Oracle Solaris Day 2013 - Oracle DB and OS Solaris - LABS
-
Upload
martin-cerveny -
Category
Education
-
view
109 -
download
3
description
Transcript of Oracle Solaris Day 2013 - Oracle DB and OS Solaris - LABS
Oracle Solaris Day 2013 (26.6.2013)Oracle DB a OS Solaris
### zony - vytvoreni
#zonecfg -z ozone "create; set zonepath=/rpool/zones/ozone; export"#zoneadm list -icv#sysconfig create-profile -o /root/prof.xml#zoneadm -z ozone install -c /root/prof.xml
zoneadm list -icvzoneadm -z ozone bootzoneadm list -icvzoneadm -z ozone
#pkg install x11/clients library/motif solaris-large-server
### zony - rizeni zdroju v zone
psrinfozlogin ozone psrinfo
zonecfg -z ozone "set max-shm-memory=2g; add dedicated-cpu; set ncpus=1; end; export"zoneadm -z ozone reboot
prctl $$zlogin ozone psrinfo
### zony - priprava oracle + install oracle binary
zlogin ozone
groupadd -g 200 oinstall groupadd -g 201 dba useradd -u 200 -g oinstall -G dba -c "oracle database user" -d /export/home/oracle -m oracle
projadd -K 'project.max-shm-memory=(privileged,2048m,deny)' user.oracle
passwd oracle mkdir /opt/oracle chown -R oracle:oinstall /opt/oracle mkdir -p /var/opt/oracle 2>/dev/null cat > /var/opt/oracle/oraInst.loc <<EOFinventory_loc=/opt/oracle/oraInventoryinst_group=oinstallEOF chown oracle:oinstall /var/opt/oracle/oraInst.loc chmod 664 /var/opt/oracle/oraInst.loc cat >> /export/home/oracle/.profile <<'EOF' ORACLE_BASE=/opt/oracle ORACLE_HOME=${ORACLE_BASE}/product/11.2.0/db_1 PATH=$PATH:${ORACLE_HOME}/bin LD_LIBRARY_PATH=/lib:/usr/lib:$ORACLE_HOME/lib:$ORACLE_HOME/rdbms/lib ORACLE_SID=DB DB_NAME=DB ORA_NLS10=${ORACLE_HOME}/nls/data TNS_ADMIN=${ORACLE_HOME}/network/admin NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P15 CLASSPATH=$ORACLE_HOME/jdk:$ORACLE_HOME/jlib CLASSPATH=${CLASSPATH}:$ORACLE_HOME/rdbms/jlib CLASSPATH=${CLASSPATH}:$ORACLE_HOME/network/jlib export ORACLE_BASE ORACLE_HOME ORACLE_SID PATH LD_LIBRARY_PATH DB_NAME ORA_NLS10 TNS_ADMIN NLS_LANG CLASSPATHEOF . /export/home/oracle/.profile
su - oracle -c "/ORACLE/database/runInstaller -responseFile /ORACLE/ora112_db_install.rsp -silent" sleep 60 while ! grep -q 'Shutdown Oracle Database 11g.*Installer' /opt/oracle/oraInventory/logs/installActions*.log 2>/dev/null; do sleep 10 done
$ORACLE_HOME/root.sh
### ZFS - pro data do zony s delagaci rizeni pro "oracle"
#zfs create -o zoned=on -o mountpoint=/oradata -o quota=10g rpool/oradata
zfs get all rpool/oradata
zonecfg -z ozone "add dataset; set name=rpool/oradata; end"zoneadm -z ozone reboot
zlogin ozone
zfs list zfs allow oracle clone,create,destroy,mount,snapshot,promote,rollback,recordsize oradata chown oracle:dba /oradata
su - oracle zfs snapshot oradata@test
zfs list zfs destroy oradata@test
# data oracleDB vytvorena pomoci "dbca" #zfs snapshot oradata@datatest sqlplus '/ as sysdba' startup select * from test; drop table test; select * from test; shutdown zfs rollback oradata@datatest sqlplus '/ as sysdba' startup select * from test;
zfs get all oradata zfs set recordsize=8k oradata # SQL: select value from v$parameter where name = 'db_block_size';
### site - virtualizace (interni switch0) a rizeni toku na sitovce a na tcp portu
#netadm enable -p ncp DefaultFixed
dladm helpdladm show-link
dladm create-etherstub switch0dladm create-vnic -l switch0 vnic0dladm show-linkipadm create-ip vnic0ipadm create-addr -T static -a 192.168.99.1/24 vnic0/v4ipadm show-addr
zonecfg -z ozone "select anet linkname=net0; set lower-link=switch0; end"zonecfg -z ozone set zonecfg -z ozone "select anet linkname=net0; set maxbw=100m; end"zonecfg -z ozone "set limitpriv=default,dtrace_proc,dtrace_user"dladm show-linkprop ozone/net0zoneadm -z ozone rebootdladm show-linkprop ozone/net0
ping 192.168.99.2
zlogin ozone dladm show-link ipadm show-addr ping 192.168.99.1
mkfile 100m /tmp/filescp /tmp/file [email protected]:/tmp#~8sec -> 100Mbit/sec
zlogin ozone flowadm add-flow -l net0 -a transport=TCP,local_port=22 ssh-flow flowadm set-flowprop -p maxbw=50M ssh-flow flowadm show-flowprop flowadm show-flow
scp /tmp/file [email protected]:/tmp#~16sec -> 50Mbit/sec
zlogin ozone flowstat
### role - privilegia
zlogin ozone su - oracle ps -ef ppriv -l usermod -K 'defaultpriv=basic,!proc_info' oracle su - oracle ps -ef
### role - profily
zlogin ozone
profiles -a profiles -p "Process Management" info roleadd -m -d /export/home/killer -P "Process Management" killer passwd killer usermod -R killer user
sleep 1000 & su - user /usr/bin/kill roles su - killer profiles -l /usr/bin/kill
### SMF
svcs -x
svcs svcs apache22svcadm enable apache22svcs -d apache22svcs -D apache22svcs -p apache22pkill httpdsvcs -p apache22svcadm disable apache22
### SMF - Oracle DB
zlogin ozone
cat > oracle.xml <<'EOF'<?xml version="1.0"?><!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="oracle-database-service"> <service name="site/oracle" type="service" version="1">
<dependency name="multi-user" grouping="require_all" restart_on="error" type="service"> <service_fmri value="svc:/milestone/multi-user:default"/> </dependency>
<instance name="DB" enabled="false">
<exec_method name="start" type="method" exec="sh -c '. /export/home/oracle/.profile; echo startup|$ORACLE_HOME/bin/sqlplus / as sysdba'" timeout_seconds="500"> <method_context> <method_credential user="oracle" group="oinstall" privileges="basic,!proc_info"/> </method_context> </exec_method>
<exec_method name="stop" type="method" exec="sh -c '. /export/home/oracle/.profile; echo shutdown immediate|$ORACLE_HOME/bin/sqlplus / as sysdba'" timeout_seconds="900"> <method_context> <method_credential user="oracle" group="oinstall" privileges="basic,!proc_info"/> </method_context> </exec_method>
<property_group name="general" type="framework"> <propval name="action_authorization" type="astring" value="solaris.smf.manage.oracle.database"/> <propval name="value_authorization" type="astring" value="solaris.smf.manage.oracle.database"/> </property_group>
</instance>
</service></service_bundle>EOF
svccfg import oracle.xml
su - user svcadm enable oracle
cat > /etc/security/auth_attr.d/oracle <<EOFsolaris.smf.manage.oracle.database::::::solaris.smf.manage.oracle.listener::::::EOF
cat /etc/security/auth_attr.d/oracle usermod -A solaris.smf.manage.oracle.database user su - user auths svcadm enable oracle
### dtrace v zone a dtrace na Oracle DB
su - mysql -c "/usr/mysql/bin/mysqld_safe &"
dtrace -l | awk '{print $2}' | sort | uniq -c | sort -ndtrace -l -n 'mysql*:::' | tail +2 | awk '{print $5}' | sort | uniq -c
#zonecfg -z ozone "set limitpriv=default,dtrace_proc,dtrace_user"
zlogin ozone #pkg install dtrace dtrace -l dtrace -l | awk '{print $2}' | sort | uniq -c | sort -n
su - oracle sqlplus '/ as sysdba' select count(*) from dba_users; select plan_table_output from table(dbms_xplan.display_cursor(null,null,'basic'));
@spid #select s.inst_id, s.sid, s.serial#, p.spid, s.username, s.program from gv$session s join gv$process p on p.addr = s.paddr and p.inst_id = s.inst_id where s.type != 'BACKGROUND';
export PID=dtrace -p $PID -Fn 'pid$target:oracle:qer*Fetch*:entry pid$target:oracle:qer*Fetch*:return' | tee out.txt
select count(*) from dba_users;
sed -f os_explain.sed out.txt
set timing on create table t1(a int) tablespace USERS; create table t2(a int) tablespace SYSTEM; commit; alter system checkpoint;
exec for i in 1..100000 loop insert into t2 values(i); end loop; commit; alter system checkpoint;
exec for i in 1..100000 loop insert into t1 values(i); end loop; commit; alter system checkpoint;
cat dstackprof.sh ./dstackprof.sh $PID 10 exec for i in 1..100000 loop insert into t2 values(i); end loop;
commit; alter system checkpoint;
./dstackprof.sh $PID 10 exec for i in 1..100000 loop insert into t1 values(i); end loop;
commit; alter system checkpoint;
show parameter show parameter db_block_checking
SET LINESIZE 140 COLUMN KSPPINM FORMAT A40 COLUMN KSPPDESC FORMAT A80 COLUMN KSPPSTVL FORMAT A5 COLUMN KSPPSTDVL FORMAT A5 COLUMN KSPPSTDF FORMAT A5 select KSPPINM,KSPPDESC,KSPPSTVL,KSPPSTDVL,KSPPSTDF from X$KSPPSV a,x$ksppi b where a.indx=b.indx and KSPPINM like '\_%' ESCAPE '\';
show parameter "_db_always_check_system_ts" alter system set "_db_always_check_system_ts" = FALSE; commit; alter system checkpoint;
exec for i in 1..100000 loop insert into t2 values(i); end loop; commit; alter system checkpoint;
exec for i in 1..100000 loop insert into t1 values(i); end loop; commit; alter system checkpoint;
### kernel softwarovy audit
auditconfig -setpolicy +perzone
zlogin ozone auditconfig -lspolicy auditconfig -setpolicy +zonename auditconfig -setpolicy +argv
usermod -K 'audit_flags=lo,ex,ua,as:no' oracle
cat /etc/security/audit_class grep EXEC /etc/security/audit_event
profiles -p "Audit Review" info roleadd -m -d /export/home/auditor -P "Audit Review" auditor passwd auditor usermod -R auditor,killer user
svcadm enable auditd
su - oracle sqlplus rm x
su - user roles su - auditor auditreduce | praudit -l