci_core_virtual_network.simple-vcn: Destroying... [id=ocid1.vcn.oc1.eu-frankfurt-1.aaaaaaaaok6ypiurwudbpaqkqeujntabvljxouysm6xackt275si52ucqpvq]
oci_core_virtual_network.simple-vcn: Destruction complete after 1s

Destroy complete! Resources: 1 destroyed.

debaranw@DEBARANW-IN MINGW64 /c/terraform/test
$

http://www.ateam-oracle.com/getting-started-using-terraform-with-oci
https://github.com/terraform-providers/terraform-provider-oci
https://www.terraform.io/docs/providers/oci/d/core_instance.html
https://learn.hashicorp.com/terraform/getting-started/build

Posted by at No comments:
Subscribe to: Posts (Atom)