1. Download Oracle Linux ISO image from Oracle eDelivery: https://edelivery.oracle.com/
2. Mount an ISO image in a virtual machine of your choice and boot the installer
Personally I use Oracle VirtualBox https://www.virtualbox.org
At this moment we have “fresh” installation of the Oracle Linux. System is up and running.
By selecting oracle-rdbms-server-11gR2-preinstall
rpm package during the installation process we have completed most of the pre-installation configuration tasks including:
Let’s take a look and verify oracle account details:
[[email protected] ~]# id oracle uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba)
Create additional groups and users
[[email protected] ~]# groupadd -g 54323 oper [[email protected] ~]# groupadd -g 54324 grid [[email protected] ~]# groupadd -g 54325 asmdba [[email protected] ~]# groupadd -g 54326 asmoper [[email protected] ~]# groupadd -g 54327 asmadmin #alter oracle account for Job Role Separation (JRS) environments (Doc ID 1177483.1) [[email protected] ~]# usermod -m -u 54321 -g oinstall -G asmdba,dba oracle #Grid user account (ASM admin) [[email protected] ~]# useradd -m -u 54322 -g oinstall -G asmadmin,asmdba,asmoper,dba -d /home/grid -s /bin/bash grid
The password of an oracle account is unknown. We can switch to a root account and change it, but good practice is to keep that password unknown. Instead, we will allow a regular user to switch to an oracle account using sudo program. This way we can control access to an oracle account. Only users who belong to a dba group would be allowed to switch to an oracle account and work as a dba user. Next to that users who belongs to “wheel” group will be allowed to switch to a root account.
As described in this article Oracle user account – Linux good practice let’s do this.
Our existing regular user account is “neo”
[[email protected] ~]$ su - Password:******* [roo[email protected] ~]# id neo uid=500(neo) gid=500(users) groups=500(users)
Assign a regular user “neo” to new groups; dba and wheel
[[email protected] ~]# usermod -g users -G dba,wheel,asmdba neo [[email protected] ~]# id neo uid=500(neo) gid=500(users) groups=500(users),10(wheel),54322(dba),54325(asmdba)
Now we have to modify /etc/sudoers file to allow users in dba and wheel group (optional) to use sudo (do not edit that file manually, use visudo command instead):
[[email protected] ~]# visudo visudo: /etc/sudoers.tmp unchanged #Add the following lines and save changes #dba %dba ALL = /bin/su - oracle, !/bin/su *root* #asmdba %asmdba ALL = /bin/su - grid, !/bin/su *root* #wheel (optional) %wheel ALL = /bin/su -
Login as a regular user “neo” and test switching between oracle, grid and root accounts:
#Sudo to an oracle account [[email protected] ~]$ sudo su - oracle [sudo] password for neo:******* [[email protected] ~]$ logout [[email protected] ~]$ #sudo to a grid account: [[email protected] ~]$ sudo su - grid [[email protected] ~]$ logout #sudo to a root account [[email protected] ~]$ sudo su - [[email protected] ~]# logout [[email protected] ~]$
Next, update hosts file /etc/hosts and add a fully qualified name for the server (as root)
#/etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.2.130 demo.zion.local demo
Set secure Linux to permissive
edit “/etc/selinux/config” file and set SELINUX = permissive
[[email protected] ~]# vi /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. #SELINUX=enforcing SELINUX=permissive # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
To apply changes, restart the server or execute the following command:
[[email protected] ~]# setenforce Permissive
Disable firewall. We assume our network is protected by a global “zion.enterprise” firewall.
[[email protected] ~]# # service iptables stop [[email protected] ~]# service iptables stop iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] [[email protected] ~]# chkconfig iptables off
Setting environment variables for particular accounts and directory structure will depend on the Oracle product we will be installing, however we could create the ORACLE_BASE common directory:
[[email protected] ~]# mkdir -p /u01/app/oracle/product [[email protected] ~]# chown -R oracle:oinstall /u01 [[email protected] ~]# chmod -R 775 /u01
We are ready to go. At this moment we have pretty decent Oracle Linux server “seed” ready to be cloned and used for Oracle Products installations.
Reference Linux Installation Guides
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.