Requirements for Oracle Target Hosts and Databases
Delphix Administration / Oracle Environments and Data Sources / Oracle Support and Requirements / Requirements for Oracle Target Hosts and Databases

This topic describes the user privileges, and environment discovery requirements, that are required for Oracle and Oracle RAC target hosts and databases, collectively referred to a target environments.

Target Host Requirements

  1. Create an operating system user (delphix_os). This user is easily created by the createDelphixOSUser.sh script.

    1. Profile and privileges should be the same as the Oracle user (i.e. oracle) on the host. 
      For example, delphix_os should have the same environment variable settings ($PATH, $ORACLE_HOME, etc.), umask, and ulimit settings, as oracle.

      Shortcut: Source the oracle login script from the delphix_os login script.

    2. Group memberships:

      1. The primary OS group of the Delphix platform software owner's account (i.e. delphix_os) should be the same as the Oracle software owner's account (i.e. oracle).  In most cases, this is an OS group named oinstall.  There are lots of cases where the OS group named dba fills this role, so be sure to check the group membership of the Oracle software owner account.

        Oracle Inventory OS group

        The explanation of which OS group is primary on all Oracle software owner accounts is documented in the "Oracle12c Database Installation Guide" in the chapter on "Configuring Users, Groups, and Environments for Oracle Database", which states explicitly that the OS group for the Oracle Inventory oinstall should be primary.  However, please be aware that not all Oracle installations necessarily follow these guidelines.

        The reason Delphix platform software owner account (i.e. delphix_os) must have membership in the same OS groups as the Oracle software owner (i.e. oracle), specifically in the OSDBA group, is so that Delphix can execute the Oracle RMAN executable, which to do so requires connection to the database instance as SYSDBA.

        OS accounts belonging to the OSDBA group can employ "OS authentication" when connecting to an Oracle database instance by specifying either username nor password (i.e. rman target /), thus eliminating the need to store or retrieve a SYSDBA password.

        Oracle 12c

        For Oracle 12c and later versions of Oracle databases which provide better role separation, the delphix_os user can also use OSBACKUPDBA as its primary group. This is typically the backupdba group on the host.  For more information, please refer to the "Oracle12c Database Installation Guide" in the chapter sub-section on "Extended Oracle Database Groups for Job Role Separation".

      2. If the Oracle OSDBA group (typically dba) is not already the primary OS group of the Delphix software owner account (i.e. delphix_os), then it must be set as a secondary group.

      3. If the Oracle ASM ownership groups (typically asmadmin and asmdba) exist on the host, they should be assigned to the Delphix platform software owner account (i.e. delphix_os) as secondary groups.

        Summary

        An excellent "rule of thumb" to follow is that the setup of OS groups for the Delphix platform software owner account (i.e. delphix_os) should be the same as for the Oracle software owner account (i.e. oracle).

  2. There must be a directory on the target host where the Delphix platform Toolkit can be installed, for example: /var/opt/delphix/Toolkit.
    1. The delphix_os user and primary OS group (i.e. oinstall or dba) must own the directory.
    2. The directory must have permissions -rwxrwx--- (0770),  but you can also use more permissive settings.
    3. The directory should have 1.5GB of available storage: 400MB for the toolkit and 400MB for the set of logs generated by each client that runs out of the toolkit.

  3. There must be a directory (e.g. "/delphix" or "/mnt/provision/") that will be used as a container for the NFS mount points that are created when provisioning a VDB to the target host.

    1. The delphix_os user and primary OS group (i.e. oinstall or dba) must own the directory.

    2. The directory must have permissions -rwxrwx--- (0770),  but you can also use more permissive settings.

    3. There is no requirement for space in this directory, because NFS mount points take up no space
    4. There must be no symbolic links in the path of this directory, because NFS can mount into a directory with symlinks in it's path, but cannot unmount.
    5. It is permissible to use the Delphix platform Toolkit directory (see above) for this purpose, as that mandatory directory already has the proper permissions and ownership.
  4. The following permissions are usually granted via sudo authorization of the commands. See Sudo Privilege Requirements for Oracle Environments for further explanation of the commands, and Sudo File Configuration Examples for Oracle Environments for examples of the /etc/sudoers file on different operating systems.
    1. Permission to run mount, umount, mkdir, rmdir  as super-user.
    2. Permission to run pargs on Solaris hosts and ps on AIX, HP-UX, Linux hosts, as super-user.
    3. If the target host is an AIX system, permission to run the nfso command as super-user.

  5. Write permission to the $ORACLE_HOME/dbs directory (i.e. chmod g+w $ORACLE_HOME/dbs)

  6. An Oracle listener process should be running on the target host. The listener's version should be equal to or greater than the highest Oracle version that will be used to provision a VDB.

  7. As the Delphix platform uses NFSv3 for mounting target host filesystems, the prerequisite packages to support NFSv3 client communication are required for normal operation, and the required services to support NFS client communications (including file locking) must be running.  This includes

      1. portmapper / rpcbind
      2. status daemon (rpc.statd)
      3. NFS lock manager (rpc.lockd/lockmgr)
  8. The Delphix platform must be able to make an SSH connection to the target host (typically port 22).

OS Specific Requirements

AIX, HP-UX

None

NFS (v3)

The following are required for Delphix operations:

  • NFS (v3) client packages 
  • Supporting NFS services must be running:
    • portmapper / rpcbind
    • status daemon (rpc.statd)
    • lock manager (rpc.lockd/lockmgr)

Linux

On 64-bit Linux environments, there must be a 32-bit version of glibc.

How to Check for 32-bit glibc on 64-bit Linux

rpm -qa|grep glibc
glibc-devel-2.12-1.107.el6_4.5.x86_64 <=== 64-bit
glibc-devel-2.12-1.107.el6_4.5.i686  <==== 32-bit
glibc-2.12-1.107.el6_4.5.x86_64
glibc-common-2.12-1.107.el6_4.5.x86_64
glibc-headers-2.12-1.107.el6_4.5.x86_64
glibc-2.12-1.107.el6_4.5.i686  <======== 32-bit

Solaris

On a Solaris host, gtar must be installed. Delphix uses gtar to handle long file names when extracting the toolkit files into the toolkit directory on a Solaris host. The gtar binary should be installed in one of the following directories:

  • /bin
  • /usr/bin
  • /sbin
  • /usr/sbin
  • /usr/contrib/bin
  • /usr/sfw/bin
  • /opt/sfw/bin
  • /opt/csw/bin

Auto-Discovery Requirements (Highly Recommended)

Delphix can automatically discover your Oracle Homes and Databases by examining the oratab and/or inventory files, and by examining the listener setup to determine connection information.  Successful auto-discovery requires read access to these and related files.

In most environments, delphix_os group membership is sufficient to perform auto-discovery.

If you have overridden Oracle's group permission structure, you may need to modify privileges to allow auto-discovery.

Unless you have used a custom TNS_ADMIN setting, elevated access to ps (pargs on Solaris) is not required.

You can skip autodiscovery and manually add Oracle Homes and Databases.

  • The ORATAB file must exist (typically in /etc/oratab or /var/opt/oracle/oratab) and be readable by delphix_os
  • Read access to either /etc/orainst.loc or /var/opt/oracle/orainst.loc 
  • Read access to the Oracle inventory file (inventory.xml) identified by the contents of orainst.loc (for example, $INVENTORY_HOME/ContentsXML/inventory.xml)

Oracle Target Container Databases Requirements

To provision an Oracle pluggable database, there must be a running Oracle multitenant container database in the target environment. In the multitenant container database, there must be a common database user (c##delphix_db) created by the createDelphixDBUser.sh script. This script is part of the HostChecker bundle, and grants SELECT privileges on specific system tables for the user. See the topics Using HostChecker to Validate Oracle Source and Target Environments for more about using the HostChecker bundle

Additional requirements for RAC target environments

If the source host is a node in a RAC cluster, Delphix will attempt to use all nodes and crsctl for it's operations.  
  1. delphix_os must exist on all nodes in the cluster.
  2. delphix_os must have the same configuration on all nodes in the cluster, including profile, ulimits, user id, group membership, etc.
  3. The Delphix Toolkit must be installed in the same directory on each of the nodes in the source cluster

  4. delphix_os must have execute permission on crsctl and srvctl on each node in the cluster.

    Example: This shows that the group dba has read/write/execute permission on the database resources

    Example: This shows that the group dba has read/write/execute permission on the database resources

    $ crsctl getperm resource ora.trois.db
Name: ora.trois.db
owner:ora112:rwx,pgrp:dba:rwx,other::r--
  5. All datafiles and archive logs must be located on storage shared by all of the cluster nodes. Each node in the cluster must be able to access archive logs from all other nodes.  This is an Oracle Best Practice, and a requirement for Delphix.

LDAP/NIS User

Troubleshooting Add Environment

LDAP/NIS User

If the delphix_os user is a LDAP/NIS user, it must be a member of the dba and oinstall groups in /etc/groups locally in order for Oracle commands to run properly.

  1. Read access to $ORACLE_HOME and all underlying files and directories.
  2. The delphix_os user must have read and execute permissions on each directory in the path leading to the toolkit directory. For example, when the toolkit is stored in /var/opt/delphix/Toolkit, the permissions on /var, /var/opt, and /var/opt/delphix should allow read and execute for ‘others’ (for example, -rwxr-xr-x).

Troubleshooting Provisioning

  1. The $ORACLE_HOME/bin/oracle executable must have the  SETUID and SETGID flags set. Permissions on the oracle binary must be -rwsr-s–x (06751) but more permissive settings can also be used.

  2. When provisioning VDBs from an Oracle12c 12.1.x dSource, Oracle Support note 2040126.1 explains that bug #20406840 might require that the directory "$ADR_BASE/diag/plsql" on the target database server might need to be provided group-write permissions, in order to prevent an ORA-48141 error being thrown by Oracle RMAN during the provision operation.  Workaround is to execute "chmod 777 ${ADR_BASE}/diag/plsql" to open permissions on the specified directory.  Oracle Support states that the bug will be fixed in Oracle12c 12.2.