Transcript
Technical white paper
HP Cloud Map for CloudSystem Oracle® Database Lifecycle Management Cloud Service Design Guide Released May 2012 Table of Contents Executive Summary .......................................................................................................................2 Introduction ..................................................................................................................................3 Architecture .................................................................................................................................4 Context ....................................................................................................................................4 Functional Architecture ..............................................................................................................4 Execution Process......................................................................................................................5 Contents of the Oracle Database Cloud Map ...................................................................................6 System Requirements .....................................................................................................................7 Component Requirements...........................................................................................................7 Configuration Requirements .......................................................................................................7 Installation and Configuration ........................................................................................................9 Step 1: Create the HP Infrastructure Orchestration Templates..........................................................9 Step 2: Apply the HP DMA Hot Fixes ........................................................................................15 Step 3: Import the Binary Archives into the HP SA Library ............................................................16 Step 4: Configure the Cloud Map to Use the Correct Oracle Binaries............................................17 Step 5: Import the Service Design into the HP OO Repository .......................................................18 Step 6: Configure HP OO to Communicate with HP SA ...............................................................19 Step 7: Create an HP CSA Service Offering ...............................................................................20 Administrator Information ............................................................................................................21 Make Oracle Database Software Available to Subscribers ..........................................................21 Make Oracle Database Patches Available to Subscribers ............................................................21 Subscriber Information ................................................................................................................22 Log In to the HP CSA Subscriber Portal ......................................................................................22 Order the HP CSA Service .......................................................................................................23 Patch Your Oracle Database ....................................................................................................27 Check Your Oracle Database for Compliance with the CIS Benchmark .........................................29 Appendix A: Install an HP DMA Solution Pack ...............................................................................35 Appendix B: Set Up a YUM Repository .........................................................................................36 Appendix C: Configure Swap Space on a Server ...........................................................................37 For more information...................................................................................................................38
1
Executive Summary Organizations building cloud environments, whether for internal use or to provide services to others, face challenges in delivering application services. Preparing to deliver a catalog of cloud services requires many steps. Designing and configuring server, storage, and network infrastructure are just the start. The application service must also be defined such that it consistently meets business needs. This means characterizing workloads, specifying an optimized application environment, optimizing reliability and scalability, and automating workflows. All of this takes time, trial and error, and a good measure of specialized know-how, which adds up to higher costs, complexity, and risk. Manual tasks are typically part of this process and are error prone. Because of the breadth of applications that today’s enterprise has to deal with, it is often impractical to have a deep understanding of all requirements. One organization might lack the cloud-specific expertise necessary to successfully configure and deploy an optimally configured infrastructure for the workload. Another may have a solution for deploying applications for development and test environments, but struggle to ensure the application performance and reliability levels that business users expect in production environments. HP Cloud Maps are the solution for speedier, more robust application delivery and service assurance. They help IT transform and extend its value to the business from being an IT infrastructure provider to delivering more complete end-to-end business application services on demand. HP Cloud Maps are prepackaged, optimized, and tested cloud service designs for use with HP CloudSystem and related software to automate the deployment of applications – and the infrastructure upon which they depend – in the cloud. They enable:
• • • • •
Repeatable, proven deployments that reduce risk and assure improved service levels Savings of staff-hours in design, development, and deployment for each application environment Fast assembly of application service catalogs Push-button simple delivery of new application services, often in less than an hour Optimized performance, with built-in lifecycle management
Cloud Maps with lifecycle management go beyond application deployment to include workflow automation and design process expertise for ongoing application patching and compliance.
2
Introduction Oracle Database is one of the most popular database products in the industry. This Cloud Map helps you implement an Oracle database as a service (DBaaS). It goes beyond simply deploying Oracle Database to automating the more advanced lifecycle management tasks that are important to keeping an Oracle database functioning in a reliable and optimal fashion in production. The focus of this white paper is on simplifying and accelerating the creation of the Oracle Database lifecycle service design and implementation so that it can be consumed more easily by multiple business users and managed more quickly and consistently by database administrators. Target audience: This paper is for cloud service design architects, database administrators, and business users who wish to learn more about the capabilities of HP CloudSystem Enterprise and how it can be used to deploy, patch, and ensure compliance of a standalone Oracle database. The HP Cloud Map for CloudSystem Oracle Database Lifecycle Management enables you to automate the following processes and offer them to your cloud service consumers:
• Provision the physical and virtual infrastructure required to run Oracle Database on Red Hat Enterprise Linux • Deploy a new Oracle Database home and instance • Apply patches to an existing Oracle Database home and instance • Check an Oracle database for compliance with the pertinent Center for Internet Security benchmarks This white paper provides step-by-step instructions for creating the service design. It also includes important information for the database administrator on the appropriate methodology to make patches available for use by the service, and for the service consumer on how to order lifecycle functions from the HP Cloud Service Automation Service Request Catalog in a database as a service (DBaaS) subscription model. This paper is part of an implementation package that includes integration workflows referred to in the steps below. If you received this paper independently of the rest of the package, you can download the complete package by visiting http://www.hp.com/go/cloudmaps, clicking on the “Lifecycle Management” tab, and navigating to the Cloud Map of your choice.
3
Architecture Context To deliver the functionality of the HP Cloud Map for Oracle Database, many different HP Cloud oriented technologies work together to provide an integrated service offering. Each of the products described in the functional architecture use open APIs to deliver the cloud service described in this paper. The architecture is designed to meet the diverse and demanding aspects of enterprise operations while at the same time providing immediate value with preconfigured services. The architecture can support internal cloud deployments for IT service offerings as well as complex and large scale service provider offerings.
Functional Architecture The diagram below describes how the HP Cloud Map for Oracle Database utilizes a number of integrated HP cloud oriented technologies. Three foundational HP technologies are used: Cloud Services Automation (HP CSA), Operations Orchestration (HP OO), and Database and Middleware Automation (HP DMA). HP CSA provides the compute resource provisioning and the service catalog. The HP CSA service catalog is how the end user eventually consumes the Cloud Map. HP OO operates as a message bus of sorts, handles the web service integration from HP CSA to HP DMA, and orchestrates workflows across compute providers, server management and host administration, and infrastructure/application providers. HP DMA provides the advanced automation capabilities required to deploy and configure the Oracle database and to ensure it is patched and meeting compliance requirements over the lifecycle. As described below, HP DMA uses the advanced security and enterprise scale capabilities of HP Server Automation (HP SA) to interface with the compute and OS resources provisioned by HP CSA.
4
Execution Process The execution process, shown in the diagram below, has two phases: the compute phase and the application infrastructure phase. The compute phase (shown in blue ) begins with HP CSA. Upon receiving a service request, HP CSA calls HP OO to run a flow that implements the request. The flow orchestrates the work of all contributing technologies. HP CSA then calls HP Matrix Operating Environment (HP Matrix OE) and executes a specific HP Infrastructure Orchestration (HP IO) template. HP Matrix OE provides the physical or virtual machine to host the Oracle Database. For a physical machine, HP Matrix OE calls HP SA to provision and manage a physical machine. If a virtual machine is required, HP Matrix OE calls VMware vCenter to provision a virtual machine that will be managed by HP SA. In both cases, HP SA manages the host machine. In the application infrastructure phase (shown in red ), HP OO Flows are used to run operations that install the required HP SA policy, which enables the execution of HP DMA workflows on the target physical or virtual machine that has just been provisioned. As a final step, HP OO calls HP DMA to execute Oracle specific workflows.
Key ….. – Virtual machine/ infrastructure
CSA Matrix
….. – Database lifecycle actions
• Provisions compute components • Links to HP OO flow via service subscription • Hands off host name and IP
• Executes HP IO template • Creates compute resources
OO
• Applies DMA Agent Support policy to HP SA target • Adds the server to HP DMA configuration (API) • Executes the HP DMA flow via web services API
OE • Executes the HP DMA workflow
SA
• Provisions and configures OS • Uses host name to provision
DMA
5
Contents of the Oracle Database Cloud Map The HP Cloud Map for CloudSystem Oracle Database Lifecycle Management provides service designs and underlying automation that you can use to easily and consistently deploy and maintain an Oracle Database home and instance in your environment. This Cloud Map consists of this white paper and a set of XML files packaged as a ZIP file. Collectively the white paper and the XML files enable a complete service design for an Oracle Database service including:
• CloudSystem service catalog entries covering the initial subscription and subsequent lifecycle actions • HP OO flows that orchestrate the execution of HP DMA workflows that provision, patch, and test compliance of Oracle databases
6
System Requirements To implement this Cloud Map, you should have working knowledge and hands-on experience with HP CloudSystem Enterprise and Oracle Database. You should understand the core concepts and have demonstrated proficiency with HP CloudSystem Enterprise. To use this Cloud Map, your HP CloudSystem Enterprise environment must be installed, configured, and functioning correctly. Each component must be verified to work individually and as a complete HP CloudSystem Enterprise environment. See the For more information section at the end of this paper to locate additional documentation.
Component Requirements The following table shows the major components required to use this Cloud Map. Refer to this table as you install and configure the Cloud Map to verify that you are using the correct software: Component
Version
HP Cloud Service Automation (HP CSA)
2.01.001
HP Operations Orchestration (HP OO)
9.00 (tested) or later
HP Server Automation (HP SA)
9.10 (tested) or later
HP SA 9.10 requires the HP Database and Middleware Automation hot fix (see the section Step 2: Apply the HP DMA Hot Fixes) HP Database and Middleware Automation solution packs with latest hot fixes:
9.13 (tested) or later
• Database Provisioning Solution Pack • Database Patching Solution Pack • Database Compliance Solution Pack • HP DMA Solution Pack hot fix (DMA 9.13 Hotfix 1)
(See Appendix A: How to Install an HP DMA Solution Pack.) HP Matrix Operating Environment (HP Matrix OE)
6.3
Hypervisor
VMware 4.1.0, 348481
Oracle Database software and licenses
Validated and tested using 11g R2 (11.2.0.3)
Red Hat Enterprise Linux
5.6 x86_64 (64-bit)
You can find information about installing, configuring, and verifying these components and their interoperability in the documents listed in the section For more information at the end of this paper.
Configuration Requirements The following prerequisites must be satisfied before you can use this Cloud Map:
• The Cloud Map ZIP file, Standalone_Oracle_Database_Cloud_Map.zip, is downloaded from www.hp.com/go/cloudmaps. (Click the “Lifecycle Management” tab, and then navigate to the appropriate Cloud Map.)
• HP OO is configured to access a Yellowdog Updater, Modified (YUM) repository containing the prerequisite Red Hat Linux RPMs (see Appendix B: Setting up a YUM repository).
7
• For deployment to a virtual target, VMware vCenter is installed and accessible by HP Matrix OE, and a VMware vCenter template for a Red Hat Enterprise Linux server with the HP SA agent is preinstalled.
• Your HP SA account enables you to import software packages into HP SA library. • HP DMA and its solution packs are installed (see Appendix A: How to Install an HP DMA Solution Pack). • All available HP SA and HP DMA platform patches and hot fixes are installed. • HP Matrix OE is able to access HP SA.
8
Installation and Configuration The following steps are required to make this Cloud Map available to HP Cloud Service Automation (HP CSA) subscribers in your environment. Detailed instructions for each step are provided after the table. Follow these steps in the order listed. Step
Description
Step 1: Create the HP Infrastructure Orchestration Templates
In the HP IO Designer, create templates that will deploy a physical server and a virtual server.
Step 2: Apply the HP DMA Hot Fixes
An HP DMA platform hot fix is required if you are using HP SA 9.10 and have not already applied this hot fix. An HP DMA solution pack hot fix is necessary if you are using HP DMA 9.13 workflows.
Step 3: Import the Binary Archives into the HP SA Library
In HP SA, import your Oracle Database software binary archives and Oracle Database patch binary archives into the HP SA library. NOTE: Oracle Database is not included in the HP Oracle Database Cloud Map. You must purchase Oracle software separately.
Step 4: Configure the Cloud Map to Use the Correct Oracle Binaries
In two HP OO flows, set the necessary parameters to allow the Cloud Map to access the Oracle binary files.
Step 5: Import the Service Design into the HP OO Repository
In HP Operations Orchestration Studio, import the service design into the HP OO repository.
Step 6: Configure HP OO to Communicate with HP SA
In HP Operations Orchestration Studio, configure HP OO system properties to enable HP OO and HP SA to communicate.
Step 7: Create an HP CSA Service Offering
In the HP CSA Provider Console, create a service offering that references your HP OO service design.
Step 1: Create the HP Infrastructure Orchestration Templates The HP Infrastructure Orchestration template defines the servers, storage, and networks that will be used for the Oracle Database installation. Use the following instructions to create two templates: one for a physical server deployment and the other for a virtual server deployment. IMPORTANT: Make sure you specify the disk size to be at least 45GB for both the physical and virtual servers. NOTE: To see examples of HP Matrix OE infrastructure provisioning templates, download the HP Cloud Map for a Standalone Oracle Database from here. This ZIP file contains a README file, an XML file to provision a physical server, and an XML file to provision a virtual server. To create a template for physical server deployment: 1.
On the same server where your HP Matrix OE is installed, launch the HP IO Designer tool from the Windows® Start menu: Start → All Programs → HP Insight Software → HP Insight Orchestration → HP IO Designer Log on as a user with HPIO_Administrator or HPIO_Architects permissions. This will open the Insight Orchestration Designer. NOTE: Because this is a web interface, you can also access the tool if you open a web browser and go to: https://
:51443/hpio/designer
9
2.
Click
(New) to create a new template.
3.
Drag and drop the following items from the Components section to the palette on the right:
a.
One Physical Server Group icon
b.
One Physical Storage icon
c.
Two Network icons
4.
Connect the components by drawing lines from their connection points. Start a connection by holding the left mouse button on a connection point and end it by releasing it over another component. Your template should look like this:
5.
Configure each component by right-clicking and selecting the Configuration menu item. You will configure a Production network and a Management network. The Management network interface (shown as Mgmt_A below) is the network connected to your Server Automation server. The Production network (shown as Prod_A below) can be used for applications to connect to the database. a.
Right-click Network1 and select Edit Network Configuration. Select a Production network and click OK.
b.
Right-click Network2 and select Edit Network Configuration. Select a Management network and click OK.
6.
Right-click SvrGrp1, and choose Edit Server Group Configuration.
7.
Change the Group Name to a meaningful name, such as LinuxDB. You can modify the processors per Server, Memory Size, and Processor Speed. You must modify the Processor Architecture. Select X86-64-bit from the drop-down menu. Suggested settings are shown here:
8.
10
Select the Networks tab and enter a Hostname string (for example, db#). When the server is created, the host name is derived from this string (in this case, db).
Set the Assignment Type for the Production and Management networks. The CloudSystem Matrix OE Administrator should specify the appropriate network settings for use in your template. The Production network (shown here as Prod_A) should be selected as the Primary Interface.
9.
Click the Software tab. Select the Operating System that will be deployed on the server. Operating systems that are available for deployment from Server Automation have SA in the Source column. Choose a Red Hat Enterprise Linux operating system. Click OK to save your changes.
10. Right-click the FC-SAN Disk 1 icon, and select Edit Storage configuration. If desired, change the disk Name. Set the Individual Disk Size field to a minimum value of 45GB. Click the Disk is bootable check box. If your storage is configured with redundant access, click the Redundant SAN paths to disk check box.
11. Click OK to save your changes. After your changes are saved, the Validation Status should be green. Select the Published checkbox. Your template should look like this when all changes have been made:
11
12. Click
(Save) to save your template. Set the template name to Oracle_Database_PHY.
IMPORTANT: The template name Oracle_Database_PHY is required when the subscriber requests an HP CSA subscription in the section Order the HP CSA Service.
After you create the physical server template, you must ensure that the amount of swap space is sufficient given the dynamic nature of how physical memory is allocated for a physical server. To configure swap space for a physical server: For physical deployments the amount of physical memory allocated to a physical server is not guaranteed. To get around this, you need to modify the kickstart file. 13. Edit the kickstart file (for example, kickstart.file) using your choice of text editor. 14. Replace part swap --size=1024 with part swap --size=1024 --grow The following excerpt from the kickstart file shows you where to edit:
NOTE: The grow parameter will assign the swap space as required. For example, a configuration of 4GB RAM and 45GB disk space allocates 20GB of swap space, which is more than required. 15. Save the file and exit. 16. To check that your kickstart file has the correct swap space parameter, launch the HP SA Web Client from the Windows Start Menu. Go to http:// 17. Log on as an HP SA user with administrator privileges.
12
18. Under Software, click Operating Systems. 19. Click the Installation tab. 20. Click on ks.cfg (as highlighted below) to verify that all the configuration settings are as expected:
21. If you make any changes to the configuration settings, click Upload…. 22. Exit the HP SA Web Client.
This completes the setup for physical server deployment—creating a template and configuring the swap space. The process to create a template for virtual server deployment is similar. To create a template for virtual server deployment: 23. Click
(New) to create a new template.
24. As you did with the Physical server template, drag and drop the components into the palette. Your template should look like this:
25. Edit the network configuration as you did for physical servers, choosing the Management and Production networks configured for your environment. 26. Right-click SvrGrp1, and select Edit Server Group Settings. Suggested values are shown here:
13
27. Select the Networks tab. Set the Hostname to something like vmdb#, and set the networks just as you did for the physical server template. 28. Click the Software tab. Choose a VM template with a Source of VMware and an OS Type of Linux to deploy Red Hat Enterprise Linux. Choose a template with at least 4GB of swap space. If the amount of physical RAM on the system is greater than 4GB, the swap space should be equal or greater than the amount of physical RAM. For additional information about configuring the swap space, refer to Appendix C: Configure Swap Space on a Server.
29. Right-click Virtual Disk1 and select Edit Storage Configuration. Select the Disk is bootable check box.
30. Click OK to save your changes. After your changes are complete, your template should look like this.
14
31. Click
(Save) to save your template. Set the template name to Oracle_Database_VM.
IMPORTANT: The template name Oracle_Database_VM is required when the subscriber requests an HP CSA subscription in the section Order the HP CSA Service. 32. Close Insight Orchestration Designer.
Step 2: Apply the HP DMA Hot Fixes There are two hot fixes that you may need to apply before you can use this Cloud Map:
• The HP DMA platform hot fix • The HP DMA Solution Pack hot fix To access the hot fixes: 1.
Determine which hot fixes are necessary: The HP DMA platform hot fix (HP DMA Hot fix 9.10, DMA Hubble Hotfix_2) is only necessary if you are using HP SA 9.10 and you do not already have the HP DMA platform hot fix. If you have upgraded to HP SA 9.11 or later, it is not needed. The HP DMA Solution Pack hot fix (DMA 9.13 Hotfix 1) is necessary if you are running DMA 9.13 content and you want to use this Cloud Map for Oracle Database compliance.
2.
Go to the HP support site: http://support.openview.hp.com/
3.
Select Case Manager.
4.
Log in with your HP Passport User ID and Password.
5.
Open a support case by selecting the Database and Middleware Automation product. IMPORTANT: You must have a support contract to do this. Explain that you need one or both hot fixes to set up your Oracle Database Cloud Map.
6.
You will receive an email from HP support that the hot fixes have been uploaded for you.
To install the HP DMA platform hot fix: 1.
Follow the instructions in the email to download the HP DMA platform hot fix ZIP file: dma-9.10.0-hotfix-2.zip
15
2.
Unzip the ZIP file.
3.
Follow the instructions in the README to apply the hot fix.
To install the HP DMA Solution Pack hot fix: 1.
Follow the instructions in the email to download the HP DMA Solution Pack hot fix ZIP file: DMASPHotFix1-9-13.zip
2.
Unzip the ZIP file.
3.
Apply this hot fix as a solution pack. See Appendix A: Install an HP DMA Solution Pack.
After you have successfully applied the hot fixes, go back to the HP Support case manager and close your case.
Step 3: Import the Binary Archives into the HP SA Library The following procedure shows you how to import the Oracle Database software binary archives and patch binary archives into the HP SA library using the HP SA Client. NOTE: You must purchase the Oracle Database software separately. It is not included in this Cloud Map. To access the Oracle binary archives: Access the Oracle Database binary archives and patches directly from Oracle according to your license agreement.
• The Oracle Database software requires one binary archive ZIP file for the base install and often a second binary archive ZIP file for the optional installable features.
• The Oracle Database patches require two binary archive ZIP files: one for the CPU patch and the other for the O patch.
Save the files in a temporary location. To import the binary archives into the HP SA library: You need to follow this procedure for each binary archive file that you import into the HP SA library: 4.
Launch the HP SA Client from the Windows Start Menu. By default, the HP SA Client is located in Start → All Programs → HP Software → HP Server Automation Client If the HP SA Client is not installed locally, follow the instructions under “Download and Install the HP SA Client Launcher” in the Server Automation Single-Host Installation Guide.
5.
From the navigation pane in the HP SA Client, select Library → By Folder.
6.
Select the following folder: Opsware/Tools/Database & Middleware Automation
7.
If this is your first import, create a repository: a.
Right-click Database & Middleware Automation.
b.
Select New Folder.
c.
Name the folder (for example: Repository).
8.
Select your repository.
9.
From the Actions menu, select Import Software.
10. In the Import Software window, click the Browse button to the right of the File(s) box. 11. In the Open window, select the binary archive file (or files) to import. This is the Oracle Database software binary archives or the Oracle Database patch binary archives that you made available in the section To access the Oracle binary archives.
16
12. Specify the character encoding to be used from the Encoding drop-down list. The default encoding is English ASCII. You must specify the character encoding so that HP SA can extract the metadata contained in the packages and correctly display the information in non-ASCII characters in the HP SA Client (for example, on the Package Properties pages). Package metadata includes comments, READMEs, scripts, descriptions, and content lists. 13. Click Open. The Import Software window reappears. 14. From the Type drop-down list, select the type of file that you are importing. 15. If the folder where you want to store the archive files (for example: Opsware/Tools/Database & Middleware Automation/Repository) does not appear in the Folder box, follow these steps: a.
Click the Browse button to the right of the Folder box.
b.
In the Select Folder window, select the import destination location, and click Select. The Import Software window reappears.
16. From the Platform drop-down list, select the operating system version. 17. Click Import. If one of the packages that you are importing already exists in the folder that you specified, you will be prompted regarding how to handle the duplicate file. Press F1 to view online help that explains the options. 18. Click Close after the import is completed.
Step 4: Configure the Cloud Map to Use the Correct Oracle Binaries To enable the Cloud Map to access the Oracle binary files, you must set the necessary parameters in two HP OO flows. To enable the Cloud Map to access the Oracle Database software binary archives: 1.
Open the HP OO flow: Provider Flows/Oracle-DM-Provision.
2.
Click
3.
Double-click SSH Command icon to open the SSH operation:
4.
Update the following parameter:
to unlock.
Parameter
Description
Gather Parameters for Provision Oracle Software.Oracle Software
Set this parameter to a comma-separated list of the two Oracle Database software binary archive ZIP files. For example: p10404530_112030_Linux-x8664_1of7.zip,p10404530_112030_Linux-x8664_2of7.zip
17
To enable the Cloud Map to access the Oracle Database patch binary archives: 1.
Open the HP OO flow: Provider Flows/subflow/Oracle-DMA-Patch-Home.
2.
Click
3.
Double-click SSH Command icon to open the SSH operation:
4.
Update the following parameters:
to unlock.
Parameter
Description
Validate Apply Critical Patch Update to Home.CPU Archive
Set this parameter to the Oracle Database CPU patch binary archive ZIP file. For example: p13466801_112030_Linux-x86-64.zip
Validate Apply Critical Patch Update to Home.OPatch Archive
Set this parameter to the Oracle Database O patch binary archive ZIP file. For example: p6880880_112000_Linux-x86-64.zip
Step 5: Import the Service Design into the HP OO Repository The file Standalone_Oracle_Database_Cloud_Map.zip is included in this Cloud Map. This file contains the HP OO workflows and the HP CSA service design required to implement the service design and run the pertinent HP DMA workflows. To make these workflows available to HP CSA, you must first import them into the HP OO Repository, and then you must check them in. Both procedures are performed in HP Operations Orchestration Studio. To import the HP OO workflows: 1.
On the HP CSA server, open HP Operations Orchestration Studio from the Windows Start menu: Start → Hewlett-Packard → Operations Orchestration → HP Operations Orchestration Studio
2.
Log in using an account with administrator privileges. IMPORTANT: Be sure you are connected to the repository on the HP Cloud Service Automation server, not the HP Matrix Operating Environment server. It is also recommended that you back up the current repository before importing the new OO flows.
3.
Click Repository → Add Repository.
4.
Specify a name that is meaningful to you (for example: OracleCloudMapWithCompliance) for the repository name.
5.
Navigate to the folder where you unzipped the Standalone_Oracle_Database_Cloud_Map.zip distribution files, and click OK. This will open the newly added repository.
18
6.
Click Repository → Set Target Repository and choose Default Public Repository.
7.
Click Repository → Publish Source to Target – Preview.
8.
In the Publish/Update window you may expand the folders under Library so you can see the new workflows.
9.
Click
(Apply) to publish the changes.
10. Click OK to close the successful publish dialog. 11. Click Repository → Open Repository and choose Default Public Repository. 12. Close HP Operations Orchestration Studio. To configure the SSH password: This Cloud Map includes HP OO flows that use SSH to connect to the target machine. You must configure the SSH password to match the password used in the VMware vCenter template used to create the machine. 1.
In HP Operations Orchestration Studio, expand the following folder in the Default Public Repository: Library/Premier Cloud Maps/Oracle/ServiceComposite[s]/Provider Flows
2.
Open the flow that you want to configure (for example: Oracle-DMA-Provision).
3.
Open the properties Inspector for the SSH Command step.
4.
Set the password property to the root password that was used in the VMware vCenter template that will be used to create the new machine.
NOTE: To change any HP OO library object, you must first check out the pertinent object, make your changes, and then check it back in. See the HP Operations Orchestration Studio online help for instructions. To check in the workflows: 1.
In HP Operations Orchestration Studio, check that the newly added workflows are in the Default Public Repository and are checked out. You can find them in the My Changes/Checkouts panel.
2.
Right-click the OracleDB folder, and select Check In Tree to check in the newly added workflows.
3.
Expand the Configuration folder and Selection Lists, and select OracleDB.
4.
Verify that the workflows have been checked in.
5.
Close HP Operations Orchestration Studio.
Step 6: Configure HP OO to Communicate with HP SA Before you can use this Cloud Map, you must tell HP OO how to communicate with the HP SA Core. To do this, you must configure the following HP OO system properties: coreHost, coreUsername, and corePassword. You must also tell HP OO where to find the YUM repository that contains the prerequisite RPMs that this Cloud Map requires. To do this, you must configure the repoHost property. To configure the HP OO system properties required for this Cloud Map: 1.
In HP Operations Orchestration Studio, expand the following folder in the Default Public Repository: Library/Configuration/System Properties
2.
3.
Configure the following system properties to match your HP SA Core: a.
Set coreHost to the IP address of your HP SA Core Server.
b.
Set coreUsername to the HP SA user who will execute the HP OO flows. The HP SA user needs to have administrator privileges.
c.
Set corePassword to the password for this HP SA user.
Set repoHost to the IP address of the server that hosts your YUM repository.
19
Step 7: Create an HP CSA Service Offering You must create a service offering before your subscribers can request services based on this Cloud Map. To create a new service offering: 1.
Log in to the HP CSA Service Designer using an account with administrator privileges.
2.
Select the Service Offering tab.
3.
Click Create a new Service Offering
4.
Click Browse, and navigate to the service design. For example:
.
/Library/Premier Cloud Maps/Oracle/ Matrix Provisioned Cloud (Provision DMA Oracle Database) 5.
Click Select. Note that you may need to click Refresh to see your changes.
6.
Specify a name for the service offering. For example: Oracle Standalone Database. NOTE: This is a name of your choosing.
7.
Specify a category. For this Cloud Map, you must specify Oracle.
8.
Enter your desired values for the remaining fields. Fields marked with a red asterisk (*) are required.
9.
Click
(Create).
The new service offering will be displayed in the list, and its details will be visible in the lower panel when you select a service. It will also be visible to subscribers in the Service Request Catalog.
20
Administrator Information In the database as a service (DBaaS) model, subscribers request databases and control the timing of lifecycle actions (such as patching and compliance checks). The administrator ensures that the latest Oracle software and patches are available within the CloudSystem. Subscribers decide which services to consume and when to consume them.
Make Oracle Database Patches Available to Subscribers Oracle periodically releases patches for Oracle Database that you should make available to your subscribers. To make Oracle Database patches available to your subscribers: 1.
Follow the instructions in the section Step 3: Import the Binary Archives into the HP SA Library specifically for the Oracle Database Patches.
2.
Follow the instructions in the section Step 4: Configure the Cloud Map to Use the Correct Oracle Binaries specifically for the Oracle Database Patches.
3.
Email your subscribers to inform them that a new patch is available.
Make Oracle Database Software Available to Subscribers You can choose to make a different version of Oracle Database software available to your subscribers. For example, you could provide version 10g instead of version 11g. To do so, you need to reconfigure this Cloud Map. To make different versions of Oracle Database software available to your subscribers: 1.
Follow the instructions in the section Step 3: Import the Binary Archives into the HP SA Library specifically for the Oracle Database software.
2.
Follow the instructions in the section Step 4: Configure the Cloud Map to Use the Correct Oracle Binaries specifically for the Oracle Database software.
3.
Email your subscribers to inform them that new software is available.
21
Subscriber Information This section gives examples of how a subscriber can order Oracle Database services using HP CSA. It does not give a complete list of what the subscriber can do. IMPORTANT: As a general policy, each service request in this Cloud Map has a 3-hour time out. Any service request that cannot be fulfilled successfully within 3 hours will be cancelled. This prevents unsuccessful service requests from hanging for indefinite periods of time. In the unlikely event that your service request times out, please inform your administrator, as this Cloud Map may have been set up incorrectly.
Log In to the HP CSA Subscriber Portal You log in to the HP CSA Subscriber Portal from a browser window using the URL provided by your local administrator. NOTE: The minimum screen resolution required for the HP CSA Subscriber Portal is 1024 x 768. To log in to the HP CSA Subscriber Portal 1.
Open a browser window.
2.
Enter the URL for the HP CSA Subscriber Portal. NOTE: The URL will be unique to your installation. Contact your administrator.
3.
Enter the following information: a.
User Name: Your HP CSA Subscriber Portal user name. As you type your user name, the system attempts to match it with other user names in the system. When one or more matches are found, a list of user names is displayed. If your user name is displayed, you can simply click it.
b.
Password: Your HP CSA Subscriber Portal password.
To clear the User Name and Password fields, click CLEAR. 4.
22
Click SUBMIT.
Order the HP CSA Service You can order from the HP CSA Service Request Catalog the Oracle Database service that your HP CSA administrator created. To order the HP CSA Service: 1.
Log in to the HP CSA Service Request Catalog (see the section Log In to the Cloud Service Automation Subscriber Portal). The HP CSA Dashboard panel appears:
2.
Select the Services tab. The HP CSA services panel appears:
3.
Click the Browse Catalog button (located in the upper-right corner). The HP CSA Request subscription services panel appears.
23
4.
Select Oracle.
5.
Select the service offering. In the following example, the offering is called Oracle Standalone Database:
6.
Click REQUEST. The HP CSA Request Subscription panel appears:
7.
Select your desired template name from the drop-down list: a.
b.
24
Choose Oracle_Database_VM for a virtual machine.
Choose Oracle_Database_PH for a physical machine.
8.
Specify a Database Instance Name. The Database Instance Name can have up to 8 characters consisting of letters, numbers, and underscores (_).
9.
Click CONTINUE. The following HP CSA Request Subscription panel appears:
10. Click the REQUEST button. The HP CSA Subscription information panel appears:
11. Enter your subscription name. Use a name that is meaningful to you. 12. Optional: Describe the subscription. 13. Click CONTINUE. The final HP CSA subscription request panel appears:
25
14. Click SUBMIT. At this point your request for your Oracle Standalone Database is being processed. The HP CSA Confirmation panel appears:
15. If you want, click DETAILS to show the status of your subscription request. The HP CSA Subscriptions panel appears:
When your Oracle database is provisioned and ready to use, the status will change to Active. 16. Another way you can check the status of your subscription request is through HP Cloud Service Automation. You will see a panel like the one that follows:
26
The first subscribed service in the list (Oracle Standalone Database) is the one used for this example. Since the Operational State is “In Progress” and the Subscription State is “Pending” your subscription is not yet active. Before you can perform lifecycle actions (such as patching or compliance checking), the Operational State must be “Ready” and the Subscription State must be “Active.” Installation of Oracle Database software can take an extended period of time. You will receive an email from HP CSA when your subscription is active.
Patch Your Oracle Database Patching applies to an Oracle Database instance that is installed and running. If you receive an email from your administrator or determine that you do not have the most recent Oracle Database patch, you should perform the following procedure to update your system. NOTE: You must have an active HP CSA Service before you can patch your database instance – see the section Order the HP CSA Service. To patch your Oracle Database installation: 1.
Log in to the HP CSA Subscriber Portal following the directions in Log In to the HP CSA Subscriber Portal.
2.
Verify that your HP CSA service (for example: Oracle Standalone Database) is active. On the HP CSA Service Instances page, ensure that the Operational State of your subscription is Ready and the Subscription State is Active.
You can also verify that your service is active from the CSA Subscriptions tab:
27
3.
Click the
button for your subscription. A drop-down list appears:
4.
Select Patch Oracle to install the most recent patch that your administrator made available. You will be asked to confirm this action:
28
5.
Select CONFIRM.
6.
You will receive an email that informs you that the patch is being installed. NOTE: When you receive the email, it does not necessarily mean that the patch process was completed – or that the patch was successfully installed. It only means that the patch process started.
7.
Follow instructions from Oracle to verify that the patch has been successfully installed. See the For more information section to find Oracle documentation.
NOTES: No parameters are required for patching. Do not worry about installing the same patch multiple times. The system recognizes that the current patch is already installed and will not attempt to install it again. Patching can take an extended amount of time since it runs in background mode.
Check Your Oracle Database for Compliance with the CIS Benchmark You can run a compliance test against an Oracle Database instance that is installed and running. This test determines whether your Oracle database complies with the Center for Internet Security (CIS) Oracle Database 11g 1.0.1 Benchmark. Your administrator decides whether compliance is required. In a development environment, for example, it may not matter whether your database is compliant. In a production environment, however, CIS compliance may be important. The compliance test only checks whether or not your Oracle Database complies with CIS benchmarks. It does not enforce compliance. When you run the compliance workflow, the result of the workflow will state whether or not the workflow ran. A successful run of the workflow will generate data that you can analyze to determine if and where your database does not meet the CIS benchmark. A successful run does not mean that your database is compliant. A run has succeeded when the data has been generated. You must analyze the data to determine the compliance status of your database. Compliance has many layers, and you may only want to achieve a certain level of compliance. Analyzing the data provides you a complete picture of where your database does not meet the CIS standards and enables you to decide on and plan for the required remediation. NOTE: You must have an active HP CSA Service before you can run the compliance test – see the section Order the HP CSA Service. To learn what Oracle Database configuration items are checked by the compliance workflow: This procedure is optional. For more information on the specific configuration items that the CIS benchmark checks you can go directly to the Center for Internet Security (CIS) website:
29
1.
Go to http://benchmarks.cisecurity.org → Security resources → Download form.
2.
To access the free download, you must fill in the request form.
3.
Check the box to download Oracle Database Server Benchmark Archive.
4.
Select CIS Oracle Database 11g Benchmark v1.0.1.
To analyze the compliance of your Oracle Database installation: 1.
Log in to the HP CSA Subscriber Portal following the directions in the section Log In to the HP CSA Subscriber Portal.
2.
Verify that your HP CSA service (for example: Oracle Standalone Database) is active. On the HP CSA Service Instances page, ensure that the Operational State of your subscription is Ready and the Subscription State is Active.
You can also verify that your service is active from the CSA Subscriptions tab:
3.
30
Click the
button for your subscription. A drop-down list appears:
4.
Select Run Oracle Compliance. You will be asked to confirm this action:
5.
Select CONFIRM. The following screen shows that the compliance test is running:
31
You can view the results of your compliance test in the HP DMA console. The HP DMA console will indicate SUCCESS if the pertinent HP DMA workflow successfully runs the compliance test to completion. It will indicate FAILURE if the workflow fails for any reason. SUCCESS means that information about the outcome of each compliance check performed is available – it does not mean that every compliance check passed. To determine whether your database is compliant, you must assess the result of each compliance check. The procedure below shows you how to view these results. To check the results of the compliance test: 1.
To log in to the HP DMA console, go to: http:///dma/login
2.
Click the Automation tab.
3.
Click Console if you want to follow the compliance test in real time.
4.
Select your workflow (always named Check Oracle Compliance) with the server where you started the compliance test. Look in the Output section. Click each step name to see the output of that step.
32
As each step of the workflow runs, the status changes from Running to Finished. 5.
The last step indicates whether the workflow is successful. NOTE: The compliance test may take several hours to run.
6.
When the Console shows that the workflow has finished running, click History. You can use the Filter field to locate your workflow.
33
NOTE: History gives the same information for completed workflows that Console gave for workflows that are executing. 7.
In the bottom pane, select the Header tab.
8.
You will see Pass and Fail messages for each of the individual compliance checks that are included in the CIS benchmark. NOTE: Fail does not mean that there is a problem with the compliance workflow. A Fail message indicates only that a specific benchmark check failed.
9.
34
Based on the specific CIS compliance configuration items that your administrator requires, make any appropriate changes to your database.
Appendix A: Install an HP DMA Solution Pack HP Database and Middleware Automation Solution Packs contain workflows that automate the lifecycle actions that are available through this Cloud Map. Current HP DMA solution packs are available by subscription on HP Live Network. You need to follow this procedure to install each of the required HP DMA solution packs:
• Database Provisioning Solution Pack • Database Patching Solution Pack • Database Compliance Solution Pack • HP DMA Solution Pack hot fix (DMA 9.13 Hotfix 1) To access an HP DMA solution pack: 1.
Go to https://hpln.hp.com/group/database-and-middleware-automation
2.
Under Associated Communities, click Database Solution Packs.
3.
Select the CONTENT tab.
4.
Log in with your HP Passport User ID and Password.
5.
Select the desired HP DMA solution pack. To access the HP DMA solution packs, you must have a valid support contract and the account needs to be linked to a Service Agreement ID (SAID).
To install an HP DMA solution pack: 1.
Download the ZIP file for the solution pack that you want to install from HP Live Network. If the solution pack is packaged as a ZIP file within a ZIP file, extract the inner ZIP file.
2.
On the system where you downloaded the solution pack ZIP file, go to: http:///dma/login
3.
Log on to HP DMA using an account with administrator privileges.
4.
Go to the Solutions → Installed page.
5.
If an earlier version of this solution pack is installed on this HP SA Core, follow these steps to remove it: a.
In the Solution Packs pane, select the solution pack.
b.
Click the DELETE link in the lower left corner.
c.
Click the DELETE button to confirm the delete.
6.
Still on the Solutions → Installed page, click the Browse button in the lower right corner. The Choose File dialog opens.
7.
Select the ZIP file that you downloaded in step 1, and click Open.
8.
Click Import solution pack.
NOTE: If the import fails, it may be because the solution pack you are trying to install is incompatible with another solution pack that is already installed. Go back to step 5 and delete other solution packs. Continue with the remaining steps.
35
Appendix B: Set Up a YUM Repository YUM is a package manager that is used to install and update software. YUM is also used to install prerequisites for this Cloud Map. Before you can use this Cloud Map, you must either create a new YUM repository or make an existing repository available to HP Database and Middleware Automation. There are many ways to set up a YUM repository. The following procedure is provided as an example of one way to do this by using an FTP server. If you use an existing YUM repository, verify that the repository descriptor file points to the existing YUM repository (see step 7 below). Things you need:
• A Red Hat Enterprise Linux DVD ISO file • A machine running the same Red Hat Enterprise Linux version as the ISO Example procedure: 1.
Disable the firewall: service iptables save service iptables stop chkconfig iptables off
2.
Copy the ISO file to the machine that will host the repository.
3.
Mount the ISO file. For example: mount -o loop /root/RHEL5.6-Server-20110106.0-x86_64-DVD.iso /mnt/rhel-iso/
4.
Find the vsftp and createrepo RPMs in the mount directory (run a find from the mount directory), and install them.
5.
Copy the files from the ISO mount directory to the FTP server directory (for example: /var/ftp/pub/RHEL56): cp -R /mnt/rhel-iso/* .
6.
Create the repository: createrepo .
7.
If you want to test the YUM repository locally, edit the repository descriptor file, and put in the IP address for your repository (the machine herein named above): [root@rhelyum101 yum.repos.d]# cat /etc/yum.repos.d/rhel-myrepo.repo [rhel-myrepo] name=My RHEL Repo baseurl=ftp:///pub/RHEL56/ enabled=1 gpgcheck=0 metadataexpire=1
8.
Start the FTP server: service vsftpd restart
9.
Run the following command: yum install httpd When prompted, cancel out of the procedure as this is only a test.
36
Appendix C: Configure Swap Space on a Server The server that you provision must have enough swap space. The following procedure is provided as an example of how to adjust the swap space for an existing server. You can either run these commands manually when the template or physical machine is set up or append these commands to the HP OO flow SSH command described in the section Step 4: Configure the Cloud Map to Use the Correct Oracle Binaries. To configure swap space on a server: 1.
Create a swap file in the /root directory that is 4GB in size. dd if=/dev/zero of=/root/newswapfile bs=1M count=4096 NOTE: Most systems already have a certain amount of swap space, for instance 1GB. Any existing swap space would count toward the total required swap space. If you already have 1GB and need a total of 4GB, the dd command would only need to create a swap file of 3GB (use count=3072).
2.
Change permissions on the new swap file so the system can access it: chmod 600 /root/newswapfile
3.
Tell the system that this file is a swap file: mkswap /root/newswapfile
4.
Turn on the new swap file. It now becomes part of the total swap space on the system. swapon /root/newswapfile
5.
Open the file system table file in an editor: vi /etc/fstab
6.
Add a line to the file system table so the swap file will automatically be initialized after a reboot: /root/newswapfile swap swap defaults 0 0
37
For more information For more information about HP CloudSystem, visit http://www.hp.com/go/cloudsystem. HP software product manuals and documentation is available at http://h20230.www2.hp.com/selfsolve/manuals for the following products. You will need an HP Passport to sign in and gain access.
• HP Cloud Service Automation • HP Server Automation • HP Database and Middleware Automation • HP Operations Orchestration • HP CSA for Matrix HP Matrix Operating Environment product manuals and documentation are available at http://h18004.www1.hp.com/products/solutions/insightdynamics/info-library.html. HP Live Network documentation is available at https://hpln.hp.com for:
• Cloud Service Automation • CSA For Matrix • Database and Middleware Automation • Operations Orchestration • Server Automation Information about Oracle software is available at http://www.oracle.com/technetwork/indexes/documentation. VMware vCenter and vSphere documentation is available at http://www.vmware.com/support/pubs/. Information about the Center for Internet Security (CIS) Security Benchmarks is available at http://benchmarks.cisecurity.org. To help us improve our documents, please send feedback to [email protected].
Get connected hp.com/go/getconnected Current HP driver, support, and security alerts delivered directly to your desktop © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Trademark acknowledgments: Windows is a U.S. registered trademark of Microsoft Corporation. Oracle is a registered trademark of Oracle and/or its affiliates. Created April 2012
