一、 验证操作系统配置是否符合安装要求
在两台机器上以ROOT身份做
内核要求
安装oracle 10g要求Linux系统内核为2.4.9-e.25(或更高版本)
[root@node1 ~]# uname -r
2.6.9-22.Elsmp
所需程序包要求
其他所需程序包的版本:
gcc-2.96-124 (或更高版本)
make-3.79 (或更高版本)
binutils-2.11 (或更高版本)
openmotif-2.1.30-11 (或更高版本)
glibc-2.2.4-31(或更高版本)
[root@node1 ~]# rpm -q gcc make binutils openmotif glibc
gcc-3.4.4-2
make-3.80-5
binutils-2.15.92.0.2-15
openmotif-2.2.3-9.RHEL4.1
openmotif-2.2.3-9.RHEL4.1
glibc-2.3.4-2.13
glibc-2.3.4-2.13
SWAP分区要求
Oracle在超过8G推荐Swap分区为物理内存的0.8-2倍(视物理内存的大小而定)
[root@node1 ~]# free -t
total used free shared buffers cached
Mem: 32913828 1678788 31235040 0 70612 1345352
-/+ buffers/cache: 262824 32651004
Swap: 27647856 0 27647856
Total: 60561684 1678788 58882896
经过验证该操作系统符合安装要求,可以安装oracle 10gR2
二、配置网络
在两台机器上以ROOT身份做
配置网关
在/etc/sysconfig/network里加GATEWAY=10.0.38.254
[root@node1 ~] cat > /etc/sysconfig/network <<EOF
NETWORKING=yes
HOSTNAME=node1 (另一个节点为node2)
GATEWAY=10.10.21.121
EOF
配置RAC相关IP地址映射,在两台机器上以ROOT身份做
[root@node1 ~] cat > /etc/hosts <<EOF
127.0.0.1 localhost
11.11.11.1 node1-priv
10.10.21.141 node1
10.10.21.41 node1-vip
11.11.11.2 node2-priv
10.10.21.142 node2
10.10.21.42 node2-vip
EOF
三、配置 ROOT用户内核环境变量
在两台机器上以ROOT身份做,在/root/.bash_profile里加在EXPORT LD_ASSUME_KERNEL=2.4.19
[root@node1 ~] cat >> /root/.bash_profile <<EOF
export LD_ASSUME_KERNEL=2.4.19
EOF
[root@node1 ~]source /root/.bash_profile
四、配置时钟同步(NTP服务器)
[root@node1 ~] cat > /etc/ntp.conf <<EOF
restrict default ignore
restrict 10.10.21.0 mask 255.255.255.0 notrap nomodify
server 127.127.1.1
fudge 127.127.1.1 stratum 10 refid NIST
driftfile /etc/ntp.drift
logfile /var/log/ntp.log
Broadcastdelay 0.008
EOF
该节点作为ntp服务器的server端
[root@node1~]service ntpd restart
[root@node1~]chkconfig --level 35 ntpd on
在节点二上以ROOT身份改写配置文件/etc/ntp.conf为
[root@node2~]cat > /etc/ntp.conf <<EOF
restrict default ignore
restrict 127.0.0.1
restrict 10.10.21.0 mask 255.255.255.0 nomodify
server 10.10.21.141
restrict 10.10.21.141
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
keys /etc/ntp/keys
EOF
该节点作为ntp服务器的client端
[root@node2~]service ntpd restart
[root@node2~]chkconfig --level 35 ntpd on
用户可用以下两个常用命令查看ntpd服务状态:
1 ntpq -p
2 ntpstat
五、配置并加载 HANGCHECK-TIMER 模块
在两台机器上以ROOT身份做
[root@node1 ~]echo "options hangcheck-timer hangcheck_tick=30 hangcheck_margin=180" >> /etc/modprobe.conf
[root@node1 ~]/sbin/modprobe hangcheck-timer
检查设置
[root@node1 ~]grep Hangcheck /var/log/messages | tail -2
Nov 16 13:58:08 node2 kernel: Hangcheck: starting hangcheck timer 0.9.0 (tick is 30 seconds, margin is 180 seconds).
Nov 16 13:58:08 node2 kernel: Hangcheck: Using monotonic_clock().
六、配置内核
[root@node1 ~] cat >> /etc/sysctl.conf <<EOF
kernel.shmall = 2097152
kernel.shmmax = 4294967296(该值至少应是物理内存的1/2,建议设为物理内存大小)
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
EOF
运行以下命令激活更改
[root@node1 ~] # /sbin/sysctl -p
用以下命令验证相应的参数值
#/sbin/sysctl -a | grep sem(针对修改的每个参数值分别验证)
七、创建 相关组和用户帐户和相关路径
在两台机器上以ROOT身份做
[root@node1 ~] # /usr/sbin/groupadd oinstall
[root@node1 ~] # /usr/sbin/groupadd dba
[root@node1 ~] # /usr/sbin/useradd -m -g oinstall -G dba oracle
[root@node1 ~] # id oracle
uid=500(oracle) gid=501(oinstall) groups=501(oinstall),502(dba)
[root@node1 ~] # passwd oracle
Changing password for user oracle.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
创建相关目录
[root@node1 ~] # mkdir -p /u01/app/oracle
[root@node1 ~] #mkdir -p /u01/app/crs
[root@node1 ~] # mkdir -p /mnt/oradata/
[root@node1 ~] # chown -R oracle:oinstall /u01/app/oracle /mnt/oradata/ /u01/app/crs
[root@node1 ~] # chmod -R 775 /u01/app/oracle /mnt/oradata/ /u01/app/crs
八、为 ORACLE 用户设置 SHELL 限制
在两台机器上以ROOT身份做 ,配置oracle用户可以使用的进程数和打开的文件数。
[root@node1 ~] # cat >> /etc/security/limits.conf <<EOF
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
EOF
[root@node1 ~] # cat >> /etc/pam.d/login <<EOF
session required /lib/security/pam_limits.so
EOF
[root@node1 ~] # cat >> /etc/profile <<EOF
if [ \$USER = "oracle" ]; then
if [ \$SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
umask 022
fi
EOF
[root@node1 ~] # cat >> /etc/csh.login <<EOF
if ( \$USER == "oracle" ) then
limit maxproc 16384
limit descriptors 65536
umask 022
endif
EOF
九、配置用户等效性
在两台机器上以ORACLE身份做
生成 SSH 的公共密钥和专用密钥
[oracle@node2 ~]$mkdir ~/.ssh
[oracle@node2 ~]$chmod 755 ~/.ssh
[oracle@node2 ~]$/usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
4b:df:76:77:72:ba:31:cd:c4:e2:0c:e6:ef:30:fc:37 oracle@dbrac01.orademo.org
这里一路按回车选择默认就行
[oracle@node2 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
af:37:ca:69:3c:a0:08:97:cb:9c:0b:b0:20:70:e3:4a oracle@dbrac01.orademo.org
这里一路按回车选择默认就行
将公共密钥文件拷贝到其他节点
现在,必须将每个主机上的公共密钥文件 id_rsa.pub 和 id_dsa.pub 的内容复制到其他每个主机的 ~/.ssh/authorized_keys 文件中。使用ssh将每个文件的内容复制到 ~/.ssh/authorized_keys文件。请注意,当您使用ssh第一次访问远程主机时,其 RSA 密钥将是未知的,从而将提示您确认是否希望连接该主机。SSH 将记录该远程主机的 RSA 密钥,并在以后连接该主机时不再做出相关提示。
只需在第一个主机上,以 oracle 用户身份登录(复制本地帐户的密钥,以便连接本地主机的 ssh 能够起作用):
(如果您要剪切和粘贴这些命令,则分别运行它们。 SSH 每次会提示输入 oracle 的口令,如果同时粘贴这些命令,则第一个命令在提示输入口令之前刷新输入缓冲区,从而导致其他命令将会丢失。)
[root@node1 ~]cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@node1 ~] cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
[root@node1 ~] ssh oracle@node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys (另一个节点为node1)
The authenticity of host 'dbrac02 (10.49.9.100)' can't be established.
RSA key fingerprint is d1:23:a7:df:c5:fc:4e:10:d2:83:60:49:25:e8:eb:11.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dbrac02,10.49.9.100' (RSA) to the list of known hosts.
oracle@dbrac02's password:
[root@node1 ~] ssh oracle@node2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys(另一个节点为node1)
oracle@dbrac02's password:
[root@node1 ~] chmod 644 ~/.ssh/authorized_keys
如果是多台主机做rac集群的话要对第二,第三,第四个主机做同样的处理。请注意,这次有的SSH不会提示您输入oracle的口令。这是因为第一个主机(dbrac01)现在知道了第二个主机的公共密钥,而SSH现在使用的是一种不同的认证协议。
最后,在每个节点上ssh一下所有结点(包括自己)
验证等效性配置
[root@node1 ~] ssh node2 date
The authenticity of host 'dbrac02 (10.49.9.100)' can't be established.
RSA key fingerprint is 8f:a3:19:76:ca:4f:71:85:42:c2:7a:da:eb:53:76:85.
Are you sure you want to continue c