OCI CLI authentication for federated users

In this short blog post I will explain how to authenticate using a federated user instead of a local one.

Install your oci cli then run:

oci session authenticate

Inform the region your tenant is subscribed to, login to the console and define profile name that better suits you.

A config file will be saved on your computer.

You can test your access running:

oci iam region list --config-file <config> --profile <name> --auth security_token

The default token TTL is set to 1 hour before it expires and can be refreshed within the validity period up to 24 hours. To refresh the token run:

oci session refresh --profile <name>

Hope it helps !

GUOB Tech Day 2020

Em função da pandemia, o evento será online e gratuito.

Uma coisa não muda: continuara sendo o melhor evento técnico para usuários de tecnologia Oracle no Brasil.

Reserve a agenda no dia 15/08/2020 !

Inscreva-se (aqui) o quanto antes já que as vagas são limitadas.

A agenda pode ser visualizada em: http://www.guob.com.br/index.php?page=programacao

Esse ano minha palestra será às 14h, sobre dicas e truques na Oracle Cloud Infrastructure.

Tudo (ou quase tudo) que vou apresentar você não vai encontrar na documentação oficial.

Sabe aqueles macetes que você só descobre quando vai implementar um recurso?

A ideia é essa 🙂

Vai ser gravado ? O video será liberado posteriormente ? Não sei 🙂

Melhor garantir e assistir online !

OCE – Maximum Availability Certified Expert

Oracle Certified Expert exams were the most difficult ones I’ve ever done in my life.

There are two reasons for that:

1. A lot of content to cover

2. Exams requires deep hands-on experience

To achieve the Oracle Database 12c Maximum Availability Certified Expert Certification, you must complete ALL three certifications below:

1. Oracle Database 12c Administrator Certified Professional

2. Oracle Certified Expert, Oracle Database 12c: RAC and Grid Infrastructure Administration

3. Oracle Certified Expert, Oracle Database 12c: Data Guard Administration

and yesterday I finally passed the Oracle 12c Data Guard exam.

What did I do to prepare for the exams ?

I read the training material twice.

I read a lot of information on the official documentation.

I’ve created a LAB to test all features and scenarios.

And of course, I’ve been working with both RAC and Data Guard for a long time.

I strongly agree with my Brazilian friend Alex Zaballa: stay away from brain-dumps !

You will fail the exam during this process (as I did) but you will get there !

Let’s celebrate 🙂

Change TZ on Oracle Restart and Oracle RAC

If you need to change the timezone on a server running an Oracle DB be careful to change it properly for Oracle Restart and Oracle RAC, otherwise you will end up getting incorrect values when connecting via Listener.

To change the TZ on OEL 7 to MST TZ:

timedatectl set-timezone America/Phoenix

Date command on OS will return the correct date:

[oracle@dbserver]$ date
Thu Jun 25 18:56:48 MST 2020

To configure TZ for Oracle Restart/RAC:

srvctl setenv database -d rspaws -t 'TZ=America/Phoenix'
srvctl setenv listener -l LISTENER -t 'TZ=America/Phoenix'

Check new values:

srvctl getenv database -d rspaws
srvctl getenv listener

Then restart the services:

srvctl stop listener -l LISTENER
srvctl start listener -l LISTENER

srvctl stop database -d rspaws
srvctl start database -d rspaws

Connect to the db using using the listener:

sqlplus system@rspaws

alter session set nls_date_format = 'dd/mm/yyyy hh24:mi:ss';

!date

select sysdate from dual;

Date output should match between OS and Oracle.

If you don’t use Oracle Restart/RAC then changing the TZ at OS level is enough to make Oracle aware of the new date.

I’ve tested this procedure on Oracle 12.1, Oracle 12.2 and Oracle 18c with GI 18c.

Enjoy!

Uploading files to MOS

I want to share a very useful tip on how to upload file to MOS.

I think most people use the browser interface to upload to support.oracle.com website.

But if you want to upload the file from the Linux host itself or file is larger then 2Gb, go with curl instead.

Sintaxe is:

curl -T <file> -u <metalink_id> https://transport.oracle.com/upload/issue/<SR_number>/

example:

curl -T /var/tmp/sosreport-c0329121-3-23234203192-2020-06-02-edpizve.tar.xz -u rogerio.eguchi@velocitycloud.com https://transport.oracle.com/upload/issue/3-23223232323/

You just need to inform your password.

Relying on this approach will save you time as you don’t have to download the file(s) to the laptop then upload to the Oracle Support.

Easier, right ?

Fixing udev asm rules with kfed

I’ve been working on a very interesting project: DRaaS (Disaster Recovery as a service)

Yes, that is it. We are configuring a DR on AWS for a huge on-premises SAP system.

Regarding Oracle, we are relying on two technologies:

AWS CloudEndure

Oracle DataGuard

So during a test cutover using CloudEndure, we realised that the on-premises server was using udev rules and iSCSI protocol to access the storage.

On AWS EBS you don’t this option so a config change must be made for disks to be available to ASM.

Oracle ASM kfed to the rescue !

But what is kfed ?

It is an Oracle ASM tool to gather ASM disk header information when ASM diskgroups can not be mounted.

Script to fix the udev rules:

_kfed="$(grep ^+ASM /etc/oratab | cut -d\: -f 2)/bin/kfed"
for disk in `blkid | grep oracleasm | awk -F\: '{print $1}'`;do
device_name=`echo $disk | sed 's,/dev/,,g'`
echo -n "KERNEL==\"$device_name\", OWNER=\"grid\", GROUP=\"asmadmin\", MODE=\"0664\", SYMLINK+=\"oracleasm/disks/"
$_kfed read $disk 2>/dev/null | grep dskname | awk '{print $2 "\""}'
done > /etc/udev/rules.d/99-asm.rules

After fixing udev asm rule, you must reload the rules with:

udevadm control --reload-rules
udevadm trigger

And check if Oracle ASM disks permissions are correct on /dev

For more information on ASM tools you can check MOS: ASM tools used by Support : KFOD, KFED, AMDU (Doc ID 1485597.1)

OCI – Patching a DB System

On this blog post I will write detailed steps on how to apply patches on bare metal/virtual machine DB systems and database homes by using DBCLI.

Yes, I enjoy the black screen 🙂

No, this is not the only option. You can also use Console and API’s.

This procedure is not applicable for Exadata DB systems.

Prerequisites

1) Access to the Oracle Cloud Infrastructure Object Storage service, including connectivity to the applicable Swift endpoint for Object Storage. Oracle recommend using Service Gateway to enable this access.

2) /u01 FS with at least 15Gb of free space

3) Clusterware running

4) All DB system nodes running

Backup

Backup your database prior to the patch event.

Non Prod first

Test this patch on non prod (or test) server first

Patching

1) Update the CLI

 cliadm update-dbcli

2) Wait the job to complete

dbcli list-jobs

3) Check for installed and available patches

dbcli describe-component

4) Display the latest patch versions available

dbcli describe-latestpatch

5) Run pre check

dbcli update-server --precheck

Example:

run describe-job to check job status:

dbcli describe-job -i <jobId>

Example:

6) Update the server components. This step will patch GI.

dbcli update-server

Example:

Once successfully completed proceed with DB home patching.

7) List db homes

dbcli list-dbhomes

8) Run update home on select OH

dbcli update-dbhome -i <Id>

Example:

And check status with describe-job command:

Logs

You can find the DCS Logs at:

/opt/oracle/dcs/log/

Under the hood dbcli relies on opatchauto so you can also check $ORACLE_HOME/cfgtoollogs/opatchauto directory for logs.

There is also a nice doc about troubleshooting in case something goes wrong.

ORA-06508: PL/SQL: could not find program unit being called: “SYS.DBMS_CUBE_EXP”

If you get the error above when running expdp you most likely have OLAP objects remaining in data dictionary while OLAP is not installed or was de-installed.

In my situation, this have happened on Oracle 12.2 but it can also happen on 11.2

This can be confirmed if query below return rows:

SELECT * FROM SYS.EXPPKGACT$ WHERE PACKAGE = 'DBMS_CUBE_EXP';

To fix it, just run:

# backup exppkgact$_bck table
create table exppkgact$_bck as select * from exppkgact$;

# delete DBMS_CUBE_EXP from exppkgact$
delete from exppkgact$ where package = 'DBMS_CUBE_EXP' and schema = 'SYS';

commit;

And run expdp again.

DB system – OS patching

When using Oracle Cloud Database Services VM or Bare Metal, customer is responsible for OS updates and GI/DB patches so let’s first go through the steps to update an OL7 server.

This procedure is not applicable for Exadata DB systems.

General Recommendations

1) Don’t touch oraenv or .bash_profile

2) Don’t touch default local firewall rules

Backup

Backup your db prior to the OS update

NonProd first

Test this procedure on non prod server first

OS Update

1) Check if kernel is 4.1.12-124.27.1.el7uek then you need to change the bootefi label before updating the OS.

uname -r

To change bootefi label:

Edit /etc/fstab: Change the label bootefi to BOOTEFI (uppercase), reboot the server and run ls -l /etc/grub2-efi.cfg to check required link was created.

2) Run command below to identify the region server is running:

curl -s http://169.254.169.254/opc/v1/instance/ |grep region

3) Download the repo file and cp to yum dir:

wget https://swiftobjectstorage.<region>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/oci_dbaas_ol7repo -O /tmp/oci_dbaas_ol7repo

and copy it to yum dir

cp /tmp/oci_dbaas_ol7repo /etc/yum.repos.d/ol7.repo

4) Download the version lock files and overwrite existing one:

wget https://swiftobjectstorage.<region>.oraclecloud.com/v1/dbaaspatchstore/DBaaSOSPatches/versionlock_ol7.list -O /tmp/versionlock.list

cp /etc/yum/pluginconf.d/versionlock.list /etc/yum/pluginconf.d/versionlock.list-`date+%Y%m%d`
cp /tmp/versionlock.list /etc/yum/pluginconf.d/versionlock.list

5) run YUM update

yum update

6) reboot

7) check new kernel version

uname -r

Hopefully I can rely on OS Management to update this type of server next time 🙂 So stay tuned !