Yes and now Oracle 12.2 is available (Linux x86_64) for download from OTN.
Let’s start with Installation and Setup ….
Last year in October Oracle released the Oracle Database Security Assessment Tool (DBSAT) to analyzes database configurations and security policies to improve the security in your environment.
Real benefits
What does DBSAT check
Installation and Requirements
DBSAT runs on
Solaris x64 and Solaris SPARC
Linux x86-64
Windows x64
HP-UX IA (64-bit)
IBM AIX & zSeries Based Linux
Supported Database Versions
on Oracle Database 10.2.0.5 and later releases.
Download DBSAT
Oracle Database Security Assessment Tool (DBSAT) (Doc ID 2138254.1)
Installation and Setup
create directory on the target System
mkdir -p /home/oracle/dbsat
unzip dbsat.zip
unzip dbsat.zip -d /home/oracle/dbsat
cd /home/oracle/dbsat
Run the Collector
Set your Oracle environment
./dbsat collect „sys/manager as sysdba“ orcl
DBSAT Collector completed successfully.
Calling /u01/app/oracle/product/12.1.0/dbhome_1/bin/zip to encrypt orcl.json…
Enter password:
Verify password:
adding: orcl.json (deflated 87%)
zip completed successfully
The .json file was created and is the base of the report
Create the report
./dbsat report orcl
Archive: orcl.zip
[orcl.zip] orcl.json password:
inflating: orcl.json
Database Security Assessment Tool version 1.0.2 (October 2016)
DBSAT Reporter ran successfully.
Calling /usr/bin/zip to encrypt the generated reports…
Enter password:
Verify password:
adding: orcl.txt (deflated 76%)
adding: orcl.html (deflated 82%)
adding: orcl.xlsx (deflated 3%)
zip completed successfully.
-rw——-. 1 oracle oracle 63075 Feb 1 22:22 orcl_report.zip
Transfer the files to your local PC
Here an example I converted the XLS File as PDF
Start reviewing the security report and fix the critical findings
Summary
Note
While running dbsat in a 12c Multitenant environment you must create the report on every PDB, otherwise you will get only a report from the CDB
Try it and have fun :-)
Interesting news about the coming Oracle 12 Release.
Release Schedule of Current Database Releases (Doc ID 742060.1)
Take a look :-)
Es geht los bis zum 13.2.2017 können Vorträge für den Exaday 2017 rund um das Thema Oracle Engineered Systems eingereicht werden
Ich freue mich auf viele spannende Vorträge …
http://exaday.doag.org/de/home/
Der Exaday 2017 findet dieses Jahr am 20. Juni 2017 in Frankfurt – Mörfelden statt
The Call for Paper is opened until 13.2.2017
Please submit for the Exaday 2017 all around the topic Oracle Engineered Systems
http://exaday.doag.org/de/home/
The Exaday 2017 will be this year on the 20 June 2017 in Frankfurt – Mörfelden (near by the airport)
There is a very interesting paper about the way of direction of the Exadata Database Machine.
http://www.oracle.com/technetwork/database/exadata/exadata-statementofdirection-2417679.pdf
Thanks a lot Günther Stürner.
Recently I did a upgrade to Grid Infrastructure 12.1.0.2 on a few Exadata Clusters
Here my summary of the installation
Before you start please read the following MOS note 1681467.1. This note is very helpful and describes the whole procedure in a Exadata environment
It’s not only the Upgrade to 12.1.0.2. In the same „session“ I also install the GI PSU Jul 2016 and the Oneoff Patch 23273686 because there is a known BUG in the SCAN Listener area (see below)
At the end of the article some „real news“ from GI 12.1.0.2 (see below „real“ news)
So let’s start
First of all keep in mind that the clusterware must be „up and running”
Step 1 Oracle environment
export SRVM_USE_RACTRANS=true unset ORACLE_HOME ORACLE_BASE ORACLE_SID ./runInstaller
Step 2 GI Software Installation
The next slides show the GI Installation Procedure
If the Setup is at that point you need to do the following but
please don’t close the Installer window
Step 3 Install latest opatch tool
Download opatch tool Patch 6880880 (better you did it before)
On a Exadata the Installation can be done in one step via dcli
dcli -l oracle -g dbs_group unzip -oq -d /u01/app/12.1.0.2/grid p6880880_121010_LINUX.zip -d /u01/patchdepot
Step 3 Install GI PSU JUL 2016 23273686
Node 1 srvdb01 [root@srvdb01]# /u01/app/12.1.0.2/grid/OPatch/opatch napply -oh /u01/app/12.1.0.2/grid -local /u01/patchdepot/23273686 Node 2 srvdb02 [root@srvdb02]# /u01/app/12.1.0.2/grid/OPatch/opatch napply -oh /u01/app/12.1.0.2/grid -local /u01/patchdepot/23273686
While there is a known BUG you should directly install the following Oneoff Patch 20734332 here the Doc ID 2166451.1 with the details
(SCAN Listener or local listener fails to start after applying Patch 23273629 – Oracle Grid Infrastructure Patch Set Update 12.1.0.2.160719 (Jul2016))
Step 4 rootupgrade.sh
After you finish the PSU Jul 2016 & Oneoff Patch installation the rootupgrade.sh must be started
Node 1 srvdb01 [root@srvdb01 grid]# /u01/app/12.1.0.2/grid/rootupgrade.sh Node 2 srvdb02 [root@srvdb02 grid]# /u01/app/12.1.0.2/grid/rootupgrade.sh
The rootupgrade.sh script works around 15 minutes so stay calm
It finished with the following messages here as example from the last Node 2 srvdb02
….
Successfully accumulated necessary OCR keys.
Creating OCR keys for user ‚root‘, privgrp ‚root‘..
Operation successful. 14:53:13 CLSRSC-474: Initiating upgrade of resource types
14:54:33 CLSRSC-482: Running command: ‚upgrade model -s 11.2.0.4.0 -d 12.1.0.2.0 -p first‘
14:54:33 CLSRSC-475: Upgrade of resource types successfully initiated.
14:54:35 CLSRSC-325: Configure Oracle Grid Infrastructure for a Cluster … succeeded
Step 5 final tasks
finally some configuration tool runs and finished the GI Upgrade including PSU Jul 2016 and Oneoff Patch
And now the „real news“ in 12.1.0.2
The most notable change belongs to the GIMR (Grid Infrastructure Management Repository)
Beginning with 12.1.0.1 it was an option installing the GIMR Database – MGMTDB
Starting with 12.1.0.2 it is mandatory and the MGMTDB database is automatically created as part of the upgrade installation process of 12.10.2 Grid Infrastructure. If you start a installation from scratch the GIMR Database is directly configured
Some interesting GI & MGMTDB commands
[oracle@srvdb01 ~]$ crsctl query crs activeversion Oracle Clusterware active version on the cluster is [12.1.0.2.0] [oracle@srvdb01 ~]$ crsctl query crs releaseversion Oracle High Availability Services release version on the local node is [12.1.0.2.0] [oracle@srvdb01 ~]$ crsctl query crs activeversion -f Oracle Clusterware active version on the cluster is [12.1.0.2.0]. The cluster upgrade state is [NORMAL]. The cluster active patch level is [3351897854].
MGMTDB Checks
[oracle@srvdb01 ~]$ srvctl status mgmtdb -verbose Database is enabled Instance -MGMTDB is running on node srvdb01. Instance status: Open. [oracle@srvdb01 ~]$ srvctl config mgmtdb Database unique name: _mgmtdb Database name: Oracle home: <CRS home> Oracle user: oracle Spfile: +DBFS_DG/_MGMTDB/PARAMETERFILE/spfile.268.926345767 Password file: Domain: Start options: open Stop options: immediate Database role: PRIMARY Management policy: AUTOMATIC Type: Management PDB name: srv_cl12 PDB service: srv_cl12 Cluster name: srv-cl12 Database instance: -MGMTDB
Noch eine Woche und ein paar Tage dann startet die DOAG Konferenz 2016.
Es warten viele Interessante Themen rund um das Thema Oracle.
Einfach mal über den Link ins Vortragsprogramm schauen.
Recently I finished a Grid Upgrade from 11.2.0.4 to 12.1.0.2 + PSU JUL 2016. So far so good during a check I saw that the old tfactl tool under Software Release 11.2.0.4 where up and running.
That could not be okay. So I start an Uninstall and Setup for Release 12.1.0.2.
What steps has to be done?
Check the actual tfactl installation
/u01/app/grid/tfa/bin/tfactl print config
Start the unistall on both nodes
[root@db03 bin]# ./tfactl uninstall TFA will be Uninstalled on Node db03: Removing TFA from db03 only Please remove TFA locally on any other configured nodes Notifying Other Nodes about TFA Uninstall... Sleeping for 10 seconds... Stopping TFA Support Tools... Stopping TFA in db03... Shutting down TFA oracle-tfa stop/waiting . . . . . Killing TFA running with pid 159597 . . . Successfully shutdown TFA.. Deleting TFA support files on db03: Removing /u01/app/oracle/tfa/db03/database... Removing /u01/app/oracle/tfa/db03/log... Removing /u01/app/oracle/tfa/db03/output... Removing /u01/app/oracle/tfa/db03... Removing /u01/app/oracle/tfa... Removing /etc/rc.d/rc0.d/K17init.tfa Removing /etc/rc.d/rc1.d/K17init.tfa Removing /etc/rc.d/rc2.d/K17init.tfa Removing /etc/rc.d/rc4.d/K17init.tfa Removing /etc/rc.d/rc6.d/K17init.tfa Removing /etc/init.d/init.tfa... Removing /u01/app/11.2.0.4/grid/bin/tfactl... Removing /u01/app/11.2.0.4/grid/tfa/bin... Removing /u01/app/11.2.0.4/grid/tfa/db03... The same on the other node
The new tfactl Setup
[root@db03 install]# ./tfa_setup -silent -crshome /u01/app/12.1.0.2/grid TFA Installation Log will be written to File : /tmp/tfa_install_63022_2016_10_18-14_30_43.log Starting TFA installation Using JAVA_HOME : /u01/app/12.1.0.2/grid/jdk/jre Running Auto Setup for TFA as user root... Installing TFA now... TFA Will be Installed on db03... TFA will scan the following Directories ++++++++++++++++++++++++++++++++++++++++++++ .-------------------------------------------------------. | db03 | +--------------------------------------------+----------+ | Trace Directory | Resource | +--------------------------------------------+----------+ | /u01/app/12.1.0.2/grid/OPatch/crs/log | CRS | | /u01/app/12.1.0.2/grid/cfgtoollogs | CFGTOOLS | | /u01/app/12.1.0.2/grid/crf/db/db03 | CRS | | /u01/app/12.1.0.2/grid/crs/log | CRS | | /u01/app/12.1.0.2/grid/cv/log | CRS | | /u01/app/12.1.0.2/grid/evm/admin/log | CRS | | /u01/app/12.1.0.2/grid/evm/admin/logger | CRS | | /u01/app/12.1.0.2/grid/evm/log | CRS | | /u01/app/12.1.0.2/grid/install | INSTALL | | /u01/app/12.1.0.2/grid/log | CRS | | /u01/app/12.1.0.2/grid/network/log | CRS | | /u01/app/12.1.0.2/grid/oc4j/j2ee/home/log | DBWLM | | /u01/app/12.1.0.2/grid/opmn/logs | CRS | | /u01/app/12.1.0.2/grid/racg/log | CRS | | /u01/app/12.1.0.2/grid/rdbms/log | ASM | | /u01/app/12.1.0.2/grid/scheduler/log | CRS | | /u01/app/12.1.0.2/grid/srvm/log | CRS | | /u01/app/oraInventory/ContentsXML | INSTALL | | /u01/app/oraInventory/logs | INSTALL | | /u01/app/oracle/crsdata/db03/acfs | ACFS | | /u01/app/oracle/crsdata/db03/core | CRS | | /u01/app/oracle/crsdata/db03/crsconfig | CRS | | /u01/app/oracle/crsdata/db03/crsdiag | CRS | | /u01/app/oracle/crsdata/db03/cvu | CRS | | /u01/app/oracle/crsdata/db03/evm | CRS | | /u01/app/oracle/crsdata/db03/output | CRS | | /u01/app/oracle/crsdata/db03/trace | CRS | '--------------------------------------------+----------' Installing TFA on db03: HOST: db03 TFA_HOME: /u01/app/12.1.0.2/grid/tfa/db03/tfa_home .-----------------------------------------------------------------------------. | Host | Status of TFA | PID | Port | Version | Build ID | +----------+---------------+-------+------+------------+----------------------+ | db03 | RUNNING | 63460 | 5000 | 12.1.2.7.0 | 12127020160304140533 | '----------+---------------+-------+------+------------+----------------------' Running Inventory in All Nodes... Enabling Access for Non-root Users on db03... Adding default users to TFA Access list... Summary of TFA Installation: .--------------------------------------------------------------------. | db03 | +---------------------+----------------------------------------------+ | Parameter | Value | +---------------------+----------------------------------------------+ | Install location | /u01/app/12.1.0.2/grid/tfa/db03/tfa_home | | Repository location | /u01/app/oracle/tfa/repository | | Repository usage | 0 MB out of 10240 MB | '---------------------+----------------------------------------------' Installing oratop extension.. TFA is successfully installed... And also the same on the other node.
Last but not least check the new Setup on both Nodes
Check the status and configuration tfactl print status tfactl print config
That's it. :-)
It is very easy and done in a few minutes.
tfactl is a helpful tool not only for Oracle Support
take a few minutes and go through the following
My Oracle Support Note: 1513912.1
