Oracle RAC (Real Application: Clusters) allows multiple computers to run Oracle RDBMS
software simultaneously while accessing a single database, thus providing clustering.
About this task
In a non-RAC Oracle database, a single instance accesses a single database. The database consists
of a collection of data files, control files, and redo logs located on disk. The instance comprises
the collection of Oracle-related memory and operating system processes that run on a computer
system.
In an Oracle RAC environment, two or more computers (each with an Oracle RDBMS instance)
concurrently access a single database. This allows an application or user to connect to either
computer and have access to a single coordinated set of data.
Procedure
-
Install S-TAP on all nodes.
In case GIM
is used, install the GIM client on all
nodes, then install the bundle S-TAP on all
nodes.
-
Configure the S-TAP parameters. All
of the parameters can be configured through the GIM UI.
- STAP_TAP_IP: public IP configured for the node
- STAP_ALTERNATE_IPS: comma separated list of VIPs (virtual IPs) configured
for the node, and the scan listener
Tip: Use this command to retrieve the value for
virtual hostnames to put in
STAP_ALTERNATE_IPS:
su – grid –c ‘cat $ORACLE_HOME/network/admin/*.ora’|grep –i host
For example:
[root@racvm121 ~]# su - grid -c 'cat $ORACLE_HOME/network/admin/*.ora'|grep -i host
LISTENER_RACVM121=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=<hostname>)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=9.70.148.198)(PORT=1521)(IP=FIRST)))) # line added by Agent
- Configure S-TAP inspection
engine parameter: unix_domain_socket_marker=<key>, where <key> value can
be found in listener.ora in the IPC protocol definition
Tip: Command
to retrieve value for
unix_domain_socket_marker:
su – grid –c ‘cat $ORACLE_HOME/network/admin/*.ora’|grep –i KEY
- Example: If the following is a description in the
listener.ora
LISTENER=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=ORCL))))
then unix_domain_socket_marker=ORCL
- Example: If there is more than one IPC line in listener.ora, use a common
denominator of all the keys:
su - grid -c 'cat $ORACLE_HOME/network/admin/*.ora'|grep -i KEY
LISTENER=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER))))
LISTENER_SCAN1=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN1))))
LISTENER_SCAN2=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN2))))
LISTENER_SCAN3=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN3))))
Guardium
uses a string search in the path. In this case LISTENER works for all four
and should be used: unix_domain_socket_marker=LISTENER
- Example: If there is no common denominator, create additional inspection engines with
unix_domain_socket_marker corresponding to the specific IPC key(s). For example
the guard_tap.ini may look similar to this example in the end:
[DB_0]
...
unix_domain_socket_marker=EXTPROC1522
...
[DB_1]
...
unix_domain_socket_marker=LISTENER
-
If the Oracle database is encrypted (ASO/SSL), activate A-TAP on all nodes
(active and standby). This example shows an Oracle setup with two users: grid and oracle.
- Authorize users grid and oracle.
- Stop the instance on the node that is part of RAC environment using the grid environment by entering the
command:
srvctl stop instance -db database_name -node node_name -force
- Verify that the instance on the node is stopped by entering the command from the grid environment:
srvctl status instance -db database_name -node node_name
- Configure A-TAP by entering the
command:
/usr/local/guardium/guard_stap/guardctl --db-user=oracle --db-type=oracle --db-instance=oracle --db-home=$ORACLE_HOME --db-version=18.0 store-conf
- Activate A-TAP by entering the
command:
/usr/local/guardium/guard_stap/guardctl --db-instance=oracle activate
- Restart the instance on the node that is part of RAC environment using the
grid environment by entring the command:
srvctl start instance -db database_name -node node_name
- Repeat steps 3.a through 3.f on all nodes of the RAC environment.