3 Installing and Preparing Oracle Site Guard
Installing Oracle Site Guard
Learn how to install and manage Oracle Site Guard with Enterprise Manager Command-Line Interface (EMCLI) or Oracle Enterprise Manager Cloud Control.
Oracle Site Guard is included with the latest version of Enterprise Manager Cloud Control Fusion Middleware Plug-in.
You can manage an Oracle Site Guard configuration EMCLI, or with Oracle Enterprise Manager Cloud Control.
To install Oracle Site Guard:
-
Install Enterprise Manager Cloud Control Fusion Middleware Plugin for your Oracle Fusion Middleware enterprise deployment. For information about installing Enterprise Manager Cloud Control Fusion Middleware Plugin, see Oracle Enterprise Manager Cloud Control Basic Installation Guide.
Note:
Ensure that you install Oracle Management Agent (Enterprise Manager Agent) on each of the hosts managed by Enterprise Manager, as described in Installing Oracle Management Agent in Oracle Enterprise Manager Cloud Control Basic Installation Guide.
-
Install EMCLI, as described in Oracle Enterprise Manager Command Line Interface Guide .
Note:
Oracle recommends that you install EM CLI in the same Oracle home where Oracle Management Service is installed. For example,
OMS_HOME/bin/emcli
.
Preparing Oracle Site Guard for Operation
Prepare Oracle Site Guard for operation.
After you have installed Oracle Site Guard, complete the following required tasks to prepare Oracle Site Guard for operation:
Discovering Targets on the Primary and the Standby Sites
To get started with Oracle Site Guard, you first discover all the targets at your primary and standby sites that Oracle Site Guard will protect.
To discover targets at the primary and standby site, complete the steps described in Discovering and Monitoring Targets in the Oracle Enterprise Manager Cloud Control Administrator's Guide.
Discover the following target types in Oracle Enterprise Manager:
- Oracle Fusion Applications
- Oracle Fusion Middleware farm/ WebLogic Domain
- Oracle Fusion Middleware managed system components, such as Oracle HTTP Server and Oracle Internet Directory (part of the Oracle Fusion Middleware farm)
- Real Application Cluster (RAC) databases
- Single-instance database
A site should be up and running for its targets to be discovered. This means that the site would function as the production site. For a two-site deployment, the targets in the primary site should be discovered first, followed by the targets in the standby site. After you discover the targets in the primary site, you must manually perform a switchover operation, so that the standby site takes over the production role, as described in: Setting Up and Managing Disaster Recovery Sites in Oracle® Fusion Middleware Disaster Recovery Guide. . Then you must discover the targets in the standby site, as you did for the primary site.
Note:
After discovering the targets for the standby site, you can use Oracle Site Guard to switch back operations to the primary site, so that the primary site takes over the production role, as described in: Setting Up and Managing Disaster Recovery Sites in Oracle® Fusion Middleware Disaster Recovery Guide. You only need to switchover and switchback manually during the configuration process.Creating Oracle Site Guard Administrator Users
Oracle recommends that you create Oracle Site Guard own users and administrators to manage disaster recovery operations.
Users who are not Enterprise Manager super users and who do not have EM_SG_ADMINISTRATOR
role assigned, cannot access the Oracle Site Guard functionality.
Note the following privilege restrictions for Oracle Site Guard administrators and how it affects Enterprise Manager super users:
-
Oracle Site Guard administrators can only view, modify and execute operation plans owned by them. An administrator cannot view, modify, or execute operation plans owned by another Oracle Site Guard administrator or super user.
-
A super user can view, modify and execute operation plans owned by anyone, including all Oracle Site Guard administrators and other super users.
If these restrictions do not work in your deployment, skip the steps for creating Oracle Site Guard Administrator users and use the built-in super user roles to access Oracle Site Guard functionality.
To create one or more Oracle Site Guard Administrator users, use one of the following methods:
Creating an Oracle Site Guard Administrator User with Enterprise Manager Cloud Control Console
Learn how to create an Oracle Site Guard administrator with Enterprise Manager Cloud Control.
To create an Oracle Site Guard administrator user with Enterprise Manager Cloud Control, perform the following steps:
-
Login to Enterprise Manager as a super user.
-
From the Setup menu, select Security, then select Administrators.
-
On the Administrators page, click Create.
-
In the Create Administrator wizard, do the following:
-
On the Properties page:
1. Specify the name
SG_ADMIN
.2. Provide a password.
3. Provide a password confirmation.
-
Make changes to any other fields as appropriate, and then click Next.
-
On the Roles page, select the
EM_SG_ADMINISTRATOR
role in the Available Roles pane on the left, and click Move to add the role to the Selected Roles pane on the right. -
If you discovered targets at the Primary and Standby sites as another user, assign target level privileges to the Oracle Site Guard Administrator user on the Target Privileges page.
1. Assign Full any Target or View any Target privileges in the section Privileges applicable to all Targets.
2. Alternately, assign view or full privileges for every target in the Primary and Standby sites by setting Target Privileges.
-
On the Review page, review the information you have provided for the user account, and click Finish.
-
Creating an Oracle Site Guard Administrator User with Enterprise Manager Command-Line Interface
Learn how to create an Oracle Site Guard administrator with Enterprise Manager Command-Line Interface (EMCLI).
To create an Oracle Site Guard administrator, run the following EMCLI command (located at OMS_HOME/bin/emcli
):
emcli create_user
-name="SG_ADMIN"
-password=password
-roles="EM_SG_ADMINISTRATOR;EM_USER;PUBLIC"
Parameter | Description |
---|---|
|
Enter a name for the Oracle Site Guard Administrator user. |
|
Enter a password for the Oracle Site Guard Administrator user. |
|
The list of roles assigned to this user. Enter |
For more information about the create_user
command, see create_user.
Creating Primary and Standby Sites
Learn how to create a generic system and how to use it as a primary or secondary site.
A disaster recovery site managed by Oracle Site Guard is modeled as a Generic System target type in Oracle Enterprise Manager. You can create a generic system and then use it as a primary and standby site. Each generic system that you use, must include all targets and Oracle Fusion Middleware farms and Databases pertaining to the site that it represents.
To create a generic system, use one of the following methods:
Creating a Generic System with Enterprise Manager Cloud Control Console
Create a generic site with Enterprise Manager Cloud Control Console. You can use a generic site as a primary or secondary site.
To create a generic system with Enterprise Manager Cloud Control Console, perform the following steps:
Creating a Generic System with Enterprise Manager Command-Line Interface
Create a generic site with Enterprise Manager Command-Line Interface (EMCLI) and use it as a primary or secondary site.
To create a generic system, run the following EMCLI command (located at OMS_HOME
/bin/emcli
):
Note:
For information about setting up a new EMCLI client, see the Enterprise Manager Command-Line Interface Download page within the Cloud Control console. To access the page, in Cloud Control, from the Setup menu, click Command Line Interface.
emcli create_system -name="name" -type=generic_system -add_members="name1:type1;name2:type2;..."]... -timezone_region="actual_timezone_region"
Note:
To get status and alert information for targets, you can run emcli get_targets
command. For more information on Enterprise Manager command line, see Verb Reference in the Oracle Enterprise Manager Command Line Interface Guide.
Parameter | Description |
---|---|
|
Enter a name for the system. |
|
Enter |
- |
Add existing targets to the system. Each target is specified as a name-value pair |
- |
Specify the time zone region. The time zone you specify here is used for scheduling operations such as jobs and blackouts, on the system. |
See also create_system.
Creating Credentials
Credentials are required to access the targets (hosts, servers, and databases) associated with Oracle Site Guard.
You can create and delegate named credentials or preferred credentials for the following targets associated with Oracle Site Guard:
-
Host (for normal or non-root user)
-
Host (for user with root privileges)
-
Oracle Node Manager (use Oracle Weblogic Domain as the Target Type and Node Manager as the Credential Type)
-
Oracle Weblogic Server
-
Oracle Database (SYSDBA)
This section contains the following topics:
Note:
You must associate the credentials that you create with the Oracle Site Guard configuration. Oracle Site Guard supports specifying the same credentials for all targets of the same target type. For example, all databases in a system can have the same sysdba
credentials. Oracle Site Guard also allows the targets of same type to have different credentials.
You need not create credentials for the targets running at the standby site if the credentials are the same across all targets on the primary and standby sites.
Creating Named Credentials
Learn how to create a named credential with with Enterprise Manager Cloud Control Console or EMCLI commands.
You can create named credentials using Enterprise Manager Cloud Control Console or EMCLI commands as explained in the following tasks.
To create named credentials with Enterprise Manager Cloud Control Console, perform the following steps:
-
Login to Enterprise Manager, preferably as an
EM_CLOUD_ADMINISTRATOR
user. -
From the Setup menu, select Security, then select Named Credentials.
The Named Credentials page is displayed.
-
Click Create.
The Create Credential page is displayed.
-
In the General Properties section, specify the following:
-
Credential name: Enter a name for the credential.
-
Credential description: Enter the credential description.
-
Authenticating Target Type/ Credential type/ Scope: Enter the details as specified in the following table:
Element Host Host (root-User Privileges) Oracle Node Manager Oracle WebLogic Server Database Instance Authenticating Target Type
Host
Host
Oracle Weblogic Domain
Oracle WebLogic Server
Database Instance
Credential type
Host Credentials
Host Credentials
Node Manager Credentials
Oracle WebLogic Credentials
Database Credentials
Scope
Global
Global
Global
Global
Global
-
If these credentials are valid for all targets of the selected Authenticating Target Type, then set Scope to Global.
If these credentials are only valid for a specific target, then set Scope to Target, and set the Target Type and Name fields to match the specific target.
-
-
In the Credential Properties section, specify the following:
-
UserName: Enter the user name.
-
Password: Enter the password.
-
Confirm Password: Enter the password again.
-
Run Privilege: Enter the details as specified in the following table:
Element Host Host (Users with root privileges) Oracle WebLogic Server Database Instance Run Privilege
None
Select Sudo and enter values in the Run As fields
Oracle WebLogic Server Administration user credentials
Oracle Database SYS user credential
Note:
When the credentials used by Oracle Site Guard are configured to use
sudo
privileges to run asroot
, thesudo
privilege must be configured as PDP (Privilege Delegation Provider) on all the agents running on the respective hosts of the target.PDP (Privilege Delegation Provider) can be configured from Enterprise Manager Cloud Control console. To configure PDP, go to Setup -> Security -> Privilege Delegation in the Enterprise Manager Cloud Control console.
-
-
If you are creating this credential as a user other than the Oracle Site Guard Administrator, you must grant view credential access to the Oracle Site Guard Administrator who will use the credential. To provide access, use the procedure in Granting Credential Privileges to Oracle Site Guard Administrator Users.
To provide access, complete the following steps in the Access Control section.
-
Click Add Grant. The Add Grant pop-up window appears.
-
Select the rows for all the Oracle Site Guard Administrator users you created while creating Oracle Site Guard Administrator users. See Creating Oracle Site Guard Administrator Users.
-
Click Select.
-
Verify that the users you selected appear in the list of Grantees in the Access Control table.
-
-
Click Test and Save. To test credentials, select the appropriate Test Target Type from the drop-down menu for which you want to test the credentials, and specify Test Target Name.
To create named credentials with EMCLI:
emcli create_named_credential -cred_name="cred_name" -auth_target_type="auth_target_type" -cred_type="cred_type" -attributes="p1:v1;p2:v2"
Parameter | Description |
---|---|
|
Set the name for this credential set. |
|
Set the authenticating target type. |
|
Set the credential type for the target/credential set. |
|
Enter the following credential column values: colname:colvalue;colname:colvalue To change the value of the separator, use |
Creating Preferred Credentials
Learn how to create preferred credentials using Enterprise Manager Cloud Control Console or EMCLI commands.
You can create preferred credentials using Enterprise Manager Cloud Control Console and set them as target of a preferred credential with EMCLI Commands, as explained in the following tasks.
To create preferred credentials with the Enterprise Manager Cloud Control Console:
To set a named credential as a target preferred credential with EMCLI, use the set_preferred_credential
command.
Note:
Oracle recommends that you to create preferred credentials with the emcli
commands.
emcli set_preferred_credential -set_name="set_name" -target_name="target_name" -target_type="type" -credential_name="name" [-credential_owner ="owner"]
Note:
[ ]
indicates that the parameter is optional.
Parameter | Description |
---|---|
|
Set the preferred credential for this credential set. |
|
Set the path for the software library location. |
|
Target type for the target/credential set. |
|
Name of the credential. |
|
Owner of the credential. This defaults to the currently logged-in user. |
Example:
emcli set_preferred_credential -set_name="HostCredsNormal" -target_name="test.example.com" -target_type="host" -credential_name="MyHostCredentials" -credential_owner="Admin"
Granting Credential Privileges to Oracle Site Guard Administrator Users
Named credentials are used to grant Oracle Site Guard administrators privileges to access and manage targets in disaster recovery operations.
The named credentials you created and configured as described in Creating Named Credentials, are used to grant access and manage targets during disaster recovery operations. The Oracle Site Guard administrators you created as described in Creating Oracle Site Guard Administrator Users, must be assigned privileges using those named credentials.
To grant privileges to Oracle Site Guard administrators, see Granting Credential Privileges with Enterprise Manager Cloud Control Console.
Configuring Software Library Storage Location
The Oracle Enterprise Manager Software Library (Software Library) is a repository that stores scripts and artifacts used by Oracle Enterprise Manager and its plug-ins.
This repository includes the scripts required to execute Site Guard operation plans. The storage location for the Software Library needs to be configured only once when you initially install and set up Oracle Enterprise Manager.
For information about the Software Library and how to determine whether a storage location for the Software Library is already configured, see section Configuring a Software Library.
To configure the Software Library storage location, use one of the following methods:
Configuring Software Library Storage Location with Enterprise Manager Cloud Control Console
Learn how to configure the Software Library storage location with Enterprise Manager Cloud Control Console.
To configure the storage location for the Oracle Software Library with Enterprise Manager Cloud Control Console:
Note:
Configuring Oracle Software Library is a one-time process. Enterprise Manager requires you to configure Oracle Software Library before proceeding with any deployment-procedure related tasks. Perform the steps listed in this section after confirming that Oracle Software Library is not already configured.
-
Login to Enterprise Manager as an
EM_CLOUD_ADMINISTRATOR
user. -
From the Setup menu, select Provisioning and Patching, then select Software Library.
The Software Library: Administration page is displayed.
-
Select OMS Shared File System from the Storage Type drop-down box.
-
Click Add.
-
Specify a name and location that is accessible to all OMS users, and click OK.
Note:
As the storage location for the Software Library must be accessible to all OMS as local directories, in a multi-OMS scenario, you must set up a clustered file system using OCFS2 or NFS. For single OMS systems, any local directory is sufficient.
Oracle Enterprise Manager begins execution of a new job to upload Software Library content to the specified location.
Note:
For more information about Software Library, see Configuring Software Library.
Configuring Software Library Storage Location with Enterprise Manager Command-Line Interface
Learn how to configure the Software Library storage location with Enterprise Manager Command-Line Interface (EMCLI).
To configure storage location in the software library for the Oracle Software Library with EMCLI:
emcli add_swlib_storage_location
-name="name_of_software_library"
-path="path_to_the_software_library_location"
Parameter | Description |
---|---|
|
The name for the software library. |
|
The path to the software library location. |
For example:
emcli add_swlib_storage_location -name="Softlib" -path="/u01/em/swlib"
Verifying Database and Data Guard Configurations
Oracle Site Guard uses Oracle Data Guard to perform database switchover and failover operations. Ensure that Oracle Site Guard can perform database operations during a disaster recovery operation.
To ensure that Oracle Site Guard can perform database operations during a disaster recovery operation:
- Ensure that Flashback Recovery is configured and enabled on both, the primary and the standby databases. If Flashback is not correctly configured, the standby database will have to be recreated after a failover operation. Whereas if Flashback is correctly configured the standby database can be easily reinstated after a failover operation with Data Guard Broker. Flashback need to be enabled only for failover operations and it is not required for switchovers.
- Verify the status and its configuration by ensuring that Oracle Data Guard is functional on the primary and standby databases (either single-instance or RAC).
- Ensure that you can perform Oracle Data Guard switchover and failover operations outside Site Guard (for example, with the
DGMGRL
utility).