新鲜出炉的生产环境Oracle11.2.0.4.0安装

前言：

这几天第一次在生产环境下安装数据库，确实是与虚拟机安装有些不一样的，于是做了一下整理。其中还有很多东西不大明白，之后会做一定的补充说明的。

OS：CentOS release 6.7 (Final)

BD: Oracle database11.2.0.4.0

通过secureCRT远程登录服务器。

一、安装前环境准备

1、修改OS系统标识

 oracle默认不支持CentOS系统安装，Oracle
Database 11g Release 2，注释原有的OS系统标识，改为Red Hat Enterprise Linux 6

[root@ns ~]# vi/etc/redhat-release
#CentOS release6.7 (Final)
Red HatEnterprise Linux 6

2、关闭selinux，需重启生效

将selinux的状态改为disable

[root@ns ~]# vi/etc/selinux/config
# This filecontrols the state of SELinux on the system.
# SELINUX= cantake one of these three values:
# enforcing -SELinux security policy is enforced.
# permissive -SELinux prints warnings instead of enforcing.
# disabled - NoSELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= cantake one of these two values:
# targeted -Targeted processes are protected,
# mls - MultiLevel Security protection.
SELINUXTYPE=targeted

3、关闭防火墙

[root@ns ~]#chkconfig iptables off
[root@ns ~]#service iptables stop
[root@ns ~]# serviceiptables status
iptables: Firewallis not running.

4、对oracle用户设置限制，提高软件运行性能

[root@ns ~]#  vi /etc/security/limits.conf
#/etc/security/limits.conf
##Each linedescribes a limit for a user in the form:
##<domain>        <type>  <item> <value>
##Where:
#<domain>can be:
#        - a user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with%group syntax,
#                 for maxlogin limit
##<type> canhave the two values:
#        -"soft" for enforcing the soft limits
#        - "hard" for enforcing hardlimits
#<item> canbe one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        -memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open filedescriptors
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins forthis user
#        - maxsyslogins - max number of loginson the system
#        - priority - the priority to run userprocess with
#        - locks - max number of file locks theuser can hold
#        - sigpending - max number of pendingsignals
#        - msgqueue - max memory used by POSIXmessage queues (bytes)
#        - nice - max nice priority allowed toraise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#
#*               soft    core            0
#*               hard    rss             10000
#@student        hard   nproc           20
#@faculty        soft   nproc           20
#@faculty        hard   nproc           50
#ftp             hard    nproc           0
#@student        -      maxlogins       4
#oracleadd
oraclesoft nproc 2047
oraclehard nproc 16384
oraclesoft nofile 1024
oraclehard nofile 65536
oraclehard stack 10240
oraclesoft memlock 31457280
oraclehard memlock 31457280
"/etc/security/limits.conf"61L, 2060C written

5、修改内核参数sysctl.conf，sysctl -p，使参数生效

[root@ns ~]# vi/etc/sysctl.conf
# Kernel sysctlconfiguration file for Red Hat Linux
#
# For binaryvalues, 0 is disabled, 1 is enabled.  Seesysctl(8) and
# sysctl.conf(5)for more details.
# Controls IPpacket forwarding
net.ipv4.ip_forward= 0
# Controls sourceroute verification
net.ipv4.conf.default.rp_filter= 1

# Do not acceptsource routing
net.ipv4.conf.default.accept_source_route= 0
# Controls theSystem Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whethercore dumps will append the PID to the core filename.
# Useful fordebugging multi-threaded applications.
kernel.core_uses_pid= 1
# Controls the useof TCP syncookies
net.ipv4.tcp_syncookies= 1
# Controls thedefault maxmimum size of a mesage queue
kernel.msgmnb =65536
# Controls themaximum size of a message, in bytes
kernel.msgmax =65536
# Controls themaximum shared segment size, in bytes
#kernel.shmmax =68719476736
# Controls themaximum number of shared memory segments, in pages
#kernel.shmall =4294967296
###pvdriver<begin>
net.ipv4.conf.all.arp_notify= 1
net.ipv4.conf.default.arp_notify= 1
net.ipv4.conf.eth0.arp_notify= 1
net.ipv4.conf.lo.arp_notify= 1
###pvdriver<end>
#oracleadd
fs.aio-max-nr= 1048576
fs.file-max= 6815744
kernel.shmall= 2097152
kernel.shmmax= 536870912
kernel.shmmni= 4096
kernel.sem= 250 32000 100 128
net.ipv4.ip_local_port_range= 9000 65500
net.core.rmem_default= 262144
net.core.rmem_max= 4194304

6、配置文件login修改

[root@ns ~]# vi/etc/pam.d/login
#%PAM-1.0
auth[user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
# pam_selinux.soclose should be the first session rule
session    required    pam_selinux.so close
session    required    pam_loginuid.so
session    optional    pam_console.so
# pam_selinux.soopen should only be followed by sessions to be executed in the user context
session    required    pam_selinux.so open
session    required    pam_namespace.so
session    optional    pam_keyinit.so force revoke
session    include     system-auth
-session   optional    pam_ck_connector.so
#oracleadd
sessionrequired /lib64/security/pam_limits.so
sessionrequired pam_limits.so
"/etc/pam.d/login"19L, 807C written

7、配置文件profile修改，source/etc/profile生效

[root@ns ~]# vi/etc/profile

# /etc/profile

# System wideenvironment and startup programs, for login setup
# Functions andaliases go in /etc/bashrc

# It's NOT a goodidea to change this file unless you know what you
# are doing. It'smuch better to create a custom.sh shell script in
# /etc/profile.d/to make custom changes to your environment, as this
# will prevent theneed for merging in future updates.

pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" ="after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
}

if [ -x/usr/bin/id ]; then
if [ -z "$EUID" ]; then
# ksh workaround
EUID=`id -u`
UID
4000
=`id -ru`
fi
USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
fi

# Pathmanipulation
if ["$EUID" = "0" ]; then
pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
else
pathmunge /usr/local/sbin after
pathmunge /usr/sbin after
pathmunge /sbin after
fi

HOSTNAME=`/bin/hostname2>/dev/null`
HISTSIZE=1000
if ["$HISTCONTROL" = "ignorespace" ] ; then
export HISTCONTROL=ignoreboth
else
export HISTCONTROL=ignoredups
fi

export PATH USERLOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL

# By default, wewant umask to get set. This sets it for login shell
# Currentthreshold for system reserved uid/gids is 200
# You could checkuidgid reservation validity in
#/usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi

for i in/etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
if [ "${-#*i}" !="$-" ]; then
. "$i"
else
. "$i" >/dev/null2>&1
fi
fi
done

unset i
unset -f pathmunge

if [ $USER ="oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
"/etc/profile"90L, 1963C written

8、root用户安装oracle数据库所需要的软件包

yum install -ylibaio*
yum install -ybinutils-*
yum install -ycompat-libstdc++-*
yum install -yelfutils-libelf-*
yum install -yelfutils-libelf-devel-*
yum install -ygcc-*
yum install -ygcc-c++-*
yum install -yglibc-*
yum install -yglibc-common-*
yum install -yglibc-devel-*
yum install -yglibc-headers-*
yum install -yksh-*
yum install -ylibaio-*
yum install -ylibaio-devel-*
yum install -ylibgcc-*
yum install -ylibstdc++-*
yum install -ylibstdc++-devel-*
yum install -ymake-*
yum install -y sysstat-*
yum install -yunixODBC-*
yum install -yunixODBC-devel-*

9、创建用户组及用户

[root@ns ~]#groupadd -g 501 oinstall
[root@ns ~]#groupadd -g 502 dba
[root@ns ~]#groupadd -g 503 oper
[root@ns ~]#useradd  -g oinstall -g dba oracle
[root@ns ~]# idoracle
uid=502(oracle)gid=501(oinstall) groups=501(oinstall),502(dba),503(oper)

10、修改oracle用户密码

[root@ns ~]#  passwd oracle
Changing passwordfor user oracle.
New password:
BAD PASSWORD: itis based on a dictionary word
BAD PASSWORD: istoo simple
Retype newpassword:
passwd: allauthentication tokens updated successfully.

11、修改path，并用root使其生效，source
/home/oracle/.bash_profile

[root@ns ~]#  su – oracle
[oracle@ns ~]$ vi.bash_profile

# .bash_profile

# Get the aliasesand functions
if [ -f ~/.bashrc]; then
. ~/.bashrc
fi

# User specificenvironment and startup programs

PATH=$PATH:$HOME/bin
exportPATH
exportORACLE_BASE=/oracle/app
exportORACLE_HOME=$ORACLE_BASE/product/11.2.0/db_1
exportORACLE_SID=nssjjh
exportOGG_HOME=/ogg
exportNLS_LANG=AMERICAN_AMERICA.ZHS16GBK
exportTMP=/tmp
exportTMPDIR=/tmp
exportPATH=$PATH:$ORACLE_HOME/bin
exportNLS_DATE_FORMAT='YYYY-MM-DD HH24:MI:SS'
LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib64:/usr/lib64:/usr/local/lib64
exportLD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib
CLASSPATH=$CLASSPATH:$ORACLE_HOME/network/jlib
exportCLASSPATH
".bash_profile"27L, 696C written

12、创建数据文件配置目录oraInventory、安装目录app、数据库软件解压目录software

[oracle@ns oracle]$mkdir software
[oracle@nsoracle]$ mkdir oraInventory
[oracle@nsoracle]$ mkdir app
[oracle@nsoracle]$ ls -lrt
total 28
drwx------ 2oracle oinstall 16384 Apr  5 16:50lost+found
drwxr-xr-x 2oracle oinstall  4096 Apr  6 11:58 software
drwxr-xr-x 2oracle oinstall  4096 Apr  6 12:07 oraInventory
drwxr-xr-x 2oracle oinstall  4096 Apr  6 12:07 app

 

二、数据库软件安装

1、在其他服务器上将安装包传至本机上

scp local_fileremote_username@remote_ip:remote_folder

2、解压压缩包，进入安装包

[oracle@nsoracle]$ cd software
[oracle@nssoftware]$ ls
database  p13390677_112040_Linux-x86-64_1of7.zip  p13390677_112040_Linux-x86-64_2of7.zip  p24006111_112040_Linux-x86-64.zip
[oracle@nssoftware]$ cd data*/d*
[oracle@nsdatabase]$ ls
install  readme.html response  rpm  runInstaller sshsetup  stage  welcome.html
[oracle@nsdatabase]$ ls -la
total 68
drwxr-xr-x  7 oracle oinstall  4096 Aug 27 2013 .
drwxr-xr-x  3 oracle oinstall  4096 Apr 6 13:11 ..
drwxr-xr-x  4 oracle oinstall  4096 Aug 27 2013 install
-rw-r--r--  1 oracle oinstall 30016 Aug 27  2013 readme.html
drwxr-xr-x  2 oracle oinstall  4096 Aug 27 2013 response
drwxr-xr-x  2 oracle oinstall  4096 Aug 27  2013 rpm
-rwxr-xr-x  1 oracle oinstall  3267 Aug 27 2013 runInstaller
drwxr-xr-x  2 oracle oinstall  4096 Aug 27 2013 sshsetup
drwxr-xr-x 14oracle oinstall  4096 Aug 27  2013 stage
-rw-r--r--  1 oracle oinstall   500 Aug 27 2013 welcome.html

3、避免乱码，将语言修改为英文，同时在Linux/Unix类操作系统上, DISPLAY用来设置将图形显示到何处. 直接登陆图形界面或者登陆命令行界面后使用startx启动图形, DISPLAY环境变量将自动设置为:0:0, 此时可以打开终端, 输出图形程序的名称(比如xclock)来启动程序, 图形将显示在本地窗口上

[oracle@ns ~]$export DISPLAY=本机id:0.0
[oracle@ns ~]$export LANG=en_us
[oracle@nsdatabase]$ ./runInstaller
Starting OracleUniversal Installer...

Checking Tempspace: must be greater than 120 MB.  Actual 44910 MB    Passed
Checking swapspace: must be greater than 150 MB.  Actual 3967 MB    Passed
Checking monitor:must be configured to display at least 256 colors.    Actual 16777216    Passed
Preparing tolaunch Oracle Universal Installer from /tmp/OraInstall2017-04-06_02-44-12PM.Please wait ...

4、安装过程省略

5、安装成功后执行root执行两个脚本

[root@ns ~]# Youcan find the log of this install session at:
/oracle/oraInventory/logs/installActions2017-04-06_02-44-12PM.log

三、打补丁

1、同样的方式上传补丁软件

[oracle@ns software]$ls -lrt
total 2686280
-rw-r--r-- 1oracle oinstall 1395582860 Apr  6 11:49p13390677_112040_Linux-x86-64_1of7.zip
-rw-r--r-- 1oracle oinstall 1151304589 Apr  6 11:49p13390677_112040_Linux-x86-64_2of7.zip
-rw-r--r-- 1oracle oinstall  105489235 Apr  6 11:58 p24006111_112040_Linux-x86-64.zip
drwxr-xr-x 3oracle oinstall       4096 Apr  6 13:11 database
-rw-r--r-- 1oracle oinstall   98352086 Apr  6 15:20 p6880880_112000_Linux-x86-64.zip

2、解压后查看README.html，确认打补丁软件版本要求及相关步骤

3、查看本机OPatch版本，满足

[oracle@nssoftware]$ $ORACLE_HOME/OPatch/opatch version
OPatch Version:11.2.0.3.15
OPatch succeeded.

4、关闭监听

[oracle@ns24006111]$ lsnrctl stop
LSNRCTL for Linux:Version 11.2.0.4.0 - Production on 06-APR-2017 15:35:15
Copyright (c)1991, 2013, Oracle.  All rights reserved.
Connecting to(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The commandcompleted successfully
[oracle@ns24006111]$ lsnrctl status

LSNRCTL for Linux:Version 11.2.0.4.0 - Production on 06-APR-2017 15:35:25
Copyright (c)1991, 2013, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
TNS-12541: TNS:nolistener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Linux Error: 111: Connection refused

5、检查环境

[oracle@ns24006111]$ $ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail-ph ./
Oracle InterimPatch Installer version 11.2.0.3.15
Copyright (c)2017, Oracle Corporation.  All rightsreserved.
PREREQ session
Oracle Home       : /oracle/app/product/11.2.0/db_1
Central Inventory: /oracle/oraInventory
from           :/oracle/app/product/11.2.0/db_1/oraInst.loc
OPatchversion    : 11.2.0.3.15
OUI version       : 11.2.0.4.0
Log file location:/oracle/app/product/11.2.0/db_1/cfgtoollogs/opatch/opatch2017-04-06_15-34-00PM_1.log
Invoking prereq"checkconflictagainstohwithdetail"
Prereq"checkConflictAgainstOHWithDetail" passed.
OPatch succeeded.

6、应用补丁

[oracle@ns24006111]$ $ORACLE_HOME/OPatch/opatch apply
Oracle InterimPatch Installer version 11.2.0.3.15
Copyright (c)2017, Oracle Corporation.  All rightsreserved.
Oracle Home       : /oracle/app/product/11.2.0/db_1
Central Inventory: /oracle/oraInventory
from           :/oracle/app/product/11.2.0/db_1/oraInst.loc
OPatchversion    : 11.2.0.3.15
OUI version       : 11.2.0.4.0
Log file location: /oracle/app/product/11.2.0/db_1/cfgtoollogs/opatch/opatch2017-04-06_15-35-32PM_1.log
Verifyingenvironment and performing prerequisite checks...
OPatch continueswith these patches:   17478514  18031668 18522509  19121551  19769489 20299013  20760982  21352635 21948347  22502456  23054359 24006111
Do you want toproceed? [y|n]
y
User Respondedwith: Y
All checks passed.
Provide your emailaddress to be informed of security issues, install and
initiate OracleConfiguration Manager. Easier for you if you use your My
Oracle SupportEmail address/User Name.
Visithttp://www.oracle.com/support/policies.html for details.
Email address/UserName:
You have notprovided an email address for notification of security issues.
Do you wish toremain uninformed of security issues ([Y]es,
o)
:  y

Please shutdownOracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home ='/oracle/app/product/11.2.0/db_1')
Is the localsystem ready for patching? [y|n]
y
User Respondedwith: Y
Backing upfiles...
Applying sub-patch'17478514' to OH '/oracle/app/product/11.2.0/db_1'
其他省略
Composite patch 24006111 successfully applied.
Log file location:/oracle/app/product/11.2.0/db_1/cfgtoollogs/opatch/opatch2017-04-06_15-35-32PM_1.log

OPatch succeeded.

7、确认补丁信息

[oracle@daqiyeju24006111]$ $ORACLE_HOME/OPatch/opatch lsinv

四、创建数据库

[oracle@nsoradata]$ export DISPLAY=本机id:0.0
[oracle@nsoradata]$ dbca
没有相关截图，略。

五、新建监听

略。

后记：

1、设置目录所有者

[root@ns ~]#chown-R oracle:oinstall /data/oracle

2、scp是有Security的文件copy，基于ssh登录。操作起来比较方便，比如要把当前一个文件copy到远程另外一台主机上

scp local_fileremote_username@remote_ip:remote_folder

3、很多配置文件修改后需要执行使其生效，所以配置完后最好能重启一下机器，以免部分配置文件修改后未生效，同时需注意防火墙在重启后会开启，所以可以通过永久关闭防火墙

systemctldisable firewalld.service

个人电脑可以不使用防火墙，但是生产环境还是建议开启的

4、未知太多，囫囵吞枣。

5、很多截图未到位，还是很混乱。