Release 1 (9.0.1) for UNIX Systems: AIX-Based Systems, Compaq Tru64 UNIX, HP 9000 Series HP-UX, Linux Intel and Sun SPARC Solaris
Part Number A90346-03
 Contents |
 Index |
| Oracle9i Installation Guide Release 1 (9.0.1) for UNIX Systems: AIX-Based Systems, Compaq Tru64 UNIX, HP 9000 Series HP-UX, Linux Intel and Sun SPARC Solaris Part Number A90346-03 |
|
This chapter describes pre-installation steps required for an Oracle9i software installation.
Use the release notes for your platform provided with the CD-ROM to verify that your system meets hardware, disk space, operating system, kernel parameter settings, and other requirements for Oracle9i.
In order to provide you with the latest information on products, new patches, and software, Oracle Corporation now provides ongoing updates of the release notes for your platform. These updated release notes are posted on the Oracle Documentation Center. Access them at the following site:
http://docs.oracle.com
This section provides product-specific system configuration requirements. Make these additional system configuration changes to use the optional Oracle products.
Table 2-1 lists additional restrictions and requirements for installing Oracle9i Options on a UNIX system.
Table 2-2 lists the restrictions and requirements for precompilers and tools.
All network products require the underlying software and operating system libraries for the supported network. The network software must be installed and running prior to installing the Oracle Net products.
Table 2-3 lists the restrictions and requirements for networking and system management products.
| Product Name | Restrictions and Requirements |
|---|---|
|
Legato Storage Manager |
For information on Legato requirements, see Appendix B, "Legato Storage Manager". |
|
Oracle Advanced Security: Export Edition, 9.0.1 |
For information about Oracle Advanced Security authentication support requirements, see Table 2-4, "Supported Authentication Methods and Requirements". |
|
Oracle Enterprise Manager, 9.0.1 |
No additional system configuration is necessary for Oracle Enterprise Manager and its components. |
|
Oracle TCP/IP with SSL Protocol Support, 9.0.1 |
SSL 3.0 or later. |
|
LU6.2 protocol |
LU6.2 protocol support is obsolete in this release. Install and configure support for one of the following protocols: |
|
See Also:
For more information on network and system management products, refer to your operating system and third-party vendor networking product documentation. For more information on installing Oracle networking and system management products separately after the installation of Oracle9i, see Chapter 4, "Post-Installation". |
Oracle Advanced Security is an add-on product to the standard Oracle Net Server or Oracle Net Client that is available for purchase. It must be installed on both the server and the client systems. Oracle Advanced Security release 9.0.1 requires Oracle Net release 9.0.1 and supports Oracle9i Database.
Table 2-4 describes requirements for authentication protocols supported by Oracle Advanced Security. No additional authentication protocol software is required to relink Oracle products.
Oracle Corporation recommends the following installation configuration step.
Oracle Corporation recommends that the Optimal Flexible Architecture (OFA) standard be implemented when installing and configuring Oracle9i databases. The OFA standard is a set of configuration guidelines for creating fast, highly available, reliable Oracle databases that require little maintenance. Following are some of the characteristics of an OFA-compliant database:
The following pre-installation setup tasks configure your system and set up accounts, groups, variables and permissions needed to run the Oracle9i database. If you choose not to perform these tasks prior to installation, then you will be given the option during the installation process to log in as root user and run the orainstRoot.sh script. The orainstRoot.sh script performs many of these setup tasks for you but might not provide a satisfactory environment for your system. Oracle Corporation recommends that you perform these steps manually.
Log in as the root user and perform the following tasks for your platform to set up your environment for Oracle9i:
Review your kernel parameter settings to ensure that they meet Oracle9i requirements. If you do not do this, you might experience errors during installation, or operational errors after installation.
Review the Oracle9i release notes for your platform for information on how to check your existing parameter settings, and how to change them to the settings required for Oracle9i.
The Oracle9i installation requires at least two mount points:
An Optimal Flexible Architecture (OFA)-compliant installation requires at least four mount points:
All software and database mount point names use the syntax /pm, where p is a string constant and m is a unique fixed-length key (typically a two-digit number) used to distinguish each mount point. For example: /u01 and /u02, or /disk01 and /disk02.
Oracle requires database administration groups to complete installation and to control database operations that are executed when a database is not mounted. Database administration groups enable operating system user authentication for Oracle administrative privileges, both for internal database accounts and for users to whom you may choose to grant privileges. These privileges are similar to those granted to INTERNAL in previous Oracle versions. Granting these privileges through operating system authentication allows convenience while providing greater security.
Oracle documentation refers to these administrative UNIX groups as OSDBA, typically named dba, and OSOPER, typically named oper.
dba. If you choose to assign the OSDBA group privilege to a group with a name other than dba, you are prompted for the group name during installation.
Users that belong to the OSDBA group are granted SYSDBA privileges which comprise all database system privileges. These privileges include the right to grant or revoke system privileges, as well as all other administrative privileges. Grant OSDBA group membership only to database administrators.
For HP users, the OSDBA group must be granted RTSCHED, RTPRIO and MLOCK privileges. Refer to the Oracle9i Release Notes for HP for further information.
Users that belong to the OSOPER group are granted SYSOPER privileges which comprise privileges required for basic system maintenance. SYSOPER privileges are a subset of those granted to SYSDBA. These include database startup and shutdown, and other privileges required for database operation. Users granted access to OSOPER group privileges may include application developers, application administrators, database users, and network administrators.
Table 2-5 lists utilities with which you can create the OSDBA group, and other database administration groups. Use the utility that corresponds to your platform to create the OSDBA group.
| Platform | Utility |
|---|---|
|
AIX |
|
|
HP |
System Administrator's Menu (SAM) |
|
Linux |
|
|
Solaris |
|
|
Tru64 |
|
If you perform a Custom installation of Oracle9i, or if the oracle account is not a member of a group called dba, then the Oracle Universal Installer prompts you to enter the group(s) you have created for these system privileges.
The ORAINVENTORY group is the group that will own the Oracle Universal Installer's oraInventory directory. The oraInventory is a repository of all installed Oracle products. The oraInventory is usually located in a directory named oraInventory, and its contents may only be modified by the Oracle Universal Installer. Any user who will be installing, removing, or patching Oracle products must be a member of the ORAINVENTORY group.
If you plan to have only one OSDBA group on a single system, then you can set the ORAINVENTORY group to the same name as the OSDBA group, which typically is dba. In this case, skip ahead to "Create a UNIX Account to Own Oracle Software.
If you plan to have multiple installations on a single system and plan on having a unique OSDBA group for each install, then you will need a separate ORAINVENTORY group. The software owner, typically oracle, must have the ORAINVENTORY group as the primary group.
The following is a typical business scenario for which a separate ORAINVENTORY group is needed:
oracle1 with an OSDBA group of dba1.
oracle1 user works with a database named db11.
oracle2 with an OSDBA group of dba2.
oracle2 user works with a database named db22.
db11 and db22 databases are installed in different ORACLE_HOME directories.
oracle1 user should have SYSDBA privileges in the db11 database, but should not have SYSDBA privileges in the db22 database.
oracle2 user should have SYSDBA privileges in the db22 database, but should not have SYSDBA privileges in the db11 database.
In this situation, it is important to remember that the oraInventory can only be updated by a single operating system group. In order to maintain this central repository of installed Oracle products, the oracle1 and oracle2 users must share a common group, which Oracle Corporation refers to as the ORAINVENTORY group. The ORAINVENTORY group can be named anything, but it is usually named oinstall. In this scenario, by creating the ORAINVENTORY group and making it the primary group for both the oracle1 and oracle2 users, any new entries created by the Oracle Universal Installer for the oracle1 user can be read or updated by the Oracle Universal Installer for the oracle2 user.
Even though both oracle1 and oracle2 share Oracle software information in the ORAINVENTORY group, their different OSDBA group memberships preserve a separate database administrative access. oracle1 has dba1 as its secondary group. oracle2 has dba2 as its secondary group. The ORAINVENTORY group keeps the oraInventory repository of all Oracle executables and datafiles, but none of these files, except the oraInventory, are group writable. Only the owner of the executables or datafiles can modify them. oracle1 owns all files installed by oracle1. oracle2 owns all files installed by oracle2.
The oracle account is the UNIX user account that owns Oracle9i software after installation. You must run the Oracle Universal Installer with this user account. Table 2-6 describes the properties for the oracle account.
Table 2-7 lists the utilities to create the oracle account. Use the utility that corresponds to your platform.
| Platform | Utility |
|---|---|
|
AIX |
|
|
HP |
System Administrator's Menu (SAM) |
|
Linux |
|
|
Solaris |
|
|
Tru64 |
|
Sites with multiple Oracle home directories on one system may install Oracle software with the same oracle account or different ones. Each oracle account must have the ORAINVENTORY group as its primary group.
If you will have multiple oracle accounts that must access the same ORAINVENTORY group, as described in the preceding "Scenario for Creating an ORAINVENTORY Group", then verify that you have set up each account correctly. Table 2-8 describes the appropriate command for each platform.
| Platform | Command |
|---|---|
|
AIX |
|
|
HP |
|
|
Linux |
|
|
Solaris |
|
|
Tru64 |
|
You should see the ORAINVENTORY group after gid=. You should see the OSDBA group in the groups= list. If this is not so, ensure that both oracle1 and oracle2 accounts are listed in the /etc/groups file for the ORAINVENTORY group, that oracle1 is listed for the OSDBA1 group, and that oracle2 is listed for the OSDBA2 group.
The APACHE account is a UNIX user account that owns the Apache server after installation. If you use a default configuration (one that listens to ports lower than 1024, which are reserved to root), Oracle Corporation recommends that you set up a separate account to own Apache processes after installation for security reasons. This may affect the performance of other Oracle products.
During installation, the user account that owns the Apache server software must be a member of the ORAINVENTORY group in order to complete installation. The Apache server also must be started by root user in order for ports reserved to root to be made available to the database and applications. However, for security reasons, Oracle Corporation recommends that provisions are made to change the Apache server group membership to a low-privileged group, and to transfer ownership of Apache server processes from root to a low-privileged account.
To improve security for database and application processes, create the Apache user. Configure the Apache server to transfer ownership of its processes from root to the Apache user by using the Apache configuration parameter user, which resets user ownership of processes spawned by Apache once the server starts. Assign ownership of listener and module actions for the Apache server to this user. This post-installation process is described in Changing Group Membership of the Apache User.
Assign required access privileges to all Apache related module components to this user so as to allow apache and its modules to function as expected while minimizing security risks.
The Apache user should have minimal user privileges, and should not be a member of any groups whose files are not intended to be visible to the public. The nobody user account that many UNIX systems have may serve as a model for the Apache user. Be aware that all web servers open to the public are at risk of being compromised, and take measures accordingly to minimize exposure to that risk
Table 2-9 describes the properties of the APACHE account.
| Property | Description |
|---|---|
|
Login Name |
The Apache user may be given any name, but this guide refers to it as the Apache user. |
|
Primary GID |
The primary group must be the same group that owns the oraInventory directory. The location of the oraInventory directory is defined in the |
|
Secondary GID |
The secondary group should be one in which only the Apache user is a member. |
|
Home Directory |
Choose a home directory consistent with other user home directories. |
Table 2-10 lists the utilities to create the Apache user. Use the utility that corresponds to your platform.
| Platform | Utility |
|---|---|
|
AIX |
|
|
HP |
System Administrator's Menu (SAM) |
|
Linux |
|
|
Solaris |
|
|
Tru64 |
|
It is necessary to set the umask parameter to 022 for the oracle user to ensure group and others have read and execute permissions, but not write permission, on the installed files.
$ umask
umask command does not return the value 022, then set it for the oracle user by adding the following line to the .profile or .login file:
umask 022
$ umask 022
Log in as the oracle account and perform the following tasks as necessary:
It is necessary to set the DISPLAY and PATH environment variables before running the Oracle Universal Installer. Other environmental variables such as the documentation directory or executables path may also be set before running the Oracle Universal Installer.
Table 2-11 provides a brief summary of the variables listed in this section. See each variable's entry in this section for instructions on setting the variable appropriately.
The DISPLAY variable specifies the name, server number, and screen number of the system where the Oracle Universal Installer displays. On the system where you will run Oracle Universal Installer, set the DISPLAY variable to include the system name or IP address, the X server value, and the screen value used by your workstation. If you are unsure of the value to which you should set the X server and screen, use 0 (zero) for both. Do not use the hostname or IP address of the system where the software is being installed unless you are performing the installation from that system's X Window console.
If you get an Xlib error similar to "Failed to connect to server," "Connection refused by server," or "Can't open display" when starting the Oracle Universal Installer, run the following Bourne or Korn shell, or C shell commands on your X workstation.
In the session on your workstation, enter the following:
$ xhost +server_name
From your workstation where you will run the installation, connect to the server to which you intend to install Oracle9i and enter the following:
$ DISPLAY=workstation_name:0.0 $ export DISPLAY
In the session on your workstation, enter the following:
% xhost +server_name
Connect from your workstation where you will run the installation, to the server to which you intend to install Oracle9i. Enter the following:
% setenv DISPLAY workstation_name:0.0
The PATH variable specifies the shell's search path for executables. Set the shell's search path to include the information in the table below.
Table 2-12 lists the paths for the PATH variable that correspond to your platform.
The ORA_NLS33 variable specifies the directory location of the *.nlb files. The *.nlb files define languages, territories, character sets, and linguistic sorting orders. Set this variable only if the *.nlb files are in a non-default location, which is $ORACLE_HOME/ocommon/nls/admin/data.
The ORACLE_BASE variable specifies the directory at the top of the Oracle software and administrative file structure. The recommended value for an OFA-compliant configuration is /software_mount_point/app/oracle. For example:
/u01/app/oracle
The ORACLE_DOC variable specifies the directory to install the online documentation.
|
See Also:
For more information on how to determine where documentation will be installed if the variable is not set, see "Accessing Installed Documentation". |
The ORACLE_HOME variable specifies the directory containing the Oracle software for a given release. Ensure that the value of ORACLE_HOME points to a directory that does not contain any Oracle software prior to the Oracle9i software.
The Optimal Flexible Architecture recommended value is $ORACLE_BASE/product/release. For example:
/u01/app/oracle/product/9.0.1
The ORACLE_SID variable specifies the system identifier (sid) for the Oracle server instance to use during installation. If you plan on creating a database during installation, then you have the option of setting ORACLE_SID to the value of the sid. The Oracle Universal Installer will prompt you to confirm this value.
Use a text editor to set the environment variables in the.profile or.login file of the oracle account. You can update the environment in the current shell session before beginning installation by using the appropriate shell command.
On the server where the Oracle database will be installed, enter the following commands:
$ cd $ . $HOME/.profile
On the server where the Oracle database will be installed, enter the following commands:
% cd% source $HOME/.login
The following products require pre-installation steps to be completed before you install Oracle9i software:
Perform the following pre-installation steps for Oracle9i components.
Create the Apache user if you have not done so yet. The steps for creating the account are in "Setup Tasks to Perform as root User.
The Apache module requires JDK to be pre-installed for AIX. The installed JDK home will be prompted at the time of installation. For AIX version 4.3.3, install JDK 1.1.8 or 1.2.2.
Perform the following pre-installation steps to install Real Application Clusters.
root user.
/etc/group file on all nodes in the cluster. The OSDBA group name and number, and OSOPER group if you plan to designate one, must be identical for all nodes of a UNIX cluster accessing a single database. The default UNIX group name for the OSDBA group is dba.
oracle account on each node of the cluster so that:
.rhosts file of the oracle account or the /etc/hosts.equiv file.
For more information on the recommended naming conventions for Oracle mount points, see "Create Mount Points.
See Also:
To check RSH equivalence, execute a command on every node as the oracle user. For example, enter:
$ rsh another_host pwd
To check RCP equivalence, copy a small file from every node to every node. For example, enter:
$ rcp /tmp/dummy_file another_host:/tmp/dummy file
This is required for Oracle Universal Installer to know on which nodes to install Oracle Real Application Clusters.
If you are installing Real Application Clusters on HP or Solaris, then you must complete additional steps as the root user. See the following sections for your platform:
Start MC/ServiceGuard by entering the following command:
$ /usr/sbin/cmruncl
opspatch directory on your CD-ROM. This patch provides the Cluster Membership Monitor (CMM) that is required before you install Oracle Real Application Clusters.
oracle account.
If you are performing the pre-installation steps on HP, then verify that the MC/ServiceGuard is running by entering the following command:
$ /usr/sbin/cmviewcl
Table 2-13 Command to Verify Cluster Membership Monitor is Running
oracle account by performing a remote login (rlogin) to each node in the cluster.
If you are prompted for a password, the oracle account does not have user equivalence. Ensure that you gave the same attributes to all the nodes in the cluster. The Oracle Universal Installer cannot use the rcp command to copy Oracle products to the remote directories without user equivalence.
If you have not set up user equivalence, you must perform Step 5 in "Setup Tasks to Perform as root User.
Complete pre-installation tasks for the precompilers and tools required for your platform.
Verify that the C compiler executable is in the PATH setting. Table 2-14 describes the usual path settings and the appropriate command to verify the path depending on your platform.
| Platform | Path | Command |
|---|---|---|
|
AIX |
|
|
|
HP |
|
|
|
Linux |
|
|
|
Solaris |
|
|
|
Tru64 |
|
|
$COBDIR/lib directory.
The use of incorrectly aligned binary data (such as COMP-1) in Pro*COBOL applications will generate unaligned access warnings that will prevent optimum compiler performance, but not affect the application's results. The warnings may appear as follows:
Unaligned access pid=12227 <unaligned> va=11ffffb84 pc=1200010e0 ra=120001060 type=ldq
Verify that the PATH setting includes the FORTRAN compiler executable. Table 2-15 describes the usual path settings for the platforms and the appropriate command to verify the path depending on your platform.
| Platform | Path | Command |
|---|---|---|
|
AIX |
|
|
|
HP |
|
|
|
Linux |
Not applicable |
Not applicable |
|
Solaris |
Not applicable |
|
|
Tru64 |
|
|
Verify that the PATH setting includes the Ada executable. Table 2-16 describes the usual path settings for the platforms and the appropriate command to verify the path depending on your platform.
| Platform | Path | Command |
|---|---|---|
|
AIX |
/ |
|
|
HP |
Not applicable |
Not applicable |
|
Linux |
Not applicable |
Not applicable |
|
Solaris |
Not applicable |
|
|
Tru64 |
Not applicable |
Not applicable |
Verify that the OC Systems PowerAda 3.1 compiler configuration file has been set up. The file is located in the same directory where you have installed PowerAda. The file name will be as follows:
This section describes tasks that need to be completed prior to installation if you have existing network and system management products.
If you have an existing installation of Oracle Net8 Server, then shut down all listeners before installing Oracle Net. To determine if any listeners are running, enter the following command:
$ lsnrctl status listener_name
The listener_name field is required if the listener has a name other than the default name listener.
To shut down a running listener, enter the following command:
$ lsnrctl stop listener_name
|
See Also:
For information on planning the installation and configuration of Oracle Net on your system, see "Oracle Net Configuration Assistant. |
Oracle Universal Installer automatically installs the TCP/IP protocol with all Oracle9i Database installations. Before installing any protocol, verify that the underlying network is functioning and configured properly.
To verify that the network is functioning properly, transfer and retrieve a test file using the ftp utility by entering the following command:
$ ftp remote_server_name ftp> put test_filename ftp> get test_filename ftp> bye
Before you install Oracle Management Server, you need to determine if you will use an existing Enterprise Manager repository or create a new Enterprise Manager repository.
If you plan to migrate an existing Oracle Enterprise Manager repository to the current version, then backup or export the repository so that it can be recovered in the event of a unexpected error.
If you choose to use an existing Oracle Enterprise Manager repository version earlier than release 1 (9.0.1), then you must migrate the existing repository to release 1 (9.0.1). Review the following information to upgrade your repository.
Migrate the older repository to the current release by running Enterprise Manager Configuration Assistant release 1 (9.0.1).
If you decide to create a new release 1 (9.0.1) repository, then you must first install and start the database. The Enterprise Manager Configuration Assistant is automatically launched during the configuration phase of the Oracle9i Database Custom installation, the Management and Integration Management Server installation, and the Management and Integration Custom installation.
|
 Copyright © 2001 Oracle Corporation. All Rights Reserved. |
|