caboのIT系Tipsの情報まとめ

インフラエンジニアなのでそれに関連したIT関連の記事や技術情報をメインに扱います。また、趣味のアウトドアや写真(主に風景)が好きなのでそちらもネタがあれば載せようと思います。

トップ > oracle

踏み台サーバ経由の接続、接続ユーザに通常コマンドを実行させない

database install oracle shareplex インストール 検証 初期設定 データ連携

一度、ホームネットワークを改ざんにあって破壊されたので再度、VPNでのリモート接続などを家向けに接続できるようにはしたが、すこしセキュリティを高めて公開用のユーザに対して、踏み台経由にてTrusted-Zoneに入れるようにしている。

踏み台のユーザ設定を以下のように行うと、ある程度実行コマンドは抑制される。とはいっても入られたらどうしようもない。。

 

  • SHELL作成&ユーザ作成

[telnet]

ユーザ作成時に、別シェルを準備してそのSHELLを適応するようにする。

# ln -s /bin/bash /bin/rbash

# useradd -u 10000 -g 10000 -m -d /home/hoge1234 -s /bin/rbash hoge1234

 

  • 環境変数設定

[telnet]

履歴は残らないように、ホームディレクトリしかパスが通らないようにする。

# cat /home/hoge1234/.bash_profile

history -c
echo /dev/null > ~/.bash_history
export HISTCONTROL=ignoreboth
export HISTCONTROL=ignorespace

PATH=/home/hamamoto

export PATH

 

 

  • 指定コマンドの配置

[telnet]

ホームディレクトリに、リンクで必要なコマンドを記載。ここではSSH接続をしたいので、リンクを作成。sshcommandで接続ができる。

# ln -s /usr/bin/ssh /home/hoge1234/.sshcommand

 

 

OracleHomeのClone作成

install oracle shareplex インストール 初期設定 database データ連携 検証

パッチの適応試験とか、別環境にDBのエンジンを移すのに便利。
runInstallerのオプションで-cloneを指定するのみ。

事前に$ORACLE_HOMEをtar-ball等で固めて、別ディレクトリに展開。

展開先をORACLE_HOMEとしてcloneとして登録。

 

  • CloneDBエンジンの作成

# export DISPLAY=192.168.11.1:0.0
# $ORACLE_HOME/oui/bin/runInstaller -silent -clone ORACLE_HOME="/opt/oracle/app/oracle/product/11.2.0/dbhome_3" ORACLE_HOME_NAME="dbhome3" ORACLE_BASE="/opt/oracle/app/oracle"
Starting Oracle Universal Installer...

Checking swap space: must be greater than 500 MB. Actual 4015 MB Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2019-01-06_02-41-06AM. Please wait ...[oracle@sp1111 11.2.0]$ Oracle Universal Installer, Version 11.2.0.4.0 Production
Copyright (C) 1999, 2013, Oracle. All rights reserved.

You can find the log of this install session at:
/opt/oracle/app/oraInventory/logs/cloneActions2019-01-06_02-41-06AM.log
.................................................................................................... 100% Done.

 

Installation in progress (Sunday, January 6, 2019 2:41:22 AM JST)
.............................................................................. 78% Done.
Install successful

Linking in progress (Sunday, January 6, 2019 2:41:27 AM JST)
Link successful

Setup in progress (Sunday, January 6, 2019 2:42:16 AM JST)
Setup successful

End of install phases.(Sunday, January 6, 2019 2:42:40 AM JST)
WARNING:
The following configuration scripts need to be executed as the "root" user.
/opt/oracle/app/oracle/product/11.2.0/dbhome_3/root.sh
To execute the configuration scripts:
1. Open a terminal window
2. Log in as "root"
3. Run the scripts

The cloning of dbhome3 was successful.
Please check '/opt/oracle/app/oraInventory/logs/cloneActions2019-01-06_02-41-06AM.log' for more details.

# su -
Password:<rootパスワード>
# /opt/oracle/app/oracle/product/11.2.0/dbhome_3/root.sh
Check /opt/oracle/app/oracle/product/11.2.0/dbhome_3/install/root_sp1111_2019-01-06_02-43-07.log for the output of root script

Shareplex9.2のora_setup<OCIStmtExecute: Oracle error ORA-01940>

shareplex oracle install インストール 初期設定

既知の不具合のようですが、正常終了せずに少し手を加えています。
一連の作業内容は以下の通り。

  • DBのインスタンス登録

BEQUEATHで接続設定するのでoratabを編集してインスタンス登録

[telnet]

# vi /etc/oratab

 

# This file is used by ORACLE utilities. It is created by root.sh
# and updated by either Database Configuration Assistant while creating
# a database or ASM Configuration Assistant while creating ASM instance.

# A colon, ':', is used as the field terminator. A new line terminates
# the entry. Lines beginning with a pound sign, '#', are comments.
#
# Entries are of the form:
# $ORACLE_SID:$ORACLE_HOME:<N|Y>:
#
# The first and second fields are the system identifier and home
# directory of the database respectively. The third filed indicates
# to the dbstart utility that the database should , "Y", or should not,
# "N", be brought up at system boot time.
#
# Multiple entries with the same $ORACLE_SID are not allowed.
#
#
orasp21:/opt/oracle/app/oracle/product/11.2.0/dbhome_2:N

 

 

  • ora_setup実行

実施でエラーが。。よくわからない。なぜDropするんだろう。新規作成なのにとおもいつつ対応。
環境変数はインストレーションのものを利用。

 

www.cabo-surf.com

 

[telnet]

# /opt/splex/proddir/bin/ora_setup


Welcome to the Oracle SharePlex setup process for port 11000.
This process creates tables and user accounts needed to run
Oracle SharePlex replication.

Will the SharePlex install be using a BEQUEATH connection? (Entering 'n' implies a SQL*net connection) [y] :<改行>
Please note the following:
** In response to prompts, a carriage return will choose the default
given in brackets. If there is no default, a reply must be entered.

** To exit the program while the program is waiting for input, use the
CTRL-C key sequence.
This sequences can be entered by holding down the CONTROL key and
pressing the C key.


Enter the Oracle SID for which SharePlex should be installed [orasp21] :<改行>


In order to create the SharePlex tables and user account, we must
connect to the database as a DBA user

Enter a DBA user for orasp21 : system

Enter password for the DBA account, which will not echo <systemユーザのパスワード>

connecting--This may take a few seconds.

validating user name and password. . . This may take a few seconds.
SharePlex objects will need to be created under a special
account. You can pick an existing user or create a new one.
Would you like to create a new SharePlex user ? [y] :<改行>
Enter username for new user [splex/splex] : splex11000/splex11000

Warning: This user is now being granted unlimited tablespace.
This privilege will remain in effect until it is explicitly changed.
SPLEX_ROLE_BOTH already exists; continuing setup . . .

Do you want to enable replication of tables with TDE? [n] :<改行>

To enable replication of tables with TDE in the future, please rerun ora_setup.

Setup will now install SharePlex objects.

These are the existing tablespaces.

SYSTEM SYSAUX UNDOTBS1 TEMP USERS

Enter the default tablespace for use by SharePlex [USERS] :<改行>

Enter the temporary tablespace for use by SharePlex [TEMP] :<改行>
Enter the index tablespace for use by SharePlex [ ] : USERS

Creating SharePlex objects [Installation type: Fresh]. . .

Creating SharePlex Oracle-timezone-region map . . . Done.

Creating Conflict Resolution Package . . . Done.

Creating SharePlex Dataequator package . . .

Loading Compare Package from "/opt/splex/proddir/util/sp_deq_pkg.plb"...Done.

Note: The SharePlex object that supports replication of SDO_GEOMETRY cannot be installed
because the Oracle Spatial and Graph feature is not installed.

Do you want to continue with the setup without support for SDO_GEOMETRY? [n] :<改行>
Exiting Setup.

/opt/splex/proddir/.app-modules/ora_setup:
SQL> DROP USER splex11000 CASCADE

OCIStmtExecute: Oracle error ORA-01940: cannot drop a user that is currently connected

 

 

  • ora_setupでのORA-01940の対処

以下の公開情報をもとに対処。

support.quest.com

でも、そもそもsplexのユーザにConnect権限もついてないし、以下を設定。

 

[telnet]

# sqlplus system/admin

SQL*Plus: Release 11.2.0.4.0 Production on Sun Jan 6 00:48:34 2019

Copyright (c) 1982, 2013, Oracle. All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters and Automatic Storage Management options


SQL> grant connect,dba to splex11000;

Grant succeeded.

SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters and Automatic Storage Management options
# sqlplus splex11000/splex11000

SQL*Plus: Release 11.2.0.4.0 Production on Sun Jan 6 00:49:15 2019

Copyright (c) 1982, 2013, Oracle. All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters and Automatic Storage Management options

SQL> @/opt/splex/proddir/util/sp_deq_pkg.plb

Package created.


Package body created.

SQL> show error
No errors.
SQL> select object_name, object_type, owner from dba_objects where object_name='DBMS_LOB';

OBJECT_NAME
--------------------------------------------------------------------------------
OBJECT_TYPE OWNER
------------------- ------------------------------
DBMS_LOB
PACKAGE SYS

DBMS_LOB
PACKAGE BODY SYS

DBMS_LOB
SYNONYM PUBLIC


SQL> grant execute any procedure to splex11000;

Grant succeeded.

SQL> exit

  • ora_setup再実行

特にエラーなく実施完了。

[telnet]

# /opt/splex/proddir/bin/ora_setup

 

Welcome to the Oracle SharePlex setup process for port 11000.
This process creates tables and user accounts needed to run
Oracle SharePlex replication.

Will the SharePlex install be using a BEQUEATH connection? (Entering 'n' implies a SQL*net connection) [y] :<改行>
Please note the following:
** In response to prompts, a carriage return will choose the default
given in brackets. If there is no default, a reply must be entered.

** To exit the program while the program is waiting for input, use the
CTRL-C key sequence.
This sequences can be entered by holding down the CONTROL key and
pressing the C key.


Enter the Oracle SID for which SharePlex should be installed [orasp21] :<改行>


In order to create the SharePlex tables and user account, we must
connect to the database as a DBA user

Enter a DBA user for orasp21 : system

Enter password for the DBA account, which will not echo :<systemのパスワード>

connecting--This may take a few seconds.

validating user name and password. . . This may take a few seconds.
SharePlex objects will need to be created under a special
account. You can pick an existing user or create a new one.
Would you like to create a new SharePlex user ? [y] : n
Enter username of an existing user : splex11000

Enter user password for splex11000 :splex11000
validating user name and password. . . This may take a few seconds.

Warning: This user is now being granted unlimited tablespace.
This privilege will remain in effect until it is explicitly changed.
SPLEX_ROLE_BOTH already exists; continuing setup . . .

Do you want to enable replication of tables with TDE? [n] :<改行>

To enable replication of tables with TDE in the future, please rerun ora_setup.

Setup will now install SharePlex objects.

These are the existing tablespaces.

SYSTEM SYSAUX UNDOTBS1 TEMP USERS

Enter the default tablespace for use by SharePlex [USERS] :<改行>

Enter the temporary tablespace for use by SharePlex [TEMP] :<改行>
Enter the index tablespace for use by SharePlex [ ] : USERS

The current index tablespace for user splex11000 is TOOLS.
Do you want to change to USERS? [y] : n

Creating SharePlex objects [Installation type: Upgrade]. . .
SPLEX11000.SHAREPLEX_CONF_LOG already exists; continuing setup . . .
SPLEX11000.SHAREPLEX_CONF_LOG_SEQ already exists; continuing setup . . .
SPLEX11000.SHAREPLEX_DATAEQUATOR_INS_TEMP already exists; continuing setup . . .
SPLEX11000.SHAREPLEX_DATAEQUATOR_UPD_TEMP already exists; continuing setup . . .
SPLEX11000.SHAREPLEX_DATAEQUATOR_DEL_TEMP already exists; continuing setup . . .
SPLEX11000.SHAREPLEX_RECOVERY already exists; continuing setup . . .
SPLEX11000.SHAREPLEX_RECOVERY_OP_SEQ already exists; continuing setup . . .
SPLEX11000.SHAREPLEX_ANALYZE already exists; continuing setup . . .

Creating SharePlex Oracle-timezone-region map . . . Done.

Creating Conflict Resolution Package . . . Done.

Creating SharePlex Dataequator package . . .
drop package:sp_deq_pkg

Loading Compare Package from "/opt/splex/proddir/util/sp_deq_pkg.plb"...Done.

Note: The SharePlex object that supports replication of SDO_GEOMETRY cannot be installed
because the Oracle Spatial and Graph feature is not installed.

Do you want to continue with the setup without support for SDO_GEOMETRY? [n] :<改行>
Exiting Setup.

/opt/splex/proddir/.app-modules/ora_setup:

 

Shareplex9.2のライセンスキー登録

database install oracle shareplex インストール データ連携 初期設定 検証

実施通りです。

 

  • キー登録

[telnet]

# /opt/splex/proddir/install/splex_add_key


SharePlex License Utility

1) Read license key from file
2) Enter license key manually
3) Add license key for alternate host
q) Quit License Utility

Enter option: 2
Enter Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Enter Customer Name: YYYYYYYY


The SharePlex for Oracle - RAC license, "Trial Key" has been successfully added for host ------.
Please note that sp_cop needs to be restarted to have the new key recognized.

It will expire after Midnight of Feb xx, 2019


SharePlex License Utility

1) Read license key from file
2) Enter license key manually
3) Add license key for alternate host
q) Quit License Utility

Enter option: q

 

  • キー確認

でもライセンスは30日限定。

[telnet]

# ./opt/splex/proddir/install/splex_get_key


Customer Name = YYYYYYYY
License Key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Product Name = SharePlex for Oracle - RAC
License Key Type = "Trial Key"
Expires = at Midnight of Feb 04, 2019

 

 

Shareplex9.2のインストレーション

database Cabo-Tips install oracle shareplex インストール データ連携 初期設定 検証

特に癖はないですがこんな感じの設定で動きます。

 

デフォルトの環境変数でもですが、以下の通りです。

# cat $HOME/.bash_profile

 

## ORACLE接続系の環境変数

export PATH
export LANG=C
export NLS_LANG=American_Japan.US7ASCII
export ORACLE_BASE=/opt/oracle/app/oracle
export ORACLE_HOME=/opt/oracle/app/oracle/product/11.2.0/dbhome_2
export ORACLE_SID=orasp11
export LD_LIBRARY_PATH=$ORACLE_HOME/lib
export PATH=$PATH:$HOME/.local/bin:$HOME/bin:$ORACLE_HOME/bin

 

#SPの環境変数
export SP_SYS_HOST_NAME=sp1111
export SP_SYS_PRODDIR=/opt/splex/proddir
export SP_SYS_VARDIR=/opt/splex/vardir11000
export SP_BIN=$SP_SYS_PRODDIR/bin
export SP_LOG=$SP_SYS_VARDIR/log
export SP_OSY_PORT=11001
export SP_COP_TPORT=11000
export SP_COP_UPORT=11000
export PATH=$PATH:$SP_BIN:.

 

 

  • インストレーション

どうも8.xとは入力内容が変わっているよう。ライセンス登録が必要。

[telnet]

# ./SPX-9.2.0-b42-oracle110-rh-40-amd64-m64.tpm

 

#CONSOLE=/dev/console

SharePlex installation program:
SharePlex Version: 9.2.0
Build platform: rh-40-amd64
Target platform: rh-40-amd64

Please enter the name of the user that will be the SharePlex Admin? [splex]<改行>
Please enter the product directory location? /opt/splex/proddir
Please enter the variable data directory location? /opt/splex/vardir11000
Please specify the SharePlex Admin group (select a number):
1. [oinstall]
2. spadmin
3. asmdba
4. dba
5. <Other ...>
? 1
Create new SharePlex Operator group "spopr"? [yes]<改行>
Successfully created new SharePlex Operator group "spopr"
Create new SharePlex View group "spview"? [yes]<改行>
Successfully created new SharePlex View group "spview"
Please enter the TCP/IP port number for SharePlex communications? [2100] 11000

Preparing to install SharePlex v.9.2.0:
User: splex
Admin Group: oinstall
Product Directory: /opt/splex/proddir
Variable Data Directory: /opt/splex/vardir11000

Proceed with installation? [yes]<改行>
Installing 
.............................
Setting file ownerships ...................................................
.........................................................................

..........................................
Setting file permissions ..................................................

...........................................
Do you have a valid SharePlex v. 9.2.0 license? [yes] no

NOTE: You may add a license key(s) at any time by executing utility
/opt/splex/proddir/install/splex_add_key

SharePlex v.9.2.0 installation successful.

 

 

Solairs10 x86-64(導入後の諸設定)sshとか。。

Cabo-Tips OS database install oracle shareplex

インストール後で作業しやすいセキュアレスな環境に変更します。

ちょっと手順だけではないですが以下備忘録です。

 

  • GUI起動

GUI初期起動ではCUIなんですね。

# /usr/bin/gdm

でコンソールから起動ができます。

 

 

  • ssh,telnetのrootログイン

特筆すべき内容なし。

[telnet]

#vi /etc/default/login

 以下をコメントアウト

#CONSOLE=/dev/console

 

[ssh]

#vi /etc/ssh/sshd_config

 以下を変更

#PermitRootLogin no
PermitRootLogin yes

⇒サービス再起動

#svcadm restart ssh

 

 

  • パスワードポリシーの変更

ユーザパスワードポリシーの規定を無効にします。

#vi /etc/pam.conf

 以下foruce_checkを削除

#other  password requisite      pam_authtok_check.so.1 force_check
other   password requisite      pam_authtok_check.so.1

 

 

 

  • 標準言語の設定

基本はjaなのでEUCとなっている。環境を統一したいのでUTFに変更する場合は、

#vi /etc/default/init

 以下LANGをLANG=ja_JP.UTF-8変更

#LANG=ja
LANG=ja_JP.UTF-8