This section provides information about the content and configuration of a newly created Oracle Database Cloud - Database as a Service instance that hosts an Oracle Real Application Clusters (Oracle RAC) database.
When you create a service instance at the Oracle Database Cloud Service service level and choose the RAC Database option, Database as a Service creates a two-node cluster database using Oracle RAC. Each node of the database is housed on a compute node that Database as a Service creates using Oracle Compute Cloud Service resources. In brief, Database as a Service:
• Creates two compute nodes that are alike in all respects except that each one has its own public IP address.
• Installs Oracle Linux 6.6, Oracle Grid Infrastructure 12.1.0.2, Oracle Database 12.1.0.2 or 11.2.0.4 (depending on which version was selected), and cloud tooling software on each of the compute nodes.
• Creates three Oracle Automatic Storage Management (ASM) disk groups to provide shared storage for database data, the fast recovery area, and the redo logs, and mounts the disk groups as shared file systems on the two compute nodes using Oracle ASM Cluster File System (ACFS).
• Creates Oracle Compute Cloud Service networking resources to provide access to the compute nodes, setting all except SSH access on port 22 to a disabled status. • Creates and starts a two-node Oracle RAC database on the compute nodes and
starts the network listeners for the nodes.
The following sections provide more detail about this configuration: • Linux User Accounts
• Storage Volumes and File System Layout
• Network Access Linux User Accounts
Both compute nodes are provisioned with the following operating system user accounts.
User Description
opc The system administrator account you use to connect to the compute node
using SSH. This user can use the sudo command to perform operations that
require root-user access.
oracle The Oracle Database administrator account you use to access the system and
perform non-root database administration tasks. A home directory, /home/ oracle, is created for this user. This user cannot use the sudo command to
perform operations that require root-user access. Additionally, by default you cannot connect as this user to the compute node using SSH. You can add the public key to the user’s $HOME/.ssh/authorized_keys file to grant
persistent SSH access, or you can connect as the opc user and then use the sudo -s command to start a root-user command shell, followed by an su - oracle command to switch to the oracle user.
grid The Oracle Grid Infrastructure administrator account you use to perform ASM,
ACFS, and clusterware administration tasks. A home directory, /home/grid,
is created for this user. This user cannot use the sudo command to perform
operations that require root-user access. Additionally, by default you cannot connect as this user to the compute node using SSH. You can add the public key to the user’s $HOME/.ssh/authorized_keys file to grant persistent SSH
access, or you can connect as the opc user and then use the sudo -s command
to start a root-user command shell, followed by an su - grid command to
switch to the grid user.
root The root administrator for the system. You do not have direct access to this
account. To perform operations that require root-user access, use the sudo
command as the opc user.
The following environment variable settings are created for the opc, oracle and grid users.
Variable Description
HOME The home directory of the user, either /home/opc, /home/oracle or /home/ grid.
HOSTNAME The host name of the compute node:
• service-instance-name1 for the first compute node
• service-instance-name2 for the second compute node LANG The system language, en_US.UTF-8.
SHELL The default shell, /bin/bash.
USER The user name, either opc, oracle or grid.
In addition, the PATH variable is also created for all three users, but its value differs
(line breaks added to improve clarity): • For the opc user:
/opt/oracle/dcs/client/bin:/usr/java/jdk1.7.0_72/bin: /usr/lib64/qt-3.3/bin:
/usr/local/bin:/bin:/usr/bin: /usr/local/sbin:/usr/sbin:/sbin: /home/opc/bin
• For the oracle user:
/usr/lib64/qt-3.3/bin: /usr/local/bin:/bin:/usr/bin: /usr/local/sbin:/usr/sbin:/sbin:
/u01/app/oracle/product/db-version/dbhome_1/bin: /home/oracle/bin
where db-version is either 12.1.0.2 or 11.2.0.4, depending on which
version of Oracle Database was installed. • For the grid user:
/usr/lib64/qt-3.3/bin: /usr/local/bin:/bin:/usr/bin: /usr/local/sbin:/usr/sbin:/sbin: /u01/app/12.1.0.2/grid/bin: /home/grid/bin
In addition, the following environment variable settings are created for the oracle
user.
Variable Description LD_LIBRAR
Y_PATH
The Oracle Database library directory:
• For Oracle Database 12c, /u01/app/oracle/product/12.1.0.2/ dbhome_1/lib
• For Oracle Database 11g, /u01/app/oracle/product/11.2.0.4/ dbhome_1/lib
Variable Description ORACLE_HO
ME
The Oracle Database home directory:
• For Oracle Database 12c, /u01/app/oracle/product/12.1.0.2/ dbhome_1
• For Oracle Database 11g, /u01/app/oracle/product/11.2.0.4/ dbhome_1
ORACLE_SI D
The database system identifier (SID) for the database instance on the compute node:
• db-sid1 for the first compute node
• db-sid2 for the second compute node
where db-sid is the database system identifer (SID) provided as the DB Name (SID) value when the service instance was created.
ORACLE_UN QNAME
The database system identifer (SID) provided as the DB Name (SID) value when the service instance was created.
In addition, the following environment variable settings are created for the grid user.
Variable Description LD_LIBRAR Y_PATH Set to /u01/app/12.1.0.2/grid/lib. ORACLE_HO ME
The Oracle Grid Infrastructure home directory: /u01/app/12.1.0.2/grid.
Storage Volumes and File System Layout
When the service instance is created, the following Oracle Compute Cloud Service storage volumes are created and attached to the two compute nodes.
Storage Volume Description boot (two
volumes, one for each compute node)
25 GB volume for operating system files, user directories and swap space. This volume appears as the /dev/xvdb block device on each
compute node.
bits (two volumes, one for each compute node)
70 GB volume for Oracle Database and Oracle Grid Infrastructure software. This volume appears as the /dev/xvdc block device on each
compute node.
data (one volume accessed by both compute nodes)
Shared storage for database files. GB size equal to the value provided in the Usable Data Storage field when the instance was created, with a minimum of 11 GB. This volume appears as the /dev/xvdd block
device on each compute node.
Storage Volume Description fra (one volume
accessed by both compute nodes)
Shared storage for the fast recovery area. GB size depends on the choice of Backup Destination when the instance was created:
• Both Cloud Storage and Local Storage or Local Storage Only: GB size equal to 1.7 times the size of the data volume.
• None: GB size equal to 0.7 times the size of the data volume, with a minimum of 7 GB
This volume appears as the /dev/xvde block device on each compute
node.
redo (one volume accessed by both compute nodes)
20 GB shared storage volume for redo logs. This volume appears as the /dev/xvdf block device on each compute node.
These storage volumes are mounted on the compute nodes as follows.
File System Mount Description
swap Swap space; 4 GB allocated from the boot Compute Cloud storage volume.
/ (root) Operating system files; 16 GB allocated from the boot Compute
Cloud storage volume.
/boot Operating system kernel; 500 MB allocated from the boot Compute
Cloud storage volume.
/u01 Oracle product software; the entire bits Compute Cloud storage
volume.
/u02 Oracle Database data storage; the entire data Compute Cloud storage
volume. An Oracle ASM diskgroup named DATA is created on the storage volume and Oracle ACFS is used to mount it.
/u03 Database backup storage; the entire fra Compute Cloud storage
volume. An Oracle ASM diskgroup named FRA is created on the storage volume and Oracle ACFS is used to mount it.
/u04 Database redo logs; the entire redo Compute Cloud storage volume.
An Oracle ASM diskgroup named REDO is created on the storage volume and Oracle ACFS is used to mount it.
Network Access
When the service instance is created, compute node network access is limited to Secure Shell (SSH) connections by the opc user on port 22. This access restriction
ensures that the instance is secure by default. To access other ports, you can create an SSH tunnel to the port or you can enable access to the port using the Oracle Compute Cloud Service console. To provide SSH access to the oracle and grid users, you can
add the public key to the user’s $HOME/.ssh/authorized_keys file.
To provide network access to the compute nodes, the following Oracle Compute Cloud Service networking resources are created:
• A security list named ora_db is created and associated with both the compute nodes. This security list permits the two compute nodes to communicate with each other inside the Oracle Cloud, and it is used in security rules to enable access to specific security applications (port specifications) on the compute nodes. It is configured with its inbound policy set to DENY and its outbound policy set to PERMIT.
• The following security applications (port specifications) are created so that they can be used in security rules to enable access to specific ports on the compute nodes: – ora_dbconsole provides TCP access using port 1158
– ora_dbexpress provides TCP access using port 5500 – ora_dblistener provides TCP access using port 1521
• The following security rules are created to enable access to specific ports on the computer nodes. With the exception of ora_p2_ssh, all these security rules are disabled by default to ensure network security of a newly created service instance. For information about enabling one of these security rules, see Enabling Access to a Compute Node Port.
– ora_p2_dbconsole controls access of the public internet to the service instance’s
ora_db security list on the ora_dbconsole security application (port 1158 TCP). – ora_p2_dbexpress controls access of the public internet to the service instance’s
ora_db security list on the ora_dbexpress security application (port 5500 TCP). – ora_p2_dblistener controls access of the public internet to the service instance’s
ora_db security list on the ora_dblistener security application (port 1521 TCP). – ora_p2_ssh controls access of the public internet to the service instance’s ora_db
security list on the ssh security application (port 22 TCP).