When one is looking for the OpenSSL fix 1.0.1g for Oracle (Red Hat) Linux 6, the fixed package version is ‘1.0.1e-16.el6_5.7’. I think this a bit misleading, because OpenSSL 1.0.1e is subject to the bug (CVE-2014-0160). But from the Red Hat site: and Orcale MetaLink (MOS Note 1663998.1): “Version openssl-1.0.1e-16.el6_5.7 included a fix backported from openssl-1.0.1g“.
Some simple OS tests can produce a false-positive to heartbleed tests, becasue it could look only for text other than 1.0.1g.
To update to the ‘latest’ OpenSSL version, enable the [OL6_latest] repository en ‘yum update openssl’:
Setting up Update Process
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be updated
---> Package openssl.x86_64 0:1.0.1e-16.el6_5.7 will be an update
--> Finished Dependency Resolution
Testing for processes using OpenSSL
One can test if processes are using OpenSSL (not a heartbleed vulnerability test), by issuing one of these two following commands:
$ lsof | awk 'NR==1 || $0~/libssl.so.1.0.1e/'
$ grep libssl.so.1.0.1 /proc/*/maps |cut -d/ -f3 |sort -u |xargs -r -- ps uf
OpenSSL Security Bug – Heartbleed / CVE-2014-0160
Document written at April the 18th, 2014…
Happy blee, uh, testing and patching!
Oracle Direct NFS (dNFS for short) is an NFS Client functionality integrated directly in the Oracle database software, optimizing the I/O (multi)path to your NFS storage without the overhead of the OS client/kernel software.
In this blog post I’ll describe network considerations, configurations and problems I have encountered during set-ups I have done.
dNFS uses two kinds of NFS mounts, the OS mount of NFS (also referred to as kernel NFS of kNFS) and, of course, Oracle’s database NFS mount, Direct NFS or dNFS.
According to [Direct NFS: FAQ (Doc ID 954425.1)] and [How to configure DNFS to use multiple IPs (Doc ID 1552831.1)], an kNFS mount is needed, although Oracle also claims it will also work on platforms that don’t natively support NFS, e.g. Windows… [Oracle Database 11g Direct NFS Client White Paper] (I don’t know how yet…).
Because dNFS implements multipath I/O internally, these is no need for bonding the interfaces to storage via active-backup or Link Aggregation. However, it’s good practice to bond the OS kNFS connection:
1 - eth0 -\
- bond0 - OS / kNFS
2 - eth1 -/
3 - eth2 --------- - dNFS path 1
4 - eth3 --------- - dNFS path 2
Above schematic shows [How to configure DNFS to use multiple IPs (Doc ID 1552831.1)]:
“A good solution could be to use bonded NICs (…) to perform the mount and then use unbonded NICs via dNFS for the performance critical path.” Continue reading
After updating Oracle Linux 6.3 to 6.4 or installing 6.4 from scratch will give a corrupt (blank) VNC remote console when launching the console from Oracle VM Manager:
As discussed in https://oss.oracle.com/ol6/docs/RELEASE-NOTES-U4-en.html#idp513536 and Oracle Support note ‘Corrupted VNC console in PVM guests running Oracle Linux 6.4 on Oracle VM’ (Doc ID 1537278.1), this issue is addressed in ‘X Window System Does Not Run in a PVHVM guest’.
Uninstalling the xorg-x11-drv-cirrus guest driver solves the issue
If you uninstall the xorg-x11-cirrus driver from the guest OS, it will solve this issue.
# rpm -ev --nodeps xorg-x11-drv-cirrus
Reboot the guest OS after uninstalling.
In 10g and 11g Enterprise Edition, one could select which options to install or not to install during the installation process (excl. the 10g ‘custom database’ option, you would get partioning, OLAP and rat). In 12g, one is not able to choose during install anymore, you will get all the options and they must be removed afterwards. Remove / disable them after installing the database software (only), but before creating databases.
The best way to do this is using the ‘chopt’ tool, or when the option is not available, the Oracle Universal Installer must most likely be used. It’s available in Windows and Linux. When using Windows, one can also rename the .dll’s which ‘enable’ the options. It will NOT remove the objects from the database! Continue reading
SQL> alter database force logging;
ORA-12920: database is already in force logging mode
Error in Dutch:
ORA-12920: Database staat al
niet in de force logging-modus.
The word ‘niet’ should not be there!
I’m talking about the ‘third’ field in the database entries. Field number three. Which indicates there could be a fourth, fifth etc… right?
A customer where I came (who went from AIX to Linux), who had interpreted this comment and therefore expanded the oratab with an extra column, to datapump the database (y/n).
When I shut down the databases, there was some unexpected behaviour when I invoked dbshut… Strange, but the extra (last) field ‘for datapump’ was read, not the third!
SOLVED: this issue is solved in Linux 6.4 (kernel: 2.6.39-400.17.1.el6uek and 2.6.32-358.el6).
A single entry in /etc/fstab like [tmpfs /dev/shm tmpfs size=3g 0 0] now works as it should!
There is a bug in Red Hat Linux 6 and Oracle Enterprise Linux 6 (UEK and RHEL-kernel) and probably all other Red Hat 6 related Linux Distro’s.
When you need more memory for SGA/PGA when using MEMORY_MAX_TARGET, you need to resize /dev/shm. By default this is 50% of total memory and Oracle tells you to add the following to /etc/fstab, ‘mounting’ the /dev/shm twice (?):
tmpfs /dev/shm tmpfs size=3g 0 0
(IMPORTANT NOTE: make sure the first field (fs_spec) ‘shmfs’ has the same name as the already existing ‘defaults’ name). So if you have a line [tmpfs /dev/shm tmpfs defaults 0 0], make sure the ‘overruled’ line also starts with ‘tmpfs’: [tmpfs /dev/shm tmpfs size=3g 0 0]. If not, a `mount -a` will un-mount (!!!) the ‘shmfs’ and remount ‘tmpfs’, this results in immediate clearing the ‘/dev/shm’ memory and all your SGA is instantly gone! Running this when databases are running, your databases with AMM will crash! This ‘issue’ is still there last time checked in Linux 7.3. In Oracle documentation about /dev/shm, the first field is ‘shmfs’ with can result in crashing databases when a `mount -a` done!
A couple of days ago I did a new install of the Oracle Database Software (on a Virtual Machine) and it kept failing. I got some oracle.cluster.verification.VerificationException error, but I could not get more information from the logs. Usually it’s a bit more detailed after the colon, but this time it just said: [hostname]: [hostname]. Continue reading
Using partitions may decrease search time when searching through a lot of data from minutes to seconds, from hours to minutes. Storing information partitioned per month/year and retrieving it knowing which month/year you want from millions of records is more efficient than an index on all those months and years. Unfortunately changing to partitions afterwards almost always needs application changes, (I actually never tried an sql_profile…).
When looking for a solution using partitioning, I came across another problem. They were using a function in the one and only predicate in the query and the fact is that when a database uses partitioning for storing data, using a function on the partitioned column will the optimizer searching all data, not the partition. Understandable, because with the function you are searching for derived values, not the actual values in the partition. Oracle must search all the partitions and can not ‘prune’ the partitions. Determining and using a partition is called Partition Pruning.
The solution to be used here is called Virtual Column Partitioning and as a coincidence and nice extra they didn’t even had to change the application! Continue reading
You can update your Oracle VM Servers (3.x) with the Oracle Public Yum Server. In the Oracle VM Manager console go to the ‘Tools and Resources’ tab and click ‘Server Update Management (YUM)’.
For the ‘YUM Base URL:’, use:
When enabling the GPG key, use:
(Oracle VM 3.x is based on OEL5) Continue reading