IOUG SELECT Journal articles on RAC

Here’s a good reason to become an IOUG member or, if you already are a member, a good reason to dig out that username/password to the IOUG website. The most recent issue of the IOUG publication SELECT Journal contains several great articles (if I do say so myself) about Oracle RAC.

I contributed one article titled “RAC For Beginners: The Basics” and also helped identify the other contributors to help give the issue a significant focus on RAC. It was a great coincidence that the issue came out just before the RAC Attack! event we held in early August. Each attendee at that event received a copy of the issue as part of their event registration.

You’ll need your IOUG login in order to read the articles, but you can at least browse the article titles on the SELECT Journal website without logging in. If you aren’t an IOUG member, you should consider joining–SELECT Journal is just one of many member benefits.

For potential authors reading this entry, SELECT Journal contributing authors do receive some nice gifts like an exclusive embroidered shirt and other goodies in addition to the 15 minutes of fame (actually 3 months since it’s a quarterly publication!). Hope you enjoy the article and if you have suggestions for improving it, please let me know directly via email.

Also, don’t forget to check out the Oracle RAC SIG website and sign up for membership there to access our document library of more great articles like the ones featured in SELECT.

Concatenating lines in ldapsearch results

Many of us have had reasons to migrate Oracle Application Server (specifically, Portal) environments from one server or group of servers to another. This is often the case when hardware upgrades are needed and the whole environment must be moved to another set of hosts.

Recently, I was helping move an Oracle Portal (10.1.2.0.2) environment from one host to another. This was due to a company spin off, so the “sticky” part of this move was that the domain name and resulting realm changed (more on that in a minute).

First, if you’ve had to perform this task, you should have already identified Metalink Note 251776.1 which describes the process necessary for moving users and groups from one OracleAS Infrastructure to another. The note’s step 3 mentions that the LDIF file must be edited to replace all references to the old realm with the new realm in the target system. However, this can prove difficult if you do actually have to change the realm name because of the way that ldapsearch produces output. The LDIF standard specifies that lines can be continued on the following line if a space is the first character on the line. The corresponding ldapadd command can properly import lines that are broken into multiple lines, but the standard search and replace tools (in notepad, vi or any other standard text editor) can’t find the occurrences properly to replace them. So, some entries are able to be replaced easily like this one (assume we need to replace “dc=dannorris,dc=local” with “dc=newcorp,dc=com“): Continue reading “Concatenating lines in ldapsearch results”

ORA-1555 after switchover to standby

This week started with diagnosing an interesting situation that didn’t seem to be talked about much (maybe because it is a relatively “old” problem–explanation in a minute), so I thought I’d share the experience for everyone’s benefit.

The situation involves a 10.2.0.1 (<gasp>) database on Linux 32-bit RHEL 4. The database is in flashback mode and has a single physical standby database with Data Guard configured in maximum availability mode. The standby was configured relatively recently and had never been tested with a switchover. The switchover was scheduled and conducted without much issue. Continue reading “ORA-1555 after switchover to standby”

Corrupt download caused installation to hang, unzip lessons learned

I’m posting this because apparently it hasn’t happened to anyone else except me (heavens knows I searched for help!). The root cause certainly wasn’t obvious to me, so hopefully, this will help someone (maybe me, once I forget about it).

All I needed to do was install a default Oracle Database 11g R1 environment with a starter database for some experimentation. Seems simple.

I had archived a copy of linux_11gR1_database.zip from OTN, so I copied that to my Oracle Enterprise Linux 5 U1 virtual machine and unzipped it (no errors or warnings, mind you). I proceeded to launch the installer as the oracle user and it ran me through the 4-6 screens of questions, prerequisite checks, etc, then the summary screen and started installing. The progress bar on the first task (copying files or similar) quickly progressed to 38% and then stopped…forever (I waited an hour). Continue reading “Corrupt download caused installation to hang, unzip lessons learned”

When I conduct an interview…

This post is a follow up to a thread (“How do you conduct technical interviews?”) that carried on for quite a while on the Oracle-L mailing list (you should consider joining if you aren’t already on the list). Here is my contribution to the discussion that started with the eternal question “How do you find the person with the right attitude, not just technical skills?”

As has been said often, there are no silver bullets and your “gut” feeling has to play at least some part. Here are some of my thoughts (in no particular order) on how I typically conduct interviews (I interview consultant candidates, but IT candidates wouldn’t be much different):

  • My mindset in the interview is about determining whether this person has a high capacity to learn new things quickly and apply/adapt them. This is almost always more important than the knowledge they have in their head now, because at least some significant part of the detail they know will be obsolete or changed in the coming months/years. Continue reading “When I conduct an interview…”

Security can be basic

Sometimes I think that people think of security, especially database security, as a domain for the highly-skilled consultant. However, sometimes it is the most basic little things that need attention and it doesn’t require a high-priced, highly skilled consultant to figure it out.

Case in point: I recently arrived at a new customer site to help them with some database issues. They have a development environment, test environment, production database, and a clone of production they use for reporting. To get started, they sent me the TNS entries for each of these four databases. I didn’t have any usernames or passwords, so I was still in a holding pattern. Since I was using instantclient, I didn’t have tnsping, but I still wanted to verify that the TNS entries were created properly and that I had connectivity. So, I thought I’d just use scott/tiger to test and expected the ORA-01017 (invalid username/password) error.

I tried development, ORA-01017 which confirmed that the TNS entry was correct, but there was no scott/tiger account (or at least the password wasn’t tiger). Tried the test database, same result. The reporting database, same result. (You can see the punchline coming, right?) I tried the production database and, wouldn’t you know it, I got connected using the scott/tiger account! I was so shocked I think I let out a little yelp of disbelief.

So, for all the DBAs tuned in: here’s a quick and easy way to make things better (maybe still insufficient, but at least safER than now). Lock all the accounts that are not in use or that you can’t confirm are in use. If you need a hint: alter user scott account lock;. If you still don’t get it, then prepare your resume :). If you can’t confirm that the account is needed, lock it. When someone complains, unlock it (yes, it’s that easy). If they go to your boss to complain, explain that you did what you did in the name of database and data security (which is true) and you’ll generally avoid punishment.

If you aren’t sure whether the account is one of Oracle’s built-in, default accounts, consult Pete Finnigan’s lists. For more information, check out Project Lockdown, Oracle 11g Database Security Guide, and Pete Finnigan’s list of whitepapers and presentations. You can’t mention Oracle Security without a link to Mary Ann Davidson’s blog which is both informative and often entertaining.

Feel free to submit your horror story in comments. This same scenario happens all the time, but this time just seemed too silly to keep it a secret. No, I won’t tell you who the customer was :).

IOUG RAC Attack! Register Now!

The Oracle RAC SIG and the IOUG are co-sponsoring the IOUG “RAC Attack” event and if you haven’t yet heard about it, you might want to check it out. The event runs for 2 days, August 4-5, in downtown Chicago and will bring together some excellent presenters as well as the opportunity for hands-on experiences via the hands-on labs that run throughout the event. See the RAC Attack web page for more details on the event.

As one of the RAC SIG board members, I’ve been involved with the planning and development of this event over the last 9 months and I think it’s going to be one of the best opportunities to get focused, high-quality education on RAC available today. Plus, you’ll get the chance to network with a group of people that are focused on RAC and it’s uses.

Of course, I’ll be there, so if you do make it to the event, please be sure to say hello. I’ll likely spend much of my time in the hands-on lab (when I’m not presenting my technical session) helping those that need it to build their cluster, test backup and recovery or exercise some new features.

Hope to see you there!

TNS Listener Configuration for Oracle RAC

I’ve been to more than one RAC customer site and seen several different ways to misconfigure the listeners for a RAC cluster. This post describes how I usually configure the listeners and their associated instance parameters normally. This really has nothing to do with TAF or connection load balancing, those those features may not work as expected unless the underlying configuration is performed properly.

First, some background on how these items work is necessary. The TNS listener (tnslsnr process on *nix) process listens on a specific network address for connection requests to one of the services from one of the database instances that it services. When requested, it either spawns a server process (dedicated server environment) and connects the user to that process or forwards the connection request to a dispatcher (shared server environment) for service to the database service requested. Alternatively, if the listener knows of more than one instance providing the requested service, it may direct the client to an alternate listener (usually on a different node) that will service the request. Continue reading “TNS Listener Configuration for Oracle RAC”

You can’t buy a SAN (I feel a rant coming on)

Warning, rant follows…

I have a problem with referring to a storage array as a SAN as seems commonplace these days. SAN is Storage Area Network. Storage array <> SAN <> RAID <> LUN, but all are related. For clarification, storage arrays, which live in a SAN, typically provide access to LUNs that are often created using RAID technologies to provide data protection.

Everyone has (or at least most of you have) been using SAN and storage array interchangably for years now and that’s not right. I think that the storage vendors are really to blame. When the concept of SANs were introduced, many viewed them as complex, difficult to design/create, and difficult to install. I believe that the storage vendors started selling storage arrays as “SANs” to make them easier to buy and install. I admit that the tools for managing SAN environments have improved to allow a single interface to handle switch zoning, LUN allocation, visualization of the storage configuration and performance monitoring. Technically, putting a storage switch inside a cabinet that includes a storage array does not a SAN make, though many vendors are offering products in that easy-to-buy format these days. Continue reading “You can’t buy a SAN (I feel a rant coming on)”

Configuring Multiple Weblogic IIS Plug-Ins On Same IIS Server

As some of you may know, I’ve been working on a deployment of BEA Weblogic these past couple of weeks. We were doing some testing today and found an interesting side effect that was positively unexpected. Let me first say that the issues we encountered were with IIS configuration, not specifically with Weblogic. However, the issue wouldn’t have come up if we weren’t working on configuring the BEA-provided iisproxy.dll IIS plug-in.

Here’s the issue: We want to configure our production server to run two sites. The primary site is the production site and the secondary site is a staging site which we’re going to try to configure to behave exactly like production and have a configuration that matches production as well. So, we want to have two separate Weblogic Domains (that listen on different ports) and two separate IIS servers (that listen on separate ports). The desired configuration looks something like this:

Continue reading “Configuring Multiple Weblogic IIS Plug-Ins On Same IIS Server”