Oracle recommends installing Oracle Linux and Red Hat Enterprise using the default software package selection without any customization. Using the default software packages without customizations includes most of the prerequisite packages for Oracle Enterprise Manager 12c and helps limit the number of manual prerequisite checks. After an Oracle Linux and/or Red Hat Enterprise Linux installation, Oracle recommends to register your server with the Unbreakable Linux Network (ULN) and to install the Legacy Software Development packages by typing “up2date -i @ Legacy Software Development“ or if you have a local yum repository type “yum groupinstall "Legacy Software Development"” to install most of the remaining Oracle technology product prerequisite packages. Once the Legacy Software Development packages are installed, install the oracle-validated RPM to meet all of the remaining Oracle Enterprise Manager 12c prerequisite packages.
oracle-validated RPM
The oracle-validated RPM simplifies meeting the software and system configuration prerequisites for installing the Oracle Enterprise Manager 12c Infrastructure and the Oracle Database. Installing the oracle-validated RPM automatically installs all of the software RPM prerequisites for the Oracle Enterprise Manager 12c Infrastructure and the Oracle Database as well as meeting the system configuration prerequisites, such as creating an oracle user and the oinstall and dba groups, configuring the sysctl.conf settings, system startup parameters, user limits, and driver parameters.
The oracle-validated RPM is available at the Oracle Unbreakable Linux Network, on the Oracle Linux media, and from the Oracle public yum repository. The oracle-validated RPM can be installed from the Oracle Unbreakable Linux Network by typing "up2date --install oracle-validated", ULN registration and a valid Linux CSI is required. If you do not have access to Oracle Unbreakable Linux Network, the oracle-validated RPM can be installed from a local DVD repository as well as from Oracle' public yum repository.
Oracle Linux maintains yum repository lists in the /etc/yum.repos.d/ directory. For
example, to setup a DVD repository, mount the Oracle Linux 5.x DVD, and create a file in the /etc/yum.repos.d/<MY FILE>.repo directory that instructs the yum client to use the DVD repository. The next examples shows the syntax of a .repo file pointing to a mounted Oracle Linux DVD in the /mnt/dvd/ directory.
# cat /etc/yum.repos.d/ol-5U7-dvd.repo [ol5_u7_dvd]
name=Oracle Linux $releasever - $basearch baseurl=file:///mnt/dvd/Server/
enabled=1 gpgcheck=1
Before installing the oracle-validated RPM, clean the yum cache by typing “yum clean all” to re-read the repodata and caches. Once the DVD is mounted and the <MY FILE>.repo file is created, type “yum install oracle-validated” to install the oracle-validated RPM. To install the oracle-validated RPM from the public yum repository, as root, change to the /etc/yum.repos.d/ directory and type “wget http://public-yum.oracle.com/public-yum- el5.repo” to download the public-yum-el5.repo file. Next, edit the public-yum-el5.repo file and enable the base repository for your Oracle Linux version by changing enabled=0 to enabled=1.
The next examples shows the public-yum-el5.repo file. # vi /etc/yum.repos.d/public-yum-el5.repo
[el5_ga_base]
name=Enterprise Linux $releasever GA - $basearch - base
baseurl=http://public-yum.oracle.com/repo/EnterpriseLinux/EL5/0/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0 [el5_u1_base]
name=Enterprise Linux $releasever U1 - $basearch - base
baseurl=http://public-yum.oracle.com/repo/EnterpriseLinux/EL5/1/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0 [el5_u2_base]
name=Enterprise Linux $releasever U2 - $basearch - base
baseurl=http://public-yum.oracle.com/repo/EnterpriseLinux/EL5/2/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0 [el5_u3_base]
name=Enterprise Linux $releasever U3 - $basearch - base
baseurl=http://public-yum.oracle.com/repo/EnterpriseLinux/EL5/3/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0 [el5_u4_base]
name=Enterprise Linux $releasever U4 - $basearch - base
baseurl=http://public-yum.oracle.com/repo/EnterpriseLinux/EL5/4/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
enabled=0 [el5_u5_base]
name=Enterprise Linux $releasever U5 - $basearch - base
baseurl=http://public-yum.oracle.com/repo/EnterpriseLinux/EL5/5/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0 [ol5_u5_base]
name=Oracle Linux $releasever - U5 - x86_64 - base
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL5/5/base/x86_64/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0 [ol5_u6_base]
name=Oracle Linux $releasever - U6 - $basearch - base
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL5/6/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0 [ol5_u7_base]
name=Oracle Linux $releasever - U7 - $basearch - base
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL5/7/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0 [el5_addons]
name=Enterprise Linux $releasever - $basearch - addons
baseurl=http://public-yum.oracle.com/repo/EnterpriseLinux/EL5/addons/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0
[el5_oracle_addons]
name=Enterprise Linux $releasever - $basearch - oracle_addons
baseurl=http://public-yum.oracle.com/repo/EnterpriseLinux/EL5/oracle_addons/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=0
Tip: Enable a repository by changing enabled=0 to enabled=1. Enable the base repository
for the Oracle Linux version being used. The next examples shows how to enable the Oracle Linux 5U7 base repository.
[ol5_u7_base]
name=Oracle Linux $releasever - U7 - $basearch - base
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL5/7/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=1
The next examples shows how to enable the Oracle Linux 5U6 base repository. [ol5_u6_base]
name=Oracle Linux $releasever - U6 - $basearch - base
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL5/6/base/$basearch/ gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
gpgcheck=1 enabled=1
Once you have enabled the desired base repository by changing enabled=0 to enabled=1, clean the yum cache by typing “yum clean all” to re-read the repodata and caches. Next, type “yum install oracle-validated” to install the oracle-validated RPM.
iptables
iptables is a userspace firewall application used to configure the Linux IPv4 and IPv6 packet filtering rulesets. iptables is installed and enabled by default on Oracle Linux with a default policy and ruleset in /etc/sysconfig/iptables. iptables rules can be configured at the command line as well as with the system setup utility, i.e. "/usr/bin/setup".
Host firewalls, for example iptables, are a fundamental part of an information security program. If your information security program requires host firewalls, a best practice is to configure host firewalls during the last phase of the Enterprise Manager deployment. iptables can be disabled by typing the following command as root.
# service iptables stop && service ip6tables stop && chkconfig iptables off && chkconfig ip6tables off
iptables can be re-inabled by typing the following command as root.
# service iptables start && service ip6tables start && chkconfig iptables on && chkconfig ip6tables on
SELinux
Security Enhanced Linux (SELinux) is a default Linux feature that offers mandatory access controls, using Linux kernel security modules (LSM) along with user-space tools. Starting with Oracle Database 11g Release 2 (11.2), Security Enhanced Linux is supported for Oracle Linux 4, Red Hat Enterprise Linux 4, Oracle Linux 5, and Red Hat Enterprise Linux 5. Security Enhanced Linux is not supported for the Oracle Enterprise Manager 12c Oracle Management Service.
Mandatory access controls, for example Security Enhanced Linux, may be a part of your organizations information security program. If your information security program requires mandatory access controls for the 12c Oracle Management Repository, a best practice is to configure Security Enhanced Linux during the last phase of the Enterprise Manager
deployment.
Security Enhanced Linux can be temporarily disabled by typing "echo 0 >
/selinux/enforce", as root. Security Enhanced Linux can be re-enabled by typing "echo 1 > /selinux/enforce", as root.
Security Enhanced Linux can be permanently disabled by changing the
"SELINUX=enforcing" entry to "SELINUX=disabled" in the "/etc/selinux/config" file. Security Enhanced Linux can be re-enabled by changing the "SELINUX=disabled" entry to "SELINUX=enforcing" in the "/etc/selinux/config" file. A re-boot is required after
changing the "SELINUX=” value to enable to new settings.
/etc/hosts
Oracle technology products, including Oracle Enterprise Manager, rely on a properly formatted /etc/hosts file which allows the host to be pingable, with long and short host names. The host name in the /etc/hosts file must be associated with the server's public IP address.
The next example shows the proper syntax from a /etc/hosts file. Note that the localhost entries are one one line, and the IP address with the long and short names are on the next line.
127.0.0.1 localhost.localdomain localhost 192.168.4.8 servername.com servername
The next example shows an improperly formatted /etc/hosts file. Note that the long and short names are on the same line as the localhost entries.
127.0.0.1 servername.com servername localhost.localdomain localhost 192.168.4.8 servername.com servername
The /etc/hosts file can be edited by the root user bu typing “vi /etc/hosts”, as shown in the next example.
# vi
127.0.0.1 localhost.localdomain localhost 192.168.4.8 servername.com servername :wq!
Adjust the Shared Memory File System for the Database Host
To meet the Oracle Management Repository configuration requirements, the shared memory file system size should be increased to 4 GB.
Note: The shared memory file system size needs to be increased only on the Database host.
To check the current size of the shared memory file system, type “df -k /dev/shm” as shown in the next example.
# df -k /dev/shm
Filesystem 1K-blocks Used Available Use% Mounted on tmpfs 3056052 0 3056052 0% /dev/shm
The above examples shows a 3 GB shared memory file system.
To set the shared memory file system size to 4 GB, as root, type the following commands. # umount tmpfs
# mount -t tmpfs shmfs -o size=4g /dev/shm
Next, add the following entry in /etc/fstab to automatically mount the 4 GB shared memory file system.
tmpfs /dev/shm tmpfs size=4g 0 0
Creat the Required Directories using the Optimal Flexible Architecture (OFA) Standard
The Optimal Flexible Architecture (OFA) standard is a set of file naming recommendations for managing Oracle installations. The Optimal Flexible Architecture standard offers mount point, directory, and file-naming conventions that work with the Oracle Universal Installer. The Optimal Flexible Architecture includes where to install each part of each Oracle product including the storage of the applications and the data.
To create the directories for Oracle software installation using the Optimal Flexible Architecture standard, as root, type the following commands.
# mkdir -p /u01/app/oracle/product/ # chown -R oracle:oinstall /u01 # chmod -R 775 /u01
SSH and X11 Forwarding
Installing the Oracle Enterprise Manager 12c components using the Oracle Universal Installer (OUI) GUI requires local or remote access to the server' console or a remote X Windows (X11) session. This section reviews how to configure Oracle Linux to install the Oracle Enterprise Manager 12c components remotely, using ssh and X11 forwarding. SSH and X11 forwarding enables the redirection of an X11 session from a remote Oracle Linux machine to a local desktop. For example, from a local desktop, ssh to a remote Oracle Linux server using X11 forwarding and run the Oracle Universal Installer, i.e. by typing “./runInstaller”. The Oracle Universal Installer will be displayed on the local desktop and the Oracle Enterprise Manager 12c components can be installed on the remote Oracle Linux server.
On the Oracle Linux server, enable X11 forwarding in the /etc/ssh/sshd_config by adding "ForwardX11 yes" to the file as shown in the next example.
Change
#X11Forwarding no to
X11Forwarding yes
Once the "ForwardX11 yes" entry has been added to the /etc/ssh/sshd_config file, restart ssh by typing "service sshd restart" to enable X11 forwarding. With X11 forwarding enabled, the Oracle Universal Installer (OUI) GUI can be exported from the Oracle Linux server to your local desktop.
To enable X11 forwarding from a Linux desktop, use the "-X" switch with ssh. For
example, type "ssh -X oracle@<ORACLE LINUX SERVER>" to create a ssh tunnel with X11 forwarding. If your using a Windows PC, a PC X Server like XMing is required to run an X Windows session, along with an ssh client like putty that supports X11 forwarding.
Oracle Database 11g Enterprise Edition R2 (11.2.0.1.0) Installation
This section walks through the installation of Oracle Database 11g Release 2 (11.2.0.2.0) using the Oracle Universal Installer (OUI) on Oracle Linux 5U7.
With the software downloaded and staged for the Oracle Linux host, as the oracle user, run the runInstaller script by typing "./runInstaller" as shown in the next example.
# ssh -X oracle@<DATABASE HOST> $ cd /u01/app/stage/database
$ ./runInstaller
Starting Oracle Universal Installer...
Checking Temp space: must be greater than 120 MB. Actual 3967 MB Passed Checking swap space: must be greater than 150 MB. Actual 6189 MB Passed
Checking monitor: must be configured to display at least 256 colors. Actual 16777216 Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2011-11-30_04-53- 29PM. Please wait ...
On the Configure Security Updates screen, to receive support information (optional), enter your email address and My Oracle Support password and click the Next button, or uncheck the I wish to receive security updates via My Oracle Support checkbox and click the Next button.
Figure 2
On the Select Install Option screen, select Create and configure a database. Click the
Next button to proceed.
On the System Class screen, select the Server Class option. Click the Next button to proceed.