Product Snow Inventory Oracle Scanner Automatic Oracle ... · PDF fileProduct Snow Inventory...

Product Snow Inventory Oracle Scanner

Version 2.1.02

Release Date 2014-04-24

Content Overview

Automatic Oracle Inventory

Oracle specific permissions

Configuration and running

Known issues

Appendix: Configuration examples

Document date 2014-04-24

of 13

Copyright © 2013 Snow Software AB Page 2 of 132 Snow Inventory Client for Unix 1.0 – User Guide

ABOUT THIS DOCUMENT .................................................................................................................................. 3

OVERVIEW ....................................................................................................................................................... 3

PREREQUISITES ........................................................................................................................................................ 3 Full privileges .................................................................................................................................................. 3 Principle of least privileges ............................................................................................................................. 3

OPERATING SYSTEMS SUPPORTED ............................................................................................................................... 4 FILES ..................................................................................................................................................................... 4 INSTALLATION ......................................................................................................................................................... 4

AUTOMATIC ORACLE INVENTORY .................................................................................................................... 5

ORACLE INVENTORY WITH SPECIFIC USER AND PERMISSIONS ............................................................................................. 5 ORACLE PERMISSIONS REQUIRED ................................................................................................................................. 6

CONFIGURATION AND RUNNING ..................................................................................................................... 8

CONFIGURATION XML FILE ........................................................................................................................................ 8 OUTPUT ................................................................................................................................................................. 9 ENCRYPTION OF PASSWORDS...................................................................................................................................... 9 SCHEDULING ........................................................................................................................................................... 9

KNOWN ISSUES ................................................................................................................................................ 9

APPENDIX ....................................................................................................................................................... 10

CONFIGURATION EXAMPLES ..................................................................................................................................... 10 Example 1: Minimal configuration file ......................................................................................................... 10 Example 2: Advanced Oracle configuration ................................................................................................. 11 Example 3: Advanced Oracle Configuration ................................................................................................. 12 Example 4: Advanced Oracle Configuration ................................................................................................. 13

of 13


This document describes how to configure, install and run the Snow Inventory Oracle Scanner. It

covers options available from version 2.1.02 of the Snow Inventory Oracle Scanner. If some

options only apply to a specific version of the software, information about the version required is

available.

From version 2.0 the Snow Inventory Oracle Scanner is a Java program.

This makes the scanner platform independent and it can be run on a variety of platforms.

To run the Snow Inventory Oracle Scanner the target computer is required to have Java runtime

version 6.0 (1.6) or a later installed.

In Windows the prerequisite is that the Oracle Scanner is run with an administrative user account

(Local Admin on the server).

In Linux and Unix there are two privilege options for running the Oracle Scanner, and each option

is described in the sections below.

Commands like pkginfo and pkgchk must be reachable from the configured path variable in the

system.

A user with privileges to run the Java runtime with the sudo program.

The user will also need to have privileges to use the command su.

A user that has sudo rights to specific operating system commands depending on operating

system, see table below.

The sudoers file also need to have the NOPASSWD option set.

An Oracle database user is required for each database that is to be inventoried. The user can be

the same for all databases and then configured in the configuration file with the

<DefaultInstanceCredentials>. The user can also be unique and configured with the

<InstancesWithConfiguration>, see section below.

of 13


Example from sudoers file for Solaris.

User snow has the rights to execute the commands with sudo and no password:

## ## User privilege specification ## root ALL=(ALL) ALL snow ALL=NOPASSWD: /usr/bin/pwdx

Following commands are used for determining OracleHome. If OracleHome is set in the

configuration file, the user doesn’t need sudoers rights to this command.

Operating system Command

Solaris pwdx

AIX and Linux ls

HP-UX pfiles

AIX 5.3 or later, Sun Solaris 9 or later, HP-UX 11.11 or later, RHEL4, RHEL5, RHEL6, SLES 10, SLES

11 and Oracle Enterprise Linux 5, Oracle Linux 6 and Windows 2000 or later.

Executable Description

sios.jar This is the only required file for the Snow Inventory Oracle Scanner. It is

an executable Java archive that performs inventory of Oracle databases

on the current server that it is executed on.

<config>.xml Configuration file used for advanced configuration of the Snow Inventory

Oracle Scanner (Optional).

sios.log Logfile

sios.properties Properties file containg information about installation date, last run date,

Java version, output filename, and version.

<resultfile>.xml The result file from the Snow Inventory Oracle Scanner

Snow Inventory Oracle Scanner is integrated into all Snow Inventory Clients. When requesting a

Snow Inventory Client for the desired operating systems the customer needs to specify that the

Oracle Management Option needs to be included.

of 13


The Snow Inventory Oracle Scanner is designed to be able to perform automatic Oracle inventory

without the need of providing or creating a specific user account within the Oracle Databases.

The Snow Inventory Oracle Scanner automatically discovers all running Oracle instances on the

current server. It detects what user is running the database instance and switches to that specific

user when inventorying the database. No specific permissions or no specific user is needed for

the databases that are to be inventoried.

The Snow Inventory Oracle Scanner is non-invasive and read-only, meaning that only read

operations are performed when querying the database(s).

Snow Software recommends the use of Automatic Oracle Inventory rather that setting up specific

user accounts or permission for each Oracle database

If specific credentials are required for the Oracle inventory, a user account needs to be created

with SELECT permissions on the required TABLES and DICTIONARY in all databases that are to be

inventoried.

This can be done either by granting the user “SELECT ANY” privileges or by granting the user

SELECT privileges on the specific TABLES and DICTIONARY required.

The script would need to be run on each database that is to be inventoried and before each run

of the Oracle scanner.

The permissions will need to be set before each time the Oracle scanner is executed.

The reason for this is that new tables are created in the Oracle databases when activating certain

features and options. If the permissions are not set after activating such a feature or option, the

Oracle scanner will not have permission to perform inventory of that feature or option.

Script creating the user OSCAN and granting SELECT ANY privileges.

PROMPT

PROMPT Enter password for user OSCAN

PROMPT

SET TERMOUT OFF

define OSCAN_PASSWD=&1

CREATE USER OSCAN identified by &OSCAN_PASSWD;

GRANT CREATE SESSION TO OSCAN;

GRANT SELECT ANY TABLE to OSCAN;

GRANT SELECT ANY DICTIONARY to OSCAN;

SET TERMOUT ON

PROMPT

PROMPT User Created

PROMPT

of 13


When performing automatic Oracle inventory using the user that runs the database instance, the

required permissions are already granted to the user.

When performing Oracle inventory using a specific Oracle user, the user needs to be granted the

permissions required as illustrated in the section above (Oracle Inventory with specific user and

permissions).

In both cases the following tables are accessed and the user needs to be able to run select

queries towards these tables.

Below is a specification of tables and required permission for the Snow Inventory Oracle Scanner.

Table Required permission

all_objects Select

all_sdo_geom_metadata Select

all_views Select

dba_aws Select

dba_encrypted_columns Select

dba_feature_usage_statistics Select

dba_lob_partitions Select

dba_lob_subpartitions Select

dba_lobs Select

dba_segments Select

dba_sql_profiles Select

dba_tab_partitions Select

dba_tab_subpartitions Select

dba_tables Select

dba_tablespaces Select

dba_users Select

deferred_stg$ Select

gv$instance Select

gv$parameter Select

kopm$ Select

odm_document Select

odm_record Select

props$ Select

v$archive_dest_status Select

v$database Select

v$instance Select

v$license Select

v$option Select

v$parameter Select

v$sga Select

of 13


Table Required permission

v$version Select

v$session Select

v$session_connect_info Select

view$ Select

olapsys.dba$olap_cubes Select

lbacsys.lbac$polt Select

odm.odm_mining_model Select

dmsys.dm$object Select

dmsys.dm$p_model Select

dmsys.dm$model Select

dvsys.dba_dv_realm Select

model$ Select

sysman.mgmt_admin_license Select

sysman.mgmt_license_confirmation Select

sysman.mgmt_license_definitions Select

sysman.mgmt_licensed_targets Select

sysman.mgmt_licenses Select

sysman.mgmt_target_types Select

sysman.mgmt_targets Select

system.logstdby$parameters Select

of 13


The Snow Inventory Oracle Scanner can be configured by using a configuration file.

The configuration file is XML-based and contains the following tags:

Parameter Description

<SiteName> Snow Site Name. i.e. MyCorp

<OutputPath> Path to where output and log files will be placed.

<StoragePath> Path to where properties files will be placed.

<OracleScan> true/false. Default is true.

<OracleConfig> Main tag of all Oracle specific options.

Can be left out, for automatic inventory, if left out none of the

configuration below applies.

<DiscoverAllInstances> true/false. Must be present if OracleConfig is used.

<IncludeInstances> Only scan specified instances instead of all instances

(DiscoverAllInstances must then be set to false).

Can be left out.

<SID> Database instance SID. Can be repeated.

<ExcludeInstances> Exclude database instances from being scanned.

Can be left out.

<SID> Database instance SID. Can be repeated.

<DefaultInstanceCredentials> Default credentials to use when log into a database instance if

no specific credentials is specified for the specific instance.

Can be left out.

<User> Tag for specifying Oracle credentials

<Username> Oracle Username

<Password> Oracle password, encrypted (see section Encryption of

passwords)

<InstancesWithConfiguration> Credentials for specific database instances.

Can be left out.

<Instance> Database instance. Can be repeated.

<SID> Database instance SID.

<User> Oracle user. Entered as above.

<Username> User name

<Password> User password, encrypted (see section Encryption of passwords)

<OracleHome> Path to the Oracle home for the instance. Used if automatic

scanning doesn’t find the correct path.

of 13


The information from Snow Inventory Oracle Scanner will be integrated with the information

collected by the Snow Inventory Client.

Encryption of passwords used in the configuration file and on the command line can be achieved

by using a support program called snowcrypt which is available from Snow Support. It is a

Windows only program which is run from a command prompt.

The program is used in the following way, and the result is displayed on the next line of the

command prompt:

C:\Snowutils> snowcrypt encryptpass2 MyPassword 145f737f4f357d0ef01ffcc6ee8bd8576ebafcf8e36dfc5ed3c109bae2b24e6f5

Scheduling is handled in the document of the specific Snow Inventory Client that is used.

The Java Runtime 1.7.0_07 contains a defect with the consequence that the Oracle inventory does

not work. Any server running Java Runtime 1.7.0_07 must upgrade to a later Java Runtime version

for the Snow Inventory Oracle scanner to work properly.

There is a validation on the configuration xml file. This means that some items must be in a

specific order in the xml file. In case that a failure occurs related to the configuration file, please

check the order of the xml tags.

of 13


All active database instances on the server will be scanned.

The result and log file will be placed in the same directory as the Oracle scanner.

<?xml version="1.0" encoding="UTF-8"?>

<SnowConfig>

<SiteName>MyCorp</SiteName>

</SnowConfig>

of 13


All active database instances on server will be scanned, except for DbInstance1.

All instances will be scanned with the user Username 1 and corresponding password, except for

DbInstance2 that will be scanned with the user Username 2 and corresponding password.

The result and log file will be placed in the sub directory files.


<SnowConfig>


<OutputPath>files</OutputPath>

<OracleConfig>

<DiscoverAllInstances>true</DiscoverAllInstances>

<ExcludeInstances>

<SID>DbInstance1</SID>

</ExcludeInstances>

<DefaultInstanceCredentials>

<User>

<Username>Username 1</Username>

<Password>Password 2</Password>

</User>

</DefaultInstanceCredentials>

<InstancesWithConfiguration>

<Instance>


<User>



</User>

</Instance>

</InstancesWithConfiguration>

</OracleConfig>

</SnowConfig>

of 13


Only the database instances DbInstance1 and DbInstance2 on the server will be scanned.

Both instances have their own credentials configured.

The result and log file will be placed in the directory /var/log/sios.


<SnowConfig>


<OutputPath>/var/log/sios</OutputPath>

<OracleConfig>

<DiscoverAllInstances>false</DiscoverAllInstances>

<IncludeInstances>



</IncludeInstances>


<Instance>


<User>



</User>

</Instance>

<Instance>


<User>



</User>

</Instance>


</OracleConfig>

</SnowConfig>

of 13


Inventory of an Oracle database instance with the OracleHome parameter specified instead of

using automatic detection of Oracle Home.


< SnowConfig >


<OracleConfig>

<DiscoverAllInstances>true</DiscoverAllInstances>


<Instance>

<SID>MySid</SID>

<OracleHome>/opt/oracle/current</OracleHome>

</Instance>


</OracleConfig>

</SnowConfig>

Product Snow Inventory Oracle Scanner Automatic Oracle ... · PDF fileProduct Snow Inventory...

Documents

Transcript of Product Snow Inventory Oracle Scanner Automatic Oracle ... · PDF fileProduct Snow Inventory...