Booting Oracle VM / Linux (ISOs) with UEFI ‘bios’ does not work

  By | | , ,
Leave a comment

It seems Oracle VM (<=3.3.1 *) and Oracle Linux (<= 5.10/6.6 *) both install ISOs and installed OS’s are not capable of booting when UEFI on the bare-metal hardware is used. I have seen two configurations now where this happened, one using a USB HDD drive capable providing a ISO to boot from as CD/DVD (Zalman ZM-VE300)  and one HP iLO4 (http and local ISO) ‘remote’ booting. Continue reading

ShellShock fixes for Oracle Linux, ExaData, ExaLogic and Solaris

  By | | ,
Leave a comment

Read all about it in:

Oracle’s Security Alert for ShellShock.

It also lists Oracle products that are affected and do not have fixes available at this time…

Oracle Linux

Next Doc ID provides a listing of Oracle Linux patches (minimal Bash versions) required to resolve security vulnerabilities referenced by CVE-2014-6271 and CVE-2014-7169:

CVE-2014-6271 and CVE-2014-7169 Patch Availability Document for Oracle Linux (Doc ID 1930120.1).

These versions can be found, downloaded and YUM-ed from Oracle’s public yum server:

http://public-yum.oracle.com/

Happy patching…

 

OpenSSL Heartbleed Oracle fixed version is 1.0.1e-16.el6_5.7

  By | | , ,
Leave a comment

When one is looking for the OpenSSL fix 1.0.1g for Oracle (Red Hat) Linux 6, the fixed package version is ‘1.0.1e-16.el6_5.7’. I think this a bit misleading, because OpenSSL 1.0.1e is subject to the bug (CVE-2014-0160). But from the Red Hat site: and Orcale MetaLink (MOS Note 1663998.1): “Version openssl-1.0.1e-16.el6_5.7 included a fix backported from openssl-1.0.1g.

Some simple OS tests can produce a false-positive to heartbleed tests, becasue it could look only for text other than 1.0.1g.

Update…

To update to the ‘latest’ OpenSSL version, enable the [OL6_latest] repository en ‘yum update openssl’:

Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be updated
---> Package openssl.x86_64 0:1.0.1e-16.el6_5.7 will be an update
--> Finished Dependency Resolution
(etc...)

Testing for processes using OpenSSL

One can test if processes are using OpenSSL (not a heartbleed vulnerability test), by issuing one of these two following commands:

$ lsof | awk 'NR==1 || $0~/libssl.so.1.0.1e/'
$ grep libssl.so.1.0.1 /proc/*/maps |cut -d/ -f3 |sort -u |xargs -r -- ps uf

More info

OpenSSL Security Bug – Heartbleed / CVE-2014-0160

Document written at April the 18th, 2014…

Happy blee, uh, testing and patching!

Direct NFS, configuring and network considerations in practise

  By | | ,
6 Comments

Oracle Direct NFS (dNFS for short) is an NFS Client functionality integrated directly in the Oracle database software, optimizing the I/O (multi)path to your NFS storage without the overhead of the OS client/kernel software.

In this blog post I’ll describe network considerations, configurations and problems I have encountered during set-ups I have done.

dNFS uses two kinds of NFS mounts, the OS mount of NFS (also referred to as kernel NFS of kNFS) and, of course, Oracle’s database NFS mount, Direct NFS or dNFS.

According to [Direct NFS: FAQ (Doc ID 954425.1)] and [How to configure DNFS to use multiple IPs (Doc ID 1552831.1)], an kNFS mount is needed, although Oracle also claims it will also work on platforms that don’t natively support NFS, e.g. Windows… [Oracle Database 11g Direct NFS Client White Paper] (I don’t know how yet…).

Because dNFS implements multipath I/O internally, these is no need for bonding the interfaces to storage via active-backup or Link Aggregation. However, it’s good practice to bond the OS kNFS connection:

1 - eth0 -\
           - bond0 - OS / kNFS
2 - eth1 -/
3 - eth2 --------- - dNFS path 1
4 - eth3 --------- - dNFS path 2

Above schematic shows [How to configure DNFS to use multiple IPs (Doc ID 1552831.1)]:
“A good solution could be to use bonded NICs (…) to perform the mount and then use unbonded NICs via dNFS for the performance critical path.” Continue reading

Update / install Oracle Linux 6.4 corrupts console in Oracle VM 3.x

  By | | , ,
1 Comment

After updating Oracle Linux 6.3 to 6.4 or installing 6.4 from scratch will give a corrupt (blank) VNC remote console when launching the console from Oracle VM Manager:

oracle_vm_3_oel_6.4_console

As discussed in https://oss.oracle.com/ol6/docs/RELEASE-NOTES-U4-en.html#idp513536 and Oracle Support note ‘Corrupted VNC console in PVM guests running Oracle Linux 6.4 on Oracle VM’ (Doc ID 1537278.1), this issue is addressed in ‘X Window System Does Not Run in a PVHVM guest’.

Uninstalling the xorg-x11-drv-cirrus guest driver solves the issue

If you uninstall the xorg-x11-cirrus driver from the guest OS, it will solve this issue.

# rpm -ev --nodeps xorg-x11-drv-cirrus

Reboot the guest OS after uninstalling.

Happy Launching!

Remove Oracle Database Options with chopt in 12c

  By | | , ,
Leave a comment

In 10g and 11g Enterprise Edition, one could select which options to install or not to install during the installation process (excl. the 10g ‘custom database’ option, you would get partioning, OLAP and rat). In 12g, one is not able to choose during install anymore, you will get all the options and they must be removed afterwards. Remove / disable them after installing the database software (only), but before creating databases.

The best way to do this is using the ‘chopt’ tool, or when the option is not available, the Oracle Universal Installer must most likely be used. It’s available in Windows and Linux. When using Windows, one can also rename the .dll’s which ‘enable’ the options. It will NOT remove the objects from the database! Continue reading

Running VBoxManage.exe from Windows Task Scheduler

  By | | ,
6 Comments

I have been trying to run VBoxManage.exe from the Windows Task Scheduler to periodically list vms. The problem I had was that it wouldn’t list the VM’s I had registered, even if the task was run as the user that created the VM’s and with the ‘Run with highest privileges’ selected.

When searching the Internet, I saw more people having difficulties running it this way, so I started experimenting. Using ‘psexec‘ and ‘runas’ (use the /savecred option and run it once manually from command line) did work when running the VBoxManage.exe as the VM’s creator user while being logged as someone else, but running it from the Task Scheduler still did not work. Continue reading

Internet Explorer 10 ‘Continue to this website’ option missing

  By | | ,
12 Comments

I recently updated to Internet Explorer 10 (Windows 7 64bit) and when I browsed to a website with a security certificate problem: “There is a problem with this website’s security certificate.”, the “Continue to this website (not recommended).” option was missing!!!

The issue here is that Microsoft restricted access to pages which are using a key using less than 1024 bits for protection. Some Oracle product using websites (including Oracle VM Manager) are still using this!

Continue reading

The oratab usage comment is not correct… or it’s a bug in dbstart/dbshut (sort of)…

  By | | ,
5 Comments

I’m talking about the ‘third’ field in the database entries. Field number three. Which indicates there could be a fourth, fifth etc… right?

A customer where I came (who went from AIX to Linux), who had interpreted this comment and therefore expanded the oratab with an extra column, to datapump the database (y/n).

When I shut down the databases, there was some unexpected behaviour when I invoked dbshut… Strange, but the extra (last) field ‘for datapump’ was read, not the third!

Continue reading