ORACLE_HOME Permissions Required to discover our DB Listener in Enterprise Manager(EM)

Today We have given the database details to EM Team to discover our database & listener.They have discovered the database,but EM had shown DB Listener as down even-though it is up.So when we troubleshooting, we found em agent need  permission for few lib  & mesg files.


$ chmod 775 $ORACLE_HOME/network/mesg
$ cd $ORACLE_HOME/network/mesg
$ chmod 666 *
$ chmod 775 $ORACLE_HOME/network/lib
$ cd $ORACLE_HOME/network/lib
$ chmod 666 *
$ cd $ORACLE_HOME/lib
$  chmod  644 *


P.S:Please make sure we are using proper  umask (umask 022 )when we install oracle_home.so that we can avoid this issue.

Import Schema from one Tablespace to another Tablespace

We had a requirement to move schema from one tablespace to another.We can achieve this using expdp & impdp.

Current tablespace       New Tablespace

IAM_LOB                    JAY_LOB
IAM_TABLE               JAY_TABLE
IAM_INDEX               JAY_INDEX

EXPORT SCHEMA USING EXPDP:

Create a parameter file with below parameters
oracle:JAYDEV> more para.par
DIRECTORY=JAY_DIR
SCHEMAS=JAY
DUMPFILE=JAY_EXPORT_%U.dmp
FILESIZE=8G
LOGFILE=EXPORT_JAY.log
JOB_NAME=JAY_EXPORT


expdp "'/as sysdba'" parfile=para.par




SQL> select tablespace_name from dba_ts_quotas where username='JAY';

TABLESPACE_NAME
------------------------------
IAM_LOB
IAM_TABLE
IAM_INDEX

select count(*) from dba_objects where owner='JAY';

 COUNT(*)
----------
       846

Now drop the user jay & tablespaces.

drop user jay cascade;
drop the old tablespaces.


SQL> select count(*) from dba_tables where tablespace_name like 'IAM%';

  COUNT(*)
----------
         0

SQL> select count(*) from dba_segments where tablespace_name like 'IAM%';

  COUNT(*)
----------
         0

SQL>  select count(*) from dba_indexes  where tablespace_name like 'IAM%';

  COUNT(*)
----------

         0

SQL> DROP TABLESPACE IAM_INDEX INCLUDING CONTENTS AND DATAFILES;

Tablespace dropped.

SQL> DROP TABLESPACE IAM_LOB INCLUDING CONTENTS AND DATAFILES;

Tablespace dropped.

SQL> DROP TABLESPACE IAM_TABLE INCLUDING CONTENTS AND DATAFILES;


Tablespace dropped.


IMPORT SCHEMA USING IMPDP (remap_tablespace):

Create a parameter file with below parameters .


oracle:JAYDEV> more imp.par
DIRECTORY=JAY_DIR
DUMPFILE=JAY_EXPORT_%U.dmp
REMAP_TABLESPACE=IAM_TABLE:JAY_TABLE,IAM_INDEX:JAY_INDEX,IAM_LOB:JAY_LOB
LOGFILE=IMPORT_VEMTEST.log
JOB_NAME=JAY_IMPORT

impdp "'/as sysdba'" parfile=imp.par

verify the object_count 

Revoking RESOURCE/DBA role removes UNLIMITED TABLESPACE (Grant)

if you grant a user RESOURCE or DBA role, the user then also has the UNLIMITED TABLESPACE privilege.  OK, that's fine.  However, if you revoke either RESOURCE or DBA, the UNLIMITED TABLESPACE priv is also revoked, even if it was given indepently in a grant statement.

SQL> ALTER USER JAY QUOTA UNLIMITED ON JAY_INDEX;

User altered.

SQL> select tablespace_name from dba_ts_quotas where username='JAY';

TABLESPACE_NAME
------------------------------
JAY_INDEX

SQL> grant dba to JAY;  

Grant succeeded.

SQL> revoke dba from JAY;

Revoke succeeded.

SQL> select tablespace_name from dba_ts_quotas where username='JAY';

no rows selected

How to send email from APEX?

Command to Send EMail:

DECLARE
 l_id number;
BEGIN
    l_id := APEX_MAIL.SEND (p_to        => 'srm.jay@gmail.edu',  
                            p_from      => 'srm.jay@stanford.edu',  
                            p_subj      => 'APEX_MAIL from imguat',
                            p_body      => 'Please review the attachment.',
                            p_body_html => '<b>Please</b> review the attachment');    
COMMIT;
END;
/

To send a mail immediately from the apex mail queue:

Oracle Application Express logs successfully submitted message in the table APEX_MAIL_LOG with the timestamp reflecting your server's local time. 

begin
APEX_MAIL.PUSH_QUEUE('localhost','25');
end;
/

Please check the apex_mail_log table for any errors or warnings.

select mail_send_error from APEX_MAIL_LOG ; 

How to Export DB_LINKS

We used to refresh our DEV database from production.so we need to preserve the DEV dblinks before we start refresh . we need to restore after refresh.

We can export the all the dblinks by using expdp.

Please create a para.par file with below commands.

full=y
INCLUDE=DB_LINK:"IN(SELECT db_link FROM dba_db_links)"

Then execute below command to export

expdp "'/as sysdba'"  directory=DATA_PUMP_DIR dumpfile=dblink-restore_JAYDEV.dmp logfile=dblink-restore_JAYDEV.log parfile=para.par


After Refresh,Please execute below impdp command to recreate dblinks.

Note: DBLINK we are going to import should not exist in the target database(DEV).please drop dblinks if it already exists.

impdp "'/as sysdba'" directory=DATA_PUMP_DIR dumpfile=dblink-restore_JAYDEV.dmp logfile=dblink_restore_JAYDEV.log


ALTERNATE METHOD:

Before Refresh,We can take ddl of dblinks  by using below query and spool it. Then we can connect to each schema and recreate the dblinks after refresh.

set long 100000 head off
spool exp_dblinks.dat
SELECT DBMS_METADATA.GET_dDL('DB_LINK', DB_LINK,'PUBLIC') FROM DBA_DB_LINKS WHERE OWNER = 'PUBLIC';


SELECT DBMS_METADATA.GET_dDL('DB_LINK', DB_LINK,'XXRA') FROM DBA_DB_LINKS WHERE OWNER = 'JAY';

Steps to Create Incident Rule in Oracle EM For Linux Host Monitoring.

In our environment,Already we had a  default template which will be applied to all the unix hosts.so currently As a DBA,we have to know the server status (up or down),High cpu & memory alerts,disk space alerts.so for that,we need to create rule.

Note:I haven't provided steps on how  to create template and apply to the target.I have just given steps to apply a rule for the servers where metrics has been collected by a template.In future,I will provide the steps to create a template as well.


Setup -> Incidents -> Incident Rules
Create Rule Set
Name: JAY_DEV_HOST_MONITORING
Applies to: Targets
Targets tab:
Specific targets radio button selected
Add Groups Click on +Add icon
Target type: Group
Target Name: g_jay_dev_host_unix

under Rules Tab
click on Create
Select: Incoming events and updates to events
Checkbox: Type: Metric Alert
All events of type Metric Alert
Advanced Selection Options
checkbox: Severity In Critical;Warning;
Next
Create New Rule - Add Actions
Click Add
Leave everything to default
Under Advanced Notifications
Select checkbox for
provide email address
Continue
Click Next
Name:METRIC_RULE_ALERT
Click Next
Click Continue
Click OK
Click Save


under Rules Tab
click on Create
Select: Incoming events and updates to events
Checkbox: Type: Target Availablity
Specific events of type Target Availability
click on Add
select Target type as Host
choose Agent unreachable,Agent Back Up from Down,Down
click OK
Next
Create New Rule - Add Actions
Click Add
Leave everything to default
Under Advanced Notifications
Select checkbox for
provide email address
Under Repeat Notifications
Mark the checkbox for Send Repeat notifications
Continue
Click Next
Name:Target_Availablity_Status
Click Next
Click Continue
Click OK
Click Save

Exception in thread "main" java.lang.OutOfMemoryError while applying weblogic psu patch (bsu.sh)

When applying weblogic patch using smart update (bsu.sh),  through command line i received an error

Exception in thread "main" java.lang.OutOfMemoryError: GC overhead limit exceeded       
 at java.lang.reflect.Method.copy(Method.java:151)        
 at java.lang.reflect.ReflectAccess.copyMethod(ReflectAccess.java:136)        
 at sun.reflect.ReflectionFactory.copyMethod(ReflectionFactory.java:300)         
at java.lang.Class.searchMethods(Class.java:2799)         
at java.lang.Class.getMethod0(Class.java:2813)         
at java.lang.Class.getMethod(Class.java:1663)      



Now, open bsu.sh alter the values of Xms and Xmx (from default 256 to 1024) and rerun.

Failure When Trying to Patch weblogic Using bsu Command: Encountered unrecognized patch ID

I have downloaded and unzipped the weblogic psu patch in /shared/patches and tried to apply using below command  bsu.sh(smart update).

./bsu.sh -install -patch_download_dir=/shared/patches/ -patchlist=DEM4 -prod_dir=/as11g/jay_tch/product/middleware/11.1/wlserver_10.3

It throws Encountered unrecognized patch ID:XXXXX



Solution:

 To resolve this error, extract the patch files (one xml file and the jar file with Path ID name) in to {MW_Home}/utils/bsu/cache_dir directory.

If cache_dire directory is not available in {MW_Home}/utils/bsu directory, then create it and copy the files.

How to apply PSU Patch on Weblogic 10.3.6.0

1. Patches have been downloaded  to jayaptch2:/shared/APRIL_PSU_2016/11g_fusion
2. unzip  the patch to $MW_HOME/utils/bsu/cache_dir
3. cd $MW_HOME/utils/bsu
4. cp bsu.sh bsu.sh.may17
5. Modify xms and xmx from 256 to 1024.
MEM_ARGS="-Xms1024m -Xmx1024m"
6. ./bsu.sh -install -patch_download_dir=/as11g/jay_tch/product/middleware/11.1/utils/bsu/cache_dir/ -patchlist=DEM4 -prod_dir=/as11g/jay_tch/product/middleware/11.1/wlserver_10.3

output:
/as11g/jay_tch/product/middleware/11.1/utils/bsu
iweboas1@ofaptch2:as11g> e_dir/ -patchlist=DEM4 -prod_dir=/as11g/jay_tch/product/middleware/11.1/wlserver_10.3
Checking for conflicts.....
No conflict(s) detected

Installing Patch ID: DEM4..
Result: Success


7. To verify:

./bsu.sh -prod_dir=/as11g/jay_tch/product/middleware/11.1/wlserver_10.3 -status=applied -verbose -view


                         [OR]

. $MW_HOME/wlserver_10.3/server/bin/setWLSEnv.sh


/as11g/jay_tch/product/middleware/11.1/utils/bsu
iweboas1@ofaptch2:as11g> java weblogic.version

WebLogic Server 10.3.6.0.160419 PSU Patch for BUG22505423 TUE FEB 09 15:54:42 IST 2016
WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050

Use 'weblogic.version -verbose' to get subsystem information

Use 'weblogic.utils.Versions' to get version information for all modules

Steps to Create Physical Standby Database

Creating a Physical Standby Database:

On Primary Database:

a. Please make sure primary database is ARCHIVELOG enabled.

SQL> SELECT LOG_MODE FROM SYS.V$DATABASE;
LOG_MODE
------------
NOARCHIVELOG

SQL> select name from v$database;
NAME
---------
PROD

SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.

SQL> startup mount;
ORACLE instance started.
Total System Global Area  726540288 bytes
Fixed Size                  2230040 bytes
Variable Size             469764328 bytes
Database Buffers          251658240 bytes
Redo Buffers                2887680 bytes
Database mounted.

SQL> alter database archivelog;
Database altered.

SQL> alter database open;
Database altered.

SQL> select log_mode from v$database;
LOG_MODE
------------
ARCHIVELOG

b. Please make sure primary database is FORCE LOGGING is enabled

SQL> SELECT force_logging FROM v$database;
FOR
---
NO

SQL> ALTER DATABASE force logging;
Database altered.

SQL>  SELECT force_logging FROM v$database;
FOR
---
YES

c. Please Set the following Initialization Parameters on the Primary Database:

ALTER SYSTEM SET log_archive_dest_1='location=/archive/prod/' SCOPE=both;
ALTER SYSTEM SET LOG_ARCHIVE_DEST_2='service=stby_db async valid_for=(ONLINE_LOGFILES,PRIMARY_ROLE) db_unique_name=stby_db' SCOPE=both ;
ALTER SYSTEM SET  log_archive_dest_state_2 ='defer';
ALTER SYSTEM SET log_archive_config= 'dg_config=(prim_db,stby_db)';
ALTER SYSTEM SET log_archive_max_processes=8;
ALTER SYSTEM SET db_unique_name = prim_db scope=spfile;

Recycle the database.


Those Parameters prepare the Primary Database to support a Standby Database 'stby_db'. log_archive_dest_2is responsible for transferring Redo to the Standby Site later – currently it is deferred, we will enable later once theStandby Database exists. log_archive_config records all db_unique_name's participating in this Configuration.Log transport will not be allowed to any database not on the list

d.Create a PFILE from the Primary SPFILE in the Format 'init<Standby SID>.ora'
create pfile='/tmp/initstby_db.ora' from spfile;


e.Add the tns entry for both primary and standby databases in primary tnsnames.ora

f.Copy prepared 'initstby_db.ora' together with the Passwordfile of the Primary Database (orapwprim_db in$ORACLE_HOME/dbs) to the Standby Site and place both into '$ORACLE_HOME/dbs'-Folder. Then you have to rename the Passwordfile to match with the Standby SID:

mv orapwprim_db orapwstby_db

On Standby database:

a.Adjust the values in initstby_db.ora

*.log_archive_dest_1='location=/archive/standby/''
*.log_archive_config= 'dg_config=(prim_db,stby_db)'
*.log_archive_max_processes = 8
*.fal_server='prim_db'
*.log_file_name_convert = '/u01/app/oracle/oradata/PROD','/u01/app/oracle/oradata/STANDBY'
*.db_file_name_convert = '/u01/app/oracle/oradata/PROD','/u01/app/oracle/oradata/STANDBY'
*.db_unique_name='stby_db'


log_archive_dest_1 --> here defines the local Archive Destination where we will put ArchiveLogs arriving from the Primary Database later.
log_archive_config and db_unique_name are required for the Data Guard Configuration (like on the Primary)
fal_server is required for Gap Resolution to be able to automatically fetch Archive Logs from the Primary again in Case there is a Gap.
To automate the Substitution of Database File Locations we set db_file_name_convert and log_file_name_convert.
You may also adjust audit_file_dest and control_files to match with your Environment and Locations.

Create the Physical Standby Database

In the previous Section we prepared the Environments and the Primary Database to support a Standby Database.Now we can proceed and create the Physical Standby Database itself. There are 3 common Ways to perform thiswhich will be shown in the next Section. You can choose any Way most suitable for you:

1. Creating manually via User-Managed Backups
2. Using RMAN Backup-based Duplication
3. Creating a Standby Database from the active Primary Database without a Backup using RMAN Duplicate.

On Primary Database:

If you want to use a Hot Backup, we have to put the Primary Database into Backup Mode and copy the Datafiles:

SQL> alter database begin backup;
$ cp /oracle/oradata/prim_db/*.dbf /backup/
SQL> alter database end backup;
We can create the Standby Controlfile since the Backup is complete (either Hot or Cold Backup)
SQL> alter database create standby controlfile as '/tmp/control01.ctl';
Copy the data and control files to standby datafile location.

On Standby Database:

$ export ORACLE_SID = stby_db
SQL> connect / as sysdba
SQL> startup mount

Post steps:

we prepared and created the Physical Standby Database. Now we can start the Log Transport and Log Apply Services to have the Data Guard Environment completely operational.
First of all we should now add Standby RedoLogs to the new created Standby Database to collect the current Redo arriving from the Primary Database. We can add those using

On Standby:

SQL> alter database add standby logfile <group #> ('<Member>') size <size>;
To verify if Standby RedoLogs get allocated on the Standby Database
select * from v$standby_log;

On Primary:

Next we can enable Log Transport Services on the Primary Database which have been prepared initially – performing a Logfile Switch afterwards will finally enable it (all changes to log_archive_dest_n and log_archive_dest_state_n become active after the next Log Switch once set)


SQL> alter system set log_archive_dest_state_2 = 'enable' scope=both;
SQL> alter system switch logfile;

On Standby:

alter database recover managed standby database using current logfile disconnect;
Query v$managed_standby to monitor the Progress of the Managed Recovery:


SQL> select * from v$managed_standby where process = 'MRP0';




FAL_SERVER specifies the FAL (fetch archive log) server for a standby database. The value is an Oracle Net service name, which is assumed to be configured properly on the standby database system to point to the desired FAL server.
FAL_CLIENT specifies the FAL (fetch archive log) client name that is used by the FAL service, configured through theFAL_SERVERp arameter, to refer to the FAL client. The value is an Oracle Net service name, which is assumed to be configured properly on the FAL server system to point to the FAL client (standby database). Given the dependency of FAL_CLIENT on FAL_SERVER, the two parameters should be configured or changed at the same time.

At primary:
fal_server = ' '
fal_client = ' '
Primary will never will have gap, so no need for any fal* parameter here.

At remote standby database:
fal_server = 'prim_db'
fal_client = 'stby_db'
Remote standby when has gap, can get the archive logs from the primary database . Hence the fal_server parameter. It wants the primary to send the FAL request response to 'stby_db', hence fal_client setting.
In case if there is a gap in stby_db,it will request fal_server prim_db. Primary will send the fal_client stby_db.

Create CSR using Openssl

a) cd /app/jaydev/jay/apache/
b) mkdir SHA2_CERTS; cd /app/jaydev/jay/apache/SHA2_CERTS
c) openssl genrsa -des3 -out jaydba_blogspot_com.key 2048 -sha256
d) save the password in .passwd.key
e) mv jaydba_blogspot_com.key jaydba_blogspot_com.key.orig

f)openssl rsa -in jaydba_blogspot_com.key.orig -out jaydba_blogspot_com.key

g)openssl req -sha256 -out jaydba_blogspot_com.csr -key jaydba_blogspot_com.key -new

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:California
Locality Name (eg, city) [Newbury]:XXXXXXX
Organization Name (eg, company) [My Company Ltd]:XXXXXXXX
Organizational Unit Name (eg, section) []:XXXXXXXXXXXX
Common Name (eg, your name or your server's hostname) []:jaydba.blogspot.com
Email Address []:srm.jay@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

To verify Contents of CSR:

h)openssl req -in jaydba_blogspot_com.csr -noout -text

                                [OR]

f) go to https://www.trustico.com/ssltools/decode/csr-pem/decode-csr.php

Access Control List(ACL) in Oracle 11G

With ACL’s, Oracle offers more fine-grained access control for users to access external network resources.

The packages UTL_MAIL, UTL_SMTP, UTL_HTTP, UTL_TCP etc. allow communication beyond the database server to the outside world, but when granted access, all hosts can be accessed. This can be interpreted as a security flaw as no login is required when using UTL_TCP for example. DBA’s are advised to revoke the execute privileges from public on these kind of packages.

Since Oracle 11g, the Access Control List is introduced. You not only can control who has access to these packages by granting, but now you can also control which resources they can call.We can control accessibility based on host and port number.

Create ACL and assign host,port and privileges.

1.

BEGIN

DBMS_NETWORK_ACL_ADMIN.create_acl (

acl => 'jaydba.xml',

description => 'jaydba',

principal => 'APPS',

is_grant => TRUE,

privilege => 'connect',

start_date => SYSTIMESTAMP,

end_date => NULL);

COMMIT;

END;

/

2.

BEGIN

DBMS_NETWORK_ACL_ADMIN.assign_acl (

acl => 'jaydba.xml',

host => 'jaydba.blogspot.com',

lower_port => 443,

upper_port => 443);

END;

/

3.

BEGIN

DBMS_NETWORK_ACL_ADMIN.add_privilege (

acl => 'jaydba.xml',

principal => 'APPS',

is_grant => FALSE,

privilege => 'resolve',

position => NULL,

start_date => NULL,

end_date => NULL);

COMMIT;

END;

/

4.Drop ACL.

begin

DBMS_NETWORK_ACL_ADMIN.drop_acl (acl => 'jaydba.xml');

COMMIT;

END;

/

5.Unassign ACL:

begin

dbms_network_acl_admin.unassign_acl(

acl        => 'jaydba.xml',

host       => 'jaydba.blogspot.com',

lower_port => 443,

upper_port => 443

  );

end;

/

6.Delete Privilege:

begin

dbms_network_acl_admin.delete_privilege('jaydba.xml', 'APPS', NULL, 'connect');

end;

/

In Case ,if we would like to change host name or port ,we just have to unassign and assign(5 & 2),No need to drop acl and recreate.

Accessing https sites:

IF the externeal network we try access is ssl protected,then we need to create the wallet and import the certificate,pls make sure to import the certificate chains properly(main,root,intermediate certs)

orapki wallet create -wallet /home/oracle/wallet -pwd password123 -auto_login

orapki wallet add -wallet /home/oracle/wallet -trusted_cert -cert verisignclass3.cer -pwd password123

orapki wallet add -wallet /home/oracle/wallet -trusted_cert -cert www.verisign.com.cer -pwd password123

orapki wallet add -wallet /home/oracle/wallet -trusted_cert -cert jaydba.cer -pwd password123

orapki wallet display -wallet /home/oracle

To verify:

select   UTL_HTTP.request('url',proxy,'wallet',wallet password) from dual;

proxy            -- (Optional) Specifies a proxy server to use when making the HTTP request

wallet_password  -- (Optional) Specifies the password required to open the wallet. 

ex:

select   UTL_HTTP.request('https://jaydba.blogspot.com',null,'file:/home/oracle/wallet ',null) from dual;