Sunday, September 07, 2008

10G database on Ubuntu 8.04 (Hardy Heron)

I will describe what I did to get 10G Rel2 working on Ubuntu 8.04, codename Hardy Heron. Lot of the research was already done, of course, and comes from here.

Update and upgrade.
I made sure I got the latest version by switching to root, and upgrading/updating:

frank@IA-laptop:~$ sudo su -
[sudo] password for frank:
root@IA-laptop:~# apt-get update
Hit hardy Release.gpg
Ign hardy/main Translation-en_US
Get:1 hardy-security Release.gpg [189B]
Ign hardy-security/main Translation-en_US
[...snipped output...]
Get:14 hardy-updates/restricted Packages [6636B]
Get:15 hardy-updates/main Sources [87.9kB]
Get:16 hardy-updates/restricted Sources [908B]
Get:17 hardy-updates/universe Packages [90.6kB]
Get:18 hardy-updates/universe Sources [22.7kB]
Get:19 hardy-updates/multiverse Packages [20.1kB]
Get:20 hardy-updates/multiverse Sources [2795B]
Fetched 776kB in 1s (467kB/s)
Reading package lists... Done
root@IA-laptop:~# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
language-pack-en language-pack-gnome-en libsmbclient libxml2 libxml2-utils
python-libxml2 samba-common smbclient
8 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 10.0MB of archives.
After this operation, 500kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 hardy-updates/main language-pack-en 1:8.04+20080805 [236kB]
Get:2 hardy-security/main libxml2 2.6.31.dfsg-2ubuntu1.1 [785kB]
Get:3 hardy-updates/main language-pack-gnome-en 1:8.04+20080805 [96.7kB]
Get:4 hardy-updates/main smbclient 3.0.28a-1ubuntu4.5 [4863kB]
Get:5 hardy-security/main libxml2-utils 2.6.31.dfsg-2ubuntu1.1 [34.0kB]
Get:6 hardy-security/main python-libxml2 2.6.31.dfsg-2ubuntu1.1 [263kB]
Get:7 hardy-updates/main samba-common 3.0.28a-1ubuntu4.5 [2840kB]
Get:8 hardy-updates/main libsmbclient 3.0.28a-1ubuntu4.5 [887kB]
Fetched 10.0MB in 19s (523kB/s)
Preconfiguring packages ...
(Reading database ... 138248 files and directories currently installed.)
Preparing to replace language-pack-en 1:8.04+20080708 (using .../language-
[...snipped output...]
Setting up samba-common (3.0.28a-1ubuntu4.5) ...

Setting up smbclient (3.0.28a-1ubuntu4.5) ...
Setting up libsmbclient (3.0.28a-1ubuntu4.5) ...

Processing triggers for libc6 ...
ldconfig deferred processing now taking place

Then I continued by getting these packages:

apt-get install build-essential libaio1 gawk ksh libmotif3 alien libtool lsb-rpm libstdc++5

After that, I created the oinstall and dba groups and the oracle account, much like in step 7, and as done in previous installs:

groupadd oinstall
groupadd dba
groupadd nobody
useradd -g oinstall -G dba -d /home/oracle -s /bin/bash oracle
passwd oracle

I changed the limits and system-wide settings, and reloaded these using sysctl -p (well, actually, I rebooted into a new kernel)
In the mean time, downloading the database and companion disks has completed; time to get serious:

root@IA-laptop:~# mkdir -p /oracle/prd/db/10.1.2
root@IA-laptop:~# chown -R oracle:oinstall /oracle
root@IA-laptop:~# echo 4 >> /etc/redhat-release
root@IA-laptop:~# ln -s /usr/bin/rpm /bin/rpm
root@IA-laptop:~# ln -s /usr/bin/basename /bin/basename
root@IA-laptop:~# ln -s /usr/bin/rpm /bin/rpm
root@IA-laptop:~# ln -s /usr/bin/awk /bin/awk
root@IA-laptop:~# su - oracle
oracle@IA-laptop:~$ mkdir /oracle/install
oracle@IA-laptop:~$ cd /oracle/install
oracle@IA-laptop:~$ unzip /home/frank/
oracle@IA-laptop:~$ cd /oracle/install/database/install
oracle@IA-laptop:~$ export DISPLAY=:0
oracle@IA-laptop:~$ ./runInstaller

Run /oracle/prd/oraInventory/ and /oracle/prd/db/10.1.2/ and about 10 minutes later, I was done (admit, I needed to rerun, after adding the group nobody).
Final thing to do, is to alter the login scrpt for the oracle user:

oracle@IA-laptop:~$ cd
oracle@IA-laptop:~$ vi .profile
export ORACLE_BASE=/oracle/prd
export ORACLE_HOME=$ORACLE_BASE/db/10.1.2
export ORACLE_SID=orcl
export DISPLAY=:0.0
echo "Oracle settings done"

The instance
Time to create an instance... which will have to be discarded, as I forgot to install the companion disk...
Enough for now; the formula 1 circus has landed in Spa.

Monday, September 01, 2008

Oracle on Ubuntu

The company I work for has supplied me with a very decent laptop, in December 2007, equipped with an Intel Core Duo T7500 processor, 4GB of RAM, and an 160GB Harddisk. The only downside (and reason I hardly ever use the thing) is Vista Enterpise. Apart from the fact Oracle only recently certified versions for Vista, it takes forever to get it into a state I can actually do some work. I timed it once, and it took 5 minutes for Vista to get into a working state (showing off a picture is not what I regard "working state"), including getting an IP-address from my local NAS, setting up an VPN session to the internal network and firing up my email application.
As a comparison, Ubuntu does the same (without the VPN), in about a minute.

Why all this?
Well, it basically explains why I installed Ubuntu next to Vista (dual boot configuration); I really got fed up with the abysmal performance of Vista. And no, it will probably not be all Vista's fault (our IT department uses images with a lot of stuff starting up), but an OS reporting 3GB where there's really 4GB installed - well, that's 33% gain by installing an OS that actually uses that last GB!

Installing Ubuntu (Desktop) was easy; CentOS, the platform of choice for me as Oracle gets onto Linux, failed miserably in recognizing the graphics driver - even the text based install got stuck.
Did not spent much time on the issue, don't think much of it. It's a laptop, not server hardware!

RDBMS: 10G Rel2
I think 11G can be installed on Ubuntu without too much of an effort, but this side of the ocean, not many clients have 11G, or plans for that matter. So, for now, I'll stick to 10G Rel 2 - Enterprise, of course...

iAS: 10G Rel 3, patch 4
Or Version, for that matter. The SOA Suite Edition - get that running, and you can get anything to run.

Sunday, August 17, 2008

Error creating new OC4J instance: Invalid protocol or port range.

This is an attempt to install the SOA Suite, using Oracle AS on HP-UX using the Enterprise Deployment Guide; the complete error message is:

Error creating new OC4J instance: create oc4j instance fails: Invalid protocol or port range. There is no OHS installed on the Oracle Home. So new OC4J instance can not use ajp protocol. Please use the -protocol and -httpPort option on the command to create OC4J.

As an alternative, I tried from the command prompt, running the createinstance command from $ORACLE_HOME/bin. To no relief.
Of course, google came up empty, as did metalink; however, I found a workaround that seems to work (This is install is not quite ready, yet):

./createinstance -instanceName oc4j_soa -groupName soa_group -httpPort 8435 -protocol http
./createinstance -instanceName oc4j_esbdt -groupName esbdt_group -httpPort 8435 -protocol http
Then, edit opmn.xml (in $ORACLE_HOME/opmn/conf/) and change

<port id="default-web-site" range="8435" protocol="http"/>
<port id="default-web-site" range="12501-12600" protocol="ajp"/>

Do this for both instances just created (oc4j_soa and oc4j_esbdt).
And just as a side note: create these in lower case, as there's a patch (PERL script, actually), that checks for a lower case oc4j_soa!

Next, opmnctl reload and start, and we're in business. The EDG (linked in the title) states that an AJP port should be picked, but defining a range makes the Application Server choosing the next free port.

Friday, August 08, 2008

Cannot deploy because already deployed?

Oracle Application Server playing bezerk? You undeployed an application, but ran into a memory error (or another).

An error occured while undeploying the application. The evaluate phase failed. The Adapter used in the evaluate may have thrown an exception.
Please call Oracle support.
Base Exception:
null. java.lang.OutOfMemoryError

No trace of your application, but a deployment fails with:

Deployment failed
Base Exception: J2EE application: [application_name] has already been deployed. Redeploy needs to be used to override previous deployed application.

The solution is to check whether or not all traces have indeed been removed (obviously not):

$ORACLE_HOME/dcm/bin/dcmctl listapplications -co [container]

will still show your application. If it does, remove it with the following command:

$ORACLE_HOME/dcm/bin/dcmctl undeployapplication -a [appl] -co [container] -force -d -v

You should now be able to deploy again.

The Reverse
You see your application in Enterprise Manager Console, but cannot undeploy, due to a failed deployment. Reverse situation from above:

- check $ORACLE_HOME/j2ee/[container_name]/application-deployments
- check $ORACLE_HOME/j2ee/[container_name]/applications
for directories and ear files named after your application.
- check $ORACLE_HOME/j2ee/[container_name]/config/server.xml for entries regarding your application, and remove this line.
- check $ORACLE_HOME/j2ee/[container_name]/config/default-web-site.xml for entries regarding your application, and remove this line.

Perform an opmnctl reload, and restart OEM (emctl stop iasconsole); you should now be able to deploy again.

Friday, February 08, 2008

SOA install fails on multi IP machine...

Of course, it's the install, before patching to
You need to define VIRTUAL_HOST_NAME (yes - that is virtual-underscore-host-underscore-name).

So, if confronted with errors during the configuration stage (ESB goes wrong according to log, but gets status succeeded, BPEL Process Manager fails with Failed at "Could not get DeploymentManager", define VIRTUAL_HOST_NAME, and retry the installation.

Friday, January 25, 2008

Kerberos errors

As extension of the previous blog on Windows Native Authentication with Oracle, this little piece of info:

Kerberos Error 68.

Kerberos testing (kinit -k -t command) responded with

kinit: KRB5 error code 68 while getting initial credentials

Searches revealed:
KDC_ERR_WRONG_REALM 68 Reserved for future use
is being returned by Active Directory because your users are attempting to obtain a Kerberos TGT for a realm that is not hosted on the server to which they are authenticating.
The existing MIT Kerberos distribution that you are using does not know how to respond to this error. Windows machines can attempt to search the Active Directory Global Catalog in order to determine the actual principal name to use for authentication.

The krb5.conf file had port 88 specified on (one of the member) Active Directory server. Changing that to port 3268 (which is the Global Catalog port), changes the error into this:

kinit: Cannot contact any KDC for requested realm while getting initial credentials

I think this means the realm (domain in AD speak) is not serviced by this server. Problem is: where is it serviced.
OK - got that solved; you can specify many Kerberos servers in the [realms] section of the krb5.conf file. Doing so resolved the issue of error 68.

Kerberos Encryption

Now, the next problem arises:

kinit: Bad encryption type while getting initial credentials

There is a handy utility, klist, that can help out here. Klist can read the keytab file, and display all kinds of details, one of which is the encryption type used. Previous keytab files revealed RSA-MD5 was used, the latest one revealed CRC32:

klist -k -e -K -t FILE:/home/bortel/second.keytab

Keytab name: FILE:/home/bortel/second.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
1 01/01/70 01:00:00 HTTP/[nondisclosed] (DES cbc mode with CRC-32) (0x3e4986bc07972cda)

Keytab name: FILE:/home/bortel/first.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
4 01/01/70 01:00:00 HTTP/[nondisclosed] (DES cbc mode with RSA-MD5) (0x855d98e6793186e9)

With the first keytab file (listed as second entry), WNA works without any changes from the Oracle examples. The second keytab file (listed on top) has a different encription type, compared to the first. This might explain the encryption error...
Sure enough; altering the krb5.conf file, adding enctypes, so that the file reads the following resolved that issue:

default_realm = HOME.LOCAL
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
clockskew = 300

Another enctype would be des-cbc-md5. This looks like the default one, as I did not specify enctypes in an earlier krb5.conf file.

Windows 2000 versus Windows 2003?

Now for the underlying reason, I can only guess. Is this a MS Windows issue? Did MS change from des-cbc-crc to des-cbc-md5 between Windows 2000 Server and Windows Server 2003? Seems unlikely, unless MS Windows always tries CRC32 as well as MD5.

Anyway, the problems I was facing were resolved, as this shows:

kinit -k -t /home/bortel/second.keytab HTTP/[nondisclosed]
Ticket cache: /tmp/krb5cc_879
Default principal: HTTP/[nondisclosed]@HOME.LOCAL

Valid starting Expires Service principal
01/30/08 09:39:37 01/30/08 19:39:37 krbtgt/HOME.LOCAL@HOME.LOCAL

klist also allows to show the encryption type used:

klist -e
Ticket cache: /tmp/krb5cc_879
Default principal: HTTP/[nondisclosed]@HOME.LOCAL

Valid starting Expires Service principal
01/30/08 09:39:37 01/30/08 19:39:37 krbtgt/HOME.LOCAL@HOME.LOCAL
Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32

Saturday, January 19, 2008

UltraSearch - manual install

Because of switching operating systems, my iAS repository needs rebuilding. And of course, UltraSearch was forgotten.
So, after adding UltraSearch, I still needed the wksys user in the database. Have been looking for it once beore, and now decided to make a 'note to one self'. Of course, the Database Creation Assistent is useless, because it does not recognize the already installed instance, as so often.

SQL> set echo on
SQL> spool ultrasearch_inst.log
SQL> @$ORACLE_HOME/ultrasearch/admin/wk0setup.sql /oracle/db/10gRel2 "" SYS change_on_install "as sysdba" wksys SYSAUX TEMP "" "FALSE" DATABASE "" /oracle/db/10gRel2/jdbc/lib/ /oracle/db/10gRel2/jlib/orai18n.jar /oracle/db/10gRel2/jdk/bin/java /oracle/db/10gRel2/ctx/bin/ctxhx cs-frank03:1521:o10gr2 cs-frank03:1521:o10gr2 /oracle/db/10gRel2
SQL> spool off
SQL> exit

Test with:
select comp_name, version, status from dba_registry
where COMP_ID='WK';

Once bitten twice shy.

Or should it be "Three strike - you're out!"?
Strike one: MicroSod started complaining about the validity of my XP install - out.
Strike two: tried Ubuntu 7.10 instead - graphics (solved) and networking issues; tried for two days - out.
Strike three: running CentOS 5.1 now. Graphics is OK - nVidia recognized, network is a known issue on an Asus P5B, and the solution is to prepare a driver disk for the installation, and make a new r8168 network module afterwards. I know, that sounds strange, but the driver (install with "linux dd") was not included in the install; during install, the network was activated correctly, after a reboot, network failed to start.

Anyway - download the latest driver, and -as root- perform:

# cd /tmp/r8168-8.004.00
# make
# depmod -a

# modprobe r8168

# ifconfig -a

You should now see an active network link (eth0). Just add a line "alias eth0 r8168" to /etc/modprobe.conf and configure the interface. Reboot to see if everything works.