Commands for demolabs. Presentation: http://www.slideshare.net/m_cerveny/oracle-solaris-day-2013-oracle-db-and-os-solaris

1. Oracle Solaris Day 2013 (26.6.2013)
Oracle DB a OS Solaris
### zony - vytvoreni
#zonecfg -z ozone "create; set zonepath=/rpool/zones/ozone; export"
#zoneadm list -icv
#sysconfig create-profile -o /root/prof.xml
#zoneadm -z ozone install -c /root/prof.xml
zoneadm list -icv
zoneadm -z ozone boot
zoneadm list -icv
zoneadm -z ozone
#pkg install x11/clients library/motif solaris-large-server
### zony - rizeni zdroju v zone
psrinfo
zlogin ozone psrinfo
zonecfg -z ozone "set max-shm-memory=2g; add dedicated-cpu; set ncpus=1; end; export"
zoneadm -z ozone reboot
prctl $$
zlogin ozone psrinfo
### zony - priprava oracle + install oracle binary
zlogin ozone
groupadd -g 200 oinstall
groupadd -g 201 dba
useradd -u 200 -g oinstall -G dba -c "oracle database user" -d /export/home/oracle -m oracle
projadd -K 'project.max-shm-memory=(privileged,2048m,deny)' user.oracle
passwd oracle
mkdir /opt/oracle
chown -R oracle:oinstall /opt/oracle
mkdir -p /var/opt/oracle 2>/dev/null
cat > /var/opt/oracle/oraInst.loc <<EOF
inventory_loc=/opt/oracle/oraInventory
inst_group=oinstall
EOF
chown oracle:oinstall /var/opt/oracle/oraInst.loc
chmod 664 /var/opt/oracle/oraInst.loc
cat >> /export/home/oracle/.profile <<'EOF'
ORACLE_BASE=/opt/oracle
ORACLE_HOME=${ORACLE_BASE}/product/11.2.0/db_1
PATH=$PATH:${ORACLE_HOME}/bin
LD_LIBRARY_PATH=/lib:/usr/lib:$ORACLE_HOME/lib:$ORACLE_HOME/rdbms/lib
ORACLE_SID=DB
DB_NAME=DB
ORA_NLS10=${ORACLE_HOME}/nls/data
TNS_ADMIN=${ORACLE_HOME}/network/admin
NLS_LANG=AMERICAN_AMERICA.WE8ISO8859P15
CLASSPATH=$ORACLE_HOME/jdk:$ORACLE_HOME/jlib
CLASSPATH=${CLASSPATH}:$ORACLE_HOME/rdbms/jlib
CLASSPATH=${CLASSPATH}:$ORACLE_HOME/network/jlib
export ORACLE_BASE ORACLE_HOME ORACLE_SID PATH LD_LIBRARY_PATH DB_NAME ORA_NLS10 TNS_ADMIN NLS_LANG CLASSPATH
EOF
. /export/home/oracle/.profile
su - oracle -c "/ORACLE/database/runInstaller -responseFile /ORACLE/ora112_db_install.rsp -silent"
sleep 60
while ! grep -q 'Shutdown Oracle Database 11g.*Installer' /opt/oracle/oraInventory/logs/installActions*.log 2>/dev/null;
do
sleep 10
done
$ORACLE_HOME/root.sh
### ZFS - pro data do zony s delagaci rizeni pro "oracle"
#zfs create -o zoned=on -o mountpoint=/oradata -o quota=10g rpool/oradata
zfs get all rpool/oradata
zonecfg -z ozone "add dataset; set name=rpool/oradata; end"
zoneadm -z ozone reboot
zlogin ozone
zfs list
zfs allow oracle clone,create,destroy,mount,snapshot,promote,rollback,recordsize oradata
chown oracle:dba /oradata
su - oracle
zfs snapshot oradata@test

2. zfs list
zfs destroy oradata@test
# data oracleDB vytvorena pomoci "dbca"
#zfs snapshot oradata@datatest
sqlplus '/ as sysdba'
startup
select * from test;
drop table test;
select * from test;
shutdown
zfs rollback oradata@datatest
sqlplus '/ as sysdba'
startup
select * from test;
zfs get all oradata
zfs set recordsize=8k oradata
# SQL: select value from v$parameter where name = 'db_block_size';
### site - virtualizace (interni switch0) a rizeni toku na sitovce a na tcp portu
#netadm enable -p ncp DefaultFixed
dladm help
dladm show-link
dladm create-etherstub switch0
dladm create-vnic -l switch0 vnic0
dladm show-link
ipadm create-ip vnic0
ipadm create-addr -T static -a 192.168.99.1/24 vnic0/v4
ipadm show-addr
zonecfg -z ozone "select anet linkname=net0; set lower-link=switch0; end"
zonecfg -z ozone set
zonecfg -z ozone "select anet linkname=net0; set maxbw=100m; end"
zonecfg -z ozone "set limitpriv=default,dtrace_proc,dtrace_user"
dladm show-linkprop ozone/net0
zoneadm -z ozone reboot
dladm show-linkprop ozone/net0
ping 192.168.99.2
zlogin ozone
dladm show-link
ipadm show-addr
ping 192.168.99.1
mkfile 100m /tmp/file
scp /tmp/file oracle@192.168.99.2:/tmp
#~8sec -> 100Mbit/sec
zlogin ozone
flowadm add-flow -l net0 -a transport=TCP,local_port=22 ssh-flow
flowadm set-flowprop -p maxbw=50M ssh-flow
flowadm show-flowprop
flowadm show-flow
scp /tmp/file oracle@192.168.99.2:/tmp
#~16sec -> 50Mbit/sec
zlogin ozone flowstat
### role - privilegia
zlogin ozone
su - oracle
ps -ef
ppriv -l
usermod -K 'defaultpriv=basic,!proc_info' oracle
su - oracle
ps -ef
### role - profily
zlogin ozone
profiles -a
profiles -p "Process Management" info
roleadd -m -d /export/home/killer -P "Process Management" killer
passwd killer
usermod -R killer user
sleep 1000 &
su - user
/usr/bin/kill
roles
su - killer
profiles -l
/usr/bin/kill
### SMF
svcs -x

3. svcs
svcs apache22
svcadm enable apache22
svcs -d apache22
svcs -D apache22
svcs -p apache22
pkill httpd
svcs -p apache22
svcadm disable apache22
### SMF - Oracle DB
zlogin ozone
cat > oracle.xml <<'EOF'
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="oracle-database-service">
<service name="site/oracle" type="service" version="1">
<dependency name="multi-user" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/milestone/multi-user:default"/>
</dependency>
<instance name="DB" enabled="false">
<exec_method name="start" type="method"
exec="sh -c '. /export/home/oracle/.profile; echo startup|$ORACLE_HOME/bin/sqlplus / as sysdba'"
timeout_seconds="500">
<method_context>
<method_credential
user="oracle"
group="oinstall"
privileges="basic,!proc_info"/>
</method_context>
</exec_method>
<exec_method name="stop" type="method"
exec="sh -c '. /export/home/oracle/.profile; echo shutdown immediate|$ORACLE_HOME/bin/sqlplus / as sysdba'"
timeout_seconds="900">
<method_context>
<method_credential
user="oracle"
group="oinstall"
privileges="basic,!proc_info"/>
</method_context>
</exec_method>
<property_group name="general" type="framework">
<propval name="action_authorization" type="astring" value="solaris.smf.manage.oracle.database"/>
<propval name="value_authorization" type="astring" value="solaris.smf.manage.oracle.database"/>
</property_group>
</instance>
</service>
</service_bundle>
EOF
svccfg import oracle.xml
su - user
svcadm enable oracle
cat > /etc/security/auth_attr.d/oracle <<EOF
solaris.smf.manage.oracle.database::::::
solaris.smf.manage.oracle.listener::::::
EOF
cat /etc/security/auth_attr.d/oracle
usermod -A solaris.smf.manage.oracle.database user
su - user
auths
svcadm enable oracle
### dtrace v zone a dtrace na Oracle DB
su - mysql -c "/usr/mysql/bin/mysqld_safe &"
dtrace -l | awk '{print $2}' | sort | uniq -c | sort -n
dtrace -l -n 'mysql*:::' | tail +2 | awk '{print $5}' | sort | uniq -c
#zonecfg -z ozone "set limitpriv=default,dtrace_proc,dtrace_user"
zlogin ozone
#pkg install dtrace
dtrace -l
dtrace -l | awk '{print $2}' | sort | uniq -c | sort -n
su - oracle
sqlplus '/ as sysdba'
select count(*) from dba_users;
select plan_table_output from table(dbms_xplan.display_cursor(null,null,'basic'));

4. @spid
#select s.inst_id, s.sid, s.serial#, p.spid, s.username, s.program from gv$session s join gv$process p on p.addr =
s.paddr and p.inst_id = s.inst_id where s.type != 'BACKGROUND';
export PID=
dtrace -p $PID -Fn 'pid$target:oracle:qer*Fetch*:entry pid$target:oracle:qer*Fetch*:return' | tee out.txt
select count(*) from dba_users;
sed -f os_explain.sed out.txt
set timing on
create table t1(a int) tablespace USERS;
create table t2(a int) tablespace SYSTEM;
commit;
alter system checkpoint;
exec for i in 1..100000 loop insert into t2 values(i); end loop;
commit;
alter system checkpoint;
exec for i in 1..100000 loop insert into t1 values(i); end loop;
commit;
alter system checkpoint;
cat dstackprof.sh
./dstackprof.sh $PID 10
exec for i in 1..100000 loop insert into t2 values(i); end loop;
commit;
alter system checkpoint;
./dstackprof.sh $PID 10
exec for i in 1..100000 loop insert into t1 values(i); end loop;
commit;
alter system checkpoint;
show parameter
show parameter db_block_checking
SET LINESIZE 140
COLUMN KSPPINM FORMAT A40
COLUMN KSPPDESC FORMAT A80
COLUMN KSPPSTVL FORMAT A5
COLUMN KSPPSTDVL FORMAT A5
COLUMN KSPPSTDF FORMAT A5
select KSPPINM,KSPPDESC,KSPPSTVL,KSPPSTDVL,KSPPSTDF from X$KSPPSV a,x$ksppi b where a.indx=b.indx and KSPPINM like
'_%' ESCAPE '';
show parameter "_db_always_check_system_ts"
alter system set "_db_always_check_system_ts" = FALSE;
commit;
alter system checkpoint;
exec for i in 1..100000 loop insert into t2 values(i); end loop;
commit;
alter system checkpoint;
exec for i in 1..100000 loop insert into t1 values(i); end loop;
commit;
alter system checkpoint;
### kernel softwarovy audit
auditconfig -setpolicy +perzone
zlogin ozone
auditconfig -lspolicy
auditconfig -setpolicy +zonename
auditconfig -setpolicy +argv
usermod -K 'audit_flags=lo,ex,ua,as:no' oracle
cat /etc/security/audit_class
grep EXEC /etc/security/audit_event
profiles -p "Audit Review" info
roleadd -m -d /export/home/auditor -P "Audit Review" auditor
passwd auditor
usermod -R auditor,killer user
svcadm enable auditd
su - oracle
sqlplus
rm x
su - user
roles
su - auditor
auditreduce | praudit -l