标签:pid could 产品 pos esc head targe base 问控制
Oracle Database,又名Oracle RDBMS,或简称Oracle。是甲骨文公司的一款关系数据库管理系统。它是在数据库领域一直处于领先地位的产品。可以说Oracle数据库系统是目前世界上流行的关系数据库管理系统,系统可移植性好、使用方便、功能强,适用于各类大、中、小、微机环境。它是一种高效率、可靠性好的、适应高吞吐量的数据库方案。
1、部署环境要求
(1)操作系统版本:CentOS 7.x(最小化安装)
(2)最小内存容量:4GB
(3)最小CPU核心数:2核心
(4)最小磁盘空间:50GB
(5)磁盘分区建议:500GB磁盘空间为例
/:50GB(根分区)
/boot:500MB
/home:50GB
swap:物理内存小于4GB时,swap分配值为物理内存2倍,物理内存大于4GB时,swap分配值为物理内存1.5倍
/data:剩余全部空间
2、部署软件准备
Oracle Database SoftPack:linux.x64_11gR2_database_1of2.zip
Oracle Database SoftPack:linux.x64_11gR2_database_2of2.zip
3、网络参数配置
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=8586e405-4459-42e2-ac9f-def02881736d DEVICE=ens33 ONBOOT=yes MACADDR=preserve IPADDR=10.10.10.133 PREFIX=24 GATEWAY=10.10.10.10 DNS1=114.114.114.114 IPV6_PRIVACY=no ZONE=public
4、系统软件安装
[root@localhost ~]# yum -y install vim net-tools tree unzip lrzsz
5、系统安全配置
(1)关闭SELINUX安全访问控制
[root@localhost ~]# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. # SELINUX=enforcing //注释掉此处 SELINUX=disabled //新增此处,并将SELINUX状态设置关闭状态disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
(2)配置防火墙安全规则
[root@localhost ~]# systemctl status firewalld.service //查看防火墙运行状态
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 五 2019-08-30 22:58:53 CST; 8h ago
Docs: man:firewalld(1)
Main PID: 841 (firewalld)
CGroup: /system.slice/firewalld.service
└─841 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
8月 30 22:58:52 oracleserver.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
8月 30 22:58:53 oracleserver.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]# firewall-cmd --zone=public --add-port=1521/tcp --permanent //开放1521端口
success
[root@localhost ~]# firewall-cmd --zone=public --add-port=1158/tcp --permanent //开放1158端口
success
[root@localhost ~]# firewall-cmd --zone=public --add-port=22/tcp --permanent //开放22端口
success
[root@localhost ~]# firewall-cmd --reload //重启载入防火墙配置
success
[root@localhost ~]# firewall-cmd --zone=public --list-ports //查看已开放端口
22/tcp 1158/tcp 1521/tcp
6、安装依赖软件
32位依赖软件: [root@localhost ~]# yum -y install binutils compat-libcap1 compat-libstdc++-33 compat-libstdc++-33*i686 compat-libstdc++-33*.devel compat-libstdc++-33 compat-libstdc++-33*.devel gcc gcc-c++ glibc glibc*.i686 glibc-devel glibc-devel*.i686 ksh libaio libaio*.i686 libaio-devel libaio-devel*.devel libgcc libgcc*.i686 libstdc++ libstdc++*.i686 libstdc++-devel libstdc++-devel*.devel libXi libXi*.i686 libXtst libXtst*.i686 make sysstat unixODBC unixODBC*.i686 unixODBC-devel unixODBC-devel*.i686 64位依赖软件: [root@localhost ~]# yum -y install binutils-2.* compat-libstdc++-33* elfutils-libelf-0.* elfutils-libelf-devel-* gcc-4.* gcc-c++-4.* glibc-2.* glibc-common-2.* glibc-devel-2.* glibc-headers-2.* ksh-2* libaio-0.* libaio-devel-0.* libgcc-4.* libstdc++-4.* libstdc++- devel-4.* make-3.* sysstat-7.* unixODBC-2.* unixODBC-devel-2.* pdksh* 检查依赖软件: [root@localhost ~]# rpm -q binutils compat-libcap1 compat-libstdc++-33 compat-libstdc++-33*i686 compat-libstdc++-33*.devel compat-libstdc++-33 compat-libstdc++-33*.devel gcc gcc-c++ glibc glibc*.i686 glibc-devel glibc-devel*.i686 ksh libaio libaio*.i686 libaio-devel libaio-devel*.devel libgcc libgcc*.i686 libstdc++ libstdc++*.i686 libstdc++-devel libstdc++-devel*.devel libXi libXi*.i686 libXtst libXtst*.i686 make sysstat unixODBC unixODBC*.i686 unixODBC-devel unixODBC-devel*.i686 执行安装更新: [root@localhost ~]# yum update
5、部署用户配置
(1)创建部署用户
[root@localhost ~]# groupadd oinstall //创建oinstall用户组 [root@localhost ~]# groupadd dba //创建dba用户组 [root@localhost ~]# useradd -g oinstall -G dba oracle //创建oracle用户并将用户加入到oinstall、dba两个用户组 [root@localhost ~]# passwd oracle //设置oracle用户密码 更改用户 oracle 的密码 。 新的 密码: 重新输入新的 密码: passwd: 所有的身份验证令牌已经成功更新。
(2)创建部署目录
[root@localhost ~]# mkdir -p /oracle/app/product/11.2.0/dbhome_1 [root@localhost ~]# mkdir -p /oracle/app/oradata [root@localhost ~]# mkdir -p /oracle/flash_recovery_area [root@localhost ~]# mkdir -p /oracle/oraInventory [root@localhost ~]# mkdir -p /oracle/response [root@localhost ~]# mkdir -p /software [root@localhost ~]# chown oracle:oinstall -R /oracle/ [root@localhost ~]# chown oracle:oinstall -R /software/ [root@localhost ~]# chmod -R 755 /oracle/ [root@localhost ~]# chmod -R 755 /software/
6、配置部署参数
(1)配置系统主机参数
[root@localhost ~]# hostnamectl set-hostname oracleserver.localdomain //修改主机名称 [root@localhost ~]# vim /etc/hosts //配置主机网络地址与主机名称映射记录 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.10.133 oracleserver oracleserver.localdomain [root@oracleserver ~]# vim /etc/redhat-release //配置系统标识参数 #CentOS Linux release 7.6.1810 (Core) Red Hat Enterprise Linux Server release 7.3 (Maipo) [root@localhost ~]# reboot //重启操作系统
(2)配置系统内核参数
[root@oracleserver ~]# vim /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). #Oracle Install Parameter //添加下面内核参数 fs.file-max = 6815744 fs.aio-max-nr = 1048576 kernel.shmall = 2097152 kernel.shmmax = 2147483648 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 net.ipv4.ip_local_port_range = 9000 65500 net.core.rmem_default = 4194304 net.core.rmem_max = 4194304 net.core.wmem_default = 262144 net.core.wmem_max = 1048576 [root@oracleserver ~]# /sbin/sysctl -p //更新内核参数,等效命令 [root@oracleserver ~]# /sysctl -p //更新内核参数,等效命令 fs.file-max = 6815744 fs.aio-max-nr = 1048576 kernel.shmall = 2097152 kernel.shmmax = 2147483648 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 net.ipv4.ip_local_port_range = 9000 65500 net.core.rmem_default = 4194304 net.core.rmem_max = 4194304 net.core.wmem_default = 262144 net.core.wmem_max = 1048576
(3)配置登录身份认证
[root@oracleserver ~]# vim /etc/pam.d/login #%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth substack system-auth auth include postlogin account required pam_nologin.so account include system-auth password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open session required pam_namespace.so session optional pam_keyinit.so force revoke session include system-auth session include postlogin -session optional pam_ck_connector.so #Oracle Install Parameter //添加下面Oracle安装参数 session required pam_limits.so session required /lib64/security/pam_limits.so
(4)配置资源限制参数
[root@oracleserver ~]# vim /etc/profile
# /etc/profile
# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc
# It‘s NOT a good idea to change this file unless you know what you
# are doing. It‘s much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.
pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
}
if [ -x /usr/bin/id ]; then
if [ -z "$EUID" ]; then
# ksh workaround
EUID=`/usr/bin/id -u`
UID=`/usr/bin/id -ru`
fi
USER="`/usr/bin/id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
fi
# Path manipulation
if [ "$EUID" = "0" ]; then
pathmunge /usr/sbin
pathmunge /usr/local/sbin
else
pathmunge /usr/local/sbin after
pathmunge /usr/sbin after
fi
HOSTNAME=`/usr/bin/hostname 2>/dev/null`
HISTSIZE=1000
if [ "$HISTCONTROL" = "ignorespace" ] ; then
export HISTCONTROL=ignoreboth
else
export HISTCONTROL=ignoredups
fi
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
for i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; do
if [ -r "$i" ]; then
if [ "${-#*i}" != "$-" ]; then
. "$i"
else
. "$i" >/dev/null
fi
fi
done
unset i
unset -f pathmunge
#Oracle Install Parameter //添加下面Oracle安装参数
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
[root@oracleserver ~]# source /etc/profile //使参数配置生效
[root@oracleserver ~]# cat /etc/security/limits.conf # /etc/security/limits.conf # #This file sets the resource limits for the users logged in via PAM. #It does not affect resource limits of the system services. # #Also note that configuration files in /etc/security/limits.d directory, #which are read in alphabetical order, override the settings in this #file in case the domain is the same or more specific. #That means for example that setting a limit for wildcard domain here #can be overriden with a wildcard setting in a config file in the #subdirectory, but a user specific setting here can be overriden only #with a user specific setting in the subdirectory. # #Each line describes a limit for a user in the form: # #<domain> <type> <item> <value> # #Where: #<domain> can be: # - a user name # - a group name, with @group syntax # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit # #<type> can have the two values: # - "soft" for enforcing the soft limits # - "hard" for enforcing hard limits # #<item> can be one of the following: # - core - limits the core file size (KB) # - data - max data size (KB) # - fsize - maximum filesize (KB) # - memlock - max locked-in-memory address space (KB) # - nofile - max number of open file descriptors # - rss - max resident set size (KB) # - stack - max stack size (KB) # - cpu - max CPU time (MIN) # - nproc - max number of processes # - as - address space limit (KB) # - maxlogins - max number of logins for this user # - maxsyslogins - max number of logins on the system # - priority - the priority to run user process with # - locks - max number of file locks the user can hold # - sigpending - max number of pending signals # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority # #<domain> <type> <item> <value> # #* soft core 0 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 #Oracle Install Parameter //添加下面Oracle安装参数 oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard nofile 65536 # End of file
标签:pid could 产品 pos esc head targe base 问控制
原文地址:https://www.cnblogs.com/usxiao/p/Lixiao.html
