Documentation 5.0

Release Information

Introduction

Getting Started

Delphix Engine System Administration

Virtual Database Management with the Delphix Engine

Data Backup and Recovery

Delphix Modernization Engine

Delphix Masking

Virtualizing Unstructured Files in the Delphix Engine

Virtualizing Oracle E-Business Suite in the Delphix Engine

JetStream

Mission Control

Delphix Express User Guide

Reference

Documentation for Previous Versions of the Delphix Engine

Delphix Server 3.0 Documentation
Delphix Server 3.1 Documentation
Delphix Engine 3.2 Documentation
Delphix Engine 4.0 Documentation
Delphix Engine 4.1 Documentation
Delphix Engine 4.2 Documentation
Delphix Engine 4.3 Documentation

Skip to end of metadata
Go to start of metadata

This topic describes the user privileges, and environment discovery requirements, that are required for Oracle and Oracle RAC target hosts and databases, collectively referred to a target environments.

Target Host Requirements

  1. Create an operating system user (delphix_os).  This user is easily created by the createDelphixOSUser.sh script.

    1. Profile and privileges should be the same as the Oracle user (oracle) on the host. 
      For example, delphix_os should have the same environment variable settings ($PATH$ORACLE_HOME, etc.) and ulimit settings, as oracle.

      Shortcut: Source the oracle login script from the delphix_os login script.

    2. Group memberships:

      1. The user's primary group must be the UNIX group that is mapped to OSDBA by the Oracle installation. This is typically the dba group on the host.

        Oracle 12c

        For Oracle 12c and later versions of Oracle databases, the delphix_os user can also use OSBACKUPDBA as its primary group. This is typically the backupdba group on the host.

      2. If the Oracle install group (typically oinstall), exists on the host, it should be set as a secondary group for the user.

      3. If the Oracle ASM groups (typically asmadmin and asmdba) exist on the host, they should be assigned to the user as secondary groups.

  2. There must be a directory on the target host where the Delphix Engine Toolkit can be installed, for example: /var/opt/delphix/Toolkit.
    1. The delphix_os user must own the directory.
    2. The directory must have permissions -rwxrwx--- (0770),  but you can also use more permissive settings.
    3. The directory should have 1.5GB of available storage: 400MB for the toolkit and 400MB for the set of logs generated by each client that runs out of the toolkit.

  3. There must be an empty directory (e.g. /delphix or /mnt/provision/ ) that will be used as a container for the mount points that are created when provisioning a VDB to the target host. The group associated with the directory must be the primary group of the delphix_os user (typically dba). Group permissions for the directory should allow read, write, and execute by members of the group.

  4. The following permissions are usually granted via sudo authorization of the commands. See Sudo Privilege Requirements for further explanation of the commands, and Sudo File Configurations for examples of the /etc/lsudoers file on different operating systems.
    1. Permission to run mount, umount, mkdir, rmdir, ps as super-user.
    2. Permission to run pargs on Solaris hosts and ps on AIX, HP-UX, Linux hosts, as super-user.
    3. If the target host is an AIX system, permission to run the nfso command as super-user.

  5. Write permission to the $ORACLE_HOME/dbs directory

  6. An Oracle listener process should be running on the target host. The listener's version should be equal to or greater than the highest Oracle version that will be used to provision a VDB.

  7. NFS client services must be running on the target host.
  8. The Delphix Engine must be able to make an SSH connection to the target host (typically port 22)

OS Specific Requirements

AIX, HP-UX

None

Linux

On 64-bit Linux environments, there must be a 32-bit version of glibc.

How to Check for 32-bit glibc on 64-bit Linux

rpm -qa|grep glibc
glibc-devel-2.12-1.107.el6_4.5.x86_64 <=== 64-bit
glibc-devel-2.12-1.107.el6_4.5.i686  <==== 32-bit
glibc-2.12-1.107.el6_4.5.x86_64
glibc-common-2.12-1.107.el6_4.5.x86_64
glibc-headers-2.12-1.107.el6_4.5.x86_64
glibc-2.12-1.107.el6_4.5.i686  <======== 32-bit

Solaris

On a Solaris host, gtar must be installed. Delphix uses gtar to handle long file names when extracting the toolkit files into the toolkit directory on a Solaris host. The gtar binary should be installed in one of the following directories:

Auto-Discovery Requirements (Highly Recommended)

Delphix can automatically discover your Oracle Homes and Databases by examining the oratab and/or inventory files, and by examining the listener setup to determine connection information.  Successful auto-discovery requires read access to these and related files.

In most environments, delphix_os group membership is sufficient to perform auto-discovery.

If you have overridden Oracle's group permission structure, you may need to modify privileges to allow auto-discovery.

Unless you have used a custom TNS_ADMIN setting, elevated access to ps (pargs on Solaris) is not required

You can skip autodiscovery and manually add Oracle Homes and Databases.

1.The ORATAB file must exist (typically in /etc/oratab or /var/opt/oracle/oratab) and be readable by delphix_os.

2. Read access to either /etc/orainst.loc or /var/opt/oracle/orainst.loc.

 3. Read access to the Oracle inventory file (inventory.xml) identified by the contents of orainst.loc (for example, $INVENTORY_HOME/ContentsXML/inventory.xml).

Oracle Target Container Databases Requirements

To provision an Oracle pluggable database, there must be a running Oracle multitenant container database in the target environment. In the multitenant container database, there must be a common database user (c##delphix_db) created by the createDelphixDBUser.sh script. This script is part of the HostChecker bundle, and grants SELECT privileges on specific system tables for the user. See the topics Using HostChecker to Validate Oracle Source and Target Environments for more about using the HostChecker bundle.

Additional requirements for RAC sources

If the source host is a node in a RAC cluster, Delphix will attempt to use all nodes and crsctl for it's operations.  

  1. delphix_os must exist on all nodes in the cluster.
  2. delphix_os must have the same configuration on all nodes in the cluster, including profile, ulimits, user id, group membership, etc.
  3. The Delphix Toolkit must be installed in the same directory on each of the nodes in the source cluster

  4. delphix_os must have execute permission on crsctl and srvctl on each node in the cluster.

    Example: This shows that the group dba has read/write/execute permission on the database resources

    Example: This shows that the group dba has read/write/execute permission on the database resources
    $ crsctl getperm resource ora.trois.db
Name: ora.trois.db
owner:ora112:rwx,pgrp:dba:rwx,other::r--
  5. All datafiles and archive logs must be located on storage shared by all of the cluster nodes. Each node in the cluster must be able to access archive logs from all other nodes.  This is an Oracle Best Practice, and a requirement for Delphix.

LDAP/NIS User

Troubleshooting Add Environment

LDAP/NIS User

If the delphix_os user is a LDAP/NIS user, it must be a member of the dba and oinstall groups in /etc/groups locally in order for Oracle commands to run properly.

  1. Read access to $ORACLE_HOME and all underlying files and directories.
  2. The delphix_os user must have read and execute permissions on each directory in the path leading to the toolkit directory. For example, when the toolkit is stored in /var/opt/delphix/Toolkit, the permissions on /var, /var/opt, and /var/opt/delphix should allow read and execute for ‘others’ (for example, -rwxr-xr-x).

Troubleshooting Provisioning

  1. The $ORACLE_HOME/bin/oracle executable must have the  SETUID and SETGID flags set. Permissions on the oracle binary must be -rwsr-s–x (06751) but more permissive settings can also be used.

2 Comments

  1. Stephanie Burks

    2. Read access to either /etc/orainst.loc or /var/opt/oracle/orainst.loc.

    3. Read access to the Oracle inventory file (inventory.xml) identified by the contents of orainst.loc (for example, $INVENTORY_HOME/ContentsXML/inventory.xml).

    Should read oraInst.loc (with a capital I)

  2. Anonymous

    Yes