Monday, April 30, 2012

Security On Top Of Security

Regretfully, we have to put up with security invading our life maybe more than any danger that might occur.  This is true in our personal as well as public life. Recently I spent the day pulling my hair out because I couldn't achieve a very novice accomplishment like turning apache on and accessing a web page. More specifically, port 80 was not accessible while ping and ssh worked... well of course, they are on different ports.

In AWS EC2 parlance the Security Group must allow port 80 to be open.... and it was. I looked at it 10 times over 12 hours doubling checking again and again. It wasn't a mistake at on the apache-level, EC2-configuration, Selinux, iptable conflicts, host files, OS file or group permissions, file ownership, httpd.conf file, unavailable ports, the setroubleshoot service, or anything I could find on the EC2 forum.

It was just a firewall, a second frigging firewall... can you believe it. The Red Hat firewall is set up for you by default. My focus was on the EC2 firewall not knowing that RH already has one running by default. In my case I was using Oracle's Linux, but you always have to remember that it is a RH derivative.

What's my excuse for not knowing this?.... In the parlance of Dr. McCoy... "Damn it Jim, I'm a DBA not a RH nerd."

And I'll be damned if I'm going to make changes to the iptables... port by port, even when I did see a web comment or two in that direction. The syntax is totally greek even for a geek!

Actually, it is quite easy to turn off the RH firewall without making changes to the iptables. The last command supposedly does a permanent disable.

# service iptables save
# service iptables stop
# chkconfig iptables off


But that's not all... oh no, it isn't that simple. After another hour of frustration I needed a dope slap and good. Not because I'm a dope, but because I needed to wake up from 10 hours of security hell frying my brain. The final solution was to turn off IPV4 and IPV6.

# service ip6tables save
# service ip6tables stop
# chkconfig ip6tables off


Am I going to turn the RH firewall back on? What do you think.



Sunday, April 22, 2012

11.2.0.3.2 GI PSU 2 on ASM Based Standalone DB

Applying the GI PSU 2 on a vanilla database is fairly easy. However, patching a standalone database in an Oracle Restart and ASM configuration, which uses Role Separation, and running OPatch in auto mode is a little more challenging. At some point the OPatch auto mode will be clear sailing, but given this configuration there were bumps in the road.

The notes provided in the following link may save you from a sleepless night if your database does not come up after applying the patch.

Good luck, and let me know if you have comments.

GI PSU 2 Apply



Monday, April 16, 2012

MOS HTML version instead of Flash

Initially the Flash version of My Oracle Support (MOS) was disliked by many. I got use to it and it has improved over time. At times though it would be nice to still have an HTML version. I was pleasantly surprised to find that there is an HTML version. The URL is http://supporthtml.oracle.com

Monday, April 9, 2012

Highlights of the Installation and Configuration Companion

The Installation and Configuration Companion contains the following topics

•    Quick Start Guides for concise list of steps with links to in depth references.
•    How to obtain access to Oracle Support at a very low cost
•    How to make an EC2 IP/EIP persistant thru server stop/starts
•    How to validate an Amazon Machine Image for an Oracle database
•    How to use YUM during the installation
•    How to create your own server init/rc startup script
•    How to set up ssh, VNC, firewall tunneling and how to solve problems when connecting to your server
•    How to install the Grid Infrastructure (GI) using role separation for security and compliance
•    How to allocate EC2 storage for a production sized OEM repository server, including setting up swap, temp, and an Oracle Fast Recovery Area
•    How to configure Oracle's ASM with GI troubleshooting techniques
•    How to troubleshoot a failed installation and how to start over
•    Bug fixes for: Oracle supplied AMI, Oracle install process, and a fix for ElasticFox enabling it to run in new versions of Firefox
•    How to test a recovery on the EC2 storage and Oracle database levels

An overview of the following important topics

•    EC2 security/firewall setup
•    EC2 storage
•    Setting up EC2 command line tools
•    Extensive list of important ASM and EC2 topics
•    Brief outline of the GI services
•    Brief outline of GI role separation
•    An FDISK primer

Saturday, April 7, 2012

Oracle Grid Infrastructure on Amazon's Web Services

The primary goal of this series of papers will be to document the process of installing, configuring and fine tuning an implementation of the Oracle Enterprise Manager (OEM) 12c Cloud Control product suite on Amazon Web Services (AWS). Follow-on papers will cover in-depth utilization of the rich feature sets of both AWS and OEM.

The intended audience is individuals with at least some familiarity of these technologies, and who desire more in-depth coverage than that given in a cursory installation tutorial.

This series serves as a bridge between the thousands of pages of excellent but daunting official documentation, and the cursory installation tutorials which hide detail and provide a false sense of completion. The series should be used as a companion to the full installation guides. It will fill in details, show examples, explain pitfalls, and in some cases document items missing from other sources.

Some of the highlights are:
  • Quick Start Guides serve as a guide to the overall text. These sections provide a step-by-step approach with references into the main text for further detail.
  • Hundreds of links to authorization sources to help you understand not only what to do but why.
  • Pointers for what to do when things go wrong with debugging tips.
  • Extensive coverage of setting up Amazon's Elastic Compute Cloud for and Oracle database.
  • How to obtain access to Oracle's Knowledge Base and tools almost for free.
You can pull down a copy of  here.