martinberger.com

Latest Posts

OCI Database Backup Service Configuration – Avoid 401 Unauthorized Error

Author: Martin Berger 11. October 2019

While I a preparing new exercises for an Oracle Cloud Infrastructure training, I ran into an issue while configuring the Oracle Database Backup Service for the Object Storage. The OCI backup module installer returns an error 401.

My Environment

Oracle Linux 7 Virtual Box Machine
Oracle 19c RDBMS

Backup Service Module Installation Error

The installation was done according the documenation https://docs.oracle.com/en/cloud/paas/db-backup-cloud/csdbb/oracle-database-cloud-backup-module-oci.html

oracle@ocivm01:~/ [ONPREM] java -jar oci_install.jar 
-host https://objectstorage.eu-frankfurt-1.oraclecloud.com 
-pvtKeyFile /home/oracle/.ssh/oci_api_backup_key.pem 
-pubFingerPrint 1c:79:c5:d5:e4:3a:6e:f5:07:xx:xx:xx 
-uOCID ocid1.user.oc1..aaaaaaaanqt5qrcbwwseeud7cjfxqcip123456789abcdefghi 
-tOCID ocid1.tenancy.oc1..aaaaaaaac3gjl7xgpxu3wmmqh2ha123456789abcdefghi 
-walletDir $ORACLE_BASE/opc_wallet 
-libDir $ORACLE_HOME/lib 
-configFile /u01/app/oracle/admin/ONPREM/opc_config/ONPREM.ora 
-bucket db_backup_doag00

oracle@ocivm01:~/ [ONPREM] java -jar oci_install.jar

-host https://objectstorage.eu-frankfurt-1.oraclecloud.com

-pvtKeyFile /home/oracle/.ssh/oci_api_backup_key.pem

-pubFingerPrint 1c:79:c5:d5:e4:3a:6e:f5:07:xx:xx:xx

-uOCID ocid1.user.oc1..aaaaaaaanqt5qrcbwwseeud7cjfxqcip123456789abcdefghi

-tOCID ocid1.tenancy.oc1..aaaaaaaac3gjl7xgpxu3wmmqh2ha123456789abcdefghi

-walletDir $ORACLE_BASE/opc_wallet

-libDir $ORACLE_HOME/lib

-configFile /u01/app/oracle/admin/ONPREM/opc_config/ONPREM.ora

-bucket db_backup_doag00

Error Message – java.io.IOException: testConnection: 401 Unauthorized

Oracle Database Cloud Backup Module Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-11-09
Error: Could not authenticate to Oracle Database Cloud Backup Module
Exception in thread "main" java.lang.RuntimeException: java.io.IOException: testConnection: 401 Unauthorized.
at oracle.backup.opc.install.BmcConfig.testConnection(BmcConfig.java:305)
at oracle.backup.opc.install.BmcConfig.doBmcConfig(BmcConfig.java:164)
at oracle.backup.opc.install.BmcConfig.main(BmcConfig.java:156)
Caused by: java.io.IOException: testConnection: 401 Unauthorized.
at oracle.backup.opc.install.BmcConfig.testConnection(BmcConfig.java:290)
... 2 more

Oracle Database Cloud Backup Module Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-11-09

Error: Could not authenticate to Oracle Database Cloud Backup Module

Exception in thread "main" java.lang.RuntimeException: java.io.IOException: testConnection: 401 Unauthorized.

at oracle.backup.opc.install.BmcConfig.testConnection(BmcConfig.java:305)

at oracle.backup.opc.install.BmcConfig.doBmcConfig(BmcConfig.java:164)

at oracle.backup.opc.install.BmcConfig.main(BmcConfig.java:156)

Caused by: java.io.IOException: testConnection: 401 Unauthorized.

at oracle.backup.opc.install.BmcConfig.testConnection(BmcConfig.java:290)

... 2 more

What I have verified:

Private key format and permissions
OCIDs
FingerPrint

But all of them were correct. There is no My Oracle Support note available about this error together with Oracle Database Backup Service. But after some more investigation, I found this note here: EBSCloudBackup.pl Failed When Performing Database Tier Upload Task (Doc ID 2588278.1) – bingo! This note described exactly my case with the cloud backup. The machine time is wrong!

My actual Machine Time and Date

The timezone CEST is correct. But wait, here in Kestenholz at the famous Jurasüdfuss / Switzerland, we have 14:38 local time. The virtual machine was 2 hours “in the future”. Let’s install the NTP service deamon.

oracle@ocivm01:~/ [ONPREM] timedatectl
      Local time: <strong>Fri 2019-10-11 16:38:39 CEST</strong>
  Universal time: Fri 2019-10-11 14:38:39 UTC
        RTC time: Fri 2019-10-11 14:38:40
       Time zone: Europe/Zurich (CEST, +0200)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2019-10-27 02:59:59 CEST
                  Sun 2019-10-27 02:00:00 CET

oracle@ocivm01:~/ [ONPREM] timedatectl

Local time: <strong>Fri 2019-10-11 16:38:39 CEST</strong>

Universal time: Fri 2019-10-11 14:38:39 UTC

RTC time: Fri 2019-10-11 14:38:40

Time zone: Europe/Zurich (CEST, +0200)

NTP enabled: no

NTP synchronized: no

RTC in local TZ: no

DST active: yes

Last DST change: DST began at

Sun 2019-03-31 01:59:59 CET

Sun 2019-03-31 03:00:00 CEST

Next DST change: DST ends (the clock jumps one hour backwards) at

Sun 2019-10-27 02:59:59 CEST

Sun 2019-10-27 02:00:00 CET

NTP Installation and Configuration

[root@ocivm01 ~]# yum -y install ntp
[root@ocivm01 ~]# systemctl start ntpd
[root@ocivm01 ~]# systemctl enable ntpd

[root@ocivm01 ~]# yum -y install ntp

[root@ocivm01 ~]# systemctl start ntpd

[root@ocivm01 ~]# systemctl enable ntpd

Now the time is right:

oracle@ocivm01:~/ [ONPREM] timedatectl
Local time: Fri 2019-10-11 14:42:40 CEST
Universal time: Fri 2019-10-11 12:42:40 UTC
RTC time: Fri 2019-10-11 14:42:19
Time zone: Europe/Zurich (CEST, +0200)
NTP enabled: no
NTP synchronized: no
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2019-03-31 01:59:59 CET
Sun 2019-03-31 03:00:00 CEST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2019-10-27 02:59:59 CEST
Sun 2019-10-27 02:00:00 CET

oracle@ocivm01:~/ [ONPREM] timedatectl

Local time: Fri 2019-10-11 14:42:40 CEST

Universal time: Fri 2019-10-11 12:42:40 UTC

RTC time: Fri 2019-10-11 14:42:19

Time zone: Europe/Zurich (CEST, +0200)

NTP enabled: no

NTP synchronized: no

RTC in local TZ: no

DST active: yes

Last DST change: DST began at

Sun 2019-03-31 01:59:59 CET

Sun 2019-03-31 03:00:00 CEST

Next DST change: DST ends (the clock jumps one hour backwards) at

Sun 2019-10-27 02:59:59 CEST

Sun 2019-10-27 02:00:00 CET

OCI Backup Configuration – 2nd Try

Now the oci_installer.jar runs fine and the configuration will be created. Et voilà.

Oracle Database Cloud Backup Module Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-11-09
Oracle Database Cloud Backup Module credentials are valid.
Backups would be sent to bucket db_backup_doag00.
Oracle Database Cloud Backup Module wallet created in directory /u01/app/oracle/opc_wallet.
Oracle Database Cloud Backup Module initialization file /u01/app/oracle/admin/ONPREM/opc_config/ONPREM.ora created.
Downloading Oracle Database Cloud Backup Module Software Library from Oracle Cloud Infrastructure.
Download complete.

Oracle Database Cloud Backup Module Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-11-09

Oracle Database Cloud Backup Module credentials are valid.

Backups would be sent to bucket db_backup_doag00.

Oracle Database Cloud Backup Module wallet created in directory /u01/app/oracle/opc_wallet.

Oracle Database Cloud Backup Module initialization file /u01/app/oracle/admin/ONPREM/opc_config/ONPREM.ora created.

Downloading Oracle Database Cloud Backup Module Software Library from Oracle Cloud Infrastructure.

Download complete.

Lesson learned

Take care about time and date settings when you build virtual machines for testing purposes. And aways install a time service like NTP or chrony.

Oracle Cloud Infrastructure, Oracle Linux, TrivadisContent

Monitor your Oracle Cloud Free Tier with Grafana on Oracle Linux 8

Author: Martin Berger 30. September 2019

In a previous blog post I wrote about monitoring Oracle Cloud Infrastructure components by Grafana. In the meantime, we got the Oracle Cloud Free Tier. Here is an updated version.

This blog post shows you how to install and configure the Grafana plugin based on the Oracle blog entry https://blogs.oracle.com/cloudnative/data-source-grafana on an Oracle Enterprise Linux 8 server.

Steps to monitor the Oracle Cloud Free Tier by the OCI Grafana Plugin

Install and configure the Oracle Cloud Infrastructure CLI – by download or by YUM install
Configure Group, User and Policy in Oracle Cloud Infrastructure Console
Install Grafana and the OCI Plugin
Configure the Grafana DataSource
Create a new Dashboard with OCI Metrics

Machine Requirements

The server needs access to the internet.

Install and configure the Oracle Cloud Infrastructure CLI

Link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliinstall.htm

In this step, the software will be installed an configured. The new created SSH public key has to be added in the OCI console for further actions.

As OS user root we create a new user for OCI actions.

# groupadd oci
# useradd oci -g oci
# passwd oci

# groupadd oci

# useradd oci -g oci

# passwd oci

Login as user oci, execute the CLI download and installation script. Answer questions with Y / Enter to get the default installation.

$ bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"

1	$ bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"

Default values:

install directory	/home/oci/lib/oracle-cli
executable directory	/home/oci/bin
OCI scripts	/home/oci/bin/oci-cli-scripts
optional CLI packages	db
shell/tab completion	Y
path to rc file	/home/oci/.bashrc

After the successful CLI installation, you have to configure it.

$ /home/oci/bin/oci setup config

1	$ /home/oci/bin/oci setup config

Based on your OCI account, these information are required – let the config and key location on default values.

config location	/home/oci/.oci/config
user OCID	OCI > Identity > Users > [YOUR_USER] > OCID
tenancy OCID	OCI > Administration > Tenancy Details > [YOUR_TENANCY] > OCID
region	choose your region, e.g. eu-zurich-1
generate a new key pair	Y -> only if you don’t have already created a key pair
key directory	/home/oci/.oci
key name	oci_api_key

Add the content of the public key file in the OCI console to your user which you want to work with.

Attention: Be sure that you add the public key to the user which you have used for the CLI configuration!

Test the CLI configuration – example to list all compartments in your tenant.

$ /home/oci/bin/oci iam compartment list --all | grep name
      "name": "ManagedCompartmentForPaaS",
      "name": "Mohnweg",

$ /home/oci/bin/oci iam compartment list --all | grep name

"name": "ManagedCompartmentForPaaS",

"name": "Mohnweg",

Alternative Method Oracle Linux 7 – YUM Repository

Thanks to Sergio Leunissen from Oracle for his input, the Python SDK and oci utilities are is available in the YUM repository too and ready to install. Take a look at his blog post to see how to work with the Python SDK and OCI metadata:

https://blogs.oracle.com/linux/easy-compute-instance-metadata-access-with-oci-utils

Configure Group, modify User and add a Policy in Oracle Cloud Infrastructure Web Interface

Group

Create a new OCI group called Grafana. OCI > Identity > Groups.

Modify User

Add the selected user to the group – for example this is my user.

Add a Policy

Create a new policy called GrafanaPolicy. OCI > Identity > Policies.

allow group grafana to read metrics in tenancy
allow group grafana to read compartments in tenancy

Install Grafana and the OCI Plugin

Link: https://grafana.com/grafana/download?platform=linux

# wget https://dl.grafana.com/oss/release/grafana-6.3.6-1.x86_64.rpm
# yum localinstall grafana-6.3.6-1.x86_64.rpm

1 2	# wget https://dl.grafana.com/oss/release/grafana-6.3.6-1.x86_64.rpm # yum localinstall grafana-6.3.6-1.x86_64.rpm

Enable auto start and start the Grafana server manually.

# systemctl enable grafana-server.service
# systemctl daemon-reload
# systemctl start grafana-server

# systemctl enable grafana-server.service

# systemctl daemon-reload

# systemctl start grafana-server

Enable port 3000 (Grafana default port in firewall – the port can be changed in /etc/grafana/grafana.ini) to provide web access to Grafana.

# firewall-cmd --permanent --zone=public --add-port=3000/tcp
# firewall-cmd --reload

# firewall-cmd --permanent --zone=public --list-ports
3000/tcp

# firewall-cmd --permanent --zone=public --add-port=3000/tcp

# firewall-cmd --reload

# firewall-cmd --permanent --zone=public --list-ports

3000/tcp

Install the Grafana Oracle Cloud Infrastructure oci-datasource plugin.

# grafana-cli plugins install oci-datasource
# service grafana-server restart

1 2	# grafana-cli plugins install oci-datasource # service grafana-server restart

Verify the Grafana plugin directory with the installed plugin.

# ls -la /var/lib/grafana/plugins
total 0
drwxr-xr-x. 3 grafana grafana 28 Sep 30 08:05 .
drwxr-xr-x. 4 grafana grafana 50 Sep 30 08:04 ..
drwxr-xr-x. 3 root    root    18 Sep 30 08:05 oci-datasource

# ls -la /var/lib/grafana/plugins

total 0

drwxr-xr-x. 3 grafana grafana 28 Sep 30 08:05 .

drwxr-xr-x. 4 grafana grafana 50 Sep 30 08:04 ..

drwxr-xr-x. 3 root root 18 Sep 30 08:05 oci-datasource

Grafana needs the configuration file and the SSH Key from the user oci. As user root, copy the files and set the ownership to OS user grafana.

# cp -r /home/oci/.oci /usr/share/grafana
# chown -R grafana:grafana /usr/share/grafana/.oci

1 2	# cp -r /home/oci/.oci /usr/share/grafana # chown -R grafana:grafana /usr/share/grafana/.oci

Change the path to the key file in /usr/share/grafana/.oci/config.

# vi /usr/share/grafana/.oci/config

From:

key_file=/home/oci/.oci/oci_api_key.pem

1	key_file=/home/oci/.oci/oci_api_key.pem

To:

key_file=/usr/share/grafana/.oci/oci_api_key.pem

1	key_file=/usr/share/grafana/.oci/oci_api_key.pem

Create a new Dashboard based on OCI Metrics

Open your browser and log in into Grafana with [SERVERNAME]:3000. Username and password are admin/admin. You have to change your initial password imme diately.

Add data source

Select Oracle Cloud Infrastructure

Configure the Data Source

Fill in your tenancy OCI, region and set Environment = Local. Test the connection. For troubleshooting see Grafana logfile in directory /var/log/grafana. If your default region like ZRH / EU-ZURICH-1 is not listed, then you have to edit the a plugin file as described below. Otherweise no metrics are shown.

Example to use Grafana for the Datacenter eu-zurich-1:

Edit the file /var/lib/grafana/plugins/oci-datasource/dist/constants.js and add your missed region – restart Grafana.

_export('regions', regions = ['ca-toronto-1', 'eu-frankfurt-1', 'uk-london-1', 'us-ashburn-1', 'us-phoenix-1','eu-zurich-1']);

1	_export('regions', regions = ['ca-toronto-1', 'eu-frankfurt-1', 'uk-london-1', 'us-ashburn-1', 'us-phoenix-1','eu-zurich-1']);

Error message in the grafana.log when your region is not added in file content.js but you select the region as data source:

{ RawResponse={400 Bad Request 400 HTTP/1.1 1 1 map[Content-Length:[105] 
 Content-Type:[application/json] Date:[Mon, 30 Sep 2019 06:21:25 GMT] 
Opc-Request-Id:[777d41435b6f545f2aab5f1e10d9f278/15461D7746D5EAD60CC00B46095A5BDE/FD316A5328D8FD17D0B68205CF5C80F4]] 
0xc0004c64c0 105 [] false false map[] 0xc0 00150800 0xc000133b80} Items=[] 
OpcRequestId=<nil> }\n: Service error:InvalidParameter. token recognition error at 
: '$'\n $metric[1m].max()\n . http status code: 400. Opc request id: 777d41435b6f545f2aab5f1e10d9f278/15461D7746D5

{ RawResponse={400 Bad Request 400 HTTP/1.1 1 1 map[Content-Length:[105]

Content-Type:[application/json] Date:[Mon, 30 Sep 2019 06:21:25 GMT]

Opc-Request-Id:[777d41435b6f545f2aab5f1e10d9f278/15461D7746D5EAD60CC00B46095A5BDE/FD316A5328D8FD17D0B68205CF5C80F4]]

0xc0004c64c0 105 [] false false map[] 0xc0 00150800 0xc000133b80} Items=[]

OpcRequestId=<nil> }\n: Service error:InvalidParameter. token recognition error at

: '$'\n $metric[1m].max()\n . http status code: 400. Opc request id: 777d41435b6f545f2aab5f1e10d9f278/15461D7746D5

Create a new Dashboard and Add Query

Create a Query to visualize Data

In this dashboard example I used the region eu-zurich-1, my compartment, the namespace oci_autonomous_database and the metric CpuUtilization.

There are a lot of other metrics available like:

CurrentLogons
ExecutionCount
Sessions
StorageUtilization (in %)
etc.

Available Metrics

Learn more about metrics and monitoring in the OCI documentation here:

https://docs.cloud.oracle.com/iaas/Content/Monitoring/Concepts/monitoringoverview.htm?Highlight=monitoring

Summary

The OCI Grafana plugin is a nice solution to visualize your Oracle Cloud Free Tier environment based on Open Source software. Take care, Grafana needs access to the OCI CLI SSH information for the Oracle Cloud Infrastructure connection.

Autonomous Database, Oracle Cloud, Oracle Cloud Infrastructure, Oracle Linux, TrivadisContent

Oracle Database Appliance X6-L Memory Expansion – Overwritten HugePage Settings after Reboot

Author: Martin Berger 15. May 2019

A Customer has extended his Oracle Database Appliance X6-L with Oracle Database Appliance Memory Expansion Kit from 192GB to 384GB. After the first startup, the odacli tool has recognized the additional available memory and gave us the suggested value for the new HugePage settings.

The ODA has the newest available patchset applied, OS is Oracle Enterprise Linux 6.10.

Update the OS Configuration

Oracle suggested the new values for the HugePage settings to 135350MB.

[root@srv20 ~]# odacli list-osconfigurations 

Parameter User ConfiguredValue SuggestedValue 
--------------- --------------- ------------------------------ --------------- 
Memlock grid 386716274KB 386716168KB 
Memlock oracle 386716274KB 386716168KB 
HugePage default 67815MB 135350MB

[root@srv20 ~]# odacli list-osconfigurations

Parameter User ConfiguredValue SuggestedValue

--------------- --------------- ------------------------------ ---------------

Memlock grid 386716274KB 386716168KB

Memlock oracle 386716274KB 386716168KB

HugePage default 67815MB 135350MB

According the Oracle documentation Oracle® Database Appliance X6-2S/X6-2M/X6-2L Deployment and User’s Guide – Section 13.14 – we updated the OS configuration by odacli. The job was finished after some seconds.

odacli update-osconfigurations (page 13-70)
Use the command odacli update-osconfigurations to update the HugePage and memlock values.

[root@srv20]# odacli update-osconfigurations

1	[root@srv20]# odacli update-osconfigurations

Verfication

The HugePage Settings were updated now.

[root@srv20 ~]# odacli list-osconfigurations 

Parameter User ConfiguredValue SuggestedValue 
--------------- --------------- ------------------------------ --------------- 
Memlock grid 386716168KB 386716168KB 
Memlock oracle 386716168KB 386716168KB 
HugePage default 135350MB 135350MB

[root@srv20 ~]# odacli list-osconfigurations

Parameter User ConfiguredValue SuggestedValue

--------------- --------------- ------------------------------ ---------------

Memlock grid 386716168KB 386716168KB

Memlock oracle 386716168KB 386716168KB

HugePage default 135350MB 135350MB

Time for a hardware restart.

Old HugePage Values after ODA Restart

But, after the machine has started, the old HugePage values were back again. But who has overwritten the settings?

[root@srv20 ~]# odacli list-osconfigurations 

Parameter User ConfiguredValue SuggestedValue 
--------------- --------------- ------------------------------ --------------- 
Memlock grid 386716274KB 386716168KB 
Memlock oracle 386716274KB 386716168KB 
HugePage default 67815MB 135350MB

[root@srv20 ~]# odacli list-osconfigurations

Parameter User ConfiguredValue SuggestedValue

--------------- --------------- ------------------------------ ---------------

Memlock grid 386716274KB 386716168KB

Memlock oracle 386716274KB 386716168KB

HugePage default 67815MB 135350MB

An SR has solved the problem, the are two files in the OS which are responsible for that behavior:

/etc/sysctl.d/99-initial-sysctl.conf
/etc/sysctl.d/99-oracle-rdbms-server-12cR1-preinstall-sysctl.conf

We take a look at the values:

[root@srv20 ~]# cat /etc/sysctl.d/99-initial-sysctl.conf | grep huge
vm.nr_hugepages=67815

[root@srv20 ~]# cat /etc/sysctl.d/99-oracle-rdbms-server-12cR1-preinstall-sysctl.conf | grep huge
vm.nr_hugepages=67815

[root@srv20 ~]# cat /etc/sysctl.d/99-initial-sysctl.conf | grep huge

vm.nr_hugepages=67815

[root@srv20 ~]# cat /etc/sysctl.d/99-oracle-rdbms-server-12cR1-preinstall-sysctl.conf | grep huge

vm.nr_hugepages=67815

Solution: Remove these two Files

First, we updated the OS Configuration again.

[root@srv20 ~]# odacli update-osconfigurations

1	[root@srv20 ~]# odacli update-osconfigurations

Second, we removed the files.

[root@srv20 ~]# rm /etc/sysctl.d/99-initial-sysctl.conf
[root@srv20 ~]# rm /etc/sysctl.d/99-oracle-rdbms-server-12cR1-preinstall-sysctl.conf

1 2	[root@srv20 ~]# rm /etc/sysctl.d/99-initial-sysctl.conf [root@srv20 ~]# rm /etc/sysctl.d/99-oracle-rdbms-server-12cR1-preinstall-sysctl.conf

Third, we restarted the Oracle Database Appliance.

Finally

HugePage settings are persistent now. By the way, there is an My Oracle Support note for the OS Level 6.10 which describes such a case too:

Changes in sysctl.conf File are not Persistent after Reboot (Doc ID 2477376.1)

Oracle Engineered Systems, TrivadisContent