It's always best to install the operating system with a smaller footprint which automatically make the environment more secure since there are much less to consider to secure the environment.
From the My Oracle Support Note: Linux OS Installation with Reduced Set of Packages for Running Oracle Database Server (Doc ID 728346.1): Limiting the number of installed packages to only those needed provides a smaller footprint for Linux operating system installation and will help to reduce the amount of storage used. A minimal configuration will also help to avoid unnecessary processes and services and result in reduced memory usage, along with a more secure and reliable setup overall.
So, before starting this, it is required to have ANY one of the followings -
-- A local yum repository (Local ULN mirror)
-- Connected with Oracle Public Yum Server
-- Ability to mount the CD/DVD Rom or USB with the Oracle Linux ISO image into the operating system (or copy the ISO into the OS) after the initial installation: ISO based local yum repo.
-- A local yum repository (Local ULN mirror)
-- Connected with Oracle Public Yum Server
-- Ability to mount the CD/DVD Rom or USB with the Oracle Linux ISO image into the operating system (or copy the ISO into the OS) after the initial installation: ISO based local yum repo.
For my case, I have a local yum repo (Local ULN mirror) running in my environment so it's relatively easy to proceed faster. In fact, I can complete the installation & configuration within an hour max.
So, here are the details -
-- Install Oracle Linux 6.7 using ISO (mounted via CD/DVD Rom, USB, iLOM etc.)
-- During installation, select the "Minimal" as shown in the screenshot
-- During installation, select the "Minimal" as shown in the screenshot
-- Once the installation completes, install the following set of packages, these are the basic set of required packages
# yum install bind-utils ntp nscd sos parted unzip lsof nmap traceroute sysstat strace ltrace mailx openssl-clients perl dmidecode
-- Install xWindows packages (This is to run runInstaller, DBCA, DBUA, NETCA etc.)
# yum install xorg-x11-xauth xorg-x11-utils livdmx libXxf86vm xterm xorg-x11-apps xauth
Note: The bold ones (above) are additional (optional).
-- Install required packages for Oracle Database
# yum install oracle-rdbms-server-12cR1-preinstall or yum install oracle-database-preinstall-19c
-- Enable/disable the required services
# chkconfig iptables off
# chkconfig ip6tables off
# chkconfig --level 35 ntpd on
# chkconfig --level 35 nscd on
-- Configure NTP
File: /etc/ntp.conf
-- Disable the public NTP server configuration
...
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
...
-- Enable the site specific NTP server configuration, for my case
# NTP Config: NOEL
server pxe-yum.example.com prefer iburst burst minpoll 4 maxpoll 4
#
-- Disable SELinux
File: /etc/selinux/config
From: SELINUX=enforcing
To: SELINUX=disabled
-- Personally, I prefer to disable the graphical boot process. Also, it's important to disable transparent huge pages which we don't want when running Oracle Database.
File: /etc/grub.conf
-- Default Value (Single Line)
kernel /vmlinuz-3.8.13-118.el6uek.x86_64 ro root=/dev/mapper/VGOraDB-LVDbSys1 rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_LVM_LV=VGOraDB/LVDbSys1 rd_NO_MD rd_LVM_LV=VGOraDB/LVDbSwap1 crashkernel=auto SYSFONT=latarcyrheb-sun16 rd_NO_DM rhgb quiet
-- Changed To (Single Line)
kernel /vmlinuz-3.8.13-118.el6uek.x86_64 ro root=/dev/mapper/VGOraDB-LVDbSys1 rd_LVM_LV=VGOraDB/LVDbSys1 rd_LVM_LV=VGOraDB/LVDbSwap1 loglevel=7 panic=60 debug pci=noaer log_buf_len=1m nmi_watchdog=0 nomce transparent_hugepage=never rd_NO_PLYMOUTH audit=1 console=tty1 console=ttyS0,115200n8 crashkernel=380M@128M numa=off processor.max_cstate=1 intel_idle.max_cstate=0 SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KEYTABLE=us
Important Note:
-- It's important to disable transparent huge pages (It's already disabled by default in UEK kernel) and enable kdump.
-- Transparent huge pages is not the same as normal huge pages. The regular huge pages is highly recommended to enable for Oracle Database in Linux.
-- If the H/W have iLOM, then it's a good idea to redirect the boot sequence output into iLOM console.
Reference MOS Note: ALERT: Disable Transparent HugePages on SLES11, RHEL6, OL6 and UEK2 Kernels (Doc ID 1557478.1)
-- Edit the network configuration: (Optional)
File: /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
UUID=7eb525c2-5e33-45e0-8479-97d9a0b2d0d0
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=192.168.0.175
PREFIX=24
GATEWAY=192.168.0.199
DNS1=192.168.0.199
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
HWADDR=08:00:27:37:46:87
MTU=1500
File: /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
IPV6INIT=no
HOSTNAME=srv01.example.com
GATEWAY=192.168.0.199
NOZEROCONF=yes
GATWWAYDEV=eth0
-- Add a static route/rule (Optional)
File: /etc/sysconfig/network-scripts/rule-eth0
from 192.168.0.175 table 210
to 192.168.0.175 table 210
File: /etc/sysconfig/network-scripts/route-eth0
192.168.0.0/24 dev eth0 table 210
default via 192.168.0.199 dev eth0 table 210
Note: For this environment, I am using only one network interface. It's a way to add the route/rule shown as example.
-- Add host information in /etc/hosts: Required by Universal Installer for GI
# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP glen 1000
link/ether 08:00:27:37:46:87 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.175/24 brd 192.168.0.255 scope global eth0
inet6 fe80::a00:27ff:fe37:4687/64 scope link
valid_lft forever preferred_ft forever
# hostname
srv01.example.com
# hostname -s
srv01
# cat /etc/hosts | grep example.com
192.168.0.175 srv01.example.com srv01
It's possible to run 12c GI & Databases with this minimal (only 330 packages) configuration -
# ps -ef | grep pmon
oracle 3968 1 0 13:48 ? 00:00:00 asm_pmon_+ASM
oracle 4327 1 0 13:51 ? 00:00:00 ora_pmon_DB
oracle 5107 1 0 13:51 ? 00:00:00 ora_pmon_TEST
oracle 6774 4157 0 13:53 pts/0 00:00:00 grep pmon
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VGOraDB-LVDbSys1
15G 1.5G 13G 11% /
tmpfs 1.8G 630M 1.2G 36% /dev/shm
/dev/sda1 477M 45M 404M 10% /boot
/dev/sdb1 30G 22G 6.4G 78% /u01
# rpm -qa | wc -l
330
Now, conclude with a reboot of the operating system (shutdown -r now).
Well, it looks like we are pretty much done with the initial configuration of the operating system.
At this point, you can harden the server, install/upgrade driver/firmware etc. and/or move forward with the storage configuration/software installation of Oracle Products (e.g. Grid Infrastructure, Oracle Database, EM etc.).
Important Note: It's highly recommended to use Oracle Unbreakable Enterprise Kernel for RHEL & Oracle Linux which is most optimized to run Oracle Database workload.
For more information refer to -
-- MOS Note: Unbreakable Enterprise Kernel: Frequently Asked Questions (Doc ID 1210995.1)
-- Unbreakable Enterprise Kernel Release 2
-- Unbreakable Enterprise Kernel Release 3
Important Note: It's highly recommended to use Oracle Unbreakable Enterprise Kernel for RHEL & Oracle Linux which is most optimized to run Oracle Database workload.
For more information refer to -
-- MOS Note: Unbreakable Enterprise Kernel: Frequently Asked Questions (Doc ID 1210995.1)
-- Unbreakable Enterprise Kernel Release 2
-- Unbreakable Enterprise Kernel Release 3
Consider the following links to check out (applicable when installing Oracle Linux in an Oracle Server) -
-- Oracle Hardware Management Pack 2.3.x Documentation
-- Firmware Downloads and Release History for Oracle Systems
Oh my goodness! Awesome article dude! Thank you
ReplyDeleteso much, However I am going through troubles with your RSS.
I don't understand why I cannot subscribe to it. Is
there anyone else getting similar RSS problems?
Anyone that knows the answer can you kindly respond? Thanks!!
I enjoy, cause I found exactly what I was having a look for.
ReplyDeleteYou have ended my 4 day lengthy hunt! God Bless you man. Have a nice day.
Bye