Search

OakieTags

Who's online

There are currently 0 users and 30 guests online.

Recent comments

Affiliations

Oakies Blog Aggregator

To PDB or not to PDB

I’m about to start a Proof of Concept (POC) for a 12c upgrade of one of our databases. The production database in question is running on Oracle Linux inside a VMware virtual machine, so the starting point I’ve been given for the POC is a clone of the whole VM…

Probably the biggest decision I’ve got to make is “to PDB or not to PDB” *. I mentioned it on Twitter earlier and got some conflicting opinions. I guess the pros and cons of the PDB approach go something like this in my head.

Pros:

  • The multitenant architecture is the future of Oracle. Depending on which rumours you believe, it’s possible that 12.2 will no longer allow the pre-12c style instances. Putting it off is delaying the inevitable.
  • As long as you only use a single PDB, there is no extra cost.
  • The multitenant architecture has some neat features related to cloning, especially remote clones. That potentially makes provisioning new environments pretty quick.
  • Even with a single PDB per CDB, there are potential advantages regarding patching and upgrades. Caveats apply as always.
  • I’m going to upgrade to a pre-12c style instance first anyway, so I will have a natural fallback position ready to go if I need it.
  • It would be good to invest the time up front to convert stuff now, rather than wait a few years to clean up the mess of CRON jobs and connections using SIDs, rather than services. This choice would force our hand.
  • If some of the technologies we are using are not going to “play well” with the multitenant architecture, I would rather know now than later.

Cons:

  • Using a PDB is definitely going to break a number of things for us, especially CRON jobs that run scripts using OS authentication. See here.
  • Once the decision has been made to “switch the multitenant architecture on”, it would be really easy for someone to create an extra PDB and incur additional licensing costs. As far as I’m aware, there is nothing to restrict the number of PDBs to 1, to prevent an uninitiated DBA from copying a script from the net and creating more. If someone knows an undocumented parameter for this I would be interested in knowing it. Note, “_max_pdbs” isn’t the answer here! :)
  • I’m going to upgrade to a pre-12c style instance first, so why add on the extra effort of cloning that to a PDB?
  • Why make life hard for yourself? You can use 12.1 as a half-way house and make the final step later.

I don’t think there is really a right or wrong answer in this debate. I could probably put forward a convincing argument in favour of either option. I’m leaning on the side of the “to PDB” choice. If this proves to be a no-go, then I’ll start a POC of a pre-12c style instance… :)

Despite my leaning for the PDB choice, I am interested to know what others think, especially those that have done something a bit more extensive than running this stuff on their laptop. :)

Cheers

Tim…

* I forgot to mention previously, we will almost definitely be going with a single PDB per CDB (the free option) initially. So this is not a “consolidate using multitenant” issue from the outset.


To PDB or not to PDB was first posted on August 11, 2014 at 9:47 pm.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

MobaXterm 7.2 Released

While I was away on that F5 Load Balancer I noticed MobaXterm 7.2 is now available.

I made use of that and PortableApps.com to get a familiar environment set up… :)

Cheers

Tim…


MobaXterm 7.2 Released was first posted on August 11, 2014 at 3:44 pm.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

F5 Load Balancer Training Course : Day 3

After the previous day’s “networky” stuff, day 3 was back to some stuff that was more relevant to me. Amongst other things, I got a quick primer on IPv6, which was pretty useful and we looks at iApps and iRules. It looks like I will be writing lots of iRules using TCL to replace the functionality of our Apache reverse proxies. Fun, fun, fun… :)

We finished at about 15:00, so I hit the road and managed to do the M25 and M40 in a reasonable time. It wasn’t good, but it could have been a lot worse.

The challenge now is to get to work on Monday and try to start putting some of this stuff into practice before I forget everything. :)

Thanks to all the folks at F5 for a good course. Thanks also to the other folks on the course for putting up with my noob questions. :)

Cheers

Tim…


F5 Load Balancer Training Course : Day 3 was first posted on August 9, 2014 at 10:35 am.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

Website change

Just a quick note to let you know I’m changing the website over the next couple of days so if it disappears off the radar for a while that will be why. There’ll be some minor tweaking that I need to do after the change but all the pages, posts, comments and so on will […]

12c – Nested tables vs Associative arrays

This was going to the be the immediate follow up to my previous post, but 12.1.0.2 came out and I got all excited about that and forgot to post this one :-)

Anyway, the previous post showed how easy it is to convert between nested tables and associative arrays.  The nice thing in 12c is that this is no longer needed – you can query the associative arrays directly

SQL> create or replace package PKG as
  2
  3    type num_list is table of number index by pls_integer;
  4
  5  end;
  6  /

Package created.

SQL>
SQL> declare
  2    v pkg.num_list;
  3  begin
  4    v(1) := 10;
  5    v(2) := 20;
  6
  7    for i in ( select * from table(v) ) loop
  8      dbms_output.put_line(i.column_value);
  9    end loop;
 10  end;
 11  /
10
20

PL/SQL procedure successfully completed.

12.1.0.2 security grrr…

One of my favourite security "tricks" used to be the following:

SQL> [create|alter] user MY_USER identified by values 'impossible';

Looks odd, but by setting the encrypted value of someone’s password to something that it is impossible to encrypt to, means you’ll never be able to connect as that account.  (Think schema’s owning objects etc).

I hear you ask: "Why not just lock the account?"

Well…in my opinion, that’s a security hole.  Let’s say Oracle publishes a security bug concerning (say) the MDSYS schema.  As a hacker, I’d like to know if a database has the MDSYS schema.  All I need do is:

SQL> connect MDSYS/nonsense

Why is that a security hole ?  Because I wont get "Invalid username or password".  I’ll get "ORA-28000: the account is locked" and voila…Now I know that the MDSYS user is present in that database.

Setting a user password to a impossible encrypted value, means a hacker will never know if the user account exists at all, because the error returned is the familiar "ORA-01017: invalid username/password; logon denied"

But looked what’s happened in 12.1.0.2 :-(

SQL> create user MY_USER identified by values 'impossible';
create user MY_USER identified by values 'impossible'
*
ERROR at line 1:
ORA-02153: invalid VALUES password string
 

A backward step in my opinion…

Grid/CRS AddNode or runInstaller fails with NullPointerException

Posting this here mostly to archive it, so I can find it later if I ever see this problem again.

Today I was repeatedly getting this error while trying to add a node to a cluster:

(grid)$ $ORACLE_HOME/oui/bin/addNode.sh -silent -noCopy CRS_ADDNODE=true CRS_DHCP_ENABLED=false INVENTORY_LOCATION=/u01/oraInventory ORACLE_HOME=$ORACLE_HOME "CLUSTER_NEW_NODES={new-node}" "CLUSTER_NEW_VIRTUAL_HOSTNAMES={new-node-vip}"
Starting Oracle Universal Installer...

Checking swap space: must be greater than 500 MB.   Actual 24575 MB    Passed
Oracle Universal Installer, Version 11.2.0.3.0 Production
Copyright (C) 1999, 2011, Oracle. All rights reserved.

Exception java.lang.NullPointerException occurred..
java.lang.NullPointerException
        at oracle.sysman.oii.oiic.OiicAddNodeSession.initialize(OiicAddNodeSession.java:524)
        at oracle.sysman.oii.oiic.OiicAddNodeSession.(OiicAddNodeSession.java:133)
        at oracle.sysman.oii.oiic.OiicSessionWrapper.createNewSession(OiicSessionWrapper.java:884)
        at oracle.sysman.oii.oiic.OiicSessionWrapper.(OiicSessionWrapper.java:191)
        at oracle.sysman.oii.oiic.OiicInstaller.init(OiicInstaller.java:512)
        at oracle.sysman.oii.oiic.OiicInstaller.runInstaller(OiicInstaller.java:968)
        at oracle.sysman.oii.oiic.OiicInstaller.main(OiicInstaller.java:906)
SEVERE:Abnormal program termination. An internal error has occured. Please provide the following files to Oracle Support :

"Unknown"
"Unknown"
"Unknown"

There were two notes on MOS related to NullPointerExceptions from runInstaller (which is used behind the scenes for addNode in 11.2.0.3 on which I had this problem). Note 1073878.1 describes addNode failing in 10gR2, and the root cause was that the home containing CRS binaries was not registered in the central inventory. Note 1511859.1 describes attachHome failing, presumably on 11.2.0.1 – and the root cause was file permissions that blocked reading of oraInst.loc.

Based on these two notes, I had a suspicion that my problem had something to do with the inventory. Note that you can get runInstaller options by running “runInstaller -help” and on 11.2.0.3 you can debug with “-debug -logLevel finest” at the end of your addNode command line. The log file is produced in a logs directory under your inventory. However in this case, it produces absolutely nothing helpful at all…

After quite a bit of work (even running strace and ltrace on the runInstaller, which didn’t help one bit)… I finally figured it out:

(grid)$ grep oraInst $ORACLE_HOME/oui/bin/addNode.sh
INVPTRLOC=$OHOME/oraInst.loc

The addNode script was hardcoded to look only in the ORACLE_HOME for the oraInst.loc file. It would not read the file from /etc or /var/opt/oracle because of this parameter.

On this particular server, there was not an oraInst.loc file in the grid ORACLE_HOME. Usually the file is there when you do a normal cluster installation. In our case, it’s absence was an artifact of the specific cloning process we use to rapidly provision clusters. As soon as I copied the file from /etc into the grid ORACLE_HOME, the addNode process continued as normal.

Sometimes it would be nice if runInstaller could give more informative error messages or tracing info!

Grid/CRS AddNode or runInstaller fails with NullPointerException

Posting this here mostly to archive it, so I can find it later if I ever see this problem again.

Today I was repeatedly getting this error while trying to add a node to a cluster:

(grid)$ $ORACLE_HOME/oui/bin/addNode.sh -silent -noCopy CRS_ADDNODE=true CRS_DHCP_ENABLED=false INVENTORY_LOCATION=/u01/oraInventory ORACLE_HOME=$ORACLE_HOME "CLUSTER_NEW_NODES={new-node}" "CLUSTER_NEW_VIRTUAL_HOSTNAMES={new-node-vip}"
Starting Oracle Universal Installer...

Checking swap space: must be greater than 500 MB.   Actual 24575 MB    Passed
Oracle Universal Installer, Version 11.2.0.3.0 Production
Copyright (C) 1999, 2011, Oracle. All rights reserved.

Exception java.lang.NullPointerException occurred..
java.lang.NullPointerException
        at oracle.sysman.oii.oiic.OiicAddNodeSession.initialize(OiicAddNodeSession.java:524)
        at oracle.sysman.oii.oiic.OiicAddNodeSession.(OiicAddNodeSession.java:133)
        at oracle.sysman.oii.oiic.OiicSessionWrapper.createNewSession(OiicSessionWrapper.java:884)
        at oracle.sysman.oii.oiic.OiicSessionWrapper.(OiicSessionWrapper.java:191)
        at oracle.sysman.oii.oiic.OiicInstaller.init(OiicInstaller.java:512)
        at oracle.sysman.oii.oiic.OiicInstaller.runInstaller(OiicInstaller.java:968)
        at oracle.sysman.oii.oiic.OiicInstaller.main(OiicInstaller.java:906)
SEVERE:Abnormal program termination. An internal error has occured. Please provide the following files to Oracle Support :

"Unknown"
"Unknown"
"Unknown"

There were two notes on MOS related to NullPointerExceptions from runInstaller (which is used behind the scenes for addNode in 11.2.0.3 on which I had this problem). Note 1073878.1 describes addNode failing in 10gR2, and the root cause was that the home containing CRS binaries was not registered in the central inventory. Note 1511859.1 describes attachHome failing, presumably on 11.2.0.1 – and the root cause was file permissions that blocked reading of oraInst.loc.

Based on these two notes, I had a suspicion that my problem had something to do with the inventory. Note that you can get runInstaller options by running “runInstaller -help” and on 11.2.0.3 you can debug with “-debug -logLevel finest” at the end of your addNode command line. The log file is produced in a logs directory under your inventory. However in this case, it produces absolutely nothing helpful at all…

After quite a bit of work (even running strace and ltrace on the runInstaller, which didn’t help one bit)… I finally figured it out:

(grid)$ grep oraInst $ORACLE_HOME/oui/bin/addNode.sh
INVPTRLOC=$OHOME/oraInst.loc

The addNode script was hardcoded to look only in the ORACLE_HOME for the oraInst.loc file. It would not read the file from /etc or /var/opt/oracle because of this parameter.

On this particular server, there was not an oraInst.loc file in the grid ORACLE_HOME. Usually the file is there when you do a normal cluster installation. In our case, it’s absence was an artifact of the specific cloning process we use to rapidly provision clusters. As soon as I copied the file from /etc into the grid ORACLE_HOME, the addNode process continued as normal.

Sometimes it would be nice if runInstaller could give more informative error messages or tracing info!

F5 Load Balancer Training Course : Day 2

Day 2 was a lot more “networky”, so it was pretty tough. I got through all the labs and stuff worked, but if I’m honest I didn’t really have a clue what I was doing. :) Added to that, I won’t have privilege to do most of the stuff we covered when I’m on the real kit, so I’m pretty much going to forget it all in a few days. :(

Once again, it’s testament to the course that a complete networking gumby like me was able to survive the day.

Day 3 has got some sections that are more relevant to me. I’ve been swimming, so now it’s Monster, Diet Coke and Coffee for breakfast, check out of the hotel, then head off to start day 3.

Cheers

Tim…

PS. I went to see Dawn of the Planet of the Apes last night.

Today I will mostly be saying, “DBA not kill DBA!”, and, “DBA not trust human!”


F5 Load Balancer Training Course : Day 2 was first posted on August 8, 2014 at 8:27 am.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

Dawn of the Planet of the Apes

Today’s film was Dawn of the Planet of the Apes.

I really enjoyed the first film and this is a continuation of that story, set 10 years later.

The pacing on this film was pretty similar to the last one. If you are one of the people that found that too slow, you will have a similar experience this time. If, like me, you would prefer to watch the apes doing ape-stuff, rather than than seeing them going ape-shit, then this will work for you. There are action scenes, but a lot of it is movie time is them just ionteracting with each other and humans. It feels very “real” to me…

Cheers

Tim…

PS. My mom recently saw the previous film on TV and asked how many chimps they used for the main character when they were filming… She figured it was like Lassie, where they used about 12 dogs, each trained for different scenes in the film… I had to explain it was CGI, which goes to show the quality of this stuff…

 


Dawn of the Planet of the Apes was first posted on August 7, 2014 at 11:32 pm.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.