Linux Articles, Oracle November 22, 2013 3

Installing Oracle Linux 6 and preparing for Oracle Software installations

This article describes installation of Oracle Linux 6 and initial preparation for further Oracle software installations, like Oracle Databases, WebLogic Servers, Fusion Middleware software, clustered infrastructures. It will serve as a seed OS which I will be cloning for further Oracle software installations without a need to install OS from scratch each time I need a new host.

1. Download Oracle Linux ISO image from Oracle eDelivery: https://edelivery.oracle.com/

2. Mount an ISO image in a virtual machine of your choice and boot the installer

Personally I use Oracle VirtualBox https://www.virtualbox.org

At this moment we have “fresh” installation of the Oracle Linux. System is up and running.

By selecting oracle-rdbms-server-11gR2-preinstall rpm package during the installation process we have completed most of the pre-installation configuration tasks including:

  • installation of required software packages needed for database installation, with all dependencies
  • oracle account creation and groups: oinstall, dba
  • kernel parameters modification in /etc/sysctl.conf
  • settings for hard and soft shell resource limits in /etc/security/limits.conf
  • set of numa=off in the kernel boot parameters (for x86_64)

Let’s take a look and verify oracle account details:

[[email protected] ~]# id oracle
uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba)

Create additional groups and users

[[email protected] ~]# groupadd -g 54323 oper
[[email protected] ~]# groupadd -g 54324 grid
[[email protected] ~]# groupadd -g 54325 asmdba
[[email protected] ~]# groupadd -g 54326 asmoper
[[email protected] ~]# groupadd -g 54327 asmadmin

#alter oracle account for Job Role Separation (JRS) environments (Doc ID 1177483.1)
[[email protected] ~]# usermod -m -u 54321 -g oinstall -G asmdba,dba oracle

#Grid user account (ASM admin)
[[email protected] ~]# useradd -m -u 54322 -g oinstall -G asmadmin,asmdba,asmoper,dba -d /home/grid -s /bin/bash grid

 The password of an oracle account is unknown. We can switch to a root account and change it, but good practice is to keep that password unknown. Instead, we will allow a regular user to switch to an oracle account using sudo program. This way we can control access to an oracle account. Only users who belong to a dba group would be allowed to switch to an oracle account and work as a dba user. Next to that users who belongs to “wheel” group will be allowed to switch to a root account.

As described in this article Oracle user account – Linux good practice let’s do this.

Our existing regular user account is “neo”

[[email protected] ~]$ su -
Password:******* 
[roo[email protected] ~]# id neo
uid=500(neo) gid=500(users) groups=500(users)

Assign a regular user “neo” to new groups; dba and wheel

[[email protected] ~]# usermod -g users -G dba,wheel,asmdba neo
[[email protected] ~]# id neo
uid=500(neo) gid=500(users) groups=500(users),10(wheel),54322(dba),54325(asmdba)

Now we have to modify /etc/sudoers file to allow users in dba and wheel group (optional) to use sudo (do not edit that file manually, use visudo command instead):

[[email protected] ~]# visudo
visudo: /etc/sudoers.tmp unchanged

#Add the following lines and save changes

#dba
%dba ALL = /bin/su - oracle, !/bin/su *root*

#asmdba
%asmdba ALL = /bin/su - grid, !/bin/su *root*

#wheel (optional)
%wheel ALL = /bin/su -

Login as a regular user “neo” and test switching between oracle, grid and root accounts:

#Sudo to an oracle account
[[email protected] ~]$ sudo su - oracle
[sudo] password for neo:******* 
[[email protected] ~]$ logout
[[email protected] ~]$

#sudo to a grid account:
[[email protected] ~]$ sudo su - grid
[[email protected] ~]$ logout

#sudo to a root account

[[email protected] ~]$ sudo su -
[[email protected] ~]# logout
[[email protected] ~]$

Next, update hosts file /etc/hosts and add a fully qualified name for the server (as root)

#/etc/hosts
127.0.0.1       localhost.localdomain  localhost
192.168.2.130   demo.zion.local    demo

Set secure Linux to permissive

edit “/etc/selinux/config” file and set SELINUX = permissive

[[email protected] ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.

#SELINUX=enforcing
SELINUX=permissive

# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

To apply changes, restart the server or execute the following command:

[[email protected] ~]# setenforce Permissive

Disable firewall. We assume our network is protected by a global “zion.enterprise” firewall.

[[email protected] ~]# # service iptables stop
[[email protected] ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[[email protected] ~]# chkconfig iptables off

Setting environment variables for particular accounts and directory structure will depend on the Oracle product we will be installing, however we could create the ORACLE_BASE common directory:

[[email protected] ~]# mkdir -p /u01/app/oracle/product
[[email protected] ~]# chown -R oracle:oinstall /u01
[[email protected] ~]# chmod -R 775 /u01

We are ready to go. At this moment we have pretty decent Oracle Linux server “seed” ready to be cloned and used for Oracle Products installations.

Reference Linux Installation Guides

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close