real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 2047 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited 安全设置
[root@rac1 ~]# cat >> /etc/pam.d/login < 5、配置hangcheck计时器 这是linux提供的一个内核级IO-Fencing模块。这个模块会监控linux 内核运行的状态。如果linux长时间挂起,这个内核会自动的重启系统。这个模块在内核空间运行,不受负载的影响。 配置这个模块需要两个参数: hangcheck_tick:多长时间检查一次,缺省是30秒 hangcheck_margin:延迟上限,缺省是180秒 hangcheck-time模块会根据hangcheck_tick的设置,定时检查内核,只要两次检查的时间间隔小于hangcheck_tick+hangcheck_margin,都会认为内核是运行正常,否则认为系统异常,该模块会自动重启系统。 CRS本身还有一个参数:MissCount参数。 上面的三个参数影响RAC的重构,假设节点间心跳信息丢失,Clusterware必须确保在进行重构时,故障节点确实是dead状态。 严重问题:节点临时负载过高导致心跳丢失,然后其他节点开始重构,但是节点却没有重启(没有dead),这就会损坏数据库。 因此要保证MissCount必须大于hangcheck_tick+hangcheck_margin的和。这样可以保证节点开始重构时,其他节点已经被hangcheck-timer模块重启。 配置 Hangcheck 计时器,两个节点都要做。 [root@rac1 ~]# modprobe hangcheck-timer hangcheck_tick=30 hangcheck_margin=180 [root@rac1 ~]# cat >> /etc/rc.d/rc.local >>EOF modprobe hangcheck-timer hangcheck_tick=30 hangcheck_margin=180 EOF 6、添加环境变量 Oracle软件环境配置 创建安装目录,两个节点都要创建。 21 mkdir -p /oracle/app/oracle/10g/crs_1 mkdir -p /oracle/app/oracle/10g/db_1 chown -R oracle:oinstall /oracle/app/oracle/10g/crs_1 chown -R oracle:oinstall /oracle/app/oracle/10g/db_1 chmod -R 775 /oracle/app/oracle/10g/crs_1 chmod -R 775 /oracle/app/oracle/10g/db_1 oracle 用户的环境变量 在oracle用户下,编辑/home/oracle/.bash_profile 添加如下内容: 在rac1机器上修改 export ORACLE_SID=oradb1 export ORACLE_BASE=/oracle/app/oracle/10g export CRS_HOME=$ORACLE_BASE/product/db_1 export ORACLE_HOME= /oracle/app/oracle/10g/crs_1 export /oracle/app/oracle/10g/db_1/lib:/lib:/usr/lib:/usr/local/lib:/usr/X11R6/lib export TNS_ADMIN=/oracle/app/oracle/10g/db_1/network/admin export ORA_NLS33=/oracle/app/oracle/10g/db_1/ocommon/nls/admin/data export ORACLE_OWNER=oracle export PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/oracle/app/oracle/10g/db_1/bin:/oracle/app/oracle/10g/crs_1/bin export LD_LIBRARY_PATH export PATH=$PATH:$ORACLE_HOME/bin CLASSPATH=$CLASSPATH:$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib CLASSPATH=$CLASSPATH:$ORACLE_HOME/network/jlib export PATH CLASSPATH 在rac2上修改 export ORACLE_SID=oradb2 export ORACLE_BASE=/oracle/app/oracle/10g export CRS_HOME=$ORACLE_BASE/product/db_1 export ORACLE_HOME=/oracle/app/oracle/10g/crs_1 export LD_LIBRARY_PATH=/oracle/app/oracle/10g/db_1/lib:/lib:/usr/lib:/usr/local/lib:/usr/X11R6/lib export TNS_ADMIN=/oracle/app/oracle/10g/db_1/network/admin export ORA_NLS33=/oracle/app/oracle/10g/db_1/ocommon/nls/admin/data export ORACLE_OWNER=oracle export 22 LD_LIBRARY_PATH= PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/oracle/app/oracle/10g/db_1/bin:/oracle/app/oracle/10g/crs_1/bin export LD_LIBRARY_PATH export PATH=$PATH:$ORACLE_HOME/bin CLASSPATH=$CLASSPATH:$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib CLASSPATH=$CLASSPATH:$ORACLE_HOME/network/jlib export PATH CLASSPATH 7、安装ntp服务器 为了保证两个节点的时间保持一致,因此配置ntp作为时间服务器 [root@rac1 ~]# mv /etc/ntp.conf /etc/ntp.conf_bak [root@rac1 ~]# vi /etc/ntp.conf server 127.127.1.0 #local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift broadcastdelay 0.008 [root@rac1 ~]# /etc/init.d/ntpd start Starting ntpd: [ OK ] 在另外一个节点指定接收rac1节点为时间服务器 8、修改hosts文件 在节点一上 [root@rac1 ~]# vi /etc/hosts 192.168.10.210 rac1.mydomain.comrac1 192.168.1.254 rac1-vip.mydomain.comrac1-vip 10.10.10.1 rac1-priv.mydomain.com rac1-priv 192.168.10.211 rac2.mydomain.com rac2 192.168.1.253 rac2-vip.mydomain.com rac2-vip 10.10.10.2rac2-priv.mydomain.comrac2-priv 在节点2上 [root@rac2 ~]# vi /etc/hosts 192.168.10.211 rac2.mydomain.com rac2 192.168.1.253 rac2-vip.mydomain.com rac2-vip 10.10.10.2rac2-priv.mydomain.comrac2-priv 192.168.10.210 rac1.mydomain.comrac1 23 192.168.1.254 rac1-vip.mydomain.comrac1-vip 10.10.10.1 rac1-priv.mydomain.com rac1-priv 9、建立用户等效性 在安装 Oracle RAC 10g 期间,OUI 需要把文件复制到集群中的其他主机上并在其上执行程序。为了允许OUI 完成此任务,必须配置 SSH 以启用用户等效性。用 SSH 建立用户等效性就提供了一种在集群中其他主机上复制文件和执行程序时不需要口令提示的安全方式。 第一步是生成 SSH 的公共密钥和专用密钥。 SSH 协议有两个版本;版本 1 使用 RSA,版本 2 使用DSA,因此我们将创建这两种类型的密钥,以确保 SSH 能够使用任一版本。 ssh-keygen 程序将根据传递给它的参数生成任一类型的公共密钥和专用密钥。 当运行 ssh-keygen 时,将提示输入一个用于保存密钥的位置。当提示时只需按 Enter 接受默认值。随后将提示您输入一个口令短语。输入能记住的口令,然后再次输入该口令进行确认。当您完成以下步骤后,在 ~/.ssh 目录中将会有四个文件: id_rsa、id_rsa.pub、id_dsa 和 id_dsa.pub。 id_rsa 和id_dsa文件是专用密钥。 id_rsa.pub 和 id_dsa.pub 文件是您的公共密钥,必须将其复制到集群中其他每个主机上。 在每个主机上,以 oracle 用户身份登录: 在节点一上 [root@rac1 ~]# su - oracle [oracle@rac1 ~]$ mkdir .ssh [oracle@rac1 ~]$ chmod 755 .ssh [oracle@rac1 ~]$ cd .ssh [oracle@rac1 .ssh]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_rsa): ##为空 Enter passphrase (empty for no passphrase): ##为空 Enter same passphrase again: ##为空 Your identification has been saved in /home/oracle/.ssh/id_rsa. Your public key has been saved in /home/oracle/.ssh/id_rsa.pub. The key fingerprint is: e0:5f:cf:55:68:36:de:f3:65:a9:a9:9b:2f:11:5a:30 oracle@rac1 [oracle@rac1 .ssh]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: 24 Your identification has been saved in /home/oracle/.ssh/id_dsa. Your public key has been saved in /home/oracle/.ssh/id_dsa.pub. The key fingerprint is: d6:5b:e8:3d:12:ff:68:c2:69:c8:03:a4:75:78:ea:52 oracle@rac1 [oracle@rac1 .ssh]$ cat *.pub > authorized_keys [oracle@rac1 .ssh]$ ls authorized_keys id_dsa id_dsa.pub id_rsa id_rsa.pub [oracle@rac1 .ssh]$ scp authorized_keys rac2:/home/oracle/.ssh/key_rac2 The authenticity of host 'rac2 (192.168.10.211)' can't be established. RSA key fingerprint is 74:25:4b:a5:c1:c9:e7:18:2d:9c:bf:db:4e:ca:16:da. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'rac2,192.168.10.211' (RSA) to the list of known hosts. oracle@rac2's password: authorized_keys 100% 996 1.0KB/s 00:00 在另外一台机器上 [oracle@rac2 ~]$ mkdir .ssh [oracle@rac2 ~]$ chmod 755 .ssh [oracle@rac2 ~]$ cd .ssh [oracle@rac2 .ssh]$ ls key_rac2 [oracle@rac2 .ssh]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_rsa. Your public key has been saved in /home/oracle/.ssh/id_rsa.pub. The key fingerprint is: fe:2a:4e:cd:a7:96:0a:fc:a8:43:bc:a3:0b:c2:b6:57 oracle@rac2 [oracle@rac2 .ssh]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/oracle/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oracle/.ssh/id_dsa. Your public key has been saved in /home/oracle/.ssh/id_dsa.pub. The key fingerprint is: 25