Infoaddict Just another site for Infoaddict's

24Jun/130

Oracle Database 11g Release 2 (11.2) Installation On Oracle Linux 6

Posted by Infoaddict

This article describes the installation of Oracle Database 11g Release 2 (11.2) (64-bit) on Oracle Linux 6 (64-bit). The article is based on a server installation with a minimum of 2G swap, with SELinux set to permissive and the firewall disabled. The following package groups were included for this installation.

  • Base System > Base
  • Base System > Client management tools
  • Base System > Compatibility libraries
  • Base System > Hardware monitoring utilities
  • Base System > Large Systems Performance
  • Base System > Network file system client
  • Base System > Performance Tools
  • Base System > Perl Support
  • Servers > Server Platform
  • Servers > System administration tools
  • Desktops > Desktop
  • Desktops > Desktop Platform
  • Desktops > Fonts
  • Desktops > General Purpose Desktop
  • Desktops > Graphical Administration Tools
  • Desktops > Input Methods
  • Desktops > X Window System
  • Development > Additional Development
  • Development > Development Tools
  • Applications > Internet Browser

An example of this type of Linux installations can be seen here. Alternative installations may require more packages to be loaded, in addition to the ones listed below.

Download Software

Download the Oracle software from OTN or MOS depending on your support status.

Unpack Files

Unzip the files.

# 11.2.0.1
unzip linux.x64_11gR2_database_1of2.zip
unzip linux.x64_11gR2_database_2of2.zip

#11.2.0.2
unzip p10098816_112020_Linux-x86-64_1of7.zip
unzip p10098816_112020_Linux-x86-64_2of7.zip

#11.2.0.3
unzip p10404530_112030_Linux-x86-64_1of7.zip
unzip p10404530_112030_Linux-x86-64_2of7.zip

You should now have a single directory called "database" containing installation files.

Hosts File

The "/etc/hosts" file must contain a fully qualified name for the server.

<IP-address>  <fully-qualified-machine-name>  <machine-name>

For example.

127.0.0.1       localhost.localdomain  localhost
192.168.0.181   ol6-112.localdomain    ol6-112

Oracle Installation Prerequisites

Perform either the Automatic Setup or the Manual Setup to complete the basic prerequisites. The Additional Setup is required for all installations.

Automatic Setup

If you plan to use the "oracle-rdbms-server-11gR2-preinstall" package to perform all your prerequisite setup, follow the instructions at http://public-yum.oracle.com to setup the yum repository for OL, then perform the following command.

# yum install oracle-rdbms-server-11gR2-preinstall

All necessary prerequisites will be performed automatically.

It is probably worth doing a full update as well, but this is not strictly speaking necessary.

# yum update

Manual Setup

If you have not used the "oracle-rdbms-server-11gR2-preinstall" package to perform all prerequisites, you will need to manually perform the following setup tasks.

Oracle recommend the following minimum parameter settings.

fs.suid_dumpable = 1
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048586

The current values can be tested using the following command.

/sbin/sysctl -a | grep <param-name>

Add or amend the following lines in the "/etc/sysctl.conf" file.

fs.suid_dumpable = 1
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
# semaphores: semmsl, semmns, semopm, semmni
kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default=4194304
net.core.rmem_max=4194304
net.core.wmem_default=262144
net.core.wmem_max=1048586

Run the following command to change the current kernel parameters.

/sbin/sysctl -p

Add the following lines to the "/etc/security/limits.conf" file.

oracle              soft    nproc   2047
oracle              hard    nproc   16384
oracle              soft    nofile  4096
oracle              hard    nofile  65536
oracle              soft    stack   10240

Install the following packages if they are not already present.

# From Oracle Linux 6 DVD
cd /media/cdrom/Server/Packages
rpm -Uvh binutils-2*x86_64*
rpm -Uvh glibc-2*x86_64* nss-softokn-freebl-3*x86_64*
rpm -Uvh glibc-2*i686* nss-softokn-freebl-3*i686*
rpm -Uvh compat-libstdc++-33*x86_64*
rpm -Uvh glibc-common-2*x86_64*
rpm -Uvh glibc-devel-2*x86_64*
rpm -Uvh glibc-devel-2*i686*
rpm -Uvh glibc-headers-2*x86_64*
rpm -Uvh elfutils-libelf-0*x86_64*
rpm -Uvh elfutils-libelf-devel-0*x86_64*
rpm -Uvh gcc-4*x86_64*
rpm -Uvh gcc-c++-4*x86_64*
rpm -Uvh ksh-*x86_64*
rpm -Uvh libaio-0*x86_64*
rpm -Uvh libaio-devel-0*x86_64*
rpm -Uvh libaio-0*i686*
rpm -Uvh libaio-devel-0*i686*
rpm -Uvh libgcc-4*x86_64*
rpm -Uvh libgcc-4*i686*
rpm -Uvh libstdc++-4*x86_64*
rpm -Uvh libstdc++-4*i686*
rpm -Uvh libstdc++-devel-4*x86_64*
rpm -Uvh make-3.81*x86_64*
rpm -Uvh numactl-devel-2*x86_64*
rpm -Uvh sysstat-9*x86_64*
rpm -Uvh compat-libstdc++-33*i686*
rpm -Uvh compat-libcap*
cd /
eject

Note. This will install all the necessary 32-bit packages for 11.2.0.1. From 11.2.0.2 onwards many of these are unnecessary, but having them present does not cause a problem.

Create the new groups and users.

groupadd -g 501 oinstall
groupadd -g 502 dba
groupadd -g 503 oper
groupadd -g 504 asmadmin
groupadd -g 506 asmdba
groupadd -g 505 asmoper

useradd -u 502 -g oinstall -G dba,asmdba,oper oracle
passwd oracle

Note. We are not going to use the "asm" groups, since this installation will not use ASM.

Additional Setup

Set the password for the "oracle" user.

passwd oracle

Set secure Linux to permissive by editing the "/etc/selinux/config" file, making sure the SELINUX flag is set as follows.

SELINUX=permissive

Once the change is complete, restart the server.

If you have the Linux firewall enabled, you will need to disable or configure it, as shown here or here.

Create the directories in which the Oracle software will be installed.

mkdir -p /u01/app/oracle/product/11.2.0/db_1
chown -R oracle:oinstall /u01
chmod -R 775 /u01

Login as root and issue the following command.

xhost +<machine-name>

Login as the oracle user and add the following lines at the end of the ".bash_profile" file.

# Oracle Settings
TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR

ORACLE_HOSTNAME=ol6-112.localdomain; export ORACLE_HOSTNAME
ORACLE_UNQNAME=DB11G; export ORACLE_UNQNAME
ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
ORACLE_HOME=$ORACLE_BASE/product/11.2.0/db_1; export ORACLE_HOME
ORACLE_SID=DB11G; export ORACLE_SID

PATH=/usr/sbin:$PATH; export PATH
PATH=$ORACLE_HOME/bin:$PATH; export PATH

LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH

Installation

Log into the oracle user. If you are using X emulation then set the DISPLAY environmental variable.

DISPLAY=<machine-name>:0.0; export DISPLAY

Start the Oracle Universal Installer (OUI) by issuing the following command in the database directory.

./runInstaller

Proceed with the installation of your choice. The prerequisites checks will fail for the following version-dependent reasons:

  • 11.2.0.1: The installer shows multiple "missing package" failures because it does not recognize several of the newer version packages that were installed. These "missing package" failures can be ignored as the packages are present. The failure for the "pdksh" package can be ignored because we installed the "ksh" package in its place.
  • 11.2.0.2: The installer should only show a single "missing package" failure for the "pdksh" package. It can be ignored because we installed the "ksh" package in its place.
  • 11.2.0.3: The installer shows no failures and continues normally.

You can see the type of installation I performed by clicking on the links below to see screen shots of each stage.

  1. Configure Security Updates
  2. Select Install Option
  3. System Class
  4. Node Selection
  5. Select Install Type
  6. Typical Install Configuration
  7. Create Inventory
  8. Perform Prerequisite Checks
  9. Summary
  10. Install Product
  11. Database Configuration Assistant
  12. Database Configuration Assistant 2
  13. Execute Configuration Scripts
  14. Finish

Post Installation

Edit the "/etc/oratab" file setting the restart flag for each instance to 'Y'.

DB11G:/u01/app/oracle/product/11.2.0/db_1:Y

 

Filed under: Oracle, RHEL No Comments
24Jun/130

Tightening SPAM control on ISPConfig Server

Posted by Infoaddict

Recently one of my clients shifted from Plesk to ISPConfig, and I was asked to setup ISPConfig control panel on it. We followed an ISPConfig How-to from howtoforge.com . The installation was (almost) a breeze. Migration from plesk to ISPConfig was quite painful. But anyway, we did it.

Later when the system went live and remained in production for more than a week, we noticed that there is a lot of spam coming in. The postfix mail server needed some additional armor. I wanted some important checks, such as helo, RBL and SPF. Below is how I added that extra level of protection.

 

First, I want to thank and acknowledge the authors of following web pages, which helped me in achieving this:

 

http://www.wains.be/index.php/2006/04/04/postfix-spf/

http://www.freesoftwaremagazine.com/articles/focus_spam_postfix?page=0%2C2

http://www.howtoforge.com/postfix_spf

 

For SPF, I downloaded the postfix-SPF (module/plugin) from http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.007.tar.gz , and installed it as following:

 

cd /root/

wget http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.007.tar.gz

tar xzf postfix-policyd-spf-perl-2.007.tar.gz

cp postfix-policyd-spf-perl-2.007/postfix-policyd-spf-perl /usr/libexec/postfix/

chmod +x /usr/libexec/postfix/postfix-policyd-spf-perl

 

Then I had to add the following text (it is one /single long line) to bottom of /etc/postfix/master.cf :-

 

vi /etc/postfix/master.cf

...

spfpolicy unix - n n - 0 spawn user=nobody argv=/usr/libexec/postfix/postfix-policyd-spf-perl

 

Notes:

  • You can use Tabs instead of spaces in the line above. Refer to INSTALL file which comes with the tarball.
  • The INSTALL file uses the word policy, instead of spfpolicy, as shown here. It does not matter. Whatever you choose to use, make sure that you use the same in master.cf and main.cf files.

 

I then edited my /etc/postfix/main.cf file and added the following text. The text below contains SPF checks, RBL checks, invalid helo checks, invalid host-name checks, etc.

 

vi /etc/postfix/main.cf

. . .

(Change the following line:)

smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf

 

(Change to:)

smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, permit

 

Note: The line above is single line.

 

(Then add the following text:)

policy_time_limit = 3600smtpd_delay_reject = yes

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, check_policy_service unix:private/spfpolicy, permit

 

Note: smtpd_* lines shown above are individual long single lines. (Tip: smtpd_* till permit is one line.)

 

After you save this file, restart postfix service :

 

service postfix restart

 

 

Filed under: RHEL No Comments
20Jun/130

Roundcube (0.2.1) webmail client installation on Centos 5.3

Posted by Infoaddict

Warning: Before you move farther into installation, I must warn you that RoundCube is a Web Mail Client in it's infancy. It provides you look and feel like your desktop email client. The only advantage it has over squirrel mail is that it has facility to show and compose HTML mails. It does not contain password changing facility as of version 0.2.1.
Also, it does not contain options to Filter messages as well.
There are hacks, though. I am using Qmail setup, with Squirrelmail+change_password plugin already installed on the mail server. I can use that. OR, I can use a link to qmailadmin administration page, where users can change their passwords, effortlessly. The INSTALL file mentions requirements as:
REQUIREMENTS
============

* The Apache or Lighttpd Webserver
* .htaccess support allowing overrides for DirectoryIndex
* PHP Version 5.2 or greater including
- PCRE (perl compatible regular expression)
- DOM (xml document object model)
- libiconv (recommended)
- mbstring (optional)
* php.ini options:
- error_reporting E_ALL & ~E_NOTICE (or lower)
- memory_limit (increase as suitable to support large attachments)
- file_uploads enabled (for attachment upload features)
- session.auto_start disabled
- zend.ze1_compatibility_mode disabled
* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
* A MySQL or PostgreSQL database engine or the SQLite extension for PHP
* One of the above databases with permission to create tables
* An SMTP server or PHP configured for mail delivery

However, in my experience, I have installed successfully on CentOS 5.3, with PHP 5.1 .

Download the Roundcube TAR file from http://roundcube.net/ . Un-tar it under your document root, if you want it just for your specific website, OR, you can un-tar it in /var/www/roundcube and create a server wide alias. This way, it will be accessible to all websites hosted on your server.

Assuming your web server runs as user apache:-
Change the ownership of the entire directory tree of RoundCube source to apache:apache, if you are setting it up server wide.

Change the ownership of the entire directory tree of RoundCube source to yourftpaccount:apache, if you are setting it up only for your website, under your document root sub tree. If your document root is /var/www/vhosts/mysite.com/httpdocs., then you may want to install roundcube in:  /var/www/vhosts/mysite.com/httpdocs/webmail .

Make sure that config, temp and logs directories are readable and writeable by user apache.

Once you reach here, you may want to configure it.

If you have installed it server wide, under /var/www/roundcube, you will first need to create an Alias in your apache config file. You can do it as :-

cat > /etc/httpd/conf.d/roundcube.conf << EOF
Alias /roundcube /var/www/roundcube
EOF

service httpd reload

If you have installed it only for one website, inside a directory named webmail, under it's document root, you can continue onwards.

Go inside the directory webmail/config and change the names of files *.inc.php.dist to *.inc.php . Now you can use either the web installer method, or the manual method. To use the web-installer method, which is diabled by default, you would need to :

set $rcmail_config['enable_installer'] = true; in config/main.inc.php

,… and run/access  http://yourwebsite/webmail/installer from a web browser. This should get you done in a few steps.

If you are doing a manual install, here are the instructions (which are easy as well) :-

The roundcube INSTALL file says:-

First you need to create a database for roundcube, in mysql.

# mysql –u root
CREATE DATABASE roundcubedb /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
GRANT ALL PRIVILEGES ON roundcubedb.* TO roundcubeuser@localhost IDENTIFIED BY 'secret';
quit

Then, populate this DB as :-

[root@www roundcubemail-0.2.1]# mysql -u root -psecretdbpassword roundcubedb < SQL/mysql.initial.sql

Next edit the config/db.inc.php file  and set value for the following variables.

$rcmail_config['db_dsnw'] = 'mysql://roundcubeuser:secret@localhost/roundcubedb';

Then edit the config/main.inc.php and adjust the following variables:-

$rcmail_config['default_host'] = 'mail.yoursite.com';

This one is not a must actually. If you do not set it, you will see a  "Server" textbox on the webmail login page, below your id and password text boxes. You may supply "localhost" or "mail.yoursite.com" , or whatever is the name of your mail server in that box. That is it!. you are done.

Now login to your roundcube interface by accessing http://yourwebsite/webmail . Use complete email-id as username and your email password . Login and enjoy!

Changing email password:-

Assuming, you have an email id as webmaster@example.com , and you have QmailAdmin installed on your system, like I do, then you would login as :

URL: http://www.yoursite.com/cgi-bin/qmailadmin
UserAccount: webmaster
DomainName: example.com
Password: your-current-email-password

Once you login, you will see options to set your full name, your password, email routing, incase you want your mail to be forwarded elsewhere, and an option to set vacation auto-response. Update your settings here and press the "Modify User" button at the bottom to save changes. You are done. Similarly if you have other hosted or hosting environments, such as plesk / cpanel, etc, you may use their email control panel to change your password.

 

Filed under: Centos No Comments